RubyGems - ae_declarative_authorization - Versions diffs - 0.7.1 → 0.8.0 - Mend

ae_declarative_authorization 0.7.1 → 0.8.0

Files changed (56) hide show

checksums.yaml +5 -5
data/Appraisals +31 -21
data/CHANGELOG +189 -189
data/Gemfile +7 -7
data/Gemfile.lock +68 -60
data/LICENSE.txt +20 -20
data/README.md +620 -620
data/README.rdoc +597 -597
data/Rakefile +35 -33
data/authorization_rules.dist.rb +20 -20
data/declarative_authorization.gemspec +24 -24
data/gemfiles/rails4252.gemfile +10 -10
data/gemfiles/rails4252.gemfile.lock +126 -0
data/gemfiles/rails4271.gemfile +10 -10
data/gemfiles/rails4271.gemfile.lock +126 -0
data/gemfiles/rails507.gemfile +11 -11
data/gemfiles/rails507.gemfile.lock +136 -0
data/gemfiles/rails516.gemfile +11 -0
data/gemfiles/rails516.gemfile.lock +136 -0
data/gemfiles/rails521.gemfile +11 -0
data/gemfiles/rails521.gemfile.lock +144 -0
data/init.rb +5 -5
data/lib/declarative_authorization.rb +18 -18
data/lib/declarative_authorization/authorization.rb +821 -821
data/lib/declarative_authorization/helper.rb +78 -78
data/lib/declarative_authorization/in_controller.rb +713 -713
data/lib/declarative_authorization/in_model.rb +156 -156
data/lib/declarative_authorization/maintenance.rb +215 -215
data/lib/declarative_authorization/obligation_scope.rb +348 -345
data/lib/declarative_authorization/railsengine.rb +5 -5
data/lib/declarative_authorization/reader.rb +549 -549
data/lib/declarative_authorization/test/helpers.rb +261 -261
data/lib/declarative_authorization/version.rb +3 -3
data/lib/generators/authorization/install/install_generator.rb +77 -77
data/lib/generators/authorization/rules/rules_generator.rb +13 -13
data/lib/generators/authorization/rules/templates/authorization_rules.rb +27 -27
data/lib/tasks/authorization_tasks.rake +89 -89
data/log/test.log +15246 -0
data/pkg/ae_declarative_authorization-0.7.1.gem +0 -0
data/pkg/ae_declarative_authorization-0.8.0.gem +0 -0
data/test/authorization_test.rb +1121 -1121
data/test/controller_filter_resource_access_test.rb +573 -573
data/test/controller_test.rb +478 -478
data/test/database.yml +3 -3
data/test/dsl_reader_test.rb +178 -178
data/test/functional/filter_access_to_with_id_in_scope_test.rb +88 -88
data/test/functional/no_filter_access_to_test.rb +79 -79
data/test/functional/params_block_arity_test.rb +39 -39
data/test/helper_test.rb +248 -248
data/test/maintenance_test.rb +46 -46
data/test/model_test.rb +1840 -1840
data/test/profiles/access_checking +20 -0
data/test/schema.sql +60 -60
data/test/test_helper.rb +174 -174
data/test/test_support/minitest_compatibility.rb +26 -26
metadata +17 -5

data/lib/declarative_authorization/test/helpers.rb CHANGED

@@ -1,261 +1,261 @@
-require 'blockenspiel'
-require 'active_support/concern'
-module DeclarativeAuthorization
-  module Test
-    module Helpers
-      extend ActiveSupport::Concern
-      class InvalidParamsBlockArity < StandardError
-        def initialize(params_block_name, params_block_arity, max_arity)
-          message = "Params block '#{params_block_name}' has arity of #{params_block_arity}. Max params block arity is #{max_arity}."
-          super(message)
-        end
-      end
-      class PrivilegeTestGenerator
-        include Blockenspiel::DSL
-        def initialize(test_class, role, privileges)
-          @test_class = test_class
-          @role = role
-          @privileges = [privileges].flatten
-        end
-        def allowed(options)
-          role, privileges, actions, params_name = extract_options(options)
-          actions.each do |action|
-            privileges.each do |privilege|
-              @test_class.send(:define_method, "test_#{action}__access_allowed__#{role}_role__#{privilege ? "#{privilege}_permissions__" : ""}with_#{params_name || 'no_params'}") do
-                priv_param = (privilege == :hidden ? nil : privilege)
-                if forbidden_with_role_and_privilege?(action, role, priv_param, params_name, options)
-                  flunk "The '#{action}' action #{params_name ? "with '#{params_name}' parameters " : ''}should be accessible for users with #{privilege ? "'#{privilege}' permissions for " : ""}the '#{role}' role."
-                end
-              end
-            end
-          end
-        end
-        def denied(options)
-          role, privileges, actions, params_name = extract_options(options)
-          actions.each do |action|
-            privileges.each do |privilege|
-              @test_class.send(:define_method, "test_#{action}__access_denied__#{role}_role__#{privilege ? "#{privilege}_permissions__" : ""}with_#{params_name || 'no_params'}") do
-                priv_param = (privilege == :hidden ? nil : privilege)
-                unless forbidden_with_role_and_privilege?(action, role, priv_param, params_name, options)
-                  flunk "The '#{action}' action #{params_name ? "with '#{params_name}' parameters " : ''}should NOT be accessible for users with #{privilege ? "'#{privilege}' permissions for " : ""}the '#{role}' role."
-                end
-              end
-            end
-          end
-        end
-        protected
-        def extract_options(options)
-          # Can't use these instance variable from inside a method on the test class
-          role        = @role
-          privileges   = @privileges
-          actions     = options[:to]
-          raise ':to is a required option!' unless actions
-          actions     = [actions] unless actions.is_a?(Array)
-          params_name      = options[:with]
-          [role, privileges, actions, params_name]
-        end
-      end
-      class RoleTestGenerator
-        include Blockenspiel::DSL
-        def initialize(test_class, role)
-          @test_class = test_class
-          @role = role
-        end
-        def privilege(privilege, &block)
-          privileges = [privilege].flatten.uniq
-          unless privileges.all? { |privilege| [:hidden, :read, :write, :write_without_delete].include?(privilege) }
-            raise "Privilege (:when) must be :hidden, :read, :write_without_delete, or :write. Found #{privilege.inspect}."
-          end
-          Blockenspiel.invoke(block, PrivilegeTestGenerator.new(@test_class, @role, privileges))
-        end
-        def allowed(options)
-          if options[:when]
-            privilege(options[:when]) { allowed(options) }
-          else
-            Blockenspiel.invoke(Proc.new {allowed(options)}, PrivilegeTestGenerator.new(@test_class, @role, nil))
-          end
-        end
-        def denied(options)
-          if options[:when]
-            privilege(options[:when]) { denied(options) }
-          else
-            Blockenspiel.invoke(Proc.new {denied(options)}, PrivilegeTestGenerator.new(@test_class, @role, nil))
-          end
-        end
-      end
-      class AccessTestGenerator
-        include Blockenspiel::DSL
-        def initialize(test_class)
-          @test_class = test_class
-        end
-        def params(name, &block)
-          @test_class.define_access_test_params_method(name, &block)
-        end
-        def role(role, &block)
-          raise "Role cannot be blank!" if role.blank?
-          Blockenspiel.invoke(block, RoleTestGenerator.new(@test_class, role))
-        end
-      end
-      module ClassMethods
-        attr_reader :access_tests_defined
-        def skip_access_tests_for_actions(*actions)
-          @skipped_access_test_actions ||= []
-          @skipped_access_test_actions += actions.map(&:to_sym)
-        end
-        def access_tests(&block)
-          @access_tests_defined = true
-          file_output ||= [ 'test/profiles/access_checking', ENV['TEST_ENV_NUMBER'] ].compact.join('.')
-          unless File.exists?(file_output)
-            FileUtils.mkdir_p(File.dirname(file_output))
-          end
-          File.open(file_output, "a+") do |file|
-            file.puts self.controller_class.name
-          end
-          Blockenspiel.invoke(block, AccessTestGenerator.new(self))
-        end
-        def this_is_an_abstract_controller_so_it_needs_no_access_tests
-          undef_method :test_access_tests_defined if self.method_defined? :test_access_tests_defined
-          undef_method :test_all_public_actions_covered_by_role_tests if self.method_defined? :test_all_public_actions_covered_by_role_tests
-        end
-        alias :this_is_a_module_mixed_into_controllers_so_it_needs_no_access_tests :this_is_an_abstract_controller_so_it_needs_no_access_tests
-        alias :the_access_tests_are_tested_elsewhere_so_no_access_tests_are_needed :this_is_an_abstract_controller_so_it_needs_no_access_tests
-        alias :access_tests_not_required :this_is_an_abstract_controller_so_it_needs_no_access_tests
-        def all_public_actions
-          actions = controller_class.public_instance_methods(false)
-          actions += controller_class.superclass.public_instance_methods(false)
-          actions.reject! do |method|
-            method =~ /^_/ ||
-              method =~ /^rescue_action/ ||
-              (@skipped_access_test_actions.is_a?(Array) && @skipped_access_test_actions.include?(method))
-          end
-          actions.uniq
-        end
-        def inherited(child)
-          super
-          child.send(:define_method, :test_access_tests_defined) do
-            assert self.class.access_tests_defined, 'Access tests needed but not defined.'
-          end
-          child.send(:define_method, :test_all_public_actions_covered_by_role_tests) do
-            test_methods = self.public_methods(false).select { |method| method =~ /^test_/ }
-            untested_actions = self.class.all_public_actions.select { |action| !test_methods.any? { |method| method =~ /^test_#{action}__access_/} }
-            unless untested_actions.empty?
-              flunk "In #{self.class.name}, it appears that #{untested_actions.map(&:inspect).to_sentence} are not tested by any access_tests. Did you forget them?"
-            end
-          end
-        end
-        def define_access_test_params_method(name, &block)
-          define_method("access_test_params_for_#{name}", &block)
-        end
-      end
-      protected
-      def response_forbidden?
-        flash[:error] == 'You do not have the correct permissions to access that page. Click the back button to return to your previous page.' ||
-        flash[:error] =~ /You do not have the correct permissions to view this/ ||
-        flash[:error] =~ /You do not have access to/ ||
-        flash[:alert] =~ /You need to sign in/ ||
-        (@response.location =~ /\/users\/sign_in/ && @response.code == "302")
-      end
-      def access_test_params_for_param_methods
-        []
-      end
-      def access_test_params(name)
-        return { } unless name.present?
-        params    = access_test_params_for_param_methods
-        max_arity = params.size
-        full_method_name = "access_test_params_for_#{name}"
-        method_arity = method(full_method_name).arity
-        unless method_arity <= max_arity
-          raise InvalidParamsBlockArity.new(name, method_arity, max_arity)
-        end
-        send(full_method_name, *params[0...method_arity])
-      end
-      def access_test_user(role, privilege)
-        raise 'MUST IMPLEMENT!!!'
-      end
-      def forbidden_with_role_and_privilege?(action, role, privilege, params_name = nil, options = {})
-        http_method = options[:method] || :get
-        xhr = options[:xhr]
-        user = access_test_user(role, privilege)
-        params = access_test_params(params_name)
-        send_args = [http_method, action.to_sym]
-        send_kwargs = { params: params }
-        send_kwargs[:xhr] = true if xhr
-        errors_to_reraise = [
-          ActionController::RoutingError,
-          ActionController::UrlGenerationError,
-          AbstractController::ActionNotFound
-        ]
-        errors_to_reraise << Mocha::ExpectationError if defined?(Mocha::ExpectationError)
-        begin
-          send *send_args, **send_kwargs
-          return response_forbidden?
-        rescue *errors_to_reraise => e
-          raise e
-        rescue => e
-          if options[:print_error]
-            puts "\n#{e.class.name} raised in action '#{action}':"
-            puts e.message
-            puts e.backtrace.join("\n")
-          end
-          return false
-        end
-      end
-    end
-  end
-end
+require 'blockenspiel'
+require 'active_support/concern'
+module DeclarativeAuthorization
+  module Test
+    module Helpers
+      extend ActiveSupport::Concern
+      class InvalidParamsBlockArity < StandardError
+        def initialize(params_block_name, params_block_arity, max_arity)
+          message = "Params block '#{params_block_name}' has arity of #{params_block_arity}. Max params block arity is #{max_arity}."
+          super(message)
+        end
+      end
+      class PrivilegeTestGenerator
+        include Blockenspiel::DSL
+        def initialize(test_class, role, privileges)
+          @test_class = test_class
+          @role = role
+          @privileges = [privileges].flatten
+        end
+        def allowed(options)
+          role, privileges, actions, params_name = extract_options(options)
+          actions.each do |action|
+            privileges.each do |privilege|
+              @test_class.send(:define_method, "test_#{action}__access_allowed__#{role}_role__#{privilege ? "#{privilege}_permissions__" : ""}with_#{params_name || 'no_params'}") do
+                priv_param = (privilege == :hidden ? nil : privilege)
+                if forbidden_with_role_and_privilege?(action, role, priv_param, params_name, options)
+                  flunk "The '#{action}' action #{params_name ? "with '#{params_name}' parameters " : ''}should be accessible for users with #{privilege ? "'#{privilege}' permissions for " : ""}the '#{role}' role."
+                end
+              end
+            end
+          end
+        end
+        def denied(options)
+          role, privileges, actions, params_name = extract_options(options)
+          actions.each do |action|
+            privileges.each do |privilege|
+              @test_class.send(:define_method, "test_#{action}__access_denied__#{role}_role__#{privilege ? "#{privilege}_permissions__" : ""}with_#{params_name || 'no_params'}") do
+                priv_param = (privilege == :hidden ? nil : privilege)
+                unless forbidden_with_role_and_privilege?(action, role, priv_param, params_name, options)
+                  flunk "The '#{action}' action #{params_name ? "with '#{params_name}' parameters " : ''}should NOT be accessible for users with #{privilege ? "'#{privilege}' permissions for " : ""}the '#{role}' role."
+                end
+              end
+            end
+          end
+        end
+        protected
+        def extract_options(options)
+          # Can't use these instance variable from inside a method on the test class
+          role        = @role
+          privileges   = @privileges
+          actions     = options[:to]
+          raise ':to is a required option!' unless actions
+          actions     = [actions] unless actions.is_a?(Array)
+          params_name      = options[:with]
+          [role, privileges, actions, params_name]
+        end
+      end
+      class RoleTestGenerator
+        include Blockenspiel::DSL
+        def initialize(test_class, role)
+          @test_class = test_class
+          @role = role
+        end
+        def privilege(privilege, &block)
+          privileges = [privilege].flatten.uniq
+          unless privileges.all? { |privilege| [:hidden, :read, :write, :write_without_delete].include?(privilege) }
+            raise "Privilege (:when) must be :hidden, :read, :write_without_delete, or :write. Found #{privilege.inspect}."
+          end
+          Blockenspiel.invoke(block, PrivilegeTestGenerator.new(@test_class, @role, privileges))
+        end
+        def allowed(options)
+          if options[:when]
+            privilege(options[:when]) { allowed(options) }
+          else
+            Blockenspiel.invoke(Proc.new {allowed(options)}, PrivilegeTestGenerator.new(@test_class, @role, nil))
+          end
+        end
+        def denied(options)
+          if options[:when]
+            privilege(options[:when]) { denied(options) }
+          else
+            Blockenspiel.invoke(Proc.new {denied(options)}, PrivilegeTestGenerator.new(@test_class, @role, nil))
+          end
+        end
+      end
+      class AccessTestGenerator
+        include Blockenspiel::DSL
+        def initialize(test_class)
+          @test_class = test_class
+        end
+        def params(name, &block)
+          @test_class.define_access_test_params_method(name, &block)
+        end
+        def role(role, &block)
+          raise "Role cannot be blank!" if role.blank?
+          Blockenspiel.invoke(block, RoleTestGenerator.new(@test_class, role))
+        end
+      end
+      module ClassMethods
+        attr_reader :access_tests_defined
+        def skip_access_tests_for_actions(*actions)
+          @skipped_access_test_actions ||= []
+          @skipped_access_test_actions += actions.map(&:to_sym)
+        end
+        def access_tests(&block)
+          @access_tests_defined = true
+          file_output ||= [ 'test/profiles/access_checking', ENV['TEST_ENV_NUMBER'] ].compact.join('.')
+          unless File.exists?(file_output)
+            FileUtils.mkdir_p(File.dirname(file_output))
+          end
+          File.open(file_output, "a+") do |file|
+            file.puts self.controller_class.name
+          end
+          Blockenspiel.invoke(block, AccessTestGenerator.new(self))
+        end
+        def this_is_an_abstract_controller_so_it_needs_no_access_tests
+          undef_method :test_access_tests_defined if self.method_defined? :test_access_tests_defined
+          undef_method :test_all_public_actions_covered_by_role_tests if self.method_defined? :test_all_public_actions_covered_by_role_tests
+        end
+        alias :this_is_a_module_mixed_into_controllers_so_it_needs_no_access_tests :this_is_an_abstract_controller_so_it_needs_no_access_tests
+        alias :the_access_tests_are_tested_elsewhere_so_no_access_tests_are_needed :this_is_an_abstract_controller_so_it_needs_no_access_tests
+        alias :access_tests_not_required :this_is_an_abstract_controller_so_it_needs_no_access_tests
+        def all_public_actions
+          actions = controller_class.public_instance_methods(false)
+          actions += controller_class.superclass.public_instance_methods(false)
+          actions.reject! do |method|
+            method =~ /^_/ ||
+              method =~ /^rescue_action/ ||
+              (@skipped_access_test_actions.is_a?(Array) && @skipped_access_test_actions.include?(method))
+          end
+          actions.uniq
+        end
+        def inherited(child)
+          super
+          child.send(:define_method, :test_access_tests_defined) do
+            assert self.class.access_tests_defined, 'Access tests needed but not defined.'
+          end
+          child.send(:define_method, :test_all_public_actions_covered_by_role_tests) do
+            test_methods = self.public_methods(false).select { |method| method =~ /^test_/ }
+            untested_actions = self.class.all_public_actions.select { |action| !test_methods.any? { |method| method =~ /^test_#{action}__access_/} }
+            unless untested_actions.empty?
+              flunk "In #{self.class.name}, it appears that #{untested_actions.map(&:inspect).to_sentence} are not tested by any access_tests. Did you forget them?"
+            end
+          end
+        end
+        def define_access_test_params_method(name, &block)
+          define_method("access_test_params_for_#{name}", &block)
+        end
+      end
+      protected
+      def response_forbidden?
+        flash[:error] == 'You do not have the correct permissions to access that page. Click the back button to return to your previous page.' ||
+        flash[:error] =~ /You do not have the correct permissions to view this/ ||
+        flash[:error] =~ /You do not have access to/ ||
+        flash[:alert] =~ /You need to sign in/ ||
+        (@response.location =~ /\/users\/sign_in/ && @response.code == "302")
+      end
+      def access_test_params_for_param_methods
+        []
+      end
+      def access_test_params(name)
+        return { } unless name.present?
+        params    = access_test_params_for_param_methods
+        max_arity = params.size
+        full_method_name = "access_test_params_for_#{name}"
+        method_arity = method(full_method_name).arity
+        unless method_arity <= max_arity
+          raise InvalidParamsBlockArity.new(name, method_arity, max_arity)
+        end
+        send(full_method_name, *params[0...method_arity])
+      end
+      def access_test_user(role, privilege)
+        raise 'MUST IMPLEMENT!!!'
+      end
+      def forbidden_with_role_and_privilege?(action, role, privilege, params_name = nil, options = {})
+        http_method = options[:method] || :get
+        xhr = options[:xhr]
+        user = access_test_user(role, privilege)
+        params = access_test_params(params_name)
+        send_args = [http_method, action.to_sym]
+        send_kwargs = { params: params }
+        send_kwargs[:xhr] = true if xhr
+        errors_to_reraise = [
+          ActionController::RoutingError,
+          ActionController::UrlGenerationError,
+          AbstractController::ActionNotFound
+        ]
+        errors_to_reraise << Mocha::ExpectationError if defined?(Mocha::ExpectationError)
+        begin
+          send *send_args, **send_kwargs
+          return response_forbidden?
+        rescue *errors_to_reraise => e
+          raise e
+        rescue => e
+          if options[:print_error]
+            puts "\n#{e.class.name} raised in action '#{action}':"
+            puts e.message
+            puts e.backtrace.join("\n")
+          end
+          return false
+        end
+      end
+    end
+  end
+end