RubyGems - andrewzielinski-lockdown - Versions diffs - 0.9.6 - Mend

andrewzielinski-lockdown 0.9.6

Files changed (59) hide show

data/History.txt +195 -0
data/README.txt +36 -0
data/Rakefile +41 -0
data/lib/lockdown.rb +70 -0
data/lib/lockdown/context.rb +41 -0
data/lib/lockdown/database.rb +105 -0
data/lib/lockdown/frameworks/rails.rb +146 -0
data/lib/lockdown/frameworks/rails/controller.rb +147 -0
data/lib/lockdown/frameworks/rails/view.rb +61 -0
data/lib/lockdown/helper.rb +95 -0
data/lib/lockdown/orms/active_record.rb +68 -0
data/lib/lockdown/permission.rb +204 -0
data/lib/lockdown/rules.rb +289 -0
data/lib/lockdown/session.rb +57 -0
data/lib/lockdown/system.rb +57 -0
data/rails_generators/lockdown/lockdown_generator.rb +273 -0
data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
data/rails_generators/lockdown/templates/lib/lockdown/init.rb +122 -0
data/spec/lockdown/database_spec.rb +158 -0
data/spec/lockdown/frameworks/rails/controller_spec.rb +224 -0
data/spec/lockdown/frameworks/rails/view_spec.rb +125 -0
data/spec/lockdown/frameworks/rails_spec.rb +175 -0
data/spec/lockdown/permission_spec.rb +156 -0
data/spec/lockdown/rules_spec.rb +109 -0
data/spec/lockdown/session_spec.rb +89 -0
data/spec/lockdown/system_spec.rb +59 -0
data/spec/lockdown_spec.rb +19 -0
data/spec/rcov.opts +5 -0
data/spec/spec.opts +3 -0
data/spec/spec_helper.rb +1 -0
metadata +112 -0

data/spec/lockdown/frameworks/rails_spec.rb ADDED

@@ -0,0 +1,175 @@
+require File.join(File.dirname(__FILE__), %w[.. .. spec_helper])
+describe Lockdown::Frameworks::Rails do
+  before do
+    @rails = Lockdown::Frameworks::Rails
+    @rails.stub!(:use_me?).and_return(true)
+    @lockdown = mock("lockdown")
+  end
+  describe "#included" do
+    it "should extend lockdown with rails environment" do
+      @lockdown.should_receive(:extend).
+        with(Lockdown::Frameworks::Rails::Environment)
+      @rails.should_receive(:mixin)
+      @rails.included(@lockdown)
+    end
+  end
+  describe "#mixin" do
+    it "should perform class_eval on controller view and system to inject itself" do
+      module ActionController; class Base; end end
+      module ActionView; class Base; end end
+      Lockdown.stub!(:controller_parent).and_return(ActionController::Base)
+      Lockdown.stub!(:view_helper).and_return(ActionView::Base)
+      ActionView::Base.should_receive(:class_eval)
+      ActionController::Base.should_receive(:helper_method)
+      ActionController::Base.should_receive(:before_filter)
+      ActionController::Base.should_receive(:filter_parameter_logging)
+      ActionController::Base.should_receive(:rescue_from)
+      ActionController::Base.should_receive(:class_eval)
+      Lockdown::System.should_receive(:class_eval)
+      @rails.mixin
+    end
+  end
+end
+describe Lockdown::Frameworks::Rails::Environment do
+  RAILS_ROOT = "/shibby/dibby/do"
+  before do
+    @env = class Test; extend Lockdown::Frameworks::Rails::Environment; end
+  end
+  describe "#project_root" do
+    it "should return rails root" do
+      @env.project_root.should == "/shibby/dibby/do"
+    end
+  end
+  describe "#init_file" do
+    it "should return path to init_file" do
+      @env.stub!(:project_root).and_return("/shibby/dibby/do")
+      @env.init_file.should == "/shibby/dibby/do/lib/lockdown/init.rb"
+    end
+  end
+  describe "#controller_class_name" do
+    it "should add Controller to name" do
+      @env.controller_class_name("user").should == "UserController"
+    end
+    it "should convert two underscores to a namespaced controller" do
+      @env.controller_class_name("admin__user").should == "Admin::UserController"
+    end
+  end
+  describe "#controller_parent" do
+    it "should return ActionController::Base" do
+      module ActionController; class Base; end end
+      @env.controller_parent.should == ActionController::Base
+    end
+  end
+  describe "#view_helper" do
+    it "should return ActionView::Base" do
+      module ActionView; class Base; end end
+      @env.view_helper.should == ActionView::Base
+    end
+  end
+end
+describe Lockdown::Frameworks::Rails::System do
+  class Test
+    extend Lockdown::Frameworks::Rails::System
+    class << self
+      attr_accessor :controller_classes
+    end
+  end
+  module Rails
+    module VERSION
+      MAJOR = 2
+      MINOR = 2
+      TINY  = 2
+    end
+  end
+  before do
+    @env = Test
+    @env.controller_classes = {}
+  end
+  describe "#skip_sync?" do
+  end
+  describe "#load_controller_classes" do
+  end
+  describe "#maybe_load_framework_controller_parent" do
+    it "should call require_or_load with application.rb < 2.3" do
+      @env.should_receive(:require_or_load).with("application.rb")
+      @env.maybe_load_framework_controller_parent
+    end
+    it "should call require_or_load with application_controller.rb >= 2.3" do
+      module Rails
+        module VERSION
+          MINOR = 3
+          TINY  = 0
+        end
+      end
+      @env.should_receive(:require_or_load).with("application_controller.rb")
+      @env.maybe_load_framework_controller_parent
+    end
+  end
+  describe "#lockdown_load" do
+    it "should add class to controller classes" do
+      @env.stub!(:class_name_from_file).and_return("controller_class")
+      Lockdown.stub!(:qualified_const_get).and_return(:controller_class)
+      @env.stub!(:require_or_load)
+      @env.lockdown_load("controller_file")
+      @env.controller_classes["ControllerFile"].should == :controller_class
+    end
+  end
+  describe "#require_or_load" do
+    it "should use Dependencies if not defined in ActiveSupport" do
+      module ActiveSupport; end
+      Dependencies = mock("dependencies") unless defined?(Dependencies)
+      Dependencies.should_receive(:require_or_load).with("controller_file")
+      @env.require_or_load("controller_file")
+    end
+    it "should use ActiveSupport::Dependencies if defined" do
+      module ActiveSupport; class Dependencies; end end
+      ActiveSupport::Dependencies.should_receive(:require_or_load).
+        with("controller_file")
+      @env.require_or_load("controller_file")
+    end
+  end
+end

data/spec/lockdown/permission_spec.rb ADDED

@@ -0,0 +1,156 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+describe Lockdown::Permission do
+  before do
+    @permission = Lockdown::Permission.new(:user_management)
+    @permission.stub!(:paths_for).and_return([])
+  end
+  describe "#with_controller" do
+    before do
+      @permission.with_controller(:users)
+    end
+    it "should set current_context to ControllerContext" do
+      @permission.current_context.class.should equal(Lockdown::ControllerContext)
+    end
+  end
+  describe "#only_methods" do
+    before do
+      @permission.with_controller(:users).only_methods(:show, :edit)
+    end
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+  describe "#except_methods" do
+    before do
+      @permission.with_controller(:users).except_methods(:destroy)
+    end
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+  describe "#to_model" do
+    before do
+      @permission.to_model(:user)
+    end
+    it "should set current_context to ModelContext" do
+      @permission.current_context.class.should equal(Lockdown::ModelContext)
+    end
+  end
+  describe "#where" do
+    before do
+      @permission.to_model(:user).where(:current_user_id)
+    end
+    it "should set current_context to ModelWhereContext" do
+      @permission.current_context.class.should equal(Lockdown::ModelWhereContext)
+    end
+  end
+  describe "#equals" do
+    before do
+      @permission.to_model(:user).where(:current_user_id).equals(:id)
+    end
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+  describe "#is_in" do
+    before do
+      @permission.to_model(:user).where(:current_user_id).is_in(:manager_ids)
+    end
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+  describe "#set_as_public_access" do
+    it "should raise an PermissionScopeCollision if already protected" do
+      @permission.set_as_protected_access
+      lambda{@permission.set_as_public_access}.
+        should raise_error(Lockdown::PermissionScopeCollision)
+    end
+  end
+  describe "#set_as_protected_access" do
+    it "should raise an PermissionScopeCollision if already public" do
+      @permission.set_as_public_access
+      lambda{@permission.set_as_protected_access}.
+        should raise_error(Lockdown::PermissionScopeCollision)
+    end
+  end
+  describe "while in RootContext" do
+    before do
+      @permission.with_controller(:users).only_methods(:show, :edit)
+    end
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:only_methods, :except_methods, :where, :equals, :is_in, :includes]
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+  describe "while in ControllerContext" do
+    before do
+      @permission.with_controller(:users)
+    end
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:where, :equals, :is_in, :includes]
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+  describe "while in ModelContext" do
+    before do
+      @permission.to_model(:user)
+    end
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :equals, :is_in, :includes]
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+  describe "while in ModelWhereContext" do
+    before do
+      @permission.to_model(:user).where(:current_user_id)
+    end
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :where]
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+end

data/spec/lockdown/rules_spec.rb ADDED

@@ -0,0 +1,109 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+class TestSystem; extend Lockdown::Rules; end
+describe Lockdown::Rules do
+  before do
+    @rules = TestSystem
+    @rules.set_defaults
+  end
+  describe "#set_permission" do
+    it "should create and return a Permission object" do
+      @rules.set_permission(:user_management).
+        should == Lockdown::Permission.new(:user_management)
+    end
+  end
+  describe "#set_public_access" do
+    it "should define the permission as public" do
+      @rules.set_permission(:user_management)
+      @rules.set_public_access(:user_management)
+    end
+  end
+  describe "#set_public_access" do
+    it "should define the permission as public" do
+      @rules.set_permission(:home_page)
+      @rules.set_public_access(:home_page)
+      perm = @rules.permission_objects.find{|name, object| name == :home_page}
+      perm[1].public_access?.should be_true
+    end
+    it "should raise and InvalidRuleAssignment if permission does not exist" do
+      msg = "Permission not found: user_management"
+      lambda{@rules.set_public_access(:user_management)}.should
+        raise_error(Lockdown::InvalidRuleAssignment, msg)
+    end
+  end
+  describe "#set_protected_access" do
+    it "should define the permission as protected" do
+      @rules.set_permission(:user_management)
+      @rules.set_protected_access(:user_management)
+      perm = @rules.permission_objects.find{|name, object| name == :user_management}
+      perm[1].protected_access?.should be_true
+    end
+    it "should raise and InvalidRuleAssignment if permission does not exist" do
+      msg = "Permission not found: user_management"
+      lambda{@rules.set_protected_access(:user_management)}.should
+        raise_error(Lockdown::InvalidRuleAssignment, msg)
+    end
+  end
+  describe "#get_permissions" do
+    it "should return array of permission names as symbols" do
+      @rules.set_permission(:home_page)
+      @rules.set_permission(:user_management)
+      @rules.process_rules
+      @rules.get_permissions.should include(:home_page)
+      @rules.get_permissions.should include(:user_management)
+    end
+  end
+  describe "#permission_exists?" do
+    it "should return true if permission exists" do
+      @rules.set_permission(:home_page)
+      @rules.process_rules
+      @rules.permission_exists?(:home_page).should be_true
+    end
+    it "should return false if permission does not exist" do
+      @rules.permission_exists?(:home_page).should be_false
+    end
+  end
+  describe "#get_user_groups" do
+    it "should return array of user group names as symbols" do
+      @rules.set_permission(:user_management)
+      @rules.set_user_group(:security_management, :user_management)
+      @rules.get_user_groups.should == [:security_management]
+    end
+  end
+  describe "#user_group_exists?" do
+    it "should return true if user_group exists" do
+      @rules.set_user_group(:user_management, :some_perm)
+      @rules.user_group_exists?(:user_management).should be_true
+    end
+    it "should return false if user_group does not exist" do
+      @rules.user_group_exists?(:user_management).should be_false
+    end
+  end
+  describe "#make_user_administrator" do
+  end
+  describe "#process_rules" do
+    it "should validate user_group permissions" do
+      @rules.set_user_group(:test_group, :a_perm)
+      error =  "User Group: test_group, permission not found: a_perm"
+      lambda{@rules.process_rules}.
+        should raise_error(Lockdown::InvalidRuleAssignment, error)
+    end
+  end
+end

data/spec/lockdown/session_spec.rb ADDED

@@ -0,0 +1,89 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+class TestAController
+  include Lockdown::Session
+end
+describe Lockdown::Session do
+  before do
+    @controller = TestAController.new
+    @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
+    @session = {:access_rights => @actions}
+    @controller.stub!(:session).and_return(@session)
+  end
+  describe "#nil_lockdown_values" do
+    it "should nil access_rights" do
+      @controller.send :nil_lockdown_values
+      @session[:access_rights].should == nil
+    end
+  end
+  describe "#current_user_access_in_group?" do
+    it "should return true if current user is admin" do
+      @actions = :all
+      @session = {:access_rights => @actions}
+      @controller.stub!(:session).and_return(@session)
+      @controller.send(:current_user_access_in_group?,:group).should == true
+    end
+    it "should return true if current_user has access" do
+      user_groups = {:public_group => [:public_access]}
+      hash  = {:public_access => ["posts/index", "posts/show"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+      Lockdown::System.stub!(:user_groups).and_return(user_groups)
+      @controller.send(:current_user_access_in_group?,:public_group).should be_true
+    end
+    it "should return false if current_user has access" do
+      user_groups = {:public_group => [:public_access]}
+      hash  = {:public_access => ["books/edit", "books/update"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+      Lockdown::System.stub!(:user_groups).and_return(user_groups)
+      @controller.send(:current_user_access_in_group?,:public_group).should be_false
+    end
+  end
+  describe "#current_user_is_admin?" do
+    it "should return true if access_rights == :all" do
+      @actions = :all
+      @session = {:access_rights => @actions}
+      @controller.stub!(:session).and_return(@session)
+      @controller.send(:current_user_is_admin?).should == true
+    end
+  end
+  describe "#add_lockdown_session_values" do
+    it "should set the access_rights from the user list" do
+      array  = ["posts/index", "posts/show"]
+      Lockdown::System.stub!(:access_rights_for_user).and_return(array)
+      @controller.stub!(:current_user).and_return(:user_object)
+      @controller.send(:add_lockdown_session_values)
+      @session[:access_rights].should == array
+    end
+  end
+  describe "#access_in_perm" do
+    it "should return false if permissions nil" do
+      Lockdown::System.stub!(:permissions).and_return({})
+      @controller.send(:access_in_perm?,:dummy).should be_false
+    end
+    it "should return true if permission found" do
+      hash  = {:public => ["posts/index", "posts/show"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+      @controller.send(:access_in_perm?,:public).should be_true
+    end
+  end
+  describe "#session_access_rights_include?" do
+  end
+end