ae_declarative_authorization 0.7.1 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Appraisals +31 -21
- data/CHANGELOG +189 -189
- data/Gemfile +7 -7
- data/Gemfile.lock +68 -60
- data/LICENSE.txt +20 -20
- data/README.md +620 -620
- data/README.rdoc +597 -597
- data/Rakefile +35 -33
- data/authorization_rules.dist.rb +20 -20
- data/declarative_authorization.gemspec +24 -24
- data/gemfiles/rails4252.gemfile +10 -10
- data/gemfiles/rails4252.gemfile.lock +126 -0
- data/gemfiles/rails4271.gemfile +10 -10
- data/gemfiles/rails4271.gemfile.lock +126 -0
- data/gemfiles/rails507.gemfile +11 -11
- data/gemfiles/rails507.gemfile.lock +136 -0
- data/gemfiles/rails516.gemfile +11 -0
- data/gemfiles/rails516.gemfile.lock +136 -0
- data/gemfiles/rails521.gemfile +11 -0
- data/gemfiles/rails521.gemfile.lock +144 -0
- data/init.rb +5 -5
- data/lib/declarative_authorization.rb +18 -18
- data/lib/declarative_authorization/authorization.rb +821 -821
- data/lib/declarative_authorization/helper.rb +78 -78
- data/lib/declarative_authorization/in_controller.rb +713 -713
- data/lib/declarative_authorization/in_model.rb +156 -156
- data/lib/declarative_authorization/maintenance.rb +215 -215
- data/lib/declarative_authorization/obligation_scope.rb +348 -345
- data/lib/declarative_authorization/railsengine.rb +5 -5
- data/lib/declarative_authorization/reader.rb +549 -549
- data/lib/declarative_authorization/test/helpers.rb +261 -261
- data/lib/declarative_authorization/version.rb +3 -3
- data/lib/generators/authorization/install/install_generator.rb +77 -77
- data/lib/generators/authorization/rules/rules_generator.rb +13 -13
- data/lib/generators/authorization/rules/templates/authorization_rules.rb +27 -27
- data/lib/tasks/authorization_tasks.rake +89 -89
- data/log/test.log +15246 -0
- data/pkg/ae_declarative_authorization-0.7.1.gem +0 -0
- data/pkg/ae_declarative_authorization-0.8.0.gem +0 -0
- data/test/authorization_test.rb +1121 -1121
- data/test/controller_filter_resource_access_test.rb +573 -573
- data/test/controller_test.rb +478 -478
- data/test/database.yml +3 -3
- data/test/dsl_reader_test.rb +178 -178
- data/test/functional/filter_access_to_with_id_in_scope_test.rb +88 -88
- data/test/functional/no_filter_access_to_test.rb +79 -79
- data/test/functional/params_block_arity_test.rb +39 -39
- data/test/helper_test.rb +248 -248
- data/test/maintenance_test.rb +46 -46
- data/test/model_test.rb +1840 -1840
- data/test/profiles/access_checking +20 -0
- data/test/schema.sql +60 -60
- data/test/test_helper.rb +174 -174
- data/test/test_support/minitest_compatibility.rb +26 -26
- metadata +17 -5
@@ -0,0 +1,20 @@
|
|
1
|
+
UsersController
|
2
|
+
ParamsBlockArityTest::ParamsBlockArityTestController
|
3
|
+
UsersController
|
4
|
+
ParamsBlockArityTest::ParamsBlockArityTestController
|
5
|
+
UsersController
|
6
|
+
ParamsBlockArityTest::ParamsBlockArityTestController
|
7
|
+
UsersController
|
8
|
+
ParamsBlockArityTest::ParamsBlockArityTestController
|
9
|
+
UsersController
|
10
|
+
ParamsBlockArityTest::ParamsBlockArityTestController
|
11
|
+
UsersController
|
12
|
+
ParamsBlockArityTest::ParamsBlockArityTestController
|
13
|
+
UsersController
|
14
|
+
ParamsBlockArityTest::ParamsBlockArityTestController
|
15
|
+
UsersController
|
16
|
+
ParamsBlockArityTest::ParamsBlockArityTestController
|
17
|
+
UsersController
|
18
|
+
ParamsBlockArityTest::ParamsBlockArityTestController
|
19
|
+
UsersController
|
20
|
+
ParamsBlockArityTest::ParamsBlockArityTestController
|
data/test/schema.sql
CHANGED
@@ -1,60 +1,60 @@
|
|
1
|
-
CREATE TABLE 'test_models' (
|
2
|
-
'id' INTEGER PRIMARY KEY NOT NULL,
|
3
|
-
'test_attr_through_id' INTEGER,
|
4
|
-
'content' text,
|
5
|
-
'country_id' integer,
|
6
|
-
'created_at' datetime,
|
7
|
-
'updated_at' datetime
|
8
|
-
);
|
9
|
-
|
10
|
-
CREATE TABLE 'test_attrs' (
|
11
|
-
'id' INTEGER PRIMARY KEY NOT NULL,
|
12
|
-
'test_model_id' integer,
|
13
|
-
'test_another_model_id' integer,
|
14
|
-
'test_a_third_model_id' integer,
|
15
|
-
'branch_id' integer,
|
16
|
-
'company_id' integer,
|
17
|
-
'test_attr_through_id' INTEGER,
|
18
|
-
'n_way_join_item_id' INTEGER,
|
19
|
-
'test_model_security_model_id' integer,
|
20
|
-
'attr' integer default 1
|
21
|
-
);
|
22
|
-
|
23
|
-
CREATE TABLE 'test_attr_throughs' (
|
24
|
-
'id' INTEGER PRIMARY KEY NOT NULL,
|
25
|
-
'test_attr_id' integer
|
26
|
-
);
|
27
|
-
|
28
|
-
CREATE TABLE 'test_model_security_models' (
|
29
|
-
'id' INTEGER PRIMARY KEY NOT NULL,
|
30
|
-
'attr' integer default 1,
|
31
|
-
'attr_2' integer default 1,
|
32
|
-
'test_attr_id' integer
|
33
|
-
);
|
34
|
-
|
35
|
-
CREATE TABLE 'n_way_join_items' (
|
36
|
-
'id' INTEGER PRIMARY KEY NOT NULL
|
37
|
-
);
|
38
|
-
|
39
|
-
CREATE TABLE 'branches' (
|
40
|
-
'id' INTEGER PRIMARY KEY NOT NULL,
|
41
|
-
'company_id' integer,
|
42
|
-
'test_model_id' integer,
|
43
|
-
'name' text
|
44
|
-
);
|
45
|
-
|
46
|
-
CREATE TABLE 'companies' (
|
47
|
-
'id' INTEGER PRIMARY KEY NOT NULL,
|
48
|
-
'country_id' integer,
|
49
|
-
'type' text,
|
50
|
-
'name' text
|
51
|
-
);
|
52
|
-
|
53
|
-
CREATE TABLE 'countries' (
|
54
|
-
'id' INTEGER PRIMARY KEY NOT NULL,
|
55
|
-
'name' text
|
56
|
-
);
|
57
|
-
|
58
|
-
CREATE TABLE 'users' (
|
59
|
-
'id' INTEGER PRIMARY KEY NOT NULL
|
60
|
-
);
|
1
|
+
CREATE TABLE 'test_models' (
|
2
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
3
|
+
'test_attr_through_id' INTEGER,
|
4
|
+
'content' text,
|
5
|
+
'country_id' integer,
|
6
|
+
'created_at' datetime,
|
7
|
+
'updated_at' datetime
|
8
|
+
);
|
9
|
+
|
10
|
+
CREATE TABLE 'test_attrs' (
|
11
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
12
|
+
'test_model_id' integer,
|
13
|
+
'test_another_model_id' integer,
|
14
|
+
'test_a_third_model_id' integer,
|
15
|
+
'branch_id' integer,
|
16
|
+
'company_id' integer,
|
17
|
+
'test_attr_through_id' INTEGER,
|
18
|
+
'n_way_join_item_id' INTEGER,
|
19
|
+
'test_model_security_model_id' integer,
|
20
|
+
'attr' integer default 1
|
21
|
+
);
|
22
|
+
|
23
|
+
CREATE TABLE 'test_attr_throughs' (
|
24
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
25
|
+
'test_attr_id' integer
|
26
|
+
);
|
27
|
+
|
28
|
+
CREATE TABLE 'test_model_security_models' (
|
29
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
30
|
+
'attr' integer default 1,
|
31
|
+
'attr_2' integer default 1,
|
32
|
+
'test_attr_id' integer
|
33
|
+
);
|
34
|
+
|
35
|
+
CREATE TABLE 'n_way_join_items' (
|
36
|
+
'id' INTEGER PRIMARY KEY NOT NULL
|
37
|
+
);
|
38
|
+
|
39
|
+
CREATE TABLE 'branches' (
|
40
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
41
|
+
'company_id' integer,
|
42
|
+
'test_model_id' integer,
|
43
|
+
'name' text
|
44
|
+
);
|
45
|
+
|
46
|
+
CREATE TABLE 'companies' (
|
47
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
48
|
+
'country_id' integer,
|
49
|
+
'type' text,
|
50
|
+
'name' text
|
51
|
+
);
|
52
|
+
|
53
|
+
CREATE TABLE 'countries' (
|
54
|
+
'id' INTEGER PRIMARY KEY NOT NULL,
|
55
|
+
'name' text
|
56
|
+
);
|
57
|
+
|
58
|
+
CREATE TABLE 'users' (
|
59
|
+
'id' INTEGER PRIMARY KEY NOT NULL
|
60
|
+
);
|
data/test/test_helper.rb
CHANGED
@@ -1,174 +1,174 @@
|
|
1
|
-
require 'rubygems'
|
2
|
-
require 'bundler'
|
3
|
-
begin
|
4
|
-
Bundler.setup(:default, :development)
|
5
|
-
rescue Bundler::BundlerError => e
|
6
|
-
$stderr.puts e.message
|
7
|
-
$stderr.puts "Run `bundle install` to install missing gems"
|
8
|
-
exit e.status_code
|
9
|
-
end
|
10
|
-
|
11
|
-
require 'minitest/autorun'
|
12
|
-
|
13
|
-
ENV['RAILS_ENV'] = 'test'
|
14
|
-
|
15
|
-
require 'rails/all'
|
16
|
-
require 'test_support/minitest_compatibility'
|
17
|
-
|
18
|
-
if Rails.version < '4.2'
|
19
|
-
raise "Unsupported Rails version #{Rails.version}"
|
20
|
-
end
|
21
|
-
|
22
|
-
puts "Testing against rails #{Rails::VERSION::STRING}"
|
23
|
-
|
24
|
-
if Rails.version >= '5.0'
|
25
|
-
require 'rails-controller-testing'
|
26
|
-
Rails::Controller::Testing.install
|
27
|
-
end
|
28
|
-
|
29
|
-
DA_ROOT = Pathname.new(File.expand_path("..", File.dirname(__FILE__)))
|
30
|
-
|
31
|
-
require DA_ROOT + File.join(%w{lib declarative_authorization authorization})
|
32
|
-
require DA_ROOT + File.join(%w{lib declarative_authorization in_controller})
|
33
|
-
require DA_ROOT + File.join(%w{lib declarative_authorization maintenance})
|
34
|
-
require DA_ROOT + File.join(%w{lib declarative_authorization test helpers})
|
35
|
-
|
36
|
-
class MockDataObject
|
37
|
-
def initialize(attrs = {})
|
38
|
-
attrs.each do |key, value|
|
39
|
-
instance_variable_set(:"@#{key}", value)
|
40
|
-
self.class.class_eval do
|
41
|
-
attr_reader key
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
def self.descends_from_active_record?
|
47
|
-
true
|
48
|
-
end
|
49
|
-
|
50
|
-
def self.table_name
|
51
|
-
name.tableize
|
52
|
-
end
|
53
|
-
|
54
|
-
def self.name
|
55
|
-
"Mock"
|
56
|
-
end
|
57
|
-
|
58
|
-
def self.find(*args)
|
59
|
-
raise StandardError, "Couldn't find #{self.name} with id #{args[0].inspect}" unless args[0]
|
60
|
-
new :id => args[0]
|
61
|
-
end
|
62
|
-
|
63
|
-
def self.find_or_initialize_by(args)
|
64
|
-
raise StandardError, "Syntax error: find_or_initialize by expects a hash: User.find_or_initialize_by(:id => @user.id)" unless args.is_a?(Hash)
|
65
|
-
new args
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
class MockUser < MockDataObject
|
70
|
-
def initialize(*roles)
|
71
|
-
options = roles.last.is_a?(::Hash) ? roles.pop : {}
|
72
|
-
super({:role_symbols => roles, :login => hash}.merge(options))
|
73
|
-
end
|
74
|
-
|
75
|
-
def initialize_copy(other)
|
76
|
-
@role_symbols = @role_symbols.clone
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
class MocksController < ActionController::Base
|
81
|
-
attr_accessor :current_user
|
82
|
-
attr_writer :authorization_engine
|
83
|
-
|
84
|
-
def authorized?
|
85
|
-
!!@authorized
|
86
|
-
end
|
87
|
-
|
88
|
-
def self.define_action_methods(*methods)
|
89
|
-
methods.each do |method|
|
90
|
-
define_method method do
|
91
|
-
@authorized = true
|
92
|
-
render :plain => 'nothing'
|
93
|
-
end
|
94
|
-
end
|
95
|
-
end
|
96
|
-
|
97
|
-
def self.define_resource_actions
|
98
|
-
define_action_methods :index, :show, :edit, :update, :new, :create, :destroy
|
99
|
-
end
|
100
|
-
|
101
|
-
def logger(*args)
|
102
|
-
Class.new do
|
103
|
-
def warn(*args)
|
104
|
-
#p args
|
105
|
-
end
|
106
|
-
alias_method :info, :warn
|
107
|
-
alias_method :debug, :warn
|
108
|
-
def warn?; end
|
109
|
-
alias_method :info?, :warn?
|
110
|
-
alias_method :debug?, :warn?
|
111
|
-
end.new
|
112
|
-
end
|
113
|
-
end
|
114
|
-
|
115
|
-
class User < ActiveRecord::Base
|
116
|
-
attr_accessor :role_symbols
|
117
|
-
|
118
|
-
scope :visible_by, ->(user) { where(id: user.id) }
|
119
|
-
end
|
120
|
-
|
121
|
-
class TestApp
|
122
|
-
class Application < ::Rails::Application
|
123
|
-
config.eager_load = false
|
124
|
-
config.secret_key_base = 'testingpurposesonly'
|
125
|
-
config.active_support.deprecation = :stderr
|
126
|
-
config.paths['config/database'] = File.expand_path('../database.yml', __FILE__)
|
127
|
-
config.active_support.test_order = :random
|
128
|
-
initialize!
|
129
|
-
end
|
130
|
-
end
|
131
|
-
|
132
|
-
class ApplicationController < ActionController::Base
|
133
|
-
end
|
134
|
-
|
135
|
-
Rails.application.routes.draw do
|
136
|
-
match '/name/spaced_things(/:action)' => 'name/spaced_things', via: [:get, :post, :put, :patch, :delete]
|
137
|
-
match '/deep/name_spaced/things(/:action)' => 'deep/name_spaced/things', via: [:get, :post, :put, :patch, :delete]
|
138
|
-
match '/:controller(/:action(/:id))', via: [:get, :post, :put, :patch, :delete]
|
139
|
-
end
|
140
|
-
|
141
|
-
ActionController::Base.send :include, Authorization::AuthorizationInController
|
142
|
-
|
143
|
-
module Test
|
144
|
-
module Unit
|
145
|
-
class TestCase < Minitest::Test
|
146
|
-
include Authorization::TestHelper
|
147
|
-
end
|
148
|
-
end
|
149
|
-
end
|
150
|
-
|
151
|
-
module ActiveSupport
|
152
|
-
class TestCase
|
153
|
-
include Authorization::TestHelper
|
154
|
-
|
155
|
-
def request!(user, action, reader, params = {})
|
156
|
-
action = action.to_sym if action.is_a?(String)
|
157
|
-
@controller.current_user = user
|
158
|
-
@controller.authorization_engine = Authorization::Engine.new(reader)
|
159
|
-
|
160
|
-
((params.delete(:clear) || []) + [:@authorized]).each do |var|
|
161
|
-
@controller.instance_variable_set(var, nil)
|
162
|
-
end
|
163
|
-
if Rails.version >= '5.0'
|
164
|
-
get action, params: params
|
165
|
-
else
|
166
|
-
get action, params
|
167
|
-
end
|
168
|
-
end
|
169
|
-
|
170
|
-
def setup
|
171
|
-
@routes = Rails.application.routes
|
172
|
-
end
|
173
|
-
end
|
174
|
-
end
|
1
|
+
require 'rubygems'
|
2
|
+
require 'bundler'
|
3
|
+
begin
|
4
|
+
Bundler.setup(:default, :development)
|
5
|
+
rescue Bundler::BundlerError => e
|
6
|
+
$stderr.puts e.message
|
7
|
+
$stderr.puts "Run `bundle install` to install missing gems"
|
8
|
+
exit e.status_code
|
9
|
+
end
|
10
|
+
|
11
|
+
require 'minitest/autorun'
|
12
|
+
|
13
|
+
ENV['RAILS_ENV'] = 'test'
|
14
|
+
|
15
|
+
require 'rails/all'
|
16
|
+
require 'test_support/minitest_compatibility'
|
17
|
+
|
18
|
+
if Rails.version < '4.2'
|
19
|
+
raise "Unsupported Rails version #{Rails.version}"
|
20
|
+
end
|
21
|
+
|
22
|
+
puts "Testing against rails #{Rails::VERSION::STRING}"
|
23
|
+
|
24
|
+
if Rails.version >= '5.0'
|
25
|
+
require 'rails-controller-testing'
|
26
|
+
Rails::Controller::Testing.install
|
27
|
+
end
|
28
|
+
|
29
|
+
DA_ROOT = Pathname.new(File.expand_path("..", File.dirname(__FILE__)))
|
30
|
+
|
31
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization authorization})
|
32
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization in_controller})
|
33
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization maintenance})
|
34
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization test helpers})
|
35
|
+
|
36
|
+
class MockDataObject
|
37
|
+
def initialize(attrs = {})
|
38
|
+
attrs.each do |key, value|
|
39
|
+
instance_variable_set(:"@#{key}", value)
|
40
|
+
self.class.class_eval do
|
41
|
+
attr_reader key
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
def self.descends_from_active_record?
|
47
|
+
true
|
48
|
+
end
|
49
|
+
|
50
|
+
def self.table_name
|
51
|
+
name.tableize
|
52
|
+
end
|
53
|
+
|
54
|
+
def self.name
|
55
|
+
"Mock"
|
56
|
+
end
|
57
|
+
|
58
|
+
def self.find(*args)
|
59
|
+
raise StandardError, "Couldn't find #{self.name} with id #{args[0].inspect}" unless args[0]
|
60
|
+
new :id => args[0]
|
61
|
+
end
|
62
|
+
|
63
|
+
def self.find_or_initialize_by(args)
|
64
|
+
raise StandardError, "Syntax error: find_or_initialize by expects a hash: User.find_or_initialize_by(:id => @user.id)" unless args.is_a?(Hash)
|
65
|
+
new args
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
class MockUser < MockDataObject
|
70
|
+
def initialize(*roles)
|
71
|
+
options = roles.last.is_a?(::Hash) ? roles.pop : {}
|
72
|
+
super({:role_symbols => roles, :login => hash}.merge(options))
|
73
|
+
end
|
74
|
+
|
75
|
+
def initialize_copy(other)
|
76
|
+
@role_symbols = @role_symbols.clone
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
class MocksController < ActionController::Base
|
81
|
+
attr_accessor :current_user
|
82
|
+
attr_writer :authorization_engine
|
83
|
+
|
84
|
+
def authorized?
|
85
|
+
!!@authorized
|
86
|
+
end
|
87
|
+
|
88
|
+
def self.define_action_methods(*methods)
|
89
|
+
methods.each do |method|
|
90
|
+
define_method method do
|
91
|
+
@authorized = true
|
92
|
+
render :plain => 'nothing'
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
def self.define_resource_actions
|
98
|
+
define_action_methods :index, :show, :edit, :update, :new, :create, :destroy
|
99
|
+
end
|
100
|
+
|
101
|
+
def logger(*args)
|
102
|
+
Class.new do
|
103
|
+
def warn(*args)
|
104
|
+
#p args
|
105
|
+
end
|
106
|
+
alias_method :info, :warn
|
107
|
+
alias_method :debug, :warn
|
108
|
+
def warn?; end
|
109
|
+
alias_method :info?, :warn?
|
110
|
+
alias_method :debug?, :warn?
|
111
|
+
end.new
|
112
|
+
end
|
113
|
+
end
|
114
|
+
|
115
|
+
class User < ActiveRecord::Base
|
116
|
+
attr_accessor :role_symbols
|
117
|
+
|
118
|
+
scope :visible_by, ->(user) { where(id: user.id) }
|
119
|
+
end
|
120
|
+
|
121
|
+
class TestApp
|
122
|
+
class Application < ::Rails::Application
|
123
|
+
config.eager_load = false
|
124
|
+
config.secret_key_base = 'testingpurposesonly'
|
125
|
+
config.active_support.deprecation = :stderr
|
126
|
+
config.paths['config/database'] = File.expand_path('../database.yml', __FILE__)
|
127
|
+
config.active_support.test_order = :random
|
128
|
+
initialize!
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
class ApplicationController < ActionController::Base
|
133
|
+
end
|
134
|
+
|
135
|
+
Rails.application.routes.draw do
|
136
|
+
match '/name/spaced_things(/:action)' => 'name/spaced_things', via: [:get, :post, :put, :patch, :delete]
|
137
|
+
match '/deep/name_spaced/things(/:action)' => 'deep/name_spaced/things', via: [:get, :post, :put, :patch, :delete]
|
138
|
+
match '/:controller(/:action(/:id))', via: [:get, :post, :put, :patch, :delete]
|
139
|
+
end
|
140
|
+
|
141
|
+
ActionController::Base.send :include, Authorization::AuthorizationInController
|
142
|
+
|
143
|
+
module Test
|
144
|
+
module Unit
|
145
|
+
class TestCase < Minitest::Test
|
146
|
+
include Authorization::TestHelper
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
|
151
|
+
module ActiveSupport
|
152
|
+
class TestCase
|
153
|
+
include Authorization::TestHelper
|
154
|
+
|
155
|
+
def request!(user, action, reader, params = {})
|
156
|
+
action = action.to_sym if action.is_a?(String)
|
157
|
+
@controller.current_user = user
|
158
|
+
@controller.authorization_engine = Authorization::Engine.new(reader)
|
159
|
+
|
160
|
+
((params.delete(:clear) || []) + [:@authorized]).each do |var|
|
161
|
+
@controller.instance_variable_set(var, nil)
|
162
|
+
end
|
163
|
+
if Rails.version >= '5.0'
|
164
|
+
get action, params: params
|
165
|
+
else
|
166
|
+
get action, params
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
def setup
|
171
|
+
@routes = Rails.application.routes
|
172
|
+
end
|
173
|
+
end
|
174
|
+
end
|