zuul 0.1.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/generators/zuul/orm_helpers.rb +21 -0
- data/lib/generators/zuul/permission_generator.rb +57 -0
- data/lib/generators/zuul/permission_role_generator.rb +40 -0
- data/lib/generators/zuul/permission_subject_generator.rb +40 -0
- data/lib/generators/zuul/role_generator.rb +58 -0
- data/lib/generators/zuul/role_subject_generator.rb +40 -0
- data/lib/generators/zuul/subject_generator.rb +39 -0
- data/lib/generators/zuul/templates/permission.rb +18 -0
- data/lib/generators/zuul/templates/permission_existing.rb +25 -0
- data/lib/generators/zuul/templates/permission_role.rb +17 -0
- data/lib/generators/zuul/templates/permission_role_existing.rb +24 -0
- data/lib/generators/zuul/templates/permission_subject.rb +17 -0
- data/lib/generators/zuul/templates/permission_subject_existing.rb +24 -0
- data/lib/generators/zuul/templates/role.rb +20 -0
- data/lib/generators/zuul/templates/role_existing.rb +27 -0
- data/lib/generators/zuul/templates/role_subject.rb +17 -0
- data/lib/generators/zuul/templates/role_subject_existing.rb +24 -0
- data/lib/tasks/zuul.rake +56 -0
- data/lib/zuul.rb +14 -5
- data/lib/zuul/action_controller.rb +108 -0
- data/lib/zuul/action_controller/dsl.rb +384 -0
- data/lib/zuul/action_controller/evaluators.rb +60 -0
- data/lib/zuul/active_record.rb +338 -0
- data/lib/zuul/active_record/context.rb +38 -0
- data/lib/zuul/active_record/permission.rb +31 -0
- data/lib/zuul/active_record/permission_role.rb +29 -0
- data/lib/zuul/active_record/permission_subject.rb +29 -0
- data/lib/zuul/active_record/role.rb +117 -0
- data/lib/zuul/active_record/role_subject.rb +29 -0
- data/lib/zuul/active_record/scope.rb +71 -0
- data/lib/zuul/active_record/subject.rb +239 -0
- data/lib/zuul/configuration.rb +149 -0
- data/lib/zuul/context.rb +53 -0
- data/lib/zuul/exceptions.rb +3 -0
- data/lib/zuul/exceptions/access_denied.rb +9 -0
- data/lib/zuul/exceptions/invalid_context.rb +9 -0
- data/lib/zuul/exceptions/undefined_scope.rb +9 -0
- data/lib/zuul/railtie.rb +5 -0
- data/lib/zuul/version.rb +3 -0
- data/lib/zuul_viz.rb +195 -0
- data/spec/db/schema.rb +172 -0
- data/spec/spec_helper.rb +25 -0
- data/spec/support/capture_stdout.rb +12 -0
- data/spec/support/models.rb +167 -0
- data/spec/zuul/active_record/context_spec.rb +55 -0
- data/spec/zuul/active_record/permission_role_spec.rb +84 -0
- data/spec/zuul/active_record/permission_spec.rb +174 -0
- data/spec/zuul/active_record/permission_subject_spec.rb +84 -0
- data/spec/zuul/active_record/role_spec.rb +694 -0
- data/spec/zuul/active_record/role_subject_spec.rb +84 -0
- data/spec/zuul/active_record/scope_spec.rb +75 -0
- data/spec/zuul/active_record/subject_spec.rb +1186 -0
- data/spec/zuul/active_record_spec.rb +624 -0
- data/spec/zuul/configuration_spec.rb +254 -0
- data/spec/zuul/context_spec.rb +128 -0
- data/spec/zuul_spec.rb +15 -0
- metadata +181 -70
- data/.document +0 -5
- data/.gitignore +0 -23
- data/LICENSE +0 -20
- data/README.rdoc +0 -65
- data/Rakefile +0 -54
- data/VERSION +0 -1
- data/lib/zuul/restrict_access.rb +0 -104
- data/lib/zuul/valid_roles.rb +0 -37
- data/spec/rails_root/app/controllers/application_controller.rb +0 -2
- data/spec/rails_root/app/models/user.rb +0 -8
- data/spec/rails_root/config/boot.rb +0 -110
- data/spec/rails_root/config/database.yml +0 -5
- data/spec/rails_root/config/environment.rb +0 -7
- data/spec/rails_root/config/environments/test.rb +0 -7
- data/spec/rails_root/config/initializers/session_store.rb +0 -15
- data/spec/rails_root/config/routes.rb +0 -4
- data/spec/rails_root/db/test.sqlite3 +0 -0
- data/spec/rails_root/log/test.log +0 -5388
- data/spec/rails_root/spec/controllers/require_user_spec.rb +0 -138
- data/spec/rails_root/spec/controllers/restrict_access_spec.rb +0 -64
- data/spec/rails_root/spec/models/user_spec.rb +0 -37
- data/spec/rails_root/spec/spec_helper.rb +0 -34
- data/zuul.gemspec +0 -78
@@ -1,138 +0,0 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
-
|
3
|
-
class ApplicationController
|
4
|
-
include Zuul::RestrictAccess
|
5
|
-
restrict_access
|
6
|
-
end
|
7
|
-
|
8
|
-
context "one role required for all actions" do
|
9
|
-
class Stock1Controller < ApplicationController
|
10
|
-
require_user :member
|
11
|
-
def index; render :text => 'index'; end
|
12
|
-
def show; render :text => 'show'; end
|
13
|
-
end
|
14
|
-
|
15
|
-
describe Stock1Controller do
|
16
|
-
before do
|
17
|
-
controller.stubs(:current_user).returns(@user = stub('user'))
|
18
|
-
end
|
19
|
-
|
20
|
-
it "denies someone without that role" do
|
21
|
-
@user.stubs(:member?).returns(false)
|
22
|
-
get :index
|
23
|
-
response.should redirect_to('/')
|
24
|
-
end
|
25
|
-
it "allows someone with that role" do
|
26
|
-
@user.stubs(:member?).returns(true)
|
27
|
-
get :index
|
28
|
-
response.body.should == 'index'
|
29
|
-
end
|
30
|
-
it "controls access to all actions in the controller" do
|
31
|
-
@user.stubs(:member?).returns(false)
|
32
|
-
get :index
|
33
|
-
response.should redirect_to('/')
|
34
|
-
get :show
|
35
|
-
response.should redirect_to('/')
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
context "one role required for only one action" do
|
41
|
-
class Stock2Controller < ApplicationController
|
42
|
-
require_user :member, :only => :show
|
43
|
-
def index; render :text => 'index'; end
|
44
|
-
def show; render :text => 'show'; end
|
45
|
-
end
|
46
|
-
|
47
|
-
describe Stock2Controller do
|
48
|
-
before do
|
49
|
-
controller.stubs(:current_user).returns(@user = stub('user'))
|
50
|
-
end
|
51
|
-
|
52
|
-
it "denies someone without that role from the protected action" do
|
53
|
-
@user.stubs(:member?).returns(false)
|
54
|
-
get :show
|
55
|
-
response.should redirect_to('/')
|
56
|
-
end
|
57
|
-
it "allows someone with that role into the protected action" do
|
58
|
-
@user.stubs(:member?).returns(true)
|
59
|
-
get :show
|
60
|
-
response.body.should == 'show'
|
61
|
-
end
|
62
|
-
it "allows anyone into the unprotected action" do
|
63
|
-
@user.stubs(:member?).returns(false)
|
64
|
-
get :index
|
65
|
-
response.body.should == 'index'
|
66
|
-
end
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
context "user with no specific role required for all actions" do
|
71
|
-
class Stock3Controller < ApplicationController
|
72
|
-
require_user
|
73
|
-
def index; render :text => 'index'; end
|
74
|
-
def show; render :text => 'show'; end
|
75
|
-
end
|
76
|
-
|
77
|
-
describe Stock3Controller do
|
78
|
-
before do
|
79
|
-
controller.stubs(:current_user).returns(@user = stub('user'))
|
80
|
-
end
|
81
|
-
|
82
|
-
it "denies access if there is no user" do
|
83
|
-
controller.stubs(:current_user).returns(nil)
|
84
|
-
get :show
|
85
|
-
response.should redirect_to('/')
|
86
|
-
end
|
87
|
-
it "allows access to an admin user" do
|
88
|
-
@user.stubs(:admin?).returns(true)
|
89
|
-
get :show
|
90
|
-
response.body.should == 'show'
|
91
|
-
end
|
92
|
-
it "allows access to a guest user" do
|
93
|
-
@user.stubs(:guest?).returns(true)
|
94
|
-
get :index
|
95
|
-
response.body.should == 'index'
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|
99
|
-
|
100
|
-
context "user with no specific role required for all but one action" do
|
101
|
-
class Stock4Controller < ApplicationController
|
102
|
-
require_user :except => :show
|
103
|
-
def index; render :text => 'index'; end
|
104
|
-
def show; render :text => 'show'; end
|
105
|
-
end
|
106
|
-
|
107
|
-
describe Stock4Controller do
|
108
|
-
before do
|
109
|
-
controller.stubs(:current_user).returns(@user = stub('user'))
|
110
|
-
end
|
111
|
-
|
112
|
-
it "denies access if there is no user" do
|
113
|
-
controller.stubs(:current_user).returns(nil)
|
114
|
-
get :index
|
115
|
-
response.should redirect_to('/')
|
116
|
-
end
|
117
|
-
it "allows access to the unprotected action" do
|
118
|
-
controller.stubs(:current_user).returns(nil)
|
119
|
-
get :show
|
120
|
-
response.body.should == 'show'
|
121
|
-
end
|
122
|
-
end
|
123
|
-
end
|
124
|
-
|
125
|
-
context "cannot access the actions if there is a user" do
|
126
|
-
class Stock5Controller < ApplicationController
|
127
|
-
require_no_user
|
128
|
-
def index; render :text => 'index'; end
|
129
|
-
end
|
130
|
-
|
131
|
-
describe Stock5Controller do
|
132
|
-
it "denies access if there is a user" do
|
133
|
-
controller.stubs(:current_user).returns(@user = stub('user'))
|
134
|
-
get :index
|
135
|
-
response.should redirect_to('/')
|
136
|
-
end
|
137
|
-
end
|
138
|
-
end
|
@@ -1,64 +0,0 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
-
|
3
|
-
context "specifying a custom 'access denied' flash message" do
|
4
|
-
class ApplicationController1 < ActionController::Base
|
5
|
-
include Zuul::RestrictAccess
|
6
|
-
restrict_access :access_denied_message => "You shall not pass"
|
7
|
-
end
|
8
|
-
|
9
|
-
class StockController1 < ApplicationController1
|
10
|
-
require_user
|
11
|
-
def index; render :text => 'index'; end
|
12
|
-
end
|
13
|
-
|
14
|
-
describe StockController1 do
|
15
|
-
it "uses the custom message" do
|
16
|
-
controller.stubs(:current_user).returns(nil)
|
17
|
-
get :index
|
18
|
-
flash[:notice].should == "You shall not pass"
|
19
|
-
end
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|
23
|
-
context "specifying a custom 'access denied' redirect path" do
|
24
|
-
class ApplicationController2 < ActionController::Base
|
25
|
-
include Zuul::RestrictAccess
|
26
|
-
restrict_access :unauthorized_redirect_path => :signin_path
|
27
|
-
def signin_path
|
28
|
-
'/signup'
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
class StockController2 < ApplicationController2
|
33
|
-
require_user
|
34
|
-
def index; render :text => 'index'; end
|
35
|
-
end
|
36
|
-
|
37
|
-
describe StockController2 do
|
38
|
-
it "uses the custom message" do
|
39
|
-
controller.stubs(:current_user).returns(nil)
|
40
|
-
get :index
|
41
|
-
response.should redirect_to('/signup')
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
context "specifying a custom 'cannot have a user' message" do
|
47
|
-
class ApplicationController3 < ActionController::Base
|
48
|
-
include Zuul::RestrictAccess
|
49
|
-
restrict_access :require_no_user_message => "You can't do this with a user"
|
50
|
-
end
|
51
|
-
|
52
|
-
class StockController3 < ApplicationController3
|
53
|
-
require_no_user
|
54
|
-
def index; render :text => 'index'; end
|
55
|
-
end
|
56
|
-
|
57
|
-
describe StockController3 do
|
58
|
-
it "uses the custom message" do
|
59
|
-
controller.stubs(:current_user).returns(stub('user'))
|
60
|
-
get :index
|
61
|
-
flash[:notice].should == "You can't do this with a user"
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|
@@ -1,37 +0,0 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
-
|
3
|
-
describe User do
|
4
|
-
before do
|
5
|
-
@user = User.new
|
6
|
-
end
|
7
|
-
|
8
|
-
it "knows its role" do
|
9
|
-
@user.role = 'admin'
|
10
|
-
@user.admin?.should be_true
|
11
|
-
end
|
12
|
-
|
13
|
-
it "returns its role as a symbol" do
|
14
|
-
@user.role = 'admin'
|
15
|
-
@user.role.should == :admin
|
16
|
-
end
|
17
|
-
|
18
|
-
it "assigns the role if it is in the list of valid roles" do
|
19
|
-
@user.role = :member
|
20
|
-
@user.role.should == :member
|
21
|
-
end
|
22
|
-
|
23
|
-
it "does not assign the role if it is not in the list of valid roles" do
|
24
|
-
@user.role = 'admin'
|
25
|
-
@user.role = :superuser
|
26
|
-
@user.role.should == :admin
|
27
|
-
end
|
28
|
-
|
29
|
-
it "does not allow the role to be mass-assigned" do
|
30
|
-
begin
|
31
|
-
@user.update_attributes(:role => 'admin')
|
32
|
-
rescue Exception => e
|
33
|
-
ensure
|
34
|
-
@user.role.should be_nil
|
35
|
-
end
|
36
|
-
end
|
37
|
-
end
|
@@ -1,34 +0,0 @@
|
|
1
|
-
ENV["RAILS_ENV"] = "test"
|
2
|
-
require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
|
3
|
-
require 'spec'
|
4
|
-
require 'spec/rails'
|
5
|
-
|
6
|
-
Spec::Runner.configure do |config|
|
7
|
-
config.use_transactional_fixtures = true
|
8
|
-
config.use_instantiated_fixtures = false
|
9
|
-
config.fixture_path = RAILS_ROOT + '/spec/fixtures/'
|
10
|
-
config.global_fixtures = :all
|
11
|
-
config.mock_with :mocha
|
12
|
-
end
|
13
|
-
|
14
|
-
ActiveRecord::Base.establish_connection(
|
15
|
-
:adapter => 'sqlite3',
|
16
|
-
:database => File.join(File.dirname(__FILE__), '../db/test.sqlite3')
|
17
|
-
)
|
18
|
-
|
19
|
-
class CreateSchema < ActiveRecord::Migration
|
20
|
-
def self.up
|
21
|
-
create_table :users, :force => true do |t|
|
22
|
-
t.string :first_name
|
23
|
-
t.string :last_name
|
24
|
-
t.string :email
|
25
|
-
t.string :username
|
26
|
-
t.string :role
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
30
|
-
|
31
|
-
CreateSchema.suppress_messages { CreateSchema.migrate(:up) }
|
32
|
-
|
33
|
-
class ActiveSupport::TestCase
|
34
|
-
end
|
data/zuul.gemspec
DELETED
@@ -1,78 +0,0 @@
|
|
1
|
-
# Generated by jeweler
|
2
|
-
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
-
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
-
# -*- encoding: utf-8 -*-
|
5
|
-
|
6
|
-
Gem::Specification.new do |s|
|
7
|
-
s.name = %q{zuul}
|
8
|
-
s.version = "0.1.1"
|
9
|
-
|
10
|
-
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
-
s.authors = ["Wes Gibbs"]
|
12
|
-
s.date = %q{2009-11-04}
|
13
|
-
s.description = %q{A simple authorization solution for Rails apps.}
|
14
|
-
s.email = %q{wes@hashrocket.com}
|
15
|
-
s.extra_rdoc_files = [
|
16
|
-
"LICENSE",
|
17
|
-
"README.rdoc"
|
18
|
-
]
|
19
|
-
s.files = [
|
20
|
-
".document",
|
21
|
-
".gitignore",
|
22
|
-
"LICENSE",
|
23
|
-
"README.rdoc",
|
24
|
-
"Rakefile",
|
25
|
-
"VERSION",
|
26
|
-
"lib/zuul.rb",
|
27
|
-
"lib/zuul/restrict_access.rb",
|
28
|
-
"lib/zuul/valid_roles.rb",
|
29
|
-
"zuul.gemspec"
|
30
|
-
]
|
31
|
-
s.homepage = %q{http://github.com/wgibbs/zuul}
|
32
|
-
s.rdoc_options = ["--charset=UTF-8"]
|
33
|
-
s.require_paths = ["lib"]
|
34
|
-
s.rubygems_version = %q{1.3.5}
|
35
|
-
s.summary = %q{Simple Rails Authorization}
|
36
|
-
s.test_files = [
|
37
|
-
"spec/rails_root",
|
38
|
-
"spec/rails_root/app",
|
39
|
-
"spec/rails_root/app/controllers",
|
40
|
-
"spec/rails_root/app/controllers/application_controller.rb",
|
41
|
-
"spec/rails_root/app/models",
|
42
|
-
"spec/rails_root/app/models/user.rb",
|
43
|
-
"spec/rails_root/config",
|
44
|
-
"spec/rails_root/config/boot.rb",
|
45
|
-
"spec/rails_root/config/database.yml",
|
46
|
-
"spec/rails_root/config/environment.rb",
|
47
|
-
"spec/rails_root/config/environments",
|
48
|
-
"spec/rails_root/config/environments/test.rb",
|
49
|
-
"spec/rails_root/config/initializers",
|
50
|
-
"spec/rails_root/config/initializers/session_store.rb",
|
51
|
-
"spec/rails_root/config/routes.rb",
|
52
|
-
"spec/rails_root/db",
|
53
|
-
"spec/rails_root/db/test.sqlite3",
|
54
|
-
"spec/rails_root/log",
|
55
|
-
"spec/rails_root/log/test.log",
|
56
|
-
"spec/rails_root/spec",
|
57
|
-
"spec/rails_root/spec/controllers",
|
58
|
-
"spec/rails_root/spec/controllers/require_user_spec.rb",
|
59
|
-
"spec/rails_root/spec/controllers/restrict_access_spec.rb",
|
60
|
-
"spec/rails_root/spec/models",
|
61
|
-
"spec/rails_root/spec/models/user_spec.rb",
|
62
|
-
"spec/rails_root/spec/spec_helper.rb"
|
63
|
-
]
|
64
|
-
|
65
|
-
if s.respond_to? :specification_version then
|
66
|
-
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
67
|
-
s.specification_version = 3
|
68
|
-
|
69
|
-
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
70
|
-
s.add_development_dependency(%q<rspec>, [">= 1.2.9"])
|
71
|
-
else
|
72
|
-
s.add_dependency(%q<rspec>, [">= 1.2.9"])
|
73
|
-
end
|
74
|
-
else
|
75
|
-
s.add_dependency(%q<rspec>, [">= 1.2.9"])
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|