admission 0.1.6 → 0.1.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/admission/resource_arbitration.rb +8 -4
- data/lib/admission/version.rb +1 -1
- data/spec/integration/resource_arbitrating_spec.rb +33 -2
- data/spec/spec_helper.rb +9 -0
- data/spec/test_context/privileges_and_rules.rb +5 -0
- data/spec/unit/resource_arbitration_spec.rb +41 -0
- metadata +3 -3
- data/spec/unit/request_arbitration_spec.rb +0 -31
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a16ee532f627f4f8a387911175cfc2740de6d097
|
|
4
|
+
data.tar.gz: 3cc968158f4b91bfb4cf76d7935ad4c162895a8b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 84f7d2dc2cfa0f687ba8b8ccd63bb7a3b379a8a3ed44eae79b7a1aa866e177260c7b3edf960abf9ed4177754221b1027ca8b54b014e5cec97e730d2b9574b99d
|
|
7
|
+
data.tar.gz: 566b50a1eb753e167539f8c7203c1a5f4ecca4be743f797303363d859e7111f09c175c42ad71704525c6830c03a977ea332c4ea665ba578c5ea64988d5d41608
|
|
@@ -27,10 +27,14 @@ class Admission::ResourceArbitration < Admission::Arbitration
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def scope_and_resource scope_or_resource
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
30
|
+
case scope_or_resource
|
|
31
|
+
when Symbol
|
|
32
|
+
[scope_or_resource]
|
|
33
|
+
when Array
|
|
34
|
+
resource, scope = scope_or_resource
|
|
35
|
+
[self.class.nested_scope(resource.class, scope), resource]
|
|
36
|
+
else
|
|
37
|
+
[self.class.type_to_scope(scope_or_resource.class).to_sym, scope_or_resource]
|
|
34
38
|
end
|
|
35
39
|
end
|
|
36
40
|
|
data/lib/admission/version.rb
CHANGED
|
@@ -22,6 +22,7 @@ RSpec.describe 'resources_arbitrating' do
|
|
|
22
22
|
end
|
|
23
23
|
|
|
24
24
|
def rule scope, action, privilege
|
|
25
|
+
byebug if $bug
|
|
25
26
|
arbitration(scope, action, privilege.context).rule_per_privilege privilege
|
|
26
27
|
end
|
|
27
28
|
|
|
@@ -236,8 +237,38 @@ RSpec.describe 'resources_arbitrating' do
|
|
|
236
237
|
it 'disallows lord to destroy apache helicopter' do
|
|
237
238
|
helicopter = Person.new 'person', Person::APACHE_HELICOPTER, [:czech]
|
|
238
239
|
expect(
|
|
239
|
-
|
|
240
|
-
|
|
240
|
+
rule helicopter, :destroy,
|
|
241
|
+
privilege(:vassal, :lord, context: [:czech])
|
|
242
|
+
).to eql(false)
|
|
243
|
+
end
|
|
244
|
+
|
|
245
|
+
end
|
|
246
|
+
|
|
247
|
+
describe 'nested resource scope' do
|
|
248
|
+
|
|
249
|
+
it 'allows any lord to list others possessions' do
|
|
250
|
+
expect(
|
|
251
|
+
rule [person, :possessions], :index, privilege(:vassal, :lord)
|
|
252
|
+
).to eql(true)
|
|
253
|
+
|
|
254
|
+
expect(
|
|
255
|
+
rule [person, :possessions], :index, privilege(:vassal)
|
|
256
|
+
).to eql(false)
|
|
257
|
+
end
|
|
258
|
+
|
|
259
|
+
it 'allows lord to update possessions of his country' do
|
|
260
|
+
expect(
|
|
261
|
+
rule [person, :possessions], :update, privilege(:vassal, :lord)
|
|
262
|
+
).to eql(false)
|
|
263
|
+
|
|
264
|
+
expect(
|
|
265
|
+
rule [person, :possessions], :update,
|
|
266
|
+
privilege(:vassal, :lord, context: [:czech])
|
|
267
|
+
).to eql(true)
|
|
268
|
+
|
|
269
|
+
expect(
|
|
270
|
+
rule [person, :possessions], :update,
|
|
271
|
+
privilege(:vassal, :lord, context: [:taiwan])
|
|
241
272
|
).to eql(false)
|
|
242
273
|
end
|
|
243
274
|
|
data/spec/spec_helper.rb
CHANGED
|
@@ -8,4 +8,13 @@ def with_bug
|
|
|
8
8
|
yield
|
|
9
9
|
ensure
|
|
10
10
|
$bug = false
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
RSpec::Matchers.define :have_inst_vars do |expected|
|
|
14
|
+
match do |object|
|
|
15
|
+
expected.to_a.all? do |var_name, value|
|
|
16
|
+
var = object.instance_variable_get "@#{var_name}"
|
|
17
|
+
var == value
|
|
18
|
+
end
|
|
19
|
+
end
|
|
11
20
|
end
|
|
@@ -109,6 +109,11 @@ RESOURCE_RULES = Admission::ResourceArbitration.define_rules PRIVILEGES_ORDER do
|
|
|
109
109
|
person.sex != Person::APACHE_HELICOPTER
|
|
110
110
|
end
|
|
111
111
|
|
|
112
|
+
allow Admission::ResourceArbitration.nested_scope(Person, :possessions), :index
|
|
113
|
+
allow_resource [Person, :possessions], :update do |person, country|
|
|
114
|
+
person.countries.include?(country)
|
|
115
|
+
end
|
|
116
|
+
|
|
112
117
|
end
|
|
113
118
|
|
|
114
119
|
end
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
require_relative './_helper'
|
|
2
|
+
|
|
3
|
+
RSpec.describe Admission::ResourceArbitration do
|
|
4
|
+
|
|
5
|
+
describe '#new' do
|
|
6
|
+
|
|
7
|
+
it 'parses simple Symbol scope' do
|
|
8
|
+
arbitration = Admission::ResourceArbitration.new nil, {scope: -1}, :req, :scope
|
|
9
|
+
expect(arbitration).to have_inst_vars(
|
|
10
|
+
person: nil,
|
|
11
|
+
rules_index: -1,
|
|
12
|
+
request: :req,
|
|
13
|
+
resource: nil
|
|
14
|
+
)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it 'parses type scope' do
|
|
18
|
+
resource = Object.new
|
|
19
|
+
arbitration = Admission::ResourceArbitration.new nil, {objects: -1}, :req, resource
|
|
20
|
+
expect(arbitration).to have_inst_vars(
|
|
21
|
+
person: nil,
|
|
22
|
+
rules_index: -1,
|
|
23
|
+
request: :req,
|
|
24
|
+
resource: resource
|
|
25
|
+
)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
it 'parses nested type scope' do
|
|
29
|
+
resource = Object.new
|
|
30
|
+
arbitration = Admission::ResourceArbitration.new nil, {:'objects:vars' => -1}, :req, [resource, :vars]
|
|
31
|
+
expect(arbitration).to have_inst_vars(
|
|
32
|
+
person: nil,
|
|
33
|
+
rules_index: -1,
|
|
34
|
+
request: :req,
|
|
35
|
+
resource: resource
|
|
36
|
+
)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: admission
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- doooby
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-06-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: update-me
|
|
14
14
|
email: zelazk.o@email.cz
|
|
@@ -48,7 +48,7 @@ files:
|
|
|
48
48
|
- spec/unit/ability_spec.rb
|
|
49
49
|
- spec/unit/privilege/order_definer_spec.rb
|
|
50
50
|
- spec/unit/privilege_spec.rb
|
|
51
|
-
- spec/unit/
|
|
51
|
+
- spec/unit/resource_arbitration_spec.rb
|
|
52
52
|
homepage: https://github.com/doooby/admission
|
|
53
53
|
licenses:
|
|
54
54
|
- GPL-3.0
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
# require_relative '../spec_helper'
|
|
2
|
-
# require_relative '../test_context/index'
|
|
3
|
-
#
|
|
4
|
-
# RSpec.describe Admission::RequestArbitration do
|
|
5
|
-
#
|
|
6
|
-
# # let(:nobody_ability){ Admission::Ability.new Person::FIXTURES[:nobody] }
|
|
7
|
-
# # let(:haramber_ability){ Admission::Ability.new Person::FIXTURES[:harambe] }
|
|
8
|
-
#
|
|
9
|
-
# def arbitration person_name, request
|
|
10
|
-
# person = Person::FIXTURES[person_name]
|
|
11
|
-
# Admission::RequestArbitration.new person, request
|
|
12
|
-
# end
|
|
13
|
-
#
|
|
14
|
-
#
|
|
15
|
-
#
|
|
16
|
-
#
|
|
17
|
-
# describe '#new' do
|
|
18
|
-
#
|
|
19
|
-
#
|
|
20
|
-
#
|
|
21
|
-
# end
|
|
22
|
-
#
|
|
23
|
-
# describe '#prepare_sitting' do
|
|
24
|
-
#
|
|
25
|
-
# it 'sets context and clears decisions cache' do
|
|
26
|
-
#
|
|
27
|
-
# end
|
|
28
|
-
#
|
|
29
|
-
# end
|
|
30
|
-
#
|
|
31
|
-
# end
|