tuersteher 0.6.3 → 0.6.4

Sign up to get free protection for your applications and to get access to all the features.
data/README.rdoc CHANGED
@@ -16,14 +16,19 @@ Create in your Rails-Application the rules-file "config/access_rules.rb"
16
16
  Here is as small sample for "config/access_rules.rb"
17
17
 
18
18
  # Path-Acces-Rules
19
- grant_path '/', :get, :all
20
- grant_path '/admin-area/', :all, :ADMIN
19
+ path('/').grant.method(:get)
20
+ path(:all).grant.role(:ADMIN)
21
+ path('/user/lock').deny.role(:USER).role(:APPROVER)
21
22
 
22
23
  # Model-Acces-Rules
23
- grant_model Product, :view, :all
24
- grant_model Product, :update, :EDITOR do |product, current_user|
25
- product.owner_id == current_user.id
26
- end
24
+ model(Dashboard).grant.method(:view)
25
+
26
+ model(Todo) do
27
+ grant.method(:view)
28
+ grant.method(:full_view).role(:ADMIN)
29
+ grant.method(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
30
+ grant-method(:delete).not.role(:ADMIN)
31
+ end
27
32
 
28
33
  Then extend your ApplicationController with:
29
34
 
@@ -35,9 +40,9 @@ Check if your authendicate-system has implemented the methods:
35
40
  * current_user
36
41
  * access_denied
37
42
 
38
- and the cuurent_user should have a method
43
+ and the current_user should have a method
39
44
 
40
- * has_role(*roles)
45
+ * has_role?(role)
41
46
 
42
47
  If not, just implemen it (see samples/application_controller.rb)
43
48
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.6.3
1
+ 0.6.4
data/lib/tuersteher.rb CHANGED
@@ -35,7 +35,7 @@ module Tuersteher
35
35
  class AccessRulesStorage
36
36
  include Singleton
37
37
 
38
- attr_accessor :rules_config_file # to set own access_rules-path
38
+ attr_writer :rules_config_file # to set own access_rules-path
39
39
 
40
40
  DEFAULT_RULES_CONFIG_FILE = 'access_rules.rb' # in config-dir
41
41
 
@@ -47,22 +47,45 @@ module Tuersteher
47
47
 
48
48
  # get all path_rules as array of PathAccessRule-Instances
49
49
  def path_rules
50
- read_rules unless @was_read
50
+ read_rules_if_needed
51
51
  @path_rules
52
52
  end
53
53
 
54
54
  # get all model_rules as array of ModelAccessRule-Instances
55
55
  def model_rules
56
- read_rules unless @was_read
56
+ read_rules_if_needed
57
57
  @model_rules
58
58
  end
59
59
 
60
+
61
+ def read_rules_if_needed
62
+ if @was_read
63
+ # aller 5 Minuten pruefen ob AccessRules-File sich geändert hat
64
+ t = Time.now.to_i
65
+ if @last_read_check && (@last_read_check - t) > 300
66
+ @last_read_check = t
67
+ cur_mtime = File.mtime(self.rules_config_file)
68
+ if @last_mtime.nil? || cur_mtime > @last_mtime
69
+ @last_mtime = cur_mtime
70
+ read_rules
71
+ end
72
+ end
73
+ else
74
+ read_rules
75
+ end
76
+ end
77
+
78
+
79
+ def rules_config_file
80
+ @rules_config_file ||= File.join(Rails.root, 'config', DEFAULT_RULES_CONFIG_FILE)
81
+ end
60
82
 
61
83
  # evaluated rules_definitions and create path-/model-rules
62
84
  def eval_rules rules_definitions
63
85
  @path_rules = []
64
86
  @model_rules = []
65
87
  eval rules_definitions, binding, (@rules_config_file||'no file')
88
+ extend_path_rules_with_prefix @prefix
66
89
  @was_read = true
67
90
  Tuersteher::TLogger.logger.info "Tuersteher::AccessRulesStorage: #{@path_rules.size} path-rules and #{@model_rules.size} model-rules"
68
91
  end
@@ -70,15 +93,8 @@ module Tuersteher
70
93
  # Load AccesRules from file
71
94
  # config/access_rules.rb
72
95
  def read_rules
73
- @rules_config_file ||= File.join(Rails.root, 'config', DEFAULT_RULES_CONFIG_FILE)
74
- rules_file = File.new @rules_config_file
75
96
  @was_read = false
76
- content = nil
77
- if @last_mtime.nil? || rules_file.mtime > @last_mtime
78
- @last_mtime = rules_file.mtime
79
- content = rules_file.read
80
- end
81
- rules_file.close
97
+ content = File.read self.rules_config_file
82
98
  if content
83
99
  eval_rules content
84
100
  end
@@ -86,6 +102,7 @@ module Tuersteher
86
102
  Tuersteher::TLogger.logger.error "Tuersteher::AccessRulesStorage - Error in rules: #{ex.message}\n\t"+ex.backtrace.join("\n\t")
87
103
  end
88
104
 
105
+
89
106
  # definiert HTTP-Pfad-basierende Zugriffsregel
90
107
  #
91
108
  # path: :all fuer beliebig, sonst String mit der http-path beginnen muss,
@@ -137,12 +154,20 @@ module Tuersteher
137
154
  rule.deny
138
155
  end
139
156
 
157
+
158
+ def path_prefix_processed?
159
+ !@path_prefix.nil?
160
+ end
161
+
162
+
140
163
  # Erweitern des Path um einen Prefix
141
164
  # Ist notwenig wenn z.B. die Rails-Anwendung nicht als root-Anwendung läuft
142
165
  # also root_path != '/' ist.'
143
166
  def extend_path_rules_with_prefix prefix
144
- Tuersteher::TLogger.logger.info "extend_path_rules_with_prefix: #{prefix}"
145
167
  @path_prefix = prefix
168
+ return if prefix.nil? || prefix.size < 2
169
+ prefix.chomp!('/') # des abschliessende / entfernen
170
+ Tuersteher::TLogger.logger.info "extend_path_rules_with_prefix: #{prefix}"
146
171
  path_rules.each do |rule|
147
172
  path_spec = rule.path_spezification
148
173
  if path_spec
@@ -238,7 +263,6 @@ module Tuersteher
238
263
  module ControllerExtensions
239
264
 
240
265
  @@url_path_method = nil
241
- @@prefix_checked = nil
242
266
 
243
267
  # Pruefen Zugriff fuer eine Web-action
244
268
  #
@@ -246,14 +270,10 @@ module Tuersteher
246
270
  # method http-Methode (:get, :put, :delete, :post), default ist :get
247
271
  #
248
272
  def path_access?(path, method = :get)
249
- unless @@prefix_checked
250
- @@prefix_checked = true
273
+ ar_storage = AccessRulesStorage.instance
274
+ unless ar_storage.path_prefix_processed?
251
275
  prefix = respond_to?(:root_path) && root_path
252
- if prefix.size > 1
253
- prefix.chomp!('/') # des abschliessende / entfernen
254
- AccessRulesStorage.instance.extend_path_rules_with_prefix(prefix)
255
- Rails.logger.info "Tuersteher::ControllerExtensions: set path-prefix to: #{prefix}"
256
- end
276
+ ar_storage.extend_path_rules_with_prefix(prefix)
257
277
  end
258
278
  AccessRules.path_access? current_user, path, method
259
279
  end
data/tuersteher.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{tuersteher}
8
- s.version = "0.6.3"
8
+ s.version = "0.6.4"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Bernd Ledig"]
12
- s.date = %q{2011-07-15}
12
+ s.date = %q{2011-09-07}
13
13
  s.description = %q{Security-Layer for Rails-Application acts like a firewall.}
14
14
  s.email = %q{bernd@ledig.info}
15
15
  s.extra_rdoc_files = [
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tuersteher
3
3
  version: !ruby/object:Gem::Version
4
- hash: 1
4
+ hash: 15
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
8
  - 6
9
- - 3
10
- version: 0.6.3
9
+ - 4
10
+ version: 0.6.4
11
11
  platform: ruby
12
12
  authors:
13
13
  - Bernd Ledig
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2011-07-15 00:00:00 +02:00
18
+ date: 2011-09-07 00:00:00 +02:00
19
19
  default_executable:
20
20
  dependencies: []
21
21