admission 0.1.6

data/spec/rspec_config.rb

@@ -0,0 +1,103 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# The generated `.rspec` file contains `--require spec_helper` which will cause
+# this file to always be loaded, without a need to explicitly require it in any
+# files.
+#
+# Given that it is always loaded, you are encouraged to keep this file as
+# light-weight as possible. Requiring heavyweight dependencies from this file
+# will add to the boot time of your test suite on EVERY test run, even for an
+# individual file that may not need all of that loaded. Instead, consider making
+# a separate helper file that requires the additional dependencies and performs
+# the additional setup, and require it from the spec files that actually need
+# it.
+#
+# The `.rspec` file also contains a few flags that are not defaults but that
+# users commonly want.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  # rspec-expectations config goes here. You can use an alternate
+  # assertion/expectation library such as wrong or the stdlib/minitest
+  # assertions if you prefer.
+  config.expect_with :rspec do |expectations|
+    # This option will default to `true` in RSpec 4. It makes the `description`
+    # and `failure_message` of custom matchers include text for helper methods
+    # defined using `chain`, e.g.:
+    #     be_bigger_than(2).and_smaller_than(4).description
+    #     # => "be bigger than 2 and smaller than 4"
+    # ...rather than:
+    #     # => "be bigger than 2"
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+
+  # rspec-mocks config goes here. You can use an alternate test double
+  # library (such as bogus or mocha) by changing the `mock_with` option here.
+  config.mock_with :rspec do |mocks|
+    # Prevents you from mocking or stubbing a method that does not exist on
+    # a real object. This is generally recommended, and will default to
+    # `true` in RSpec 4.
+    mocks.verify_partial_doubles = true
+  end
+
+  # This option will default to `:apply_to_host_groups` in RSpec 4 (and will
+  # have no way to turn it off -- the option exists only for backwards
+  # compatibility in RSpec 3). It causes shared context metadata to be
+  # inherited by the metadata hash of host groups and examples, rather than
+  # triggering implicit auto-inclusion in groups with matching metadata.
+  config.shared_context_metadata_behavior = :apply_to_host_groups
+
+# The settings below are suggested to provide a good initial experience
+# with RSpec, but feel free to customize to your heart's content.
+=begin
+  # This allows you to limit a spec run to individual examples or groups
+  # you care about by tagging them with `:focus` metadata. When nothing
+  # is tagged with `:focus`, all examples get run. RSpec also provides
+  # aliases for `it`, `describe`, and `context` that include `:focus`
+  # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
+  config.filter_run_when_matching :focus
+
+  # Allows RSpec to persist some state between runs in order to support
+  # the `--only-failures` and `--next-failure` CLI options. We recommend
+  # you configure your source control system to ignore this file.
+  config.example_status_persistence_file_path = "spec/examples.txt"
+
+  # Limits the available syntax to the non-monkey patched syntax that is
+  # recommended. For more details, see:
+  #   - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
+  #   - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
+  #   - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
+  config.disable_monkey_patching!
+
+  # This setting enables warnings. It's recommended, but in some cases may
+  # be too noisy due to issues in dependencies.
+  config.warnings = true
+
+  # Many RSpec users commonly either run the entire suite or an individual
+  # file, and it's useful to allow more verbose output when running an
+  # individual spec file.
+  if config.files_to_run.one?
+    # Use the documentation formatter for detailed output,
+    # unless a formatter has already been configured
+    # (e.g. via a command-line flag).
+    config.default_formatter = 'doc'
+  end
+
+  # Print the 10 slowest examples and example groups at the
+  # end of the spec run, to help surface which specs are running
+  # particularly slow.
+  config.profile_examples = 10
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = :random
+
+  # Seed global randomization in this process using the `--seed` CLI option.
+  # Setting this allows you to use `--seed` to deterministically reproduce
+  # test failures related to randomization by passing the same `--seed` value
+  # as the one that triggered the failure.
+  Kernel.srand config.seed
+=end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+require_relative '../lib/admission'
+require_relative 'rspec_config'
+
+require 'byebug'
+
+def with_bug
+  $bug = true
+  yield
+ensure
+  $bug = false
+end

data/spec/test_context/country.rb

@@ -0,0 +1,24 @@
+# COUNTRIES = [
+#     :czech,
+#     :deutschland,
+#     :taiwan,
+#     :russia,
+#     :australia,
+#     :moon
+# ]
+#
+# class << COUNTRIES
+#
+#   def europe? country
+#     %i[czech deutschland russia].include? country
+#   end
+#
+#   def safe? country
+#     %i[czech deutschland taiwan].include? country
+#   end
+#
+#   def are_you_dispensable? person
+#     not (%i[russia] & person.countries).empty?
+#   end
+#
+# end

data/spec/test_context/index.rb

@@ -0,0 +1,7 @@
+require_relative '../../lib/admission'
+
+require_relative 'country'
+require_relative 'person'
+
+require_relative 'privileges_and_rules'
+require_relative 'persons_fixtures'

data/spec/test_context/person.rb

@@ -0,0 +1,31 @@
+
+class Person
+
+  attr_reader :name, :sex, :countries
+  attr_reader :privileges, :rules
+
+  FEMALE            = 0
+  MALE              = 1
+  APACHE_HELICOPTER = 2
+
+  def initialize name, sex, countries
+    @name = name
+    @sex = sex
+    @countries = countries
+  end
+
+
+  # privileges per country
+
+  def not_woman?
+    @sex != FEMALE
+  end
+
+  def person
+    self
+  end
+
+  # def self.reduce_privileges **per_country
+  # end
+
+end

data/spec/test_context/persons_fixtures.rb

@@ -0,0 +1,43 @@
+
+fixtures = {
+
+    peasant_girl: [
+        Person::FEMALE,
+        []
+    ],
+
+    napoleon: [
+        Person::MALE,
+        []
+        # {all: 'harambe'}
+    ],
+
+    franz_joseph: [
+        Person::MALE,
+        [:czech, :australia]
+        # {czech: 'supernatural-primordial', taiwan: 'supernatural-god'}
+    ]
+
+}
+
+privileges_data_reducer = -> (privileges_data) {
+  privileges_data.to_a.reduce [] do |list, per_country_definition|
+    country, privileges_names = per_country_definition
+    raise "bad country #{country}" unless COUNTRIES.include? country
+    privileges_names = [privileges_names] unless privileges_names.is_a? Array
+
+    privileges = privileges_names.map do |name|
+      privilege = Admission::Privilege.get_from_order PRIVILEGES_ORDER, *name.split('-')
+      privilege.dup_with_context country
+    end
+
+    list + privileges
+  end
+}
+
+Person::FIXTURES = ->(name) {
+  *attrs, privileges = fixtures[name]
+  person = Person.new name, *attrs
+  person.instance_variable_set :@privileges, privileges_data_reducer.(privileges)
+  person
+}

data/spec/test_context/privileges_and_rules.rb

@@ -0,0 +1,114 @@
+
+
+PRIVILEGES_ORDER = Admission::Privilege.define_order do
+  privilege :vassal,   levels: %i[lord]
+  privilege :human,      levels: %i[count king]
+  privilege :emperor,  inherits: %i[vassal human]
+end
+
+
+ACTIONS_RULES = Admission::Arbitration.define_rules PRIVILEGES_ORDER do
+
+  privilege :human do
+    allow_all{ not_woman? }
+    forbid :raise_taxes
+    forbid :impose_corvee
+
+    forbid :impose_draft
+    forbid :act_as_god
+  end
+
+  privilege :human, :count do
+    allow_all do |country|
+      countries.include? country
+    end
+    allow :impose_corvee do |country|
+      countries.include? country
+    end
+  end
+
+  privilege :human, :king do
+    allow_all
+    allow :raise_taxes
+  end
+
+  privilege :vassal, :lord do
+    allow :impose_draft
+  end
+
+  privilege :emperor do
+    allow :act_as_god
+  end
+
+end
+
+
+RESOURCE_RULES = Admission::ResourceArbitration.define_rules PRIVILEGES_ORDER do
+
+  # `allow_all` & inheriting `:forbidden`
+
+  privilege :human do
+    allow_all(:actions){ not_woman? }
+    forbid :actions, :raise_taxes
+    forbid :actions, :impose_corvee
+
+    forbid :actions, :impose_draft
+    forbid :actions, :act_as_god
+  end
+
+  privilege :human, :count do
+    allow_all :actions do |country|
+      countries.include? country
+    end
+    allow :actions, :impose_corvee do |country|
+      countries.include? country
+    end
+  end
+
+  privilege :human, :king do
+    allow_all :actions
+    allow :actions, :raise_taxes
+  end
+
+  privilege :vassal, :lord do
+    allow :actions, :impose_draft
+  end
+
+  privilege :emperor do
+    allow :actions, :act_as_god
+  end
+
+  # `allow_resource` scoping & inheritance
+
+  privilege :vassal do
+
+    allow_resource Person, :show do |person, _|
+      raise 'person is nil' unless person
+      self == person
+    end
+
+    allow :persons, :index do |country|
+      countries.include? country
+    end
+
+  end
+
+  privilege :vassal, :lord do
+
+    allow_resource(Person, :show){ true }
+
+    allow_resource Person, %i[index update] do |person, country|
+      allowance = countries.include? country
+      next allowance unless person
+
+      allowance && person.countries.include?(country)
+    end
+
+    allow_resource Person, :destroy do |person, country|
+      person.countries.include?(country) &&
+          person.sex != Person::APACHE_HELICOPTER
+    end
+
+  end
+
+end

data/spec/unit/_helper.rb

@@ -0,0 +1 @@
+require_relative '../spec_helper'

data/spec/unit/ability_spec.rb

@@ -0,0 +1,29 @@
+# require_relative '../spec_helper'
+# require_relative '../test_context/index'
+#
+# RSpec.describe Admission::Ability do
+#
+#   let(:nobody_ability){ Admission::Ability.new Person::FIXTURES[:nobody] }
+#   let(:haramber_ability){ Admission::Ability.new Person::FIXTURES[:harambe] }
+#
+#
+#   describe '#new' do
+#
+#     it 'creates instance with no privileges' do
+#       expect(nobody_ability.instance_variable_get :@no_privileges).to be
+#     end
+#
+#     it 'creates instance with some privileges' do
+#       expect(haramber_ability.instance_variable_get :@no_privileges).not_to be
+#     end
+#
+#   end
+#
+#   # describe '#process' do
+#   #
+#   #   it '' do
+#   #   end
+#   #
+#   # end
+#
+# end

data/spec/unit/privilege/order_definer_spec.rb

@@ -0,0 +1,184 @@
+require_relative '../_helper'
+
+RSpec.describe Admission::Privilege::OrderDefiner do
+
+  def define_privileges &block
+    Admission::Privilege::OrderDefiner.define &block
+  end
+
+  def privilege *args, inherits: nil
+    p = Admission::Privilege.new *args
+    p.inherits_from inherits if inherits
+    p
+  end
+
+  let(:definer){ Admission::Privilege::OrderDefiner.new }
+
+
+  describe '.define' do
+
+    it 'builds empty index' do
+      index = define_privileges{}
+      expect(index).to be_a(Hash)
+      expect(index).to be_empty
+      expect(index).to be_frozen
+    end
+
+    it 'builds single privilege' do
+      index = define_privileges{ privilege :man, levels: %i[commoner count] }
+      expect(index.keys).to eq(%i[man])
+      expect(index[:man].keys).to eq(%i[^ base commoner count])
+      expect(index[:man][:base].inherited).to be_nil
+    end
+
+    it 'builds with inheritance' do
+      index = define_privileges do
+        privilege :man
+        privilege :vassal, levels: %i[lord], inherits: :man
+      end
+
+      # structure
+      expect(index.keys).to eq(%i[man vassal])
+      expect(index[:man].keys).to eq(%i[^ base])
+      expect(index[:vassal].keys).to eq(%i[^ base lord])
+
+      # inheritance
+      expect(index[:man][:base].inherited).to be_nil
+      expect(index[:vassal][:base].inherited).to eql([privilege(:man)])
+      expect(index[:vassal][:lord].inherited).to eql([privilege(:vassal)])
+    end
+
+  end
+
+
+  describe '#privilege' do
+
+    it 'adds privilege with no levels' do
+      definer.privilege :man
+      expect(definer.definitions.size).to eq(1)
+      expect(definer.definitions[:man][:inherits]).to be_nil
+      expect(definer.definitions[:man][:levels]).to eql([privilege(:man)])
+    end
+
+    it 'adds privilege with no levels by string' do
+      definer.privilege 'man'
+      expect(definer.definitions.size).to eq(1)
+      expect(definer.definitions[:man][:inherits]).to be_nil
+      expect(definer.definitions[:man][:levels]).to eql([privilege(:man)])
+    end
+
+    it 'adds privilege array of levels' do
+      definer.privilege :man, levels: %i[commoner count]
+      expect(definer.definitions.size).to eq(1)
+      expect(definer.definitions[:man][:inherits]).to be_nil
+      expect(definer.definitions[:man][:levels]).to eql([
+          privilege(:man), privilege(:man, :commoner), privilege(:man, :count)
+      ])
+    end
+
+    it 'adds privilege that inherits single other' do
+      definer.privilege :vassal, inherits: :man
+      expect(definer.definitions.size).to eq(1)
+      expect(definer.definitions[:vassal][:inherits]).to eq([:man])
+    end
+
+    it 'adds privilege that inherits multiple others' do
+      definer.privilege :vassal, inherits: %i[man woman apache-helicopter]
+      expect(definer.definitions.size).to eq(1)
+      expect(definer.definitions[:vassal][:inherits]).to eq([:man, :woman, :'apache-helicopter'])
+    end
+
+    it 'adds multiple privileges' do
+      definer.privilege :man
+      definer.privilege :vassal
+      expect(definer.definitions.keys).to eq(%i[man vassal])
+    end
+
+  end
+
+
+  describe '#setup_inheritance' do
+
+    it 'sets inheritance' do
+      definer.privilege :man
+      definer.privilege :vassal, inherits: :man
+      definer.send :setup_inheritance
+
+      vassal = definer.definitions[:vassal]
+      expect(vassal[:levels]).to eql([privilege(:vassal)])
+      expect(vassal[:levels].first.inherited).to eql([privilege(:man)])
+    end
+
+    it 'sets inheritance to top level' do
+      definer.privilege :man, levels: %i[commoner count]
+      definer.privilege :vassal, inherits: :man
+      definer.send :setup_inheritance
+
+      vassal = definer.definitions[:vassal]
+      expect(vassal[:levels]).to eql([privilege(:vassal)])
+      expect(vassal[:levels].first.inherited).to eql([privilege(:man, :count)])
+    end
+
+    it 'sets inheritance throughout levels' do
+      definer.privilege :man
+      definer.privilege :vassal, inherits: :man, levels: %i[lord]
+      definer.send :setup_inheritance
+
+      vassal = definer.definitions[:vassal]
+      expect(vassal[:levels]).to eql([privilege(:vassal), privilege(:vassal, :lord)])
+      expect(vassal[:levels][0].inherited).to eql([privilege(:man)])
+      expect(vassal[:levels][1].inherited).to eql([privilege(:vassal)])
+    end
+
+  end
+
+
+  describe '#build_index' do
+
+    it 'returns hash with single privileges' do
+      definer.privilege :man
+      index = definer.send :build_index
+      expect(index).to be_a(Hash)
+      expect(index.keys).to eq([:man])
+
+      man = index.values.first
+      expect(man.keys).to eq(%i[^ base])
+      expect(man.values).to eql([privilege(:man), privilege(:man)])
+    end
+
+    it 'builds index for privilege with levels' do
+      definer.privilege :man, levels: %i[commoner count]
+      index = definer.send :build_index
+      expect(index).to be_a(Hash)
+      expect(index.keys).to eq([:man])
+
+      man = index[:man]
+      expect(man.keys).to eq(%i[^ base commoner count])
+      expect(man[:'^']).to eql(privilege :man, :count)
+      expect(man[:base]).to eql(privilege :man)
+      expect(man[:commoner]).to eql(privilege :man, :commoner)
+      expect(man[:count]).to eql(privilege :man, :count)
+    end
+
+    it 'returns hash with more privileges' do
+      definer.privilege :man
+      definer.privilege :vassal, levels: %i[lord]
+      index = definer.send :build_index
+      expect(index).to be_a(Hash)
+      expect(index.keys).to eq([:man, :vassal])
+
+      man = index[:man]
+      expect(man.keys).to eq(%i[^ base])
+      expect(man[:'^']).to eql(privilege :man)
+      expect(man[:base]).to eql(privilege :man)
+
+      vassal = index[:vassal]
+      expect(vassal.keys).to eq(%i[^ base lord])
+      expect(vassal[:'^']).to eql(privilege :vassal, :lord)
+      expect(vassal[:base]).to eql(privilege :vassal)
+      expect(vassal[:lord]).to eql(privilege :vassal, :lord)
+    end
+
+  end
+
+end