ae_declarative_authorization 0.10.1 → 0.12.1.tim1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (61) hide show
  1. checksums.yaml +5 -5
  2. data/.circleci/config.yml +29 -0
  3. data/.gitignore +32 -0
  4. data/.ruby-version +1 -0
  5. data/Appraisals +18 -23
  6. data/Gemfile +3 -1
  7. data/declarative_authorization.gemspec +2 -2
  8. data/lib/declarative_authorization/controller/grape.rb +15 -4
  9. data/lib/declarative_authorization/controller_permission.rb +1 -5
  10. data/lib/declarative_authorization/test/helpers.rb +8 -2
  11. data/lib/declarative_authorization/version.rb +1 -1
  12. metadata +11 -76
  13. data/Gemfile.lock +0 -138
  14. data/gemfiles/ruby_2.3.3_rails507.gemfile +0 -12
  15. data/gemfiles/ruby_2.3.3_rails507.gemfile.lock +0 -164
  16. data/gemfiles/ruby_2.3.3_rails516.gemfile +0 -12
  17. data/gemfiles/ruby_2.3.3_rails516.gemfile.lock +0 -164
  18. data/gemfiles/ruby_2.3.3_rails521.gemfile +0 -12
  19. data/gemfiles/ruby_2.3.3_rails521.gemfile.lock +0 -172
  20. data/gemfiles/ruby_2.3.3_rails522.gemfile +0 -12
  21. data/gemfiles/ruby_2.3.3_rails522.gemfile.lock +0 -172
  22. data/gemfiles/ruby_2.5.3_rails507.gemfile +0 -12
  23. data/gemfiles/ruby_2.5.3_rails507.gemfile.lock +0 -164
  24. data/gemfiles/ruby_2.5.3_rails516.gemfile +0 -12
  25. data/gemfiles/ruby_2.5.3_rails516.gemfile.lock +0 -164
  26. data/gemfiles/ruby_2.5.3_rails521.gemfile +0 -12
  27. data/gemfiles/ruby_2.5.3_rails521.gemfile.lock +0 -172
  28. data/gemfiles/ruby_2.5.3_rails522.gemfile +0 -12
  29. data/gemfiles/ruby_2.5.3_rails522.gemfile.lock +0 -172
  30. data/gemfiles/ruby_2.6.2_rails507.gemfile +0 -12
  31. data/gemfiles/ruby_2.6.2_rails507.gemfile.lock +0 -164
  32. data/gemfiles/ruby_2.6.2_rails516.gemfile +0 -12
  33. data/gemfiles/ruby_2.6.2_rails516.gemfile.lock +0 -164
  34. data/gemfiles/ruby_2.6.2_rails521.gemfile +0 -12
  35. data/gemfiles/ruby_2.6.2_rails521.gemfile.lock +0 -172
  36. data/gemfiles/ruby_2.6.2_rails522.gemfile +0 -12
  37. data/gemfiles/ruby_2.6.2_rails522.gemfile.lock +0 -172
  38. data/log/test.log +0 -89694
  39. data/pkg/ae_declarative_authorization-0.10.0.gem +0 -0
  40. data/pkg/ae_declarative_authorization-0.9.0.gem +0 -0
  41. data/pkg/ae_declarative_authorization-0.9.0.tim1.gem +0 -0
  42. data/pkg/ae_declarative_authorization-0.9.1.gem +0 -0
  43. data/pkg/ae_declarative_authorization-0.9.2.gem +0 -0
  44. data/test/authorization_test.rb +0 -1189
  45. data/test/controller_filter_resource_access_test.rb +0 -573
  46. data/test/database.yml +0 -3
  47. data/test/dsl_reader_test.rb +0 -178
  48. data/test/functional/filter_access_to_with_id_in_scope_test.rb +0 -88
  49. data/test/functional/no_filter_access_to_test.rb +0 -79
  50. data/test/functional/params_block_arity_test.rb +0 -39
  51. data/test/grape_api_test.rb +0 -508
  52. data/test/helper_test.rb +0 -248
  53. data/test/maintenance_test.rb +0 -46
  54. data/test/model_test.rb +0 -1840
  55. data/test/profiles/access_checking +0 -100
  56. data/test/rails_controller_test.rb +0 -478
  57. data/test/schema.sql +0 -60
  58. data/test/test_helper.rb +0 -117
  59. data/test/test_support/grape.rb +0 -93
  60. data/test/test_support/minitest_compatibility.rb +0 -27
  61. data/test/test_support/rails.rb +0 -69
@@ -1,3 +0,0 @@
1
- test:
2
- adapter: sqlite3
3
- database: ":memory:"
@@ -1,178 +0,0 @@
1
- require 'test_helper'
2
-
3
- class DSLReaderTest < Test::Unit::TestCase
4
- def test_privileges
5
- reader = Authorization::Reader::DSLReader.new
6
- reader.parse %{
7
- privileges do
8
- privilege :test_priv do
9
- includes :lower_priv
10
- end
11
- end
12
- }
13
- assert_equal 2, reader.privileges_reader.privileges.length
14
- assert_equal [[:lower_priv, nil]],
15
- reader.privileges_reader.privilege_hierarchy[:test_priv]
16
- end
17
-
18
- def test_privileges_with_context
19
- reader = Authorization::Reader::DSLReader.new
20
- reader.parse %{
21
- privileges do
22
- privilege :test_priv, :test_context do
23
- includes :lower_priv
24
- end
25
- end
26
- }
27
- assert_equal [[:lower_priv, :test_context]],
28
- reader.privileges_reader.privilege_hierarchy[:test_priv]
29
- end
30
-
31
- def test_privileges_one_line
32
- reader = Authorization::Reader::DSLReader.new
33
- reader.parse %{
34
- privileges do
35
- privilege :test_priv, :test_context, :includes => :lower_priv
36
- privilege :test_priv_2, :test_context, :includes => [:lower_priv]
37
- privilege :test_priv_3, :includes => [:lower_priv]
38
- end
39
- }
40
- assert_equal [[:lower_priv, :test_context]],
41
- reader.privileges_reader.privilege_hierarchy[:test_priv]
42
- assert_equal [[:lower_priv, :test_context]],
43
- reader.privileges_reader.privilege_hierarchy[:test_priv_2]
44
- assert_equal [[:lower_priv, nil]],
45
- reader.privileges_reader.privilege_hierarchy[:test_priv_3]
46
- end
47
-
48
- def test_auth_role
49
- reader = Authorization::Reader::DSLReader.new
50
- reader.parse %{
51
- authorization do
52
- role :test_role do
53
- includes :lesser_role
54
- has_permission_on :items, :to => :read
55
- end
56
- end
57
- }
58
- assert_equal 1, reader.auth_rules_reader.roles.length
59
- assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role]
60
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
61
- end
62
-
63
- def test_auth_role_permit_on
64
- reader = Authorization::Reader::DSLReader.new
65
- reader.parse %|
66
- authorization do
67
- role :test_role do
68
- has_permission_on :test_context do
69
- to :test_perm, :manage
70
- if_attribute :test_attr => is { user.test_attr }
71
- end
72
- end
73
- end
74
- |
75
- assert_equal 1, reader.auth_rules_reader.roles.length
76
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
77
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
78
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
79
- end
80
-
81
- def test_permit_block
82
- reader = Authorization::Reader::DSLReader.new
83
- reader.parse %|
84
- authorization do
85
- role :test_role do
86
- has_permission_on :perms, :to => :test do
87
- if_attribute :test_attr => is { user.test_attr }
88
- if_attribute :test_attr_2 => is_not { user.test_attr }
89
- if_attribute :test_attr_3 => contains { user.test_attr }
90
- if_attribute :test_attr_4 => does_not_contain { user.test_attr }
91
- if_attribute :test_attr_5 => is_in { user.test_attr }
92
- if_attribute :test_attr_5 => is_not_in { user.test_attr }
93
- if_attribute :test_attr_6 => lt { user.test_attr }
94
- if_attribute :test_attr_6 => lte { user.test_attr }
95
- if_attribute :test_attr_6 => gt { user.test_attr }
96
- if_attribute :test_attr_6 => gte { user.test_attr }
97
- end
98
- end
99
- end
100
- |
101
- assert_equal 1, reader.auth_rules_reader.roles.length
102
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
103
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
104
- end
105
-
106
- def test_has_permission_to_with_context
107
- reader = Authorization::Reader::DSLReader.new
108
- reader.parse %|
109
- authorization do
110
- role :test_role do
111
- has_permission_on :perms, :to => :test
112
- end
113
- end
114
- |
115
- assert_equal 1, reader.auth_rules_reader.roles.length
116
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
117
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
118
- end
119
-
120
- def test_context
121
- reader = Authorization::Reader::DSLReader.new
122
- reader.parse %{
123
- contexts do
124
- context :high_level_context do
125
- includes :low_level_context_1, :low_level_context_2
126
- end
127
- end
128
- }
129
- end
130
-
131
- def test_dsl_error
132
- reader = Authorization::Reader::DSLReader.new
133
- assert_raise(Authorization::Reader::DSLError) do
134
- reader.parse %{
135
- authorization do
136
- includes :lesser_role
137
- end
138
- }
139
- end
140
- end
141
-
142
- def test_syntax_error
143
- reader = Authorization::Reader::DSLReader.new
144
- assert_raise(Authorization::Reader::DSLSyntaxError) do
145
- reader.parse %{
146
- authorizations do
147
- end
148
- }
149
- end
150
- end
151
-
152
- def test_syntax_error_2
153
- reader = Authorization::Reader::DSLReader.new
154
- assert_raise(Authorization::Reader::DSLSyntaxError) do
155
- reader.parse %{
156
- authorizations
157
- end
158
- }
159
- end
160
- end
161
-
162
- def test_factory_returns_self
163
- reader = Authorization::Reader::DSLReader.new
164
- assert_equal(Authorization::Reader::DSLReader.factory(reader).object_id, reader.object_id)
165
- end
166
-
167
- def test_factory_loads_file
168
- reader = Authorization::Reader::DSLReader.factory((DA_ROOT + "authorization_rules.dist.rb").to_s)
169
- assert_equal(Authorization::Reader::DSLReader, reader.class)
170
- end
171
-
172
- def test_load_file_not_found
173
- assert_raise(Authorization::Reader::DSLFileNotFoundError) do
174
- Authorization::Reader::DSLReader.new.load!("nonexistent_file.rb")
175
- end
176
- end
177
- end
178
-
@@ -1,88 +0,0 @@
1
- require 'test_helper'
2
-
3
- class UsersController < MocksController
4
- before_action :initialize_user
5
- filter_access_to :all, attribute_check: true
6
- define_action_methods :show
7
-
8
- def initialize_user
9
- @user = User.find(params[:id])
10
- end
11
- end
12
-
13
- class FilterAccessToWithIdInScopeTest < ActionController::TestCase
14
- include DeclarativeAuthorization::Test::Helpers
15
-
16
- tests UsersController
17
-
18
- access_tests do
19
- params :user do |old_user, new_user|
20
- assert_equal :old_user, old_user
21
- assert_equal :new_user, new_user
22
- { id: User.create! }
23
- end
24
-
25
- role :users do
26
- privilege :read do
27
- allowed to: :show, with: :user
28
- end
29
- end
30
- end
31
-
32
- AUTHORIZATION_RULES = <<-RULES.freeze
33
- authorization do
34
- role :users__read do
35
- has_permission_on :users, :to => [:show] do
36
- if_attribute :id => id_in_scope { User.visible_by(user) }
37
- end
38
- end
39
- end
40
- RULES
41
-
42
- setup do
43
- @reader = Authorization::Reader::DSLReader.new
44
- @reader.parse(AUTHORIZATION_RULES)
45
- Authorization::Engine.instance(@reader)
46
- end
47
-
48
- def test_id_in_scope__filter_access_to__has_access
49
- with_routing do |map|
50
- setup_routes(map)
51
-
52
- current_user = User.create!(role_symbols: [:users__read])
53
- different_user = User.create!
54
-
55
- request!(current_user, :show, @reader, id: current_user.id)
56
- assert @controller.authorized?
57
- end
58
- end
59
-
60
- def test_id_in_scope__filter_access_to__does_not_have_access
61
- with_routing do |map|
62
- setup_routes(map)
63
-
64
- current_user = User.create!(role_symbols: [:users__read])
65
- different_user = User.create!
66
-
67
- request!(current_user, :show, @reader, id: different_user.id)
68
- assert !@controller.authorized?
69
- end
70
- end
71
-
72
- private
73
-
74
- def setup_routes(map)
75
- map.draw do
76
- get '/users', controller: 'users', action: :show
77
- end
78
- end
79
-
80
- def access_test_user(role, privilege)
81
- User.new(role_symbols: [ :"#{role}__#{privilege}" ])
82
- end
83
-
84
- def access_test_params_for_param_methods
85
- [:old_user, :new_user]
86
- end
87
- end
88
-
@@ -1,79 +0,0 @@
1
- require 'test_helper'
2
-
3
- class NoFilterAccessObject < MockDataObject
4
- def self.name
5
- "NoFilterAccessObject"
6
- end
7
- end
8
-
9
- class NoFilterAccessObjectsController < MocksController
10
- filter_access_to :all, attribute_check: true, load_method: :find_no_filter_access_object
11
- no_filter_access_to :index
12
-
13
- define_action_methods :index, :show
14
-
15
- private
16
-
17
- def find_no_filter_access_object
18
- NoFilterAccessObject.find_or_initialize_by(params.permit(:id, :special_attribute).to_hash)
19
- end
20
- end
21
-
22
- class NoFilterAccessToTest < ActionController::TestCase
23
- include DeclarativeAuthorization::Test::Helpers
24
- tests NoFilterAccessObjectsController
25
-
26
- access_tests_not_required
27
-
28
- AUTHORIZATION_RULES = <<-RULES.freeze
29
- authorization do
30
- role :allowed_role do
31
- has_permission_on :no_filter_access_objects, to: :index do
32
- if_attribute special_attribute: is { 'secret' }
33
- end
34
- has_permission_on :no_filter_access_objects, to: :show do
35
- if_attribute id: is { '1' }
36
- end
37
- end
38
- end
39
- RULES
40
-
41
- setup do
42
- @reader = Authorization::Reader::DSLReader.new
43
- @reader.parse(AUTHORIZATION_RULES)
44
- Authorization::Engine.instance(@reader)
45
- end
46
-
47
- def test_filter_access_to
48
- with_routing do |map|
49
- map.draw do
50
- resources :no_filter_access_objects, only: [:index, :show]
51
- end
52
-
53
- disallowed_user = MockUser.new
54
- allowed_user = MockUser.new(:allowed_role)
55
-
56
- request!(disallowed_user, :show, @reader, id: '1')
57
- assert !@controller.authorized?
58
-
59
- request!(allowed_user, :show, @reader, id: '100', clear: [:@no_filter_access_object])
60
- assert !@controller.authorized?
61
-
62
- request!(allowed_user, :show, @reader, id: '1', clear: [:@no_filter_access_object])
63
- assert @controller.authorized?
64
- end
65
- end
66
-
67
- def test_no_filter_access_to
68
- with_routing do |map|
69
- map.draw do
70
- resources :no_filter_access_objects, only: [:index, :show]
71
- end
72
-
73
- non_special_user = MockUser.new
74
-
75
- request!(non_special_user, :index, @reader, id: '1', special_attribute: 'wrong')
76
- assert @controller.authorized?
77
- end
78
- end
79
- end
@@ -1,39 +0,0 @@
1
- require 'test_helper'
2
-
3
- class ParamsBlockArityTest < ActionController::TestCase
4
- include DeclarativeAuthorization::Test::Helpers
5
-
6
- class ParamsBlockArityTestController < ApplicationController
7
-
8
- end
9
-
10
- tests ParamsBlockArityTestController
11
-
12
- access_tests do
13
-
14
- params :less_than_max_arguments do | one |
15
- { this: :works }
16
- end
17
-
18
- params :too_many_arguments do | one, two, three |
19
- { what: :ever }
20
- end
21
-
22
- end
23
-
24
- def test_params_arity
25
- assert_raises(InvalidParamsBlockArity) do
26
- access_test_params(:too_many_arguments)
27
- end
28
-
29
- assert_equal({ this: :works }, access_test_params(:less_than_max_arguments))
30
- end
31
-
32
- private
33
-
34
- def access_test_params_for_param_methods
35
- [:old_user, :new_user]
36
- end
37
-
38
- end
39
-
@@ -1,508 +0,0 @@
1
- require 'test_helper'
2
-
3
- # TODO: remove this conditional when rails 4 support is removed
4
- if defined?(Grape)
5
- class LoadMockObject < MockDataObject
6
- def self.name
7
- "LoadMockObject"
8
- end
9
- end
10
-
11
- ##################
12
- class SpecificMocks < MocksAPI
13
- filter_access_to 'GET /specific_mocks/test_action', :require => :test, :context => :permissions
14
- filter_access_to 'GET /specific_mocks/test_action_2', :require => :test, :context => :permissions_2
15
- filter_access_to 'GET /specific_mocks/show'
16
- filter_access_to 'GET /specific_mocks/edit', 'POST /specific_mocks/create', :require => :test, :context => :permissions
17
- filter_access_to 'GET /specific_mocks/edit2', :require => :test, :context => :permissions,
18
- :attribute_check => true, :model => LoadMockObject
19
- filter_access_to 'GET /specific_mocks/new', :require => :test, :context => :permissions
20
-
21
- filter_access_to ['GET /specific_mocks/action_group_action_1', 'GET /specific_mocks/action_group_action_2']
22
- define_action_methods :test_action, :test_action_2, :show, :edit, :create,
23
- :edit_2, :new, :unprotected_action, :action_group_action_1, :action_group_action_2
24
- end
25
-
26
- class BasicAPITest < ApiTestCase
27
- tests SpecificMocks
28
-
29
- def test_filter_access_to_receiving_an_explicit_array
30
- reader = Authorization::Reader::DSLReader.new
31
-
32
- reader.parse %{
33
- authorization do
34
- role :test_action_group_2 do
35
- has_permission_on :specific_mocks, :to => 'GET /specific_mocks/action_group_action_2'
36
- end
37
- end
38
- }
39
-
40
- request!(MockUser.new(:test_action_group_2), "/specific_mocks/action_group_action_2", reader)
41
- assert last_endpoint.authorized?
42
- request!(MockUser.new(:test_action_group_2), "/specific_mocks/action_group_action_1", reader)
43
- assert !last_endpoint.authorized?
44
- request!(nil, "/specific_mocks/action_group_action_2", reader)
45
- assert !last_endpoint.authorized?
46
- end
47
-
48
- def test_filter_access
49
- assert SpecificMocks.top_level_setting.namespace_stackable[:befores].any?
50
-
51
- reader = Authorization::Reader::DSLReader.new
52
- reader.parse %{
53
- authorization do
54
- role :test_role do
55
- has_permission_on :permissions, :to => :test
56
- has_permission_on :specific_mocks, :to => 'GET /specific_mocks/show'
57
- end
58
- end
59
- }
60
-
61
- request!(MockUser.new(:test_role), "/specific_mocks/test_action", reader)
62
- assert last_endpoint.authorized?
63
-
64
- request!(MockUser.new(:test_role), "/specific_mocks/test_action_2", reader)
65
- assert !last_endpoint.authorized?
66
-
67
- request!(MockUser.new(:test_role_2), "/specific_mocks/test_action", reader)
68
- assert_equal 403, last_response.status
69
- assert !last_endpoint.authorized?
70
-
71
- request!(MockUser.new(:test_role), "/specific_mocks/show", reader)
72
- assert last_endpoint.authorized?
73
- end
74
-
75
- def test_filter_access_multi_actions
76
- reader = Authorization::Reader::DSLReader.new
77
- reader.parse %{
78
- authorization do
79
- role :test_role do
80
- has_permission_on :permissions, :to => :test
81
- end
82
- end
83
- }
84
- request!(MockUser.new(:test_role), "/specific_mocks/create", reader)
85
- assert last_endpoint.authorized?
86
- end
87
-
88
- def test_filter_access_unprotected_actions
89
- reader = Authorization::Reader::DSLReader.new
90
- reader.parse %{
91
- authorization do
92
- role :test_role do
93
- end
94
- end
95
- }
96
- request!(MockUser.new(:test_role), "/specific_mocks/unprotected_action", reader)
97
- assert last_endpoint.authorized?
98
- end
99
-
100
- def test_filter_access_priv_hierarchy
101
- reader = Authorization::Reader::DSLReader.new
102
- reader.parse %{
103
- privileges do
104
- privilege :read do
105
- includes "GET /specific_mocks/list", "GET /specific_mocks/show"
106
- end
107
- end
108
- authorization do
109
- role :test_role do
110
- has_permission_on :specific_mocks, :to => :read
111
- end
112
- end
113
- }
114
- request!(MockUser.new(:test_role), "/specific_mocks/show", reader)
115
- assert last_endpoint.authorized?
116
- end
117
-
118
- def test_filter_access_skip_attribute_test
119
- reader = Authorization::Reader::DSLReader.new
120
- reader.parse %{
121
- authorization do
122
- role :test_role do
123
- has_permission_on :permissions, :to => :test do
124
- if_attribute :id => is { user }
125
- end
126
- end
127
- end
128
- }
129
- request!(MockUser.new(:test_role), "/specific_mocks/new", reader)
130
- assert last_endpoint.authorized?
131
- end
132
-
133
- def test_existing_instance_var_remains_unchanged
134
- reader = Authorization::Reader::DSLReader.new
135
- reader.parse %{
136
- authorization do
137
- role :test_role do
138
- has_permission_on :permissions, :to => :test do
139
- if_attribute :id => is { 5 }
140
- end
141
- end
142
- end
143
- }
144
- mock_object = MockDataObject.new(:id => 5)
145
-
146
- request!(MockUser.new(:test_role), "/specific_mocks/edit_2", reader) do |endpoint|
147
- endpoint.send(:instance_variable_set, :"@load_mock_object", mock_object)
148
- end
149
- assert_equal mock_object, last_endpoint.send(:instance_variable_get, :"@load_mock_object")
150
- assert last_endpoint.authorized?
151
- end
152
-
153
- def test_permitted_to_without_context
154
- reader = Authorization::Reader::DSLReader.new
155
- reader.parse %{
156
- authorization do
157
- role :test_role do
158
- has_permission_on :specific_mocks, :to => :test
159
- end
160
- end
161
- }
162
-
163
- # Make any request so we can get a reference to an endpoint
164
- request!(MockUser.new(:test_role), "/specific_mocks/show", reader)
165
-
166
- assert last_endpoint.permitted_to?(:test)
167
- end
168
- end
169
-
170
- ##################
171
- class AllMocks < MocksAPI
172
- filter_access_to :all
173
- filter_access_to 'GET /all_mocks/view', :require => :test, :context => :permissions
174
- define_action_methods :show, :view
175
- end
176
-
177
- class AllActionsAPITest < ApiTestCase
178
- tests AllMocks
179
-
180
- def test_filter_access_all
181
- reader = Authorization::Reader::DSLReader.new
182
- reader.parse %{
183
- authorization do
184
- role :test_role do
185
- has_permission_on :permissions, :to => :test
186
- has_permission_on :all_mocks, :to => 'GET /all_mocks/show'
187
- end
188
- end
189
- }
190
-
191
- request!(MockUser.new(:test_role), "/all_mocks/show", reader)
192
- assert last_endpoint.authorized?
193
-
194
- request!(MockUser.new(:test_role), "/all_mocks/view", reader)
195
- assert last_endpoint.authorized?
196
-
197
- request!(MockUser.new(:test_role_2), "/all_mocks/show", reader)
198
- assert !last_endpoint.authorized?
199
- end
200
- end
201
-
202
- ##################
203
- class LoadMockObjects < MocksAPI
204
- filter_access_to 'GET /load_mock_objects/:id', :attribute_check => true, :model => LoadMockObject
205
- filter_access_to 'GET /load_mock_objects/:id/edit', :attribute_check => true
206
- filter_access_to 'PUT /load_mock_objects/:id', 'DELETE /load_mock_objects/:id', :attribute_check => true,
207
- :load_method => proc {MockDataObject.new(:test => 1)}
208
- filter_access_to 'POST /load_mock_objects' do
209
- permitted_to! 'GET /load_mock_objects/:id/edit', :load_mock_objects
210
- end
211
- filter_access_to 'GET /load_mock_objects/view', :attribute_check => true, :load_method => :load_method
212
-
213
- helpers do
214
- @load_method_call_count = 0
215
-
216
- def load_method_call_count
217
- @load_method_call_count || 0
218
- end
219
-
220
- def load_method
221
- @load_method_call_count ||= 0
222
- @load_method_call_count += 1
223
- MockDataObject.new(:test => 2)
224
- end
225
- end
226
-
227
- resources :load_mock_objects do
228
- get :view do
229
- @authorized = true
230
- 'nothing'
231
- end
232
-
233
- route_param :id do
234
- get do
235
- @authorized = true
236
- 'nothing'
237
- end
238
-
239
- get :edit do
240
- @authorized = true
241
- 'nothing'
242
- end
243
-
244
- put do
245
- @authorized = true
246
- 'nothing'
247
- end
248
-
249
- delete do
250
- @authorized = true
251
- 'nothing'
252
- end
253
- end
254
-
255
- post do
256
- @authorized = true
257
- 'nothing'
258
- end
259
- end
260
- end
261
-
262
- class LoadObjectAPITest < ApiTestCase
263
- tests LoadMockObjects
264
-
265
- def test_filter_access_with_object_load
266
- reader = Authorization::Reader::DSLReader.new
267
- reader.parse %{
268
- authorization do
269
- role :test_role do
270
- has_permission_on :load_mock_objects, :to => [
271
- 'GET /load_mock_objects/:id',
272
- 'GET /load_mock_objects/:id/edit'
273
- ] do
274
- if_attribute :id => 1
275
- if_attribute :id => "1"
276
- end
277
- end
278
- end
279
- }
280
-
281
- request!(MockUser.new(:test_role), "/load_mock_objects/2", reader)
282
- assert !last_endpoint.authorized?
283
-
284
- request!(MockUser.new(:test_role), "/load_mock_objects/1", reader,
285
- :clear => [:@load_mock_object])
286
- assert last_endpoint.authorized?
287
-
288
- request!(MockUser.new(:test_role), "/load_mock_objects/1/edit", reader,
289
- :clear => [:@load_mock_object])
290
- assert last_endpoint.authorized?
291
- assert last_endpoint.instance_variable_defined?(:@load_mock_object)
292
- end
293
-
294
- def test_filter_access_with_object_load_custom
295
- reader = Authorization::Reader::DSLReader.new
296
- reader.parse %{
297
- authorization do
298
- role :test_role do
299
- has_permission_on :load_mock_objects, :to => 'GET /load_mock_objects/view' do
300
- if_attribute :test => is {2}
301
- end
302
- has_permission_on :load_mock_objects, :to => 'PUT /load_mock_objects/:id' do
303
- if_attribute :test => is {1}
304
- end
305
- has_permission_on :load_mock_objects, :to => 'DELETE /load_mock_objects/:id' do
306
- if_attribute :test => is {2}
307
- end
308
- end
309
- end
310
- }
311
-
312
- request!(MockUser.new(:test_role), "/load_mock_objects/1", reader, :method => :delete)
313
- assert !last_endpoint.authorized?
314
-
315
- request!(MockUser.new(:test_role), "/load_mock_objects/view", reader)
316
- assert last_endpoint.authorized?
317
- assert_equal 1, last_endpoint.load_method_call_count
318
-
319
- request!(MockUser.new(:test_role_2), "/load_mock_objects/view", reader)
320
- assert !last_endpoint.authorized?
321
- assert_equal 1, last_endpoint.load_method_call_count
322
-
323
- # Test the custom load_object method on the `PUT /load_mock_objects/:id` action
324
- request!(MockUser.new(:test_role), "/load_mock_objects/123", reader, :method => :put)
325
- assert last_endpoint.authorized?
326
- end
327
-
328
- def test_filter_access_custom
329
- reader = Authorization::Reader::DSLReader.new
330
- reader.parse %{
331
- authorization do
332
- role :test_role do
333
- has_permission_on :load_mock_objects, :to => 'GET /load_mock_objects/:id/edit'
334
- end
335
- role :test_role_2 do
336
- has_permission_on :load_mock_objects, :to => 'POST /load_mock_objects'
337
- end
338
- end
339
- }
340
-
341
- request!(MockUser.new(:test_role), "/load_mock_objects", reader, :method => :post)
342
- assert last_endpoint.authorized?
343
-
344
- request!(MockUser.new(:test_role_2), "/load_mock_objects", reader, :method => :post)
345
- assert !last_endpoint.authorized?
346
- end
347
- end
348
-
349
- ##################
350
- class AccessOverwrites < MocksAPI
351
- filter_access_to 'GET /access_overwrites/test_action', 'GET /access_overwrites/test_action_2',
352
- :require => :test, :context => :permissions_2
353
- filter_access_to 'GET /access_overwrites/test_action', :require => :test, :context => :permissions
354
- define_action_methods :test_action, :test_action_2
355
- end
356
-
357
- class AccessOverwritesAPITest < ApiTestCase
358
- tests AccessOverwrites
359
-
360
- def test_filter_access_overwrite
361
- reader = Authorization::Reader::DSLReader.new
362
- reader.parse %{
363
- authorization do
364
- role :test_role do
365
- has_permission_on :permissions, :to => :test
366
- end
367
- end
368
- }
369
- request!(MockUser.new(:test_role), "/access_overwrites/test_action_2", reader)
370
- assert !last_endpoint.authorized?
371
-
372
- request!(MockUser.new(:test_role), "/access_overwrites/test_action", reader)
373
- assert last_endpoint.authorized?
374
- end
375
- end
376
-
377
- ##################
378
- class People < MocksAPI
379
- filter_access_to :all
380
- define_action_methods :show
381
- end
382
-
383
- class PeopleAPITest < ApiTestCase
384
- tests People
385
-
386
- def test_filter_access_people_controller
387
- reader = Authorization::Reader::DSLReader.new
388
- reader.parse %{
389
- authorization do
390
- role :test_role do
391
- has_permission_on :people, :to => 'GET /people/show'
392
- end
393
- end
394
- }
395
- request!(MockUser.new(:test_role), "/people/show", reader)
396
- assert last_endpoint.authorized?
397
- end
398
- end
399
-
400
- ##################
401
- class CommonAPI < MocksAPI
402
- filter_access_to :delete, :context => :common
403
- filter_access_to :all
404
- end
405
- class CommonChild1API < CommonAPI
406
- filter_access_to :all, :context => :context_1
407
- end
408
- class CommonChild2 < CommonAPI
409
- filter_access_to :delete
410
- define_action_methods :show, :delete
411
- end
412
-
413
- class HierachicalAPITest < ApiTestCase
414
- tests CommonChild2
415
-
416
- def test_controller_hierarchy
417
- reader = Authorization::Reader::DSLReader.new
418
- reader.parse %{
419
- authorization do
420
- role :test_role do
421
- has_permission_on :mocks, :to => ["GET /common_child_2/delete", "GET /common_child_2/show"]
422
- end
423
- end
424
- }
425
-
426
- request!(MockUser.new(:test_role), "/common_child2/show", reader)
427
- assert !last_endpoint.authorized?
428
-
429
- request!(MockUser.new(:test_role), "/common_child2/delete", reader)
430
- assert !last_endpoint.authorized?
431
- end
432
- end
433
-
434
- ##################
435
- module Name
436
- class SpacedThings < MocksAPI
437
- filter_access_to 'GET /name/spaced_things/show'
438
- filter_access_to 'GET /name/spaced_things/update', :context => :spaced_things
439
- define_action_methods :show, :update
440
- end
441
- end
442
-
443
- class NameSpacedAPITest < ApiTestCase
444
- tests Name::SpacedThings
445
-
446
- def test_context
447
- reader = Authorization::Reader::DSLReader.new
448
- reader.parse %{
449
- authorization do
450
- role :permitted_role do
451
- has_permission_on :name_spaced_things, :to => "GET /name/spaced_things/show"
452
- has_permission_on :spaced_things, :to => "GET /name/spaced_things/update"
453
- end
454
- role :prohibited_role do
455
- has_permission_on :name_spaced_things, :to => "GET /name/spaced_things/update"
456
- has_permission_on :spaced_things, :to => "GET /name/spaced_things/show"
457
- end
458
- end
459
- }
460
- request!(MockUser.new(:permitted_role), "/name/spaced_things/show", reader)
461
- assert last_endpoint.authorized?
462
- request!(MockUser.new(:prohibited_role), "/name/spaced_things/show", reader)
463
- assert !last_endpoint.authorized?
464
- request!(MockUser.new(:permitted_role), "/name/spaced_things/update", reader)
465
- assert last_endpoint.authorized?
466
- request!(MockUser.new(:prohibited_role), "/name/spaced_things/update", reader)
467
- assert !last_endpoint.authorized?
468
- end
469
- end
470
-
471
- module Deep
472
- module NameSpaced
473
- class Things < MocksAPI
474
- filter_access_to 'GET /deep/name_spaced/things/show'
475
- filter_access_to 'GET /deep/name_spaced/things/update', :context => :things
476
- define_action_methods :show, :update
477
- end
478
- end
479
- end
480
-
481
- class DeepNameSpacedAPITest < ApiTestCase
482
- tests Deep::NameSpaced::Things
483
-
484
- def test_context
485
- reader = Authorization::Reader::DSLReader.new
486
- reader.parse %{
487
- authorization do
488
- role :permitted_role do
489
- has_permission_on :deep_name_spaced_things, :to => 'GET /deep/name_spaced/things/show'
490
- has_permission_on :things, :to => 'GET /deep/name_spaced/things/update'
491
- end
492
- role :prohibited_role do
493
- has_permission_on :deep_name_spaced_things, :to => 'GET /deep/name_spaced/things/update'
494
- has_permission_on :things, :to => 'GET /deep/name_spaced/things/show'
495
- end
496
- end
497
- }
498
- request!(MockUser.new(:permitted_role), "/deep/name_spaced/things/show", reader)
499
- assert last_endpoint.authorized?
500
- request!(MockUser.new(:prohibited_role), "/deep/name_spaced/things/show", reader)
501
- assert !last_endpoint.authorized?
502
- request!(MockUser.new(:permitted_role), "/deep/name_spaced/things/update", reader)
503
- assert last_endpoint.authorized?
504
- request!(MockUser.new(:prohibited_role), "/deep/name_spaced/things/update", reader)
505
- assert !last_endpoint.authorized?
506
- end
507
- end
508
- end