RubyGems - ae_declarative_authorization - Versions diffs - 0.7.1 → 0.8.0 - Mend

ae_declarative_authorization 0.7.1 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

checksums.yaml +5 -5
data/Appraisals +31 -21
data/CHANGELOG +189 -189
data/Gemfile +7 -7
data/Gemfile.lock +68 -60
data/LICENSE.txt +20 -20
data/README.md +620 -620
data/README.rdoc +597 -597
data/Rakefile +35 -33
data/authorization_rules.dist.rb +20 -20
data/declarative_authorization.gemspec +24 -24
data/gemfiles/rails4252.gemfile +10 -10
data/gemfiles/rails4252.gemfile.lock +126 -0
data/gemfiles/rails4271.gemfile +10 -10
data/gemfiles/rails4271.gemfile.lock +126 -0
data/gemfiles/rails507.gemfile +11 -11
data/gemfiles/rails507.gemfile.lock +136 -0
data/gemfiles/rails516.gemfile +11 -0
data/gemfiles/rails516.gemfile.lock +136 -0
data/gemfiles/rails521.gemfile +11 -0
data/gemfiles/rails521.gemfile.lock +144 -0
data/init.rb +5 -5
data/lib/declarative_authorization.rb +18 -18
data/lib/declarative_authorization/authorization.rb +821 -821
data/lib/declarative_authorization/helper.rb +78 -78
data/lib/declarative_authorization/in_controller.rb +713 -713
data/lib/declarative_authorization/in_model.rb +156 -156
data/lib/declarative_authorization/maintenance.rb +215 -215
data/lib/declarative_authorization/obligation_scope.rb +348 -345
data/lib/declarative_authorization/railsengine.rb +5 -5
data/lib/declarative_authorization/reader.rb +549 -549
data/lib/declarative_authorization/test/helpers.rb +261 -261
data/lib/declarative_authorization/version.rb +3 -3
data/lib/generators/authorization/install/install_generator.rb +77 -77
data/lib/generators/authorization/rules/rules_generator.rb +13 -13
data/lib/generators/authorization/rules/templates/authorization_rules.rb +27 -27
data/lib/tasks/authorization_tasks.rake +89 -89
data/log/test.log +15246 -0
data/pkg/ae_declarative_authorization-0.7.1.gem +0 -0
data/pkg/ae_declarative_authorization-0.8.0.gem +0 -0
data/test/authorization_test.rb +1121 -1121
data/test/controller_filter_resource_access_test.rb +573 -573
data/test/controller_test.rb +478 -478
data/test/database.yml +3 -3
data/test/dsl_reader_test.rb +178 -178
data/test/functional/filter_access_to_with_id_in_scope_test.rb +88 -88
data/test/functional/no_filter_access_to_test.rb +79 -79
data/test/functional/params_block_arity_test.rb +39 -39
data/test/helper_test.rb +248 -248
data/test/maintenance_test.rb +46 -46
data/test/model_test.rb +1840 -1840
data/test/profiles/access_checking +20 -0
data/test/schema.sql +60 -60
data/test/test_helper.rb +174 -174
data/test/test_support/minitest_compatibility.rb +26 -26
metadata +17 -5

data/test/functional/no_filter_access_to_test.rb CHANGED

@@ -1,79 +1,79 @@
-require 'test_helper'
-class NoFilterAccessObject < MockDataObject
-  def self.name
-    "NoFilterAccessObject"
-  end
-end
-class NoFilterAccessObjectsController < MocksController
-  filter_access_to :all, attribute_check: true, load_method: :find_no_filter_access_object
-  no_filter_access_to :index
-  define_action_methods :index, :show
-  private
-  def find_no_filter_access_object
-    NoFilterAccessObject.find_or_initialize_by(params.permit(:id, :special_attribute).to_hash)
-  end
-end
-class NoFilterAccessToTest < ActionController::TestCase
-  include DeclarativeAuthorization::Test::Helpers
-  tests NoFilterAccessObjectsController
-  access_tests_not_required
-  AUTHORIZATION_RULES = <<-RULES.freeze
-    authorization do
-      role :allowed_role do
-        has_permission_on :no_filter_access_objects, to: :index do
-          if_attribute special_attribute: is { 'secret' }
-        end
-        has_permission_on :no_filter_access_objects, to: :show do
-          if_attribute id: is { '1' }
-        end
-      end
-    end
-  RULES
-  setup do
-    @reader = Authorization::Reader::DSLReader.new
-    @reader.parse(AUTHORIZATION_RULES)
-    Authorization::Engine.instance(@reader)
-  end
-  def test_filter_access_to
-    with_routing do |map|
-      map.draw do
-        resources :no_filter_access_objects, only: [:index, :show]
-      end
-      disallowed_user = MockUser.new
-      allowed_user = MockUser.new(:allowed_role)
-      request!(disallowed_user, :show, @reader, id: '1')
-      assert !@controller.authorized?
-      request!(allowed_user, :show, @reader, id: '100', clear: [:@no_filter_access_object])
-      assert !@controller.authorized?
-      request!(allowed_user, :show, @reader, id: '1', clear: [:@no_filter_access_object])
-      assert @controller.authorized?
-    end
-  end
-  def test_no_filter_access_to
-    with_routing do |map|
-      map.draw do
-        resources :no_filter_access_objects, only: [:index, :show]
-      end
-      non_special_user = MockUser.new
-      request!(non_special_user, :index, @reader, id: '1', special_attribute: 'wrong')
-      assert @controller.authorized?
-    end
-  end
-end
+require 'test_helper'
+class NoFilterAccessObject < MockDataObject
+  def self.name
+    "NoFilterAccessObject"
+  end
+end
+class NoFilterAccessObjectsController < MocksController
+  filter_access_to :all, attribute_check: true, load_method: :find_no_filter_access_object
+  no_filter_access_to :index
+  define_action_methods :index, :show
+  private
+  def find_no_filter_access_object
+    NoFilterAccessObject.find_or_initialize_by(params.permit(:id, :special_attribute).to_hash)
+  end
+end
+class NoFilterAccessToTest < ActionController::TestCase
+  include DeclarativeAuthorization::Test::Helpers
+  tests NoFilterAccessObjectsController
+  access_tests_not_required
+  AUTHORIZATION_RULES = <<-RULES.freeze
+    authorization do
+      role :allowed_role do
+        has_permission_on :no_filter_access_objects, to: :index do
+          if_attribute special_attribute: is { 'secret' }
+        end
+        has_permission_on :no_filter_access_objects, to: :show do
+          if_attribute id: is { '1' }
+        end
+      end
+    end
+  RULES
+  setup do
+    @reader = Authorization::Reader::DSLReader.new
+    @reader.parse(AUTHORIZATION_RULES)
+    Authorization::Engine.instance(@reader)
+  end
+  def test_filter_access_to
+    with_routing do |map|
+      map.draw do
+        resources :no_filter_access_objects, only: [:index, :show]
+      end
+      disallowed_user = MockUser.new
+      allowed_user = MockUser.new(:allowed_role)
+      request!(disallowed_user, :show, @reader, id: '1')
+      assert !@controller.authorized?
+      request!(allowed_user, :show, @reader, id: '100', clear: [:@no_filter_access_object])
+      assert !@controller.authorized?
+      request!(allowed_user, :show, @reader, id: '1', clear: [:@no_filter_access_object])
+      assert @controller.authorized?
+    end
+  end
+  def test_no_filter_access_to
+    with_routing do |map|
+      map.draw do
+        resources :no_filter_access_objects, only: [:index, :show]
+      end
+      non_special_user = MockUser.new
+      request!(non_special_user, :index, @reader, id: '1', special_attribute: 'wrong')
+      assert @controller.authorized?
+    end
+  end
+end

data/test/functional/params_block_arity_test.rb CHANGED

@@ -1,39 +1,39 @@
-require 'test_helper'
-class ParamsBlockArityTest < ActionController::TestCase
-  include DeclarativeAuthorization::Test::Helpers
-  class ParamsBlockArityTestController < ApplicationController
-  end
-  tests ParamsBlockArityTestController
-  access_tests do
-    params :less_than_max_arguments do | one |
-      { this: :works }
-    end
-    params :too_many_arguments do | one, two, three |
-      { what: :ever }
-    end
-  end
-  def test_params_arity
-    assert_raises(InvalidParamsBlockArity) do
-      access_test_params(:too_many_arguments)
-    end
-    assert_equal({ this: :works }, access_test_params(:less_than_max_arguments))
-  end
-  private
-  def access_test_params_for_param_methods
-    [:old_user, :new_user]
-  end
-end
+require 'test_helper'
+class ParamsBlockArityTest < ActionController::TestCase
+  include DeclarativeAuthorization::Test::Helpers
+  class ParamsBlockArityTestController < ApplicationController
+  end
+  tests ParamsBlockArityTestController
+  access_tests do
+    params :less_than_max_arguments do | one |
+      { this: :works }
+    end
+    params :too_many_arguments do | one, two, three |
+      { what: :ever }
+    end
+  end
+  def test_params_arity
+    assert_raises(InvalidParamsBlockArity) do
+      access_test_params(:too_many_arguments)
+    end
+    assert_equal({ this: :works }, access_test_params(:less_than_max_arguments))
+  end
+  private
+  def access_test_params_for_param_methods
+    [:old_user, :new_user]
+  end
+end

data/test/helper_test.rb CHANGED

@@ -1,248 +1,248 @@
-require 'test_helper'
-require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization helper})
-class HelperMocksController < MocksController
-  filter_access_to :action, :require => :show, :context => :mocks
-  define_action_methods :action
-end
-class HelperTest < ActionController::TestCase
-  tests HelperMocksController
-  include Authorization::AuthorizationHelper
-  attr_reader :controller
-  def test_permit
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-        role :test_role_2 do
-          has_permission_on :mocks, :to => :update
-        end
-      end
-    }
-    user = MockUser.new(:test_role)
-    request!(user, :action, reader)
-    assert permitted_to?(:show, :mocks)
-    assert !permitted_to?(:update, :mocks)
-    block_evaled = false
-    permitted_to?(:show, :mocks) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    permitted_to?(:update, :mocks) do
-      block_evaled = true
-    end
-    assert !block_evaled
-  end
-  def test_permit_with_object
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks do
-            to :show
-            if_attribute :test_attr => is {user.test_attr}
-          end
-        end
-      end
-    }
-    user = MockUser.new(:test_role, :test_attr => 1)
-    mock = MockDataObject.new(:test_attr => 1)
-    mock_2 = MockDataObject.new(:test_attr => 2)
-    request!(user, :action, reader)
-    assert permitted_to?(:show, mock)
-    assert permitted_to?(:show, :mocks)
-    assert !permitted_to?(:show, mock_2)
-  end
-  def test_permit_with_object_and_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :other_mocks do
-            to :show
-            if_attribute :test_attr => is {user.test_attr}
-          end
-        end
-      end
-    }
-    user = MockUser.new(:test_role, :test_attr => 1)
-    mock = MockDataObject.new(:test_attr => 1)
-    mock_2 = MockDataObject.new(:test_attr => 2)
-    request!(user, :action, reader)
-    assert permitted_to?(:show, mock, :context => :other_mocks)
-    assert !permitted_to?(:show, mock_2, :context => :other_mocks)
-  end
-  def test_has_role
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-      end
-    }
-    user = MockUser.new(:test_role)
-    request!(user, :action, reader)
-    assert has_role?(:test_role)
-    assert !has_role?(:test_role2)
-    assert !has_role?(:test_role, :test_role2)
-    block_evaled = false
-    has_role?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_role?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-  end
-  def test_has_any_role
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-      end
-    }
-    user = MockUser.new(:test_role)
-    request!(user, :action, reader)
-    assert has_any_role?(:test_role)
-    assert !has_any_role?(:test_role2)
-    assert has_any_role?(:test_role, :test_role2)
-    block_evaled = false
-    has_any_role?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_any_role?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-    block_evaled = false
-    has_any_role?(:test_role,:test_role2) do
-      block_evaled = true
-    end
-    assert block_evaled
-  end
-  def test_has_role_with_guest_user
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-      end
-    }
-    request!(nil, :action, reader)
-    Authorization.stub :current_user, MockUser.new do
-      assert !has_role?(:test_role)
-      block_evaled = false
-      has_role?(:test_role) do
-        block_evaled = true
-      end
-      assert !block_evaled
-    end
-  end
-  def test_has_role_with_hierarchy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-        role :other_role do
-          has_permission_on :another_mocks, :to => :show
-        end
-        role :root do
-          includes :test_role
-        end
-      end
-    }
-    user = MockUser.new(:root)
-    request!(user, :action, reader)
-    assert has_role_with_hierarchy?(:test_role)
-    assert !has_role_with_hierarchy?(:other_role)
-    block_evaled = false
-    has_role_with_hierarchy?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_role_with_hierarchy?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-  end
-  def test_has_any_role_with_hierarchy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-        role :other_role do
-          has_permission_on :another_mocks, :to => :show
-        end
-        role :root do
-          includes :test_role
-        end
-      end
-    }
-    user = MockUser.new(:root)
-    request!(user, :action, reader)
-    assert has_any_role_with_hierarchy?(:test_role)
-    assert !has_any_role_with_hierarchy?(:other_role)
-    assert has_any_role_with_hierarchy?(:test_role,:other_role)
-    block_evaled = false
-    has_any_role_with_hierarchy?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_any_role_with_hierarchy?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-    block_evaled = false
-    has_any_role_with_hierarchy?(:test_role,:test_role2) do
-      block_evaled = true
-    end
-    assert block_evaled
-  end
-end
+require 'test_helper'
+require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization helper})
+class HelperMocksController < MocksController
+  filter_access_to :action, :require => :show, :context => :mocks
+  define_action_methods :action
+end
+class HelperTest < ActionController::TestCase
+  tests HelperMocksController
+  include Authorization::AuthorizationHelper
+  attr_reader :controller
+  def test_permit
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+        role :test_role_2 do
+          has_permission_on :mocks, :to => :update
+        end
+      end
+    }
+    user = MockUser.new(:test_role)
+    request!(user, :action, reader)
+    assert permitted_to?(:show, :mocks)
+    assert !permitted_to?(:update, :mocks)
+    block_evaled = false
+    permitted_to?(:show, :mocks) do
+      block_evaled = true
+    end
+    assert block_evaled
+    block_evaled = false
+    permitted_to?(:update, :mocks) do
+      block_evaled = true
+    end
+    assert !block_evaled
+  end
+  def test_permit_with_object
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks do
+            to :show
+            if_attribute :test_attr => is {user.test_attr}
+          end
+        end
+      end
+    }
+    user = MockUser.new(:test_role, :test_attr => 1)
+    mock = MockDataObject.new(:test_attr => 1)
+    mock_2 = MockDataObject.new(:test_attr => 2)
+    request!(user, :action, reader)
+    assert permitted_to?(:show, mock)
+    assert permitted_to?(:show, :mocks)
+    assert !permitted_to?(:show, mock_2)
+  end
+  def test_permit_with_object_and_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :other_mocks do
+            to :show
+            if_attribute :test_attr => is {user.test_attr}
+          end
+        end
+      end
+    }
+    user = MockUser.new(:test_role, :test_attr => 1)
+    mock = MockDataObject.new(:test_attr => 1)
+    mock_2 = MockDataObject.new(:test_attr => 2)
+    request!(user, :action, reader)
+    assert permitted_to?(:show, mock, :context => :other_mocks)
+    assert !permitted_to?(:show, mock_2, :context => :other_mocks)
+  end
+  def test_has_role
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+      end
+    }
+    user = MockUser.new(:test_role)
+    request!(user, :action, reader)
+    assert has_role?(:test_role)
+    assert !has_role?(:test_role2)
+    assert !has_role?(:test_role, :test_role2)
+    block_evaled = false
+    has_role?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    block_evaled = false
+    has_role?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+  end
+  def test_has_any_role
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+      end
+    }
+    user = MockUser.new(:test_role)
+    request!(user, :action, reader)
+    assert has_any_role?(:test_role)
+    assert !has_any_role?(:test_role2)
+    assert has_any_role?(:test_role, :test_role2)
+    block_evaled = false
+    has_any_role?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    block_evaled = false
+    has_any_role?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+    block_evaled = false
+    has_any_role?(:test_role,:test_role2) do
+      block_evaled = true
+    end
+    assert block_evaled
+  end
+  def test_has_role_with_guest_user
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+      end
+    }
+    request!(nil, :action, reader)
+    Authorization.stub :current_user, MockUser.new do
+      assert !has_role?(:test_role)
+      block_evaled = false
+      has_role?(:test_role) do
+        block_evaled = true
+      end
+      assert !block_evaled
+    end
+  end
+  def test_has_role_with_hierarchy
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+        role :other_role do
+          has_permission_on :another_mocks, :to => :show
+        end
+        role :root do
+          includes :test_role
+        end
+      end
+    }
+    user = MockUser.new(:root)
+    request!(user, :action, reader)
+    assert has_role_with_hierarchy?(:test_role)
+    assert !has_role_with_hierarchy?(:other_role)
+    block_evaled = false
+    has_role_with_hierarchy?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    block_evaled = false
+    has_role_with_hierarchy?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+  end
+  def test_has_any_role_with_hierarchy
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+        role :other_role do
+          has_permission_on :another_mocks, :to => :show
+        end
+        role :root do
+          includes :test_role
+        end
+      end
+    }
+    user = MockUser.new(:root)
+    request!(user, :action, reader)
+    assert has_any_role_with_hierarchy?(:test_role)
+    assert !has_any_role_with_hierarchy?(:other_role)
+    assert has_any_role_with_hierarchy?(:test_role,:other_role)
+    block_evaled = false
+    has_any_role_with_hierarchy?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    block_evaled = false
+    has_any_role_with_hierarchy?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+    block_evaled = false
+    has_any_role_with_hierarchy?(:test_role,:test_role2) do
+      block_evaled = true
+    end
+    assert block_evaled
+  end
+end