acl9 0.12.3 → 1.0.0

data/test/helpers/helper_test.rb

@@ -0,0 +1,89 @@
+require 'test_helper'
+
+class HelperTest < ActionView::TestCase
+  setup do
+    @helper = Class.new do
+      include ActionView::Helpers
+      include SomeHelper
+
+      attr_accessor :current_user
+      attr_accessor :action_name
+      def controller
+        self
+      end
+
+      def set_hamlet
+        ( self.current_user = User.create ).has_role! :hamlet
+      end
+    end.new
+
+  end
+
+  test "has :the_question method" do
+    assert @helper.respond_to? :the_question
+  end
+
+  test "role :hamlet is allowed to be" do
+    assert @helper.set_hamlet
+
+    assert @helper.action_name = 'be'
+    assert @helper.the_question
+  end
+
+  test "role :hamlet is allowed to not_be" do
+    assert @helper.set_hamlet
+
+    assert @helper.action_name = 'not_be'
+    assert @helper.the_question
+  end
+
+  test "not logged in is not allowed to be" do
+    assert_nil @helper.current_user = nil
+
+    assert @helper.action_name = 'be'
+    refute @helper.the_question
+  end
+
+  test "noone is not allowed to be" do
+    assert ( @helper.current_user = User.create )
+
+    assert @helper.action_name = 'be'
+    refute @helper.the_question
+  end
+
+  test "has :show_to method" do
+    assert @helper.respond_to? :show_to
+  end
+
+  test "has :show_to hamlet 'hello hamlet' message" do
+    assert @helper.set_hamlet
+
+    assert message = 'hello hamlet'
+    assert_equal message, @helper.show_to('hamlet') { message }
+  end
+
+  test "has to show message if user has hamlet role on object" do
+    assert foo = Foo.create
+    assert ( @helper.current_user = User.create ).has_role! :hamlet, foo
+
+    assert message = 'hello hamlet'
+    assert_equal message, @helper.show_to(:hamlet, :of => foo) { message }
+  end
+
+  test "has not to show message if user has no hamlet role on object" do
+    assert @helper.set_hamlet
+
+    assert foo = Foo.create
+    assert @helper.current_user.has_role! :hamlet, foo
+
+    assert_nil @helper.show_to('hamlet', :of => Foo.new) { 'hello my prince' }
+  end
+
+  test "has :show_to nothing to NotLoggedIn" do
+    assert_nil @helper.current_user = nil
+
+    assert @helper.action_name = 'be'
+    assert message = 'hello hamlet'
+    assert_nil @helper.show_to(:hamlet) { message }
+  end
+end

data/test/models/roles_test.rb

@@ -0,0 +1,251 @@
+require 'test_helper'
+
+class RolesTest < ActiveSupport::TestCase
+  setup do
+    assert @user = User.create
+    assert @user2 = User.create
+    assert @foo = Foo.create
+    assert @bar = Bar.create
+  end
+
+  test "should not have any roles by default" do
+    %w(user manager admin owner).each do |role|
+      refute @user.has_role? role
+    end
+  end
+
+  test "#has_role! without object (global role)" do
+    assert_difference -> { Role.count } do
+      assert @user.has_role! :admin
+    end
+
+    assert @user.has_role? :admin
+    refute @user2.has_role? :admin
+  end
+
+  test "should not count global role as object role" do
+    assert @user.has_role! :admin
+
+    [@foo, @bar, Foo, Bar, @user].each do |obj|
+      refute @user.has_role? :admin, obj
+      refute @user.has_roles_for?(obj)
+      assert_equal [], @user.roles_for(obj)
+    end
+
+    [@foo, @bar].each do |obj|
+      refute obj.accepts_role? :admin, @user
+    end
+  end
+
+  test "#has_role! with object (object role)" do
+    assert @user.has_role! :manager, @foo
+
+    assert @user.has_role? :manager, @foo
+    assert @user.has_roles_for? @foo
+    assert @user.has_role_for? @foo
+
+    assert roles = @user.roles_for( @foo )
+    assert_equal roles, @foo.accepted_roles_by(@user)
+    assert_equal 1, roles.size
+    assert_equal 'manager', roles.first.name
+
+    refute @user.has_role? :manager, @bar
+    refute @user2.has_role? :manager, @foo
+
+    assert @foo.accepts_role? :manager, @user
+    assert @foo.accepts_role_by? @user
+    assert @foo.accepts_roles_by? @user
+  end
+
+  test "should count object role also as global role when :protect_global_roles == false" do
+    Acl9.config[:protect_global_roles] = false
+
+    assert @user.has_role! :manager, @foo
+    assert @user.has_role? :manager
+
+    Acl9.config[:protect_global_roles] = true
+  end
+
+  test "should not count object role as object class role" do
+    assert @user.has_role! :manager, @foo
+    refute @user.has_role? :manager, Foo
+  end
+
+  test "don't count object role as global" do
+    assert @user.has_role! :manager, @foo
+    refute @user.has_role? :manager
+  end
+
+  test "#has_role! with class" do
+    assert @user.has_role! :user, Bar
+
+    assert @user.has_role? :user, Bar
+    assert @user.has_roles_for? Bar
+    assert @user.has_role_for? Bar
+
+    assert roles = @user.roles_for( Bar)
+    assert_equal 1, roles.size
+    assert_equal "user", roles.first.name
+
+    refute @user.has_role? :user, Foo
+    refute @user2.has_role? :user, Bar
+  end
+
+  test "should not count class role as object role" do
+    assert @user.has_role! :manager, Foo
+    refute @user.has_role? :manager, @foo
+  end
+
+  test "should be able to have several roles on the same object" do
+    assert @user.has_role! :manager, @foo
+    assert @user.has_role! :user,    @foo
+    assert @user.has_role! :admin,   @foo
+
+    assert @user.has_role! :owner,   @bar
+
+    assert_equal_elements %w(admin manager user), @user.roles_for(@foo).map(&:name)
+    assert_equal_elements %w(admin manager user), @foo.accepted_roles_by(@user).map(&:name)
+  end
+
+  test "should reuse existing roles" do
+    @user.has_role! :owner, @bar
+    @user2.has_role! :owner, @bar
+
+    assert_equal @user2.role_objects, @user.role_objects
+  end
+
+  test "#has_no_role! should unassign a global role from user" do
+    set_some_roles
+
+    assert_difference -> { @user.role_objects.count }, -1 do
+      assert @user.has_no_role! '3133t'
+    end
+
+    refute @user.has_role? '3133t'
+  end
+
+  test "#has_no_role! should unassign an object role from user" do
+    set_some_roles
+
+    assert_difference -> { @user.role_objects.count }, -1 do
+      assert @user.has_no_role! :manager, @foo
+    end
+
+    refute @user.has_role? :manager, @foo
+    assert @user.has_role? :user, @foo      # another role on the same object
+  end
+
+  test "#has_no_role! should unassign a class role from user" do
+    set_some_roles
+
+    assert_difference -> { @user.role_objects.count }, -1 do
+      assert @user.has_no_role! :admin, Foo
+    end
+
+    refute @user.has_role? :admin, Foo
+    assert @user.has_role? :admin           # global role
+  end
+
+  test "#has_no_roles_for! should unassign global and class roles with nil object" do
+    set_some_roles
+
+    assert_difference -> { @user.role_objects.count }, -4 do
+      assert @user.has_no_roles_for!
+    end
+
+    refute @user.has_role? :admin
+    refute @user.has_role? '3133t'
+    refute @user.has_role? :admin, Foo
+    refute @user.has_role? :manager, Foo
+  end
+
+  test "#has_no_roles_for! should unassign object roles" do
+    set_some_roles
+
+    assert_difference -> { @user.role_objects.count }, -2 do
+      assert @user.has_no_roles_for! @foo
+    end
+
+    refute @user.has_role? :user, @foo
+    refute @user.has_role? :manager, @foo
+  end
+
+  test "#has_no_roles_for! should unassign both class roles and object roles for objects of that class" do
+    set_some_roles
+
+    assert_difference -> { @user.role_objects.count }, -4 do
+      assert @user.has_no_roles_for! Foo
+    end
+
+    refute @user.has_role? :admin, Foo
+    refute @user.has_role? :manager, Foo
+    refute @user.has_role? :user, @foo
+    refute @user.has_role? :manager, @foo
+  end
+
+  test "#has_no_roles! should unassign all roles" do
+    set_some_roles
+
+    @user.has_no_roles!
+    assert_equal 0, @user.role_objects.count
+  end
+
+  test "should delete unused roles from table" do
+    assert @user.has_role! :owner, @bar
+    assert @user2.has_role! :owner, @bar
+
+    assert_equal 1, Role.count
+
+    @bar.accepts_no_role! :owner, @user2
+    assert_equal 1, Role.count
+
+    @bar.accepts_no_role! :owner, @user
+
+    assert_equal 0, Role.count
+  end
+
+  test "should be able to get users that have a role on a authorized object" do
+    assert @user.has_role! :owner, @bar
+    assert @user2.has_role! :owner, @bar
+
+    assert_equal 2, @bar.users.count
+  end
+
+  test "should be able to get users that have a role on a authorized object with text primary key" do
+    assert uuid = Uuid.create( id: "C41642EE-2780-0001-189F-17F3101B26E0" )
+
+    assert @user.has_role! :owner, uuid
+    assert @user2.has_role! :owner, uuid
+
+    assert_equal 2, uuid.users.count
+  end
+
+  test "should accept :symbols as role names" do
+    assert @user.has_role! :admin
+    assert @user.has_role! :_3133t
+
+    assert @user.has_role! :admin, Foo
+    assert @user.has_role! :manager, Foo
+    assert @user.has_role! :user, @foo
+    assert @foo.accepts_role! :manager, @user
+    assert @bar.accepts_role! :owner,   @user
+
+    assert @user.has_role?(:admin)
+    assert @user.has_role?(:_3133t)
+    assert @user.has_role?(:admin, Foo)
+    assert @user.has_role?(:manager, @foo)
+  end
+
+  private
+
+  def set_some_roles
+    assert @user.has_role! :admin
+    assert @user.has_role! '3133t'
+
+    assert @user.has_role! :admin, Foo
+    assert @user.has_role! :manager, Foo
+    assert @user.has_role! :user, @foo
+    assert @foo.accepts_role! :manager, @user
+    assert @bar.accepts_role! :owner,   @user
+  end
+end

data/test/models/roles_with_custom_association_names_test.rb

@@ -0,0 +1,28 @@
+require 'test_helper'
+
+class RolesWithCustomAssociationNamesTest < ActiveSupport::TestCase
+  setup do
+    Access.destroy_all
+    [Account, FooBar].each { |model| model.delete_all }
+
+    assert @subj = Account.create!
+    assert @subj2 = Account.create!
+    assert @foobar = FooBar.create!
+  end
+
+  test "should basically work" do
+    assert_difference -> { Access.count }, 2 do
+      assert @subj.has_role! :admin
+      assert @subj.has_role! :user, @foobar
+    end
+
+    assert @subj.has_role? :admin
+    refute @subj2.has_role? :admin
+
+    assert @subj.has_role? :user, @foobar
+    refute @subj2.has_role? :user, @foobar
+
+    @subj.has_no_roles!
+    @subj2.has_no_roles!
+  end
+end

data/test/models/roles_with_custom_class_names_test.rb

@@ -0,0 +1,28 @@
+require 'test_helper'
+
+class RolesWithCustomClassNamesTest < ActiveSupport::TestCase
+  setup do
+    Access.destroy_all
+    [Account, FooBar].each { |model| model.delete_all }
+
+    @subj = Account.create!
+    @subj2 = Account.create!
+    @foobar = FooBar.create!
+  end
+
+  test "should basically work" do
+    assert_difference -> { Access.count }, 2 do
+      assert @subj.has_role! :admin
+      assert @subj.has_role! :user, @foobar
+    end
+
+    assert @subj.has_role? :admin
+    refute @subj2.has_role? :admin
+
+    assert @subj.has_role? :user, @foobar
+    refute @subj2.has_role? :user, @foobar
+
+    assert @subj.has_no_roles!
+    assert @subj2.has_no_roles!
+  end
+end

data/test/models/system_roles_test.rb

@@ -0,0 +1,16 @@
+require 'test_helper'
+
+class SystemRolesTest < ActiveSupport::TestCase
+  test "should not delete a system role" do
+    assert role = Role.create( :name => "admin", :system => true)
+    assert role.system
+    assert_equal 1, Role.count
+
+    assert user = User.create
+    assert user.has_role! :admin
+    assert_equal 1, Role.count
+
+    refute user.has_no_role! :admin
+    assert_equal 1, Role.count
+  end
+end

data/test/models/users_roles_and_subjects_with_namespaced_class_names_test.rb

@@ -0,0 +1,30 @@
+require 'test_helper'
+
+class UsersRolesAndSubjectsWithNamespacedClassNamesTest < ActiveSupport::TestCase
+  setup do
+    assert Other::Role.destroy_all
+    [Other::User, Other::Foo].each { |model| model.delete_all }
+
+    assert @user = Other::User.create!
+    assert @user2 = Other::User.create!
+    assert @foobar = Other::Foo.create!
+  end
+
+  test "should basically work" do
+    assert_difference -> { Other::Role.count }, 2 do
+      assert @user.has_role! :admin
+      assert @user.has_role! :user, @foobar
+    end
+
+    assert @user.has_role?('admin')
+    refute @user2.has_role?('admin')
+
+    assert @user.has_role?(:user, @foobar)
+    refute @user2.has_role?(:user, @foobar)
+
+    assert_equal 1, @foobar.accepted_roles.count
+
+    @user.has_no_roles!
+    @user2.has_no_roles!
+  end
+end

data/test/test_helper.rb

@@ -1,30 +1,83 @@
-require 'rubygems'
-require 'bundler/setup'
-require 'test/unit'
-require 'context'
-require 'matchy'
-require 'active_support'
-require 'active_record'
-require 'action_controller'
-require 'action_controller/test_process'
-require 'turn'
-
-ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :database => 'test.sqlite3')
-
-class Test::Unit::TestCase
-  custom_matcher :be_false do |receiver, matcher, args|
-    !receiver
+require "codeclimate-test-reporter"
+CodeClimate::TestReporter.start
+
+ENV["RAILS_ENV"] = "test"
+
+require 'minitest/autorun'
+
+require File.expand_path("../dummy/config/environment.rb",  __FILE__)
+require "rails/test_help"
+
+Rails.backtrace_cleaner.remove_silencers! if ENV["BACKTRACE"]
+
+ActiveRecord::Migrator.migrate File.expand_path("../dummy/db/migrate/", __FILE__)
+
+class ActionController::TestCase
+  class << self
+    def test_allowed method, action, params=nil, cookies=nil
+      test "allowed #{action} #{method}" do
+        if block_given?
+          yield user = User.create
+          ( params ||= {} ).merge! :user_id => user.id
+        end
+        assert send( method, action, params, cookies )
+        assert_response :ok
+      end
+    end
+
+    def test_denied method, action, params=nil, cookies=nil
+      test "denied #{action} #{method}" do
+        assert_raises Acl9::AccessDenied do
+          if block_given?
+            yield user = User.create
+            ( params ||= {} ).merge! :user_id => user.id
+          end
+          assert send( method, action, params, cookies )
+        end
+      end
+    end
   end
+end
 
-  custom_matcher :be_true do |receiver, matcher, args|
-    !!receiver
+class ActiveSupport::TestCase
+  def assert_equal_elements expected, test, message=nil
+    assert_equal [], expected - test, message
   end
 end
 
-ActionController::Routing::Routes.draw do |map|
-  map.connect ":controller/:action/:id"
+module BaseTests
+  def self.included(klass)
+    klass.class_eval do
+      test_allowed :get, :index
+      test_allowed :get, :show, :id => 1
+      test_denied :get, :new
+      test_denied :get, :edit, :id => 1
+      test_denied :post, :create
+      test_denied :put, :update, :id => 1
+      test_denied :patch, :update, :id => 1
+      test_denied :delete, :destroy, :id => 1
+
+      admin = -> (user) { user.has_role! :admin }
+      test_allowed :get, :new, &admin
+      test_allowed :get, :edit, :id => 1, &admin
+      test_allowed :post, :create, &admin
+      test_allowed :put, :update, :id => 1, &admin
+      test_allowed :patch, :update, :id => 1, &admin
+      test_allowed :delete, :destroy, :id => 1, &admin
+    end
+  end
 end
 
-ActiveRecord::Base.logger = Logger.new(File.dirname(__FILE__) + "/debug.log")
-ActionController::Base.logger = ActiveRecord::Base.logger
-ActiveRecord::Base.silence { ActiveRecord::Migration.verbose = false }
+module ShouldRespondToAcl
+  def self.included(klass)
+    klass.class_eval do
+      test "#{klass} has :acl method" do
+        assert @controller.respond_to? :acl
+      end
+
+      test "#{klass} has no :acl? method" do
+        refute @controller.respond_to? :acl?
+      end
+    end
+  end
+end

data/test/version_test.rb

@@ -1,7 +1,7 @@
 require 'test_helper'
 
-class VersionTest < Test::Unit::TestCase
-  it "Should have a version" do
+class VersionTest < ActiveSupport::TestCase
+  test "has a version" do
     assert defined? Acl9::VERSION
   end
 end