tuersteher 0.7.2 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +7 -0
  2. data/lib/tuersteher.rb +39 -44
  3. data/tuersteher.gemspec +8 -6
  4. metadata +23 -35
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 6c9a87b5dd44b07d9d007776268488b17bc54eac69e7b2ca9c34ead5dd9e5ca7
4
+ data.tar.gz: e899723582f2090efd837a7a2d308d40c2cbc43a089ca0b8a6dcd4a6fe1e3de4
5
+ SHA512:
6
+ metadata.gz: eb765c3d95fcbd938c675e0396128aead6cfd81f5cfa037cec31e04a188ae8f7e6bbae7f9fa6113066e6e685e5679f37e3b7377e4ff5bad08f33a3f7a3e83a96
7
+ data.tar.gz: 71893a402e3327ecd40c9b2e2d9932da4df596c328ad0ce7d91fe469203e629c0b79b64fde50b3b0ba500befe5e378eaeb0d4f07bb1dccf806239745b58e44a5
data/lib/tuersteher.rb CHANGED
@@ -194,13 +194,13 @@ module Tuersteher
194
194
  class << self
195
195
 
196
196
  # Pruefen Zugriff fuer eine Web-action
197
- # user User, für den der Zugriff geprüft werden soll (muss Methode has_role? haben)
198
- # path Pfad der Webresource (String)
199
- # method http-Methode (:get, :put, :delete, :post), default ist :get
197
+ # @param login_contex Login-Contex, für den der Zugriff geprüft werden soll (muss Methode has_role? haben)
198
+ # @param path Pfad der Webresource (String)
199
+ # @param method http-Methode (:get, :put, :delete, :post), default ist :get
200
200
  #
201
- def path_access?(user, path, method = :get)
201
+ def path_access?(login_contex, path, method = :get)
202
202
  rule = AccessRulesStorage.instance.path_rules.detect do |r|
203
- r.fired?(path, method, user)
203
+ r.fired?(path, method, login_contex)
204
204
  end
205
205
  if Tuersteher::TLogger.logger.debug?
206
206
  if rule.nil?
@@ -208,8 +208,8 @@ module Tuersteher
208
208
  else
209
209
  s = "fired with #{rule}"
210
210
  end
211
- usr_id = user && user.respond_to?(:id) ? user.id : user.object_id
212
- Tuersteher::TLogger.logger.debug("Tuersteher: path_access?(user.id=#{usr_id}, path=#{path}, method=#{method}) => #{s}")
211
+ lc_id = login_contex && login_contex.respond_to?(:id) ? login_contex.id : login_contex.object_id
212
+ Tuersteher::TLogger.logger.debug("Tuersteher: path_access?(login_contex.id=#{lc_id}, path=#{path}, method=#{method}) => #{s}")
213
213
  end
214
214
  !(rule.nil? || rule.deny?)
215
215
  end
@@ -217,38 +217,38 @@ module Tuersteher
217
217
 
218
218
  # Pruefen Zugriff auf ein Model-Object
219
219
  #
220
- # user User, für den der Zugriff geprüft werden soll (muss Methode has_role? haben)
221
- # model das Model-Object
222
- # permission das geforderte Zugriffsrecht (:create, :update, :destroy, :get)
220
+ # @param login_contex Login-Contex, für den der Zugriff geprüft werden soll (muss Methode has_role? haben)
221
+ # @param model das Model-Object
222
+ # @param permission das geforderte Zugriffsrecht (:create, :update, :destroy, :get)
223
223
  #
224
224
  # liefert true/false
225
- def model_access? user, model, permission
225
+ def model_access? login_contex, model, permission
226
226
  raise "Wrong call! Use: model_access(model-instance-or-class, permission)" unless permission.is_a? Symbol
227
227
  return false unless model
228
228
 
229
229
  rule = AccessRulesStorage.instance.model_rules.detect do |rule|
230
- rule.fired? model, permission, user
230
+ rule.fired? model, permission, login_contex
231
231
  end
232
232
  access = rule && !rule.deny?
233
233
  if Tuersteher::TLogger.logger.debug?
234
- usr_id = user && user.respond_to?(:id) ? user.id : user.object_id
234
+ lc_id = login_contex && login_contex.respond_to?(:id) ? login_contex.id : login_contex.object_id
235
235
  if model.instance_of?(Class)
236
236
  Tuersteher::TLogger.logger.debug(
237
- "Tuersteher: model_access?(user.id=#{usr_id}, model=#{model}, permission=#{permission}) => #{access || 'denied'} #{rule}")
237
+ "Tuersteher: model_access?(login_contex.id=#{lc_id}, model=#{model}, permission=#{permission}) => #{access || 'denied'} #{rule}")
238
238
  else
239
239
  Tuersteher::TLogger.logger.debug(
240
- "Tuersteher: model_access?(user.id=#{usr_id}, model=#{model.class}(#{model.respond_to?(:id) ? model.id : model.object_id }), permission=#{permission}) => #{access || 'denied'} #{rule}")
240
+ "Tuersteher: model_access?(login_contex.id=#{lc_id}, model=#{model.class}(#{model.respond_to?(:id) ? model.id : model.object_id }), permission=#{permission}) => #{access || 'denied'} #{rule}")
241
241
  end
242
242
  end
243
243
  access
244
244
  end
245
245
 
246
246
  # Bereinigen (entfernen) aller Objecte aus der angebenen Collection,
247
- # wo der angegebene User nicht das angegebene Recht hat
247
+ # wo der angegebene login_contex nicht das angegebene Recht hat
248
248
  #
249
249
  # liefert ein neues Array mit den Objecten, wo der spez. Zugriff arlaubt ist
250
- def purge_collection user, collection, permission
251
- collection.select{|model| model_access?(user, model, permission)}
250
+ def purge_collection login_contex, collection, permission
251
+ collection.select{|model| model_access?(login_contex, model, permission)}
252
252
  end
253
253
  end # of Class-Methods
254
254
  end # of AccessRules
@@ -258,10 +258,10 @@ module Tuersteher
258
258
  # Module zum Include in Controllers
259
259
  # Dieser muss die folgenden Methoden bereitstellen:
260
260
  #
261
- # current_user : akt. Login-User
261
+ # login_contex : akt. Login-Contex
262
262
  # access_denied : Methode aus dem authenticated_system, welche ein redirect zum login auslöst
263
263
  #
264
- # Der Loginuser muss fuer die hier benoetigte Funktionalitaet
264
+ # Der Loginlogin_contex muss fuer die hier benoetigte Funktionalitaet
265
265
  # die Methode:
266
266
  # has_role?(role) # role the Name of the Role as Symbol
267
267
  # besitzen.
@@ -272,15 +272,13 @@ module Tuersteher
272
272
  #
273
273
  module ControllerExtensions
274
274
 
275
- @@url_path_method = nil
276
-
277
275
  # Pruefen Zugriff fuer eine Web-action
278
276
  #
279
277
  # path Pfad der Webresource (String)
280
278
  # method http-Methode (:get, :put, :delete, :post), default ist :get
281
279
  #
282
280
  def path_access?(path, method = :get)
283
- AccessRules.path_access? current_user, path, method
281
+ AccessRules.path_access? login_contex, path, method
284
282
  end
285
283
 
286
284
  # Pruefen Zugriff auf ein Model-Object
@@ -290,15 +288,15 @@ module Tuersteher
290
288
  #
291
289
  # liefert true/false
292
290
  def model_access? model, permission
293
- AccessRules.model_access? current_user, model, permission
291
+ AccessRules.model_access? login_contex, model, permission
294
292
  end
295
293
 
296
294
  # Bereinigen (entfernen) aller Objecte aus der angebenen Collection,
297
- # wo der akt. User nicht das angegebene Recht hat
295
+ # wo der akt. login_contex nicht das angegebene Recht hat
298
296
  #
299
297
  # liefert ein neues Array mit den Objecten, wo der spez. Zugriff arlaubt ist
300
298
  def purge_collection collection, permission
301
- AccessRules.purge_collection(current_user, collection, permission)
299
+ AccessRules.purge_collection(login_contex, collection, permission)
302
300
  end
303
301
 
304
302
 
@@ -311,7 +309,7 @@ module Tuersteher
311
309
 
312
310
  protected
313
311
 
314
- # Pruefen, ob Zugriff des current_user
312
+ # Pruefen, ob Zugriff des login_contex
315
313
  # fuer aktullen Request erlaubt ist
316
314
  def check_access
317
315
 
@@ -325,21 +323,18 @@ module Tuersteher
325
323
  ar_storage.read_rules
326
324
  end
327
325
 
328
- # Rails3/4 hat andere url-path-methode als Rails2
329
- @@url_path_method ||= Rails.version[0..1]=='2.' ? :request_uri : :fullpath
330
-
331
- # bind current_user on the current thread
332
- Thread.current[:user] = current_user
326
+ # bind login_contex on the current thread
327
+ Thread.current[:login_contex] = login_contex
333
328
 
334
329
  req_method = request.method
335
330
  req_method = req_method.downcase.to_sym if req_method.is_a?(String)
336
- url_path = request.send(@@url_path_method)
331
+ url_path = request.fullpath
337
332
  unless path_access?(url_path, req_method)
338
- usr_id = current_user && current_user.respond_to?(:id) ? current_user.id : current_user.object_id
339
- msg = "Tuersteher#check_access: access denied for #{url_path} :#{req_method} user.id=#{usr_id}"
333
+ lc_id = login_contex && login_contex.respond_to?(:id) ? login_contex.id : login_contex.object_id
334
+ msg = "Tuersteher#check_access: access denied for #{url_path} :#{req_method} login_contex.id=#{lc_id}"
340
335
  Tuersteher::TLogger.logger.warn msg
341
336
  logger.warn msg # log message also for Rails-Default logger
342
- access_denied # Methode aus dem authenticated_system, welche ein redirect zum login auslöst
337
+ access_denied # Methode aus dem authenticated_system, welche z.B. ein redirect zum login auslöst
343
338
  end
344
339
  end
345
340
 
@@ -349,7 +344,7 @@ module Tuersteher
349
344
 
350
345
  # Module for include in Model-Object-Classes
351
346
  #
352
- # The module get the current-user from Thread.current[:user]
347
+ # The module get the login_contex from Thread.current[:login_contex]
353
348
  #
354
349
  # Sample for ActiveRecord-Class
355
350
  # class Sample < ActiveRecord::Base
@@ -369,9 +364,9 @@ module Tuersteher
369
364
  #
370
365
  # raise a SecurityError-Exception if access denied
371
366
  def check_access permission
372
- user = Thread.current[:user]
373
- unless AccessRules.model_access? user, self, permission
374
- raise SecurityError, "Access denied! Current user have no permission '#{permission}' on Model-Object #{self}."
367
+ login_contex = Thread.current[:login_contex]
368
+ unless AccessRules.model_access? login_contex, self, permission
369
+ raise SecurityError, "Access denied! Current login_contex have no permission '#{permission}' on Model-Object #{self}."
375
370
  end
376
371
  end
377
372
 
@@ -382,12 +377,12 @@ module Tuersteher
382
377
  module ClassMethods
383
378
 
384
379
  # Bereinigen (entfernen) aller Objecte aus der angebenen Collection,
385
- # wo der akt. User nicht das angegebene Recht hat
380
+ # wo der akt. login_contex nicht das angegebene Recht hat
386
381
  #
387
382
  # liefert ein neues Array mit den Objecten, wo der spez. Zugriff arlaubt ist
388
383
  def purge_collection collection, permission
389
- user = Thread.current[:user]
390
- AccessRules.purge_collection(user, collection, permission)
384
+ login_contex = Thread.current[:login_contex]
385
+ AccessRules.purge_collection(login_contex, collection, permission)
391
386
  end
392
387
  end # of ClassMethods
393
388
 
@@ -645,7 +640,7 @@ module Tuersteher
645
640
 
646
641
  # check, if this rule fired for specified parameter
647
642
  def fired? path_or_model, method, login_ctx
648
- login_ctx = nil if login_ctx==:false # manche Authenticate-System setzen den login_ctx/user auf :false
643
+ login_ctx = nil if login_ctx==:false # manche Authenticate-System setzen den login_ctx/login_contex auf :false
649
644
  @rule_spezifications.all?{|spec| spec.grant?(path_or_model, method, login_ctx)}
650
645
  end
651
646
 
data/tuersteher.gemspec CHANGED
@@ -3,14 +3,15 @@ $:.push File.expand_path("../lib", __FILE__)
3
3
 
4
4
  Gem::Specification.new do |s|
5
5
  s.name = 'tuersteher'
6
- s.version = '0.7.2'
6
+ s.version = '1.0.1'
7
7
  s.authors = ["Bernd Ledig"]
8
- s.email = ["bernd@ledig.info"]
9
- s.homepage = "http://github.com/bledig/tuersteher"
10
- s.summary = "summary of the gem"
8
+ s.email = ["bernd@ledig.info","bernd.ledig@ottogroup.com"]
9
+ s.homepage = "https://gitlab.com/bledig/tuersteher"
10
+ s.summary = "Access-Handling for Rails-Apps"
11
11
  s.description = <<-EOT
12
12
  Security-Layer for Rails-Application acts like a firewall.
13
13
  EOT
14
+ s.licenses = ["GPL-3.0-or-later"]
14
15
 
15
16
  s.rubyforge_project = "tuersteher"
16
17
 
@@ -19,11 +20,12 @@ Gem::Specification.new do |s|
19
20
  s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n")
20
21
  s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
21
22
  s.require_paths = ["lib"]
23
+ s.required_ruby_version = '> 2.5'
22
24
 
23
25
  #s.add_runtime_dependency "i18n"
24
26
 
25
- s.add_development_dependency "rake"
26
- s.add_development_dependency "rspec", '>2.7', '<3.0'
27
+ s.add_development_dependency "rake", '~> 10.5'
28
+ s.add_development_dependency "rspec", '~> 2.14'
27
29
 
28
30
  end
29
31
 
metadata CHANGED
@@ -1,65 +1,53 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tuersteher
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.2
5
- prerelease:
4
+ version: 1.0.1
6
5
  platform: ruby
7
6
  authors:
8
7
  - Bernd Ledig
9
8
  autorequire:
10
9
  bindir: bin
11
10
  cert_chain: []
12
- date: 2015-03-10 00:00:00.000000000 Z
11
+ date: 2020-02-06 00:00:00.000000000 Z
13
12
  dependencies:
14
13
  - !ruby/object:Gem::Dependency
15
14
  name: rake
16
15
  requirement: !ruby/object:Gem::Requirement
17
- none: false
18
16
  requirements:
19
- - - ! '>='
17
+ - - "~>"
20
18
  - !ruby/object:Gem::Version
21
- version: '0'
19
+ version: '10.5'
22
20
  type: :development
23
21
  prerelease: false
24
22
  version_requirements: !ruby/object:Gem::Requirement
25
- none: false
26
23
  requirements:
27
- - - ! '>='
24
+ - - "~>"
28
25
  - !ruby/object:Gem::Version
29
- version: '0'
26
+ version: '10.5'
30
27
  - !ruby/object:Gem::Dependency
31
28
  name: rspec
32
29
  requirement: !ruby/object:Gem::Requirement
33
- none: false
34
30
  requirements:
35
- - - ! '>'
31
+ - - "~>"
36
32
  - !ruby/object:Gem::Version
37
- version: '2.7'
38
- - - <
39
- - !ruby/object:Gem::Version
40
- version: '3.0'
33
+ version: '2.14'
41
34
  type: :development
42
35
  prerelease: false
43
36
  version_requirements: !ruby/object:Gem::Requirement
44
- none: false
45
37
  requirements:
46
- - - ! '>'
47
- - !ruby/object:Gem::Version
48
- version: '2.7'
49
- - - <
38
+ - - "~>"
50
39
  - !ruby/object:Gem::Version
51
- version: '3.0'
52
- description: ! ' Security-Layer for Rails-Application acts like a firewall.
53
-
54
- '
40
+ version: '2.14'
41
+ description: " Security-Layer for Rails-Application acts like a firewall.\n"
55
42
  email:
56
43
  - bernd@ledig.info
44
+ - bernd.ledig@ottogroup.com
57
45
  executables: []
58
46
  extensions: []
59
47
  extra_rdoc_files:
60
48
  - README.rdoc
61
49
  files:
62
- - .gitignore
50
+ - ".gitignore"
63
51
  - Gemfile
64
52
  - README.rdoc
65
53
  - Rakefile
@@ -76,28 +64,28 @@ files:
76
64
  - spec/spec.opts
77
65
  - spec/spec_helper.rb
78
66
  - tuersteher.gemspec
79
- homepage: http://github.com/bledig/tuersteher
80
- licenses: []
67
+ homepage: https://gitlab.com/bledig/tuersteher
68
+ licenses:
69
+ - GPL-3.0-or-later
70
+ metadata: {}
81
71
  post_install_message:
82
72
  rdoc_options: []
83
73
  require_paths:
84
74
  - lib
85
75
  required_ruby_version: !ruby/object:Gem::Requirement
86
- none: false
87
76
  requirements:
88
- - - ! '>='
77
+ - - ">"
89
78
  - !ruby/object:Gem::Version
90
- version: '0'
79
+ version: '2.5'
91
80
  required_rubygems_version: !ruby/object:Gem::Requirement
92
- none: false
93
81
  requirements:
94
- - - ! '>='
82
+ - - ">="
95
83
  - !ruby/object:Gem::Version
96
84
  version: '0'
97
85
  requirements: []
98
86
  rubyforge_project: tuersteher
99
- rubygems_version: 1.8.24
87
+ rubygems_version: 2.7.6.2
100
88
  signing_key:
101
- specification_version: 3
102
- summary: summary of the gem
89
+ specification_version: 4
90
+ summary: Access-Handling for Rails-Apps
103
91
  test_files: []