tuersteher 0.4.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +1 -0
- data/VERSION +1 -1
- data/lib/tuersteher.rb +9 -2
- data/samples/access_rules.rb +4 -0
- data/spec/acces_rules_storage_spec.rb +4 -0
- data/spec/access_rules_spec.rb +18 -0
- data/spec/model_access_rule_spec.rb +17 -0
- data/spec/path_access_rule_spec.rb +20 -1
- data/tuersteher.gemspec +2 -2
- metadata +4 -4
data/.gitignore
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.4.
|
|
1
|
+
0.4.1
|
data/lib/tuersteher.rb
CHANGED
|
@@ -61,7 +61,7 @@ module Tuersteher
|
|
|
61
61
|
def eval_rules rules_definitions
|
|
62
62
|
@path_rules = []
|
|
63
63
|
@model_rules = []
|
|
64
|
-
eval rules_definitions
|
|
64
|
+
eval rules_definitions, binding, (@rules_config_file||'no file')
|
|
65
65
|
@was_read = true
|
|
66
66
|
Tuersteher::TLogger.logger.info "Tuersteher::AccessRulesStorage: #{@path_rules.size} path-rules and #{@model_rules.size} model-rules"
|
|
67
67
|
end
|
|
@@ -274,7 +274,8 @@ module Tuersteher
|
|
|
274
274
|
# bind current_user on the current thread
|
|
275
275
|
Thread.current[:user] = current_user
|
|
276
276
|
|
|
277
|
-
req_method = request.method
|
|
277
|
+
req_method = request.method
|
|
278
|
+
req_method = req_method.downcase.to_sym if req_method.is_a?(String)
|
|
278
279
|
url_path = request.send(@@url_path_method)
|
|
279
280
|
unless path_access?(url_path, req_method)
|
|
280
281
|
usr_id = current_user && current_user.respond_to?(:id) ? current_user.id : current_user.object_id
|
|
@@ -352,6 +353,12 @@ module Tuersteher
|
|
|
352
353
|
self
|
|
353
354
|
end
|
|
354
355
|
|
|
356
|
+
# add list of roles
|
|
357
|
+
def roles(*role_names)
|
|
358
|
+
role_names.flatten.each{|role_name| role(role_name)}
|
|
359
|
+
self
|
|
360
|
+
end
|
|
361
|
+
|
|
355
362
|
# add extension-definition
|
|
356
363
|
# parmaters:
|
|
357
364
|
# method_name: Symbol with the name of the method to call for addional check
|
data/samples/access_rules.rb
CHANGED
|
@@ -18,6 +18,10 @@ path('/').grant.method(:get)
|
|
|
18
18
|
path(:all).grant.role(:ADMIN)
|
|
19
19
|
path('/user/lock').deny.role(:USER).role(:APPROVER)
|
|
20
20
|
path('/special').grant.extension(:special?, :area1)
|
|
21
|
+
path('/pictures') do
|
|
22
|
+
grant.role(:admin)
|
|
23
|
+
deny.role(:guest)
|
|
24
|
+
end
|
|
21
25
|
|
|
22
26
|
#
|
|
23
27
|
# Model-Object-Zugriffsregeln
|
data/spec/access_rules_spec.rb
CHANGED
|
@@ -92,6 +92,7 @@ module Tuersteher
|
|
|
92
92
|
|
|
93
93
|
before do
|
|
94
94
|
rules = [
|
|
95
|
+
ModelAccessRule.new(:all).grant.role(:sysadmin),
|
|
95
96
|
ModelAccessRule.new(SampleModel1).grant.method(:all),
|
|
96
97
|
ModelAccessRule.new(SampleModel2).grant.method(:read),
|
|
97
98
|
ModelAccessRule.new(SampleModel2).grant.method(:update).role(:user).extension(:owner?),
|
|
@@ -142,6 +143,23 @@ module Tuersteher
|
|
|
142
143
|
end
|
|
143
144
|
end
|
|
144
145
|
|
|
146
|
+
|
|
147
|
+
context "User with role :sysadmin" do
|
|
148
|
+
before do
|
|
149
|
+
@user.stub(:has_role?){|role| role==:sysadmin}
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
it "should be true for this" do
|
|
153
|
+
AccessRules.model_access?(@user, "test", :xyz).should be_true
|
|
154
|
+
AccessRules.model_access?(@user, @model1, :xyz).should be_true
|
|
155
|
+
AccessRules.model_access?(@user, @model2, :read).should be_true
|
|
156
|
+
AccessRules.model_access?(@user, @model2, :update).should be_true
|
|
157
|
+
AccessRules.model_access?(@user, @model2, :delete).should be_true
|
|
158
|
+
AccessRules.model_access?(@user, @model2, :create).should be_true
|
|
159
|
+
end
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
|
|
145
163
|
context "without user" do
|
|
146
164
|
it "should be true for this models" do
|
|
147
165
|
AccessRules.model_access?(nil, @model1, :xyz).should be_true
|
|
@@ -55,6 +55,23 @@ module Tuersteher
|
|
|
55
55
|
@rule.fired?("test", :read, @user).should_not be_true
|
|
56
56
|
end
|
|
57
57
|
end
|
|
58
|
+
|
|
59
|
+
context "for :all Model-Instances" do
|
|
60
|
+
before do
|
|
61
|
+
@rule_all = ModelAccessRule.new(:all).grant.role(:admin)
|
|
62
|
+
@user = stub('user')
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
it "should fired for user with role :admin" do
|
|
66
|
+
@user.stub(:has_role?) { |role| role==:admin }
|
|
67
|
+
@rule_all.fired?("test", :xyz, @user).should be_true
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
it "should fired for user with role :admin" do
|
|
71
|
+
@user.stub(:has_role?).and_return(false)
|
|
72
|
+
@rule_all.fired?("test", :xyz, @user).should_not be_true
|
|
73
|
+
end
|
|
74
|
+
end
|
|
58
75
|
end # of context "grant with roles"
|
|
59
76
|
|
|
60
77
|
|
|
@@ -162,6 +162,25 @@ module Tuersteher
|
|
|
162
162
|
@rule.fired?("/admin", :get, @user).should be_true
|
|
163
163
|
end
|
|
164
164
|
end # of context "not" do
|
|
165
|
-
|
|
165
|
+
|
|
166
|
+
|
|
167
|
+
context "add multiple roles" do
|
|
168
|
+
before(:all) do
|
|
169
|
+
@rule = PathAccessRule.new('/admin').roles(:admin1, :admin2).roles([:s1, :s2])
|
|
170
|
+
@user = stub('user')
|
|
171
|
+
end
|
|
172
|
+
|
|
173
|
+
it "should fired for user with role which specified in the rule" do
|
|
174
|
+
[:admin1, :admin2, :s1, :s2].each do |role_name|
|
|
175
|
+
@user.stub(:has_role?){|role| role==role_name}
|
|
176
|
+
@rule.fired?("/admin", :get, @user).should be_true
|
|
177
|
+
end
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
it "should not fired for user with role :user" do
|
|
181
|
+
@user.stub(:has_role?){|role| role==:user}
|
|
182
|
+
@rule.fired?("/admin", :get, @user).should_not be_true
|
|
183
|
+
end
|
|
184
|
+
end
|
|
166
185
|
end
|
|
167
186
|
end
|
data/tuersteher.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{tuersteher}
|
|
8
|
-
s.version = "0.4.
|
|
8
|
+
s.version = "0.4.1"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Bernd Ledig"]
|
|
12
|
-
s.date = %q{2010-09-
|
|
12
|
+
s.date = %q{2010-09-19}
|
|
13
13
|
s.description = %q{Security-Layer for Rails-Application acts like a firewall.}
|
|
14
14
|
s.email = %q{bernd@ledig.info}
|
|
15
15
|
s.extra_rdoc_files = [
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tuersteher
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 13
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 4
|
|
9
|
-
-
|
|
10
|
-
version: 0.4.
|
|
9
|
+
- 1
|
|
10
|
+
version: 0.4.1
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Bernd Ledig
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2010-09-
|
|
18
|
+
date: 2010-09-19 00:00:00 +02:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies: []
|
|
21
21
|
|