aegis 1.1.8 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +4 -0
- data/README.rdoc +58 -165
- data/Rakefile +20 -12
- data/VERSION +1 -1
- data/aegis.gemspec +85 -56
- data/lib/aegis.rb +9 -6
- data/lib/aegis/access_denied.rb +4 -0
- data/lib/aegis/action.rb +99 -0
- data/lib/aegis/compiler.rb +113 -0
- data/lib/aegis/has_role.rb +89 -110
- data/lib/aegis/parser.rb +110 -0
- data/lib/aegis/permissions.rb +164 -107
- data/lib/aegis/resource.rb +158 -0
- data/lib/aegis/role.rb +25 -55
- data/lib/aegis/sieve.rb +39 -0
- data/lib/rails/action_controller.rb +38 -0
- data/lib/rails/active_record.rb +1 -5
- data/spec/action_controller_spec.rb +100 -0
- data/spec/app_root/app/controllers/application_controller.rb +7 -0
- data/spec/app_root/app/controllers/reviews_controller.rb +36 -0
- data/spec/app_root/app/models/permissions.rb +14 -0
- data/spec/app_root/app/models/property.rb +5 -0
- data/spec/app_root/app/models/review.rb +5 -0
- data/{test → spec}/app_root/app/models/user.rb +1 -2
- data/{test → spec}/app_root/config/boot.rb +0 -0
- data/{test → spec}/app_root/config/database.yml +0 -0
- data/{test → spec}/app_root/config/environment.rb +0 -0
- data/{test → spec}/app_root/config/environments/in_memory.rb +0 -0
- data/{test → spec}/app_root/config/environments/mysql.rb +0 -0
- data/{test → spec}/app_root/config/environments/postgresql.rb +0 -0
- data/{test → spec}/app_root/config/environments/sqlite.rb +0 -0
- data/{test → spec}/app_root/config/environments/sqlite3.rb +0 -0
- data/spec/app_root/config/routes.rb +7 -0
- data/{test/app_root/db/migrate/20090408115228_create_users.rb → spec/app_root/db/migrate/001_create_users.rb} +2 -1
- data/spec/app_root/db/migrate/002_create_properties.rb +13 -0
- data/spec/app_root/db/migrate/003_create_reviews.rb +14 -0
- data/{test → spec}/app_root/lib/console_with_fixtures.rb +0 -0
- data/{test → spec}/app_root/log/.gitignore +0 -0
- data/{test → spec}/app_root/script/console +0 -0
- data/spec/controllers/reviews_controller_spec.rb +19 -0
- data/spec/has_role_spec.rb +177 -0
- data/spec/permissions_spec.rb +550 -0
- data/spec/rcov.opts +2 -0
- data/spec/spec.opts +4 -0
- data/{test/test_helper.rb → spec/spec_helper.rb} +6 -9
- metadata +73 -57
- data/lib/aegis/constants.rb +0 -6
- data/lib/aegis/normalization.rb +0 -26
- data/lib/aegis/permission_error.rb +0 -5
- data/lib/aegis/permission_evaluator.rb +0 -34
- data/test/app_root/app/controllers/application_controller.rb +0 -2
- data/test/app_root/app/models/old_soldier.rb +0 -6
- data/test/app_root/app/models/permissions.rb +0 -49
- data/test/app_root/app/models/soldier.rb +0 -5
- data/test/app_root/app/models/trust_fund_kid.rb +0 -5
- data/test/app_root/app/models/user_subclass.rb +0 -2
- data/test/app_root/app/models/veteran_soldier.rb +0 -6
- data/test/app_root/config/routes.rb +0 -4
- data/test/app_root/db/migrate/20090429075648_create_soldiers.rb +0 -14
- data/test/app_root/db/migrate/20091110075648_create_veteran_soldiers.rb +0 -14
- data/test/app_root/db/migrate/20091110075649_create_trust_fund_kids.rb +0 -15
- data/test/has_role_options_test.rb +0 -64
- data/test/has_role_test.rb +0 -54
- data/test/permissions_test.rb +0 -109
- data/test/validation_test.rb +0 -55
data/test/has_role_test.rb
DELETED
@@ -1,54 +0,0 @@
|
|
1
|
-
require "test/test_helper"
|
2
|
-
|
3
|
-
class HasRoleTest < ActiveSupport::TestCase
|
4
|
-
|
5
|
-
context "Objects that have an aegis role" do
|
6
|
-
|
7
|
-
setup do
|
8
|
-
@guest = User.new(:role_name => "guest")
|
9
|
-
@student = User.new(:role_name => "student")
|
10
|
-
@student_subclass = UserSubclass.new(:role_name => "student")
|
11
|
-
@admin = User.new(:role_name => "admin")
|
12
|
-
end
|
13
|
-
|
14
|
-
should "know their role" do
|
15
|
-
assert_equal :guest, @guest.role.name
|
16
|
-
assert_equal :student, @student.role.name
|
17
|
-
assert_equal :student, @student_subclass.role.name
|
18
|
-
assert_equal :admin, @admin.role.name
|
19
|
-
end
|
20
|
-
|
21
|
-
should "know if they belong to a role" do
|
22
|
-
assert @guest.guest?
|
23
|
-
assert !@guest.student?
|
24
|
-
assert !@guest.admin?
|
25
|
-
assert !@student.guest?
|
26
|
-
assert !@student_subclass.guest?
|
27
|
-
assert @student.student?
|
28
|
-
assert @student_subclass.student?
|
29
|
-
assert !@student.admin?
|
30
|
-
assert !@student_subclass.admin?
|
31
|
-
assert !@admin.guest?
|
32
|
-
assert !@admin.student?
|
33
|
-
assert @admin.admin?
|
34
|
-
end
|
35
|
-
|
36
|
-
should "still behave as usual when a method ending in a '?' does not map to a role query" do
|
37
|
-
assert_raise NoMethodError do
|
38
|
-
@guest.nonexisting_method?
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
should "know that they respond to permission methods" do
|
43
|
-
assert @guest.respond_to?(:may_foo?)
|
44
|
-
assert @guest.respond_to?(:may_foo!)
|
45
|
-
end
|
46
|
-
|
47
|
-
should "retain the usual respond_to behaviour for non-permission methods" do
|
48
|
-
assert !@guest.respond_to?(:nonexisting_method)
|
49
|
-
assert @guest.respond_to?(:to_s)
|
50
|
-
end
|
51
|
-
|
52
|
-
end
|
53
|
-
|
54
|
-
end
|
data/test/permissions_test.rb
DELETED
@@ -1,109 +0,0 @@
|
|
1
|
-
require "test/test_helper"
|
2
|
-
|
3
|
-
class PermissionsTest < ActiveSupport::TestCase
|
4
|
-
|
5
|
-
context "Aegis permissions" do
|
6
|
-
|
7
|
-
setup do
|
8
|
-
@guest = User.new(:role_name => "guest")
|
9
|
-
@student = User.new(:role_name => "student")
|
10
|
-
@student_subclass = UserSubclass.new(:role_name => "student")
|
11
|
-
@admin = User.new(:role_name => "admin")
|
12
|
-
end
|
13
|
-
|
14
|
-
should "use the default permission for actions without any allow or grant directives" do
|
15
|
-
assert !@guest.may_use_empty?
|
16
|
-
assert !@student.may_use_empty?
|
17
|
-
assert !@student_subclass.may_use_empty?
|
18
|
-
assert @admin.may_use_empty?
|
19
|
-
end
|
20
|
-
|
21
|
-
should "understand simple allow and deny directives" do
|
22
|
-
assert !@guest.may_use_simple?
|
23
|
-
assert @student.may_use_simple?
|
24
|
-
assert @student_subclass.may_use_simple?
|
25
|
-
assert !@admin.may_use_simple?
|
26
|
-
end
|
27
|
-
|
28
|
-
should 'raise exceptions when a denied action is queried with an exclamation mark' do
|
29
|
-
assert_raise Aegis::PermissionError do
|
30
|
-
@guest.may_use_simple!
|
31
|
-
end
|
32
|
-
assert_raise Aegis::PermissionError do
|
33
|
-
@admin.may_use_simple!
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
should 'do nothing if an allowed action is queried with an exclamation mark' do
|
38
|
-
assert_nothing_raised do
|
39
|
-
@student.may_use_simple!
|
40
|
-
@student_subclass.may_use_simple!
|
41
|
-
end
|
42
|
-
end
|
43
|
-
|
44
|
-
should "implicate the singular form of an action described in plural form" do
|
45
|
-
assert !@guest.may_update_users?
|
46
|
-
assert !@guest.may_update_user?("foo")
|
47
|
-
assert @student.may_update_users?
|
48
|
-
assert @student_subclass.may_update_users?
|
49
|
-
assert @student.may_update_user?("foo")
|
50
|
-
assert @student_subclass.may_update_user?("foo")
|
51
|
-
assert !@admin.may_update_users?
|
52
|
-
assert !@admin.may_update_user?("foo")
|
53
|
-
end
|
54
|
-
|
55
|
-
should 'implicate create, read, update and destroy forms for actions named "crud_..."' do
|
56
|
-
assert @student.may_create_projects?
|
57
|
-
assert @student_subclass.may_create_projects?
|
58
|
-
assert @student.may_read_projects?
|
59
|
-
assert @student_subclass.may_read_projects?
|
60
|
-
assert @student.may_update_projects?
|
61
|
-
assert @student_subclass.may_update_projects?
|
62
|
-
assert @student.may_destroy_projects?
|
63
|
-
assert @student_subclass.may_destroy_projects?
|
64
|
-
end
|
65
|
-
|
66
|
-
should 'perform normalization of CRUD verbs (e.g. "edit" and "update")' do
|
67
|
-
assert !@guest.may_edit_drinks?
|
68
|
-
assert @student.may_edit_drinks?
|
69
|
-
assert @student_subclass.may_edit_drinks?
|
70
|
-
assert !@admin.may_edit_drinks?
|
71
|
-
assert !@guest.may_update_drinks?
|
72
|
-
assert @student.may_update_drinks?
|
73
|
-
assert @student_subclass.may_update_drinks?
|
74
|
-
assert !@admin.may_update_drinks?
|
75
|
-
end
|
76
|
-
|
77
|
-
should "be able to grant or deny actions to all roles using :everyone" do
|
78
|
-
assert @guest.may_hug?
|
79
|
-
assert @student.may_hug?
|
80
|
-
assert @student_subclass.may_hug?
|
81
|
-
assert @admin.may_hug?
|
82
|
-
end
|
83
|
-
|
84
|
-
should "allow the definition of parametrized actions" do
|
85
|
-
assert !@guest.may_divide?(10, 2)
|
86
|
-
assert @student.may_divide?(10, 2)
|
87
|
-
assert @student_subclass.may_divide?(10, 2)
|
88
|
-
assert !@student.may_divide?(10, 0)
|
89
|
-
assert !@student_subclass.may_divide?(10, 0)
|
90
|
-
assert @admin.may_divide?(10, 2)
|
91
|
-
assert @admin.may_divide?(10, 0)
|
92
|
-
end
|
93
|
-
|
94
|
-
should 'use default permissions for undefined actions' do
|
95
|
-
!@student.may_do_undefined_stuff?("foo")
|
96
|
-
!@student_subclass.may_do_undefined_stuff?("foo")
|
97
|
-
@admin.may_do_undefined_stuff?("foo")
|
98
|
-
end
|
99
|
-
|
100
|
-
should 'overshadow previous action definitions with the same name' do
|
101
|
-
assert @guest.may_draw?
|
102
|
-
assert !@student.may_draw?
|
103
|
-
assert !@student_subclass.may_draw?
|
104
|
-
assert !@admin.may_draw?
|
105
|
-
end
|
106
|
-
|
107
|
-
end
|
108
|
-
|
109
|
-
end
|
data/test/validation_test.rb
DELETED
@@ -1,55 +0,0 @@
|
|
1
|
-
require "test/test_helper"
|
2
|
-
|
3
|
-
class ValidationTest < ActiveSupport::TestCase
|
4
|
-
|
5
|
-
context "A model that has and validates its role" do
|
6
|
-
|
7
|
-
setup do
|
8
|
-
@user = User.new()
|
9
|
-
end
|
10
|
-
|
11
|
-
context "that has a role_name mapping to a role" do
|
12
|
-
|
13
|
-
setup do
|
14
|
-
@user.role_name = "admin"
|
15
|
-
end
|
16
|
-
|
17
|
-
should "be valid" do
|
18
|
-
assert @user.valid?
|
19
|
-
end
|
20
|
-
|
21
|
-
end
|
22
|
-
|
23
|
-
context "that has a blank role_name" do
|
24
|
-
|
25
|
-
setup do
|
26
|
-
@user.role_name = ""
|
27
|
-
end
|
28
|
-
|
29
|
-
should "not be valid" do
|
30
|
-
assert !@user.valid?
|
31
|
-
end
|
32
|
-
|
33
|
-
end
|
34
|
-
|
35
|
-
context "that has a role_name not mapping to a role" do
|
36
|
-
|
37
|
-
setup do
|
38
|
-
@user.role_name = "nonexisting_role_name"
|
39
|
-
end
|
40
|
-
|
41
|
-
should "not be valid" do
|
42
|
-
assert !@user.valid?
|
43
|
-
end
|
44
|
-
|
45
|
-
end
|
46
|
-
|
47
|
-
should "use add the default inclusion error message on role_name" do
|
48
|
-
@user.role_name = ""
|
49
|
-
@user.valid?
|
50
|
-
assert_equal I18n.translate('activerecord.errors.messages.inclusion'), @user.errors.on(:role_name)
|
51
|
-
end
|
52
|
-
|
53
|
-
end
|
54
|
-
|
55
|
-
end
|