ae_declarative_authorization 0.7.0 → 0.7.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/Appraisals +21 -21
  3. data/CHANGELOG +189 -189
  4. data/Gemfile +7 -7
  5. data/Gemfile.lock +45 -45
  6. data/LICENSE.txt +20 -20
  7. data/README.md +620 -620
  8. data/README.rdoc +597 -597
  9. data/Rakefile +33 -33
  10. data/authorization_rules.dist.rb +20 -20
  11. data/declarative_authorization.gemspec +24 -24
  12. data/gemfiles/rails4252.gemfile +10 -10
  13. data/gemfiles/rails4271.gemfile +10 -10
  14. data/gemfiles/rails507.gemfile +11 -11
  15. data/init.rb +5 -5
  16. data/lib/declarative_authorization.rb +18 -18
  17. data/lib/declarative_authorization/authorization.rb +821 -821
  18. data/lib/declarative_authorization/helper.rb +78 -78
  19. data/lib/declarative_authorization/in_controller.rb +713 -713
  20. data/lib/declarative_authorization/in_model.rb +156 -156
  21. data/lib/declarative_authorization/maintenance.rb +215 -215
  22. data/lib/declarative_authorization/obligation_scope.rb +345 -345
  23. data/lib/declarative_authorization/railsengine.rb +5 -5
  24. data/lib/declarative_authorization/reader.rb +549 -549
  25. data/lib/declarative_authorization/test/helpers.rb +261 -261
  26. data/lib/declarative_authorization/version.rb +3 -3
  27. data/lib/generators/authorization/install/install_generator.rb +77 -77
  28. data/lib/generators/authorization/rules/rules_generator.rb +13 -13
  29. data/lib/generators/authorization/rules/templates/authorization_rules.rb +27 -27
  30. data/lib/tasks/authorization_tasks.rake +89 -89
  31. data/test/authorization_test.rb +1121 -1121
  32. data/test/controller_filter_resource_access_test.rb +573 -573
  33. data/test/controller_test.rb +478 -478
  34. data/test/database.yml +3 -3
  35. data/test/dsl_reader_test.rb +178 -178
  36. data/test/functional/filter_access_to_with_id_in_scope_test.rb +88 -88
  37. data/test/functional/no_filter_access_to_test.rb +79 -79
  38. data/test/functional/params_block_arity_test.rb +39 -39
  39. data/test/helper_test.rb +248 -248
  40. data/test/maintenance_test.rb +46 -46
  41. data/test/model_test.rb +1840 -1840
  42. data/test/schema.sql +60 -60
  43. data/test/test_helper.rb +174 -174
  44. data/test/test_support/minitest_compatibility.rb +26 -26
  45. metadata +3 -9
  46. data/gemfiles/rails4252.gemfile.lock +0 -126
  47. data/gemfiles/rails4271.gemfile.lock +0 -126
  48. data/gemfiles/rails507.gemfile.lock +0 -136
  49. data/log/test.log +0 -34715
  50. data/test/profiles/access_checking +0 -46
data/test/database.yml CHANGED
@@ -1,3 +1,3 @@
1
- test:
2
- adapter: sqlite3
3
- database: ":memory:"
1
+ test:
2
+ adapter: sqlite3
3
+ database: ":memory:"
@@ -1,178 +1,178 @@
1
- require 'test_helper'
2
-
3
- class DSLReaderTest < Test::Unit::TestCase
4
- def test_privileges
5
- reader = Authorization::Reader::DSLReader.new
6
- reader.parse %{
7
- privileges do
8
- privilege :test_priv do
9
- includes :lower_priv
10
- end
11
- end
12
- }
13
- assert_equal 2, reader.privileges_reader.privileges.length
14
- assert_equal [[:lower_priv, nil]],
15
- reader.privileges_reader.privilege_hierarchy[:test_priv]
16
- end
17
-
18
- def test_privileges_with_context
19
- reader = Authorization::Reader::DSLReader.new
20
- reader.parse %{
21
- privileges do
22
- privilege :test_priv, :test_context do
23
- includes :lower_priv
24
- end
25
- end
26
- }
27
- assert_equal [[:lower_priv, :test_context]],
28
- reader.privileges_reader.privilege_hierarchy[:test_priv]
29
- end
30
-
31
- def test_privileges_one_line
32
- reader = Authorization::Reader::DSLReader.new
33
- reader.parse %{
34
- privileges do
35
- privilege :test_priv, :test_context, :includes => :lower_priv
36
- privilege :test_priv_2, :test_context, :includes => [:lower_priv]
37
- privilege :test_priv_3, :includes => [:lower_priv]
38
- end
39
- }
40
- assert_equal [[:lower_priv, :test_context]],
41
- reader.privileges_reader.privilege_hierarchy[:test_priv]
42
- assert_equal [[:lower_priv, :test_context]],
43
- reader.privileges_reader.privilege_hierarchy[:test_priv_2]
44
- assert_equal [[:lower_priv, nil]],
45
- reader.privileges_reader.privilege_hierarchy[:test_priv_3]
46
- end
47
-
48
- def test_auth_role
49
- reader = Authorization::Reader::DSLReader.new
50
- reader.parse %{
51
- authorization do
52
- role :test_role do
53
- includes :lesser_role
54
- has_permission_on :items, :to => :read
55
- end
56
- end
57
- }
58
- assert_equal 1, reader.auth_rules_reader.roles.length
59
- assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role]
60
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
61
- end
62
-
63
- def test_auth_role_permit_on
64
- reader = Authorization::Reader::DSLReader.new
65
- reader.parse %|
66
- authorization do
67
- role :test_role do
68
- has_permission_on :test_context do
69
- to :test_perm, :manage
70
- if_attribute :test_attr => is { user.test_attr }
71
- end
72
- end
73
- end
74
- |
75
- assert_equal 1, reader.auth_rules_reader.roles.length
76
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
77
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
78
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
79
- end
80
-
81
- def test_permit_block
82
- reader = Authorization::Reader::DSLReader.new
83
- reader.parse %|
84
- authorization do
85
- role :test_role do
86
- has_permission_on :perms, :to => :test do
87
- if_attribute :test_attr => is { user.test_attr }
88
- if_attribute :test_attr_2 => is_not { user.test_attr }
89
- if_attribute :test_attr_3 => contains { user.test_attr }
90
- if_attribute :test_attr_4 => does_not_contain { user.test_attr }
91
- if_attribute :test_attr_5 => is_in { user.test_attr }
92
- if_attribute :test_attr_5 => is_not_in { user.test_attr }
93
- if_attribute :test_attr_6 => lt { user.test_attr }
94
- if_attribute :test_attr_6 => lte { user.test_attr }
95
- if_attribute :test_attr_6 => gt { user.test_attr }
96
- if_attribute :test_attr_6 => gte { user.test_attr }
97
- end
98
- end
99
- end
100
- |
101
- assert_equal 1, reader.auth_rules_reader.roles.length
102
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
103
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
104
- end
105
-
106
- def test_has_permission_to_with_context
107
- reader = Authorization::Reader::DSLReader.new
108
- reader.parse %|
109
- authorization do
110
- role :test_role do
111
- has_permission_on :perms, :to => :test
112
- end
113
- end
114
- |
115
- assert_equal 1, reader.auth_rules_reader.roles.length
116
- assert_equal 1, reader.auth_rules_reader.auth_rules.length
117
- assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
118
- end
119
-
120
- def test_context
121
- reader = Authorization::Reader::DSLReader.new
122
- reader.parse %{
123
- contexts do
124
- context :high_level_context do
125
- includes :low_level_context_1, :low_level_context_2
126
- end
127
- end
128
- }
129
- end
130
-
131
- def test_dsl_error
132
- reader = Authorization::Reader::DSLReader.new
133
- assert_raise(Authorization::Reader::DSLError) do
134
- reader.parse %{
135
- authorization do
136
- includes :lesser_role
137
- end
138
- }
139
- end
140
- end
141
-
142
- def test_syntax_error
143
- reader = Authorization::Reader::DSLReader.new
144
- assert_raise(Authorization::Reader::DSLSyntaxError) do
145
- reader.parse %{
146
- authorizations do
147
- end
148
- }
149
- end
150
- end
151
-
152
- def test_syntax_error_2
153
- reader = Authorization::Reader::DSLReader.new
154
- assert_raise(Authorization::Reader::DSLSyntaxError) do
155
- reader.parse %{
156
- authorizations
157
- end
158
- }
159
- end
160
- end
161
-
162
- def test_factory_returns_self
163
- reader = Authorization::Reader::DSLReader.new
164
- assert_equal(Authorization::Reader::DSLReader.factory(reader).object_id, reader.object_id)
165
- end
166
-
167
- def test_factory_loads_file
168
- reader = Authorization::Reader::DSLReader.factory((DA_ROOT + "authorization_rules.dist.rb").to_s)
169
- assert_equal(Authorization::Reader::DSLReader, reader.class)
170
- end
171
-
172
- def test_load_file_not_found
173
- assert_raise(Authorization::Reader::DSLFileNotFoundError) do
174
- Authorization::Reader::DSLReader.new.load!("nonexistent_file.rb")
175
- end
176
- end
177
- end
178
-
1
+ require 'test_helper'
2
+
3
+ class DSLReaderTest < Test::Unit::TestCase
4
+ def test_privileges
5
+ reader = Authorization::Reader::DSLReader.new
6
+ reader.parse %{
7
+ privileges do
8
+ privilege :test_priv do
9
+ includes :lower_priv
10
+ end
11
+ end
12
+ }
13
+ assert_equal 2, reader.privileges_reader.privileges.length
14
+ assert_equal [[:lower_priv, nil]],
15
+ reader.privileges_reader.privilege_hierarchy[:test_priv]
16
+ end
17
+
18
+ def test_privileges_with_context
19
+ reader = Authorization::Reader::DSLReader.new
20
+ reader.parse %{
21
+ privileges do
22
+ privilege :test_priv, :test_context do
23
+ includes :lower_priv
24
+ end
25
+ end
26
+ }
27
+ assert_equal [[:lower_priv, :test_context]],
28
+ reader.privileges_reader.privilege_hierarchy[:test_priv]
29
+ end
30
+
31
+ def test_privileges_one_line
32
+ reader = Authorization::Reader::DSLReader.new
33
+ reader.parse %{
34
+ privileges do
35
+ privilege :test_priv, :test_context, :includes => :lower_priv
36
+ privilege :test_priv_2, :test_context, :includes => [:lower_priv]
37
+ privilege :test_priv_3, :includes => [:lower_priv]
38
+ end
39
+ }
40
+ assert_equal [[:lower_priv, :test_context]],
41
+ reader.privileges_reader.privilege_hierarchy[:test_priv]
42
+ assert_equal [[:lower_priv, :test_context]],
43
+ reader.privileges_reader.privilege_hierarchy[:test_priv_2]
44
+ assert_equal [[:lower_priv, nil]],
45
+ reader.privileges_reader.privilege_hierarchy[:test_priv_3]
46
+ end
47
+
48
+ def test_auth_role
49
+ reader = Authorization::Reader::DSLReader.new
50
+ reader.parse %{
51
+ authorization do
52
+ role :test_role do
53
+ includes :lesser_role
54
+ has_permission_on :items, :to => :read
55
+ end
56
+ end
57
+ }
58
+ assert_equal 1, reader.auth_rules_reader.roles.length
59
+ assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role]
60
+ assert_equal 1, reader.auth_rules_reader.auth_rules.length
61
+ end
62
+
63
+ def test_auth_role_permit_on
64
+ reader = Authorization::Reader::DSLReader.new
65
+ reader.parse %|
66
+ authorization do
67
+ role :test_role do
68
+ has_permission_on :test_context do
69
+ to :test_perm, :manage
70
+ if_attribute :test_attr => is { user.test_attr }
71
+ end
72
+ end
73
+ end
74
+ |
75
+ assert_equal 1, reader.auth_rules_reader.roles.length
76
+ assert_equal 1, reader.auth_rules_reader.auth_rules.length
77
+ assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
78
+ assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
79
+ end
80
+
81
+ def test_permit_block
82
+ reader = Authorization::Reader::DSLReader.new
83
+ reader.parse %|
84
+ authorization do
85
+ role :test_role do
86
+ has_permission_on :perms, :to => :test do
87
+ if_attribute :test_attr => is { user.test_attr }
88
+ if_attribute :test_attr_2 => is_not { user.test_attr }
89
+ if_attribute :test_attr_3 => contains { user.test_attr }
90
+ if_attribute :test_attr_4 => does_not_contain { user.test_attr }
91
+ if_attribute :test_attr_5 => is_in { user.test_attr }
92
+ if_attribute :test_attr_5 => is_not_in { user.test_attr }
93
+ if_attribute :test_attr_6 => lt { user.test_attr }
94
+ if_attribute :test_attr_6 => lte { user.test_attr }
95
+ if_attribute :test_attr_6 => gt { user.test_attr }
96
+ if_attribute :test_attr_6 => gte { user.test_attr }
97
+ end
98
+ end
99
+ end
100
+ |
101
+ assert_equal 1, reader.auth_rules_reader.roles.length
102
+ assert_equal 1, reader.auth_rules_reader.auth_rules.length
103
+ assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
104
+ end
105
+
106
+ def test_has_permission_to_with_context
107
+ reader = Authorization::Reader::DSLReader.new
108
+ reader.parse %|
109
+ authorization do
110
+ role :test_role do
111
+ has_permission_on :perms, :to => :test
112
+ end
113
+ end
114
+ |
115
+ assert_equal 1, reader.auth_rules_reader.roles.length
116
+ assert_equal 1, reader.auth_rules_reader.auth_rules.length
117
+ assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
118
+ end
119
+
120
+ def test_context
121
+ reader = Authorization::Reader::DSLReader.new
122
+ reader.parse %{
123
+ contexts do
124
+ context :high_level_context do
125
+ includes :low_level_context_1, :low_level_context_2
126
+ end
127
+ end
128
+ }
129
+ end
130
+
131
+ def test_dsl_error
132
+ reader = Authorization::Reader::DSLReader.new
133
+ assert_raise(Authorization::Reader::DSLError) do
134
+ reader.parse %{
135
+ authorization do
136
+ includes :lesser_role
137
+ end
138
+ }
139
+ end
140
+ end
141
+
142
+ def test_syntax_error
143
+ reader = Authorization::Reader::DSLReader.new
144
+ assert_raise(Authorization::Reader::DSLSyntaxError) do
145
+ reader.parse %{
146
+ authorizations do
147
+ end
148
+ }
149
+ end
150
+ end
151
+
152
+ def test_syntax_error_2
153
+ reader = Authorization::Reader::DSLReader.new
154
+ assert_raise(Authorization::Reader::DSLSyntaxError) do
155
+ reader.parse %{
156
+ authorizations
157
+ end
158
+ }
159
+ end
160
+ end
161
+
162
+ def test_factory_returns_self
163
+ reader = Authorization::Reader::DSLReader.new
164
+ assert_equal(Authorization::Reader::DSLReader.factory(reader).object_id, reader.object_id)
165
+ end
166
+
167
+ def test_factory_loads_file
168
+ reader = Authorization::Reader::DSLReader.factory((DA_ROOT + "authorization_rules.dist.rb").to_s)
169
+ assert_equal(Authorization::Reader::DSLReader, reader.class)
170
+ end
171
+
172
+ def test_load_file_not_found
173
+ assert_raise(Authorization::Reader::DSLFileNotFoundError) do
174
+ Authorization::Reader::DSLReader.new.load!("nonexistent_file.rb")
175
+ end
176
+ end
177
+ end
178
+
@@ -1,88 +1,88 @@
1
- require 'test_helper'
2
-
3
- class UsersController < MocksController
4
- before_action :initialize_user
5
- filter_access_to :all, attribute_check: true
6
- define_action_methods :show
7
-
8
- def initialize_user
9
- @user = User.find(params[:id])
10
- end
11
- end
12
-
13
- class FilterAccessToWithIdInScopeTest < ActionController::TestCase
14
- include DeclarativeAuthorization::Test::Helpers
15
-
16
- tests UsersController
17
-
18
- access_tests do
19
- params :user do |old_user, new_user|
20
- assert_equal :old_user, old_user
21
- assert_equal :new_user, new_user
22
- { id: User.create! }
23
- end
24
-
25
- role :users do
26
- privilege :read do
27
- allowed to: :show, with: :user
28
- end
29
- end
30
- end
31
-
32
- AUTHORIZATION_RULES = <<-RULES.freeze
33
- authorization do
34
- role :users__read do
35
- has_permission_on :users, :to => [:show] do
36
- if_attribute :id => id_in_scope { User.visible_by(user) }
37
- end
38
- end
39
- end
40
- RULES
41
-
42
- setup do
43
- @reader = Authorization::Reader::DSLReader.new
44
- @reader.parse(AUTHORIZATION_RULES)
45
- Authorization::Engine.instance(@reader)
46
- end
47
-
48
- def test_id_in_scope__filter_access_to__has_access
49
- with_routing do |map|
50
- setup_routes(map)
51
-
52
- current_user = User.create!(role_symbols: [:users__read])
53
- different_user = User.create!
54
-
55
- request!(current_user, :show, @reader, id: current_user.id)
56
- assert @controller.authorized?
57
- end
58
- end
59
-
60
- def test_id_in_scope__filter_access_to__does_not_have_access
61
- with_routing do |map|
62
- setup_routes(map)
63
-
64
- current_user = User.create!(role_symbols: [:users__read])
65
- different_user = User.create!
66
-
67
- request!(current_user, :show, @reader, id: different_user.id)
68
- assert !@controller.authorized?
69
- end
70
- end
71
-
72
- private
73
-
74
- def setup_routes(map)
75
- map.draw do
76
- get '/users', controller: 'users', action: :show
77
- end
78
- end
79
-
80
- def access_test_user(role, privilege)
81
- User.new(role_symbols: [ :"#{role}__#{privilege}" ])
82
- end
83
-
84
- def access_test_params_for_param_methods
85
- [:old_user, :new_user]
86
- end
87
- end
88
-
1
+ require 'test_helper'
2
+
3
+ class UsersController < MocksController
4
+ before_action :initialize_user
5
+ filter_access_to :all, attribute_check: true
6
+ define_action_methods :show
7
+
8
+ def initialize_user
9
+ @user = User.find(params[:id])
10
+ end
11
+ end
12
+
13
+ class FilterAccessToWithIdInScopeTest < ActionController::TestCase
14
+ include DeclarativeAuthorization::Test::Helpers
15
+
16
+ tests UsersController
17
+
18
+ access_tests do
19
+ params :user do |old_user, new_user|
20
+ assert_equal :old_user, old_user
21
+ assert_equal :new_user, new_user
22
+ { id: User.create! }
23
+ end
24
+
25
+ role :users do
26
+ privilege :read do
27
+ allowed to: :show, with: :user
28
+ end
29
+ end
30
+ end
31
+
32
+ AUTHORIZATION_RULES = <<-RULES.freeze
33
+ authorization do
34
+ role :users__read do
35
+ has_permission_on :users, :to => [:show] do
36
+ if_attribute :id => id_in_scope { User.visible_by(user) }
37
+ end
38
+ end
39
+ end
40
+ RULES
41
+
42
+ setup do
43
+ @reader = Authorization::Reader::DSLReader.new
44
+ @reader.parse(AUTHORIZATION_RULES)
45
+ Authorization::Engine.instance(@reader)
46
+ end
47
+
48
+ def test_id_in_scope__filter_access_to__has_access
49
+ with_routing do |map|
50
+ setup_routes(map)
51
+
52
+ current_user = User.create!(role_symbols: [:users__read])
53
+ different_user = User.create!
54
+
55
+ request!(current_user, :show, @reader, id: current_user.id)
56
+ assert @controller.authorized?
57
+ end
58
+ end
59
+
60
+ def test_id_in_scope__filter_access_to__does_not_have_access
61
+ with_routing do |map|
62
+ setup_routes(map)
63
+
64
+ current_user = User.create!(role_symbols: [:users__read])
65
+ different_user = User.create!
66
+
67
+ request!(current_user, :show, @reader, id: different_user.id)
68
+ assert !@controller.authorized?
69
+ end
70
+ end
71
+
72
+ private
73
+
74
+ def setup_routes(map)
75
+ map.draw do
76
+ get '/users', controller: 'users', action: :show
77
+ end
78
+ end
79
+
80
+ def access_test_user(role, privilege)
81
+ User.new(role_symbols: [ :"#{role}__#{privilege}" ])
82
+ end
83
+
84
+ def access_test_params_for_param_methods
85
+ [:old_user, :new_user]
86
+ end
87
+ end
88
+