RubyGems - andrewzielinski-lockdown - Versions diffs - 0.9.6 - Mend

andrewzielinski-lockdown 0.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

data/History.txt +195 -0
data/README.txt +36 -0
data/Rakefile +41 -0
data/lib/lockdown.rb +70 -0
data/lib/lockdown/context.rb +41 -0
data/lib/lockdown/database.rb +105 -0
data/lib/lockdown/frameworks/rails.rb +146 -0
data/lib/lockdown/frameworks/rails/controller.rb +147 -0
data/lib/lockdown/frameworks/rails/view.rb +61 -0
data/lib/lockdown/helper.rb +95 -0
data/lib/lockdown/orms/active_record.rb +68 -0
data/lib/lockdown/permission.rb +204 -0
data/lib/lockdown/rules.rb +289 -0
data/lib/lockdown/session.rb +57 -0
data/lib/lockdown/system.rb +57 -0
data/rails_generators/lockdown/lockdown_generator.rb +273 -0
data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
data/rails_generators/lockdown/templates/lib/lockdown/init.rb +122 -0
data/spec/lockdown/database_spec.rb +158 -0
data/spec/lockdown/frameworks/rails/controller_spec.rb +224 -0
data/spec/lockdown/frameworks/rails/view_spec.rb +125 -0
data/spec/lockdown/frameworks/rails_spec.rb +175 -0
data/spec/lockdown/permission_spec.rb +156 -0
data/spec/lockdown/rules_spec.rb +109 -0
data/spec/lockdown/session_spec.rb +89 -0
data/spec/lockdown/system_spec.rb +59 -0
data/spec/lockdown_spec.rb +19 -0
data/spec/rcov.opts +5 -0
data/spec/spec.opts +3 -0
data/spec/spec_helper.rb +1 -0
metadata +112 -0

data/spec/lockdown/database_spec.rb ADDED

@@ -0,0 +1,158 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+describe Lockdown::Database do
+  before do
+    Lockdown::System.stub!(:get_permissions).and_return([:permission])
+    Lockdown::System.stub!(:get_user_groups).and_return([:user_group])
+  end
+  describe "#sync_with_db" do
+    it "should call create_new_permissions, delete_extinct_permissions and maintain_user_groups" do
+      Lockdown::Database.should_receive :create_new_permissions
+      Lockdown::Database.should_receive :delete_extinct_permissions
+      Lockdown::Database.should_receive :maintain_user_groups
+      Lockdown::Database.sync_with_db
+    end
+  end
+  describe "#create_new_permissions" do
+    it "should create permission from @permissions" do
+      Lockdown::System.stub!(:permission_assigned_automatically?).and_return(false)
+      Permission = mock('Permission') unless defined?(Permission)
+      Permission.stub!(:find).and_return(false)
+      Permission.should_receive(:create).with(:name => 'Permission')
+      Lockdown::Database.create_new_permissions
+    end
+  end
+  describe "#delete_extinct_permissions" do
+    it "should create permission from @permissions" do
+      permission = mock('permission')
+      permission.stub!(:id).and_return("3344")
+      permission.stub!(:name).and_return("sweet permission")
+      permissions = [permission]
+      Permission = mock('Permission') unless defined?(Permission)
+      Permission.stub!(:find).with(:all).and_return(permissions)
+      Lockdown.should_receive(:database_execute).
+        with("delete from permissions_user_groups where permission_id = 3344")
+      permission.should_receive(:destroy)
+      Lockdown::Database.delete_extinct_permissions
+    end
+  end
+  describe "#maintain_user_groups" do
+    before do
+      UserGroup = mock('UserGroup') unless defined?(UserGroup)
+    end
+    it "should create user group for non-existent user group" do
+      UserGroup.should_receive(:find).
+        with(:first, :conditions => ["name = ?", "User Group"]).
+        and_return(false)
+      Lockdown::Database.should_receive(:create_user_group).
+        with("User Group",:user_group)
+      Lockdown::Database.maintain_user_groups
+    end
+    it "should sync user group permissions for existing user group" do
+      ug = mock('user group')
+      UserGroup.should_receive(:find).
+        with(:first, :conditions => ["name = ?", "User Group"]).
+        and_return(ug)
+      Lockdown::Database.should_receive(:remove_invalid_permissions).
+        with(ug,:user_group)
+      Lockdown::Database.should_receive(:add_valid_permissions).
+        with(ug,:user_group)
+      Lockdown::Database.maintain_user_groups
+    end
+  end
+  describe "#create_user_group" do
+    it "should create new user group" do
+      ug = mock('user group')
+      ug.stub!(:id).and_return(123)
+      UserGroup = mock('UserGroup') unless defined?(UserGroup)
+      UserGroup.should_receive(:create).
+        with(:name => "some group").
+        and_return(ug)
+      Lockdown::System.stub!(:permissions_for_user_group).
+        and_return([:perm])
+      perm = mock('permission')
+      perm.stub!(:id).and_return(3344)
+      Permission = mock('Permission') unless defined?(Permission)
+      Permission.should_receive(:find).
+        with(:first, :conditions => ["name = ?",'Perm']).
+        and_return(perm)
+      Lockdown.should_receive(:database_execute).
+        with("insert into permissions_user_groups(permission_id, user_group_id) values(3344, 123)")
+      Lockdown::Database.create_user_group("some group",  :some_group)
+    end
+  end
+  describe "#remove_invalid_permissions" do
+    it "should remove permissions that no longer exist" do
+      permissions = [:good_perm, :bad_perm]
+      user_group = mock("user group", :name => "user group")
+      #returns what's in the database
+      user_group.stub!(:permissions).and_return(permissions)
+      #return what's defined in init.rb
+      Lockdown::System.stub!(:permissions_for_user_group).
+        and_return([:good_perm])
+      #delete what's not in init.rb
+      permissions.should_receive(:delete).with(:bad_perm)
+      Lockdown::Database.remove_invalid_permissions(user_group, :user_group)
+    end
+  end
+  describe "#add_invalid_permissions" do
+    it "should add permissions that are defined in init.rb" do
+      #return what's defined in init.rb
+      Lockdown::System.stub!(:permissions_for_user_group).
+        and_return([:defined_perm, :undefined_perm])
+      permissions = [:defined_perm]
+      user_group = mock("user group", :name => "user group")
+      #returns what's in the database
+      user_group.stub!(:permissions).and_return(permissions)
+      Permission = mock('Permission') unless defined?(Permission)
+      #get the permission object for the undefined_perm
+      Permission.should_receive(:find).
+        with(:first, :conditions => ["name = ?",'Undefined Perm']).
+        and_return(:undefined_perm)
+      #add the perm to the user group
+      permissions.should_receive(:<<).with(:undefined_perm)
+      Lockdown::Database.add_valid_permissions(user_group, :user_group)
+    end
+  end
+end

data/spec/lockdown/frameworks/rails/controller_spec.rb ADDED

@@ -0,0 +1,224 @@
+require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
+class TestAController
+  extend Lockdown::Frameworks::Rails::Controller
+  include Lockdown::Frameworks::Rails::Controller::Lock
+end
+describe Lockdown::Frameworks::Rails::Controller do
+  before do
+    @controller = TestAController
+    @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
+    @lockdown = mock("lockdown")
+  end
+  describe "#available_actions" do
+    it "should return action_methods" do
+      post_controller = mock("PostController")
+      post_controller.stub!(:action_methods).and_return(@actions)
+      @controller.available_actions(post_controller).
+        should == @actions
+    end
+    it "should eql public_instance_methods - hidden_actions unless action_methods" do
+      post_controller = mock("PostController")
+      post_controller.stub!(:public_instance_methods).and_return(["m1", "m2", "h1"])
+      post_controller.stub!(:hidden_actions).and_return(["h1"])
+      @controller.available_actions(post_controller).
+        should == ["m1", "m2"]
+    end
+  end
+  describe "#controller_name" do
+    it "should return action_methods" do
+      post_controller = mock("PostController")
+      post_controller.stub!(:controller_name).and_return("PostController")
+      @controller.controller_name(post_controller).should == "PostController"
+    end
+  end
+end
+describe Lockdown::Frameworks::Rails::Controller::Lock do
+  before do
+    @controller = TestAController.new
+    @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
+    @session = {:access_rights => @actions}
+    @controller.stub!(:session).and_return(@session)
+  end
+  describe "#configure_lockdown" do
+    it "should call check_session_expiry and store_location" do
+      @controller.should_receive(:check_session_expiry)
+      @controller.should_receive(:store_location)
+      @controller.configure_lockdown
+    end
+  end
+  describe "#set_current_user" do
+    it "should set who_did_it  in Thread.current" do
+      Lockdown::System.stub!(:fetch).with(:who_did_it).and_return(:current_user_id)
+      @controller.stub!(:logged_in?).and_return(true)
+      @controller.stub!(:current_user_id).and_return(1234)
+      @controller.set_current_user
+      Thread.current[:who_did_it].should == 1234
+    end
+  end
+  describe "#check_request_authorization" do
+    it "should raise SecurityError if not authorized" do
+      @controller.stub!(:authorized?).and_return(false)
+      @controller.stub!(:params).and_return({:p => 1})
+      lambda{@controller.check_request_authorization}.
+        should raise_error(SecurityError)
+    end
+  end
+  describe "#path_allowed" do
+    it "should return false for an invalid path" do
+      @controller.path_allowed?("/no/good").should be_false
+    end
+  end
+  describe "#check_session_expiry" do
+    it "should set expiry if null" do
+      Lockdown::System.stub!(:fetch).with(:session_timeout).and_return(10)
+      @session[:expiry_time].should be_nil
+      @controller.check_session_expiry
+      @session[:expiry_time].should_not be_nil
+    end
+  end
+  describe "#store_location" do
+    it "should set prevpage and thispage" do
+      request = mock("request")
+      request.stub!(:method).and_return(:get)
+      @controller.stub!(:request).and_return(request)
+      @controller.stub!(:sent_from_uri).and_return("/blop")
+      @controller.store_location
+      @session[:prevpage].should == ''
+      @session[:thispage].should == '/blop'
+    end
+  end
+  describe "#sent_from_uri" do
+    it "should return request.request_uri" do
+      request = mock("request")
+      request.stub!(:request_uri).and_return("/blip")
+      @controller.stub!(:request).and_return(request)
+      @controller.sent_from_uri.should == "/blip"
+    end
+  end
+  describe "#authorized?" do
+    before do
+      @sample_url = "http://stonean.com/posts/index"
+      @a_path = "/a_path"
+      request = mock("request")
+      request.stub!(:method).and_return(:get)
+      @controller.stub!(:params).and_return({})
+      @controller.stub!(:request).and_return(request)
+      stonean_parts = ["http", nil, "stonean.com", nil, nil, "posts/index", nil, nil, nil]
+      a_path_parts = [nil, nil, nil, nil, nil, "/a_path", nil, nil, nil]
+      URI = mock('uri class') unless defined?(URI)
+      URI.stub!(:split).with(@sample_url).and_return(stonean_parts)
+      URI.stub!(:split).with(@a_path).and_return(a_path_parts)
+    end
+    it "should return false if url is nil" do
+      @controller.authorized?(nil).should be_false
+    end
+    it "should return true if current_user_is_admin" do
+      @controller.stub!(:current_user_is_admin?).and_return(true)
+      @controller.authorized?(@a_path).should be_true
+    end
+    it "should return false if path not in access_rights" do
+      @controller.authorized?(@a_path).should be_false
+    end
+    it "should return true if path is in access_rights" do
+      @controller.authorized?(@sample_url).should be_true
+    end
+  end
+  describe "#access_denied" do
+  end
+  describe "#path_from_hash" do
+    it "should return controller/action string" do
+      hash = {:controller => "users", :action => "show", :id => "1"}
+      @controller.path_from_hash(hash).should == "users/show"
+    end
+  end
+  describe "#remote_url?" do
+    it "should return false if domain is nil" do
+      @controller.remote_url?.should be_false
+    end
+    it "should return false if domain matches request domain" do
+      request = mock("request")
+      request.stub!(:host).and_return("stonean.com")
+      @controller.stub!(:request).and_return(request)
+      @controller.remote_url?("stonean.com").should be_false
+    end
+    it "should return true if subdomain differs" do
+      request = mock("request")
+      request.stub!(:host).and_return("blog.stonean.com")
+      @controller.stub!(:request).and_return(request)
+      @controller.remote_url?("stonean.com").should be_true
+    end
+    it "should return true if host doesn't match  domain" do
+      request = mock("request")
+      request.stub!(:host).and_return("stonean.com")
+      @controller.stub!(:request).and_return(request)
+      @controller.remote_url?("google.com").should be_true
+    end
+  end
+  describe "#redirect_back_or_default" do
+    it "should redirect to default without session[:prevpage]" do
+      @controller.should_receive(:redirect_to).with("/")
+      @controller.redirect_back_or_default("/")
+    end
+    it "should redirect to session[:prevpage]" do
+      path = "/previous"
+      path.stub!(:blank?).and_return(false)
+      @session[:prevpage] = path
+      @controller.should_receive(:redirect_to).with(path)
+      @controller.redirect_back_or_default("/")
+    end
+  end
+  describe "#login_from_basic_auth?" do
+  end
+  describe "#get_auth_data" do
+  end
+end

data/spec/lockdown/frameworks/rails/view_spec.rb ADDED

@@ -0,0 +1,125 @@
+require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
+class TestAView
+  def link_to
+    "link_to"
+  end
+  def button_to
+    "button_to"
+  end
+  include Lockdown::Frameworks::Rails::View
+end
+describe Lockdown::Frameworks::Rails::Controller do
+  before do
+    @view = TestAView.new
+    @view.stub!(:url_for).and_return("posts/new")
+    @options = {:controller => "posts", :action => "new"}
+  end
+  describe "#link_to_secured" do
+    it "should return the link if authorized" do
+      link = "<a href='http://a.com'>my_link</a>"
+      @view.stub!(:authorized?).and_return(true)
+      @view.stub!(:link_to_open).and_return(link)
+      @view.link_to_secured("my link", @options).should == link
+    end
+    it "should return an empty string if authorized" do
+      @view.stub!(:authorized?).and_return(false)
+      @view.link_to_secured("my link", @options).should == ""
+    end
+    it "should attempt to remove a subdirectory if it exists" do
+      @view.should_receive(:remove_subdirectory).once
+      @view.stub!(:authorized?).and_return(false)
+      @view.link_to_secured("my link", @options).should == ""
+    end
+  end
+  describe "#button_to_secured" do
+    it "should return the link if authorized" do
+      link = "<a href='http://a.com'>my_link</a>"
+      @view.stub!(:authorized?).and_return(true)
+      @view.stub!(:button_to_open).and_return(link)
+      @view.button_to_secured("my link", @options).should == link
+    end
+     it "should return an empty string if authorized" do
+      @view.stub!(:authorized?).and_return(false)
+      @view.button_to_secured("my link", @options).should == ""
+     end
+    it "should attempt to remove a subdirectory if it exists" do
+      @view.should_receive(:remove_subdirectory).once
+      @view.stub!(:authorized?).and_return(false)
+      @view.button_to_secured("my link", @options).should == ""
+    end
+  end
+  describe "#link_to_or_show" do
+    it "should return the name if link_to returned an empty string" do
+      @view.stub!(:link_to).and_return('')
+      @view.link_to_or_show("my_link", @options).
+        should == "my_link"
+    end
+    it "should return the link if access is allowed" do
+      link = "<a href='http://a.com'>my_link</a>"
+      @view.stub!(:link_to).and_return(link)
+      @view.link_to_or_show("my_link", @options).
+        should == link
+    end
+  end
+  describe "#link_to_or_show" do
+    it "should return links separated by | " do
+      Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
+      links = ["link_one", "link_two"]
+      @view.links(links).should == links.join(' | ')
+    end
+    it "should return links separated by | and handle empty strings" do
+      Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
+      links = ["link_one", "link_two", ""]
+      @view.links(links).should == links.join(' | ')
+    end
+  end
+  describe "#remove_subdirectory" do
+    before(:each) do
+      Lockdown::System.should_receive(:fetch).with(:subdirectory).and_return 'test'
+    end
+    it "should remove subdirectory /test" do
+      @view.remove_subdirectory('/test/posts/new').should == '/posts/new'
+    end
+    it "should remove subdirectory 'test' without a leading /" do
+      @view.remove_subdirectory('test/posts/new').should == '/posts/new'
+    end
+    it "should leave the url untouched" do
+      @view.remove_subdirectory('/posts/new').should == '/posts/new'
+    end
+  end
+end