walruz-rails 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +24 -1
- data/lib/walruz/controller_mixin.rb +1 -1
- data/rails_generators/templates/actor_is_subject_example.rb +10 -0
- data/rails_generators/templates/policies.rb +34 -0
- data/rails_generators/templates/policy.rb +10 -0
- data/rails_generators/templates/policy_spec.rb +38 -0
- data/rails_generators/templates/policy_test.rb +22 -0
- data/rails_generators/templates/unauthorized.html +9 -0
- data/rails_generators/templates/walruz_initializer.rb +22 -0
- data/rails_generators/walruz_generator.rb +22 -0
- data/rails_generators/walruz_policy_generator.rb +36 -0
- data/spec/scenario.rb +5 -5
- metadata +14 -40
- data/Rakefile +0 -49
- data/VERSION.yml +0 -4
data/README.rdoc
CHANGED
@@ -4,13 +4,36 @@ Simple but Powerful authorization features for Ruby on Rails.
|
|
4
4
|
|
5
5
|
walruz-rails is a Walruz extension that allows you to integrate easily the Walruz authorization framework with Ruby on Rails.
|
6
6
|
|
7
|
-
For more information about the functionality of walruz please check the
|
7
|
+
For more information about the functionality of walruz please check the walruz webpage (http://walruz.rubyforge.org)
|
8
8
|
|
9
9
|
== FEATURES
|
10
10
|
|
11
11
|
* It provides generators to setup easily your authorization policies
|
12
12
|
* It provides filters for ActionController that enhances the invocations for verification of authorizations
|
13
13
|
|
14
|
+
|
15
|
+
== HOW TO USE THE FILTERS
|
16
|
+
|
17
|
+
walruz-rails provides the check_authorization method, this method will generate a before_filter for the parameters specified to this method:
|
18
|
+
|
19
|
+
Example:
|
20
|
+
|
21
|
+
class UsersController < ApplicationController
|
22
|
+
|
23
|
+
before_filter :get_user, :except => :index
|
24
|
+
|
25
|
+
before_filter check_authorization(:create, :user), :only => [:new, :create]
|
26
|
+
before_filter check_authorization(:read, :user), :only => :show
|
27
|
+
before_filter check_authorization(:update, :user), :only => [:edit, :update]
|
28
|
+
before_filter check_authorization(:destroy, :user), :only => [:delete, :destroy]
|
29
|
+
end
|
30
|
+
|
31
|
+
All this invocations will get translated to:
|
32
|
+
|
33
|
+
current_user.authorize(action, subject)
|
34
|
+
|
35
|
+
The result of this invocation will be on a controller method called `policy_params`.
|
36
|
+
|
14
37
|
== INSTALL
|
15
38
|
|
16
39
|
Execute the generator to enable walruz on your project:
|
@@ -59,7 +59,7 @@ module Walruz
|
|
59
59
|
error_message = "There is neither an instance variable @%s nor a instance method %s on the %s instance context" % [subject, subject, controller.class.name]
|
60
60
|
raise ArgumentError.new(error_message)
|
61
61
|
end
|
62
|
-
params = controller.send(:current_user).
|
62
|
+
params = controller.send(:current_user).authorize(action, subject_instance)
|
63
63
|
controller.set_policy_params!(params)
|
64
64
|
end
|
65
65
|
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module Policies
|
2
|
+
extend Walruz::Utils
|
3
|
+
|
4
|
+
def self.policy(policy_label)
|
5
|
+
Walruz.policies[policy_label]
|
6
|
+
end
|
7
|
+
|
8
|
+
#
|
9
|
+
# Add an autoload invocation to the policies you implement on the policies
|
10
|
+
# directory.
|
11
|
+
# Examples:
|
12
|
+
# autoload :AdminPolicy, 'walruz/policies/admin_policy'
|
13
|
+
# autoload :FooPolicy, 'walruz/policies/other_policy'
|
14
|
+
|
15
|
+
|
16
|
+
#
|
17
|
+
# Then use it on your models:
|
18
|
+
# require 'walruz/policies'
|
19
|
+
#
|
20
|
+
# class ASubject
|
21
|
+
# check_authorization :create => Policies::AdminPolicy
|
22
|
+
# end
|
23
|
+
#
|
24
|
+
|
25
|
+
#
|
26
|
+
#
|
27
|
+
# If you want to use combined policies and give them a name you can do so
|
28
|
+
# pretty easily using the `any`, `all` or `negate` helpers
|
29
|
+
#
|
30
|
+
# AdminOrFooPolicy = any(AdminPolicy, FooPolicy)
|
31
|
+
# AdminAndNotFooPolicy = all(AdminPolicy, negate(FooPolicy))
|
32
|
+
#
|
33
|
+
|
34
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
require File.dirname(__FILE__) + '/../spec_helper'
|
2
|
+
# You need to
|
3
|
+
# require 'walruz/policies'
|
4
|
+
# in your spec_helper.rb file
|
5
|
+
|
6
|
+
describe Policies::<%= class_name %> do
|
7
|
+
|
8
|
+
before(:each) do
|
9
|
+
@policy = Policies::<%= class_name %>.new
|
10
|
+
end
|
11
|
+
|
12
|
+
describe "with valid actor and subject" do
|
13
|
+
|
14
|
+
before(:each) do
|
15
|
+
# setup valid relationship between actor and subject
|
16
|
+
end
|
17
|
+
|
18
|
+
it "should return true" do
|
19
|
+
pending
|
20
|
+
# @policy.safe_authorized?(@actor, @subject)[0].should be_true
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|
24
|
+
|
25
|
+
describe "with invalid actor and subject" do
|
26
|
+
|
27
|
+
before(:each) do
|
28
|
+
# setup invalid relationship between actor and subject
|
29
|
+
end
|
30
|
+
|
31
|
+
it "should return false" do
|
32
|
+
pending
|
33
|
+
# @policy.safe_authorized?(@actor, @subject)[0].should be_false
|
34
|
+
end
|
35
|
+
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# You need to
|
2
|
+
# require 'walruz/policies'
|
3
|
+
# in your spec_helper.rb file
|
4
|
+
|
5
|
+
|
6
|
+
class Policies::<%= class_name %>Test < Test::Unit
|
7
|
+
|
8
|
+
def setup
|
9
|
+
@policy = Policies::<%= class_name %>.new
|
10
|
+
end
|
11
|
+
|
12
|
+
def test_return_true_with_valid_association_of_actor_and_subject
|
13
|
+
# setup valid association btw actor and subject
|
14
|
+
# assert !@policy.safe_authorized?(actor, subject)[0]
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_return_false_with_invalid_association_of_actor_and_subject
|
18
|
+
# setup invalid association btw actor and subject
|
19
|
+
# assert @policy.safe_authorized?(actor, subject)[0]
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
Walruz.setup do |config|
|
2
|
+
|
3
|
+
# All the models of ActiveRecord can behave as actors and subjects
|
4
|
+
config.actors = [ActiveRecord::Base]
|
5
|
+
config.subjects = [ActiveRecord::Base]
|
6
|
+
|
7
|
+
ActionController::Base.class_eval do
|
8
|
+
|
9
|
+
rescue_from Walruz::NotAuthorized, :with => :unauthorized
|
10
|
+
|
11
|
+
#
|
12
|
+
# This method will be called when a user is not authorized. By
|
13
|
+
# default it renders an unauthorized template on the public directory
|
14
|
+
# with a HTTP status 401 (not authorized)
|
15
|
+
# This method can be overwritted in childs of ActionController::Base
|
16
|
+
# to have a better handling of unauthorized exceptions
|
17
|
+
def unauthorized(e)
|
18
|
+
render :file => "#{RAILS_ROOT}/public/unauthorized.html", :status => 401
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
class WalruzGenerator < Rails::Generator::Base
|
2
|
+
|
3
|
+
def manifest
|
4
|
+
record do |m|
|
5
|
+
m.directory 'config/initializers'
|
6
|
+
m.file('walruz_initializer.rb', 'config/initializers/walruz_initializer.rb')
|
7
|
+
|
8
|
+
m.directory 'lib/walruz'
|
9
|
+
m.directory 'lib/walruz/policies'
|
10
|
+
m.file('policies.rb', 'lib/walruz/policies.rb')
|
11
|
+
m.file('actor_is_subject_example.rb', 'lib/walruz/policies/actor_is_subject.rb')
|
12
|
+
|
13
|
+
m.directory 'public'
|
14
|
+
m.file('unauthorized.html', 'public/unauthorized.html')
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def banner
|
19
|
+
"Usage: #{$0} walruz"
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
class WalruzPolicyGenerator < Rails::Generator::NamedBase
|
2
|
+
|
3
|
+
def manifest
|
4
|
+
record do |m|
|
5
|
+
m.class_collisions "#{class_name}Policy"
|
6
|
+
m.directory 'lib/walruz/policies'
|
7
|
+
m.template 'policy.rb', File.join('lib/walruz/policies', class_path, "#{file_name}.rb")
|
8
|
+
|
9
|
+
|
10
|
+
if options[:test]
|
11
|
+
# we generate the rSpec stub
|
12
|
+
m.directory 'spec'
|
13
|
+
m.directory 'spec/policies'
|
14
|
+
m.template 'policy_spec.rb', File.join("spec/policies", "#{file_name}_spec.rb")
|
15
|
+
else
|
16
|
+
m.directory 'test'
|
17
|
+
m.directory 'test/policies'
|
18
|
+
m.template 'policy_test.rb', File.join("test/policies", "#{file_name}_test.rb")
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
protected
|
25
|
+
|
26
|
+
def add_options!(opt)
|
27
|
+
opt.separator ''
|
28
|
+
opt.separator 'Options:'
|
29
|
+
opt.on('--spec', 'Add an rSpec test to the spec folder (DEFAULT)') { |v| options[:spec] = true }
|
30
|
+
opt.on('--test', 'Add a Test::Unit file to the test folder') { |v| options[:test] = true }
|
31
|
+
end
|
32
|
+
|
33
|
+
def banner
|
34
|
+
"Usage: #{$0} walruz_policy [--spec|--test]"
|
35
|
+
end
|
36
|
+
end
|
data/spec/scenario.rb
CHANGED
@@ -13,7 +13,7 @@ class Beatle
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def sing_the_song(song)
|
16
|
-
response =
|
16
|
+
response = authorize(:sing, song)
|
17
17
|
case response[:owner]
|
18
18
|
when Colaboration
|
19
19
|
authors = response[:owner].authors.dup
|
@@ -26,7 +26,7 @@ class Beatle
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def sing_with_john(song)
|
29
|
-
|
29
|
+
authorize(:sing_with_john, song)
|
30
30
|
"Ok John, Let's Play '%s'" % song.name
|
31
31
|
end
|
32
32
|
|
@@ -75,7 +75,7 @@ end
|
|
75
75
|
#
|
76
76
|
# end
|
77
77
|
|
78
|
-
AuthorPolicy =
|
78
|
+
AuthorPolicy = SubjectIsActorPolicy.for_subject(:author) do |authorized, params, actor, subject|
|
79
79
|
params.merge!(:owner => actor) if authorized
|
80
80
|
end
|
81
81
|
|
@@ -105,8 +105,8 @@ class Song
|
|
105
105
|
include Walruz::Subject
|
106
106
|
extend Walruz::Utils
|
107
107
|
|
108
|
-
check_authorizations :sing =>
|
109
|
-
:sell =>
|
108
|
+
check_authorizations :sing => any(AuthorPolicy, AuthorInColaborationPolicy),
|
109
|
+
:sell => all(AuthorPolicy, negate(AuthorInColaborationPolicy)),
|
110
110
|
:sing_with_john => ColaboratingWithJohnPolicy
|
111
111
|
attr_accessor :name
|
112
112
|
attr_accessor :colaboration
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: walruz-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Roman Gonzalez
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-07-
|
12
|
+
date: 2009-07-02 00:00:00 -07:00
|
13
13
|
default_executable:
|
14
14
|
dependencies: []
|
15
15
|
|
@@ -23,10 +23,6 @@ extra_rdoc_files:
|
|
23
23
|
- LICENSE
|
24
24
|
- README.rdoc
|
25
25
|
files:
|
26
|
-
- LICENSE
|
27
|
-
- README.rdoc
|
28
|
-
- Rakefile
|
29
|
-
- VERSION.yml
|
30
26
|
- examples/rails/README
|
31
27
|
- examples/rails/Rakefile
|
32
28
|
- examples/rails/app/controllers/application_controller.rb
|
@@ -102,9 +98,17 @@ files:
|
|
102
98
|
- examples/rails/test/test_helper.rb
|
103
99
|
- lib/walruz/controller_mixin.rb
|
104
100
|
- lib/walruz_rails.rb
|
105
|
-
-
|
106
|
-
-
|
107
|
-
-
|
101
|
+
- rails_generators/templates/actor_is_subject_example.rb
|
102
|
+
- rails_generators/templates/policies.rb
|
103
|
+
- rails_generators/templates/policy.rb
|
104
|
+
- rails_generators/templates/policy_spec.rb
|
105
|
+
- rails_generators/templates/policy_test.rb
|
106
|
+
- rails_generators/templates/unauthorized.html
|
107
|
+
- rails_generators/templates/walruz_initializer.rb
|
108
|
+
- rails_generators/walruz_generator.rb
|
109
|
+
- rails_generators/walruz_policy_generator.rb
|
110
|
+
- LICENSE
|
111
|
+
- README.rdoc
|
108
112
|
has_rdoc: true
|
109
113
|
homepage: http://github.com/noomii/walruz-rails
|
110
114
|
licenses: []
|
@@ -132,38 +136,8 @@ rubyforge_project: walruz-rails
|
|
132
136
|
rubygems_version: 1.3.3
|
133
137
|
signing_key:
|
134
138
|
specification_version: 3
|
135
|
-
summary: Gem for easy integration between walruz
|
139
|
+
summary: Gem for easy integration between walruz and the Ruby on Rails framework
|
136
140
|
test_files:
|
137
141
|
- spec/controller_mixin_spec.rb
|
138
142
|
- spec/scenario.rb
|
139
143
|
- spec/spec_helper.rb
|
140
|
-
- examples/rails/app/controllers/application_controller.rb
|
141
|
-
- examples/rails/app/helpers/application_helper.rb
|
142
|
-
- examples/rails/app/models/beatle.rb
|
143
|
-
- examples/rails/app/models/colaboration.rb
|
144
|
-
- examples/rails/app/models/song.rb
|
145
|
-
- examples/rails/config/boot.rb
|
146
|
-
- examples/rails/config/environment.rb
|
147
|
-
- examples/rails/config/environments/development.rb
|
148
|
-
- examples/rails/config/environments/production.rb
|
149
|
-
- examples/rails/config/environments/test.rb
|
150
|
-
- examples/rails/config/initializers/backtrace_silencers.rb
|
151
|
-
- examples/rails/config/initializers/inflections.rb
|
152
|
-
- examples/rails/config/initializers/mime_types.rb
|
153
|
-
- examples/rails/config/initializers/new_rails_defaults.rb
|
154
|
-
- examples/rails/config/initializers/session_store.rb
|
155
|
-
- examples/rails/config/initializers/walruz_initializer.rb
|
156
|
-
- examples/rails/config/routes.rb
|
157
|
-
- examples/rails/db/migrate/20090604201506_create_beatles.rb
|
158
|
-
- examples/rails/db/migrate/20090604201512_create_songs.rb
|
159
|
-
- examples/rails/db/migrate/20090604201527_create_colaborations.rb
|
160
|
-
- examples/rails/db/schema.rb
|
161
|
-
- examples/rails/lib/walruz/policies/author_policy.rb
|
162
|
-
- examples/rails/lib/walruz/policies/colaboration_policy.rb
|
163
|
-
- examples/rails/lib/walruz/policies.rb
|
164
|
-
- examples/rails/spec/models/beatle_spec.rb
|
165
|
-
- examples/rails/spec/models/colaboration_spec.rb
|
166
|
-
- examples/rails/spec/models/song_spec.rb
|
167
|
-
- examples/rails/spec/spec_helper.rb
|
168
|
-
- examples/rails/test/performance/browsing_test.rb
|
169
|
-
- examples/rails/test/test_helper.rb
|
data/Rakefile
DELETED
@@ -1,49 +0,0 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'rake'
|
3
|
-
|
4
|
-
begin
|
5
|
-
require 'jeweler'
|
6
|
-
Jeweler::Tasks.new do |gem|
|
7
|
-
gem.name = "walruz-rails"
|
8
|
-
gem.summary = %Q{Gem for easy integration between walruz andthe Ruby on Rails framework}
|
9
|
-
gem.email = "roman@noomii.com"
|
10
|
-
gem.homepage = "http://github.com/noomii/walruz-rails"
|
11
|
-
gem.authors = ["Roman Gonzalez"]
|
12
|
-
gem.rubyforge_project = "walruz-rails"
|
13
|
-
|
14
|
-
# gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
|
15
|
-
end
|
16
|
-
rescue LoadError
|
17
|
-
puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
|
18
|
-
end
|
19
|
-
|
20
|
-
require 'spec/rake/spectask'
|
21
|
-
Spec::Rake::SpecTask.new(:spec) do |spec|
|
22
|
-
spec.libs << 'lib' << 'spec'
|
23
|
-
spec.spec_files = FileList['spec/**/*_spec.rb']
|
24
|
-
end
|
25
|
-
|
26
|
-
Spec::Rake::SpecTask.new(:rcov) do |spec|
|
27
|
-
spec.libs << 'lib' << 'spec'
|
28
|
-
spec.pattern = 'spec/**/*_spec.rb'
|
29
|
-
spec.rcov = true
|
30
|
-
end
|
31
|
-
|
32
|
-
|
33
|
-
task :default => :spec
|
34
|
-
|
35
|
-
require 'rake/rdoctask'
|
36
|
-
Rake::RDocTask.new do |rdoc|
|
37
|
-
if File.exist?('VERSION.yml')
|
38
|
-
config = YAML.load(File.read('VERSION.yml'))
|
39
|
-
version = "#{config[:major]}.#{config[:minor]}.#{config[:patch]}"
|
40
|
-
else
|
41
|
-
version = ""
|
42
|
-
end
|
43
|
-
|
44
|
-
rdoc.rdoc_dir = 'rdoc'
|
45
|
-
rdoc.title = "walruz-rails #{version}"
|
46
|
-
rdoc.rdoc_files.include('README*')
|
47
|
-
rdoc.rdoc_files.include('lib/**/*.rb')
|
48
|
-
end
|
49
|
-
|
data/VERSION.yml
DELETED