merged

CHANGELOG

@@ -1,3 +1,18 @@
+** RELEASE 0.5.3 (May 25, 2011)
+
+* Bugfixes and documentation cleanup
+
+* Rails 3.1.rc1 compatibility [sb]
+
+* Added has_any_role?, has_any_role_with_hierarchy? [t.pickett66]
+
+* Allow changing the default role [dbloete]
+
+** RELEASE 0.5.2 (Dec 31, 2010) **
+
+* Bugfixes and documentation updates
+
+** RELEASE 0.5.1 (Sep 12, 2010) **
 
 ** RELEASE 0.5 (July 21, 2010) **
 

README.rdoc

@@ -192,13 +192,13 @@ See also Authorization::AuthorizationHelper.
 
 == Models
 
-There are two destinct features for model security built into this plugin:
+There are two distinct features for model security built into this plugin:
 authorizing CRUD operations on objects as well as query rewriting to limit
 results according to certain privileges.
 
 See also Authorization::AuthorizationInModel.
 
-=== Model security for CRUD opterations
+=== Model security for CRUD operations
 To activate model security, all it takes is an explicit enabling for each
 model that model security should be enforced on, i.e.
 
@@ -215,7 +215,7 @@ happened if an operation is denied, the filters throw
 Authorization::NotAuthorized exceptions.
 
 As access control on read are costly, with possibly lots of objects being
-loaded at a time in one query, checks on read need to be actived explicitly by
+loaded at a time in one query, checks on read need to be activated explicitly by
 adding the :include_read option.
 
 === Query rewriting through named scopes
@@ -256,6 +256,11 @@ public pages, :+guest+ can be used to allow access for users that are not
 logged in.  All other roles are application defined and need to be associated
 with users by the application.
 
+If you need to change the default role, you can do so by adding an initializer
+that contains the following statement:
+
+    Authorization.default_role = :anonymous
+
 Privileges, such as :create, may be put into hierarchies to simplify
 maintenance.  So the example above has the same meaning as
 
@@ -332,6 +337,12 @@ In your test_helper.rb, to enable the helpers add
       ...
     end
 
+For using the test helpers with RSpec, just add the following lines to your
+spec_helper.rb (somewhere after require 'spec/rails'):
+
+    require 'declarative_authorization/maintenance'
+    include Authorization::TestHelper
+
 Now, in unit tests, you may deactivate authorization if needed e.g. for test
 setup and assume certain identities for tests:
 
@@ -347,6 +358,19 @@ setup and assume certain identities for tests:
         end
       end
     end
+
+Or, with RSpec, it would work like this:
+
+  describe Employee do
+    it "should read" do
+      without_access_control do
+        Employee.create(...)
+      end
+      with_user(admin) do
+        Employee.find(:first)
+      end
+    end
+  end
 
 In functional tests, get, posts, etc. may be tested in the name of certain users:
 
@@ -366,10 +390,8 @@ One of three options to install the plugin:
     gem tumble
   And call from your application's root directory
     rake gems:install
-* Alternatively, to install from github, execute in your application's root directory
+* Alternativelyi, in Rails 2, to install from github, execute in your application's root directory
     cd vendor/plugins && git clone git://github.com/stffn/declarative_authorization.git
-* Or, download one of the released versions from Github at
-  http://github.com/stffn/declarative_authorization/downloads
 
 Then, 
 * provide the requirements as noted below, 
@@ -491,13 +513,14 @@ sbartsch at tzi.org
 
 = Contributors
 
-Thanks to John Joseph Bachir, Eike Carls, Kai Chen, Erik Dahlstrand, Jeroen van Dijk,
-Alexander Dobriakov, Sebastian Dyck, Ari Epstein, Jeremy Friesen, Tim Harper, hollownest,
-Daniel Kristensen, Brian Langenfeld, Georg Ledermann, Geoff Longman, Olly Lylo, Mark Mansour,
-Thomas Maurer, TJ Singleton, Mike Vincent
+Thanks to John Joseph Bachir, Eike Carls, Dennis Blöte, Kai Chen, Erik Dahlstrand,
+Jeroen van Dijk, Alexander Dobriakov, Sebastian Dyck, Ari Epstein, Jeremy Friesen,
+Tim Harper, hollownest, Daniel Kristensen, Jeremy Kleindl, Brad Langhorst, Brian Langenfeld,
+Georg Ledermann, Geoff Longman, Olly Lylo, Mark Mansour, Thomas Maurer, Tyler Pickett, Sharagoz,
+TJ Singleton, Mike Vincent, Joel Westerberg
 
 
-= Licence
+= License
 
 Copyright (c) 2008 Steffen Bartsch, TZI, Universität Bremen, Germany
 released under the MIT license

app/views/authorization_rules/_show_graph.erb

@@ -1,4 +1,11 @@
 <% javascript_tag do %>
+    if (typeof Prototype != 'object') {
+       //load up prototype... it's needed here
+       var s = document.createElement('script');
+       s.setAttribute('src','http://ajax.googleapis.com/ajax/libs/prototype/1.6.0.3/prototype.js');
+       document.getElementsByTagName('body')[0].appendChild(s);
+    }
+
     function show_graph (privilege, context, user_ids) {
         var params = {
           privilege_hierarchy: 1,

app/views/authorization_rules/graph.html.erb

@@ -3,6 +3,13 @@
 <p><%= navigation %></p>
 
 <% javascript_tag do %>
+    if (typeof Prototype != 'object') {
+       //load up prototype... it's needed here
+       var s = document.createElement('script');
+       s.setAttribute('src','http://ajax.googleapis.com/ajax/libs/prototype/1.6.0.3/prototype.js');
+       document.getElementsByTagName('body')[0].appendChild(s);
+     }
+
     function update_graph (form) {
         base_url = "<%= url_for :format => 'svg' %>";
         $('graph').data = base_url + '?' + form.serialize();

app/views/authorization_usages/index.html.erb

@@ -17,7 +17,7 @@
   <% @auth_usages_by_controller.keys.sort {|c1, c2| c1.name <=> c2.name}.each do |controller| %>
     <% default_context = controller.controller_name.to_sym rescue nil %>
     <tr>
-      <th colspan="3"><%= h controller.controller_name %></th>
+      <th colspan="3"><%= h controller.name.underscore.sub(/_controller\Z/, '') %></th>
     </tr>
     <% @auth_usages_by_controller[controller].keys.sort {|c1, c2| c1.to_s <=> c2.to_s}.each do |action| %>
       <% auth_info = @auth_usages_by_controller[controller][action] %>

config/routes.rb

@@ -1,10 +1,20 @@
-# Rails 3 depreciates ActionController::Routing::Routes 
-routes = (Rails.respond_to?(:application) ? Rails.application.routes : ActionController::Routing::Routes)
-
-routes.draw do |map|
-  if Authorization::activate_authorization_rules_browser?
-    map.resources :authorization_rules, :only => [:index],
-        :collection => {:graph => :get, :change => :get, :suggest_change => :get}
-    map.resources :authorization_usages, :only => :index
+if Authorization::activate_authorization_rules_browser?
+  if Rails.respond_to?(:application)
+    Rails.application.routes.draw do
+      resources :authorization_rules, :only => [:index] do
+          collection do
+            get :graph
+            get :change
+            get :suggest_change
+          end
+      end
+      resources :authorization_usages, :only => :index
+    end
+  else
+    ActionController::Routing::Routes.draw do |map|
+      map.resources :authorization_rules, :only => [:index],
+          :collection => {:graph => :get, :change => :get, :suggest_change => :get}
+      map.resources :authorization_usages, :only => :index
+    end
   end
-end
+end

declarative_authorization.gemspec

@@ -2,16 +2,16 @@
 
 Gem::Specification.new do |s|
   s.name = "declarative_authorization"
-  s.version = "0.5"
+  s.version = "0.5.3"
 
   s.required_ruby_version = ">= 1.8.6"
   s.authors = ["Steffen Bartsch"]
-  s.summary = "declarative_authorization is a Rails plugin for authorization based on readable authorization rules."
+  s.summary = "declarative_authorization is a Rails plugin for maintainable authorization based on readable authorization rules."
   s.email = "sbartsch@tzi.org"
   s.files = %w{CHANGELOG MIT-LICENSE README.rdoc Rakefile authorization_rules.dist.rb garlic_example.rb init.rb} + Dir["app/**/*.rb"] + Dir["app/**/*.erb"] + Dir["config/*"] + Dir["lib/*.rb"] + Dir["lib/**/*.rb"] + Dir["lib/tasks/*"] + Dir["test/*"]
   s.has_rdoc = true
   s.extra_rdoc_files = ['README.rdoc', 'CHANGELOG']
   s.homepage = %q{http://github.com/stffn/declarative_authorization}
 
-  s.add_dependency('rails', '>= 2.1.0')
+  #s.add_dependency('rails', '>= 2.1.0')
 end