aclatraz 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. data/.gitignore +0 -11
  2. data/CHANGELOG.rdoc +6 -0
  3. data/Rakefile +43 -41
  4. data/aclatraz.gemspec +20 -91
  5. data/lib/aclatraz.rb +7 -6
  6. data/lib/aclatraz/acl.rb +6 -8
  7. data/lib/aclatraz/store.rb +1 -0
  8. data/lib/aclatraz/store/cassandra.rb +2 -3
  9. data/lib/aclatraz/store/mongo.rb +56 -0
  10. data/lib/aclatraz/store/redis.rb +2 -3
  11. data/lib/aclatraz/store/riak.rb +2 -3
  12. data/spec/aclatraz/acl_spec.rb +34 -30
  13. data/spec/aclatraz/guard_spec.rb +136 -147
  14. data/spec/aclatraz/stores_spec.rb +54 -50
  15. data/spec/aclatraz/suspect_spec.rb +72 -70
  16. data/spec/aclatraz_spec.rb +14 -9
  17. data/spec/alcatraz_bm.rb +1 -1
  18. data/spec/spec_helper.rb +20 -0
  19. metadata +20 -26
  20. data/.document +0 -5
  21. data/VERSION +0 -1
data/spec/aclatraz/guard_spec.rb CHANGED
@@ -1,10 +1,10 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe "Aclatraz guard" do
4
- before(:all) { Aclatraz.init(:redis, "redis://localhost:6379/0") }
5
- let(:suspect) { @foo ||= StubSuspect.new }
6
-
7
4
  subject { Class.new(StubGuarded) }
5
+ let(:suspect) { @suspect ||= StubSuspect.new }
6
+ before(:all) { Aclatraz.init(:redis, "redis://localhost:6379/0") }
7
+ define_method(:deny_access) { raise_error(Aclatraz::AccessDenied) }
8
8
 
9
9
  it "#acl_guard? should be true" do
10
10
  subject.acl_guard?.should be_true
@@ -12,19 +12,19 @@ describe "Aclatraz guard" do
12
12
 
13
13
  it "should properly guard permissions" do
14
14
  guarded_class = subject
15
- guarded_class.name = "test1"
15
+ guarded_class.name = "FirstGuarded"
16
16
 
17
17
  guarded_class.suspects suspect do
18
- allow :role1
19
- deny :role2
18
+ allow :manager
19
+ deny :client
20
20
  on :bar do
21
- allow :role3
22
- deny :role4 => StubTarget
21
+ allow :bartender
22
+ deny :owner => StubTarget
23
23
  end
24
- on :bla do
25
- deny :role3
26
- allow :role2 => :target
27
- allow :role6 => 'bar'
24
+ on :kitchen do
25
+ deny :bartender
26
+ allow :client_of => :target
27
+ allow :cleaner_of => 'bar'
28
28
  end
29
29
  on :deny_all do
30
30
  deny all
@@ -34,7 +34,7 @@ describe "Aclatraz guard" do
34
34
  end
35
35
  end
36
36
  guarded_class.suspects do
37
- allow :role5
37
+ allow :boss
38
38
  end
39
39
 
40
40
  guarded_class.class_eval do
@@ -43,163 +43,152 @@ describe "Aclatraz guard" do
43
43
 
44
44
  guarded = guarded_class.new
45
45
 
46
- lambda { guarded.guard! }.should raise_error(Aclatraz::AccessDenied)
47
- suspect.is.role1!
48
- lambda { guarded.guard! }.should_not raise_error(Aclatraz::AccessDenied)
49
- suspect.is.role2!
50
- lambda { guarded.guard! }.should raise_error(Aclatraz::AccessDenied)
51
- suspect.is.role5!
52
- lambda { guarded.guard! }.should_not raise_error(Aclatraz::AccessDenied)
53
-
54
- lambda { guarded.guard!(:bar) }.should_not raise_error(Aclatraz::AccessDenied)
55
- suspect.is_not.role5!
56
- lambda { guarded.guard!(:bar) }.should raise_error(Aclatraz::AccessDenied)
57
- suspect.is_not.role2!
58
- lambda { guarded.guard!(:bar) }.should_not raise_error(Aclatraz::AccessDenied)
59
- suspect.is_not.role1!
60
- lambda { guarded.guard!(:bar) }.should raise_error(Aclatraz::AccessDenied)
61
- suspect.is.role3!
62
- lambda { guarded.guard!(:bar) }.should_not raise_error(Aclatraz::AccessDenied)
63
- suspect.is.role4!(StubTarget)
64
- lambda { guarded.guard!(:bar) }.should raise_error(Aclatraz::AccessDenied)
65
-
66
- lambda { guarded.guard!(:bla) }.should raise_error(Aclatraz::AccessDenied)
67
- suspect.is_not.role3!
68
- suspect.is.role1!
69
- lambda { guarded.guard!(:bla) }.should_not raise_error(Aclatraz::AccessDenied)
70
- suspect.is_not.role1!
71
- lambda { guarded.guard!(:bla) }.should raise_error(Aclatraz::AccessDenied)
72
- suspect.is.role2!(guarded.target)
73
- lambda { guarded.guard!(:bla) }.should_not raise_error(Aclatraz::AccessDenied)
74
- suspect.is_not.role2!(guarded.target)
46
+ lambda { guarded.guard! }.should deny_access
47
+ lambda { suspect.is.manager!; guarded.guard! }.should_not deny_access
48
+ lambda { suspect.is.client!; guarded.guard! }.should deny_access
49
+ lambda { suspect.is.boss!; guarded.guard! }.should_not deny_access
50
+
51
+ lambda { guarded.guard!(:bar) }.should_not deny_access
52
+ lambda { suspect.is_not.boss!; guarded.guard!(:bar) }.should deny_access
53
+ lambda { suspect.is_not.client!; guarded.guard!(:bar) }.should_not deny_access
54
+ lambda { suspect.is_not.manager!; guarded.guard!(:bar) }.should deny_access
55
+ lambda { suspect.is.bartender!; guarded.guard!(:bar) }.should_not deny_access
56
+ lambda { suspect.is.owner!(StubTarget); guarded.guard!(:bar) }.should deny_access
57
+
58
+ lambda { guarded.guard!(:kitchen) }.should deny_access
59
+ lambda {
60
+ suspect.is_not.bartender!
61
+ suspect.is.manager!
62
+ guarded.guard!(:kitchen)
63
+ }.should_not deny_access
64
+ lambda { suspect.is_not.manager!; guarded.guard!(:kitchen) }.should deny_access
65
+ lambda { suspect.is.client!(guarded.target); guarded.guard!(:kitchen) }.should_not deny_access
66
+
75
67
  bar = StubTarget.new
76
68
  guarded.instance_variable_set('@bar', bar)
77
- suspect.is.role6!(bar)
78
- lambda { guarded.guard!(:bla) }.should_not raise_error(Aclatraz::AccessDenied)
79
- suspect.is.role3!
80
- lambda { guarded.guard!(:bla) }.should_not raise_error(Aclatraz::AccessDenied)
81
- suspect.is_not.role6!(bar)
82
- suspect.is.role5!
83
- lambda { guarded.guard!(:bla) }.should raise_error(Aclatraz::AccessDenied)
84
- suspect.is_not.role3!
85
- lambda { guarded.guard!(:bla) }.should_not raise_error(Aclatraz::AccessDenied)
86
-
87
- suspect.is_not.role5!
88
- suspect.is_not.role4!(StubTarget)
89
- lambda { guarded.guard!(:bar, :bla) }.should raise_error(Aclatraz::AccessDenied)
90
- suspect.is.role1!
91
- lambda { guarded.guard!(:bar, :bla) }.should_not raise_error(Aclatraz::AccessDenied)
92
- suspect.is.role4!(StubTarget)
93
- lambda { guarded.guard!(:bar, :bla) }.should raise_error(Aclatraz::AccessDenied)
94
- suspect.is.role2!(guarded.target)
95
- lambda { guarded.guard!(:bar, :bla) }.should_not raise_error(Aclatraz::AccessDenied)
96
-
97
- lambda { guarded.guard!(:allow_all) }.should_not raise_error(Aclatraz::AccessDenied)
98
- lambda { guarded.guard!(:deny_all) }.should raise_error(Aclatraz::AccessDenied)
99
-
100
- lambda { guarded.guard!(:bar, :allow_all, :bla) }.should_not raise_error(Aclatraz::AccessDenied)
101
- suspect.is_not.role2!(guarded.target)
102
- lambda { guarded.guard!(:bar, :allow_all, :bla) }.should_not raise_error(Aclatraz::AccessDenied)
103
- suspect.is.role3!
104
- lambda { guarded.guard!(:bar, :allow_all, :bla) }.should raise_error(Aclatraz::AccessDenied)
105
-
106
- suspect.is_not.role3!
107
- lambda { guarded.guard!(:bar, :deny_all, :bla) }.should raise_error(Aclatraz::AccessDenied)
108
- suspect.is.role2!(guarded.target)
109
- lambda { guarded.guard!(:bar, :deny_all, :bla) }.should_not raise_error(Aclatraz::AccessDenied)
110
-
111
- lambda { guarded.guard! { deny :role2 => :target } }.should raise_error(Aclatraz::AccessDenied)
69
+
70
+ lambda {
71
+ suspect.is_not.client!(guarded.target)
72
+ suspect.is.cleaner!(bar)
73
+ guarded.guard!(:kitchen)
74
+ }.should_not deny_access
75
+
76
+ lambda { suspect.is.bartender!; guarded.guard!(:kitchen) }.should_not deny_access
77
+ lambda {
78
+ suspect.is_not.cleaner!(bar)
79
+ suspect.is.boss!
80
+ guarded.guard!(:kitchen)
81
+ }.should deny_access
82
+ lambda { suspect.is_not.bartender!; guarded.guard!(:kitchen) }.should_not deny_access
83
+
84
+ lambda {
85
+ suspect.is_not.boss!
86
+ suspect.is_not.owner!(StubTarget)
87
+ guarded.guard!(:bar, :kitchen)
88
+ }.should deny_access
89
+ lambda { suspect.is.manager!; guarded.guard!(:bar, :kitchen) }.should_not deny_access
90
+ lambda { suspect.is.owner!(StubTarget); guarded.guard!(:bar, :kitchen) }.should deny_access
91
+ lambda { suspect.is.client!(guarded.target); guarded.guard!(:bar, :kitchen) }.should_not deny_access
92
+
93
+ lambda { guarded.guard!(:allow_all) }.should_not deny_access
94
+ lambda { guarded.guard!(:deny_all) }.should deny_access
95
+
96
+ lambda { guarded.guard!(:bar, :allow_all, :kitchen) }.should_not deny_access
97
+ lambda {
98
+ suspect.is_not.client!(guarded.target)
99
+ guarded.guard!(:bar, :allow_all, :kitchen)
100
+ }.should_not deny_access
101
+ lambda {
102
+ suspect.is.bartender!
103
+ guarded.guard!(:bar, :allow_all, :kitchen)
104
+ }.should deny_access
105
+
106
+ lambda {
107
+ suspect.is_not.bartender!
108
+ guarded.guard!(:bar, :deny_all, :kitchen)
109
+ }.should deny_access
110
+ lambda {
111
+ suspect.is.client!(guarded.target)
112
+ guarded.guard!(:bar, :deny_all, :kitchen)
113
+ }.should_not deny_access
114
+
115
+ lambda { guarded.guard! { deny :client => :target } }.should deny_access
112
116
  end
113
117
 
114
- it "when invalid permission given then #guard! should raise InvalidPermission error" do
115
- guarded_class = subject
116
- guarded_class.name = "test2"
117
- guarded_class.suspects(suspect) { allow Object.new }
118
- guarded = guarded_class.new
119
- lambda { guarded.guard! }.should raise_error(Aclatraz::InvalidPermission)
118
+ it "should raise error when invalid permission given" do
119
+ lambda {
120
+ guarded_class = subject
121
+ guarded_class.name = "SecondGuarded"
122
+ guarded_class.suspects(suspect) { allow Object.new }
123
+ guarded = guarded_class.new
124
+ guarded.guard!
125
+ }.should raise_error(Aclatraz::InvalidPermission)
120
126
  end
121
127
 
122
- it "when invalid suspect given then #guard! should raise InvalidSuspect error" do
123
- guarded_class = subject
124
- guarded_class.name = "test3"
125
- guarded_class.suspects('bar') { }
126
- guarded = guarded_class.new
127
- lambda { guarded.guard! }.should raise_error(Aclatraz::InvalidSuspect)
128
+ it "should raise error when invalid suspect given" do
129
+ lambda {
130
+ guarded_class = subject
131
+ guarded_class.name = "ThirdGuarded"
132
+ guarded_class.suspects('invalid_suspect') { }
133
+ guarded = guarded_class.new
134
+ guarded.guard!
135
+ }.should raise_error(Aclatraz::InvalidSuspect)
128
136
  end
129
137
 
130
- it "when ACL is not defined then #guard! should raise UndefinedAccessControlList error" do
131
- guarded_class = subject
132
- guarded_class.name = "test4"
133
- guarded = guarded_class.new
134
- lambda { guarded.guard! }.should raise_error(Aclatraz::UndefinedAccessControlList)
138
+ it "should raise error when ACL is not defined" do
139
+ lambda {
140
+ guarded_class = subject
141
+ guarded_class.name = "FourthGuarded"
142
+ guarded = guarded_class.new
143
+ guarded.guard!
144
+ }.should raise_error(Aclatraz::UndefinedAccessControlList)
135
145
  end
136
146
 
137
- it "when given suspect name is symbol then #suspect should reference to instance method" do
147
+ it "suspect should reference to instance method when given suspect name is kind of symbol" do
138
148
  guarded_class = subject
139
- guarded_class.name = "test5"
140
- guarded_class.suspects(:foo) {}
149
+ guarded_class.name = "FifthGuarded"
150
+ guarded_class.suspects(:user) {}
141
151
  guarded = guarded_class.new
142
- guarded.class.class_eval { def foo; @foo ||= StubSuspect.new; end }
143
- guarded.suspect.should == guarded.foo
152
+ guarded.class.class_eval { def user; @user ||= StubSuspect.new; end }
153
+ guarded.suspect.should == guarded.user
144
154
  end
145
155
 
146
- it "when given suspect name is string #suspect should reference to instance variable" do
156
+ it "suspect should reference to instance variable when given suspect name is kind of string" do
147
157
  guarded_class = subject
148
- guarded_class.name = "test6"
149
- guarded_class.suspects('foo') {}
158
+ guarded_class.name = "SixthGuarded"
159
+ guarded_class.suspects('user') {}
150
160
  guarded = guarded_class.new
151
- guarded.instance_variable_set("@foo", StubSuspect.new)
152
- guarded.suspect.should == guarded.instance_variable_get("@foo")
161
+ guarded.instance_variable_set("@user", StubSuspect.new)
162
+ guarded.suspect.should == guarded.instance_variable_get("@user")
153
163
  end
154
164
 
155
- it "when given suspect is an object then #suspect should refence to it" do
156
- bar = StubSuspect.new
165
+ it "suspect should reference to given object if passed" do
166
+ suspect = StubSuspect.new
157
167
  guarded_class = subject
158
- guarded_class.name = "test7"
159
- guarded_class.suspects(bar) {}
168
+ guarded_class.name = "SeventhGuarded"
169
+ guarded_class.suspects(suspect) {}
160
170
  guarded = guarded_class.new
161
- guarded.suspect.should == bar
171
+ guarded.suspect.should == suspect
162
172
  end
163
173
 
164
- context "inherited guards" do
165
- class FooParent
166
- include Aclatraz::Guard
167
-
168
- suspects :user do
169
- allow :nested1
170
- deny :nested2
171
- end
172
-
173
- def user; @user ||= StubSuspect.new; end
174
- end
174
+ it "should properly resolve inherited permissions" do
175
+ parent = GuardedParent.new
176
+ child = GuardedChild.new
175
177
 
176
- class BarChild < FooParent
177
- suspects do
178
- deny :nested1
179
- allow :nested3
180
- end
181
- end
178
+ child.user.is_not.cooker!
179
+ child.user.is_not.waiter!
180
+ child.user.is_not.manager!
182
181
 
183
- it "should work properly" do
184
- foo = FooParent.new
185
- bar = BarChild.new
186
-
187
- lambda { foo.guard! }.should raise_error(Aclatraz::AccessDenied)
188
- foo.user.is.nested1!
189
- lambda { foo.guard! }.should_not raise_error(Aclatraz::AccessDenied)
190
- foo.user.is.nested2!
191
- lambda { foo.guard! }.should raise_error(Aclatraz::AccessDenied)
192
-
193
- bar.user.is_not.nested1!
194
- bar.user.is_not.nested2!
195
-
196
- lambda { bar.guard! }.should raise_error(Aclatraz::AccessDenied)
197
- bar.user.is.nested1!
198
- lambda { bar.guard! }.should raise_error(Aclatraz::AccessDenied)
199
- bar.user.is.nested2!
200
- lambda { bar.guard! }.should raise_error(Aclatraz::AccessDenied)
201
- bar.user.is.nested3!
202
- lambda { bar.guard! }.should_not raise_error(Aclatraz::AccessDenied)
203
- end
182
+ lambda { parent.guard! }.should deny_access
183
+ lambda { parent.user.is.cooker!; parent.guard! }.should_not deny_access
184
+ lambda { parent.user.is.waiter!; parent.guard! }.should deny_access
185
+
186
+ child.user.is_not.cooker!
187
+ child.user.is_not.waiter!
188
+
189
+ lambda { child.guard! }.should deny_access
190
+ lambda { child.user.is.cooker!; child.guard! }.should deny_access
191
+ lambda { child.user.is.waiter!; child.guard! }.should deny_access
192
+ lambda { child.user.is.manager!; child.guard! }.should_not deny_access
204
193
  end
205
194
  end
data/spec/aclatraz/stores_spec.rb CHANGED
@@ -1,53 +1,52 @@
1
1
  require 'spec_helper'
2
2
 
3
- STORE_SPECS = proc do
4
- it "should properly assign given roles to owner and check permissions" do
3
+ COMMON_STORE_SPECS = proc do
4
+ it "should assign roles to owner and properly check permissions" do
5
5
  subject.clear
6
- subject.set("foo", owner)
7
- subject.check("foo", owner).should be_true
6
+ subject.set("admin", owner)
7
+ subject.set("manager", owner, StubTarget)
8
+ subject.set("creator", owner, target)
8
9
 
9
- subject.set("bar", owner, StubTarget)
10
- subject.check("bar", owner, StubTarget).should be_true
11
-
12
- subject.set("bla", owner, target)
13
- subject.check("bla", owner, target).should be_true
14
-
15
- subject.check("foo", owner, target).should be_false
16
- subject.check("foo", owner, StubTarget).should be_false
17
- subject.check("bar", owner).should be_false
10
+ subject.check("admin", owner).should be_true
11
+ subject.check("manager", owner, StubTarget).should be_true
12
+ subject.check("creator", owner, target).should be_true
13
+
14
+ subject.check("owner", owner, target).should be_false
15
+ subject.check("tester", owner, StubTarget).should be_false
16
+ subject.check("waiter", owner).should be_false
18
17
  end
19
18
 
20
- it "should properly delete given permission" do
19
+ it "should delete given permission" do
21
20
  subject.clear
22
- subject.set("foo", owner)
23
- subject.set("bar", owner, StubTarget)
24
- subject.set("bla", owner, target)
21
+ subject.set("admin", owner)
22
+ subject.set("manager", owner, StubTarget)
23
+ subject.set("creator", owner, target)
25
24
 
26
- subject.delete("foo", owner)
27
- subject.delete("bar", owner, StubTarget)
28
- subject.delete("bla", owner, target)
25
+ subject.delete("admin", owner)
26
+ subject.delete("manager", owner, StubTarget)
27
+ subject.delete("creator", owner, target)
29
28
 
30
- subject.check("bar", owner).should be_false
31
- subject.check("bar", owner, StubTarget).should be_false
32
- subject.check("bar", owner, target).should be_false
29
+ subject.check("admin", owner).should be_false
30
+ subject.check("manager", owner, StubTarget).should be_false
31
+ subject.check("creator", owner, target).should be_false
33
32
  end
34
33
 
35
- it "should allow to fetch whole list of roles" do
36
- subject.set("foo", owner)
37
- subject.set("bar", owner)
38
- subject.set("bla", owner)
34
+ it "should allow to fetch list of all roles" do
35
+ subject.clear
36
+ subject.set("waiter", owner)
37
+ subject.set("cooker", owner)
38
+ subject.set("worker", owner)
39
39
 
40
- subject.roles.should_not be_empty
41
- (subject.roles - ["foo", "bar", "bla"]).should be_empty
40
+ (subject.roles - ["waiter", "cooker", "worker"]).should be_empty
42
41
  end
43
42
 
44
43
  it "should allow to fetch list of roles for specified member" do
45
- subject.set("foo", owner)
46
- subject.set("bar", owner)
47
- subject.set("bla", owner)
44
+ subject.clear
45
+ subject.set("waiter", owner)
46
+ subject.set("cooker", owner)
47
+ subject.set("worker", owner)
48
48
 
49
- subject.roles(owner).should_not be_empty
50
- (subject.roles(owner) - ["foo", "bar", "bla"]).should be_empty
49
+ (subject.roles(owner) - ["waiter", "cooker", "worker"]).should be_empty
51
50
  end
52
51
  end
53
52
 
@@ -57,8 +56,7 @@ describe "Aclatraz" do
57
56
 
58
57
  context "for Redis store" do
59
58
  subject { Aclatraz.init(:redis, "redis://localhost:6379/0") }
60
-
61
- class_eval &STORE_SPECS
59
+ class_eval(&COMMON_STORE_SPECS)
62
60
 
63
61
  it "should respect persistent connection given on initalize" do
64
62
  Aclatraz.instance_variable_set("@store", nil)
@@ -74,22 +72,9 @@ describe "Aclatraz" do
74
72
  end
75
73
  end
76
74
 
77
- context "for Riak store" do
78
- subject { Aclatraz.init(:riak, "roles") }
79
-
80
- class_eval &STORE_SPECS
81
-
82
- it "should respect persistent connection given on initalize" do
83
- Aclatraz.instance_variable_set("@store", nil)
84
- Aclatraz.init(:riak, "roles", Riak::Client.new)
85
- Aclatraz.store.instance_variable_get('@backend').should be_kind_of(Riak::Bucket)
86
- end
87
- end
88
-
89
75
  context "for Cassandra store" do
90
76
  subject { Aclatraz.init(:cassandra, "Super1", "Keyspace1") }
91
-
92
- class_eval &STORE_SPECS
77
+ class_eval(&COMMON_STORE_SPECS)
93
78
 
94
79
  it "should respect persistent connection given on initialize" do
95
80
  Aclatraz.instance_variable_set("@store", nil)
@@ -97,4 +82,23 @@ describe "Aclatraz" do
97
82
  Aclatraz.store.instance_variable_get('@backend').should be_kind_of(Cassandra)
98
83
  end
99
84
  end
85
+
86
+ context "for MongoDB store" do
87
+ subject {
88
+ require 'mongo'
89
+ Aclatraz.init(:mongo, "roles", @mongo ||= Mongo::Connection.new.db("aclatraz_test"))
90
+ }
91
+ class_eval(&COMMON_STORE_SPECS)
92
+ end
93
+
94
+ context "for Riak store" do
95
+ subject { Aclatraz.init(:riak, "roles") }
96
+ class_eval(&COMMON_STORE_SPECS)
97
+
98
+ it "should respect persistent connection given on initalize" do
99
+ Aclatraz.instance_variable_set("@store", nil)
100
+ Aclatraz.init(:riak, "roles", Riak::Client.new)
101
+ Aclatraz.store.instance_variable_get('@backend').should be_kind_of(Riak::Bucket)
102
+ end
103
+ end
100
104
  end