RubyGems - ae_declarative_authorization - Versions diffs - 0.7.0 → 0.7.1 - Mend

ae_declarative_authorization 0.7.0 → 0.7.1

Files changed (50) hide show

checksums.yaml +4 -4
data/Appraisals +21 -21
data/CHANGELOG +189 -189
data/Gemfile +7 -7
data/Gemfile.lock +45 -45
data/LICENSE.txt +20 -20
data/README.md +620 -620
data/README.rdoc +597 -597
data/Rakefile +33 -33
data/authorization_rules.dist.rb +20 -20
data/declarative_authorization.gemspec +24 -24
data/gemfiles/rails4252.gemfile +10 -10
data/gemfiles/rails4271.gemfile +10 -10
data/gemfiles/rails507.gemfile +11 -11
data/init.rb +5 -5
data/lib/declarative_authorization.rb +18 -18
data/lib/declarative_authorization/authorization.rb +821 -821
data/lib/declarative_authorization/helper.rb +78 -78
data/lib/declarative_authorization/in_controller.rb +713 -713
data/lib/declarative_authorization/in_model.rb +156 -156
data/lib/declarative_authorization/maintenance.rb +215 -215
data/lib/declarative_authorization/obligation_scope.rb +345 -345
data/lib/declarative_authorization/railsengine.rb +5 -5
data/lib/declarative_authorization/reader.rb +549 -549
data/lib/declarative_authorization/test/helpers.rb +261 -261
data/lib/declarative_authorization/version.rb +3 -3
data/lib/generators/authorization/install/install_generator.rb +77 -77
data/lib/generators/authorization/rules/rules_generator.rb +13 -13
data/lib/generators/authorization/rules/templates/authorization_rules.rb +27 -27
data/lib/tasks/authorization_tasks.rake +89 -89
data/test/authorization_test.rb +1121 -1121
data/test/controller_filter_resource_access_test.rb +573 -573
data/test/controller_test.rb +478 -478
data/test/database.yml +3 -3
data/test/dsl_reader_test.rb +178 -178
data/test/functional/filter_access_to_with_id_in_scope_test.rb +88 -88
data/test/functional/no_filter_access_to_test.rb +79 -79
data/test/functional/params_block_arity_test.rb +39 -39
data/test/helper_test.rb +248 -248
data/test/maintenance_test.rb +46 -46
data/test/model_test.rb +1840 -1840
data/test/schema.sql +60 -60
data/test/test_helper.rb +174 -174
data/test/test_support/minitest_compatibility.rb +26 -26
metadata +3 -9
data/gemfiles/rails4252.gemfile.lock +0 -126
data/gemfiles/rails4271.gemfile.lock +0 -126
data/gemfiles/rails507.gemfile.lock +0 -136
data/log/test.log +0 -34715
data/test/profiles/access_checking +0 -46

data/test/functional/no_filter_access_to_test.rb CHANGED Viewed

@@ -1,79 +1,79 @@
-require 'test_helper'
-class NoFilterAccessObject < MockDataObject
-  def self.name
-    "NoFilterAccessObject"
-  end
-end
-class NoFilterAccessObjectsController < MocksController
-  filter_access_to :all, attribute_check: true, load_method: :find_no_filter_access_object
-  no_filter_access_to :index
-  define_action_methods :index, :show
-  private
-  def find_no_filter_access_object
-    NoFilterAccessObject.find_or_initialize_by(params.permit(:id, :special_attribute).to_hash)
-  end
-end
-class NoFilterAccessToTest < ActionController::TestCase
-  include DeclarativeAuthorization::Test::Helpers
-  tests NoFilterAccessObjectsController
-  access_tests_not_required
-  AUTHORIZATION_RULES = <<-RULES.freeze
-    authorization do
-      role :allowed_role do
-        has_permission_on :no_filter_access_objects, to: :index do
-          if_attribute special_attribute: is { 'secret' }
-        end
-        has_permission_on :no_filter_access_objects, to: :show do
-          if_attribute id: is { '1' }
-        end
-      end
-    end
-  RULES
-  setup do
-    @reader = Authorization::Reader::DSLReader.new
-    @reader.parse(AUTHORIZATION_RULES)
-    Authorization::Engine.instance(@reader)
-  end
-  def test_filter_access_to
-    with_routing do |map|
-      map.draw do
-        resources :no_filter_access_objects, only: [:index, :show]
-      end
-      disallowed_user = MockUser.new
-      allowed_user = MockUser.new(:allowed_role)
-      request!(disallowed_user, :show, @reader, id: '1')
-      assert !@controller.authorized?
-      request!(allowed_user, :show, @reader, id: '100', clear: [:@no_filter_access_object])
-      assert !@controller.authorized?
-      request!(allowed_user, :show, @reader, id: '1', clear: [:@no_filter_access_object])
-      assert @controller.authorized?
-    end
-  end
-  def test_no_filter_access_to
-    with_routing do |map|
-      map.draw do
-        resources :no_filter_access_objects, only: [:index, :show]
-      end
-      non_special_user = MockUser.new
-      request!(non_special_user, :index, @reader, id: '1', special_attribute: 'wrong')
-      assert @controller.authorized?
-    end
-  end
-end
+require 'test_helper'
+class NoFilterAccessObject < MockDataObject
+  def self.name
+    "NoFilterAccessObject"
+  end
+end
+class NoFilterAccessObjectsController < MocksController
+  filter_access_to :all, attribute_check: true, load_method: :find_no_filter_access_object
+  no_filter_access_to :index
+  define_action_methods :index, :show
+  private
+  def find_no_filter_access_object
+    NoFilterAccessObject.find_or_initialize_by(params.permit(:id, :special_attribute).to_hash)
+  end
+end
+class NoFilterAccessToTest < ActionController::TestCase
+  include DeclarativeAuthorization::Test::Helpers
+  tests NoFilterAccessObjectsController
+  access_tests_not_required
+  AUTHORIZATION_RULES = <<-RULES.freeze
+    authorization do
+      role :allowed_role do
+        has_permission_on :no_filter_access_objects, to: :index do
+          if_attribute special_attribute: is { 'secret' }
+        end
+        has_permission_on :no_filter_access_objects, to: :show do
+          if_attribute id: is { '1' }
+        end
+      end
+    end
+  RULES
+  setup do
+    @reader = Authorization::Reader::DSLReader.new
+    @reader.parse(AUTHORIZATION_RULES)
+    Authorization::Engine.instance(@reader)
+  end
+  def test_filter_access_to
+    with_routing do |map|
+      map.draw do
+        resources :no_filter_access_objects, only: [:index, :show]
+      end
+      disallowed_user = MockUser.new
+      allowed_user = MockUser.new(:allowed_role)
+      request!(disallowed_user, :show, @reader, id: '1')
+      assert !@controller.authorized?
+      request!(allowed_user, :show, @reader, id: '100', clear: [:@no_filter_access_object])
+      assert !@controller.authorized?
+      request!(allowed_user, :show, @reader, id: '1', clear: [:@no_filter_access_object])
+      assert @controller.authorized?
+    end
+  end
+  def test_no_filter_access_to
+    with_routing do |map|
+      map.draw do
+        resources :no_filter_access_objects, only: [:index, :show]
+      end
+      non_special_user = MockUser.new
+      request!(non_special_user, :index, @reader, id: '1', special_attribute: 'wrong')
+      assert @controller.authorized?
+    end
+  end
+end

data/test/functional/params_block_arity_test.rb CHANGED Viewed

@@ -1,39 +1,39 @@
-require 'test_helper'
-class ParamsBlockArityTest < ActionController::TestCase
-  include DeclarativeAuthorization::Test::Helpers
-  class ParamsBlockArityTestController < ApplicationController
-  end
-  tests ParamsBlockArityTestController
-  access_tests do
-    params :less_than_max_arguments do | one |
-      { this: :works }
-    end
-    params :too_many_arguments do | one, two, three |
-      { what: :ever }
-    end
-  end
-  def test_params_arity
-    assert_raises(InvalidParamsBlockArity) do
-      access_test_params(:too_many_arguments)
-    end
-    assert_equal({ this: :works }, access_test_params(:less_than_max_arguments))
-  end
-  private
-  def access_test_params_for_param_methods
-    [:old_user, :new_user]
-  end
-end
+require 'test_helper'
+class ParamsBlockArityTest < ActionController::TestCase
+  include DeclarativeAuthorization::Test::Helpers
+  class ParamsBlockArityTestController < ApplicationController
+  end
+  tests ParamsBlockArityTestController
+  access_tests do
+    params :less_than_max_arguments do | one |
+      { this: :works }
+    end
+    params :too_many_arguments do | one, two, three |
+      { what: :ever }
+    end
+  end
+  def test_params_arity
+    assert_raises(InvalidParamsBlockArity) do
+      access_test_params(:too_many_arguments)
+    end
+    assert_equal({ this: :works }, access_test_params(:less_than_max_arguments))
+  end
+  private
+  def access_test_params_for_param_methods
+    [:old_user, :new_user]
+  end
+end

data/test/helper_test.rb CHANGED Viewed

@@ -1,248 +1,248 @@
-require 'test_helper'
-require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization helper})
-class HelperMocksController < MocksController
-  filter_access_to :action, :require => :show, :context => :mocks
-  define_action_methods :action
-end
-class HelperTest < ActionController::TestCase
-  tests HelperMocksController
-  include Authorization::AuthorizationHelper
-  attr_reader :controller
-  def test_permit
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-        role :test_role_2 do
-          has_permission_on :mocks, :to => :update
-        end
-      end
-    }
-    user = MockUser.new(:test_role)
-    request!(user, :action, reader)
-    assert permitted_to?(:show, :mocks)
-    assert !permitted_to?(:update, :mocks)
-    block_evaled = false
-    permitted_to?(:show, :mocks) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    permitted_to?(:update, :mocks) do
-      block_evaled = true
-    end
-    assert !block_evaled
-  end
-  def test_permit_with_object
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks do
-            to :show
-            if_attribute :test_attr => is {user.test_attr}
-          end
-        end
-      end
-    }
-    user = MockUser.new(:test_role, :test_attr => 1)
-    mock = MockDataObject.new(:test_attr => 1)
-    mock_2 = MockDataObject.new(:test_attr => 2)
-    request!(user, :action, reader)
-    assert permitted_to?(:show, mock)
-    assert permitted_to?(:show, :mocks)
-    assert !permitted_to?(:show, mock_2)
-  end
-  def test_permit_with_object_and_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :other_mocks do
-            to :show
-            if_attribute :test_attr => is {user.test_attr}
-          end
-        end
-      end
-    }
-    user = MockUser.new(:test_role, :test_attr => 1)
-    mock = MockDataObject.new(:test_attr => 1)
-    mock_2 = MockDataObject.new(:test_attr => 2)
-    request!(user, :action, reader)
-    assert permitted_to?(:show, mock, :context => :other_mocks)
-    assert !permitted_to?(:show, mock_2, :context => :other_mocks)
-  end
-  def test_has_role
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-      end
-    }
-    user = MockUser.new(:test_role)
-    request!(user, :action, reader)
-    assert has_role?(:test_role)
-    assert !has_role?(:test_role2)
-    assert !has_role?(:test_role, :test_role2)
-    block_evaled = false
-    has_role?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_role?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-  end
-  def test_has_any_role
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-      end
-    }
-    user = MockUser.new(:test_role)
-    request!(user, :action, reader)
-    assert has_any_role?(:test_role)
-    assert !has_any_role?(:test_role2)
-    assert has_any_role?(:test_role, :test_role2)
-    block_evaled = false
-    has_any_role?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_any_role?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-    block_evaled = false
-    has_any_role?(:test_role,:test_role2) do
-      block_evaled = true
-    end
-    assert block_evaled
-  end
-  def test_has_role_with_guest_user
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-      end
-    }
-    request!(nil, :action, reader)
-    Authorization.stub :current_user, MockUser.new do
-      assert !has_role?(:test_role)
-      block_evaled = false
-      has_role?(:test_role) do
-        block_evaled = true
-      end
-      assert !block_evaled
-    end
-  end
-  def test_has_role_with_hierarchy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-        role :other_role do
-          has_permission_on :another_mocks, :to => :show
-        end
-        role :root do
-          includes :test_role
-        end
-      end
-    }
-    user = MockUser.new(:root)
-    request!(user, :action, reader)
-    assert has_role_with_hierarchy?(:test_role)
-    assert !has_role_with_hierarchy?(:other_role)
-    block_evaled = false
-    has_role_with_hierarchy?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_role_with_hierarchy?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-  end
-  def test_has_any_role_with_hierarchy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-        role :other_role do
-          has_permission_on :another_mocks, :to => :show
-        end
-        role :root do
-          includes :test_role
-        end
-      end
-    }
-    user = MockUser.new(:root)
-    request!(user, :action, reader)
-    assert has_any_role_with_hierarchy?(:test_role)
-    assert !has_any_role_with_hierarchy?(:other_role)
-    assert has_any_role_with_hierarchy?(:test_role,:other_role)
-    block_evaled = false
-    has_any_role_with_hierarchy?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_any_role_with_hierarchy?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-    block_evaled = false
-    has_any_role_with_hierarchy?(:test_role,:test_role2) do
-      block_evaled = true
-    end
-    assert block_evaled
-  end
-end
+require 'test_helper'
+require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization helper})
+class HelperMocksController < MocksController
+  filter_access_to :action, :require => :show, :context => :mocks
+  define_action_methods :action
+end
+class HelperTest < ActionController::TestCase
+  tests HelperMocksController
+  include Authorization::AuthorizationHelper
+  attr_reader :controller
+  def test_permit
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+        role :test_role_2 do
+          has_permission_on :mocks, :to => :update
+        end
+      end
+    }
+    user = MockUser.new(:test_role)
+    request!(user, :action, reader)
+    assert permitted_to?(:show, :mocks)
+    assert !permitted_to?(:update, :mocks)
+    block_evaled = false
+    permitted_to?(:show, :mocks) do
+      block_evaled = true
+    end
+    assert block_evaled
+    block_evaled = false
+    permitted_to?(:update, :mocks) do
+      block_evaled = true
+    end
+    assert !block_evaled
+  end
+  def test_permit_with_object
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks do
+            to :show
+            if_attribute :test_attr => is {user.test_attr}
+          end
+        end
+      end
+    }
+    user = MockUser.new(:test_role, :test_attr => 1)
+    mock = MockDataObject.new(:test_attr => 1)
+    mock_2 = MockDataObject.new(:test_attr => 2)
+    request!(user, :action, reader)
+    assert permitted_to?(:show, mock)
+    assert permitted_to?(:show, :mocks)
+    assert !permitted_to?(:show, mock_2)
+  end
+  def test_permit_with_object_and_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :other_mocks do
+            to :show
+            if_attribute :test_attr => is {user.test_attr}
+          end
+        end
+      end
+    }
+    user = MockUser.new(:test_role, :test_attr => 1)
+    mock = MockDataObject.new(:test_attr => 1)
+    mock_2 = MockDataObject.new(:test_attr => 2)
+    request!(user, :action, reader)
+    assert permitted_to?(:show, mock, :context => :other_mocks)
+    assert !permitted_to?(:show, mock_2, :context => :other_mocks)
+  end
+  def test_has_role
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+      end
+    }
+    user = MockUser.new(:test_role)
+    request!(user, :action, reader)
+    assert has_role?(:test_role)
+    assert !has_role?(:test_role2)
+    assert !has_role?(:test_role, :test_role2)
+    block_evaled = false
+    has_role?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    block_evaled = false
+    has_role?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+  end
+  def test_has_any_role
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+      end
+    }
+    user = MockUser.new(:test_role)
+    request!(user, :action, reader)
+    assert has_any_role?(:test_role)
+    assert !has_any_role?(:test_role2)
+    assert has_any_role?(:test_role, :test_role2)
+    block_evaled = false
+    has_any_role?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    block_evaled = false
+    has_any_role?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+    block_evaled = false
+    has_any_role?(:test_role,:test_role2) do
+      block_evaled = true
+    end
+    assert block_evaled
+  end
+  def test_has_role_with_guest_user
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+      end
+    }
+    request!(nil, :action, reader)
+    Authorization.stub :current_user, MockUser.new do
+      assert !has_role?(:test_role)
+      block_evaled = false
+      has_role?(:test_role) do
+        block_evaled = true
+      end
+      assert !block_evaled
+    end
+  end
+  def test_has_role_with_hierarchy
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+        role :other_role do
+          has_permission_on :another_mocks, :to => :show
+        end
+        role :root do
+          includes :test_role
+        end
+      end
+    }
+    user = MockUser.new(:root)
+    request!(user, :action, reader)
+    assert has_role_with_hierarchy?(:test_role)
+    assert !has_role_with_hierarchy?(:other_role)
+    block_evaled = false
+    has_role_with_hierarchy?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    block_evaled = false
+    has_role_with_hierarchy?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+  end
+  def test_has_any_role_with_hierarchy
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+        role :other_role do
+          has_permission_on :another_mocks, :to => :show
+        end
+        role :root do
+          includes :test_role
+        end
+      end
+    }
+    user = MockUser.new(:root)
+    request!(user, :action, reader)
+    assert has_any_role_with_hierarchy?(:test_role)
+    assert !has_any_role_with_hierarchy?(:other_role)
+    assert has_any_role_with_hierarchy?(:test_role,:other_role)
+    block_evaled = false
+    has_any_role_with_hierarchy?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    block_evaled = false
+    has_any_role_with_hierarchy?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+    block_evaled = false
+    has_any_role_with_hierarchy?(:test_role,:test_role2) do
+      block_evaled = true
+    end
+    assert block_evaled
+  end
+end