Skip to content

Commit

Permalink
Attempt to fix "DEPRECATION WARNING: railtie_name is deprecated and has
Browse files Browse the repository at this point in the history 
no effect."
  • Loading branch information
@elsifaka
elsifaka committed Apr 17, 2010
1 parent 753d9a1 commit 44a4adc
Showing 1 changed file with 52 additions and 52 deletions.
104 changes: 52 additions & 52 deletions lib/declarative_authorization/authorization.rb
View file
Expand Up @@ -21,23 +21,23 @@ class AuthorizationUsageError < AuthorizationError ; end
class NilAttributeValueError < AuthorizationError; end
unless defined?(Rails::Engine).nil?
class Engine < Rails::Engine
engine_name :declarative_authorization
# engine_name :declarative_authorization
end
end

AUTH_DSL_FILES = ["config/authorization_rules.rb"] unless defined? AUTH_DSL_FILES

# Controller-independent method for retrieving the current user.
# Needed for model security where the current controller is not available.
def self.current_user
Thread.current["current_user"] || GuestUser.new
end

# Controller-independent method for setting the current user.
def self.current_user=(user)
Thread.current["current_user"] = user
end

# For use in test cases only
def self.ignore_access_control (state = nil) # :nodoc:
Thread.current["ignore_access_control"] = state unless state.nil?
Expand All @@ -56,7 +56,7 @@ def self.dot_path
def self.dot_path= (path)
@@dot_path = path
end

# Authorization::Engine implements the reference monitor. It may be used
# for querying the permission and retrieving obligations under which
# a certain privilege is granted for the current user.
Expand All @@ -65,7 +65,7 @@ class Engine
attr_reader :roles, :omnipotent_roles, :role_titles, :role_descriptions, :privileges,
:privilege_hierarchy, :auth_rules, :role_hierarchy, :rev_priv_hierarchy,
:rev_role_hierarchy

# If +reader+ is not given, a new one is created with the default
# authorization configuration of +AUTH_DSL_FILES+. If given, may be either
# a Reader object or a path to a configuration file.
Expand All @@ -83,11 +83,11 @@ def initialize (reader = nil)
@role_titles = reader.auth_rules_reader.role_titles
@role_descriptions = reader.auth_rules_reader.role_descriptions
@reader = reader

# {[priv, ctx] => [priv, ...]}
@rev_priv_hierarchy = {}
@privilege_hierarchy.each do |key, value|
value.each do |val|
value.each do |val|
@rev_priv_hierarchy[val] ||= []
@rev_priv_hierarchy[val] << key
end
Expand All @@ -107,23 +107,23 @@ def initialize_copy (from) # :nodoc:
].each {|attr| instance_variable_set(:"@#{attr}", from.send(attr).clone) }
@auth_rules = from.auth_rules.collect {|rule| rule.clone}
end

# Returns true if privilege is met by the current user. Raises
# AuthorizationError otherwise. +privilege+ may be given with or
# without context. In the latter case, the :+context+ option is
# required.
#
#
# Options:
# [:+context+]
# The context part of the privilege.
# Defaults either to the tableized +class_name+ of the given :+object+, if given.
# That is, :+users+ for :+object+ of type User.
# That is, :+users+ for :+object+ of type User.
# Raises AuthorizationUsageError if context is missing and not to be infered.
# [:+object+] An context object to test attribute checks against.
# [:+skip_attribute_test+]
# Skips those attribute checks in the
# Skips those attribute checks in the
# authorization rules. Defaults to false.
# [:+user+]
# [:+user+]
# The user to check the authorization for.
# Defaults to Authorization#current_user.
#
Expand All @@ -134,12 +134,12 @@ def permit! (privilege, options = {})
:skip_attribute_test => false,
:context => nil
}.merge(options)

# Make sure we're handling all privileges as symbols.
privilege = privilege.is_a?( Array ) ?
privilege.flatten.collect { |priv| priv.to_sym } :
privilege.to_sym

#
# If the object responds to :proxy_reflection, we're probably working with
# an association proxy. Use 'new' to leverage ActiveRecord's builder
Expand All @@ -150,17 +150,17 @@ def permit! (privilege, options = {})
if options[:object].respond_to?( :proxy_reflection ) && options[:object].respond_to?( :new )
options[:object] = options[:object].new
end

options[:context] ||= options[:object] && (
options[:object].class.respond_to?(:decl_auth_context) ?
options[:object].class.decl_auth_context :
options[:object].class.name.tableize.to_sym
) rescue NoMethodError

user, roles, privileges = user_roles_privleges_from_options(privilege, options)

return true unless (roles & @omnipotent_roles).empty?
# find a authorization rule that matches for at least one of the roles and
# find a authorization rule that matches for at least one of the roles and
# at least one of the given privileges
attr_validator = AttributeValidator.new(self, user, options[:object], privilege, options[:context])
rules = matching_auth_rules(roles, privileges, options[:context])
Expand All @@ -169,14 +169,14 @@ def permit! (privilege, options = {})
"(roles #{roles.inspect}, privileges #{privileges.inspect}, " +
"context #{options[:context].inspect})."
end

# Test each rule in turn to see whether any one of them is satisfied.
unless rules.any? {|rule| rule.validate?(attr_validator, options[:skip_attribute_test])}
raise AttributeAuthorizationError, "#{privilege} not allowed for #{user.inspect} on #{(options[:object] || options[:context]).inspect}."
end
true
end

# Calls permit! but rescues the AuthorizationException and returns false
# instead. If no exception is raised, permit? returns true and yields
# to the optional block.
Expand All @@ -187,42 +187,42 @@ def permit? (privilege, options = {}, &block) # :yields:
rescue NotAuthorized
false
end
# Returns the obligations to be met by the current user for the given
# privilege as an array of obligation hashes in form of

# Returns the obligations to be met by the current user for the given
# privilege as an array of obligation hashes in form of
# [{:object_attribute => obligation_value, ...}, ...]
# where +obligation_value+ is either (recursively) another obligation hash
# or a value spec, such as
# [operator, literal_value]
# The obligation hashes in the array should be OR'ed, conditions inside
# the hashes AND'ed.
#
#
# Example
# {:branch => {:company => [:is, 24]}, :active => [:is, true]}
#
#
# Options
# [:+context+] See permit!
# [:+user+] See permit!
#
#
def obligations (privilege, options = {})
options = {:context => nil}.merge(options)
user, roles, privileges = user_roles_privleges_from_options(privilege, options)

permit!(privilege, :skip_attribute_test => true, :user => user, :context => options[:context])

attr_validator = AttributeValidator.new(self, user, nil, privilege, options[:context])
matching_auth_rules(roles, privileges, options[:context]).collect do |rule|
rule.obligations(attr_validator)
end.flatten
end

# Returns the description for the given role. The description may be
# specified with the authorization rules. Returns +nil+ if none was
# given.
def description_for (role)
role_descriptions[role]
end

# Returns the title for the given role. The title may be
# specified with the authorization rules. Returns +nil+ if none was
# given.
Expand All @@ -247,14 +247,14 @@ def roles_for (user)

(roles.empty? ? [:guest] : roles)
end

# Returns the role symbols and inherritted role symbols for the given user
def roles_with_hierarchy_for(user)
flatten_roles(roles_for(user))
end

# Returns an instance of Engine, which is created if there isn't one
# yet. If +dsl_file+ is given, it is passed on to Engine.new and
# yet. If +dsl_file+ is given, it is passed on to Engine.new and
# a new instance is always created.
def self.instance (dsl_file = nil)
if dsl_file or ENV['RAILS_ENV'] == 'development'
Expand All @@ -263,7 +263,7 @@ def self.instance (dsl_file = nil)
@@instance ||= new
end
end

class AttributeValidator # :nodoc:
attr_reader :user, :object, :engine, :context, :privilege
def initialize (engine, user, object = nil, privilege = nil, context = nil)
Expand All @@ -273,13 +273,13 @@ def initialize (engine, user, object = nil, privilege = nil, context = nil)
@privilege = privilege
@context = context
end

def evaluate (value_block)
# TODO cache?
instance_eval(&value_block)
end
end

private
def user_roles_privleges_from_options(privilege, options)
options = {
Expand All @@ -289,23 +289,23 @@ def user_roles_privleges_from_options(privilege, options)
}.merge(options)
user = options[:user] || Authorization.current_user
privileges = privilege.is_a?(Array) ? privilege : [privilege]

raise AuthorizationUsageError, "No user object given (#{user.inspect}) or " +
"set through Authorization.current_user" unless user

roles = options[:user_roles] || flatten_roles(roles_for(user))
privileges = flatten_privileges privileges, options[:context]
[user, roles, privileges]
end

def flatten_roles (roles)
# TODO caching?
flattened_roles = roles.clone.to_a
flattened_roles.each do |role|
flattened_roles.concat(@role_hierarchy[role]).uniq! if @role_hierarchy[role]
end
end

# Returns the privilege hierarchy flattened for given privileges in context.
def flatten_privileges (privileges, context = nil)
# TODO caching?
Expand All @@ -316,16 +316,16 @@ def flatten_privileges (privileges, context = nil)
flattened_privileges.concat(@rev_priv_hierarchy[[priv, context]]).uniq! if @rev_priv_hierarchy[[priv, context]]
end
end

def matching_auth_rules (roles, privileges, context)
@auth_rules.select {|rule| rule.matches? roles, privileges, context}
end
end

class AuthorizationRule
attr_reader :attributes, :contexts, :role, :privileges, :join_operator,
:source_file, :source_line

def initialize (role, privileges = [], contexts = nil, join_operator = :or,
options = {})
@role = role
Expand All @@ -342,18 +342,18 @@ def initialize_copy (from)
@contexts = @contexts.clone
@attributes = @attributes.collect {|attribute| attribute.clone }
end

def append_privileges (privs)
@privileges.merge(privs)
end

def append_attribute (attribute)
@attributes << attribute
end

def matches? (roles, privs, context = nil)
roles = [roles] unless roles.is_a?(Array)
@contexts.include?(context) and roles.include?(@role) and
@contexts.include?(context) and roles.include?(@role) and
not (@privileges & privs).empty?
end

Expand Down Expand Up @@ -397,7 +397,7 @@ def to_long_s
attributes.collect {|attr| attr.to_long_s } * "; "
end
end

class Attribute
# attr_conditions_hash of form
# { :object_attribute => [operator, value_block], ... }
Expand All @@ -409,11 +409,11 @@ def initialize (conditions_hash)
def initialize_copy (from)
@conditions_hash = deep_hash_clone(@conditions_hash)
end

def validate? (attr_validator, object = nil, hash = nil)
object ||= attr_validator.object
return false unless object

(hash || @conditions_hash).all? do |attr, value|
attr_value = object_attribute_value(object, attr)
if value.is_a?(Hash)
Expand Down Expand Up @@ -485,7 +485,7 @@ def validate? (attr_validator, object = nil, hash = nil)
end
end
end

# resolves all the values in condition_hash
def obligation (attr_validator, hash = nil)
hash = (hash || @conditions_hash).clone
Expand Down Expand Up @@ -610,7 +610,7 @@ def obligation (attr_validator, hash_or_attr = nil, path = [])
rescue # missing model, reflections
hash_or_attr.to_s.pluralize.to_sym
end

obligations = attr_validator.engine.obligations(@privilege,
:context => @context,
:user => attr_validator.user)
Expand Down Expand Up @@ -670,7 +670,7 @@ def self.reflection_for_path (parent_model, path)
reflection
end
end

# Represents a pseudo-user to facilitate guest users in applications
class GuestUser
attr_reader :role_symbols
Expand Down

0 comments on commit 44a4adc

Please sign in to comment.