api_guardian 0.1.0.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/README.md +125 -0
- data/Rakefile +30 -0
- data/app/controllers/api_guardian/api_controller.rb +112 -0
- data/app/controllers/api_guardian/application_controller.rb +11 -0
- data/app/controllers/api_guardian/permissions_controller.rb +7 -0
- data/app/controllers/api_guardian/registration_controller.rb +38 -0
- data/app/controllers/api_guardian/roles_controller.rb +19 -0
- data/app/controllers/api_guardian/users_controller.rb +20 -0
- data/app/models/api_guardian/permission.rb +14 -0
- data/app/models/api_guardian/role.rb +97 -0
- data/app/models/api_guardian/role_permission.rb +8 -0
- data/app/models/api_guardian/user.rb +23 -0
- data/app/serializers/api_guardian/permission_serializer.rb +7 -0
- data/app/serializers/api_guardian/role_serializer.rb +7 -0
- data/app/serializers/api_guardian/user_serializer.rb +10 -0
- data/config/initializers/api_guardian.rb +10 -0
- data/config/initializers/doorkeeper.rb +143 -0
- data/config/routes.rb +20 -0
- data/db/migrate/20151117191338_api_guardian_enable_uuid_extension.rb +5 -0
- data/db/migrate/20151117191911_create_api_guardian_roles.rb +9 -0
- data/db/migrate/20151117195618_create_api_guardian_users.rb +25 -0
- data/db/migrate/20151117212826_create_api_guardian_permissions.rb +10 -0
- data/db/migrate/20151117213145_create_api_guardian_role_permissions.rb +11 -0
- data/db/migrate/20151117225238_create_doorkeeper_tables.rb +42 -0
- data/db/seeds.rb +32 -0
- data/lib/api_guardian.rb +80 -0
- data/lib/api_guardian/concerns/api_errors/handler.rb +145 -0
- data/lib/api_guardian/concerns/api_errors/renderer.rb +45 -0
- data/lib/api_guardian/concerns/api_request/validator.rb +66 -0
- data/lib/api_guardian/configuration.rb +171 -0
- data/lib/api_guardian/engine.rb +23 -0
- data/lib/api_guardian/errors/invalid_content_type_error.rb +6 -0
- data/lib/api_guardian/errors/invalid_permission_name_error.rb +6 -0
- data/lib/api_guardian/errors/invalid_request_body_error.rb +6 -0
- data/lib/api_guardian/errors/invalid_request_resource_id_error.rb +6 -0
- data/lib/api_guardian/errors/invalid_request_resource_type_error.rb +6 -0
- data/lib/api_guardian/errors/invalid_update_action_error.rb +6 -0
- data/lib/api_guardian/errors/reset_token_expired_error.rb +6 -0
- data/lib/api_guardian/errors/reset_token_user_mismatch_error.rb +6 -0
- data/lib/api_guardian/policies/application_policy.rb +65 -0
- data/lib/api_guardian/policies/permission_policy.rb +15 -0
- data/lib/api_guardian/policies/role_policy.rb +15 -0
- data/lib/api_guardian/policies/user_policy.rb +23 -0
- data/lib/api_guardian/stores/base.rb +53 -0
- data/lib/api_guardian/stores/permission_store.rb +6 -0
- data/lib/api_guardian/stores/role_store.rb +9 -0
- data/lib/api_guardian/stores/user_store.rb +86 -0
- data/lib/api_guardian/version.rb +3 -0
- data/lib/generators/api_guardian/install/USAGE +8 -0
- data/lib/generators/api_guardian/install/install_generator.rb +19 -0
- data/lib/generators/api_guardian/install/templates/README +1 -0
- data/lib/generators/api_guardian/install/templates/api_guardian.rb +5 -0
- data/lib/tasks/api_guardian_tasks.rake +4 -0
- data/spec/concerns/api_errors/handler_spec.rb +114 -0
- data/spec/concerns/api_request/validator_spec.rb +102 -0
- data/spec/dummy/README.rdoc +28 -0
- data/spec/dummy/Rakefile +6 -0
- data/spec/dummy/app/controllers/application_controller.rb +5 -0
- data/spec/dummy/bin/bundle +3 -0
- data/spec/dummy/bin/rails +4 -0
- data/spec/dummy/bin/rake +4 -0
- data/spec/dummy/bin/setup +29 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +25 -0
- data/spec/dummy/config/boot.rb +5 -0
- data/spec/dummy/config/database.yml +13 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +41 -0
- data/spec/dummy/config/environments/production.rb +79 -0
- data/spec/dummy/config/environments/test.rb +42 -0
- data/spec/dummy/config/initializers/assets.rb +11 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/dummy/config/initializers/inflections.rb +16 -0
- data/spec/dummy/config/initializers/mime_types.rb +4 -0
- data/spec/dummy/config/initializers/session_store.rb +3 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/en.yml +23 -0
- data/spec/dummy/config/routes.rb +3 -0
- data/spec/dummy/config/secrets.yml +22 -0
- data/spec/dummy/db/schema.rb +104 -0
- data/spec/dummy/log/test.log +5031 -0
- data/spec/dummy/public/404.html +67 -0
- data/spec/dummy/public/422.html +67 -0
- data/spec/dummy/public/500.html +66 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/factories/permissions.rb +6 -0
- data/spec/factories/role_permissions.rb +6 -0
- data/spec/factories/roles.rb +24 -0
- data/spec/factories/users.rb +11 -0
- data/spec/models/permission_spec.rb +28 -0
- data/spec/models/role_permission_spec.rb +27 -0
- data/spec/models/role_spec.rb +209 -0
- data/spec/models/user_spec.rb +44 -0
- data/spec/policies/application_policy_spec.rb +118 -0
- data/spec/policies/permission_policy_spec.rb +28 -0
- data/spec/policies/role_policy_spec.rb +28 -0
- data/spec/policies/user_policy_spec.rb +29 -0
- data/spec/requests/permissions_controller_spec.rb +19 -0
- data/spec/requests/registration_controller_spec.rb +151 -0
- data/spec/requests/roles_controller_spec.rb +75 -0
- data/spec/requests/users_controller_spec.rb +75 -0
- data/spec/spec_helper.rb +138 -0
- data/spec/stores/base_spec.rb +113 -0
- data/spec/stores/permission_store_spec.rb +2 -0
- data/spec/stores/role_store_spec.rb +12 -0
- data/spec/stores/user_store_spec.rb +144 -0
- data/spec/support/controller_concern_test_helpers.rb +21 -0
- data/spec/support/matchers.rb +37 -0
- data/spec/support/request_helpers.rb +111 -0
- metadata +508 -0
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html>
|
|
3
|
+
<head>
|
|
4
|
+
<title>The page you were looking for doesn't exist (404)</title>
|
|
5
|
+
<meta name="viewport" content="width=device-width,initial-scale=1">
|
|
6
|
+
<style>
|
|
7
|
+
body {
|
|
8
|
+
background-color: #EFEFEF;
|
|
9
|
+
color: #2E2F30;
|
|
10
|
+
text-align: center;
|
|
11
|
+
font-family: arial, sans-serif;
|
|
12
|
+
margin: 0;
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
div.dialog {
|
|
16
|
+
width: 95%;
|
|
17
|
+
max-width: 33em;
|
|
18
|
+
margin: 4em auto 0;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
div.dialog > div {
|
|
22
|
+
border: 1px solid #CCC;
|
|
23
|
+
border-right-color: #999;
|
|
24
|
+
border-left-color: #999;
|
|
25
|
+
border-bottom-color: #BBB;
|
|
26
|
+
border-top: #B00100 solid 4px;
|
|
27
|
+
border-top-left-radius: 9px;
|
|
28
|
+
border-top-right-radius: 9px;
|
|
29
|
+
background-color: white;
|
|
30
|
+
padding: 7px 12% 0;
|
|
31
|
+
box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
h1 {
|
|
35
|
+
font-size: 100%;
|
|
36
|
+
color: #730E15;
|
|
37
|
+
line-height: 1.5em;
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
div.dialog > p {
|
|
41
|
+
margin: 0 0 1em;
|
|
42
|
+
padding: 1em;
|
|
43
|
+
background-color: #F7F7F7;
|
|
44
|
+
border: 1px solid #CCC;
|
|
45
|
+
border-right-color: #999;
|
|
46
|
+
border-left-color: #999;
|
|
47
|
+
border-bottom-color: #999;
|
|
48
|
+
border-bottom-left-radius: 4px;
|
|
49
|
+
border-bottom-right-radius: 4px;
|
|
50
|
+
border-top-color: #DADADA;
|
|
51
|
+
color: #666;
|
|
52
|
+
box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
|
|
53
|
+
}
|
|
54
|
+
</style>
|
|
55
|
+
</head>
|
|
56
|
+
|
|
57
|
+
<body>
|
|
58
|
+
<!-- This file lives in public/404.html -->
|
|
59
|
+
<div class="dialog">
|
|
60
|
+
<div>
|
|
61
|
+
<h1>The page you were looking for doesn't exist.</h1>
|
|
62
|
+
<p>You may have mistyped the address or the page may have moved.</p>
|
|
63
|
+
</div>
|
|
64
|
+
<p>If you are the application owner check the logs for more information.</p>
|
|
65
|
+
</div>
|
|
66
|
+
</body>
|
|
67
|
+
</html>
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html>
|
|
3
|
+
<head>
|
|
4
|
+
<title>The change you wanted was rejected (422)</title>
|
|
5
|
+
<meta name="viewport" content="width=device-width,initial-scale=1">
|
|
6
|
+
<style>
|
|
7
|
+
body {
|
|
8
|
+
background-color: #EFEFEF;
|
|
9
|
+
color: #2E2F30;
|
|
10
|
+
text-align: center;
|
|
11
|
+
font-family: arial, sans-serif;
|
|
12
|
+
margin: 0;
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
div.dialog {
|
|
16
|
+
width: 95%;
|
|
17
|
+
max-width: 33em;
|
|
18
|
+
margin: 4em auto 0;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
div.dialog > div {
|
|
22
|
+
border: 1px solid #CCC;
|
|
23
|
+
border-right-color: #999;
|
|
24
|
+
border-left-color: #999;
|
|
25
|
+
border-bottom-color: #BBB;
|
|
26
|
+
border-top: #B00100 solid 4px;
|
|
27
|
+
border-top-left-radius: 9px;
|
|
28
|
+
border-top-right-radius: 9px;
|
|
29
|
+
background-color: white;
|
|
30
|
+
padding: 7px 12% 0;
|
|
31
|
+
box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
h1 {
|
|
35
|
+
font-size: 100%;
|
|
36
|
+
color: #730E15;
|
|
37
|
+
line-height: 1.5em;
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
div.dialog > p {
|
|
41
|
+
margin: 0 0 1em;
|
|
42
|
+
padding: 1em;
|
|
43
|
+
background-color: #F7F7F7;
|
|
44
|
+
border: 1px solid #CCC;
|
|
45
|
+
border-right-color: #999;
|
|
46
|
+
border-left-color: #999;
|
|
47
|
+
border-bottom-color: #999;
|
|
48
|
+
border-bottom-left-radius: 4px;
|
|
49
|
+
border-bottom-right-radius: 4px;
|
|
50
|
+
border-top-color: #DADADA;
|
|
51
|
+
color: #666;
|
|
52
|
+
box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
|
|
53
|
+
}
|
|
54
|
+
</style>
|
|
55
|
+
</head>
|
|
56
|
+
|
|
57
|
+
<body>
|
|
58
|
+
<!-- This file lives in public/422.html -->
|
|
59
|
+
<div class="dialog">
|
|
60
|
+
<div>
|
|
61
|
+
<h1>The change you wanted was rejected.</h1>
|
|
62
|
+
<p>Maybe you tried to change something you didn't have access to.</p>
|
|
63
|
+
</div>
|
|
64
|
+
<p>If you are the application owner check the logs for more information.</p>
|
|
65
|
+
</div>
|
|
66
|
+
</body>
|
|
67
|
+
</html>
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
<!DOCTYPE html>
|
|
2
|
+
<html>
|
|
3
|
+
<head>
|
|
4
|
+
<title>We're sorry, but something went wrong (500)</title>
|
|
5
|
+
<meta name="viewport" content="width=device-width,initial-scale=1">
|
|
6
|
+
<style>
|
|
7
|
+
body {
|
|
8
|
+
background-color: #EFEFEF;
|
|
9
|
+
color: #2E2F30;
|
|
10
|
+
text-align: center;
|
|
11
|
+
font-family: arial, sans-serif;
|
|
12
|
+
margin: 0;
|
|
13
|
+
}
|
|
14
|
+
|
|
15
|
+
div.dialog {
|
|
16
|
+
width: 95%;
|
|
17
|
+
max-width: 33em;
|
|
18
|
+
margin: 4em auto 0;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
div.dialog > div {
|
|
22
|
+
border: 1px solid #CCC;
|
|
23
|
+
border-right-color: #999;
|
|
24
|
+
border-left-color: #999;
|
|
25
|
+
border-bottom-color: #BBB;
|
|
26
|
+
border-top: #B00100 solid 4px;
|
|
27
|
+
border-top-left-radius: 9px;
|
|
28
|
+
border-top-right-radius: 9px;
|
|
29
|
+
background-color: white;
|
|
30
|
+
padding: 7px 12% 0;
|
|
31
|
+
box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
|
|
32
|
+
}
|
|
33
|
+
|
|
34
|
+
h1 {
|
|
35
|
+
font-size: 100%;
|
|
36
|
+
color: #730E15;
|
|
37
|
+
line-height: 1.5em;
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
div.dialog > p {
|
|
41
|
+
margin: 0 0 1em;
|
|
42
|
+
padding: 1em;
|
|
43
|
+
background-color: #F7F7F7;
|
|
44
|
+
border: 1px solid #CCC;
|
|
45
|
+
border-right-color: #999;
|
|
46
|
+
border-left-color: #999;
|
|
47
|
+
border-bottom-color: #999;
|
|
48
|
+
border-bottom-left-radius: 4px;
|
|
49
|
+
border-bottom-right-radius: 4px;
|
|
50
|
+
border-top-color: #DADADA;
|
|
51
|
+
color: #666;
|
|
52
|
+
box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
|
|
53
|
+
}
|
|
54
|
+
</style>
|
|
55
|
+
</head>
|
|
56
|
+
|
|
57
|
+
<body>
|
|
58
|
+
<!-- This file lives in public/500.html -->
|
|
59
|
+
<div class="dialog">
|
|
60
|
+
<div>
|
|
61
|
+
<h1>We're sorry, but something went wrong.</h1>
|
|
62
|
+
</div>
|
|
63
|
+
<p>If you are the application owner check the logs for more information.</p>
|
|
64
|
+
</div>
|
|
65
|
+
</body>
|
|
66
|
+
</html>
|
|
File without changes
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
FactoryGirl.define do
|
|
2
|
+
factory :role, class: ApiGuardian::Role do
|
|
3
|
+
name { Faker::Lorem.word }
|
|
4
|
+
default false
|
|
5
|
+
|
|
6
|
+
factory :default_role do
|
|
7
|
+
default true
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
factory :role_with_permissions do
|
|
11
|
+
transient do
|
|
12
|
+
permission_count 5
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
after(:create) do |role, evaluator|
|
|
16
|
+
evaluator.permission_count.times do |n|
|
|
17
|
+
permission = create(:permission)
|
|
18
|
+
granted = n.even? ? true : false
|
|
19
|
+
create(:role_permission, role: role, permission: permission, granted: granted)
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
FactoryGirl.define do
|
|
2
|
+
factory :user, class: ApiGuardian::User do |f|
|
|
3
|
+
f.first_name { Faker::Name.first_name }
|
|
4
|
+
f.last_name { Faker::Name.last_name }
|
|
5
|
+
f.sequence(:email) { |n| "what#{n}@someplace.com" }
|
|
6
|
+
f.phone_number { Faker::PhoneNumber.phone_number }
|
|
7
|
+
f.password 'password'
|
|
8
|
+
f.password_confirmation 'password'
|
|
9
|
+
f.association :role, factory: :role_with_permissions
|
|
10
|
+
end
|
|
11
|
+
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
RSpec.describe ApiGuardian::Permission, type: :model do
|
|
2
|
+
subject { create(:permission) }
|
|
3
|
+
|
|
4
|
+
# Relations
|
|
5
|
+
context 'relations' do
|
|
6
|
+
it { should have_many(:role_permissions) }
|
|
7
|
+
it { should have_many(:roles) }
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
# Validations
|
|
11
|
+
context 'validations' do
|
|
12
|
+
it { should validate_presence_of :name }
|
|
13
|
+
it { should validate_presence_of :desc }
|
|
14
|
+
it { should validate_uniqueness_of :name }
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
# Delegates
|
|
18
|
+
describe 'delegates' do
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
# Scopes
|
|
22
|
+
describe 'scopes' do
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Methods
|
|
26
|
+
context 'methods' do
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
RSpec.describe ApiGuardian::RolePermission, type: :model do
|
|
2
|
+
subject { create(:role_permission) }
|
|
3
|
+
|
|
4
|
+
# Relations
|
|
5
|
+
context 'relations' do
|
|
6
|
+
it { should belong_to(:role) }
|
|
7
|
+
it { should belong_to(:permission) }
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
# Validations
|
|
11
|
+
context 'validations' do
|
|
12
|
+
# TODO: This has a weird test error
|
|
13
|
+
# it { should validate_uniqueness_of(:role_id).scoped_to(:permission_id).with_message('Permission combination already exists!') }
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
# Delegates
|
|
17
|
+
describe 'delegates' do
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
# Scopes
|
|
21
|
+
describe 'scopes' do
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Methods
|
|
25
|
+
context 'methods' do
|
|
26
|
+
end
|
|
27
|
+
end
|
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
RSpec.describe ApiGuardian::Role, type: :model do
|
|
2
|
+
# Relations
|
|
3
|
+
context 'relations' do
|
|
4
|
+
it { should have_many(:users) }
|
|
5
|
+
it { should have_many(:role_permissions) }
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
# Validations
|
|
9
|
+
context 'validations' do
|
|
10
|
+
it { should validate_presence_of :name }
|
|
11
|
+
it { should validate_uniqueness_of :name }
|
|
12
|
+
|
|
13
|
+
# TODO: Fix this
|
|
14
|
+
# context 'default should be unique' do
|
|
15
|
+
# context 'if true' do
|
|
16
|
+
# before { subject.default = true }
|
|
17
|
+
# it { should validate_uniqueness_of :default }
|
|
18
|
+
# end
|
|
19
|
+
#
|
|
20
|
+
# context 'unless false' do
|
|
21
|
+
# before { subject.default = false }
|
|
22
|
+
# it { should_not validate_uniqueness_of :default }
|
|
23
|
+
# end
|
|
24
|
+
# end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# Delegates
|
|
28
|
+
describe 'delegates' do
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Scopes
|
|
32
|
+
describe 'scopes' do
|
|
33
|
+
let!(:default_role) { create(:role, default: true) }
|
|
34
|
+
let!(:non_default_role) { create(:role) }
|
|
35
|
+
|
|
36
|
+
it '.default' do
|
|
37
|
+
expect(ApiGuardian::Role.default.all).to eq [default_role]
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
# Methods
|
|
42
|
+
context 'methods' do
|
|
43
|
+
describe '.default_role' do
|
|
44
|
+
let!(:default_role) { create(:role, default: true) }
|
|
45
|
+
let!(:non_default_role) { create(:role) }
|
|
46
|
+
|
|
47
|
+
it 'should return default role' do
|
|
48
|
+
expect(ApiGuardian::Role.default_role).to eq default_role
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
describe '#can? and #cannot?' do
|
|
53
|
+
let!(:role) { create(:role_with_permissions) }
|
|
54
|
+
|
|
55
|
+
it 'errors on invalid permisson' do
|
|
56
|
+
expect { role.can? 'invalid' }.to raise_error ApiGuardian::Errors::InvalidPermissionNameError
|
|
57
|
+
expect { role.cannot? 'invalid' }.to raise_error ApiGuardian::Errors::InvalidPermissionNameError
|
|
58
|
+
end
|
|
59
|
+
|
|
60
|
+
context 'with array of permissions' do
|
|
61
|
+
it 'is true if at least one permission is granted' do
|
|
62
|
+
granted_perm1 = role.role_permissions.where(granted: true).first.permission
|
|
63
|
+
granted_perm2 = role.role_permissions.where(granted: true).last.permission
|
|
64
|
+
nongranted_perm1 = role.role_permissions.where(granted: false).first.permission
|
|
65
|
+
nongranted_perm2 = role.role_permissions.where(granted: false).last.permission
|
|
66
|
+
|
|
67
|
+
# multiple granted permissions
|
|
68
|
+
expect(role.can?([granted_perm1.name, granted_perm2.name])).to be true
|
|
69
|
+
expect(role.cannot?([granted_perm1.name, granted_perm2.name])).to be false
|
|
70
|
+
|
|
71
|
+
# single granted permission
|
|
72
|
+
expect(role.can?([granted_perm1.name, nongranted_perm1.name])).to be true
|
|
73
|
+
expect(role.cannot?([granted_perm1.name, nongranted_perm1.name])).to be false
|
|
74
|
+
|
|
75
|
+
# no granted permissions
|
|
76
|
+
expect(role.can?([nongranted_perm1.name, nongranted_perm2.name])).to be false
|
|
77
|
+
expect(role.cannot?([nongranted_perm1.name, nongranted_perm2.name])).to be true
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
context 'with single permission' do
|
|
82
|
+
it 'is true if permission is granted' do
|
|
83
|
+
granted_perm = role.role_permissions.where(granted: true).first.permission
|
|
84
|
+
nongranted_perm = role.role_permissions.where(granted: false).first.permission
|
|
85
|
+
|
|
86
|
+
expect(role.can? granted_perm.name).to be true
|
|
87
|
+
expect(role.cannot? granted_perm.name).to be false
|
|
88
|
+
expect(role.can? nongranted_perm.name).to be false
|
|
89
|
+
expect(role.cannot? nongranted_perm.name).to be true
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
describe '#permissions' do
|
|
95
|
+
let!(:role) { create(:role_with_permissions) }
|
|
96
|
+
|
|
97
|
+
it 'returns an array of granted permission names' do
|
|
98
|
+
result = role.permissions
|
|
99
|
+
|
|
100
|
+
perms = []
|
|
101
|
+
role.role_permissions.each do |rp|
|
|
102
|
+
perms.push rp.permission.name if rp.granted
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
expect(result).to eq perms
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
it 'returns only manage permission if it exists' do
|
|
109
|
+
perm_read = create(:permission, name: 'user:read')
|
|
110
|
+
perm_create = create(:permission, name: 'user:create')
|
|
111
|
+
perm_manage = create(:permission, name: 'user:manage')
|
|
112
|
+
|
|
113
|
+
role.role_permissions.create!(permission: perm_read, granted: true)
|
|
114
|
+
role.role_permissions.create!(permission: perm_create, granted: true)
|
|
115
|
+
role.role_permissions.create!(permission: perm_manage, granted: true)
|
|
116
|
+
|
|
117
|
+
result = role.permissions
|
|
118
|
+
|
|
119
|
+
expect(result).not_to include('user:read')
|
|
120
|
+
expect(result).not_to include('user:create')
|
|
121
|
+
expect(result).to include('user:manage')
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
describe '#create_default_permissions' do
|
|
126
|
+
let!(:role) { create(:role_with_permissions) }
|
|
127
|
+
|
|
128
|
+
it 'should associate permissions that are not yet associated' do
|
|
129
|
+
expect(role.role_permissions.count).to eq 5 # default from factory
|
|
130
|
+
|
|
131
|
+
# When granted
|
|
132
|
+
perm1 = create(:permission)
|
|
133
|
+
|
|
134
|
+
role.create_default_permissions true
|
|
135
|
+
|
|
136
|
+
expect(role.role_permissions.count).to eq 6
|
|
137
|
+
expect(role.permissions).to include(perm1.name)
|
|
138
|
+
|
|
139
|
+
# When not granted
|
|
140
|
+
perm2 = create(:permission)
|
|
141
|
+
|
|
142
|
+
role.create_default_permissions false
|
|
143
|
+
|
|
144
|
+
expect(role.role_permissions.count).to eq 7
|
|
145
|
+
expect(role.permissions).not_to include(perm2.name)
|
|
146
|
+
end
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
describe '#add_permission' do
|
|
150
|
+
let!(:role) { create(:role_with_permissions) }
|
|
151
|
+
|
|
152
|
+
it 'errors on invalid permission' do
|
|
153
|
+
expect { role.add_permission 'invalid' }.to raise_error ApiGuardian::Errors::InvalidPermissionNameError
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
it 'allows permission to be added by name' do
|
|
157
|
+
expect(role.permissions.count).to eq 3
|
|
158
|
+
|
|
159
|
+
create(:permission, name: 'user:read')
|
|
160
|
+
role.add_permission('user:read')
|
|
161
|
+
|
|
162
|
+
expect(role.permissions.count).to eq 4
|
|
163
|
+
expect(role.permissions).to include('user:read')
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
it 'grants already added permission' do
|
|
167
|
+
expect(role.permissions.count).to eq 3
|
|
168
|
+
expect(role.role_permissions.count).to eq 5
|
|
169
|
+
|
|
170
|
+
perm = create(:permission, name: 'user:read')
|
|
171
|
+
role.role_permissions.create(permission: perm, granted: false)
|
|
172
|
+
|
|
173
|
+
expect(role.permissions.count).to eq 3
|
|
174
|
+
expect(role.role_permissions.count).to eq 6
|
|
175
|
+
|
|
176
|
+
role.add_permission('user:read')
|
|
177
|
+
|
|
178
|
+
expect(role.permissions.count).to eq 4
|
|
179
|
+
expect(role.role_permissions.count).to eq 6
|
|
180
|
+
end
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
describe '#remove_permission' do
|
|
184
|
+
let!(:role) { create(:role_with_permissions) }
|
|
185
|
+
|
|
186
|
+
it 'sets permission grant to false' do
|
|
187
|
+
perm_name = role.permissions.first
|
|
188
|
+
expect(role.permissions.count).to eq 3
|
|
189
|
+
expect(role.role_permissions.count).to eq 5
|
|
190
|
+
|
|
191
|
+
role.remove_permission(perm_name)
|
|
192
|
+
|
|
193
|
+
expect(role.permissions.count).to eq 2
|
|
194
|
+
expect(role.role_permissions.count).to eq 5
|
|
195
|
+
end
|
|
196
|
+
|
|
197
|
+
it 'can destroy permission altogether' do
|
|
198
|
+
perm_name = role.permissions.first
|
|
199
|
+
expect(role.permissions.count).to eq 3
|
|
200
|
+
expect(role.role_permissions.count).to eq 5
|
|
201
|
+
|
|
202
|
+
role.remove_permission(perm_name, true)
|
|
203
|
+
|
|
204
|
+
expect(role.permissions.count).to eq 2
|
|
205
|
+
expect(role.role_permissions.count).to eq 4
|
|
206
|
+
end
|
|
207
|
+
end
|
|
208
|
+
end
|
|
209
|
+
end
|