tuersteher 0.1.2 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +5 -1
- data/lib/tuersteher.rb +28 -8
- data/tuersteher.gemspec +1 -1
- metadata +3 -3
data/README.rdoc
CHANGED
|
@@ -5,7 +5,7 @@ It's check your URL's or Modells to have the rights for this.
|
|
|
5
5
|
|
|
6
6
|
== Install
|
|
7
7
|
|
|
8
|
-
gem install
|
|
8
|
+
gem install tuersteher
|
|
9
9
|
|
|
10
10
|
|
|
11
11
|
== Usage
|
|
@@ -35,6 +35,10 @@ Check if your authendicate-system has implemented the methods:
|
|
|
35
35
|
* current_user
|
|
36
36
|
* access_denied
|
|
37
37
|
|
|
38
|
+
and the cuurent_user should have a method
|
|
39
|
+
|
|
40
|
+
* has_role(*roles)
|
|
41
|
+
|
|
38
42
|
If not, just implemen it (see samples/application_controller.rb)
|
|
39
43
|
|
|
40
44
|
== License
|
data/lib/tuersteher.rb
CHANGED
|
@@ -114,6 +114,25 @@ module Tuersteher
|
|
|
114
114
|
@model_rules << ModelAccessRule.new(model_class, access_type, *roles, &block)
|
|
115
115
|
end
|
|
116
116
|
|
|
117
|
+
# definiert Model-basierende Zugriffsregel
|
|
118
|
+
#
|
|
119
|
+
# model_class: Model-Klassenname oder :all fuer alle
|
|
120
|
+
# access_type: Zugriffsart (:create, :update, :destroy, :all o.A. selbst definierte Typen)
|
|
121
|
+
# roles Aufzählung der erforderliche Rolen (:all für ist egal),
|
|
122
|
+
# hier ist auch ein Array von Symbolen möglich
|
|
123
|
+
# block optionaler Block, wird mit model und user aufgerufen und muss true oder false liefern
|
|
124
|
+
# hier ein Beispiel mit Block:
|
|
125
|
+
# <code>
|
|
126
|
+
# # Regel, in der sich jeder User selbst aendern darf
|
|
127
|
+
# grant_model(User, :update, :all){|model,user| model.id==user.id}
|
|
128
|
+
# </code>
|
|
129
|
+
#
|
|
130
|
+
def deny_model model_class, access_type, *roles, &block
|
|
131
|
+
rule = ModelAccessRule.new(model_class, access_type, *roles, &block)
|
|
132
|
+
rule.deny = true
|
|
133
|
+
@model_rules << rule
|
|
134
|
+
end
|
|
135
|
+
|
|
117
136
|
end
|
|
118
137
|
|
|
119
138
|
class AccessRules
|
|
@@ -151,17 +170,18 @@ module Tuersteher
|
|
|
151
170
|
raise "Wrong call! Use: model_access(model-instance-or-class, permission)" unless permission.is_a? Symbol
|
|
152
171
|
return false unless model
|
|
153
172
|
|
|
154
|
-
|
|
155
|
-
rule.
|
|
173
|
+
rule = AccessRulesStorage.instance.model_rules.detect do |rule|
|
|
174
|
+
rule.fired? model, permission, user
|
|
156
175
|
end
|
|
176
|
+
access = rule && !rule.deny
|
|
157
177
|
if Tuersteher::TLogger.logger.debug?
|
|
158
178
|
if model.instance_of?(Class)
|
|
159
|
-
Tuersteher::TLogger.logger.debug("Tuersteher: model_access?(#{model}, #{permission}) => #{access
|
|
179
|
+
Tuersteher::TLogger.logger.debug("Tuersteher: model_access?(#{model}, #{permission}) => #{access || 'denied'} #{rule}")
|
|
160
180
|
else
|
|
161
|
-
Tuersteher::TLogger.logger.debug("Tuersteher: model_access?(#{model.class}(#{model.respond_to?(:id) ? model.id : model.object_id }), #{permission}) => #{access
|
|
181
|
+
Tuersteher::TLogger.logger.debug("Tuersteher: model_access?(#{model.class}(#{model.respond_to?(:id) ? model.id : model.object_id }), #{permission}) => #{access || 'denied'} #{rule}")
|
|
162
182
|
end
|
|
163
183
|
end
|
|
164
|
-
access
|
|
184
|
+
access
|
|
165
185
|
end
|
|
166
186
|
end
|
|
167
187
|
|
|
@@ -310,7 +330,7 @@ module Tuersteher
|
|
|
310
330
|
|
|
311
331
|
class ModelAccessRule
|
|
312
332
|
attr_reader :clazz, :access_type, :role, :block
|
|
313
|
-
|
|
333
|
+
attr_accessor :deny
|
|
314
334
|
|
|
315
335
|
# erzeugt neue Object-Zugriffsregel
|
|
316
336
|
#
|
|
@@ -348,7 +368,7 @@ module Tuersteher
|
|
|
348
368
|
# *roles ist dabei eine Array aus Symbolen
|
|
349
369
|
#
|
|
350
370
|
#
|
|
351
|
-
def
|
|
371
|
+
def fired? model, perm, user
|
|
352
372
|
user = nil if user==:false # manche Authenticate-System setzen den user auf :false
|
|
353
373
|
m_class = model.instance_of?(Class) ? model : model.class
|
|
354
374
|
if @clazz!=m_class.to_s && @clazz!=:all
|
|
@@ -377,7 +397,7 @@ module Tuersteher
|
|
|
377
397
|
end
|
|
378
398
|
|
|
379
399
|
def to_s
|
|
380
|
-
"ModelAccessRule[#{@clazz}, #{@access_type}, #{@roles.join(' ')}]"
|
|
400
|
+
"ModelAccessRule[#{@clazz}, #{@access_type}, #{@roles.join(' ')}#{@deny ? ' deny' : ''}]"
|
|
381
401
|
end
|
|
382
402
|
|
|
383
403
|
end
|
data/tuersteher.gemspec
CHANGED
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tuersteher
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 29
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 0.1.
|
|
9
|
+
- 3
|
|
10
|
+
version: 0.1.3
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Bernd Ledig
|