authorize 0.0.1

data/test/script/about

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/about'

data/test/script/console

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/console'

data/test/script/dbconsole

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/dbconsole'

data/test/script/destroy

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/destroy'

data/test/script/generate

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/generate'

data/test/script/performance/benchmarker

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../config/boot'
+require 'commands/performance/benchmarker'

data/test/script/performance/profiler

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../config/boot'
+require 'commands/performance/profiler'

data/test/script/performance/request

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../config/boot'
+require 'commands/performance/request'

data/test/script/plugin

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/plugin'

data/test/script/process/inspector

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../config/boot'
+require 'commands/process/inspector'

data/test/script/process/reaper

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../config/boot'
+require 'commands/process/reaper'

data/test/script/process/spawner

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../config/boot'
+require 'commands/process/spawner'

data/test/script/runner

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/runner'

data/test/script/server

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/server'

data/test/test/fixtures/authorize/role_graph.yml

@@ -0,0 +1,11 @@
+--- !hapgoods.com,2010/graph
+# 417269330
+- administrator
+# 1001664029
+- public
+# 428714999
+- registered_users: [public]
+# 782668386
+- user_chris: [registered_users]
+# 12918588
+- user_pascale: [registered_users, administrator]

data/test/test/fixtures/permissions.yml

@@ -0,0 +1,27 @@
+a_read_foo:
+  mask: <%= Authorize::Permission::Mask[:list, :read].to_i %>
+  role: a
+  _resource: foo (Widget)
+a_list_bar:
+  mask: <%= Authorize::Permission::Mask[:list].to_i %>
+  role: a
+  _resource: bar (Widget)
+b_overlord:
+  mask: <%= Authorize::Permission::Mask[:all].to_i %>
+  role: administrator
+c_all_widgets:
+  mask: <%= Authorize::Permission::Mask[:all].to_i %>
+  role: c
+  resource_type: Widget
+d_update_bar:
+  mask: <%= Authorize::Permission::Mask[:list, :read, :update].to_i %>
+  role: d
+  _resource: bar (Widget)
+e_delete_bar:
+  mask: <%= Authorize::Permission::Mask[:list, :delete].to_i %>
+  role: e
+  _resource: bar (Widget)
+user_chris_all_chris:
+  mask: <%= Authorize::Permission::Mask[:all].to_i %>
+  role: user_chris
+  _resource: chris (User)

data/test/test/fixtures/redis/redis.yml

@@ -0,0 +1,8 @@
+- string: x
+- list: [one, two, three]
+- set: !ruby/object:Set
+    hash: {1: true, 2: true}
+- hash: {:a: 1, :b: 2}
+- value: &value <%= Marshal.dump(Date.new(1965, 11, 16))%>
+- value_set: !ruby/object:Set
+    hash: {*value: true}

data/test/test/fixtures/redis/role_graph.yml

@@ -0,0 +1,29 @@
+# Vertices (just markers)
+- <%= "Authorize::Role::vertices::#{Fixtures.identify(:user_chris)}::_" %>: ~
+- <%= "Authorize::Role::vertices::#{Fixtures.identify(:public)}::_" %>: ~
+- <%= "Authorize::Role::vertices::#{Fixtures.identify(:registered_users)}::_" %>: ~
+# Edge counter
+- "Authorize::Role::graph::_edges": "10"
+# Edges
+- Authorize::Role::graph::_edges::1::l_id: <%= "Authorize::Role::vertices::#{Fixtures.identify(:user_chris)}" %>
+- Authorize::Role::graph::_edges::1::r_id: <%= "Authorize::Role::vertices::#{Fixtures.identify(:registered_users)}" %>
+- Authorize::Role::graph::_edges::2::l_id: <%= "Authorize::Role::vertices::#{Fixtures.identify(:registered_users)}" %>
+- Authorize::Role::graph::_edges::2::r_id: <%= "Authorize::Role::vertices::#{Fixtures.identify(:public)}" %>
+# Set of vertices belonging to the role graph
+- "Authorize::Role::graph": !ruby/object:Set
+    hash:
+      <%= "Authorize::Role::vertices::#{Fixtures.identify(:public)}" %>: true
+      <%= "Authorize::Role::vertices::#{Fixtures.identify(:registered_users)}" %>: true
+      <%= "Authorize::Role::vertices::#{Fixtures.identify(:user_chris)}" %>: true
+# Set of edges belonging to the role graph
+- "Authorize::Role::graph::edge_ids": !ruby/object:Set
+    hash:
+      Authorize::Role::graph::edges::1: true
+      Authorize::Role::graph::edges::2: true
+# Set of edges per vertex
+- <%= "Authorize::Role::vertices::#{Fixtures.identify(:user_chris)}::edge_ids" %>: !ruby/object:Set
+    hash:
+      Authorize::Role::graph::_edges::1: true
+- <%= "Authorize::Role::vertices::#{Fixtures.identify(:registered_users)}::edge_ids" %>: !ruby/object:Set
+    hash:
+      Authorize::Role::graph::_edges::2: true

data/test/test/fixtures/roles.yml

@@ -0,0 +1,28 @@
+a:
+  name: a
+  resource: foo (Widget)
+administrator:
+  name: administrator
+  relation: ADM
+c:
+  name: "%s administrator"
+  resource_type: Widget
+d:
+  name: "owner of %s"
+  resource: bar (Widget)
+e:
+  name: "housekeeper of %s"
+  relation: HSK
+  resource: bar (Widget)
+user_chris:
+  name: ~
+  resource: chris (User)
+user_pascale:
+  name: ~
+  resource: pascale (User)
+registered_users:
+  name: Registered Users
+  relation: RUS
+public:
+  name: Public
+  relation: PUB

data/test/test/fixtures/users.yml

@@ -0,0 +1,12 @@
+chris:
+  login: cch1
+  created_at: <%= 2.days.ago.to_s :db %>
+  updated_at: <%= 1.days.ago.to_s :db %>
+pascale:
+  login: pah1
+  created_at: <%= 2.days.ago.to_s :db %>
+  updated_at: <%= 1.days.ago.to_s :db %>
+alex:
+  login: ach1
+  created_at: <%= 2.days.ago.to_s :db %>
+  updated_at: <%= 1.days.ago.to_s :db %>

data/test/test/fixtures/widgets.yml

@@ -0,0 +1,12 @@
+foo:
+  name: super
+  created_at: <%= 2.days.ago.to_s :db %>
+  updated_at: <%= 1.days.ago.to_s :db %>
+bar:
+  name: deluxe
+  created_at: <%= 2.days.ago.to_s :db %>
+  updated_at: <%= 1.days.ago.to_s :db %>
+baz:
+  name: baz
+  created_at: <%= 2.days.ago.to_s :db %>
+  updated_at: <%= 1.days.ago.to_s :db %>

data/test/test/functional/controller_class_test.rb

@@ -0,0 +1,36 @@
+require 'test_helper'
+
+class ControllerClassTest < ActionController::TestCase
+  fixtures :all
+
+  tests ThingyController
+
+  test 'raise exception when not permitted' do
+    @controller.expects(:roles).returns([])
+    assert_raises Authorize::AuthorizationError do
+      get :index
+    end
+  end
+
+  test 'rescue response' do
+    @controller.expects(:roles).returns([])
+    @request.remote_addr = "192.168.1.1"
+    get :index
+    assert_response :forbidden
+  end
+
+  test 'skip filter' do
+    assert_nothing_raised do
+      get :show
+      assert_response :success
+    end
+  end
+
+  test 'should perform action because of authorization' do
+    @controller.expects(:roles).returns([roles(:administrator)])
+    assert_nothing_raised do
+      get :index
+      assert_response :success
+    end
+  end
+end

data/test/test/functional/controller_test.rb

@@ -0,0 +1,46 @@
+require 'test_helper'
+require 'authorize/graph/fixtures'
+
+class ControllerTest < ActionController::TestCase
+  fixtures :all
+
+  tests WidgetsController
+
+  def setup
+    ::Authorize::Graph::Fixtures.create_fixtures
+  end
+
+  test 'predicate not stuck on false when permitted' do
+    assert @controller.permit?({:list => widgets(:foo)}, {:roles => [roles(:administrator)]})
+  end
+
+  test 'predicate not stuck on true when not permitted' do
+    assert !@controller.permit?({:all => Widget}, {:roles => []})
+  end
+
+  test 'query controller for default roles' do
+    @controller.expects(:roles).returns([roles(:administrator)])
+    @controller.permit?(:update => widgets(:foo))
+  end
+
+  test 'yields to block when permitted' do
+    sentinel = mock('sentinel', {:trip! => true})
+    @controller.permit({:list => widgets(:foo)}, {:roles => [roles(:administrator)]}) {sentinel.trip!}
+  end
+
+  test 'calls handler and does not yield to block when not permitted' do
+    sentinel = mock('sentinel')
+    @controller.expects(:handle_authorization_failure).returns(true)
+    @controller.permit({:all => Widget}, {:roles => []}) {sentinel.trip!}
+  end
+
+  test 'handler raises authorization exception' do
+    assert_raises Authorize::AuthorizationError do
+      @controller.permit({:all => Widget}, {:roles => []}) {sentinel.trip!}
+    end
+  end
+
+  test 'mutiple authorization hash pairs' do
+    assert @controller.permit?({:list => widgets(:foo), :update => users(:chris)}, {:roles => [roles(:user_chris)]})
+  end
+end

data/test/test/test_helper.rb

@@ -0,0 +1,35 @@
+ENV['RAILS_ENV'] = 'test'
+require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
+require 'test_help'
+
+# Set Test::Unit options for optimal performance/fidelity.
+class ActiveSupport::TestCase
+  self.use_transactional_fixtures = true
+  self.use_instantiated_fixtures  = false
+
+  set_fixture_class :permissions => Authorize::Permission, :roles => Authorize::Role
+
+  def self.uses_mocha(description)
+    require 'mocha'
+    yield
+  rescue LoadError
+    $stderr.puts "Skipping #{description} tests. `gem install mocha` and try again."
+  end
+  setup {Authorize::Redis::Base.db.flushdb}
+end
+
+# Unfortunately, setting expectations on any instance for #initialize causes #mocha_teardown
+# to squirt out errors that cannot easily be suppressed in a less intrusive manner.
+module Mocha
+  module API
+    def mocha_teardown_with_warning_suppression
+      old_verbose, $VERBOSE = $VERBOSE, nil
+      mocha_teardown_without_warning_suppression
+      $VERBOSE = old_verbose
+    end
+    alias_method :mocha_teardown_without_warning_suppression, :mocha_teardown
+    alias_method :mocha_teardown, :mocha_teardown_with_warning_suppression
+  end
+end
+
+raise "Test Database doesn't look safe (#{Authorize::Redis::Base.db.inspect} has #{Authorize::Redis::Base.db.dbsize} keys)" unless Authorize::Redis::Base.db.dbsize < 100

data/test/test/unit/bitmask_test.rb

@@ -0,0 +1,112 @@
+require 'test_helper'
+
+class BitmaskTest < ActiveSupport::TestCase
+  def setup
+    @bitmask = Class.new(Authorize::Bitmask)
+    @bitmask.name_values = {:none => 0, :first => 1, :second => 2, :third => 4, :fourth => 8, :first_nibble => 15, :fifth => 16, :sixth => 32, :seventh => 64, :eighth => 128, :all => 255}
+  end
+
+  test 'create degenerate' do
+    b = @bitmask[]
+    assert b.empty?
+  end
+
+  test 'create with integer' do
+    b = @bitmask.new(4)
+    assert_equal Set[:none, :third], b
+  end
+
+  test 'create with invalid integer' do
+    assert_raises RangeError do
+      b = @bitmask.new(256)
+    end
+  end
+
+  test 'create with enum' do
+    b = @bitmask[:first, :third]
+    assert_equal Set[:first, :third], b
+  end
+
+  test 'create with invalid enum' do
+    assert_raises ArgumentError do
+      @bitmask[:first, :third, :ninth]
+    end
+  end
+
+  test 'add bit' do
+    b = @bitmask[]
+    b << :first_nibble
+    assert_equal 15, b.to_i
+  end
+
+  test 'add invalid bit' do
+    b = @bitmask[]
+    assert_raises ArgumentError do
+      b.add :first_word
+    end
+  end
+
+  test 'comparable' do
+    b0 = @bitmask[]
+    b1 = @bitmask[:first, :second, :third, :fourth]
+    b2 = @bitmask[:first_nibble]
+    assert_operator b0, :<, b1
+    assert_operator b2, :==, b1
+  end
+
+  test 'comparable with integers' do
+    b0 = @bitmask[:all]
+    assert_operator b0, :==, 255
+    assert_operator 255, :==, b0
+  end
+
+  test 'dynamic bit getters' do
+    b = @bitmask[:first, :second]
+    assert b._first
+    assert !b._third
+  end
+
+  test 'dynamic bit setters' do
+    b = @bitmask[:first, :second]
+    b._first = false
+    assert !b.include?(:first)
+    b._third = false
+    assert !b.include?(:third)
+  end
+
+  test 'dynamic bit predicates' do
+    b = @bitmask[:first, :second]
+    assert b._first?
+    assert !b._third?
+  end
+
+  test 'complete' do
+    b = @bitmask[]
+    assert_equal Set[:none], b.complete
+    b = @bitmask[:first_nibble]
+    assert_equal Set[:none, :first, :second, :third, :fourth, :first_nibble], b.complete
+    b = @bitmask[:first, :second, :third, :fourth]
+    assert_equal Set[:none, :first, :second, :third, :fourth, :first_nibble], b.complete
+  end
+
+  test 'fundamental' do
+    b = @bitmask[:first_nibble]
+    assert_equal Set[:first, :second, :third, :fourth], b.fundamental
+  end
+
+  test 'minimal' do
+    b = @bitmask[:none, :first, :second, :third, :fourth]
+    assert_equal Set[:first_nibble], b.minimal
+  end
+
+  test 'stringify' do
+    b = @bitmask.new(7)
+    assert_match /\w+(\|\w+){3}/, b.to_s
+    assert_match /none.*third/, b.to_s # canonical order
+  end
+
+  test 'stringify empty set' do
+    b = @bitmask[]
+    assert_equal "", b.to_s
+  end
+end