annotation_security 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. data/CHANGELOG.md +14 -0
  2. data/HOW-TO.md +275 -0
  3. data/{MIT-LICENSE → LICENSE} +1 -1
  4. data/README.md +39 -0
  5. data/Rakefile +62 -55
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +13 -13
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security/exceptions.rb +124 -124
  12. data/lib/annotation_security/exec.rb +188 -188
  13. data/lib/annotation_security/filters.rb +37 -37
  14. data/lib/annotation_security/includes/action_controller.rb +144 -143
  15. data/lib/annotation_security/includes/active_record.rb +27 -27
  16. data/lib/annotation_security/includes/helper.rb +215 -215
  17. data/lib/annotation_security/includes/resource.rb +84 -84
  18. data/lib/annotation_security/includes/role.rb +30 -30
  19. data/lib/annotation_security/includes/user.rb +26 -26
  20. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  21. data/lib/annotation_security/manager/policy_manager.rb +79 -79
  22. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  23. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  24. data/lib/annotation_security/manager/right_loader.rb +87 -87
  25. data/lib/annotation_security/model_observer.rb +61 -61
  26. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  27. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  28. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  29. data/lib/annotation_security/policy/rule.rb +340 -340
  30. data/lib/annotation_security/policy/rule_set.rb +138 -138
  31. data/lib/annotation_security/rails.rb +38 -38
  32. data/lib/annotation_security/user_wrapper.rb +73 -73
  33. data/lib/annotation_security/utils.rb +141 -141
  34. data/lib/annotation_security/version.rb +10 -0
  35. data/lib/annotation_security.rb +102 -97
  36. data/lib/extensions/action_controller.rb +32 -32
  37. data/lib/extensions/active_record.rb +34 -34
  38. data/lib/extensions/filter.rb +133 -133
  39. data/lib/extensions/object.rb +10 -10
  40. data/lib/security_context.rb +589 -551
  41. data/spec/annotation_security/exceptions_spec.rb +16 -16
  42. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  43. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  44. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  45. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  46. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  47. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  48. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  49. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  50. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  51. data/spec/annotation_security/security_context_spec.rb +78 -78
  52. data/spec/annotation_security/utils_spec.rb +73 -73
  53. data/spec/helper/test_controller.rb +65 -65
  54. data/spec/helper/test_helper.rb +5 -5
  55. data/spec/helper/test_relations.rb +6 -6
  56. data/spec/helper/test_resource.rb +38 -38
  57. data/spec/helper/test_role.rb +21 -21
  58. data/spec/helper/test_user.rb +31 -31
  59. data/spec/rails_stub.rb +37 -37
  60. metadata +94 -72
  61. data/CHANGELOG +0 -2
  62. data/HOW-TO +0 -261
  63. data/README +0 -39
@@ -1,78 +1,78 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
-
3
- describe AnnotationSecurity::Rule do
4
-
5
- before(:all) do
6
- AnnotationSecurity.define_relations(:rule_test_res) do
7
- res_dummy
8
- sys_dummy(:system) { false }
9
- pre_dummy :pretest
10
- noc_dummy :system, :require_credential => false
11
-
12
- res_dummy_test { has_res_dummy }
13
- sys_dummy_test "if is_sys_dummy"
14
- end
15
- end
16
-
17
- it 'should create valid dynamic relations' do
18
- rule = AnnotationSecurity::Rule.new(:res_proc, RuleTestResPolicy) { |u,r| true }
19
- rule.to_s.should == '<RuleTestResPolicy#res_proc[--du]>'
20
- rule = AnnotationSecurity::Rule.new(:res, RuleTestResPolicy, :resource)
21
- rule.to_s.should == '<RuleTestResPolicy#res[--du]>'
22
- end
23
-
24
- it 'should create valid static relations' do
25
- rule = AnnotationSecurity::Rule.new(:sys_proc, RuleTestResPolicy, :system) { true }
26
- rule.to_s.should == '<RuleTestResPolicy#sys_proc[-s-u]>'
27
- end
28
-
29
- it 'should create valid pretest relations' do
30
- rule = AnnotationSecurity::Rule.new(:pre_proc, RuleTestResPolicy, :pretest) { true }
31
- rule.to_s.should == '<RuleTestResPolicy#pre_proc[-sdu]>'
32
- end
33
-
34
- it 'should create valid relations without user' do
35
- rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy, :require_credential => false)
36
- rule.to_s.should == '<RuleTestResPolicy#no_u[--d-]>'
37
- rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy,
38
- :system, :require_credential => false)
39
- rule.to_s.should == '<RuleTestResPolicy#no_u[-s--]>'
40
- rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy,
41
- :pretest, :require_credential => false)
42
- rule.to_s.should == '<RuleTestResPolicy#no_u[-sd-]>'
43
- end
44
-
45
- it 'should create valid rights' do
46
- {
47
- 'if res_dummy' => '-du',
48
- 'if sys_dummy' => 's-u',
49
- 'if pre_dummy' => 'sdu',
50
- 'if res_dummy or sys_dummy' => '-du',
51
- 'if res_dummy or pre_dummy' => '-du',
52
- 'if sys_dummy or pre_dummy' => 'sdu',
53
- 'if noc_dummy' => 's--',
54
- 'if noc_dummy or sys_dummy' => 's-u',
55
- 'if noc_dummy or res_dummy' => '-du',
56
- 'if self' => '-du',
57
- 'if other_right: resource_property' => '-du',
58
- 'true' => 's--',
59
- 'false or nil' => 's--'
60
- }.each_pair do |condition,flags|
61
- right = AnnotationSecurity::Rule.new(:right, RuleTestResPolicy, :right, condition)
62
- right.flag_s.should == 'r???'
63
- right.static? # trigger lazy initialization
64
- right.flag_s.should == 'r'+flags
65
- end
66
- end
67
-
68
- it 'should call referred rules when being executed' do
69
- policy = RuleTestResPolicy.new(:user,:res)
70
-
71
- policy.expects(:res_dummy).returns(true)
72
- policy.res_dummy_test.should be_true
73
-
74
- policy.expects(:sys_dummy).returns(false)
75
- policy.sys_dummy_test?.should be_false
76
- end
77
-
1
+ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
+
3
+ describe AnnotationSecurity::Rule do
4
+
5
+ before(:all) do
6
+ AnnotationSecurity.define_relations(:rule_test_res) do
7
+ res_dummy
8
+ sys_dummy(:system) { false }
9
+ pre_dummy :pretest
10
+ noc_dummy :system, :require_credential => false
11
+
12
+ res_dummy_test { has_res_dummy }
13
+ sys_dummy_test "if is_sys_dummy"
14
+ end
15
+ end
16
+
17
+ it 'should create valid dynamic relations' do
18
+ rule = AnnotationSecurity::Rule.new(:res_proc, RuleTestResPolicy) { |u,r| true }
19
+ rule.to_s.should == '<RuleTestResPolicy#res_proc[--du]>'
20
+ rule = AnnotationSecurity::Rule.new(:res, RuleTestResPolicy, :resource)
21
+ rule.to_s.should == '<RuleTestResPolicy#res[--du]>'
22
+ end
23
+
24
+ it 'should create valid static relations' do
25
+ rule = AnnotationSecurity::Rule.new(:sys_proc, RuleTestResPolicy, :system) { true }
26
+ rule.to_s.should == '<RuleTestResPolicy#sys_proc[-s-u]>'
27
+ end
28
+
29
+ it 'should create valid pretest relations' do
30
+ rule = AnnotationSecurity::Rule.new(:pre_proc, RuleTestResPolicy, :pretest) { true }
31
+ rule.to_s.should == '<RuleTestResPolicy#pre_proc[-sdu]>'
32
+ end
33
+
34
+ it 'should create valid relations without user' do
35
+ rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy, :require_credential => false)
36
+ rule.to_s.should == '<RuleTestResPolicy#no_u[--d-]>'
37
+ rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy,
38
+ :system, :require_credential => false)
39
+ rule.to_s.should == '<RuleTestResPolicy#no_u[-s--]>'
40
+ rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy,
41
+ :pretest, :require_credential => false)
42
+ rule.to_s.should == '<RuleTestResPolicy#no_u[-sd-]>'
43
+ end
44
+
45
+ it 'should create valid rights' do
46
+ {
47
+ 'if res_dummy' => '-du',
48
+ 'if sys_dummy' => 's-u',
49
+ 'if pre_dummy' => 'sdu',
50
+ 'if res_dummy or sys_dummy' => '-du',
51
+ 'if res_dummy or pre_dummy' => '-du',
52
+ 'if sys_dummy or pre_dummy' => 'sdu',
53
+ 'if noc_dummy' => 's--',
54
+ 'if noc_dummy or sys_dummy' => 's-u',
55
+ 'if noc_dummy or res_dummy' => '-du',
56
+ 'if self' => '-du',
57
+ 'if other_right: resource_property' => '-du',
58
+ 'true' => 's--',
59
+ 'false or nil' => 's--'
60
+ }.each_pair do |condition,flags|
61
+ right = AnnotationSecurity::Rule.new(:right, RuleTestResPolicy, :right, condition)
62
+ right.flag_s.should == 'r???'
63
+ right.static? # trigger lazy initialization
64
+ right.flag_s.should == 'r'+flags
65
+ end
66
+ end
67
+
68
+ it 'should call referred rules when being executed' do
69
+ policy = RuleTestResPolicy.new(:user,:res)
70
+
71
+ policy.expects(:res_dummy).returns(true)
72
+ policy.res_dummy_test.should be_true
73
+
74
+ policy.expects(:sys_dummy).returns(false)
75
+ policy.sys_dummy_test?.should be_false
76
+ end
77
+
78
78
  end
@@ -1,81 +1,81 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
-
3
- AnnotationSecurity.define_relations(:a_test) do
4
- sys_relation :system
5
- res_relation :resource
6
- pre_relation :pretest
7
- end
8
-
9
- describe ATestPolicy do
10
-
11
- it 'should be dynamic' do
12
- ATestPolicy.static?.should be_false
13
- end
14
-
15
- it 'should have a static partner' do
16
- ATestPolicy.static_policy_class.should eql(ATestStaticPolicy)
17
- end
18
-
19
- it 'should know its resource type' do
20
- ATestPolicy.resource_type.should eql(:a_test)
21
- end
22
-
23
- it 'should have all rules' do
24
- ATestPolicy.has_rule?(:sys_relation).should be_true
25
- ATestPolicy.has_rule?(:res_relation).should be_true
26
- ATestPolicy.has_rule?(:pre_relation).should be_true
27
- end
28
-
29
- it 'should be aware of the evaluation time of a rule' do
30
- ATestPolicy.has_dynamic_rule?(:sys_relation).should be_false
31
- ATestPolicy.has_dynamic_rule?(:res_relation).should be_true
32
- ATestPolicy.has_dynamic_rule?(:pre_relation).should be_true
33
-
34
- ATestPolicy.has_static_rule?(:sys_relation).should be_true
35
- ATestPolicy.has_static_rule?(:res_relation).should be_false
36
- ATestPolicy.has_static_rule?(:pre_relation).should be_true
37
- end
38
-
39
- it 'should have access to rules defined for all resources' do
40
- ATestPolicy.has_rule?(:__self__).should be_true
41
- ATestPolicy.has_rule?(:logged_in).should be_true
42
- end
43
- #
44
- # it 'should be possible to add rules'
45
- #
46
- # it 'should be possible to evaluate a list of rules (static/dynamic/both)'
47
-
48
- end
49
-
50
- describe ATestStaticPolicy do
51
-
52
- it 'should be static' do
53
- ATestStaticPolicy.static?.should be_true
54
- end
55
-
56
- it 'should not have a static partner' do
57
- lambda {
58
- ATestStaticPolicy.static_policy_class
59
- }.should raise_error(NameError)
60
- end
61
-
62
- it 'should know its resource type' do
63
- ATestStaticPolicy.resource_type.should eql(:a_test)
64
- end
65
-
66
- it 'should use the rule set of the dynamic policy' do
67
- ATestStaticPolicy.rule_set.should eql(ATestPolicy.rule_set)
68
- end
69
-
70
- it 'should have all static rules' do
71
- ATestStaticPolicy.has_rule?(:sys_relation).should be_true
72
- ATestStaticPolicy.has_rule?(:res_relation).should be_false
73
- ATestStaticPolicy.has_rule?(:pre_relation).should be_true
74
- end
75
-
76
- it 'should have access to static rules defined for all resources' do
77
- ATestStaticPolicy.has_rule?(:__self__).should be_false
78
- ATestStaticPolicy.has_rule?(:logged_in).should be_true
79
- end
80
-
1
+ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
+
3
+ AnnotationSecurity.define_relations(:a_test) do
4
+ sys_relation :system
5
+ res_relation :resource
6
+ pre_relation :pretest
7
+ end
8
+
9
+ describe ATestPolicy do
10
+
11
+ it 'should be dynamic' do
12
+ ATestPolicy.static?.should be_false
13
+ end
14
+
15
+ it 'should have a static partner' do
16
+ ATestPolicy.static_policy_class.should eql(ATestStaticPolicy)
17
+ end
18
+
19
+ it 'should know its resource type' do
20
+ ATestPolicy.resource_type.should eql(:a_test)
21
+ end
22
+
23
+ it 'should have all rules' do
24
+ ATestPolicy.has_rule?(:sys_relation).should be_true
25
+ ATestPolicy.has_rule?(:res_relation).should be_true
26
+ ATestPolicy.has_rule?(:pre_relation).should be_true
27
+ end
28
+
29
+ it 'should be aware of the evaluation time of a rule' do
30
+ ATestPolicy.has_dynamic_rule?(:sys_relation).should be_false
31
+ ATestPolicy.has_dynamic_rule?(:res_relation).should be_true
32
+ ATestPolicy.has_dynamic_rule?(:pre_relation).should be_true
33
+
34
+ ATestPolicy.has_static_rule?(:sys_relation).should be_true
35
+ ATestPolicy.has_static_rule?(:res_relation).should be_false
36
+ ATestPolicy.has_static_rule?(:pre_relation).should be_true
37
+ end
38
+
39
+ it 'should have access to rules defined for all resources' do
40
+ ATestPolicy.has_rule?(:__self__).should be_true
41
+ ATestPolicy.has_rule?(:logged_in).should be_true
42
+ end
43
+ #
44
+ # it 'should be possible to add rules'
45
+ #
46
+ # it 'should be possible to evaluate a list of rules (static/dynamic/both)'
47
+
48
+ end
49
+
50
+ describe ATestStaticPolicy do
51
+
52
+ it 'should be static' do
53
+ ATestStaticPolicy.static?.should be_true
54
+ end
55
+
56
+ it 'should not have a static partner' do
57
+ lambda {
58
+ ATestStaticPolicy.static_policy_class
59
+ }.should raise_error(NameError)
60
+ end
61
+
62
+ it 'should know its resource type' do
63
+ ATestStaticPolicy.resource_type.should eql(:a_test)
64
+ end
65
+
66
+ it 'should use the rule set of the dynamic policy' do
67
+ ATestStaticPolicy.rule_set.should eql(ATestPolicy.rule_set)
68
+ end
69
+
70
+ it 'should have all static rules' do
71
+ ATestStaticPolicy.has_rule?(:sys_relation).should be_true
72
+ ATestStaticPolicy.has_rule?(:res_relation).should be_false
73
+ ATestStaticPolicy.has_rule?(:pre_relation).should be_true
74
+ end
75
+
76
+ it 'should have access to static rules defined for all resources' do
77
+ ATestStaticPolicy.has_rule?(:__self__).should be_false
78
+ ATestStaticPolicy.has_rule?(:logged_in).should be_true
79
+ end
80
+
81
81
  end
@@ -1,78 +1,78 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
-
3
- describe SecurityContext do
4
-
5
- before(:each) do
6
- @user1 = TestUser.new 'theuser'
7
- @user2 = TestUser.new 'otheruser'
8
- end
9
-
10
- it "should check 'logged_in' for 'show'" do
11
- request(@user1, :show, { :id => 'theuser' }).should succeed
12
- request(@user2, :show, { :id => 'theuser' }).should succeed
13
- request(nil, :show, { :id => 'theuser' }).should fail
14
- end
15
-
16
- it "should check 'owner' for 'edit'" do
17
- request(@user1, :edit, { :id => 'theuser' }).should succeed
18
- request(@user2, :edit, { :id => 'theuser' }).should fail
19
- end
20
-
21
- it "should check 'logged_in' and 'owner' for 'show_edit'" do
22
- request(@user1, :show_edit, { :id => 'theuser' }).should succeed
23
- request(@user2, :show_edit, { :id => 'theuser' }).should fail
24
- end
25
-
26
- it "should check 'owner' for 'delete' based on :id" do
27
- request(@user1, :delete, { :id => 'theuser' }).should succeed
28
- request(@user2, :delete, { :id => 'theuser' }).should fail
29
- end
30
-
31
- it "should not call action if check based on :id fails" do
32
- TestController.expects(:enter_delete).never
33
- request(@user2, :delete, { :id => 'theuser' }).should fail
34
- end
35
-
36
- it "should check 'owner' for 'list' based on @list" do
37
- request(@user1, :list, { :id1 => 'theuser', :id2 => 'theuser' }).should succeed
38
- request(@user1, :list, { :id1 => 'theuser', :id2 => 'otheruser' }).should fail
39
- request(@user1, :list, { :id1 => 'otheruser', :id2 => 'theuser' }).should fail
40
- end
41
-
42
- it "should not be disturbed by calls to #render" do
43
- TestController.expects(:exit_render).twice
44
- request(@user1, :edit_with_render,
45
- { :id1 => 'theuser', :id2 => 'theuser' }).should succeed
46
- request(@user1, :edit_with_render,
47
- { :id1 => 'theuser', :id2 => 'otheruser' }).should fail
48
- end
49
-
50
- it "should check rules before #render" do
51
- TestController.expects(:exit_render).never
52
- request(@user1, :edit_with_render,
53
- { :id1 => 'otheruser', :id2 => 'theuser' }).should fail
54
- end
55
-
56
- # simulates an action invokation in rails
57
- def request(user, action, params)
58
- controller = TestController.new
59
- controller.test_init(action, params)
60
- SecurityContext.initialize(controller)
61
- SecurityContext.credential = user
62
- rules = controller.class.descriptions_of(action)
63
- SecurityContext.current.send_with_security(rules, controller, action)
64
- 'no_error'
65
- rescue SecurityViolationError => sve
66
- sve
67
- end
68
-
69
- def succeed
70
- eql 'no_error'
71
- end
72
-
73
- def fail
74
- be_instance_of SecurityViolationError
75
- end
76
-
77
- end
78
-
1
+ require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
+
3
+ describe SecurityContext do
4
+
5
+ before(:each) do
6
+ @user1 = TestUser.new 'theuser'
7
+ @user2 = TestUser.new 'otheruser'
8
+ end
9
+
10
+ it "should check 'logged_in' for 'show'" do
11
+ request(@user1, :show, { :id => 'theuser' }).should succeed
12
+ request(@user2, :show, { :id => 'theuser' }).should succeed
13
+ request(nil, :show, { :id => 'theuser' }).should fail
14
+ end
15
+
16
+ it "should check 'owner' for 'edit'" do
17
+ request(@user1, :edit, { :id => 'theuser' }).should succeed
18
+ request(@user2, :edit, { :id => 'theuser' }).should fail
19
+ end
20
+
21
+ it "should check 'logged_in' and 'owner' for 'show_edit'" do
22
+ request(@user1, :show_edit, { :id => 'theuser' }).should succeed
23
+ request(@user2, :show_edit, { :id => 'theuser' }).should fail
24
+ end
25
+
26
+ it "should check 'owner' for 'delete' based on :id" do
27
+ request(@user1, :delete, { :id => 'theuser' }).should succeed
28
+ request(@user2, :delete, { :id => 'theuser' }).should fail
29
+ end
30
+
31
+ it "should not call action if check based on :id fails" do
32
+ TestController.expects(:enter_delete).never
33
+ request(@user2, :delete, { :id => 'theuser' }).should fail
34
+ end
35
+
36
+ it "should check 'owner' for 'list' based on @list" do
37
+ request(@user1, :list, { :id1 => 'theuser', :id2 => 'theuser' }).should succeed
38
+ request(@user1, :list, { :id1 => 'theuser', :id2 => 'otheruser' }).should fail
39
+ request(@user1, :list, { :id1 => 'otheruser', :id2 => 'theuser' }).should fail
40
+ end
41
+
42
+ it "should not be disturbed by calls to #render" do
43
+ TestController.expects(:exit_render).twice
44
+ request(@user1, :edit_with_render,
45
+ { :id1 => 'theuser', :id2 => 'theuser' }).should succeed
46
+ request(@user1, :edit_with_render,
47
+ { :id1 => 'theuser', :id2 => 'otheruser' }).should fail
48
+ end
49
+
50
+ it "should check rules before #render" do
51
+ TestController.expects(:exit_render).never
52
+ request(@user1, :edit_with_render,
53
+ { :id1 => 'otheruser', :id2 => 'theuser' }).should fail
54
+ end
55
+
56
+ # simulates an action invokation in rails
57
+ def request(user, action, params)
58
+ controller = TestController.new
59
+ controller.test_init(action, params)
60
+ SecurityContext.initialize(controller)
61
+ SecurityContext.credential = user
62
+ rules = controller.class.descriptions_of(action)
63
+ SecurityContext.current.send_with_security(rules, controller, action)
64
+ 'no_error'
65
+ rescue SecurityViolationError => sve
66
+ sve
67
+ end
68
+
69
+ def succeed
70
+ eql 'no_error'
71
+ end
72
+
73
+ def fail
74
+ be_instance_of SecurityViolationError
75
+ end
76
+
77
+ end
78
+
@@ -1,74 +1,74 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
-
3
- describe AnnotationSecurity::Utils do
4
-
5
- it 'should remove prefixes of the method body' do
6
- %w{may_rule is_rule can_rule has_rule}.each do |method|
7
- AnnotationSecurity::Utils.method_body(method).should eql('rule')
8
- end
9
- end
10
-
11
- it 'should remove suffixes of the method body' do
12
- %w{rule_for rule_of rule_in rule_to rule?}.each do |method|
13
- AnnotationSecurity::Utils.method_body(method).should eql('rule')
14
- end
15
- end
16
-
17
- it 'should return nil if the method body is clean' do
18
- AnnotationSecurity::Utils.method_body('rule').should be_nil
19
- end
20
-
21
- it 'should ignore prefixes and suffixes without underscore in method body' do
22
- %w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
23
- AnnotationSecurity::Utils.method_body(method).should eql(nil)
24
- end
25
- end
26
-
27
- it 'should remove only prefix or suffix from the method body at a time' do
28
- AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
29
- AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
30
- AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
31
- end
32
-
33
- it 'should parse descriptions without bindings correctly' do
34
- ['show a resource', 'show with some text ignored a resource',
35
- 'show pluralized resources', '(ignoring comments) show a resource',
36
- 'show a resource (with comment at the end)'].each do |s|
37
- AnnotationSecurity::Utils.parse_description(s).
38
- should == {:action => :show, :resource => :resource}
39
- end
40
- end
41
-
42
- it 'should detect bindings of a description' do
43
- {
44
- 'show the resource in @res' =>
45
- {:action => :show,:resource => :resource, :source => '@res'},
46
- 'show the resource from :id' =>
47
- {:action => :show,:resource => :resource, :source => :id},
48
- }.each_pair do |key, value|
49
- AnnotationSecurity::Utils.parse_description(key,true).should == value
50
- end
51
- end
52
-
53
- it 'should raise an error if an unexpected binding is detected in a description' do
54
- lambda {
55
- AnnotationSecurity::Utils.parse_description('show the resource :id')
56
- }.should raise_error(StandardError)
57
- end
58
-
59
- it 'should parse policy arguments like specified in SecurityContext.allowed?' do
60
- obj = Object.new
61
- def obj.__is_resource?; true; end
62
- def obj.resource_type; :o_resource; end
63
- {
64
- [:show, :resource, obj] => [:show, :resource, obj],
65
- [:show, obj] => [:show, :o_resource, obj],
66
- ['show resource', obj] => [:show, :resource, obj],
67
- [:show, :resource] => [:show, :resource],
68
- [:administrate] => [:administrate, :all_resources]
69
- }.each_pair do |key, value|
70
- AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
71
- end
72
- end
73
-
1
+ require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
+
3
+ describe AnnotationSecurity::Utils do
4
+
5
+ it 'should remove prefixes of the method body' do
6
+ %w{may_rule is_rule can_rule has_rule}.each do |method|
7
+ AnnotationSecurity::Utils.method_body(method).should eql('rule')
8
+ end
9
+ end
10
+
11
+ it 'should remove suffixes of the method body' do
12
+ %w{rule_for rule_of rule_in rule_to rule?}.each do |method|
13
+ AnnotationSecurity::Utils.method_body(method).should eql('rule')
14
+ end
15
+ end
16
+
17
+ it 'should return nil if the method body is clean' do
18
+ AnnotationSecurity::Utils.method_body('rule').should be_nil
19
+ end
20
+
21
+ it 'should ignore prefixes and suffixes without underscore in method body' do
22
+ %w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
23
+ AnnotationSecurity::Utils.method_body(method).should eql(nil)
24
+ end
25
+ end
26
+
27
+ it 'should remove only prefix or suffix from the method body at a time' do
28
+ AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
29
+ AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
30
+ AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
31
+ end
32
+
33
+ it 'should parse descriptions without bindings correctly' do
34
+ ['show a resource', 'show with some text ignored a resource',
35
+ 'show pluralized resources', '(ignoring comments) show a resource',
36
+ 'show a resource (with comment at the end)'].each do |s|
37
+ AnnotationSecurity::Utils.parse_description(s).
38
+ should == {:action => :show, :resource => :resource}
39
+ end
40
+ end
41
+
42
+ it 'should detect bindings of a description' do
43
+ {
44
+ 'show the resource in @res' =>
45
+ {:action => :show,:resource => :resource, :source => '@res'},
46
+ 'show the resource from :id' =>
47
+ {:action => :show,:resource => :resource, :source => :id},
48
+ }.each_pair do |key, value|
49
+ AnnotationSecurity::Utils.parse_description(key,true).should == value
50
+ end
51
+ end
52
+
53
+ it 'should raise an error if an unexpected binding is detected in a description' do
54
+ lambda {
55
+ AnnotationSecurity::Utils.parse_description('show the resource :id')
56
+ }.should raise_error(StandardError)
57
+ end
58
+
59
+ it 'should parse policy arguments like specified in SecurityContext.allowed?' do
60
+ obj = Object.new
61
+ def obj.__is_resource?; true; end
62
+ def obj.resource_type; :o_resource; end
63
+ {
64
+ [:show, :resource, obj] => [:show, :resource, obj],
65
+ [:show, obj] => [:show, :o_resource, obj],
66
+ ['show resource', obj] => [:show, :resource, obj],
67
+ [:show, :resource] => [:show, :resource],
68
+ [:administrate] => [:administrate, :all_resources]
69
+ }.each_pair do |key, value|
70
+ AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
71
+ end
72
+ end
73
+
74
74
  end