Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

AbstractReader interface

  • Loading branch information...
commit e1aeb3b113f71752bf68add6c8f5d89adfd90d5c 1 parent b2964ca
@stffn authored
View
18 lib/declarative_authorization/authorization.rb
@@ -67,16 +67,16 @@ class Engine
def initialize (reader = nil)
reader = Reader::DSLReader.factory(reader || AUTH_DSL_FILES)
- @privileges = reader.privileges_reader.privileges
+ @privileges = reader.privileges
# {priv => [[priv, ctx],...]}
- @privilege_hierarchy = reader.privileges_reader.privilege_hierarchy
- @auth_rules = reader.auth_rules_reader.auth_rules
- @roles = reader.auth_rules_reader.roles
- @omnipotent_roles = reader.auth_rules_reader.omnipotent_roles
- @role_hierarchy = reader.auth_rules_reader.role_hierarchy
-
- @role_titles = reader.auth_rules_reader.role_titles
- @role_descriptions = reader.auth_rules_reader.role_descriptions
+ @privilege_hierarchy = reader.privilege_hierarchy
+ @auth_rules = reader.auth_rules
+ @roles = reader.roles
+ @omnipotent_roles = reader.omnipotent_roles
+ @role_hierarchy = reader.role_hierarchy
+
+ @role_titles = reader.role_titles
+ @role_descriptions = reader.role_descriptions
@reader = reader
# {[priv, ctx] => [priv, ...]}
View
117 lib/declarative_authorization/reader.rb
@@ -46,12 +46,78 @@ class DSLError < Exception; end
# Signals errors in the syntax of an authorization DSL.
class DSLSyntaxError < DSLError; end
+ # Defines the interface that a Engine expects from a Reader
+ class AbstractReader
+ # Returns an Array of AuthorizationRule objects.
+ def authorization_rules
+ raise NotImplementedError
+ end
+
+ # Returns a list of all defined privileges as symbols
+ def privileges
+ raise NotImplementedError
+ end
+
+ # Returns the hierarchy of privileges as defined in the authorization
+ # configuration. A hash in the following format:
+ #
+ # {
+ # :priv => [
+ # [:lower_priv, context_or_nil],
+ # [:other_lower_priv]
+ # ],
+ # :other_priv => []
+ # }
+ def privilege_hierarchy
+ raise NotImplementedError
+ end
+
+ # All present roles, an Array of Symbols
+ def roles
+ raise NotImplementedError
+ end
+
+ # All omnipotent roles, as an array of symbols
+ def omnipotent_roles
+ raise NotImplementedError
+ end
+
+ # The hierarchy of roles:
+ # {
+ # :higher_role => [:lower_role, :other_lower_role], ...
+ # }
+ def role_hierarchy
+ raise NotImplementedError
+ end
+
+ # Human-readable titles for the roles:
+ # {
+ # :a_role => "Long Role Name"
+ # }
+ def role_titles
+ raise NotImplementedError
+ end
+
+ # Human-readable descriptions
+ # {
+ # :a_role => "Role description..."
+ # }
+ def role_descriptions
+ raise NotImplementedError
+ end
+
+ # All authorization rules
+ def auth_rules
+ raise NotImplementedError
+ end
+ end
+
# Top-level reader, parses the methods +privileges+ and +authorization+.
# +authorization+ takes a block with authorization rules as described in
# AuthorizationRulesReader. The block to +privileges+ defines privilege
# hierarchies, as described in PrivilegesReader.
#
- class DSLReader
+ class DSLReader < AbstractReader
attr_reader :privileges_reader, :auth_rules_reader # :nodoc:
def initialize ()
@@ -65,12 +131,57 @@ def initialize ()
# String or Array - it will treat it as if you have passed a path or an array of paths and attempt to load those.
def self.factory(obj)
case obj
- when Reader::DSLReader
- obj
when String, Array
load(obj)
+ else
+ obj
end
end
+
+ # See AbstractReader
+ def authorization_rules
+ @auth_rules_reader.auth_rules
+ end
+
+ # See AbstractReader
+ def privileges
+ @privileges_reader.privileges
+ end
+
+ # See AbstractReader
+ def privilege_hierarchy
+ @privileges_reader.privilege_hierarchy
+ end
+
+ # See AbstractReader
+ def roles
+ @auth_rules_reader.roles
+ end
+
+ # See AbstractReader
+ def omnipotent_roles
+ @auth_rules_reader.omnipotent_roles
+ end
+
+ # See AbstractReader
+ def role_hierarchy
+ @auth_rules_reader.role_hierarchy
+ end
+
+ # See AbstractReader
+ def role_titles
+ @auth_rules_reader.role_titles
+ end
+
+ # See AbstractReader
+ def role_descriptions
+ @auth_rules_reader.role_descriptions
+ end
+
+ # See AbstractReader
+ def auth_rules
+ @auth_rules_reader.auth_rules
+ end
# Parses a authorization DSL specification from the string given
# in +dsl_data+. Raises DSLSyntaxError if errors occur on parsing.
View
34 test/dsl_reader_test.rb
@@ -25,7 +25,7 @@ def test_privileges_with_context
end
}
assert_equal [[:lower_priv, :test_context]],
- reader.privileges_reader.privilege_hierarchy[:test_priv]
+ reader.privilege_hierarchy[:test_priv]
end
def test_privileges_one_line
@@ -38,11 +38,11 @@ def test_privileges_one_line
end
}
assert_equal [[:lower_priv, :test_context]],
- reader.privileges_reader.privilege_hierarchy[:test_priv]
+ reader.privilege_hierarchy[:test_priv]
assert_equal [[:lower_priv, :test_context]],
- reader.privileges_reader.privilege_hierarchy[:test_priv_2]
+ reader.privilege_hierarchy[:test_priv_2]
assert_equal [[:lower_priv, nil]],
- reader.privileges_reader.privilege_hierarchy[:test_priv_3]
+ reader.privilege_hierarchy[:test_priv_3]
end
def test_auth_role
@@ -55,9 +55,9 @@ def test_auth_role
end
end
}
- assert_equal 1, reader.auth_rules_reader.roles.length
- assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role]
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
+ assert_equal 1, reader.roles.length
+ assert_equal [:lesser_role], reader.role_hierarchy[:test_role]
+ assert_equal 1, reader.auth_rules.length
end
def test_auth_role_permit_on
@@ -72,10 +72,10 @@ def test_auth_role_permit_on
end
end
|
- assert_equal 1, reader.auth_rules_reader.roles.length
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
+ assert_equal 1, reader.roles.length
+ assert_equal 1, reader.auth_rules.length
+ assert reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
+ assert reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
end
def test_permit_block
@@ -98,9 +98,9 @@ def test_permit_block
end
end
|
- assert_equal 1, reader.auth_rules_reader.roles.length
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
+ assert_equal 1, reader.roles.length
+ assert_equal 1, reader.auth_rules.length
+ assert reader.auth_rules[0].matches?(:test_role, [:test], :perms)
end
def test_has_permission_to_with_context
@@ -112,9 +112,9 @@ def test_has_permission_to_with_context
end
end
|
- assert_equal 1, reader.auth_rules_reader.roles.length
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
+ assert_equal 1, reader.roles.length
+ assert_equal 1, reader.auth_rules.length
+ assert reader.auth_rules[0].matches?(:test_role, [:test], :perms)
end
def test_context
Please sign in to comment.
Something went wrong with that request. Please try again.