alberich 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +18 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +37 -0
- data/Rakefile +34 -0
- data/alberich.gemspec +34 -0
- data/app/assets/javascripts/alberich/application.js +15 -0
- data/app/assets/javascripts/alberich/permissions.js +2 -0
- data/app/assets/javascripts/alberich/privileges.js +2 -0
- data/app/assets/javascripts/alberich/roles.js +2 -0
- data/app/assets/stylesheets/alberich/application.css +13 -0
- data/app/assets/stylesheets/alberich/permissions.css +4 -0
- data/app/assets/stylesheets/alberich/privileges.css +4 -0
- data/app/assets/stylesheets/alberich/roles.css +4 -0
- data/app/assets/stylesheets/scaffold.css +56 -0
- data/app/controllers/alberich/application_controller.rb +4 -0
- data/app/controllers/alberich/application_controller_helper.rb +118 -0
- data/app/controllers/alberich/permissions_controller.rb +211 -0
- data/app/controllers/alberich/privileges_controller.rb +105 -0
- data/app/controllers/alberich/roles_controller.rb +97 -0
- data/app/helpers/alberich/application_helper.rb +4 -0
- data/app/helpers/alberich/permissions_helper.rb +4 -0
- data/app/helpers/alberich/privileges_helper.rb +4 -0
- data/app/helpers/alberich/roles_helper.rb +4 -0
- data/app/models/alberich/base_permission_object.rb +42 -0
- data/app/models/alberich/derived_permission.rb +25 -0
- data/app/models/alberich/entity.rb +27 -0
- data/app/models/alberich/entity_target_observer.rb +16 -0
- data/app/models/alberich/permission.rb +59 -0
- data/app/models/alberich/permission_session.rb +33 -0
- data/app/models/alberich/permissioned_object.rb +139 -0
- data/app/models/alberich/privilege.rb +29 -0
- data/app/models/alberich/role.rb +37 -0
- data/app/models/alberich/session_entity.rb +15 -0
- data/app/views/alberich/permissions/_form.html.haml +27 -0
- data/app/views/alberich/permissions/_list.html.haml +1 -0
- data/app/views/alberich/permissions/_objects.html.haml +38 -0
- data/app/views/alberich/permissions/_permissions.html.haml +45 -0
- data/app/views/alberich/permissions/index.html.haml +2 -0
- data/app/views/alberich/permissions/new.html.haml +5 -0
- data/app/views/alberich/permissions/show.html.haml +12 -0
- data/app/views/alberich/privileges/_form.html.haml +19 -0
- data/app/views/alberich/privileges/_list.html.haml +17 -0
- data/app/views/alberich/privileges/create.html.haml +2 -0
- data/app/views/alberich/privileges/destroy.html.haml +2 -0
- data/app/views/alberich/privileges/edit.html.haml +5 -0
- data/app/views/alberich/privileges/index.html.haml +5 -0
- data/app/views/alberich/privileges/new.html.haml +5 -0
- data/app/views/alberich/privileges/show.html.haml +12 -0
- data/app/views/alberich/privileges/update.html.haml +2 -0
- data/app/views/alberich/roles/_form.html.haml +24 -0
- data/app/views/alberich/roles/edit.html.haml +7 -0
- data/app/views/alberich/roles/index.html.haml +23 -0
- data/app/views/alberich/roles/new.html.haml +5 -0
- data/app/views/alberich/roles/show.html.haml +16 -0
- data/app/views/layouts/alberich/application.html.erb +14 -0
- data/config/initializers/haml.rb +1 -0
- data/config/routes.rb +17 -0
- data/db/migrate/20120925162242_create_alberich_roles.rb +12 -0
- data/db/migrate/20121022223626_create_alberich_privileges.rb +12 -0
- data/db/migrate/20121023051301_create_alberich_base_permission_objects.rb +9 -0
- data/db/migrate/20121023233648_create_alberich_permission_sessions.rb +11 -0
- data/db/migrate/20121027023136_create_alberich_entities.rb +34 -0
- data/db/migrate/20121204205213_create_alberich_session_entities.rb +12 -0
- data/db/migrate/20121205180518_create_alberich_permissions.rb +13 -0
- data/db/migrate/20130107043252_create_alberich_derived_permissions.rb +18 -0
- data/lib/alberich.rb +10 -0
- data/lib/alberich/#version.rb# +3 -0
- data/lib/alberich/engine.rb +10 -0
- data/lib/alberich/version.rb +3 -0
- data/lib/generators/alberich/install_generator.rb +15 -0
- data/lib/generators/alberich/templates/README +6 -0
- data/lib/generators/alberich/templates/alberich.rb +11 -0
- data/lib/tasks/alberich_tasks.rake +4 -0
- data/spec/controllers/alberich/permissions_controller_spec.rb +112 -0
- data/spec/controllers/alberich/privileges_controller_spec.rb +131 -0
- data/spec/controllers/alberich/roles_controller_spec.rb +130 -0
- data/spec/factories/alberich/permission.rb +51 -0
- data/spec/factories/alberich/permission_session.rb +7 -0
- data/spec/factories/alberich/privilege.rb +6 -0
- data/spec/factories/alberich/role.rb +103 -0
- data/spec/factories/child_resource.rb +14 -0
- data/spec/factories/child_resource.rb~ +7 -0
- data/spec/factories/global_resource.rb +11 -0
- data/spec/factories/global_resource.rb~ +25 -0
- data/spec/factories/parent_resource.rb +12 -0
- data/spec/factories/parent_resource.rb~ +7 -0
- data/spec/factories/standalone_resource.rb +7 -0
- data/spec/factories/standalone_resource.rb~ +11 -0
- data/spec/factories/user.rb +30 -0
- data/spec/factories/user_group.rb +8 -0
- data/spec/models/alberich/derived_permission_spec.rb +34 -0
- data/spec/models/alberich/entity_spec.rb +15 -0
- data/spec/models/alberich/permission_spec.rb +133 -0
- data/spec/models/alberich/privilege_spec.rb +39 -0
- data/spec/models/alberich/role_spec.rb +33 -0
- data/spec/models/alberich/session_entity_spec.rb +24 -0
- data/spec/spec_helper.rb +81 -0
- data/spec/support/routes.rb +41 -0
- data/test/dummy/README.rdoc +261 -0
- data/test/dummy/Rakefile +7 -0
- data/test/dummy/app/assets/javascripts/application.js +15 -0
- data/test/dummy/app/assets/javascripts/child_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/global_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/parent_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/standalone_resources.js +2 -0
- data/test/dummy/app/assets/javascripts/user_groups.js +2 -0
- data/test/dummy/app/assets/javascripts/users.js +2 -0
- data/test/dummy/app/assets/stylesheets/application.css +13 -0
- data/test/dummy/app/assets/stylesheets/child_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/global_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/parent_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/scaffold.css +56 -0
- data/test/dummy/app/assets/stylesheets/standalone_resources.css +4 -0
- data/test/dummy/app/assets/stylesheets/user_groups.css +4 -0
- data/test/dummy/app/assets/stylesheets/users.css +4 -0
- data/test/dummy/app/controllers/application_controller.rb +73 -0
- data/test/dummy/app/controllers/child_resources_controller.rb +99 -0
- data/test/dummy/app/controllers/child_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/global_resources_controller.rb +95 -0
- data/test/dummy/app/controllers/global_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/parent_resources_controller.rb +101 -0
- data/test/dummy/app/controllers/parent_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/standalone_resources_controller.rb +101 -0
- data/test/dummy/app/controllers/standalone_resources_controller.rb~ +83 -0
- data/test/dummy/app/controllers/user_groups_controller.rb +131 -0
- data/test/dummy/app/controllers/user_sessions_controller.rb +38 -0
- data/test/dummy/app/controllers/users_controller.rb +87 -0
- data/test/dummy/app/helpers/application_helper.rb +2 -0
- data/test/dummy/app/helpers/child_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/global_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/parent_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/standalone_resources_helper.rb +2 -0
- data/test/dummy/app/helpers/user_groups_helper.rb +2 -0
- data/test/dummy/app/helpers/users_helper.rb +2 -0
- data/test/dummy/app/models/child_resource.rb +25 -0
- data/test/dummy/app/models/child_resource.rb~ +4 -0
- data/test/dummy/app/models/global_resource.rb +3 -0
- data/test/dummy/app/models/parent_resource.rb +32 -0
- data/test/dummy/app/models/parent_resource.rb~ +3 -0
- data/test/dummy/app/models/standalone_resource.rb +22 -0
- data/test/dummy/app/models/standalone_resource.rb~ +3 -0
- data/test/dummy/app/models/user.rb +80 -0
- data/test/dummy/app/models/user_group.rb +12 -0
- data/test/dummy/app/views/child_resources/_form.html.erb +30 -0
- data/test/dummy/app/views/child_resources/_form.html.erb~ +29 -0
- data/test/dummy/app/views/child_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/child_resources/index.html.erb +25 -0
- data/test/dummy/app/views/child_resources/index.html.erb~ +27 -0
- data/test/dummy/app/views/child_resources/new.html.erb +5 -0
- data/test/dummy/app/views/child_resources/show.html.erb +20 -0
- data/test/dummy/app/views/child_resources/show.html.erb~ +20 -0
- data/test/dummy/app/views/global_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/global_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/global_resources/index.html.erb +25 -0
- data/test/dummy/app/views/global_resources/new.html.erb +5 -0
- data/test/dummy/app/views/global_resources/show.html.erb +15 -0
- data/test/dummy/app/views/layouts/application.html.erb +14 -0
- data/test/dummy/app/views/parent_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/parent_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/parent_resources/index.html.erb +25 -0
- data/test/dummy/app/views/parent_resources/index.html.erb~ +25 -0
- data/test/dummy/app/views/parent_resources/new.html.erb +5 -0
- data/test/dummy/app/views/parent_resources/show.html.erb +44 -0
- data/test/dummy/app/views/parent_resources/show.html.erb~ +15 -0
- data/test/dummy/app/views/standalone_resources/_form.html.erb +25 -0
- data/test/dummy/app/views/standalone_resources/edit.html.erb +6 -0
- data/test/dummy/app/views/standalone_resources/index.html.erb +25 -0
- data/test/dummy/app/views/standalone_resources/new.html.erb +5 -0
- data/test/dummy/app/views/standalone_resources/show.html.erb +15 -0
- data/test/dummy/app/views/user_groups/_form.html.haml +9 -0
- data/test/dummy/app/views/user_groups/add_members.html.haml +18 -0
- data/test/dummy/app/views/user_groups/edit.html.haml +13 -0
- data/test/dummy/app/views/user_groups/index.html.haml +20 -0
- data/test/dummy/app/views/user_groups/new.html.haml +11 -0
- data/test/dummy/app/views/user_groups/show.html.haml +42 -0
- data/test/dummy/app/views/user_sessions/new.html.haml +26 -0
- data/test/dummy/app/views/users/_form.html.haml +25 -0
- data/test/dummy/app/views/users/edit.html.haml +14 -0
- data/test/dummy/app/views/users/index.html.haml +26 -0
- data/test/dummy/app/views/users/new.html.haml +11 -0
- data/test/dummy/app/views/users/show.html.haml +56 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/config/application.rb +59 -0
- data/test/dummy/config/boot.rb +10 -0
- data/test/dummy/config/database.yml +25 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +37 -0
- data/test/dummy/config/environments/production.rb +67 -0
- data/test/dummy/config/environments/test.rb +37 -0
- data/test/dummy/config/initializers/alberich.rb +13 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/inflections.rb +15 -0
- data/test/dummy/config/initializers/mime_types.rb +5 -0
- data/test/dummy/config/initializers/secret_token.rb +7 -0
- data/test/dummy/config/initializers/session_store.rb +8 -0
- data/test/dummy/config/initializers/warden.rb +79 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +5 -0
- data/test/dummy/config/routes.rb +33 -0
- data/test/dummy/db/migrate/20120801010101_create_users.rb +20 -0
- data/test/dummy/db/migrate/20121121054319_create_user_groups.rb +16 -0
- data/test/dummy/db/migrate/20130220160811_create_global_resources.rb +10 -0
- data/test/dummy/db/migrate/20130220175258_create_standalone_resources.rb +10 -0
- data/test/dummy/db/migrate/20130226145412_create_parent_resources.rb +10 -0
- data/test/dummy/db/migrate/20130226151256_create_child_resources.rb +12 -0
- data/test/dummy/db/migrate/20130226151256_create_child_resources.rb~ +12 -0
- data/test/dummy/db/schema.rb +151 -0
- data/test/dummy/db/seeds.rb +65 -0
- data/test/dummy/lib/password.rb +58 -0
- data/test/dummy/public/404.html +26 -0
- data/test/dummy/public/422.html +26 -0
- data/test/dummy/public/500.html +25 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/dummy/script/rails +6 -0
- data/test/dummy/test/fixtures/child_resources.yml +11 -0
- data/test/dummy/test/fixtures/global_resources.yml +9 -0
- data/test/dummy/test/fixtures/parent_resources.yml +9 -0
- data/test/dummy/test/fixtures/standalone_resources.yml +9 -0
- data/test/dummy/test/fixtures/user_groups.yml +9 -0
- data/test/dummy/test/fixtures/users.yml +37 -0
- data/test/dummy/test/functional/child_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/global_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/parent_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/standalone_resources_controller_test.rb +49 -0
- data/test/dummy/test/functional/user_groups_controller_test.rb +49 -0
- data/test/dummy/test/functional/users_controller_test.rb +39 -0
- data/test/dummy/test/unit/child_resource_test.rb +7 -0
- data/test/dummy/test/unit/global_resource_test.rb +7 -0
- data/test/dummy/test/unit/helpers/child_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/global_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/parent_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/standalone_resources_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/user_groups_helper_test.rb +4 -0
- data/test/dummy/test/unit/helpers/users_helper_test.rb +4 -0
- data/test/dummy/test/unit/parent_resource_test.rb +7 -0
- data/test/dummy/test/unit/standalone_resource_test.rb +7 -0
- data/test/dummy/test/unit/user_group_test.rb +7 -0
- data/test/dummy/test/unit/user_test.rb +7 -0
- data/test/integration/alberich/permission_test.rb +7 -0
- data/test/integration/alberich/privilege_test.rb +7 -0
- data/test/integration/alberich/role_test.rb +7 -0
- metadata +639 -0
@@ -0,0 +1,51 @@
|
|
1
|
+
FactoryGirl.define do
|
2
|
+
|
3
|
+
factory :permission, :class => Alberich::Permission
|
4
|
+
|
5
|
+
factory :admin_permission, :parent => :permission do
|
6
|
+
role { |r| Alberich::Role.first(:conditions => ['name = ?', 'Site Admin']) || FactoryGirl.create(:admin_role) }
|
7
|
+
permission_object { |r| Alberich::BasePermissionObject.general_permission_scope }
|
8
|
+
entity { |r| Alberich::Entity.for_target(FactoryGirl.create(:admin_user)) }
|
9
|
+
end
|
10
|
+
|
11
|
+
factory :group_admin_permission, :parent => :permission do
|
12
|
+
role { |r| Alberich::Role.first(:conditions => ['name = ?', 'Site Admin']) || FactoryGirl.create(:admin_role) }
|
13
|
+
permission_object { |r| Alberich::BasePermissionObject.general_permission_scope }
|
14
|
+
entity { |r| Alberich::Entity.for_target(FactoryGirl.create(:user_group)) }
|
15
|
+
end
|
16
|
+
|
17
|
+
factory :global_permission, :parent => :permission do
|
18
|
+
role { |r| FactoryGirl.create(:role) }
|
19
|
+
permission_object { |r| Alberich::BasePermissionObject.general_permission_scope }
|
20
|
+
entity { |r| Alberich::Entity.for_target(FactoryGirl.create(:user)) }
|
21
|
+
end
|
22
|
+
|
23
|
+
factory :global_resource_permission, :parent => :permission do
|
24
|
+
role { |r| Alberich::Role.first(:conditions => ['name = ?', 'GlobalResource Admin']) || FactoryGirl.create(:global_resource_role) }
|
25
|
+
permission_object { |r| Alberich::BasePermissionObject.general_permission_scope }
|
26
|
+
entity { |r| Alberich::Entity.for_target(FactoryGirl.create(:user)) }
|
27
|
+
end
|
28
|
+
|
29
|
+
factory :standalone_creator_permission, :parent => :permission do
|
30
|
+
role { |r| Alberich::Role.first(:conditions => ['name = ?', 'StandaloneResource Creator']) || FactoryGirl.create(:standalone_creator_role) }
|
31
|
+
permission_object { |r| Alberich::BasePermissionObject.general_permission_scope }
|
32
|
+
entity { |r| Alberich::Entity.for_target(FactoryGirl.create(:user)) }
|
33
|
+
end
|
34
|
+
factory :standalone_owner_permission, :parent => :permission do
|
35
|
+
role { |r| Alberich::Role.first(:conditions => ['name = ?', 'StandaloneResource Owner']) || FactoryGirl.create(:standalone_owner_role) }
|
36
|
+
permission_object { |r| FactoryGirl.create(:standalone_resource) }
|
37
|
+
entity { |r| Alberich::Entity.for_target(FactoryGirl.create(:user)) }
|
38
|
+
end
|
39
|
+
|
40
|
+
factory :parent_owner_permission, :parent => :permission do
|
41
|
+
role { |r| Alberich::Role.first(:conditions => ['name = ?', 'ParentResource Owner']) || FactoryGirl.create(:parent_owner_role) }
|
42
|
+
permission_object { |r| FactoryGirl.create(:parent_resource2) }
|
43
|
+
entity { |r| Alberich::Entity.for_target(FactoryGirl.create(:user)) }
|
44
|
+
end
|
45
|
+
factory :child_owner_permission, :parent => :permission do
|
46
|
+
role { |r| Alberich::Role.first(:conditions => ['name = ?', 'ChildResource Owner']) || FactoryGirl.create(:child_owner_role) }
|
47
|
+
permission_object { |r| FactoryGirl.create(:child_resource2) }
|
48
|
+
entity { |r| Alberich::Entity.for_target(FactoryGirl.create(:user)) }
|
49
|
+
end
|
50
|
+
|
51
|
+
end
|
@@ -0,0 +1,103 @@
|
|
1
|
+
FactoryGirl.define do
|
2
|
+
factory :role, :class => Alberich::Role do
|
3
|
+
sequence(:name) { |n| "role#{n}" }
|
4
|
+
scope 'Alberich::BasePermissionObject'
|
5
|
+
end
|
6
|
+
|
7
|
+
factory :admin_role, :parent => :role do
|
8
|
+
name 'Site Admin'
|
9
|
+
after(:create) do |role, evaluator|
|
10
|
+
priv_data = [["Alberich::BasePermissionObject", "create"],
|
11
|
+
["Alberich::BasePermissionObject", "modify"],
|
12
|
+
["Alberich::BasePermissionObject", "use"],
|
13
|
+
["Alberich::BasePermissionObject", "set_perms"],
|
14
|
+
["Alberich::BasePermissionObject", "view_perms"],
|
15
|
+
["Alberich::BasePermissionObject", "view"],
|
16
|
+
["User", "view_perms"],
|
17
|
+
["User", "set_perms"],
|
18
|
+
[ "User", "view"],
|
19
|
+
[ "User", "create"],
|
20
|
+
["User", "modify"],
|
21
|
+
["GlobalResource", "view"],
|
22
|
+
["GlobalResource", "modify"],
|
23
|
+
["GlobalResource", "create"],
|
24
|
+
["StandaloneResource", "create"],
|
25
|
+
["StandaloneResource", "view"],
|
26
|
+
["StandaloneResource", "modify"],
|
27
|
+
["ParentResource", "create"],
|
28
|
+
["ParentResource", "view"],
|
29
|
+
["ParentResource", "modify"],
|
30
|
+
["ChildResource", "create"],
|
31
|
+
["ChildResource", "view"],
|
32
|
+
["ChildResource", "modify"]]
|
33
|
+
priv_data.each do |target_type, action|
|
34
|
+
FactoryGirl.create(:privilege, :target_type => target_type,
|
35
|
+
:action => action, :role_id => role.id)
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
factory :global_resource_role, :parent => :role do
|
41
|
+
name 'GlobalResource Admin'
|
42
|
+
after(:create) do |role, evaluator|
|
43
|
+
priv_data = [["GlobalResource", "view"],
|
44
|
+
["GlobalResource", "modify"],
|
45
|
+
["GlobalResource", "create"]]
|
46
|
+
priv_data.each do |target_type, action|
|
47
|
+
FactoryGirl.create(:privilege, :target_type => target_type,
|
48
|
+
:action => action, :role_id => role.id)
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
factory :standalone_creator_role, :parent => :role do
|
54
|
+
name 'StandaloneResource Creator'
|
55
|
+
after(:create) do |role, evaluator|
|
56
|
+
priv_data = [["StandaloneResource", "create"]]
|
57
|
+
priv_data.each do |target_type, action|
|
58
|
+
FactoryGirl.create(:privilege, :target_type => target_type,
|
59
|
+
:action => action, :role_id => role.id)
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
factory :standalone_owner_role, :parent => :role do
|
64
|
+
name 'StandaloneResource Owner'
|
65
|
+
scope 'StandaloneResource'
|
66
|
+
after(:create) do |role, evaluator|
|
67
|
+
priv_data = [["StandaloneResource", "view"],
|
68
|
+
["StandaloneResource", "modify"]]
|
69
|
+
priv_data.each do |target_type, action|
|
70
|
+
FactoryGirl.create(:privilege, :target_type => target_type,
|
71
|
+
:action => action, :role_id => role.id)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
factory :parent_owner_role, :parent => :role do
|
77
|
+
name 'ParentResource Owner'
|
78
|
+
scope 'ParentResource'
|
79
|
+
after(:create) do |role, evaluator|
|
80
|
+
priv_data = [["ChildResource", "view"],
|
81
|
+
["ChildResource", "modify"],
|
82
|
+
["ChildResource", "create"],
|
83
|
+
["ParentResource", "view"],
|
84
|
+
["ParentResource", "modify"]]
|
85
|
+
priv_data.each do |target_type, action|
|
86
|
+
FactoryGirl.create(:privilege, :target_type => target_type,
|
87
|
+
:action => action, :role_id => role.id)
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
factory :child_owner_role, :parent => :role do
|
92
|
+
name 'ChildResource Owner'
|
93
|
+
scope 'ChildResource'
|
94
|
+
after(:create) do |role, evaluator|
|
95
|
+
priv_data = [["ChildResource", "view"],
|
96
|
+
["ChildResource", "modify"]]
|
97
|
+
priv_data.each do |target_type, action|
|
98
|
+
FactoryGirl.create(:privilege, :target_type => target_type,
|
99
|
+
:action => action, :role_id => role.id)
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
FactoryGirl.define do
|
2
|
+
|
3
|
+
factory :child_resource do |u|
|
4
|
+
sequence(:name) { |n| "child_resource#{n}" }
|
5
|
+
association :parent_resource, :factory => :parent_resource
|
6
|
+
description 'The Description'
|
7
|
+
end
|
8
|
+
|
9
|
+
factory :child_resource2, :parent => :child_resource do |u|
|
10
|
+
sequence(:name) { |n| "child_resource_test" }
|
11
|
+
parent_resource { |r| ParentResource.first(:conditions => ['name = ?', 'parent_resource_test']) || FactoryGirl.create(:parent_resource2) }
|
12
|
+
description 'The Description'
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
FactoryGirl.define do
|
2
|
+
|
3
|
+
factory :global_resource do |u|
|
4
|
+
sequence(:name) { |n| "global_resource#{n}" }
|
5
|
+
description 'The Description'
|
6
|
+
end
|
7
|
+
|
8
|
+
factory :email_user , :parent => :user do
|
9
|
+
email = :email
|
10
|
+
end
|
11
|
+
|
12
|
+
factory :other_named_user, :parent => :user do
|
13
|
+
first_name 'Jane'
|
14
|
+
last_name 'Doe'
|
15
|
+
end
|
16
|
+
|
17
|
+
factory :tuser, :parent => :user do
|
18
|
+
last_login_ip '192.168.1.1'
|
19
|
+
end
|
20
|
+
|
21
|
+
factory :admin_user, :parent => :user do
|
22
|
+
username 'admin'
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
FactoryGirl.define do
|
2
|
+
|
3
|
+
factory :parent_resource do |u|
|
4
|
+
sequence(:name) { |n| "parent_resource#{n}" }
|
5
|
+
description 'The Description'
|
6
|
+
end
|
7
|
+
|
8
|
+
factory :parent_resource2, :parent => :parent_resource do |u|
|
9
|
+
sequence(:name) { |n| "parent_resource_test" }
|
10
|
+
description 'The Description'
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
FactoryGirl.define do
|
2
|
+
|
3
|
+
factory :standalone_resource do |u|
|
4
|
+
sequence(:name) { |n| "standalone_resource#{n}" }
|
5
|
+
description 'The Description'
|
6
|
+
end
|
7
|
+
|
8
|
+
factory :standalone_resource2 , :parent => :standalone_resource do
|
9
|
+
name 'Test standalone resoource'
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
FactoryGirl.define do
|
2
|
+
|
3
|
+
factory :user do |u|
|
4
|
+
sequence(:username) { |n| "user#{n}" }
|
5
|
+
password 'secret'
|
6
|
+
password_confirmation 'secret'
|
7
|
+
first_name 'John'
|
8
|
+
last_name 'Smith'
|
9
|
+
email "#{:username}@example.com"
|
10
|
+
#after_build { |u| u.email ||= "#{u.username}@example.com" }
|
11
|
+
end
|
12
|
+
|
13
|
+
factory :email_user , :parent => :user do
|
14
|
+
email = :email
|
15
|
+
end
|
16
|
+
|
17
|
+
factory :other_named_user, :parent => :user do
|
18
|
+
first_name 'Jane'
|
19
|
+
last_name 'Doe'
|
20
|
+
end
|
21
|
+
|
22
|
+
factory :tuser, :parent => :user do
|
23
|
+
last_login_ip '192.168.1.1'
|
24
|
+
end
|
25
|
+
|
26
|
+
factory :admin_user, :parent => :user do
|
27
|
+
username 'admin'
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Alberich
|
4
|
+
describe DerivedPermission do
|
5
|
+
before(:each) do
|
6
|
+
@admin_permission = FactoryGirl.create :admin_permission
|
7
|
+
@permission = FactoryGirl.create :global_permission
|
8
|
+
|
9
|
+
@admin = @admin_permission.user
|
10
|
+
@user = @permission.user
|
11
|
+
@permission_session = FactoryGirl.create(:permission_session,
|
12
|
+
:user => @admin)
|
13
|
+
@permission_session.update_session_entities(@admin)
|
14
|
+
@permission_session.add_to_session(@user)
|
15
|
+
|
16
|
+
end
|
17
|
+
|
18
|
+
it "derived permissions created for global permission" do
|
19
|
+
derived_perms_count = BasePermissionObject.general_permission_scope.
|
20
|
+
derived_permissions.size
|
21
|
+
@global_perm = Permission.create(:entity => Entity.for_target(@admin),
|
22
|
+
:role => FactoryGirl.create(:role),
|
23
|
+
:permission_object =>
|
24
|
+
BasePermissionObject.general_permission_scope)
|
25
|
+
perm_sources = BasePermissionObject.general_permission_scope.
|
26
|
+
derived_permissions.collect {|p| p.permission}
|
27
|
+
perm_sources.size.should == (derived_perms_count + 1)
|
28
|
+
perm_sources.include?(@admin_permission).should be_true
|
29
|
+
perm_sources.include?(@global_perm).should be_true
|
30
|
+
end
|
31
|
+
#FIXME add obj-level tests with inheritence once dummy app gets permissioned object examples
|
32
|
+
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Alberich
|
4
|
+
describe Entity do
|
5
|
+
it "should create entity on user creation" do
|
6
|
+
u = FactoryGirl.create(:user)
|
7
|
+
Entity.for_target(u).should be_a(Entity)
|
8
|
+
end
|
9
|
+
|
10
|
+
it "should create entity on user group creation" do
|
11
|
+
u = FactoryGirl.create(:user_group)
|
12
|
+
Entity.for_target(u).should be_a(Entity)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,133 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
module Alberich
|
4
|
+
describe Permission do
|
5
|
+
before(:each) do
|
6
|
+
@admin_permission = FactoryGirl.create :admin_permission
|
7
|
+
@permission = FactoryGirl.create :global_permission
|
8
|
+
|
9
|
+
@admin = @admin_permission.user
|
10
|
+
@user = @permission.user
|
11
|
+
@permission_session = FactoryGirl.create(:permission_session,
|
12
|
+
:user => @admin)
|
13
|
+
@permission_session.update_session_entities(@admin)
|
14
|
+
@permission_session.add_to_session(@user)
|
15
|
+
|
16
|
+
end
|
17
|
+
|
18
|
+
it "Admin should be able to create users" do
|
19
|
+
BasePermissionObject.general_permission_scope.
|
20
|
+
has_privilege(@permission_session,
|
21
|
+
@admin,
|
22
|
+
Privilege::CREATE,
|
23
|
+
User).should be_true
|
24
|
+
end
|
25
|
+
|
26
|
+
it "Non-admin should not be able to create users" do
|
27
|
+
BasePermissionObject.general_permission_scope.
|
28
|
+
has_privilege(@permission_session,
|
29
|
+
@user,
|
30
|
+
Privilege::CREATE,
|
31
|
+
User).should be_false
|
32
|
+
end
|
33
|
+
|
34
|
+
it "User added to Admin group should be able to create users" do
|
35
|
+
newuser = FactoryGirl.create(:user)
|
36
|
+
group_admin_permission = FactoryGirl.create(:group_admin_permission)
|
37
|
+
user_group = group_admin_permission.user_group
|
38
|
+
@permission_session.update_session_entities(newuser)
|
39
|
+
BasePermissionObject.general_permission_scope.has_privilege(@permission_session,
|
40
|
+
newuser,
|
41
|
+
Privilege::CREATE,
|
42
|
+
User).should be_false
|
43
|
+
user_group.members << newuser
|
44
|
+
newuser.reload
|
45
|
+
@permission_session.update_session_entities(newuser)
|
46
|
+
BasePermissionObject.general_permission_scope.has_privilege(@permission_session,
|
47
|
+
newuser,
|
48
|
+
Privilege::CREATE,
|
49
|
+
User).should be_true
|
50
|
+
|
51
|
+
end
|
52
|
+
|
53
|
+
it "global permissions should be type-specific" do
|
54
|
+
global_resource_permission = FactoryGirl.create :global_resource_permission
|
55
|
+
global_resource_user = global_resource_permission.user
|
56
|
+
@permission_session.update_session_entities(global_resource_user)
|
57
|
+
BasePermissionObject.general_permission_scope.
|
58
|
+
has_privilege(@permission_session,
|
59
|
+
global_resource_user,
|
60
|
+
Privilege::CREATE,
|
61
|
+
GlobalResource).should be_true
|
62
|
+
BasePermissionObject.general_permission_scope.
|
63
|
+
has_privilege(@permission_session,
|
64
|
+
@user,
|
65
|
+
Privilege::CREATE,
|
66
|
+
GlobalResource).should be_false
|
67
|
+
end
|
68
|
+
|
69
|
+
it "standalone resource create permission should be limited by global roles" do
|
70
|
+
standalone_creator_permission = FactoryGirl.create :standalone_creator_permission
|
71
|
+
standalone_creator_user = standalone_creator_permission.user
|
72
|
+
@permission_session.update_session_entities(standalone_creator_user)
|
73
|
+
BasePermissionObject.general_permission_scope.
|
74
|
+
has_privilege(@permission_session,
|
75
|
+
standalone_creator_user,
|
76
|
+
Privilege::CREATE,
|
77
|
+
StandaloneResource).should be_true
|
78
|
+
BasePermissionObject.general_permission_scope.
|
79
|
+
has_privilege(@permission_session,
|
80
|
+
@user,
|
81
|
+
Privilege::CREATE,
|
82
|
+
StandaloneResource).should be_false
|
83
|
+
end
|
84
|
+
|
85
|
+
it "standalone resource access should be allowed for owner and admin" do
|
86
|
+
standalone_owner_permission = FactoryGirl.create :standalone_owner_permission
|
87
|
+
standalone_owner_user = standalone_owner_permission.user
|
88
|
+
standalone_resource = standalone_owner_permission.permission_object
|
89
|
+
@permission_session.add_to_session(standalone_owner_user)
|
90
|
+
standalone_resource.
|
91
|
+
has_privilege(@permission_session,
|
92
|
+
standalone_owner_user,
|
93
|
+
Privilege::VIEW).should be_true
|
94
|
+
standalone_resource.
|
95
|
+
has_privilege(@permission_session,
|
96
|
+
@admin,
|
97
|
+
Privilege::VIEW).should be_true
|
98
|
+
standalone_resource.
|
99
|
+
has_privilege(@permission_session,
|
100
|
+
@user,
|
101
|
+
Privilege::VIEW).should be_false
|
102
|
+
end
|
103
|
+
|
104
|
+
it "child resource access should inherit from parent" do
|
105
|
+
parent_owner_permission = FactoryGirl.create :parent_owner_permission
|
106
|
+
parent_owner_user = parent_owner_permission.user
|
107
|
+
parent_resource = parent_owner_permission.permission_object
|
108
|
+
@permission_session.add_to_session(parent_owner_user)
|
109
|
+
|
110
|
+
child_owner_permission = FactoryGirl.create :child_owner_permission
|
111
|
+
child_owner_user = child_owner_permission.user
|
112
|
+
child_resource = child_owner_permission.permission_object
|
113
|
+
@permission_session.add_to_session(child_owner_user)
|
114
|
+
child_resource.
|
115
|
+
has_privilege(@permission_session,
|
116
|
+
child_owner_user,
|
117
|
+
Privilege::VIEW).should be_true
|
118
|
+
child_resource.
|
119
|
+
has_privilege(@permission_session,
|
120
|
+
parent_owner_user,
|
121
|
+
Privilege::VIEW).should be_true
|
122
|
+
child_resource.
|
123
|
+
has_privilege(@permission_session,
|
124
|
+
@admin,
|
125
|
+
Privilege::VIEW).should be_true
|
126
|
+
child_resource.
|
127
|
+
has_privilege(@permission_session,
|
128
|
+
@user,
|
129
|
+
Privilege::VIEW).should be_false
|
130
|
+
end
|
131
|
+
#FIXME add obj-level tests once dummy app gets permissioned object examples
|
132
|
+
end
|
133
|
+
end
|