Skip to content
Browse files

fixing STI

some abstractions
  • Loading branch information...
1 parent c5ed543 commit 76d4fbad3d5b903307fd46d3758d56df302f7a3c @pschrammel committed Mar 18, 2009
View
1 .gitignore
@@ -6,3 +6,4 @@ rdoc
.project
.loadpath
.DS_STORE
+nbproject
View
15 CHANGELOG
@@ -1,9 +1,20 @@
-ActiveAcl rails authorization system
+ActiveAclPlus a rails authorization system (one of many)
+
+Version 0.4.3 (wip)
+- fixed 2d bug
+- renamed grant_permission! to grant_privilege! (whops)
+- fixed some issues with grant_privilege!
+- NOTE: grant_privilege! is wip, so the API may change a lot, sorry!
+- fixing STI
+
+Version 0.4.2
+
+Version 0.4.1
Version 0.4.0 - 2008/03/08
- complete rewrite of the SQL generation
- abstraction of the grouping
-- added #grant_privilege
+- added #grant_permission
- dropped test, moving to rspec
- allows ungrouped requesters/targets
- propper namespace handling of options (THANKS http://github.com/garytaylor)
View
2 lib/active_acl/acts_as_access_group.rb
@@ -17,7 +17,7 @@ module ClassMethods
def acts_as_access_group(options = {})
type=options.delete(:type) || ActiveAcl::Acts::AccessGroup::NestedSet
- ActiveAcl::GROUP_CLASSES[self.name] = type.new(options)
+ ActiveAcl.register_group(self,type.new(options))
include ActiveAcl::Acts::Grant
include InstanceMethods
View
8 lib/active_acl/acts_as_access_object.rb
@@ -25,7 +25,7 @@ def acts_as_access_object(options = {})
handler=ObjectHandler.new(self,options)
- ActiveAcl::ACCESS_CLASSES[self.name] = handler
+ ActiveAcl.register_object(self,handler)
has_many :requester_links, :as => :requester, :dependent => :delete_all, :class_name => 'ActiveAcl::RequesterLink'
has_many :requester_acls, :through => :requester_links, :source => :acl, :class_name => 'ActiveAcl::Acl'
@@ -46,7 +46,7 @@ def acts_as_access_object(options = {})
:through => :"active_acl/target_links",
:rename_individual_collections => true}
end
-
+ puts ActiveAcl.from_classes.inspect
self.module_eval do
# checks if method is defined to not break tests
unless instance_methods.include? "reload_before_active_acl"
@@ -79,12 +79,12 @@ def has_privilege?(privilege, options = {})
# no need to check anything if privilege is not a Privilege
raise "first Argument has to be a Privilege" unless privilege.is_a?(Privilege)
# no need to check anything if target is no Access Object
- raise "target hast to be an AccessObject" if target and !(target.class.respond_to?(:base_class) and ActiveAcl::ACCESS_CLASSES.has_key?(target.class.base_class.name))
+ raise "target hast to be an AccessObject (#{target.class})" if target and !(target.class.respond_to?(:base_class) && ActiveAcl.is_access_object?(target.class))
active_acl_handler.has_privilege?(self,privilege,target)
end
def active_acl_handler
- ActiveAcl::ACCESS_CLASSES[self.class.name]
+ ActiveAcl.object_handler(self.class)
end
#returns a key value store
def active_acl_instance_cache
View
20 lib/active_acl/base.rb
@@ -3,15 +3,27 @@ module ActiveAcl
GROUP_CLASSES={}
ACCESS_CLASSES={}
+ def self.register_group(klass,handler)
+ GROUP_CLASSES[klass.base_class.name]=handler
+ end
+ def self.register_object(klass,handler)
+ ACCESS_CLASSES[klass.base_class.name]=handler
+ end
+ def self.group_handler(klass)
+ GROUP_CLASSES[klass.base_class.name]
+ end
+ def self.object_handler(klass)
+ ACCESS_CLASSES[klass.base_class.name]
+ end
def self.is_access_group?(klass)
- !!ActiveAcl::GROUP_CLASSES[klass.name]
+ !!GROUP_CLASSES[klass.base_class.name]
end
def self.is_access_object?(klass)
- !!ActiveAcl::ACCESS_CLASSES[klass.name]
+ !!ACCESS_CLASSES[klass.base_class.name]
end
def self.from_classes
- ActiveAcl::ACCESS_CLASSES.keys.collect do |x|
+ ACCESS_CLASSES.keys.collect do |x|
x.split('::').join('/').underscore.pluralize.to_sym
end
end
-end
+end
View
7 lib/active_acl/grant.rb
@@ -1,12 +1,12 @@
module ActiveAcl
module Acts
module Grant
- # grant_permission!(Blog::DELETE,
+ # grant_privilege!(Blog::DELETE,
# :on => blog,
# :section => 'blogging' or a Hash or an ActiveAcl::AclSection
# :acl => 'blogging_of_admins' or a hash or an ActiveAvl::Acl
# :target_as_object => true/false target is treated as access_object
- def grant_permission!(privilege,options={})
+ def grant_privilege!(privilege,options={})
section = options[:section] || 'generic'
target = options[:on]
acl = options[:acl] || "#{privilege.active_acl_description}"
@@ -25,11 +25,12 @@ def grant_permission!(privilege,options={})
case acl
when String
acl=ActiveAcl::Acl.find_or_create_by_iname(acl)
+ acl.section=section unless acl.section
when Hash
acl=ActiveAcl::Acl.create(acl.merge({:section => section}))
end
acl.save! if acl.new_record?
-
+
acl.privileges << privilege
if ActiveAcl.is_access_group?(self.class)
acl.requester_groups << self unless acl.requester_groups.include?(self)
View
6 lib/active_acl/handler/object_handler.rb
@@ -6,11 +6,12 @@ module AccessObject #:nodoc:
# the group is a nested_set
class ObjectHandler #:nodoc:
attr_reader :klass,:group_class_name,:join_table,:group_table_name,
- :foreign_key,:association_foreign_key
+ :foreign_key,:association_foreign_key,:group_handler
def initialize(klass,options={})
@klass = klass
if options[:grouped_by]
@group_class_name = options[:grouped_by].to_s.classify
+ @group_handler=ActiveAcl.group_handler(@group_class_name.constantize)
@group_table_name=@group_class_name.constantize.table_name
@join_table = options[:join_table] || [klass.name.pluralize.underscore.gsub(/\//,'_'), group_class_name.pluralize.underscore.gsub(/\//,'_')].sort.join('_')
@foreign_key = options[:foreign_key] || "#{klass.name.demodulize.underscore}_id"
@@ -35,9 +36,6 @@ def grouped?
def klass_name
klass.base_class.name
end
- def group_handler
- ActiveAcl::GROUP_CLASSES[@group_class_name]
- end
#checks the privilege of a requester on a target (optional)
def has_privilege?(requester,privilege,target=nil)
View
4 lib/active_acl/options.rb
@@ -3,8 +3,8 @@ module ActiveAcl
OPTIONS = {}
end
- ActiveAcl::ACCESS_CLASSES = {}
- ActiveAcl::GROUP_CLASSES = {}
+# ActiveAcl::ACCESS_CLASSES = {}
+# ActiveAcl::GROUP_CLASSES = {}
DEFAULT_OPTIONS = {
:acl_sections_table => 'acl_sections',

0 comments on commit 76d4fba

Please sign in to comment.
Something went wrong with that request. Please try again.