admission 0.5.3 → 0.5.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/admission/privilege.rb +4 -6
- data/lib/admission/tests/minitest.rb +63 -0
- data/lib/admission/tests/tests.rb +167 -0
- data/lib/admission/version.rb +1 -1
- metadata +4 -4
- data/lib/admission/minitest.rb +0 -41
- data/lib/admission/tests.rb +0 -60
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7d0ddd21cf83cf7bbf30c34dd7e10ef53d919f8f
|
4
|
+
data.tar.gz: 005bfb63f14d000d9e2ee04761c67158a63686a7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cd2f8037bc53cbc86e22f1daa9eb1999dcf1f9d9d761c3d4574056a414307ff928383452628d3dd86b5e8f590ddcb4e3c0727f55daa2902d31d24cd2273b5e8b
|
7
|
+
data.tar.gz: 23f1de94269b77ce818d71166231ec201844b280b1a2e5653d0f4480b60b883199ba3df920560b78affb7c01991f956b9efb94a7050414eaf998b366846f5325
|
data/lib/admission/privilege.rb
CHANGED
@@ -9,11 +9,9 @@ class Admission::Privilege
|
|
9
9
|
attr_reader :inherited, :context
|
10
10
|
|
11
11
|
def initialize name, level=nil
|
12
|
-
name = name.to_sym
|
13
|
-
@
|
14
|
-
|
15
|
-
@level = level
|
16
|
-
@hash = [name, level].hash
|
12
|
+
@name = name.to_sym
|
13
|
+
@level = level ? level.to_sym : BASE_LEVEL_NAME
|
14
|
+
@hash = [@name, @level].hash
|
17
15
|
end
|
18
16
|
|
19
17
|
def inherits_from *privileges
|
@@ -60,4 +58,4 @@ class Admission::Privilege
|
|
60
58
|
].join ''
|
61
59
|
end
|
62
60
|
|
63
|
-
end
|
61
|
+
end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
require_relative './tests'
|
2
|
+
|
3
|
+
Minitest::Assertions.module_exec do
|
4
|
+
|
5
|
+
def get_privilege name, context=nil
|
6
|
+
p = Admission::Tests.order.get *Admission::Privilege.split_text_key(name)
|
7
|
+
p = p.dup_with_context context if context
|
8
|
+
p
|
9
|
+
end
|
10
|
+
|
11
|
+
def assert_admission status, privilege, request, scope
|
12
|
+
arbitration = status.instantiate_arbitration request, scope
|
13
|
+
arbitration.prepare_sitting privilege.context
|
14
|
+
result = arbitration.rule_per_privilege(privilege).eql?(true)
|
15
|
+
|
16
|
+
assert result, ->{ Admission::Tests.assertion_failed_message arbitration, privilege }
|
17
|
+
end
|
18
|
+
|
19
|
+
def refute_admission status, privilege, request, scope
|
20
|
+
arbitration = status.instantiate_arbitration request, scope
|
21
|
+
arbitration.prepare_sitting privilege.context
|
22
|
+
result = arbitration.rule_per_privilege(privilege).eql?(true)
|
23
|
+
|
24
|
+
refute result, ->{ Admission::Tests.refutation_failed_message arbitration, privilege }
|
25
|
+
end
|
26
|
+
|
27
|
+
def separate_privileges *args, &block
|
28
|
+
Admission::Tests.separate_privileges *args, &block
|
29
|
+
end
|
30
|
+
|
31
|
+
def assert_admissions_evaluation evaluation, request, to_assert, to_refute
|
32
|
+
should, should_not = evaluation.for_request(request).evaluate_groups to_assert, to_refute
|
33
|
+
assert should.empty?, ->{
|
34
|
+
Admission::Tests.assertion_failed_message evaluation.arbitration,
|
35
|
+
"any of: #{should.map{|p| p.privilege.to_s}.join ', '}"
|
36
|
+
}
|
37
|
+
assert should_not.empty?, ->{
|
38
|
+
Admission::Tests.refutation_failed_message evaluation.arbitration,
|
39
|
+
"any of: #{should_not.map{|p| p.privilege.to_s}.join ', '}"
|
40
|
+
}
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
|
45
|
+
if defined?(Mocha::Expectation) && defined?(Admission::Rails)
|
46
|
+
|
47
|
+
Admission::Tests.module_exec do
|
48
|
+
|
49
|
+
def self.create_action_mock controller
|
50
|
+
->(action, scope, params: nil, &block){
|
51
|
+
c = controller.new
|
52
|
+
c.stubs(:action_name).returns action
|
53
|
+
c.expects(:request_admission!).
|
54
|
+
with(action.to_sym, scope)
|
55
|
+
c.stubs(:params).returns params if params
|
56
|
+
block.call c if block
|
57
|
+
c.send :assure_admission
|
58
|
+
}
|
59
|
+
end
|
60
|
+
|
61
|
+
end
|
62
|
+
|
63
|
+
end
|
@@ -0,0 +1,167 @@
|
|
1
|
+
module Admission::Tests
|
2
|
+
|
3
|
+
class << self
|
4
|
+
attr_accessor :order
|
5
|
+
attr_accessor :all_privileges
|
6
|
+
|
7
|
+
def assertion_failed_message arbitration, privilege
|
8
|
+
'Admission denied to %s applying %s.' % [
|
9
|
+
arbitration.case_to_s,
|
10
|
+
privilege.to_s
|
11
|
+
]
|
12
|
+
end
|
13
|
+
|
14
|
+
def refutation_failed_message arbitration, privilege
|
15
|
+
'Admission given to %s applying %s.' % [
|
16
|
+
arbitration.case_to_s,
|
17
|
+
privilege.to_s
|
18
|
+
]
|
19
|
+
end
|
20
|
+
|
21
|
+
def separate_privileges selector=nil, inheritance: true, list: all_privileges, &block
|
22
|
+
selector = block unless selector
|
23
|
+
selector = [selector] if selector.is_a? String
|
24
|
+
|
25
|
+
block = case selector
|
26
|
+
when Array
|
27
|
+
if inheritance
|
28
|
+
ref_privileges = selector.map do |s|
|
29
|
+
order.get *Admission::Privilege.split_text_key(s)
|
30
|
+
end
|
31
|
+
->(p){
|
32
|
+
ref_privileges.any?{|ref_p| p.eql_or_inherits? ref_p }
|
33
|
+
}
|
34
|
+
|
35
|
+
else
|
36
|
+
->(p){ selector.include? p.text_key }
|
37
|
+
|
38
|
+
end
|
39
|
+
|
40
|
+
when Proc
|
41
|
+
selector
|
42
|
+
|
43
|
+
else raise ArgumentError.new('bad selector type')
|
44
|
+
end
|
45
|
+
|
46
|
+
list.partition &block
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
50
|
+
|
51
|
+
@all_privileges = []
|
52
|
+
|
53
|
+
class Evaluation
|
54
|
+
|
55
|
+
attr_reader :status, :arbitration
|
56
|
+
|
57
|
+
def initialize status, scope
|
58
|
+
@status = status
|
59
|
+
@scope = scope
|
60
|
+
end
|
61
|
+
|
62
|
+
def request= name
|
63
|
+
@arbitration = status.instantiate_arbitration name.to_sym, @scope
|
64
|
+
end
|
65
|
+
|
66
|
+
def for_request name
|
67
|
+
self.request = name
|
68
|
+
self
|
69
|
+
end
|
70
|
+
|
71
|
+
def evaluate privilege
|
72
|
+
arbitration.prepare_sitting privilege.context
|
73
|
+
arbitration.rule_per_privilege(privilege).eql?(true)
|
74
|
+
end
|
75
|
+
|
76
|
+
def evaluate_groups to_assert, to_refute
|
77
|
+
to_assert = to_assert.map{|p| ContextSpecificPrivilege.new p}
|
78
|
+
to_refute = to_refute.map{|p| ContextSpecificPrivilege.new p}
|
79
|
+
sorted = (to_assert + to_refute).sort_by{|p| p.privilege.context}
|
80
|
+
admissible, denied = sorted.partition{|p| evaluate p.privilege}
|
81
|
+
|
82
|
+
[
|
83
|
+
(denied - to_refute),
|
84
|
+
(admissible - to_assert)
|
85
|
+
]
|
86
|
+
end
|
87
|
+
|
88
|
+
def messages_for_groups should, should_not
|
89
|
+
[
|
90
|
+
should.map{|p| Admission::Tests.assertion_failed_message arbitration, p.privilege},
|
91
|
+
should_not.map{|p| Admission::Tests.refutation_failed_message arbitration, p.privilege}
|
92
|
+
].flatten
|
93
|
+
end
|
94
|
+
|
95
|
+
end
|
96
|
+
|
97
|
+
class ContextSpecificPrivilege
|
98
|
+
|
99
|
+
attr_reader :privilege
|
100
|
+
|
101
|
+
def initialize privilege
|
102
|
+
@privilege = privilege
|
103
|
+
@hash = [privilege.name, privilege.level, privilege.context].hash
|
104
|
+
end
|
105
|
+
|
106
|
+
def eql? other
|
107
|
+
hash == other.hash
|
108
|
+
end
|
109
|
+
|
110
|
+
end
|
111
|
+
|
112
|
+
class RuleCheckContext
|
113
|
+
|
114
|
+
attr_reader :action
|
115
|
+
|
116
|
+
def initialize
|
117
|
+
@evaluations = []
|
118
|
+
action = yield self
|
119
|
+
self.set_rule_check_action = action if !self.action && Proc === action
|
120
|
+
end
|
121
|
+
|
122
|
+
def data
|
123
|
+
@data ||= {}
|
124
|
+
end
|
125
|
+
|
126
|
+
def set value
|
127
|
+
case value
|
128
|
+
when Proc then @data_builder = value
|
129
|
+
when Hash then @data = value
|
130
|
+
else raise('context must be Hash or Proc')
|
131
|
+
end
|
132
|
+
end
|
133
|
+
|
134
|
+
def prepare *args, &block
|
135
|
+
raise 'context is static (i.e. context was not set to a Proc)' unless @data_builder
|
136
|
+
@data = @data_builder.call *args, &block
|
137
|
+
end
|
138
|
+
|
139
|
+
def set_rule_check_action= action
|
140
|
+
@action = action
|
141
|
+
end
|
142
|
+
|
143
|
+
def [] value
|
144
|
+
data[value]
|
145
|
+
end
|
146
|
+
|
147
|
+
def []= name, value
|
148
|
+
data[name] = value
|
149
|
+
end
|
150
|
+
|
151
|
+
def add_evaluation *args
|
152
|
+
evaluation = Evaluation.new *args
|
153
|
+
@evaluations.push evaluation
|
154
|
+
evaluation
|
155
|
+
end
|
156
|
+
|
157
|
+
def evaluate request
|
158
|
+
raise 'no evaluation preset' if @evaluations.empty?
|
159
|
+
@evaluations.each do |evaluation|
|
160
|
+
evaluation.request = request
|
161
|
+
yield evaluation
|
162
|
+
end
|
163
|
+
end
|
164
|
+
|
165
|
+
end
|
166
|
+
|
167
|
+
end
|
data/lib/admission/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: admission
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ondřej Želazko
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-05-07 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: Admission rules to actions or resources, privileges system included
|
14
14
|
email: zelazk.o@email.cz
|
@@ -23,7 +23,6 @@ files:
|
|
23
23
|
- lib/admission/arbitration.rb
|
24
24
|
- lib/admission/denied.rb
|
25
25
|
- lib/admission/index.rb
|
26
|
-
- lib/admission/minitest.rb
|
27
26
|
- lib/admission/privilege.rb
|
28
27
|
- lib/admission/privileges_order.rb
|
29
28
|
- lib/admission/rails.rb
|
@@ -32,7 +31,8 @@ files:
|
|
32
31
|
- lib/admission/rails/scope_resolver.rb
|
33
32
|
- lib/admission/resource_arbitration.rb
|
34
33
|
- lib/admission/status.rb
|
35
|
-
- lib/admission/tests.rb
|
34
|
+
- lib/admission/tests/minitest.rb
|
35
|
+
- lib/admission/tests/tests.rb
|
36
36
|
- lib/admission/version.rb
|
37
37
|
homepage: https://github.com/doooby/admission
|
38
38
|
licenses:
|
data/lib/admission/minitest.rb
DELETED
@@ -1,41 +0,0 @@
|
|
1
|
-
require_relative './tests'
|
2
|
-
|
3
|
-
# custom matchers
|
4
|
-
Minitest::Assertions.module_exec do
|
5
|
-
|
6
|
-
def assert_admission status, privilege, action, scope
|
7
|
-
arbitration = status.instantiate_arbitration action, scope
|
8
|
-
arbitration.prepare_sitting privilege.context
|
9
|
-
result = arbitration.rule_per_privilege(privilege).eql?(true)
|
10
|
-
|
11
|
-
assert result, ->{ Admission::Test.assertion_failed_message arbitration, privilege }
|
12
|
-
end
|
13
|
-
|
14
|
-
def refute_admission status, privilege, action, scope
|
15
|
-
arbitration = status.instantiate_arbitration action, scope
|
16
|
-
arbitration.prepare_sitting privilege.context
|
17
|
-
result = arbitration.rule_per_privilege(privilege).eql?(true)
|
18
|
-
|
19
|
-
refute result, ->{ Admission::Test.refutation_failed_message arbitration, privilege }
|
20
|
-
end
|
21
|
-
|
22
|
-
def assert_privileges_admission status, action, scope, assert: [], refute: []
|
23
|
-
arbitration = status.instantiate_arbitration action, scope
|
24
|
-
assert.sort_by! &:context
|
25
|
-
refute.sort_by! &:context
|
26
|
-
|
27
|
-
assert.each do |privilege|
|
28
|
-
arbitration.prepare_sitting privilege.context
|
29
|
-
result = arbitration.rule_per_privilege(privilege).eql?(true)
|
30
|
-
assert result, ->{ Admission::Test.assertion_failed_message arbitration, privilege }
|
31
|
-
end
|
32
|
-
|
33
|
-
refute.each do |privilege|
|
34
|
-
arbitration.prepare_sitting privilege.context
|
35
|
-
result = arbitration.rule_per_privilege(privilege).eql?(true)
|
36
|
-
refute result, ->{ Admission::Test.refutation_failed_message arbitration, privilege }
|
37
|
-
end
|
38
|
-
|
39
|
-
end
|
40
|
-
|
41
|
-
end
|
data/lib/admission/tests.rb
DELETED
@@ -1,60 +0,0 @@
|
|
1
|
-
module Admission::Test
|
2
|
-
|
3
|
-
class << self
|
4
|
-
attr_accessor :order
|
5
|
-
attr_accessor :all_privileges
|
6
|
-
|
7
|
-
def assertion_failed_message arbitration, privilege
|
8
|
-
'Admission denied to %s using %s' % [
|
9
|
-
arbitration.case_to_s,
|
10
|
-
privilege.to_s
|
11
|
-
]
|
12
|
-
end
|
13
|
-
|
14
|
-
def refutation_failed_message arbitration, privilege
|
15
|
-
'Admission given to %s using %s' % [
|
16
|
-
arbitration.case_to_s,
|
17
|
-
privilege.to_s
|
18
|
-
]
|
19
|
-
end
|
20
|
-
|
21
|
-
def separate_privileges selector=nil, inheritance: false, list: all_privileges, &block
|
22
|
-
selector = block unless selector
|
23
|
-
|
24
|
-
block = case selector
|
25
|
-
when String
|
26
|
-
if inheritance
|
27
|
-
ref_privilege = order.get *Admission::Privilege.split_text_key(selector)
|
28
|
-
->(p){ p.eql_or_inherits? ref_privilege }
|
29
|
-
|
30
|
-
else
|
31
|
-
->(p){ p.text_key == selector }
|
32
|
-
|
33
|
-
end
|
34
|
-
when Array
|
35
|
-
if inheritance
|
36
|
-
ref_privileges = selector.map do |s|
|
37
|
-
order.get *Admission::Privilege.split_text_key(s)
|
38
|
-
end
|
39
|
-
->(p){
|
40
|
-
ref_privileges.any?{|ref_p| p.eql_or_inherits? ref_p }
|
41
|
-
}
|
42
|
-
|
43
|
-
else
|
44
|
-
->(p){ selector.include? p.text_key }
|
45
|
-
|
46
|
-
end
|
47
|
-
when Proc
|
48
|
-
selector
|
49
|
-
|
50
|
-
else raise ArgumentError.new('bad selector type')
|
51
|
-
end
|
52
|
-
|
53
|
-
list.partition &block
|
54
|
-
end
|
55
|
-
|
56
|
-
end
|
57
|
-
|
58
|
-
@all_privileges = []
|
59
|
-
|
60
|
-
end
|