| CODENOTIFIER | HelpYou are not signed inSign in |
Project: Authorization @googlecode
Revision: 45
Author: glenn.rempe
Date: 28 May 2008 15:39:04
Changes:Merge branch 'master' into local-svn
Files:| ...... | @@ -1,20 +0,0 @@ | |
| 1 | Description: | |
| 2 | The role_model generator creates a Role model for use with the Authorization plugin. | |
| 3 | ||
| 4 | The generator takes a model name as its argument, which at this time must be 'Role'. | |
| 5 | ||
| 6 | The generator creates a Role model class in app/models, a test suite in | |
| 7 | test/unit, test fixtures in test/fixtures/roles.yml, and a migration | |
| 8 | in the db/migrate directory. | |
| 9 | ||
| 10 | Example: | |
| 11 | ./script/generate role_model Role | |
| 12 | ||
| 13 | This will create a Role model: | |
| 14 | Model: app/models/role.rb | |
| 15 | Test: test/unit/role_test.rb | |
| 16 | Fixtures: test/fixtures/roles.yml | |
| 17 | Migration: db/migrate/XXX_add_role.rb | |
| 18 | ||
| 19 | You should then run 'rake db:migrate'. | |
| 20 |
| ...... | @@ -1,9 +1,5 @@ | |
| 1 | 1 | = Authorization plugin |
| 2 | 2 | |
| 3 | See the following wiki page for the latest version of this documentation: | |
| 4 | ||
| 5 | http://code.google.com/p/rails-authorization-plugin/w/list | |
| 6 | ||
| 7 | 3 | This plugin provides a flexible way to add authorization to Rails. |
| 8 | 4 | |
| 9 | 5 | The authorization process decides whether a user is allowed access to some |
| ...... | @@ -38,6 +34,48 @@ | |
| 38 | 34 | all the features, you will want to use "object roles table" (see below) |
| 39 | 35 | |
| 40 | 36 | |
| 37 | == Example Usage | |
| 38 | ||
| 39 | class MeetingController < ApplicationController | |
| 40 | ||
| 41 | permit "rubyists and wanna_be_rubyists", :except => :public_page | |
| 42 | ||
| 43 | def public_page | |
| 44 | render :text => "We're all in Chicago" | |
| 45 | end | |
| 46 | ||
| 47 | def secret_info | |
| 48 | permit "interested in Answers and (matz or dhh)" do | |
| 49 | render :text => "The Answer = 42" | |
| 50 | end | |
| 51 | end | |
| 52 | ||
| 53 | def find_apprentice | |
| 54 | @founder = User.find_by_name('matz') | |
| 55 | permit "'inner circle' of :founder" do | |
| 56 | if request.post? | |
| 57 | apprentice = User.find_by_skillset(params[:uber_hacker]) | |
| 58 | ruby_community = Group.find_by_name('Ruby') | |
| 59 | ruby_community.accepts_role 'yarv_builder', apprentice | |
| 60 | end | |
| 61 | end | |
| 62 | end | |
| 63 | ||
| 64 | def rails_conf | |
| 65 | @meeting = Meeting.find_by_name('RailsConf') | |
| 66 | permit "attendees of :meeting or swedish_mensa_supermodels" do | |
| 67 | venue = Hotel.find_by_name("Wyndham O'Hare") | |
| 68 | current_user.is_traveller_to venue | |
| 69 | if permit? "traveller to :venue and not speaker" | |
| 70 | Partay.all_night_long | |
| 71 | @misdeeds = current_user.is_participant_in_what | |
| 72 | end | |
| 73 | end | |
| 74 | end | |
| 75 | ||
| 76 | end | |
| 77 | ||
| 78 | ||
| 41 | 79 | == Installation |
| 42 | 80 | |
| 43 | 81 | Installation of the Authorization plugin is quick and easy. |
| ...... | @@ -46,12 +84,10 @@ | |
| 46 | 84 | |
| 47 | 85 | Open a terminal and change directory to the root of your |
| 48 | 86 | Ruby on Rails application referred to here as 'RAILS_ROOT'. You |
| 49 | can choose to install the plugin in the standard recommended way, | |
| 50 | or as a Git sub-module. | |
| 87 | can choose to install the plugin using the standard Ruby on Rails tools (recommended), | |
| 88 | as a Git sub-module, or by grabbing a tarball. | |
| 51 | 89 | |
| 52 | === Step 2 | |
| 53 | ||
| 54 | ==== Standard install, recommended | |
| 90 | === Step 2a (Standard install, recommended) | |
| 55 | 91 | |
| 56 | 92 | Run the following command in your RAILS_ROOT: |
| 57 | 93 | |
| ...... | @@ -60,18 +96,17 @@ | |
| 60 | 96 | This will install the latest version of the plugin from SVN trunk |
| 61 | 97 | into your RAILS_ROOT/vendor/plugins/authorization directory. |
| 62 | 98 | |
| 63 | ==== Alternative install using Git sub-module, for users of git | |
| 99 | === Step 2b (Alternative install using Git sub-module, for advanced users of the Git SCM) | |
| 64 | 100 | |
| 65 | 101 | The source code for this plugin is maintained in a Git SCM |
| 66 | repository (The code in the SVN repository here at Google | |
| 67 | Code is a read-only mirror). The Git repository will always | |
| 68 | have the latest version of the code. | |
| 102 | repository. The Git repository will always have the latest | |
| 103 | version of the code. | |
| 69 | 104 | |
| 70 | 105 | You can install the plugin using Git sub-modules (which |
| 71 | 106 | are akin to using SVN externals). Installing this way allows |
| 72 | 107 | you to update the plugin code later if needed (but note that |
| 73 | 108 | it will not update any generated code created earlier by this |
| 74 | plugin such as migrations, you will need to update that manually). | |
| 109 | plugin such as migrations, which you will need to update manually). | |
| 75 | 110 | Also note that if you are deploying your code using Capistrano |
| 76 | 111 | this method may cause issues if you are not careful (e.g. the code |
| 77 | 112 | will be deployed but the sub-modules will not be updated or |
| ...... | @@ -86,7 +121,7 @@ | |
| 86 | 121 | |
| 87 | 122 | git submodule update |
| 88 | 123 | |
| 89 | ==== Alternative manual install | |
| 124 | === Step 2c (Alternative manual install from tarball) | |
| 90 | 125 | |
| 91 | 126 | If you like to install the old school manual way, feel free to download a copy of the plugin code from: |
| 92 | 127 | |
| ...... | @@ -109,7 +144,7 @@ | |
| 109 | 144 | <tt>has_role?(role, obj = nil)</tt> method. This method is however more |
| 110 | 145 | limited in the functionality available to you. |
| 111 | 146 | |
| 112 | ==== Object Roles (Recommended, DB Required) | |
| 147 | ==== Object Roles (Recommended, DB Required) | |
| 113 | 148 | |
| 114 | 149 | The Object Roles Table mixin provides full support for authorization |
| 115 | 150 | expressions within a database by add a polymorphic field to the |
| ...... | @@ -136,13 +171,13 @@ | |
| 136 | 171 | like the following (customized for your controllers and actions of course): |
| 137 | 172 | |
| 138 | 173 | ... |
| 139 | ||
| 174 | ||
| 140 | 175 | # Authorization plugin for role based access control |
| 141 | 176 | # You can override default authorization system constants here. |
| 142 | ||
| 177 | ||
| 143 | 178 | # Can be 'object roles' or 'hardwired' |
| 144 | 179 | AUTHORIZATION_MIXIN = "object roles" |
| 145 | ||
| 180 | ||
| 146 | 181 | # NOTE : If you use modular controllers like '/admin/products' be sure |
| 147 | 182 | # to redirect to something like '/sessions' controller (with a leading slash) |
| 148 | 183 | # as shown in the example below or you will not get redirected properly |
| ...... | @@ -151,13 +186,13 @@ | |
| 151 | 186 | # |
| 152 | 187 | LOGIN_REQUIRED_REDIRECTION = { :controller => '/sessions', :action => 'new' } |
| 153 | 188 | PERMISSION_DENIED_REDIRECTION = { :controller => '/home', :action => 'index' } |
| 154 | ||
| 189 | ||
| 155 | 190 | # The method your auth scheme uses to store the location to redirect back to |
| 156 | 191 | STORE_LOCATION_METHOD = :store_location |
| 157 | ||
| 192 | ||
| 158 | 193 | # standard rails config below here |
| 159 | 194 | Rails::Initializer.run do |config| |
| 160 | ||
| 195 | ||
| 161 | 196 | ... |
| 162 | 197 | |
| 163 | 198 | * Set the AUTHORIZATION_MIXIN constant to object roles or hardwired. (See init.rb in this plugin for how the role support is mixed in.) |
| ...... | @@ -182,10 +217,10 @@ | |
| 182 | 217 | |
| 183 | 218 | This will create: |
| 184 | 219 | |
| 185 | Model: RAILS_ROOT/app/models/role.rb | |
| 186 | Test: RAILS_ROOT/test/unit/role_test.rb | |
| 187 | Fixtures: RAILS_ROOT/test/fixtures/roles.yml | |
| 188 | Migration: RAILS_ROOT/db/migrate/###_add_role.rb | |
| 220 | Model: RAILS_ROOT/app/models/role.rb | |
| 221 | Test: RAILS_ROOT/test/unit/role_test.rb | |
| 222 | Fixtures: RAILS_ROOT/test/fixtures/roles.yml | |
| 223 | Migration: RAILS_ROOT/db/migrate/###_add_role.rb | |
| 189 | 224 | |
| 190 | 225 | And now you will need to run a database migration from your RAILS_ROOT: |
| 191 | 226 | |
| ...... | @@ -201,20 +236,20 @@ | |
| 201 | 236 | For a typical installation you would add both mixins to your User model. |
| 202 | 237 | |
| 203 | 238 | class User < ActiveRecord::Base |
| 204 | ||
| 239 | ||
| 205 | 240 | # Authorization plugin |
| 206 | 241 | acts_as_authorized_user |
| 207 | 242 | acts_as_authorizable |
| 208 | ||
| 243 | ||
| 209 | 244 | ... |
| 210 | 245 | |
| 211 | 246 | Then in each additional model that you want to be able to restrict based |
| 212 | 247 | on role you would add just the acts_as_authorizable mixin like this: |
| 213 | 248 | |
| 214 | 249 | class Event < ActiveRecord::Base |
| 215 | ||
| 250 | ||
| 216 | 251 | acts_as_authorizable |
| 217 | ||
| 252 | ||
| 218 | 253 | ... |
| 219 | 254 | |
| 220 | 255 | You are done with the configuration! |
| ...... | @@ -276,36 +311,51 @@ | |
| 276 | 311 | |
| 277 | 312 | ==== Options |
| 278 | 313 | |
| 279 | <tt>:allow_guests => false</tt>. We can allow permission processing without a | |
| 280 | current user object. The default is <tt>false</tt>. | |
| 314 | :allow_guests => false. | |
| 315 | ||
| 316 | We can allow permission processing without a | |
| 317 | current user object. The default is false. | |
| 318 | ||
| 319 | :user => YourUserObject. | |
| 320 | ||
| 321 | The name of your user object. | |
| 322 | ||
| 323 | :get_user_method => method_name | |
| 324 | ||
| 325 | The method name provided should return a user | |
| 326 | object. Default is #current_user, which is the how | |
| 327 | acts_as_authenticated works. | |
| 328 | ||
| 329 | :only => [ :method1, :method2 ] | |
| 330 | ||
| 331 | Array of methods to apply permit (not valid when used in instance methods) | |
| 332 | ||
| 333 | :except => [ :method1, :method2 ] | |
| 334 | ||
| 335 | Array of methods that won't have permission checking (not valid when used in instance methods) | |
| 336 | ||
| 337 | :redirect => boolean | |
| 338 | ||
| 339 | Default is true. If false, permit will not redirect to denied page. | |
| 281 | 340 | |
| 282 | <tt>:user</tt> => A <tt>user</tt> object. | |
| 341 | :login_required_redirection => path or hash | |
| 283 | 342 | |
| 284 | <tt>:get_user_method => method</tt> that will return a <tt>user</tt> | |
| 285 | object. Default is <tt>#current_user</tt>, which is the how | |
| 286 | <tt>acts_as_authenticated</tt> works. | |
| 343 | default is "{ :controller => 'session', :action => 'new' }" | |
| 287 | 344 | |
| 288 | <tt>:only => [ :method1, :method2 ]</tt>. Array of methods to apply permit (not | |
| 289 | valid when used in instance methods) | |
| 345 | Path or Hash where user will be redirected if not logged in () | |
| 290 | 346 | |
| 291 | <tt>:except => [ :method1, :method2 ]</tt>. Array of methods that won't have | |
| 292 | permission checking (not valid when used in instance methods) | |
| 347 | :login_required_message => 'my message' | |
| 293 | 348 | |
| 294 | <tt>:redirect => bool</tt>. default is <tt>true</tt>. If <tt>false</tt>, permit | |
| 295 | will not redirect to denied page. | |
| 349 | A string to present to your users when login is required. Default is 'Login is required to access the requested page.' | |
| 296 | 350 | |
| 297 | <tt>:login_required_redirection => path or hash</tt> where user will be | |
| 298 | redirected if not logged in (default is "{ :controller => 'session', :action => | |
| 299 | 'new' }") | |
| 351 | :permission_denied_redirection => path or hash | |
| 300 | 352 | |
| 301 | <tt>:login_required_message => 'my message'</tt> (default is 'Login is required | |
| 302 | to access the requested page.') | |
| 353 | Path or Hash where user will be redirected if logged in but not authorized (default is '') | |
| 303 | 354 | |
| 304 | <tt>:permission_denied_redirection => path or hash</tt> where user will be | |
| 305 | redirected if logged in but not authorized (default is '') | |
| 355 | :permission_denied_message => 'my message' | |
| 306 | 356 | |
| 307 | <tt>:permission_denied_message => 'my message</tt> (default is 'Permission | |
| 308 | denied. You cannot access the requested page.') | |
| 357 | Message that will be presented to the user when permission is denied. Default is 'Permission | |
| 358 | denied. You cannot access the requested page.' | |
| 309 | 359 | |
| 310 | 360 | === Setting and getting the roles |
| 311 | 361 | |
| ...... | @@ -442,9 +492,7 @@ | |
| 442 | 492 | 3. Once the model object is determined, we pass the role and user (determined |
| 443 | 493 | in the manner above) to <tt>model.accepts_role?</tt> |
| 444 | 494 | |
| 445 | === More information | |
| 446 | 495 | |
| 447 | Information on this plugin and other development can be found at | |
| 448 | the project home page: | |
| 496 | == Developers Note : Contributing Patches | |
| 449 | 497 | |
| 450 | http://code.google.com/p/rails-authorization-plugin/ | |
| 498 | Please see the file README_developers.txt for the methods we would like you to use to submit new code features, bugfixes and patches. |
| ...... | @@ -1,6 +1,49 @@ | |
| 1 | 1 | |
| 2 | 2 | INSTRUCTIONS FOR DEVELOPERS: |
| 3 | 3 | |
| 4 | Authorization and Git | |
| 5 | ||
| 6 | All source code for the plugin is managed in a Git master repository. Currently this repository is hosted on GitHub, which is a great site that makes working with, and sharing, Git managed code so much better. | |
| 7 | ||
| 8 | You can browse the master Git repo here: | |
| 9 | ||
| 10 | http://github.com/DocSavage/rails-authorization-plugin/tree/master | |
| 11 | ||
| 12 | Authorization @ GitHub | |
| 13 | ||
| 14 | If you want to learn more about how you can use GitHub to create your own fork of the Authorization repository and use that as the base for your enhancements this excellent article provides a great start: | |
| 15 | ||
| 16 | http://railsontherun.com/2008/3/3/how-to-use-github-and-submit-a-patch | |
| 17 | ||
| 18 | Authorization and SVN | |
| 19 | ||
| 20 | We currently maintain a mirror of the Git master repo in an SVN repository on GoogleCode. We push commits from Git to SVN using the 'git svn dcommit' command. Code is never pulled from SVN to Git. The primary reason we maintain this mirror is because it allows us to use the standard rails './script/plugin install URL' tools to allow for easy end user installation of the plugin. When the newest version of Rails allows us to provide the same functionality by installing directly from a Git repo this SVN mirror may be discontinued. | |
| 21 | ||
| 22 | You can browse the source code and get instructions for getting a copy of the repo in SVN form from: | |
| 23 | ||
| 24 | http://code.google.com/p/rails-authorization-plugin/source/checkout | |
| 25 | ||
| 26 | Testing | |
| 27 | ||
| 28 | We request that all patches be fully tested prior to submission and we would like all code changes to be accompanied wherever possible by valid passing tests. You can test the application by downloading our most recent test repository from Git and running the tests as instructed in the README. Please submit a separate patch against the test repo to accompany any plugin change patches. | |
| 29 | ||
| 30 | http://github.com/grempe/rails-authorization-plugin-test/tree/master | |
| 31 | ||
| 32 | Instructions for using the test app are available: | |
| 33 | ||
| 34 | http://github.com/grempe/rails-authorization-plugin-test/tree/master/README | |
| 35 | ||
| 36 | We also welcome any patches that would integrate a plugin testing framework (RSpec) into the plugin itself so we could use the test app only for demo purposes and be able to run the suite of tests directly in the plugin code base. | |
| 37 | ||
| 38 | Submitting Patches | |
| 39 | ||
| 40 | The recommended way to submit patches is to initiate a pull request from a Git fork @ GitHub. | |
| 41 | ||
| 42 | However, we will also accept patches submitted on the Authorization Google Group, or by email. | |
| 43 | ||
| 44 | ||
| 45 | PUSHING CHANGES TO GOOGLE CODE SVN: | |
| 46 | - - - - - - - - - - - - - - - - - - | |
| 4 | 47 | Pushing a read-only copy of the git repo master branch to the google code SVN repo. |
| 5 | 48 | -- |
| 6 | 49 |
| ...... | @@ -1,3 +1,3 @@ | |
| 1 | Tests for Authorization plugin are handled by tests within | |
| 2 | the test apps for each type of mixin. | |
| 3 | See http://www.writertopia.com/developers/authorization | |
| 1 | The tests for this plugin are maintained in a sample | |
| 2 | Ruby on Rails application. Please see the file | |
| 3 | README_developers.txt for additional information. |