admission 0.1.7 → 0.1.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/admission/arbitration.rb +2 -2
- data/lib/admission/privilege.rb +2 -3
- data/lib/admission/resource_arbitration.rb +2 -2
- data/lib/admission/status.rb +17 -1
- data/lib/admission/version.rb +1 -1
- data/spec/integration/action_arbitrating_spec.rb +6 -6
- data/spec/integration/resource_arbitrating_spec.rb +21 -21
- data/spec/test_context/privileges_and_rules.rb +1 -1
- data/spec/unit/privilege_spec.rb +3 -15
- data/spec/unit/status_spec.rb +61 -0
- metadata +3 -3
- data/spec/unit/ability_spec.rb +0 -29
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f6fc32c93d1bd50bfe3cea39b1e7e62be2add21e
|
4
|
+
data.tar.gz: '095f27c6a9e95f503954ff5bea97ae12c828ef8f'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e46fdce9e3feea2f4c99c7d38a9ef606499f19fac82491644c82625da439b0337392d04e731e6ce2e9efd6f6ae97ddadef5c9f267df8d643432d2fccb8827c95
|
7
|
+
data.tar.gz: daefd3683677ec4ff98f1c8a5bb2147baf44d8690423024954a78859aa45fdbce73a26ae81ee9ad16b297b1127a3005202efa927748fd49501f345f3c10cd939
|
@@ -7,7 +7,7 @@ class Admission::Arbitration
|
|
7
7
|
@request = request.to_sym
|
8
8
|
end
|
9
9
|
|
10
|
-
def prepare_sitting
|
10
|
+
def prepare_sitting context=nil
|
11
11
|
@context = context
|
12
12
|
@decisions = {}
|
13
13
|
end
|
@@ -25,7 +25,7 @@ class Admission::Arbitration
|
|
25
25
|
def make_decision from_rules, privilege
|
26
26
|
if from_rules
|
27
27
|
decision = from_rules[privilege]
|
28
|
-
decision = @person.instance_exec
|
28
|
+
decision = @person.instance_exec @context, &decision if Proc === decision
|
29
29
|
|
30
30
|
unless Admission::VALID_DECISION.include? decision
|
31
31
|
raise "invalid decision: #{decision}"
|
data/lib/admission/privilege.rb
CHANGED
@@ -19,9 +19,8 @@ class Admission::Privilege
|
|
19
19
|
@inherited = privileges
|
20
20
|
end
|
21
21
|
|
22
|
-
def dup_with_context
|
23
|
-
|
24
|
-
return self if context.empty?
|
22
|
+
def dup_with_context context=nil
|
23
|
+
return self if context.nil?
|
25
24
|
with_context = dup
|
26
25
|
with_context.instance_variable_set :@context, context
|
27
26
|
with_context
|
@@ -12,9 +12,9 @@ class Admission::ResourceArbitration < Admission::Arbitration
|
|
12
12
|
decision = from_rules[privilege]
|
13
13
|
if Proc === decision
|
14
14
|
if decision.instance_variable_get :@resource_arbiter
|
15
|
-
decision = @person.instance_exec @resource,
|
15
|
+
decision = @person.instance_exec @resource, @context, &decision
|
16
16
|
else
|
17
|
-
decision = @person.instance_exec
|
17
|
+
decision = @person.instance_exec @context, &decision
|
18
18
|
end
|
19
19
|
end
|
20
20
|
|
data/lib/admission/status.rb
CHANGED
@@ -26,11 +26,27 @@ class Admission::Status
|
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
29
|
+
def allowed_in_contexts *args
|
30
|
+
return [] unless @privileges
|
31
|
+
arbitration = @arbiter.new person, rules, *args
|
32
|
+
|
33
|
+
@privileges.reduce [] do |list, privilege|
|
34
|
+
context = privilege.context
|
35
|
+
|
36
|
+
unless list.include? context
|
37
|
+
arbitration.prepare_sitting context
|
38
|
+
list << context if arbitration.rule_per_privilege(privilege).eql? true
|
39
|
+
end
|
40
|
+
|
41
|
+
list
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
29
45
|
private
|
30
46
|
|
31
47
|
def process_request arbitration
|
32
48
|
privileges.any? do |privilege|
|
33
|
-
arbitration.prepare_sitting
|
49
|
+
arbitration.prepare_sitting privilege.context
|
34
50
|
arbitration.rule_per_privilege(privilege).eql? true
|
35
51
|
end
|
36
52
|
end
|
data/lib/admission/version.rb
CHANGED
@@ -5,7 +5,7 @@ RSpec.describe 'actions_arbitrating' do
|
|
5
5
|
def arbitration request, context=nil
|
6
6
|
person = Person.new 'person', Person::MALE, [:czech]
|
7
7
|
arbitration = Admission::Arbitration.new person, ACTIONS_RULES, request
|
8
|
-
arbitration.prepare_sitting
|
8
|
+
arbitration.prepare_sitting context
|
9
9
|
arbitration
|
10
10
|
end
|
11
11
|
|
@@ -39,7 +39,7 @@ RSpec.describe 'actions_arbitrating' do
|
|
39
39
|
arbitration = Admission::Arbitration.new person, ACTIONS_RULES, :anything
|
40
40
|
arbitration.prepare_sitting :czech
|
41
41
|
expect(
|
42
|
-
arbitration.rule_per_privilege privilege(:human, :count, context:
|
42
|
+
arbitration.rule_per_privilege privilege(:human, :count, context: :czech)
|
43
43
|
).to eql(true)
|
44
44
|
end
|
45
45
|
|
@@ -60,24 +60,24 @@ RSpec.describe 'actions_arbitrating' do
|
|
60
60
|
it 'allows count and king to impose corvee in his countries' do
|
61
61
|
expect(
|
62
62
|
rule :impose_corvee,
|
63
|
-
privilege(:human, :count, context:
|
63
|
+
privilege(:human, :count, context: :czech)
|
64
64
|
).to eql(true)
|
65
65
|
|
66
66
|
expect(
|
67
67
|
rule :impose_corvee,
|
68
|
-
privilege(:human, :king, context:
|
68
|
+
privilege(:human, :king, context: :czech)
|
69
69
|
).to eql(true)
|
70
70
|
end
|
71
71
|
|
72
72
|
it 'forbids count and king to impose corvee outside his countries' do
|
73
73
|
expect(
|
74
74
|
rule :impose_corvee,
|
75
|
-
privilege(:human, :count, context:
|
75
|
+
privilege(:human, :count, context: :taiwan)
|
76
76
|
).to eql(:forbidden)
|
77
77
|
|
78
78
|
expect(
|
79
79
|
rule :impose_corvee,
|
80
|
-
privilege(:human, :king, context:
|
80
|
+
privilege(:human, :king, context: :taiwan)
|
81
81
|
).to eql(:forbidden)
|
82
82
|
end
|
83
83
|
|
@@ -7,7 +7,7 @@ RSpec.describe 'resources_arbitrating' do
|
|
7
7
|
|
8
8
|
def arbitration scope, action, context=nil
|
9
9
|
arbitration = Admission::ResourceArbitration.new person, RESOURCE_RULES, action, scope
|
10
|
-
arbitration.prepare_sitting
|
10
|
+
arbitration.prepare_sitting context
|
11
11
|
arbitration
|
12
12
|
end
|
13
13
|
|
@@ -48,7 +48,7 @@ RSpec.describe 'resources_arbitrating' do
|
|
48
48
|
:anything, :actions
|
49
49
|
arbitration.prepare_sitting :czech
|
50
50
|
expect(
|
51
|
-
arbitration.rule_per_privilege privilege(:human, :count, context:
|
51
|
+
arbitration.rule_per_privilege privilege(:human, :count, context: :czech)
|
52
52
|
).to eql(true)
|
53
53
|
end
|
54
54
|
|
@@ -69,24 +69,24 @@ RSpec.describe 'resources_arbitrating' do
|
|
69
69
|
it 'allows count and king to impose corvee in his countries' do
|
70
70
|
expect(
|
71
71
|
actions_rule :impose_corvee,
|
72
|
-
privilege(:human, :count, context:
|
72
|
+
privilege(:human, :count, context: :czech)
|
73
73
|
).to eql(true)
|
74
74
|
|
75
75
|
expect(
|
76
76
|
actions_rule :impose_corvee,
|
77
|
-
privilege(:human, :king, context:
|
77
|
+
privilege(:human, :king, context: :czech)
|
78
78
|
).to eql(true)
|
79
79
|
end
|
80
80
|
|
81
81
|
it 'forbids count and king to impose corvee outside his countries' do
|
82
82
|
expect(
|
83
83
|
actions_rule :impose_corvee,
|
84
|
-
privilege(:human, :count, context:
|
84
|
+
privilege(:human, :count, context: :taiwan)
|
85
85
|
).to eql(:forbidden)
|
86
86
|
|
87
87
|
expect(
|
88
88
|
actions_rule :impose_corvee,
|
89
|
-
privilege(:human, :king, context:
|
89
|
+
privilege(:human, :king, context: :taiwan)
|
90
90
|
).to eql(:forbidden)
|
91
91
|
end
|
92
92
|
|
@@ -145,17 +145,17 @@ RSpec.describe 'resources_arbitrating' do
|
|
145
145
|
|
146
146
|
it 'allows vassal to list persons only per his countries' do
|
147
147
|
expect(
|
148
|
-
rule :persons, :index, privilege(:vassal, context:
|
148
|
+
rule :persons, :index, privilege(:vassal, context: :czech)
|
149
149
|
).to eql(true)
|
150
150
|
|
151
151
|
expect(
|
152
|
-
rule :persons, :index, privilege(:vassal, context:
|
152
|
+
rule :persons, :index, privilege(:vassal, context: :taiwan)
|
153
153
|
).to eql(false)
|
154
154
|
end
|
155
155
|
|
156
156
|
it 'allows access scope-arbiter by resource' do
|
157
157
|
expect(
|
158
|
-
rule person, :index, privilege(:vassal, context:
|
158
|
+
rule person, :index, privilege(:vassal, context: :czech)
|
159
159
|
).to eql(true)
|
160
160
|
end
|
161
161
|
|
@@ -171,22 +171,22 @@ RSpec.describe 'resources_arbitrating' do
|
|
171
171
|
|
172
172
|
it 'allows lord to list persons from his country' do
|
173
173
|
expect(
|
174
|
-
rule person, :index, privilege(:vassal, context:
|
174
|
+
rule person, :index, privilege(:vassal, context: :czech)
|
175
175
|
).to eql(true)
|
176
176
|
|
177
177
|
expect(
|
178
|
-
rule :persons, :index, privilege(:vassal, context:
|
178
|
+
rule :persons, :index, privilege(:vassal, context: :czech)
|
179
179
|
).to eql(true)
|
180
180
|
|
181
181
|
expect(
|
182
|
-
rule person, :index, privilege(:vassal, context:
|
182
|
+
rule person, :index, privilege(:vassal, context: :taiwan)
|
183
183
|
).to eql(false)
|
184
184
|
end
|
185
185
|
|
186
186
|
it 'allows lord to update person that is from his country' do
|
187
187
|
expect(
|
188
188
|
rule female, :update,
|
189
|
-
privilege(:vassal, :lord, context:
|
189
|
+
privilege(:vassal, :lord, context: :czech)
|
190
190
|
).to eql(true)
|
191
191
|
|
192
192
|
expect(
|
@@ -199,12 +199,12 @@ RSpec.describe 'resources_arbitrating' do
|
|
199
199
|
|
200
200
|
expect(
|
201
201
|
rule female, :update,
|
202
|
-
privilege(:vassal, :lord, context:
|
202
|
+
privilege(:vassal, :lord, context: :czech)
|
203
203
|
).to eql(false)
|
204
204
|
|
205
205
|
expect(
|
206
206
|
rule female, :update,
|
207
|
-
privilege(:vassal, :lord, context:
|
207
|
+
privilege(:vassal, :lord, context: :taiwan)
|
208
208
|
).to eql(false)
|
209
209
|
end
|
210
210
|
|
@@ -216,7 +216,7 @@ RSpec.describe 'resources_arbitrating' do
|
|
216
216
|
|
217
217
|
it 'disallows vassal to update person' do
|
218
218
|
expect(
|
219
|
-
rule person, :update, privilege(:vassal, context:
|
219
|
+
rule person, :update, privilege(:vassal, context: :czech)
|
220
220
|
).to eql(false)
|
221
221
|
end
|
222
222
|
|
@@ -225,12 +225,12 @@ RSpec.describe 'resources_arbitrating' do
|
|
225
225
|
|
226
226
|
expect(
|
227
227
|
rule person, :destroy,
|
228
|
-
privilege(:vassal, :lord, context:
|
228
|
+
privilege(:vassal, :lord, context: :czech)
|
229
229
|
).to eql(true)
|
230
230
|
|
231
231
|
expect(
|
232
232
|
rule female, :destroy,
|
233
|
-
privilege(:vassal, :lord, context:
|
233
|
+
privilege(:vassal, :lord, context: :czech)
|
234
234
|
).to eql(false)
|
235
235
|
end
|
236
236
|
|
@@ -238,7 +238,7 @@ RSpec.describe 'resources_arbitrating' do
|
|
238
238
|
helicopter = Person.new 'person', Person::APACHE_HELICOPTER, [:czech]
|
239
239
|
expect(
|
240
240
|
rule helicopter, :destroy,
|
241
|
-
privilege(:vassal, :lord, context:
|
241
|
+
privilege(:vassal, :lord, context: :czech)
|
242
242
|
).to eql(false)
|
243
243
|
end
|
244
244
|
|
@@ -263,12 +263,12 @@ RSpec.describe 'resources_arbitrating' do
|
|
263
263
|
|
264
264
|
expect(
|
265
265
|
rule [person, :possessions], :update,
|
266
|
-
privilege(:vassal, :lord, context:
|
266
|
+
privilege(:vassal, :lord, context: :czech)
|
267
267
|
).to eql(true)
|
268
268
|
|
269
269
|
expect(
|
270
270
|
rule [person, :possessions], :update,
|
271
|
-
privilege(:vassal, :lord, context:
|
271
|
+
privilege(:vassal, :lord, context: :taiwan)
|
272
272
|
).to eql(false)
|
273
273
|
end
|
274
274
|
|
@@ -82,7 +82,7 @@ RESOURCE_RULES = Admission::ResourceArbitration.define_rules PRIVILEGES_ORDER do
|
|
82
82
|
|
83
83
|
privilege :vassal do
|
84
84
|
|
85
|
-
allow_resource Person, :show do |person,
|
85
|
+
allow_resource Person, :show do |person, *|
|
86
86
|
raise 'person is nil' unless person
|
87
87
|
self == person
|
88
88
|
end
|
data/spec/unit/privilege_spec.rb
CHANGED
@@ -86,7 +86,7 @@ RSpec.describe Admission::Privilege do
|
|
86
86
|
|
87
87
|
describe '#dup_with_context' do
|
88
88
|
|
89
|
-
it 'self when context is
|
89
|
+
it 'self when context is nil' do
|
90
90
|
p2 = privilege.dup_with_context
|
91
91
|
expect(p2).to be_a(Admission::Privilege)
|
92
92
|
expect(p2).to equal(privilege)
|
@@ -94,26 +94,14 @@ RSpec.describe Admission::Privilege do
|
|
94
94
|
p2 = privilege.dup_with_context nil
|
95
95
|
expect(p2).to be_a(Admission::Privilege)
|
96
96
|
expect(p2).to equal(privilege)
|
97
|
-
|
98
|
-
p2 = privilege.dup_with_context []
|
99
|
-
expect(p2).to be_a(Admission::Privilege)
|
100
|
-
expect(p2).to equal(privilege)
|
101
|
-
end
|
102
|
-
|
103
|
-
it 'duplicates with context as array' do
|
104
|
-
p2 = privilege.dup_with_context :moon
|
105
|
-
expect(p2).to be_a(Admission::Privilege)
|
106
|
-
expect(p2).not_to equal(privilege)
|
107
|
-
expect(p2).to eql(privilege)
|
108
|
-
expect(p2).to have_attributes(name: :man, level: :base, context: [:moon])
|
109
97
|
end
|
110
98
|
|
111
99
|
it 'duplicates only change context' do
|
112
|
-
p2 = privilege.dup_with_context
|
100
|
+
p2 = privilege.dup_with_context :moon
|
113
101
|
expect(p2).to be_a(Admission::Privilege)
|
114
102
|
expect(p2).not_to equal(privilege)
|
115
103
|
expect(p2).to eql(privilege)
|
116
|
-
expect(p2).to have_attributes(name: :man, level: :base, context:
|
104
|
+
expect(p2).to have_attributes(name: :man, level: :base, context: :moon)
|
117
105
|
end
|
118
106
|
|
119
107
|
end
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require_relative './_helper'
|
2
|
+
|
3
|
+
RSpec.describe Admission::Status do
|
4
|
+
|
5
|
+
def privilege context
|
6
|
+
@fake_privilege_klass ||= Struct.new(:context, :inherited)
|
7
|
+
@fake_privilege_klass.new context
|
8
|
+
end
|
9
|
+
|
10
|
+
describe '#new' do
|
11
|
+
|
12
|
+
it 'sets privileges to nil' do
|
13
|
+
instance = Admission::Status.new :person, nil, :rules, :arbiter
|
14
|
+
expect(instance).to have_inst_vars(
|
15
|
+
person: :person,
|
16
|
+
privileges: nil,
|
17
|
+
rules: :rules,
|
18
|
+
arbiter: :arbiter
|
19
|
+
)
|
20
|
+
|
21
|
+
instance = Admission::Status.new :person, [], :rules, :arbiter
|
22
|
+
expect(instance).to have_inst_vars(
|
23
|
+
person: :person,
|
24
|
+
privileges: nil,
|
25
|
+
rules: :rules,
|
26
|
+
arbiter: :arbiter
|
27
|
+
)
|
28
|
+
end
|
29
|
+
|
30
|
+
it 'sets privileges' do
|
31
|
+
instance = Admission::Status.new :person, ['kkk'], :rules, :arbiter
|
32
|
+
expect(instance).to have_inst_vars(
|
33
|
+
person: :person,
|
34
|
+
privileges: ['kkk'],
|
35
|
+
rules: :rules,
|
36
|
+
arbiter: :arbiter
|
37
|
+
)
|
38
|
+
end
|
39
|
+
|
40
|
+
end
|
41
|
+
|
42
|
+
describe '#allowed_in_contexts' do
|
43
|
+
|
44
|
+
it 'returns empty list for blank privileges' do
|
45
|
+
instance = Admission::Status.new :person, nil, :rules, :arbiter
|
46
|
+
expect(instance.allowed_in_contexts).to eq([])
|
47
|
+
end
|
48
|
+
|
49
|
+
it 'lists only context for which any privilege allows it' do
|
50
|
+
priv1 = privilege text: '1'
|
51
|
+
priv2 = privilege text: '2'
|
52
|
+
rules = {can: {priv1 => true}}
|
53
|
+
instance = Admission::Status.new nil, [priv1, priv2], rules, Admission::Arbitration
|
54
|
+
|
55
|
+
list = instance.allowed_in_contexts :can
|
56
|
+
expect(list).to eq([priv1.context])
|
57
|
+
end
|
58
|
+
|
59
|
+
end
|
60
|
+
|
61
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: admission
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- doooby
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-06-
|
11
|
+
date: 2017-06-07 00:00:00.000000000 Z
|
12
12
|
dependencies: []
|
13
13
|
description: update-me
|
14
14
|
email: zelazk.o@email.cz
|
@@ -45,10 +45,10 @@ files:
|
|
45
45
|
- spec/test_context/persons_fixtures.rb
|
46
46
|
- spec/test_context/privileges_and_rules.rb
|
47
47
|
- spec/unit/_helper.rb
|
48
|
-
- spec/unit/ability_spec.rb
|
49
48
|
- spec/unit/privilege/order_definer_spec.rb
|
50
49
|
- spec/unit/privilege_spec.rb
|
51
50
|
- spec/unit/resource_arbitration_spec.rb
|
51
|
+
- spec/unit/status_spec.rb
|
52
52
|
homepage: https://github.com/doooby/admission
|
53
53
|
licenses:
|
54
54
|
- GPL-3.0
|
data/spec/unit/ability_spec.rb
DELETED
@@ -1,29 +0,0 @@
|
|
1
|
-
# require_relative '../spec_helper'
|
2
|
-
# require_relative '../test_context/index'
|
3
|
-
#
|
4
|
-
# RSpec.describe Admission::Ability do
|
5
|
-
#
|
6
|
-
# let(:nobody_ability){ Admission::Ability.new Person::FIXTURES[:nobody] }
|
7
|
-
# let(:haramber_ability){ Admission::Ability.new Person::FIXTURES[:harambe] }
|
8
|
-
#
|
9
|
-
#
|
10
|
-
# describe '#new' do
|
11
|
-
#
|
12
|
-
# it 'creates instance with no privileges' do
|
13
|
-
# expect(nobody_ability.instance_variable_get :@no_privileges).to be
|
14
|
-
# end
|
15
|
-
#
|
16
|
-
# it 'creates instance with some privileges' do
|
17
|
-
# expect(haramber_ability.instance_variable_get :@no_privileges).not_to be
|
18
|
-
# end
|
19
|
-
#
|
20
|
-
# end
|
21
|
-
#
|
22
|
-
# # describe '#process' do
|
23
|
-
# #
|
24
|
-
# # it '' do
|
25
|
-
# # end
|
26
|
-
# #
|
27
|
-
# # end
|
28
|
-
#
|
29
|
-
# end
|