annotation_security 1.0.1

data/spec/annotation_security/policy/abstract_policy_spec.rb

@@ -0,0 +1,17 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe AnnotationSecurity::AbstractPolicy do
+  # For more tests see test_policy_spec.rb
+
+  it 'should create a subclass for a resource type' do
+    klass = AnnotationSecurity::AbstractPolicy.new_subclass(:abs_policy_test)
+    (defined? AbsPolicyTestPolicy).should_not be_nil
+    klass.should eql(AbsPolicyTestPolicy)
+    klass.static?.should be_false
+
+    (defined? AbsPolicyTestStaticPolicy).should_not be_nil
+    klass.static_policy_class.should eql(AbsPolicyTestStaticPolicy)
+    klass.static_policy_class.static?.should be_true
+  end
+
+end

data/spec/annotation_security/policy/all_resources_policy_spec.rb

@@ -0,0 +1,24 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe AllResourcesPolicy do
+
+  it 'should provide :__self__ relation' do
+    user = TestUser.new
+    user2 = TestUser.new
+    policy = AllResourcesPolicy.new(user)
+    policy.with_resource(user).__self__?.should be_true
+    policy.with_resource(user.as_one_role).__self__?.should be_true
+    policy.with_resource(user2).__self__?.should be_false
+  end
+
+  it 'should provide :logged_in relation' do
+    AllResourcesPolicy.new(TestUser.new).logged_in?.should be_true
+    AllResourcesPolicy.new(nil).logged_in?.should be_false
+
+    AllResourcesPolicy.has_static_rule?(:logged_in).should be_true
+    AllResourcesPolicy.has_dynamic_rule?(:logged_in).should be_false
+    rule = AllResourcesPolicy.rule_set.get_static_rule(:logged_in)
+    rule.requires_credential?.should be_false
+  end
+
+end

data/spec/annotation_security/policy/rule_set_spec.rb

@@ -0,0 +1,112 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe AnnotationSecurity::RuleSet do
+
+  before(:all) do
+    AnnotationSecurity.define_relations(:rule_set_test,:rule_set_test2) do
+      sys_relation :system, "true"
+      res_relation :resource, "true"
+      pre_relation :pretest, "true"
+    end
+    # This rule set is not to be modified during the tests!
+    @rule_set2 = RuleSetTest2Policy.rule_set
+  end
+
+  before(:each) do
+    # Use a fresh rule set for each test.
+    # This will break some functions of RuleSet,
+    # in these cases @rule_set2 is used for testing.
+    @rule_set = AnnotationSecurity::RuleSet.new(RuleSetTestPolicy)
+  end
+
+  it 'should have a self explaining name' do
+    @rule_set.to_s.should eql('<RuleSet of RuleSetTestPolicy>')
+  end
+
+  it 'should manage static relations' do
+    rule = @rule_set.add_rule(:sys_relation, :system) { true }
+    rule.should be_instance_of(AnnotationSecurity::Rule)
+    @rule_set.get_rule(:sys_relation, true).should eql(rule)
+    @rule_set.get_rule(:sys_relation, false).should be_nil
+  end
+
+  it 'should manage dynamic relations' do
+    rule = @rule_set.add_rule(:res_relation, :resource) { true }
+    rule.should be_instance_of(AnnotationSecurity::Rule)
+    @rule_set.get_rule(:res_relation, false).should eql(rule)
+    @rule_set.get_rule(:res_relation, true).should be_nil
+  end
+
+  it 'should manage pretest relations' do
+    rule = @rule_set.add_rule(:pre_relation, :pretest) { true }
+    rule.should be_instance_of(AnnotationSecurity::Rule)
+    @rule_set.get_rule(:pre_relation, true).should eql(rule)
+    @rule_set.get_rule(:pre_relation, false).should eql(rule)
+  end
+
+  it 'should manage dynamic rights' do
+    rule = @rule_set.add_rule(:res_right, :right, "if res_relation")
+    rule.should be_instance_of(AnnotationSecurity::Rule)
+    @rule_set.get_rule(:res_right,false).should eql(rule)
+    @rule_set.get_rule(:res_right,true).should be_nil
+  end
+
+  it 'should manage static rights' do
+    rule = @rule_set.add_rule(:sys_right, :right, "if sys_relation")
+    rule.should be_instance_of(AnnotationSecurity::Rule)
+    @rule_set.get_rule(:sys_right,true).should eql(rule)
+    @rule_set.get_rule(:sys_right,false).should be_nil
+  end
+
+  it 'should manage pretest rights' do
+    rule = @rule_set.add_rule(:pre_right, :right, "if pre_relation")
+    rule.should be_instance_of(AnnotationSecurity::Rule)
+    @rule_set.get_rule(:pre_right,true).should eql(rule)
+    @rule_set.get_rule(:pre_right,false).should eql(rule)
+  end
+
+  it 'should be able to copy dynamic rules from other rule sets' do
+    rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, false)
+    rule.should be_instance_of(AnnotationSecurity::Rule)
+    @rule_set.get_rule(:res_relation, false).should eql(rule)
+    @rule_set2.get_rule(:res_relation, false).should_not eql(rule)
+  end
+
+  it 'should not create dynamic copies of static rules from other rule sets' do
+    rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, false)
+    rule.should be_nil
+  end
+
+  it 'should be able to copy static rules from other rule sets' do
+    rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, true)
+    rule.should be_instance_of(AnnotationSecurity::Rule)
+    @rule_set.get_rule(:sys_relation, true).should eql(rule)
+    @rule_set2.get_rule(:sys_relation, true).should_not eql(rule)
+  end
+
+  it 'should not create static copies of dynamic rules from other rule sets' do
+    rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, true)
+    rule.should be_nil
+  end
+
+  it 'should not allow rules with forbidden names' do
+    lambda {
+      @rule_set.add_rule(:get_rule) {  }
+    }.should raise_error(AnnotationSecurity::RuleError)
+  end
+
+  it 'should not allow rules to be defined twice' do
+    @rule_set.add_rule(:test_rule) {  }
+    lambda {
+      @rule_set.add_rule(:test_rule) {  }
+    }.should raise_error(AnnotationSecurity::RuleError)
+  end
+
+  it 'should allow rules to be defined both statically and dynamically' do
+    r1 = @rule_set.add_rule(:test_rule, :system) {  }
+    r2 = @rule_set.add_rule(:test_rule, :resource) {  }
+    @rule_set.get_rule(:test_rule,true).should eql(r1)
+    @rule_set.get_rule(:test_rule,false).should eql(r2)
+  end
+
+end

data/spec/annotation_security/policy/rule_spec.rb

@@ -0,0 +1,78 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+describe AnnotationSecurity::Rule do
+
+  before(:all) do
+    AnnotationSecurity.define_relations(:rule_test_res) do
+      res_dummy
+      sys_dummy(:system) { false }
+      pre_dummy :pretest
+      noc_dummy :system, :require_credential => false
+
+      res_dummy_test { has_res_dummy }
+      sys_dummy_test "if is_sys_dummy"
+    end
+  end
+
+  it 'should create valid dynamic relations' do
+    rule = AnnotationSecurity::Rule.new(:res_proc, RuleTestResPolicy) { |u,r| true }
+    rule.to_s.should == '<RuleTestResPolicy#res_proc[--du]>'
+    rule = AnnotationSecurity::Rule.new(:res, RuleTestResPolicy, :resource)
+    rule.to_s.should == '<RuleTestResPolicy#res[--du]>'
+  end
+
+  it 'should create valid static relations' do
+    rule = AnnotationSecurity::Rule.new(:sys_proc, RuleTestResPolicy, :system) { true }
+    rule.to_s.should == '<RuleTestResPolicy#sys_proc[-s-u]>'
+  end
+
+  it 'should create valid pretest relations' do
+    rule = AnnotationSecurity::Rule.new(:pre_proc, RuleTestResPolicy, :pretest) { true }
+    rule.to_s.should == '<RuleTestResPolicy#pre_proc[-sdu]>'
+  end
+
+  it 'should create valid relations without user' do
+    rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy, :require_credential => false)
+    rule.to_s.should == '<RuleTestResPolicy#no_u[--d-]>'
+    rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy,
+                              :system, :require_credential => false)
+    rule.to_s.should == '<RuleTestResPolicy#no_u[-s--]>'
+    rule = AnnotationSecurity::Rule.new(:no_u, RuleTestResPolicy,
+                              :pretest, :require_credential => false)
+    rule.to_s.should == '<RuleTestResPolicy#no_u[-sd-]>'
+  end
+
+  it 'should create valid rights' do
+    {
+      'if res_dummy' => '-du',
+      'if sys_dummy' => 's-u',
+      'if pre_dummy' => 'sdu',
+      'if res_dummy or sys_dummy' => '-du',
+      'if res_dummy or pre_dummy' => '-du',
+      'if sys_dummy or pre_dummy' => 'sdu',
+      'if noc_dummy' => 's--',
+      'if noc_dummy or sys_dummy' => 's-u',
+      'if noc_dummy or res_dummy' => '-du',
+      'if self' => '-du',
+      'if other_right: resource_property' => '-du',
+      'true' => 's--',
+      'false or nil' => 's--'
+    }.each_pair do |condition,flags|
+      right = AnnotationSecurity::Rule.new(:right, RuleTestResPolicy, :right, condition)
+      right.flag_s.should == 'r???'
+      right.static? # trigger lazy initialization
+      right.flag_s.should == 'r'+flags
+    end
+  end
+
+  it 'should call referred rules when being executed' do
+    policy = RuleTestResPolicy.new(:user,:res)
+    
+    policy.expects(:res_dummy).returns(true)
+    policy.res_dummy_test.should be_true
+
+    policy.expects(:sys_dummy).returns(false)
+    policy.sys_dummy_test?.should be_false
+  end
+
+end

data/spec/annotation_security/policy/test_policy_spec.rb

@@ -0,0 +1,81 @@
+require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
+
+AnnotationSecurity.define_relations(:a_test) do
+  sys_relation :system
+  res_relation :resource
+  pre_relation :pretest
+end
+
+describe ATestPolicy do
+
+  it 'should be dynamic' do
+    ATestPolicy.static?.should be_false
+  end
+
+  it 'should have a static partner' do
+    ATestPolicy.static_policy_class.should eql(ATestStaticPolicy)
+  end
+
+  it 'should know its resource type' do
+    ATestPolicy.resource_type.should eql(:a_test)
+  end
+
+  it 'should have all rules' do
+    ATestPolicy.has_rule?(:sys_relation).should be_true
+    ATestPolicy.has_rule?(:res_relation).should be_true
+    ATestPolicy.has_rule?(:pre_relation).should be_true
+  end
+
+  it 'should be aware of the evaluation time of a rule' do
+    ATestPolicy.has_dynamic_rule?(:sys_relation).should be_false
+    ATestPolicy.has_dynamic_rule?(:res_relation).should be_true
+    ATestPolicy.has_dynamic_rule?(:pre_relation).should be_true
+    
+    ATestPolicy.has_static_rule?(:sys_relation).should be_true
+    ATestPolicy.has_static_rule?(:res_relation).should be_false
+    ATestPolicy.has_static_rule?(:pre_relation).should be_true
+  end
+
+  it 'should have access to rules defined for all resources' do
+    ATestPolicy.has_rule?(:__self__).should be_true
+    ATestPolicy.has_rule?(:logged_in).should be_true
+  end
+#
+#  it 'should be possible to add rules'
+#
+#  it 'should be possible to evaluate a list of rules (static/dynamic/both)'
+
+end
+
+describe ATestStaticPolicy do
+
+  it 'should be static' do
+    ATestStaticPolicy.static?.should be_true
+  end
+
+  it 'should not have a static partner' do
+    lambda {
+      ATestStaticPolicy.static_policy_class
+    }.should raise_error(NameError)
+  end
+
+  it 'should know its resource type' do
+    ATestStaticPolicy.resource_type.should eql(:a_test)
+  end
+
+  it 'should use the rule set of the dynamic policy' do
+    ATestStaticPolicy.rule_set.should eql(ATestPolicy.rule_set)
+  end
+
+  it 'should have all static rules' do
+    ATestStaticPolicy.has_rule?(:sys_relation).should be_true
+    ATestStaticPolicy.has_rule?(:res_relation).should be_false
+    ATestStaticPolicy.has_rule?(:pre_relation).should be_true
+  end
+
+  it 'should have access to static rules defined for all resources' do
+    ATestStaticPolicy.has_rule?(:__self__).should be_false
+    ATestStaticPolicy.has_rule?(:logged_in).should be_true
+  end
+  
+end

data/spec/annotation_security/security_context_spec.rb

@@ -0,0 +1,78 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe SecurityContext do
+
+  before(:each) do
+    @user1 = TestUser.new 'theuser'
+    @user2 = TestUser.new 'otheruser'
+  end
+
+  it "should check 'logged_in' for 'show'" do
+    request(@user1, :show, { :id => 'theuser' }).should succeed
+    request(@user2, :show, { :id => 'theuser' }).should succeed
+    request(nil, :show, { :id => 'theuser' }).should fail
+  end
+
+  it "should check 'owner' for 'edit'" do
+    request(@user1, :edit, { :id => 'theuser' }).should succeed
+    request(@user2, :edit, { :id => 'theuser' }).should fail
+  end
+
+  it "should check 'logged_in' and 'owner' for 'show_edit'" do
+    request(@user1, :show_edit, { :id => 'theuser' }).should succeed
+    request(@user2, :show_edit, { :id => 'theuser' }).should fail
+  end
+
+  it "should check 'owner' for 'delete' based on :id" do
+    request(@user1, :delete, { :id => 'theuser' }).should succeed
+    request(@user2, :delete, { :id => 'theuser' }).should fail
+  end
+
+  it "should not call action if check based on :id fails" do
+    TestController.expects(:enter_delete).never
+    request(@user2, :delete, { :id => 'theuser' }).should fail
+  end
+
+  it "should check 'owner' for 'list' based on @list" do
+    request(@user1, :list, { :id1 => 'theuser', :id2 => 'theuser' }).should succeed
+    request(@user1, :list, { :id1 => 'theuser', :id2 => 'otheruser' }).should fail
+    request(@user1, :list, { :id1 => 'otheruser', :id2 => 'theuser' }).should fail
+  end
+
+  it "should not be disturbed by calls to #render" do
+    TestController.expects(:exit_render).twice
+    request(@user1, :edit_with_render,
+            { :id1 => 'theuser', :id2 => 'theuser' }).should succeed
+    request(@user1, :edit_with_render,
+            { :id1 => 'theuser', :id2 => 'otheruser' }).should fail
+  end
+
+  it "should check rules before #render" do
+    TestController.expects(:exit_render).never
+    request(@user1, :edit_with_render,
+            { :id1 => 'otheruser', :id2 => 'theuser' }).should fail
+  end
+
+  # simulates an action invokation in rails
+  def request(user, action, params)
+    controller = TestController.new
+    controller.test_init(action, params)
+    SecurityContext.initialize(controller)
+    SecurityContext.credential = user
+    rules = controller.class.descriptions_of(action)
+    SecurityContext.current.send_with_security(rules, controller, action)
+    'no_error'
+  rescue SecurityViolationError => sve
+    sve
+  end
+
+  def succeed
+    eql 'no_error'
+  end
+
+  def fail
+    be_instance_of SecurityViolationError
+  end
+
+end
+

data/spec/annotation_security/utils_spec.rb

@@ -0,0 +1,74 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe AnnotationSecurity::Utils do
+
+  it 'should remove prefixes of the method body' do
+    %w{may_rule is_rule can_rule has_rule}.each do |method|
+      AnnotationSecurity::Utils.method_body(method).should eql('rule')
+    end
+  end
+
+  it 'should remove suffixes of the method body' do
+    %w{rule_for rule_of rule_in rule_to rule?}.each do |method|
+      AnnotationSecurity::Utils.method_body(method).should eql('rule')
+    end
+  end
+
+  it 'should return nil if the method body is clean' do
+    AnnotationSecurity::Utils.method_body('rule').should be_nil
+  end
+
+  it 'should ignore prefixes and suffixes without underscore in method body' do
+    %w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
+      AnnotationSecurity::Utils.method_body(method).should eql(nil)
+    end
+  end
+
+  it 'should remove only prefix or suffix from the method body at a time' do
+    AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
+    AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
+    AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
+  end
+
+  it 'should parse descriptions without bindings correctly' do
+    ['show a resource', 'show with some text ignored a resource',
+     'show pluralized resources', '(ignoring comments) show a resource',
+     'show a resource (with comment at the end)'].each do |s|
+      AnnotationSecurity::Utils.parse_description(s).
+        should == {:action => :show, :resource => :resource}
+    end
+  end
+
+  it 'should detect bindings of a description' do
+    {
+      'show the resource in @res' => 
+        {:action => :show,:resource => :resource, :source => '@res'},
+      'show the resource from :id' =>
+        {:action => :show,:resource => :resource, :source => :id},
+    }.each_pair do |key, value|
+      AnnotationSecurity::Utils.parse_description(key,true).should == value
+    end
+  end
+
+  it 'should raise an error if an unexpected binding is detected in a description' do
+    lambda {
+      AnnotationSecurity::Utils.parse_description('show the resource :id')
+    }.should raise_error(StandardError)
+  end
+
+  it 'should parse policy arguments like specified in SecurityContext.allowed?' do
+    obj = Object.new
+    def obj.__is_resource?; true; end
+    def obj.resource_type; :o_resource; end
+    {
+      [:show, :resource, obj] => [:show, :resource, obj],
+      [:show, obj] => [:show, :o_resource, obj],
+      ['show resource', obj] => [:show, :resource, obj],
+      [:show, :resource] => [:show, :resource],
+      [:administrate] => [:administrate, :all_resources]
+    }.each_pair do |key, value|
+      AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
+    end
+  end
+
+end

data/spec/helper/test_controller.rb

@@ -0,0 +1,66 @@
+class TestController < ActionController::Base
+
+  describe :show, 'shows a test_resource'
+  describe :edit, 'edit some test_resources'
+  describe :show_edit, 'shows a test_resource', 'edits a test_resource'
+  describe :edit_with_render, 'edits the test_resource in @resource'
+  describe :delete, 'delete test_resource by :id'
+  describe :list, 'list all test_resources in @list'
+
+
+  def test_init(action, params)
+    @action = action
+    @params = params
+  end
+
+  def action_name
+    @action
+  end
+
+  def params
+    @params
+  end
+
+  def show
+    @resource = TestResource.find params[:id]
+  end
+
+  def edit
+    @resource = TestResource.find params[:id]
+  end
+
+  def show_edit
+    @resource = TestResource.find params[:id]
+  end
+
+  def edit_with_render
+    @resource = TestResource.find params[:id1]
+    render 'view'
+    @resource = TestResource.find params[:id2]
+  end
+
+  def delete
+    self.class.enter_delete
+    @resource = TestResource.find params[:id]
+  end
+
+  def list
+    r1 = TestResource.find params[:id1]
+    r2 = TestResource.find params[:id2]
+    @list = [r1, r2]
+  end
+
+  def render(*args)
+    super(*args)
+    self.class.exit_render
+  end
+
+  # callbacks used for mocking
+  
+  def self.enter_delete
+  end
+
+  def self.exit_render
+  end
+
+end

data/spec/helper/test_helper.rb

@@ -0,0 +1,5 @@
+class TestHelper
+
+  include AnnotationSecurity::Helper
+
+end

data/spec/helper/test_relations.rb

@@ -0,0 +1,7 @@
+AnnotationSecurity.define_relations(:test_resource) do
+
+  owner do |user, res|
+    user.name == res.name
+  end
+
+end

data/spec/helper/test_resource.rb

@@ -0,0 +1,39 @@
+class TestResource
+
+  include AnnotationSecurity::Resource
+
+  self.resource_type = :test_resource
+
+  def self.find(arg)
+    obj = new arg
+
+    # normally, this is done by a model observer
+    SecurityContext.observe obj
+
+    obj
+  end
+
+  def self.get_resource(arg)
+    return nil if arg.nil?
+    return arg if arg.is_a? self
+    new arg
+  end
+
+  def initialize(name = "")
+    @name = name
+  end
+
+  def name
+    @name
+  end
+
+  def ==(other)
+    return false unless other.is_a? self.class
+    name == other.name
+  end
+
+  def to_s
+    "<TestResource:#{name}>"
+  end
+
+end

data/spec/helper/test_rights.yml

@@ -0,0 +1,5 @@
+test_resource:
+  show: if logged_in
+  edit: if owner
+  delete: if may_edit
+  list: if owner

data/spec/helper/test_role.rb

@@ -0,0 +1,22 @@
+class TestRole
+
+  include AnnotationSecurity::Role
+
+  def initialize(name,user)
+    @name = name
+    @user = user
+  end
+
+  def role_name
+    @name
+  end
+
+  def name
+    role_name
+  end
+
+  def user
+    @user
+  end
+
+end

data/spec/helper/test_user.rb

@@ -0,0 +1,32 @@
+class TestUser
+
+  include AnnotationSecurity::User
+
+  def initialize(name='user_name')
+    @name = name
+    @one_role = TestRole.new(:one,self)
+    @many_roles = [
+        TestRole.new(:a,self), TestRole.new(:b,self), TestRole.new(:c,self)]
+  end
+
+  def user_name
+    @name
+  end
+
+  def name
+    user_name
+  end
+
+  def as_one_role
+    @one_role
+  end
+
+  def as_many_roles
+    @many_roles
+  end
+
+  def to_s
+    "<TestUser:#{name}>"
+  end
+
+end

data/spec/rails_stub.rb

@@ -0,0 +1,38 @@
+# AnnoationSecurity requires rails.
+# Here are some stubs to simulate a rails environment for testing.
+#
+
+RAILS_ROOT = ''
+RAILS_ENV = {}
+
+class ConfigStub
+  def config
+    self
+  end
+end
+
+module ActiveRecord
+  class Observer
+    def self.observe(*args)
+    end
+  end
+end
+
+module ActionController
+  class Base
+    def render(*args)
+    end
+    def redirect_to(*args)
+    end
+  end
+  module Routing
+    class Routes
+    end
+  end
+  module Filters
+    class Filter
+    end
+    class AroundFilter < Filter
+    end
+  end
+end