generators/roles/templates/hijacker.rb generators/roles/templates/role_requirement_system.rb.erb generators/roles/templates/role_requirement_test_helper.rb.erb @@ -1,3 +1,6 @@ +Version 1.4 - March 4, 2008 + * Integrated role and roles generators to simplify codebase + Version 1.3.2 - November 20, 2007 * Brought back test cases (now auto-evals the erb template to test to make sure the template for the generator is valid) * Increased test coverage ChangeLog @@ -1,4 +1,4 @@ -Copyright (c) 2007 Timothy Curtis Harper +Copyright (c) 2008 Timothy Curtis Harper and Jonathan Barket Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the MIT-LICENSE @@ -6,25 +6,10 @@ Each require_role line serves to add one or more required roles before executing require_role "admin" "Require that the current_user must have role admin before executing any action within this controller." - ::"Limiting" Methods:: ========================= -role_requirement accepts several methods as an options hash of key/value pairs. These methods work like clauses that limit the require_role line. - :for => "Evaluate this role requirement before executing ONLY the following actions in this controller..." - :for_all_except => "Evaluate this role requirement before executing ALL actions in this controller EXCEPT the following..." - -(note: :only and :except also work, similarly to before_filter) - -These methods can be thought of as telling role_requirement when to evaluate current_user's roles. - -# Anytime an action is called, require the role admin in order to execute, EXCEPT when index is called." So, index passes through this require_role line allowing anyone to access it, ALL other actions are evaluated against the specified role(s). -require_role "admin", :for_all_except => :index - -# Means, "Evaluate current_user's role(s) ONLY when index is called... and require admin in order to execute index." So, every action except index passes through this require_role line, ONLY index is evaluated. -require_role "admin", :for => :index - - +As of 1.4, limiting keys have been adjusted to work in the same manner as the built in keys for before_filters ::How require_role Lines Work In Combination:: @@ -38,17 +23,16 @@ require_role "executive" require_role "admin" -require_role "executive", :for_all_except => [:index] +require_role "executive", :except => [:index] # This means that admin can access only index and executive can access everything in the controller except index. # The controller requires admin for every action AND looks for executive in order to execute every action except index. (Probably not a very useful configuration!) require_role "admin" -require_role "executive", :for => [:create, :update, :edit, :destroy] +require_role "executive", :only => [:create, :update, :edit, :destroy] # This means that admin can access the entire controller and executive is required only for index. # The controller always requires admin and requires executive only when index is called. Useful for allowing only executive to call certain, more restricted, actions, for example. - ::Passing Arrays:: ================== role_requirement accepts arrays of roles and/or actions. When more than one role name or action name is passed, they work like "OR" in the requirement phrase. @@ -57,10 +41,10 @@ role_requirement accepts arrays of roles and/or actions. When more than one role require_role ["admin", "executive"] # The role admin is required to perform all actions in this controller EXCEPT list or show. So, anyone can list and show. admin can do anything. -require_role "admin", :for_all_except => [:list, :show] +require_role "admin", :except => [:list, :show] # The role admin is required to perform ONLY delete OR edit. Other actions are not evaluated. So, only admin can delete or edit. Others can do anything other than delete or edit. -require_role "admin", :for => [:delete, :edit] +require_role "admin", :only => [:delete, :edit] ::Admin:: role_requirement's generator will automatically add a method to your user model, User#has_role? @@ -68,7 +52,7 @@ This method, by default, always returns true for the role named "admin." This ma # Allow finance to access every action but delete. Admin can access everything, including delete. require_role :finance -require_role :admin, :for => :delete +require_role :admin, :only => :delete # Explanation: Finance can access the entire controller (and so can admin because admin always returns true for every role) AND admin is required to execute only the delete action. If you don't want this behavior, comment out the line that causes admin to always return true: @@ -80,26 +64,25 @@ If you don't want this behavior, comment out the line that causes admin to alway You can also change the name of the "all access" role here. You can use any name that makes sense to you. - ::Syntax:: ========== If you use strings as keys for the options hash, it will throw an error. ie: # throws an error -require_role "admin", "for" => "index" +require_role "admin", "only" => "index" # works just fine -require_role "admin", :for => "index" +require_role "admin", :only => "index" RoleRequirement does not care if the values are symbols or strings, regarding action names. -require_role "admin", :for => "index" -require_role "admin", :for => :index +require_role "admin", :only => "index" +require_role "admin", :only => :index Roles are passed to User#has_role? exactly as specified. By default, RoleRequirement generates this method to not care. If you customize User#has_role? in such a way that it does care, then you'll have problems. # ultimately calls User#has_role?("admin") -require_role "admin", :for => :index +require_role "admin", :only => :index # ultimately calls User#has_role?(:admin) -require_role :admin, :for => :index +require_role :admin, :only => :index README @@ -25,11 +25,11 @@ module RoleGeneratorHelpers end def add_role_requirement_system(m) - m.template '../../shared_templates/role_requirement_system.rb.erb', + m.template 'role_requirement_system.rb.erb', File.join('lib', "role_requirement_system.rb") - m.template '../../shared_templates/role_requirement_test_helper.rb.erb', + m.template 'role_requirement_test_helper.rb.erb', File.join('lib', "role_requirement_test_helper.rb") - m.template '../../shared_templates/hijacker.rb', + m.template 'hijacker.rb', File.join('lib', "hijacker.rb") end generators/role_generator_helpers.rb @@ -5,11 +5,10 @@ class RolesGenerator < Rails::Generator::NamedBase include RoleGeneratorHelpers attr_accessor :roles_model_name, - :roles_table_name, - :users_table_name, - :users_model_name, - :next_user_id - + :roles_table_name, + :users_table_name, + :users_model_name + def initialize(runtime_args, runtime_options = {}) super @roles_model_name = (runtime_args[0] || "Role").classify generators/roles/roles_generator.rb @@ -1,13 +1,12 @@ class <%= migration_name %> < ActiveRecord::Migration def self.up create_table "<%= roles_table_name %>" do |t| - t.column :name, :string + t.string :name end # generate the join table create_table "<%= habtm_name %>", :id => false do |t| - t.column "<%= roles_foreign_key %>", :integer - t.column "<%= users_foreign_key %>", :integer + t.integer "<%= roles_foreign_key %>", "<%= users_foreign_key %>" end add_index "<%= habtm_name %>", "<%= roles_foreign_key %>" add_index "<%= habtm_name %>", "<%= users_foreign_key %>" generators/roles/templates/001_roles_migration.rb.erb @@ -6,9 +6,6 @@ # You may wish to modify it to suit your need has_and_belongs_to_many :<%=roles_table_name%> - attr_protected :roles - - # has_role? simply needs to return true or false whether a user has a role or not. # It may be a good idea to have "admin" roles return true always def has_role?(role_in_question) generators/roles/templates/_user_functions.erb @@ -16,7 +16,7 @@ def include_rendered_template(abs_name, locals = {}) end puts include_rendered_template( - File.join( File.dirname(__FILE__), "../generators/shared_templates", "role_requirement_system.rb.erb"), + File.join( File.dirname(__FILE__), "../generators/roles/templates", "role_requirement_system.rb.erb"), {:users_name => "user" } ) test/test_helper.rb generators/role/role_generator.rb generators/role/templates/001_add_role_to_users_migration.rb.erb generators/role/templates/_user_functions.erb generators/shared_templates/hijacker.rb generators/shared_templates/role_requirement_system.rb.erb generators/shared_templates/role_requirement_test_helper.rb.erb 19b3bc82975d7f4354679feb908e57cfd1f3a705 jbarket jbarket@0128ec72-9f35-0410-83f6-31648bef6b25 http://github.com/timcharper/role_requirement/commit/9afb84019420f4b057bd8278457bb489e6a1daed 9afb84019420f4b057bd8278457bb489e6a1daed 2008-03-04T18:31:23-08:00 2008-03-04T18:31:23-08:00 Integrated role and roles to simplify codebase. Mildly modified migrations to use Rails 2.x beautiful migrations git-svn-id: http://rolerequirement.googlecode.com/svn/trunk@113 0128ec72-9f35-0410-83f6-31648bef6b25 676a4faea93bada26205fae997b250147e92612c jbarket jbarket@0128ec72-9f35-0410-83f6-31648bef6b25