tuersteher 0.4.0 → 0.4.1

data/.gitignore

@@ -1,3 +1,4 @@
 pkg
 .idea
 tuersteher*.gem
+nbproject

data/VERSION

@@ -1 +1 @@
-0.4.0
+0.4.1

data/lib/tuersteher.rb

@@ -61,7 +61,7 @@ module Tuersteher
     def eval_rules rules_definitions
       @path_rules = []
       @model_rules = []
-      eval rules_definitions
+      eval rules_definitions, binding, (@rules_config_file||'no file')
       @was_read = true
       Tuersteher::TLogger.logger.info "Tuersteher::AccessRulesStorage: #{@path_rules.size} path-rules and #{@model_rules.size} model-rules"
     end
@@ -274,7 +274,8 @@ module Tuersteher
       # bind current_user on the current thread
       Thread.current[:user] = current_user
 
-      req_method = request.method.downcase.to_sym
+      req_method = request.method
+      req_method = req_method.downcase.to_sym if req_method.is_a?(String)
       url_path = request.send(@@url_path_method)
       unless path_access?(url_path, req_method)
         usr_id = current_user && current_user.respond_to?(:id) ? current_user.id : current_user.object_id
@@ -352,6 +353,12 @@ module Tuersteher
       self
     end
 
+    # add list of roles
+    def roles(*role_names)
+      role_names.flatten.each{|role_name| role(role_name)}
+      self
+    end
+
     # add extension-definition
     # parmaters:
     #   method_name:      Symbol with the name of the method to call for addional check

data/samples/access_rules.rb

@@ -18,6 +18,10 @@ path('/').grant.method(:get)
 path(:all).grant.role(:ADMIN)
 path('/user/lock').deny.role(:USER).role(:APPROVER)
 path('/special').grant.extension(:special?, :area1)
+path('/pictures') do
+  grant.role(:admin)
+  deny.role(:guest)
+end
 
 #
 # Model-Object-Zugriffsregeln

data/spec/acces_rules_storage_spec.rb

@@ -38,6 +38,10 @@ end
         @model_rules.should have(4).items
       end
 
+      specify do
+        AccessRules.path_access?(nil, '/')
+      end
+
     end # of context "eval_rules"
 
   end # of describe AccessRulesStorage

data/spec/access_rules_spec.rb

@@ -92,6 +92,7 @@ module Tuersteher
 
       before do
         rules = [
+          ModelAccessRule.new(:all).grant.role(:sysadmin),
           ModelAccessRule.new(SampleModel1).grant.method(:all),
           ModelAccessRule.new(SampleModel2).grant.method(:read),
           ModelAccessRule.new(SampleModel2).grant.method(:update).role(:user).extension(:owner?),
@@ -142,6 +143,23 @@ module Tuersteher
         end
       end
 
+
+      context "User with role :sysadmin" do
+        before do
+          @user.stub(:has_role?){|role| role==:sysadmin}
+        end
+
+        it "should be true for this" do
+          AccessRules.model_access?(@user, "test", :xyz).should be_true
+          AccessRules.model_access?(@user, @model1, :xyz).should be_true
+          AccessRules.model_access?(@user, @model2, :read).should be_true
+          AccessRules.model_access?(@user, @model2, :update).should be_true
+          AccessRules.model_access?(@user, @model2, :delete).should be_true
+          AccessRules.model_access?(@user, @model2, :create).should be_true
+        end
+      end
+
+
       context "without user" do
         it "should be true for this models" do
           AccessRules.model_access?(nil, @model1, :xyz).should be_true

data/spec/model_access_rule_spec.rb

@@ -55,6 +55,23 @@ module Tuersteher
           @rule.fired?("test", :read, @user).should_not be_true
         end
       end
+
+      context "for :all Model-Instances" do
+        before do
+          @rule_all = ModelAccessRule.new(:all).grant.role(:admin)
+          @user = stub('user')
+        end
+
+        it "should fired for user with role :admin" do
+          @user.stub(:has_role?) { |role| role==:admin }
+          @rule_all.fired?("test", :xyz, @user).should be_true
+        end
+
+        it "should fired for user with role :admin" do
+          @user.stub(:has_role?).and_return(false)
+          @rule_all.fired?("test", :xyz, @user).should_not be_true
+        end
+      end
     end # of context "grant with roles"
 
 

data/spec/path_access_rule_spec.rb

@@ -162,6 +162,25 @@ module Tuersteher
         @rule.fired?("/admin", :get, @user).should be_true
       end
     end # of context "not" do
-    
+
+
+    context "add multiple roles" do
+      before(:all) do
+        @rule = PathAccessRule.new('/admin').roles(:admin1, :admin2).roles([:s1, :s2])
+        @user = stub('user')
+      end
+
+      it "should fired for user with role which specified in the rule" do
+        [:admin1, :admin2, :s1, :s2].each do |role_name|
+          @user.stub(:has_role?){|role| role==role_name}
+          @rule.fired?("/admin", :get, @user).should be_true
+        end
+      end
+
+      it "should not fired for user with role :user" do
+        @user.stub(:has_role?){|role| role==:user}
+        @rule.fired?("/admin", :get, @user).should_not be_true
+      end
+    end
   end
 end

data/tuersteher.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{tuersteher}
-  s.version = "0.4.0"
+  s.version = "0.4.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Bernd Ledig"]
-  s.date = %q{2010-09-04}
+  s.date = %q{2010-09-19}
   s.description = %q{Security-Layer for Rails-Application acts like a firewall.}
   s.email = %q{bernd@ledig.info}
   s.extra_rdoc_files = [

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: tuersteher
 version: !ruby/object:Gem::Version 
-  hash: 15
+  hash: 13
   prerelease: false
   segments: 
   - 0
   - 4
-  - 0
-  version: 0.4.0
+  - 1
+  version: 0.4.1
 platform: ruby
 authors: 
 - Bernd Ledig
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-04 00:00:00 +02:00
+date: 2010-09-19 00:00:00 +02:00
 default_executable: 
 dependencies: []