aclatraz 0.1.3 → 0.1.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (21) hide show
  1. data/.gitignore +0 -11
  2. data/CHANGELOG.rdoc +6 -0
  3. data/Rakefile +43 -41
  4. data/aclatraz.gemspec +20 -91
  5. data/lib/aclatraz.rb +7 -6
  6. data/lib/aclatraz/acl.rb +6 -8
  7. data/lib/aclatraz/store.rb +1 -0
  8. data/lib/aclatraz/store/cassandra.rb +2 -3
  9. data/lib/aclatraz/store/mongo.rb +56 -0
  10. data/lib/aclatraz/store/redis.rb +2 -3
  11. data/lib/aclatraz/store/riak.rb +2 -3
  12. data/spec/aclatraz/acl_spec.rb +34 -30
  13. data/spec/aclatraz/guard_spec.rb +136 -147
  14. data/spec/aclatraz/stores_spec.rb +54 -50
  15. data/spec/aclatraz/suspect_spec.rb +72 -70
  16. data/spec/aclatraz_spec.rb +14 -9
  17. data/spec/alcatraz_bm.rb +1 -1
  18. data/spec/spec_helper.rb +20 -0
  19. metadata +20 -26
  20. data/.document +0 -5
  21. data/VERSION +0 -1
data/spec/aclatraz/guard_spec.rb CHANGED
@@ -1,10 +1,10 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe "Aclatraz guard" do
4
- before(:all) { Aclatraz.init(:redis, "redis://localhost:6379/0") }
5
- let(:suspect) { @foo ||= StubSuspect.new }
6
-
7
4
  subject { Class.new(StubGuarded) }
5
+ let(:suspect) { @suspect ||= StubSuspect.new }
6
+ before(:all) { Aclatraz.init(:redis, "redis://localhost:6379/0") }
7
+ define_method(:deny_access) { raise_error(Aclatraz::AccessDenied) }
8
8
 
9
9
  it "#acl_guard? should be true" do
10
10
  subject.acl_guard?.should be_true
@@ -12,19 +12,19 @@ describe "Aclatraz guard" do
12
12
 
13
13
  it "should properly guard permissions" do
14
14
  guarded_class = subject
15
- guarded_class.name = "test1"
15
+ guarded_class.name = "FirstGuarded"
16
16
 
17
17
  guarded_class.suspects suspect do
18
- allow :role1
19
- deny :role2
18
+ allow :manager
19
+ deny :client
20
20
  on :bar do
21
- allow :role3
22
- deny :role4 => StubTarget
21
+ allow :bartender
22
+ deny :owner => StubTarget
23
23
  end
24
- on :bla do
25
- deny :role3
26
- allow :role2 => :target
27
- allow :role6 => 'bar'
24
+ on :kitchen do
25
+ deny :bartender
26
+ allow :client_of => :target
27
+ allow :cleaner_of => 'bar'
28
28
  end
29
29
  on :deny_all do
30
30
  deny all
@@ -34,7 +34,7 @@ describe "Aclatraz guard" do
34
34
  end
35
35
  end
36
36
  guarded_class.suspects do
37
- allow :role5
37
+ allow :boss
38
38
  end
39
39
 
40
40
  guarded_class.class_eval do
@@ -43,163 +43,152 @@ describe "Aclatraz guard" do
43
43
 
44
44
  guarded = guarded_class.new
45
45
 
46
- lambda { guarded.guard! }.should raise_error(Aclatraz::AccessDenied)
47
- suspect.is.role1!
48
- lambda { guarded.guard! }.should_not raise_error(Aclatraz::AccessDenied)
49
- suspect.is.role2!
50
- lambda { guarded.guard! }.should raise_error(Aclatraz::AccessDenied)
51
- suspect.is.role5!
52
- lambda { guarded.guard! }.should_not raise_error(Aclatraz::AccessDenied)
53
-
54
- lambda { guarded.guard!(:bar) }.should_not raise_error(Aclatraz::AccessDenied)
55
- suspect.is_not.role5!
56
- lambda { guarded.guard!(:bar) }.should raise_error(Aclatraz::AccessDenied)
57
- suspect.is_not.role2!
58
- lambda { guarded.guard!(:bar) }.should_not raise_error(Aclatraz::AccessDenied)
59
- suspect.is_not.role1!
60
- lambda { guarded.guard!(:bar) }.should raise_error(Aclatraz::AccessDenied)
61
- suspect.is.role3!
62
- lambda { guarded.guard!(:bar) }.should_not raise_error(Aclatraz::AccessDenied)
63
- suspect.is.role4!(StubTarget)
64
- lambda { guarded.guard!(:bar) }.should raise_error(Aclatraz::AccessDenied)
65
-
66
- lambda { guarded.guard!(:bla) }.should raise_error(Aclatraz::AccessDenied)
67
- suspect.is_not.role3!
68
- suspect.is.role1!
69
- lambda { guarded.guard!(:bla) }.should_not raise_error(Aclatraz::AccessDenied)
70
- suspect.is_not.role1!
71
- lambda { guarded.guard!(:bla) }.should raise_error(Aclatraz::AccessDenied)
72
- suspect.is.role2!(guarded.target)
73
- lambda { guarded.guard!(:bla) }.should_not raise_error(Aclatraz::AccessDenied)
74
- suspect.is_not.role2!(guarded.target)
46
+ lambda { guarded.guard! }.should deny_access
47
+ lambda { suspect.is.manager!; guarded.guard! }.should_not deny_access
48
+ lambda { suspect.is.client!; guarded.guard! }.should deny_access
49
+ lambda { suspect.is.boss!; guarded.guard! }.should_not deny_access
50
+
51
+ lambda { guarded.guard!(:bar) }.should_not deny_access
52
+ lambda { suspect.is_not.boss!; guarded.guard!(:bar) }.should deny_access
53
+ lambda { suspect.is_not.client!; guarded.guard!(:bar) }.should_not deny_access
54
+ lambda { suspect.is_not.manager!; guarded.guard!(:bar) }.should deny_access
55
+ lambda { suspect.is.bartender!; guarded.guard!(:bar) }.should_not deny_access
56
+ lambda { suspect.is.owner!(StubTarget); guarded.guard!(:bar) }.should deny_access
57
+
58
+ lambda { guarded.guard!(:kitchen) }.should deny_access
59
+ lambda {
60
+ suspect.is_not.bartender!
61
+ suspect.is.manager!
62
+ guarded.guard!(:kitchen)
63
+ }.should_not deny_access
64
+ lambda { suspect.is_not.manager!; guarded.guard!(:kitchen) }.should deny_access
65
+ lambda { suspect.is.client!(guarded.target); guarded.guard!(:kitchen) }.should_not deny_access
66
+
75
67
  bar = StubTarget.new
76
68
  guarded.instance_variable_set('@bar', bar)
77
- suspect.is.role6!(bar)
78
- lambda { guarded.guard!(:bla) }.should_not raise_error(Aclatraz::AccessDenied)
79
- suspect.is.role3!
80
- lambda { guarded.guard!(:bla) }.should_not raise_error(Aclatraz::AccessDenied)
81
- suspect.is_not.role6!(bar)
82
- suspect.is.role5!
83
- lambda { guarded.guard!(:bla) }.should raise_error(Aclatraz::AccessDenied)
84
- suspect.is_not.role3!
85
- lambda { guarded.guard!(:bla) }.should_not raise_error(Aclatraz::AccessDenied)
86
-
87
- suspect.is_not.role5!
88
- suspect.is_not.role4!(StubTarget)
89
- lambda { guarded.guard!(:bar, :bla) }.should raise_error(Aclatraz::AccessDenied)
90
- suspect.is.role1!
91
- lambda { guarded.guard!(:bar, :bla) }.should_not raise_error(Aclatraz::AccessDenied)
92
- suspect.is.role4!(StubTarget)
93
- lambda { guarded.guard!(:bar, :bla) }.should raise_error(Aclatraz::AccessDenied)
94
- suspect.is.role2!(guarded.target)
95
- lambda { guarded.guard!(:bar, :bla) }.should_not raise_error(Aclatraz::AccessDenied)
96
-
97
- lambda { guarded.guard!(:allow_all) }.should_not raise_error(Aclatraz::AccessDenied)
98
- lambda { guarded.guard!(:deny_all) }.should raise_error(Aclatraz::AccessDenied)
99
-
100
- lambda { guarded.guard!(:bar, :allow_all, :bla) }.should_not raise_error(Aclatraz::AccessDenied)
101
- suspect.is_not.role2!(guarded.target)
102
- lambda { guarded.guard!(:bar, :allow_all, :bla) }.should_not raise_error(Aclatraz::AccessDenied)
103
- suspect.is.role3!
104
- lambda { guarded.guard!(:bar, :allow_all, :bla) }.should raise_error(Aclatraz::AccessDenied)
105
-
106
- suspect.is_not.role3!
107
- lambda { guarded.guard!(:bar, :deny_all, :bla) }.should raise_error(Aclatraz::AccessDenied)
108
- suspect.is.role2!(guarded.target)
109
- lambda { guarded.guard!(:bar, :deny_all, :bla) }.should_not raise_error(Aclatraz::AccessDenied)
110
-
111
- lambda { guarded.guard! { deny :role2 => :target } }.should raise_error(Aclatraz::AccessDenied)
69
+
70
+ lambda {
71
+ suspect.is_not.client!(guarded.target)
72
+ suspect.is.cleaner!(bar)
73
+ guarded.guard!(:kitchen)
74
+ }.should_not deny_access
75
+
76
+ lambda { suspect.is.bartender!; guarded.guard!(:kitchen) }.should_not deny_access
77
+ lambda {
78
+ suspect.is_not.cleaner!(bar)
79
+ suspect.is.boss!
80
+ guarded.guard!(:kitchen)
81
+ }.should deny_access
82
+ lambda { suspect.is_not.bartender!; guarded.guard!(:kitchen) }.should_not deny_access
83
+
84
+ lambda {
85
+ suspect.is_not.boss!
86
+ suspect.is_not.owner!(StubTarget)
87
+ guarded.guard!(:bar, :kitchen)
88
+ }.should deny_access
89
+ lambda { suspect.is.manager!; guarded.guard!(:bar, :kitchen) }.should_not deny_access
90
+ lambda { suspect.is.owner!(StubTarget); guarded.guard!(:bar, :kitchen) }.should deny_access
91
+ lambda { suspect.is.client!(guarded.target); guarded.guard!(:bar, :kitchen) }.should_not deny_access
92
+
93
+ lambda { guarded.guard!(:allow_all) }.should_not deny_access
94
+ lambda { guarded.guard!(:deny_all) }.should deny_access
95
+
96
+ lambda { guarded.guard!(:bar, :allow_all, :kitchen) }.should_not deny_access
97
+ lambda {
98
+ suspect.is_not.client!(guarded.target)
99
+ guarded.guard!(:bar, :allow_all, :kitchen)
100
+ }.should_not deny_access
101
+ lambda {
102
+ suspect.is.bartender!
103
+ guarded.guard!(:bar, :allow_all, :kitchen)
104
+ }.should deny_access
105
+
106
+ lambda {
107
+ suspect.is_not.bartender!
108
+ guarded.guard!(:bar, :deny_all, :kitchen)
109
+ }.should deny_access
110
+ lambda {
111
+ suspect.is.client!(guarded.target)
112
+ guarded.guard!(:bar, :deny_all, :kitchen)
113
+ }.should_not deny_access
114
+
115
+ lambda { guarded.guard! { deny :client => :target } }.should deny_access
112
116
  end
113
117
 
114
- it "when invalid permission given then #guard! should raise InvalidPermission error" do
115
- guarded_class = subject
116
- guarded_class.name = "test2"
117
- guarded_class.suspects(suspect) { allow Object.new }
118
- guarded = guarded_class.new
119
- lambda { guarded.guard! }.should raise_error(Aclatraz::InvalidPermission)
118
+ it "should raise error when invalid permission given" do
119
+ lambda {
120
+ guarded_class = subject
121
+ guarded_class.name = "SecondGuarded"
122
+ guarded_class.suspects(suspect) { allow Object.new }
123
+ guarded = guarded_class.new
124
+ guarded.guard!
125
+ }.should raise_error(Aclatraz::InvalidPermission)
120
126
  end
121
127
 
122
- it "when invalid suspect given then #guard! should raise InvalidSuspect error" do
123
- guarded_class = subject
124
- guarded_class.name = "test3"
125
- guarded_class.suspects('bar') { }
126
- guarded = guarded_class.new
127
- lambda { guarded.guard! }.should raise_error(Aclatraz::InvalidSuspect)
128
+ it "should raise error when invalid suspect given" do
129
+ lambda {
130
+ guarded_class = subject
131
+ guarded_class.name = "ThirdGuarded"
132
+ guarded_class.suspects('invalid_suspect') { }
133
+ guarded = guarded_class.new
134
+ guarded.guard!
135
+ }.should raise_error(Aclatraz::InvalidSuspect)
128
136
  end
129
137
 
130
- it "when ACL is not defined then #guard! should raise UndefinedAccessControlList error" do
131
- guarded_class = subject
132
- guarded_class.name = "test4"
133
- guarded = guarded_class.new
134
- lambda { guarded.guard! }.should raise_error(Aclatraz::UndefinedAccessControlList)
138
+ it "should raise error when ACL is not defined" do
139
+ lambda {
140
+ guarded_class = subject
141
+ guarded_class.name = "FourthGuarded"
142
+ guarded = guarded_class.new
143
+ guarded.guard!
144
+ }.should raise_error(Aclatraz::UndefinedAccessControlList)
135
145
  end
136
146
 
137
- it "when given suspect name is symbol then #suspect should reference to instance method" do
147
+ it "suspect should reference to instance method when given suspect name is kind of symbol" do
138
148
  guarded_class = subject
139
- guarded_class.name = "test5"
140
- guarded_class.suspects(:foo) {}
149
+ guarded_class.name = "FifthGuarded"
150
+ guarded_class.suspects(:user) {}
141
151
  guarded = guarded_class.new
142
- guarded.class.class_eval { def foo; @foo ||= StubSuspect.new; end }
143
- guarded.suspect.should == guarded.foo
152
+ guarded.class.class_eval { def user; @user ||= StubSuspect.new; end }
153
+ guarded.suspect.should == guarded.user
144
154
  end
145
155
 
146
- it "when given suspect name is string #suspect should reference to instance variable" do
156
+ it "suspect should reference to instance variable when given suspect name is kind of string" do
147
157
  guarded_class = subject
148
- guarded_class.name = "test6"
149
- guarded_class.suspects('foo') {}
158
+ guarded_class.name = "SixthGuarded"
159
+ guarded_class.suspects('user') {}
150
160
  guarded = guarded_class.new
151
- guarded.instance_variable_set("@foo", StubSuspect.new)
152
- guarded.suspect.should == guarded.instance_variable_get("@foo")
161
+ guarded.instance_variable_set("@user", StubSuspect.new)
162
+ guarded.suspect.should == guarded.instance_variable_get("@user")
153
163
  end
154
164
 
155
- it "when given suspect is an object then #suspect should refence to it" do
156
- bar = StubSuspect.new
165
+ it "suspect should reference to given object if passed" do
166
+ suspect = StubSuspect.new
157
167
  guarded_class = subject
158
- guarded_class.name = "test7"
159
- guarded_class.suspects(bar) {}
168
+ guarded_class.name = "SeventhGuarded"
169
+ guarded_class.suspects(suspect) {}
160
170
  guarded = guarded_class.new
161
- guarded.suspect.should == bar
171
+ guarded.suspect.should == suspect
162
172
  end
163
173
 
164
- context "inherited guards" do
165
- class FooParent
166
- include Aclatraz::Guard
167
-
168
- suspects :user do
169
- allow :nested1
170
- deny :nested2
171
- end
172
-
173
- def user; @user ||= StubSuspect.new; end
174
- end
174
+ it "should properly resolve inherited permissions" do
175
+ parent = GuardedParent.new
176
+ child = GuardedChild.new
175
177
 
176
- class BarChild < FooParent
177
- suspects do
178
- deny :nested1
179
- allow :nested3
180
- end
181
- end
178
+ child.user.is_not.cooker!
179
+ child.user.is_not.waiter!
180
+ child.user.is_not.manager!
182
181
 
183
- it "should work properly" do
184
- foo = FooParent.new
185
- bar = BarChild.new
186
-
187
- lambda { foo.guard! }.should raise_error(Aclatraz::AccessDenied)
188
- foo.user.is.nested1!
189
- lambda { foo.guard! }.should_not raise_error(Aclatraz::AccessDenied)
190
- foo.user.is.nested2!
191
- lambda { foo.guard! }.should raise_error(Aclatraz::AccessDenied)
192
-
193
- bar.user.is_not.nested1!
194
- bar.user.is_not.nested2!
195
-
196
- lambda { bar.guard! }.should raise_error(Aclatraz::AccessDenied)
197
- bar.user.is.nested1!
198
- lambda { bar.guard! }.should raise_error(Aclatraz::AccessDenied)
199
- bar.user.is.nested2!
200
- lambda { bar.guard! }.should raise_error(Aclatraz::AccessDenied)
201
- bar.user.is.nested3!
202
- lambda { bar.guard! }.should_not raise_error(Aclatraz::AccessDenied)
203
- end
182
+ lambda { parent.guard! }.should deny_access
183
+ lambda { parent.user.is.cooker!; parent.guard! }.should_not deny_access
184
+ lambda { parent.user.is.waiter!; parent.guard! }.should deny_access
185
+
186
+ child.user.is_not.cooker!
187
+ child.user.is_not.waiter!
188
+
189
+ lambda { child.guard! }.should deny_access
190
+ lambda { child.user.is.cooker!; child.guard! }.should deny_access
191
+ lambda { child.user.is.waiter!; child.guard! }.should deny_access
192
+ lambda { child.user.is.manager!; child.guard! }.should_not deny_access
204
193
  end
205
194
  end
data/spec/aclatraz/stores_spec.rb CHANGED
@@ -1,53 +1,52 @@
1
1
  require 'spec_helper'
2
2
 
3
- STORE_SPECS = proc do
4
- it "should properly assign given roles to owner and check permissions" do
3
+ COMMON_STORE_SPECS = proc do
4
+ it "should assign roles to owner and properly check permissions" do
5
5
  subject.clear
6
- subject.set("foo", owner)
7
- subject.check("foo", owner).should be_true
6
+ subject.set("admin", owner)
7
+ subject.set("manager", owner, StubTarget)
8
+ subject.set("creator", owner, target)
8
9
 
9
- subject.set("bar", owner, StubTarget)
10
- subject.check("bar", owner, StubTarget).should be_true
11
-
12
- subject.set("bla", owner, target)
13
- subject.check("bla", owner, target).should be_true
14
-
15
- subject.check("foo", owner, target).should be_false
16
- subject.check("foo", owner, StubTarget).should be_false
17
- subject.check("bar", owner).should be_false
10
+ subject.check("admin", owner).should be_true
11
+ subject.check("manager", owner, StubTarget).should be_true
12
+ subject.check("creator", owner, target).should be_true
13
+
14
+ subject.check("owner", owner, target).should be_false
15
+ subject.check("tester", owner, StubTarget).should be_false
16
+ subject.check("waiter", owner).should be_false
18
17
  end
19
18
 
20
- it "should properly delete given permission" do
19
+ it "should delete given permission" do
21
20
  subject.clear
22
- subject.set("foo", owner)
23
- subject.set("bar", owner, StubTarget)
24
- subject.set("bla", owner, target)
21
+ subject.set("admin", owner)
22
+ subject.set("manager", owner, StubTarget)
23
+ subject.set("creator", owner, target)
25
24
 
26
- subject.delete("foo", owner)
27
- subject.delete("bar", owner, StubTarget)
28
- subject.delete("bla", owner, target)
25
+ subject.delete("admin", owner)
26
+ subject.delete("manager", owner, StubTarget)
27
+ subject.delete("creator", owner, target)
29
28
 
30
- subject.check("bar", owner).should be_false
31
- subject.check("bar", owner, StubTarget).should be_false
32
- subject.check("bar", owner, target).should be_false
29
+ subject.check("admin", owner).should be_false
30
+ subject.check("manager", owner, StubTarget).should be_false
31
+ subject.check("creator", owner, target).should be_false
33
32
  end
34
33
 
35
- it "should allow to fetch whole list of roles" do
36
- subject.set("foo", owner)
37
- subject.set("bar", owner)
38
- subject.set("bla", owner)
34
+ it "should allow to fetch list of all roles" do
35
+ subject.clear
36
+ subject.set("waiter", owner)
37
+ subject.set("cooker", owner)
38
+ subject.set("worker", owner)
39
39
 
40
- subject.roles.should_not be_empty
41
- (subject.roles - ["foo", "bar", "bla"]).should be_empty
40
+ (subject.roles - ["waiter", "cooker", "worker"]).should be_empty
42
41
  end
43
42
 
44
43
  it "should allow to fetch list of roles for specified member" do
45
- subject.set("foo", owner)
46
- subject.set("bar", owner)
47
- subject.set("bla", owner)
44
+ subject.clear
45
+ subject.set("waiter", owner)
46
+ subject.set("cooker", owner)
47
+ subject.set("worker", owner)
48
48
 
49
- subject.roles(owner).should_not be_empty
50
- (subject.roles(owner) - ["foo", "bar", "bla"]).should be_empty
49
+ (subject.roles(owner) - ["waiter", "cooker", "worker"]).should be_empty
51
50
  end
52
51
  end
53
52
 
@@ -57,8 +56,7 @@ describe "Aclatraz" do
57
56
 
58
57
  context "for Redis store" do
59
58
  subject { Aclatraz.init(:redis, "redis://localhost:6379/0") }
60
-
61
- class_eval &STORE_SPECS
59
+ class_eval(&COMMON_STORE_SPECS)
62
60
 
63
61
  it "should respect persistent connection given on initalize" do
64
62
  Aclatraz.instance_variable_set("@store", nil)
@@ -74,22 +72,9 @@ describe "Aclatraz" do
74
72
  end
75
73
  end
76
74
 
77
- context "for Riak store" do
78
- subject { Aclatraz.init(:riak, "roles") }
79
-
80
- class_eval &STORE_SPECS
81
-
82
- it "should respect persistent connection given on initalize" do
83
- Aclatraz.instance_variable_set("@store", nil)
84
- Aclatraz.init(:riak, "roles", Riak::Client.new)
85
- Aclatraz.store.instance_variable_get('@backend').should be_kind_of(Riak::Bucket)
86
- end
87
- end
88
-
89
75
  context "for Cassandra store" do
90
76
  subject { Aclatraz.init(:cassandra, "Super1", "Keyspace1") }
91
-
92
- class_eval &STORE_SPECS
77
+ class_eval(&COMMON_STORE_SPECS)
93
78
 
94
79
  it "should respect persistent connection given on initialize" do
95
80
  Aclatraz.instance_variable_set("@store", nil)
@@ -97,4 +82,23 @@ describe "Aclatraz" do
97
82
  Aclatraz.store.instance_variable_get('@backend').should be_kind_of(Cassandra)
98
83
  end
99
84
  end
85
+
86
+ context "for MongoDB store" do
87
+ subject {
88
+ require 'mongo'
89
+ Aclatraz.init(:mongo, "roles", @mongo ||= Mongo::Connection.new.db("aclatraz_test"))
90
+ }
91
+ class_eval(&COMMON_STORE_SPECS)
92
+ end
93
+
94
+ context "for Riak store" do
95
+ subject { Aclatraz.init(:riak, "roles") }
96
+ class_eval(&COMMON_STORE_SPECS)
97
+
98
+ it "should respect persistent connection given on initalize" do
99
+ Aclatraz.instance_variable_set("@store", nil)
100
+ Aclatraz.init(:riak, "roles", Riak::Client.new)
101
+ Aclatraz.store.instance_variable_get('@backend').should be_kind_of(Riak::Bucket)
102
+ end
103
+ end
100
104
  end