annotation_security 1.0.1 → 1.0.2

data/spec/annotation_security/policy/rule_spec.rb

@@ -1,78 +1,78 @@
-require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
-
-describe AnnotationSecurity::Rule do
-
-  before(:all) do
-    AnnotationSecurity.define_relations(:rule_test_res) do
-      res_dummy
-      sys_dummy(:system) { false }
-      pre_dummy :pretest
-      noc_dummy :system, :require_credential => false
-
-      res_dummy_test { has_res_dummy }
-      sys_dummy_test "if is_sys_dummy"
-    end
-  end
-
-  it 'should create valid dynamic relations' do
-    rule = AnnotationSecurity::Rule.new(:res_proc, RuleTestResPolicy) { |u,r| true }
-    rule.to_s.should == '<RuleTestResPolicy#res_proc[--du]>'
-    rule = AnnotationSecurity::Rule.new(:res, RuleTestResPolicy, :resource)
-    rule.to_s.should == '<RuleTestResPolicy#res[--du]>'
-  end
-
-  it 'should create valid static relations' do
-    rule = AnnotationSecurity::Rule.new(:sys_proc, RuleTestResPolicy, :system) { true }
-    rule.to_s.should == '<RuleTestResPolicy#sys_proc[-s-u]>'
-  end
-
-  it 'should create valid pretest relations' do
-    rule = AnnotationSecurity::Rule.new(:pre_proc, RuleTestResPolicy, :pretest) { true }
-    rule.to_s.should == '<RuleTestResPolicy#pre_proc[-sdu]>'
-  end
-
-  it 'should create valid relations without user' do
-    rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy, :require_credential => false)
-    rule.to_s.should == '<RuleTestResPolicy#no_u[--d-]>'
-    rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy,
-                              :system, :require_credential => false)
-    rule.to_s.should == '<RuleTestResPolicy#no_u[-s--]>'
-    rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy,
-                              :pretest, :require_credential => false)
-    rule.to_s.should == '<RuleTestResPolicy#no_u[-sd-]>'
-  end
-
-  it 'should create valid rights' do
-    {
-      'if res_dummy' => '-du',
-      'if sys_dummy' => 's-u',
-      'if pre_dummy' => 'sdu',
-      'if res_dummy or sys_dummy' => '-du',
-      'if res_dummy or pre_dummy' => '-du',
-      'if sys_dummy or pre_dummy' => 'sdu',
-      'if noc_dummy' => 's--',
-      'if noc_dummy or sys_dummy' => 's-u',
-      'if noc_dummy or res_dummy' => '-du',
-      'if self' => '-du',
-      'if other_right: resource_property' => '-du',
-      'true' => 's--',
-      'false or nil' => 's--'
-    }.each_pair do |condition,flags|
-      right = AnnotationSecurity::Rule.new(:right, RuleTestResPolicy, :right, condition)
-      right.flag_s.should == 'r???'
-      right.static? # trigger lazy initialization
-      right.flag_s.should == 'r'+flags
-    end
-  end
-
-  it 'should call referred rules when being executed' do
-    policy = RuleTestResPolicy.new(:user,:res)
-    
-    policy.expects(:res_dummy).returns(true)
-    policy.res_dummy_test.should be_true
-
-    policy.expects(:sys_dummy).returns(false)
-    policy.sys_dummy_test?.should be_false
-  end
-
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe AnnotationSecurity::Rule do
+
+  before(:all) do
+    AnnotationSecurity.define_relations(:rule_test_res) do
+      res_dummy
+      sys_dummy(:system) { false }
+      pre_dummy :pretest
+      noc_dummy :system, :require_credential => false
+
+      res_dummy_test { has_res_dummy }
+      sys_dummy_test "if is_sys_dummy"
+    end
+  end
+
+  it 'should create valid dynamic relations' do
+    rule = AnnotationSecurity::Rule.new(:res_proc, RuleTestResPolicy) { |u,r| true }
+    rule.to_s.should == '<RuleTestResPolicy#res_proc[--du]>'
+    rule = AnnotationSecurity::Rule.new(:res, RuleTestResPolicy, :resource)
+    rule.to_s.should == '<RuleTestResPolicy#res[--du]>'
+  end
+
+  it 'should create valid static relations' do
+    rule = AnnotationSecurity::Rule.new(:sys_proc, RuleTestResPolicy, :system) { true }
+    rule.to_s.should == '<RuleTestResPolicy#sys_proc[-s-u]>'
+  end
+
+  it 'should create valid pretest relations' do
+    rule = AnnotationSecurity::Rule.new(:pre_proc, RuleTestResPolicy, :pretest) { true }
+    rule.to_s.should == '<RuleTestResPolicy#pre_proc[-sdu]>'
+  end
+
+  it 'should create valid relations without user' do
+    rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy, :require_credential => false)
+    rule.to_s.should == '<RuleTestResPolicy#no_u[--d-]>'
+    rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy,
+                              :system, :require_credential => false)
+    rule.to_s.should == '<RuleTestResPolicy#no_u[-s--]>'
+    rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy,
+                              :pretest, :require_credential => false)
+    rule.to_s.should == '<RuleTestResPolicy#no_u[-sd-]>'
+  end
+
+  it 'should create valid rights' do
+    {
+      'if res_dummy' => '-du',
+      'if sys_dummy' => 's-u',
+      'if pre_dummy' => 'sdu',
+      'if res_dummy or sys_dummy' => '-du',
+      'if res_dummy or pre_dummy' => '-du',
+      'if sys_dummy or pre_dummy' => 'sdu',
+      'if noc_dummy' => 's--',
+      'if noc_dummy or sys_dummy' => 's-u',
+      'if noc_dummy or res_dummy' => '-du',
+      'if self' => '-du',
+      'if other_right: resource_property' => '-du',
+      'true' => 's--',
+      'false or nil' => 's--'
+    }.each_pair do |condition,flags|
+      right = AnnotationSecurity::Rule.new(:right, RuleTestResPolicy, :right, condition)
+      right.flag_s.should == 'r???'
+      right.static? # trigger lazy initialization
+      right.flag_s.should == 'r'+flags
+    end
+  end
+
+  it 'should call referred rules when being executed' do
+    policy = RuleTestResPolicy.new(:user,:res)
+    
+    policy.expects(:res_dummy).returns(true)
+    policy.res_dummy_test.should be_true
+
+    policy.expects(:sys_dummy).returns(false)
+    policy.sys_dummy_test?.should be_false
+  end
+
 end

data/spec/annotation_security/policy/test_policy_spec.rb

@@ -1,81 +1,81 @@
-require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
-
-AnnotationSecurity.define_relations(:a_test) do
-  sys_relation :system
-  res_relation :resource
-  pre_relation :pretest
-end
-
-describe ATestPolicy do
-
-  it 'should be dynamic' do
-    ATestPolicy.static?.should be_false
-  end
-
-  it 'should have a static partner' do
-    ATestPolicy.static_policy_class.should eql(ATestStaticPolicy)
-  end
-
-  it 'should know its resource type' do
-    ATestPolicy.resource_type.should eql(:a_test)
-  end
-
-  it 'should have all rules' do
-    ATestPolicy.has_rule?(:sys_relation).should be_true
-    ATestPolicy.has_rule?(:res_relation).should be_true
-    ATestPolicy.has_rule?(:pre_relation).should be_true
-  end
-
-  it 'should be aware of the evaluation time of a rule' do
-    ATestPolicy.has_dynamic_rule?(:sys_relation).should be_false
-    ATestPolicy.has_dynamic_rule?(:res_relation).should be_true
-    ATestPolicy.has_dynamic_rule?(:pre_relation).should be_true
-    
-    ATestPolicy.has_static_rule?(:sys_relation).should be_true
-    ATestPolicy.has_static_rule?(:res_relation).should be_false
-    ATestPolicy.has_static_rule?(:pre_relation).should be_true
-  end
-
-  it 'should have access to rules defined for all resources' do
-    ATestPolicy.has_rule?(:__self__).should be_true
-    ATestPolicy.has_rule?(:logged_in).should be_true
-  end
-#
-#  it 'should be possible to add rules'
-#
-#  it 'should be possible to evaluate a list of rules (static/dynamic/both)'
-
-end
-
-describe ATestStaticPolicy do
-
-  it 'should be static' do
-    ATestStaticPolicy.static?.should be_true
-  end
-
-  it 'should not have a static partner' do
-    lambda {
-      ATestStaticPolicy.static_policy_class
-    }.should raise_error(NameError)
-  end
-
-  it 'should know its resource type' do
-    ATestStaticPolicy.resource_type.should eql(:a_test)
-  end
-
-  it 'should use the rule set of the dynamic policy' do
-    ATestStaticPolicy.rule_set.should eql(ATestPolicy.rule_set)
-  end
-
-  it 'should have all static rules' do
-    ATestStaticPolicy.has_rule?(:sys_relation).should be_true
-    ATestStaticPolicy.has_rule?(:res_relation).should be_false
-    ATestStaticPolicy.has_rule?(:pre_relation).should be_true
-  end
-
-  it 'should have access to static rules defined for all resources' do
-    ATestStaticPolicy.has_rule?(:__self__).should be_false
-    ATestStaticPolicy.has_rule?(:logged_in).should be_true
-  end
-  
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+AnnotationSecurity.define_relations(:a_test) do
+  sys_relation :system
+  res_relation :resource
+  pre_relation :pretest
+end
+
+describe ATestPolicy do
+
+  it 'should be dynamic' do
+    ATestPolicy.static?.should be_false
+  end
+
+  it 'should have a static partner' do
+    ATestPolicy.static_policy_class.should eql(ATestStaticPolicy)
+  end
+
+  it 'should know its resource type' do
+    ATestPolicy.resource_type.should eql(:a_test)
+  end
+
+  it 'should have all rules' do
+    ATestPolicy.has_rule?(:sys_relation).should be_true
+    ATestPolicy.has_rule?(:res_relation).should be_true
+    ATestPolicy.has_rule?(:pre_relation).should be_true
+  end
+
+  it 'should be aware of the evaluation time of a rule' do
+    ATestPolicy.has_dynamic_rule?(:sys_relation).should be_false
+    ATestPolicy.has_dynamic_rule?(:res_relation).should be_true
+    ATestPolicy.has_dynamic_rule?(:pre_relation).should be_true
+    
+    ATestPolicy.has_static_rule?(:sys_relation).should be_true
+    ATestPolicy.has_static_rule?(:res_relation).should be_false
+    ATestPolicy.has_static_rule?(:pre_relation).should be_true
+  end
+
+  it 'should have access to rules defined for all resources' do
+    ATestPolicy.has_rule?(:__self__).should be_true
+    ATestPolicy.has_rule?(:logged_in).should be_true
+  end
+#
+#  it 'should be possible to add rules'
+#
+#  it 'should be possible to evaluate a list of rules (static/dynamic/both)'
+
+end
+
+describe ATestStaticPolicy do
+
+  it 'should be static' do
+    ATestStaticPolicy.static?.should be_true
+  end
+
+  it 'should not have a static partner' do
+    lambda {
+      ATestStaticPolicy.static_policy_class
+    }.should raise_error(NameError)
+  end
+
+  it 'should know its resource type' do
+    ATestStaticPolicy.resource_type.should eql(:a_test)
+  end
+
+  it 'should use the rule set of the dynamic policy' do
+    ATestStaticPolicy.rule_set.should eql(ATestPolicy.rule_set)
+  end
+
+  it 'should have all static rules' do
+    ATestStaticPolicy.has_rule?(:sys_relation).should be_true
+    ATestStaticPolicy.has_rule?(:res_relation).should be_false
+    ATestStaticPolicy.has_rule?(:pre_relation).should be_true
+  end
+
+  it 'should have access to static rules defined for all resources' do
+    ATestStaticPolicy.has_rule?(:__self__).should be_false
+    ATestStaticPolicy.has_rule?(:logged_in).should be_true
+  end
+  
 end

data/spec/annotation_security/security_context_spec.rb

@@ -1,78 +1,78 @@
-require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
-
-describe SecurityContext do
-
-  before(:each) do
-    @user1 = TestUser.new 'theuser'
-    @user2 = TestUser.new 'otheruser'
-  end
-
-  it "should check 'logged_in' for 'show'" do
-    request(@user1, :show, { :id => 'theuser' }).should succeed
-    request(@user2, :show, { :id => 'theuser' }).should succeed
-    request(nil, :show, { :id => 'theuser' }).should fail
-  end
-
-  it "should check 'owner' for 'edit'" do
-    request(@user1, :edit, { :id => 'theuser' }).should succeed
-    request(@user2, :edit, { :id => 'theuser' }).should fail
-  end
-
-  it "should check 'logged_in' and 'owner' for 'show_edit'" do
-    request(@user1, :show_edit, { :id => 'theuser' }).should succeed
-    request(@user2, :show_edit, { :id => 'theuser' }).should fail
-  end
-
-  it "should check 'owner' for 'delete' based on :id" do
-    request(@user1, :delete, { :id => 'theuser' }).should succeed
-    request(@user2, :delete, { :id => 'theuser' }).should fail
-  end
-
-  it "should not call action if check based on :id fails" do
-    TestController.expects(:enter_delete).never
-    request(@user2, :delete, { :id => 'theuser' }).should fail
-  end
-
-  it "should check 'owner' for 'list' based on @list" do
-    request(@user1, :list, { :id1 => 'theuser', :id2 => 'theuser' }).should succeed
-    request(@user1, :list, { :id1 => 'theuser', :id2 => 'otheruser' }).should fail
-    request(@user1, :list, { :id1 => 'otheruser', :id2 => 'theuser' }).should fail
-  end
-
-  it "should not be disturbed by calls to #render" do
-    TestController.expects(:exit_render).twice
-    request(@user1, :edit_with_render,
-            { :id1 => 'theuser', :id2 => 'theuser' }).should succeed
-    request(@user1, :edit_with_render,
-            { :id1 => 'theuser', :id2 => 'otheruser' }).should fail
-  end
-
-  it "should check rules before #render" do
-    TestController.expects(:exit_render).never
-    request(@user1, :edit_with_render,
-            { :id1 => 'otheruser', :id2 => 'theuser' }).should fail
-  end
-
-  # simulates an action invokation in rails
-  def request(user, action, params)
-    controller = TestController.new
-    controller.test_init(action, params)
-    SecurityContext.initialize(controller)
-    SecurityContext.credential = user
-    rules = controller.class.descriptions_of(action)
-    SecurityContext.current.send_with_security(rules, controller, action)
-    'no_error'
-  rescue SecurityViolationError => sve
-    sve
-  end
-
-  def succeed
-    eql 'no_error'
-  end
-
-  def fail
-    be_instance_of SecurityViolationError
-  end
-
-end
-
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe SecurityContext do
+
+  before(:each) do
+    @user1 = TestUser.new 'theuser'
+    @user2 = TestUser.new 'otheruser'
+  end
+
+  it "should check 'logged_in' for 'show'" do
+    request(@user1, :show, { :id => 'theuser' }).should succeed
+    request(@user2, :show, { :id => 'theuser' }).should succeed
+    request(nil, :show, { :id => 'theuser' }).should fail
+  end
+
+  it "should check 'owner' for 'edit'" do
+    request(@user1, :edit, { :id => 'theuser' }).should succeed
+    request(@user2, :edit, { :id => 'theuser' }).should fail
+  end
+
+  it "should check 'logged_in' and 'owner' for 'show_edit'" do
+    request(@user1, :show_edit, { :id => 'theuser' }).should succeed
+    request(@user2, :show_edit, { :id => 'theuser' }).should fail
+  end
+
+  it "should check 'owner' for 'delete' based on :id" do
+    request(@user1, :delete, { :id => 'theuser' }).should succeed
+    request(@user2, :delete, { :id => 'theuser' }).should fail
+  end
+
+  it "should not call action if check based on :id fails" do
+    TestController.expects(:enter_delete).never
+    request(@user2, :delete, { :id => 'theuser' }).should fail
+  end
+
+  it "should check 'owner' for 'list' based on @list" do
+    request(@user1, :list, { :id1 => 'theuser', :id2 => 'theuser' }).should succeed
+    request(@user1, :list, { :id1 => 'theuser', :id2 => 'otheruser' }).should fail
+    request(@user1, :list, { :id1 => 'otheruser', :id2 => 'theuser' }).should fail
+  end
+
+  it "should not be disturbed by calls to #render" do
+    TestController.expects(:exit_render).twice
+    request(@user1, :edit_with_render,
+            { :id1 => 'theuser', :id2 => 'theuser' }).should succeed
+    request(@user1, :edit_with_render,
+            { :id1 => 'theuser', :id2 => 'otheruser' }).should fail
+  end
+
+  it "should check rules before #render" do
+    TestController.expects(:exit_render).never
+    request(@user1, :edit_with_render,
+            { :id1 => 'otheruser', :id2 => 'theuser' }).should fail
+  end
+
+  # simulates an action invokation in rails
+  def request(user, action, params)
+    controller = TestController.new
+    controller.test_init(action, params)
+    SecurityContext.initialize(controller)
+    SecurityContext.credential = user
+    rules = controller.class.descriptions_of(action)
+    SecurityContext.current.send_with_security(rules, controller, action)
+    'no_error'
+  rescue SecurityViolationError => sve
+    sve
+  end
+
+  def succeed
+    eql 'no_error'
+  end
+
+  def fail
+    be_instance_of SecurityViolationError
+  end
+
+end
+

data/spec/annotation_security/utils_spec.rb

@@ -1,74 +1,74 @@
-require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
-
-describe AnnotationSecurity::Utils do
-
-  it 'should remove prefixes of the method body' do
-    %w{may_rule is_rule can_rule has_rule}.each do |method|
-      AnnotationSecurity::Utils.method_body(method).should eql('rule')
-    end
-  end
-
-  it 'should remove suffixes of the method body' do
-    %w{rule_for rule_of rule_in rule_to rule?}.each do |method|
-      AnnotationSecurity::Utils.method_body(method).should eql('rule')
-    end
-  end
-
-  it 'should return nil if the method body is clean' do
-    AnnotationSecurity::Utils.method_body('rule').should be_nil
-  end
-
-  it 'should ignore prefixes and suffixes without underscore in method body' do
-    %w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
-      AnnotationSecurity::Utils.method_body(method).should eql(nil)
-    end
-  end
-
-  it 'should remove only prefix or suffix from the method body at a time' do
-    AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
-    AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
-    AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
-  end
-
-  it 'should parse descriptions without bindings correctly' do
-    ['show a resource', 'show with some text ignored a resource',
-     'show pluralized resources', '(ignoring comments) show a resource',
-     'show a resource (with comment at the end)'].each do |s|
-      AnnotationSecurity::Utils.parse_description(s).
-        should == {:action => :show, :resource => :resource}
-    end
-  end
-
-  it 'should detect bindings of a description' do
-    {
-      'show the resource in @res' => 
-        {:action => :show,:resource => :resource, :source => '@res'},
-      'show the resource from :id' =>
-        {:action => :show,:resource => :resource, :source => :id},
-    }.each_pair do |key, value|
-      AnnotationSecurity::Utils.parse_description(key,true).should == value
-    end
-  end
-
-  it 'should raise an error if an unexpected binding is detected in a description' do
-    lambda {
-      AnnotationSecurity::Utils.parse_description('show the resource :id')
-    }.should raise_error(StandardError)
-  end
-
-  it 'should parse policy arguments like specified in SecurityContext.allowed?' do
-    obj = Object.new
-    def obj.__is_resource?; true; end
-    def obj.resource_type; :o_resource; end
-    {
-      [:show, :resource, obj] => [:show, :resource, obj],
-      [:show, obj] => [:show, :o_resource, obj],
-      ['show resource', obj] => [:show, :resource, obj],
-      [:show, :resource] => [:show, :resource],
-      [:administrate] => [:administrate, :all_resources]
-    }.each_pair do |key, value|
-      AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
-    end
-  end
-
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe AnnotationSecurity::Utils do
+
+  it 'should remove prefixes of the method body' do
+    %w{may_rule is_rule can_rule has_rule}.each do |method|
+      AnnotationSecurity::Utils.method_body(method).should eql('rule')
+    end
+  end
+
+  it 'should remove suffixes of the method body' do
+    %w{rule_for rule_of rule_in rule_to rule?}.each do |method|
+      AnnotationSecurity::Utils.method_body(method).should eql('rule')
+    end
+  end
+
+  it 'should return nil if the method body is clean' do
+    AnnotationSecurity::Utils.method_body('rule').should be_nil
+  end
+
+  it 'should ignore prefixes and suffixes without underscore in method body' do
+    %w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
+      AnnotationSecurity::Utils.method_body(method).should eql(nil)
+    end
+  end
+
+  it 'should remove only prefix or suffix from the method body at a time' do
+    AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
+    AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
+    AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
+  end
+
+  it 'should parse descriptions without bindings correctly' do
+    ['show a resource', 'show with some text ignored a resource',
+     'show pluralized resources', '(ignoring comments) show a resource',
+     'show a resource (with comment at the end)'].each do |s|
+      AnnotationSecurity::Utils.parse_description(s).
+        should == {:action => :show, :resource => :resource}
+    end
+  end
+
+  it 'should detect bindings of a description' do
+    {
+      'show the resource in @res' => 
+        {:action => :show,:resource => :resource, :source => '@res'},
+      'show the resource from :id' =>
+        {:action => :show,:resource => :resource, :source => :id},
+    }.each_pair do |key, value|
+      AnnotationSecurity::Utils.parse_description(key,true).should == value
+    end
+  end
+
+  it 'should raise an error if an unexpected binding is detected in a description' do
+    lambda {
+      AnnotationSecurity::Utils.parse_description('show the resource :id')
+    }.should raise_error(StandardError)
+  end
+
+  it 'should parse policy arguments like specified in SecurityContext.allowed?' do
+    obj = Object.new
+    def obj.__is_resource?; true; end
+    def obj.resource_type; :o_resource; end
+    {
+      [:show, :resource, obj] => [:show, :resource, obj],
+      [:show, obj] => [:show, :o_resource, obj],
+      ['show resource', obj] => [:show, :resource, obj],
+      [:show, :resource] => [:show, :resource],
+      [:administrate] => [:administrate, :all_resources]
+    }.each_pair do |key, value|
+      AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
+    end
+  end
+
 end