RubyGems - andrewzielinski-lockdown - Versions diffs - 0.9.6 - Mend

andrewzielinski-lockdown 0.9.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

data/History.txt +195 -0
data/README.txt +36 -0
data/Rakefile +41 -0
data/lib/lockdown.rb +70 -0
data/lib/lockdown/context.rb +41 -0
data/lib/lockdown/database.rb +105 -0
data/lib/lockdown/frameworks/rails.rb +146 -0
data/lib/lockdown/frameworks/rails/controller.rb +147 -0
data/lib/lockdown/frameworks/rails/view.rb +61 -0
data/lib/lockdown/helper.rb +95 -0
data/lib/lockdown/orms/active_record.rb +68 -0
data/lib/lockdown/permission.rb +204 -0
data/lib/lockdown/rules.rb +289 -0
data/lib/lockdown/session.rb +57 -0
data/lib/lockdown/system.rb +57 -0
data/rails_generators/lockdown/lockdown_generator.rb +273 -0
data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
data/rails_generators/lockdown/templates/lib/lockdown/init.rb +122 -0
data/spec/lockdown/database_spec.rb +158 -0
data/spec/lockdown/frameworks/rails/controller_spec.rb +224 -0
data/spec/lockdown/frameworks/rails/view_spec.rb +125 -0
data/spec/lockdown/frameworks/rails_spec.rb +175 -0
data/spec/lockdown/permission_spec.rb +156 -0
data/spec/lockdown/rules_spec.rb +109 -0
data/spec/lockdown/session_spec.rb +89 -0
data/spec/lockdown/system_spec.rb +59 -0
data/spec/lockdown_spec.rb +19 -0
data/spec/rcov.opts +5 -0
data/spec/spec.opts +3 -0
data/spec/spec_helper.rb +1 -0
metadata +112 -0

data/spec/lockdown/frameworks/rails_spec.rb ADDED

@@ -0,0 +1,175 @@
+require File.join(File.dirname(__FILE__), %w[.. .. spec_helper])
+describe Lockdown::Frameworks::Rails do
+  before do
+    @rails = Lockdown::Frameworks::Rails
+    @rails.stub!(:use_me?).and_return(true)
+    @lockdown = mock("lockdown")
+  end
+  describe "#included" do
+    it "should extend lockdown with rails environment" do
+      @lockdown.should_receive(:extend).
+        with(Lockdown::Frameworks::Rails::Environment)
+      @rails.should_receive(:mixin)
+      @rails.included(@lockdown)
+    end
+  end
+  describe "#mixin" do
+    it "should perform class_eval on controller view and system to inject itself" do
+      module ActionController; class Base; end end
+      module ActionView; class Base; end end
+      Lockdown.stub!(:controller_parent).and_return(ActionController::Base)
+      Lockdown.stub!(:view_helper).and_return(ActionView::Base)
+      ActionView::Base.should_receive(:class_eval)
+      ActionController::Base.should_receive(:helper_method)
+      ActionController::Base.should_receive(:before_filter)
+      ActionController::Base.should_receive(:filter_parameter_logging)
+      ActionController::Base.should_receive(:rescue_from)
+      ActionController::Base.should_receive(:class_eval)
+      Lockdown::System.should_receive(:class_eval)
+      @rails.mixin
+    end
+  end
+end
+describe Lockdown::Frameworks::Rails::Environment do
+  RAILS_ROOT = "/shibby/dibby/do"
+  before do
+    @env = class Test; extend Lockdown::Frameworks::Rails::Environment; end
+  end
+  describe "#project_root" do
+    it "should return rails root" do
+      @env.project_root.should == "/shibby/dibby/do"
+    end
+  end
+  describe "#init_file" do
+    it "should return path to init_file" do
+      @env.stub!(:project_root).and_return("/shibby/dibby/do")
+      @env.init_file.should == "/shibby/dibby/do/lib/lockdown/init.rb"
+    end
+  end
+  describe "#controller_class_name" do
+    it "should add Controller to name" do
+      @env.controller_class_name("user").should == "UserController"
+    end
+    it "should convert two underscores to a namespaced controller" do
+      @env.controller_class_name("admin__user").should == "Admin::UserController"
+    end
+  end
+  describe "#controller_parent" do
+    it "should return ActionController::Base" do
+      module ActionController; class Base; end end
+      @env.controller_parent.should == ActionController::Base
+    end
+  end
+  describe "#view_helper" do
+    it "should return ActionView::Base" do
+      module ActionView; class Base; end end
+      @env.view_helper.should == ActionView::Base
+    end
+  end
+end
+describe Lockdown::Frameworks::Rails::System do
+  class Test
+    extend Lockdown::Frameworks::Rails::System
+    class << self
+      attr_accessor :controller_classes
+    end
+  end
+  module Rails
+    module VERSION
+      MAJOR = 2
+      MINOR = 2
+      TINY  = 2
+    end
+  end
+  before do
+    @env = Test
+    @env.controller_classes = {}
+  end
+  describe "#skip_sync?" do
+  end
+  describe "#load_controller_classes" do
+  end
+  describe "#maybe_load_framework_controller_parent" do
+    it "should call require_or_load with application.rb < 2.3" do
+      @env.should_receive(:require_or_load).with("application.rb")
+      @env.maybe_load_framework_controller_parent
+    end
+    it "should call require_or_load with application_controller.rb >= 2.3" do
+      module Rails
+        module VERSION
+          MINOR = 3
+          TINY  = 0
+        end
+      end
+      @env.should_receive(:require_or_load).with("application_controller.rb")
+      @env.maybe_load_framework_controller_parent
+    end
+  end
+  describe "#lockdown_load" do
+    it "should add class to controller classes" do
+      @env.stub!(:class_name_from_file).and_return("controller_class")
+      Lockdown.stub!(:qualified_const_get).and_return(:controller_class)
+      @env.stub!(:require_or_load)
+      @env.lockdown_load("controller_file")
+      @env.controller_classes["ControllerFile"].should == :controller_class
+    end
+  end
+  describe "#require_or_load" do
+    it "should use Dependencies if not defined in ActiveSupport" do
+      module ActiveSupport; end
+      Dependencies = mock("dependencies") unless defined?(Dependencies)
+      Dependencies.should_receive(:require_or_load).with("controller_file")
+      @env.require_or_load("controller_file")
+    end
+    it "should use ActiveSupport::Dependencies if defined" do
+      module ActiveSupport; class Dependencies; end end
+      ActiveSupport::Dependencies.should_receive(:require_or_load).
+        with("controller_file")
+      @env.require_or_load("controller_file")
+    end
+  end
+end

data/spec/lockdown/permission_spec.rb ADDED

@@ -0,0 +1,156 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+describe Lockdown::Permission do
+  before do
+    @permission = Lockdown::Permission.new(:user_management)
+    @permission.stub!(:paths_for).and_return([])
+  end
+  describe "#with_controller" do
+    before do
+      @permission.with_controller(:users)
+    end
+    it "should set current_context to ControllerContext" do
+      @permission.current_context.class.should equal(Lockdown::ControllerContext)
+    end
+  end
+  describe "#only_methods" do
+    before do
+      @permission.with_controller(:users).only_methods(:show, :edit)
+    end
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+  describe "#except_methods" do
+    before do
+      @permission.with_controller(:users).except_methods(:destroy)
+    end
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+  describe "#to_model" do
+    before do
+      @permission.to_model(:user)
+    end
+    it "should set current_context to ModelContext" do
+      @permission.current_context.class.should equal(Lockdown::ModelContext)
+    end
+  end
+  describe "#where" do
+    before do
+      @permission.to_model(:user).where(:current_user_id)
+    end
+    it "should set current_context to ModelWhereContext" do
+      @permission.current_context.class.should equal(Lockdown::ModelWhereContext)
+    end
+  end
+  describe "#equals" do
+    before do
+      @permission.to_model(:user).where(:current_user_id).equals(:id)
+    end
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+  describe "#is_in" do
+    before do
+      @permission.to_model(:user).where(:current_user_id).is_in(:manager_ids)
+    end
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+  describe "#set_as_public_access" do
+    it "should raise an PermissionScopeCollision if already protected" do
+      @permission.set_as_protected_access
+      lambda{@permission.set_as_public_access}.
+        should raise_error(Lockdown::PermissionScopeCollision)
+    end
+  end
+  describe "#set_as_protected_access" do
+    it "should raise an PermissionScopeCollision if already public" do
+      @permission.set_as_public_access
+      lambda{@permission.set_as_protected_access}.
+        should raise_error(Lockdown::PermissionScopeCollision)
+    end
+  end
+  describe "while in RootContext" do
+    before do
+      @permission.with_controller(:users).only_methods(:show, :edit)
+    end
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:only_methods, :except_methods, :where, :equals, :is_in, :includes]
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+  describe "while in ControllerContext" do
+    before do
+      @permission.with_controller(:users)
+    end
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:where, :equals, :is_in, :includes]
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+  describe "while in ModelContext" do
+    before do
+      @permission.to_model(:user)
+    end
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :equals, :is_in, :includes]
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+  describe "while in ModelWhereContext" do
+    before do
+      @permission.to_model(:user).where(:current_user_id)
+    end
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :where]
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+end

data/spec/lockdown/rules_spec.rb ADDED

@@ -0,0 +1,109 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+class TestSystem; extend Lockdown::Rules; end
+describe Lockdown::Rules do
+  before do
+    @rules = TestSystem
+    @rules.set_defaults
+  end
+  describe "#set_permission" do
+    it "should create and return a Permission object" do
+      @rules.set_permission(:user_management).
+        should == Lockdown::Permission.new(:user_management)
+    end
+  end
+  describe "#set_public_access" do
+    it "should define the permission as public" do
+      @rules.set_permission(:user_management)
+      @rules.set_public_access(:user_management)
+    end
+  end
+  describe "#set_public_access" do
+    it "should define the permission as public" do
+      @rules.set_permission(:home_page)
+      @rules.set_public_access(:home_page)
+      perm = @rules.permission_objects.find{|name, object| name == :home_page}
+      perm[1].public_access?.should be_true
+    end
+    it "should raise and InvalidRuleAssignment if permission does not exist" do
+      msg = "Permission not found: user_management"
+      lambda{@rules.set_public_access(:user_management)}.should
+        raise_error(Lockdown::InvalidRuleAssignment, msg)
+    end
+  end
+  describe "#set_protected_access" do
+    it "should define the permission as protected" do
+      @rules.set_permission(:user_management)
+      @rules.set_protected_access(:user_management)
+      perm = @rules.permission_objects.find{|name, object| name == :user_management}
+      perm[1].protected_access?.should be_true
+    end
+    it "should raise and InvalidRuleAssignment if permission does not exist" do
+      msg = "Permission not found: user_management"
+      lambda{@rules.set_protected_access(:user_management)}.should
+        raise_error(Lockdown::InvalidRuleAssignment, msg)
+    end
+  end
+  describe "#get_permissions" do
+    it "should return array of permission names as symbols" do
+      @rules.set_permission(:home_page)
+      @rules.set_permission(:user_management)
+      @rules.process_rules
+      @rules.get_permissions.should include(:home_page)
+      @rules.get_permissions.should include(:user_management)
+    end
+  end
+  describe "#permission_exists?" do
+    it "should return true if permission exists" do
+      @rules.set_permission(:home_page)
+      @rules.process_rules
+      @rules.permission_exists?(:home_page).should be_true
+    end
+    it "should return false if permission does not exist" do
+      @rules.permission_exists?(:home_page).should be_false
+    end
+  end
+  describe "#get_user_groups" do
+    it "should return array of user group names as symbols" do
+      @rules.set_permission(:user_management)
+      @rules.set_user_group(:security_management, :user_management)
+      @rules.get_user_groups.should == [:security_management]
+    end
+  end
+  describe "#user_group_exists?" do
+    it "should return true if user_group exists" do
+      @rules.set_user_group(:user_management, :some_perm)
+      @rules.user_group_exists?(:user_management).should be_true
+    end
+    it "should return false if user_group does not exist" do
+      @rules.user_group_exists?(:user_management).should be_false
+    end
+  end
+  describe "#make_user_administrator" do
+  end
+  describe "#process_rules" do
+    it "should validate user_group permissions" do
+      @rules.set_user_group(:test_group, :a_perm)
+      error =  "User Group: test_group, permission not found: a_perm"
+      lambda{@rules.process_rules}.
+        should raise_error(Lockdown::InvalidRuleAssignment, error)
+    end
+  end
+end

data/spec/lockdown/session_spec.rb ADDED

@@ -0,0 +1,89 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+class TestAController
+  include Lockdown::Session
+end
+describe Lockdown::Session do
+  before do
+    @controller = TestAController.new
+    @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
+    @session = {:access_rights => @actions}
+    @controller.stub!(:session).and_return(@session)
+  end
+  describe "#nil_lockdown_values" do
+    it "should nil access_rights" do
+      @controller.send :nil_lockdown_values
+      @session[:access_rights].should == nil
+    end
+  end
+  describe "#current_user_access_in_group?" do
+    it "should return true if current user is admin" do
+      @actions = :all
+      @session = {:access_rights => @actions}
+      @controller.stub!(:session).and_return(@session)
+      @controller.send(:current_user_access_in_group?,:group).should == true
+    end
+    it "should return true if current_user has access" do
+      user_groups = {:public_group => [:public_access]}
+      hash  = {:public_access => ["posts/index", "posts/show"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+      Lockdown::System.stub!(:user_groups).and_return(user_groups)
+      @controller.send(:current_user_access_in_group?,:public_group).should be_true
+    end
+    it "should return false if current_user has access" do
+      user_groups = {:public_group => [:public_access]}
+      hash  = {:public_access => ["books/edit", "books/update"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+      Lockdown::System.stub!(:user_groups).and_return(user_groups)
+      @controller.send(:current_user_access_in_group?,:public_group).should be_false
+    end
+  end
+  describe "#current_user_is_admin?" do
+    it "should return true if access_rights == :all" do
+      @actions = :all
+      @session = {:access_rights => @actions}
+      @controller.stub!(:session).and_return(@session)
+      @controller.send(:current_user_is_admin?).should == true
+    end
+  end
+  describe "#add_lockdown_session_values" do
+    it "should set the access_rights from the user list" do
+      array  = ["posts/index", "posts/show"]
+      Lockdown::System.stub!(:access_rights_for_user).and_return(array)
+      @controller.stub!(:current_user).and_return(:user_object)
+      @controller.send(:add_lockdown_session_values)
+      @session[:access_rights].should == array
+    end
+  end
+  describe "#access_in_perm" do
+    it "should return false if permissions nil" do
+      Lockdown::System.stub!(:permissions).and_return({})
+      @controller.send(:access_in_perm?,:dummy).should be_false
+    end
+    it "should return true if permission found" do
+      hash  = {:public => ["posts/index", "posts/show"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+      @controller.send(:access_in_perm?,:public).should be_true
+    end
+  end
+  describe "#session_access_rights_include?" do
+  end
+end