ActionItem5: initial implementation of rbac infrastructure to power access control

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@481 3f533792-8f58-4932-b0fe-aaf55b0a4547

ActionItem5: initial implementation of rbac infrastructure to power access control
git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@481 3f533792-8f58-4932-b0fe-aaf55b0a4547
MoisesMachado
1 parent a6ca4493
Showing 18 changed files with 198 additions and 1 deletions Show diff stats
app/controllers/role_controller.rb
app/helpers/application_helper.rb
app/helpers/role_helper.rb
app/models/person.rb
app/models/profile.rb
app/models/role.rb
app/models/role_assignment.rb
app/views/role/_form.rhtml
app/views/role/index.rhtml
app/views/role/new.rhtml
config/routes.rb
db/migrate/014_create_roles.rb
db/migrate/015_create_role_assignments.rb
test/fixtures/role_assignments.yml
test/fixtures/roles.yml
test/functional/role_controller_test.rb
test/unit/role_assignment_test.rb
test/unit/role_test.rb
@@ -0,0 +1,47 @@
+class RoleController < ApplicationController
+  def index
+    @roles = Role.find(:all)
+  end
+
+  def show
+    @role = Role.find(params[:id])
+  end
+
+  def new
+    @role = Role.new(:name => 'bla', :permissions => [])
+  end
+
+  def create
+    role = Role.new(params[:role])
+    if role.save
+      redirect_to :action => 'show', :id => role
+    else
+      flash[:notice] = _('Failed to create role')
+      redirect_to :action => 'index'
+    end
+  end
+
+  def edit
+    @role = Role.find(params[:id])
+  end
+
+  def update
+    role = Role.find(params[:id])
+    if role.update_attributes(params[:role])
+      redirect_to :action => 'show', :id => role
+    else
+      flash[:notice] = _('Failed to edit role')
+      render :action => 'edit'
+    end
+  end
+
+  def destroy
+    role = Role.find(params[:id])
+    if role.destroy
+      redirect_to :action => 'index'
+    else
+      flash[:notice] = _('Failed to edit role')
+      redirect_to :action => 'index'
+    end
+  end
+end
@@ -167,6 +167,8 @@ module ApplicationHelper
     content_tag('div', content_tag('div', content_tag('label', label)) + html_for_field, :class => 'formfield') 
   end
+  alias_method :labelled_form_field, :display_form_field
+
   def labelled_form_for(name, object = nil, options = {}, &proc)
     object ||= instance_variable_get("@#{name}")
     form_for(name, object, { :builder => NoosferoFormBuilder }.merge(options), &proc)
@@ -0,0 +1,2 @@
+module RoleHelper
+end
@@ -14,6 +14,12 @@ class Person &lt; Profile
   has_many :people, :through => :person_friendships, :foreign_key => 'friend_id'
   has_one :person_info
+  has_many :role_assignments
+
+  def has_permission?(perm, res=nil)
+    role_assignments.any? {|ra| ra.has_permission?(perm, res)}
+  end
+
   def info
     person_info
   end
@@ -35,6 +35,8 @@ class Profile &lt; ActiveRecord::Base
   belongs_to :virtual_community
   has_many :affiliations, :dependent => :destroy
   has_many :people, :through => :affiliations
+  
+  has_many :role_assignment, :as => :resource
   # Sets the identifier for this profile. Raises an exception when called on a
@@ -0,0 +1,31 @@
+class Role < ActiveRecord::Base
+
+  PERMISSIONS = {
+    :profile => {
+      'edit_profile' => N_('Edit profile'),
+      'post_content' => N_('Post content'),
+      'destroy_profile' => N_('Destroy profile'),
+    },
+    :system => {
+    }
+  }
+
+  def self.permission_name(p)
+#    msgid = ...
+#    gettext(msgid)
+    raise "Moises need to write me"
+  end
+  
+  has_many :role_assignments
+
+  serialize :permissions, Array
+  
+  def initialize(*args)
+    super(*args)
+    permissions = []
+  end
+  
+  def has_permission?(perm)
+    permissions.include?(perm)
+  end
+end
@@ -0,0 +1,9 @@
+class RoleAssignment < ActiveRecord::Base
+  belongs_to :role
+  belongs_to :person
+  belongs_to :resource, :polymorphic => true
+
+  def has_permission?(perm, res)
+    role.has_permission?(perm) && (resource == res)
+  end
+end
@@ -0,0 +1,11 @@
+<%= error_messages_for :role %>
+
+<% labelled_form_for :role, @role do |f| %>
+
+  <%= f.text_field :name %>
+
+  <%= _('Permissions: ') %> <br>
+  <% Role::PERMISSIONS[:profile].keys.each do |p| %>
+    <%= labelled_form_field("bla", (check_box_tag "role[permissions][#{p}]", @role.has_permission?(p))) %>
+  <% end %>
+<% end %>
@@ -0,0 +1,10 @@
+<%= link_to _('New role'), :action => 'new' %>
+<ul>
+  <% @roles.each do |role| %>
+    <li> 
+      <%= link_to role.name, :action => 'show', :id => role %>
+      <%= link_to _('Edit'), :action => 'edit', :id => role %>
+      <%= link_to _('Destroy'), :action => 'destoy', :id => role %>
+    </li>
+  <% end %>
+</ul>
@@ -0,0 +1,3 @@
+<h2> <%= _('New Role') %> </h2>
+
+<%= render :partial => 'form', :locals => { :mode => :new } %>
@@ -33,7 +33,7 @@ ActionController::Routing::Routes.draw do |map|
   ######################################################
   # administrative tasks for a virtual community
   map.admin 'admin', :controller => 'admin_panel'
-  map.admin 'admin/:controller/:action/:id', :controller => /(admin_panel|features|manage_tags|edit_template)/
+  map.admin 'admin/:controller/:action/:id', :controller => /(admin_panel|features|manage_tags|edit_template|role)/
   ######################################################
   ## Controllers that are used by system admin
@@ -0,0 +1,12 @@
+class CreateRoles < ActiveRecord::Migration
+  def self.up
+    create_table :roles do |t|
+      t.column :name,        :string
+      t.column :permissions, :string
+    end
+  end
+
+  def self.down
+    drop_table :roles
+  end
+end
@@ -0,0 +1,14 @@
+class CreateRoleAssignments < ActiveRecord::Migration
+  def self.up
+    create_table :role_assignments do |t|
+      t.column :person_id,      :integer
+      t.column :role_id,        :integer
+      t.column :resource_id,    :integer
+      t.column :resource_type,  :string
+    end
+  end
+
+  def self.down
+    drop_table :role_assignments
+  end
+end
@@ -0,0 +1,5 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+one:
+  id: 1
+two:
+  id: 2
@@ -0,0 +1,5 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+one:
+  id: 1
+two:
+  id: 2
@@ -0,0 +1,18 @@
+require File.dirname(__FILE__) + '/../test_helper'
+require 'role_controller'
+
+# Re-raise errors caught by the controller.
+class RoleController; def rescue_action(e) raise e end; end
+
+class RoleControllerTest < Test::Unit::TestCase
+  def setup
+    @controller = RoleController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+
+  # Replace this with your real tests.
+  def test_truth
+    assert true
+  end
+end
@@ -0,0 +1,10 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class RoleAssignmentTest < Test::Unit::TestCase
+  fixtures :role_assignments
+
+  # Replace this with your real tests.
+  def test_truth
+    assert true
+  end
+end
@@ -0,0 +1,10 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class RoleTest < Test::Unit::TestCase
+  fixtures :roles
+
+  # Replace this with your real tests.
+  def test_truth
+    assert true
+  end
+end
@@ -0,0 +1,47 @@		@@ -0,0 +1,47 @@
	1	+class RoleController < ApplicationController
	2	+ def index
	3	+ @roles = Role.find(:all)
	4	+ end
	5	+
	6	+ def show
	7	+ @role = Role.find(params[:id])
	8	+ end
	9	+
	10	+ def new
	11	+ @role = Role.new(:name => 'bla', :permissions => [])
	12	+ end
	13	+
	14	+ def create
	15	+ role = Role.new(params[:role])
	16	+ if role.save
	17	+ redirect_to :action => 'show', :id => role
	18	+ else
	19	+ flash[:notice] = _('Failed to create role')
	20	+ redirect_to :action => 'index'
	21	+ end
	22	+ end
	23	+
	24	+ def edit
	25	+ @role = Role.find(params[:id])
	26	+ end
	27	+
	28	+ def update
	29	+ role = Role.find(params[:id])
	30	+ if role.update_attributes(params[:role])
	31	+ redirect_to :action => 'show', :id => role
	32	+ else
	33	+ flash[:notice] = _('Failed to edit role')
	34	+ render :action => 'edit'
	35	+ end
	36	+ end
	37	+
	38	+ def destroy
	39	+ role = Role.find(params[:id])
	40	+ if role.destroy
	41	+ redirect_to :action => 'index'
	42	+ else
	43	+ flash[:notice] = _('Failed to edit role')
	44	+ redirect_to :action => 'index'
	45	+ end
	46	+ end
	47	+end
	@@ -14,6 +14,12 @@ class Person < Profile		@@ -14,6 +14,12 @@ class Person < Profile
14	has_many :people, :through => :person_friendships, :foreign_key => 'friend_id'	14	has_many :people, :through => :person_friendships, :foreign_key => 'friend_id'
15	has_one :person_info	15	has_one :person_info
16		16
		17	+ has_many :role_assignments
		18	+
		19	+ def has_permission?(perm, res=nil)
		20	+ role_assignments.any? {\|ra\| ra.has_permission?(perm, res)}
		21	+ end
		22	+
17	def info	23	def info
18	person_info	24	person_info
19	end	25	end
	@@ -35,6 +35,8 @@ class Profile < ActiveRecord::Base		@@ -35,6 +35,8 @@ class Profile < ActiveRecord::Base
35	belongs_to :virtual_community	35	belongs_to :virtual_community
36	has_many :affiliations, :dependent => :destroy	36	has_many :affiliations, :dependent => :destroy
37	has_many :people, :through => :affiliations	37	has_many :people, :through => :affiliations
		38	+
		39	+ has_many :role_assignment, :as => :resource
38		40
39		41
40	# Sets the identifier for this profile. Raises an exception when called on a	42	# Sets the identifier for this profile. Raises an exception when called on a
@@ -0,0 +1,31 @@		@@ -0,0 +1,31 @@
	1	+class Role < ActiveRecord::Base
	2	+
	3	+ PERMISSIONS = {
	4	+ :profile => {
	5	+ 'edit_profile' => N_('Edit profile'),
	6	+ 'post_content' => N_('Post content'),
	7	+ 'destroy_profile' => N_('Destroy profile'),
	8	+ },
	9	+ :system => {
	10	+ }
	11	+ }
	12	+
	13	+ def self.permission_name(p)
	14	+# msgid = ...
	15	+# gettext(msgid)
	16	+ raise "Moises need to write me"
	17	+ end
	18	+
	19	+ has_many :role_assignments
	20	+
	21	+ serialize :permissions, Array
	22	+
	23	+ def initialize(*args)
	24	+ super(*args)
	25	+ permissions = []
	26	+ end
	27	+
	28	+ def has_permission?(perm)
	29	+ permissions.include?(perm)
	30	+ end
	31	+end
@@ -0,0 +1,9 @@		@@ -0,0 +1,9 @@
	1	+class RoleAssignment < ActiveRecord::Base
	2	+ belongs_to :role
	3	+ belongs_to :person
	4	+ belongs_to :resource, :polymorphic => true
	5	+
	6	+ def has_permission?(perm, res)
	7	+ role.has_permission?(perm) && (resource == res)
	8	+ end
	9	+end
@@ -0,0 +1,11 @@		@@ -0,0 +1,11 @@
	1	+<%= error_messages_for :role %>
	2	+
	3	+<% labelled_form_for :role, @role do \|f\| %>
	4	+
	5	+ <%= f.text_field :name %>
	6	+
	7	+ <%= _('Permissions: ') %> <br>
	8	+ <% Role::PERMISSIONS[:profile].keys.each do \|p\| %>
	9	+ <%= labelled_form_field("bla", (check_box_tag "role[permissions][#{p}]", @role.has_permission?(p))) %>
	10	+ <% end %>
	11	+<% end %>
@@ -0,0 +1,10 @@		@@ -0,0 +1,10 @@
	1	+<%= link_to _('New role'), :action => 'new' %>
	2	+<ul>
	3	+ <% @roles.each do \|role\| %>
	4	+ <li>
	5	+ <%= link_to role.name, :action => 'show', :id => role %>
	6	+ <%= link_to _('Edit'), :action => 'edit', :id => role %>
	7	+ <%= link_to _('Destroy'), :action => 'destoy', :id => role %>
	8	+ </li>
	9	+ <% end %>
	10	+</ul>
@@ -0,0 +1,3 @@		@@ -0,0 +1,3 @@
	1	+<h2> <%= _('New Role') %> </h2>
	2	+
	3	+<%= render :partial => 'form', :locals => { :mode => :new } %>
	@@ -33,7 +33,7 @@ ActionController::Routing::Routes.draw do \|map\|		@@ -33,7 +33,7 @@ ActionController::Routing::Routes.draw do \|map\|
33	######################################################	33	######################################################
34	# administrative tasks for a virtual community	34	# administrative tasks for a virtual community
35	map.admin 'admin', :controller => 'admin_panel'	35	map.admin 'admin', :controller => 'admin_panel'
36	- map.admin 'admin/:controller/:action/:id', :controller => /(admin_panel\|features\|manage_tags\|edit_template)/	36	+ map.admin 'admin/:controller/:action/:id', :controller => /(admin_panel\|features\|manage_tags\|edit_template\|role)/
37		37
38	######################################################	38	######################################################
39	## Controllers that are used by system admin	39	## Controllers that are used by system admin
@@ -0,0 +1,12 @@		@@ -0,0 +1,12 @@
	1	+class CreateRoles < ActiveRecord::Migration
	2	+ def self.up
	3	+ create_table :roles do \|t\|
	4	+ t.column :name, :string
	5	+ t.column :permissions, :string
	6	+ end
	7	+ end
	8	+
	9	+ def self.down
	10	+ drop_table :roles
	11	+ end
	12	+end