annotation_security 1.0.2 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. data/CHANGELOG +22 -0
  2. data/HOW-TO +261 -0
  3. data/{LICENSE → MIT-LICENSE} +1 -1
  4. data/README +39 -0
  5. data/Rakefile +53 -62
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +14 -14
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security.rb +94 -103
  12. data/lib/annotation_security/exceptions.rb +124 -124
  13. data/lib/annotation_security/exec.rb +188 -188
  14. data/lib/annotation_security/includes/helper.rb +215 -215
  15. data/lib/annotation_security/includes/resource.rb +84 -84
  16. data/lib/annotation_security/includes/role.rb +30 -30
  17. data/lib/annotation_security/includes/user.rb +26 -26
  18. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  19. data/lib/annotation_security/manager/policy_manager.rb +87 -79
  20. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  21. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  22. data/lib/annotation_security/manager/right_loader.rb +87 -87
  23. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  24. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  25. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  26. data/lib/annotation_security/policy/rule.rb +340 -340
  27. data/lib/annotation_security/policy/rule_set.rb +138 -138
  28. data/lib/annotation_security/rails.rb +22 -39
  29. data/lib/{extensions → annotation_security/rails/2/extensions}/filter.rb +131 -133
  30. data/lib/annotation_security/rails/2/includes/action_controller.rb +144 -0
  31. data/lib/annotation_security/rails/2/includes/active_record.rb +28 -0
  32. data/lib/annotation_security/rails/2/initializer.rb +35 -0
  33. data/lib/annotation_security/{model_observer.rb → rails/2/model_observer.rb} +61 -61
  34. data/lib/annotation_security/rails/3/extensions/filter.rb +28 -0
  35. data/lib/annotation_security/{includes → rails/3/includes}/action_controller.rb +143 -144
  36. data/lib/annotation_security/{includes → rails/3/includes}/active_record.rb +27 -27
  37. data/lib/annotation_security/rails/3/initializer.rb +40 -0
  38. data/lib/annotation_security/rails/3/model_observer.rb +61 -0
  39. data/lib/annotation_security/rails/extensions.rb +21 -0
  40. data/lib/{extensions → annotation_security/rails/extensions}/action_controller.rb +31 -32
  41. data/lib/{extensions → annotation_security/rails/extensions}/active_record.rb +33 -34
  42. data/lib/{extensions → annotation_security/rails/extensions}/object.rb +10 -10
  43. data/lib/annotation_security/{filters.rb → rails/filters.rb} +37 -37
  44. data/lib/annotation_security/user_wrapper.rb +73 -73
  45. data/lib/annotation_security/utils.rb +141 -141
  46. data/lib/security_context.rb +588 -589
  47. data/spec/annotation_security/exceptions_spec.rb +16 -16
  48. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  49. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  50. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  51. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  52. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  53. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  54. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  55. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  56. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  57. data/spec/annotation_security/security_context_spec.rb +129 -78
  58. data/spec/annotation_security/utils_spec.rb +73 -73
  59. data/spec/helper/test_controller.rb +65 -65
  60. data/spec/helper/test_helper.rb +5 -5
  61. data/spec/helper/test_relations.rb +6 -6
  62. data/spec/helper/test_resource.rb +38 -38
  63. data/spec/helper/test_role.rb +21 -21
  64. data/spec/helper/test_user.rb +31 -31
  65. data/spec/rails_stub.rb +44 -37
  66. metadata +110 -96
  67. data/CHANGELOG.md +0 -14
  68. data/HOW-TO.md +0 -275
  69. data/README.md +0 -39
  70. data/lib/annotation_security/version.rb +0 -10
@@ -1,17 +1,17 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
-
3
- describe AnnotationSecurity::RuleExecutionError do
4
-
5
- before(:all) do
6
- AnnotationSecurity.define_relations(:rule_ex_error_test) do
7
- broken_relation { 1/0 }
8
- end
9
- end
10
-
11
- it 'should be raised if a relation throws an error' do
12
- lambda {
13
- RuleExErrorTestPolicy.new(:user,:res).broken_relation?
14
- }.should raise_error(AnnotationSecurity::RuleExecutionError)
15
- end
16
-
1
+ require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
2
+
3
+ describe AnnotationSecurity::RuleExecutionError do
4
+
5
+ before(:all) do
6
+ AnnotationSecurity.define_relations(:rule_ex_error_test) do
7
+ broken_relation { 1/0 }
8
+ end
9
+ end
10
+
11
+ it 'should be raised if a relation throws an error' do
12
+ lambda {
13
+ RuleExErrorTestPolicy.new(:user,:res).broken_relation?
14
+ }.should raise_error(AnnotationSecurity::RuleExecutionError)
15
+ end
16
+
17
17
  end
@@ -1,82 +1,82 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
-
3
- describe AnnotationSecurity::Helper do
4
-
5
- before(:each) do
6
- SecurityContext.initialize(TestController.new)
7
- SecurityContext.credential = TestUser.new 'theuser'
8
- @helper = TestHelper.new
9
- @res = TestResource.new 'theuser'
10
- end
11
-
12
- it "should understand options hash" do
13
- options = { :action => :edit, :controller => :test, :id => @res }
14
- expect(:test, :edit, [], {:id => @res})
15
- @helper.action_allowed?(options).should be_true
16
- end
17
-
18
- it "should understand path strings" do
19
- path = 'test/theuser/edit'
20
- with_path_info path
21
- expect :test, :edit, [], {:id => 'theuser'}
22
- @helper.action_allowed?(path).should be_true
23
- end
24
-
25
- it "should understand resource objects" do
26
- with_path_info 'test/theuser', :get, {:action => :show}
27
- expect :test, :show, [], {:id => 'theuser'}
28
- @helper.expects(:url_for).with(@res).returns('test/theuser')
29
- @helper.action_allowed?(@res).should be_true
30
- end
31
-
32
- it "should take html options into account" do
33
- with_path_info 'test/theuser', :delete, {:action => :destroy}
34
- expect :test, :destroy, [], {:id => 'theuser'}
35
- @helper.expects(:url_for).with(@res).returns('test/theuser')
36
- @helper.action_allowed?(@res, { :method => :delete}).should be_true
37
- end
38
-
39
- it "should call named routes" do
40
- with_path_info 'test/theuser/edit'
41
- expect :test, :edit, [@res], {}
42
- @helper.expects(:edit_test_path).with(@res, {}).returns('test/theuser/edit')
43
- @helper.action_allowed?(:edit_test_path, @res).should be_true
44
- end
45
-
46
- it "should support defining all parameters explicitly" do
47
- expect :test, :edit, [@res], {:option => true}
48
- params = { :action => :edit, :controller => :test, :option => true }
49
- @helper.action_allowed?('path/to/something', @res, params).should be_true
50
- end
51
-
52
- it "should create links if allowed" do
53
- options = { :action => :edit, :controller => :test, :id => @res }
54
- expect(:test, :edit, [], {:id => @res})
55
- @helper.expects(:link_to_if).with(true, "Edit", options, {}).returns("<a>success</a>")
56
- @helper.link_to_if_allowed("Edit", options){'no access'}.should == "<a>success</a>"
57
- end
58
-
59
- it "should not create links if forbidden" do
60
- options = { :action => :edit, :controller => :test, :id => @res }
61
- expect(:test, :edit, [], {:id => @res}, false)
62
- @helper.expects(:link_to_if).with(false, "Edit", options, {}).returns("no access")
63
- @helper.link_to_if_allowed("Edit", options){"no access"}.should == "no access"
64
- end
65
-
66
- def expect(ctrl, action, obj, param, result=true)
67
- SecurityContext.expects(:allow_action?).with(ctrl, action, obj, param).returns(result)
68
- end
69
-
70
- # prepares #recognize_path to resolve the request path
71
- def with_path_info(path, env = nil, result={})
72
- env = { :method => env } if env.is_a? Symbol
73
- env ||= { :method => :get }
74
- parts = path.split('/')
75
- result[:controller] ||= parts.first.to_sym
76
- result[:id] ||= parts.second
77
- result[:action] ||= parts.third.to_sym
78
- ActionController::Routing::Routes.expects(:recognize_path).with(path, env).returns(result)
79
- end
80
-
81
- end
82
-
1
+ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
+
3
+ describe AnnotationSecurity::Helper do
4
+
5
+ before(:each) do
6
+ SecurityContext.initialize(TestController.new)
7
+ SecurityContext.credential = TestUser.new 'theuser'
8
+ @helper = TestHelper.new
9
+ @res = TestResource.new 'theuser'
10
+ end
11
+
12
+ it "should understand options hash" do
13
+ options = { :action => :edit, :controller => :test, :id => @res }
14
+ expect(:test, :edit, [], {:id => @res})
15
+ @helper.action_allowed?(options).should be_true
16
+ end
17
+
18
+ it "should understand path strings" do
19
+ path = 'test/theuser/edit'
20
+ with_path_info path
21
+ expect :test, :edit, [], {:id => 'theuser'}
22
+ @helper.action_allowed?(path).should be_true
23
+ end
24
+
25
+ it "should understand resource objects" do
26
+ with_path_info 'test/theuser', :get, {:action => :show}
27
+ expect :test, :show, [], {:id => 'theuser'}
28
+ @helper.expects(:url_for).with(@res).returns('test/theuser')
29
+ @helper.action_allowed?(@res).should be_true
30
+ end
31
+
32
+ it "should take html options into account" do
33
+ with_path_info 'test/theuser', :delete, {:action => :destroy}
34
+ expect :test, :destroy, [], {:id => 'theuser'}
35
+ @helper.expects(:url_for).with(@res).returns('test/theuser')
36
+ @helper.action_allowed?(@res, { :method => :delete}).should be_true
37
+ end
38
+
39
+ it "should call named routes" do
40
+ with_path_info 'test/theuser/edit'
41
+ expect :test, :edit, [@res], {}
42
+ @helper.expects(:edit_test_path).with(@res, {}).returns('test/theuser/edit')
43
+ @helper.action_allowed?(:edit_test_path, @res).should be_true
44
+ end
45
+
46
+ it "should support defining all parameters explicitly" do
47
+ expect :test, :edit, [@res], {:option => true}
48
+ params = { :action => :edit, :controller => :test, :option => true }
49
+ @helper.action_allowed?('path/to/something', @res, params).should be_true
50
+ end
51
+
52
+ it "should create links if allowed" do
53
+ options = { :action => :edit, :controller => :test, :id => @res }
54
+ expect(:test, :edit, [], {:id => @res})
55
+ @helper.expects(:link_to_if).with(true, "Edit", options, {}).returns("<a>success</a>")
56
+ @helper.link_to_if_allowed("Edit", options){'no access'}.should == "<a>success</a>"
57
+ end
58
+
59
+ it "should not create links if forbidden" do
60
+ options = { :action => :edit, :controller => :test, :id => @res }
61
+ expect(:test, :edit, [], {:id => @res}, false)
62
+ @helper.expects(:link_to_if).with(false, "Edit", options, {}).returns("no access")
63
+ @helper.link_to_if_allowed("Edit", options){"no access"}.should == "no access"
64
+ end
65
+
66
+ def expect(ctrl, action, obj, param, result=true)
67
+ SecurityContext.expects(:allow_action?).with(ctrl, action, obj, param).returns(result)
68
+ end
69
+
70
+ # prepares #recognize_path to resolve the request path
71
+ def with_path_info(path, env = nil, result={})
72
+ env = { :method => env } if env.is_a? Symbol
73
+ env ||= { :method => :get }
74
+ parts = path.split('/')
75
+ result[:controller] ||= parts.first.to_sym
76
+ result[:id] ||= parts.second
77
+ result[:action] ||= parts.third.to_sym
78
+ ActionController::Routing::Routes.expects(:recognize_path).with(path, env).returns(result)
79
+ end
80
+
81
+ end
82
+
@@ -1,15 +1,15 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
-
3
- describe AnnotationSecurity::PolicyManager do
4
-
5
- it "should provide policy factories" do
6
- AnnotationSecurity::PolicyManager.policy_factory(:policy_manager)
7
- (defined? PolicyManagerPolicy).should_not be_nil
8
- end
9
-
10
- it "should return the policy class for a resource" do
11
- AnnotationSecurity::PolicyManager.policy_class(:policy_manager_2).
12
- should == PolicyManager2Policy
13
- end
14
-
15
- end
1
+ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
+
3
+ describe AnnotationSecurity::PolicyManager do
4
+
5
+ it "should provide policy factories" do
6
+ AnnotationSecurity::PolicyManager.policy_factory(:policy_manager)
7
+ (defined? PolicyManagerPolicy).should_not be_nil
8
+ end
9
+
10
+ it "should return the policy class for a resource" do
11
+ AnnotationSecurity::PolicyManager.policy_class(:policy_manager_2).
12
+ should == PolicyManager2Policy
13
+ end
14
+
15
+ end
@@ -1,17 +1,17 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
-
3
- describe AnnotationSecurity::ResourceManager do
4
-
5
- it "should provide resource classes" do
6
- klass = AnnotationSecurity::ResourceManager.get_resource_class :test_resource
7
- klass.should == TestResource
8
- end
9
-
10
- it "should find resource instances" do
11
- res = AnnotationSecurity::ResourceManager.get_resource :test_resource, 'xy'
12
- res.should be_instance_of(TestResource)
13
- res.name.should == 'xy'
14
- end
15
-
16
- end
17
-
1
+ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
+
3
+ describe AnnotationSecurity::ResourceManager do
4
+
5
+ it "should provide resource classes" do
6
+ klass = AnnotationSecurity::ResourceManager.get_resource_class :test_resource
7
+ klass.should == TestResource
8
+ end
9
+
10
+ it "should find resource instances" do
11
+ res = AnnotationSecurity::ResourceManager.get_resource :test_resource, 'xy'
12
+ res.should be_instance_of(TestResource)
13
+ res.name.should == 'xy'
14
+ end
15
+
16
+ end
17
+
@@ -1,17 +1,17 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
-
3
- describe AnnotationSecurity::RightLoader do
4
-
5
- it "should allow right definitions by hash" do
6
- AnnotationSecurity::RightLoader.define_rights({
7
- :right_loader => {
8
- :right1 => 'if logged_in',
9
- :right2 => 'if may_right1',
10
- }})
11
- (defined? RightLoaderPolicy).should_not be_nil
12
- RightLoaderPolicy.has_rule?(:right1).should be_true
13
- RightLoaderPolicy.has_rule?(:right2).should be_true
14
- end
15
-
16
- end
17
-
1
+ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
+
3
+ describe AnnotationSecurity::RightLoader do
4
+
5
+ it "should allow right definitions by hash" do
6
+ AnnotationSecurity::RightLoader.define_rights({
7
+ :right_loader => {
8
+ :right1 => 'if logged_in',
9
+ :right2 => 'if may_right1',
10
+ }})
11
+ (defined? RightLoaderPolicy).should_not be_nil
12
+ RightLoaderPolicy.has_rule?(:right1).should be_true
13
+ RightLoaderPolicy.has_rule?(:right2).should be_true
14
+ end
15
+
16
+ end
17
+
@@ -1,17 +1,17 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
-
3
- describe AnnotationSecurity::AbstractPolicy do
4
- # For more tests see test_policy_spec.rb
5
-
6
- it 'should create a subclass for a resource type' do
7
- klass = AnnotationSecurity::AbstractPolicy.new_subclass(:abs_policy_test)
8
- (defined? AbsPolicyTestPolicy).should_not be_nil
9
- klass.should eql(AbsPolicyTestPolicy)
10
- klass.static?.should be_false
11
-
12
- (defined? AbsPolicyTestStaticPolicy).should_not be_nil
13
- klass.static_policy_class.should eql(AbsPolicyTestStaticPolicy)
14
- klass.static_policy_class.static?.should be_true
15
- end
16
-
1
+ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
+
3
+ describe AnnotationSecurity::AbstractPolicy do
4
+ # For more tests see test_policy_spec.rb
5
+
6
+ it 'should create a subclass for a resource type' do
7
+ klass = AnnotationSecurity::AbstractPolicy.new_subclass(:abs_policy_test)
8
+ (defined? AbsPolicyTestPolicy).should_not be_nil
9
+ klass.should eql(AbsPolicyTestPolicy)
10
+ klass.static?.should be_false
11
+
12
+ (defined? AbsPolicyTestStaticPolicy).should_not be_nil
13
+ klass.static_policy_class.should eql(AbsPolicyTestStaticPolicy)
14
+ klass.static_policy_class.static?.should be_true
15
+ end
16
+
17
17
  end
@@ -1,24 +1,24 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
-
3
- describe AllResourcesPolicy do
4
-
5
- it 'should provide :__self__ relation' do
6
- user = TestUser.new
7
- user2 = TestUser.new
8
- policy = AllResourcesPolicy.new(user)
9
- policy.with_resource(user).__self__?.should be_true
10
- policy.with_resource(user.as_one_role).__self__?.should be_true
11
- policy.with_resource(user2).__self__?.should be_false
12
- end
13
-
14
- it 'should provide :logged_in relation' do
15
- AllResourcesPolicy.new(TestUser.new).logged_in?.should be_true
16
- AllResourcesPolicy.new(nil).logged_in?.should be_false
17
-
18
- AllResourcesPolicy.has_static_rule?(:logged_in).should be_true
19
- AllResourcesPolicy.has_dynamic_rule?(:logged_in).should be_false
20
- rule = AllResourcesPolicy.rule_set.get_static_rule(:logged_in)
21
- rule.requires_credential?.should be_false
22
- end
23
-
24
- end
1
+ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
+
3
+ describe AllResourcesPolicy do
4
+
5
+ it 'should provide :__self__ relation' do
6
+ user = TestUser.new
7
+ user2 = TestUser.new
8
+ policy = AllResourcesPolicy.new(user)
9
+ policy.with_resource(user).__self__?.should be_true
10
+ policy.with_resource(user.as_one_role).__self__?.should be_true
11
+ policy.with_resource(user2).__self__?.should be_false
12
+ end
13
+
14
+ it 'should provide :logged_in relation' do
15
+ AllResourcesPolicy.new(TestUser.new).logged_in?.should be_true
16
+ AllResourcesPolicy.new(nil).logged_in?.should be_false
17
+
18
+ AllResourcesPolicy.has_static_rule?(:logged_in).should be_true
19
+ AllResourcesPolicy.has_dynamic_rule?(:logged_in).should be_false
20
+ rule = AllResourcesPolicy.rule_set.get_static_rule(:logged_in)
21
+ rule.requires_credential?.should be_false
22
+ end
23
+
24
+ end
@@ -1,112 +1,112 @@
1
- require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
-
3
- describe AnnotationSecurity::RuleSet do
4
-
5
- before(:all) do
6
- AnnotationSecurity.define_relations(:rule_set_test,:rule_set_test2) do
7
- sys_relation :system, "true"
8
- res_relation :resource, "true"
9
- pre_relation :pretest, "true"
10
- end
11
- # This rule set is not to be modified during the tests!
12
- @rule_set2 = RuleSetTest2Policy.rule_set
13
- end
14
-
15
- before(:each) do
16
- # Use a fresh rule set for each test.
17
- # This will break some functions of RuleSet,
18
- # in these cases @rule_set2 is used for testing.
19
- @rule_set = AnnotationSecurity::RuleSet.new(RuleSetTestPolicy)
20
- end
21
-
22
- it 'should have a self explaining name' do
23
- @rule_set.to_s.should eql('<RuleSet of RuleSetTestPolicy>')
24
- end
25
-
26
- it 'should manage static relations' do
27
- rule = @rule_set.add_rule(:sys_relation, :system) { true }
28
- rule.should be_instance_of(AnnotationSecurity::Rule)
29
- @rule_set.get_rule(:sys_relation, true).should eql(rule)
30
- @rule_set.get_rule(:sys_relation, false).should be_nil
31
- end
32
-
33
- it 'should manage dynamic relations' do
34
- rule = @rule_set.add_rule(:res_relation, :resource) { true }
35
- rule.should be_instance_of(AnnotationSecurity::Rule)
36
- @rule_set.get_rule(:res_relation, false).should eql(rule)
37
- @rule_set.get_rule(:res_relation, true).should be_nil
38
- end
39
-
40
- it 'should manage pretest relations' do
41
- rule = @rule_set.add_rule(:pre_relation, :pretest) { true }
42
- rule.should be_instance_of(AnnotationSecurity::Rule)
43
- @rule_set.get_rule(:pre_relation, true).should eql(rule)
44
- @rule_set.get_rule(:pre_relation, false).should eql(rule)
45
- end
46
-
47
- it 'should manage dynamic rights' do
48
- rule = @rule_set.add_rule(:res_right, :right, "if res_relation")
49
- rule.should be_instance_of(AnnotationSecurity::Rule)
50
- @rule_set.get_rule(:res_right,false).should eql(rule)
51
- @rule_set.get_rule(:res_right,true).should be_nil
52
- end
53
-
54
- it 'should manage static rights' do
55
- rule = @rule_set.add_rule(:sys_right, :right, "if sys_relation")
56
- rule.should be_instance_of(AnnotationSecurity::Rule)
57
- @rule_set.get_rule(:sys_right,true).should eql(rule)
58
- @rule_set.get_rule(:sys_right,false).should be_nil
59
- end
60
-
61
- it 'should manage pretest rights' do
62
- rule = @rule_set.add_rule(:pre_right, :right, "if pre_relation")
63
- rule.should be_instance_of(AnnotationSecurity::Rule)
64
- @rule_set.get_rule(:pre_right,true).should eql(rule)
65
- @rule_set.get_rule(:pre_right,false).should eql(rule)
66
- end
67
-
68
- it 'should be able to copy dynamic rules from other rule sets' do
69
- rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, false)
70
- rule.should be_instance_of(AnnotationSecurity::Rule)
71
- @rule_set.get_rule(:res_relation, false).should eql(rule)
72
- @rule_set2.get_rule(:res_relation, false).should_not eql(rule)
73
- end
74
-
75
- it 'should not create dynamic copies of static rules from other rule sets' do
76
- rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, false)
77
- rule.should be_nil
78
- end
79
-
80
- it 'should be able to copy static rules from other rule sets' do
81
- rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, true)
82
- rule.should be_instance_of(AnnotationSecurity::Rule)
83
- @rule_set.get_rule(:sys_relation, true).should eql(rule)
84
- @rule_set2.get_rule(:sys_relation, true).should_not eql(rule)
85
- end
86
-
87
- it 'should not create static copies of dynamic rules from other rule sets' do
88
- rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, true)
89
- rule.should be_nil
90
- end
91
-
92
- it 'should not allow rules with forbidden names' do
93
- lambda {
94
- @rule_set.add_rule(:get_rule) { }
95
- }.should raise_error(AnnotationSecurity::RuleError)
96
- end
97
-
98
- it 'should not allow rules to be defined twice' do
99
- @rule_set.add_rule(:test_rule) { }
100
- lambda {
101
- @rule_set.add_rule(:test_rule) { }
102
- }.should raise_error(AnnotationSecurity::RuleError)
103
- end
104
-
105
- it 'should allow rules to be defined both statically and dynamically' do
106
- r1 = @rule_set.add_rule(:test_rule, :system) { }
107
- r2 = @rule_set.add_rule(:test_rule, :resource) { }
108
- @rule_set.get_rule(:test_rule,true).should eql(r1)
109
- @rule_set.get_rule(:test_rule,false).should eql(r2)
110
- end
111
-
112
- end
1
+ require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
2
+
3
+ describe AnnotationSecurity::RuleSet do
4
+
5
+ before(:all) do
6
+ AnnotationSecurity.define_relations(:rule_set_test,:rule_set_test2) do
7
+ sys_relation :system, "true"
8
+ res_relation :resource, "true"
9
+ pre_relation :pretest, "true"
10
+ end
11
+ # This rule set is not to be modified during the tests!
12
+ @rule_set2 = RuleSetTest2Policy.rule_set
13
+ end
14
+
15
+ before(:each) do
16
+ # Use a fresh rule set for each test.
17
+ # This will break some functions of RuleSet,
18
+ # in these cases @rule_set2 is used for testing.
19
+ @rule_set = AnnotationSecurity::RuleSet.new(RuleSetTestPolicy)
20
+ end
21
+
22
+ it 'should have a self explaining name' do
23
+ @rule_set.to_s.should eql('<RuleSet of RuleSetTestPolicy>')
24
+ end
25
+
26
+ it 'should manage static relations' do
27
+ rule = @rule_set.add_rule(:sys_relation, :system) { true }
28
+ rule.should be_instance_of(AnnotationSecurity::Rule)
29
+ @rule_set.get_rule(:sys_relation, true).should eql(rule)
30
+ @rule_set.get_rule(:sys_relation, false).should be_nil
31
+ end
32
+
33
+ it 'should manage dynamic relations' do
34
+ rule = @rule_set.add_rule(:res_relation, :resource) { true }
35
+ rule.should be_instance_of(AnnotationSecurity::Rule)
36
+ @rule_set.get_rule(:res_relation, false).should eql(rule)
37
+ @rule_set.get_rule(:res_relation, true).should be_nil
38
+ end
39
+
40
+ it 'should manage pretest relations' do
41
+ rule = @rule_set.add_rule(:pre_relation, :pretest) { true }
42
+ rule.should be_instance_of(AnnotationSecurity::Rule)
43
+ @rule_set.get_rule(:pre_relation, true).should eql(rule)
44
+ @rule_set.get_rule(:pre_relation, false).should eql(rule)
45
+ end
46
+
47
+ it 'should manage dynamic rights' do
48
+ rule = @rule_set.add_rule(:res_right, :right, "if res_relation")
49
+ rule.should be_instance_of(AnnotationSecurity::Rule)
50
+ @rule_set.get_rule(:res_right,false).should eql(rule)
51
+ @rule_set.get_rule(:res_right,true).should be_nil
52
+ end
53
+
54
+ it 'should manage static rights' do
55
+ rule = @rule_set.add_rule(:sys_right, :right, "if sys_relation")
56
+ rule.should be_instance_of(AnnotationSecurity::Rule)
57
+ @rule_set.get_rule(:sys_right,true).should eql(rule)
58
+ @rule_set.get_rule(:sys_right,false).should be_nil
59
+ end
60
+
61
+ it 'should manage pretest rights' do
62
+ rule = @rule_set.add_rule(:pre_right, :right, "if pre_relation")
63
+ rule.should be_instance_of(AnnotationSecurity::Rule)
64
+ @rule_set.get_rule(:pre_right,true).should eql(rule)
65
+ @rule_set.get_rule(:pre_right,false).should eql(rule)
66
+ end
67
+
68
+ it 'should be able to copy dynamic rules from other rule sets' do
69
+ rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, false)
70
+ rule.should be_instance_of(AnnotationSecurity::Rule)
71
+ @rule_set.get_rule(:res_relation, false).should eql(rule)
72
+ @rule_set2.get_rule(:res_relation, false).should_not eql(rule)
73
+ end
74
+
75
+ it 'should not create dynamic copies of static rules from other rule sets' do
76
+ rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, false)
77
+ rule.should be_nil
78
+ end
79
+
80
+ it 'should be able to copy static rules from other rule sets' do
81
+ rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, true)
82
+ rule.should be_instance_of(AnnotationSecurity::Rule)
83
+ @rule_set.get_rule(:sys_relation, true).should eql(rule)
84
+ @rule_set2.get_rule(:sys_relation, true).should_not eql(rule)
85
+ end
86
+
87
+ it 'should not create static copies of dynamic rules from other rule sets' do
88
+ rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, true)
89
+ rule.should be_nil
90
+ end
91
+
92
+ it 'should not allow rules with forbidden names' do
93
+ lambda {
94
+ @rule_set.add_rule(:get_rule) { }
95
+ }.should raise_error(AnnotationSecurity::RuleError)
96
+ end
97
+
98
+ it 'should not allow rules to be defined twice' do
99
+ @rule_set.add_rule(:test_rule) { }
100
+ lambda {
101
+ @rule_set.add_rule(:test_rule) { }
102
+ }.should raise_error(AnnotationSecurity::RuleError)
103
+ end
104
+
105
+ it 'should allow rules to be defined both statically and dynamically' do
106
+ r1 = @rule_set.add_rule(:test_rule, :system) { }
107
+ r2 = @rule_set.add_rule(:test_rule, :resource) { }
108
+ @rule_set.get_rule(:test_rule,true).should eql(r1)
109
+ @rule_set.get_rule(:test_rule,false).should eql(r2)
110
+ end
111
+
112
+ end