zuul 0.2.2 → 0.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/zuul/active_record/permission.rb +22 -0
- data/lib/zuul/active_record/role.rb +10 -0
- data/lib/zuul/context.rb +6 -0
- data/lib/zuul/version.rb +1 -1
- data/spec/zuul/active_record/permission_spec.rb +109 -0
- data/spec/zuul/active_record/role_spec.rb +35 -0
- data/spec/zuul/active_record_spec.rb +2 -2
- data/spec/zuul/context_spec.rb +15 -0
- metadata +3 -3
|
@@ -4,6 +4,7 @@ module Zuul
|
|
|
4
4
|
def self.included(base)
|
|
5
5
|
base.send :extend, ClassMethods
|
|
6
6
|
base.send :include, ContextMethods # defined in lib/zuul/active_record.rb
|
|
7
|
+
base.send :include, InstanceMethods
|
|
7
8
|
end
|
|
8
9
|
|
|
9
10
|
module ClassMethods
|
|
@@ -26,6 +27,27 @@ module Zuul
|
|
|
26
27
|
base.send :has_many, base.auth_scope.subjects_table_name.to_sym, :through => base.auth_scope.permission_subjects_table_name.to_sym
|
|
27
28
|
end
|
|
28
29
|
end
|
|
30
|
+
|
|
31
|
+
module InstanceMethods
|
|
32
|
+
# Returns a list of contexts within which the permission has been assigned to roles and/or subjects
|
|
33
|
+
def assigned_contexts
|
|
34
|
+
role_contexts.concat(subject_contexts).uniq
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
# Returns a list of contexts within which the permission has been assigned to roles
|
|
38
|
+
def role_contexts
|
|
39
|
+
auth_scope do
|
|
40
|
+
send(permission_roles_table_name.to_sym).group(:context_type, :context_id).map(&:context)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
# Returns a list of contexts within which the permission has been assigned to subjects
|
|
45
|
+
def subject_contexts
|
|
46
|
+
auth_scope do
|
|
47
|
+
send(permission_subjects_table_name.to_sym).group(:context_type, :context_id).map(&:context)
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
29
51
|
end
|
|
30
52
|
end
|
|
31
53
|
end
|
|
@@ -4,6 +4,7 @@ module Zuul
|
|
|
4
4
|
def self.included(base)
|
|
5
5
|
base.send :extend, ClassMethods
|
|
6
6
|
base.send :include, ContextMethods # defined in lib/zuul/active_record.rb
|
|
7
|
+
base.send :include, InstanceMethods
|
|
7
8
|
base.send :include, PermissionMethods if base.auth_scope.config.with_permissions
|
|
8
9
|
end
|
|
9
10
|
|
|
@@ -32,6 +33,15 @@ module Zuul
|
|
|
32
33
|
end
|
|
33
34
|
end
|
|
34
35
|
|
|
36
|
+
module InstanceMethods
|
|
37
|
+
# Returns a list of contexts within which the role has been assigned to subjects
|
|
38
|
+
def assigned_contexts
|
|
39
|
+
auth_scope do
|
|
40
|
+
send(role_subjects_table_name.to_sym).group(:context_type, :context_id).map(&:context)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
|
|
35
45
|
module PermissionMethods
|
|
36
46
|
# Assigns a permission to a role within the provided context.
|
|
37
47
|
#
|
data/lib/zuul/context.rb
CHANGED
data/lib/zuul/version.rb
CHANGED
|
@@ -171,4 +171,113 @@ describe "Zuul::ActiveRecord::Permission" do
|
|
|
171
171
|
@permission.context_id.should == context.id
|
|
172
172
|
end
|
|
173
173
|
end
|
|
174
|
+
|
|
175
|
+
describe "assigned context methods" do
|
|
176
|
+
before(:each) do
|
|
177
|
+
User.acts_as_authorization_subject
|
|
178
|
+
Role.acts_as_authorization_role
|
|
179
|
+
Permission.acts_as_authorization_permission
|
|
180
|
+
@permission = Permission.create(:name => 'Edit', :slug => 'edit')
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
context "#role_contexts" do
|
|
184
|
+
it "should return an array of contexts within which the permission is assigned to roles" do
|
|
185
|
+
context = Context.create(:name => "Test Context")
|
|
186
|
+
role = Role.create(:name => 'Admin', :slug => 'admin', :level => 100)
|
|
187
|
+
role.assign_permission(:edit)
|
|
188
|
+
role.assign_permission(:edit, Context)
|
|
189
|
+
role.assign_permission(:edit, context)
|
|
190
|
+
@permission.role_contexts.length.should == 3
|
|
191
|
+
@permission.role_contexts.each do |actxt|
|
|
192
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
193
|
+
end
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
it "should return a de-duped array of only unique contexts" do
|
|
197
|
+
context = Context.create(:name => "Test Context")
|
|
198
|
+
admin = Role.create(:name => 'Admin', :slug => 'admin', :level => 100)
|
|
199
|
+
mod = Role.create(:name => 'Moderator', :slug => 'moderator', :level => 100)
|
|
200
|
+
admin.assign_permission(:edit)
|
|
201
|
+
admin.assign_permission(:edit, Context)
|
|
202
|
+
admin.assign_permission(:edit, context)
|
|
203
|
+
mod.assign_permission(:edit, Context)
|
|
204
|
+
mod.assign_permission(:edit, context)
|
|
205
|
+
@permission.role_contexts.length.should == 3
|
|
206
|
+
@permission.role_contexts.each do |actxt|
|
|
207
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
208
|
+
end
|
|
209
|
+
end
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
context "#subject_contexts" do
|
|
213
|
+
it "should return an array of contexts within which the permission is assigned to subjects" do
|
|
214
|
+
context = Context.create(:name => "Test Context")
|
|
215
|
+
user = User.create(:name => "Test User")
|
|
216
|
+
user.assign_permission(:edit)
|
|
217
|
+
user.assign_permission(:edit, Context)
|
|
218
|
+
user.assign_permission(:edit, context)
|
|
219
|
+
@permission.subject_contexts.length.should == 3
|
|
220
|
+
@permission.subject_contexts.each do |actxt|
|
|
221
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
222
|
+
end
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
it "should return a de-duped array of only unique contexts" do
|
|
226
|
+
context = Context.create(:name => "Test Context")
|
|
227
|
+
user_one = User.create(:name => "Test User")
|
|
228
|
+
user_two = User.create(:name => "Other Test User")
|
|
229
|
+
user_one.assign_permission(:edit)
|
|
230
|
+
user_one.assign_permission(:edit, Context)
|
|
231
|
+
user_one.assign_permission(:edit, context)
|
|
232
|
+
user_two.assign_permission(:edit, Context)
|
|
233
|
+
user_two.assign_permission(:edit, context)
|
|
234
|
+
@permission.subject_contexts.length.should == 3
|
|
235
|
+
@permission.subject_contexts.each do |actxt|
|
|
236
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
237
|
+
end
|
|
238
|
+
end
|
|
239
|
+
end
|
|
240
|
+
|
|
241
|
+
context "#assigned_contexts" do
|
|
242
|
+
it "should return an array of contexts within which the permission is assigned to roles and subjects" do
|
|
243
|
+
context = Context.create(:name => "Test Context")
|
|
244
|
+
user = User.create(:name => "Test User")
|
|
245
|
+
user.assign_permission(:edit)
|
|
246
|
+
user.assign_permission(:edit, Context)
|
|
247
|
+
user.assign_permission(:edit, Weapon)
|
|
248
|
+
user.assign_permission(:edit, context)
|
|
249
|
+
role = Role.create(:name => 'Admin', :slug => 'admin', :level => 100)
|
|
250
|
+
role.assign_permission(:edit)
|
|
251
|
+
role.assign_permission(:edit, Context)
|
|
252
|
+
role.assign_permission(:edit, context)
|
|
253
|
+
@permission.assigned_contexts.length.should == 4
|
|
254
|
+
@permission.assigned_contexts.each do |actxt|
|
|
255
|
+
['global', 'Context', 'Weapon', "Context(#{context.id})"].should include(actxt.type_s)
|
|
256
|
+
end
|
|
257
|
+
end
|
|
258
|
+
|
|
259
|
+
it "should return a de-duped array of only unique contexts" do
|
|
260
|
+
context = Context.create(:name => "Test Context")
|
|
261
|
+
user_one = User.create(:name => "Test User")
|
|
262
|
+
user_two = User.create(:name => "Other Test User")
|
|
263
|
+
user_one.assign_permission(:edit)
|
|
264
|
+
user_one.assign_permission(:edit, Context)
|
|
265
|
+
user_one.assign_permission(:edit, context)
|
|
266
|
+
user_two.assign_permission(:edit, Context)
|
|
267
|
+
user_two.assign_permission(:edit, context)
|
|
268
|
+
admin = Role.create(:name => 'Admin', :slug => 'admin', :level => 100)
|
|
269
|
+
mod = Role.create(:name => 'Moderator', :slug => 'moderator', :level => 100)
|
|
270
|
+
admin.assign_permission(:edit)
|
|
271
|
+
admin.assign_permission(:edit, Context)
|
|
272
|
+
admin.assign_permission(:edit, Weapon)
|
|
273
|
+
admin.assign_permission(:edit, context)
|
|
274
|
+
mod.assign_permission(:edit, Context)
|
|
275
|
+
mod.assign_permission(:edit, context)
|
|
276
|
+
@permission.assigned_contexts.length.should == 4
|
|
277
|
+
@permission.assigned_contexts.each do |actxt|
|
|
278
|
+
['global', 'Context', 'Weapon', "Context(#{context.id})"].should include(actxt.type_s)
|
|
279
|
+
end
|
|
280
|
+
end
|
|
281
|
+
end
|
|
282
|
+
end
|
|
174
283
|
end
|
|
@@ -190,6 +190,41 @@ describe "Zuul::ActiveRecord::Role" do
|
|
|
190
190
|
@role.context_id.should == context.id
|
|
191
191
|
end
|
|
192
192
|
end
|
|
193
|
+
|
|
194
|
+
context "#assigned_contexts" do
|
|
195
|
+
before(:each) do
|
|
196
|
+
User.acts_as_authorization_subject
|
|
197
|
+
Role.acts_as_authorization_role
|
|
198
|
+
@role = Role.create(:name => 'Admin', :slug => 'admin', :level => 100)
|
|
199
|
+
end
|
|
200
|
+
|
|
201
|
+
it "should return an array of contexts within which the role is assigned to subjects" do
|
|
202
|
+
context = Context.create(:name => "Test Context")
|
|
203
|
+
user = User.create(:name => "Test User")
|
|
204
|
+
user.assign_role(:admin)
|
|
205
|
+
user.assign_role(:admin, Context)
|
|
206
|
+
user.assign_role(:admin, context)
|
|
207
|
+
@role.assigned_contexts.length.should == 3
|
|
208
|
+
@role.assigned_contexts.each do |actxt|
|
|
209
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
210
|
+
end
|
|
211
|
+
end
|
|
212
|
+
|
|
213
|
+
it "should return a de-duped array of only unique contexts" do
|
|
214
|
+
context = Context.create(:name => "Test Context")
|
|
215
|
+
user_one = User.create(:name => "Test User")
|
|
216
|
+
user_two = User.create(:name => "Other Test User")
|
|
217
|
+
user_one.assign_role(:admin)
|
|
218
|
+
user_one.assign_role(:admin, Context)
|
|
219
|
+
user_one.assign_role(:admin, context)
|
|
220
|
+
user_two.assign_role(:admin, Context)
|
|
221
|
+
user_two.assign_role(:admin, context)
|
|
222
|
+
@role.assigned_contexts.length.should == 3
|
|
223
|
+
@role.assigned_contexts.each do |actxt|
|
|
224
|
+
['global', 'Context', "Context(#{context.id})"].should include(actxt.type_s)
|
|
225
|
+
end
|
|
226
|
+
end
|
|
227
|
+
end
|
|
193
228
|
|
|
194
229
|
context "with permissions disabled" do
|
|
195
230
|
before(:each) do
|
|
@@ -47,7 +47,7 @@ describe "Zuul::ActiveRecord" do
|
|
|
47
47
|
Skill.auth_scope.subject_class.should == Soldier
|
|
48
48
|
Skill.auth_scope.role_class.should == Rank
|
|
49
49
|
|
|
50
|
-
Weapon.acts_as_authorization_context :permission_class => Skill
|
|
50
|
+
Weapon.acts_as_authorization_context :subject_class => Soldier, :role_class => Rank, :permission_class => Skill
|
|
51
51
|
Weapon.auth_scope.permission_class.should == Skill
|
|
52
52
|
end
|
|
53
53
|
|
|
@@ -61,7 +61,7 @@ describe "Zuul::ActiveRecord" do
|
|
|
61
61
|
Skill.acts_as_authorization_permission :subject_class => Soldier, :role_class => :Rank
|
|
62
62
|
Skill.auth_scope.subject_class.should == Soldier
|
|
63
63
|
Skill.auth_scope.role_class.should == Rank
|
|
64
|
-
Weapon.acts_as_authorization_context :permission_class => Skill
|
|
64
|
+
Weapon.acts_as_authorization_context :subject_class => "soldier", :role_class => :rank, :permission_class => Skill
|
|
65
65
|
Weapon.auth_scope.permission_class.should == Skill
|
|
66
66
|
end
|
|
67
67
|
|
data/spec/zuul/context_spec.rb
CHANGED
|
@@ -125,4 +125,19 @@ describe "Zuul::Context" do
|
|
|
125
125
|
Zuul::Context.new('Context', obj.id).type.should == :instance
|
|
126
126
|
end
|
|
127
127
|
end
|
|
128
|
+
|
|
129
|
+
describe "#type_s" do
|
|
130
|
+
it "should return 'global' for a nil context" do
|
|
131
|
+
Zuul::Context.new.type_s.should == 'global'
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
it "should return class name for a class context" do
|
|
135
|
+
Zuul::Context.new('Context', nil).type_s.should == 'Context'
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
it "should return class name and ID for an instance context" do
|
|
139
|
+
obj = Context.create(:name => "Test Context")
|
|
140
|
+
Zuul::Context.new('Context', obj.id).type_s.should == "Context(#{obj.id})"
|
|
141
|
+
end
|
|
142
|
+
end
|
|
128
143
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zuul
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.3
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2013-04-
|
|
12
|
+
date: 2013-04-30 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: activesupport
|
|
@@ -175,7 +175,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
175
175
|
version: '0'
|
|
176
176
|
requirements: []
|
|
177
177
|
rubyforge_project:
|
|
178
|
-
rubygems_version: 1.8.
|
|
178
|
+
rubygems_version: 1.8.25
|
|
179
179
|
signing_key:
|
|
180
180
|
specification_version: 3
|
|
181
181
|
summary: Authorizaion and ACL for Activerecord and ActionController.
|