activity_permission_engine 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +16 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +167 -0
- data/Rakefile +6 -0
- data/activity_permission_engine.gemspec +25 -0
- data/lib/activity_permission_engine.rb +47 -0
- data/lib/activity_permission_engine/activities_registry.rb +20 -0
- data/lib/activity_permission_engine/activity_permissions_registry.rb +59 -0
- data/lib/activity_permission_engine/adapters/activity_permissions_registry/memory.rb +39 -0
- data/lib/activity_permission_engine/allow_activity.rb +38 -0
- data/lib/activity_permission_engine/check_authorization.rb +47 -0
- data/lib/activity_permission_engine/disallow_activity.rb +38 -0
- data/lib/activity_permission_engine/framework/request.rb +16 -0
- data/lib/activity_permission_engine/interface_helpers.rb +31 -0
- data/lib/activity_permission_engine/list_activities.rb +27 -0
- data/lib/activity_permission_engine/list_activities_permissions.rb +28 -0
- data/lib/activity_permission_engine/register_activity.rb +38 -0
- data/lib/activity_permission_engine/test_helpers/activity_permissions_registry_test.rb +31 -0
- data/lib/activity_permission_engine/unregister_activity.rb +38 -0
- data/lib/activity_permission_engine/version.rb +3 -0
- data/test/adapters/activities_registry/memory_test.rb +68 -0
- data/test/functionnals/activity_permission_engine_test.rb +74 -0
- data/test/interface_specifications/allow_activity_test.rb +35 -0
- data/test/interface_specifications/check_authorization_test.rb +47 -0
- data/test/interface_specifications/disallow_activity_test.rb +33 -0
- data/test/interface_specifications/list_activities_permissions_test.rb +26 -0
- data/test/interface_specifications/list_activities_test.rb +24 -0
- data/test/interface_specifications/register_activity_test.rb +39 -0
- data/test/interface_specifications/unregister_activity_test.rb +42 -0
- data/test/test_helper.rb +8 -0
- metadata +143 -0
@@ -0,0 +1,47 @@
|
|
1
|
+
module ActivityPermissionEngine
|
2
|
+
class CheckAuthorization
|
3
|
+
def initialize(request, activities_registry = ActivityPermissionEngine.configuration.activity_permissions_registry)
|
4
|
+
@request = request
|
5
|
+
@activities_registry = activities_registry
|
6
|
+
end
|
7
|
+
|
8
|
+
def call
|
9
|
+
Response.new(authorized?)
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
attr_reader(:request, :activities_registry)
|
14
|
+
|
15
|
+
def activity
|
16
|
+
@activity ||= activities_registry.find_by_activity_ref(request.activity_ref)
|
17
|
+
end
|
18
|
+
|
19
|
+
def authorized?
|
20
|
+
activity && (activity.role_refs & request.role_refs).length > 0
|
21
|
+
end
|
22
|
+
|
23
|
+
class Request
|
24
|
+
include Framework::Request
|
25
|
+
|
26
|
+
def initialize(activity_ref, role_refs)
|
27
|
+
@activity_ref = activity_ref
|
28
|
+
@role_refs = role_refs
|
29
|
+
end
|
30
|
+
|
31
|
+
attr_reader(:activity_ref, :role_refs)
|
32
|
+
end
|
33
|
+
|
34
|
+
class Response
|
35
|
+
def initialize(authorized)
|
36
|
+
@authorized = authorized
|
37
|
+
end
|
38
|
+
|
39
|
+
def authorized?
|
40
|
+
authorized
|
41
|
+
end
|
42
|
+
|
43
|
+
attr_reader(:authorized)
|
44
|
+
end
|
45
|
+
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module ActivityPermissionEngine
|
2
|
+
class DisallowActivity
|
3
|
+
def initialize(request, activities_registry = ActivityPermissionEngine.configuration.activity_permissions_registry)
|
4
|
+
@request = request
|
5
|
+
@activities_registry = activities_registry
|
6
|
+
end
|
7
|
+
|
8
|
+
def call
|
9
|
+
Response.new(activities_registry.remove_role(request.activity_ref, request.role_ref))
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
attr_reader(:request, :activities_registry)
|
14
|
+
|
15
|
+
class Request
|
16
|
+
include Framework::Request
|
17
|
+
|
18
|
+
def initialize(activity_ref, role_ref)
|
19
|
+
@activity_ref = activity_ref
|
20
|
+
@role_ref = role_ref
|
21
|
+
end
|
22
|
+
|
23
|
+
attr_reader(:activity_ref, :role_ref)
|
24
|
+
end
|
25
|
+
|
26
|
+
class Response
|
27
|
+
def initialize(success)
|
28
|
+
@success = success
|
29
|
+
end
|
30
|
+
|
31
|
+
def success?
|
32
|
+
success
|
33
|
+
end
|
34
|
+
private
|
35
|
+
attr_reader(:success)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
module ActivityPermissionEngine
|
2
|
+
module Framework
|
3
|
+
module Request
|
4
|
+
def response
|
5
|
+
perform
|
6
|
+
end
|
7
|
+
|
8
|
+
private
|
9
|
+
def perform
|
10
|
+
self.class.name.split('::').reverse.drop(1).reverse.inject(Object) do |nesting, name|
|
11
|
+
nesting.const_get(name)
|
12
|
+
end.new(self).call
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module ActivityPermissionEngine
|
2
|
+
module InterfaceHelpers
|
3
|
+
def register_activity(activity_ref)
|
4
|
+
RegisterActivity::Request.new(activity_ref).response
|
5
|
+
end
|
6
|
+
|
7
|
+
def list_activities
|
8
|
+
ListActivities::Request.new.response
|
9
|
+
end
|
10
|
+
|
11
|
+
def unregister_activity(activity_ref)
|
12
|
+
UnregisterActivity::Request.new(activity_ref).response
|
13
|
+
end
|
14
|
+
|
15
|
+
def allow_activity(activity_ref, role_ref)
|
16
|
+
AllowActivity::Request.new(activity_ref, role_ref).response
|
17
|
+
end
|
18
|
+
|
19
|
+
def disallow_activity(activity_ref, role_ref)
|
20
|
+
DisallowActivity::Request.new(activity_ref, role_ref).response
|
21
|
+
end
|
22
|
+
|
23
|
+
def check_authorization(activity_ref, role_refs)
|
24
|
+
CheckAuthorization::Request.new(activity_ref, role_refs).response
|
25
|
+
end
|
26
|
+
|
27
|
+
def list_activities_permissions
|
28
|
+
ListActivitiesPermissions::Request.new.response
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module ActivityPermissionEngine
|
2
|
+
class ListActivities
|
3
|
+
def initialize(request, activities_registry = ActivityPermissionEngine.configuration.activities_registry)
|
4
|
+
@request = request
|
5
|
+
@activities_registry = activities_registry
|
6
|
+
end
|
7
|
+
|
8
|
+
def call
|
9
|
+
Response.new(activities_registry.all)
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
attr_reader(:activities_registry)
|
14
|
+
|
15
|
+
class Request
|
16
|
+
include Framework::Request
|
17
|
+
end
|
18
|
+
|
19
|
+
class Response
|
20
|
+
def initialize(activity_refs)
|
21
|
+
@activity_refs = activity_refs
|
22
|
+
end
|
23
|
+
|
24
|
+
attr_reader(:activity_refs)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module ActivityPermissionEngine
|
2
|
+
class ListActivitiesPermissions
|
3
|
+
def initialize(request, activity_permissions_registry = ActivityPermissionEngine.configuration.activity_permissions_registry)
|
4
|
+
@activity_permissions_registry = activity_permissions_registry
|
5
|
+
@request = request
|
6
|
+
end
|
7
|
+
|
8
|
+
|
9
|
+
def call
|
10
|
+
Response.new(activity_permissions_registry.all)
|
11
|
+
end
|
12
|
+
|
13
|
+
private
|
14
|
+
attr_reader(:activity_permissions_registry)
|
15
|
+
|
16
|
+
class Request
|
17
|
+
include Framework::Request
|
18
|
+
end
|
19
|
+
|
20
|
+
class Response
|
21
|
+
def initialize(activities_permissions)
|
22
|
+
@activities_permissions = activities_permissions
|
23
|
+
end
|
24
|
+
|
25
|
+
attr_reader :activities_permissions
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module ActivityPermissionEngine
|
2
|
+
class RegisterActivity
|
3
|
+
def initialize(request, activity_registry = ActivityPermissionEngine.configuration.activities_registry)
|
4
|
+
@request = request
|
5
|
+
@activity_registry = activity_registry
|
6
|
+
end
|
7
|
+
|
8
|
+
def call
|
9
|
+
Response.new(activity_registry.add(request.activity_ref))
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
attr_reader(:request, :activity_registry)
|
14
|
+
|
15
|
+
class Request
|
16
|
+
include Framework::Request
|
17
|
+
|
18
|
+
def initialize(activity_ref)
|
19
|
+
@activity_ref = activity_ref
|
20
|
+
end
|
21
|
+
|
22
|
+
attr_reader(:activity_ref)
|
23
|
+
end
|
24
|
+
|
25
|
+
class Response
|
26
|
+
def initialize(success)
|
27
|
+
@success = success
|
28
|
+
end
|
29
|
+
|
30
|
+
def success?
|
31
|
+
success
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
attr_reader :success
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
module ActivityPermissionEngine
|
2
|
+
module TestHelpers
|
3
|
+
# Include this module in your adapter's test
|
4
|
+
# it will ensure that it quacks like a duck
|
5
|
+
module ActivityPermissionsRegistryTest
|
6
|
+
def self.included(base)
|
7
|
+
base.class_eval do
|
8
|
+
it 'respond_to add' do
|
9
|
+
subject.must_respond_to(:add)
|
10
|
+
end
|
11
|
+
|
12
|
+
it 'respond_to all' do
|
13
|
+
subject.must_respond_to(:all)
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'respond_to del' do
|
17
|
+
subject.must_respond_to(:del)
|
18
|
+
end
|
19
|
+
|
20
|
+
it 'respond_to add_role' do
|
21
|
+
subject.must_respond_to(:add_role)
|
22
|
+
end
|
23
|
+
|
24
|
+
it 'respond_to find_by_activity_ref' do
|
25
|
+
subject.must_respond_to(:find_by_activity_ref)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
module ActivityPermissionEngine
|
2
|
+
class UnregisterActivity
|
3
|
+
def initialize(request, activities_registry = ActivityPermissionEngine.configuration.activity_permissions_registry)
|
4
|
+
@request = request
|
5
|
+
@activities_registry = activities_registry
|
6
|
+
end
|
7
|
+
|
8
|
+
def call
|
9
|
+
Response.new(activities_registry.del(request.activity_ref))
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
attr_reader(:request, :activities_registry)
|
14
|
+
|
15
|
+
class Request
|
16
|
+
include Framework::Request
|
17
|
+
|
18
|
+
def initialize(activity_ref)
|
19
|
+
@activity_ref = activity_ref
|
20
|
+
end
|
21
|
+
|
22
|
+
attr_reader(:activity_ref)
|
23
|
+
end
|
24
|
+
|
25
|
+
class Response
|
26
|
+
def initialize(success)
|
27
|
+
@success = success
|
28
|
+
end
|
29
|
+
|
30
|
+
def success?
|
31
|
+
success
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
attr_reader(:success)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,68 @@
|
|
1
|
+
require_relative '../../test_helper'
|
2
|
+
require_relative '../../../lib/activity_permission_engine/adapters/activity_permissions_registry/memory'
|
3
|
+
require_relative '../../../lib/activity_permission_engine/test_helpers/activity_permissions_registry_test'
|
4
|
+
|
5
|
+
module ActivityPermissionEngine
|
6
|
+
describe Adapters::ActivityPermissionsRegistry::Memory do
|
7
|
+
|
8
|
+
let(:activity_ref) { 'example:activity_ref' }
|
9
|
+
let(:role_refs) { %w(foo bar) }
|
10
|
+
let(:store) { { activity_ref => role_refs} }
|
11
|
+
let(:registry) { Adapters::ActivityPermissionsRegistry::Memory.new(store) }
|
12
|
+
|
13
|
+
describe 'implement the activity permission registry interface' do
|
14
|
+
subject { registry }
|
15
|
+
include ActivityPermissionEngine::TestHelpers::ActivityPermissionsRegistryTest
|
16
|
+
end
|
17
|
+
|
18
|
+
describe '#all' do
|
19
|
+
subject{ registry.all }
|
20
|
+
|
21
|
+
it 'returns a list of activities' do
|
22
|
+
subject.must_be_kind_of Array
|
23
|
+
subject.first.must_be_kind_of ActivityPermissionsRegistry::ActivityPermission
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
describe '#find_by_activity_ref' do
|
28
|
+
subject { registry.find_by_activity_ref(activity_ref) }
|
29
|
+
describe 'using an existing activity_ref' do
|
30
|
+
it 'return an Activity' do
|
31
|
+
subject.must_be_kind_of ActivityPermissionsRegistry::ActivityPermission
|
32
|
+
end
|
33
|
+
|
34
|
+
it 'returns the corresponding Activity' do
|
35
|
+
subject.activity_ref.must_equal activity_ref
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
describe 'when activity_ref does not exists' do
|
40
|
+
let(:store) { {'foo' => []} }
|
41
|
+
|
42
|
+
it 'returns false' do
|
43
|
+
subject.must_equal false
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
describe '#del' do
|
49
|
+
let(:existing_activity) { 'activity' }
|
50
|
+
subject { registry.del(activity_ref) }
|
51
|
+
|
52
|
+
it 'remove the activity from registry' do
|
53
|
+
subject
|
54
|
+
registry.find_by_activity_ref(activity_ref).must_equal false
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
describe '#add_role' do
|
59
|
+
let(:new_role_ref) { 'new_role_ref' }
|
60
|
+
subject { registry.add_role(activity_ref, new_role_ref) }
|
61
|
+
|
62
|
+
it 'add role to the role_refs' do
|
63
|
+
subject
|
64
|
+
registry.find_by_activity_ref(activity_ref).role_refs.must_include new_role_ref
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
@@ -0,0 +1,74 @@
|
|
1
|
+
require_relative '../test_helper'
|
2
|
+
|
3
|
+
describe 'configured with a registry and a list of activities' do
|
4
|
+
let(:provided_activities) { %w(allow_role disallow_role) }
|
5
|
+
|
6
|
+
before(:each) do
|
7
|
+
ActivityPermissionEngine.configuration = ActivityPermissionEngine::Configuration.new(activities: provided_activities)
|
8
|
+
end
|
9
|
+
|
10
|
+
describe 'I can list activities' do
|
11
|
+
subject { ActivityPermissionEngine.list_activities }
|
12
|
+
|
13
|
+
it 'return activity references list' do
|
14
|
+
subject.activity_refs.must_equal provided_activities
|
15
|
+
end
|
16
|
+
|
17
|
+
describe 'when i add activity at runtime' do
|
18
|
+
let(:new_activity) { 'new_activity' }
|
19
|
+
|
20
|
+
before(:each) do
|
21
|
+
ActivityPermissionEngine.register_activity(new_activity)
|
22
|
+
end
|
23
|
+
it 'return the added activity' do
|
24
|
+
subject.activity_refs.must_include new_activity
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
describe 'When I allow an entity ( like role ) to perform an activity' do
|
30
|
+
let(:my_role) { 'roles manager' }
|
31
|
+
let(:activity) { 'allow_role' }
|
32
|
+
let(:allow_activity_request) { ActivityPermissionEngine::AllowActivity::Request.new(activity, my_role) }
|
33
|
+
|
34
|
+
before(:each) { ActivityPermissionEngine.allow_activity(activity, my_role) }
|
35
|
+
|
36
|
+
describe 'checking for authorization' do
|
37
|
+
it 'allows the role to perform activity' do
|
38
|
+
ActivityPermissionEngine.check_authorization(activity, [my_role]).authorized?.must_equal true
|
39
|
+
end
|
40
|
+
|
41
|
+
describe 'the permission list' do
|
42
|
+
subject { ActivityPermissionEngine.list_activities_permissions.activities_permissions }
|
43
|
+
it 'includes the new permission' do
|
44
|
+
subject.select do
|
45
|
+
|ap|
|
46
|
+
ap.activity_ref == activity
|
47
|
+
end.first.role_refs.must_include my_role
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
|
52
|
+
describe 'I can disallow an entity to perform activity' do
|
53
|
+
let(:my_role) { 'roles manager' }
|
54
|
+
let(:activity) { 'allow_role' }
|
55
|
+
let(:disallow_activity_request) { ActivityPermissionEngine::DisallowActivity::Request.new(activity, [my_role]) }
|
56
|
+
let(:check_authorization_request) { ActivityPermissionEngine::CheckAuthorization::Request.new(activity, [my_role]) }
|
57
|
+
|
58
|
+
before(:each) do
|
59
|
+
ActivityPermissionEngine.configuration = ActivityPermissionEngine::Configuration.new(
|
60
|
+
activity_permission_registry: ActivityPermissionEngine::Adapters::ActivityPermissionsRegistry::Memory.new(
|
61
|
+
{activity => [my_role]}
|
62
|
+
)
|
63
|
+
)
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'disallow the role to perform activity' do
|
67
|
+
ActivityPermissionEngine.disallow_activity(my_role, activity)
|
68
|
+
ActivityPermissionEngine.check_authorization(activity, [my_role]).authorized?.must_equal false
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|