acl9 0.11.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,93 @@
1
+ require 'test_helper'
2
+
3
+ require File.join(File.dirname(__FILE__), '..', 'lib', 'acl9')
4
+
5
+ module SomeHelper
6
+ include Acl9Helpers
7
+
8
+ access_control :the_question do
9
+ allow :hamlet, :to => :be
10
+ allow :hamlet, :except => :be
11
+ end
12
+ end
13
+
14
+ class HelperTest < Test::Unit::TestCase
15
+ module Hamlet
16
+ def current_user
17
+ user = Object.new
18
+
19
+ class <<user
20
+ def has_role?(role, obj=nil)
21
+ role == 'hamlet'
22
+ end
23
+ end
24
+
25
+ user
26
+ end
27
+ end
28
+
29
+ module NotLoggedIn
30
+ def current_user; nil end
31
+ end
32
+
33
+ module Noone
34
+ def current_user
35
+ user = Object.new
36
+
37
+ class <<user
38
+ def has_role?(*_); false end
39
+ end
40
+
41
+ user
42
+ end
43
+ end
44
+
45
+ class Base
46
+ include SomeHelper
47
+
48
+ attr_accessor :action_name
49
+ def controller
50
+ self
51
+ end
52
+ end
53
+
54
+ class Klass1 < Base
55
+ include Hamlet
56
+ end
57
+
58
+ class Klass2 < Base
59
+ include NotLoggedIn
60
+ end
61
+
62
+ class Klass3 < Base
63
+ include Noone
64
+ end
65
+
66
+ it "has :the_question method" do
67
+ Base.new.should respond_to(:the_question)
68
+ end
69
+
70
+ it "role :hamlet is allowed to be" do
71
+ k = Klass1.new
72
+ k.action_name = 'be'
73
+ k.the_question.should be_true
74
+ end
75
+
76
+ it "role :hamlet is allowed to not_be" do
77
+ k = Klass1.new
78
+ k.action_name = 'not_be'
79
+ k.the_question.should be_true
80
+ end
81
+
82
+ it "not logged in is not allowed to be" do
83
+ k = Klass2.new
84
+ k.action_name = 'be'
85
+ k.the_question.should == false
86
+ end
87
+
88
+ it "noone is not allowed to be" do
89
+ k = Klass3.new
90
+ k.action_name = 'be'
91
+ k.the_question.should == false
92
+ end
93
+ end
@@ -0,0 +1,310 @@
1
+ require 'test_helper'
2
+ require File.join(File.dirname(__FILE__), '..', 'lib', 'acl9')
3
+ require 'support/models'
4
+
5
+ #Logger = ActiveRecord::Base.logger
6
+ load 'support/schema.rb'
7
+
8
+ class RolesTest < Test::Unit::TestCase
9
+ before do
10
+ Role.destroy_all
11
+ [User, Foo, Bar].each { |model| model.delete_all }
12
+
13
+ @user = User.create!
14
+ @user2 = User.create!
15
+ @foo = Foo.create!
16
+ @bar = Bar.create!
17
+ end
18
+
19
+ it "should not have any roles by default" do
20
+ %w(user manager admin owner).each do |role|
21
+ @user.has_role?(role).should be_false
22
+ end
23
+ end
24
+
25
+ it "#has_role! without object (global role)" do
26
+ lambda do
27
+ @user.has_role!('admin')
28
+ end.should change { Role.count }.from(0).to(1)
29
+
30
+ @user.has_role?('admin').should be_true
31
+ @user2.has_role?('admin').should be_false
32
+ end
33
+
34
+ it "should not count global role as object role" do
35
+ @user.has_role!('admin')
36
+
37
+ [@foo, @bar, Foo, Bar, @user].each do |obj|
38
+ @user.has_role?('admin', obj).should be_false
39
+ @user.has_roles_for?(obj).should be_false
40
+ @user.roles_for(obj).should == []
41
+ end
42
+
43
+ [@foo, @bar].each do |obj|
44
+ obj.accepts_role?('admin', @user).should be_false
45
+ end
46
+ end
47
+
48
+ it "#has_role! with object (object role)" do
49
+ @user.has_role!('manager', @foo)
50
+
51
+ @user.has_role?('manager', @foo).should be_true
52
+ @user.has_roles_for?(@foo).should be_true
53
+ @user.has_role_for?(@foo).should be_true
54
+
55
+ roles = @user.roles_for(@foo)
56
+ roles.should == @foo.accepted_roles_by(@user)
57
+ roles.size.should == 1
58
+ roles.first.name.should == "manager"
59
+
60
+ @user.has_role?('manager', @bar).should be_false
61
+ @user2.has_role?('manager', @foo).should be_false
62
+
63
+ @foo.accepts_role?('manager', @user).should be_true
64
+ @foo.accepts_role_by?(@user).should be_true
65
+ @foo.accepts_roles_by?(@user).should be_true
66
+ end
67
+
68
+ it "should count object role also as global role" do
69
+ @user.has_role!('manager', @foo)
70
+
71
+ @user.has_role?('manager').should be_true
72
+ end
73
+
74
+ it "should not count object role as object class role" do
75
+ @user.has_role!('manager', @foo)
76
+ @user.has_role?('manager', Foo).should be_false
77
+ end
78
+
79
+ context "protect_global_roles is true" do
80
+ before do
81
+ @saved_option = Acl9.config[:protect_global_roles]
82
+ Acl9.config[:protect_global_roles] = true
83
+ end
84
+
85
+ it "should not count object role also as global role" do
86
+ @user.has_role!('manager', @foo)
87
+
88
+ @user.has_role?('manager').should be_false
89
+ end
90
+
91
+ after do
92
+ Acl9.config[:protect_global_roles] = @saved_option
93
+ end
94
+ end
95
+
96
+ it "#has_role! with class" do
97
+ @user.has_role!('user', Bar)
98
+
99
+ @user.has_role?('user', Bar).should be_true
100
+ @user.has_roles_for?(Bar).should be_true
101
+ @user.has_role_for?(Bar).should be_true
102
+
103
+ roles = @user.roles_for(Bar)
104
+ roles.size.should == 1
105
+ roles.first.name.should == "user"
106
+
107
+ @user.has_role?('user', Foo).should be_false
108
+ @user2.has_role?('user', Bar).should be_false
109
+ end
110
+
111
+ it "should not count class role as object role" do
112
+ @user.has_role!('manager', Foo)
113
+ @user.has_role?('manager', @foo).should be_false
114
+ end
115
+
116
+ it "should be able to have several roles on the same object" do
117
+ @user.has_role!('manager', @foo)
118
+ @user.has_role!('user', @foo)
119
+ @user.has_role!('admin', @foo)
120
+
121
+ @user.has_role!('owner', @bar)
122
+
123
+ @user.roles_for(@foo) .map(&:name).sort.should == %w(admin manager user)
124
+ @foo.accepted_roles_by(@user).map(&:name).sort.should == %w(admin manager user)
125
+ end
126
+
127
+ it "should reuse existing roles" do
128
+ @user.has_role!('owner', @bar)
129
+ @user2.has_role!('owner', @bar)
130
+
131
+ @user.role_objects.should == @user2.role_objects
132
+ end
133
+
134
+ it "#has_no_role! should unassign a global role from user" do
135
+ set_some_roles
136
+
137
+ lambda do
138
+ @user.has_no_role!('3133t')
139
+ end.should change { @user.role_objects.count }.by(-1)
140
+
141
+ @user.has_role?('3133t').should be_false
142
+ end
143
+
144
+ it "#has_no_role! should unassign an object role from user" do
145
+ set_some_roles
146
+
147
+ lambda do
148
+ @user.has_no_role!('manager', @foo)
149
+ end.should change { @user.role_objects.count }.by(-1)
150
+
151
+ @user.has_role?('manager', @foo).should be_false
152
+ @user.has_role?('user', @foo).should be_true # another role on the same object
153
+ end
154
+
155
+ it "#has_no_role! should unassign a class role from user" do
156
+ set_some_roles
157
+
158
+ lambda do
159
+ @user.has_no_role!('admin', Foo)
160
+ end.should change { @user.role_objects.count }.by(-1)
161
+
162
+ @user.has_role?('admin', Foo).should be_false
163
+ @user.has_role?('admin').should be_true # global role
164
+ end
165
+
166
+ it "#has_no_roles_for! should unassign global and class roles with nil object" do
167
+ set_some_roles
168
+
169
+ lambda do
170
+ @user.has_no_roles_for!
171
+ end.should change { @user.role_objects.count }.by(-4)
172
+
173
+ @user.has_role?('admin').should be_false
174
+ @user.has_role?('3133t').should be_false
175
+ @user.has_role?('admin', Foo).should be_false
176
+ @user.has_role?('manager', Foo).should be_false
177
+ end
178
+
179
+ it "#has_no_roles_for! should unassign object roles" do
180
+ set_some_roles
181
+
182
+ lambda do
183
+ @user.has_no_roles_for! @foo
184
+ end.should change { @user.role_objects.count }.by(-2)
185
+
186
+ @user.has_role?('user', @foo).should be_false
187
+ @user.has_role?('manager', @foo).should be_false
188
+ end
189
+
190
+ it "#has_no_roles_for! should unassign both class roles and object roles for objects of that class" do
191
+ set_some_roles
192
+
193
+ lambda do
194
+ @user.has_no_roles_for! Foo
195
+ end.should change { @user.role_objects.count }.by(-4)
196
+
197
+ @user.has_role?('admin', Foo).should be_false
198
+ @user.has_role?('manager', Foo).should be_false
199
+ @user.has_role?('user', @foo).should be_false
200
+ @user.has_role?('manager', @foo).should be_false
201
+ end
202
+
203
+ it "#has_no_roles! should unassign all roles" do
204
+ set_some_roles
205
+
206
+ @user.has_no_roles!
207
+ @user.role_objects.count.should == 0
208
+ end
209
+
210
+ it "should delete unused roles from table" do
211
+ @user.has_role!('owner', @bar)
212
+ @user2.has_role!('owner', @bar)
213
+
214
+ Role.count.should == 1
215
+
216
+ @bar.accepts_no_role!('owner', @user2)
217
+ Role.count.should == 1
218
+
219
+ @bar.accepts_no_role!('owner', @user)
220
+
221
+ Role.count.should == 0
222
+ end
223
+
224
+ it "should accept :symbols as role names" do
225
+ @user.has_role! :admin
226
+ @user.has_role! :_3133t
227
+
228
+ @user.has_role! :admin, Foo
229
+ @user.has_role! :manager, Foo
230
+ @user.has_role! :user, @foo
231
+ @foo.accepts_role! :manager, @user
232
+ @bar.accepts_role! :owner, @user
233
+
234
+ @user.has_role?(:admin).should be_true
235
+ @user.has_role?(:_3133t).should be_true
236
+ @user.has_role?(:admin, Foo).should be_true
237
+ @user.has_role?(:manager, @foo).should be_true
238
+ end
239
+
240
+ private
241
+
242
+ def set_some_roles
243
+ @user.has_role!('admin')
244
+ @user.has_role!('3133t')
245
+
246
+ @user.has_role!('admin', Foo)
247
+ @user.has_role!('manager', Foo)
248
+ @user.has_role!('user', @foo)
249
+ @foo.accepts_role!('manager', @user)
250
+ @bar.accepts_role!('owner', @user)
251
+ end
252
+ end
253
+
254
+ class RolesWithCustomClassNamesTest < Test::Unit::TestCase
255
+ before do
256
+ AnotherRole.destroy_all
257
+ [AnotherSubject, FooBar].each { |model| model.delete_all }
258
+
259
+ @subj = AnotherSubject.create!
260
+ @subj2 = AnotherSubject.create!
261
+ @foobar = FooBar.create!
262
+ end
263
+
264
+ it "should basically work" do
265
+ lambda do
266
+ @subj.has_role!('admin')
267
+ @subj.has_role!('user', @foobar)
268
+ end.should change { AnotherRole.count }.from(0).to(2)
269
+
270
+ @subj.has_role?('admin').should be_true
271
+ @subj2.has_role?('admin').should be_false
272
+
273
+ @subj.has_role?(:user, @foobar).should be_true
274
+ @subj2.has_role?(:user, @foobar).should be_false
275
+
276
+ @subj.has_no_roles!
277
+ @subj2.has_no_roles!
278
+ end
279
+ end
280
+
281
+ class UsersRolesAndSubjectsWithNamespacedClassNamesTest < Test::Unit::TestCase
282
+ before do
283
+ Other::Role.destroy_all
284
+ [Other::User, Other::FooBar].each { |model| model.delete_all }
285
+
286
+ @user = Other::User.create!
287
+ @user2 = Other::User.create!
288
+ @foobar = Other::FooBar.create!
289
+
290
+ end
291
+
292
+ it "should basically work" do
293
+ lambda do
294
+ @user.has_role!('admin')
295
+ @user.has_role!('user', @foobar)
296
+ end.should change { Other::Role.count }.from(0).to(2)
297
+
298
+ @user.has_role?('admin').should be_true
299
+ @user2.has_role?('admin').should be_false
300
+
301
+ @user.has_role?(:user, @foobar).should be_true
302
+ @user2.has_role?(:user, @foobar).should be_false
303
+
304
+ @foobar.accepted_roles.count.should == 1
305
+
306
+ @user.has_no_roles!
307
+ @user2.has_no_roles!
308
+ end
309
+ end
310
+
@@ -0,0 +1,207 @@
1
+ class ApplicationController < ActionController::Base
2
+ rescue_from Acl9::AccessDenied do |e|
3
+ render :text => 'AccessDenied'
4
+ end
5
+ end
6
+
7
+ class EmptyController < ApplicationController
8
+ attr_accessor :current_user
9
+ before_filter :set_current_user
10
+
11
+ [:index, :show, :new, :edit, :update, :delete, :destroy].each do |act|
12
+ define_method(act) { render :text => 'OK' }
13
+ end
14
+
15
+ private
16
+
17
+ def set_current_user
18
+ if params[:user]
19
+ self.current_user = params[:user]
20
+ end
21
+ end
22
+ end
23
+
24
+ module TrueFalse
25
+ private
26
+
27
+ def true_meth; true end
28
+ def false_meth; false end
29
+ end
30
+
31
+ # all these controllers behave the same way
32
+
33
+ class ACLBlock < EmptyController
34
+ access_control :debug => true do
35
+ allow all, :to => [:index, :show]
36
+ allow :admin
37
+ end
38
+ end
39
+
40
+ class ACLMethod < EmptyController
41
+ access_control :as_method => :acl do
42
+ allow all, :to => [:index, :show]
43
+ allow :admin, :except => [:index, :show]
44
+ end
45
+ end
46
+
47
+ class ACLMethod2 < EmptyController
48
+ access_control :acl do
49
+ allow all, :to => [:index, :show]
50
+ allow :admin, :except => [:index, :show]
51
+ end
52
+ end
53
+
54
+ class ACLArguments < EmptyController
55
+ access_control :except => [:index, :show] do
56
+ allow :admin, :if => :true_meth, :unless => :false_meth
57
+ end
58
+
59
+ include TrueFalse
60
+ end
61
+
62
+ class ACLBooleanMethod < EmptyController
63
+ access_control :acl, :filter => false do
64
+ allow all, :to => [:index, :show], :if => :true_meth
65
+ allow :admin, :unless => :false_meth
66
+ allow all, :if => :false_meth
67
+ allow all, :unless => :true_meth
68
+ end
69
+
70
+ before_filter :check_acl
71
+
72
+ def check_acl
73
+ if self.acl
74
+ true
75
+ else
76
+ raise Acl9::AccessDenied
77
+ end
78
+ end
79
+
80
+ include TrueFalse
81
+ end
82
+
83
+ ###########################################
84
+ class MyDearFoo
85
+ include Singleton
86
+ end
87
+
88
+ class ACLIvars < EmptyController
89
+ class VenerableBar; end
90
+
91
+ before_filter :set_ivars
92
+
93
+ access_control do
94
+ action :destroy do
95
+ allow :owner, :of => :foo
96
+ allow :bartender, :at => VenerableBar
97
+ end
98
+ end
99
+
100
+ private
101
+
102
+ def set_ivars
103
+ @foo = MyDearFoo.instance
104
+ end
105
+ end
106
+
107
+ class ACLSubjectMethod < ApplicationController
108
+ access_control :subject_method => :the_only_user do
109
+ allow :the_only_one
110
+ end
111
+
112
+ def index
113
+ render :text => 'OK'
114
+ end
115
+
116
+ private
117
+
118
+ def the_only_user
119
+ params[:user]
120
+ end
121
+ end
122
+
123
+ class ACLObjectsHash < ApplicationController
124
+ access_control :allowed?, :filter => false do
125
+ allow :owner, :of => :foo
126
+ end
127
+
128
+ def allow
129
+ @foo = nil
130
+ render :text => (allowed?(:foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
131
+ end
132
+
133
+ def current_user
134
+ params[:user]
135
+ end
136
+ end
137
+
138
+ class ACLActionOverride < ApplicationController
139
+ access_control :allowed?, :filter => false do
140
+ allow all, :to => :index
141
+ deny all, :to => :show
142
+ allow :owner, :of => :foo, :to => :edit
143
+ end
144
+
145
+ def check_allow
146
+ render :text => (allowed?(params[:_action]) ? 'OK' : 'AccessDenied')
147
+ end
148
+
149
+ def check_allow_with_foo
150
+ render :text => (allowed?(params[:_action], :foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
151
+ end
152
+
153
+ def current_user
154
+ params[:user]
155
+ end
156
+ end
157
+
158
+
159
+ class ACLHelperMethod < ApplicationController
160
+ access_control :helper => :foo? do
161
+ allow :owner, :of => :foo
162
+ end
163
+
164
+ def allow
165
+ @foo = MyDearFoo.instance
166
+
167
+ render :inline => "<%= foo? ? 'OK' : 'AccessDenied' %>"
168
+ end
169
+
170
+ def current_user
171
+ params[:user]
172
+ end
173
+ end
174
+
175
+ class ACLQueryMethod < ApplicationController
176
+ attr_accessor :current_user
177
+
178
+ access_control :acl, :query_method => true do
179
+ allow :editor, :to => [:edit, :update, :destroy]
180
+ allow :viewer, :to => [:index, :show]
181
+ allow :owner, :of => :foo, :to => :fooize
182
+ end
183
+ end
184
+
185
+ class ACLQueryMethodWithLambda < ApplicationController
186
+ attr_accessor :current_user
187
+
188
+ access_control :query_method => :acl? do
189
+ allow :editor, :to => [:edit, :update, :destroy]
190
+ allow :viewer, :to => [:index, :show]
191
+ allow :owner, :of => :foo, :to => :fooize
192
+ end
193
+ end
194
+
195
+ class ACLNamedQueryMethod < ApplicationController
196
+ attr_accessor :current_user
197
+
198
+ access_control :acl, :query_method => 'allow_ay' do
199
+ allow :editor, :to => [:edit, :update, :destroy]
200
+ allow :viewer, :to => [:index, :show]
201
+ allow :owner, :of => :foo, :to => :fooize
202
+ end
203
+
204
+ def acl?(*args)
205
+ allow_ay(*args)
206
+ end
207
+ end