arrthorizer 0.1.0.pre

data/spec/internal/config/database.yml

@@ -0,0 +1,25 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: db/test.sqlite3
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000

data/spec/internal/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+TestCbac::Application.initialize!

data/spec/internal/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  get "some/some_action"
+end

data/spec/internal/db/schema.rb

@@ -0,0 +1,3 @@
+ActiveRecord::Schema.define do
+  #
+end

data/spec/internal/log/.gitignore

@@ -0,0 +1 @@
+*.log

data/spec/permission/grant_spec.rb

@@ -0,0 +1,14 @@
+require "spec_helper"
+
+describe Arrthorizer::Permission do
+  describe :grant do
+    let(:privilege) { Arrthorizer::Privilege.new(name: "privilege") }
+    let(:role) { UnnamespacedContextRole }
+
+    it "adds the role to the privilege set" do
+      Arrthorizer::Permission.grant(privilege, to: role)
+
+      expect(privilege).to be_accessible_to(role)
+    end
+  end
+end

data/spec/privilege/accessible_to_spec.rb

@@ -0,0 +1,32 @@
+require "spec_helper"
+
+describe Arrthorizer::Privilege do
+  subject(:privilege) { Arrthorizer::Privilege.new(name: "some privilege") }
+
+  let(:role) { Namespaced::ContextRole }
+  let(:other_role) { UnnamespacedContextRole }
+
+  describe :accessible_to? do
+    context "when a Role was configured to have access to this privilege" do
+      before :each do
+        privilege.make_accessible_to(role)
+      end
+
+      context "and that Role is provided" do
+        let(:arg) { role }
+
+        it "returns true" do
+          expect(privilege.accessible_to?(arg)).to be_true
+        end
+      end
+
+      context "and the name of that Role is provided" do
+        let(:arg) { role.name }
+
+        it "returns true" do
+          expect(privilege.accessible_to?(arg)).to be_true
+        end
+      end
+    end
+  end
+end

data/spec/privilege/get_spec.rb

@@ -0,0 +1,35 @@
+require "spec_helper"
+
+describe Arrthorizer::Privilege do
+  describe :get do
+    context "when the privilege set does not exist" do
+      it "raises a Privilege::NotFound error" do
+        expect {
+          Arrthorizer::Privilege.get("computer_says_no")
+        }.to raise_error(Arrthorizer::Registry::NotFound)
+      end
+    end
+
+    context "when the privilege set with the given name exists" do
+      let(:name) { "computer_says_hi" }
+
+      before do
+        @privilege = Arrthorizer::Privilege.new(name: name)
+      end
+
+      it "returns that privilege set" do
+        Arrthorizer::Privilege.get(name).should be @privilege
+      end
+    end
+
+    context "when the parameter is already a privilege set" do
+      before do
+        @privilege = Arrthorizer::Privilege.new(name: "irrelevant")
+      end
+
+      specify "that privilege set is returned" do
+        Arrthorizer::Privilege.get(@privilege).should be @privilege
+      end
+    end
+  end
+end

data/spec/privilege/initialize_spec.rb

@@ -0,0 +1,15 @@
+require "spec_helper"
+
+describe Arrthorizer::Privilege do
+  describe :initialize do
+    let(:role) { UnnamespacedContextRole }
+    let(:roles) { [ role ] }
+    let(:name) { "some name" }
+
+    subject(:privilege) { Arrthorizer::Privilege.new(name: name, roles: roles) }
+
+    it "makes itself accessible to each provided role" do
+      expect(privilege).to be_accessible_to(role)
+    end
+  end
+end

data/spec/privilege/make_accessible_to_spec.rb

@@ -0,0 +1,22 @@
+require "spec_helper"
+
+describe Arrthorizer::Privilege do
+  describe :make_accessible_to do
+    let(:privilege) { Arrthorizer::Privilege.new(name: "privilege") }
+    let(:role) { UnnamespacedContextRole }
+
+    it "makes the privilege accessible to the role" do
+      expect {
+        privilege.make_accessible_to(role)
+      }.to change { privilege.accessible_to?(role) }.to(true)
+    end
+
+    it "does not make it accessible to a different role" do
+      unrelated_role = Namespaced::ContextRole
+
+      expect {
+        privilege.make_accessible_to(role)
+      }.not_to change { privilege.accessible_to?(unrelated_role) }.to(true)
+    end
+  end
+end

data/spec/rails/controller_action/initialize_spec.rb

@@ -0,0 +1,42 @@
+require "spec_helper"
+
+describe Arrthorizer::Rails::ControllerAction do
+  let(:controller_name) { 'some_controller' }
+  let(:action_name) { 'some_action' }
+
+  let(:definition) { { controller: controller_name, action: action_name } }
+
+  describe :initialize do
+    context "when all parameters are properly specified" do
+      it "does not raise an error" do
+        expect {
+          Arrthorizer::Rails::ControllerAction.new(definition)
+        }.not_to raise_error
+      end
+    end
+
+    context "when the controller is not properly specified" do
+      before :each do
+        definition.delete(:controller)
+      end
+
+      it "raises an Arrthorizer::Rails::ControllerAction::ControllerNotDefined" do
+        expect {
+          Arrthorizer::Rails::ControllerAction.new(definition)
+        }.to raise_error(Arrthorizer::Rails::ControllerAction::ControllerNotDefined)
+      end
+    end
+
+    context "when the action is not properly specified" do
+      before :each do
+        definition.delete(:action)
+      end
+
+      it "does raises an Arrthorizer::Rails::ControllerAction::ActionNotDefined" do
+        expect {
+          Arrthorizer::Rails::ControllerAction.new(definition)
+        }.to raise_error(Arrthorizer::Rails::ControllerAction::ActionNotDefined)
+      end
+    end
+  end
+end

data/spec/rails/controller_action/key_for_spec.rb

@@ -0,0 +1,17 @@
+require "spec_helper"
+
+describe Arrthorizer::Rails::ControllerAction do
+  describe :key_for do
+    context "when the controller lives in a separate namespace" do
+      let(:controller_path) { 'namespace/controller_name' }
+      let(:controller_path_regex) { %r(#{controller_path}) }
+      let(:controller) { double('some_controller', controller_path: controller_path, action_name: 'some_action') }
+
+      specify "that namespace is made part of the key" do
+        key = Arrthorizer::Rails::ControllerAction.key_for(controller)
+
+        expect(key).to match(%r(#{controller_path}))
+      end
+    end
+  end
+end

data/spec/rails/controller_action/to_key_spec.rb

@@ -0,0 +1,14 @@
+require "spec_helper"
+
+describe Arrthorizer::Rails::ControllerAction do
+  describe :to_key do
+    let(:controller) { "forum/topics" }
+    let(:action) { "create" }
+
+    subject(:controller_action) { Arrthorizer::Rails::ControllerAction.new(controller: controller, action: action) }
+
+    it "joins controller and action into a 'hash shorthand'" do
+      expect(controller_action.to_key).to eql("#{controller}##{action}")
+    end
+  end
+end

data/spec/rails/controller_concern/arrthorizer_context_spec.rb

@@ -0,0 +1,22 @@
+require "spec_helper"
+
+describe Arrthorizer::Rails::ControllerConcern do
+  let(:controller_class) { Class.new(SomeController) }
+  let(:controller) { controller_class.new }
+
+  before :each do
+    controller_class.to_prepare_context do |c|
+      c.defaults do
+        params
+      end
+    end
+
+    controller.stub(:request).and_return(ActionDispatch::TestRequest.new)
+  end
+
+  describe :arrthorizer_context do
+    it "returns an Arrthorizer::Context" do
+      controller.send(:arrthorizer_context).should be_a Arrthorizer::Context
+    end
+  end
+end

data/spec/rails/controller_concern/authorize_spec.rb

@@ -0,0 +1,113 @@
+require 'spec_helper'
+
+describe Arrthorizer::Rails::ControllerConcern do
+  let(:controller_class) { Class.new(SomeController) }
+  let(:controller) { controller_class.new }
+  let(:controller_action){ Arrthorizer::Rails::ControllerAction.new(controller: controller_path, action: action_name)}
+
+  let(:action_name){ "some_action" }
+  let(:controller_path){ "some" }
+  let(:current_user){ double("user") }
+  let(:context){ double("context") }
+
+  before do
+    controller.stub(:action_name).and_return(action_name)
+    controller.stub(:current_user).and_return(current_user)
+    controller.stub(:arrthorizer_context).and_return(context)
+    controller.stub(:controller_path).and_return(controller_path)
+  end
+
+  describe :authorize do
+    context "when no privilege has been defined for the action" do
+      it "is forbidden" do
+        expect(controller).to receive(:forbidden)
+
+        controller.send(:authorize)
+      end
+    end
+
+    context "when a privilege has been defined for the action" do
+      let(:privilege){ Arrthorizer::Privilege.new(name: "test privilege") }
+      let(:permitted_roles){ Arrthorizer::Registry.new }
+
+      before do
+        controller_action.stub(:privilege).and_return(privilege)
+        privilege.stub(:permitted_roles).and_return(permitted_roles)
+      end
+
+      context "but the privilege has no permitted roles" do
+        it "is forbidden" do
+          expect(controller).to receive(:forbidden)
+
+          controller.send(:authorize)
+        end
+      end
+
+      context "and the privilege has a permitted role"  do
+        let(:role){ Arrthorizer::Role.new }
+
+        before do
+          role.stub(:name).and_return('some_role')
+          permitted_roles.add(role)
+        end
+
+        context "and the role applies to the user" do
+          before do
+            role.stub(:applies_to_user?).with(current_user, context).and_return(true)
+          end
+
+          it "is not forbidden" do
+            expect(controller).not_to receive(:forbidden)
+
+            controller.send(:authorize)
+          end
+        end
+
+        context "and the role does not apply to the user" do
+          before do
+            role.stub(:applies_to_user?).with(current_user, context).and_return(false)
+          end
+
+          it "is forbidden" do
+            expect(controller).to receive(:forbidden)
+
+            controller.send(:authorize)
+          end
+
+          context "when the privilege has another permitted role" do
+            let(:another_role){ Arrthorizer::Role.new }
+
+            before do
+              another_role.stub(:name).and_return('another_role')
+              permitted_roles.add(another_role)
+            end
+
+            context "and the role applies to the user" do
+              before do
+                another_role.stub(:applies_to_user?).with(current_user, context).and_return(true)
+              end
+
+              it "is not forbidden" do
+                expect(controller).not_to receive(:forbidden)
+
+                controller.send(:authorize)
+              end
+            end
+
+            context "and the role does not apply to the user" do
+              before do
+                another_role.stub(:applies_to_user?).with(current_user, context).and_return(false)
+              end
+
+              it "is forbidden" do
+                expect(controller).to receive(:forbidden)
+
+                controller.send(:authorize)
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/spec/rails/controller_concern/integration_spec.rb

@@ -0,0 +1,75 @@
+require "spec_helper"
+
+require 'arrthorizer/rails'
+
+describe Arrthorizer::Rails do
+  describe "controller integration" do
+    let(:controller_class) { Class.new(ApplicationController) do def index; end end}
+
+    describe "each controller class" do
+      it "responds to :prepare_context" do
+        controller_class.should respond_to :to_prepare_context
+      end
+
+      it "responds to :arrthorizer_configuration" do
+        controller_class.should respond_to :arrthorizer_configuration
+      end
+    end
+
+    describe "each controller" do
+      let(:controller) { controller_class.new }
+
+      it "responds to :arrthorizer_context" do
+        controller.should respond_to :arrthorizer_context
+      end
+
+      context "when it has a proper configuration for context building" do
+        let(:injected_params) { { some_param: 1 } }
+        let(:current_action) { 'some_action' }
+
+        before :each do
+          controller.stub(:params).and_return injected_params
+
+          controller.stub(:action_name).and_return(current_action)
+        end
+
+        context "and there is no specific configuration for the current action" do
+          before :each do
+            controller_class.to_prepare_context do |c|
+              c.defaults do
+                params # this is an example config which can be easily tested
+              end
+            end
+          end
+
+          it "uses the 'default' config to build an Arrthorizer context" do
+            controller.send(:arrthorizer_context).should == Arrthorizer::Context(injected_params)
+          end
+        end
+
+        context "and there is a specific configuration for the current action" do
+          let(:action_specific_config) { { some_extra_key: 'some_value' }}
+
+          before :each do
+            controller_class.to_prepare_context do |c|
+              c.defaults do
+                params
+              end
+
+              c.for_action(current_action) do
+                arrthorizer_defaults.merge(some_extra_key: 'some_value')
+              end
+            end
+          end
+
+          it "uses the more specific configuration for the current action" do
+            context_hash = injected_params.merge(action_specific_config)
+            expected_context = Arrthorizer::Context(context_hash)
+
+            controller.send(:arrthorizer_context).should == expected_context
+          end
+        end
+      end
+    end
+  end
+end

data/spec/rails/controller_concern/to_prepare_context_spec.rb

@@ -0,0 +1,38 @@
+require "spec_helper"
+
+describe Arrthorizer::Rails::ControllerConcern do
+  describe :to_prepare_context do
+    let(:controller_class) { Class.new(ApplicationController) }
+    let(:expected_controller_configuration_type) { Arrthorizer::Rails::ControllerConfiguration }
+
+    it "adds a ControllerConfiguration to the class" do
+      expected_controller_configuration = an_instance_of(expected_controller_configuration_type)
+
+      expect {
+        controller_class.to_prepare_context do end
+      }.to change { controller_class.arrthorizer_configuration }.to(expected_controller_configuration)
+    end
+
+    context "when we are dealing with a subclassed controller" do
+      let(:controller_subclass) { Class.new(controller_class) }
+
+      before :each do
+        controller_class.to_prepare_context do end
+      end
+
+      it "does not alter the context config for the superclass" do
+        expect {
+          controller_subclass.to_prepare_context do end
+        }.not_to change { controller_class.arrthorizer_configuration }
+      end
+    end
+
+    context "when no configuration block is provided" do
+      specify "an Arrthorizer::Rails::ControllerConfiguration::Error is raised" do
+        expect {
+          controller_class.to_prepare_context
+        }.to raise_error(Arrthorizer::Rails::ControllerConfiguration::Error)
+      end
+    end
+  end
+end

data/spec/rails/controller_configuration/initialize_spec.rb

@@ -0,0 +1,19 @@
+require "spec_helper"
+
+describe Arrthorizer::Rails::ControllerConfiguration do
+  describe :initialize do
+    it "yields the new instance to the builder block" do
+      expect { |block|
+        Arrthorizer::Rails::ControllerConfiguration.new(&block)
+      }.to yield_with_args(an_instance_of(Arrthorizer::Rails::ControllerConfiguration))
+    end
+
+    context "when no builder block is provided" do
+      specify "an Arrthorizer::Rails::ControllerConfiguration::Error is raised" do
+        expect {
+          Arrthorizer::Rails::ControllerConfiguration.new
+        }.to raise_error(Arrthorizer::Rails::ControllerConfiguration::Error)
+      end
+    end
+  end
+end

data/spec/role/get_spec.rb

@@ -0,0 +1,29 @@
+require "spec_helper"
+
+require_relative 'shared_examples/finding_the_right_role.rb'
+
+describe Arrthorizer::Role do
+  describe :get do
+    describe "fetching ContextRoles" do
+      let(:expected_role) { Namespaced::ContextRole.instance } # provided by the internal Rails app
+
+      context "when a ContextRole class is provided" do
+        it_behaves_like "finding the right Role" do
+          let(:arg) { expected_role.class }
+        end
+      end
+
+      context "when a String representing a ContextRole instance is provided" do
+        it_behaves_like "finding the right Role" do
+          let(:arg) { expected_role.to_key }
+        end
+      end
+
+      context "when a ContextRole instance is provided" do
+        it_behaves_like "finding the right Role" do
+          let(:arg) { expected_role }
+        end
+      end
+    end
+  end
+end

data/spec/role/shared_examples/finding_the_right_role.rb

@@ -0,0 +1,6 @@
+shared_examples_for "finding the right Role" do
+  it "finds the right Role" do
+    expect(Arrthorizer::Role.get(arg)).to be expected_role
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,21 @@
+require 'rubygems'
+require 'bundler/setup'
+
+require 'combustion'
+
+Combustion.initialize! :active_record, :action_controller,
+                       :action_view
+
+require 'rspec/rails'
+
+Dir.glob('./spec/support/**/*.rb') do |file|
+  require file
+end
+
+Dir.glob('./spec/fixtures/**/*.rb') do |file|
+  require file
+end
+
+RSpec.configure do |config|
+  config.use_transactional_fixtures = true
+end

data/spec/support/reset.rb

@@ -0,0 +1,26 @@
+module Arrthorizer
+  module Rails
+    module Resetter
+      extend self
+
+      def reset!
+        Arrthorizer::Rails::ControllerAction.send(:registry).reset!
+
+        Arrthorizer::Rails::Configuration.load
+      end
+    end
+  end
+
+  class Registry
+    def reset!
+      self.storage = Hash.new
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.before :each do
+    Arrthorizer::Rails::Resetter.reset!
+  end
+end
+