walruz 0.0.12 → 0.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG +6 -0
- data/VERSION.yml +1 -1
- data/lib/walruz/actor.rb +4 -0
- data/lib/walruz/manager.rb +31 -11
- data/spec/scenario.rb +1 -0
- data/spec/walruz/manager_spec.rb +33 -0
- data/walruz.gemspec +2 -2
- metadata +4 -4
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
* 0.0.13 (Jul 21, 2011)
|
|
2
|
+
* Adding a new method to the Walruz::Manager class: satisfies!, same behaviour
|
|
3
|
+
than satisfies, but raises a Walruz::NotAuthorized error if the actor and
|
|
4
|
+
subject can't satisfy the policy
|
|
5
|
+
|
|
6
|
+
|
|
1
7
|
* 0.0.10 (Aug 26, 2009) Walruz wanted to be an actor too...
|
|
2
8
|
* Fixed bug related to Walruz::NotAuthorized info, the actor was Walruz
|
|
3
9
|
instead of the current actor, when the authorization was being called from
|
data/VERSION.yml
CHANGED
data/lib/walruz/actor.rb
CHANGED
|
@@ -105,6 +105,10 @@ module Walruz
|
|
|
105
105
|
def satisfies(policy_label, subject)
|
|
106
106
|
super(self, policy_label, subject)
|
|
107
107
|
end
|
|
108
|
+
|
|
109
|
+
def satisfies!(policy_label, subject)
|
|
110
|
+
super(self, policy_label, subject)
|
|
111
|
+
end
|
|
108
112
|
|
|
109
113
|
walruz_memoize :can?, :authorize, :satisfies?, :satisfies
|
|
110
114
|
|
data/lib/walruz/manager.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
module Walruz
|
|
1
|
+
module Walruz
|
|
2
2
|
|
|
3
3
|
# The objective of this class is to start the invocation
|
|
4
4
|
# of the authorization process, the methods of this class are used
|
|
@@ -24,20 +24,40 @@ module Walruz
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def authorize(actor, action, subject)
|
|
27
|
-
result = Walruz::Manager.check_action_authorization(actor,
|
|
27
|
+
result = Walruz::Manager.check_action_authorization(actor,
|
|
28
|
+
action,
|
|
29
|
+
subject)
|
|
28
30
|
result[0] ? result[1] : nil
|
|
29
31
|
end
|
|
30
32
|
|
|
31
33
|
def satisfies?(actor, policy_label, subject)
|
|
32
|
-
result = Walruz::Manager.check_policy_authorization(actor,
|
|
34
|
+
result = Walruz::Manager.check_policy_authorization(actor,
|
|
35
|
+
policy_label,
|
|
36
|
+
subject)
|
|
33
37
|
result[0]
|
|
34
38
|
end
|
|
35
39
|
|
|
36
40
|
def satisfies(actor, policy_label, subject)
|
|
37
|
-
result = Walruz::Manager.check_policy_authorization(actor,
|
|
41
|
+
result = Walruz::Manager.check_policy_authorization(actor,
|
|
42
|
+
policy_label,
|
|
43
|
+
subject)
|
|
38
44
|
result[0] ? result[1] : nil
|
|
39
45
|
end
|
|
40
46
|
|
|
47
|
+
def satisfies!(actor, policy_label, subject)
|
|
48
|
+
result = Walruz::Manager.check_policy_authorization(actor,
|
|
49
|
+
policy_label,
|
|
50
|
+
subject)
|
|
51
|
+
if result[0]
|
|
52
|
+
result[1]
|
|
53
|
+
else
|
|
54
|
+
response_params = result[1]
|
|
55
|
+
error_message = response_params[:error_message] ||
|
|
56
|
+
"You are not authorized to access this content"
|
|
57
|
+
raise NotAuthorized.new(actor, subject, :access, error_message)
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
41
61
|
end
|
|
42
62
|
|
|
43
63
|
|
|
@@ -52,14 +72,14 @@ module Walruz
|
|
|
52
72
|
action = if subject.class._walruz_policies.key?(:default)
|
|
53
73
|
subject.class._walruz_policies.key?(action) ? action : :default
|
|
54
74
|
else
|
|
55
|
-
if subject.class._walruz_policies.key?(action)
|
|
75
|
+
if subject.class._walruz_policies.key?(action)
|
|
56
76
|
action
|
|
57
|
-
else
|
|
58
|
-
raise ActionNotFound.new(:subject_action, :subject => subject,
|
|
77
|
+
else
|
|
78
|
+
raise ActionNotFound.new(:subject_action, :subject => subject,
|
|
59
79
|
:action => action)
|
|
60
80
|
end
|
|
61
81
|
end
|
|
62
|
-
|
|
82
|
+
|
|
63
83
|
begin
|
|
64
84
|
result = subject.class._walruz_policies[action].
|
|
65
85
|
return_policy.
|
|
@@ -74,19 +94,19 @@ module Walruz
|
|
|
74
94
|
|
|
75
95
|
def self.check_policy_authorization(actor, policy_label, subject)
|
|
76
96
|
policy_clz = Walruz.fetch_policy(policy_label)
|
|
77
|
-
|
|
97
|
+
|
|
78
98
|
begin
|
|
79
99
|
result = policy_clz.return_policy.new.safe_authorized?(actor, subject)
|
|
80
100
|
rescue PolicyHalted => e
|
|
81
101
|
result = [false, { :error_message => e.message }]
|
|
82
102
|
end
|
|
83
103
|
|
|
84
|
-
result
|
|
104
|
+
result
|
|
85
105
|
end
|
|
86
106
|
|
|
87
107
|
private
|
|
88
108
|
|
|
89
|
-
def self.check_action_authorization_is_declared_on_subject(subject, action)
|
|
109
|
+
def self.check_action_authorization_is_declared_on_subject(subject, action)
|
|
90
110
|
if subject.class._walruz_policies.nil?
|
|
91
111
|
message =<<-BEGIN
|
|
92
112
|
You need to invoke `check_authorizations :#{action} => Policies::SomePolicy` on the #{subject.class.name} class
|
data/spec/scenario.rb
CHANGED
data/spec/walruz/manager_spec.rb
CHANGED
|
@@ -48,7 +48,40 @@ describe Walruz::Manager do
|
|
|
48
48
|
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
+
describe "when executing the satisfies! method" do
|
|
52
|
+
|
|
53
|
+
describe "and the actor and subject satisfy the policy" do
|
|
54
|
+
|
|
55
|
+
it "should return the policy hash" do
|
|
56
|
+
policy_params = Walruz.satisfies!(Beatle::RINGO, :subject_is_actor, Beatle::RINGO)
|
|
57
|
+
policy_params.should_not be_nil
|
|
58
|
+
policy_params[:subject_is_actor?].should be_true
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
describe "and the actor and subject can't satisfy the policy" do
|
|
64
|
+
|
|
65
|
+
it "should raise a Walruz::NotAuthorized exception" do
|
|
66
|
+
lambda do
|
|
67
|
+
Walruz.satisfies!(Beatle::RINGO, :subject_is_actor, Beatle::JOHN)
|
|
68
|
+
end.should raise_error(Walruz::NotAuthorized)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
it "should raise a Walruz::NotAuthorized exception with info about the actor, subject and access action" do
|
|
72
|
+
begin
|
|
73
|
+
Walruz.satisfies!(Beatle::RINGO, :subject_is_actor, Beatle::JOHN)
|
|
74
|
+
rescue Walruz::NotAuthorized => e
|
|
75
|
+
e.actor.should == Beatle::RINGO
|
|
76
|
+
e.subject.should == Beatle::JOHN
|
|
77
|
+
e.action.should == :access
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
end
|
|
82
|
+
|
|
51
83
|
end
|
|
52
84
|
|
|
85
|
+
end
|
|
53
86
|
|
|
54
87
|
end
|
data/walruz.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{walruz}
|
|
8
|
-
s.version = "0.0.
|
|
8
|
+
s.version = "0.0.13"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Roman Gonzalez"]
|
|
12
|
-
s.date = %q{2011-07-
|
|
12
|
+
s.date = %q{2011-07-21}
|
|
13
13
|
s.description = %q{
|
|
14
14
|
Walruz provides an easy to use DSL to do composition of basic
|
|
15
15
|
authorization policies to create more complex ones, and then register
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: walruz
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 5
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 0.0.
|
|
9
|
+
- 13
|
|
10
|
+
version: 0.0.13
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Roman Gonzalez
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-07-
|
|
18
|
+
date: 2011-07-21 00:00:00 -07:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|