adva_rbac 0.0.1

data/test/test_helper.rb

@@ -0,0 +1 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../adva_cms/test/test_helper')

data/test/unit/helpers/roles_helper_test.rb

@@ -0,0 +1,69 @@
+require File.expand_path(File.dirname(__FILE__) + "/../../test_helper")
+
+class RolesHelperTest < ActionView::TestCase
+  include RolesHelper
+  
+  def setup
+    super
+    @article = Article.first
+    
+    @superuser_role = Role.new(:name => 'superuser')
+    @admin_role     = Role.new(:name => 'admin', :context => Site.first)
+    @moderator_role = Role.new(:name => 'moderator', :context => Section.first)
+    @author_role    = Role.new(:name => 'author', :context => @article)
+    @user_role      = Role.new(:name => 'user')
+    @anonymous_role = Role.new(:name => 'anonymous')
+  end
+
+  # role_to_default_css_class
+  test "#role_to_default_css_class returns the role's name if no context is given" do
+    role_to_default_css_class(@user_role).should == 'user'
+  end
+
+  test "#role_to_default_css_class returns the role's context and name if context is given" do
+    role_to_default_css_class(@moderator_role).should =~ /section-[\d]+-moderator/
+  end
+  
+  # role_to_css_class
+  test "#role_to_css_class returns 'anonymous' for an anonymous role" do
+    role_to_css_class(@anonymous_role).should == 'anonymous'
+  end
+  
+  test "#role_to_css_class returns 'user' for a user role" do
+    role_to_css_class(@user_role).should == 'user'
+  end
+  
+  test "#role_to_css_class returns 'user-1 content-1-author' for an author role when the author is a user" do
+    role_to_css_class(@author_role).should =~ /user-[\d]+ content-[\d]+-author/
+  end
+  
+  test "#role_to_css_class returns 'anonymous-1 content-1-author' for an author role when the author is an anonymous" do
+    @article.author_type = 'Anonymous'
+    role_to_css_class(@author_role).should =~ /anonymous-[\d]+ content-[\d]+-author/
+  end
+  
+  test "#role_to_css_class returns 'section-1-moderator' for a user role" do
+    role_to_css_class(@moderator_role).should =~ /section-[\d]+-moderator/
+  end
+  
+  test "#role_to_css_class returns 'site-1-admin' for a admin role" do
+    role_to_css_class(@admin_role).should =~ /site-[\d]+-admin/
+  end
+  
+  test "#role_to_css_class returns 'superuser' for a superuser role" do
+    role_to_css_class(@superuser_role).should == 'superuser'
+  end
+  
+  # authorizing_css_classes
+  test "#quoted_role_names turns the given roles to css classes that allow a user to see an element" do
+    quoted_role_names([@superuser_role]).should == 'superuser'
+  end
+  
+  test "#quoted_role_names given the option :quote it encloses the classes in single quotes" do
+    quoted_role_names([@superuser_role], {:quote => true}).should == "'superuser'"
+  end
+  
+  test "#quoted_role_names given the option :separator it joins the classes using it" do
+    quoted_role_names([@superuser_role, @superuser_role], {:separator => ','}).should == "superuser,superuser"
+  end
+end

data/test/unit/models/rbac_context_test.rb

@@ -0,0 +1,37 @@
+require File.expand_path(File.dirname(__FILE__) + "/../../test_helper")
+
+class RbacContextTest < ActiveSupport::TestCase
+  def setup
+    super
+    @account = Account.find_by_name('an account')
+    @site    = Site.find_by_name('site with pages')
+  end
+  
+  define_method "test: roles have a reference to an ancestor context" do
+    superuser = Rbac::Role.find_by_name('superuser')
+    admin     = Rbac::Role.find_by_name('admin')
+    @moderator = User.find_by_first_name('a moderator')
+    moderator = Rbac::Role.find_by_user_id(@moderator.id)
+
+    assert_equal nil,   superuser.ancestor_context
+    assert_equal nil,   admin.ancestor_context
+    assert_equal @site, moderator.ancestor_context
+  end
+  
+  define_method "test: an account has members" do
+    assert @account.members.empty?
+    assert !@site.members.empty?
+  end
+  
+  # define_method "test: any user is a user of an account and a site" do
+  #   user = User.find_by_name('a user')
+  # 
+  #   assert @site.users.include?(user)
+  #   assert @account.users.include?(user)
+  # end
+  # 
+  # define_method "test: an account has members" do
+  #   @account.resources << @site
+  #   assert !@account.members.empty?
+  # end
+end

data/test/unit/models/rbac_user_test.rb

@@ -0,0 +1,100 @@
+require File.expand_path(File.dirname(__FILE__) + "/../../test_helper")
+
+class RbacUserTest < ActiveSupport::TestCase
+  def setup
+    super
+    @user = User.find_by_first_name('a user')
+    @role_attributes = [
+      { "name" => "superuser", "selected" => "1" },
+      { "name" => "admin", "context_id" => Site.first.id, "context_type" => "Site", "selected" => "1" }
+    ]
+  end
+
+  # the roles association
+  # FIXME implement ...
+
+  # stub_scenario :user_having_several_roles
+  # test 'roles.by_site returns all superuser, site and section roles for the given user' do
+  #   roles = @user.roles.by_site(@site)
+  #   roles.map(&:type).should == ['Rbac::Role::Superuser', 'Rbac::Role::Admin', 'Rbac::Role::Moderator']
+  # end
+  # 
+  # test 'roles.by_context returns all roles by_site for the given object' do
+  #   roles = @user.roles.by_context(@site)
+  #   roles.map(&:type).should == ['Rbac::Role::Superuser', 'Rbac::Role::Admin', 'Rbac::Role::Moderator']
+  # end
+  # 
+  # test 'roles.by_context adds the implicit roles for the given object if it has any' do
+  #   @topic.stub!(:implicit_roles).and_return [@comment_author_role]
+  #   roles = @user.roles.by_context(@topic)
+  #   roles.map(&:type).should == ['Rbac::Role::Superuser', 'Rbac::Role::Admin', 'Rbac::Role::Moderator', 'Rbac::Role::Author']
+  # end
+  # 
+  
+  test 'makes the new user a superuser' do
+    user = User.create_superuser(@valid_user_params)
+    user.has_role?(:superuser).should be_true
+  end
+
+  test "User.by_role_and_context finds all superusers" do
+    users = User.by_role_and_context(:superuser, nil)
+    users.size.should == 1
+  end
+
+  test "User.by_role_and_context finds all admins of a given site" do
+    site = Site.find_by_name('site with blog')
+    users = User.by_role_and_context(:admin, site)
+    users.size.should == 1
+  end
+
+  test "role_matches_attributes?" do
+    role = Role.new(:name => 'superuser')
+  
+    attributes = { :name => 'superuser' }
+    assert_equal true, User.role_matches_attributes?(attributes, role)
+  
+    attributes = { :name => 'god' }
+    assert_equal false, User.role_matches_attributes?(attributes, role)
+  
+    role = Role.new(:name => 'admin', :context_type => 'Site', :context_id => '1')
+    attributes = { :name => 'admin', :context_type => 'Site', :context_id => '1' }
+    assert_equal true, User.role_matches_attributes?(attributes, role)
+  
+    attributes = { :name => 'admin', :context_type => 'Site', :context_id => '2' }
+    assert_equal false, User.role_matches_attributes?(attributes, role)
+  end
+  
+  test "selected roles" do
+    fields = ['name', 'context_type', 'context_id']
+    expected = [Role.new(@role_attributes[0].slice(*fields)), Role.new(@role_attributes[1].slice(*fields))]
+    assert_equal expected.map { |r| r.attributes.slice(*fields) }, @user.selected_roles(@role_attributes).map { |r| r.attributes.slice(*fields) }
+  
+    @user.roles.build(@role_attributes[0].slice(*fields))
+    expected = [Role.new(@role_attributes[1].slice(*fields))]
+    assert_equal expected.map { |r| r.attributes.slice(*fields) }, @user.selected_roles(@role_attributes).map { |r| r.attributes.slice(*fields) }
+  end
+
+  test "unselected_roles" do
+    fields = ['name', 'context_type', 'context_id']
+    @role_attributes[0]['selected'] = '0'
+    @user.roles.build(@role_attributes[0].slice(*fields))
+    expected = [Role.new(@role_attributes[0].slice(*fields))]
+    assert_equal expected.map { |r| r.attributes.slice(*fields) }, @user.unselected_roles(@role_attributes).map { |r| r.attributes.slice(*fields) }
+  end
+  
+  test "creates new roles from the given attributes" do
+    @user.roles.should be_empty
+  
+    @user.roles_attributes = @role_attributes
+    @user.roles(true).size.should == 2
+  end
+  
+  test "ignores parameters that do not have the :selected flag set" do
+    @user.roles.should be_empty
+  
+    @role_attributes[0]['selected'] = '0'
+    @user.roles_attributes = @role_attributes
+  
+    @user.roles(true).size.should == 1
+  end
+end

data/test/unit/models/role_test.rb

@@ -0,0 +1,185 @@
+require File.expand_path(File.dirname(__FILE__) + "/../../test_helper")
+
+class RoleTest < ActiveSupport::TestCase
+  def setup
+    super
+
+    @superuser = User.find_by_first_name('a superuser')
+    @admin     = User.find_by_first_name('an admin')
+    @moderator = User.find_by_first_name('a moderator')
+    @another_moderator = User.find_by_first_name('another moderator')
+    @another_author = User.find_by_first_name('a author')
+    @user      = User.find_by_first_name('a user')
+    @anonymous = User.anonymous
+    @designer  = User.find_by_first_name('a designer')
+
+    @section   = @moderator.roles.detect { |r| r.context.is_a?(Section) }.context
+    @site      = @section.site
+    @content   = @section.articles.first
+    @author    = @content.author
+
+    @another_site = Site.find_by_name 'another site'
+  end
+
+  test "a superuser has the global role :superuser" do
+    @superuser.has_global_role?(:superuser).should be_true
+    @superuser.has_global_role?(:superuser, @site).should be_true
+    @superuser.has_global_role?(:superuser, @another_site).should be_true
+  end
+
+  test "a admin for 'site' has the global role :admin on 'site'" do
+    @admin.has_global_role?(:admin, @site).should be_true
+  end
+
+  test "a moderator for 'site' has the global role :moderator on 'site'" do
+    @another_moderator.has_global_role?(:moderator, @site).should be_true
+  end
+
+  test "a author for 'site' has the global role :author on 'site'" do
+    @another_author.has_global_role?(:author, @site).should be_true
+  end
+
+  test "a designer for 'site' has the global role :designer on 'site'" do
+    @designer.has_global_role?(:designer, @site).should be_true
+  end
+
+  test "a admin for 'site' does not have the global role :admin on 'another site'" do
+    @admin.has_global_role?(:admin, @another_site).should be_false
+  end
+
+  test "a moderator for a page of 'site' does not have the global role :moderator on 'site'" do
+    @moderator.has_global_role?(:moderator, @site).should be_false
+  end
+
+  test "a superuser has permissions for the admin areas of all sites" do
+    @superuser.has_permission_for_admin_area?(@site).should be_true
+    @superuser.has_permission_for_admin_area?(@another_site).should be_true
+  end
+
+  test "a admin, moderator, author and designer for 'site' have permission for the admin area of 'site'" do
+    @admin.has_permission_for_admin_area?(@site).should be_true
+    @another_moderator.has_permission_for_admin_area?(@site).should be_true
+    @another_author.has_permission_for_admin_area?(@site).should be_true
+    @designer.has_permission_for_admin_area?(@site).should be_true
+  end
+
+  test "a admin, moderator, author and designer for 'site' do not have permissions for the admin area of 'another_site'" do
+    @admin.has_permission_for_admin_area?(@another_site).should be_false
+    @another_moderator.has_permission_for_admin_area?(@another_site).should be_false
+    @author.has_permission_for_admin_area?(@another_site).should be_false
+    @designer.has_permission_for_admin_area?(@another_site).should be_false
+  end
+
+  test "a moderator for a page of a 'site' does not have permission for the admin area of 'site'" do
+    @moderator.has_permission_for_admin_area?(@site).should be_false
+  end
+
+  # has_role? (with a user)
+  test "a user has the role :user" do
+    @user.has_role?(:user).should be_true
+  end
+
+  test "a user does not have the role :moderator" do
+    @user.has_role?(:moderator, @section).should be_false
+  end
+
+  test "a user does not have the role :admin" do
+    @user.has_role?(:admin, @site).should be_false
+  end
+
+  test "a user does not have the role :superuser" do
+    @user.has_role?(:superuser).should be_false
+  end
+
+  # has_role? (with a content author)
+  test "a content author has the role :user" do
+    @author.has_role?(:user).should be_true
+  end
+
+  test 'a content author has the role :author for that content' do
+    @author.has_role?(:author, @content).should be_true
+  end
+
+  test "a content author does not have the role :moderator" do
+    @author.has_role?(:moderator, @section).should be_false
+  end
+
+  test "a content author does not have the role :admin" do
+    @author.has_role?(:admin, @site).should be_false
+  end
+
+  test "a content author does not have the role :superuser" do
+    @author.has_role?(:superuser).should be_false
+  end
+
+  # has_role? (with a section moderator)
+  test "a section moderator has the role :user" do
+    @moderator.has_role?(:user).should be_true
+  end
+
+  test "a section moderator has the role :author for another user's content" do
+    @moderator.has_role?(:author, @content).should be_true
+  end
+
+  test "a section moderator has the role :moderator for that section" do
+    @moderator.has_role?(:moderator, @section).should be_true
+  end
+
+  test "a section moderator does not have the role :admin" do
+    @moderator.has_role?(:admin, @site).should be_false
+  end
+
+  test "a section moderator does not have the role :superuser" do
+    @moderator.has_role?(:superuser).should be_false
+  end
+
+  # has_role? (with a site admin)
+  test "a site admin has the role :user" do
+    @admin.has_role?(:user).should be_true
+  end
+
+  test "a site admin has the role :author for another user's content" do
+    @admin.has_role?(:author, @content).should be_true
+  end
+
+  test "a site admin has the role :moderator for sections belonging to that site" do
+    @admin.has_role?(:moderator, @section).should be_true
+  end
+
+  test "a site admin has the role :admin for that site" do
+    @admin.has_role?(:admin, @site).should be_true
+  end
+
+  test "a site admin does not have role :admin for another site" do
+    @admin.has_role?(:admin, @another_site).should be_false
+  end
+
+  test "a site admin does not have role :admin for a non-existent site" do
+    @admin.has_role?(:admin, nil).should be_false
+  end
+
+  test "a site admin does not have the role :superuser" do
+    @admin.has_role?(:superuser).should be_false
+  end
+
+  # has_role? (with a superuser)
+  test "a superuser has the role :user" do
+    @superuser.has_role?(:user).should be_true
+  end
+
+  test "a superuser has the role :author for another user's content" do
+    @superuser.has_role?(:author, @content).should be_true
+  end
+
+  test "a superuser has the role :moderator for sections belonging to that site" do
+    @superuser.has_role?(:moderator, @section).should be_true
+  end
+
+  test "a superuser has the role :site for that site" do
+    @superuser.has_role?(:admin, @site).should be_true
+  end
+
+  test "a superuser has the role :superuser" do
+    @superuser.has_role?(:superuser).should be_true
+  end
+end

metadata

@@ -0,0 +1,110 @@
+--- !ruby/object:Gem::Specification
+name: adva_rbac
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Micah Geisel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-02-29 00:00:00.000000000 Z
+dependencies: []
+description: Adva RBAC
+email:
+- micah@botandrose.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- NOTES
+- README.md
+- Rakefile
+- adva_rbac.gemspec
+- app/controllers/roles_controller.rb
+- app/helpers/roles_helper.rb
+- app/views/admin/sections/settings/_permissions.html.erb
+- app/views/roles/index.js.erb
+- config/initializers/base_controller.rb
+- config/initializers/rbac.rb
+- config/initializers/user.rb
+- db/migrate/20080402000006_create_role_tables.rb
+- db/migrate/20090720132900_migrate_roles_table_to_new_rbac.rb
+- lib/action_controller/guards_permissions.rb
+- lib/adva_rbac.rb
+- lib/adva_rbac/version.rb
+- lib/permission_map.rb
+- lib/rbac.rb
+- lib/rbac/acts_as_role_context.rb
+- lib/rbac/acts_as_role_subject.rb
+- lib/rbac/context.rb
+- lib/rbac/role.rb
+- lib/rbac/role_type.rb
+- lib/rbac/role_type/active_record.rb
+- lib/rbac/role_type/static.rb
+- lib/rbac/subject.rb
+- test/functional/roles_controller_test.rb
+- test/integration/user_rbac_test.rb
+- test/rbac/all.rb
+- test/rbac/database.rb
+- test/rbac/database.yml
+- test/rbac/implementation/active_record_test.rb
+- test/rbac/implementation/static_test.rb
+- test/rbac/static.rb
+- test/rbac/test_helper.rb
+- test/rbac/tests/acts_as_role_context.rb
+- test/rbac/tests/context.rb
+- test/rbac/tests/group.rb
+- test/rbac/tests/has_role.rb
+- test/rbac/tests/role_type.rb
+- test/test_helper.rb
+- test/unit/helpers/roles_helper_test.rb
+- test/unit/models/rbac_context_test.rb
+- test/unit/models/rbac_user_test.rb
+- test/unit/models/role_test.rb
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: Engine for role-based authorization in Adva CMS
+test_files:
+- test/functional/roles_controller_test.rb
+- test/integration/user_rbac_test.rb
+- test/rbac/all.rb
+- test/rbac/database.rb
+- test/rbac/database.yml
+- test/rbac/implementation/active_record_test.rb
+- test/rbac/implementation/static_test.rb
+- test/rbac/static.rb
+- test/rbac/test_helper.rb
+- test/rbac/tests/acts_as_role_context.rb
+- test/rbac/tests/context.rb
+- test/rbac/tests/group.rb
+- test/rbac/tests/has_role.rb
+- test/rbac/tests/role_type.rb
+- test/test_helper.rb
+- test/unit/helpers/roles_helper_test.rb
+- test/unit/models/rbac_context_test.rb
+- test/unit/models/rbac_user_test.rb
+- test/unit/models/role_test.rb