tuersteher 0.6.3 → 0.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +13 -8
- data/VERSION +1 -1
- data/lib/tuersteher.rb +40 -20
- data/tuersteher.gemspec +2 -2
- metadata +4 -4
data/README.rdoc
CHANGED
|
@@ -16,14 +16,19 @@ Create in your Rails-Application the rules-file "config/access_rules.rb"
|
|
|
16
16
|
Here is as small sample for "config/access_rules.rb"
|
|
17
17
|
|
|
18
18
|
# Path-Acces-Rules
|
|
19
|
-
|
|
20
|
-
|
|
19
|
+
path('/').grant.method(:get)
|
|
20
|
+
path(:all).grant.role(:ADMIN)
|
|
21
|
+
path('/user/lock').deny.role(:USER).role(:APPROVER)
|
|
21
22
|
|
|
22
23
|
# Model-Acces-Rules
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
24
|
+
model(Dashboard).grant.method(:view)
|
|
25
|
+
|
|
26
|
+
model(Todo) do
|
|
27
|
+
grant.method(:view)
|
|
28
|
+
grant.method(:full_view).role(:ADMIN)
|
|
29
|
+
grant.method(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
|
|
30
|
+
grant-method(:delete).not.role(:ADMIN)
|
|
31
|
+
end
|
|
27
32
|
|
|
28
33
|
Then extend your ApplicationController with:
|
|
29
34
|
|
|
@@ -35,9 +40,9 @@ Check if your authendicate-system has implemented the methods:
|
|
|
35
40
|
* current_user
|
|
36
41
|
* access_denied
|
|
37
42
|
|
|
38
|
-
and the
|
|
43
|
+
and the current_user should have a method
|
|
39
44
|
|
|
40
|
-
* has_role(
|
|
45
|
+
* has_role?(role)
|
|
41
46
|
|
|
42
47
|
If not, just implemen it (see samples/application_controller.rb)
|
|
43
48
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.6.
|
|
1
|
+
0.6.4
|
data/lib/tuersteher.rb
CHANGED
|
@@ -35,7 +35,7 @@ module Tuersteher
|
|
|
35
35
|
class AccessRulesStorage
|
|
36
36
|
include Singleton
|
|
37
37
|
|
|
38
|
-
|
|
38
|
+
attr_writer :rules_config_file # to set own access_rules-path
|
|
39
39
|
|
|
40
40
|
DEFAULT_RULES_CONFIG_FILE = 'access_rules.rb' # in config-dir
|
|
41
41
|
|
|
@@ -47,22 +47,45 @@ module Tuersteher
|
|
|
47
47
|
|
|
48
48
|
# get all path_rules as array of PathAccessRule-Instances
|
|
49
49
|
def path_rules
|
|
50
|
-
|
|
50
|
+
read_rules_if_needed
|
|
51
51
|
@path_rules
|
|
52
52
|
end
|
|
53
53
|
|
|
54
54
|
# get all model_rules as array of ModelAccessRule-Instances
|
|
55
55
|
def model_rules
|
|
56
|
-
|
|
56
|
+
read_rules_if_needed
|
|
57
57
|
@model_rules
|
|
58
58
|
end
|
|
59
59
|
|
|
60
|
+
|
|
61
|
+
def read_rules_if_needed
|
|
62
|
+
if @was_read
|
|
63
|
+
# aller 5 Minuten pruefen ob AccessRules-File sich geändert hat
|
|
64
|
+
t = Time.now.to_i
|
|
65
|
+
if @last_read_check && (@last_read_check - t) > 300
|
|
66
|
+
@last_read_check = t
|
|
67
|
+
cur_mtime = File.mtime(self.rules_config_file)
|
|
68
|
+
if @last_mtime.nil? || cur_mtime > @last_mtime
|
|
69
|
+
@last_mtime = cur_mtime
|
|
70
|
+
read_rules
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
else
|
|
74
|
+
read_rules
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
|
|
79
|
+
def rules_config_file
|
|
80
|
+
@rules_config_file ||= File.join(Rails.root, 'config', DEFAULT_RULES_CONFIG_FILE)
|
|
81
|
+
end
|
|
60
82
|
|
|
61
83
|
# evaluated rules_definitions and create path-/model-rules
|
|
62
84
|
def eval_rules rules_definitions
|
|
63
85
|
@path_rules = []
|
|
64
86
|
@model_rules = []
|
|
65
87
|
eval rules_definitions, binding, (@rules_config_file||'no file')
|
|
88
|
+
extend_path_rules_with_prefix @prefix
|
|
66
89
|
@was_read = true
|
|
67
90
|
Tuersteher::TLogger.logger.info "Tuersteher::AccessRulesStorage: #{@path_rules.size} path-rules and #{@model_rules.size} model-rules"
|
|
68
91
|
end
|
|
@@ -70,15 +93,8 @@ module Tuersteher
|
|
|
70
93
|
# Load AccesRules from file
|
|
71
94
|
# config/access_rules.rb
|
|
72
95
|
def read_rules
|
|
73
|
-
@rules_config_file ||= File.join(Rails.root, 'config', DEFAULT_RULES_CONFIG_FILE)
|
|
74
|
-
rules_file = File.new @rules_config_file
|
|
75
96
|
@was_read = false
|
|
76
|
-
content =
|
|
77
|
-
if @last_mtime.nil? || rules_file.mtime > @last_mtime
|
|
78
|
-
@last_mtime = rules_file.mtime
|
|
79
|
-
content = rules_file.read
|
|
80
|
-
end
|
|
81
|
-
rules_file.close
|
|
97
|
+
content = File.read self.rules_config_file
|
|
82
98
|
if content
|
|
83
99
|
eval_rules content
|
|
84
100
|
end
|
|
@@ -86,6 +102,7 @@ module Tuersteher
|
|
|
86
102
|
Tuersteher::TLogger.logger.error "Tuersteher::AccessRulesStorage - Error in rules: #{ex.message}\n\t"+ex.backtrace.join("\n\t")
|
|
87
103
|
end
|
|
88
104
|
|
|
105
|
+
|
|
89
106
|
# definiert HTTP-Pfad-basierende Zugriffsregel
|
|
90
107
|
#
|
|
91
108
|
# path: :all fuer beliebig, sonst String mit der http-path beginnen muss,
|
|
@@ -137,12 +154,20 @@ module Tuersteher
|
|
|
137
154
|
rule.deny
|
|
138
155
|
end
|
|
139
156
|
|
|
157
|
+
|
|
158
|
+
def path_prefix_processed?
|
|
159
|
+
!@path_prefix.nil?
|
|
160
|
+
end
|
|
161
|
+
|
|
162
|
+
|
|
140
163
|
# Erweitern des Path um einen Prefix
|
|
141
164
|
# Ist notwenig wenn z.B. die Rails-Anwendung nicht als root-Anwendung läuft
|
|
142
165
|
# also root_path != '/' ist.'
|
|
143
166
|
def extend_path_rules_with_prefix prefix
|
|
144
|
-
Tuersteher::TLogger.logger.info "extend_path_rules_with_prefix: #{prefix}"
|
|
145
167
|
@path_prefix = prefix
|
|
168
|
+
return if prefix.nil? || prefix.size < 2
|
|
169
|
+
prefix.chomp!('/') # des abschliessende / entfernen
|
|
170
|
+
Tuersteher::TLogger.logger.info "extend_path_rules_with_prefix: #{prefix}"
|
|
146
171
|
path_rules.each do |rule|
|
|
147
172
|
path_spec = rule.path_spezification
|
|
148
173
|
if path_spec
|
|
@@ -238,7 +263,6 @@ module Tuersteher
|
|
|
238
263
|
module ControllerExtensions
|
|
239
264
|
|
|
240
265
|
@@url_path_method = nil
|
|
241
|
-
@@prefix_checked = nil
|
|
242
266
|
|
|
243
267
|
# Pruefen Zugriff fuer eine Web-action
|
|
244
268
|
#
|
|
@@ -246,14 +270,10 @@ module Tuersteher
|
|
|
246
270
|
# method http-Methode (:get, :put, :delete, :post), default ist :get
|
|
247
271
|
#
|
|
248
272
|
def path_access?(path, method = :get)
|
|
249
|
-
|
|
250
|
-
|
|
273
|
+
ar_storage = AccessRulesStorage.instance
|
|
274
|
+
unless ar_storage.path_prefix_processed?
|
|
251
275
|
prefix = respond_to?(:root_path) && root_path
|
|
252
|
-
|
|
253
|
-
prefix.chomp!('/') # des abschliessende / entfernen
|
|
254
|
-
AccessRulesStorage.instance.extend_path_rules_with_prefix(prefix)
|
|
255
|
-
Rails.logger.info "Tuersteher::ControllerExtensions: set path-prefix to: #{prefix}"
|
|
256
|
-
end
|
|
276
|
+
ar_storage.extend_path_rules_with_prefix(prefix)
|
|
257
277
|
end
|
|
258
278
|
AccessRules.path_access? current_user, path, method
|
|
259
279
|
end
|
data/tuersteher.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{tuersteher}
|
|
8
|
-
s.version = "0.6.
|
|
8
|
+
s.version = "0.6.4"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Bernd Ledig"]
|
|
12
|
-
s.date = %q{2011-07
|
|
12
|
+
s.date = %q{2011-09-07}
|
|
13
13
|
s.description = %q{Security-Layer for Rails-Application acts like a firewall.}
|
|
14
14
|
s.email = %q{bernd@ledig.info}
|
|
15
15
|
s.extra_rdoc_files = [
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tuersteher
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 15
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 6
|
|
9
|
-
-
|
|
10
|
-
version: 0.6.
|
|
9
|
+
- 4
|
|
10
|
+
version: 0.6.4
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Bernd Ledig
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-07
|
|
18
|
+
date: 2011-09-07 00:00:00 +02:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies: []
|
|
21
21
|
|