Permalink
Browse files

updated to rails 2.3, added jeweler to generate gemspec, moved all co…

…de into a module
  • Loading branch information...
1 parent 3e3d118 commit 0553c8e8031aeb5f8d3b2a80d13c8f98d8429524 @langalex committed Jun 12, 2009
View
@@ -1,4 +1,4 @@
-Copyright (c) 2008 Alexander Lang
+Copyright (c) 2009 Alexander Lang
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
View
@@ -0,0 +1,26 @@
+require 'rubygems'
+require 'rake'
+
+begin
+ require 'jeweler'
+ Jeweler::Tasks.new do |gem|
+ gem.name = "totally-restful-authorization"
+ gem.summary = %Q{This plugin adds an authorization layer to your rails app that is totally transparent to your restful controllers and a DSL for declaring permissions on your models.}
+ gem.email = "alex@upstream-berlin.com"
+ gem.homepage = "http://github.com/langalex/totally_restful_authorization"
+ gem.authors = ["Alexander Lang"]
+ # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+ end
+
+rescue LoadError
+ puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+ test.libs << 'lib' << 'test'
+ test.pattern = 'test/**/*_test.rb'
+ test.verbose = true
+end
+
+task :default => :test
View
@@ -0,0 +1 @@
+0.0.0
View
@@ -1,4 +0,0 @@
-require File.dirname(__FILE__) + '/lib/permission_check'
-require File.dirname(__FILE__) + '/lib/permission_dsl'
-
-ActiveRecord::Base.send :include, PermissionDsl
View
@@ -1,80 +0,0 @@
-module PermissionCheck
- def self.included(base)
- base.before_filter :check_instance_permissions, :only => [:update, :destroy, :edit, :show]
- base.before_filter :check_create_permissions, :only => [:create, :new]
- end
-
- private
-
- def check_instance_permissions
- begin
- deny_access_unless permission_granted?(object)
- rescue => e
- p e.message
- raise e
- end
- end
-
- def check_create_permissions
- begin
- deny_access_unless permission_granted?(build_object)
- rescue => e
- p e.message
- raise e
- end
- end
-
- def object
- object_class.find params[:id]
- end
-
- def build_object
- object_class.new
- end
-
- def object_class
- Class.const_get self.class.name[0..-12]
- end
-
- def permission_granted?(_object)
- if _object.respond_to? actionable_method.to_sym
- _object.send(actionable_method, current_user)
- else
- true
- end
- end
-
- def actionable_method
- "#{map_to_permission(actionable_name)}_by?"
- end
-
- def deny_access_unless(boolean)
- if boolean
- true
- else
- permission_denied
- false
- end
- end
-
- def permission_denied
- render :text => 'Permission Denied', :status => 403
- end
-
- def actionable_name
- if params[:action][-1,1] == 'e'
- "#{params[:action][0..-2]}able"
- else
- "#{params[:action]}able"
- end
- end
-
- def map_to_permission(actionable)
- {
- 'editable' => 'updatable',
- 'showable' => 'viewable',
- 'newable' => 'creatable'
- }[actionable] || actionable
- end
-
-end
View
@@ -1,130 +0,0 @@
-module PermissionDsl
- def self.included(base)
- base.class_eval do
-
- base.send :extend, ClassMethods
-
- private
-
- def self.view_permissions
- @@view_permissions ||= {self.name => {}}
- @@view_permissions[self.name] ||= {}
- end
-
- def self.create_permissions
- @@create_permissions ||= {self.name => {}}
- @@create_permissions[self.name] ||= {}
- end
-
- def self.update_permissions
- @@update_permissions ||= {self.name => {}}
- @@update_permissions[self.name] ||= {}
- @@update_permissions[self.name]
- end
-
- def self.destroy_permissions
- @@destroy_permissions ||= {self.name => {}}
- @@destroy_permissions[self.name] ||= {}
- end
-
- end
- end
-
- module ClassMethods
- def updatable_by(role, options = {})
- add_options update_permissions, role, options
- end
-
- def viewable_by(role, options = {})
- add_options view_permissions, role, options
- end
-
- def creatable_by(role, options = {})
- add_options create_permissions, role, options
- end
-
- def destroyable_by(role, options = {})
- add_options destroy_permissions, role, options
- end
-
- private
-
- def add_options(permissions, role, options)
- if role.respond_to?(:each)
- role.each do |_role|
- add_options permissions, _role, options
- end
- else
- permissions[role] ||= []
- permissions[role] << options
- end
- end
- end
-
- def updatable_by?(user, field = nil)
- check_permissions self.class.update_permissions, user, field
- end
-
- def viewable_by?(user, field = nil)
- check_permissions self.class.view_permissions, user, field
- end
-
- def creatable_by?(user, field = nil)
- check_permissions self.class.create_permissions, user, field
- end
-
- def destroyable_by?(user, field = nil)
- check_permissions self.class.destroy_permissions, user, field
- end
-
- private
-
- def check_permissions(permissions, user, field)
- permissions.keys.inject(false) do |result, role|
- result || check_permission(permissions[role], role, user, field)
- end
- end
-
- def check_permission(permission, role, user, field)
- permission.inject(false) do |result, role_options|
- result || (user_has_role(user, role) && field_in_only_list(field, role_options) &&
- !field_in_except_list(field, role_options) && condition_met(user, role_options))
- end
- end
-
- def user_has_role(user, role)
- if role == :self
- user == self
- elsif role == :anyone
- true
- else
- user && user.send("#{role}?")
- end
- end
-
- def field_in_only_list(field, options)
- if options[:only]
- options[:only].include?(field)
- else
- true
- end
- end
-
- def field_in_except_list(field, options)
- if options[:except]
- options[:except].include?(field)
- else
- false
- end
- end
-
- def condition_met(user, options)
- if options[:condition]
- options[:condition].call(self, user)
- else
- true
- end
- end
-
-
-end
@@ -0,0 +1,16 @@
+$LOAD_PATH << File.dirname(__FILE__) + '/lib'
+
+require 'totally_restful_authorization/permission_check'
+require 'totally_restful_authorization/permission_dsl'
+
+if defined?(ActiveRecord::Base)
+ ActiveRecord::Base.send :include, PermissionDsl
+end
+
+if defined?(ActionController::Base)
+ ActionController::Base.class_eval do
+ def self.check_authorization
+ include TotallyRestfulAuthorization::PermissionCheck
+ end
+ end
+end
@@ -0,0 +1,82 @@
+module TotallyRestfulAuthorization
+ module PermissionCheck
+ def self.included(base)
+ base.before_filter :check_instance_permissions, :only => [:update, :destroy, :edit, :show]
+ base.before_filter :check_create_permissions, :only => [:create, :new]
+ end
+
+ private
+
+ def check_instance_permissions
+ begin
+ deny_access_unless permission_granted?(object)
+ rescue => e
+ p e.message
+ raise e
+ end
+ end
+
+ def check_create_permissions
+ begin
+ deny_access_unless permission_granted?(build_object)
+ rescue => e
+ p e.message
+ raise e
+ end
+ end
+
+ def object
+ object_class.find params[:id]
+ end
+
+ def build_object
+ object_class.new
+ end
+
+ def object_class
+ Class.const_get self.class.name[0..-12]
+ end
+
+ def permission_granted?(_object)
+ if _object.respond_to? actionable_method.to_sym
+ _object.send(actionable_method, current_user)
+ else
+ true
+ end
+ end
+
+ def actionable_method
+ "#{map_to_permission(actionable_name)}_by?"
+ end
+
+ def deny_access_unless(boolean)
+ if boolean
+ true
+ else
+ permission_denied
+ false
+ end
+ end
+
+ def permission_denied
+ render :text => 'Permission Denied', :status => 403
+ end
+
+ def actionable_name
+ if params[:action][-1,1] == 'e'
+ "#{params[:action][0..-2]}able"
+ else
+ "#{params[:action]}able"
+ end
+ end
+
+ def map_to_permission(actionable)
+ {
+ 'editable' => 'updatable',
+ 'showable' => 'viewable',
+ 'newable' => 'creatable'
+ }[actionable] || actionable
+ end
+
+ end
+end
Oops, something went wrong.

0 comments on commit 0553c8e

Please sign in to comment.