tuersteher 0.4.1 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- data/VERSION +1 -1
- data/lib/tuersteher.rb +33 -6
- data/spec/acces_rules_storage_spec.rb +20 -0
- data/spec/path_access_rule_spec.rb +6 -2
- data/tuersteher.gemspec +5 -5
- metadata +8 -8
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.5.0
|
data/lib/tuersteher.rb
CHANGED
|
@@ -136,11 +136,24 @@ module Tuersteher
|
|
|
136
136
|
rule.deny
|
|
137
137
|
end
|
|
138
138
|
|
|
139
|
+
# Erweitern des Path um einen Prefix
|
|
140
|
+
# Ist notwenig wenn z.B. die Rails-Anwendung nicht als root-Anwendung läuft
|
|
141
|
+
# also root_path != '/' ist.'
|
|
142
|
+
def extend_path_rules_with_prefix prefix
|
|
143
|
+
Tuersteher::TLogger.logger.info "extend_path_rules_with_prefix: #{prefix}"
|
|
144
|
+
@path_prefix = prefix
|
|
145
|
+
path_rules.each do |rule|
|
|
146
|
+
rule.path = "#{prefix}#{rule.path}" unless rule.path == :all
|
|
147
|
+
end
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
|
|
139
151
|
end # of AccessRulesStorage
|
|
140
152
|
|
|
141
153
|
|
|
142
154
|
class AccessRules
|
|
143
155
|
class << self
|
|
156
|
+
|
|
144
157
|
# Pruefen Zugriff fuer eine Web-action
|
|
145
158
|
# user User, für den der Zugriff geprüft werden soll (muss Methode has_role? haben)
|
|
146
159
|
# path Pfad der Webresource (String)
|
|
@@ -223,6 +236,7 @@ module Tuersteher
|
|
|
223
236
|
module ControllerExtensions
|
|
224
237
|
|
|
225
238
|
@@url_path_method = nil
|
|
239
|
+
@@prefix_checked = nil
|
|
226
240
|
|
|
227
241
|
# Pruefen Zugriff fuer eine Web-action
|
|
228
242
|
#
|
|
@@ -230,6 +244,14 @@ module Tuersteher
|
|
|
230
244
|
# method http-Methode (:get, :put, :delete, :post), default ist :get
|
|
231
245
|
#
|
|
232
246
|
def path_access?(path, method = :get)
|
|
247
|
+
unless @@prefix_checked
|
|
248
|
+
@@prefix_checked = true
|
|
249
|
+
prefix = respond_to?(:root_path) && root_path
|
|
250
|
+
if prefix.size > 1
|
|
251
|
+
AccessRulesStorage.instance.extend_path_rules_with_prefix(prefix)
|
|
252
|
+
Rails.logger.info "Tuersteher::ControllerExtensions: set path-prefix to: #{prefix}"
|
|
253
|
+
end
|
|
254
|
+
end
|
|
233
255
|
AccessRules.path_access? current_user, path, method
|
|
234
256
|
end
|
|
235
257
|
|
|
@@ -421,6 +443,7 @@ module Tuersteher
|
|
|
421
443
|
class PathAccessRule < BaseAccessRule
|
|
422
444
|
|
|
423
445
|
METHOD_NAMES = [:get, :edit, :put, :delete, :post, :all].freeze
|
|
446
|
+
attr_reader :path
|
|
424
447
|
|
|
425
448
|
# Zugriffsregel
|
|
426
449
|
#
|
|
@@ -429,15 +452,19 @@ module Tuersteher
|
|
|
429
452
|
def initialize(path)
|
|
430
453
|
raise "wrong path '#{path}'! Must be a String or :all ." unless path==:all or path.is_a?(String)
|
|
431
454
|
super()
|
|
432
|
-
|
|
433
|
-
|
|
455
|
+
self.path = path
|
|
456
|
+
end
|
|
457
|
+
|
|
458
|
+
def path= url_path
|
|
459
|
+
@path = url_path
|
|
460
|
+
if url_path != :all
|
|
434
461
|
# path in regex ^#{path} wandeln ausser bei "/",
|
|
435
462
|
# dies darf keine Regex mit ^/ werden,
|
|
436
463
|
# da diese ja immer matchen wuerde
|
|
437
|
-
if
|
|
438
|
-
@
|
|
464
|
+
if url_path == "/"
|
|
465
|
+
@path_regex = /^\/$/
|
|
439
466
|
else
|
|
440
|
-
@
|
|
467
|
+
@path_regex = /^#{url_path}/
|
|
441
468
|
end
|
|
442
469
|
end
|
|
443
470
|
end
|
|
@@ -462,7 +489,7 @@ module Tuersteher
|
|
|
462
489
|
def fired?(path, method, user)
|
|
463
490
|
user = nil if user==:false # manche Authenticate-System setzen den user auf :false
|
|
464
491
|
|
|
465
|
-
if @path!=:all && !(@
|
|
492
|
+
if @path!=:all && !(@path_regex =~ path)
|
|
466
493
|
return false
|
|
467
494
|
end
|
|
468
495
|
|
|
@@ -44,5 +44,25 @@ end
|
|
|
44
44
|
|
|
45
45
|
end # of context "eval_rules"
|
|
46
46
|
|
|
47
|
+
|
|
48
|
+
|
|
49
|
+
context "extend path with prefix" do
|
|
50
|
+
context "eval_rules" do
|
|
51
|
+
before(:all) do
|
|
52
|
+
rule_defs = <<-EOR
|
|
53
|
+
path(:all).grant.role(:ADMIN)
|
|
54
|
+
path('/special').grant.role(:SPECIAL)
|
|
55
|
+
EOR
|
|
56
|
+
AccessRulesStorage.instance.eval_rules rule_defs
|
|
57
|
+
AccessRulesStorage.instance.extend_path_rules_with_prefix('/test')
|
|
58
|
+
@path_rules = AccessRulesStorage.instance.path_rules
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
specify{ @path_rules.first.path.should == :all }
|
|
62
|
+
specify{ @path_rules.last.path.should == '/test/special' }
|
|
63
|
+
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
47
67
|
end # of describe AccessRulesStorage
|
|
48
68
|
end
|
|
@@ -83,13 +83,17 @@ module Tuersteher
|
|
|
83
83
|
|
|
84
84
|
context "Rule with no role spezifed => now role needed" do
|
|
85
85
|
before(:all) do
|
|
86
|
-
@rule = PathAccessRule.new('/
|
|
86
|
+
@rule = PathAccessRule.new('/public').method(:get)
|
|
87
87
|
@user = stub('user')
|
|
88
88
|
@user.stub(:has_role?).and_return(false)
|
|
89
89
|
end
|
|
90
90
|
|
|
91
91
|
it "should fired for user with no roles" do
|
|
92
|
-
@rule.fired?("/
|
|
92
|
+
@rule.fired?("/public/xyz", :get, @user).should be_true
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
it "should fired for non user" do
|
|
96
|
+
@rule.fired?("/public/xyz", :get, nil).should be_true
|
|
93
97
|
end
|
|
94
98
|
|
|
95
99
|
it "should not be fired with other path" do
|
data/tuersteher.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{tuersteher}
|
|
8
|
-
s.version = "0.
|
|
8
|
+
s.version = "0.5.0"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Bernd Ledig"]
|
|
12
|
-
s.date = %q{2010-
|
|
12
|
+
s.date = %q{2010-10-29}
|
|
13
13
|
s.description = %q{Security-Layer for Rails-Application acts like a firewall.}
|
|
14
14
|
s.email = %q{bernd@ledig.info}
|
|
15
15
|
s.extra_rdoc_files = [
|
|
@@ -41,12 +41,12 @@ Gem::Specification.new do |s|
|
|
|
41
41
|
s.rubygems_version = %q{1.3.7}
|
|
42
42
|
s.summary = %q{Security-Layer for Rails-Application}
|
|
43
43
|
s.test_files = [
|
|
44
|
-
"spec/
|
|
44
|
+
"spec/acces_rules_storage_spec.rb",
|
|
45
45
|
"spec/model_extensions_spec.rb",
|
|
46
|
-
"spec/access_rules_spec.rb",
|
|
47
46
|
"spec/path_access_rule_spec.rb",
|
|
48
47
|
"spec/model_access_rule_spec.rb",
|
|
49
|
-
"spec/
|
|
48
|
+
"spec/access_rules_spec.rb",
|
|
49
|
+
"spec/spec_helper.rb"
|
|
50
50
|
]
|
|
51
51
|
|
|
52
52
|
if s.respond_to? :specification_version then
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tuersteher
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 11
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
|
-
-
|
|
9
|
-
-
|
|
10
|
-
version: 0.
|
|
8
|
+
- 5
|
|
9
|
+
- 0
|
|
10
|
+
version: 0.5.0
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Bernd Ledig
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2010-
|
|
18
|
+
date: 2010-10-29 00:00:00 +02:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies: []
|
|
21
21
|
|
|
@@ -81,9 +81,9 @@ signing_key:
|
|
|
81
81
|
specification_version: 3
|
|
82
82
|
summary: Security-Layer for Rails-Application
|
|
83
83
|
test_files:
|
|
84
|
-
- spec/
|
|
84
|
+
- spec/acces_rules_storage_spec.rb
|
|
85
85
|
- spec/model_extensions_spec.rb
|
|
86
|
-
- spec/access_rules_spec.rb
|
|
87
86
|
- spec/path_access_rule_spec.rb
|
|
88
87
|
- spec/model_access_rule_spec.rb
|
|
89
|
-
- spec/
|
|
88
|
+
- spec/access_rules_spec.rb
|
|
89
|
+
- spec/spec_helper.rb
|