lib/cbac.rb in cbac-0.6.1 vs lib/cbac.rb in cbac-0.6.2

@@ -1,132 +1,132 @@
-# TODO: Check the permission table for double entries, ie: both an entry in the
-# generic_role_id field and an entry in the context_role field. Solution: solve
-# via model. Update model & add test
-require "cbac/setup"
-require "cbac/config"
-require "cbac/context_role"
-require "cbac/generic_role"
-require "cbac/known_permission"
-require "cbac/membership"
-require "cbac/permission"
-require "cbac/privilege"
-require "cbac/privilege_new_api"
-require "cbac/privilege_set"
-require "cbac/privilege_set_record"
-require "cbac/cbac_pristine/pristine"
-require "cbac/cbac_pristine/pristine_file"
-require "cbac/cbac_pristine/pristine_permission"
-require "cbac/cbac_pristine/pristine_role"
-
-# The following code contains configuration options. You can turn them on for
-# gem development. For actual usage, it is advisable to set the configuration
-# options in the environment files.
-Cbac::Config.verbose = true
-
-# Module containing the bootstrap code
-module Cbac
-  def cbac_boot!
-    if Cbac::Setup.check
-      puts "CBAC properly installed"
-   
-      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege'))
-      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege_set'))
-      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/context_role'))
-      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine'))
-      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_file'))
-      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_permission'))
-
-      # check performs a check to see if the user is allowed to access the given
-      # resource. Example: authorization_check("BlogController", "index", :get)
-      def authorization_check(controller, action, request, context = {})
-        # Determine the controller to look for
-        controller_method = [controller, action].join("/")
-        # Get the privilegesets
-        privilege_sets = Privilege.select(controller_method, request)
-        # Check the privilege sets
-        check_privilege_sets(privilege_sets, context)
-      end
-
-      # Check the given privilege_set symbol
-      # TODO following code is not yet tested
-      def check_privilege_set(privilege_set, context = {})
-        check_privilege_sets([PrivilegeSet.sets[privilege_set.to_sym]], context)
-      end
-
-      # Check the given privilege_sets
-      def check_privilege_sets(privilege_sets, context = {})
-        # Check the generic roles
-        return true if privilege_sets.any? { |set| Cbac::GenericRole.find(:all, :conditions => ["user_id= ? AND privilege_set_id = ?", current_user, set.id],:joins => [:generic_role_members, :permissions]).length > 0 }
-        # Check the context roles Get the permissions
-        privilege_sets.collect{|privilege_set|Cbac::Permission.find(:all, :conditions => ["privilege_set_id = ? AND generic_role_id = 0", privilege_set.id.to_s])}.flatten.each do |permission|
-          puts "Checking for context_role:#{permission.context_role} on privilege_set:#{permission.privilege_set.name}" if Cbac::Config.verbose
-          eval_string = ContextRole.roles[permission.context_role.to_sym]
-          begin
-            return true if eval_string.call(context)
-          rescue Exception => e
-            puts "Error in context role: #{permission.context_role} on privilege_set: #{permission.privilege_set.name}. Context: #{context}"
-            raise e if RAILS_ENV == "development" or RAILS_ENV == "test" # In development mode, this should crash as hard as possible, but in further stages, it should not
-          end
-        end
-        # not authorized
-        puts "Not authorized for: #{privilege_sets.to_s}" if Cbac::Config.verbose
-        false
-      end
-
-      # Code that performs authorization
-      def authorize
-        authorization_check(params[:controller], params[:action], request.request_method.downcase, self) || unauthorized
-      end
-
-      # Default unauthorized method Override this method to supply your own code
-      # for incorrect authorization
-      def unauthorized
-        render :text => "You are not authorized to perform this action", :status => 401
-      end
-
-      # Default implementation of the current_user method
-      def current_user_id
-        session[:currentuser].to_i
-      end
-
-      # Load controller classes and methods
-      def load_controller_methods
-        begin
-          Dir.glob("app/controllers/**/*.rb").each{|file| require file}
-        rescue LoadError
-          raise "Could not load controller classes"
-        end
-        # Make this iterative TODO
-        @classes = ApplicationController.subclasses
-      end
-
-      # Extracts the class name from the filename
-      def extract_class_name(filename)
-        File.basename(filename).chomp(".rb").camelize
-      end
-
-      # ### Initializer Include privileges file - contains the privilege and
-      # privilege definitions
-      begin
-        require File.join(::Rails.root.to_s, "config", "cbac", "privileges.rb")
-      rescue MissingSourceFile
-        puts "CBAC warning: Could not load config/cbac/privileges.rb (Did you run ./script/generate cbac?)"
-      end
-      # Include context roles file - contains the context role definitions
-      begin
-        require File.join(::Rails.root.to_s, "config", "cbac", "context_roles.rb")
-      rescue MissingSourceFile
-        puts "CBAC warning: Could not load config/cbac/context_roles.rb (Did you run ./script/generate cbac?)"
-      end
-
-      # ### Database autoload code
-    else
-      # This is the code that is executed if CBAc is not properly installed/
-      # configured. It includes a different authorize method, aimes at refusing
-      # all authorizations
-      def authorize
-        render :text => "Authorization error", :status => 401
-        false
-      end
-    end
-  end
-end
+# TODO: Check the permission table for double entries, ie: both an entry in the
+# generic_role_id field and an entry in the context_role field. Solution: solve
+# via model. Update model & add test
+require "cbac/setup"
+require "cbac/config"
+require "cbac/context_role"
+require "cbac/generic_role"
+require "cbac/known_permission"
+require "cbac/membership"
+require "cbac/permission"
+require "cbac/privilege"
+require "cbac/privilege_new_api"
+require "cbac/privilege_set"
+require "cbac/privilege_set_record"
+require "cbac/cbac_pristine/pristine"
+require "cbac/cbac_pristine/pristine_file"
+require "cbac/cbac_pristine/pristine_permission"
+require "cbac/cbac_pristine/pristine_role"
+
+# The following code contains configuration options. You can turn them on for
+# gem development. For actual usage, it is advisable to set the configuration
+# options in the environment files.
+Cbac::Config.verbose = true
+
+# Module containing the bootstrap code
+module Cbac
+  def cbac_boot!
+    if Cbac::Setup.check
+      puts "CBAC properly installed"
+   
+      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege'))
+      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege_set'))
+      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/context_role'))
+      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine'))
+      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_file'))
+      require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_permission'))
+
+      # check performs a check to see if the user is allowed to access the given
+      # resource. Example: authorization_check("BlogController", "index", :get)
+      def authorization_check(controller, action, request, context = {})
+        # Determine the controller to look for
+        controller_method = [controller, action].join("/")
+        # Get the privilegesets
+        privilege_sets = Privilege.select(controller_method, request)
+        # Check the privilege sets
+        check_privilege_sets(privilege_sets, context)
+      end
+
+      # Check the given privilege_set symbol
+      # TODO following code is not yet tested
+      def check_privilege_set(privilege_set, context = {})
+        check_privilege_sets([PrivilegeSet.sets[privilege_set.to_sym]], context)
+      end
+
+      # Check the given privilege_sets
+      def check_privilege_sets(privilege_sets, context = {})
+        # Check the generic roles
+        return true if privilege_sets.any? { |set| Cbac::GenericRole.find(:all, :conditions => ["user_id= ? AND privilege_set_id = ?", current_user, set.id],:joins => [:generic_role_members, :permissions]).length > 0 }
+        # Check the context roles Get the permissions
+        privilege_sets.collect{|privilege_set|Cbac::Permission.find(:all, :conditions => ["privilege_set_id = ? AND generic_role_id = 0", privilege_set.id.to_s])}.flatten.each do |permission|
+          puts "Checking for context_role:#{permission.context_role} on privilege_set:#{permission.privilege_set.name}" if Cbac::Config.verbose
+          eval_string = ContextRole.roles[permission.context_role.to_sym]
+          begin
+            return true if eval_string.call(context)
+          rescue Exception => e
+            puts "Error in context role: #{permission.context_role} on privilege_set: #{permission.privilege_set.name}. Context: #{context}"
+            raise e if RAILS_ENV == "development" or RAILS_ENV == "test" # In development mode, this should crash as hard as possible, but in further stages, it should not
+          end
+        end
+        # not authorized
+        puts "Not authorized for: #{privilege_sets.to_s}" if Cbac::Config.verbose
+        false
+      end
+
+      # Code that performs authorization
+      def authorize
+        authorization_check(params[:controller], params[:action], request.request_method.downcase, self) || unauthorized
+      end
+
+      # Default unauthorized method Override this method to supply your own code
+      # for incorrect authorization
+      def unauthorized
+        render :text => "You are not authorized to perform this action", :status => 401
+      end
+
+      # Default implementation of the current_user method
+      def current_user_id
+        session[:currentuser].to_i
+      end
+
+      # Load controller classes and methods
+      def load_controller_methods
+        begin
+          Dir.glob("app/controllers/**/*.rb").each{|file| require file}
+        rescue LoadError
+          raise "Could not load controller classes"
+        end
+        # Make this iterative TODO
+        @classes = ApplicationController.subclasses
+      end
+
+      # Extracts the class name from the filename
+      def extract_class_name(filename)
+        File.basename(filename).chomp(".rb").camelize
+      end
+
+      # ### Initializer Include privileges file - contains the privilege and
+      # privilege definitions
+      begin
+        require File.join(::Rails.root.to_s, "config", "cbac", "privileges.rb")
+      rescue MissingSourceFile
+        puts "CBAC warning: Could not load config/cbac/privileges.rb (Did you run ./script/generate cbac?)"
+      end
+      # Include context roles file - contains the context role definitions
+      begin
+        require File.join(::Rails.root.to_s, "config", "cbac", "context_roles.rb")
+      rescue MissingSourceFile
+        puts "CBAC warning: Could not load config/cbac/context_roles.rb (Did you run ./script/generate cbac?)"
+      end
+
+      # ### Database autoload code
+    else
+      # This is the code that is executed if CBAc is not properly installed/
+      # configured. It includes a different authorize method, aimes at refusing
+      # all authorizations
+      def authorize
+        render :text => "Authorization error", :status => 401
+        false
+      end
+    end
+  end
+end