walruz 0.0.10 → 0.0.11
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +14 -10
- data/VERSION.yml +2 -1
- data/lib/walruz/core_ext/array.rb +1 -1
- data/lib/walruz/policy.rb +1 -1
- data/spec/walruz/walruz_spec.rb +2 -1
- data/walruz.gemspec +7 -6
- metadata +33 -13
data/README.rdoc
CHANGED
@@ -1,4 +1,8 @@
|
|
1
|
-
= Walruz: Simple
|
1
|
+
= Walruz: Simple yet Powerful Policy Composition Authorization Framework
|
2
|
+
|
3
|
+
== Rails Integration
|
4
|
+
|
5
|
+
See walruz-rails[http://github.com/noomii/walruz-rails] gem.
|
2
6
|
|
3
7
|
== Basic and Terminology
|
4
8
|
|
@@ -67,9 +71,13 @@ Actor classes can use several methods to check if the <em>actor</em> instance ca
|
|
67
71
|
|
68
72
|
[<b><tt>can?(action, subject)</tt></b>] Returns boolean that says if the <em>actor</em> can execute or not the action on the <em>subject</em>.
|
69
73
|
|
70
|
-
[<b><tt>authorize(action, subject)</tt></b>] In case the <em>actor</em> can execute the action on the <em>subject</em>, it returns the parameters hash from the <em>policy</em>, otherwise it will
|
74
|
+
[<b><tt>authorize(action, subject)</tt></b>] In case the <em>actor</em> can execute the action on the <em>subject</em>, it returns the parameters hash from the <em>policy</em>, otherwise it will return <tt>nil</tt>
|
75
|
+
|
76
|
+
[<b><tt>authorize!(action, subject)</tt></b>] In case the <em>actor</em> can execute the action on the <em>subject</em>, it returns the parameters hash from the <em>policy</em>, otherwise it will raise a <tt>Walruz::NotAuthorized</tt> error.
|
71
77
|
|
72
|
-
[<b><tt>satisfies?(policy_label, subject)</tt></b>] It behaves just like the <tt>can?</tt> method, but instead of giving an action to be executed to the <em>subject</em>, it receives a <em>policy</em>
|
78
|
+
[<b><tt>satisfies?(policy_label, subject)</tt></b>] It behaves just like the <tt>can?</tt> method, but instead of giving an action to be executed to the <em>subject</em>, it receives a <em>policy label</em> (More on <em>policy labels</em> next).
|
79
|
+
|
80
|
+
[<b><tt>satisfies(policy_label, subject)</tt></b>] It behaves just like the <tt>authorize</tt> method, but instead of giving an action to be executed to the <em>subject</em>, it receives a <em>policy label</em>
|
73
81
|
|
74
82
|
In case the given action is not assigned to any <em>policy</em>, a default Policy will be executed (if given), if no default <em>policy</em> is given then a <tt>Walruz::ActionNotFound</tt> exception will be raised.
|
75
83
|
|
@@ -230,11 +238,11 @@ But as you may see, we are just creating new policies to handle old ones, we are
|
|
230
238
|
check_authorizations :read => PictureReadPolicy
|
231
239
|
end
|
232
240
|
|
233
|
-
The parameter of <tt>
|
241
|
+
The parameter of <tt>for_subject</tt> is the name of the <em>subject's</em> method that will return a new <em>subject</em>, this new <em>subject</em> is then passed through the <em>policy</em>. Pretty neat eh?
|
234
242
|
|
235
243
|
== Returning custom errors
|
236
244
|
|
237
|
-
Suppose you want to add an error to the authorization failure that is a more descriptive, you can do so on the <tt>authorized?</tt> method passing a hash with a <tt>:error_message</tt> key on the false return. If you use the <tt>
|
245
|
+
Suppose you want to add an error to the authorization failure that is a more descriptive, you can do so on the <tt>authorized?</tt> method passing a hash with a <tt>:error_message</tt> key on the false return. If you use the <tt>authorize!</tt> method on the <em>actor</em> model, this will become the <tt>Walruz::NotAuthorized</tt> error message.
|
238
246
|
|
239
247
|
Example:
|
240
248
|
|
@@ -257,14 +265,10 @@ You'll notice that once you start implementing policies for your system, you'll
|
|
257
265
|
- If the <em>policy</em> only applies to the <em>actor</em>, the <em>policy</em> class name should start with the Actor word (e.g. <tt>ActorIsAdmin</tt>)
|
258
266
|
- You should always have the compositions of policies in just one place in your library folder (e.g. in <tt>policies.rb</tt> file).
|
259
267
|
- The result of <em>policy</em> compositions should finish with the word Policy (e.g <tt>UserDeletePolicy = any(ActorIsSubject, ActorIsAdmin)</tt>)
|
260
|
-
- Use <tt>PolicyClass.
|
268
|
+
- Use <tt>PolicyClass.for_subject</tt> when you are combining the <em>policy</em> class with other policies, if you are not doing this, consider checking authorizations on parents of the <em>subject</em> instead of the <em>subject</em> (e.g. <tt>current_user.can?(:see_pictures_of, picture.owner)</tt>)
|
261
269
|
|
262
270
|
If you follow this rules, it will be much easier for you to merge policies together in an efficient way.
|
263
271
|
|
264
|
-
== Rails Integration
|
265
|
-
|
266
|
-
See walruz-rails[http://github.com/noomii/walruz-rails] gem.
|
267
|
-
|
268
272
|
== More examples
|
269
273
|
|
270
274
|
You may check the project in the examples/ directory for more info; on the rails project, take a look on the <tt>spec/models/beatle_spec.rb</tt> file, it's really illustrating.
|
data/VERSION.yml
CHANGED
@@ -45,7 +45,7 @@ module Walruz
|
|
45
45
|
# # this will execute current_user.can?(:read, post) for each element of the array
|
46
46
|
#
|
47
47
|
def only_authorized_for(actor, opts = {})
|
48
|
-
|
48
|
+
unless opts.kind_of?(Symbol)
|
49
49
|
only_authorized_with_options(actor, opts)
|
50
50
|
else # use the opts
|
51
51
|
only_authorized_on_action(actor, opts)
|
data/lib/walruz/policy.rb
CHANGED
@@ -163,7 +163,7 @@ module Walruz
|
|
163
163
|
# Returns the label assigned to the policy
|
164
164
|
#
|
165
165
|
def self.policy_label
|
166
|
-
@policy_label ||= (
|
166
|
+
@policy_label ||= ((name.nil? || name.empty?) ? nil : :"#{self.underscore(self.name)}")
|
167
167
|
end
|
168
168
|
|
169
169
|
#
|
data/spec/walruz/walruz_spec.rb
CHANGED
@@ -34,7 +34,8 @@ describe Walruz do
|
|
34
34
|
describe ".version" do
|
35
35
|
|
36
36
|
it "should return a string representing the current version" do
|
37
|
-
|
37
|
+
require 'yaml'
|
38
|
+
version = ::YAML.load_file(File.dirname(__FILE__) + "/../../VERSION.yml")
|
38
39
|
Walruz.version.should == "#{version[:major]}.#{version[:minor]}.#{version[:patch]}"
|
39
40
|
end
|
40
41
|
|
data/walruz.gemspec
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
# Generated by jeweler
|
2
|
-
# DO NOT EDIT THIS FILE
|
3
|
-
# Instead, edit Jeweler::Tasks in Rakefile, and run
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{walruz}
|
8
|
-
s.version = "0.0.
|
8
|
+
s.version = "0.0.11"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = ["Roman Gonzalez"]
|
12
|
-
s.date = %q{2010-
|
12
|
+
s.date = %q{2010-11-15}
|
13
13
|
s.description = %q{
|
14
14
|
Walruz provides an easy to use DSL to do composition of basic authorization policies to create
|
15
15
|
more complex ones, and then register this composed policies on actions performed to the model begin accessed
|
@@ -55,7 +55,7 @@ Gem::Specification.new do |s|
|
|
55
55
|
s.rdoc_options = ["--charset=UTF-8"]
|
56
56
|
s.require_paths = ["lib"]
|
57
57
|
s.rubyforge_project = %q{walruz}
|
58
|
-
s.rubygems_version = %q{1.3.
|
58
|
+
s.rubygems_version = %q{1.3.7}
|
59
59
|
s.summary = %q{Walruz is a gem that provides an easy yet powerful way to implement authorization policies in a system, relying on the composition of simple policies to create more complex ones.}
|
60
60
|
s.test_files = [
|
61
61
|
"spec/scenario.rb",
|
@@ -74,7 +74,7 @@ Gem::Specification.new do |s|
|
|
74
74
|
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
75
75
|
s.specification_version = 3
|
76
76
|
|
77
|
-
if Gem::Version.new(Gem::
|
77
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
78
78
|
s.add_development_dependency(%q<rspec>, [">= 0"])
|
79
79
|
s.add_development_dependency(%q<yard>, [">= 0"])
|
80
80
|
else
|
@@ -86,3 +86,4 @@ Gem::Specification.new do |s|
|
|
86
86
|
s.add_dependency(%q<yard>, [">= 0"])
|
87
87
|
end
|
88
88
|
end
|
89
|
+
|
metadata
CHANGED
@@ -1,7 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: walruz
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
4
|
+
hash: 9
|
5
|
+
prerelease: false
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 0
|
9
|
+
- 11
|
10
|
+
version: 0.0.11
|
5
11
|
platform: ruby
|
6
12
|
authors:
|
7
13
|
- Roman Gonzalez
|
@@ -9,29 +15,37 @@ autorequire:
|
|
9
15
|
bindir: bin
|
10
16
|
cert_chain: []
|
11
17
|
|
12
|
-
date: 2010-
|
18
|
+
date: 2010-11-15 00:00:00 -08:00
|
13
19
|
default_executable:
|
14
20
|
dependencies:
|
15
21
|
- !ruby/object:Gem::Dependency
|
16
22
|
name: rspec
|
17
|
-
|
18
|
-
|
19
|
-
|
23
|
+
prerelease: false
|
24
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
20
26
|
requirements:
|
21
27
|
- - ">="
|
22
28
|
- !ruby/object:Gem::Version
|
29
|
+
hash: 3
|
30
|
+
segments:
|
31
|
+
- 0
|
23
32
|
version: "0"
|
24
|
-
|
33
|
+
type: :development
|
34
|
+
version_requirements: *id001
|
25
35
|
- !ruby/object:Gem::Dependency
|
26
36
|
name: yard
|
27
|
-
|
28
|
-
|
29
|
-
|
37
|
+
prerelease: false
|
38
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
30
40
|
requirements:
|
31
41
|
- - ">="
|
32
42
|
- !ruby/object:Gem::Version
|
43
|
+
hash: 3
|
44
|
+
segments:
|
45
|
+
- 0
|
33
46
|
version: "0"
|
34
|
-
|
47
|
+
type: :development
|
48
|
+
version_requirements: *id002
|
35
49
|
description: "\n Walruz provides an easy to use DSL to do composition of basic authorization policies to create\n more complex ones, and then register this composed policies on actions performed to the model begin accessed\n "
|
36
50
|
email: roman@noomi.com
|
37
51
|
executables: []
|
@@ -81,21 +95,27 @@ rdoc_options:
|
|
81
95
|
require_paths:
|
82
96
|
- lib
|
83
97
|
required_ruby_version: !ruby/object:Gem::Requirement
|
98
|
+
none: false
|
84
99
|
requirements:
|
85
100
|
- - ">="
|
86
101
|
- !ruby/object:Gem::Version
|
102
|
+
hash: 3
|
103
|
+
segments:
|
104
|
+
- 0
|
87
105
|
version: "0"
|
88
|
-
version:
|
89
106
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
107
|
+
none: false
|
90
108
|
requirements:
|
91
109
|
- - ">="
|
92
110
|
- !ruby/object:Gem::Version
|
111
|
+
hash: 3
|
112
|
+
segments:
|
113
|
+
- 0
|
93
114
|
version: "0"
|
94
|
-
version:
|
95
115
|
requirements: []
|
96
116
|
|
97
117
|
rubyforge_project: walruz
|
98
|
-
rubygems_version: 1.3.
|
118
|
+
rubygems_version: 1.3.7
|
99
119
|
signing_key:
|
100
120
|
specification_version: 3
|
101
121
|
summary: Walruz is a gem that provides an easy yet powerful way to implement authorization policies in a system, relying on the composition of simple policies to create more complex ones.
|