zeiv-declarative_authorization 1.0.0.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG +189 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +632 -0
- data/Rakefile +53 -0
- data/app/controllers/authorization_rules_controller.rb +258 -0
- data/app/controllers/authorization_usages_controller.rb +22 -0
- data/app/helpers/authorization_rules_helper.rb +218 -0
- data/app/views/authorization_rules/_change.erb +58 -0
- data/app/views/authorization_rules/_show_graph.erb +44 -0
- data/app/views/authorization_rules/_suggestions.erb +48 -0
- data/app/views/authorization_rules/change.html.erb +169 -0
- data/app/views/authorization_rules/graph.dot.erb +68 -0
- data/app/views/authorization_rules/graph.html.erb +47 -0
- data/app/views/authorization_rules/index.html.erb +17 -0
- data/app/views/authorization_usages/index.html.erb +36 -0
- data/authorization_rules.dist.rb +20 -0
- data/config/routes.rb +20 -0
- data/garlic_example.rb +20 -0
- data/init.rb +5 -0
- data/lib/declarative_authorization.rb +19 -0
- data/lib/declarative_authorization/adapters/active_record.rb +13 -0
- data/lib/declarative_authorization/adapters/active_record/base_extensions.rb +0 -0
- data/lib/declarative_authorization/adapters/active_record/obligation_scope_builder.rb +0 -0
- data/lib/declarative_authorization/authorization.rb +798 -0
- data/lib/declarative_authorization/development_support/analyzer.rb +261 -0
- data/lib/declarative_authorization/development_support/change_analyzer.rb +253 -0
- data/lib/declarative_authorization/development_support/change_supporter.rb +620 -0
- data/lib/declarative_authorization/development_support/development_support.rb +243 -0
- data/lib/declarative_authorization/helper.rb +68 -0
- data/lib/declarative_authorization/in_controller.rb +703 -0
- data/lib/declarative_authorization/in_model.rb +188 -0
- data/lib/declarative_authorization/maintenance.rb +210 -0
- data/lib/declarative_authorization/obligation_scope.rb +361 -0
- data/lib/declarative_authorization/rails_legacy.rb +22 -0
- data/lib/declarative_authorization/railsengine.rb +6 -0
- data/lib/declarative_authorization/reader.rb +546 -0
- data/lib/generators/authorization/install/install_generator.rb +77 -0
- data/lib/generators/authorization/rules/rules_generator.rb +14 -0
- data/lib/generators/authorization/rules/templates/authorization_rules.rb +27 -0
- data/lib/tasks/authorization_tasks.rake +89 -0
- data/test/authorization_test.rb +1124 -0
- data/test/controller_filter_resource_access_test.rb +575 -0
- data/test/controller_test.rb +480 -0
- data/test/database.yml +3 -0
- data/test/dsl_reader_test.rb +178 -0
- data/test/helper_test.rb +247 -0
- data/test/maintenance_test.rb +46 -0
- data/test/model_test.rb +2008 -0
- data/test/schema.sql +56 -0
- data/test/test_helper.rb +255 -0
- metadata +95 -0
data/test/schema.sql
ADDED
@@ -0,0 +1,56 @@
|
|
1
|
+
CREATE TABLE 'test_models' (
|
2
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
3
|
+
'test_attr_through_id' INTEGER,
|
4
|
+
'content' text,
|
5
|
+
'country_id' integer,
|
6
|
+
'created_at' datetime,
|
7
|
+
'updated_at' datetime
|
8
|
+
);
|
9
|
+
|
10
|
+
CREATE TABLE 'test_attrs' (
|
11
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
12
|
+
'test_model_id' integer,
|
13
|
+
'test_another_model_id' integer,
|
14
|
+
'test_a_third_model_id' integer,
|
15
|
+
'branch_id' integer,
|
16
|
+
'company_id' integer,
|
17
|
+
'test_attr_through_id' INTEGER,
|
18
|
+
'n_way_join_item_id' INTEGER,
|
19
|
+
'test_model_security_model_id' integer,
|
20
|
+
'attr' integer default 1
|
21
|
+
);
|
22
|
+
|
23
|
+
CREATE TABLE 'test_attr_throughs' (
|
24
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
25
|
+
'test_attr_id' integer
|
26
|
+
);
|
27
|
+
|
28
|
+
CREATE TABLE 'test_model_security_models' (
|
29
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
30
|
+
'attr' integer default 1,
|
31
|
+
'attr_2' integer default 1,
|
32
|
+
'test_attr_id' integer
|
33
|
+
);
|
34
|
+
|
35
|
+
CREATE TABLE 'n_way_join_items' (
|
36
|
+
'id' INTEGER PRIMARY KEY NOT NULL
|
37
|
+
);
|
38
|
+
|
39
|
+
CREATE TABLE 'branches' (
|
40
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
41
|
+
'company_id' integer,
|
42
|
+
'test_model_id' integer,
|
43
|
+
'name' text
|
44
|
+
);
|
45
|
+
|
46
|
+
CREATE TABLE 'companies' (
|
47
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
48
|
+
'country_id' integer,
|
49
|
+
'type' text,
|
50
|
+
'name' text
|
51
|
+
);
|
52
|
+
|
53
|
+
CREATE TABLE 'countries' (
|
54
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
55
|
+
'name' text
|
56
|
+
);
|
data/test/test_helper.rb
ADDED
@@ -0,0 +1,255 @@
|
|
1
|
+
require 'pathname'
|
2
|
+
|
3
|
+
ENV['RAILS_ENV'] = 'test'
|
4
|
+
|
5
|
+
require 'bundler/setup'
|
6
|
+
begin
|
7
|
+
# rails 3
|
8
|
+
require 'rails/all'
|
9
|
+
rescue LoadError
|
10
|
+
# rails 2.3
|
11
|
+
%w(action_pack action_controller active_record active_support initializer).each {|f| require f}
|
12
|
+
end
|
13
|
+
Bundler.require
|
14
|
+
|
15
|
+
if Rails.version >= '4.1'
|
16
|
+
require 'minitest/autorun'
|
17
|
+
require 'test_support/minitest_compatibility'
|
18
|
+
else
|
19
|
+
require 'test/unit'
|
20
|
+
end
|
21
|
+
|
22
|
+
# rails 2.3 and ruby 1.9.3 fix
|
23
|
+
MissingSourceFile::REGEXPS.push([/^cannot load such file -- (.+)$/i, 1])
|
24
|
+
|
25
|
+
# Silence Rails 4 deprecation warnings in test suite
|
26
|
+
# TODO: Model.scoped is deprecated
|
27
|
+
# TODO: Eager loading Post.includes(:comments).where("comments.title = 'foo'") becomes Post.includes(:comments).where("comments.title = 'foo'").references(:comments)
|
28
|
+
# if Rails.version >= '4'
|
29
|
+
# ActiveSupport::Deprecation.silenced = true
|
30
|
+
# end
|
31
|
+
|
32
|
+
puts "Testing against rails #{Rails::VERSION::STRING}"
|
33
|
+
|
34
|
+
RAILS_ROOT = File.dirname(__FILE__)
|
35
|
+
|
36
|
+
DA_ROOT = Pathname.new(File.expand_path("..", File.dirname(__FILE__)))
|
37
|
+
|
38
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization rails_legacy})
|
39
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization authorization})
|
40
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization in_controller})
|
41
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization maintenance})
|
42
|
+
|
43
|
+
begin
|
44
|
+
require 'ruby-debug'
|
45
|
+
rescue MissingSourceFile; end
|
46
|
+
|
47
|
+
|
48
|
+
class MockDataObject
|
49
|
+
def initialize (attrs = {})
|
50
|
+
attrs.each do |key, value|
|
51
|
+
instance_variable_set(:"@#{key}", value)
|
52
|
+
self.class.class_eval do
|
53
|
+
attr_reader key
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
def self.descends_from_active_record?
|
59
|
+
true
|
60
|
+
end
|
61
|
+
|
62
|
+
def self.table_name
|
63
|
+
name.tableize
|
64
|
+
end
|
65
|
+
|
66
|
+
def self.name
|
67
|
+
"Mock"
|
68
|
+
end
|
69
|
+
|
70
|
+
def self.find(*args)
|
71
|
+
raise StandardError, "Couldn't find #{self.name} with id #{args[0].inspect}" unless args[0]
|
72
|
+
new :id => args[0]
|
73
|
+
end
|
74
|
+
|
75
|
+
def self.find_or_initialize_by(args)
|
76
|
+
raise StandardError, "Syntax error: find_or_initialize by expects a hash: User.find_or_initialize_by(:id => @user.id)" unless args.is_a?(Hash)
|
77
|
+
new :id => args[:id]
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
class MockUser < MockDataObject
|
82
|
+
def initialize (*roles)
|
83
|
+
options = roles.last.is_a?(::Hash) ? roles.pop : {}
|
84
|
+
super({:role_symbols => roles, :login => hash}.merge(options))
|
85
|
+
end
|
86
|
+
|
87
|
+
def initialize_copy (other)
|
88
|
+
@role_symbols = @role_symbols.clone
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
class MocksController < ActionController::Base
|
93
|
+
attr_accessor :current_user
|
94
|
+
attr_writer :authorization_engine
|
95
|
+
|
96
|
+
def authorized?
|
97
|
+
!!@authorized
|
98
|
+
end
|
99
|
+
|
100
|
+
def self.define_action_methods (*methods)
|
101
|
+
methods.each do |method|
|
102
|
+
define_method method do
|
103
|
+
@authorized = true
|
104
|
+
render :text => 'nothing'
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
def self.define_resource_actions
|
110
|
+
define_action_methods :index, :show, :edit, :update, :new, :create, :destroy
|
111
|
+
end
|
112
|
+
|
113
|
+
def logger (*args)
|
114
|
+
Class.new do
|
115
|
+
def warn(*args)
|
116
|
+
#p args
|
117
|
+
end
|
118
|
+
alias_method :info, :warn
|
119
|
+
alias_method :debug, :warn
|
120
|
+
def warn?; end
|
121
|
+
alias_method :info?, :warn?
|
122
|
+
alias_method :debug?, :warn?
|
123
|
+
end.new
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
if Rails.version < "3"
|
128
|
+
ActiveRecord::Base.establish_connection({:adapter => 'sqlite3', :database => ':memory:'})
|
129
|
+
ActionController::Routing::Routes.draw do |map|
|
130
|
+
map.connect ':controller/:action/:id'
|
131
|
+
end
|
132
|
+
else
|
133
|
+
class TestApp
|
134
|
+
class Application < ::Rails::Application
|
135
|
+
config.secret_key_base = "testingpurposesonly"
|
136
|
+
config.active_support.deprecation = :stderr
|
137
|
+
database_path = File.expand_path('../database.yml', __FILE__)
|
138
|
+
if Rails.version.start_with? '3.0.'
|
139
|
+
config.paths.config.database database_path
|
140
|
+
else
|
141
|
+
config.paths['config/database'] = database_path
|
142
|
+
end
|
143
|
+
initialize!
|
144
|
+
end
|
145
|
+
end
|
146
|
+
class ApplicationController < ActionController::Base
|
147
|
+
end
|
148
|
+
#Rails::Application.routes.draw do
|
149
|
+
if Rails.version.start_with? '4'
|
150
|
+
Rails.application.routes.draw do
|
151
|
+
match '/name/spaced_things(/:action)' => 'name/spaced_things', :via => [:get, :post, :put, :patch, :delete]
|
152
|
+
match '/deep/name_spaced/things(/:action)' => 'deep/name_spaced/things', :via => [:get, :post, :put, :patch, :delete]
|
153
|
+
match '/:controller(/:action(/:id))', :via => [:get, :post, :put, :patch, :delete]
|
154
|
+
end
|
155
|
+
class TestApp
|
156
|
+
class Application < ::Rails::Application
|
157
|
+
config.secret_key_base = 'thisstringdoesnothing'
|
158
|
+
end
|
159
|
+
end
|
160
|
+
else
|
161
|
+
Rails.application.routes.draw do
|
162
|
+
match '/name/spaced_things(/:action)' => 'name/spaced_things'
|
163
|
+
match '/deep/name_spaced/things(/:action)' => 'deep/name_spaced/things'
|
164
|
+
match '/:controller(/:action(/:id))'
|
165
|
+
end
|
166
|
+
end
|
167
|
+
end
|
168
|
+
|
169
|
+
ActionController::Base.send :include, Authorization::AuthorizationInController
|
170
|
+
if Rails.version < "3"
|
171
|
+
require "action_controller/test_process"
|
172
|
+
end
|
173
|
+
|
174
|
+
|
175
|
+
if Rails.version < "4"
|
176
|
+
class Test::Unit::TestCase
|
177
|
+
include Authorization::TestHelper
|
178
|
+
|
179
|
+
def request! (user, action, reader, params = {})
|
180
|
+
action = action.to_sym if action.is_a?(String)
|
181
|
+
@controller.current_user = user
|
182
|
+
@controller.authorization_engine = Authorization::Engine.new(reader)
|
183
|
+
|
184
|
+
((params.delete(:clear) || []) + [:@authorized]).each do |var|
|
185
|
+
@controller.instance_variable_set(var, nil)
|
186
|
+
end
|
187
|
+
get action, params
|
188
|
+
end
|
189
|
+
|
190
|
+
unless Rails.version < "3"
|
191
|
+
def setup
|
192
|
+
#@routes = Rails::Application.routes
|
193
|
+
@routes = Rails.application.routes
|
194
|
+
end
|
195
|
+
end
|
196
|
+
end
|
197
|
+
|
198
|
+
elsif Rails.version < '4.1'
|
199
|
+
class Test::Unit::TestCase
|
200
|
+
include Authorization::TestHelper
|
201
|
+
end
|
202
|
+
|
203
|
+
class ActiveSupport::TestCase
|
204
|
+
include Authorization::TestHelper
|
205
|
+
|
206
|
+
def request! (user, action, reader, params = {})
|
207
|
+
action = action.to_sym if action.is_a?(String)
|
208
|
+
@controller.current_user = user
|
209
|
+
@controller.authorization_engine = Authorization::Engine.new(reader)
|
210
|
+
|
211
|
+
((params.delete(:clear) || []) + [:@authorized]).each do |var|
|
212
|
+
@controller.instance_variable_set(var, nil)
|
213
|
+
end
|
214
|
+
get action, params
|
215
|
+
end
|
216
|
+
|
217
|
+
unless Rails.version < "3"
|
218
|
+
def setup
|
219
|
+
#@routes = Rails::Application.routes
|
220
|
+
@routes = Rails.application.routes
|
221
|
+
end
|
222
|
+
end
|
223
|
+
end
|
224
|
+
else
|
225
|
+
module Test
|
226
|
+
module Unit
|
227
|
+
end
|
228
|
+
end
|
229
|
+
|
230
|
+
class Test::Unit::TestCase < Minitest::Test
|
231
|
+
include Authorization::TestHelper
|
232
|
+
end
|
233
|
+
|
234
|
+
class ActiveSupport::TestCase
|
235
|
+
include Authorization::TestHelper
|
236
|
+
|
237
|
+
def request! (user, action, reader, params = {})
|
238
|
+
action = action.to_sym if action.is_a?(String)
|
239
|
+
@controller.current_user = user
|
240
|
+
@controller.authorization_engine = Authorization::Engine.new(reader)
|
241
|
+
|
242
|
+
((params.delete(:clear) || []) + [:@authorized]).each do |var|
|
243
|
+
@controller.instance_variable_set(var, nil)
|
244
|
+
end
|
245
|
+
get action, params
|
246
|
+
end
|
247
|
+
|
248
|
+
unless Rails.version < "3"
|
249
|
+
def setup
|
250
|
+
#@routes = Rails::Application.routes
|
251
|
+
@routes = Rails.application.routes
|
252
|
+
end
|
253
|
+
end
|
254
|
+
end
|
255
|
+
end
|
metadata
ADDED
@@ -0,0 +1,95 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: zeiv-declarative_authorization
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0.pre
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Steffen Bartsch
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-05-29 00:00:00.000000000 Z
|
12
|
+
dependencies: []
|
13
|
+
description:
|
14
|
+
email: sbartsch@tzi.org
|
15
|
+
executables: []
|
16
|
+
extensions: []
|
17
|
+
extra_rdoc_files:
|
18
|
+
- README.rdoc
|
19
|
+
- CHANGELOG
|
20
|
+
files:
|
21
|
+
- CHANGELOG
|
22
|
+
- MIT-LICENSE
|
23
|
+
- README.rdoc
|
24
|
+
- Rakefile
|
25
|
+
- app/controllers/authorization_rules_controller.rb
|
26
|
+
- app/controllers/authorization_usages_controller.rb
|
27
|
+
- app/helpers/authorization_rules_helper.rb
|
28
|
+
- app/views/authorization_rules/_change.erb
|
29
|
+
- app/views/authorization_rules/_show_graph.erb
|
30
|
+
- app/views/authorization_rules/_suggestions.erb
|
31
|
+
- app/views/authorization_rules/change.html.erb
|
32
|
+
- app/views/authorization_rules/graph.dot.erb
|
33
|
+
- app/views/authorization_rules/graph.html.erb
|
34
|
+
- app/views/authorization_rules/index.html.erb
|
35
|
+
- app/views/authorization_usages/index.html.erb
|
36
|
+
- authorization_rules.dist.rb
|
37
|
+
- config/routes.rb
|
38
|
+
- garlic_example.rb
|
39
|
+
- init.rb
|
40
|
+
- lib/declarative_authorization.rb
|
41
|
+
- lib/declarative_authorization/adapters/active_record.rb
|
42
|
+
- lib/declarative_authorization/adapters/active_record/base_extensions.rb
|
43
|
+
- lib/declarative_authorization/adapters/active_record/obligation_scope_builder.rb
|
44
|
+
- lib/declarative_authorization/authorization.rb
|
45
|
+
- lib/declarative_authorization/development_support/analyzer.rb
|
46
|
+
- lib/declarative_authorization/development_support/change_analyzer.rb
|
47
|
+
- lib/declarative_authorization/development_support/change_supporter.rb
|
48
|
+
- lib/declarative_authorization/development_support/development_support.rb
|
49
|
+
- lib/declarative_authorization/helper.rb
|
50
|
+
- lib/declarative_authorization/in_controller.rb
|
51
|
+
- lib/declarative_authorization/in_model.rb
|
52
|
+
- lib/declarative_authorization/maintenance.rb
|
53
|
+
- lib/declarative_authorization/obligation_scope.rb
|
54
|
+
- lib/declarative_authorization/rails_legacy.rb
|
55
|
+
- lib/declarative_authorization/railsengine.rb
|
56
|
+
- lib/declarative_authorization/reader.rb
|
57
|
+
- lib/generators/authorization/install/install_generator.rb
|
58
|
+
- lib/generators/authorization/rules/rules_generator.rb
|
59
|
+
- lib/generators/authorization/rules/templates/authorization_rules.rb
|
60
|
+
- lib/tasks/authorization_tasks.rake
|
61
|
+
- test/authorization_test.rb
|
62
|
+
- test/controller_filter_resource_access_test.rb
|
63
|
+
- test/controller_test.rb
|
64
|
+
- test/database.yml
|
65
|
+
- test/dsl_reader_test.rb
|
66
|
+
- test/helper_test.rb
|
67
|
+
- test/maintenance_test.rb
|
68
|
+
- test/model_test.rb
|
69
|
+
- test/schema.sql
|
70
|
+
- test/test_helper.rb
|
71
|
+
homepage: http://github.com/stffn/declarative_authorization
|
72
|
+
licenses: []
|
73
|
+
metadata: {}
|
74
|
+
post_install_message:
|
75
|
+
rdoc_options: []
|
76
|
+
require_paths:
|
77
|
+
- lib
|
78
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: 1.8.6
|
83
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
84
|
+
requirements:
|
85
|
+
- - ">"
|
86
|
+
- !ruby/object:Gem::Version
|
87
|
+
version: 1.3.1
|
88
|
+
requirements: []
|
89
|
+
rubyforge_project:
|
90
|
+
rubygems_version: 2.4.7
|
91
|
+
signing_key:
|
92
|
+
specification_version: 4
|
93
|
+
summary: declarative_authorization is a Rails plugin for maintainable authorization
|
94
|
+
based on readable authorization rules.
|
95
|
+
test_files: []
|