zuul 0.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
- data/lib/zuul/active_record/permission.rb +22 -0
- data/lib/zuul/active_record/role.rb +10 -0
- data/lib/zuul/context.rb +6 -0
- data/lib/zuul/version.rb +1 -1
- data/spec/zuul/active_record/permission_spec.rb +109 -0
- data/spec/zuul/active_record/role_spec.rb +35 -0
- data/spec/zuul/active_record_spec.rb +2 -2
- data/spec/zuul/context_spec.rb +15 -0
- metadata +3 -3
|
@@ -4,6 +4,7 @@ module Zuul
|
|
|
4
4
|
def self.included(base)
|
|
5
5
|
base.send :extend, ClassMethods
|
|
6
6
|
base.send :include, ContextMethods # defined in lib/zuul/active_record.rb
|
|
7
|
+
base.send :include, InstanceMethods
|
|
7
8
|
end
|
|
8
9
|
|
|
9
10
|
module ClassMethods
|
|
@@ -26,6 +27,27 @@ module Zuul
|
|
|
26
27
|
base.send :has_many, base.auth_scope.subjects_table_name.to_sym, :through => base.auth_scope.permission_subjects_table_name.to_sym
|
|
27
28
|
end
|
|
28
29
|
end
|
|
30
|
+
|
|
31
|
+
module InstanceMethods
|
|
32
|
+
# Returns a list of contexts within which the permission has been assigned to roles and/or subjects
|
|
33
|
+
def assigned_contexts
|
|
34
|
+
role_contexts.concat(subject_contexts).uniq
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
# Returns a list of contexts within which the permission has been assigned to roles
|
|
38
|
+
def role_contexts
|
|
39
|
+
auth_scope do
|
|
40
|
+
send(permission_roles_table_name.to_sym).group(:context_type, :context_id).map(&:context)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# Returns a list of contexts within which the permission has been assigned to subjects
|
|
45
|
+
def subject_contexts
|
|
46
|
+
auth_scope do
|
|
47
|
+
send(permission_subjects_table_name.to_sym).group(:context_type, :context_id).map(&:context)
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
29
51
|
end
|
|
30
52
|
end
|
|
31
53
|
end
|
|
@@ -4,6 +4,7 @@ module Zuul
|
|
|
4
4
|
def self.included(base)
|
|
5
5
|
base.send :extend, ClassMethods
|
|
6
6
|
base.send :include, ContextMethods # defined in lib/zuul/active_record.rb
|
|
7
|
+
base.send :include, InstanceMethods
|
|
7
8
|
base.send :include, PermissionMethods if base.auth_scope.config.with_permissions
|
|
8
9
|
end
|
|
9
10
|
|
|
@@ -32,6 +33,15 @@ module Zuul
|
|
|
32
33
|
end
|
|
33
34
|
end
|
|
34
35
|
|
|
36
|
+
module InstanceMethods
|
|
37
|
+
# Returns a list of contexts within which the role has been assigned to subjects
|
|
38
|
+
def assigned_contexts
|
|
39
|
+
auth_scope do
|
|
40
|
+
send(role_subjects_table_name.to_sym).group(:context_type, :context_id).map(&:context)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
35
45
|
module PermissionMethods
|
|
36
46
|
# Assigns a permission to a role within the provided context.
|
|
37
47
|
#
|
data/lib/zuul/context.rb
CHANGED
data/lib/zuul/version.rb
CHANGED
|
@@ -171,4 +171,113 @@ describe "Zuul::ActiveRecord::Permission" do
|
|
|
171
171
|
@permission.context_id.should == context.id
|
|
172
172
|
end
|
|
173
173
|
end
|
|
174
|
+
|
|
175
|
+
describe "assigned context methods" do
|
|
176
|
+
before(:each) do
|
|
177
|
+
User.acts_as_authorization_subject
|
|
178
|
+
Role.acts_as_authorization_role
|
|
179
|
+
Permission.acts_as_authorization_permission
|
|
180
|
+
@permission = Permission.create(:name => 'Edit', :slug => 'edit')
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
context "#role_contexts" do
|
|
184
|
+
it "should return an array of contexts within which the permission is assigned to roles" do
|
|
185
|
+
context = Context.create(:name => "Test Context")
|
|
186
|
+
role = Role.create(:name => 'Admin', :slug => 'admin', :level => 100)
|
|
187
|
+
role.assign_permission(:edit)
|
|
188
|
+
role.assign_permission(:edit, Context)
|
|
189
|
+
role.assign_permission(:edit, context)
|
|
190
|
+
@permission.role_contexts.length.should == 3
|
|
191
|
+
@permission.role_contexts.each do |actxt|
|
|
192
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
193
|
+
end
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
it "should return a de-duped array of only unique contexts" do
|
|
197
|
+
context = Context.create(:name => "Test Context")
|
|
198
|
+
admin = Role.create(:name => 'Admin', :slug => 'admin', :level => 100)
|
|
199
|
+
mod = Role.create(:name => 'Moderator', :slug => 'moderator', :level => 100)
|
|
200
|
+
admin.assign_permission(:edit)
|
|
201
|
+
admin.assign_permission(:edit, Context)
|
|
202
|
+
admin.assign_permission(:edit, context)
|
|
203
|
+
mod.assign_permission(:edit, Context)
|
|
204
|
+
mod.assign_permission(:edit, context)
|
|
205
|
+
@permission.role_contexts.length.should == 3
|
|
206
|
+
@permission.role_contexts.each do |actxt|
|
|
207
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
208
|
+
end
|
|
209
|
+
end
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
context "#subject_contexts" do
|
|
213
|
+
it "should return an array of contexts within which the permission is assigned to subjects" do
|
|
214
|
+
context = Context.create(:name => "Test Context")
|
|
215
|
+
user = User.create(:name => "Test User")
|
|
216
|
+
user.assign_permission(:edit)
|
|
217
|
+
user.assign_permission(:edit, Context)
|
|
218
|
+
user.assign_permission(:edit, context)
|
|
219
|
+
@permission.subject_contexts.length.should == 3
|
|
220
|
+
@permission.subject_contexts.each do |actxt|
|
|
221
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
222
|
+
end
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
it "should return a de-duped array of only unique contexts" do
|
|
226
|
+
context = Context.create(:name => "Test Context")
|
|
227
|
+
user_one = User.create(:name => "Test User")
|
|
228
|
+
user_two = User.create(:name => "Other Test User")
|
|
229
|
+
user_one.assign_permission(:edit)
|
|
230
|
+
user_one.assign_permission(:edit, Context)
|
|
231
|
+
user_one.assign_permission(:edit, context)
|
|
232
|
+
user_two.assign_permission(:edit, Context)
|
|
233
|
+
user_two.assign_permission(:edit, context)
|
|
234
|
+
@permission.subject_contexts.length.should == 3
|
|
235
|
+
@permission.subject_contexts.each do |actxt|
|
|
236
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
237
|
+
end
|
|
238
|
+
end
|
|
239
|
+
end
|
|
240
|
+
|
|
241
|
+
context "#assigned_contexts" do
|
|
242
|
+
it "should return an array of contexts within which the permission is assigned to roles and subjects" do
|
|
243
|
+
context = Context.create(:name => "Test Context")
|
|
244
|
+
user = User.create(:name => "Test User")
|
|
245
|
+
user.assign_permission(:edit)
|
|
246
|
+
user.assign_permission(:edit, Context)
|
|
247
|
+
user.assign_permission(:edit, Weapon)
|
|
248
|
+
user.assign_permission(:edit, context)
|
|
249
|
+
role = Role.create(:name => 'Admin', :slug => 'admin', :level => 100)
|
|
250
|
+
role.assign_permission(:edit)
|
|
251
|
+
role.assign_permission(:edit, Context)
|
|
252
|
+
role.assign_permission(:edit, context)
|
|
253
|
+
@permission.assigned_contexts.length.should == 4
|
|
254
|
+
@permission.assigned_contexts.each do |actxt|
|
|
255
|
+
['global', 'Context', 'Weapon', "Context(#{context.id})"].should include(actxt.type_s)
|
|
256
|
+
end
|
|
257
|
+
end
|
|
258
|
+
|
|
259
|
+
it "should return a de-duped array of only unique contexts" do
|
|
260
|
+
context = Context.create(:name => "Test Context")
|
|
261
|
+
user_one = User.create(:name => "Test User")
|
|
262
|
+
user_two = User.create(:name => "Other Test User")
|
|
263
|
+
user_one.assign_permission(:edit)
|
|
264
|
+
user_one.assign_permission(:edit, Context)
|
|
265
|
+
user_one.assign_permission(:edit, context)
|
|
266
|
+
user_two.assign_permission(:edit, Context)
|
|
267
|
+
user_two.assign_permission(:edit, context)
|
|
268
|
+
admin = Role.create(:name => 'Admin', :slug => 'admin', :level => 100)
|
|
269
|
+
mod = Role.create(:name => 'Moderator', :slug => 'moderator', :level => 100)
|
|
270
|
+
admin.assign_permission(:edit)
|
|
271
|
+
admin.assign_permission(:edit, Context)
|
|
272
|
+
admin.assign_permission(:edit, Weapon)
|
|
273
|
+
admin.assign_permission(:edit, context)
|
|
274
|
+
mod.assign_permission(:edit, Context)
|
|
275
|
+
mod.assign_permission(:edit, context)
|
|
276
|
+
@permission.assigned_contexts.length.should == 4
|
|
277
|
+
@permission.assigned_contexts.each do |actxt|
|
|
278
|
+
['global', 'Context', 'Weapon', "Context(#{context.id})"].should include(actxt.type_s)
|
|
279
|
+
end
|
|
280
|
+
end
|
|
281
|
+
end
|
|
282
|
+
end
|
|
174
283
|
end
|
|
@@ -190,6 +190,41 @@ describe "Zuul::ActiveRecord::Role" do
|
|
|
190
190
|
@role.context_id.should == context.id
|
|
191
191
|
end
|
|
192
192
|
end
|
|
193
|
+
|
|
194
|
+
context "#assigned_contexts" do
|
|
195
|
+
before(:each) do
|
|
196
|
+
User.acts_as_authorization_subject
|
|
197
|
+
Role.acts_as_authorization_role
|
|
198
|
+
@role = Role.create(:name => 'Admin', :slug => 'admin', :level => 100)
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
it "should return an array of contexts within which the role is assigned to subjects" do
|
|
202
|
+
context = Context.create(:name => "Test Context")
|
|
203
|
+
user = User.create(:name => "Test User")
|
|
204
|
+
user.assign_role(:admin)
|
|
205
|
+
user.assign_role(:admin, Context)
|
|
206
|
+
user.assign_role(:admin, context)
|
|
207
|
+
@role.assigned_contexts.length.should == 3
|
|
208
|
+
@role.assigned_contexts.each do |actxt|
|
|
209
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
210
|
+
end
|
|
211
|
+
end
|
|
212
|
+
|
|
213
|
+
it "should return a de-duped array of only unique contexts" do
|
|
214
|
+
context = Context.create(:name => "Test Context")
|
|
215
|
+
user_one = User.create(:name => "Test User")
|
|
216
|
+
user_two = User.create(:name => "Other Test User")
|
|
217
|
+
user_one.assign_role(:admin)
|
|
218
|
+
user_one.assign_role(:admin, Context)
|
|
219
|
+
user_one.assign_role(:admin, context)
|
|
220
|
+
user_two.assign_role(:admin, Context)
|
|
221
|
+
user_two.assign_role(:admin, context)
|
|
222
|
+
@role.assigned_contexts.length.should == 3
|
|
223
|
+
@role.assigned_contexts.each do |actxt|
|
|
224
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
225
|
+
end
|
|
226
|
+
end
|
|
227
|
+
end
|
|
193
228
|
|
|
194
229
|
context "with permissions disabled" do
|
|
195
230
|
before(:each) do
|
|
@@ -47,7 +47,7 @@ describe "Zuul::ActiveRecord" do
|
|
|
47
47
|
Skill.auth_scope.subject_class.should == Soldier
|
|
48
48
|
Skill.auth_scope.role_class.should == Rank
|
|
49
49
|
|
|
50
|
-
Weapon.acts_as_authorization_context :permission_class => Skill
|
|
50
|
+
Weapon.acts_as_authorization_context :subject_class => Soldier, :role_class => Rank, :permission_class => Skill
|
|
51
51
|
Weapon.auth_scope.permission_class.should == Skill
|
|
52
52
|
end
|
|
53
53
|
|
|
@@ -61,7 +61,7 @@ describe "Zuul::ActiveRecord" do
|
|
|
61
61
|
Skill.acts_as_authorization_permission :subject_class => Soldier, :role_class => :Rank
|
|
62
62
|
Skill.auth_scope.subject_class.should == Soldier
|
|
63
63
|
Skill.auth_scope.role_class.should == Rank
|
|
64
|
-
Weapon.acts_as_authorization_context :permission_class => Skill
|
|
64
|
+
Weapon.acts_as_authorization_context :subject_class => "soldier", :role_class => :rank, :permission_class => Skill
|
|
65
65
|
Weapon.auth_scope.permission_class.should == Skill
|
|
66
66
|
end
|
|
67
67
|
|
data/spec/zuul/context_spec.rb
CHANGED
|
@@ -125,4 +125,19 @@ describe "Zuul::Context" do
|
|
|
125
125
|
Zuul::Context.new('Context', obj.id).type.should == :instance
|
|
126
126
|
end
|
|
127
127
|
end
|
|
128
|
+
|
|
129
|
+
describe "#type_s" do
|
|
130
|
+
it "should return 'global' for a nil context" do
|
|
131
|
+
Zuul::Context.new.type_s.should == 'global'
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
it "should return class name for a class context" do
|
|
135
|
+
Zuul::Context.new('Context', nil).type_s.should == 'Context'
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
it "should return class name and ID for an instance context" do
|
|
139
|
+
obj = Context.create(:name => "Test Context")
|
|
140
|
+
Zuul::Context.new('Context', obj.id).type_s.should == "Context(#{obj.id})"
|
|
141
|
+
end
|
|
142
|
+
end
|
|
128
143
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zuul
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.3
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-04-
|
|
12
|
+
date: 2013-04-30 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activesupport
|
|
@@ -175,7 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
175
175
|
version: '0'
|
|
176
176
|
requirements: []
|
|
177
177
|
rubyforge_project:
|
|
178
|
-
rubygems_version: 1.8.
|
|
178
|
+
rubygems_version: 1.8.25
|
|
179
179
|
signing_key:
|
|
180
180
|
specification_version: 3
|
|
181
181
|
summary: Authorizaion and ACL for Activerecord and ActionController.
|