Skip to content
This repository
Browse code

AbstractReader interface

  • Loading branch information...
commit e1aeb3b113f71752bf68add6c8f5d89adfd90d5c 1 parent b2964ca
Steffen Bartsch authored
18 lib/declarative_authorization/authorization.rb
@@ -67,16 +67,16 @@ class Engine
67 67 def initialize (reader = nil)
68 68 reader = Reader::DSLReader.factory(reader || AUTH_DSL_FILES)
69 69
70   - @privileges = reader.privileges_reader.privileges
  70 + @privileges = reader.privileges
71 71 # {priv => [[priv, ctx],...]}
72   - @privilege_hierarchy = reader.privileges_reader.privilege_hierarchy
73   - @auth_rules = reader.auth_rules_reader.auth_rules
74   - @roles = reader.auth_rules_reader.roles
75   - @omnipotent_roles = reader.auth_rules_reader.omnipotent_roles
76   - @role_hierarchy = reader.auth_rules_reader.role_hierarchy
77   -
78   - @role_titles = reader.auth_rules_reader.role_titles
79   - @role_descriptions = reader.auth_rules_reader.role_descriptions
  72 + @privilege_hierarchy = reader.privilege_hierarchy
  73 + @auth_rules = reader.auth_rules
  74 + @roles = reader.roles
  75 + @omnipotent_roles = reader.omnipotent_roles
  76 + @role_hierarchy = reader.role_hierarchy
  77 +
  78 + @role_titles = reader.role_titles
  79 + @role_descriptions = reader.role_descriptions
80 80 @reader = reader
81 81
82 82 # {[priv, ctx] => [priv, ...]}
117 lib/declarative_authorization/reader.rb
@@ -46,12 +46,78 @@ class DSLError < Exception; end
46 46 # Signals errors in the syntax of an authorization DSL.
47 47 class DSLSyntaxError < DSLError; end
48 48
  49 + # Defines the interface that a Engine expects from a Reader
  50 + class AbstractReader
  51 + # Returns an Array of AuthorizationRule objects.
  52 + def authorization_rules
  53 + raise NotImplementedError
  54 + end
  55 +
  56 + # Returns a list of all defined privileges as symbols
  57 + def privileges
  58 + raise NotImplementedError
  59 + end
  60 +
  61 + # Returns the hierarchy of privileges as defined in the authorization
  62 + # configuration. A hash in the following format:
  63 + #
  64 + # {
  65 + # :priv => [
  66 + # [:lower_priv, context_or_nil],
  67 + # [:other_lower_priv]
  68 + # ],
  69 + # :other_priv => []
  70 + # }
  71 + def privilege_hierarchy
  72 + raise NotImplementedError
  73 + end
  74 +
  75 + # All present roles, an Array of Symbols
  76 + def roles
  77 + raise NotImplementedError
  78 + end
  79 +
  80 + # All omnipotent roles, as an array of symbols
  81 + def omnipotent_roles
  82 + raise NotImplementedError
  83 + end
  84 +
  85 + # The hierarchy of roles:
  86 + # {
  87 + # :higher_role => [:lower_role, :other_lower_role], ...
  88 + # }
  89 + def role_hierarchy
  90 + raise NotImplementedError
  91 + end
  92 +
  93 + # Human-readable titles for the roles:
  94 + # {
  95 + # :a_role => "Long Role Name"
  96 + # }
  97 + def role_titles
  98 + raise NotImplementedError
  99 + end
  100 +
  101 + # Human-readable descriptions
  102 + # {
  103 + # :a_role => "Role description..."
  104 + # }
  105 + def role_descriptions
  106 + raise NotImplementedError
  107 + end
  108 +
  109 + # All authorization rules
  110 + def auth_rules
  111 + raise NotImplementedError
  112 + end
  113 + end
  114 +
49 115 # Top-level reader, parses the methods +privileges+ and +authorization+.
50 116 # +authorization+ takes a block with authorization rules as described in
51 117 # AuthorizationRulesReader. The block to +privileges+ defines privilege
52 118 # hierarchies, as described in PrivilegesReader.
53 119 #
54   - class DSLReader
  120 + class DSLReader < AbstractReader
55 121 attr_reader :privileges_reader, :auth_rules_reader # :nodoc:
56 122
57 123 def initialize ()
@@ -65,12 +131,57 @@ def initialize ()
65 131 # String or Array - it will treat it as if you have passed a path or an array of paths and attempt to load those.
66 132 def self.factory(obj)
67 133 case obj
68   - when Reader::DSLReader
69   - obj
70 134 when String, Array
71 135 load(obj)
  136 + else
  137 + obj
72 138 end
73 139 end
  140 +
  141 + # See AbstractReader
  142 + def authorization_rules
  143 + @auth_rules_reader.auth_rules
  144 + end
  145 +
  146 + # See AbstractReader
  147 + def privileges
  148 + @privileges_reader.privileges
  149 + end
  150 +
  151 + # See AbstractReader
  152 + def privilege_hierarchy
  153 + @privileges_reader.privilege_hierarchy
  154 + end
  155 +
  156 + # See AbstractReader
  157 + def roles
  158 + @auth_rules_reader.roles
  159 + end
  160 +
  161 + # See AbstractReader
  162 + def omnipotent_roles
  163 + @auth_rules_reader.omnipotent_roles
  164 + end
  165 +
  166 + # See AbstractReader
  167 + def role_hierarchy
  168 + @auth_rules_reader.role_hierarchy
  169 + end
  170 +
  171 + # See AbstractReader
  172 + def role_titles
  173 + @auth_rules_reader.role_titles
  174 + end
  175 +
  176 + # See AbstractReader
  177 + def role_descriptions
  178 + @auth_rules_reader.role_descriptions
  179 + end
  180 +
  181 + # See AbstractReader
  182 + def auth_rules
  183 + @auth_rules_reader.auth_rules
  184 + end
74 185
75 186 # Parses a authorization DSL specification from the string given
76 187 # in +dsl_data+. Raises DSLSyntaxError if errors occur on parsing.
34 test/dsl_reader_test.rb
@@ -25,7 +25,7 @@ def test_privileges_with_context
25 25 end
26 26 }
27 27 assert_equal [[:lower_priv, :test_context]],
28   - reader.privileges_reader.privilege_hierarchy[:test_priv]
  28 + reader.privilege_hierarchy[:test_priv]
29 29 end
30 30
31 31 def test_privileges_one_line
@@ -38,11 +38,11 @@ def test_privileges_one_line
38 38 end
39 39 }
40 40 assert_equal [[:lower_priv, :test_context]],
41   - reader.privileges_reader.privilege_hierarchy[:test_priv]
  41 + reader.privilege_hierarchy[:test_priv]
42 42 assert_equal [[:lower_priv, :test_context]],
43   - reader.privileges_reader.privilege_hierarchy[:test_priv_2]
  43 + reader.privilege_hierarchy[:test_priv_2]
44 44 assert_equal [[:lower_priv, nil]],
45   - reader.privileges_reader.privilege_hierarchy[:test_priv_3]
  45 + reader.privilege_hierarchy[:test_priv_3]
46 46 end
47 47
48 48 def test_auth_role
@@ -55,9 +55,9 @@ def test_auth_role
55 55 end
56 56 end
57 57 }
58   - assert_equal 1, reader.auth_rules_reader.roles.length
59   - assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role]
60   - assert_equal 1, reader.auth_rules_reader.auth_rules.length
  58 + assert_equal 1, reader.roles.length
  59 + assert_equal [:lesser_role], reader.role_hierarchy[:test_role]
  60 + assert_equal 1, reader.auth_rules.length
61 61 end
62 62
63 63 def test_auth_role_permit_on
@@ -72,10 +72,10 @@ def test_auth_role_permit_on
72 72 end
73 73 end
74 74 |
75   - assert_equal 1, reader.auth_rules_reader.roles.length
76   - assert_equal 1, reader.auth_rules_reader.auth_rules.length
77   - assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
78   - assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
  75 + assert_equal 1, reader.roles.length
  76 + assert_equal 1, reader.auth_rules.length
  77 + assert reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
  78 + assert reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
79 79 end
80 80
81 81 def test_permit_block
@@ -98,9 +98,9 @@ def test_permit_block
98 98 end
99 99 end
100 100 |
101   - assert_equal 1, reader.auth_rules_reader.roles.length
102   - assert_equal 1, reader.auth_rules_reader.auth_rules.length
103   - assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
  101 + assert_equal 1, reader.roles.length
  102 + assert_equal 1, reader.auth_rules.length
  103 + assert reader.auth_rules[0].matches?(:test_role, [:test], :perms)
104 104 end
105 105
106 106 def test_has_permission_to_with_context
@@ -112,9 +112,9 @@ def test_has_permission_to_with_context
112 112 end
113 113 end
114 114 |
115   - assert_equal 1, reader.auth_rules_reader.roles.length
116   - assert_equal 1, reader.auth_rules_reader.auth_rules.length
117   - assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
  115 + assert_equal 1, reader.roles.length
  116 + assert_equal 1, reader.auth_rules.length
  117 + assert reader.auth_rules[0].matches?(:test_role, [:test], :perms)
118 118 end
119 119
120 120 def test_context

0 comments on commit e1aeb3b

Please sign in to comment.
Something went wrong with that request. Please try again.