ae_declarative_authorization 0.7.1 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (56) hide show
  1. checksums.yaml +5 -5
  2. data/Appraisals +31 -21
  3. data/CHANGELOG +189 -189
  4. data/Gemfile +7 -7
  5. data/Gemfile.lock +68 -60
  6. data/LICENSE.txt +20 -20
  7. data/README.md +620 -620
  8. data/README.rdoc +597 -597
  9. data/Rakefile +35 -33
  10. data/authorization_rules.dist.rb +20 -20
  11. data/declarative_authorization.gemspec +24 -24
  12. data/gemfiles/rails4252.gemfile +10 -10
  13. data/gemfiles/rails4252.gemfile.lock +126 -0
  14. data/gemfiles/rails4271.gemfile +10 -10
  15. data/gemfiles/rails4271.gemfile.lock +126 -0
  16. data/gemfiles/rails507.gemfile +11 -11
  17. data/gemfiles/rails507.gemfile.lock +136 -0
  18. data/gemfiles/rails516.gemfile +11 -0
  19. data/gemfiles/rails516.gemfile.lock +136 -0
  20. data/gemfiles/rails521.gemfile +11 -0
  21. data/gemfiles/rails521.gemfile.lock +144 -0
  22. data/init.rb +5 -5
  23. data/lib/declarative_authorization.rb +18 -18
  24. data/lib/declarative_authorization/authorization.rb +821 -821
  25. data/lib/declarative_authorization/helper.rb +78 -78
  26. data/lib/declarative_authorization/in_controller.rb +713 -713
  27. data/lib/declarative_authorization/in_model.rb +156 -156
  28. data/lib/declarative_authorization/maintenance.rb +215 -215
  29. data/lib/declarative_authorization/obligation_scope.rb +348 -345
  30. data/lib/declarative_authorization/railsengine.rb +5 -5
  31. data/lib/declarative_authorization/reader.rb +549 -549
  32. data/lib/declarative_authorization/test/helpers.rb +261 -261
  33. data/lib/declarative_authorization/version.rb +3 -3
  34. data/lib/generators/authorization/install/install_generator.rb +77 -77
  35. data/lib/generators/authorization/rules/rules_generator.rb +13 -13
  36. data/lib/generators/authorization/rules/templates/authorization_rules.rb +27 -27
  37. data/lib/tasks/authorization_tasks.rake +89 -89
  38. data/log/test.log +15246 -0
  39. data/pkg/ae_declarative_authorization-0.7.1.gem +0 -0
  40. data/pkg/ae_declarative_authorization-0.8.0.gem +0 -0
  41. data/test/authorization_test.rb +1121 -1121
  42. data/test/controller_filter_resource_access_test.rb +573 -573
  43. data/test/controller_test.rb +478 -478
  44. data/test/database.yml +3 -3
  45. data/test/dsl_reader_test.rb +178 -178
  46. data/test/functional/filter_access_to_with_id_in_scope_test.rb +88 -88
  47. data/test/functional/no_filter_access_to_test.rb +79 -79
  48. data/test/functional/params_block_arity_test.rb +39 -39
  49. data/test/helper_test.rb +248 -248
  50. data/test/maintenance_test.rb +46 -46
  51. data/test/model_test.rb +1840 -1840
  52. data/test/profiles/access_checking +20 -0
  53. data/test/schema.sql +60 -60
  54. data/test/test_helper.rb +174 -174
  55. data/test/test_support/minitest_compatibility.rb +26 -26
  56. metadata +17 -5
@@ -1,478 +1,478 @@
1
- require 'test_helper'
2
-
3
-
4
- class LoadMockObject < MockDataObject
5
- def self.name
6
- "LoadMockObject"
7
- end
8
- end
9
-
10
- ##################
11
- class SpecificMocksController < MocksController
12
- filter_access_to :test_action, :require => :test, :context => :permissions
13
- filter_access_to :test_action_2, :require => :test, :context => :permissions_2
14
- filter_access_to :show
15
- filter_access_to :edit, :create, :require => :test, :context => :permissions
16
- filter_access_to :edit_2, :require => :test, :context => :permissions,
17
- :attribute_check => true, :model => LoadMockObject
18
- filter_access_to :new, :require => :test, :context => :permissions
19
-
20
- filter_access_to [:action_group_action_1, :action_group_action_2]
21
- define_action_methods :test_action, :test_action_2, :show, :edit, :create,
22
- :edit_2, :new, :unprotected_action, :action_group_action_1, :action_group_action_2
23
- end
24
-
25
- class BasicControllerTest < ActionController::TestCase
26
- tests SpecificMocksController
27
-
28
- def test_filter_access_to_receiving_an_explicit_array
29
- reader = Authorization::Reader::DSLReader.new
30
-
31
- reader.parse %{
32
- authorization do
33
- role :test_action_group_2 do
34
- has_permission_on :specific_mocks, :to => :action_group_action_2
35
- end
36
- end
37
- }
38
-
39
- request!(MockUser.new(:test_action_group_2), "action_group_action_2", reader)
40
- assert @controller.authorized?
41
- request!(MockUser.new(:test_action_group_2), "action_group_action_1", reader)
42
- assert !@controller.authorized?
43
- request!(nil, "action_group_action_2", reader)
44
- assert !@controller.authorized?
45
- end
46
-
47
- def test_filter_access
48
- assert !@controller.class._process_action_callbacks.find_all{|x| x.kind == :before}.map(&:filter).empty?
49
-
50
- reader = Authorization::Reader::DSLReader.new
51
- reader.parse %{
52
- authorization do
53
- role :test_role do
54
- has_permission_on :permissions, :to => :test
55
- has_permission_on :specific_mocks, :to => :show
56
- end
57
- end
58
- }
59
-
60
- request!(MockUser.new(:test_role), "test_action", reader)
61
- assert @controller.authorized?
62
-
63
- request!(MockUser.new(:test_role), "test_action_2", reader)
64
- assert !@controller.authorized?
65
-
66
- request!(MockUser.new(:test_role_2), "test_action", reader)
67
- assert_response :forbidden
68
- assert !@controller.authorized?
69
-
70
- request!(MockUser.new(:test_role), "show", reader)
71
- assert @controller.authorized?
72
- end
73
-
74
- def test_filter_access_multi_actions
75
- reader = Authorization::Reader::DSLReader.new
76
- reader.parse %{
77
- authorization do
78
- role :test_role do
79
- has_permission_on :permissions, :to => :test
80
- end
81
- end
82
- }
83
- request!(MockUser.new(:test_role), "create", reader)
84
- assert @controller.authorized?
85
- end
86
-
87
- def test_filter_access_unprotected_actions
88
- reader = Authorization::Reader::DSLReader.new
89
- reader.parse %{
90
- authorization do
91
- role :test_role do
92
- end
93
- end
94
- }
95
- request!(MockUser.new(:test_role), "unprotected_action", reader)
96
- assert @controller.authorized?
97
- end
98
-
99
- def test_filter_access_priv_hierarchy
100
- reader = Authorization::Reader::DSLReader.new
101
- reader.parse %{
102
- privileges do
103
- privilege :read do
104
- includes :list, :show
105
- end
106
- end
107
- authorization do
108
- role :test_role do
109
- has_permission_on :specific_mocks, :to => :read
110
- end
111
- end
112
- }
113
- request!(MockUser.new(:test_role), "show", reader)
114
- assert @controller.authorized?
115
- end
116
-
117
- def test_filter_access_skip_attribute_test
118
- reader = Authorization::Reader::DSLReader.new
119
- reader.parse %{
120
- authorization do
121
- role :test_role do
122
- has_permission_on :permissions, :to => :test do
123
- if_attribute :id => is { user }
124
- end
125
- end
126
- end
127
- }
128
- request!(MockUser.new(:test_role), "new", reader)
129
- assert @controller.authorized?
130
- end
131
-
132
- def test_existing_instance_var_remains_unchanged
133
- reader = Authorization::Reader::DSLReader.new
134
- reader.parse %{
135
- authorization do
136
- role :test_role do
137
- has_permission_on :permissions, :to => :test do
138
- if_attribute :id => is { 5 }
139
- end
140
- end
141
- end
142
- }
143
- mock_object = MockDataObject.new(:id => 5)
144
- @controller.send(:instance_variable_set, :"@load_mock_object",
145
- mock_object)
146
- request!(MockUser.new(:test_role), "edit_2", reader)
147
- assert_equal mock_object,
148
- @controller.send(:instance_variable_get, :"@load_mock_object")
149
- assert @controller.authorized?
150
- end
151
-
152
- def test_permitted_to_without_context
153
- reader = Authorization::Reader::DSLReader.new
154
- reader.parse %{
155
- authorization do
156
- role :test_role do
157
- has_permission_on :specific_mocks, :to => :test
158
- end
159
- end
160
- }
161
- @controller.current_user = MockUser.new(:test_role)
162
- @controller.authorization_engine = Authorization::Engine.new(reader)
163
- assert @controller.permitted_to?(:test)
164
- end
165
- end
166
-
167
-
168
- ##################
169
- class AllMocksController < MocksController
170
- filter_access_to :all
171
- filter_access_to :view, :require => :test, :context => :permissions
172
- define_action_methods :show, :view
173
- end
174
- class AllActionsControllerTest < ActionController::TestCase
175
- tests AllMocksController
176
- def test_filter_access_all
177
- reader = Authorization::Reader::DSLReader.new
178
- reader.parse %{
179
- authorization do
180
- role :test_role do
181
- has_permission_on :permissions, :to => :test
182
- has_permission_on :all_mocks, :to => :show
183
- end
184
- end
185
- }
186
-
187
- request!(MockUser.new(:test_role), "show", reader)
188
- assert @controller.authorized?
189
-
190
- request!(MockUser.new(:test_role), "view", reader)
191
- assert @controller.authorized?
192
-
193
- request!(MockUser.new(:test_role_2), "show", reader)
194
- assert !@controller.authorized?
195
- end
196
- end
197
-
198
-
199
- ##################
200
- class LoadMockObjectsController < MocksController
201
- before_action { @@load_method_call_count = 0 }
202
- filter_access_to :show, :attribute_check => true, :model => LoadMockObject
203
- filter_access_to :edit, :attribute_check => true
204
- filter_access_to :update, :delete, :attribute_check => true,
205
- :load_method => proc {MockDataObject.new(:test => 1)}
206
- filter_access_to :create do
207
- permitted_to! :edit, :load_mock_objects
208
- end
209
- filter_access_to :view, :attribute_check => true, :load_method => :load_method
210
- def load_method
211
- self.class.load_method_called
212
- MockDataObject.new(:test => 2)
213
- end
214
- define_action_methods :show, :edit, :update, :delete, :create, :view
215
-
216
- def self.load_method_called
217
- @@load_method_call_count ||= 0
218
- @@load_method_call_count += 1
219
- end
220
- def self.load_method_call_count
221
- @@load_method_call_count || 0
222
- end
223
- end
224
- class LoadObjectControllerTest < ActionController::TestCase
225
- tests LoadMockObjectsController
226
-
227
- def test_filter_access_with_object_load
228
- reader = Authorization::Reader::DSLReader.new
229
- reader.parse %{
230
- authorization do
231
- role :test_role do
232
- has_permission_on :load_mock_objects, :to => [:show, :edit] do
233
- if_attribute :id => 1
234
- if_attribute :id => "1"
235
- end
236
- end
237
- end
238
- }
239
-
240
- request!(MockUser.new(:test_role), "show", reader, :id => 2)
241
- assert !@controller.authorized?
242
-
243
- request!(MockUser.new(:test_role), "show", reader, :id => 1,
244
- :clear => [:@load_mock_object])
245
- assert @controller.authorized?
246
-
247
- request!(MockUser.new(:test_role), "edit", reader, :id => 1,
248
- :clear => [:@load_mock_object])
249
- assert @controller.authorized?
250
- assert @controller.instance_variable_defined?(:@load_mock_object)
251
- end
252
-
253
- def test_filter_access_object_load_without_param
254
- reader = Authorization::Reader::DSLReader.new
255
- reader.parse %{
256
- authorization do
257
- role :test_role do
258
- has_permission_on :load_mock_objects, :to => [:show, :edit] do
259
- if_attribute :id => is {"1"}
260
- end
261
- end
262
- end
263
- }
264
-
265
- assert_raise StandardError, "No id param supplied" do
266
- request!(MockUser.new(:test_role), "show", reader)
267
- end
268
-
269
- Authorization::AuthorizationInController.failed_auto_loading_is_not_found = false
270
- request!(MockUser.new(:test_role), "show", reader)
271
- assert !@controller.authorized?
272
- Authorization::AuthorizationInController.failed_auto_loading_is_not_found = true
273
- end
274
-
275
- def test_filter_access_with_object_load_custom
276
- reader = Authorization::Reader::DSLReader.new
277
- reader.parse %{
278
- authorization do
279
- role :test_role do
280
- has_permission_on :load_mock_objects, :to => :view do
281
- if_attribute :test => is {2}
282
- end
283
- has_permission_on :load_mock_objects, :to => :update do
284
- if_attribute :test => is {1}
285
- end
286
- has_permission_on :load_mock_objects, :to => :delete do
287
- if_attribute :test => is {2}
288
- end
289
- end
290
- end
291
- }
292
-
293
- request!(MockUser.new(:test_role), "delete", reader)
294
- assert !@controller.authorized?
295
-
296
- request!(MockUser.new(:test_role), "view", reader)
297
- assert @controller.authorized?
298
- assert_equal 1, @controller.class.load_method_call_count
299
-
300
- request!(MockUser.new(:test_role_2), "view", reader)
301
- assert !@controller.authorized?
302
- assert_equal 1, @controller.class.load_method_call_count
303
-
304
- request!(MockUser.new(:test_role), "update", reader)
305
- assert @controller.authorized?
306
- end
307
-
308
- def test_filter_access_custom
309
- reader = Authorization::Reader::DSLReader.new
310
- reader.parse %{
311
- authorization do
312
- role :test_role do
313
- has_permission_on :load_mock_objects, :to => :edit
314
- end
315
- role :test_role_2 do
316
- has_permission_on :load_mock_objects, :to => :create
317
- end
318
- end
319
- }
320
-
321
- request!(MockUser.new(:test_role), "create", reader)
322
- assert @controller.authorized?
323
-
324
- request!(MockUser.new(:test_role_2), "create", reader)
325
- assert !@controller.authorized?
326
- end
327
- end
328
-
329
-
330
- ##################
331
- class AccessOverwritesController < MocksController
332
- filter_access_to :test_action, :test_action_2,
333
- :require => :test, :context => :permissions_2
334
- filter_access_to :test_action, :require => :test, :context => :permissions
335
- define_action_methods :test_action, :test_action_2
336
- end
337
- class AccessOverwritesControllerTest < ActionController::TestCase
338
- def test_filter_access_overwrite
339
- reader = Authorization::Reader::DSLReader.new
340
- reader.parse %{
341
- authorization do
342
- role :test_role do
343
- has_permission_on :permissions, :to => :test
344
- end
345
- end
346
- }
347
- request!(MockUser.new(:test_role), "test_action_2", reader)
348
- assert !@controller.authorized?
349
-
350
- request!(MockUser.new(:test_role), "test_action", reader)
351
- assert @controller.authorized?
352
- end
353
- end
354
-
355
-
356
- ##################
357
- class PeopleController < MocksController
358
- filter_access_to :all
359
- define_action_methods :show
360
- end
361
- class PluralizationControllerTest < ActionController::TestCase
362
- tests PeopleController
363
-
364
- def test_filter_access_people_controller
365
- reader = Authorization::Reader::DSLReader.new
366
- reader.parse %{
367
- authorization do
368
- role :test_role do
369
- has_permission_on :people, :to => :show
370
- end
371
- end
372
- }
373
- request!(MockUser.new(:test_role), "show", reader)
374
- assert @controller.authorized?
375
- end
376
- end
377
-
378
-
379
- ##################
380
- class CommonController < MocksController
381
- filter_access_to :delete, :context => :common
382
- filter_access_to :all
383
- end
384
- class CommonChild1Controller < CommonController
385
- filter_access_to :all, :context => :context_1
386
- end
387
- class CommonChild2Controller < CommonController
388
- filter_access_to :delete
389
- define_action_methods :show, :delete
390
- end
391
- class HierachicalControllerTest < ActionController::TestCase
392
- tests CommonChild2Controller
393
- def test_controller_hierarchy
394
- reader = Authorization::Reader::DSLReader.new
395
- reader.parse %{
396
- authorization do
397
- role :test_role do
398
- has_permission_on :mocks, :to => [:delete, :show]
399
- end
400
- end
401
- }
402
- request!(MockUser.new(:test_role), "show", reader)
403
- assert !@controller.authorized?
404
- request!(MockUser.new(:test_role), "delete", reader)
405
- assert !@controller.authorized?
406
- end
407
- end
408
-
409
- ##################
410
- module Name
411
- class SpacedThingsController < MocksController
412
- filter_access_to :show
413
- filter_access_to :update, :context => :spaced_things
414
- define_action_methods :show, :update
415
- end
416
- end
417
- class NameSpacedControllerTest < ActionController::TestCase
418
- tests Name::SpacedThingsController
419
- def test_context
420
- reader = Authorization::Reader::DSLReader.new
421
- reader.parse %{
422
- authorization do
423
- role :permitted_role do
424
- has_permission_on :name_spaced_things, :to => :show
425
- has_permission_on :spaced_things, :to => :update
426
- end
427
- role :prohibited_role do
428
- has_permission_on :name_spaced_things, :to => :update
429
- has_permission_on :spaced_things, :to => :show
430
- end
431
- end
432
- }
433
- request!(MockUser.new(:permitted_role), "show", reader)
434
- assert @controller.authorized?
435
- request!(MockUser.new(:prohibited_role), "show", reader)
436
- assert !@controller.authorized?
437
- request!(MockUser.new(:permitted_role), "update", reader)
438
- assert @controller.authorized?
439
- request!(MockUser.new(:prohibited_role), "update", reader)
440
- assert !@controller.authorized?
441
- end
442
- end
443
-
444
- module Deep
445
- module NameSpaced
446
- class ThingsController < MocksController
447
- filter_access_to :show
448
- filter_access_to :update, :context => :things
449
- define_action_methods :show, :update
450
- end
451
- end
452
- end
453
- class DeepNameSpacedControllerTest < ActionController::TestCase
454
- tests Deep::NameSpaced::ThingsController
455
- def test_context
456
- reader = Authorization::Reader::DSLReader.new
457
- reader.parse %{
458
- authorization do
459
- role :permitted_role do
460
- has_permission_on :deep_name_spaced_things, :to => :show
461
- has_permission_on :things, :to => :update
462
- end
463
- role :prohibited_role do
464
- has_permission_on :deep_name_spaced_things, :to => :update
465
- has_permission_on :things, :to => :show
466
- end
467
- end
468
- }
469
- request!(MockUser.new(:permitted_role), "show", reader)
470
- assert @controller.authorized?
471
- request!(MockUser.new(:prohibited_role), "show", reader)
472
- assert !@controller.authorized?
473
- request!(MockUser.new(:permitted_role), "update", reader)
474
- assert @controller.authorized?
475
- request!(MockUser.new(:prohibited_role), "update", reader)
476
- assert !@controller.authorized?
477
- end
478
- end
1
+ require 'test_helper'
2
+
3
+
4
+ class LoadMockObject < MockDataObject
5
+ def self.name
6
+ "LoadMockObject"
7
+ end
8
+ end
9
+
10
+ ##################
11
+ class SpecificMocksController < MocksController
12
+ filter_access_to :test_action, :require => :test, :context => :permissions
13
+ filter_access_to :test_action_2, :require => :test, :context => :permissions_2
14
+ filter_access_to :show
15
+ filter_access_to :edit, :create, :require => :test, :context => :permissions
16
+ filter_access_to :edit_2, :require => :test, :context => :permissions,
17
+ :attribute_check => true, :model => LoadMockObject
18
+ filter_access_to :new, :require => :test, :context => :permissions
19
+
20
+ filter_access_to [:action_group_action_1, :action_group_action_2]
21
+ define_action_methods :test_action, :test_action_2, :show, :edit, :create,
22
+ :edit_2, :new, :unprotected_action, :action_group_action_1, :action_group_action_2
23
+ end
24
+
25
+ class BasicControllerTest < ActionController::TestCase
26
+ tests SpecificMocksController
27
+
28
+ def test_filter_access_to_receiving_an_explicit_array
29
+ reader = Authorization::Reader::DSLReader.new
30
+
31
+ reader.parse %{
32
+ authorization do
33
+ role :test_action_group_2 do
34
+ has_permission_on :specific_mocks, :to => :action_group_action_2
35
+ end
36
+ end
37
+ }
38
+
39
+ request!(MockUser.new(:test_action_group_2), "action_group_action_2", reader)
40
+ assert @controller.authorized?
41
+ request!(MockUser.new(:test_action_group_2), "action_group_action_1", reader)
42
+ assert !@controller.authorized?
43
+ request!(nil, "action_group_action_2", reader)
44
+ assert !@controller.authorized?
45
+ end
46
+
47
+ def test_filter_access
48
+ assert !@controller.class._process_action_callbacks.find_all{|x| x.kind == :before}.map(&:filter).empty?
49
+
50
+ reader = Authorization::Reader::DSLReader.new
51
+ reader.parse %{
52
+ authorization do
53
+ role :test_role do
54
+ has_permission_on :permissions, :to => :test
55
+ has_permission_on :specific_mocks, :to => :show
56
+ end
57
+ end
58
+ }
59
+
60
+ request!(MockUser.new(:test_role), "test_action", reader)
61
+ assert @controller.authorized?
62
+
63
+ request!(MockUser.new(:test_role), "test_action_2", reader)
64
+ assert !@controller.authorized?
65
+
66
+ request!(MockUser.new(:test_role_2), "test_action", reader)
67
+ assert_response :forbidden
68
+ assert !@controller.authorized?
69
+
70
+ request!(MockUser.new(:test_role), "show", reader)
71
+ assert @controller.authorized?
72
+ end
73
+
74
+ def test_filter_access_multi_actions
75
+ reader = Authorization::Reader::DSLReader.new
76
+ reader.parse %{
77
+ authorization do
78
+ role :test_role do
79
+ has_permission_on :permissions, :to => :test
80
+ end
81
+ end
82
+ }
83
+ request!(MockUser.new(:test_role), "create", reader)
84
+ assert @controller.authorized?
85
+ end
86
+
87
+ def test_filter_access_unprotected_actions
88
+ reader = Authorization::Reader::DSLReader.new
89
+ reader.parse %{
90
+ authorization do
91
+ role :test_role do
92
+ end
93
+ end
94
+ }
95
+ request!(MockUser.new(:test_role), "unprotected_action", reader)
96
+ assert @controller.authorized?
97
+ end
98
+
99
+ def test_filter_access_priv_hierarchy
100
+ reader = Authorization::Reader::DSLReader.new
101
+ reader.parse %{
102
+ privileges do
103
+ privilege :read do
104
+ includes :list, :show
105
+ end
106
+ end
107
+ authorization do
108
+ role :test_role do
109
+ has_permission_on :specific_mocks, :to => :read
110
+ end
111
+ end
112
+ }
113
+ request!(MockUser.new(:test_role), "show", reader)
114
+ assert @controller.authorized?
115
+ end
116
+
117
+ def test_filter_access_skip_attribute_test
118
+ reader = Authorization::Reader::DSLReader.new
119
+ reader.parse %{
120
+ authorization do
121
+ role :test_role do
122
+ has_permission_on :permissions, :to => :test do
123
+ if_attribute :id => is { user }
124
+ end
125
+ end
126
+ end
127
+ }
128
+ request!(MockUser.new(:test_role), "new", reader)
129
+ assert @controller.authorized?
130
+ end
131
+
132
+ def test_existing_instance_var_remains_unchanged
133
+ reader = Authorization::Reader::DSLReader.new
134
+ reader.parse %{
135
+ authorization do
136
+ role :test_role do
137
+ has_permission_on :permissions, :to => :test do
138
+ if_attribute :id => is { 5 }
139
+ end
140
+ end
141
+ end
142
+ }
143
+ mock_object = MockDataObject.new(:id => 5)
144
+ @controller.send(:instance_variable_set, :"@load_mock_object",
145
+ mock_object)
146
+ request!(MockUser.new(:test_role), "edit_2", reader)
147
+ assert_equal mock_object,
148
+ @controller.send(:instance_variable_get, :"@load_mock_object")
149
+ assert @controller.authorized?
150
+ end
151
+
152
+ def test_permitted_to_without_context
153
+ reader = Authorization::Reader::DSLReader.new
154
+ reader.parse %{
155
+ authorization do
156
+ role :test_role do
157
+ has_permission_on :specific_mocks, :to => :test
158
+ end
159
+ end
160
+ }
161
+ @controller.current_user = MockUser.new(:test_role)
162
+ @controller.authorization_engine = Authorization::Engine.new(reader)
163
+ assert @controller.permitted_to?(:test)
164
+ end
165
+ end
166
+
167
+
168
+ ##################
169
+ class AllMocksController < MocksController
170
+ filter_access_to :all
171
+ filter_access_to :view, :require => :test, :context => :permissions
172
+ define_action_methods :show, :view
173
+ end
174
+ class AllActionsControllerTest < ActionController::TestCase
175
+ tests AllMocksController
176
+ def test_filter_access_all
177
+ reader = Authorization::Reader::DSLReader.new
178
+ reader.parse %{
179
+ authorization do
180
+ role :test_role do
181
+ has_permission_on :permissions, :to => :test
182
+ has_permission_on :all_mocks, :to => :show
183
+ end
184
+ end
185
+ }
186
+
187
+ request!(MockUser.new(:test_role), "show", reader)
188
+ assert @controller.authorized?
189
+
190
+ request!(MockUser.new(:test_role), "view", reader)
191
+ assert @controller.authorized?
192
+
193
+ request!(MockUser.new(:test_role_2), "show", reader)
194
+ assert !@controller.authorized?
195
+ end
196
+ end
197
+
198
+
199
+ ##################
200
+ class LoadMockObjectsController < MocksController
201
+ before_action { @@load_method_call_count = 0 }
202
+ filter_access_to :show, :attribute_check => true, :model => LoadMockObject
203
+ filter_access_to :edit, :attribute_check => true
204
+ filter_access_to :update, :delete, :attribute_check => true,
205
+ :load_method => proc {MockDataObject.new(:test => 1)}
206
+ filter_access_to :create do
207
+ permitted_to! :edit, :load_mock_objects
208
+ end
209
+ filter_access_to :view, :attribute_check => true, :load_method => :load_method
210
+ def load_method
211
+ self.class.load_method_called
212
+ MockDataObject.new(:test => 2)
213
+ end
214
+ define_action_methods :show, :edit, :update, :delete, :create, :view
215
+
216
+ def self.load_method_called
217
+ @@load_method_call_count ||= 0
218
+ @@load_method_call_count += 1
219
+ end
220
+ def self.load_method_call_count
221
+ @@load_method_call_count || 0
222
+ end
223
+ end
224
+ class LoadObjectControllerTest < ActionController::TestCase
225
+ tests LoadMockObjectsController
226
+
227
+ def test_filter_access_with_object_load
228
+ reader = Authorization::Reader::DSLReader.new
229
+ reader.parse %{
230
+ authorization do
231
+ role :test_role do
232
+ has_permission_on :load_mock_objects, :to => [:show, :edit] do
233
+ if_attribute :id => 1
234
+ if_attribute :id => "1"
235
+ end
236
+ end
237
+ end
238
+ }
239
+
240
+ request!(MockUser.new(:test_role), "show", reader, :id => 2)
241
+ assert !@controller.authorized?
242
+
243
+ request!(MockUser.new(:test_role), "show", reader, :id => 1,
244
+ :clear => [:@load_mock_object])
245
+ assert @controller.authorized?
246
+
247
+ request!(MockUser.new(:test_role), "edit", reader, :id => 1,
248
+ :clear => [:@load_mock_object])
249
+ assert @controller.authorized?
250
+ assert @controller.instance_variable_defined?(:@load_mock_object)
251
+ end
252
+
253
+ def test_filter_access_object_load_without_param
254
+ reader = Authorization::Reader::DSLReader.new
255
+ reader.parse %{
256
+ authorization do
257
+ role :test_role do
258
+ has_permission_on :load_mock_objects, :to => [:show, :edit] do
259
+ if_attribute :id => is {"1"}
260
+ end
261
+ end
262
+ end
263
+ }
264
+
265
+ assert_raise StandardError, "No id param supplied" do
266
+ request!(MockUser.new(:test_role), "show", reader)
267
+ end
268
+
269
+ Authorization::AuthorizationInController.failed_auto_loading_is_not_found = false
270
+ request!(MockUser.new(:test_role), "show", reader)
271
+ assert !@controller.authorized?
272
+ Authorization::AuthorizationInController.failed_auto_loading_is_not_found = true
273
+ end
274
+
275
+ def test_filter_access_with_object_load_custom
276
+ reader = Authorization::Reader::DSLReader.new
277
+ reader.parse %{
278
+ authorization do
279
+ role :test_role do
280
+ has_permission_on :load_mock_objects, :to => :view do
281
+ if_attribute :test => is {2}
282
+ end
283
+ has_permission_on :load_mock_objects, :to => :update do
284
+ if_attribute :test => is {1}
285
+ end
286
+ has_permission_on :load_mock_objects, :to => :delete do
287
+ if_attribute :test => is {2}
288
+ end
289
+ end
290
+ end
291
+ }
292
+
293
+ request!(MockUser.new(:test_role), "delete", reader)
294
+ assert !@controller.authorized?
295
+
296
+ request!(MockUser.new(:test_role), "view", reader)
297
+ assert @controller.authorized?
298
+ assert_equal 1, @controller.class.load_method_call_count
299
+
300
+ request!(MockUser.new(:test_role_2), "view", reader)
301
+ assert !@controller.authorized?
302
+ assert_equal 1, @controller.class.load_method_call_count
303
+
304
+ request!(MockUser.new(:test_role), "update", reader)
305
+ assert @controller.authorized?
306
+ end
307
+
308
+ def test_filter_access_custom
309
+ reader = Authorization::Reader::DSLReader.new
310
+ reader.parse %{
311
+ authorization do
312
+ role :test_role do
313
+ has_permission_on :load_mock_objects, :to => :edit
314
+ end
315
+ role :test_role_2 do
316
+ has_permission_on :load_mock_objects, :to => :create
317
+ end
318
+ end
319
+ }
320
+
321
+ request!(MockUser.new(:test_role), "create", reader)
322
+ assert @controller.authorized?
323
+
324
+ request!(MockUser.new(:test_role_2), "create", reader)
325
+ assert !@controller.authorized?
326
+ end
327
+ end
328
+
329
+
330
+ ##################
331
+ class AccessOverwritesController < MocksController
332
+ filter_access_to :test_action, :test_action_2,
333
+ :require => :test, :context => :permissions_2
334
+ filter_access_to :test_action, :require => :test, :context => :permissions
335
+ define_action_methods :test_action, :test_action_2
336
+ end
337
+ class AccessOverwritesControllerTest < ActionController::TestCase
338
+ def test_filter_access_overwrite
339
+ reader = Authorization::Reader::DSLReader.new
340
+ reader.parse %{
341
+ authorization do
342
+ role :test_role do
343
+ has_permission_on :permissions, :to => :test
344
+ end
345
+ end
346
+ }
347
+ request!(MockUser.new(:test_role), "test_action_2", reader)
348
+ assert !@controller.authorized?
349
+
350
+ request!(MockUser.new(:test_role), "test_action", reader)
351
+ assert @controller.authorized?
352
+ end
353
+ end
354
+
355
+
356
+ ##################
357
+ class PeopleController < MocksController
358
+ filter_access_to :all
359
+ define_action_methods :show
360
+ end
361
+ class PluralizationControllerTest < ActionController::TestCase
362
+ tests PeopleController
363
+
364
+ def test_filter_access_people_controller
365
+ reader = Authorization::Reader::DSLReader.new
366
+ reader.parse %{
367
+ authorization do
368
+ role :test_role do
369
+ has_permission_on :people, :to => :show
370
+ end
371
+ end
372
+ }
373
+ request!(MockUser.new(:test_role), "show", reader)
374
+ assert @controller.authorized?
375
+ end
376
+ end
377
+
378
+
379
+ ##################
380
+ class CommonController < MocksController
381
+ filter_access_to :delete, :context => :common
382
+ filter_access_to :all
383
+ end
384
+ class CommonChild1Controller < CommonController
385
+ filter_access_to :all, :context => :context_1
386
+ end
387
+ class CommonChild2Controller < CommonController
388
+ filter_access_to :delete
389
+ define_action_methods :show, :delete
390
+ end
391
+ class HierachicalControllerTest < ActionController::TestCase
392
+ tests CommonChild2Controller
393
+ def test_controller_hierarchy
394
+ reader = Authorization::Reader::DSLReader.new
395
+ reader.parse %{
396
+ authorization do
397
+ role :test_role do
398
+ has_permission_on :mocks, :to => [:delete, :show]
399
+ end
400
+ end
401
+ }
402
+ request!(MockUser.new(:test_role), "show", reader)
403
+ assert !@controller.authorized?
404
+ request!(MockUser.new(:test_role), "delete", reader)
405
+ assert !@controller.authorized?
406
+ end
407
+ end
408
+
409
+ ##################
410
+ module Name
411
+ class SpacedThingsController < MocksController
412
+ filter_access_to :show
413
+ filter_access_to :update, :context => :spaced_things
414
+ define_action_methods :show, :update
415
+ end
416
+ end
417
+ class NameSpacedControllerTest < ActionController::TestCase
418
+ tests Name::SpacedThingsController
419
+ def test_context
420
+ reader = Authorization::Reader::DSLReader.new
421
+ reader.parse %{
422
+ authorization do
423
+ role :permitted_role do
424
+ has_permission_on :name_spaced_things, :to => :show
425
+ has_permission_on :spaced_things, :to => :update
426
+ end
427
+ role :prohibited_role do
428
+ has_permission_on :name_spaced_things, :to => :update
429
+ has_permission_on :spaced_things, :to => :show
430
+ end
431
+ end
432
+ }
433
+ request!(MockUser.new(:permitted_role), "show", reader)
434
+ assert @controller.authorized?
435
+ request!(MockUser.new(:prohibited_role), "show", reader)
436
+ assert !@controller.authorized?
437
+ request!(MockUser.new(:permitted_role), "update", reader)
438
+ assert @controller.authorized?
439
+ request!(MockUser.new(:prohibited_role), "update", reader)
440
+ assert !@controller.authorized?
441
+ end
442
+ end
443
+
444
+ module Deep
445
+ module NameSpaced
446
+ class ThingsController < MocksController
447
+ filter_access_to :show
448
+ filter_access_to :update, :context => :things
449
+ define_action_methods :show, :update
450
+ end
451
+ end
452
+ end
453
+ class DeepNameSpacedControllerTest < ActionController::TestCase
454
+ tests Deep::NameSpaced::ThingsController
455
+ def test_context
456
+ reader = Authorization::Reader::DSLReader.new
457
+ reader.parse %{
458
+ authorization do
459
+ role :permitted_role do
460
+ has_permission_on :deep_name_spaced_things, :to => :show
461
+ has_permission_on :things, :to => :update
462
+ end
463
+ role :prohibited_role do
464
+ has_permission_on :deep_name_spaced_things, :to => :update
465
+ has_permission_on :things, :to => :show
466
+ end
467
+ end
468
+ }
469
+ request!(MockUser.new(:permitted_role), "show", reader)
470
+ assert @controller.authorized?
471
+ request!(MockUser.new(:prohibited_role), "show", reader)
472
+ assert !@controller.authorized?
473
+ request!(MockUser.new(:permitted_role), "update", reader)
474
+ assert @controller.authorized?
475
+ request!(MockUser.new(:prohibited_role), "update", reader)
476
+ assert !@controller.authorized?
477
+ end
478
+ end