Skip to content

Commit

Permalink
AbstractReader interface
Browse files Browse the repository at this point in the history
  • Loading branch information
@stffn
stffn committed Jan 14, 2011
1 parent b2964ca commit e1aeb3b
Show file tree
Hide file tree
Showing 3 changed files with 140 additions and 29 deletions.
18 changes: 9 additions & 9 deletions lib/declarative_authorization/authorization.rb
View file
Expand Up @@ -67,16 +67,16 @@ class Engine
def initialize (reader = nil) def initialize (reader = nil)
reader = Reader::DSLReader.factory(reader || AUTH_DSL_FILES) reader = Reader::DSLReader.factory(reader || AUTH_DSL_FILES)


@privileges = reader.privileges_reader.privileges @privileges = reader.privileges
# {priv => [[priv, ctx],...]} # {priv => [[priv, ctx],...]}
@privilege_hierarchy = reader.privileges_reader.privilege_hierarchy @privilege_hierarchy = reader.privilege_hierarchy
@auth_rules = reader.auth_rules_reader.auth_rules @auth_rules = reader.auth_rules
@roles = reader.auth_rules_reader.roles @roles = reader.roles
@omnipotent_roles = reader.auth_rules_reader.omnipotent_roles @omnipotent_roles = reader.omnipotent_roles
@role_hierarchy = reader.auth_rules_reader.role_hierarchy @role_hierarchy = reader.role_hierarchy


@role_titles = reader.auth_rules_reader.role_titles @role_titles = reader.role_titles
@role_descriptions = reader.auth_rules_reader.role_descriptions @role_descriptions = reader.role_descriptions
@reader = reader @reader = reader


# {[priv, ctx] => [priv, ...]} # {[priv, ctx] => [priv, ...]}
Expand Down
117 changes: 114 additions & 3 deletions lib/declarative_authorization/reader.rb
View file
Expand Up @@ -46,12 +46,78 @@ class DSLError < Exception; end
# Signals errors in the syntax of an authorization DSL. # Signals errors in the syntax of an authorization DSL.
class DSLSyntaxError < DSLError; end class DSLSyntaxError < DSLError; end


# Defines the interface that a Engine expects from a Reader
class AbstractReader
# Returns an Array of AuthorizationRule objects.
def authorization_rules
raise NotImplementedError
end

# Returns a list of all defined privileges as symbols
def privileges
raise NotImplementedError
end

# Returns the hierarchy of privileges as defined in the authorization
# configuration. A hash in the following format:
#
# {
# :priv => [
# [:lower_priv, context_or_nil],
# [:other_lower_priv]
# ],
# :other_priv => []
# }
def privilege_hierarchy
raise NotImplementedError
end

# All present roles, an Array of Symbols
def roles
raise NotImplementedError
end

# All omnipotent roles, as an array of symbols
def omnipotent_roles
raise NotImplementedError
end

# The hierarchy of roles:
# {
# :higher_role => [:lower_role, :other_lower_role], ...
# }
def role_hierarchy
raise NotImplementedError
end

# Human-readable titles for the roles:
# {
# :a_role => "Long Role Name"
# }
def role_titles
raise NotImplementedError
end

# Human-readable descriptions
# {
# :a_role => "Role description..."
# }
def role_descriptions
raise NotImplementedError
end

# All authorization rules
def auth_rules
raise NotImplementedError
end
end

# Top-level reader, parses the methods +privileges+ and +authorization+. # Top-level reader, parses the methods +privileges+ and +authorization+.
# +authorization+ takes a block with authorization rules as described in # +authorization+ takes a block with authorization rules as described in
# AuthorizationRulesReader. The block to +privileges+ defines privilege # AuthorizationRulesReader. The block to +privileges+ defines privilege
# hierarchies, as described in PrivilegesReader. # hierarchies, as described in PrivilegesReader.
# #
class DSLReader class DSLReader < AbstractReader
attr_reader :privileges_reader, :auth_rules_reader # :nodoc: attr_reader :privileges_reader, :auth_rules_reader # :nodoc:


def initialize () def initialize ()
Expand All @@ -65,12 +131,57 @@ def initialize ()
# String or Array - it will treat it as if you have passed a path or an array of paths and attempt to load those. # String or Array - it will treat it as if you have passed a path or an array of paths and attempt to load those.
def self.factory(obj) def self.factory(obj)
case obj case obj
when Reader::DSLReader
obj
when String, Array when String, Array
load(obj) load(obj)
else
obj
end end
end end

# See AbstractReader
def authorization_rules
@auth_rules_reader.auth_rules
end

# See AbstractReader
def privileges
@privileges_reader.privileges
end

# See AbstractReader
def privilege_hierarchy
@privileges_reader.privilege_hierarchy
end

# See AbstractReader
def roles
@auth_rules_reader.roles
end

# See AbstractReader
def omnipotent_roles
@auth_rules_reader.omnipotent_roles
end

# See AbstractReader
def role_hierarchy
@auth_rules_reader.role_hierarchy
end

# See AbstractReader
def role_titles
@auth_rules_reader.role_titles
end

# See AbstractReader
def role_descriptions
@auth_rules_reader.role_descriptions
end

# See AbstractReader
def auth_rules
@auth_rules_reader.auth_rules
end


# Parses a authorization DSL specification from the string given # Parses a authorization DSL specification from the string given
# in +dsl_data+. Raises DSLSyntaxError if errors occur on parsing. # in +dsl_data+. Raises DSLSyntaxError if errors occur on parsing.
Expand Down
34 changes: 17 additions & 17 deletions test/dsl_reader_test.rb
View file
Expand Up @@ -25,7 +25,7 @@ def test_privileges_with_context
end end
} }
assert_equal [[:lower_priv, :test_context]], assert_equal [[:lower_priv, :test_context]],
reader.privileges_reader.privilege_hierarchy[:test_priv] reader.privilege_hierarchy[:test_priv]
end end


def test_privileges_one_line def test_privileges_one_line
Expand All @@ -38,11 +38,11 @@ def test_privileges_one_line
end end
} }
assert_equal [[:lower_priv, :test_context]], assert_equal [[:lower_priv, :test_context]],
reader.privileges_reader.privilege_hierarchy[:test_priv] reader.privilege_hierarchy[:test_priv]
assert_equal [[:lower_priv, :test_context]], assert_equal [[:lower_priv, :test_context]],
reader.privileges_reader.privilege_hierarchy[:test_priv_2] reader.privilege_hierarchy[:test_priv_2]
assert_equal [[:lower_priv, nil]], assert_equal [[:lower_priv, nil]],
reader.privileges_reader.privilege_hierarchy[:test_priv_3] reader.privilege_hierarchy[:test_priv_3]
end end


def test_auth_role def test_auth_role
Expand All @@ -55,9 +55,9 @@ def test_auth_role
end end
end end
} }
assert_equal 1, reader.auth_rules_reader.roles.length assert_equal 1, reader.roles.length
assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role] assert_equal [:lesser_role], reader.role_hierarchy[:test_role]
assert_equal 1, reader.auth_rules_reader.auth_rules.length assert_equal 1, reader.auth_rules.length
end end


def test_auth_role_permit_on def test_auth_role_permit_on
Expand All @@ -72,10 +72,10 @@ def test_auth_role_permit_on
end end
end end
| |
assert_equal 1, reader.auth_rules_reader.roles.length assert_equal 1, reader.roles.length
assert_equal 1, reader.auth_rules_reader.auth_rules.length assert_equal 1, reader.auth_rules.length
assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context) assert reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context) assert reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
end end


def test_permit_block def test_permit_block
Expand All @@ -98,9 +98,9 @@ def test_permit_block
end end
end end
| |
assert_equal 1, reader.auth_rules_reader.roles.length assert_equal 1, reader.roles.length
assert_equal 1, reader.auth_rules_reader.auth_rules.length assert_equal 1, reader.auth_rules.length
assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms) assert reader.auth_rules[0].matches?(:test_role, [:test], :perms)
end end


def test_has_permission_to_with_context def test_has_permission_to_with_context
Expand All @@ -112,9 +112,9 @@ def test_has_permission_to_with_context
end end
end end
| |
assert_equal 1, reader.auth_rules_reader.roles.length assert_equal 1, reader.roles.length
assert_equal 1, reader.auth_rules_reader.auth_rules.length assert_equal 1, reader.auth_rules.length
assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms) assert reader.auth_rules[0].matches?(:test_role, [:test], :perms)
end end


def test_context def test_context
Expand Down

0 comments on commit e1aeb3b

Please sign in to comment.