RubyGems - ae_declarative_authorization - Versions diffs - 0.10.1 → 0.12.1.tim1 - Mend

ae_declarative_authorization 0.10.1 → 0.12.1.tim1

Files changed (61) hide show

checksums.yaml +5 -5
data/.circleci/config.yml +29 -0
data/.gitignore +32 -0
data/.ruby-version +1 -0
data/Appraisals +18 -23
data/Gemfile +3 -1
data/declarative_authorization.gemspec +2 -2
data/lib/declarative_authorization/controller/grape.rb +15 -4
data/lib/declarative_authorization/controller_permission.rb +1 -5
data/lib/declarative_authorization/test/helpers.rb +8 -2
data/lib/declarative_authorization/version.rb +1 -1
metadata +11 -76
data/Gemfile.lock +0 -138
data/gemfiles/ruby_2.3.3_rails507.gemfile +0 -12
data/gemfiles/ruby_2.3.3_rails507.gemfile.lock +0 -164
data/gemfiles/ruby_2.3.3_rails516.gemfile +0 -12
data/gemfiles/ruby_2.3.3_rails516.gemfile.lock +0 -164
data/gemfiles/ruby_2.3.3_rails521.gemfile +0 -12
data/gemfiles/ruby_2.3.3_rails521.gemfile.lock +0 -172
data/gemfiles/ruby_2.3.3_rails522.gemfile +0 -12
data/gemfiles/ruby_2.3.3_rails522.gemfile.lock +0 -172
data/gemfiles/ruby_2.5.3_rails507.gemfile +0 -12
data/gemfiles/ruby_2.5.3_rails507.gemfile.lock +0 -164
data/gemfiles/ruby_2.5.3_rails516.gemfile +0 -12
data/gemfiles/ruby_2.5.3_rails516.gemfile.lock +0 -164
data/gemfiles/ruby_2.5.3_rails521.gemfile +0 -12
data/gemfiles/ruby_2.5.3_rails521.gemfile.lock +0 -172
data/gemfiles/ruby_2.5.3_rails522.gemfile +0 -12
data/gemfiles/ruby_2.5.3_rails522.gemfile.lock +0 -172
data/gemfiles/ruby_2.6.2_rails507.gemfile +0 -12
data/gemfiles/ruby_2.6.2_rails507.gemfile.lock +0 -164
data/gemfiles/ruby_2.6.2_rails516.gemfile +0 -12
data/gemfiles/ruby_2.6.2_rails516.gemfile.lock +0 -164
data/gemfiles/ruby_2.6.2_rails521.gemfile +0 -12
data/gemfiles/ruby_2.6.2_rails521.gemfile.lock +0 -172
data/gemfiles/ruby_2.6.2_rails522.gemfile +0 -12
data/gemfiles/ruby_2.6.2_rails522.gemfile.lock +0 -172
data/log/test.log +0 -89694
data/pkg/ae_declarative_authorization-0.10.0.gem +0 -0
data/pkg/ae_declarative_authorization-0.9.0.gem +0 -0
data/pkg/ae_declarative_authorization-0.9.0.tim1.gem +0 -0
data/pkg/ae_declarative_authorization-0.9.1.gem +0 -0
data/pkg/ae_declarative_authorization-0.9.2.gem +0 -0
data/test/authorization_test.rb +0 -1189
data/test/controller_filter_resource_access_test.rb +0 -573
data/test/database.yml +0 -3
data/test/dsl_reader_test.rb +0 -178
data/test/functional/filter_access_to_with_id_in_scope_test.rb +0 -88
data/test/functional/no_filter_access_to_test.rb +0 -79
data/test/functional/params_block_arity_test.rb +0 -39
data/test/grape_api_test.rb +0 -508
data/test/helper_test.rb +0 -248
data/test/maintenance_test.rb +0 -46
data/test/model_test.rb +0 -1840
data/test/profiles/access_checking +0 -100
data/test/rails_controller_test.rb +0 -478
data/test/schema.sql +0 -60
data/test/test_helper.rb +0 -117
data/test/test_support/grape.rb +0 -93
data/test/test_support/minitest_compatibility.rb +0 -27
data/test/test_support/rails.rb +0 -69

data/pkg/ae_declarative_authorization-0.10.0.gem DELETED

Binary file

data/pkg/ae_declarative_authorization-0.9.0.gem DELETED

Binary file

data/pkg/ae_declarative_authorization-0.9.0.tim1.gem DELETED

Binary file

data/pkg/ae_declarative_authorization-0.9.1.gem DELETED

Binary file

data/pkg/ae_declarative_authorization-0.9.2.gem DELETED

Binary file

data/test/authorization_test.rb DELETED

@@ -1,1189 +0,0 @@
-require 'test_helper'
-class AuthorizationTest < Test::Unit::TestCase
-  def test_permit
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :permissions,
-      :user => MockUser.new(:test_role, :test_role_2))
-    assert !engine.permit?(:test_2, :context => :permissions_2,
-      :user => MockUser.new(:test_role))
-    assert !engine.permit?(:test, :context => :permissions,
-      :user => MockUser.new(:test_role_2))
-  end
-  def test_permit_context_people
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :people, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :people,
-      :user => MockUser.new(:test_role))
-  end
-  def test_permit_with_has_omnipotence
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :admin do
-          has_omnipotence
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :people,
-      :user => MockUser.new(:admin))
-  end
-  def test_permit_multiple_contexts
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on [:permissions, :permissions_2], :to => :test
-          has_permission_on :permissions_4, :permissions_5, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :permissions,
-      :user => MockUser.new(:test_role))
-    assert engine.permit?(:test, :context => :permissions_2,
-      :user => MockUser.new(:test_role))
-    assert !engine.permit?(:test, :context => :permissions_3,
-      :user => MockUser.new(:test_role))
-    assert  engine.permit?(:test, :context => :permissions_4, :user => MockUser.new(:test_role))
-    assert  engine.permit?(:test, :context => :permissions_5, :user => MockUser.new(:test_role))
-  end
-  def test_permit_with_frozen_roles
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :other_role do
-          includes :test_role
-        end
-        role :test_role do
-          has_permission_on :permissions, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    roles = [:other_role].freeze
-    assert engine.permit?(:test, :context => :permissions,
-      :user => MockUser.new(:role_symbols => roles))
-  end
-  def test_obligations_without_conditions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [{}], engine.obligations(:test, :context => :permissions,
-      :user => MockUser.new(:test_role))
-  end
-  def test_obligations_with_conditions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :attr => is { user.attr }
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [{:attr => [:is, 1]}],
-      engine.obligations(:test, :context => :permissions,
-          :user => MockUser.new(:test_role, :attr => 1))
-  end
-  def test_obligations_with_omnipotence
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :admin do
-          has_omnipotence
-        end
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :attr => is { user.attr }
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [],
-      engine.obligations(:test, :context => :permissions,
-          :user => MockUser.new(:test_role, :admin, :attr => 1))
-  end
-  def test_obligations_with_anded_conditions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test, :join_by => :and do
-            if_attribute :attr => is { user.attr }
-            if_attribute :attr_2 => is { user.attr_2 }
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [{:attr => [:is, 1], :attr_2 => [:is, 2]}],
-      engine.obligations(:test, :context => :permissions,
-          :user => MockUser.new(:test_role, :attr => 1, :attr_2 => 2))
-  end
-  def test_obligations_with_deep_anded_conditions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test, :join_by => :and do
-            if_attribute :attr => { :deeper_attr => is { user.deeper_attr }}
-            if_attribute :attr => { :deeper_attr_2 => is { user.deeper_attr_2 }}
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [{:attr => { :deeper_attr => [:is, 1], :deeper_attr_2 => [:is, 2] } }],
-      engine.obligations(:test, :context => :permissions,
-          :user => MockUser.new(:test_role, :deeper_attr => 1, :deeper_attr_2 => 2))
-  end
-  def test_obligations_with_has_many
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :attrs => { :deeper_attr => is { user.deeper_attr } }
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [{:attrs => {:deeper_attr => [:is, 1]}}],
-      engine.obligations(:test, :context => :permissions,
-          :user => MockUser.new(:test_role, :deeper_attr => 1))
-  end
-  def test_obligations_with_conditions_and_empty
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test
-          has_permission_on :permissions, :to => :test do
-            if_attribute :attr => is { user.attr }
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [{}, {:attr => [:is, 1]}],
-      engine.obligations(:test, :context => :permissions,
-          :user => MockUser.new(:test_role, :attr => 1))
-  end
-  def test_obligations_with_permissions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :attr => is { user.attr }
-          end
-          has_permission_on :permission_children, :to => :test do
-            if_permitted_to :test, :permission, :context => :permissions
-          end
-          has_permission_on :permission_children_2, :to => :test do
-            if_permitted_to :test, :permission
-          end
-          has_permission_on :permission_children_children, :to => :test do
-            if_permitted_to :test, :permission_child => :permission,
-                            :context => :permissions
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [{:permission => {:attr => [:is, 1]}}],
-      engine.obligations(:test, :context => :permission_children,
-          :user => MockUser.new(:test_role, :attr => 1))
-    assert_equal [{:permission => {:attr => [:is, 1]}}],
-      engine.obligations(:test, :context => :permission_children_2,
-          :user => MockUser.new(:test_role, :attr => 1))
-    assert_equal [{:permission_child => {:permission => {:attr => [:is, 1]}}}],
-      engine.obligations(:test, :context => :permission_children_children,
-          :user => MockUser.new(:test_role, :attr => 1))
-  end
-  def test_obligations_with_has_many_permissions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :attr => is { user.attr }
-          end
-          has_permission_on :permission_children, :to => :test do
-            if_permitted_to :test, :permissions, :context => :permissions
-          end
-          has_permission_on :permission_children_2, :to => :test do
-            if_permitted_to :test, :permissions
-          end
-          has_permission_on :permission_children_children, :to => :test do
-            if_permitted_to :test, :permission_child => :permissions,
-                            :context => :permissions
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [{:permissions => {:attr => [:is, 1]}}],
-      engine.obligations(:test, :context => :permission_children,
-          :user => MockUser.new(:test_role, :attr => 1))
-    assert_equal [{:permissions => {:attr => [:is, 1]}}],
-      engine.obligations(:test, :context => :permission_children_2,
-          :user => MockUser.new(:test_role, :attr => 1))
-    assert_equal [{:permission_child => {:permissions => {:attr => [:is, 1]}}}],
-      engine.obligations(:test, :context => :permission_children_children,
-          :user => MockUser.new(:test_role, :attr => 1))
-  end
-  def test_obligations_with_permissions_multiple
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :attr => is { 1 }
-            if_attribute :attr => is { 2 }
-          end
-          has_permission_on :permission_children_children, :to => :test do
-            if_permitted_to :test, :permission_child => :permission
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [{:permission_child => {:permission => {:attr => [:is, 1]}}},
-        {:permission_child => {:permission => {:attr => [:is, 2]}}}],
-      engine.obligations(:test, :context => :permission_children_children,
-          :user => MockUser.new(:test_role))
-  end
-  def test_obligations_with_permissions_and_anded_conditions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permission_children, :to => :test, :join_by => :and do
-            if_permitted_to :test, :permission
-            if_attribute :test_attr => 1
-          end
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_equal [{:test_attr => [:is, 1], :permission => {:test_attr => [:is, 1]}}],
-      engine.obligations(:test, :context => :permission_children,
-          :user => MockUser.new(:test_role))
-  end
-  def test_guest_user
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :guest do
-          has_permission_on :permissions, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    Authorization.stub :current_user, MockUser.new do
-      assert engine.permit?(:test, :context => :permissions)
-      assert !engine.permit?(:test, :context => :permissions_2)
-    end
-  end
-  def test_default_role
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :anonymous do
-          has_permission_on :permissions, :to => :test
-        end
-      end
-    }
-    Authorization.stub :default_role, :anonymous do
-      engine = Authorization::Engine.new(reader)
-      Authorization.stub :current_user, MockUser.new do
-        assert engine.permit?(:test, :context => :permissions)
-      end
-      assert !engine.permit?(:test, :context => :permissions,
-      :user => MockUser.new(:guest))
-    end
-  end
-  def test_invalid_user_model
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :guest do
-          has_permission_on :permissions, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_raise(Authorization::AuthorizationUsageError) do
-      engine.permit?(:test, :context => :permissions, :user => MockUser.new(1, 2))
-    end
-    assert_raise(Authorization::AuthorizationUsageError) do
-      engine.permit?(:test, :context => :permissions, :user => MockDataObject.new)
-    end
-  end
-  def test_role_hierarchy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          includes :lower_role
-          has_permission_on :permissions, :to => :test
-        end
-        role :lower_role do
-          has_permission_on :permissions, :to => :lower
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, context: :permissions, user: MockUser.new(:test_role))
-    assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role))
-  end
-  def test_role_hierarchy__recursive
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          includes :lower_role
-          has_permission_on :permissions, :to => :test
-        end
-        role :lower_role do
-          has_permission_on :permissions, :to => :lower
-          includes :lowest_role
-        end
-        role :lowest_role do
-          has_permission_on :permissions, :to => :lowest
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, context: :permissions, user: MockUser.new(:test_role))
-    assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role))
-    assert engine.permit?(:lowest, context: :permissions, user: MockUser.new(:test_role))
-  end
-  def test_role_hierarchy__circular
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          includes :lower_role
-          has_permission_on :permissions, :to => :test
-        end
-        role :lower_role do
-          includes :test_role
-          has_permission_on :permissions, :to => :lower
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, context: :permissions, user: MockUser.new(:test_role))
-    assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role))
-  end
-  def test_role_hierarchy__recursive__circular
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          includes :lower_role
-          has_permission_on :permissions, :to => :test
-        end
-        role :lower_role do
-          includes :lowest_role
-          has_permission_on :permissions, :to => :lower
-        end
-        role :lowest_role do
-          includes :test_role
-          has_permission_on :permissions, :to => :lowest
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, context: :permissions, user: MockUser.new(:test_role))
-    assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role))
-    assert engine.permit?(:lowest, context: :permissions, user: MockUser.new(:test_role))
-  end
-  def test_privilege_hierarchy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      privileges do
-        privilege :test, :permissions do
-          includes :lower
-        end
-      end
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role))
-  end
-  def test_privilege_hierarchy__recursive
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      privileges do
-        privilege :test, :permissions do
-          includes :lower
-        end
-        privilege :lower, :permissions do
-          includes :lowest
-        end
-      end
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role))
-    assert engine.permit?(:lowest, context: :permissions, user: MockUser.new(:test_role))
-  end
-  def test_privilege_hierarchy_without_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      privileges do
-        privilege :read do
-          includes :list, :show
-        end
-      end
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :read
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:list, :context => :permissions,
-      :user => MockUser.new(:test_role))
-  end
-  def test_attribute_is
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => is { user.test_attr }
-            if_attribute :test_attr => 3
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 1),
-              :object => MockDataObject.new(:test_attr => 1))
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 2),
-              :object => MockDataObject.new(:test_attr => 3))
-    assert((not(engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 2),
-              :object => MockDataObject.new(:test_attr => 1)))))
-  end
-  def test_attribute_is_not
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => is_not { user.test_attr }
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    assert !engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 1),
-              :object => MockDataObject.new(:test_attr => 1))
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 2),
-              :object => MockDataObject.new(:test_attr => 1))
-  end
-  def test_attribute_contains
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => contains { user.test_attr }
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 1),
-              :object => MockDataObject.new(:test_attr => [1,2]))
-    assert !engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 3),
-              :object => MockDataObject.new(:test_attr => [1,2]))
-  end
-  def test_attribute_does_not_contain
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => does_not_contain { user.test_attr }
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    assert !engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 1),
-              :object => MockDataObject.new(:test_attr => [1,2]))
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 3),
-              :object => MockDataObject.new(:test_attr => [1,2]))
-  end
-  def test_attribute_in_array
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => is_in { [1,2] }
-            if_attribute :test_attr => [2,3]
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 1))
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 3))
-    assert !engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 4))
-  end
-  def test_attribute_not_in_array
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => is_not_in { [1,2] }
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    assert !engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 1))
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 4))
-  end
-  def test_attribute_intersects_with
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attrs => intersects_with { [1,2] }
-          end
-        end
-        role :test_role_2 do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attrs => intersects_with { 1 }
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_raise Authorization::AuthorizationUsageError do
-      engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attrs => 1 ))
-    end
-    assert_raise Authorization::AuthorizationUsageError do
-      engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role_2),
-              :object => MockDataObject.new(:test_attrs => [1, 2] ))
-    end
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attrs => [1,3] ))
-    assert !engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attrs => [3,4] ))
-  end
-  def test_attribute_lte
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => lte { user.test_attr }
-            if_attribute :test_attr => 3
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    # object < user -> pass
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 2),
-              :object => MockDataObject.new(:test_attr => 1))
-    # object > user && object = control -> pass
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 2),
-              :object => MockDataObject.new(:test_attr => 3))
-    # object = user -> pass
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 1),
-              :object => MockDataObject.new(:test_attr => 1))
-    # object > user -> fail
-    assert((not(engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 1),
-              :object => MockDataObject.new(:test_attr => 2)))))
-  end
-  def test_attribute_gt
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => gt { user.test_attr }
-            if_attribute :test_attr => 3
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    # object > user -> pass
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 1),
-              :object => MockDataObject.new(:test_attr => 2))
-    # object < user && object = control -> pass
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 4),
-              :object => MockDataObject.new(:test_attr => 3))
-    # object = user -> fail
-    assert((not(engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 1),
-              :object => MockDataObject.new(:test_attr => 1)))))
-    # object < user -> fail
-    assert((not(engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 2),
-              :object => MockDataObject.new(:test_attr => 1)))))
-  end
-  def test_attribute_gte
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => gte { user.test_attr }
-            if_attribute :test_attr => 3
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    # object > user -> pass
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 1),
-              :object => MockDataObject.new(:test_attr => 2))
-    # object < user && object = control -> pass
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 4),
-              :object => MockDataObject.new(:test_attr => 3))
-    # object = user -> pass
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 1),
-              :object => MockDataObject.new(:test_attr => 1))
-    # object < user -> fail
-    assert((not(engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role, :test_attr => 2),
-              :object => MockDataObject.new(:test_attr => 1)))))
-  end
-  def test_attribute_deep
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr_1 => {:test_attr_2 => contains { 1 }}
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr_1 =>
-                    MockDataObject.new(:test_attr_2 => [1,2])))
-    assert !engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr_1 =>
-                    MockDataObject.new(:test_attr_2 => [3,4])))
-    assert_equal [{:test_attr_1 => {:test_attr_2 => [:contains, 1]}}],
-      engine.obligations(:test, :context => :permissions,
-          :user => MockUser.new(:test_role))
-  end
-  def test_attribute_has_many
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :companies, :to => :read do
-            if_attribute :branches => {:city => is { user.city } }
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    company = MockDataObject.new(:branches => [
-        MockDataObject.new(:city => 'Barcelona'),
-        MockDataObject.new(:city => 'Paris')
-      ])
-    assert engine.permit!(:read, :context => :companies,
-              :user => MockUser.new(:test_role, :city => 'Paris'),
-              :object => company)
-    assert !engine.permit?(:read, :context => :companies,
-              :user => MockUser.new(:test_role, :city => 'London'),
-              :object => company)
-  end
-  def test_attribute_non_block
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-          end
-        end
-      end
-    |
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 1))
-    assert !engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 2))
-  end
-  def test_attribute_multiple
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-            if_attribute :test_attr => 2  # or
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 1))
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 2))
-  end
-  class PermissionMock < MockDataObject
-    def self.name
-      "Permission"
-    end
-  end
-  def test_attribute_with_permissions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-          end
-          has_permission_on :permission_children, :to => :test do
-            if_permitted_to :test, :permission
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    perm_data_attr_1 = PermissionMock.new({:test_attr => 1})
-    perm_data_attr_2 = PermissionMock.new({:test_attr => 2})
-    assert engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:permission => perm_data_attr_1))
-    assert !engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:permission => perm_data_attr_2))
-  end
-  def test_attribute_with_has_many_permissions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-          end
-          has_permission_on :permission_children, :to => :test do
-            if_permitted_to :test, :permissions
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    perm_data_attr_1 = PermissionMock.new({:test_attr => 1})
-    perm_data_attr_2 = PermissionMock.new({:test_attr => 2})
-    assert engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:permissions => [perm_data_attr_1]))
-    assert !engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:permissions => [perm_data_attr_2]))
-  end
-  def test_attribute_with_deep_permissions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-          end
-          has_permission_on :permission_children, :to => :test do
-            if_permitted_to :test, :shallow_permission => :permission
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    perm_data_attr_1 = PermissionMock.new({:test_attr => 1})
-    perm_data_attr_2 = PermissionMock.new({:test_attr => 2})
-    assert engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:shallow_permission =>
-                MockDataObject.new(:permission => perm_data_attr_1)))
-    assert !engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:shallow_permission =>
-                MockDataObject.new(:permission => perm_data_attr_2)))
-  end
-  def test_attribute_with_deep_has_many_permissions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-          end
-          has_permission_on :permission_children, :to => :test do
-            if_permitted_to :test, :shallow_permissions => :permission
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    perm_data_attr_1 = PermissionMock.new({:test_attr => 1})
-    perm_data_attr_2 = PermissionMock.new({:test_attr => 2})
-    assert engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:shallow_permissions =>
-                [MockDataObject.new(:permission => perm_data_attr_1)]))
-    assert !engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:shallow_permissions =>
-                [MockDataObject.new(:permission => perm_data_attr_2)]))
-  end
-  def test_attribute_with_permissions_nil
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-          end
-          has_permission_on :permission_children, :to => :test do
-            if_permitted_to :test, :permission
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:permission => nil))
-    assert !engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:permission => nil))
-  end
-  def test_attribute_with_permissions_on_self
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-          end
-          has_permission_on :permissions, :to => :another_test do
-            if_permitted_to :test
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    perm_data_attr_1 = PermissionMock.new({:test_attr => 1})
-    perm_data_attr_2 = PermissionMock.new({:test_attr => 2})
-    assert engine.permit?(:another_test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => perm_data_attr_1)
-    assert !engine.permit?(:another_test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => perm_data_attr_2)
-  end
-  def test_attribute_with_permissions_on_self_with_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-          end
-          has_permission_on :permissions, :to => :another_test do
-            if_permitted_to :test, :context => :permissions
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    perm_data_attr_1 = PermissionMock.new({:test_attr => 1})
-    perm_data_attr_2 = PermissionMock.new({:test_attr => 2})
-    assert engine.permit?(:another_test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => perm_data_attr_1)
-    assert !engine.permit?(:another_test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => perm_data_attr_2)
-  end
-  def test_attribute_with_permissions_and_anded_rules
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attr => 1
-          end
-          has_permission_on :permission_children, :to => :test, :join_by => :and do
-            if_permitted_to :test, :permission
-            if_attribute :test_attr => 1
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    perm_data_attr_1 = PermissionMock.new({:test_attr => 1})
-    perm_data_attr_2 = PermissionMock.new({:test_attr => 2})
-    assert engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:permission => perm_data_attr_1, :test_attr => 1))
-    assert !engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:permission => perm_data_attr_2, :test_attr => 1))
-    assert !engine.permit?(:test, :context => :permission_children,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:permission => perm_data_attr_1, :test_attr => 2))
-  end
-  def test_attribute_with_anded_rules
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test, :join_by => :and do
-            if_attribute :test_attr => 1
-            if_attribute :test_attr_2 => 2
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 1, :test_attr_2 => 2))
-    assert !engine.permit?(:test, :context => :permissions,
-              :user => MockUser.new(:test_role),
-              :object => MockDataObject.new(:test_attr => 1, :test_attr_2 => 3))
-  end
-  def test_raise_on_if_attribute_hash_on_collection
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :test_attrs => {:attr => is {1}}
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert_raise Authorization::AuthorizationUsageError do
-      engine.permit?(:test, :context => :permissions,
-                     :user => MockUser.new(:test_role),
-                     :object => MockDataObject.new(:test_attrs => [1, 2, 3]))
-    end
-  end
-  def test_role_title_description
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role, :title => 'Test Role' do
-          description "Test Role Description"
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert engine.roles.include?(:test_role)
-    assert_equal "Test Role", engine.role_titles[:test_role]
-    assert_equal "Test Role", engine.title_for(:test_role)
-    assert_nil engine.title_for(:test_role_2)
-    assert_equal "Test Role Description", engine.role_descriptions[:test_role]
-    assert_equal "Test Role Description", engine.description_for(:test_role)
-    assert_nil engine.description_for(:test_role_2)
-  end
-  def test_multithread
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    Authorization.stub :current_user, MockUser.new(:test_role) do
-      assert engine.permit?(:test, :context => :permissions)
-      Thread.new do
-        Authorization.current_user = MockUser.new(:test_role2)
-        assert !engine.permit?(:test, :context => :permissions)
-      end
-      assert engine.permit?(:test, :context => :permissions)
-    end
-  end
-  def test_clone
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test do
-            if_attribute :attr => { :sub_attr => is { user } }
-            if_permitted_to :read, :attr_2 => :attr_3
-            if_permitted_to :read, :attr_2
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    cloned_engine = engine.clone
-    assert_not_equal engine.auth_rules.first.contexts.object_id,
-        cloned_engine.auth_rules.first.contexts.object_id
-    assert_not_equal engine.auth_rules.first.attributes.first.send(:instance_variable_get, :@conditions_hash)[:attr].object_id,
-        cloned_engine.auth_rules.first.attributes.first.send(:instance_variable_get, :@conditions_hash)[:attr].object_id
-  end
-end