acts_as_authoritah 1.0.5 → 2.0.0

data/lib/acts_as_authoritah/spreadsheets/spreadsheet_row_parser.rb

@@ -0,0 +1,23 @@
+class ActsAsAuthoritah::SpreadsheetRowParser
+  def initialize(row)
+    @row = row
+  end
+  
+  def scope
+    @row[0]
+  end
+  
+  def controller
+    @row[1]
+  end
+  
+  def action
+    @row[2]
+  end
+  
+  def access_rights
+    @row[4..-1].collect{|x|
+      x == 'x' || x == "X" || x == "*"
+    }
+  end
+end

data/lib/acts_as_authoritah/spreadsheets/spreadsheet_wrapper.rb

@@ -0,0 +1,16 @@
+class ActsAsAuthoritah::SpreadsheetWrapper
+  def initialize(path)
+    spreadsheet_reader = ActsAsAuthoritah::SpreadsheetReader.new(path)
+    @roles = ActsAsAuthoritah::SpreadsheetHeaderParser.new(spreadsheet_reader.header).roles
+    @rows  = spreadsheet_reader.valid_rows.collect{|row| ActsAsAuthoritah::SpreadsheetRowParser.new(row)}
+  end
+  
+  def to_access_rules
+    access_rules = []
+    @rows.each do |row|
+      mapped_access_rights = ActsAsAuthoritah::AccessRightsMapper.new(@roles, row.access_rights).map
+      access_rules << ActsAsAuthoritah::AccessRule.new(row.scope, row.controller, row.action, mapped_access_rights)
+    end
+    access_rules
+  end
+end

data/lib/acts_as_authoritah/version.rb

@@ -0,0 +1,3 @@
+module ActsAsAuthoritah
+  VERSION = "2.0.0"
+end

data/spec/acts_as_authoritah/access_control_list_spec.rb

@@ -0,0 +1,78 @@
+require 'spec_helper'
+
+describe ActsAsAuthoritah::AccessControlList do
+  context "store" do
+    it "should build list" do
+      rule1 = ActsAsAuthoritah::AccessRule.new("Admin::Projects", "Surveys","update",{:admin => true, :anonymous => false})
+      rule2 = ActsAsAuthoritah::AccessRule.new("Admin::Users", "Configurations","edit",{:admin => true, :anonymous => false})
+      
+      ActsAsAuthoritah::AccessControlList.new([rule1, rule2]).store.should eq rule1.to_rule.merge(rule2.to_rule)
+    end
+  end
+  
+  context "match" do
+    before :each do
+      rules = [
+        ActsAsAuthoritah::AccessRule.new("Admin", nil, nil, "a"),
+        ActsAsAuthoritah::AccessRule.new("Projects", "Surveys","edit", "b"),
+        ActsAsAuthoritah::AccessRule.new("Admin::Projects", nil, nil, "c"),
+        ActsAsAuthoritah::AccessRule.new("Admin::Projects", "Surveys", nil, "d"),
+        ActsAsAuthoritah::AccessRule.new("Projects", "Surveys", "update", "e"),
+        ActsAsAuthoritah::AccessRule.new("", "Projects", nil, "f")
+      ]
+      
+      @acl = ActsAsAuthoritah::AccessControlList.new(rules)
+    end
+    
+    it "test1" do
+      @acl.match("Admin::ForumsController#index").should eq "a"
+    end
+    
+    it "test2" do
+      @acl.match("Admin::Projects::SurveysController#index").should eq "d"
+    end
+    
+    it "test3" do
+      @acl.match("Projects::SurveysController#index").should eq nil
+    end
+    
+    it "test4" do
+      @acl.match("Projects::SurveysController#update").should eq "e"
+    end
+
+    it "test5" do
+      @acl.match("Projects::SurveysController#edit").should eq "b"
+    end
+  
+    it "test6" do
+      @acl.match("Admin::Projects::HomeController#update").should eq "c"
+    end
+    
+    it "test7" do
+      @acl.match("ProjectsController#create").should eq "f"
+    end
+    
+    it "test8" do
+      @acl.match("Admin::ProjectsController#create").should eq "a"
+    end
+    
+  end
+  
+  context "match_identifier" do
+    before :each do
+      rules = [
+        ActsAsAuthoritah::AccessRule.new("Admin", nil, nil, "c"),
+      ]
+      
+      @acl = ActsAsAuthoritah::AccessControlList.new(rules)
+    end
+    
+    it "should return {} if there is no match" do
+      @acl.match_identifier("LinksController#create").should eq({})
+    end
+    
+    it "should return the matched value if there is a match" do
+      @acl.match_identifier("Admin::ProjectsController#create").should eq "c"
+    end
+  end
+end

data/spec/acts_as_authoritah/access_rule_spec.rb

@@ -0,0 +1,39 @@
+require 'spec_helper'
+
+describe ActsAsAuthoritah::AccessRule do
+  context "after setup" do
+    before :each do
+      @access_rule = ActsAsAuthoritah::AccessRule.new("Admin::Projects","Surveys","edit",{:admin => true, :anonymous => false})
+    end
+  
+    it "should be able to build a new access rule and return its scope" do
+      @access_rule.scope.should eq "Admin::Projects"
+    end
+  
+    it "should be able to build a new access rule and return its controller" do
+      @access_rule.controller.should eq "Surveys"
+    end
+    
+    it "should be able to build a new access rule and return its action" do
+      @access_rule.action.should eq "edit"
+    end
+  
+    it "should be able to build a new access rule and return its access-rights" do
+      @access_rule.access_rights.should eq({:admin => true, :anonymous => false})
+    end
+  end
+  
+  context "generate rule" do
+    it "should generate a valid rule: case1" do
+      access_rule = ActsAsAuthoritah::AccessRule.new("Admin::Projects", "BlogPosts", "create", {:admin => true, :anonymous => false})
+      access_rule.to_rule.should eq({"Admin::Projects::BlogPostsController#create" => {:admin => true, :anonymous => false}})
+    end
+    
+    it "should generate a valid rule: case2" do
+      access_rule = ActsAsAuthoritah::AccessRule.new("", "Projects", nil, "f")
+      access_rule.to_rule.should eq({"ProjectsController" => "f"})
+    end
+
+  end
+
+end

data/spec/acts_as_authoritah/core_spec.rb

@@ -0,0 +1,63 @@
+describe ActsAsAuthoritah::Core do
+  before :each do 
+    class Foo
+      include ActsAsAuthoritah::Core
+      acts_as_authoritah "spec/data/default.xls"
+      
+      def usertype(options)
+        "admin"
+      end
+    end
+  end
+  
+  it "should work" do
+  end
+  
+  it "should be able to use 'can?' on instance of Foo class" do
+    Foo.new.should respond_to('can?')
+  end
+  
+  it "should be able to add 'default_acl' method to Foo class" do
+    Foo.should respond_to('default_acl')
+  end
+  
+  it "should be able to use 'can?' on Foo to check access rights - case1" do
+    Foo.new.can?("scope1::scope2::DummyController#edit").should eq true
+  end
+  
+  context "whitelist=false" do
+    before :each do
+      class Foo
+        include ActsAsAuthoritah::Core
+        acts_as_authoritah "spec/data/default.xls"
+      
+        def usertype(options)
+          "admin"
+        end
+      end
+    end
+    
+    it "can? should return true when a matching rule is not found" do
+      Foo.new.can?("DummyController#edit").should eq true
+    end
+  end
+  
+  context "whitelist=true" do
+    before :each do
+      class Foo
+        include ActsAsAuthoritah::Core
+        acts_as_authoritah "spec/data/default.xls", :whitelist => true
+      
+        def usertype(options)
+          "admin"
+        end
+      end
+    end
+    
+    it "can? should return false when a matching rule is not found" do
+      Foo.new.can?("DummyController#edit").should eq false
+    end
+  end
+
+
+end

data/spec/acts_as_authoritah/identifier_parser_spec.rb

@@ -0,0 +1,111 @@
+require 'spec_helper'
+
+describe ActsAsAuthoritah::IdentifierParser do
+  
+  context "action" do
+    it "should return nil if identifier is empty" do
+      identifier_parser = ActsAsAuthoritah::IdentifierParser.new("")
+      identifier_parser.action.should be_nil
+    end
+    
+    it "should return nil if identifier is nil" do
+      identifier_parser = ActsAsAuthoritah::IdentifierParser.new(nil)
+      identifier_parser.action.should be_nil
+    end
+  
+    it "should return nil if only controller name is present" do
+      identifier_parser = ActsAsAuthoritah::IdentifierParser.new("BlogPosts")
+      identifier_parser.action.should be_nil
+    end
+    
+    it "should return nil if only controller name and scope is present" do
+      identifier_parser = ActsAsAuthoritah::IdentifierParser.new("Admin::BlogPosts")
+      identifier_parser.action.should be_nil
+    end
+  
+    it "should return nil if only controller name and '#' is present" do
+      identifier_parser = ActsAsAuthoritah::IdentifierParser.new("Admin::BlogPosts#")
+      identifier_parser.action.should be_nil
+    end
+  
+    it "should return action name when controller and action are present" do
+      identifier_parser = ActsAsAuthoritah::IdentifierParser.new("BlogPosts#edit")
+      identifier_parser.action.should eq "edit"
+    end
+    
+    it "should return action name when controller, one level scope and action are present" do
+      identifier_parser = ActsAsAuthoritah::IdentifierParser.new("Projects::BlogPosts#edit")
+      identifier_parser.action.should eq "edit"
+    end
+    
+    it "should return action name when controller, two level scopes and action are present" do
+      identifier_parser = ActsAsAuthoritah::IdentifierParser.new("Admin::Projects::BlogPosts#edit")
+      identifier_parser.action.should eq "edit"
+    end
+  end
+  
+  # context "controller" do
+  #     it "should return nil if identifier is empty" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new("", "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.controller.should be_nil
+  #     end
+  #     
+  #     it "should return nil if identifier is nil" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new(nil, "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.controller.should be_nil
+  #     end
+  #   
+  #     it "should return controller name if only controller is present" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new("BlogPosts", "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.controller.should eq "BlogPosts"
+  #     end
+  #     
+  #     it "should return controller name if controller and action are present" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new("BlogPosts#edit", "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.controller.should eq "BlogPosts"
+  #     end
+  #     
+  #     it "should return controller name if controller, one level scope and action are present" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new("Projects::BlogPosts#edit", "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.controller.should eq "Projects::BlogPosts"
+  #     end
+  #     
+  #     it "should return controller name if controller, two level scopes and action are present" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new("Admin::Projects::BlogPosts#edit", "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.controller.should eq "Admin::Projects::BlogPosts"
+  #     end
+  #   
+  #     it "should return controller name if controller and '#' are present" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new("BlogPosts#", "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.controller.should eq "BlogPosts"
+  #     end
+  #   end
+  #   
+  #   context "scopes" do
+  #     it "should return nil if identifier is empty" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new("", "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.scopes.should eq []
+  #     end
+  #     
+  #     it "should return nil if identifier is nil" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new(nil, "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.scopes.should eq []
+  #     end
+  #   
+  #     it "should return [] if only controller is present" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new("BlogPosts", "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.scopes.should eq []
+  #     end
+  #     
+  #     it "should return scope array if controller and level one scope is present" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new("Projects::BlogPosts", "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.scopes.should eq ["Projects"]
+  #     end
+  #     
+  #     it "should return scope array if controller and level two scope is present" do
+  #       identifier_parser = ActsAsAuthoritah::IdentifierParser.new("Admin::Projects::BlogPosts", "edit a blog post",{:admin => true, :anonymous => false})
+  #       identifier_parser.scopes.should eq ["Admin","Projects"]
+  #     end
+  #   end
+  
+end

data/spec/acts_as_authoritah/matchers/controller_matcher_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe ActsAsAuthoritah::Matchers::ControllerMatcher do
+  before :each do
+    @store = {
+      "Admin::Projects::ForumsController#index" => "abc", 
+      "Admin::Projects" => "abc", 
+      "BlogsController" => "abc", 
+      "Admin" => "abc" 
+    }
+  end
+  
+  it "should return nil if controller din't match" do
+    ActsAsAuthoritah::Matchers::ControllerMatcher.new(@store).match("ForumsController#index").should be_nil
+  end  
+
+  it "should match the controller and return the result" do
+    ActsAsAuthoritah::Matchers::ControllerMatcher.new(@store).match("BlogsController#index").should eq "abc"
+  end
+end

data/spec/acts_as_authoritah/matchers/direct_matcher_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+describe ActsAsAuthoritah::Matchers::DirectMatcher do
+  before :each do
+     @store = {
+        "Admin::Projects::BlogsController#index" => "abc", 
+        "Admin::Projects" => "abc", 
+        "Admin::Projects::BlogsController" => "abc", 
+        "Admin" => "abc" 
+    }
+  end
+
+  it "should return nil if identifier din't match" do
+    ActsAsAuthoritah::Matchers::DirectMatcher.new(@store).match("ProjectsController#home").should be_nil
+  end  
+
+  it "should match the identifier and return the result" do
+    ActsAsAuthoritah::Matchers::DirectMatcher.new(@store).match("Admin::Projects::BlogsController#index").should eq "abc"
+  end
+end

data/spec/acts_as_authoritah/matchers/scope_matcher_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+describe ActsAsAuthoritah::Matchers::ScopeMatcher do
+  before :each do
+    @store = {
+      "Admin::Projects::ForumsController#index" => "abc", 
+      "Admin::Projects" => "xyz", 
+      "BlogsController" => "abc", 
+      "Admin" => "abc" 
+    }
+  end
+  
+  it "should return nil if scope din't match" do
+    ActsAsAuthoritah::Matchers::ScopeMatcher.new(@store).match("Forums").should be_nil
+  end  
+
+  it "should match the second level scope and return the result" do
+    ActsAsAuthoritah::Matchers::ScopeMatcher.new(@store).match("Admin::Projects::BlogsController#index").should eq "xyz"
+  end
+  
+  it "should match the first level scope and return the result" do
+    ActsAsAuthoritah::Matchers::ScopeMatcher.new(@store).match("Admin::Surveys::BlogsController#index").should eq "abc"
+  end
+
+end

data/spec/acts_as_authoritah/spreadsheets/access_rights_mapper_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+describe ActsAsAuthoritah::AccessRightsMapper do
+  it "should take roles and access rights and map them correctly" do
+    roles = ["admin", "super_admin", "anonymous"]
+    access_rights = [true, true, false]
+    ActsAsAuthoritah::AccessRightsMapper.new(roles, access_rights).map.should eq({
+      "admin"       => true,
+      "super_admin" => true,
+      "anonymous"   => false
+    })
+  end
+end

data/spec/acts_as_authoritah/spreadsheets/spreadsheet_header_parser_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+
+describe ActsAsAuthoritah::SpreadsheetHeaderParser do
+  it "should return the roles" do
+    header_row = ["scope", "controller", "action", "description", "admin", "anonymous", "super_admin"]
+    ActsAsAuthoritah::SpreadsheetHeaderParser.new(header_row).roles.should eq ["admin", "anonymous", "super_admin"]  
+  end
+end

data/spec/acts_as_authoritah/spreadsheets/spreadsheet_reader_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe ActsAsAuthoritah::SpreadsheetReader do
+  it "should be able to open a spreadsheet give a valid path" do
+    ActsAsAuthoritah::SpreadsheetReader.new("spec/data/default.xls").valid?.should eq true
+  end
+  
+  it "should be invalid if file not found" do
+    ActsAsAuthoritah::SpreadsheetReader.new("spec/data/no_such_file.xls").valid?.should eq false
+  end
+  
+  it "should return all valid rows (skip first row and other empty rows)" do
+    reader = ActsAsAuthoritah::SpreadsheetReader.new("spec/data/default.xls")
+    reader.valid_rows.count.should eq 2
+  end
+  
+  it "should returns rows in the expected format" do
+    reader = ActsAsAuthoritah::SpreadsheetReader.new("spec/data/default.xls")
+    reader.valid_rows.should eq [
+      ["scope1::scope2", "Dummy", "edit", "test", "x", nil, "x"], 
+      ["scope3::scope4", "Another", "update", "test", nil, "x", "x"]
+      ]
+  end
+  
+  it "should return the header row" do
+    reader = ActsAsAuthoritah::SpreadsheetReader.new("spec/data/default.xls")
+    reader.header.should eq ["scope", "controller", "action", "description", "admin", "anonymous", "super_admin"]
+  end
+end