tuersteher 0.1.2 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +5 -1
- data/lib/tuersteher.rb +28 -8
- data/tuersteher.gemspec +1 -1
- metadata +3 -3
data/README.rdoc
CHANGED
|
@@ -5,7 +5,7 @@ It's check your URL's or Modells to have the rights for this.
|
|
|
5
5
|
|
|
6
6
|
== Install
|
|
7
7
|
|
|
8
|
-
gem install
|
|
8
|
+
gem install tuersteher
|
|
9
9
|
|
|
10
10
|
|
|
11
11
|
== Usage
|
|
@@ -35,6 +35,10 @@ Check if your authendicate-system has implemented the methods:
|
|
|
35
35
|
* current_user
|
|
36
36
|
* access_denied
|
|
37
37
|
|
|
38
|
+
and the cuurent_user should have a method
|
|
39
|
+
|
|
40
|
+
* has_role(*roles)
|
|
41
|
+
|
|
38
42
|
If not, just implemen it (see samples/application_controller.rb)
|
|
39
43
|
|
|
40
44
|
== License
|
data/lib/tuersteher.rb
CHANGED
|
@@ -114,6 +114,25 @@ module Tuersteher
|
|
|
114
114
|
@model_rules << ModelAccessRule.new(model_class, access_type, *roles, &block)
|
|
115
115
|
end
|
|
116
116
|
|
|
117
|
+
# definiert Model-basierende Zugriffsregel
|
|
118
|
+
#
|
|
119
|
+
# model_class: Model-Klassenname oder :all fuer alle
|
|
120
|
+
# access_type: Zugriffsart (:create, :update, :destroy, :all o.A. selbst definierte Typen)
|
|
121
|
+
# roles Aufzählung der erforderliche Rolen (:all für ist egal),
|
|
122
|
+
# hier ist auch ein Array von Symbolen möglich
|
|
123
|
+
# block optionaler Block, wird mit model und user aufgerufen und muss true oder false liefern
|
|
124
|
+
# hier ein Beispiel mit Block:
|
|
125
|
+
# <code>
|
|
126
|
+
# # Regel, in der sich jeder User selbst aendern darf
|
|
127
|
+
# grant_model(User, :update, :all){|model,user| model.id==user.id}
|
|
128
|
+
# </code>
|
|
129
|
+
#
|
|
130
|
+
def deny_model model_class, access_type, *roles, &block
|
|
131
|
+
rule = ModelAccessRule.new(model_class, access_type, *roles, &block)
|
|
132
|
+
rule.deny = true
|
|
133
|
+
@model_rules << rule
|
|
134
|
+
end
|
|
135
|
+
|
|
117
136
|
end
|
|
118
137
|
|
|
119
138
|
class AccessRules
|
|
@@ -151,17 +170,18 @@ module Tuersteher
|
|
|
151
170
|
raise "Wrong call! Use: model_access(model-instance-or-class, permission)" unless permission.is_a? Symbol
|
|
152
171
|
return false unless model
|
|
153
172
|
|
|
154
|
-
|
|
155
|
-
rule.
|
|
173
|
+
rule = AccessRulesStorage.instance.model_rules.detect do |rule|
|
|
174
|
+
rule.fired? model, permission, user
|
|
156
175
|
end
|
|
176
|
+
access = rule && !rule.deny
|
|
157
177
|
if Tuersteher::TLogger.logger.debug?
|
|
158
178
|
if model.instance_of?(Class)
|
|
159
|
-
Tuersteher::TLogger.logger.debug("Tuersteher: model_access?(#{model}, #{permission}) => #{access
|
|
179
|
+
Tuersteher::TLogger.logger.debug("Tuersteher: model_access?(#{model}, #{permission}) => #{access || 'denied'} #{rule}")
|
|
160
180
|
else
|
|
161
|
-
Tuersteher::TLogger.logger.debug("Tuersteher: model_access?(#{model.class}(#{model.respond_to?(:id) ? model.id : model.object_id }), #{permission}) => #{access
|
|
181
|
+
Tuersteher::TLogger.logger.debug("Tuersteher: model_access?(#{model.class}(#{model.respond_to?(:id) ? model.id : model.object_id }), #{permission}) => #{access || 'denied'} #{rule}")
|
|
162
182
|
end
|
|
163
183
|
end
|
|
164
|
-
access
|
|
184
|
+
access
|
|
165
185
|
end
|
|
166
186
|
end
|
|
167
187
|
|
|
@@ -310,7 +330,7 @@ module Tuersteher
|
|
|
310
330
|
|
|
311
331
|
class ModelAccessRule
|
|
312
332
|
attr_reader :clazz, :access_type, :role, :block
|
|
313
|
-
|
|
333
|
+
attr_accessor :deny
|
|
314
334
|
|
|
315
335
|
# erzeugt neue Object-Zugriffsregel
|
|
316
336
|
#
|
|
@@ -348,7 +368,7 @@ module Tuersteher
|
|
|
348
368
|
# *roles ist dabei eine Array aus Symbolen
|
|
349
369
|
#
|
|
350
370
|
#
|
|
351
|
-
def
|
|
371
|
+
def fired? model, perm, user
|
|
352
372
|
user = nil if user==:false # manche Authenticate-System setzen den user auf :false
|
|
353
373
|
m_class = model.instance_of?(Class) ? model : model.class
|
|
354
374
|
if @clazz!=m_class.to_s && @clazz!=:all
|
|
@@ -377,7 +397,7 @@ module Tuersteher
|
|
|
377
397
|
end
|
|
378
398
|
|
|
379
399
|
def to_s
|
|
380
|
-
"ModelAccessRule[#{@clazz}, #{@access_type}, #{@roles.join(' ')}]"
|
|
400
|
+
"ModelAccessRule[#{@clazz}, #{@access_type}, #{@roles.join(' ')}#{@deny ? ' deny' : ''}]"
|
|
381
401
|
end
|
|
382
402
|
|
|
383
403
|
end
|
data/tuersteher.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tuersteher
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 29
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 0.1.
|
|
9
|
+
- 3
|
|
10
|
+
version: 0.1.3
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Bernd Ledig
|