ae_declarative_authorization 0.10.1 → 0.12.1.tim1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (61) hide show
  1. checksums.yaml +5 -5
  2. data/.circleci/config.yml +29 -0
  3. data/.gitignore +32 -0
  4. data/.ruby-version +1 -0
  5. data/Appraisals +18 -23
  6. data/Gemfile +3 -1
  7. data/declarative_authorization.gemspec +2 -2
  8. data/lib/declarative_authorization/controller/grape.rb +15 -4
  9. data/lib/declarative_authorization/controller_permission.rb +1 -5
  10. data/lib/declarative_authorization/test/helpers.rb +8 -2
  11. data/lib/declarative_authorization/version.rb +1 -1
  12. metadata +11 -76
  13. data/Gemfile.lock +0 -138
  14. data/gemfiles/ruby_2.3.3_rails507.gemfile +0 -12
  15. data/gemfiles/ruby_2.3.3_rails507.gemfile.lock +0 -164
  16. data/gemfiles/ruby_2.3.3_rails516.gemfile +0 -12
  17. data/gemfiles/ruby_2.3.3_rails516.gemfile.lock +0 -164
  18. data/gemfiles/ruby_2.3.3_rails521.gemfile +0 -12
  19. data/gemfiles/ruby_2.3.3_rails521.gemfile.lock +0 -172
  20. data/gemfiles/ruby_2.3.3_rails522.gemfile +0 -12
  21. data/gemfiles/ruby_2.3.3_rails522.gemfile.lock +0 -172
  22. data/gemfiles/ruby_2.5.3_rails507.gemfile +0 -12
  23. data/gemfiles/ruby_2.5.3_rails507.gemfile.lock +0 -164
  24. data/gemfiles/ruby_2.5.3_rails516.gemfile +0 -12
  25. data/gemfiles/ruby_2.5.3_rails516.gemfile.lock +0 -164
  26. data/gemfiles/ruby_2.5.3_rails521.gemfile +0 -12
  27. data/gemfiles/ruby_2.5.3_rails521.gemfile.lock +0 -172
  28. data/gemfiles/ruby_2.5.3_rails522.gemfile +0 -12
  29. data/gemfiles/ruby_2.5.3_rails522.gemfile.lock +0 -172
  30. data/gemfiles/ruby_2.6.2_rails507.gemfile +0 -12
  31. data/gemfiles/ruby_2.6.2_rails507.gemfile.lock +0 -164
  32. data/gemfiles/ruby_2.6.2_rails516.gemfile +0 -12
  33. data/gemfiles/ruby_2.6.2_rails516.gemfile.lock +0 -164
  34. data/gemfiles/ruby_2.6.2_rails521.gemfile +0 -12
  35. data/gemfiles/ruby_2.6.2_rails521.gemfile.lock +0 -172
  36. data/gemfiles/ruby_2.6.2_rails522.gemfile +0 -12
  37. data/gemfiles/ruby_2.6.2_rails522.gemfile.lock +0 -172
  38. data/log/test.log +0 -89694
  39. data/pkg/ae_declarative_authorization-0.10.0.gem +0 -0
  40. data/pkg/ae_declarative_authorization-0.9.0.gem +0 -0
  41. data/pkg/ae_declarative_authorization-0.9.0.tim1.gem +0 -0
  42. data/pkg/ae_declarative_authorization-0.9.1.gem +0 -0
  43. data/pkg/ae_declarative_authorization-0.9.2.gem +0 -0
  44. data/test/authorization_test.rb +0 -1189
  45. data/test/controller_filter_resource_access_test.rb +0 -573
  46. data/test/database.yml +0 -3
  47. data/test/dsl_reader_test.rb +0 -178
  48. data/test/functional/filter_access_to_with_id_in_scope_test.rb +0 -88
  49. data/test/functional/no_filter_access_to_test.rb +0 -79
  50. data/test/functional/params_block_arity_test.rb +0 -39
  51. data/test/grape_api_test.rb +0 -508
  52. data/test/helper_test.rb +0 -248
  53. data/test/maintenance_test.rb +0 -46
  54. data/test/model_test.rb +0 -1840
  55. data/test/profiles/access_checking +0 -100
  56. data/test/rails_controller_test.rb +0 -478
  57. data/test/schema.sql +0 -60
  58. data/test/test_helper.rb +0 -117
  59. data/test/test_support/grape.rb +0 -93
  60. data/test/test_support/minitest_compatibility.rb +0 -27
  61. data/test/test_support/rails.rb +0 -69
@@ -1,248 +0,0 @@
1
- require 'test_helper'
2
- require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization helper})
3
-
4
-
5
- class HelperMocksController < MocksController
6
- filter_access_to :action, :require => :show, :context => :mocks
7
- define_action_methods :action
8
- end
9
- class HelperTest < ActionController::TestCase
10
- tests HelperMocksController
11
- include Authorization::AuthorizationHelper
12
- attr_reader :controller
13
- def test_permit
14
- reader = Authorization::Reader::DSLReader.new
15
- reader.parse %{
16
- authorization do
17
- role :test_role do
18
- has_permission_on :mocks, :to => :show
19
- end
20
- role :test_role_2 do
21
- has_permission_on :mocks, :to => :update
22
- end
23
- end
24
- }
25
- user = MockUser.new(:test_role)
26
- request!(user, :action, reader)
27
-
28
- assert permitted_to?(:show, :mocks)
29
- assert !permitted_to?(:update, :mocks)
30
-
31
- block_evaled = false
32
- permitted_to?(:show, :mocks) do
33
- block_evaled = true
34
- end
35
- assert block_evaled
36
-
37
- block_evaled = false
38
- permitted_to?(:update, :mocks) do
39
- block_evaled = true
40
- end
41
- assert !block_evaled
42
- end
43
-
44
- def test_permit_with_object
45
- reader = Authorization::Reader::DSLReader.new
46
- reader.parse %{
47
- authorization do
48
- role :test_role do
49
- has_permission_on :mocks do
50
- to :show
51
- if_attribute :test_attr => is {user.test_attr}
52
- end
53
- end
54
- end
55
- }
56
- user = MockUser.new(:test_role, :test_attr => 1)
57
- mock = MockDataObject.new(:test_attr => 1)
58
- mock_2 = MockDataObject.new(:test_attr => 2)
59
- request!(user, :action, reader)
60
-
61
- assert permitted_to?(:show, mock)
62
- assert permitted_to?(:show, :mocks)
63
- assert !permitted_to?(:show, mock_2)
64
- end
65
-
66
- def test_permit_with_object_and_context
67
- reader = Authorization::Reader::DSLReader.new
68
- reader.parse %{
69
- authorization do
70
- role :test_role do
71
- has_permission_on :other_mocks do
72
- to :show
73
- if_attribute :test_attr => is {user.test_attr}
74
- end
75
- end
76
- end
77
- }
78
- user = MockUser.new(:test_role, :test_attr => 1)
79
- mock = MockDataObject.new(:test_attr => 1)
80
- mock_2 = MockDataObject.new(:test_attr => 2)
81
- request!(user, :action, reader)
82
-
83
- assert permitted_to?(:show, mock, :context => :other_mocks)
84
- assert !permitted_to?(:show, mock_2, :context => :other_mocks)
85
- end
86
-
87
- def test_has_role
88
- reader = Authorization::Reader::DSLReader.new
89
- reader.parse %{
90
- authorization do
91
- role :test_role do
92
- has_permission_on :mocks, :to => :show
93
- end
94
- end
95
- }
96
- user = MockUser.new(:test_role)
97
- request!(user, :action, reader)
98
-
99
- assert has_role?(:test_role)
100
- assert !has_role?(:test_role2)
101
- assert !has_role?(:test_role, :test_role2)
102
-
103
- block_evaled = false
104
- has_role?(:test_role) do
105
- block_evaled = true
106
- end
107
- assert block_evaled
108
-
109
- block_evaled = false
110
- has_role?(:test_role2) do
111
- block_evaled = true
112
- end
113
- assert !block_evaled
114
- end
115
-
116
- def test_has_any_role
117
- reader = Authorization::Reader::DSLReader.new
118
- reader.parse %{
119
- authorization do
120
- role :test_role do
121
- has_permission_on :mocks, :to => :show
122
- end
123
- end
124
- }
125
- user = MockUser.new(:test_role)
126
- request!(user, :action, reader)
127
-
128
- assert has_any_role?(:test_role)
129
- assert !has_any_role?(:test_role2)
130
- assert has_any_role?(:test_role, :test_role2)
131
-
132
- block_evaled = false
133
- has_any_role?(:test_role) do
134
- block_evaled = true
135
- end
136
- assert block_evaled
137
-
138
- block_evaled = false
139
- has_any_role?(:test_role2) do
140
- block_evaled = true
141
- end
142
- assert !block_evaled
143
-
144
- block_evaled = false
145
- has_any_role?(:test_role,:test_role2) do
146
- block_evaled = true
147
- end
148
- assert block_evaled
149
- end
150
-
151
- def test_has_role_with_guest_user
152
- reader = Authorization::Reader::DSLReader.new
153
- reader.parse %{
154
- authorization do
155
- end
156
- }
157
- request!(nil, :action, reader)
158
-
159
- Authorization.stub :current_user, MockUser.new do
160
- assert !has_role?(:test_role)
161
-
162
- block_evaled = false
163
- has_role?(:test_role) do
164
- block_evaled = true
165
- end
166
- assert !block_evaled
167
- end
168
- end
169
-
170
- def test_has_role_with_hierarchy
171
- reader = Authorization::Reader::DSLReader.new
172
- reader.parse %{
173
- authorization do
174
- role :test_role do
175
- has_permission_on :mocks, :to => :show
176
- end
177
- role :other_role do
178
- has_permission_on :another_mocks, :to => :show
179
- end
180
-
181
- role :root do
182
- includes :test_role
183
- end
184
- end
185
- }
186
-
187
- user = MockUser.new(:root)
188
- request!(user, :action, reader)
189
-
190
- assert has_role_with_hierarchy?(:test_role)
191
- assert !has_role_with_hierarchy?(:other_role)
192
-
193
- block_evaled = false
194
- has_role_with_hierarchy?(:test_role) do
195
- block_evaled = true
196
- end
197
- assert block_evaled
198
-
199
- block_evaled = false
200
- has_role_with_hierarchy?(:test_role2) do
201
- block_evaled = true
202
- end
203
- assert !block_evaled
204
- end
205
-
206
- def test_has_any_role_with_hierarchy
207
- reader = Authorization::Reader::DSLReader.new
208
- reader.parse %{
209
- authorization do
210
- role :test_role do
211
- has_permission_on :mocks, :to => :show
212
- end
213
- role :other_role do
214
- has_permission_on :another_mocks, :to => :show
215
- end
216
-
217
- role :root do
218
- includes :test_role
219
- end
220
- end
221
- }
222
-
223
- user = MockUser.new(:root)
224
- request!(user, :action, reader)
225
-
226
- assert has_any_role_with_hierarchy?(:test_role)
227
- assert !has_any_role_with_hierarchy?(:other_role)
228
- assert has_any_role_with_hierarchy?(:test_role,:other_role)
229
-
230
- block_evaled = false
231
- has_any_role_with_hierarchy?(:test_role) do
232
- block_evaled = true
233
- end
234
- assert block_evaled
235
-
236
- block_evaled = false
237
- has_any_role_with_hierarchy?(:test_role2) do
238
- block_evaled = true
239
- end
240
- assert !block_evaled
241
-
242
- block_evaled = false
243
- has_any_role_with_hierarchy?(:test_role,:test_role2) do
244
- block_evaled = true
245
- end
246
- assert block_evaled
247
- end
248
- end
@@ -1,46 +0,0 @@
1
- require 'test_helper'
2
- require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization maintenance})
3
-
4
- class MaintenanceTest < Test::Unit::TestCase
5
- include Authorization::TestHelper
6
-
7
- def test_usages_by_controllers
8
- usage_test_controller = Class.new(ActionController::Base)
9
- usage_test_controller.send(:define_method, :an_action) {}
10
- usage_test_controller.filter_access_to :an_action
11
-
12
- assert Authorization::Maintenance::Usage::usages_by_controller.
13
- include?(usage_test_controller)
14
- end
15
-
16
- def test_without_access_control
17
- reader = Authorization::Reader::DSLReader.new
18
- reader.parse %{
19
- authorization do
20
- role :test_role do
21
- has_permission_on :permissions, :to => :test
22
- end
23
- end
24
- }
25
- engine = Authorization::Engine.new(reader)
26
- assert !engine.permit?(:test_2, :context => :permissions,
27
- :user => MockUser.new(:test_role))
28
- Authorization::Maintenance::without_access_control do
29
- assert engine.permit!(:test_2, :context => :permissions,
30
- :user => MockUser.new(:test_role))
31
- end
32
- without_access_control do
33
- assert engine.permit?(:test_2, :context => :permissions,
34
- :user => MockUser.new(:test_role))
35
- end
36
- Authorization::Maintenance::without_access_control do
37
- Authorization::Maintenance::without_access_control do
38
- assert engine.permit?(:test_2, :context => :permissions,
39
- :user => MockUser.new(:test_role))
40
- end
41
- assert engine.permit?(:test_2, :context => :permissions,
42
- :user => MockUser.new(:test_role))
43
- end
44
- end
45
-
46
- end
@@ -1,1840 +0,0 @@
1
- require 'test_helper'
2
- require File.expand_path(File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization in_model}))
3
-
4
- ActiveRecord::Base.send :include, Authorization::AuthorizationInModel
5
- #ActiveRecord::Base.logger = Logger.new(STDOUT)
6
-
7
- options = {:adapter => 'sqlite3', :timeout => 500, :database => ':memory:'}
8
- ActiveRecord::Base.establish_connection(options)
9
- ActiveRecord::Base.configurations = { 'sqlite3_ar_integration' => options }
10
- ActiveRecord::Base.connection
11
-
12
- File.read(File.dirname(__FILE__) + "/schema.sql").split(';').each do |sql|
13
- ActiveRecord::Base.connection.execute(sql) unless sql.blank?
14
- end
15
-
16
- class TestModel < ActiveRecord::Base
17
- has_many :test_attrs
18
- has_many :test_another_attrs, :class_name => "TestAttr", :foreign_key => :test_another_model_id
19
- has_many :test_attr_throughs, :through => :test_attrs
20
- has_one :test_attr_has_one, :class_name => "TestAttr"
21
- has_many :branches
22
-
23
- has_many :test_attrs_with_attr,
24
- lambda { where(:attr => 1) },
25
- :class_name => "TestAttr"
26
-
27
- has_many :test_attr_throughs_with_attr,
28
- lambda { where("test_attrs.attr = 1") },
29
- :through => :test_attrs,
30
- :class_name => "TestAttrThrough", :source => :test_attr_throughs
31
-
32
- has_one :test_attr_throughs_with_attr_and_has_one,
33
- lambda { where("test_attrs.attr = 1") },
34
- :through => :test_attrs,
35
- :class_name => "TestAttrThrough",
36
- :source => :test_attr_throughs
37
-
38
- scope :with_content, lambda { where("test_models.content IS NOT NULL") }
39
-
40
- # Primary key test
41
- has_many :test_attrs_with_primary_id,
42
- :class_name => "TestAttr",
43
- :primary_key => :test_attr_through_id,
44
- :foreign_key => :test_attr_through_id
45
- has_many :test_attr_throughs_with_primary_id,
46
- :through => :test_attrs_with_primary_id,
47
- :class_name => "TestAttrThrough",
48
- :source => :n_way_join_item
49
-
50
- # for checking for unnecessary queries
51
- mattr_accessor :query_count
52
- def self.find(*args)
53
- self.query_count ||= 0
54
- self.query_count += 1
55
- super(*args)
56
- end
57
- end
58
-
59
- class NWayJoinItem < ActiveRecord::Base
60
- has_many :test_attrs
61
- has_many :others, :through => :test_attrs, :source => :n_way_join_item
62
- end
63
-
64
- class TestAttr < ActiveRecord::Base
65
- belongs_to :test_model
66
- belongs_to :test_another_model, :class_name => "TestModel", :foreign_key => :test_another_model_id
67
- belongs_to :test_a_third_model, :class_name => "TestModel", :foreign_key => :test_a_third_model_id
68
- belongs_to :n_way_join_item
69
- belongs_to :test_attr
70
- belongs_to :branch
71
- belongs_to :company
72
- has_many :test_attr_throughs
73
- has_many :test_model_security_model_with_finds
74
- attr_reader :role_symbols
75
-
76
- def initialize(*args)
77
- @role_symbols = []
78
- super(*args)
79
- end
80
- end
81
-
82
- class TestAttrThrough < ActiveRecord::Base
83
- belongs_to :test_attr
84
- end
85
-
86
- class TestModelSecurityModel < ActiveRecord::Base
87
- has_many :test_attrs
88
- using_access_control
89
- end
90
- class TestModelSecurityModelWithFind < ActiveRecord::Base
91
- self.table_name = 'test_model_security_models'
92
-
93
- has_many :test_attrs
94
- belongs_to :test_attr
95
- using_access_control :include_read => true,
96
- :context => :test_model_security_models
97
- end
98
-
99
- class Branch < ActiveRecord::Base
100
- has_many :test_attrs
101
- belongs_to :company
102
- belongs_to :test_model
103
- end
104
- class Company < ActiveRecord::Base
105
- has_many :test_attrs
106
- has_many :branches
107
- belongs_to :country
108
- end
109
- class SmallCompany < Company
110
- def self.decl_auth_context
111
- :companies
112
- end
113
- end
114
- class Country < ActiveRecord::Base
115
- has_many :test_models
116
- has_many :companies
117
- end
118
-
119
- class NamedScopeModelTest < Test::Unit::TestCase
120
- def test_multiple_deep_ored_belongs_to
121
- reader = Authorization::Reader::DSLReader.new
122
- reader.parse %{
123
- authorization do
124
- role :test_role do
125
- has_permission_on :test_attrs, :to => :read do
126
- if_attribute :test_model => {:test_attrs => contains {user}}
127
- if_attribute :test_another_model => {:test_attrs => contains {user}}
128
- end
129
- end
130
- end
131
- }
132
- Authorization::Engine.instance(reader)
133
-
134
- test_model_1 = TestModel.create!
135
- test_model_2 = TestModel.create!
136
- test_attr_1 = TestAttr.create! :test_model_id => test_model_1.id,
137
- :test_another_model_id => test_model_2.id
138
-
139
- user = MockUser.new(:test_role, :id => test_attr_1)
140
- assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).references(:test_attrs, :test_attrs_test_models, :test_attrs_test_models_2).length
141
-
142
- TestAttr.delete_all
143
- TestModel.delete_all
144
- end
145
-
146
- def test_with_belongs_to_and_has_many_with_contains
147
- reader = Authorization::Reader::DSLReader.new
148
- reader.parse %{
149
- authorization do
150
- role :test_role do
151
- has_permission_on :test_attrs, :to => :read do
152
- if_attribute :test_model => { :test_attrs => contains { user.test_attr_value } }
153
- end
154
- end
155
- end
156
- }
157
- Authorization::Engine.instance(reader)
158
-
159
- test_attr_1 = TestAttr.create!
160
- test_model_1 = TestModel.create!
161
- test_model_1.test_attrs.create!
162
-
163
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.test_attrs.first.id )
164
- assert_equal 1, TestAttr.with_permissions_to( :read, :context => :test_attrs, :user => user ).length
165
- assert_equal 1, TestAttr.with_permissions_to( :read, :user => user ).length
166
- assert_raise Authorization::NotAuthorized do
167
- TestAttr.with_permissions_to( :update_test_attrs, :user => user )
168
- end
169
- TestAttr.delete_all
170
- TestModel.delete_all
171
- end
172
-
173
- def test_with_nested_has_many
174
- reader = Authorization::Reader::DSLReader.new
175
- reader.parse %{
176
- authorization do
177
- role :test_role do
178
- has_permission_on :companies, :to => :read do
179
- if_attribute :branches => { :test_attrs => { :attr => is { user.test_attr_value } } }
180
- end
181
- end
182
- end
183
- }
184
- Authorization::Engine.instance(reader)
185
-
186
- allowed_company = Company.create!
187
- allowed_company.branches.create!.test_attrs.create!(:attr => 1)
188
- allowed_company.branches.create!.test_attrs.create!(:attr => 2)
189
-
190
- prohibited_company = Company.create!
191
- prohibited_company.branches.create!.test_attrs.create!(:attr => 3)
192
-
193
- user = MockUser.new(:test_role, :test_attr_value => 1)
194
- prohibited_user = MockUser.new(:test_role, :test_attr_value => 4)
195
- assert_equal 1, Company.with_permissions_to(:read, :user => user).length
196
- assert_equal 0, Company.with_permissions_to(:read, :user => prohibited_user).length
197
-
198
- Company.delete_all
199
- Branch.delete_all
200
- TestAttr.delete_all
201
- end
202
-
203
- def test_with_nested_has_many_through
204
- reader = Authorization::Reader::DSLReader.new
205
- reader.parse %{
206
- authorization do
207
- role :test_role do
208
- has_permission_on :test_models, :to => :read do
209
- if_attribute :test_attr_throughs => { :test_attr => { :attr => is { user.test_attr_value } } }
210
- end
211
- end
212
- end
213
- }
214
- Authorization::Engine.instance(reader)
215
- TestModel.delete_all
216
- TestAttrThrough.delete_all
217
- TestAttr.delete_all
218
-
219
- allowed_model = TestModel.create!
220
- allowed_model.test_attrs.create!(:attr => 1).test_attr_throughs.create!
221
- allowed_model.test_attrs.create!(:attr => 2).test_attr_throughs.create!
222
-
223
- prohibited_model = TestModel.create!
224
- prohibited_model.test_attrs.create!(:attr => 3).test_attr_throughs.create!
225
-
226
- user = MockUser.new(:test_role, :test_attr_value => 1)
227
- prohibited_user = MockUser.new(:test_role, :test_attr_value => 4)
228
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
229
- assert_equal 0, TestModel.with_permissions_to(:read, :user => prohibited_user).length
230
-
231
- TestModel.delete_all
232
- TestAttrThrough.delete_all
233
- TestAttr.delete_all
234
- end
235
-
236
- def test_with_is
237
- reader = Authorization::Reader::DSLReader.new
238
- reader.parse %{
239
- authorization do
240
- role :test_role do
241
- has_permission_on :test_models, :to => :read do
242
- if_attribute :id => is { user.test_attr_value }
243
- end
244
- end
245
- end
246
- }
247
- Authorization::Engine.instance(reader)
248
-
249
- test_model_1 = TestModel.create!
250
- TestModel.create!
251
-
252
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.id)
253
- assert_equal 1, TestModel.with_permissions_to(:read,
254
- :context => :test_models, :user => user).length
255
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
256
- assert_raise Authorization::NotAuthorized do
257
- TestModel.with_permissions_to(:update_test_models, :user => user)
258
- end
259
- TestModel.delete_all
260
- end
261
-
262
- def test_named_scope_on_proxy
263
- reader = Authorization::Reader::DSLReader.new
264
- reader.parse %{
265
- authorization do
266
- role :test_role do
267
- has_permission_on :test_attrs, :to => :read do
268
- if_attribute :id => is { user.test_attr_value }
269
- end
270
- end
271
- end
272
- }
273
- Authorization::Engine.instance(reader)
274
-
275
- test_model_1 = TestModel.create!
276
- test_attr_1 = test_model_1.test_attrs.create!
277
- test_model_1.test_attrs.create!
278
- TestAttr.create!
279
-
280
- user = MockUser.new(:test_role, :test_attr_value => test_attr_1.id)
281
- assert_equal 1, test_model_1.test_attrs.with_permissions_to(:read, :user => user).length
282
- TestModel.delete_all
283
- TestAttr.delete_all
284
- end
285
-
286
- def test_named_scope_on_named_scope
287
- reader = Authorization::Reader::DSLReader.new
288
- reader.parse %{
289
- authorization do
290
- role :test_role do
291
- has_permission_on :test_models, :to => :read do
292
- if_attribute :test_attr_through_id => 1
293
- end
294
- has_permission_on :test_attrs, :to => :read do
295
- if_permitted_to :read, :test_model
296
- end
297
- end
298
- end
299
- }
300
- Authorization::Engine.instance(reader)
301
-
302
- country = Country.create!
303
- model_1 = TestModel.create!(:test_attr_through_id => 1, :content => "Content")
304
- country.test_models << model_1
305
- TestModel.create!(:test_attr_through_id => 1)
306
- TestModel.create!(:test_attr_through_id => 2, :content => "Content")
307
-
308
- user = MockUser.new(:test_role)
309
-
310
- TestModel.query_count = 0
311
- assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
312
-
313
- TestModel.query_count = 0
314
- assert_equal 1, TestModel.with_content.with_permissions_to(:read, :user => user).length
315
-
316
- TestModel.query_count = 0
317
- assert_equal 1, country.test_models.with_permissions_to(:read, :user => user).length
318
-
319
- TestModel.delete_all
320
- Country.delete_all
321
- end
322
-
323
- def test_with_modified_context
324
- reader = Authorization::Reader::DSLReader.new
325
- reader.parse %{
326
- authorization do
327
- role :test_role do
328
- has_permission_on :companies, :to => :read do
329
- if_attribute :id => is { user.test_company_id }
330
- end
331
- end
332
- end
333
- }
334
- Authorization::Engine.instance(reader)
335
-
336
- test_company = SmallCompany.create!
337
-
338
- user = MockUser.new(:test_role, :test_company_id => test_company.id)
339
- assert_equal 1, SmallCompany.with_permissions_to(:read,
340
- :user => user).length
341
- SmallCompany.delete_all
342
- end
343
-
344
- def test_with_is_nil
345
- reader = Authorization::Reader::DSLReader.new
346
- reader.parse %{
347
- authorization do
348
- role :test_role do
349
- has_permission_on :test_models, :to => :read do
350
- if_attribute :content => nil
351
- end
352
- end
353
- role :test_role_not_nil do
354
- has_permission_on :test_models, :to => :read do
355
- if_attribute :content => is_not { nil }
356
- end
357
- end
358
- end
359
- }
360
- Authorization::Engine.instance(reader)
361
-
362
- test_model_1 = TestModel.create!
363
- test_model_2 = TestModel.create! :content => "Content"
364
-
365
- assert_equal test_model_1, TestModel.with_permissions_to(:read,
366
- :context => :test_models, :user => MockUser.new(:test_role)).first
367
- assert_equal test_model_2, TestModel.with_permissions_to(:read,
368
- :context => :test_models, :user => MockUser.new(:test_role_not_nil)).first
369
- TestModel.delete_all
370
- end
371
-
372
- def test_with_not_is
373
- reader = Authorization::Reader::DSLReader.new
374
- reader.parse %{
375
- authorization do
376
- role :test_role do
377
- has_permission_on :test_models, :to => :read do
378
- if_attribute :id => is_not { user.test_attr_value }
379
- end
380
- end
381
- end
382
- }
383
- Authorization::Engine.instance(reader)
384
- TestModel.delete_all
385
-
386
- test_model_1 = TestModel.create!
387
- TestModel.create!
388
-
389
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.id)
390
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
391
- TestModel.delete_all
392
- end
393
-
394
- def test_with_lt
395
- reader = Authorization::Reader::DSLReader.new
396
- reader.parse %{
397
- authorization do
398
- role :test_role do
399
- has_permission_on :test_models, :to => :read do
400
- if_attribute :id => lt { user.test_attr_value }
401
- end
402
- end
403
- end
404
- }
405
- Authorization::Engine.instance(reader)
406
-
407
- test_model_1 = TestModel.create!
408
- TestModel.create!
409
-
410
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.id + 1)
411
- assert_equal 1, TestModel.with_permissions_to(:read,
412
- :context => :test_models, :user => user).length
413
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
414
- assert_raise Authorization::NotAuthorized do
415
- TestModel.with_permissions_to(:update_test_models, :user => user)
416
- end
417
- TestModel.delete_all
418
- end
419
-
420
- def test_with_lte
421
- reader = Authorization::Reader::DSLReader.new
422
- reader.parse %{
423
- authorization do
424
- role :test_role do
425
- has_permission_on :test_models, :to => :read do
426
- if_attribute :id => lte { user.test_attr_value }
427
- end
428
- end
429
- end
430
- }
431
- Authorization::Engine.instance(reader)
432
-
433
- test_model_1 = TestModel.create!
434
- 2.times { TestModel.create! }
435
-
436
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.id + 1)
437
- assert_equal 2, TestModel.with_permissions_to(:read,
438
- :context => :test_models, :user => user).length
439
- assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
440
- assert_raise Authorization::NotAuthorized do
441
- TestModel.with_permissions_to(:update_test_models, :user => user)
442
- end
443
- TestModel.delete_all
444
- end
445
-
446
- def test_with_gt
447
- reader = Authorization::Reader::DSLReader.new
448
- reader.parse %{
449
- authorization do
450
- role :test_role do
451
- has_permission_on :test_models, :to => :read do
452
- if_attribute :id => gt { user.test_attr_value }
453
- end
454
- end
455
- end
456
- }
457
- Authorization::Engine.instance(reader)
458
-
459
- TestModel.create!
460
- test_model_1 = TestModel.create!
461
-
462
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.id - 1)
463
- assert_equal 1, TestModel.with_permissions_to(:read,
464
- :context => :test_models, :user => user).length
465
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
466
- assert_raise Authorization::NotAuthorized do
467
- TestModel.with_permissions_to(:update_test_models, :user => user)
468
- end
469
- TestModel.delete_all
470
- end
471
-
472
- def test_with_gte
473
- reader = Authorization::Reader::DSLReader.new
474
- reader.parse %{
475
- authorization do
476
- role :test_role do
477
- has_permission_on :test_models, :to => :read do
478
- if_attribute :id => gte { user.test_attr_value }
479
- end
480
- end
481
- end
482
- }
483
- Authorization::Engine.instance(reader)
484
-
485
- 2.times { TestModel.create! }
486
- test_model_1 = TestModel.create!
487
-
488
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.id - 1)
489
- assert_equal 2, TestModel.with_permissions_to(:read,
490
- :context => :test_models, :user => user).length
491
- assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
492
- assert_raise Authorization::NotAuthorized do
493
- TestModel.with_permissions_to(:update_test_models, :user => user)
494
- end
495
- TestModel.delete_all
496
- end
497
-
498
- def test_with_empty_obligations
499
- reader = Authorization::Reader::DSLReader.new
500
- reader.parse %{
501
- authorization do
502
- role :test_role do
503
- has_permission_on :test_models, :to => :read
504
- end
505
- end
506
- }
507
- Authorization::Engine.instance(reader)
508
-
509
- TestModel.create!
510
-
511
- user = MockUser.new(:test_role)
512
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
513
- assert_raise Authorization::NotAuthorized do
514
- TestModel.with_permissions_to(:update, :user => user)
515
- end
516
- TestModel.delete_all
517
- end
518
-
519
- def test_multiple_obligations
520
- reader = Authorization::Reader::DSLReader.new
521
- reader.parse %{
522
- authorization do
523
- role :test_role do
524
- has_permission_on :test_models, :to => :read do
525
- if_attribute :id => is { user.test_attr_value }
526
- end
527
- has_permission_on :test_models, :to => :read do
528
- if_attribute :id => is { user.test_attr_value_2 }
529
- end
530
- end
531
- end
532
- }
533
- Authorization::Engine.instance(reader)
534
-
535
- test_model_1 = TestModel.create!
536
- test_model_2 = TestModel.create!
537
-
538
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.id,
539
- :test_attr_value_2 => test_model_2.id)
540
- assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
541
- TestModel.delete_all
542
- end
543
-
544
- def test_multiple_roles
545
- reader = Authorization::Reader::DSLReader.new
546
- reader.parse %{
547
- authorization do
548
- role :test_role do
549
- has_permission_on :test_attrs, :to => :read do
550
- if_attribute :attr => [1,2]
551
- end
552
- end
553
-
554
- role :test_role_2 do
555
- has_permission_on :test_attrs, :to => :read do
556
- if_attribute :attr => [2,3]
557
- end
558
- end
559
- end
560
- }
561
- Authorization::Engine.instance(reader)
562
-
563
- TestAttr.create! :attr => 1
564
- TestAttr.create! :attr => 2
565
- TestAttr.create! :attr => 3
566
-
567
- user = MockUser.new(:test_role)
568
- assert_equal 2, TestAttr.with_permissions_to(:read, :user => user).length
569
- TestAttr.delete_all
570
- end
571
-
572
- def test_multiple_and_empty_obligations
573
- reader = Authorization::Reader::DSLReader.new
574
- reader.parse %{
575
- authorization do
576
- role :test_role do
577
- has_permission_on :test_models, :to => :read do
578
- if_attribute :id => is { user.test_attr_value }
579
- end
580
- has_permission_on :test_models, :to => :read
581
- end
582
- end
583
- }
584
- Authorization::Engine.instance(reader)
585
-
586
- test_model_1 = TestModel.create!
587
- TestModel.create!
588
-
589
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.id)
590
- assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
591
- TestModel.delete_all
592
- end
593
-
594
- def test_multiple_attributes
595
- reader = Authorization::Reader::DSLReader.new
596
- reader.parse %{
597
- authorization do
598
- role :test_role do
599
- has_permission_on :test_models, :to => :read do
600
- if_attribute :id => is { user.test_attr_value }, :content => "bla"
601
- end
602
- end
603
- end
604
- }
605
- Authorization::Engine.instance(reader)
606
-
607
- test_model_1 = TestModel.create! :content => 'bla'
608
- TestModel.create! :content => 'bla'
609
- TestModel.create!
610
-
611
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.id)
612
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
613
- TestModel.delete_all
614
- end
615
-
616
- def test_multiple_belongs_to
617
- reader = Authorization::Reader::DSLReader.new
618
- reader.parse %{
619
- authorization do
620
- role :test_role do
621
- has_permission_on :test_attrs, :to => :read do
622
- if_attribute :test_model => is {user}
623
- if_attribute :test_another_model => is {user}
624
- end
625
- end
626
- end
627
- }
628
- Authorization::Engine.instance(reader)
629
-
630
- test_attr_1 = TestAttr.create! :test_model_id => 1, :test_another_model_id => 2
631
-
632
- user = MockUser.new(:test_role, :id => 1)
633
- assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
634
- TestAttr.delete_all
635
- end
636
-
637
- def test_with_is_and_priv_hierarchy
638
- reader = Authorization::Reader::DSLReader.new
639
- reader.parse %{
640
- privileges do
641
- privilege :read do
642
- includes :list, :show
643
- end
644
- end
645
- authorization do
646
- role :test_role do
647
- has_permission_on :test_models, :to => :read do
648
- if_attribute :id => is { user.test_attr_value }
649
- end
650
- end
651
- end
652
- }
653
- Authorization::Engine.instance(reader)
654
-
655
- test_model_1 = TestModel.create!
656
- TestModel.create!
657
-
658
- user = MockUser.new(:test_role, :test_attr_value => test_model_1.id)
659
- assert_equal 1, TestModel.with_permissions_to(:list,
660
- :context => :test_models, :user => user).length
661
- assert_equal 1, TestModel.with_permissions_to(:list, :user => user).length
662
-
663
- TestModel.delete_all
664
- end
665
-
666
- def test_with_is_and_belongs_to
667
- reader = Authorization::Reader::DSLReader.new
668
- reader.parse %{
669
- authorization do
670
- role :test_role do
671
- has_permission_on :test_attrs, :to => :read do
672
- if_attribute :test_model => is { user.test_model }
673
- end
674
- end
675
- end
676
- }
677
- Authorization::Engine.instance(reader)
678
-
679
- test_model_1 = TestModel.create!
680
- test_model_1.test_attrs.create!
681
- TestModel.create!.test_attrs.create!
682
-
683
- user = MockUser.new(:test_role, :test_model => test_model_1)
684
- assert_equal 1, TestAttr.with_permissions_to(:read,
685
- :context => :test_attrs, :user => user).length
686
-
687
- TestModel.delete_all
688
- TestAttr.delete_all
689
- end
690
-
691
- def test_with_deep_attribute
692
- reader = Authorization::Reader::DSLReader.new
693
- reader.parse %{
694
- authorization do
695
- role :test_role do
696
- has_permission_on :test_attrs, :to => :read do
697
- if_attribute :test_model => {:id => is { user.test_model_id } }
698
- end
699
- end
700
- end
701
- }
702
- Authorization::Engine.instance(reader)
703
-
704
- test_model_1 = TestModel.create!
705
- test_model_1.test_attrs.create!
706
- TestModel.create!.test_attrs.create!
707
-
708
- user = MockUser.new(:test_role, :test_model_id => test_model_1.id)
709
- assert_equal 1, TestAttr.with_permissions_to(:read,
710
- :context => :test_attrs, :user => user).length
711
-
712
- TestModel.delete_all
713
- TestAttr.delete_all
714
- end
715
-
716
- def test_with_multiple_conditions
717
- reader = Authorization::Reader::DSLReader.new
718
- reader.parse %{
719
- authorization do
720
- role :test_role do
721
- has_permission_on :test_attrs, :to => :read do
722
- if_attribute :test_model => {:content => is { "pickle" } }
723
- if_attribute :test_model => {:content => is { "hotdog" } }
724
- end
725
- end
726
- end
727
- }
728
- Authorization::Engine.instance(reader)
729
-
730
- test_model_1 = TestModel.create!(content: "pickle")
731
- test_model_1.test_attrs.create!
732
- TestModel.create!.test_attrs.create!
733
-
734
- user = MockUser.new(:test_role, :test_model_id => test_model_1.id)
735
- assert_equal 1, TestAttr.with_permissions_to(:read,
736
- :context => :test_attrs, :user => user).length
737
-
738
- TestModel.delete_all
739
- TestAttr.delete_all
740
- end
741
-
742
- def test_with_anded_rules
743
- reader = Authorization::Reader::DSLReader.new
744
- reader.parse %{
745
- authorization do
746
- role :test_role do
747
- has_permission_on :test_attrs, :to => :read, :join_by => :and do
748
- if_attribute :test_model => is { user.test_model }
749
- if_attribute :attr => 1
750
- end
751
- end
752
- end
753
- }
754
- Authorization::Engine.instance(reader)
755
-
756
- test_model_1 = TestModel.create!
757
- test_model_1.test_attrs.create!(:attr => 1)
758
- TestModel.create!.test_attrs.create!(:attr => 1)
759
- TestModel.create!.test_attrs.create!
760
-
761
- user = MockUser.new(:test_role, :test_model => test_model_1)
762
- assert_equal 1, TestAttr.with_permissions_to(:read,
763
- :context => :test_attrs, :user => user).length
764
-
765
- TestModel.delete_all
766
- TestAttr.delete_all
767
- end
768
-
769
- def test_with_contains
770
- reader = Authorization::Reader::DSLReader.new
771
- reader.parse %{
772
- authorization do
773
- role :test_role do
774
- has_permission_on :test_models, :to => :read do
775
- if_attribute :test_attrs => contains { user }
776
- end
777
- end
778
- end
779
- }
780
- Authorization::Engine.instance(reader)
781
-
782
- test_model_1 = TestModel.create!
783
- test_model_2 = TestModel.create!
784
- test_model_1.test_attrs.create!
785
- test_model_1.test_attrs.create!
786
- test_model_2.test_attrs.create!
787
-
788
- user = MockUser.new(:test_role,
789
- :id => test_model_1.test_attrs.first.id)
790
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
791
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).where(:id => test_model_1.id).length
792
-
793
- TestModel.delete_all
794
- TestAttr.delete_all
795
- end
796
-
797
- def test_with_does_not_contain
798
- reader = Authorization::Reader::DSLReader.new
799
- reader.parse %{
800
- authorization do
801
- role :test_role do
802
- has_permission_on :test_models, :to => :read do
803
- if_attribute :test_attrs => does_not_contain { user }
804
- end
805
- end
806
- end
807
- }
808
- Authorization::Engine.instance(reader)
809
-
810
- test_model_1 = TestModel.create!
811
- test_model_2 = TestModel.create!
812
- test_model_1.test_attrs.create!
813
- test_model_2.test_attrs.create!
814
-
815
- user = MockUser.new(:test_role,
816
- :id => test_model_1.test_attrs.first.id)
817
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
818
-
819
- TestModel.delete_all
820
- TestAttr.delete_all
821
- end
822
-
823
- def test_with_contains_conditions
824
- reader = Authorization::Reader::DSLReader.new
825
- reader.parse %{
826
- authorization do
827
- role :test_role do
828
- has_permission_on :test_models, :to => :read do
829
- if_attribute :test_attrs_with_attr => contains { user }
830
- end
831
- end
832
- end
833
- }
834
- Authorization::Engine.instance(reader)
835
-
836
- test_model_1 = TestModel.create!
837
- test_model_2 = TestModel.create!
838
- test_model_1.test_attrs_with_attr.create!
839
- test_model_1.test_attrs.create!(:attr => 2)
840
- test_model_2.test_attrs_with_attr.create!
841
- test_model_2.test_attrs.create!(:attr => 2)
842
-
843
- #assert_equal 1, test_model_1.test_attrs_with_attr.length
844
- user = MockUser.new(:test_role,
845
- :id => test_model_1.test_attrs.first.id)
846
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
847
- user = MockUser.new(:test_role,
848
- :id => test_model_1.test_attrs.last.id)
849
- assert_equal 0, TestModel.with_permissions_to(:read, :user => user).length
850
-
851
- TestModel.delete_all
852
- TestAttr.delete_all
853
- end
854
-
855
- def test_with_contains_through_primary_key
856
- reader = Authorization::Reader::DSLReader.new
857
- reader.parse %{
858
- authorization do
859
- role :test_role do
860
- has_permission_on :test_models, :to => :read do
861
- if_attribute :test_attr_throughs_with_primary_id => contains { user }
862
- end
863
- end
864
- end
865
- }
866
- Authorization::Engine.instance(reader)
867
- TestModel.delete_all
868
- TestAttrThrough.delete_all
869
- TestAttr.delete_all
870
-
871
- test_attr_through_1 = TestAttrThrough.create!
872
- test_item = NWayJoinItem.create!
873
- test_model_1 = TestModel.create!(:test_attr_through_id => test_attr_through_1.id)
874
- test_attr_1 = TestAttr.create!(:test_attr_through_id => test_attr_through_1.id,
875
- :n_way_join_item_id => test_item.id)
876
-
877
- user = MockUser.new(:test_role,
878
- :id => test_attr_through_1.id)
879
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
880
-
881
- TestModel.delete_all
882
- TestAttrThrough.delete_all
883
- TestAttr.delete_all
884
- end
885
-
886
- def test_with_intersects_with
887
- reader = Authorization::Reader::DSLReader.new
888
- reader.parse %{
889
- authorization do
890
- role :test_role do
891
- has_permission_on :test_models, :to => :read do
892
- if_attribute :test_attrs => intersects_with { user.test_attrs }
893
- end
894
- end
895
- end
896
- }
897
- Authorization::Engine.instance(reader)
898
-
899
- test_model_1 = TestModel.create!
900
- test_model_2 = TestModel.create!
901
- test_model_1.test_attrs.create!
902
- test_model_1.test_attrs.create!
903
- test_model_1.test_attrs.create!
904
- test_model_2.test_attrs.create!
905
-
906
- user = MockUser.new(:test_role,
907
- :test_attrs => [test_model_1.test_attrs.first, TestAttr.create!])
908
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
909
-
910
- user = MockUser.new(:test_role,
911
- :test_attrs => [TestAttr.create!])
912
- assert_equal 0, TestModel.with_permissions_to(:read, :user => user).length
913
-
914
- TestModel.delete_all
915
- TestAttr.delete_all
916
- end
917
-
918
- def test_with_is_and_has_one
919
- reader = Authorization::Reader::DSLReader.new
920
- reader.parse %{
921
- authorization do :test_attr_has_one
922
- role :test_role do
923
- has_permission_on :test_models, :to => :read do
924
- if_attribute :test_attr_has_one => is { user.test_attr }
925
- end
926
- end
927
- end
928
- }
929
- Authorization::Engine.instance(reader)
930
-
931
- test_model_1 = TestModel.create!
932
- test_attr_1 = test_model_1.test_attrs.create!
933
- TestModel.create!.test_attrs.create!
934
-
935
- user = MockUser.new(:test_role, :test_attr => test_attr_1)
936
- assert_equal 1, TestModel.with_permissions_to(:read,
937
- :context => :test_models, :user => user).length
938
-
939
- TestModel.delete_all
940
- TestAttr.delete_all
941
- end
942
-
943
- def test_with_is_in
944
- reader = Authorization::Reader::DSLReader.new
945
- reader.parse %{
946
- authorization do
947
- role :test_role do
948
- has_permission_on :test_attrs, :to => :read do
949
- if_attribute :test_model => is_in { [user.test_model, user.test_model_2] }
950
- end
951
- end
952
- end
953
- }
954
- Authorization::Engine.instance(reader)
955
-
956
- test_model_1 = TestModel.create!
957
- test_model_2 = TestModel.create!
958
- test_model_1.test_attrs.create!
959
- TestModel.create!.test_attrs.create!
960
-
961
- user = MockUser.new(:test_role, :test_model => test_model_1,
962
- :test_model_2 => test_model_2)
963
- assert_equal 1, TestAttr.with_permissions_to(:read,
964
- :context => :test_attrs, :user => user).length
965
-
966
- TestModel.delete_all
967
- TestAttr.delete_all
968
- end
969
-
970
- def test_with_not_is_in
971
- reader = Authorization::Reader::DSLReader.new
972
- reader.parse %{
973
- authorization do
974
- role :test_role do
975
- has_permission_on :test_attrs, :to => :read do
976
- if_attribute :test_model => is_not_in { [user.test_model, user.test_model_2] }
977
- end
978
- end
979
- end
980
- }
981
- Authorization::Engine.instance(reader)
982
- TestModel.delete_all
983
- TestAttr.delete_all
984
-
985
- test_model_1 = TestModel.create!
986
- test_model_2 = TestModel.create!
987
- test_model_1.test_attrs.create!
988
- TestModel.create!.test_attrs.create!
989
-
990
- user = MockUser.new(:test_role, :test_model => test_model_1,
991
- :test_model_2 => test_model_2)
992
- assert_equal 1, TestAttr.with_permissions_to(:read,
993
- :context => :test_attrs, :user => user).length
994
-
995
- TestModel.delete_all
996
- TestAttr.delete_all
997
- end
998
-
999
- def test_with_if_permitted_to
1000
- reader = Authorization::Reader::DSLReader.new
1001
- reader.parse %{
1002
- authorization do
1003
- role :test_role do
1004
- has_permission_on :test_models, :to => :read do
1005
- if_attribute :test_attrs => contains { user }
1006
- end
1007
- has_permission_on :test_attrs, :to => :read do
1008
- if_permitted_to :read, :test_model
1009
- end
1010
- end
1011
- end
1012
- }
1013
- Authorization::Engine.instance(reader)
1014
-
1015
- test_model_1 = TestModel.create!
1016
- test_attr_1 = test_model_1.test_attrs.create!
1017
-
1018
- user = MockUser.new(:test_role, :id => test_attr_1.id)
1019
- assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
1020
- TestModel.delete_all
1021
- TestAttr.delete_all
1022
- end
1023
-
1024
- def test_with_anded_if_permitted_to
1025
- reader = Authorization::Reader::DSLReader.new
1026
- reader.parse %{
1027
- authorization do
1028
- role :base_role do
1029
- has_permission_on :test_attrs, :to => :read, :join_by => :and do
1030
- if_permitted_to :read, :test_model
1031
- if_attribute :attr => 1
1032
- end
1033
- end
1034
- role :first_role do
1035
- includes :base_role
1036
- has_permission_on :test_models, :to => :read do
1037
- if_attribute :content => "first test"
1038
- end
1039
- end
1040
- role :second_role do
1041
- includes :base_role
1042
- has_permission_on :test_models, :to => :read do
1043
- if_attribute :country_id => 2
1044
- end
1045
- end
1046
- end
1047
- }
1048
- Authorization::Engine.instance(reader)
1049
-
1050
- test_model_1 = TestModel.create!(:content => "first test")
1051
- test_model_1.test_attrs.create!(:attr => 1)
1052
- test_model_for_second_role = TestModel.create!(:country_id => 2)
1053
- test_model_for_second_role.test_attrs.create!(:attr => 1)
1054
- test_model_for_second_role.test_attrs.create!(:attr => 2)
1055
-
1056
- user = MockUser.new(:first_role)
1057
- assert Authorization::Engine.instance.permit?(:read, :object => test_model_1.test_attrs.first, :user => user)
1058
- assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
1059
-
1060
- user_with_both_roles = MockUser.new(:first_role, :second_role)
1061
- assert Authorization::Engine.instance.permit?(:read, :object => test_model_1.test_attrs.first, :user => user_with_both_roles)
1062
- assert Authorization::Engine.instance.permit?(:read, :object => test_model_for_second_role.test_attrs.first, :user => user_with_both_roles)
1063
- assert_equal 2, TestAttr.with_permissions_to(:read, :user => user_with_both_roles).references(:test_attrs, :test_models).length
1064
-
1065
- TestModel.delete_all
1066
- TestAttr.delete_all
1067
- end
1068
-
1069
- def test_with_if_permitted_to_with_no_child_permissions
1070
- reader = Authorization::Reader::DSLReader.new
1071
- reader.parse %{
1072
- authorization do
1073
- role :another_role do
1074
- has_permission_on :test_models, :to => :read do
1075
- if_attribute :test_attrs => contains { user }
1076
- end
1077
- end
1078
- role :additional_if_attribute do
1079
- has_permission_on :test_attrs, :to => :read do
1080
- if_permitted_to :read, :test_model
1081
- if_attribute :test_model => {:test_attrs => contains { user }}
1082
- end
1083
- end
1084
- role :only_permitted_to do
1085
- has_permission_on :test_attrs, :to => :read do
1086
- if_permitted_to :read, :test_model
1087
- end
1088
- end
1089
- end
1090
- }
1091
- Authorization::Engine.instance(reader)
1092
-
1093
- test_model_1 = TestModel.create!
1094
- test_attr_1 = test_model_1.test_attrs.create!
1095
-
1096
- user = MockUser.new(:only_permitted_to, :another_role, :id => test_attr_1.id)
1097
- also_allowed_user = MockUser.new(:additional_if_attribute, :id => test_attr_1.id)
1098
- non_allowed_user = MockUser.new(:only_permitted_to, :id => test_attr_1.id)
1099
-
1100
- assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
1101
- assert_equal 1, TestAttr.with_permissions_to(:read, :user => also_allowed_user).length
1102
- assert_raise Authorization::NotAuthorized do
1103
- TestAttr.with_permissions_to(:read, :user => non_allowed_user).find(:all)
1104
- end
1105
-
1106
- TestModel.delete_all
1107
- TestAttr.delete_all
1108
- end
1109
-
1110
- def test_with_if_permitted_to_with_context_from_model
1111
- reader = Authorization::Reader::DSLReader.new
1112
- reader.parse %{
1113
- authorization do
1114
- role :test_role do
1115
- has_permission_on :test_models, :to => :read do
1116
- if_attribute :test_another_attrs => contains { user }
1117
- end
1118
- has_permission_on :test_attrs, :to => :read do
1119
- if_permitted_to :read, :test_another_model
1120
- end
1121
- end
1122
- end
1123
- }
1124
- Authorization::Engine.instance(reader)
1125
-
1126
- test_model_1 = TestModel.create!
1127
- test_attr_1 = test_model_1.test_another_attrs.create!
1128
-
1129
- user = MockUser.new(:test_role, :id => test_attr_1.id)
1130
- non_allowed_user = MockUser.new(:test_role, :id => 111)
1131
-
1132
- assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
1133
- assert_equal 0, TestAttr.with_permissions_to(:read, :user => non_allowed_user).length
1134
- TestModel.delete_all
1135
- TestAttr.delete_all
1136
- end
1137
-
1138
- def test_with_has_many_if_permitted_to
1139
- reader = Authorization::Reader::DSLReader.new
1140
- reader.parse %{
1141
- authorization do
1142
- role :test_role do
1143
- has_permission_on :test_models, :to => :read do
1144
- if_permitted_to :read, :test_attrs
1145
- end
1146
- has_permission_on :test_attrs, :to => :read do
1147
- if_attribute :attr => is { user.id }
1148
- end
1149
- end
1150
- end
1151
- }
1152
- Authorization::Engine.instance(reader)
1153
-
1154
- test_model_1 = TestModel.create!
1155
- test_attr_1 = test_model_1.test_attrs.create!(:attr => 111)
1156
-
1157
- user = MockUser.new(:test_role, :id => test_attr_1.attr)
1158
- non_allowed_user = MockUser.new(:test_role, :id => 333)
1159
- assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
1160
- assert_equal 0, TestModel.with_permissions_to(:read, :user => non_allowed_user).length
1161
- TestModel.delete_all
1162
- TestAttr.delete_all
1163
- end
1164
-
1165
- def test_with_deep_has_many_if_permitted_to
1166
- reader = Authorization::Reader::DSLReader.new
1167
- reader.parse %{
1168
- authorization do
1169
- role :test_role do
1170
- has_permission_on :branches, :to => :read do
1171
- if_attribute :name => "A Branch"
1172
- end
1173
- has_permission_on :companies, :to => :read do
1174
- if_permitted_to :read, :test_attrs => :branch
1175
- end
1176
- end
1177
- end
1178
- }
1179
- Authorization::Engine.instance(reader)
1180
-
1181
- readable_company = Company.create!
1182
- readable_company.test_attrs.create!(:branch => Branch.create!(:name => "A Branch"))
1183
-
1184
- forbidden_company = Company.create!
1185
- forbidden_company.test_attrs.create!(:branch => Branch.create!(:name => "Different Branch"))
1186
-
1187
- user = MockUser.new(:test_role)
1188
- assert_equal 1, Company.with_permissions_to(:read, :user => user).length
1189
- Company.delete_all
1190
- Branch.delete_all
1191
- TestAttr.delete_all
1192
- end
1193
-
1194
- def test_with_if_permitted_to_and_empty_obligations
1195
- reader = Authorization::Reader::DSLReader.new
1196
- reader.parse %{
1197
- authorization do
1198
- role :test_role do
1199
- has_permission_on :test_models, :to => :read
1200
- has_permission_on :test_attrs, :to => :read do
1201
- if_permitted_to :read, :test_model
1202
- end
1203
- end
1204
- end
1205
- }
1206
- Authorization::Engine.instance(reader)
1207
-
1208
- test_model_1 = TestModel.create!
1209
- test_attr_1 = test_model_1.test_attrs.create!
1210
-
1211
- user = MockUser.new(:test_role)
1212
- assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
1213
- TestModel.delete_all
1214
- TestAttr.delete_all
1215
- end
1216
-
1217
- def test_with_if_permitted_to_nil
1218
- reader = Authorization::Reader::DSLReader.new
1219
- reader.parse %{
1220
- authorization do
1221
- role :test_role do
1222
- has_permission_on :test_models, :to => :read do
1223
- if_attribute :test_attrs => contains { user }
1224
- end
1225
- has_permission_on :test_attrs, :to => :read do
1226
- if_permitted_to :read, :test_model
1227
- end
1228
- end
1229
- end
1230
- }
1231
- Authorization::Engine.instance(reader)
1232
-
1233
- test_attr_1 = TestAttr.create!
1234
-
1235
- user = MockUser.new(:test_role, :id => test_attr_1.id)
1236
- assert_equal 0, TestAttr.with_permissions_to(:read, :user => user).length
1237
- TestAttr.delete_all
1238
- end
1239
-
1240
- def test_with_if_permitted_to_self
1241
- reader = Authorization::Reader::DSLReader.new
1242
- reader.parse %{
1243
- authorization do
1244
- role :test_role do
1245
- has_permission_on :test_models, :to => :read do
1246
- if_attribute :test_attrs => contains { user }
1247
- end
1248
- has_permission_on :test_models, :to => :update do
1249
- if_permitted_to :read
1250
- end
1251
- end
1252
- end
1253
- }
1254
- Authorization::Engine.instance(reader)
1255
-
1256
- test_model_1 = TestModel.create!
1257
- test_attr_1 = test_model_1.test_attrs.create!
1258
- test_attr_2 = TestAttr.create!
1259
-
1260
- user = MockUser.new(:test_role, :id => test_attr_1.id)
1261
- assert_equal 1, TestModel.with_permissions_to(:update, :user => user).length
1262
- TestAttr.delete_all
1263
- TestModel.delete_all
1264
- end
1265
-
1266
- def test_with_has_many_and_reoccuring_tables
1267
- reader = Authorization::Reader::DSLReader.new
1268
- reader.parse %{
1269
- authorization do
1270
- role :test_role do
1271
- has_permission_on :test_attrs, :to => :read do
1272
- if_attribute :test_another_model => { :content => 'test_1_2' },
1273
- :test_model => { :content => 'test_1_1' }
1274
- end
1275
- end
1276
- end
1277
- }
1278
- Authorization::Engine.instance(reader)
1279
-
1280
- test_attr_1 = TestAttr.create!(
1281
- :test_model => TestModel.create!(:content => 'test_1_1'),
1282
- :test_another_model => TestModel.create!(:content => 'test_1_2')
1283
- )
1284
- test_attr_2 = TestAttr.create!(
1285
- :test_model => TestModel.create!(:content => 'test_2_1'),
1286
- :test_another_model => TestModel.create!(:content => 'test_2_2')
1287
- )
1288
-
1289
- user = MockUser.new(:test_role)
1290
- assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
1291
- TestModel.delete_all
1292
- TestAttr.delete_all
1293
- end
1294
-
1295
- def test_with_ored_rules_and_reoccuring_tables
1296
- reader = Authorization::Reader::DSLReader.new
1297
- reader.parse %{
1298
- authorization do
1299
- role :test_role do
1300
- has_permission_on :test_attrs, :to => :read do
1301
- if_attribute :test_another_model => { :content => 'test_1_2' },
1302
- :test_model => { :content => 'test_1_1' }
1303
- end
1304
- has_permission_on :test_attrs, :to => :read do
1305
- if_attribute :test_another_model => { :content => 'test_2_2' },
1306
- :test_model => { :test_attrs => contains {user.test_attr} }
1307
- end
1308
- end
1309
- end
1310
- }
1311
- Authorization::Engine.instance(reader)
1312
-
1313
- test_attr_1 = TestAttr.create!(
1314
- :test_model => TestModel.create!(:content => 'test_1_1'),
1315
- :test_another_model => TestModel.create!(:content => 'test_1_2')
1316
- )
1317
- test_attr_2 = TestAttr.create!(
1318
- :test_model => TestModel.create!(:content => 'test_2_1'),
1319
- :test_another_model => TestModel.create!(:content => 'test_2_2')
1320
- )
1321
- test_attr_2.test_model.test_attrs.create!
1322
-
1323
- user = MockUser.new(:test_role, :test_attr => test_attr_2.test_model.test_attrs.last)
1324
- assert_equal 2, TestAttr.with_permissions_to(:read, :user => user).references(:test_attrs, :test_models, :test_models_test_attrs, :test_attrs_test_models).length
1325
-
1326
- TestModel.delete_all
1327
- TestAttr.delete_all
1328
- end
1329
-
1330
- def test_with_many_ored_rules_and_reoccuring_tables
1331
- reader = Authorization::Reader::DSLReader.new
1332
- reader.parse %{
1333
- authorization do
1334
- role :test_role do
1335
- has_permission_on :test_attrs, :to => :read do
1336
- if_attribute :branch => { :company => { :country => {
1337
- :test_models => contains { user.test_model }
1338
- }} }
1339
- if_attribute :company => { :country => {
1340
- :test_models => contains { user.test_model }
1341
- }}
1342
- end
1343
- end
1344
- end
1345
- }
1346
- Authorization::Engine.instance(reader)
1347
-
1348
- country = Country.create!(:name => 'country_1')
1349
- country.test_models.create!
1350
- test_attr_1 = TestAttr.create!(
1351
- :branch => Branch.create!(:name => 'branch_1',
1352
- :company => Company.create!(:name => 'company_1',
1353
- :country => country))
1354
- )
1355
- test_attr_2 = TestAttr.create!(
1356
- :company => Company.create!(:name => 'company_2',
1357
- :country => country)
1358
- )
1359
-
1360
- user = MockUser.new(:test_role, :test_model => country.test_models.first)
1361
- assert_equal 2, TestAttr.with_permissions_to(:read, :user => user).references(:test_attrs, :test_models, :test_models_countries).length
1362
-
1363
- TestModel.delete_all
1364
- TestAttr.delete_all
1365
- end
1366
- end
1367
-
1368
- class ModelTest < Test::Unit::TestCase
1369
- def test_permit_with_has_one_raises_no_name_error
1370
- reader = Authorization::Reader::DSLReader.new
1371
- reader.parse %{
1372
- authorization do :test_attr_has_one
1373
- role :test_role do
1374
- has_permission_on :test_attrs, :to => :update do
1375
- if_attribute :id => is { user.test_attr.id }
1376
- end
1377
- end
1378
- end
1379
- }
1380
- instance = Authorization::Engine.instance(reader)
1381
-
1382
- test_model = TestModel.create!
1383
- test_attr = test_model.create_test_attr_has_one
1384
- assert !test_attr.new_record?
1385
-
1386
- user = MockUser.new(:test_role, :test_attr => test_attr)
1387
-
1388
- assert_nothing_raised do
1389
- assert instance.permit?(:update, :user => user, :object => test_model.test_attr_has_one)
1390
- end
1391
-
1392
- TestModel.delete_all
1393
- TestAttr.delete_all
1394
- end
1395
-
1396
- def test_model_security_write_allowed
1397
- reader = Authorization::Reader::DSLReader.new
1398
- reader.parse %{
1399
- authorization do
1400
- role :test_role do
1401
- has_permission_on :test_model_security_models do
1402
- to :read, :create, :update, :delete
1403
- if_attribute :attr => is { 1 }
1404
- end
1405
- end
1406
- end
1407
- }
1408
- Authorization::Engine.instance(reader)
1409
-
1410
- Authorization.stub :current_user, MockUser.new(:test_role) do
1411
- assert(object = TestModelSecurityModel.create)
1412
-
1413
- assert_nothing_raised { object.update_attributes(:attr_2 => 2) }
1414
- object.reload
1415
- assert_equal 2, object.attr_2
1416
- object.destroy
1417
- assert_raise ActiveRecord::RecordNotFound do
1418
- TestModelSecurityModel.find(object.id)
1419
- end
1420
- end
1421
- end
1422
-
1423
- def test_model_security_write_not_allowed_no_privilege
1424
- reader = Authorization::Reader::DSLReader.new
1425
- reader.parse %{
1426
- authorization do
1427
- role :test_role do
1428
- has_permission_on :test_model_security_models do
1429
- to :read, :create, :update, :delete
1430
- if_attribute :attr => is { 1 }
1431
- end
1432
- end
1433
- role :test_role_restricted do
1434
- end
1435
- end
1436
- }
1437
- Authorization::Engine.instance(reader)
1438
-
1439
- Authorization.current_user = MockUser.new(:test_role)
1440
- assert(object = TestModelSecurityModel.create)
1441
-
1442
- Authorization.current_user = MockUser.new(:test_role_restricted)
1443
- assert_raise Authorization::NotAuthorized do
1444
- object.update_attributes(:attr_2 => 2)
1445
- end
1446
- end
1447
-
1448
- def test_model_security_write_not_allowed_wrong_attribute_value
1449
- reader = Authorization::Reader::DSLReader.new
1450
- reader.parse %{
1451
- authorization do
1452
- role :test_role_unrestricted do
1453
- has_permission_on :test_model_security_models do
1454
- to :read, :create, :update, :delete
1455
- end
1456
- end
1457
- role :test_role do
1458
- has_permission_on :test_model_security_models do
1459
- to :read, :create, :update, :delete
1460
- if_attribute :attr => is { 1 }
1461
- end
1462
- end
1463
- end
1464
- }
1465
- Authorization::Engine.instance(reader)
1466
-
1467
- Authorization.stub :current_user, MockUser.new(:test_role) do
1468
- assert(object = TestModelSecurityModel.create)
1469
- assert_raise Authorization::AttributeAuthorizationError do
1470
- TestModelSecurityModel.create :attr => 2
1471
- end
1472
- object = TestModelSecurityModel.create
1473
- assert_raise Authorization::AttributeAuthorizationError do
1474
- object.update_attributes(:attr => 2)
1475
- end
1476
- object.reload
1477
-
1478
- assert_nothing_raised do
1479
- object.update_attributes(:attr_2 => 1)
1480
- end
1481
- assert_raise Authorization::AttributeAuthorizationError do
1482
- object.update_attributes(:attr => 2)
1483
- end
1484
- end
1485
- end
1486
-
1487
- def test_model_security_with_and_without_find_restrictions
1488
- reader = Authorization::Reader::DSLReader.new
1489
- reader.parse %{
1490
- authorization do
1491
- role :test_role_unrestricted do
1492
- has_permission_on :test_model_security_models do
1493
- to :read, :create, :update, :delete
1494
- end
1495
- end
1496
- role :test_role do
1497
- has_permission_on :test_model_security_models do
1498
- to :read, :create, :update, :delete
1499
- if_attribute :attr => is { 1 }
1500
- end
1501
- end
1502
- end
1503
- }
1504
- Authorization::Engine.instance(reader)
1505
-
1506
- Authorization.current_user = MockUser.new(:test_role_unrestricted)
1507
- object = TestModelSecurityModel.create :attr => 2
1508
- object_with_find = TestModelSecurityModelWithFind.create :attr => 2
1509
-
1510
- Authorization.current_user = MockUser.new(:test_role)
1511
- assert_nothing_raised do
1512
- object.class.find(object.id)
1513
- end
1514
- assert_raise Authorization::AttributeAuthorizationError do
1515
- object_with_find.class.find(object_with_find.id)
1516
- end
1517
- end
1518
-
1519
- def test_model_security_with_read_restrictions_and_exists
1520
- reader = Authorization::Reader::DSLReader.new
1521
- reader.parse %{
1522
- authorization do
1523
- role :test_role do
1524
- has_permission_on :test_model_security_models do
1525
- to :read, :create, :update, :delete
1526
- if_attribute :test_attr => is { user.test_attr }
1527
- end
1528
- end
1529
- end
1530
- }
1531
- Authorization::Engine.instance(reader)
1532
-
1533
- test_attr = TestAttr.create
1534
- Authorization.stub :current_user, MockUser.new(:test_role, :test_attr => test_attr) do
1535
- object_with_find = TestModelSecurityModelWithFind.create :test_attr => test_attr
1536
- assert_nothing_raised do
1537
- object_with_find.class.find(object_with_find.id)
1538
- end
1539
- assert_equal 1, test_attr.test_model_security_model_with_finds.length
1540
- end
1541
- end
1542
-
1543
- def test_model_security_delete_unallowed
1544
- reader = Authorization::Reader::DSLReader.new
1545
- reader.parse %{
1546
- authorization do
1547
- role :test_role_unrestricted do
1548
- has_permission_on :test_model_security_models do
1549
- to :read, :create, :update, :delete
1550
- end
1551
- end
1552
- role :test_role do
1553
- has_permission_on :test_model_security_models do
1554
- to :read, :create, :update, :delete
1555
- if_attribute :attr => is { 1 }
1556
- end
1557
- end
1558
- end
1559
- }
1560
- Authorization::Engine.instance(reader)
1561
-
1562
- Authorization.current_user = MockUser.new(:test_role_unrestricted)
1563
- object = TestModelSecurityModel.create :attr => 2
1564
- Authorization.current_user = MockUser.new(:test_role)
1565
- assert_raise Authorization::AttributeAuthorizationError do
1566
- object.destroy
1567
- end
1568
- end
1569
-
1570
- def test_model_security_changing_critical_attribute_unallowed
1571
- reader = Authorization::Reader::DSLReader.new
1572
- reader.parse %{
1573
- authorization do
1574
- role :test_role_unrestricted do
1575
- has_permission_on :test_model_security_models do
1576
- to :read, :create, :update, :delete
1577
- end
1578
- end
1579
- role :test_role do
1580
- has_permission_on :test_model_security_models do
1581
- to :read, :create, :update, :delete
1582
- if_attribute :attr => is { 1 }
1583
- end
1584
- end
1585
- end
1586
- }
1587
- Authorization::Engine.instance(reader)
1588
-
1589
- Authorization.stub :current_user, MockUser.new(:test_role_unrestricted) do
1590
- object = TestModelSecurityModel.create :attr => 2
1591
- end
1592
- end
1593
-
1594
- def test_model_security_no_role_unallowed
1595
- reader = Authorization::Reader::DSLReader.new
1596
- reader.parse %{
1597
- authorization do
1598
- end
1599
- }
1600
- Authorization::Engine.instance(reader)
1601
-
1602
- Authorization.stub :current_user, MockUser.new(:test_role_2) do
1603
- assert_raise Authorization::NotAuthorized do
1604
- TestModelSecurityModel.create
1605
- end
1606
- end
1607
- end
1608
-
1609
- def test_model_security_with_assoc
1610
- reader = Authorization::Reader::DSLReader.new
1611
- reader.parse %{
1612
- authorization do
1613
- role :test_role do
1614
- has_permission_on :test_model_security_models do
1615
- to :create, :update, :delete
1616
- if_attribute :test_attrs => contains { user }
1617
- end
1618
- end
1619
- end
1620
- }
1621
- Authorization::Engine.instance(reader)
1622
-
1623
- test_attr = TestAttr.create
1624
- test_attr.role_symbols << :test_role
1625
- Authorization.stub :current_user, test_attr do
1626
- assert(object = TestModelSecurityModel.create(:test_attrs => [test_attr]))
1627
- assert_nothing_raised do
1628
- object.update_attributes(:attr_2 => 2)
1629
- end
1630
- without_access_control do
1631
- object.reload
1632
- end
1633
- assert_equal 2, object.attr_2
1634
- object.destroy
1635
- assert_raise ActiveRecord::RecordNotFound do
1636
- TestModelSecurityModel.find(object.id)
1637
- end
1638
- end
1639
- end
1640
-
1641
- def test_model_security_with_update_attrbributes
1642
- reader = Authorization::Reader::DSLReader.new
1643
- reader.parse %{
1644
- authorization do
1645
- role :test_role do
1646
- has_permission_on :test_model_security_models, :to => :update do
1647
- if_attribute :test_attrs => { :branch => is { user.branch }}
1648
- end
1649
- end
1650
- end
1651
- }
1652
- Authorization::Engine.instance(reader)
1653
-
1654
- params = {
1655
- :model_data => { :attr => 11 }
1656
- }
1657
-
1658
- test_attr = TestAttr.create!(:branch => Branch.create!)
1659
- test_model = without_access_control do
1660
- TestModelSecurityModel.create!(:test_attrs => [test_attr])
1661
- end
1662
-
1663
- with_user MockUser.new(:test_role, :branch => test_attr.branch) do
1664
- assert_nothing_raised do
1665
- test_model.update_attributes(params[:model_data])
1666
- end
1667
- end
1668
- without_access_control do
1669
- assert_equal params[:model_data][:attr], test_model.reload.attr
1670
- end
1671
-
1672
- TestAttr.delete_all
1673
- TestModelSecurityModel.delete_all
1674
- Branch.delete_all
1675
- end
1676
-
1677
- def test_using_access_control
1678
- assert !TestModel.using_access_control?
1679
- assert TestModelSecurityModel.using_access_control?
1680
- end
1681
-
1682
- def test_authorization_permit_association_proxy
1683
- reader = Authorization::Reader::DSLReader.new
1684
- reader.parse %{
1685
- authorization do
1686
- role :test_role do
1687
- has_permission_on :test_attrs, :to => :read do
1688
- if_attribute :test_model => {:content => "content" }
1689
- end
1690
- end
1691
- end
1692
- }
1693
- engine = Authorization::Engine.instance(reader)
1694
-
1695
- test_model = TestModel.create(:content => "content")
1696
- assert engine.permit?(:read, :object => test_model.test_attrs,
1697
- :user => MockUser.new(:test_role))
1698
- assert !engine.permit?(:read, :object => TestAttr.new,
1699
- :user => MockUser.new(:test_role))
1700
- TestModel.delete_all
1701
- end
1702
-
1703
- def test_authorization_permit_nested_association_proxy
1704
- reader = Authorization::Reader::DSLReader.new
1705
- reader.parse %{
1706
- authorization do
1707
- role :test_role do
1708
- has_permission_on :branches, :to => :read do
1709
- if_attribute :test_model => { :test_attrs => {:attr => 1 } }
1710
- end
1711
- end
1712
- end
1713
- }
1714
- engine = Authorization::Engine.instance(reader)
1715
-
1716
- test_model = TestModel.create!
1717
- test_model.test_attrs.create!(:attr => 0)
1718
- test_attr = test_model.test_attrs.create!(:attr => 1)
1719
- test_model.test_attrs.create!(:attr => 3)
1720
- test_branch = Branch.create!(:test_model => test_model)
1721
-
1722
- test_model_2 = TestModel.create!
1723
- test_attr_2 = test_model_2.test_attrs.create!(:attr => 2)
1724
- test_branch_2 = Branch.create!(:test_model => test_model_2)
1725
-
1726
- test_model_3 = TestModel.create!
1727
- test_branch_3 = Branch.create!(:test_model => test_model_3)
1728
-
1729
- assert engine.permit?(:read, :object => test_branch,
1730
- :user => MockUser.new(:test_role))
1731
- assert !engine.permit?(:read, :object => test_branch_2,
1732
- :user => MockUser.new(:test_role))
1733
- assert !engine.permit?(:read, :object => test_branch_3,
1734
- :user => MockUser.new(:test_role))
1735
- TestModel.delete_all
1736
- Branch.delete_all
1737
- TestAttr.delete_all
1738
- end
1739
-
1740
- def test_multiple_roles_with_has_many_through
1741
- reader = Authorization::Reader::DSLReader.new
1742
- reader.parse %{
1743
- authorization do
1744
- role :test_role_1 do
1745
- has_permission_on :test_models, :to => :read do
1746
- if_attribute :test_attr_throughs => contains {user.test_attr_through_id},
1747
- :content => 'test_1'
1748
- end
1749
- end
1750
-
1751
- role :test_role_2 do
1752
- has_permission_on :test_models, :to => :read do
1753
- if_attribute :test_attr_throughs_2 => contains {user.test_attr_through_2_id},
1754
- :content => 'test_2'
1755
- end
1756
- end
1757
- end
1758
- }
1759
- Authorization::Engine.instance(reader)
1760
- TestModel.delete_all
1761
- TestAttr.delete_all
1762
- TestAttrThrough.delete_all
1763
-
1764
- test_model_1 = TestModel.create! :content => 'test_1'
1765
- test_model_2 = TestModel.create! :content => 'test_2'
1766
- test_model_1.test_attrs.create!.test_attr_throughs.create!
1767
- test_model_2.test_attrs.create!.test_attr_throughs.create!
1768
-
1769
- user = MockUser.new(:test_role_1, :test_role_2,
1770
- :test_attr_through_id => test_model_1.test_attr_throughs.first.id,
1771
- :test_attr_through_2_id => test_model_2.test_attr_throughs.first.id)
1772
- assert_equal 2, TestModel.with_permissions_to(:read, :user => user).references(:test_models, :test_attr_throughs).length
1773
-
1774
- TestModel.delete_all
1775
- TestAttr.delete_all
1776
- TestAttrThrough.delete_all
1777
- end
1778
-
1779
- def test_model_permitted_to
1780
- reader = Authorization::Reader::DSLReader.new
1781
- reader.parse %{
1782
- authorization do
1783
- role :test_role do
1784
- has_permission_on :companies, :to => :read do
1785
- if_attribute :name => "company_1"
1786
- end
1787
- end
1788
- end
1789
- }
1790
- Authorization::Engine.instance(reader)
1791
-
1792
- user = MockUser.new(:test_role)
1793
- allowed_read_company = Company.new(:name => 'company_1')
1794
- prohibited_company = Company.new(:name => 'company_2')
1795
-
1796
- assert allowed_read_company.permitted_to?(:read, :user => user)
1797
- assert !allowed_read_company.permitted_to?(:update, :user => user)
1798
- assert !prohibited_company.permitted_to?(:read, :user => user)
1799
-
1800
- executed_block = false
1801
- allowed_read_company.permitted_to?(:read, :user => user) do
1802
- executed_block = true
1803
- end
1804
- assert executed_block
1805
-
1806
- executed_block = false
1807
- prohibited_company.permitted_to?(:read, :user => user) do
1808
- executed_block = true
1809
- end
1810
- assert !executed_block
1811
-
1812
- assert_nothing_raised do
1813
- allowed_read_company.permitted_to!(:read, :user => user)
1814
- end
1815
- assert_raise Authorization::NotAuthorized do
1816
- prohibited_company.permitted_to!(:update, :user => user)
1817
- end
1818
- assert_raise Authorization::AttributeAuthorizationError do
1819
- prohibited_company.permitted_to!(:read, :user => user)
1820
- end
1821
- end
1822
-
1823
- def test_model_permitted_to_with_modified_context
1824
- reader = Authorization::Reader::DSLReader.new
1825
- reader.parse %{
1826
- authorization do
1827
- role :test_role do
1828
- has_permission_on :companies, :to => :read
1829
- end
1830
- end
1831
- }
1832
- Authorization::Engine.instance(reader)
1833
-
1834
- user = MockUser.new(:test_role)
1835
- allowed_read_company = SmallCompany.new(:name => 'small_company_1')
1836
-
1837
- assert allowed_read_company.permitted_to?(:read, :user => user)
1838
- assert !allowed_read_company.permitted_to?(:update, :user => user)
1839
- end
1840
- end