walruz 0.0.12 → 0.0.13
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +6 -0
- data/VERSION.yml +1 -1
- data/lib/walruz/actor.rb +4 -0
- data/lib/walruz/manager.rb +31 -11
- data/spec/scenario.rb +1 -0
- data/spec/walruz/manager_spec.rb +33 -0
- data/walruz.gemspec +2 -2
- metadata +4 -4
data/CHANGELOG
CHANGED
|
@@ -1,3 +1,9 @@
|
|
|
1
|
+
* 0.0.13 (Jul 21, 2011)
|
|
2
|
+
* Adding a new method to the Walruz::Manager class: satisfies!, same behaviour
|
|
3
|
+
than satisfies, but raises a Walruz::NotAuthorized error if the actor and
|
|
4
|
+
subject can't satisfy the policy
|
|
5
|
+
|
|
6
|
+
|
|
1
7
|
* 0.0.10 (Aug 26, 2009) Walruz wanted to be an actor too...
|
|
2
8
|
* Fixed bug related to Walruz::NotAuthorized info, the actor was Walruz
|
|
3
9
|
instead of the current actor, when the authorization was being called from
|
data/VERSION.yml
CHANGED
data/lib/walruz/actor.rb
CHANGED
|
@@ -105,6 +105,10 @@ module Walruz
|
|
|
105
105
|
def satisfies(policy_label, subject)
|
|
106
106
|
super(self, policy_label, subject)
|
|
107
107
|
end
|
|
108
|
+
|
|
109
|
+
def satisfies!(policy_label, subject)
|
|
110
|
+
super(self, policy_label, subject)
|
|
111
|
+
end
|
|
108
112
|
|
|
109
113
|
walruz_memoize :can?, :authorize, :satisfies?, :satisfies
|
|
110
114
|
|
data/lib/walruz/manager.rb
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
module Walruz
|
|
1
|
+
module Walruz
|
|
2
2
|
|
|
3
3
|
# The objective of this class is to start the invocation
|
|
4
4
|
# of the authorization process, the methods of this class are used
|
|
@@ -24,20 +24,40 @@ module Walruz
|
|
|
24
24
|
end
|
|
25
25
|
|
|
26
26
|
def authorize(actor, action, subject)
|
|
27
|
-
result = Walruz::Manager.check_action_authorization(actor,
|
|
27
|
+
result = Walruz::Manager.check_action_authorization(actor,
|
|
28
|
+
action,
|
|
29
|
+
subject)
|
|
28
30
|
result[0] ? result[1] : nil
|
|
29
31
|
end
|
|
30
32
|
|
|
31
33
|
def satisfies?(actor, policy_label, subject)
|
|
32
|
-
result = Walruz::Manager.check_policy_authorization(actor,
|
|
34
|
+
result = Walruz::Manager.check_policy_authorization(actor,
|
|
35
|
+
policy_label,
|
|
36
|
+
subject)
|
|
33
37
|
result[0]
|
|
34
38
|
end
|
|
35
39
|
|
|
36
40
|
def satisfies(actor, policy_label, subject)
|
|
37
|
-
result = Walruz::Manager.check_policy_authorization(actor,
|
|
41
|
+
result = Walruz::Manager.check_policy_authorization(actor,
|
|
42
|
+
policy_label,
|
|
43
|
+
subject)
|
|
38
44
|
result[0] ? result[1] : nil
|
|
39
45
|
end
|
|
40
46
|
|
|
47
|
+
def satisfies!(actor, policy_label, subject)
|
|
48
|
+
result = Walruz::Manager.check_policy_authorization(actor,
|
|
49
|
+
policy_label,
|
|
50
|
+
subject)
|
|
51
|
+
if result[0]
|
|
52
|
+
result[1]
|
|
53
|
+
else
|
|
54
|
+
response_params = result[1]
|
|
55
|
+
error_message = response_params[:error_message] ||
|
|
56
|
+
"You are not authorized to access this content"
|
|
57
|
+
raise NotAuthorized.new(actor, subject, :access, error_message)
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
41
61
|
end
|
|
42
62
|
|
|
43
63
|
|
|
@@ -52,14 +72,14 @@ module Walruz
|
|
|
52
72
|
action = if subject.class._walruz_policies.key?(:default)
|
|
53
73
|
subject.class._walruz_policies.key?(action) ? action : :default
|
|
54
74
|
else
|
|
55
|
-
if subject.class._walruz_policies.key?(action)
|
|
75
|
+
if subject.class._walruz_policies.key?(action)
|
|
56
76
|
action
|
|
57
|
-
else
|
|
58
|
-
raise ActionNotFound.new(:subject_action, :subject => subject,
|
|
77
|
+
else
|
|
78
|
+
raise ActionNotFound.new(:subject_action, :subject => subject,
|
|
59
79
|
:action => action)
|
|
60
80
|
end
|
|
61
81
|
end
|
|
62
|
-
|
|
82
|
+
|
|
63
83
|
begin
|
|
64
84
|
result = subject.class._walruz_policies[action].
|
|
65
85
|
return_policy.
|
|
@@ -74,19 +94,19 @@ module Walruz
|
|
|
74
94
|
|
|
75
95
|
def self.check_policy_authorization(actor, policy_label, subject)
|
|
76
96
|
policy_clz = Walruz.fetch_policy(policy_label)
|
|
77
|
-
|
|
97
|
+
|
|
78
98
|
begin
|
|
79
99
|
result = policy_clz.return_policy.new.safe_authorized?(actor, subject)
|
|
80
100
|
rescue PolicyHalted => e
|
|
81
101
|
result = [false, { :error_message => e.message }]
|
|
82
102
|
end
|
|
83
103
|
|
|
84
|
-
result
|
|
104
|
+
result
|
|
85
105
|
end
|
|
86
106
|
|
|
87
107
|
private
|
|
88
108
|
|
|
89
|
-
def self.check_action_authorization_is_declared_on_subject(subject, action)
|
|
109
|
+
def self.check_action_authorization_is_declared_on_subject(subject, action)
|
|
90
110
|
if subject.class._walruz_policies.nil?
|
|
91
111
|
message =<<-BEGIN
|
|
92
112
|
You need to invoke `check_authorizations :#{action} => Policies::SomePolicy` on the #{subject.class.name} class
|
data/spec/scenario.rb
CHANGED
data/spec/walruz/manager_spec.rb
CHANGED
|
@@ -48,7 +48,40 @@ describe Walruz::Manager do
|
|
|
48
48
|
|
|
49
49
|
end
|
|
50
50
|
|
|
51
|
+
describe "when executing the satisfies! method" do
|
|
52
|
+
|
|
53
|
+
describe "and the actor and subject satisfy the policy" do
|
|
54
|
+
|
|
55
|
+
it "should return the policy hash" do
|
|
56
|
+
policy_params = Walruz.satisfies!(Beatle::RINGO, :subject_is_actor, Beatle::RINGO)
|
|
57
|
+
policy_params.should_not be_nil
|
|
58
|
+
policy_params[:subject_is_actor?].should be_true
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
describe "and the actor and subject can't satisfy the policy" do
|
|
64
|
+
|
|
65
|
+
it "should raise a Walruz::NotAuthorized exception" do
|
|
66
|
+
lambda do
|
|
67
|
+
Walruz.satisfies!(Beatle::RINGO, :subject_is_actor, Beatle::JOHN)
|
|
68
|
+
end.should raise_error(Walruz::NotAuthorized)
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
it "should raise a Walruz::NotAuthorized exception with info about the actor, subject and access action" do
|
|
72
|
+
begin
|
|
73
|
+
Walruz.satisfies!(Beatle::RINGO, :subject_is_actor, Beatle::JOHN)
|
|
74
|
+
rescue Walruz::NotAuthorized => e
|
|
75
|
+
e.actor.should == Beatle::RINGO
|
|
76
|
+
e.subject.should == Beatle::JOHN
|
|
77
|
+
e.action.should == :access
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
end
|
|
82
|
+
|
|
51
83
|
end
|
|
52
84
|
|
|
85
|
+
end
|
|
53
86
|
|
|
54
87
|
end
|
data/walruz.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{walruz}
|
|
8
|
-
s.version = "0.0.
|
|
8
|
+
s.version = "0.0.13"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Roman Gonzalez"]
|
|
12
|
-
s.date = %q{2011-07-
|
|
12
|
+
s.date = %q{2011-07-21}
|
|
13
13
|
s.description = %q{
|
|
14
14
|
Walruz provides an easy to use DSL to do composition of basic
|
|
15
15
|
authorization policies to create more complex ones, and then register
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: walruz
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 5
|
|
5
5
|
prerelease:
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 0.0.
|
|
9
|
+
- 13
|
|
10
|
+
version: 0.0.13
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Roman Gonzalez
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-07-
|
|
18
|
+
date: 2011-07-21 00:00:00 -07:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|