ae_declarative_authorization 0.7.1 → 0.8.0

data/test/database.yml

@@ -1,3 +1,3 @@
-test:
-  adapter: sqlite3
-  database: ":memory:"
+test:
+  adapter: sqlite3
+  database: ":memory:"

data/test/dsl_reader_test.rb

@@ -1,178 +1,178 @@
-require 'test_helper'
-
-class DSLReaderTest < Test::Unit::TestCase
-  def test_privileges
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      privileges do
-        privilege :test_priv do
-          includes :lower_priv
-        end
-      end
-    }
-    assert_equal 2, reader.privileges_reader.privileges.length
-    assert_equal [[:lower_priv, nil]], 
-      reader.privileges_reader.privilege_hierarchy[:test_priv]
-  end
-  
-  def test_privileges_with_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      privileges do
-        privilege :test_priv, :test_context do
-          includes :lower_priv
-        end
-      end
-    }
-    assert_equal [[:lower_priv, :test_context]], 
-      reader.privileges_reader.privilege_hierarchy[:test_priv]
-  end
-  
-  def test_privileges_one_line
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      privileges do
-        privilege :test_priv, :test_context, :includes => :lower_priv
-        privilege :test_priv_2, :test_context, :includes => [:lower_priv]
-        privilege :test_priv_3, :includes => [:lower_priv]
-      end
-    }
-    assert_equal [[:lower_priv, :test_context]], 
-      reader.privileges_reader.privilege_hierarchy[:test_priv]
-    assert_equal [[:lower_priv, :test_context]], 
-      reader.privileges_reader.privilege_hierarchy[:test_priv_2]
-    assert_equal [[:lower_priv, nil]], 
-      reader.privileges_reader.privilege_hierarchy[:test_priv_3]
-  end
-  
-  def test_auth_role
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          includes :lesser_role
-          has_permission_on :items, :to => :read
-        end
-      end
-    }
-    assert_equal 1, reader.auth_rules_reader.roles.length
-    assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role]
-    assert_equal 1, reader.auth_rules_reader.auth_rules.length
-  end
-  
-  def test_auth_role_permit_on
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :test_context do
-            to :test_perm, :manage
-            if_attribute :test_attr => is { user.test_attr }
-          end
-        end
-      end
-    |
-    assert_equal 1, reader.auth_rules_reader.roles.length
-    assert_equal 1, reader.auth_rules_reader.auth_rules.length
-    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
-    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
-  end
-  
-  def test_permit_block
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :perms, :to => :test do
-            if_attribute :test_attr   => is { user.test_attr }
-            if_attribute :test_attr_2 => is_not { user.test_attr }
-            if_attribute :test_attr_3 => contains { user.test_attr }
-            if_attribute :test_attr_4 => does_not_contain { user.test_attr }
-            if_attribute :test_attr_5 => is_in { user.test_attr }
-            if_attribute :test_attr_5 => is_not_in { user.test_attr }
-            if_attribute :test_attr_6 => lt { user.test_attr }
-            if_attribute :test_attr_6 => lte { user.test_attr }
-            if_attribute :test_attr_6 => gt { user.test_attr }
-            if_attribute :test_attr_6 => gte { user.test_attr }
-          end
-        end
-      end
-    |
-    assert_equal 1, reader.auth_rules_reader.roles.length
-    assert_equal 1, reader.auth_rules_reader.auth_rules.length
-    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
-  end
-  
-  def test_has_permission_to_with_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :perms, :to => :test
-        end
-      end
-    |
-    assert_equal 1, reader.auth_rules_reader.roles.length
-    assert_equal 1, reader.auth_rules_reader.auth_rules.length
-    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
-  end
-  
-  def test_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      contexts do
-        context :high_level_context do
-          includes :low_level_context_1, :low_level_context_2
-        end
-      end
-    }
-  end
-  
-  def test_dsl_error
-    reader = Authorization::Reader::DSLReader.new
-    assert_raise(Authorization::Reader::DSLError) do
-      reader.parse %{
-        authorization do
-          includes :lesser_role
-        end
-      }
-    end
-  end
-  
-  def test_syntax_error
-    reader = Authorization::Reader::DSLReader.new
-    assert_raise(Authorization::Reader::DSLSyntaxError) do
-      reader.parse %{
-        authorizations do
-        end
-      }
-    end
-  end
-  
-  def test_syntax_error_2
-    reader = Authorization::Reader::DSLReader.new
-    assert_raise(Authorization::Reader::DSLSyntaxError) do
-      reader.parse %{
-        authorizations
-        end
-      }
-    end
-  end
-
-  def test_factory_returns_self
-    reader = Authorization::Reader::DSLReader.new
-    assert_equal(Authorization::Reader::DSLReader.factory(reader).object_id, reader.object_id)
-  end
-
-  def test_factory_loads_file
-    reader = Authorization::Reader::DSLReader.factory((DA_ROOT + "authorization_rules.dist.rb").to_s)
-    assert_equal(Authorization::Reader::DSLReader, reader.class)
-  end
-
-  def test_load_file_not_found
-    assert_raise(Authorization::Reader::DSLFileNotFoundError) do
-      Authorization::Reader::DSLReader.new.load!("nonexistent_file.rb")
-    end
-  end
-end
-
+require 'test_helper'
+
+class DSLReaderTest < Test::Unit::TestCase
+  def test_privileges
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      privileges do
+        privilege :test_priv do
+          includes :lower_priv
+        end
+      end
+    }
+    assert_equal 2, reader.privileges_reader.privileges.length
+    assert_equal [[:lower_priv, nil]], 
+      reader.privileges_reader.privilege_hierarchy[:test_priv]
+  end
+  
+  def test_privileges_with_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      privileges do
+        privilege :test_priv, :test_context do
+          includes :lower_priv
+        end
+      end
+    }
+    assert_equal [[:lower_priv, :test_context]], 
+      reader.privileges_reader.privilege_hierarchy[:test_priv]
+  end
+  
+  def test_privileges_one_line
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      privileges do
+        privilege :test_priv, :test_context, :includes => :lower_priv
+        privilege :test_priv_2, :test_context, :includes => [:lower_priv]
+        privilege :test_priv_3, :includes => [:lower_priv]
+      end
+    }
+    assert_equal [[:lower_priv, :test_context]], 
+      reader.privileges_reader.privilege_hierarchy[:test_priv]
+    assert_equal [[:lower_priv, :test_context]], 
+      reader.privileges_reader.privilege_hierarchy[:test_priv_2]
+    assert_equal [[:lower_priv, nil]], 
+      reader.privileges_reader.privilege_hierarchy[:test_priv_3]
+  end
+  
+  def test_auth_role
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          includes :lesser_role
+          has_permission_on :items, :to => :read
+        end
+      end
+    }
+    assert_equal 1, reader.auth_rules_reader.roles.length
+    assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role]
+    assert_equal 1, reader.auth_rules_reader.auth_rules.length
+  end
+  
+  def test_auth_role_permit_on
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %|
+      authorization do
+        role :test_role do
+          has_permission_on :test_context do
+            to :test_perm, :manage
+            if_attribute :test_attr => is { user.test_attr }
+          end
+        end
+      end
+    |
+    assert_equal 1, reader.auth_rules_reader.roles.length
+    assert_equal 1, reader.auth_rules_reader.auth_rules.length
+    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
+    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
+  end
+  
+  def test_permit_block
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %|
+      authorization do
+        role :test_role do
+          has_permission_on :perms, :to => :test do
+            if_attribute :test_attr   => is { user.test_attr }
+            if_attribute :test_attr_2 => is_not { user.test_attr }
+            if_attribute :test_attr_3 => contains { user.test_attr }
+            if_attribute :test_attr_4 => does_not_contain { user.test_attr }
+            if_attribute :test_attr_5 => is_in { user.test_attr }
+            if_attribute :test_attr_5 => is_not_in { user.test_attr }
+            if_attribute :test_attr_6 => lt { user.test_attr }
+            if_attribute :test_attr_6 => lte { user.test_attr }
+            if_attribute :test_attr_6 => gt { user.test_attr }
+            if_attribute :test_attr_6 => gte { user.test_attr }
+          end
+        end
+      end
+    |
+    assert_equal 1, reader.auth_rules_reader.roles.length
+    assert_equal 1, reader.auth_rules_reader.auth_rules.length
+    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
+  end
+  
+  def test_has_permission_to_with_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %|
+      authorization do
+        role :test_role do
+          has_permission_on :perms, :to => :test
+        end
+      end
+    |
+    assert_equal 1, reader.auth_rules_reader.roles.length
+    assert_equal 1, reader.auth_rules_reader.auth_rules.length
+    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
+  end
+  
+  def test_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      contexts do
+        context :high_level_context do
+          includes :low_level_context_1, :low_level_context_2
+        end
+      end
+    }
+  end
+  
+  def test_dsl_error
+    reader = Authorization::Reader::DSLReader.new
+    assert_raise(Authorization::Reader::DSLError) do
+      reader.parse %{
+        authorization do
+          includes :lesser_role
+        end
+      }
+    end
+  end
+  
+  def test_syntax_error
+    reader = Authorization::Reader::DSLReader.new
+    assert_raise(Authorization::Reader::DSLSyntaxError) do
+      reader.parse %{
+        authorizations do
+        end
+      }
+    end
+  end
+  
+  def test_syntax_error_2
+    reader = Authorization::Reader::DSLReader.new
+    assert_raise(Authorization::Reader::DSLSyntaxError) do
+      reader.parse %{
+        authorizations
+        end
+      }
+    end
+  end
+
+  def test_factory_returns_self
+    reader = Authorization::Reader::DSLReader.new
+    assert_equal(Authorization::Reader::DSLReader.factory(reader).object_id, reader.object_id)
+  end
+
+  def test_factory_loads_file
+    reader = Authorization::Reader::DSLReader.factory((DA_ROOT + "authorization_rules.dist.rb").to_s)
+    assert_equal(Authorization::Reader::DSLReader, reader.class)
+  end
+
+  def test_load_file_not_found
+    assert_raise(Authorization::Reader::DSLFileNotFoundError) do
+      Authorization::Reader::DSLReader.new.load!("nonexistent_file.rb")
+    end
+  end
+end
+

data/test/functional/filter_access_to_with_id_in_scope_test.rb

@@ -1,88 +1,88 @@
-require 'test_helper'
-
-class UsersController < MocksController
-  before_action :initialize_user
-  filter_access_to :all, attribute_check: true
-  define_action_methods :show
-
-  def initialize_user
-    @user = User.find(params[:id])
-  end
-end
-
-class FilterAccessToWithIdInScopeTest < ActionController::TestCase
-  include DeclarativeAuthorization::Test::Helpers
-
-  tests UsersController
-
-  access_tests do
-    params :user do |old_user, new_user|
-      assert_equal :old_user, old_user
-      assert_equal :new_user, new_user
-      { id: User.create! }
-    end
-    
-    role :users do
-      privilege :read do
-        allowed to: :show, with: :user
-      end
-    end
-  end
-
-  AUTHORIZATION_RULES = <<-RULES.freeze
-    authorization do
-      role :users__read do
-        has_permission_on :users, :to => [:show] do
-          if_attribute :id => id_in_scope { User.visible_by(user) }
-        end
-      end
-    end
-  RULES
-
-  setup do
-    @reader = Authorization::Reader::DSLReader.new
-    @reader.parse(AUTHORIZATION_RULES)
-    Authorization::Engine.instance(@reader)
-  end
-
-  def test_id_in_scope__filter_access_to__has_access
-    with_routing do |map|
-      setup_routes(map)
-
-      current_user = User.create!(role_symbols: [:users__read])
-      different_user = User.create!
-
-      request!(current_user, :show, @reader, id: current_user.id)
-      assert @controller.authorized?
-    end
-  end
-
-  def test_id_in_scope__filter_access_to__does_not_have_access
-    with_routing do |map|
-      setup_routes(map)
-
-      current_user = User.create!(role_symbols: [:users__read])
-      different_user = User.create!
-
-      request!(current_user, :show, @reader, id: different_user.id)
-      assert !@controller.authorized?
-    end
-  end
-
-  private
-
-  def setup_routes(map)
-    map.draw do
-      get '/users', controller: 'users', action: :show
-    end
-  end
-
-  def access_test_user(role, privilege)
-    User.new(role_symbols: [ :"#{role}__#{privilege}" ])
-  end
-
-  def access_test_params_for_param_methods
-    [:old_user, :new_user]
-  end
-end
-
+require 'test_helper'
+
+class UsersController < MocksController
+  before_action :initialize_user
+  filter_access_to :all, attribute_check: true
+  define_action_methods :show
+
+  def initialize_user
+    @user = User.find(params[:id])
+  end
+end
+
+class FilterAccessToWithIdInScopeTest < ActionController::TestCase
+  include DeclarativeAuthorization::Test::Helpers
+
+  tests UsersController
+
+  access_tests do
+    params :user do |old_user, new_user|
+      assert_equal :old_user, old_user
+      assert_equal :new_user, new_user
+      { id: User.create! }
+    end
+    
+    role :users do
+      privilege :read do
+        allowed to: :show, with: :user
+      end
+    end
+  end
+
+  AUTHORIZATION_RULES = <<-RULES.freeze
+    authorization do
+      role :users__read do
+        has_permission_on :users, :to => [:show] do
+          if_attribute :id => id_in_scope { User.visible_by(user) }
+        end
+      end
+    end
+  RULES
+
+  setup do
+    @reader = Authorization::Reader::DSLReader.new
+    @reader.parse(AUTHORIZATION_RULES)
+    Authorization::Engine.instance(@reader)
+  end
+
+  def test_id_in_scope__filter_access_to__has_access
+    with_routing do |map|
+      setup_routes(map)
+
+      current_user = User.create!(role_symbols: [:users__read])
+      different_user = User.create!
+
+      request!(current_user, :show, @reader, id: current_user.id)
+      assert @controller.authorized?
+    end
+  end
+
+  def test_id_in_scope__filter_access_to__does_not_have_access
+    with_routing do |map|
+      setup_routes(map)
+
+      current_user = User.create!(role_symbols: [:users__read])
+      different_user = User.create!
+
+      request!(current_user, :show, @reader, id: different_user.id)
+      assert !@controller.authorized?
+    end
+  end
+
+  private
+
+  def setup_routes(map)
+    map.draw do
+      get '/users', controller: 'users', action: :show
+    end
+  end
+
+  def access_test_user(role, privilege)
+    User.new(role_symbols: [ :"#{role}__#{privilege}" ])
+  end
+
+  def access_test_params_for_param_methods
+    [:old_user, :new_user]
+  end
+end
+