ae_declarative_authorization 0.8.0 → 0.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/Gemfile.lock +2 -2
- data/README.md +24 -24
- data/README.rdoc +29 -29
- data/gemfiles/rails4252.gemfile.lock +29 -1
- data/gemfiles/rails4271.gemfile.lock +2 -2
- data/gemfiles/rails507.gemfile +1 -0
- data/gemfiles/rails507.gemfile.lock +30 -2
- data/gemfiles/rails516.gemfile +1 -0
- data/gemfiles/rails521.gemfile +1 -0
- data/gemfiles/rails521.gemfile.lock +2 -2
- data/lib/declarative_authorization.rb +10 -5
- data/lib/declarative_authorization/controller/dsl.rb +208 -0
- data/lib/declarative_authorization/controller/grape.rb +79 -0
- data/lib/declarative_authorization/controller/rails.rb +340 -0
- data/lib/declarative_authorization/controller/runtime.rb +149 -0
- data/lib/declarative_authorization/controller_permission.rb +82 -0
- data/lib/declarative_authorization/reader.rb +2 -1
- data/lib/declarative_authorization/version.rb +1 -1
- data/log/test.log +36953 -12956
- data/pkg/ae_declarative_authorization-0.9.0.gem +0 -0
- data/pkg/ae_declarative_authorization-0.9.0.tim1.gem +0 -0
- data/test/grape_api_test.rb +508 -0
- data/test/profiles/access_checking +20 -0
- data/test/{controller_test.rb → rails_controller_test.rb} +2 -2
- data/test/test_helper.rb +14 -71
- data/test/test_support/grape.rb +93 -0
- data/test/test_support/rails.rb +69 -0
- metadata +18 -9
- data/gemfiles/rails516.gemfile.lock +0 -136
- data/lib/declarative_authorization/in_controller.rb +0 -713
- data/pkg/ae_declarative_authorization-0.7.1.gem +0 -0
- data/pkg/ae_declarative_authorization-0.8.0.gem +0 -0
Binary file
|
Binary file
|
@@ -0,0 +1,508 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
# TODO: remove this conditional when rails 4 support is removed
|
4
|
+
if defined?(Grape)
|
5
|
+
class LoadMockObject < MockDataObject
|
6
|
+
def self.name
|
7
|
+
"LoadMockObject"
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
##################
|
12
|
+
class SpecificMocks < MocksAPI
|
13
|
+
filter_access_to 'GET /specific_mocks/test_action', :require => :test, :context => :permissions
|
14
|
+
filter_access_to 'GET /specific_mocks/test_action_2', :require => :test, :context => :permissions_2
|
15
|
+
filter_access_to 'GET /specific_mocks/show'
|
16
|
+
filter_access_to 'GET /specific_mocks/edit', 'POST /specific_mocks/create', :require => :test, :context => :permissions
|
17
|
+
filter_access_to 'GET /specific_mocks/edit2', :require => :test, :context => :permissions,
|
18
|
+
:attribute_check => true, :model => LoadMockObject
|
19
|
+
filter_access_to 'GET /specific_mocks/new', :require => :test, :context => :permissions
|
20
|
+
|
21
|
+
filter_access_to ['GET /specific_mocks/action_group_action_1', 'GET /specific_mocks/action_group_action_2']
|
22
|
+
define_action_methods :test_action, :test_action_2, :show, :edit, :create,
|
23
|
+
:edit_2, :new, :unprotected_action, :action_group_action_1, :action_group_action_2
|
24
|
+
end
|
25
|
+
|
26
|
+
class BasicAPITest < ApiTestCase
|
27
|
+
tests SpecificMocks
|
28
|
+
|
29
|
+
def test_filter_access_to_receiving_an_explicit_array
|
30
|
+
reader = Authorization::Reader::DSLReader.new
|
31
|
+
|
32
|
+
reader.parse %{
|
33
|
+
authorization do
|
34
|
+
role :test_action_group_2 do
|
35
|
+
has_permission_on :specific_mocks, :to => 'GET /specific_mocks/action_group_action_2'
|
36
|
+
end
|
37
|
+
end
|
38
|
+
}
|
39
|
+
|
40
|
+
request!(MockUser.new(:test_action_group_2), "/specific_mocks/action_group_action_2", reader)
|
41
|
+
assert last_endpoint.authorized?
|
42
|
+
request!(MockUser.new(:test_action_group_2), "/specific_mocks/action_group_action_1", reader)
|
43
|
+
assert !last_endpoint.authorized?
|
44
|
+
request!(nil, "/specific_mocks/action_group_action_2", reader)
|
45
|
+
assert !last_endpoint.authorized?
|
46
|
+
end
|
47
|
+
|
48
|
+
def test_filter_access
|
49
|
+
assert SpecificMocks.top_level_setting.namespace_stackable[:befores].any?
|
50
|
+
|
51
|
+
reader = Authorization::Reader::DSLReader.new
|
52
|
+
reader.parse %{
|
53
|
+
authorization do
|
54
|
+
role :test_role do
|
55
|
+
has_permission_on :permissions, :to => :test
|
56
|
+
has_permission_on :specific_mocks, :to => 'GET /specific_mocks/show'
|
57
|
+
end
|
58
|
+
end
|
59
|
+
}
|
60
|
+
|
61
|
+
request!(MockUser.new(:test_role), "/specific_mocks/test_action", reader)
|
62
|
+
assert last_endpoint.authorized?
|
63
|
+
|
64
|
+
request!(MockUser.new(:test_role), "/specific_mocks/test_action_2", reader)
|
65
|
+
assert !last_endpoint.authorized?
|
66
|
+
|
67
|
+
request!(MockUser.new(:test_role_2), "/specific_mocks/test_action", reader)
|
68
|
+
assert_equal 403, last_response.status
|
69
|
+
assert !last_endpoint.authorized?
|
70
|
+
|
71
|
+
request!(MockUser.new(:test_role), "/specific_mocks/show", reader)
|
72
|
+
assert last_endpoint.authorized?
|
73
|
+
end
|
74
|
+
|
75
|
+
def test_filter_access_multi_actions
|
76
|
+
reader = Authorization::Reader::DSLReader.new
|
77
|
+
reader.parse %{
|
78
|
+
authorization do
|
79
|
+
role :test_role do
|
80
|
+
has_permission_on :permissions, :to => :test
|
81
|
+
end
|
82
|
+
end
|
83
|
+
}
|
84
|
+
request!(MockUser.new(:test_role), "/specific_mocks/create", reader)
|
85
|
+
assert last_endpoint.authorized?
|
86
|
+
end
|
87
|
+
|
88
|
+
def test_filter_access_unprotected_actions
|
89
|
+
reader = Authorization::Reader::DSLReader.new
|
90
|
+
reader.parse %{
|
91
|
+
authorization do
|
92
|
+
role :test_role do
|
93
|
+
end
|
94
|
+
end
|
95
|
+
}
|
96
|
+
request!(MockUser.new(:test_role), "/specific_mocks/unprotected_action", reader)
|
97
|
+
assert last_endpoint.authorized?
|
98
|
+
end
|
99
|
+
|
100
|
+
def test_filter_access_priv_hierarchy
|
101
|
+
reader = Authorization::Reader::DSLReader.new
|
102
|
+
reader.parse %{
|
103
|
+
privileges do
|
104
|
+
privilege :read do
|
105
|
+
includes "GET /specific_mocks/list", "GET /specific_mocks/show"
|
106
|
+
end
|
107
|
+
end
|
108
|
+
authorization do
|
109
|
+
role :test_role do
|
110
|
+
has_permission_on :specific_mocks, :to => :read
|
111
|
+
end
|
112
|
+
end
|
113
|
+
}
|
114
|
+
request!(MockUser.new(:test_role), "/specific_mocks/show", reader)
|
115
|
+
assert last_endpoint.authorized?
|
116
|
+
end
|
117
|
+
|
118
|
+
def test_filter_access_skip_attribute_test
|
119
|
+
reader = Authorization::Reader::DSLReader.new
|
120
|
+
reader.parse %{
|
121
|
+
authorization do
|
122
|
+
role :test_role do
|
123
|
+
has_permission_on :permissions, :to => :test do
|
124
|
+
if_attribute :id => is { user }
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
}
|
129
|
+
request!(MockUser.new(:test_role), "/specific_mocks/new", reader)
|
130
|
+
assert last_endpoint.authorized?
|
131
|
+
end
|
132
|
+
|
133
|
+
def test_existing_instance_var_remains_unchanged
|
134
|
+
reader = Authorization::Reader::DSLReader.new
|
135
|
+
reader.parse %{
|
136
|
+
authorization do
|
137
|
+
role :test_role do
|
138
|
+
has_permission_on :permissions, :to => :test do
|
139
|
+
if_attribute :id => is { 5 }
|
140
|
+
end
|
141
|
+
end
|
142
|
+
end
|
143
|
+
}
|
144
|
+
mock_object = MockDataObject.new(:id => 5)
|
145
|
+
|
146
|
+
request!(MockUser.new(:test_role), "/specific_mocks/edit_2", reader) do |endpoint|
|
147
|
+
endpoint.send(:instance_variable_set, :"@load_mock_object", mock_object)
|
148
|
+
end
|
149
|
+
assert_equal mock_object, last_endpoint.send(:instance_variable_get, :"@load_mock_object")
|
150
|
+
assert last_endpoint.authorized?
|
151
|
+
end
|
152
|
+
|
153
|
+
def test_permitted_to_without_context
|
154
|
+
reader = Authorization::Reader::DSLReader.new
|
155
|
+
reader.parse %{
|
156
|
+
authorization do
|
157
|
+
role :test_role do
|
158
|
+
has_permission_on :specific_mocks, :to => :test
|
159
|
+
end
|
160
|
+
end
|
161
|
+
}
|
162
|
+
|
163
|
+
# Make any request so we can get a reference to an endpoint
|
164
|
+
request!(MockUser.new(:test_role), "/specific_mocks/show", reader)
|
165
|
+
|
166
|
+
assert last_endpoint.permitted_to?(:test)
|
167
|
+
end
|
168
|
+
end
|
169
|
+
|
170
|
+
##################
|
171
|
+
class AllMocks < MocksAPI
|
172
|
+
filter_access_to :all
|
173
|
+
filter_access_to 'GET /all_mocks/view', :require => :test, :context => :permissions
|
174
|
+
define_action_methods :show, :view
|
175
|
+
end
|
176
|
+
|
177
|
+
class AllActionsAPITest < ApiTestCase
|
178
|
+
tests AllMocks
|
179
|
+
|
180
|
+
def test_filter_access_all
|
181
|
+
reader = Authorization::Reader::DSLReader.new
|
182
|
+
reader.parse %{
|
183
|
+
authorization do
|
184
|
+
role :test_role do
|
185
|
+
has_permission_on :permissions, :to => :test
|
186
|
+
has_permission_on :all_mocks, :to => 'GET /all_mocks/show'
|
187
|
+
end
|
188
|
+
end
|
189
|
+
}
|
190
|
+
|
191
|
+
request!(MockUser.new(:test_role), "/all_mocks/show", reader)
|
192
|
+
assert last_endpoint.authorized?
|
193
|
+
|
194
|
+
request!(MockUser.new(:test_role), "/all_mocks/view", reader)
|
195
|
+
assert last_endpoint.authorized?
|
196
|
+
|
197
|
+
request!(MockUser.new(:test_role_2), "/all_mocks/show", reader)
|
198
|
+
assert !last_endpoint.authorized?
|
199
|
+
end
|
200
|
+
end
|
201
|
+
|
202
|
+
##################
|
203
|
+
class LoadMockObjects < MocksAPI
|
204
|
+
filter_access_to 'GET /load_mock_objects/:id', :attribute_check => true, :model => LoadMockObject
|
205
|
+
filter_access_to 'GET /load_mock_objects/:id/edit', :attribute_check => true
|
206
|
+
filter_access_to 'PUT /load_mock_objects/:id', 'DELETE /load_mock_objects/:id', :attribute_check => true,
|
207
|
+
:load_method => proc {MockDataObject.new(:test => 1)}
|
208
|
+
filter_access_to 'POST /load_mock_objects' do
|
209
|
+
permitted_to! 'GET /load_mock_objects/:id/edit', :load_mock_objects
|
210
|
+
end
|
211
|
+
filter_access_to 'GET /load_mock_objects/view', :attribute_check => true, :load_method => :load_method
|
212
|
+
|
213
|
+
helpers do
|
214
|
+
@load_method_call_count = 0
|
215
|
+
|
216
|
+
def load_method_call_count
|
217
|
+
@load_method_call_count || 0
|
218
|
+
end
|
219
|
+
|
220
|
+
def load_method
|
221
|
+
@load_method_call_count ||= 0
|
222
|
+
@load_method_call_count += 1
|
223
|
+
MockDataObject.new(:test => 2)
|
224
|
+
end
|
225
|
+
end
|
226
|
+
|
227
|
+
resources :load_mock_objects do
|
228
|
+
get :view do
|
229
|
+
@authorized = true
|
230
|
+
'nothing'
|
231
|
+
end
|
232
|
+
|
233
|
+
route_param :id do
|
234
|
+
get do
|
235
|
+
@authorized = true
|
236
|
+
'nothing'
|
237
|
+
end
|
238
|
+
|
239
|
+
get :edit do
|
240
|
+
@authorized = true
|
241
|
+
'nothing'
|
242
|
+
end
|
243
|
+
|
244
|
+
put do
|
245
|
+
@authorized = true
|
246
|
+
'nothing'
|
247
|
+
end
|
248
|
+
|
249
|
+
delete do
|
250
|
+
@authorized = true
|
251
|
+
'nothing'
|
252
|
+
end
|
253
|
+
end
|
254
|
+
|
255
|
+
post do
|
256
|
+
@authorized = true
|
257
|
+
'nothing'
|
258
|
+
end
|
259
|
+
end
|
260
|
+
end
|
261
|
+
|
262
|
+
class LoadObjectAPITest < ApiTestCase
|
263
|
+
tests LoadMockObjects
|
264
|
+
|
265
|
+
def test_filter_access_with_object_load
|
266
|
+
reader = Authorization::Reader::DSLReader.new
|
267
|
+
reader.parse %{
|
268
|
+
authorization do
|
269
|
+
role :test_role do
|
270
|
+
has_permission_on :load_mock_objects, :to => [
|
271
|
+
'GET /load_mock_objects/:id',
|
272
|
+
'GET /load_mock_objects/:id/edit'
|
273
|
+
] do
|
274
|
+
if_attribute :id => 1
|
275
|
+
if_attribute :id => "1"
|
276
|
+
end
|
277
|
+
end
|
278
|
+
end
|
279
|
+
}
|
280
|
+
|
281
|
+
request!(MockUser.new(:test_role), "/load_mock_objects/2", reader)
|
282
|
+
assert !last_endpoint.authorized?
|
283
|
+
|
284
|
+
request!(MockUser.new(:test_role), "/load_mock_objects/1", reader,
|
285
|
+
:clear => [:@load_mock_object])
|
286
|
+
assert last_endpoint.authorized?
|
287
|
+
|
288
|
+
request!(MockUser.new(:test_role), "/load_mock_objects/1/edit", reader,
|
289
|
+
:clear => [:@load_mock_object])
|
290
|
+
assert last_endpoint.authorized?
|
291
|
+
assert last_endpoint.instance_variable_defined?(:@load_mock_object)
|
292
|
+
end
|
293
|
+
|
294
|
+
def test_filter_access_with_object_load_custom
|
295
|
+
reader = Authorization::Reader::DSLReader.new
|
296
|
+
reader.parse %{
|
297
|
+
authorization do
|
298
|
+
role :test_role do
|
299
|
+
has_permission_on :load_mock_objects, :to => 'GET /load_mock_objects/view' do
|
300
|
+
if_attribute :test => is {2}
|
301
|
+
end
|
302
|
+
has_permission_on :load_mock_objects, :to => 'PUT /load_mock_objects/:id' do
|
303
|
+
if_attribute :test => is {1}
|
304
|
+
end
|
305
|
+
has_permission_on :load_mock_objects, :to => 'DELETE /load_mock_objects/:id' do
|
306
|
+
if_attribute :test => is {2}
|
307
|
+
end
|
308
|
+
end
|
309
|
+
end
|
310
|
+
}
|
311
|
+
|
312
|
+
request!(MockUser.new(:test_role), "/load_mock_objects/1", reader, :method => :delete)
|
313
|
+
assert !last_endpoint.authorized?
|
314
|
+
|
315
|
+
request!(MockUser.new(:test_role), "/load_mock_objects/view", reader)
|
316
|
+
assert last_endpoint.authorized?
|
317
|
+
assert_equal 1, last_endpoint.load_method_call_count
|
318
|
+
|
319
|
+
request!(MockUser.new(:test_role_2), "/load_mock_objects/view", reader)
|
320
|
+
assert !last_endpoint.authorized?
|
321
|
+
assert_equal 1, last_endpoint.load_method_call_count
|
322
|
+
|
323
|
+
# Test the custom load_object method on the `PUT /load_mock_objects/:id` action
|
324
|
+
request!(MockUser.new(:test_role), "/load_mock_objects/123", reader, :method => :put)
|
325
|
+
assert last_endpoint.authorized?
|
326
|
+
end
|
327
|
+
|
328
|
+
def test_filter_access_custom
|
329
|
+
reader = Authorization::Reader::DSLReader.new
|
330
|
+
reader.parse %{
|
331
|
+
authorization do
|
332
|
+
role :test_role do
|
333
|
+
has_permission_on :load_mock_objects, :to => 'GET /load_mock_objects/:id/edit'
|
334
|
+
end
|
335
|
+
role :test_role_2 do
|
336
|
+
has_permission_on :load_mock_objects, :to => 'POST /load_mock_objects'
|
337
|
+
end
|
338
|
+
end
|
339
|
+
}
|
340
|
+
|
341
|
+
request!(MockUser.new(:test_role), "/load_mock_objects", reader, :method => :post)
|
342
|
+
assert last_endpoint.authorized?
|
343
|
+
|
344
|
+
request!(MockUser.new(:test_role_2), "/load_mock_objects", reader, :method => :post)
|
345
|
+
assert !last_endpoint.authorized?
|
346
|
+
end
|
347
|
+
end
|
348
|
+
|
349
|
+
##################
|
350
|
+
class AccessOverwrites < MocksAPI
|
351
|
+
filter_access_to 'GET /access_overwrites/test_action', 'GET /access_overwrites/test_action_2',
|
352
|
+
:require => :test, :context => :permissions_2
|
353
|
+
filter_access_to 'GET /access_overwrites/test_action', :require => :test, :context => :permissions
|
354
|
+
define_action_methods :test_action, :test_action_2
|
355
|
+
end
|
356
|
+
|
357
|
+
class AccessOverwritesAPITest < ApiTestCase
|
358
|
+
tests AccessOverwrites
|
359
|
+
|
360
|
+
def test_filter_access_overwrite
|
361
|
+
reader = Authorization::Reader::DSLReader.new
|
362
|
+
reader.parse %{
|
363
|
+
authorization do
|
364
|
+
role :test_role do
|
365
|
+
has_permission_on :permissions, :to => :test
|
366
|
+
end
|
367
|
+
end
|
368
|
+
}
|
369
|
+
request!(MockUser.new(:test_role), "/access_overwrites/test_action_2", reader)
|
370
|
+
assert !last_endpoint.authorized?
|
371
|
+
|
372
|
+
request!(MockUser.new(:test_role), "/access_overwrites/test_action", reader)
|
373
|
+
assert last_endpoint.authorized?
|
374
|
+
end
|
375
|
+
end
|
376
|
+
|
377
|
+
##################
|
378
|
+
class People < MocksAPI
|
379
|
+
filter_access_to :all
|
380
|
+
define_action_methods :show
|
381
|
+
end
|
382
|
+
|
383
|
+
class PeopleAPITest < ApiTestCase
|
384
|
+
tests People
|
385
|
+
|
386
|
+
def test_filter_access_people_controller
|
387
|
+
reader = Authorization::Reader::DSLReader.new
|
388
|
+
reader.parse %{
|
389
|
+
authorization do
|
390
|
+
role :test_role do
|
391
|
+
has_permission_on :people, :to => 'GET /people/show'
|
392
|
+
end
|
393
|
+
end
|
394
|
+
}
|
395
|
+
request!(MockUser.new(:test_role), "/people/show", reader)
|
396
|
+
assert last_endpoint.authorized?
|
397
|
+
end
|
398
|
+
end
|
399
|
+
|
400
|
+
##################
|
401
|
+
class CommonAPI < MocksAPI
|
402
|
+
filter_access_to :delete, :context => :common
|
403
|
+
filter_access_to :all
|
404
|
+
end
|
405
|
+
class CommonChild1API < CommonAPI
|
406
|
+
filter_access_to :all, :context => :context_1
|
407
|
+
end
|
408
|
+
class CommonChild2 < CommonAPI
|
409
|
+
filter_access_to :delete
|
410
|
+
define_action_methods :show, :delete
|
411
|
+
end
|
412
|
+
|
413
|
+
class HierachicalAPITest < ApiTestCase
|
414
|
+
tests CommonChild2
|
415
|
+
|
416
|
+
def test_controller_hierarchy
|
417
|
+
reader = Authorization::Reader::DSLReader.new
|
418
|
+
reader.parse %{
|
419
|
+
authorization do
|
420
|
+
role :test_role do
|
421
|
+
has_permission_on :mocks, :to => ["GET /common_child_2/delete", "GET /common_child_2/show"]
|
422
|
+
end
|
423
|
+
end
|
424
|
+
}
|
425
|
+
|
426
|
+
request!(MockUser.new(:test_role), "/common_child2/show", reader)
|
427
|
+
assert !last_endpoint.authorized?
|
428
|
+
|
429
|
+
request!(MockUser.new(:test_role), "/common_child2/delete", reader)
|
430
|
+
assert !last_endpoint.authorized?
|
431
|
+
end
|
432
|
+
end
|
433
|
+
|
434
|
+
##################
|
435
|
+
module Name
|
436
|
+
class SpacedThings < MocksAPI
|
437
|
+
filter_access_to 'GET /name/spaced_things/show'
|
438
|
+
filter_access_to 'GET /name/spaced_things/update', :context => :spaced_things
|
439
|
+
define_action_methods :show, :update
|
440
|
+
end
|
441
|
+
end
|
442
|
+
|
443
|
+
class NameSpacedAPITest < ApiTestCase
|
444
|
+
tests Name::SpacedThings
|
445
|
+
|
446
|
+
def test_context
|
447
|
+
reader = Authorization::Reader::DSLReader.new
|
448
|
+
reader.parse %{
|
449
|
+
authorization do
|
450
|
+
role :permitted_role do
|
451
|
+
has_permission_on :name_spaced_things, :to => "GET /name/spaced_things/show"
|
452
|
+
has_permission_on :spaced_things, :to => "GET /name/spaced_things/update"
|
453
|
+
end
|
454
|
+
role :prohibited_role do
|
455
|
+
has_permission_on :name_spaced_things, :to => "GET /name/spaced_things/update"
|
456
|
+
has_permission_on :spaced_things, :to => "GET /name/spaced_things/show"
|
457
|
+
end
|
458
|
+
end
|
459
|
+
}
|
460
|
+
request!(MockUser.new(:permitted_role), "/name/spaced_things/show", reader)
|
461
|
+
assert last_endpoint.authorized?
|
462
|
+
request!(MockUser.new(:prohibited_role), "/name/spaced_things/show", reader)
|
463
|
+
assert !last_endpoint.authorized?
|
464
|
+
request!(MockUser.new(:permitted_role), "/name/spaced_things/update", reader)
|
465
|
+
assert last_endpoint.authorized?
|
466
|
+
request!(MockUser.new(:prohibited_role), "/name/spaced_things/update", reader)
|
467
|
+
assert !last_endpoint.authorized?
|
468
|
+
end
|
469
|
+
end
|
470
|
+
|
471
|
+
module Deep
|
472
|
+
module NameSpaced
|
473
|
+
class Things < MocksAPI
|
474
|
+
filter_access_to 'GET /deep/name_spaced/things/show'
|
475
|
+
filter_access_to 'GET /deep/name_spaced/things/update', :context => :things
|
476
|
+
define_action_methods :show, :update
|
477
|
+
end
|
478
|
+
end
|
479
|
+
end
|
480
|
+
|
481
|
+
class DeepNameSpacedAPITest < ApiTestCase
|
482
|
+
tests Deep::NameSpaced::Things
|
483
|
+
|
484
|
+
def test_context
|
485
|
+
reader = Authorization::Reader::DSLReader.new
|
486
|
+
reader.parse %{
|
487
|
+
authorization do
|
488
|
+
role :permitted_role do
|
489
|
+
has_permission_on :deep_name_spaced_things, :to => 'GET /deep/name_spaced/things/show'
|
490
|
+
has_permission_on :things, :to => 'GET /deep/name_spaced/things/update'
|
491
|
+
end
|
492
|
+
role :prohibited_role do
|
493
|
+
has_permission_on :deep_name_spaced_things, :to => 'GET /deep/name_spaced/things/update'
|
494
|
+
has_permission_on :things, :to => 'GET /deep/name_spaced/things/show'
|
495
|
+
end
|
496
|
+
end
|
497
|
+
}
|
498
|
+
request!(MockUser.new(:permitted_role), "/deep/name_spaced/things/show", reader)
|
499
|
+
assert last_endpoint.authorized?
|
500
|
+
request!(MockUser.new(:prohibited_role), "/deep/name_spaced/things/show", reader)
|
501
|
+
assert !last_endpoint.authorized?
|
502
|
+
request!(MockUser.new(:permitted_role), "/deep/name_spaced/things/update", reader)
|
503
|
+
assert last_endpoint.authorized?
|
504
|
+
request!(MockUser.new(:prohibited_role), "/deep/name_spaced/things/update", reader)
|
505
|
+
assert !last_endpoint.authorized?
|
506
|
+
end
|
507
|
+
end
|
508
|
+
end
|