annotation_security 1.0.2 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG +22 -0
- data/HOW-TO +261 -0
- data/{LICENSE → MIT-LICENSE} +1 -1
- data/README +39 -0
- data/Rakefile +53 -62
- data/assets/app/helpers/annotation_security_helper.rb +8 -8
- data/assets/config/initializers/annotation_security.rb +11 -11
- data/assets/config/security/relations.rb +20 -20
- data/assets/vendor/plugins/annotation_security/init.rb +14 -14
- data/bin/annotation_security +7 -7
- data/lib/annotation_security.rb +94 -103
- data/lib/annotation_security/exceptions.rb +124 -124
- data/lib/annotation_security/exec.rb +188 -188
- data/lib/annotation_security/includes/helper.rb +215 -215
- data/lib/annotation_security/includes/resource.rb +84 -84
- data/lib/annotation_security/includes/role.rb +30 -30
- data/lib/annotation_security/includes/user.rb +26 -26
- data/lib/annotation_security/manager/policy_factory.rb +29 -29
- data/lib/annotation_security/manager/policy_manager.rb +87 -79
- data/lib/annotation_security/manager/relation_loader.rb +272 -272
- data/lib/annotation_security/manager/resource_manager.rb +36 -36
- data/lib/annotation_security/manager/right_loader.rb +87 -87
- data/lib/annotation_security/policy/abstract_policy.rb +344 -344
- data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
- data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
- data/lib/annotation_security/policy/rule.rb +340 -340
- data/lib/annotation_security/policy/rule_set.rb +138 -138
- data/lib/annotation_security/rails.rb +22 -39
- data/lib/{extensions → annotation_security/rails/2/extensions}/filter.rb +131 -133
- data/lib/annotation_security/rails/2/includes/action_controller.rb +144 -0
- data/lib/annotation_security/rails/2/includes/active_record.rb +28 -0
- data/lib/annotation_security/rails/2/initializer.rb +35 -0
- data/lib/annotation_security/{model_observer.rb → rails/2/model_observer.rb} +61 -61
- data/lib/annotation_security/rails/3/extensions/filter.rb +28 -0
- data/lib/annotation_security/{includes → rails/3/includes}/action_controller.rb +143 -144
- data/lib/annotation_security/{includes → rails/3/includes}/active_record.rb +27 -27
- data/lib/annotation_security/rails/3/initializer.rb +40 -0
- data/lib/annotation_security/rails/3/model_observer.rb +61 -0
- data/lib/annotation_security/rails/extensions.rb +21 -0
- data/lib/{extensions → annotation_security/rails/extensions}/action_controller.rb +31 -32
- data/lib/{extensions → annotation_security/rails/extensions}/active_record.rb +33 -34
- data/lib/{extensions → annotation_security/rails/extensions}/object.rb +10 -10
- data/lib/annotation_security/{filters.rb → rails/filters.rb} +37 -37
- data/lib/annotation_security/user_wrapper.rb +73 -73
- data/lib/annotation_security/utils.rb +141 -141
- data/lib/security_context.rb +588 -589
- data/spec/annotation_security/exceptions_spec.rb +16 -16
- data/spec/annotation_security/includes/helper_spec.rb +82 -82
- data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
- data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
- data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
- data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
- data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
- data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
- data/spec/annotation_security/policy/rule_spec.rb +77 -77
- data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
- data/spec/annotation_security/security_context_spec.rb +129 -78
- data/spec/annotation_security/utils_spec.rb +73 -73
- data/spec/helper/test_controller.rb +65 -65
- data/spec/helper/test_helper.rb +5 -5
- data/spec/helper/test_relations.rb +6 -6
- data/spec/helper/test_resource.rb +38 -38
- data/spec/helper/test_role.rb +21 -21
- data/spec/helper/test_user.rb +31 -31
- data/spec/rails_stub.rb +44 -37
- metadata +110 -96
- data/CHANGELOG.md +0 -14
- data/HOW-TO.md +0 -275
- data/README.md +0 -39
- data/lib/annotation_security/version.rb +0 -10
@@ -1,17 +1,17 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::RuleExecutionError do
|
4
|
-
|
5
|
-
before(:all) do
|
6
|
-
AnnotationSecurity.define_relations(:rule_ex_error_test) do
|
7
|
-
broken_relation { 1/0 }
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
it 'should be raised if a relation throws an error' do
|
12
|
-
lambda {
|
13
|
-
RuleExErrorTestPolicy.new(:user,:res).broken_relation?
|
14
|
-
}.should raise_error(AnnotationSecurity::RuleExecutionError)
|
15
|
-
end
|
16
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::RuleExecutionError do
|
4
|
+
|
5
|
+
before(:all) do
|
6
|
+
AnnotationSecurity.define_relations(:rule_ex_error_test) do
|
7
|
+
broken_relation { 1/0 }
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should be raised if a relation throws an error' do
|
12
|
+
lambda {
|
13
|
+
RuleExErrorTestPolicy.new(:user,:res).broken_relation?
|
14
|
+
}.should raise_error(AnnotationSecurity::RuleExecutionError)
|
15
|
+
end
|
16
|
+
|
17
17
|
end
|
@@ -1,82 +1,82 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::Helper do
|
4
|
-
|
5
|
-
before(:each) do
|
6
|
-
SecurityContext.initialize(TestController.new)
|
7
|
-
SecurityContext.credential = TestUser.new 'theuser'
|
8
|
-
@helper = TestHelper.new
|
9
|
-
@res = TestResource.new 'theuser'
|
10
|
-
end
|
11
|
-
|
12
|
-
it "should understand options hash" do
|
13
|
-
options = { :action => :edit, :controller => :test, :id => @res }
|
14
|
-
expect(:test, :edit, [], {:id => @res})
|
15
|
-
@helper.action_allowed?(options).should be_true
|
16
|
-
end
|
17
|
-
|
18
|
-
it "should understand path strings" do
|
19
|
-
path = 'test/theuser/edit'
|
20
|
-
with_path_info path
|
21
|
-
expect :test, :edit, [], {:id => 'theuser'}
|
22
|
-
@helper.action_allowed?(path).should be_true
|
23
|
-
end
|
24
|
-
|
25
|
-
it "should understand resource objects" do
|
26
|
-
with_path_info 'test/theuser', :get, {:action => :show}
|
27
|
-
expect :test, :show, [], {:id => 'theuser'}
|
28
|
-
@helper.expects(:url_for).with(@res).returns('test/theuser')
|
29
|
-
@helper.action_allowed?(@res).should be_true
|
30
|
-
end
|
31
|
-
|
32
|
-
it "should take html options into account" do
|
33
|
-
with_path_info 'test/theuser', :delete, {:action => :destroy}
|
34
|
-
expect :test, :destroy, [], {:id => 'theuser'}
|
35
|
-
@helper.expects(:url_for).with(@res).returns('test/theuser')
|
36
|
-
@helper.action_allowed?(@res, { :method => :delete}).should be_true
|
37
|
-
end
|
38
|
-
|
39
|
-
it "should call named routes" do
|
40
|
-
with_path_info 'test/theuser/edit'
|
41
|
-
expect :test, :edit, [@res], {}
|
42
|
-
@helper.expects(:edit_test_path).with(@res, {}).returns('test/theuser/edit')
|
43
|
-
@helper.action_allowed?(:edit_test_path, @res).should be_true
|
44
|
-
end
|
45
|
-
|
46
|
-
it "should support defining all parameters explicitly" do
|
47
|
-
expect :test, :edit, [@res], {:option => true}
|
48
|
-
params = { :action => :edit, :controller => :test, :option => true }
|
49
|
-
@helper.action_allowed?('path/to/something', @res, params).should be_true
|
50
|
-
end
|
51
|
-
|
52
|
-
it "should create links if allowed" do
|
53
|
-
options = { :action => :edit, :controller => :test, :id => @res }
|
54
|
-
expect(:test, :edit, [], {:id => @res})
|
55
|
-
@helper.expects(:link_to_if).with(true, "Edit", options, {}).returns("<a>success</a>")
|
56
|
-
@helper.link_to_if_allowed("Edit", options){'no access'}.should == "<a>success</a>"
|
57
|
-
end
|
58
|
-
|
59
|
-
it "should not create links if forbidden" do
|
60
|
-
options = { :action => :edit, :controller => :test, :id => @res }
|
61
|
-
expect(:test, :edit, [], {:id => @res}, false)
|
62
|
-
@helper.expects(:link_to_if).with(false, "Edit", options, {}).returns("no access")
|
63
|
-
@helper.link_to_if_allowed("Edit", options){"no access"}.should == "no access"
|
64
|
-
end
|
65
|
-
|
66
|
-
def expect(ctrl, action, obj, param, result=true)
|
67
|
-
SecurityContext.expects(:allow_action?).with(ctrl, action, obj, param).returns(result)
|
68
|
-
end
|
69
|
-
|
70
|
-
# prepares #recognize_path to resolve the request path
|
71
|
-
def with_path_info(path, env = nil, result={})
|
72
|
-
env = { :method => env } if env.is_a? Symbol
|
73
|
-
env ||= { :method => :get }
|
74
|
-
parts = path.split('/')
|
75
|
-
result[:controller] ||= parts.first.to_sym
|
76
|
-
result[:id] ||= parts.second
|
77
|
-
result[:action] ||= parts.third.to_sym
|
78
|
-
ActionController::Routing::Routes.expects(:recognize_path).with(path, env).returns(result)
|
79
|
-
end
|
80
|
-
|
81
|
-
end
|
82
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::Helper do
|
4
|
+
|
5
|
+
before(:each) do
|
6
|
+
SecurityContext.initialize(TestController.new)
|
7
|
+
SecurityContext.credential = TestUser.new 'theuser'
|
8
|
+
@helper = TestHelper.new
|
9
|
+
@res = TestResource.new 'theuser'
|
10
|
+
end
|
11
|
+
|
12
|
+
it "should understand options hash" do
|
13
|
+
options = { :action => :edit, :controller => :test, :id => @res }
|
14
|
+
expect(:test, :edit, [], {:id => @res})
|
15
|
+
@helper.action_allowed?(options).should be_true
|
16
|
+
end
|
17
|
+
|
18
|
+
it "should understand path strings" do
|
19
|
+
path = 'test/theuser/edit'
|
20
|
+
with_path_info path
|
21
|
+
expect :test, :edit, [], {:id => 'theuser'}
|
22
|
+
@helper.action_allowed?(path).should be_true
|
23
|
+
end
|
24
|
+
|
25
|
+
it "should understand resource objects" do
|
26
|
+
with_path_info 'test/theuser', :get, {:action => :show}
|
27
|
+
expect :test, :show, [], {:id => 'theuser'}
|
28
|
+
@helper.expects(:url_for).with(@res).returns('test/theuser')
|
29
|
+
@helper.action_allowed?(@res).should be_true
|
30
|
+
end
|
31
|
+
|
32
|
+
it "should take html options into account" do
|
33
|
+
with_path_info 'test/theuser', :delete, {:action => :destroy}
|
34
|
+
expect :test, :destroy, [], {:id => 'theuser'}
|
35
|
+
@helper.expects(:url_for).with(@res).returns('test/theuser')
|
36
|
+
@helper.action_allowed?(@res, { :method => :delete}).should be_true
|
37
|
+
end
|
38
|
+
|
39
|
+
it "should call named routes" do
|
40
|
+
with_path_info 'test/theuser/edit'
|
41
|
+
expect :test, :edit, [@res], {}
|
42
|
+
@helper.expects(:edit_test_path).with(@res, {}).returns('test/theuser/edit')
|
43
|
+
@helper.action_allowed?(:edit_test_path, @res).should be_true
|
44
|
+
end
|
45
|
+
|
46
|
+
it "should support defining all parameters explicitly" do
|
47
|
+
expect :test, :edit, [@res], {:option => true}
|
48
|
+
params = { :action => :edit, :controller => :test, :option => true }
|
49
|
+
@helper.action_allowed?('path/to/something', @res, params).should be_true
|
50
|
+
end
|
51
|
+
|
52
|
+
it "should create links if allowed" do
|
53
|
+
options = { :action => :edit, :controller => :test, :id => @res }
|
54
|
+
expect(:test, :edit, [], {:id => @res})
|
55
|
+
@helper.expects(:link_to_if).with(true, "Edit", options, {}).returns("<a>success</a>")
|
56
|
+
@helper.link_to_if_allowed("Edit", options){'no access'}.should == "<a>success</a>"
|
57
|
+
end
|
58
|
+
|
59
|
+
it "should not create links if forbidden" do
|
60
|
+
options = { :action => :edit, :controller => :test, :id => @res }
|
61
|
+
expect(:test, :edit, [], {:id => @res}, false)
|
62
|
+
@helper.expects(:link_to_if).with(false, "Edit", options, {}).returns("no access")
|
63
|
+
@helper.link_to_if_allowed("Edit", options){"no access"}.should == "no access"
|
64
|
+
end
|
65
|
+
|
66
|
+
def expect(ctrl, action, obj, param, result=true)
|
67
|
+
SecurityContext.expects(:allow_action?).with(ctrl, action, obj, param).returns(result)
|
68
|
+
end
|
69
|
+
|
70
|
+
# prepares #recognize_path to resolve the request path
|
71
|
+
def with_path_info(path, env = nil, result={})
|
72
|
+
env = { :method => env } if env.is_a? Symbol
|
73
|
+
env ||= { :method => :get }
|
74
|
+
parts = path.split('/')
|
75
|
+
result[:controller] ||= parts.first.to_sym
|
76
|
+
result[:id] ||= parts.second
|
77
|
+
result[:action] ||= parts.third.to_sym
|
78
|
+
ActionController::Routing::Routes.expects(:recognize_path).with(path, env).returns(result)
|
79
|
+
end
|
80
|
+
|
81
|
+
end
|
82
|
+
|
@@ -1,15 +1,15 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::PolicyManager do
|
4
|
-
|
5
|
-
it "should provide policy factories" do
|
6
|
-
AnnotationSecurity::PolicyManager.policy_factory(:policy_manager)
|
7
|
-
(defined? PolicyManagerPolicy).should_not be_nil
|
8
|
-
end
|
9
|
-
|
10
|
-
it "should return the policy class for a resource" do
|
11
|
-
AnnotationSecurity::PolicyManager.policy_class(:policy_manager_2).
|
12
|
-
should == PolicyManager2Policy
|
13
|
-
end
|
14
|
-
|
15
|
-
end
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::PolicyManager do
|
4
|
+
|
5
|
+
it "should provide policy factories" do
|
6
|
+
AnnotationSecurity::PolicyManager.policy_factory(:policy_manager)
|
7
|
+
(defined? PolicyManagerPolicy).should_not be_nil
|
8
|
+
end
|
9
|
+
|
10
|
+
it "should return the policy class for a resource" do
|
11
|
+
AnnotationSecurity::PolicyManager.policy_class(:policy_manager_2).
|
12
|
+
should == PolicyManager2Policy
|
13
|
+
end
|
14
|
+
|
15
|
+
end
|
@@ -1,17 +1,17 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::ResourceManager do
|
4
|
-
|
5
|
-
it "should provide resource classes" do
|
6
|
-
klass = AnnotationSecurity::ResourceManager.get_resource_class :test_resource
|
7
|
-
klass.should == TestResource
|
8
|
-
end
|
9
|
-
|
10
|
-
it "should find resource instances" do
|
11
|
-
res = AnnotationSecurity::ResourceManager.get_resource :test_resource, 'xy'
|
12
|
-
res.should be_instance_of(TestResource)
|
13
|
-
res.name.should == 'xy'
|
14
|
-
end
|
15
|
-
|
16
|
-
end
|
17
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::ResourceManager do
|
4
|
+
|
5
|
+
it "should provide resource classes" do
|
6
|
+
klass = AnnotationSecurity::ResourceManager.get_resource_class :test_resource
|
7
|
+
klass.should == TestResource
|
8
|
+
end
|
9
|
+
|
10
|
+
it "should find resource instances" do
|
11
|
+
res = AnnotationSecurity::ResourceManager.get_resource :test_resource, 'xy'
|
12
|
+
res.should be_instance_of(TestResource)
|
13
|
+
res.name.should == 'xy'
|
14
|
+
end
|
15
|
+
|
16
|
+
end
|
17
|
+
|
@@ -1,17 +1,17 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::RightLoader do
|
4
|
-
|
5
|
-
it "should allow right definitions by hash" do
|
6
|
-
AnnotationSecurity::RightLoader.define_rights({
|
7
|
-
:right_loader => {
|
8
|
-
:right1 => 'if logged_in',
|
9
|
-
:right2 => 'if may_right1',
|
10
|
-
}})
|
11
|
-
(defined? RightLoaderPolicy).should_not be_nil
|
12
|
-
RightLoaderPolicy.has_rule?(:right1).should be_true
|
13
|
-
RightLoaderPolicy.has_rule?(:right2).should be_true
|
14
|
-
end
|
15
|
-
|
16
|
-
end
|
17
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::RightLoader do
|
4
|
+
|
5
|
+
it "should allow right definitions by hash" do
|
6
|
+
AnnotationSecurity::RightLoader.define_rights({
|
7
|
+
:right_loader => {
|
8
|
+
:right1 => 'if logged_in',
|
9
|
+
:right2 => 'if may_right1',
|
10
|
+
}})
|
11
|
+
(defined? RightLoaderPolicy).should_not be_nil
|
12
|
+
RightLoaderPolicy.has_rule?(:right1).should be_true
|
13
|
+
RightLoaderPolicy.has_rule?(:right2).should be_true
|
14
|
+
end
|
15
|
+
|
16
|
+
end
|
17
|
+
|
@@ -1,17 +1,17 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::AbstractPolicy do
|
4
|
-
# For more tests see test_policy_spec.rb
|
5
|
-
|
6
|
-
it 'should create a subclass for a resource type' do
|
7
|
-
klass = AnnotationSecurity::AbstractPolicy.new_subclass(:abs_policy_test)
|
8
|
-
(defined? AbsPolicyTestPolicy).should_not be_nil
|
9
|
-
klass.should eql(AbsPolicyTestPolicy)
|
10
|
-
klass.static?.should be_false
|
11
|
-
|
12
|
-
(defined? AbsPolicyTestStaticPolicy).should_not be_nil
|
13
|
-
klass.static_policy_class.should eql(AbsPolicyTestStaticPolicy)
|
14
|
-
klass.static_policy_class.static?.should be_true
|
15
|
-
end
|
16
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::AbstractPolicy do
|
4
|
+
# For more tests see test_policy_spec.rb
|
5
|
+
|
6
|
+
it 'should create a subclass for a resource type' do
|
7
|
+
klass = AnnotationSecurity::AbstractPolicy.new_subclass(:abs_policy_test)
|
8
|
+
(defined? AbsPolicyTestPolicy).should_not be_nil
|
9
|
+
klass.should eql(AbsPolicyTestPolicy)
|
10
|
+
klass.static?.should be_false
|
11
|
+
|
12
|
+
(defined? AbsPolicyTestStaticPolicy).should_not be_nil
|
13
|
+
klass.static_policy_class.should eql(AbsPolicyTestStaticPolicy)
|
14
|
+
klass.static_policy_class.static?.should be_true
|
15
|
+
end
|
16
|
+
|
17
17
|
end
|
@@ -1,24 +1,24 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AllResourcesPolicy do
|
4
|
-
|
5
|
-
it 'should provide :__self__ relation' do
|
6
|
-
user = TestUser.new
|
7
|
-
user2 = TestUser.new
|
8
|
-
policy = AllResourcesPolicy.new(user)
|
9
|
-
policy.with_resource(user).__self__?.should be_true
|
10
|
-
policy.with_resource(user.as_one_role).__self__?.should be_true
|
11
|
-
policy.with_resource(user2).__self__?.should be_false
|
12
|
-
end
|
13
|
-
|
14
|
-
it 'should provide :logged_in relation' do
|
15
|
-
AllResourcesPolicy.new(TestUser.new).logged_in?.should be_true
|
16
|
-
AllResourcesPolicy.new(nil).logged_in?.should be_false
|
17
|
-
|
18
|
-
AllResourcesPolicy.has_static_rule?(:logged_in).should be_true
|
19
|
-
AllResourcesPolicy.has_dynamic_rule?(:logged_in).should be_false
|
20
|
-
rule = AllResourcesPolicy.rule_set.get_static_rule(:logged_in)
|
21
|
-
rule.requires_credential?.should be_false
|
22
|
-
end
|
23
|
-
|
24
|
-
end
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AllResourcesPolicy do
|
4
|
+
|
5
|
+
it 'should provide :__self__ relation' do
|
6
|
+
user = TestUser.new
|
7
|
+
user2 = TestUser.new
|
8
|
+
policy = AllResourcesPolicy.new(user)
|
9
|
+
policy.with_resource(user).__self__?.should be_true
|
10
|
+
policy.with_resource(user.as_one_role).__self__?.should be_true
|
11
|
+
policy.with_resource(user2).__self__?.should be_false
|
12
|
+
end
|
13
|
+
|
14
|
+
it 'should provide :logged_in relation' do
|
15
|
+
AllResourcesPolicy.new(TestUser.new).logged_in?.should be_true
|
16
|
+
AllResourcesPolicy.new(nil).logged_in?.should be_false
|
17
|
+
|
18
|
+
AllResourcesPolicy.has_static_rule?(:logged_in).should be_true
|
19
|
+
AllResourcesPolicy.has_dynamic_rule?(:logged_in).should be_false
|
20
|
+
rule = AllResourcesPolicy.rule_set.get_static_rule(:logged_in)
|
21
|
+
rule.requires_credential?.should be_false
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
@@ -1,112 +1,112 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::RuleSet do
|
4
|
-
|
5
|
-
before(:all) do
|
6
|
-
AnnotationSecurity.define_relations(:rule_set_test,:rule_set_test2) do
|
7
|
-
sys_relation :system, "true"
|
8
|
-
res_relation :resource, "true"
|
9
|
-
pre_relation :pretest, "true"
|
10
|
-
end
|
11
|
-
# This rule set is not to be modified during the tests!
|
12
|
-
@rule_set2 = RuleSetTest2Policy.rule_set
|
13
|
-
end
|
14
|
-
|
15
|
-
before(:each) do
|
16
|
-
# Use a fresh rule set for each test.
|
17
|
-
# This will break some functions of RuleSet,
|
18
|
-
# in these cases @rule_set2 is used for testing.
|
19
|
-
@rule_set = AnnotationSecurity::RuleSet.new(RuleSetTestPolicy)
|
20
|
-
end
|
21
|
-
|
22
|
-
it 'should have a self explaining name' do
|
23
|
-
@rule_set.to_s.should eql('<RuleSet of RuleSetTestPolicy>')
|
24
|
-
end
|
25
|
-
|
26
|
-
it 'should manage static relations' do
|
27
|
-
rule = @rule_set.add_rule(:sys_relation, :system) { true }
|
28
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
29
|
-
@rule_set.get_rule(:sys_relation, true).should eql(rule)
|
30
|
-
@rule_set.get_rule(:sys_relation, false).should be_nil
|
31
|
-
end
|
32
|
-
|
33
|
-
it 'should manage dynamic relations' do
|
34
|
-
rule = @rule_set.add_rule(:res_relation, :resource) { true }
|
35
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
36
|
-
@rule_set.get_rule(:res_relation, false).should eql(rule)
|
37
|
-
@rule_set.get_rule(:res_relation, true).should be_nil
|
38
|
-
end
|
39
|
-
|
40
|
-
it 'should manage pretest relations' do
|
41
|
-
rule = @rule_set.add_rule(:pre_relation, :pretest) { true }
|
42
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
43
|
-
@rule_set.get_rule(:pre_relation, true).should eql(rule)
|
44
|
-
@rule_set.get_rule(:pre_relation, false).should eql(rule)
|
45
|
-
end
|
46
|
-
|
47
|
-
it 'should manage dynamic rights' do
|
48
|
-
rule = @rule_set.add_rule(:res_right, :right, "if res_relation")
|
49
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
50
|
-
@rule_set.get_rule(:res_right,false).should eql(rule)
|
51
|
-
@rule_set.get_rule(:res_right,true).should be_nil
|
52
|
-
end
|
53
|
-
|
54
|
-
it 'should manage static rights' do
|
55
|
-
rule = @rule_set.add_rule(:sys_right, :right, "if sys_relation")
|
56
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
57
|
-
@rule_set.get_rule(:sys_right,true).should eql(rule)
|
58
|
-
@rule_set.get_rule(:sys_right,false).should be_nil
|
59
|
-
end
|
60
|
-
|
61
|
-
it 'should manage pretest rights' do
|
62
|
-
rule = @rule_set.add_rule(:pre_right, :right, "if pre_relation")
|
63
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
64
|
-
@rule_set.get_rule(:pre_right,true).should eql(rule)
|
65
|
-
@rule_set.get_rule(:pre_right,false).should eql(rule)
|
66
|
-
end
|
67
|
-
|
68
|
-
it 'should be able to copy dynamic rules from other rule sets' do
|
69
|
-
rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, false)
|
70
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
71
|
-
@rule_set.get_rule(:res_relation, false).should eql(rule)
|
72
|
-
@rule_set2.get_rule(:res_relation, false).should_not eql(rule)
|
73
|
-
end
|
74
|
-
|
75
|
-
it 'should not create dynamic copies of static rules from other rule sets' do
|
76
|
-
rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, false)
|
77
|
-
rule.should be_nil
|
78
|
-
end
|
79
|
-
|
80
|
-
it 'should be able to copy static rules from other rule sets' do
|
81
|
-
rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, true)
|
82
|
-
rule.should be_instance_of(AnnotationSecurity::Rule)
|
83
|
-
@rule_set.get_rule(:sys_relation, true).should eql(rule)
|
84
|
-
@rule_set2.get_rule(:sys_relation, true).should_not eql(rule)
|
85
|
-
end
|
86
|
-
|
87
|
-
it 'should not create static copies of dynamic rules from other rule sets' do
|
88
|
-
rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, true)
|
89
|
-
rule.should be_nil
|
90
|
-
end
|
91
|
-
|
92
|
-
it 'should not allow rules with forbidden names' do
|
93
|
-
lambda {
|
94
|
-
@rule_set.add_rule(:get_rule) { }
|
95
|
-
}.should raise_error(AnnotationSecurity::RuleError)
|
96
|
-
end
|
97
|
-
|
98
|
-
it 'should not allow rules to be defined twice' do
|
99
|
-
@rule_set.add_rule(:test_rule) { }
|
100
|
-
lambda {
|
101
|
-
@rule_set.add_rule(:test_rule) { }
|
102
|
-
}.should raise_error(AnnotationSecurity::RuleError)
|
103
|
-
end
|
104
|
-
|
105
|
-
it 'should allow rules to be defined both statically and dynamically' do
|
106
|
-
r1 = @rule_set.add_rule(:test_rule, :system) { }
|
107
|
-
r2 = @rule_set.add_rule(:test_rule, :resource) { }
|
108
|
-
@rule_set.get_rule(:test_rule,true).should eql(r1)
|
109
|
-
@rule_set.get_rule(:test_rule,false).should eql(r2)
|
110
|
-
end
|
111
|
-
|
112
|
-
end
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::RuleSet do
|
4
|
+
|
5
|
+
before(:all) do
|
6
|
+
AnnotationSecurity.define_relations(:rule_set_test,:rule_set_test2) do
|
7
|
+
sys_relation :system, "true"
|
8
|
+
res_relation :resource, "true"
|
9
|
+
pre_relation :pretest, "true"
|
10
|
+
end
|
11
|
+
# This rule set is not to be modified during the tests!
|
12
|
+
@rule_set2 = RuleSetTest2Policy.rule_set
|
13
|
+
end
|
14
|
+
|
15
|
+
before(:each) do
|
16
|
+
# Use a fresh rule set for each test.
|
17
|
+
# This will break some functions of RuleSet,
|
18
|
+
# in these cases @rule_set2 is used for testing.
|
19
|
+
@rule_set = AnnotationSecurity::RuleSet.new(RuleSetTestPolicy)
|
20
|
+
end
|
21
|
+
|
22
|
+
it 'should have a self explaining name' do
|
23
|
+
@rule_set.to_s.should eql('<RuleSet of RuleSetTestPolicy>')
|
24
|
+
end
|
25
|
+
|
26
|
+
it 'should manage static relations' do
|
27
|
+
rule = @rule_set.add_rule(:sys_relation, :system) { true }
|
28
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
29
|
+
@rule_set.get_rule(:sys_relation, true).should eql(rule)
|
30
|
+
@rule_set.get_rule(:sys_relation, false).should be_nil
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'should manage dynamic relations' do
|
34
|
+
rule = @rule_set.add_rule(:res_relation, :resource) { true }
|
35
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
36
|
+
@rule_set.get_rule(:res_relation, false).should eql(rule)
|
37
|
+
@rule_set.get_rule(:res_relation, true).should be_nil
|
38
|
+
end
|
39
|
+
|
40
|
+
it 'should manage pretest relations' do
|
41
|
+
rule = @rule_set.add_rule(:pre_relation, :pretest) { true }
|
42
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
43
|
+
@rule_set.get_rule(:pre_relation, true).should eql(rule)
|
44
|
+
@rule_set.get_rule(:pre_relation, false).should eql(rule)
|
45
|
+
end
|
46
|
+
|
47
|
+
it 'should manage dynamic rights' do
|
48
|
+
rule = @rule_set.add_rule(:res_right, :right, "if res_relation")
|
49
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
50
|
+
@rule_set.get_rule(:res_right,false).should eql(rule)
|
51
|
+
@rule_set.get_rule(:res_right,true).should be_nil
|
52
|
+
end
|
53
|
+
|
54
|
+
it 'should manage static rights' do
|
55
|
+
rule = @rule_set.add_rule(:sys_right, :right, "if sys_relation")
|
56
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
57
|
+
@rule_set.get_rule(:sys_right,true).should eql(rule)
|
58
|
+
@rule_set.get_rule(:sys_right,false).should be_nil
|
59
|
+
end
|
60
|
+
|
61
|
+
it 'should manage pretest rights' do
|
62
|
+
rule = @rule_set.add_rule(:pre_right, :right, "if pre_relation")
|
63
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
64
|
+
@rule_set.get_rule(:pre_right,true).should eql(rule)
|
65
|
+
@rule_set.get_rule(:pre_right,false).should eql(rule)
|
66
|
+
end
|
67
|
+
|
68
|
+
it 'should be able to copy dynamic rules from other rule sets' do
|
69
|
+
rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, false)
|
70
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
71
|
+
@rule_set.get_rule(:res_relation, false).should eql(rule)
|
72
|
+
@rule_set2.get_rule(:res_relation, false).should_not eql(rule)
|
73
|
+
end
|
74
|
+
|
75
|
+
it 'should not create dynamic copies of static rules from other rule sets' do
|
76
|
+
rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, false)
|
77
|
+
rule.should be_nil
|
78
|
+
end
|
79
|
+
|
80
|
+
it 'should be able to copy static rules from other rule sets' do
|
81
|
+
rule = @rule_set.copy_rule_from(:sys_relation, @rule_set2, true)
|
82
|
+
rule.should be_instance_of(AnnotationSecurity::Rule)
|
83
|
+
@rule_set.get_rule(:sys_relation, true).should eql(rule)
|
84
|
+
@rule_set2.get_rule(:sys_relation, true).should_not eql(rule)
|
85
|
+
end
|
86
|
+
|
87
|
+
it 'should not create static copies of dynamic rules from other rule sets' do
|
88
|
+
rule = @rule_set.copy_rule_from(:res_relation, @rule_set2, true)
|
89
|
+
rule.should be_nil
|
90
|
+
end
|
91
|
+
|
92
|
+
it 'should not allow rules with forbidden names' do
|
93
|
+
lambda {
|
94
|
+
@rule_set.add_rule(:get_rule) { }
|
95
|
+
}.should raise_error(AnnotationSecurity::RuleError)
|
96
|
+
end
|
97
|
+
|
98
|
+
it 'should not allow rules to be defined twice' do
|
99
|
+
@rule_set.add_rule(:test_rule) { }
|
100
|
+
lambda {
|
101
|
+
@rule_set.add_rule(:test_rule) { }
|
102
|
+
}.should raise_error(AnnotationSecurity::RuleError)
|
103
|
+
end
|
104
|
+
|
105
|
+
it 'should allow rules to be defined both statically and dynamically' do
|
106
|
+
r1 = @rule_set.add_rule(:test_rule, :system) { }
|
107
|
+
r2 = @rule_set.add_rule(:test_rule, :resource) { }
|
108
|
+
@rule_set.get_rule(:test_rule,true).should eql(r1)
|
109
|
+
@rule_set.get_rule(:test_rule,false).should eql(r2)
|
110
|
+
end
|
111
|
+
|
112
|
+
end
|