yamled_acl 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +10 -0
- data/.rspec +3 -0
- data/Gemfile +2 -0
- data/Gemfile.lock +55 -0
- data/LICENSE +20 -0
- data/README.markdown +83 -0
- data/Rakefile +37 -0
- data/init.rb +1 -0
- data/lib/yamled_acl/controller_extension.rb +80 -0
- data/lib/yamled_acl/exceptions.rb +33 -0
- data/lib/yamled_acl/version.rb +4 -0
- data/lib/yamled_acl.rb +89 -0
- data/spec/example_files/example_permissions.yml +6 -0
- data/spec/example_files/example_permissions_2.yml +1 -0
- data/spec/plik +0 -0
- data/spec/spec_helper.rb +4 -0
- data/spec/yamled_acl/controller_extension_spec.rb +114 -0
- data/spec/yamled_acl_spec.rb +178 -0
- data/yamled_acl.gemspec +23 -0
- metadata +135 -0
data/.gitignore
ADDED
data/.rspec
ADDED
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,55 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
yamled_acl (0.2.0)
|
5
|
+
|
6
|
+
GEM
|
7
|
+
remote: http://rubygems.org/
|
8
|
+
specs:
|
9
|
+
abstract (1.0.0)
|
10
|
+
actionpack (3.0.1)
|
11
|
+
activemodel (= 3.0.1)
|
12
|
+
activesupport (= 3.0.1)
|
13
|
+
builder (~> 2.1.2)
|
14
|
+
erubis (~> 2.6.6)
|
15
|
+
i18n (~> 0.4.1)
|
16
|
+
rack (~> 1.2.1)
|
17
|
+
rack-mount (~> 0.6.12)
|
18
|
+
rack-test (~> 0.5.4)
|
19
|
+
tzinfo (~> 0.3.23)
|
20
|
+
activemodel (3.0.1)
|
21
|
+
activesupport (= 3.0.1)
|
22
|
+
builder (~> 2.1.2)
|
23
|
+
i18n (~> 0.4.1)
|
24
|
+
activesupport (3.0.1)
|
25
|
+
builder (2.1.2)
|
26
|
+
diff-lcs (1.1.2)
|
27
|
+
erubis (2.6.6)
|
28
|
+
abstract (>= 1.0.0)
|
29
|
+
i18n (0.4.2)
|
30
|
+
rack (1.2.1)
|
31
|
+
rack-mount (0.6.13)
|
32
|
+
rack (>= 1.0.0)
|
33
|
+
rack-test (0.5.6)
|
34
|
+
rack (>= 1.0)
|
35
|
+
rcov (0.9.9)
|
36
|
+
rspec (2.0.1)
|
37
|
+
rspec-core (~> 2.0.1)
|
38
|
+
rspec-expectations (~> 2.0.1)
|
39
|
+
rspec-mocks (~> 2.0.1)
|
40
|
+
rspec-core (2.0.1)
|
41
|
+
rspec-expectations (2.0.1)
|
42
|
+
diff-lcs (>= 1.1.2)
|
43
|
+
rspec-mocks (2.0.1)
|
44
|
+
rspec-core (~> 2.0.1)
|
45
|
+
rspec-expectations (~> 2.0.1)
|
46
|
+
tzinfo (0.3.23)
|
47
|
+
|
48
|
+
PLATFORMS
|
49
|
+
ruby
|
50
|
+
|
51
|
+
DEPENDENCIES
|
52
|
+
actionpack (~> 3.0)
|
53
|
+
rcov (~> 0.9)
|
54
|
+
rspec (~> 2.0)
|
55
|
+
yamled_acl!
|
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2010 Paweł Kubicki
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
of this software and associated documentation files (the "Software"), to deal
|
5
|
+
in the Software without restriction, including without limitation the rights
|
6
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
copies of the Software, and to permit persons to whom the Software is
|
8
|
+
furnished to do so, subject to the following conditions:
|
9
|
+
|
10
|
+
The above copyright notice and this permission notice shall be included in
|
11
|
+
all copies or substantial portions of the Software.
|
12
|
+
|
13
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
THE SOFTWARE.
|
20
|
+
|
data/README.markdown
ADDED
@@ -0,0 +1,83 @@
|
|
1
|
+
# yamled acl #
|
2
|
+
|
3
|
+
Simple authorization library for Ruby on Rails in which permissions are stored in YAML files. Provides porotection before unauthorized access to controller actions. Very simple to configure and use.
|
4
|
+
|
5
|
+
## Installation ##
|
6
|
+
|
7
|
+
Using gemfile
|
8
|
+
|
9
|
+
gem "yamled_acl"
|
10
|
+
|
11
|
+
or using gem command
|
12
|
+
|
13
|
+
gem install "yamled_acl"
|
14
|
+
|
15
|
+
or as a plugin
|
16
|
+
|
17
|
+
rails plugin install git://github.com/pkubicki/yamled_acl.git
|
18
|
+
|
19
|
+
## Configuration ##
|
20
|
+
|
21
|
+
YamledAcl provides following configuration options, you could set them through setup method:
|
22
|
+
|
23
|
+
* **files_with_permissions_path** - path to files with permissions, (default: "config/acl")
|
24
|
+
* **reload_permissions_on_each_request** - as name says, for Rails you may want to set Rails.env.development? (default: false)
|
25
|
+
* **groups** - allows to specify groups names, it's empty by default
|
26
|
+
* **guest_group_name** - allows to override default guest group name (default: "guest"), guest group name is added to groups table automatically
|
27
|
+
|
28
|
+
For Rails application the best place to store configuration is an initializer.
|
29
|
+
An example:
|
30
|
+
|
31
|
+
# config/initialzers/yamled_acl.rb:
|
32
|
+
|
33
|
+
YamledAcl.setup do |config|
|
34
|
+
config.files_with_permissions_path = 'config/acl'
|
35
|
+
config.reload_permissions_on_each_request = Rails.env.development?
|
36
|
+
config.groups = %w(admin member)
|
37
|
+
config.guest_group_name = 'guest'
|
38
|
+
end
|
39
|
+
|
40
|
+
In the ApplicationController you should add
|
41
|
+
|
42
|
+
before_filter :authorize
|
43
|
+
|
44
|
+
It assumes that there is already defined *current_user* method which returns logged user object. User object should respond to *group_name* method which should return name of current user group. If you want to override method name returning group name it could be done by current_user_group_method of the controller. Here is an example:
|
45
|
+
|
46
|
+
# app/controllers/application_controller.rb
|
47
|
+
|
48
|
+
class ApplicationController < ActionController::Base
|
49
|
+
current_user_group_method: group
|
50
|
+
before_filter :authorize
|
51
|
+
end
|
52
|
+
|
53
|
+
## Setting up permissions ##
|
54
|
+
|
55
|
+
Permissions are stored in yaml files. Each action of controller should have defined which groups are allowed to access it. It could be done by using one of the following options: allow_all, deny_all, group name or array of group names.
|
56
|
+
An example:
|
57
|
+
|
58
|
+
# config/acl/posts.yml
|
59
|
+
|
60
|
+
index: allow_all
|
61
|
+
show: allow_all
|
62
|
+
new: admin
|
63
|
+
create: admin
|
64
|
+
edit: [admin, member]
|
65
|
+
update: [admin, member]
|
66
|
+
destroy: deny_all
|
67
|
+
|
68
|
+
## Helper methods ##
|
69
|
+
|
70
|
+
Following methods may be used in controllers and views:
|
71
|
+
|
72
|
+
* **allowed_to?(action_name, controller_name)** - it takes two arguments action_name and controller_name but if the second one is not given currelntly processed controller name will be used
|
73
|
+
|
74
|
+
<% if allowed_to?(:update) %>
|
75
|
+
<%= link_to "Edit", edit_post_path(@post) %>
|
76
|
+
<% end %>
|
77
|
+
|
78
|
+
* **logged_in?** - returns true if there is a logged in user
|
79
|
+
|
80
|
+
## Copyright ##
|
81
|
+
|
82
|
+
Copyright © 2010 Paweł Kubicki. See LICENSE for details.
|
83
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rake/rdoctask'
|
3
|
+
|
4
|
+
desc 'Generate documentation for the yamled_acl plugin.'
|
5
|
+
Rake::RDocTask.new(:rdoc) do |rdoc|
|
6
|
+
rdoc.rdoc_dir = 'rdoc'
|
7
|
+
rdoc.title = 'YamledAcl'
|
8
|
+
rdoc.options << '--line-numbers' << '--inline-source'
|
9
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
10
|
+
end
|
11
|
+
|
12
|
+
require "rspec/core/rake_task"
|
13
|
+
RSpec::Core::RakeTask.new(:spec)
|
14
|
+
|
15
|
+
desc "Run specs with RCov"
|
16
|
+
RSpec::Core::RakeTask.new(:rcov) do |t|
|
17
|
+
t.rcov = true
|
18
|
+
t.rcov_opts = %q[--exclude "spec" --text-report]
|
19
|
+
end
|
20
|
+
|
21
|
+
desc "Build current version as a rubygem"
|
22
|
+
task :build do
|
23
|
+
`gem build yamled_acl.gemspec`
|
24
|
+
`mkdir -p pkg`
|
25
|
+
`mv yamled_acl-*.gem pkg/`
|
26
|
+
end
|
27
|
+
|
28
|
+
desc "Relase current version to rubygems.org"
|
29
|
+
task :release => :build do
|
30
|
+
`git tag -am "Version bump to #{YamledAcl::VERSION}" v#{YamledAcl::VERSION}`
|
31
|
+
`git push origin master`
|
32
|
+
`git push origin master --tags`
|
33
|
+
`gem push pkg/yamled_acl-#{YamledAcl::VERSION}.gem`
|
34
|
+
end
|
35
|
+
|
36
|
+
task :default => :spec
|
37
|
+
|
data/init.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require 'yamled_acl'
|
@@ -0,0 +1,80 @@
|
|
1
|
+
module YamledAcl
|
2
|
+
|
3
|
+
# Module included into controllers.
|
4
|
+
#
|
5
|
+
# A controller should have defined +current_user+ method. This method should
|
6
|
+
# respond to +group_name+ method which returns name of group that logged in
|
7
|
+
# user belongs to. Optionally name of this method could be changed using
|
8
|
+
# +current_user_group_method+.
|
9
|
+
module ControllerExtension
|
10
|
+
|
11
|
+
module ClassMethods
|
12
|
+
|
13
|
+
# Allow to override default name of +current_user+ object method which
|
14
|
+
# returns name of user group.
|
15
|
+
def current_user_group_method(method_name = nil)
|
16
|
+
if method_name
|
17
|
+
@current_user_group_method = method_name
|
18
|
+
else
|
19
|
+
@current_user_group_method or 'group_name'
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
end # ClassMethods
|
24
|
+
|
25
|
+
def self.included(base) # :nodoc:
|
26
|
+
base.extend ClassMethods
|
27
|
+
base.helper_method :allowed_to?, :logged_in?
|
28
|
+
end
|
29
|
+
|
30
|
+
protected
|
31
|
+
|
32
|
+
# Checks current user permission for specified action. It takes two
|
33
|
+
# arguments action_name and controller_name but if the second one is not
|
34
|
+
# given currelntly processed controller name will be used.
|
35
|
+
#
|
36
|
+
# In controllers:
|
37
|
+
#
|
38
|
+
# allowed_to?(:destroy)
|
39
|
+
#
|
40
|
+
# allowed_to?(:create, :posts)
|
41
|
+
#
|
42
|
+
# In views:
|
43
|
+
#
|
44
|
+
# <% if allowed_to?(:create) %>
|
45
|
+
# <%= link_to "New Post", new_post_path %>
|
46
|
+
# <% end %>
|
47
|
+
#
|
48
|
+
def allowed_to?(action, controller = nil)
|
49
|
+
YamledAcl.permission?(action, controller)
|
50
|
+
end
|
51
|
+
|
52
|
+
# This method should be be called by +before_filter+.
|
53
|
+
#
|
54
|
+
# before_filter :authorize
|
55
|
+
#
|
56
|
+
def authorize
|
57
|
+
YamledAcl.init(current_user_group_name, params[:controller])
|
58
|
+
allowed_to?(params[:action]) or raise(YamledAcl::AccessDenied)
|
59
|
+
end
|
60
|
+
|
61
|
+
# Returns true if there is a logged in user.
|
62
|
+
# It assumes that controller have +curent_user+ method defined.
|
63
|
+
def logged_in?
|
64
|
+
!!current_user
|
65
|
+
end
|
66
|
+
|
67
|
+
# Returns current user group name. Used by +authorize+.
|
68
|
+
def current_user_group_name
|
69
|
+
logged_in? ? current_user.send(self.class.current_user_group_method) : YamledAcl.guest_group_name
|
70
|
+
end
|
71
|
+
|
72
|
+
end # ControllerExtension
|
73
|
+
end # YamledAcl
|
74
|
+
|
75
|
+
if defined?(ActionController)
|
76
|
+
ActionController::Base.class_eval do
|
77
|
+
include YamledAcl::ControllerExtension
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
@@ -0,0 +1,33 @@
|
|
1
|
+
module YamledAcl
|
2
|
+
|
3
|
+
class Error < StandardError
|
4
|
+
def initialize(msg)
|
5
|
+
super(msg)
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
9
|
+
class UninitializedResource < Error
|
10
|
+
def initialize
|
11
|
+
super("Resource name hasn't been given!")
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
class UninitializedGroup < Error
|
16
|
+
def initialize
|
17
|
+
super("User group hasn't been initialized!")
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
class NotExistingGroup < Error
|
22
|
+
def initialize
|
23
|
+
super("Not existing group!")
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
class AccessDenied < Error
|
28
|
+
def initialize
|
29
|
+
super("You don't have permission to perform this action.")
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
end
|
data/lib/yamled_acl.rb
ADDED
@@ -0,0 +1,89 @@
|
|
1
|
+
require 'yamled_acl/exceptions'
|
2
|
+
require 'yamled_acl/controller_extension'
|
3
|
+
|
4
|
+
module YamledAcl
|
5
|
+
|
6
|
+
ALLOW_ALL = 'allow_all'
|
7
|
+
DENY_ALL = 'deny_all'
|
8
|
+
|
9
|
+
@lock = Mutex.new
|
10
|
+
|
11
|
+
class << self
|
12
|
+
attr_accessor :files_with_permissions_path
|
13
|
+
attr_accessor :reload_permissions_on_each_request
|
14
|
+
attr_accessor :groups
|
15
|
+
attr_accessor :guest_group_name
|
16
|
+
end
|
17
|
+
|
18
|
+
@actions_permissions = {}
|
19
|
+
@files_with_permissions_path = 'config/acl'
|
20
|
+
@reload_permissions_on_each_request = false
|
21
|
+
@groups = []
|
22
|
+
@guest_group_name = 'guest'
|
23
|
+
|
24
|
+
# Provides configuration options:
|
25
|
+
#
|
26
|
+
# YamledAcl.setup do |config|
|
27
|
+
# config.files_with_permissions_path = 'other/than/default/path'
|
28
|
+
# config.reload_permissions_on_each_request = Rails.env.development?
|
29
|
+
# config.groups = %w(admin member)
|
30
|
+
# config.guest_group_name = 'visitor'
|
31
|
+
# end
|
32
|
+
#
|
33
|
+
def self.setup
|
34
|
+
yield(self)
|
35
|
+
@groups << @guest_group_name
|
36
|
+
end
|
37
|
+
|
38
|
+
# Initializes ACL by giving logged user group name and currently processed
|
39
|
+
# resource name.
|
40
|
+
def self.init(group_name, resource_name)
|
41
|
+
init_resource(resource_name)
|
42
|
+
init_group(group_name)
|
43
|
+
load_action_permissions_for(Thread.current[:yamled_acl_resource_name])
|
44
|
+
end
|
45
|
+
|
46
|
+
# Method used for checking permissions. Optional resource name may be
|
47
|
+
# specified to check permission for other resource than curently processed.
|
48
|
+
def self.permission?(action, resource = nil)
|
49
|
+
Thread.current.key?(:yamled_acl_group) or raise(UninitializedGroup)
|
50
|
+
if resource.nil?
|
51
|
+
check(@actions_permissions[Thread.current[:yamled_acl_resource_name]][action.to_s])
|
52
|
+
else
|
53
|
+
load_action_permissions_for(resource)
|
54
|
+
check(@actions_permissions[resource.to_s][action.to_s])
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
private
|
59
|
+
|
60
|
+
def self.load_action_permissions_for(resource)
|
61
|
+
@lock.synchronize do
|
62
|
+
if @actions_permissions[resource.to_s].nil? || reload_permissions_on_each_request
|
63
|
+
File.open("#{files_with_permissions_path}/#{resource.to_s}.yml", File::RDONLY) do |file|
|
64
|
+
@actions_permissions[resource.to_s] = YAML::load(file)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
def self.check(permission)
|
71
|
+
return false unless permission
|
72
|
+
return false if permission == DENY_ALL
|
73
|
+
return true if permission == ALLOW_ALL
|
74
|
+
permission.include?(Thread.current[:yamled_acl_group])
|
75
|
+
end
|
76
|
+
|
77
|
+
def self.init_resource(resource_name)
|
78
|
+
resource_name or raise(UninitializedResource)
|
79
|
+
Thread.current[:yamled_acl_resource_name] = resource_name.to_s
|
80
|
+
end
|
81
|
+
|
82
|
+
def self.init_group(group_name)
|
83
|
+
group_name or raise(UninitializedGroup)
|
84
|
+
@groups.include?(group_name.to_s) or raise(NotExistingGroup)
|
85
|
+
Thread.current[:yamled_acl_group] = group_name.to_s
|
86
|
+
end
|
87
|
+
|
88
|
+
end
|
89
|
+
|
@@ -0,0 +1 @@
|
|
1
|
+
anyone_allowed_action_2: allow_all
|
data/spec/plik
ADDED
File without changes
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,114 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'yamled_acl/exceptions'
|
3
|
+
require 'yamled_acl/controller_extension'
|
4
|
+
|
5
|
+
describe YamledAcl::ControllerExtension do
|
6
|
+
|
7
|
+
describe "instantinated controller" do
|
8
|
+
|
9
|
+
before(:all) do
|
10
|
+
@controller_class = Class.new(ActionController::Base)
|
11
|
+
@controller_class.current_user_group_method(:group)
|
12
|
+
@controller = @controller_class.new
|
13
|
+
end
|
14
|
+
|
15
|
+
it "responds to #authorize" do
|
16
|
+
@controller.should respond_to(:authorize)
|
17
|
+
end
|
18
|
+
|
19
|
+
it "responds to #logged_in?" do
|
20
|
+
@controller.should respond_to(:logged_in?)
|
21
|
+
end
|
22
|
+
|
23
|
+
it "responds to #current_user_group_name" do
|
24
|
+
@controller.should respond_to(:current_user_group_name)
|
25
|
+
end
|
26
|
+
|
27
|
+
context "given logged in user with admin group" do
|
28
|
+
|
29
|
+
before(:each) do
|
30
|
+
admin_user = mock(:group => 'admin')
|
31
|
+
@controller.stub(:current_user).and_return(admin_user)
|
32
|
+
YamledAcl.stub(:init)
|
33
|
+
YamledAcl.stub(:permission?) do |action_name, controller_name|
|
34
|
+
case action_name
|
35
|
+
when 'admin_allowed_action'
|
36
|
+
true
|
37
|
+
when 'admin_not_allowed_action'
|
38
|
+
false
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
describe "#current_user_group_name" do
|
44
|
+
|
45
|
+
it "returns 'admin'" do
|
46
|
+
@controller.send(:current_user_group_name).should == 'admin'
|
47
|
+
end
|
48
|
+
|
49
|
+
end # #current_user_group_name
|
50
|
+
|
51
|
+
context "when trying to perform action with granted access" do
|
52
|
+
|
53
|
+
before(:each) do
|
54
|
+
@controller.stub(:params).and_return({:action => "admin_allowed_action"})
|
55
|
+
end
|
56
|
+
|
57
|
+
describe "#authorize" do
|
58
|
+
|
59
|
+
it "doesn't raise any error" do
|
60
|
+
expect{@controller.send(:authorize)}.to_not raise_error
|
61
|
+
end
|
62
|
+
|
63
|
+
it "returns true" do
|
64
|
+
@controller.send(:authorize).should == true
|
65
|
+
end
|
66
|
+
|
67
|
+
end # #authorize
|
68
|
+
|
69
|
+
end # when trying to perform action with granted access
|
70
|
+
|
71
|
+
context "when trying to perform action without granted access" do
|
72
|
+
|
73
|
+
before(:each) do
|
74
|
+
@controller.stub(:params) do
|
75
|
+
{
|
76
|
+
:action => "admin_not_allowed_action",
|
77
|
+
:controller => 'any_controller'
|
78
|
+
}
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
describe "#authorize" do
|
83
|
+
|
84
|
+
it "raises YamledAcl::AccessDenied" do
|
85
|
+
expect{@controller.send(:authorize)}.to raise_error(YamledAcl::AccessDenied)
|
86
|
+
end
|
87
|
+
|
88
|
+
end # #authorize
|
89
|
+
|
90
|
+
end # when trying to perform action without granted access
|
91
|
+
|
92
|
+
end # when there is logged in user with admin group
|
93
|
+
|
94
|
+
context "given no logged in user" do
|
95
|
+
|
96
|
+
before(:each) do
|
97
|
+
@controller.stub(:current_user).and_return(nil)
|
98
|
+
YamledAcl.stub(:guest_group_name).and_return('guest')
|
99
|
+
end
|
100
|
+
|
101
|
+
describe "current_user_group_name" do
|
102
|
+
|
103
|
+
it "returns 'guest'" do
|
104
|
+
@controller.send(:current_user_group_name).should == YamledAcl.guest_group_name
|
105
|
+
end
|
106
|
+
|
107
|
+
end # current_user_group_name
|
108
|
+
|
109
|
+
end # given no logged in user
|
110
|
+
|
111
|
+
end # whem controller instantinated
|
112
|
+
|
113
|
+
end # YamledAcl::ControllerExtension
|
114
|
+
|
@@ -0,0 +1,178 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'yamled_acl'
|
3
|
+
|
4
|
+
describe YamledAcl do
|
5
|
+
|
6
|
+
context "when setup not invoked before" do
|
7
|
+
|
8
|
+
describe ".permission?" do
|
9
|
+
|
10
|
+
context "when resource name not given" do
|
11
|
+
|
12
|
+
it "raises UninitializedGroup" do
|
13
|
+
expect{YamledAcl.permission?(:foo)}.to raise_error(YamledAcl::UninitializedGroup)
|
14
|
+
end
|
15
|
+
|
16
|
+
end # when resource name not given
|
17
|
+
|
18
|
+
context "when resource name given" do
|
19
|
+
|
20
|
+
it "raises UninitializedGroup" do
|
21
|
+
expect{YamledAcl.permission?(:foo, :bar)}.to raise_error(YamledAcl::UninitializedGroup)
|
22
|
+
end
|
23
|
+
|
24
|
+
end # when resource name given
|
25
|
+
|
26
|
+
end # .permission
|
27
|
+
|
28
|
+
end # when setup not invoked before
|
29
|
+
|
30
|
+
context "when setup invoked before" do
|
31
|
+
before(:all) do
|
32
|
+
YamledAcl.setup do |config|
|
33
|
+
config.files_with_permissions_path = File.expand_path('../example_files', __FILE__)
|
34
|
+
config.reload_permissions_on_each_request = true
|
35
|
+
config.groups = %w(admin member guest)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
describe ".init" do
|
40
|
+
|
41
|
+
context "when not existing user group given" do
|
42
|
+
|
43
|
+
it "raises NotExistingGroup" do
|
44
|
+
expect{YamledAcl.init(:not_existion_group, :example_permissions)}.to raise_error(YamledAcl::NotExistingGroup)
|
45
|
+
end
|
46
|
+
|
47
|
+
end # when not existing user group given
|
48
|
+
|
49
|
+
context "when given resource name is a nil" do
|
50
|
+
|
51
|
+
it "raises UninitializedResource" do
|
52
|
+
expect{YamledAcl.init(:not_existion_group, nil)}.to raise_error(YamledAcl::UninitializedResource)
|
53
|
+
end
|
54
|
+
|
55
|
+
end # when given resource name is a nil
|
56
|
+
|
57
|
+
end # .init
|
58
|
+
|
59
|
+
describe ".permission?" do
|
60
|
+
|
61
|
+
context "when given group is a guest" do
|
62
|
+
|
63
|
+
before do
|
64
|
+
YamledAcl.init(:guest, :example_permissions)
|
65
|
+
end
|
66
|
+
|
67
|
+
context "when using resource name specified by a second parameter" do
|
68
|
+
|
69
|
+
it "allows for access to anyone_allowed_action" do
|
70
|
+
YamledAcl.permission?(:anyone_allowed_action_2, :example_permissions_2).should be_true
|
71
|
+
end
|
72
|
+
|
73
|
+
end # when using resource name specified by a second parameter
|
74
|
+
|
75
|
+
context "when using resource name specified with .init method" do
|
76
|
+
|
77
|
+
it "allows for access to anyone_allowed_action" do
|
78
|
+
YamledAcl.permission?(:anyone_allowed_action).should be_true
|
79
|
+
end
|
80
|
+
|
81
|
+
it "denies for access to admin_allowed_action" do
|
82
|
+
YamledAcl.permission?(:admin_allowed_action).should be_false
|
83
|
+
end
|
84
|
+
|
85
|
+
it "denies for access to member_allowed_action" do
|
86
|
+
YamledAcl.permission?(:member_allowed_action).should be_false
|
87
|
+
end
|
88
|
+
|
89
|
+
it "denies for access to admin_and_member_allowed_action" do
|
90
|
+
YamledAcl.permission?(:admin_and_member_allowed_action).should be_false
|
91
|
+
end
|
92
|
+
|
93
|
+
it "denies for access to not_existing_action" do
|
94
|
+
YamledAcl.permission?(:not_existing_action).should be_false
|
95
|
+
end
|
96
|
+
|
97
|
+
it "denies for access to no_one_allowed_action" do
|
98
|
+
YamledAcl.permission?(:no_one_allowed_action).should be_false
|
99
|
+
end
|
100
|
+
|
101
|
+
it "denies for access to not_existing_action" do
|
102
|
+
YamledAcl.permission?(:not_existing_action).should be_false
|
103
|
+
end
|
104
|
+
|
105
|
+
end # without resource name parameter given
|
106
|
+
|
107
|
+
end # when given group is a guest
|
108
|
+
|
109
|
+
context "when given group is an admin" do
|
110
|
+
|
111
|
+
before do
|
112
|
+
YamledAcl.init(:admin, :example_permissions)
|
113
|
+
end
|
114
|
+
|
115
|
+
it "allows for access to anyone_allowed_action" do
|
116
|
+
YamledAcl.permission?(:anyone_allowed_action).should be_true
|
117
|
+
end
|
118
|
+
|
119
|
+
it "allows for access to admin_allowed_action" do
|
120
|
+
YamledAcl.permission?(:admin_allowed_action).should be_true
|
121
|
+
end
|
122
|
+
|
123
|
+
it "denies for access to member_allowed_action" do
|
124
|
+
YamledAcl.permission?(:member_allowed_action).should be_false
|
125
|
+
end
|
126
|
+
|
127
|
+
it "allows for access to admin_and_member_allowed_action" do
|
128
|
+
YamledAcl.permission?(:admin_and_member_allowed_action).should be_true
|
129
|
+
end
|
130
|
+
|
131
|
+
it "denies for access to no_one_allowed_action" do
|
132
|
+
YamledAcl.permission?(:no_one_allowed_action).should be_false
|
133
|
+
end
|
134
|
+
|
135
|
+
it "denies for access to not_existing_action" do
|
136
|
+
YamledAcl.permission?(:not_existing_action).should be_false
|
137
|
+
end
|
138
|
+
|
139
|
+
end # when given group is an admin
|
140
|
+
|
141
|
+
context "when given group is a member" do
|
142
|
+
|
143
|
+
before do
|
144
|
+
YamledAcl.init(:member, :example_permissions)
|
145
|
+
end
|
146
|
+
|
147
|
+
it "allows for access to anyone_allowed_action" do
|
148
|
+
YamledAcl.permission?(:anyone_allowed_action).should be_true
|
149
|
+
end
|
150
|
+
|
151
|
+
it "denies for access to admin_allowed_action" do
|
152
|
+
YamledAcl.permission?(:admin_allowed_action).should be_false
|
153
|
+
end
|
154
|
+
|
155
|
+
it "allows for access to member_allowed_action" do
|
156
|
+
YamledAcl.permission?(:member_allowed_action).should be_true
|
157
|
+
end
|
158
|
+
|
159
|
+
it "allows for access to admin_and_member_allowed_action" do
|
160
|
+
YamledAcl.permission?(:admin_and_member_allowed_action).should be_true
|
161
|
+
end
|
162
|
+
|
163
|
+
it "denies for access to no_one_allowed_action" do
|
164
|
+
YamledAcl.permission?(:no_one_allowed_action).should be_false
|
165
|
+
end
|
166
|
+
|
167
|
+
it "denies for access to not_existing_action" do
|
168
|
+
YamledAcl.permission?(:not_existing_action).should be_false
|
169
|
+
end
|
170
|
+
|
171
|
+
end # when given group is a member
|
172
|
+
|
173
|
+
end # .permission?
|
174
|
+
|
175
|
+
end # when setup invoked before
|
176
|
+
|
177
|
+
end # YamledAcl
|
178
|
+
|
data/yamled_acl.gemspec
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
$:.push File.expand_path("../lib", __FILE__)
|
3
|
+
require "yamled_acl/version"
|
4
|
+
|
5
|
+
Gem::Specification.new do |s|
|
6
|
+
s.name = "yamled_acl"
|
7
|
+
s.version = YamledAcl::VERSION
|
8
|
+
s.platform = Gem::Platform::RUBY
|
9
|
+
s.authors = ["Paweł Kubicki"]
|
10
|
+
s.email = ["pawel.kubicki@gmail.com"]
|
11
|
+
s.homepage = "http://github.com/pkubicki/yamled_acl"
|
12
|
+
s.summary = "Simple authorization library for Ruby on Rails."
|
13
|
+
s.description = "Simple authorization library for Ruby on Rails in which permissions are stored in YAML files."
|
14
|
+
|
15
|
+
s.add_development_dependency "rspec", "~> 2.0"
|
16
|
+
s.add_development_dependency "actionpack", "~> 3.0"
|
17
|
+
s.add_development_dependency "rcov", "~> 0.9"
|
18
|
+
|
19
|
+
s.files = `git ls-files`.split("\n")
|
20
|
+
s.test_files = `git ls-files -- spec/*`.split("\n")
|
21
|
+
s.require_paths = ["lib"]
|
22
|
+
end
|
23
|
+
|
metadata
ADDED
@@ -0,0 +1,135 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: yamled_acl
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 23
|
5
|
+
prerelease: false
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 2
|
9
|
+
- 0
|
10
|
+
version: 0.2.0
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- "Pawe\xC5\x82 Kubicki"
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2010-11-10 00:00:00 +01:00
|
19
|
+
default_executable:
|
20
|
+
dependencies:
|
21
|
+
- !ruby/object:Gem::Dependency
|
22
|
+
name: rspec
|
23
|
+
prerelease: false
|
24
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ~>
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
hash: 3
|
30
|
+
segments:
|
31
|
+
- 2
|
32
|
+
- 0
|
33
|
+
version: "2.0"
|
34
|
+
type: :development
|
35
|
+
version_requirements: *id001
|
36
|
+
- !ruby/object:Gem::Dependency
|
37
|
+
name: actionpack
|
38
|
+
prerelease: false
|
39
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
40
|
+
none: false
|
41
|
+
requirements:
|
42
|
+
- - ~>
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
hash: 7
|
45
|
+
segments:
|
46
|
+
- 3
|
47
|
+
- 0
|
48
|
+
version: "3.0"
|
49
|
+
type: :development
|
50
|
+
version_requirements: *id002
|
51
|
+
- !ruby/object:Gem::Dependency
|
52
|
+
name: rcov
|
53
|
+
prerelease: false
|
54
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
55
|
+
none: false
|
56
|
+
requirements:
|
57
|
+
- - ~>
|
58
|
+
- !ruby/object:Gem::Version
|
59
|
+
hash: 25
|
60
|
+
segments:
|
61
|
+
- 0
|
62
|
+
- 9
|
63
|
+
version: "0.9"
|
64
|
+
type: :development
|
65
|
+
version_requirements: *id003
|
66
|
+
description: Simple authorization library for Ruby on Rails in which permissions are stored in YAML files.
|
67
|
+
email:
|
68
|
+
- pawel.kubicki@gmail.com
|
69
|
+
executables: []
|
70
|
+
|
71
|
+
extensions: []
|
72
|
+
|
73
|
+
extra_rdoc_files: []
|
74
|
+
|
75
|
+
files:
|
76
|
+
- .gitignore
|
77
|
+
- .rspec
|
78
|
+
- Gemfile
|
79
|
+
- Gemfile.lock
|
80
|
+
- LICENSE
|
81
|
+
- README.markdown
|
82
|
+
- Rakefile
|
83
|
+
- init.rb
|
84
|
+
- lib/yamled_acl.rb
|
85
|
+
- lib/yamled_acl/controller_extension.rb
|
86
|
+
- lib/yamled_acl/exceptions.rb
|
87
|
+
- lib/yamled_acl/version.rb
|
88
|
+
- spec/example_files/example_permissions.yml
|
89
|
+
- spec/example_files/example_permissions_2.yml
|
90
|
+
- spec/plik
|
91
|
+
- spec/spec_helper.rb
|
92
|
+
- spec/yamled_acl/controller_extension_spec.rb
|
93
|
+
- spec/yamled_acl_spec.rb
|
94
|
+
- yamled_acl.gemspec
|
95
|
+
has_rdoc: true
|
96
|
+
homepage: http://github.com/pkubicki/yamled_acl
|
97
|
+
licenses: []
|
98
|
+
|
99
|
+
post_install_message:
|
100
|
+
rdoc_options: []
|
101
|
+
|
102
|
+
require_paths:
|
103
|
+
- lib
|
104
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
105
|
+
none: false
|
106
|
+
requirements:
|
107
|
+
- - ">="
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
hash: 3
|
110
|
+
segments:
|
111
|
+
- 0
|
112
|
+
version: "0"
|
113
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
114
|
+
none: false
|
115
|
+
requirements:
|
116
|
+
- - ">="
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
hash: 3
|
119
|
+
segments:
|
120
|
+
- 0
|
121
|
+
version: "0"
|
122
|
+
requirements: []
|
123
|
+
|
124
|
+
rubyforge_project:
|
125
|
+
rubygems_version: 1.3.7
|
126
|
+
signing_key:
|
127
|
+
specification_version: 3
|
128
|
+
summary: Simple authorization library for Ruby on Rails.
|
129
|
+
test_files:
|
130
|
+
- spec/example_files/example_permissions.yml
|
131
|
+
- spec/example_files/example_permissions_2.yml
|
132
|
+
- spec/plik
|
133
|
+
- spec/spec_helper.rb
|
134
|
+
- spec/yamled_acl/controller_extension_spec.rb
|
135
|
+
- spec/yamled_acl_spec.rb
|