annotation_security 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +14 -0
- data/HOW-TO.md +275 -0
- data/{MIT-LICENSE → LICENSE} +1 -1
- data/README.md +39 -0
- data/Rakefile +62 -55
- data/assets/app/helpers/annotation_security_helper.rb +8 -8
- data/assets/config/initializers/annotation_security.rb +11 -11
- data/assets/config/security/relations.rb +20 -20
- data/assets/vendor/plugins/annotation_security/init.rb +13 -13
- data/bin/annotation_security +7 -7
- data/lib/annotation_security/exceptions.rb +124 -124
- data/lib/annotation_security/exec.rb +188 -188
- data/lib/annotation_security/filters.rb +37 -37
- data/lib/annotation_security/includes/action_controller.rb +144 -143
- data/lib/annotation_security/includes/active_record.rb +27 -27
- data/lib/annotation_security/includes/helper.rb +215 -215
- data/lib/annotation_security/includes/resource.rb +84 -84
- data/lib/annotation_security/includes/role.rb +30 -30
- data/lib/annotation_security/includes/user.rb +26 -26
- data/lib/annotation_security/manager/policy_factory.rb +29 -29
- data/lib/annotation_security/manager/policy_manager.rb +79 -79
- data/lib/annotation_security/manager/relation_loader.rb +272 -272
- data/lib/annotation_security/manager/resource_manager.rb +36 -36
- data/lib/annotation_security/manager/right_loader.rb +87 -87
- data/lib/annotation_security/model_observer.rb +61 -61
- data/lib/annotation_security/policy/abstract_policy.rb +344 -344
- data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
- data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
- data/lib/annotation_security/policy/rule.rb +340 -340
- data/lib/annotation_security/policy/rule_set.rb +138 -138
- data/lib/annotation_security/rails.rb +38 -38
- data/lib/annotation_security/user_wrapper.rb +73 -73
- data/lib/annotation_security/utils.rb +141 -141
- data/lib/annotation_security/version.rb +10 -0
- data/lib/annotation_security.rb +102 -97
- data/lib/extensions/action_controller.rb +32 -32
- data/lib/extensions/active_record.rb +34 -34
- data/lib/extensions/filter.rb +133 -133
- data/lib/extensions/object.rb +10 -10
- data/lib/security_context.rb +589 -551
- data/spec/annotation_security/exceptions_spec.rb +16 -16
- data/spec/annotation_security/includes/helper_spec.rb +82 -82
- data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
- data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
- data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
- data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
- data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
- data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
- data/spec/annotation_security/policy/rule_spec.rb +77 -77
- data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
- data/spec/annotation_security/security_context_spec.rb +78 -78
- data/spec/annotation_security/utils_spec.rb +73 -73
- data/spec/helper/test_controller.rb +65 -65
- data/spec/helper/test_helper.rb +5 -5
- data/spec/helper/test_relations.rb +6 -6
- data/spec/helper/test_resource.rb +38 -38
- data/spec/helper/test_role.rb +21 -21
- data/spec/helper/test_user.rb +31 -31
- data/spec/rails_stub.rb +37 -37
- metadata +94 -72
- data/CHANGELOG +0 -2
- data/HOW-TO +0 -261
- data/README +0 -39
@@ -1,17 +1,17 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::RuleExecutionError do
|
4
|
-
|
5
|
-
before(:all) do
|
6
|
-
AnnotationSecurity.define_relations(:rule_ex_error_test) do
|
7
|
-
broken_relation { 1/0 }
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
it 'should be raised if a relation throws an error' do
|
12
|
-
lambda {
|
13
|
-
RuleExErrorTestPolicy.new(:user,:res).broken_relation?
|
14
|
-
}.should raise_error(AnnotationSecurity::RuleExecutionError)
|
15
|
-
end
|
16
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::RuleExecutionError do
|
4
|
+
|
5
|
+
before(:all) do
|
6
|
+
AnnotationSecurity.define_relations(:rule_ex_error_test) do
|
7
|
+
broken_relation { 1/0 }
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should be raised if a relation throws an error' do
|
12
|
+
lambda {
|
13
|
+
RuleExErrorTestPolicy.new(:user,:res).broken_relation?
|
14
|
+
}.should raise_error(AnnotationSecurity::RuleExecutionError)
|
15
|
+
end
|
16
|
+
|
17
17
|
end
|
@@ -1,82 +1,82 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::Helper do
|
4
|
-
|
5
|
-
before(:each) do
|
6
|
-
SecurityContext.initialize(TestController.new)
|
7
|
-
SecurityContext.credential = TestUser.new 'theuser'
|
8
|
-
@helper = TestHelper.new
|
9
|
-
@res = TestResource.new 'theuser'
|
10
|
-
end
|
11
|
-
|
12
|
-
it "should understand options hash" do
|
13
|
-
options = { :action => :edit, :controller => :test, :id => @res }
|
14
|
-
expect(:test, :edit, [], {:id => @res})
|
15
|
-
@helper.action_allowed?(options).should be_true
|
16
|
-
end
|
17
|
-
|
18
|
-
it "should understand path strings" do
|
19
|
-
path = 'test/theuser/edit'
|
20
|
-
with_path_info path
|
21
|
-
expect :test, :edit, [], {:id => 'theuser'}
|
22
|
-
@helper.action_allowed?(path).should be_true
|
23
|
-
end
|
24
|
-
|
25
|
-
it "should understand resource objects" do
|
26
|
-
with_path_info 'test/theuser', :get, {:action => :show}
|
27
|
-
expect :test, :show, [], {:id => 'theuser'}
|
28
|
-
@helper.expects(:url_for).with(@res).returns('test/theuser')
|
29
|
-
@helper.action_allowed?(@res).should be_true
|
30
|
-
end
|
31
|
-
|
32
|
-
it "should take html options into account" do
|
33
|
-
with_path_info 'test/theuser', :delete, {:action => :destroy}
|
34
|
-
expect :test, :destroy, [], {:id => 'theuser'}
|
35
|
-
@helper.expects(:url_for).with(@res).returns('test/theuser')
|
36
|
-
@helper.action_allowed?(@res, { :method => :delete}).should be_true
|
37
|
-
end
|
38
|
-
|
39
|
-
it "should call named routes" do
|
40
|
-
with_path_info 'test/theuser/edit'
|
41
|
-
expect :test, :edit, [@res], {}
|
42
|
-
@helper.expects(:edit_test_path).with(@res, {}).returns('test/theuser/edit')
|
43
|
-
@helper.action_allowed?(:edit_test_path, @res).should be_true
|
44
|
-
end
|
45
|
-
|
46
|
-
it "should support defining all parameters explicitly" do
|
47
|
-
expect :test, :edit, [@res], {:option => true}
|
48
|
-
params = { :action => :edit, :controller => :test, :option => true }
|
49
|
-
@helper.action_allowed?('path/to/something', @res, params).should be_true
|
50
|
-
end
|
51
|
-
|
52
|
-
it "should create links if allowed" do
|
53
|
-
options = { :action => :edit, :controller => :test, :id => @res }
|
54
|
-
expect(:test, :edit, [], {:id => @res})
|
55
|
-
@helper.expects(:link_to_if).with(true, "Edit", options, {}).returns("<a>success</a>")
|
56
|
-
@helper.link_to_if_allowed("Edit", options){'no access'}.should == "<a>success</a>"
|
57
|
-
end
|
58
|
-
|
59
|
-
it "should not create links if forbidden" do
|
60
|
-
options = { :action => :edit, :controller => :test, :id => @res }
|
61
|
-
expect(:test, :edit, [], {:id => @res}, false)
|
62
|
-
@helper.expects(:link_to_if).with(false, "Edit", options, {}).returns("no access")
|
63
|
-
@helper.link_to_if_allowed("Edit", options){"no access"}.should == "no access"
|
64
|
-
end
|
65
|
-
|
66
|
-
def expect(ctrl, action, obj, param, result=true)
|
67
|
-
SecurityContext.expects(:allow_action?).with(ctrl, action, obj, param).returns(result)
|
68
|
-
end
|
69
|
-
|
70
|
-
# prepares #recognize_path to resolve the request path
|
71
|
-
def with_path_info(path, env = nil, result={})
|
72
|
-
env = { :method => env } if env.is_a? Symbol
|
73
|
-
env ||= { :method => :get }
|
74
|
-
parts = path.split('/')
|
75
|
-
result[:controller] ||= parts.first.to_sym
|
76
|
-
result[:id] ||= parts.second
|
77
|
-
result[:action] ||= parts.third.to_sym
|
78
|
-
ActionController::Routing::Routes.expects(:recognize_path).with(path, env).returns(result)
|
79
|
-
end
|
80
|
-
|
81
|
-
end
|
82
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::Helper do
|
4
|
+
|
5
|
+
before(:each) do
|
6
|
+
SecurityContext.initialize(TestController.new)
|
7
|
+
SecurityContext.credential = TestUser.new 'theuser'
|
8
|
+
@helper = TestHelper.new
|
9
|
+
@res = TestResource.new 'theuser'
|
10
|
+
end
|
11
|
+
|
12
|
+
it "should understand options hash" do
|
13
|
+
options = { :action => :edit, :controller => :test, :id => @res }
|
14
|
+
expect(:test, :edit, [], {:id => @res})
|
15
|
+
@helper.action_allowed?(options).should be_true
|
16
|
+
end
|
17
|
+
|
18
|
+
it "should understand path strings" do
|
19
|
+
path = 'test/theuser/edit'
|
20
|
+
with_path_info path
|
21
|
+
expect :test, :edit, [], {:id => 'theuser'}
|
22
|
+
@helper.action_allowed?(path).should be_true
|
23
|
+
end
|
24
|
+
|
25
|
+
it "should understand resource objects" do
|
26
|
+
with_path_info 'test/theuser', :get, {:action => :show}
|
27
|
+
expect :test, :show, [], {:id => 'theuser'}
|
28
|
+
@helper.expects(:url_for).with(@res).returns('test/theuser')
|
29
|
+
@helper.action_allowed?(@res).should be_true
|
30
|
+
end
|
31
|
+
|
32
|
+
it "should take html options into account" do
|
33
|
+
with_path_info 'test/theuser', :delete, {:action => :destroy}
|
34
|
+
expect :test, :destroy, [], {:id => 'theuser'}
|
35
|
+
@helper.expects(:url_for).with(@res).returns('test/theuser')
|
36
|
+
@helper.action_allowed?(@res, { :method => :delete}).should be_true
|
37
|
+
end
|
38
|
+
|
39
|
+
it "should call named routes" do
|
40
|
+
with_path_info 'test/theuser/edit'
|
41
|
+
expect :test, :edit, [@res], {}
|
42
|
+
@helper.expects(:edit_test_path).with(@res, {}).returns('test/theuser/edit')
|
43
|
+
@helper.action_allowed?(:edit_test_path, @res).should be_true
|
44
|
+
end
|
45
|
+
|
46
|
+
it "should support defining all parameters explicitly" do
|
47
|
+
expect :test, :edit, [@res], {:option => true}
|
48
|
+
params = { :action => :edit, :controller => :test, :option => true }
|
49
|
+
@helper.action_allowed?('path/to/something', @res, params).should be_true
|
50
|
+
end
|
51
|
+
|
52
|
+
it "should create links if allowed" do
|
53
|
+
options = { :action => :edit, :controller => :test, :id => @res }
|
54
|
+
expect(:test, :edit, [], {:id => @res})
|
55
|
+
@helper.expects(:link_to_if).with(true, "Edit", options, {}).returns("<a>success</a>")
|
56
|
+
@helper.link_to_if_allowed("Edit", options){'no access'}.should == "<a>success</a>"
|
57
|
+
end
|
58
|
+
|
59
|
+
it "should not create links if forbidden" do
|
60
|
+
options = { :action => :edit, :controller => :test, :id => @res }
|
61
|
+
expect(:test, :edit, [], {:id => @res}, false)
|
62
|
+
@helper.expects(:link_to_if).with(false, "Edit", options, {}).returns("no access")
|
63
|
+
@helper.link_to_if_allowed("Edit", options){"no access"}.should == "no access"
|
64
|
+
end
|
65
|
+
|
66
|
+
def expect(ctrl, action, obj, param, result=true)
|
67
|
+
SecurityContext.expects(:allow_action?).with(ctrl, action, obj, param).returns(result)
|
68
|
+
end
|
69
|
+
|
70
|
+
# prepares #recognize_path to resolve the request path
|
71
|
+
def with_path_info(path, env = nil, result={})
|
72
|
+
env = { :method => env } if env.is_a? Symbol
|
73
|
+
env ||= { :method => :get }
|
74
|
+
parts = path.split('/')
|
75
|
+
result[:controller] ||= parts.first.to_sym
|
76
|
+
result[:id] ||= parts.second
|
77
|
+
result[:action] ||= parts.third.to_sym
|
78
|
+
ActionController::Routing::Routes.expects(:recognize_path).with(path, env).returns(result)
|
79
|
+
end
|
80
|
+
|
81
|
+
end
|
82
|
+
|
@@ -1,15 +1,15 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::PolicyManager do
|
4
|
-
|
5
|
-
it "should provide policy factories" do
|
6
|
-
AnnotationSecurity::PolicyManager.policy_factory(:policy_manager)
|
7
|
-
(defined? PolicyManagerPolicy).should_not be_nil
|
8
|
-
end
|
9
|
-
|
10
|
-
it "should return the policy class for a resource" do
|
11
|
-
AnnotationSecurity::PolicyManager.policy_class(:policy_manager_2).
|
12
|
-
should == PolicyManager2Policy
|
13
|
-
end
|
14
|
-
|
15
|
-
end
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::PolicyManager do
|
4
|
+
|
5
|
+
it "should provide policy factories" do
|
6
|
+
AnnotationSecurity::PolicyManager.policy_factory(:policy_manager)
|
7
|
+
(defined? PolicyManagerPolicy).should_not be_nil
|
8
|
+
end
|
9
|
+
|
10
|
+
it "should return the policy class for a resource" do
|
11
|
+
AnnotationSecurity::PolicyManager.policy_class(:policy_manager_2).
|
12
|
+
should == PolicyManager2Policy
|
13
|
+
end
|
14
|
+
|
15
|
+
end
|
@@ -1,17 +1,17 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::ResourceManager do
|
4
|
-
|
5
|
-
it "should provide resource classes" do
|
6
|
-
klass = AnnotationSecurity::ResourceManager.get_resource_class :test_resource
|
7
|
-
klass.should == TestResource
|
8
|
-
end
|
9
|
-
|
10
|
-
it "should find resource instances" do
|
11
|
-
res = AnnotationSecurity::ResourceManager.get_resource :test_resource, 'xy'
|
12
|
-
res.should be_instance_of(TestResource)
|
13
|
-
res.name.should == 'xy'
|
14
|
-
end
|
15
|
-
|
16
|
-
end
|
17
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::ResourceManager do
|
4
|
+
|
5
|
+
it "should provide resource classes" do
|
6
|
+
klass = AnnotationSecurity::ResourceManager.get_resource_class :test_resource
|
7
|
+
klass.should == TestResource
|
8
|
+
end
|
9
|
+
|
10
|
+
it "should find resource instances" do
|
11
|
+
res = AnnotationSecurity::ResourceManager.get_resource :test_resource, 'xy'
|
12
|
+
res.should be_instance_of(TestResource)
|
13
|
+
res.name.should == 'xy'
|
14
|
+
end
|
15
|
+
|
16
|
+
end
|
17
|
+
|
@@ -1,17 +1,17 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::RightLoader do
|
4
|
-
|
5
|
-
it "should allow right definitions by hash" do
|
6
|
-
AnnotationSecurity::RightLoader.define_rights({
|
7
|
-
:right_loader => {
|
8
|
-
:right1 => 'if logged_in',
|
9
|
-
:right2 => 'if may_right1',
|
10
|
-
}})
|
11
|
-
(defined? RightLoaderPolicy).should_not be_nil
|
12
|
-
RightLoaderPolicy.has_rule?(:right1).should be_true
|
13
|
-
RightLoaderPolicy.has_rule?(:right2).should be_true
|
14
|
-
end
|
15
|
-
|
16
|
-
end
|
17
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::RightLoader do
|
4
|
+
|
5
|
+
it "should allow right definitions by hash" do
|
6
|
+
AnnotationSecurity::RightLoader.define_rights({
|
7
|
+
:right_loader => {
|
8
|
+
:right1 => 'if logged_in',
|
9
|
+
:right2 => 'if may_right1',
|
10
|
+
}})
|
11
|
+
(defined? RightLoaderPolicy).should_not be_nil
|
12
|
+
RightLoaderPolicy.has_rule?(:right1).should be_true
|
13
|
+
RightLoaderPolicy.has_rule?(:right2).should be_true
|
14
|
+
end
|
15
|
+
|
16
|
+
end
|
17
|
+
|
@@ -1,17 +1,17 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::AbstractPolicy do
|
4
|
-
# For more tests see test_policy_spec.rb
|
5
|
-
|
6
|
-
it 'should create a subclass for a resource type' do
|
7
|
-
klass = AnnotationSecurity::AbstractPolicy.new_subclass(:abs_policy_test)
|
8
|
-
(defined? AbsPolicyTestPolicy).should_not be_nil
|
9
|
-
klass.should eql(AbsPolicyTestPolicy)
|
10
|
-
klass.static?.should be_false
|
11
|
-
|
12
|
-
(defined? AbsPolicyTestStaticPolicy).should_not be_nil
|
13
|
-
klass.static_policy_class.should eql(AbsPolicyTestStaticPolicy)
|
14
|
-
klass.static_policy_class.static?.should be_true
|
15
|
-
end
|
16
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::AbstractPolicy do
|
4
|
+
# For more tests see test_policy_spec.rb
|
5
|
+
|
6
|
+
it 'should create a subclass for a resource type' do
|
7
|
+
klass = AnnotationSecurity::AbstractPolicy.new_subclass(:abs_policy_test)
|
8
|
+
(defined? AbsPolicyTestPolicy).should_not be_nil
|
9
|
+
klass.should eql(AbsPolicyTestPolicy)
|
10
|
+
klass.static?.should be_false
|
11
|
+
|
12
|
+
(defined? AbsPolicyTestStaticPolicy).should_not be_nil
|
13
|
+
klass.static_policy_class.should eql(AbsPolicyTestStaticPolicy)
|
14
|
+
klass.static_policy_class.static?.should be_true
|
15
|
+
end
|
16
|
+
|
17
17
|
end
|
@@ -1,24 +1,24 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AllResourcesPolicy do
|
4
|
-
|
5
|
-
it 'should provide :__self__ relation' do
|
6
|
-
user = TestUser.new
|
7
|
-
user2 = TestUser.new
|
8
|
-
policy = AllResourcesPolicy.new(user)
|
9
|
-
policy.with_resource(user).__self__?.should be_true
|
10
|
-
policy.with_resource(user.as_one_role).__self__?.should be_true
|
11
|
-
policy.with_resource(user2).__self__?.should be_false
|
12
|
-
end
|
13
|
-
|
14
|
-
it 'should provide :logged_in relation' do
|
15
|
-
AllResourcesPolicy.new(TestUser.new).logged_in?.should be_true
|
16
|
-
AllResourcesPolicy.new(nil).logged_in?.should be_false
|
17
|
-
|
18
|
-
AllResourcesPolicy.has_static_rule?(:logged_in).should be_true
|
19
|
-
AllResourcesPolicy.has_dynamic_rule?(:logged_in).should be_false
|
20
|
-
rule = AllResourcesPolicy.rule_set.get_static_rule(:logged_in)
|
21
|
-
rule.requires_credential?.should be_false
|
22
|
-
end
|
23
|
-
|
24
|
-
end
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AllResourcesPolicy do
|
4
|
+
|
5
|
+
it 'should provide :__self__ relation' do
|
6
|
+
user = TestUser.new
|
7
|
+
user2 = TestUser.new
|
8
|
+
policy = AllResourcesPolicy.new(user)
|
9
|
+
policy.with_resource(user).__self__?.should be_true
|
10
|
+
policy.with_resource(user.as_one_role).__self__?.should be_true
|
11
|
+
policy.with_resource(user2).__self__?.should be_false
|
12
|
+
end
|
13
|
+
|
14
|
+
it 'should provide :logged_in relation' do
|
15
|
+
AllResourcesPolicy.new(TestUser.new).logged_in?.should be_true
|
16
|
+
AllResourcesPolicy.new(nil).logged_in?.should be_false
|
17
|
+
|
18
|
+
AllResourcesPolicy.has_static_rule?(:logged_in).should be_true
|
19
|
+
AllResourcesPolicy.has_dynamic_rule?(:logged_in).should be_false
|
20
|
+
rule = AllResourcesPolicy.rule_set.get_static_rule(:logged_in)
|
21
|
+
rule.requires_credential?.should be_false
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
@@ -1,112 +1,112 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::RuleSet do
|
4
|
-
|
5
|
-
before(:all) do
|
6
|
-
AnnotationSecurity.define_relations(:rule_set_test,:rule_set_test2) do
|
7
|
-
sys_relation :system, "true"
|
8
|
-
res_relation :resource, "true"
|
9
|
-
pre_relation :pretest, "true"
|
10
|
-
end
|
11
|
-
# This rule set is not to be modified during the tests!
|
12
|
-
@rule_set2 = RuleSetTest2Policy.rule_set
|
13
|
-
end
|
14
|
-
|
15
|
-
before(:each) do
|
16
|
-
# Use a fresh rule set for each test.
|
17
|
-
# This will break some functions of RuleSet,
|
18
|
-
# in these cases @rule_set2 is used for testing.
|
19
|
-
@rule_set = AnnotationSecurity::RuleSet.new(RuleSetTestPolicy)
|
20
|
-
end
|
21
|
-
|
22
|
-
it 'should have a self explaining name' do
|
23
|
-
@rule_set.to_s.should eql('<RuleSet of RuleSetTestPolicy>')
|
24
|
-
end
|
25
|
-
|
26
|
-
it 'should manage static relations' do
|
27
|
-
rule = @rule_set.add_rule(:sys_relation, :system) { true }
|
28
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
29
|
-
@rule_set.get_rule(:sys_relation, true).should eql(rule)
|
30
|
-
@rule_set.get_rule(:sys_relation, false).should be_nil
|
31
|
-
end
|
32
|
-
|
33
|
-
it 'should manage dynamic relations' do
|
34
|
-
rule = @rule_set.add_rule(:res_relation, :resource) { true }
|
35
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
36
|
-
@rule_set.get_rule(:res_relation, false).should eql(rule)
|
37
|
-
@rule_set.get_rule(:res_relation, true).should be_nil
|
38
|
-
end
|
39
|
-
|
40
|
-
it 'should manage pretest relations' do
|
41
|
-
rule = @rule_set.add_rule(:pre_relation, :pretest) { true }
|
42
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
43
|
-
@rule_set.get_rule(:pre_relation, true).should eql(rule)
|
44
|
-
@rule_set.get_rule(:pre_relation, false).should eql(rule)
|
45
|
-
end
|
46
|
-
|
47
|
-
it 'should manage dynamic rights' do
|
48
|
-
rule = @rule_set.add_rule(:res_right, :right, "if res_relation")
|
49
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
50
|
-
@rule_set.get_rule(:res_right,false).should eql(rule)
|
51
|
-
@rule_set.get_rule(:res_right,true).should be_nil
|
52
|
-
end
|
53
|
-
|
54
|
-
it 'should manage static rights' do
|
55
|
-
rule = @rule_set.add_rule(:sys_right, :right, "if sys_relation")
|
56
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
57
|
-
@rule_set.get_rule(:sys_right,true).should eql(rule)
|
58
|
-
@rule_set.get_rule(:sys_right,false).should be_nil
|
59
|
-
end
|
60
|
-
|
61
|
-
it 'should manage pretest rights' do
|
62
|
-
rule = @rule_set.add_rule(:pre_right, :right, "if pre_relation")
|
63
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
64
|
-
@rule_set.get_rule(:pre_right,true).should eql(rule)
|
65
|
-
@rule_set.get_rule(:pre_right,false).should eql(rule)
|
66
|
-
end
|
67
|
-
|
68
|
-
it 'should be able to copy dynamic rules from other rule sets' do
|
69
|
-
rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, false)
|
70
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
71
|
-
@rule_set.get_rule(:res_relation, false).should eql(rule)
|
72
|
-
@rule_set2.get_rule(:res_relation, false).should_not eql(rule)
|
73
|
-
end
|
74
|
-
|
75
|
-
it 'should not create dynamic copies of static rules from other rule sets' do
|
76
|
-
rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, false)
|
77
|
-
rule.should be_nil
|
78
|
-
end
|
79
|
-
|
80
|
-
it 'should be able to copy static rules from other rule sets' do
|
81
|
-
rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, true)
|
82
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
83
|
-
@rule_set.get_rule(:sys_relation, true).should eql(rule)
|
84
|
-
@rule_set2.get_rule(:sys_relation, true).should_not eql(rule)
|
85
|
-
end
|
86
|
-
|
87
|
-
it 'should not create static copies of dynamic rules from other rule sets' do
|
88
|
-
rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, true)
|
89
|
-
rule.should be_nil
|
90
|
-
end
|
91
|
-
|
92
|
-
it 'should not allow rules with forbidden names' do
|
93
|
-
lambda {
|
94
|
-
@rule_set.add_rule(:get_rule) { }
|
95
|
-
}.should raise_error(AnnotationSecurity::RuleError)
|
96
|
-
end
|
97
|
-
|
98
|
-
it 'should not allow rules to be defined twice' do
|
99
|
-
@rule_set.add_rule(:test_rule) { }
|
100
|
-
lambda {
|
101
|
-
@rule_set.add_rule(:test_rule) { }
|
102
|
-
}.should raise_error(AnnotationSecurity::RuleError)
|
103
|
-
end
|
104
|
-
|
105
|
-
it 'should allow rules to be defined both statically and dynamically' do
|
106
|
-
r1 = @rule_set.add_rule(:test_rule, :system) { }
|
107
|
-
r2 = @rule_set.add_rule(:test_rule, :resource) { }
|
108
|
-
@rule_set.get_rule(:test_rule,true).should eql(r1)
|
109
|
-
@rule_set.get_rule(:test_rule,false).should eql(r2)
|
110
|
-
end
|
111
|
-
|
112
|
-
end
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::RuleSet do
|
4
|
+
|
5
|
+
before(:all) do
|
6
|
+
AnnotationSecurity.define_relations(:rule_set_test,:rule_set_test2) do
|
7
|
+
sys_relation :system, "true"
|
8
|
+
res_relation :resource, "true"
|
9
|
+
pre_relation :pretest, "true"
|
10
|
+
end
|
11
|
+
# This rule set is not to be modified during the tests!
|
12
|
+
@rule_set2 = RuleSetTest2Policy.rule_set
|
13
|
+
end
|
14
|
+
|
15
|
+
before(:each) do
|
16
|
+
# Use a fresh rule set for each test.
|
17
|
+
# This will break some functions of RuleSet,
|
18
|
+
# in these cases @rule_set2 is used for testing.
|
19
|
+
@rule_set = AnnotationSecurity::RuleSet.new(RuleSetTestPolicy)
|
20
|
+
end
|
21
|
+
|
22
|
+
it 'should have a self explaining name' do
|
23
|
+
@rule_set.to_s.should eql('<RuleSet of RuleSetTestPolicy>')
|
24
|
+
end
|
25
|
+
|
26
|
+
it 'should manage static relations' do
|
27
|
+
rule = @rule_set.add_rule(:sys_relation, :system) { true }
|
28
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
29
|
+
@rule_set.get_rule(:sys_relation, true).should eql(rule)
|
30
|
+
@rule_set.get_rule(:sys_relation, false).should be_nil
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'should manage dynamic relations' do
|
34
|
+
rule = @rule_set.add_rule(:res_relation, :resource) { true }
|
35
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
36
|
+
@rule_set.get_rule(:res_relation, false).should eql(rule)
|
37
|
+
@rule_set.get_rule(:res_relation, true).should be_nil
|
38
|
+
end
|
39
|
+
|
40
|
+
it 'should manage pretest relations' do
|
41
|
+
rule = @rule_set.add_rule(:pre_relation, :pretest) { true }
|
42
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
43
|
+
@rule_set.get_rule(:pre_relation, true).should eql(rule)
|
44
|
+
@rule_set.get_rule(:pre_relation, false).should eql(rule)
|
45
|
+
end
|
46
|
+
|
47
|
+
it 'should manage dynamic rights' do
|
48
|
+
rule = @rule_set.add_rule(:res_right, :right, "if res_relation")
|
49
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
50
|
+
@rule_set.get_rule(:res_right,false).should eql(rule)
|
51
|
+
@rule_set.get_rule(:res_right,true).should be_nil
|
52
|
+
end
|
53
|
+
|
54
|
+
it 'should manage static rights' do
|
55
|
+
rule = @rule_set.add_rule(:sys_right, :right, "if sys_relation")
|
56
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
57
|
+
@rule_set.get_rule(:sys_right,true).should eql(rule)
|
58
|
+
@rule_set.get_rule(:sys_right,false).should be_nil
|
59
|
+
end
|
60
|
+
|
61
|
+
it 'should manage pretest rights' do
|
62
|
+
rule = @rule_set.add_rule(:pre_right, :right, "if pre_relation")
|
63
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
64
|
+
@rule_set.get_rule(:pre_right,true).should eql(rule)
|
65
|
+
@rule_set.get_rule(:pre_right,false).should eql(rule)
|
66
|
+
end
|
67
|
+
|
68
|
+
it 'should be able to copy dynamic rules from other rule sets' do
|
69
|
+
rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, false)
|
70
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
71
|
+
@rule_set.get_rule(:res_relation, false).should eql(rule)
|
72
|
+
@rule_set2.get_rule(:res_relation, false).should_not eql(rule)
|
73
|
+
end
|
74
|
+
|
75
|
+
it 'should not create dynamic copies of static rules from other rule sets' do
|
76
|
+
rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, false)
|
77
|
+
rule.should be_nil
|
78
|
+
end
|
79
|
+
|
80
|
+
it 'should be able to copy static rules from other rule sets' do
|
81
|
+
rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, true)
|
82
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
83
|
+
@rule_set.get_rule(:sys_relation, true).should eql(rule)
|
84
|
+
@rule_set2.get_rule(:sys_relation, true).should_not eql(rule)
|
85
|
+
end
|
86
|
+
|
87
|
+
it 'should not create static copies of dynamic rules from other rule sets' do
|
88
|
+
rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, true)
|
89
|
+
rule.should be_nil
|
90
|
+
end
|
91
|
+
|
92
|
+
it 'should not allow rules with forbidden names' do
|
93
|
+
lambda {
|
94
|
+
@rule_set.add_rule(:get_rule) { }
|
95
|
+
}.should raise_error(AnnotationSecurity::RuleError)
|
96
|
+
end
|
97
|
+
|
98
|
+
it 'should not allow rules to be defined twice' do
|
99
|
+
@rule_set.add_rule(:test_rule) { }
|
100
|
+
lambda {
|
101
|
+
@rule_set.add_rule(:test_rule) { }
|
102
|
+
}.should raise_error(AnnotationSecurity::RuleError)
|
103
|
+
end
|
104
|
+
|
105
|
+
it 'should allow rules to be defined both statically and dynamically' do
|
106
|
+
r1 = @rule_set.add_rule(:test_rule, :system) { }
|
107
|
+
r2 = @rule_set.add_rule(:test_rule, :resource) { }
|
108
|
+
@rule_set.get_rule(:test_rule,true).should eql(r1)
|
109
|
+
@rule_set.get_rule(:test_rule,false).should eql(r2)
|
110
|
+
end
|
111
|
+
|
112
|
+
end
|