admission 0.1.6 → 0.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/admission/resource_arbitration.rb +8 -4
- data/lib/admission/version.rb +1 -1
- data/spec/integration/resource_arbitrating_spec.rb +33 -2
- data/spec/spec_helper.rb +9 -0
- data/spec/test_context/privileges_and_rules.rb +5 -0
- data/spec/unit/resource_arbitration_spec.rb +41 -0
- metadata +3 -3
- data/spec/unit/request_arbitration_spec.rb +0 -31
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a16ee532f627f4f8a387911175cfc2740de6d097
|
4
|
+
data.tar.gz: 3cc968158f4b91bfb4cf76d7935ad4c162895a8b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 84f7d2dc2cfa0f687ba8b8ccd63bb7a3b379a8a3ed44eae79b7a1aa866e177260c7b3edf960abf9ed4177754221b1027ca8b54b014e5cec97e730d2b9574b99d
|
7
|
+
data.tar.gz: 566b50a1eb753e167539f8c7203c1a5f4ecca4be743f797303363d859e7111f09c175c42ad71704525c6830c03a977ea332c4ea665ba578c5ea64988d5d41608
|
@@ -27,10 +27,14 @@ class Admission::ResourceArbitration < Admission::Arbitration
|
|
27
27
|
end
|
28
28
|
|
29
29
|
def scope_and_resource scope_or_resource
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
30
|
+
case scope_or_resource
|
31
|
+
when Symbol
|
32
|
+
[scope_or_resource]
|
33
|
+
when Array
|
34
|
+
resource, scope = scope_or_resource
|
35
|
+
[self.class.nested_scope(resource.class, scope), resource]
|
36
|
+
else
|
37
|
+
[self.class.type_to_scope(scope_or_resource.class).to_sym, scope_or_resource]
|
34
38
|
end
|
35
39
|
end
|
36
40
|
|
data/lib/admission/version.rb
CHANGED
@@ -22,6 +22,7 @@ RSpec.describe 'resources_arbitrating' do
|
|
22
22
|
end
|
23
23
|
|
24
24
|
def rule scope, action, privilege
|
25
|
+
byebug if $bug
|
25
26
|
arbitration(scope, action, privilege.context).rule_per_privilege privilege
|
26
27
|
end
|
27
28
|
|
@@ -236,8 +237,38 @@ RSpec.describe 'resources_arbitrating' do
|
|
236
237
|
it 'disallows lord to destroy apache helicopter' do
|
237
238
|
helicopter = Person.new 'person', Person::APACHE_HELICOPTER, [:czech]
|
238
239
|
expect(
|
239
|
-
|
240
|
-
|
240
|
+
rule helicopter, :destroy,
|
241
|
+
privilege(:vassal, :lord, context: [:czech])
|
242
|
+
).to eql(false)
|
243
|
+
end
|
244
|
+
|
245
|
+
end
|
246
|
+
|
247
|
+
describe 'nested resource scope' do
|
248
|
+
|
249
|
+
it 'allows any lord to list others possessions' do
|
250
|
+
expect(
|
251
|
+
rule [person, :possessions], :index, privilege(:vassal, :lord)
|
252
|
+
).to eql(true)
|
253
|
+
|
254
|
+
expect(
|
255
|
+
rule [person, :possessions], :index, privilege(:vassal)
|
256
|
+
).to eql(false)
|
257
|
+
end
|
258
|
+
|
259
|
+
it 'allows lord to update possessions of his country' do
|
260
|
+
expect(
|
261
|
+
rule [person, :possessions], :update, privilege(:vassal, :lord)
|
262
|
+
).to eql(false)
|
263
|
+
|
264
|
+
expect(
|
265
|
+
rule [person, :possessions], :update,
|
266
|
+
privilege(:vassal, :lord, context: [:czech])
|
267
|
+
).to eql(true)
|
268
|
+
|
269
|
+
expect(
|
270
|
+
rule [person, :possessions], :update,
|
271
|
+
privilege(:vassal, :lord, context: [:taiwan])
|
241
272
|
).to eql(false)
|
242
273
|
end
|
243
274
|
|
data/spec/spec_helper.rb
CHANGED
@@ -8,4 +8,13 @@ def with_bug
|
|
8
8
|
yield
|
9
9
|
ensure
|
10
10
|
$bug = false
|
11
|
+
end
|
12
|
+
|
13
|
+
RSpec::Matchers.define :have_inst_vars do |expected|
|
14
|
+
match do |object|
|
15
|
+
expected.to_a.all? do |var_name, value|
|
16
|
+
var = object.instance_variable_get "@#{var_name}"
|
17
|
+
var == value
|
18
|
+
end
|
19
|
+
end
|
11
20
|
end
|
@@ -109,6 +109,11 @@ RESOURCE_RULES = Admission::ResourceArbitration.define_rules PRIVILEGES_ORDER do
|
|
109
109
|
person.sex != Person::APACHE_HELICOPTER
|
110
110
|
end
|
111
111
|
|
112
|
+
allow Admission::ResourceArbitration.nested_scope(Person, :possessions), :index
|
113
|
+
allow_resource [Person, :possessions], :update do |person, country|
|
114
|
+
person.countries.include?(country)
|
115
|
+
end
|
116
|
+
|
112
117
|
end
|
113
118
|
|
114
119
|
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require_relative './_helper'
|
2
|
+
|
3
|
+
RSpec.describe Admission::ResourceArbitration do
|
4
|
+
|
5
|
+
describe '#new' do
|
6
|
+
|
7
|
+
it 'parses simple Symbol scope' do
|
8
|
+
arbitration = Admission::ResourceArbitration.new nil, {scope: -1}, :req, :scope
|
9
|
+
expect(arbitration).to have_inst_vars(
|
10
|
+
person: nil,
|
11
|
+
rules_index: -1,
|
12
|
+
request: :req,
|
13
|
+
resource: nil
|
14
|
+
)
|
15
|
+
end
|
16
|
+
|
17
|
+
it 'parses type scope' do
|
18
|
+
resource = Object.new
|
19
|
+
arbitration = Admission::ResourceArbitration.new nil, {objects: -1}, :req, resource
|
20
|
+
expect(arbitration).to have_inst_vars(
|
21
|
+
person: nil,
|
22
|
+
rules_index: -1,
|
23
|
+
request: :req,
|
24
|
+
resource: resource
|
25
|
+
)
|
26
|
+
end
|
27
|
+
|
28
|
+
it 'parses nested type scope' do
|
29
|
+
resource = Object.new
|
30
|
+
arbitration = Admission::ResourceArbitration.new nil, {:'objects:vars' => -1}, :req, [resource, :vars]
|
31
|
+
expect(arbitration).to have_inst_vars(
|
32
|
+
person: nil,
|
33
|
+
rules_index: -1,
|
34
|
+
request: :req,
|
35
|
+
resource: resource
|
36
|
+
)
|
37
|
+
end
|
38
|
+
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: admission
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- doooby
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-06-06 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: update-me
|
14
14
|
email: zelazk.o@email.cz
|
@@ -48,7 +48,7 @@ files:
|
|
48
48
|
- spec/unit/ability_spec.rb
|
49
49
|
- spec/unit/privilege/order_definer_spec.rb
|
50
50
|
- spec/unit/privilege_spec.rb
|
51
|
-
- spec/unit/
|
51
|
+
- spec/unit/resource_arbitration_spec.rb
|
52
52
|
homepage: https://github.com/doooby/admission
|
53
53
|
licenses:
|
54
54
|
- GPL-3.0
|
@@ -1,31 +0,0 @@
|
|
1
|
-
# require_relative '../spec_helper'
|
2
|
-
# require_relative '../test_context/index'
|
3
|
-
#
|
4
|
-
# RSpec.describe Admission::RequestArbitration do
|
5
|
-
#
|
6
|
-
# # let(:nobody_ability){ Admission::Ability.new Person::FIXTURES[:nobody] }
|
7
|
-
# # let(:haramber_ability){ Admission::Ability.new Person::FIXTURES[:harambe] }
|
8
|
-
#
|
9
|
-
# def arbitration person_name, request
|
10
|
-
# person = Person::FIXTURES[person_name]
|
11
|
-
# Admission::RequestArbitration.new person, request
|
12
|
-
# end
|
13
|
-
#
|
14
|
-
#
|
15
|
-
#
|
16
|
-
#
|
17
|
-
# describe '#new' do
|
18
|
-
#
|
19
|
-
#
|
20
|
-
#
|
21
|
-
# end
|
22
|
-
#
|
23
|
-
# describe '#prepare_sitting' do
|
24
|
-
#
|
25
|
-
# it 'sets context and clears decisions cache' do
|
26
|
-
#
|
27
|
-
# end
|
28
|
-
#
|
29
|
-
# end
|
30
|
-
#
|
31
|
-
# end
|