aegis 1.1.8 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +4 -0
- data/README.rdoc +58 -165
- data/Rakefile +20 -12
- data/VERSION +1 -1
- data/aegis.gemspec +85 -56
- data/lib/aegis.rb +9 -6
- data/lib/aegis/access_denied.rb +4 -0
- data/lib/aegis/action.rb +99 -0
- data/lib/aegis/compiler.rb +113 -0
- data/lib/aegis/has_role.rb +89 -110
- data/lib/aegis/parser.rb +110 -0
- data/lib/aegis/permissions.rb +164 -107
- data/lib/aegis/resource.rb +158 -0
- data/lib/aegis/role.rb +25 -55
- data/lib/aegis/sieve.rb +39 -0
- data/lib/rails/action_controller.rb +38 -0
- data/lib/rails/active_record.rb +1 -5
- data/spec/action_controller_spec.rb +100 -0
- data/spec/app_root/app/controllers/application_controller.rb +7 -0
- data/spec/app_root/app/controllers/reviews_controller.rb +36 -0
- data/spec/app_root/app/models/permissions.rb +14 -0
- data/spec/app_root/app/models/property.rb +5 -0
- data/spec/app_root/app/models/review.rb +5 -0
- data/{test → spec}/app_root/app/models/user.rb +1 -2
- data/{test → spec}/app_root/config/boot.rb +0 -0
- data/{test → spec}/app_root/config/database.yml +0 -0
- data/{test → spec}/app_root/config/environment.rb +0 -0
- data/{test → spec}/app_root/config/environments/in_memory.rb +0 -0
- data/{test → spec}/app_root/config/environments/mysql.rb +0 -0
- data/{test → spec}/app_root/config/environments/postgresql.rb +0 -0
- data/{test → spec}/app_root/config/environments/sqlite.rb +0 -0
- data/{test → spec}/app_root/config/environments/sqlite3.rb +0 -0
- data/spec/app_root/config/routes.rb +7 -0
- data/{test/app_root/db/migrate/20090408115228_create_users.rb → spec/app_root/db/migrate/001_create_users.rb} +2 -1
- data/spec/app_root/db/migrate/002_create_properties.rb +13 -0
- data/spec/app_root/db/migrate/003_create_reviews.rb +14 -0
- data/{test → spec}/app_root/lib/console_with_fixtures.rb +0 -0
- data/{test → spec}/app_root/log/.gitignore +0 -0
- data/{test → spec}/app_root/script/console +0 -0
- data/spec/controllers/reviews_controller_spec.rb +19 -0
- data/spec/has_role_spec.rb +177 -0
- data/spec/permissions_spec.rb +550 -0
- data/spec/rcov.opts +2 -0
- data/spec/spec.opts +4 -0
- data/{test/test_helper.rb → spec/spec_helper.rb} +6 -9
- metadata +73 -57
- data/lib/aegis/constants.rb +0 -6
- data/lib/aegis/normalization.rb +0 -26
- data/lib/aegis/permission_error.rb +0 -5
- data/lib/aegis/permission_evaluator.rb +0 -34
- data/test/app_root/app/controllers/application_controller.rb +0 -2
- data/test/app_root/app/models/old_soldier.rb +0 -6
- data/test/app_root/app/models/permissions.rb +0 -49
- data/test/app_root/app/models/soldier.rb +0 -5
- data/test/app_root/app/models/trust_fund_kid.rb +0 -5
- data/test/app_root/app/models/user_subclass.rb +0 -2
- data/test/app_root/app/models/veteran_soldier.rb +0 -6
- data/test/app_root/config/routes.rb +0 -4
- data/test/app_root/db/migrate/20090429075648_create_soldiers.rb +0 -14
- data/test/app_root/db/migrate/20091110075648_create_veteran_soldiers.rb +0 -14
- data/test/app_root/db/migrate/20091110075649_create_trust_fund_kids.rb +0 -15
- data/test/has_role_options_test.rb +0 -64
- data/test/has_role_test.rb +0 -54
- data/test/permissions_test.rb +0 -109
- data/test/validation_test.rb +0 -55
data/test/has_role_test.rb
DELETED
@@ -1,54 +0,0 @@
|
|
1
|
-
require "test/test_helper"
|
2
|
-
|
3
|
-
class HasRoleTest < ActiveSupport::TestCase
|
4
|
-
|
5
|
-
context "Objects that have an aegis role" do
|
6
|
-
|
7
|
-
setup do
|
8
|
-
@guest = User.new(:role_name => "guest")
|
9
|
-
@student = User.new(:role_name => "student")
|
10
|
-
@student_subclass = UserSubclass.new(:role_name => "student")
|
11
|
-
@admin = User.new(:role_name => "admin")
|
12
|
-
end
|
13
|
-
|
14
|
-
should "know their role" do
|
15
|
-
assert_equal :guest, @guest.role.name
|
16
|
-
assert_equal :student, @student.role.name
|
17
|
-
assert_equal :student, @student_subclass.role.name
|
18
|
-
assert_equal :admin, @admin.role.name
|
19
|
-
end
|
20
|
-
|
21
|
-
should "know if they belong to a role" do
|
22
|
-
assert @guest.guest?
|
23
|
-
assert !@guest.student?
|
24
|
-
assert !@guest.admin?
|
25
|
-
assert !@student.guest?
|
26
|
-
assert !@student_subclass.guest?
|
27
|
-
assert @student.student?
|
28
|
-
assert @student_subclass.student?
|
29
|
-
assert !@student.admin?
|
30
|
-
assert !@student_subclass.admin?
|
31
|
-
assert !@admin.guest?
|
32
|
-
assert !@admin.student?
|
33
|
-
assert @admin.admin?
|
34
|
-
end
|
35
|
-
|
36
|
-
should "still behave as usual when a method ending in a '?' does not map to a role query" do
|
37
|
-
assert_raise NoMethodError do
|
38
|
-
@guest.nonexisting_method?
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
should "know that they respond to permission methods" do
|
43
|
-
assert @guest.respond_to?(:may_foo?)
|
44
|
-
assert @guest.respond_to?(:may_foo!)
|
45
|
-
end
|
46
|
-
|
47
|
-
should "retain the usual respond_to behaviour for non-permission methods" do
|
48
|
-
assert !@guest.respond_to?(:nonexisting_method)
|
49
|
-
assert @guest.respond_to?(:to_s)
|
50
|
-
end
|
51
|
-
|
52
|
-
end
|
53
|
-
|
54
|
-
end
|
data/test/permissions_test.rb
DELETED
@@ -1,109 +0,0 @@
|
|
1
|
-
require "test/test_helper"
|
2
|
-
|
3
|
-
class PermissionsTest < ActiveSupport::TestCase
|
4
|
-
|
5
|
-
context "Aegis permissions" do
|
6
|
-
|
7
|
-
setup do
|
8
|
-
@guest = User.new(:role_name => "guest")
|
9
|
-
@student = User.new(:role_name => "student")
|
10
|
-
@student_subclass = UserSubclass.new(:role_name => "student")
|
11
|
-
@admin = User.new(:role_name => "admin")
|
12
|
-
end
|
13
|
-
|
14
|
-
should "use the default permission for actions without any allow or grant directives" do
|
15
|
-
assert !@guest.may_use_empty?
|
16
|
-
assert !@student.may_use_empty?
|
17
|
-
assert !@student_subclass.may_use_empty?
|
18
|
-
assert @admin.may_use_empty?
|
19
|
-
end
|
20
|
-
|
21
|
-
should "understand simple allow and deny directives" do
|
22
|
-
assert !@guest.may_use_simple?
|
23
|
-
assert @student.may_use_simple?
|
24
|
-
assert @student_subclass.may_use_simple?
|
25
|
-
assert !@admin.may_use_simple?
|
26
|
-
end
|
27
|
-
|
28
|
-
should 'raise exceptions when a denied action is queried with an exclamation mark' do
|
29
|
-
assert_raise Aegis::PermissionError do
|
30
|
-
@guest.may_use_simple!
|
31
|
-
end
|
32
|
-
assert_raise Aegis::PermissionError do
|
33
|
-
@admin.may_use_simple!
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
should 'do nothing if an allowed action is queried with an exclamation mark' do
|
38
|
-
assert_nothing_raised do
|
39
|
-
@student.may_use_simple!
|
40
|
-
@student_subclass.may_use_simple!
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
should "implicate the singular form of an action described in plural form" do
|
45
|
-
assert !@guest.may_update_users?
|
46
|
-
assert !@guest.may_update_user?("foo")
|
47
|
-
assert @student.may_update_users?
|
48
|
-
assert @student_subclass.may_update_users?
|
49
|
-
assert @student.may_update_user?("foo")
|
50
|
-
assert @student_subclass.may_update_user?("foo")
|
51
|
-
assert !@admin.may_update_users?
|
52
|
-
assert !@admin.may_update_user?("foo")
|
53
|
-
end
|
54
|
-
|
55
|
-
should 'implicate create, read, update and destroy forms for actions named "crud_..."' do
|
56
|
-
assert @student.may_create_projects?
|
57
|
-
assert @student_subclass.may_create_projects?
|
58
|
-
assert @student.may_read_projects?
|
59
|
-
assert @student_subclass.may_read_projects?
|
60
|
-
assert @student.may_update_projects?
|
61
|
-
assert @student_subclass.may_update_projects?
|
62
|
-
assert @student.may_destroy_projects?
|
63
|
-
assert @student_subclass.may_destroy_projects?
|
64
|
-
end
|
65
|
-
|
66
|
-
should 'perform normalization of CRUD verbs (e.g. "edit" and "update")' do
|
67
|
-
assert !@guest.may_edit_drinks?
|
68
|
-
assert @student.may_edit_drinks?
|
69
|
-
assert @student_subclass.may_edit_drinks?
|
70
|
-
assert !@admin.may_edit_drinks?
|
71
|
-
assert !@guest.may_update_drinks?
|
72
|
-
assert @student.may_update_drinks?
|
73
|
-
assert @student_subclass.may_update_drinks?
|
74
|
-
assert !@admin.may_update_drinks?
|
75
|
-
end
|
76
|
-
|
77
|
-
should "be able to grant or deny actions to all roles using :everyone" do
|
78
|
-
assert @guest.may_hug?
|
79
|
-
assert @student.may_hug?
|
80
|
-
assert @student_subclass.may_hug?
|
81
|
-
assert @admin.may_hug?
|
82
|
-
end
|
83
|
-
|
84
|
-
should "allow the definition of parametrized actions" do
|
85
|
-
assert !@guest.may_divide?(10, 2)
|
86
|
-
assert @student.may_divide?(10, 2)
|
87
|
-
assert @student_subclass.may_divide?(10, 2)
|
88
|
-
assert !@student.may_divide?(10, 0)
|
89
|
-
assert !@student_subclass.may_divide?(10, 0)
|
90
|
-
assert @admin.may_divide?(10, 2)
|
91
|
-
assert @admin.may_divide?(10, 0)
|
92
|
-
end
|
93
|
-
|
94
|
-
should 'use default permissions for undefined actions' do
|
95
|
-
!@student.may_do_undefined_stuff?("foo")
|
96
|
-
!@student_subclass.may_do_undefined_stuff?("foo")
|
97
|
-
@admin.may_do_undefined_stuff?("foo")
|
98
|
-
end
|
99
|
-
|
100
|
-
should 'overshadow previous action definitions with the same name' do
|
101
|
-
assert @guest.may_draw?
|
102
|
-
assert !@student.may_draw?
|
103
|
-
assert !@student_subclass.may_draw?
|
104
|
-
assert !@admin.may_draw?
|
105
|
-
end
|
106
|
-
|
107
|
-
end
|
108
|
-
|
109
|
-
end
|
data/test/validation_test.rb
DELETED
@@ -1,55 +0,0 @@
|
|
1
|
-
require "test/test_helper"
|
2
|
-
|
3
|
-
class ValidationTest < ActiveSupport::TestCase
|
4
|
-
|
5
|
-
context "A model that has and validates its role" do
|
6
|
-
|
7
|
-
setup do
|
8
|
-
@user = User.new()
|
9
|
-
end
|
10
|
-
|
11
|
-
context "that has a role_name mapping to a role" do
|
12
|
-
|
13
|
-
setup do
|
14
|
-
@user.role_name = "admin"
|
15
|
-
end
|
16
|
-
|
17
|
-
should "be valid" do
|
18
|
-
assert @user.valid?
|
19
|
-
end
|
20
|
-
|
21
|
-
end
|
22
|
-
|
23
|
-
context "that has a blank role_name" do
|
24
|
-
|
25
|
-
setup do
|
26
|
-
@user.role_name = ""
|
27
|
-
end
|
28
|
-
|
29
|
-
should "not be valid" do
|
30
|
-
assert !@user.valid?
|
31
|
-
end
|
32
|
-
|
33
|
-
end
|
34
|
-
|
35
|
-
context "that has a role_name not mapping to a role" do
|
36
|
-
|
37
|
-
setup do
|
38
|
-
@user.role_name = "nonexisting_role_name"
|
39
|
-
end
|
40
|
-
|
41
|
-
should "not be valid" do
|
42
|
-
assert !@user.valid?
|
43
|
-
end
|
44
|
-
|
45
|
-
end
|
46
|
-
|
47
|
-
should "use add the default inclusion error message on role_name" do
|
48
|
-
@user.role_name = ""
|
49
|
-
@user.valid?
|
50
|
-
assert_equal I18n.translate('activerecord.errors.messages.inclusion'), @user.errors.on(:role_name)
|
51
|
-
end
|
52
|
-
|
53
|
-
end
|
54
|
-
|
55
|
-
end
|