tuersteher 0.4.1 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/VERSION +1 -1
- data/lib/tuersteher.rb +33 -6
- data/spec/acces_rules_storage_spec.rb +20 -0
- data/spec/path_access_rule_spec.rb +6 -2
- data/tuersteher.gemspec +5 -5
- metadata +8 -8
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.5.0
|
data/lib/tuersteher.rb
CHANGED
|
@@ -136,11 +136,24 @@ module Tuersteher
|
|
|
136
136
|
rule.deny
|
|
137
137
|
end
|
|
138
138
|
|
|
139
|
+
# Erweitern des Path um einen Prefix
|
|
140
|
+
# Ist notwenig wenn z.B. die Rails-Anwendung nicht als root-Anwendung läuft
|
|
141
|
+
# also root_path != '/' ist.'
|
|
142
|
+
def extend_path_rules_with_prefix prefix
|
|
143
|
+
Tuersteher::TLogger.logger.info "extend_path_rules_with_prefix: #{prefix}"
|
|
144
|
+
@path_prefix = prefix
|
|
145
|
+
path_rules.each do |rule|
|
|
146
|
+
rule.path = "#{prefix}#{rule.path}" unless rule.path == :all
|
|
147
|
+
end
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
|
|
139
151
|
end # of AccessRulesStorage
|
|
140
152
|
|
|
141
153
|
|
|
142
154
|
class AccessRules
|
|
143
155
|
class << self
|
|
156
|
+
|
|
144
157
|
# Pruefen Zugriff fuer eine Web-action
|
|
145
158
|
# user User, für den der Zugriff geprüft werden soll (muss Methode has_role? haben)
|
|
146
159
|
# path Pfad der Webresource (String)
|
|
@@ -223,6 +236,7 @@ module Tuersteher
|
|
|
223
236
|
module ControllerExtensions
|
|
224
237
|
|
|
225
238
|
@@url_path_method = nil
|
|
239
|
+
@@prefix_checked = nil
|
|
226
240
|
|
|
227
241
|
# Pruefen Zugriff fuer eine Web-action
|
|
228
242
|
#
|
|
@@ -230,6 +244,14 @@ module Tuersteher
|
|
|
230
244
|
# method http-Methode (:get, :put, :delete, :post), default ist :get
|
|
231
245
|
#
|
|
232
246
|
def path_access?(path, method = :get)
|
|
247
|
+
unless @@prefix_checked
|
|
248
|
+
@@prefix_checked = true
|
|
249
|
+
prefix = respond_to?(:root_path) && root_path
|
|
250
|
+
if prefix.size > 1
|
|
251
|
+
AccessRulesStorage.instance.extend_path_rules_with_prefix(prefix)
|
|
252
|
+
Rails.logger.info "Tuersteher::ControllerExtensions: set path-prefix to: #{prefix}"
|
|
253
|
+
end
|
|
254
|
+
end
|
|
233
255
|
AccessRules.path_access? current_user, path, method
|
|
234
256
|
end
|
|
235
257
|
|
|
@@ -421,6 +443,7 @@ module Tuersteher
|
|
|
421
443
|
class PathAccessRule < BaseAccessRule
|
|
422
444
|
|
|
423
445
|
METHOD_NAMES = [:get, :edit, :put, :delete, :post, :all].freeze
|
|
446
|
+
attr_reader :path
|
|
424
447
|
|
|
425
448
|
# Zugriffsregel
|
|
426
449
|
#
|
|
@@ -429,15 +452,19 @@ module Tuersteher
|
|
|
429
452
|
def initialize(path)
|
|
430
453
|
raise "wrong path '#{path}'! Must be a String or :all ." unless path==:all or path.is_a?(String)
|
|
431
454
|
super()
|
|
432
|
-
|
|
433
|
-
|
|
455
|
+
self.path = path
|
|
456
|
+
end
|
|
457
|
+
|
|
458
|
+
def path= url_path
|
|
459
|
+
@path = url_path
|
|
460
|
+
if url_path != :all
|
|
434
461
|
# path in regex ^#{path} wandeln ausser bei "/",
|
|
435
462
|
# dies darf keine Regex mit ^/ werden,
|
|
436
463
|
# da diese ja immer matchen wuerde
|
|
437
|
-
if
|
|
438
|
-
@
|
|
464
|
+
if url_path == "/"
|
|
465
|
+
@path_regex = /^\/$/
|
|
439
466
|
else
|
|
440
|
-
@
|
|
467
|
+
@path_regex = /^#{url_path}/
|
|
441
468
|
end
|
|
442
469
|
end
|
|
443
470
|
end
|
|
@@ -462,7 +489,7 @@ module Tuersteher
|
|
|
462
489
|
def fired?(path, method, user)
|
|
463
490
|
user = nil if user==:false # manche Authenticate-System setzen den user auf :false
|
|
464
491
|
|
|
465
|
-
if @path!=:all && !(@
|
|
492
|
+
if @path!=:all && !(@path_regex =~ path)
|
|
466
493
|
return false
|
|
467
494
|
end
|
|
468
495
|
|
|
@@ -44,5 +44,25 @@ end
|
|
|
44
44
|
|
|
45
45
|
end # of context "eval_rules"
|
|
46
46
|
|
|
47
|
+
|
|
48
|
+
|
|
49
|
+
context "extend path with prefix" do
|
|
50
|
+
context "eval_rules" do
|
|
51
|
+
before(:all) do
|
|
52
|
+
rule_defs = <<-EOR
|
|
53
|
+
path(:all).grant.role(:ADMIN)
|
|
54
|
+
path('/special').grant.role(:SPECIAL)
|
|
55
|
+
EOR
|
|
56
|
+
AccessRulesStorage.instance.eval_rules rule_defs
|
|
57
|
+
AccessRulesStorage.instance.extend_path_rules_with_prefix('/test')
|
|
58
|
+
@path_rules = AccessRulesStorage.instance.path_rules
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
specify{ @path_rules.first.path.should == :all }
|
|
62
|
+
specify{ @path_rules.last.path.should == '/test/special' }
|
|
63
|
+
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
47
67
|
end # of describe AccessRulesStorage
|
|
48
68
|
end
|
|
@@ -83,13 +83,17 @@ module Tuersteher
|
|
|
83
83
|
|
|
84
84
|
context "Rule with no role spezifed => now role needed" do
|
|
85
85
|
before(:all) do
|
|
86
|
-
@rule = PathAccessRule.new('/
|
|
86
|
+
@rule = PathAccessRule.new('/public').method(:get)
|
|
87
87
|
@user = stub('user')
|
|
88
88
|
@user.stub(:has_role?).and_return(false)
|
|
89
89
|
end
|
|
90
90
|
|
|
91
91
|
it "should fired for user with no roles" do
|
|
92
|
-
@rule.fired?("/
|
|
92
|
+
@rule.fired?("/public/xyz", :get, @user).should be_true
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
it "should fired for non user" do
|
|
96
|
+
@rule.fired?("/public/xyz", :get, nil).should be_true
|
|
93
97
|
end
|
|
94
98
|
|
|
95
99
|
it "should not be fired with other path" do
|
data/tuersteher.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{tuersteher}
|
|
8
|
-
s.version = "0.
|
|
8
|
+
s.version = "0.5.0"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Bernd Ledig"]
|
|
12
|
-
s.date = %q{2010-
|
|
12
|
+
s.date = %q{2010-10-29}
|
|
13
13
|
s.description = %q{Security-Layer for Rails-Application acts like a firewall.}
|
|
14
14
|
s.email = %q{bernd@ledig.info}
|
|
15
15
|
s.extra_rdoc_files = [
|
|
@@ -41,12 +41,12 @@ Gem::Specification.new do |s|
|
|
|
41
41
|
s.rubygems_version = %q{1.3.7}
|
|
42
42
|
s.summary = %q{Security-Layer for Rails-Application}
|
|
43
43
|
s.test_files = [
|
|
44
|
-
"spec/
|
|
44
|
+
"spec/acces_rules_storage_spec.rb",
|
|
45
45
|
"spec/model_extensions_spec.rb",
|
|
46
|
-
"spec/access_rules_spec.rb",
|
|
47
46
|
"spec/path_access_rule_spec.rb",
|
|
48
47
|
"spec/model_access_rule_spec.rb",
|
|
49
|
-
"spec/
|
|
48
|
+
"spec/access_rules_spec.rb",
|
|
49
|
+
"spec/spec_helper.rb"
|
|
50
50
|
]
|
|
51
51
|
|
|
52
52
|
if s.respond_to? :specification_version then
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tuersteher
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 11
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
|
-
-
|
|
9
|
-
-
|
|
10
|
-
version: 0.
|
|
8
|
+
- 5
|
|
9
|
+
- 0
|
|
10
|
+
version: 0.5.0
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Bernd Ledig
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2010-
|
|
18
|
+
date: 2010-10-29 00:00:00 +02:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies: []
|
|
21
21
|
|
|
@@ -81,9 +81,9 @@ signing_key:
|
|
|
81
81
|
specification_version: 3
|
|
82
82
|
summary: Security-Layer for Rails-Application
|
|
83
83
|
test_files:
|
|
84
|
-
- spec/
|
|
84
|
+
- spec/acces_rules_storage_spec.rb
|
|
85
85
|
- spec/model_extensions_spec.rb
|
|
86
|
-
- spec/access_rules_spec.rb
|
|
87
86
|
- spec/path_access_rule_spec.rb
|
|
88
87
|
- spec/model_access_rule_spec.rb
|
|
89
|
-
- spec/
|
|
88
|
+
- spec/access_rules_spec.rb
|
|
89
|
+
- spec/spec_helper.rb
|