zuul 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/generators/zuul/orm_helpers.rb +21 -0
- data/lib/generators/zuul/permission_generator.rb +57 -0
- data/lib/generators/zuul/permission_role_generator.rb +40 -0
- data/lib/generators/zuul/permission_subject_generator.rb +40 -0
- data/lib/generators/zuul/role_generator.rb +58 -0
- data/lib/generators/zuul/role_subject_generator.rb +40 -0
- data/lib/generators/zuul/subject_generator.rb +39 -0
- data/lib/generators/zuul/templates/permission.rb +18 -0
- data/lib/generators/zuul/templates/permission_existing.rb +25 -0
- data/lib/generators/zuul/templates/permission_role.rb +17 -0
- data/lib/generators/zuul/templates/permission_role_existing.rb +24 -0
- data/lib/generators/zuul/templates/permission_subject.rb +17 -0
- data/lib/generators/zuul/templates/permission_subject_existing.rb +24 -0
- data/lib/generators/zuul/templates/role.rb +20 -0
- data/lib/generators/zuul/templates/role_existing.rb +27 -0
- data/lib/generators/zuul/templates/role_subject.rb +17 -0
- data/lib/generators/zuul/templates/role_subject_existing.rb +24 -0
- data/lib/tasks/zuul.rake +56 -0
- data/lib/zuul.rb +14 -5
- data/lib/zuul/action_controller.rb +108 -0
- data/lib/zuul/action_controller/dsl.rb +384 -0
- data/lib/zuul/action_controller/evaluators.rb +60 -0
- data/lib/zuul/active_record.rb +338 -0
- data/lib/zuul/active_record/context.rb +38 -0
- data/lib/zuul/active_record/permission.rb +31 -0
- data/lib/zuul/active_record/permission_role.rb +29 -0
- data/lib/zuul/active_record/permission_subject.rb +29 -0
- data/lib/zuul/active_record/role.rb +117 -0
- data/lib/zuul/active_record/role_subject.rb +29 -0
- data/lib/zuul/active_record/scope.rb +71 -0
- data/lib/zuul/active_record/subject.rb +239 -0
- data/lib/zuul/configuration.rb +149 -0
- data/lib/zuul/context.rb +53 -0
- data/lib/zuul/exceptions.rb +3 -0
- data/lib/zuul/exceptions/access_denied.rb +9 -0
- data/lib/zuul/exceptions/invalid_context.rb +9 -0
- data/lib/zuul/exceptions/undefined_scope.rb +9 -0
- data/lib/zuul/railtie.rb +5 -0
- data/lib/zuul/version.rb +3 -0
- data/lib/zuul_viz.rb +195 -0
- data/spec/db/schema.rb +172 -0
- data/spec/spec_helper.rb +25 -0
- data/spec/support/capture_stdout.rb +12 -0
- data/spec/support/models.rb +167 -0
- data/spec/zuul/active_record/context_spec.rb +55 -0
- data/spec/zuul/active_record/permission_role_spec.rb +84 -0
- data/spec/zuul/active_record/permission_spec.rb +174 -0
- data/spec/zuul/active_record/permission_subject_spec.rb +84 -0
- data/spec/zuul/active_record/role_spec.rb +694 -0
- data/spec/zuul/active_record/role_subject_spec.rb +84 -0
- data/spec/zuul/active_record/scope_spec.rb +75 -0
- data/spec/zuul/active_record/subject_spec.rb +1186 -0
- data/spec/zuul/active_record_spec.rb +624 -0
- data/spec/zuul/configuration_spec.rb +254 -0
- data/spec/zuul/context_spec.rb +128 -0
- data/spec/zuul_spec.rb +15 -0
- metadata +181 -70
- data/.document +0 -5
- data/.gitignore +0 -23
- data/LICENSE +0 -20
- data/README.rdoc +0 -65
- data/Rakefile +0 -54
- data/VERSION +0 -1
- data/lib/zuul/restrict_access.rb +0 -104
- data/lib/zuul/valid_roles.rb +0 -37
- data/spec/rails_root/app/controllers/application_controller.rb +0 -2
- data/spec/rails_root/app/models/user.rb +0 -8
- data/spec/rails_root/config/boot.rb +0 -110
- data/spec/rails_root/config/database.yml +0 -5
- data/spec/rails_root/config/environment.rb +0 -7
- data/spec/rails_root/config/environments/test.rb +0 -7
- data/spec/rails_root/config/initializers/session_store.rb +0 -15
- data/spec/rails_root/config/routes.rb +0 -4
- data/spec/rails_root/db/test.sqlite3 +0 -0
- data/spec/rails_root/log/test.log +0 -5388
- data/spec/rails_root/spec/controllers/require_user_spec.rb +0 -138
- data/spec/rails_root/spec/controllers/restrict_access_spec.rb +0 -64
- data/spec/rails_root/spec/models/user_spec.rb +0 -37
- data/spec/rails_root/spec/spec_helper.rb +0 -34
- data/zuul.gemspec +0 -78
@@ -1,138 +0,0 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
-
|
3
|
-
class ApplicationController
|
4
|
-
include Zuul::RestrictAccess
|
5
|
-
restrict_access
|
6
|
-
end
|
7
|
-
|
8
|
-
context "one role required for all actions" do
|
9
|
-
class Stock1Controller < ApplicationController
|
10
|
-
require_user :member
|
11
|
-
def index; render :text => 'index'; end
|
12
|
-
def show; render :text => 'show'; end
|
13
|
-
end
|
14
|
-
|
15
|
-
describe Stock1Controller do
|
16
|
-
before do
|
17
|
-
controller.stubs(:current_user).returns(@user = stub('user'))
|
18
|
-
end
|
19
|
-
|
20
|
-
it "denies someone without that role" do
|
21
|
-
@user.stubs(:member?).returns(false)
|
22
|
-
get :index
|
23
|
-
response.should redirect_to('/')
|
24
|
-
end
|
25
|
-
it "allows someone with that role" do
|
26
|
-
@user.stubs(:member?).returns(true)
|
27
|
-
get :index
|
28
|
-
response.body.should == 'index'
|
29
|
-
end
|
30
|
-
it "controls access to all actions in the controller" do
|
31
|
-
@user.stubs(:member?).returns(false)
|
32
|
-
get :index
|
33
|
-
response.should redirect_to('/')
|
34
|
-
get :show
|
35
|
-
response.should redirect_to('/')
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
context "one role required for only one action" do
|
41
|
-
class Stock2Controller < ApplicationController
|
42
|
-
require_user :member, :only => :show
|
43
|
-
def index; render :text => 'index'; end
|
44
|
-
def show; render :text => 'show'; end
|
45
|
-
end
|
46
|
-
|
47
|
-
describe Stock2Controller do
|
48
|
-
before do
|
49
|
-
controller.stubs(:current_user).returns(@user = stub('user'))
|
50
|
-
end
|
51
|
-
|
52
|
-
it "denies someone without that role from the protected action" do
|
53
|
-
@user.stubs(:member?).returns(false)
|
54
|
-
get :show
|
55
|
-
response.should redirect_to('/')
|
56
|
-
end
|
57
|
-
it "allows someone with that role into the protected action" do
|
58
|
-
@user.stubs(:member?).returns(true)
|
59
|
-
get :show
|
60
|
-
response.body.should == 'show'
|
61
|
-
end
|
62
|
-
it "allows anyone into the unprotected action" do
|
63
|
-
@user.stubs(:member?).returns(false)
|
64
|
-
get :index
|
65
|
-
response.body.should == 'index'
|
66
|
-
end
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
context "user with no specific role required for all actions" do
|
71
|
-
class Stock3Controller < ApplicationController
|
72
|
-
require_user
|
73
|
-
def index; render :text => 'index'; end
|
74
|
-
def show; render :text => 'show'; end
|
75
|
-
end
|
76
|
-
|
77
|
-
describe Stock3Controller do
|
78
|
-
before do
|
79
|
-
controller.stubs(:current_user).returns(@user = stub('user'))
|
80
|
-
end
|
81
|
-
|
82
|
-
it "denies access if there is no user" do
|
83
|
-
controller.stubs(:current_user).returns(nil)
|
84
|
-
get :show
|
85
|
-
response.should redirect_to('/')
|
86
|
-
end
|
87
|
-
it "allows access to an admin user" do
|
88
|
-
@user.stubs(:admin?).returns(true)
|
89
|
-
get :show
|
90
|
-
response.body.should == 'show'
|
91
|
-
end
|
92
|
-
it "allows access to a guest user" do
|
93
|
-
@user.stubs(:guest?).returns(true)
|
94
|
-
get :index
|
95
|
-
response.body.should == 'index'
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
99
|
-
|
100
|
-
context "user with no specific role required for all but one action" do
|
101
|
-
class Stock4Controller < ApplicationController
|
102
|
-
require_user :except => :show
|
103
|
-
def index; render :text => 'index'; end
|
104
|
-
def show; render :text => 'show'; end
|
105
|
-
end
|
106
|
-
|
107
|
-
describe Stock4Controller do
|
108
|
-
before do
|
109
|
-
controller.stubs(:current_user).returns(@user = stub('user'))
|
110
|
-
end
|
111
|
-
|
112
|
-
it "denies access if there is no user" do
|
113
|
-
controller.stubs(:current_user).returns(nil)
|
114
|
-
get :index
|
115
|
-
response.should redirect_to('/')
|
116
|
-
end
|
117
|
-
it "allows access to the unprotected action" do
|
118
|
-
controller.stubs(:current_user).returns(nil)
|
119
|
-
get :show
|
120
|
-
response.body.should == 'show'
|
121
|
-
end
|
122
|
-
end
|
123
|
-
end
|
124
|
-
|
125
|
-
context "cannot access the actions if there is a user" do
|
126
|
-
class Stock5Controller < ApplicationController
|
127
|
-
require_no_user
|
128
|
-
def index; render :text => 'index'; end
|
129
|
-
end
|
130
|
-
|
131
|
-
describe Stock5Controller do
|
132
|
-
it "denies access if there is a user" do
|
133
|
-
controller.stubs(:current_user).returns(@user = stub('user'))
|
134
|
-
get :index
|
135
|
-
response.should redirect_to('/')
|
136
|
-
end
|
137
|
-
end
|
138
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
-
|
3
|
-
context "specifying a custom 'access denied' flash message" do
|
4
|
-
class ApplicationController1 < ActionController::Base
|
5
|
-
include Zuul::RestrictAccess
|
6
|
-
restrict_access :access_denied_message => "You shall not pass"
|
7
|
-
end
|
8
|
-
|
9
|
-
class StockController1 < ApplicationController1
|
10
|
-
require_user
|
11
|
-
def index; render :text => 'index'; end
|
12
|
-
end
|
13
|
-
|
14
|
-
describe StockController1 do
|
15
|
-
it "uses the custom message" do
|
16
|
-
controller.stubs(:current_user).returns(nil)
|
17
|
-
get :index
|
18
|
-
flash[:notice].should == "You shall not pass"
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
context "specifying a custom 'access denied' redirect path" do
|
24
|
-
class ApplicationController2 < ActionController::Base
|
25
|
-
include Zuul::RestrictAccess
|
26
|
-
restrict_access :unauthorized_redirect_path => :signin_path
|
27
|
-
def signin_path
|
28
|
-
'/signup'
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
class StockController2 < ApplicationController2
|
33
|
-
require_user
|
34
|
-
def index; render :text => 'index'; end
|
35
|
-
end
|
36
|
-
|
37
|
-
describe StockController2 do
|
38
|
-
it "uses the custom message" do
|
39
|
-
controller.stubs(:current_user).returns(nil)
|
40
|
-
get :index
|
41
|
-
response.should redirect_to('/signup')
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
context "specifying a custom 'cannot have a user' message" do
|
47
|
-
class ApplicationController3 < ActionController::Base
|
48
|
-
include Zuul::RestrictAccess
|
49
|
-
restrict_access :require_no_user_message => "You can't do this with a user"
|
50
|
-
end
|
51
|
-
|
52
|
-
class StockController3 < ApplicationController3
|
53
|
-
require_no_user
|
54
|
-
def index; render :text => 'index'; end
|
55
|
-
end
|
56
|
-
|
57
|
-
describe StockController3 do
|
58
|
-
it "uses the custom message" do
|
59
|
-
controller.stubs(:current_user).returns(stub('user'))
|
60
|
-
get :index
|
61
|
-
flash[:notice].should == "You can't do this with a user"
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
@@ -1,37 +0,0 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
-
|
3
|
-
describe User do
|
4
|
-
before do
|
5
|
-
@user = User.new
|
6
|
-
end
|
7
|
-
|
8
|
-
it "knows its role" do
|
9
|
-
@user.role = 'admin'
|
10
|
-
@user.admin?.should be_true
|
11
|
-
end
|
12
|
-
|
13
|
-
it "returns its role as a symbol" do
|
14
|
-
@user.role = 'admin'
|
15
|
-
@user.role.should == :admin
|
16
|
-
end
|
17
|
-
|
18
|
-
it "assigns the role if it is in the list of valid roles" do
|
19
|
-
@user.role = :member
|
20
|
-
@user.role.should == :member
|
21
|
-
end
|
22
|
-
|
23
|
-
it "does not assign the role if it is not in the list of valid roles" do
|
24
|
-
@user.role = 'admin'
|
25
|
-
@user.role = :superuser
|
26
|
-
@user.role.should == :admin
|
27
|
-
end
|
28
|
-
|
29
|
-
it "does not allow the role to be mass-assigned" do
|
30
|
-
begin
|
31
|
-
@user.update_attributes(:role => 'admin')
|
32
|
-
rescue Exception => e
|
33
|
-
ensure
|
34
|
-
@user.role.should be_nil
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
@@ -1,34 +0,0 @@
|
|
1
|
-
ENV["RAILS_ENV"] = "test"
|
2
|
-
require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
|
3
|
-
require 'spec'
|
4
|
-
require 'spec/rails'
|
5
|
-
|
6
|
-
Spec::Runner.configure do |config|
|
7
|
-
config.use_transactional_fixtures = true
|
8
|
-
config.use_instantiated_fixtures = false
|
9
|
-
config.fixture_path = RAILS_ROOT + '/spec/fixtures/'
|
10
|
-
config.global_fixtures = :all
|
11
|
-
config.mock_with :mocha
|
12
|
-
end
|
13
|
-
|
14
|
-
ActiveRecord::Base.establish_connection(
|
15
|
-
:adapter => 'sqlite3',
|
16
|
-
:database => File.join(File.dirname(__FILE__), '../db/test.sqlite3')
|
17
|
-
)
|
18
|
-
|
19
|
-
class CreateSchema < ActiveRecord::Migration
|
20
|
-
def self.up
|
21
|
-
create_table :users, :force => true do |t|
|
22
|
-
t.string :first_name
|
23
|
-
t.string :last_name
|
24
|
-
t.string :email
|
25
|
-
t.string :username
|
26
|
-
t.string :role
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
CreateSchema.suppress_messages { CreateSchema.migrate(:up) }
|
32
|
-
|
33
|
-
class ActiveSupport::TestCase
|
34
|
-
end
|
data/zuul.gemspec
DELETED
@@ -1,78 +0,0 @@
|
|
1
|
-
# Generated by jeweler
|
2
|
-
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
-
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
-
# -*- encoding: utf-8 -*-
|
5
|
-
|
6
|
-
Gem::Specification.new do |s|
|
7
|
-
s.name = %q{zuul}
|
8
|
-
s.version = "0.1.1"
|
9
|
-
|
10
|
-
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
-
s.authors = ["Wes Gibbs"]
|
12
|
-
s.date = %q{2009-11-04}
|
13
|
-
s.description = %q{A simple authorization solution for Rails apps.}
|
14
|
-
s.email = %q{wes@hashrocket.com}
|
15
|
-
s.extra_rdoc_files = [
|
16
|
-
"LICENSE",
|
17
|
-
"README.rdoc"
|
18
|
-
]
|
19
|
-
s.files = [
|
20
|
-
".document",
|
21
|
-
".gitignore",
|
22
|
-
"LICENSE",
|
23
|
-
"README.rdoc",
|
24
|
-
"Rakefile",
|
25
|
-
"VERSION",
|
26
|
-
"lib/zuul.rb",
|
27
|
-
"lib/zuul/restrict_access.rb",
|
28
|
-
"lib/zuul/valid_roles.rb",
|
29
|
-
"zuul.gemspec"
|
30
|
-
]
|
31
|
-
s.homepage = %q{http://github.com/wgibbs/zuul}
|
32
|
-
s.rdoc_options = ["--charset=UTF-8"]
|
33
|
-
s.require_paths = ["lib"]
|
34
|
-
s.rubygems_version = %q{1.3.5}
|
35
|
-
s.summary = %q{Simple Rails Authorization}
|
36
|
-
s.test_files = [
|
37
|
-
"spec/rails_root",
|
38
|
-
"spec/rails_root/app",
|
39
|
-
"spec/rails_root/app/controllers",
|
40
|
-
"spec/rails_root/app/controllers/application_controller.rb",
|
41
|
-
"spec/rails_root/app/models",
|
42
|
-
"spec/rails_root/app/models/user.rb",
|
43
|
-
"spec/rails_root/config",
|
44
|
-
"spec/rails_root/config/boot.rb",
|
45
|
-
"spec/rails_root/config/database.yml",
|
46
|
-
"spec/rails_root/config/environment.rb",
|
47
|
-
"spec/rails_root/config/environments",
|
48
|
-
"spec/rails_root/config/environments/test.rb",
|
49
|
-
"spec/rails_root/config/initializers",
|
50
|
-
"spec/rails_root/config/initializers/session_store.rb",
|
51
|
-
"spec/rails_root/config/routes.rb",
|
52
|
-
"spec/rails_root/db",
|
53
|
-
"spec/rails_root/db/test.sqlite3",
|
54
|
-
"spec/rails_root/log",
|
55
|
-
"spec/rails_root/log/test.log",
|
56
|
-
"spec/rails_root/spec",
|
57
|
-
"spec/rails_root/spec/controllers",
|
58
|
-
"spec/rails_root/spec/controllers/require_user_spec.rb",
|
59
|
-
"spec/rails_root/spec/controllers/restrict_access_spec.rb",
|
60
|
-
"spec/rails_root/spec/models",
|
61
|
-
"spec/rails_root/spec/models/user_spec.rb",
|
62
|
-
"spec/rails_root/spec/spec_helper.rb"
|
63
|
-
]
|
64
|
-
|
65
|
-
if s.respond_to? :specification_version then
|
66
|
-
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
67
|
-
s.specification_version = 3
|
68
|
-
|
69
|
-
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
70
|
-
s.add_development_dependency(%q<rspec>, [">= 1.2.9"])
|
71
|
-
else
|
72
|
-
s.add_dependency(%q<rspec>, [">= 1.2.9"])
|
73
|
-
end
|
74
|
-
else
|
75
|
-
s.add_dependency(%q<rspec>, [">= 1.2.9"])
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|