ae_declarative_authorization 0.7.1 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Appraisals +31 -21
- data/CHANGELOG +189 -189
- data/Gemfile +7 -7
- data/Gemfile.lock +68 -60
- data/LICENSE.txt +20 -20
- data/README.md +620 -620
- data/README.rdoc +597 -597
- data/Rakefile +35 -33
- data/authorization_rules.dist.rb +20 -20
- data/declarative_authorization.gemspec +24 -24
- data/gemfiles/rails4252.gemfile +10 -10
- data/gemfiles/rails4252.gemfile.lock +126 -0
- data/gemfiles/rails4271.gemfile +10 -10
- data/gemfiles/rails4271.gemfile.lock +126 -0
- data/gemfiles/rails507.gemfile +11 -11
- data/gemfiles/rails507.gemfile.lock +136 -0
- data/gemfiles/rails516.gemfile +11 -0
- data/gemfiles/rails516.gemfile.lock +136 -0
- data/gemfiles/rails521.gemfile +11 -0
- data/gemfiles/rails521.gemfile.lock +144 -0
- data/init.rb +5 -5
- data/lib/declarative_authorization.rb +18 -18
- data/lib/declarative_authorization/authorization.rb +821 -821
- data/lib/declarative_authorization/helper.rb +78 -78
- data/lib/declarative_authorization/in_controller.rb +713 -713
- data/lib/declarative_authorization/in_model.rb +156 -156
- data/lib/declarative_authorization/maintenance.rb +215 -215
- data/lib/declarative_authorization/obligation_scope.rb +348 -345
- data/lib/declarative_authorization/railsengine.rb +5 -5
- data/lib/declarative_authorization/reader.rb +549 -549
- data/lib/declarative_authorization/test/helpers.rb +261 -261
- data/lib/declarative_authorization/version.rb +3 -3
- data/lib/generators/authorization/install/install_generator.rb +77 -77
- data/lib/generators/authorization/rules/rules_generator.rb +13 -13
- data/lib/generators/authorization/rules/templates/authorization_rules.rb +27 -27
- data/lib/tasks/authorization_tasks.rake +89 -89
- data/log/test.log +15246 -0
- data/pkg/ae_declarative_authorization-0.7.1.gem +0 -0
- data/pkg/ae_declarative_authorization-0.8.0.gem +0 -0
- data/test/authorization_test.rb +1121 -1121
- data/test/controller_filter_resource_access_test.rb +573 -573
- data/test/controller_test.rb +478 -478
- data/test/database.yml +3 -3
- data/test/dsl_reader_test.rb +178 -178
- data/test/functional/filter_access_to_with_id_in_scope_test.rb +88 -88
- data/test/functional/no_filter_access_to_test.rb +79 -79
- data/test/functional/params_block_arity_test.rb +39 -39
- data/test/helper_test.rb +248 -248
- data/test/maintenance_test.rb +46 -46
- data/test/model_test.rb +1840 -1840
- data/test/profiles/access_checking +20 -0
- data/test/schema.sql +60 -60
- data/test/test_helper.rb +174 -174
- data/test/test_support/minitest_compatibility.rb +26 -26
- metadata +17 -5
@@ -1,79 +1,79 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class NoFilterAccessObject < MockDataObject
|
4
|
-
def self.name
|
5
|
-
"NoFilterAccessObject"
|
6
|
-
end
|
7
|
-
end
|
8
|
-
|
9
|
-
class NoFilterAccessObjectsController < MocksController
|
10
|
-
filter_access_to :all, attribute_check: true, load_method: :find_no_filter_access_object
|
11
|
-
no_filter_access_to :index
|
12
|
-
|
13
|
-
define_action_methods :index, :show
|
14
|
-
|
15
|
-
private
|
16
|
-
|
17
|
-
def find_no_filter_access_object
|
18
|
-
NoFilterAccessObject.find_or_initialize_by(params.permit(:id, :special_attribute).to_hash)
|
19
|
-
end
|
20
|
-
end
|
21
|
-
|
22
|
-
class NoFilterAccessToTest < ActionController::TestCase
|
23
|
-
include DeclarativeAuthorization::Test::Helpers
|
24
|
-
tests NoFilterAccessObjectsController
|
25
|
-
|
26
|
-
access_tests_not_required
|
27
|
-
|
28
|
-
AUTHORIZATION_RULES = <<-RULES.freeze
|
29
|
-
authorization do
|
30
|
-
role :allowed_role do
|
31
|
-
has_permission_on :no_filter_access_objects, to: :index do
|
32
|
-
if_attribute special_attribute: is { 'secret' }
|
33
|
-
end
|
34
|
-
has_permission_on :no_filter_access_objects, to: :show do
|
35
|
-
if_attribute id: is { '1' }
|
36
|
-
end
|
37
|
-
end
|
38
|
-
end
|
39
|
-
RULES
|
40
|
-
|
41
|
-
setup do
|
42
|
-
@reader = Authorization::Reader::DSLReader.new
|
43
|
-
@reader.parse(AUTHORIZATION_RULES)
|
44
|
-
Authorization::Engine.instance(@reader)
|
45
|
-
end
|
46
|
-
|
47
|
-
def test_filter_access_to
|
48
|
-
with_routing do |map|
|
49
|
-
map.draw do
|
50
|
-
resources :no_filter_access_objects, only: [:index, :show]
|
51
|
-
end
|
52
|
-
|
53
|
-
disallowed_user = MockUser.new
|
54
|
-
allowed_user = MockUser.new(:allowed_role)
|
55
|
-
|
56
|
-
request!(disallowed_user, :show, @reader, id: '1')
|
57
|
-
assert !@controller.authorized?
|
58
|
-
|
59
|
-
request!(allowed_user, :show, @reader, id: '100', clear: [:@no_filter_access_object])
|
60
|
-
assert !@controller.authorized?
|
61
|
-
|
62
|
-
request!(allowed_user, :show, @reader, id: '1', clear: [:@no_filter_access_object])
|
63
|
-
assert @controller.authorized?
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
def test_no_filter_access_to
|
68
|
-
with_routing do |map|
|
69
|
-
map.draw do
|
70
|
-
resources :no_filter_access_objects, only: [:index, :show]
|
71
|
-
end
|
72
|
-
|
73
|
-
non_special_user = MockUser.new
|
74
|
-
|
75
|
-
request!(non_special_user, :index, @reader, id: '1', special_attribute: 'wrong')
|
76
|
-
assert @controller.authorized?
|
77
|
-
end
|
78
|
-
end
|
79
|
-
end
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class NoFilterAccessObject < MockDataObject
|
4
|
+
def self.name
|
5
|
+
"NoFilterAccessObject"
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
9
|
+
class NoFilterAccessObjectsController < MocksController
|
10
|
+
filter_access_to :all, attribute_check: true, load_method: :find_no_filter_access_object
|
11
|
+
no_filter_access_to :index
|
12
|
+
|
13
|
+
define_action_methods :index, :show
|
14
|
+
|
15
|
+
private
|
16
|
+
|
17
|
+
def find_no_filter_access_object
|
18
|
+
NoFilterAccessObject.find_or_initialize_by(params.permit(:id, :special_attribute).to_hash)
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
class NoFilterAccessToTest < ActionController::TestCase
|
23
|
+
include DeclarativeAuthorization::Test::Helpers
|
24
|
+
tests NoFilterAccessObjectsController
|
25
|
+
|
26
|
+
access_tests_not_required
|
27
|
+
|
28
|
+
AUTHORIZATION_RULES = <<-RULES.freeze
|
29
|
+
authorization do
|
30
|
+
role :allowed_role do
|
31
|
+
has_permission_on :no_filter_access_objects, to: :index do
|
32
|
+
if_attribute special_attribute: is { 'secret' }
|
33
|
+
end
|
34
|
+
has_permission_on :no_filter_access_objects, to: :show do
|
35
|
+
if_attribute id: is { '1' }
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
RULES
|
40
|
+
|
41
|
+
setup do
|
42
|
+
@reader = Authorization::Reader::DSLReader.new
|
43
|
+
@reader.parse(AUTHORIZATION_RULES)
|
44
|
+
Authorization::Engine.instance(@reader)
|
45
|
+
end
|
46
|
+
|
47
|
+
def test_filter_access_to
|
48
|
+
with_routing do |map|
|
49
|
+
map.draw do
|
50
|
+
resources :no_filter_access_objects, only: [:index, :show]
|
51
|
+
end
|
52
|
+
|
53
|
+
disallowed_user = MockUser.new
|
54
|
+
allowed_user = MockUser.new(:allowed_role)
|
55
|
+
|
56
|
+
request!(disallowed_user, :show, @reader, id: '1')
|
57
|
+
assert !@controller.authorized?
|
58
|
+
|
59
|
+
request!(allowed_user, :show, @reader, id: '100', clear: [:@no_filter_access_object])
|
60
|
+
assert !@controller.authorized?
|
61
|
+
|
62
|
+
request!(allowed_user, :show, @reader, id: '1', clear: [:@no_filter_access_object])
|
63
|
+
assert @controller.authorized?
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
def test_no_filter_access_to
|
68
|
+
with_routing do |map|
|
69
|
+
map.draw do
|
70
|
+
resources :no_filter_access_objects, only: [:index, :show]
|
71
|
+
end
|
72
|
+
|
73
|
+
non_special_user = MockUser.new
|
74
|
+
|
75
|
+
request!(non_special_user, :index, @reader, id: '1', special_attribute: 'wrong')
|
76
|
+
assert @controller.authorized?
|
77
|
+
end
|
78
|
+
end
|
79
|
+
end
|
@@ -1,39 +1,39 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
|
3
|
-
class ParamsBlockArityTest < ActionController::TestCase
|
4
|
-
include DeclarativeAuthorization::Test::Helpers
|
5
|
-
|
6
|
-
class ParamsBlockArityTestController < ApplicationController
|
7
|
-
|
8
|
-
end
|
9
|
-
|
10
|
-
tests ParamsBlockArityTestController
|
11
|
-
|
12
|
-
access_tests do
|
13
|
-
|
14
|
-
params :less_than_max_arguments do | one |
|
15
|
-
{ this: :works }
|
16
|
-
end
|
17
|
-
|
18
|
-
params :too_many_arguments do | one, two, three |
|
19
|
-
{ what: :ever }
|
20
|
-
end
|
21
|
-
|
22
|
-
end
|
23
|
-
|
24
|
-
def test_params_arity
|
25
|
-
assert_raises(InvalidParamsBlockArity) do
|
26
|
-
access_test_params(:too_many_arguments)
|
27
|
-
end
|
28
|
-
|
29
|
-
assert_equal({ this: :works }, access_test_params(:less_than_max_arguments))
|
30
|
-
end
|
31
|
-
|
32
|
-
private
|
33
|
-
|
34
|
-
def access_test_params_for_param_methods
|
35
|
-
[:old_user, :new_user]
|
36
|
-
end
|
37
|
-
|
38
|
-
end
|
39
|
-
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class ParamsBlockArityTest < ActionController::TestCase
|
4
|
+
include DeclarativeAuthorization::Test::Helpers
|
5
|
+
|
6
|
+
class ParamsBlockArityTestController < ApplicationController
|
7
|
+
|
8
|
+
end
|
9
|
+
|
10
|
+
tests ParamsBlockArityTestController
|
11
|
+
|
12
|
+
access_tests do
|
13
|
+
|
14
|
+
params :less_than_max_arguments do | one |
|
15
|
+
{ this: :works }
|
16
|
+
end
|
17
|
+
|
18
|
+
params :too_many_arguments do | one, two, three |
|
19
|
+
{ what: :ever }
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
|
24
|
+
def test_params_arity
|
25
|
+
assert_raises(InvalidParamsBlockArity) do
|
26
|
+
access_test_params(:too_many_arguments)
|
27
|
+
end
|
28
|
+
|
29
|
+
assert_equal({ this: :works }, access_test_params(:less_than_max_arguments))
|
30
|
+
end
|
31
|
+
|
32
|
+
private
|
33
|
+
|
34
|
+
def access_test_params_for_param_methods
|
35
|
+
[:old_user, :new_user]
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
39
|
+
|
data/test/helper_test.rb
CHANGED
@@ -1,248 +1,248 @@
|
|
1
|
-
require 'test_helper'
|
2
|
-
require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization helper})
|
3
|
-
|
4
|
-
|
5
|
-
class HelperMocksController < MocksController
|
6
|
-
filter_access_to :action, :require => :show, :context => :mocks
|
7
|
-
define_action_methods :action
|
8
|
-
end
|
9
|
-
class HelperTest < ActionController::TestCase
|
10
|
-
tests HelperMocksController
|
11
|
-
include Authorization::AuthorizationHelper
|
12
|
-
attr_reader :controller
|
13
|
-
def test_permit
|
14
|
-
reader = Authorization::Reader::DSLReader.new
|
15
|
-
reader.parse %{
|
16
|
-
authorization do
|
17
|
-
role :test_role do
|
18
|
-
has_permission_on :mocks, :to => :show
|
19
|
-
end
|
20
|
-
role :test_role_2 do
|
21
|
-
has_permission_on :mocks, :to => :update
|
22
|
-
end
|
23
|
-
end
|
24
|
-
}
|
25
|
-
user = MockUser.new(:test_role)
|
26
|
-
request!(user, :action, reader)
|
27
|
-
|
28
|
-
assert permitted_to?(:show, :mocks)
|
29
|
-
assert !permitted_to?(:update, :mocks)
|
30
|
-
|
31
|
-
block_evaled = false
|
32
|
-
permitted_to?(:show, :mocks) do
|
33
|
-
block_evaled = true
|
34
|
-
end
|
35
|
-
assert block_evaled
|
36
|
-
|
37
|
-
block_evaled = false
|
38
|
-
permitted_to?(:update, :mocks) do
|
39
|
-
block_evaled = true
|
40
|
-
end
|
41
|
-
assert !block_evaled
|
42
|
-
end
|
43
|
-
|
44
|
-
def test_permit_with_object
|
45
|
-
reader = Authorization::Reader::DSLReader.new
|
46
|
-
reader.parse %{
|
47
|
-
authorization do
|
48
|
-
role :test_role do
|
49
|
-
has_permission_on :mocks do
|
50
|
-
to :show
|
51
|
-
if_attribute :test_attr => is {user.test_attr}
|
52
|
-
end
|
53
|
-
end
|
54
|
-
end
|
55
|
-
}
|
56
|
-
user = MockUser.new(:test_role, :test_attr => 1)
|
57
|
-
mock = MockDataObject.new(:test_attr => 1)
|
58
|
-
mock_2 = MockDataObject.new(:test_attr => 2)
|
59
|
-
request!(user, :action, reader)
|
60
|
-
|
61
|
-
assert permitted_to?(:show, mock)
|
62
|
-
assert permitted_to?(:show, :mocks)
|
63
|
-
assert !permitted_to?(:show, mock_2)
|
64
|
-
end
|
65
|
-
|
66
|
-
def test_permit_with_object_and_context
|
67
|
-
reader = Authorization::Reader::DSLReader.new
|
68
|
-
reader.parse %{
|
69
|
-
authorization do
|
70
|
-
role :test_role do
|
71
|
-
has_permission_on :other_mocks do
|
72
|
-
to :show
|
73
|
-
if_attribute :test_attr => is {user.test_attr}
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
77
|
-
}
|
78
|
-
user = MockUser.new(:test_role, :test_attr => 1)
|
79
|
-
mock = MockDataObject.new(:test_attr => 1)
|
80
|
-
mock_2 = MockDataObject.new(:test_attr => 2)
|
81
|
-
request!(user, :action, reader)
|
82
|
-
|
83
|
-
assert permitted_to?(:show, mock, :context => :other_mocks)
|
84
|
-
assert !permitted_to?(:show, mock_2, :context => :other_mocks)
|
85
|
-
end
|
86
|
-
|
87
|
-
def test_has_role
|
88
|
-
reader = Authorization::Reader::DSLReader.new
|
89
|
-
reader.parse %{
|
90
|
-
authorization do
|
91
|
-
role :test_role do
|
92
|
-
has_permission_on :mocks, :to => :show
|
93
|
-
end
|
94
|
-
end
|
95
|
-
}
|
96
|
-
user = MockUser.new(:test_role)
|
97
|
-
request!(user, :action, reader)
|
98
|
-
|
99
|
-
assert has_role?(:test_role)
|
100
|
-
assert !has_role?(:test_role2)
|
101
|
-
assert !has_role?(:test_role, :test_role2)
|
102
|
-
|
103
|
-
block_evaled = false
|
104
|
-
has_role?(:test_role) do
|
105
|
-
block_evaled = true
|
106
|
-
end
|
107
|
-
assert block_evaled
|
108
|
-
|
109
|
-
block_evaled = false
|
110
|
-
has_role?(:test_role2) do
|
111
|
-
block_evaled = true
|
112
|
-
end
|
113
|
-
assert !block_evaled
|
114
|
-
end
|
115
|
-
|
116
|
-
def test_has_any_role
|
117
|
-
reader = Authorization::Reader::DSLReader.new
|
118
|
-
reader.parse %{
|
119
|
-
authorization do
|
120
|
-
role :test_role do
|
121
|
-
has_permission_on :mocks, :to => :show
|
122
|
-
end
|
123
|
-
end
|
124
|
-
}
|
125
|
-
user = MockUser.new(:test_role)
|
126
|
-
request!(user, :action, reader)
|
127
|
-
|
128
|
-
assert has_any_role?(:test_role)
|
129
|
-
assert !has_any_role?(:test_role2)
|
130
|
-
assert has_any_role?(:test_role, :test_role2)
|
131
|
-
|
132
|
-
block_evaled = false
|
133
|
-
has_any_role?(:test_role) do
|
134
|
-
block_evaled = true
|
135
|
-
end
|
136
|
-
assert block_evaled
|
137
|
-
|
138
|
-
block_evaled = false
|
139
|
-
has_any_role?(:test_role2) do
|
140
|
-
block_evaled = true
|
141
|
-
end
|
142
|
-
assert !block_evaled
|
143
|
-
|
144
|
-
block_evaled = false
|
145
|
-
has_any_role?(:test_role,:test_role2) do
|
146
|
-
block_evaled = true
|
147
|
-
end
|
148
|
-
assert block_evaled
|
149
|
-
end
|
150
|
-
|
151
|
-
def test_has_role_with_guest_user
|
152
|
-
reader = Authorization::Reader::DSLReader.new
|
153
|
-
reader.parse %{
|
154
|
-
authorization do
|
155
|
-
end
|
156
|
-
}
|
157
|
-
request!(nil, :action, reader)
|
158
|
-
|
159
|
-
Authorization.stub :current_user, MockUser.new do
|
160
|
-
assert !has_role?(:test_role)
|
161
|
-
|
162
|
-
block_evaled = false
|
163
|
-
has_role?(:test_role) do
|
164
|
-
block_evaled = true
|
165
|
-
end
|
166
|
-
assert !block_evaled
|
167
|
-
end
|
168
|
-
end
|
169
|
-
|
170
|
-
def test_has_role_with_hierarchy
|
171
|
-
reader = Authorization::Reader::DSLReader.new
|
172
|
-
reader.parse %{
|
173
|
-
authorization do
|
174
|
-
role :test_role do
|
175
|
-
has_permission_on :mocks, :to => :show
|
176
|
-
end
|
177
|
-
role :other_role do
|
178
|
-
has_permission_on :another_mocks, :to => :show
|
179
|
-
end
|
180
|
-
|
181
|
-
role :root do
|
182
|
-
includes :test_role
|
183
|
-
end
|
184
|
-
end
|
185
|
-
}
|
186
|
-
|
187
|
-
user = MockUser.new(:root)
|
188
|
-
request!(user, :action, reader)
|
189
|
-
|
190
|
-
assert has_role_with_hierarchy?(:test_role)
|
191
|
-
assert !has_role_with_hierarchy?(:other_role)
|
192
|
-
|
193
|
-
block_evaled = false
|
194
|
-
has_role_with_hierarchy?(:test_role) do
|
195
|
-
block_evaled = true
|
196
|
-
end
|
197
|
-
assert block_evaled
|
198
|
-
|
199
|
-
block_evaled = false
|
200
|
-
has_role_with_hierarchy?(:test_role2) do
|
201
|
-
block_evaled = true
|
202
|
-
end
|
203
|
-
assert !block_evaled
|
204
|
-
end
|
205
|
-
|
206
|
-
def test_has_any_role_with_hierarchy
|
207
|
-
reader = Authorization::Reader::DSLReader.new
|
208
|
-
reader.parse %{
|
209
|
-
authorization do
|
210
|
-
role :test_role do
|
211
|
-
has_permission_on :mocks, :to => :show
|
212
|
-
end
|
213
|
-
role :other_role do
|
214
|
-
has_permission_on :another_mocks, :to => :show
|
215
|
-
end
|
216
|
-
|
217
|
-
role :root do
|
218
|
-
includes :test_role
|
219
|
-
end
|
220
|
-
end
|
221
|
-
}
|
222
|
-
|
223
|
-
user = MockUser.new(:root)
|
224
|
-
request!(user, :action, reader)
|
225
|
-
|
226
|
-
assert has_any_role_with_hierarchy?(:test_role)
|
227
|
-
assert !has_any_role_with_hierarchy?(:other_role)
|
228
|
-
assert has_any_role_with_hierarchy?(:test_role,:other_role)
|
229
|
-
|
230
|
-
block_evaled = false
|
231
|
-
has_any_role_with_hierarchy?(:test_role) do
|
232
|
-
block_evaled = true
|
233
|
-
end
|
234
|
-
assert block_evaled
|
235
|
-
|
236
|
-
block_evaled = false
|
237
|
-
has_any_role_with_hierarchy?(:test_role2) do
|
238
|
-
block_evaled = true
|
239
|
-
end
|
240
|
-
assert !block_evaled
|
241
|
-
|
242
|
-
block_evaled = false
|
243
|
-
has_any_role_with_hierarchy?(:test_role,:test_role2) do
|
244
|
-
block_evaled = true
|
245
|
-
end
|
246
|
-
assert block_evaled
|
247
|
-
end
|
248
|
-
end
|
1
|
+
require 'test_helper'
|
2
|
+
require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization helper})
|
3
|
+
|
4
|
+
|
5
|
+
class HelperMocksController < MocksController
|
6
|
+
filter_access_to :action, :require => :show, :context => :mocks
|
7
|
+
define_action_methods :action
|
8
|
+
end
|
9
|
+
class HelperTest < ActionController::TestCase
|
10
|
+
tests HelperMocksController
|
11
|
+
include Authorization::AuthorizationHelper
|
12
|
+
attr_reader :controller
|
13
|
+
def test_permit
|
14
|
+
reader = Authorization::Reader::DSLReader.new
|
15
|
+
reader.parse %{
|
16
|
+
authorization do
|
17
|
+
role :test_role do
|
18
|
+
has_permission_on :mocks, :to => :show
|
19
|
+
end
|
20
|
+
role :test_role_2 do
|
21
|
+
has_permission_on :mocks, :to => :update
|
22
|
+
end
|
23
|
+
end
|
24
|
+
}
|
25
|
+
user = MockUser.new(:test_role)
|
26
|
+
request!(user, :action, reader)
|
27
|
+
|
28
|
+
assert permitted_to?(:show, :mocks)
|
29
|
+
assert !permitted_to?(:update, :mocks)
|
30
|
+
|
31
|
+
block_evaled = false
|
32
|
+
permitted_to?(:show, :mocks) do
|
33
|
+
block_evaled = true
|
34
|
+
end
|
35
|
+
assert block_evaled
|
36
|
+
|
37
|
+
block_evaled = false
|
38
|
+
permitted_to?(:update, :mocks) do
|
39
|
+
block_evaled = true
|
40
|
+
end
|
41
|
+
assert !block_evaled
|
42
|
+
end
|
43
|
+
|
44
|
+
def test_permit_with_object
|
45
|
+
reader = Authorization::Reader::DSLReader.new
|
46
|
+
reader.parse %{
|
47
|
+
authorization do
|
48
|
+
role :test_role do
|
49
|
+
has_permission_on :mocks do
|
50
|
+
to :show
|
51
|
+
if_attribute :test_attr => is {user.test_attr}
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
}
|
56
|
+
user = MockUser.new(:test_role, :test_attr => 1)
|
57
|
+
mock = MockDataObject.new(:test_attr => 1)
|
58
|
+
mock_2 = MockDataObject.new(:test_attr => 2)
|
59
|
+
request!(user, :action, reader)
|
60
|
+
|
61
|
+
assert permitted_to?(:show, mock)
|
62
|
+
assert permitted_to?(:show, :mocks)
|
63
|
+
assert !permitted_to?(:show, mock_2)
|
64
|
+
end
|
65
|
+
|
66
|
+
def test_permit_with_object_and_context
|
67
|
+
reader = Authorization::Reader::DSLReader.new
|
68
|
+
reader.parse %{
|
69
|
+
authorization do
|
70
|
+
role :test_role do
|
71
|
+
has_permission_on :other_mocks do
|
72
|
+
to :show
|
73
|
+
if_attribute :test_attr => is {user.test_attr}
|
74
|
+
end
|
75
|
+
end
|
76
|
+
end
|
77
|
+
}
|
78
|
+
user = MockUser.new(:test_role, :test_attr => 1)
|
79
|
+
mock = MockDataObject.new(:test_attr => 1)
|
80
|
+
mock_2 = MockDataObject.new(:test_attr => 2)
|
81
|
+
request!(user, :action, reader)
|
82
|
+
|
83
|
+
assert permitted_to?(:show, mock, :context => :other_mocks)
|
84
|
+
assert !permitted_to?(:show, mock_2, :context => :other_mocks)
|
85
|
+
end
|
86
|
+
|
87
|
+
def test_has_role
|
88
|
+
reader = Authorization::Reader::DSLReader.new
|
89
|
+
reader.parse %{
|
90
|
+
authorization do
|
91
|
+
role :test_role do
|
92
|
+
has_permission_on :mocks, :to => :show
|
93
|
+
end
|
94
|
+
end
|
95
|
+
}
|
96
|
+
user = MockUser.new(:test_role)
|
97
|
+
request!(user, :action, reader)
|
98
|
+
|
99
|
+
assert has_role?(:test_role)
|
100
|
+
assert !has_role?(:test_role2)
|
101
|
+
assert !has_role?(:test_role, :test_role2)
|
102
|
+
|
103
|
+
block_evaled = false
|
104
|
+
has_role?(:test_role) do
|
105
|
+
block_evaled = true
|
106
|
+
end
|
107
|
+
assert block_evaled
|
108
|
+
|
109
|
+
block_evaled = false
|
110
|
+
has_role?(:test_role2) do
|
111
|
+
block_evaled = true
|
112
|
+
end
|
113
|
+
assert !block_evaled
|
114
|
+
end
|
115
|
+
|
116
|
+
def test_has_any_role
|
117
|
+
reader = Authorization::Reader::DSLReader.new
|
118
|
+
reader.parse %{
|
119
|
+
authorization do
|
120
|
+
role :test_role do
|
121
|
+
has_permission_on :mocks, :to => :show
|
122
|
+
end
|
123
|
+
end
|
124
|
+
}
|
125
|
+
user = MockUser.new(:test_role)
|
126
|
+
request!(user, :action, reader)
|
127
|
+
|
128
|
+
assert has_any_role?(:test_role)
|
129
|
+
assert !has_any_role?(:test_role2)
|
130
|
+
assert has_any_role?(:test_role, :test_role2)
|
131
|
+
|
132
|
+
block_evaled = false
|
133
|
+
has_any_role?(:test_role) do
|
134
|
+
block_evaled = true
|
135
|
+
end
|
136
|
+
assert block_evaled
|
137
|
+
|
138
|
+
block_evaled = false
|
139
|
+
has_any_role?(:test_role2) do
|
140
|
+
block_evaled = true
|
141
|
+
end
|
142
|
+
assert !block_evaled
|
143
|
+
|
144
|
+
block_evaled = false
|
145
|
+
has_any_role?(:test_role,:test_role2) do
|
146
|
+
block_evaled = true
|
147
|
+
end
|
148
|
+
assert block_evaled
|
149
|
+
end
|
150
|
+
|
151
|
+
def test_has_role_with_guest_user
|
152
|
+
reader = Authorization::Reader::DSLReader.new
|
153
|
+
reader.parse %{
|
154
|
+
authorization do
|
155
|
+
end
|
156
|
+
}
|
157
|
+
request!(nil, :action, reader)
|
158
|
+
|
159
|
+
Authorization.stub :current_user, MockUser.new do
|
160
|
+
assert !has_role?(:test_role)
|
161
|
+
|
162
|
+
block_evaled = false
|
163
|
+
has_role?(:test_role) do
|
164
|
+
block_evaled = true
|
165
|
+
end
|
166
|
+
assert !block_evaled
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
def test_has_role_with_hierarchy
|
171
|
+
reader = Authorization::Reader::DSLReader.new
|
172
|
+
reader.parse %{
|
173
|
+
authorization do
|
174
|
+
role :test_role do
|
175
|
+
has_permission_on :mocks, :to => :show
|
176
|
+
end
|
177
|
+
role :other_role do
|
178
|
+
has_permission_on :another_mocks, :to => :show
|
179
|
+
end
|
180
|
+
|
181
|
+
role :root do
|
182
|
+
includes :test_role
|
183
|
+
end
|
184
|
+
end
|
185
|
+
}
|
186
|
+
|
187
|
+
user = MockUser.new(:root)
|
188
|
+
request!(user, :action, reader)
|
189
|
+
|
190
|
+
assert has_role_with_hierarchy?(:test_role)
|
191
|
+
assert !has_role_with_hierarchy?(:other_role)
|
192
|
+
|
193
|
+
block_evaled = false
|
194
|
+
has_role_with_hierarchy?(:test_role) do
|
195
|
+
block_evaled = true
|
196
|
+
end
|
197
|
+
assert block_evaled
|
198
|
+
|
199
|
+
block_evaled = false
|
200
|
+
has_role_with_hierarchy?(:test_role2) do
|
201
|
+
block_evaled = true
|
202
|
+
end
|
203
|
+
assert !block_evaled
|
204
|
+
end
|
205
|
+
|
206
|
+
def test_has_any_role_with_hierarchy
|
207
|
+
reader = Authorization::Reader::DSLReader.new
|
208
|
+
reader.parse %{
|
209
|
+
authorization do
|
210
|
+
role :test_role do
|
211
|
+
has_permission_on :mocks, :to => :show
|
212
|
+
end
|
213
|
+
role :other_role do
|
214
|
+
has_permission_on :another_mocks, :to => :show
|
215
|
+
end
|
216
|
+
|
217
|
+
role :root do
|
218
|
+
includes :test_role
|
219
|
+
end
|
220
|
+
end
|
221
|
+
}
|
222
|
+
|
223
|
+
user = MockUser.new(:root)
|
224
|
+
request!(user, :action, reader)
|
225
|
+
|
226
|
+
assert has_any_role_with_hierarchy?(:test_role)
|
227
|
+
assert !has_any_role_with_hierarchy?(:other_role)
|
228
|
+
assert has_any_role_with_hierarchy?(:test_role,:other_role)
|
229
|
+
|
230
|
+
block_evaled = false
|
231
|
+
has_any_role_with_hierarchy?(:test_role) do
|
232
|
+
block_evaled = true
|
233
|
+
end
|
234
|
+
assert block_evaled
|
235
|
+
|
236
|
+
block_evaled = false
|
237
|
+
has_any_role_with_hierarchy?(:test_role2) do
|
238
|
+
block_evaled = true
|
239
|
+
end
|
240
|
+
assert !block_evaled
|
241
|
+
|
242
|
+
block_evaled = false
|
243
|
+
has_any_role_with_hierarchy?(:test_role,:test_role2) do
|
244
|
+
block_evaled = true
|
245
|
+
end
|
246
|
+
assert block_evaled
|
247
|
+
end
|
248
|
+
end
|