authorizy 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Authorizy
4
- VERSION = '0.1.0'
4
+ VERSION = '0.2.0'
5
5
  end
@@ -1,7 +1,8 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  RSpec.describe Authorizy::BaseCop, '#access?' do
4
- subject(:cop) { described_class.new('current_user', 'params', 'session', 'controller', 'action') }
4
+ let!(:params) { { 'controller' => 'controller', 'action' => 'action' } }
5
+ let(:cop) { described_class.new('current_user', params, 'session') }
5
6
 
6
7
  it 'returns false as default' do
7
8
  expect(cop.access?).to be(false)
@@ -1,10 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  RSpec.describe Authorizy::Config, '#aliases' do
4
- subject(:config) { described_class.new }
4
+ let!(:config) { described_class.new }
5
5
 
6
6
  it 'has default value and can receive a new one' do
7
- expect(subject.aliases).to eq({})
7
+ expect(config.aliases).to eq({})
8
8
 
9
9
  config.aliases = 'value'
10
10
 
@@ -1,10 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  RSpec.describe Authorizy::Config, '#cop' do
4
- subject(:config) { described_class.new }
4
+ let!(:config) { described_class.new }
5
5
 
6
6
  it 'has default value and can receive a new one' do
7
- expect(subject.cop).to eq(Authorizy::BaseCop)
7
+ expect(config.cop).to eq(Authorizy::BaseCop)
8
8
 
9
9
  config.cop = 'value'
10
10
 
@@ -1,14 +1,14 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  RSpec.describe Authorizy::Config, '#current_user' do
4
- subject(:config) { described_class.new }
4
+ let!(:config) { described_class.new }
5
5
 
6
6
  context 'when uses default value' do
7
7
  context 'when context responds to current_user' do
8
8
  let!(:context) { OpenStruct.new(current_user: 'user') }
9
9
 
10
10
  it 'is called' do
11
- expect(subject.current_user.call(context)).to eq('user')
11
+ expect(config.current_user.call(context)).to eq('user')
12
12
  end
13
13
  end
14
14
 
@@ -16,14 +16,14 @@ RSpec.describe Authorizy::Config, '#current_user' do
16
16
  let!(:context) { 'context' }
17
17
 
18
18
  it 'returns nil' do
19
- expect(subject.current_user.call(context)).to be(nil)
19
+ expect(config.current_user.call(context)).to be(nil)
20
20
  end
21
21
  end
22
22
  end
23
23
 
24
24
  context 'when uses custom value' do
25
25
  it 'executes what you want' do
26
- config.current_user = -> (context) { context[:value] }
26
+ config.current_user = ->(context) { context[:value] }
27
27
 
28
28
  expect(config.current_user.call({ value: 'value' })).to eq('value')
29
29
  end
@@ -1,10 +1,10 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  RSpec.describe Authorizy::Config, '#dependencies' do
4
- subject(:config) { described_class.new }
4
+ let!(:config) { described_class.new }
5
5
 
6
6
  it 'has default value and can receive a new one' do
7
- expect(subject.dependencies).to eq({})
7
+ expect(config.dependencies).to eq({})
8
8
 
9
9
  config.dependencies = 'value'
10
10
 
@@ -2,6 +2,6 @@
2
2
 
3
3
  RSpec.describe Authorizy::Config do
4
4
  it 'starts with a default cop' do
5
- expect(subject.cop).to eq(Authorizy::BaseCop)
5
+ expect(described_class.new.cop).to eq(Authorizy::BaseCop)
6
6
  end
7
7
  end
@@ -1,14 +1,14 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  RSpec.describe Authorizy::Config, '#redirect_url' do
4
- subject(:config) { described_class.new }
4
+ let!(:config) { described_class.new }
5
5
 
6
6
  context 'when uses default value' do
7
7
  context 'when context responds to root_url' do
8
8
  let!(:context) { OpenStruct.new(root_url: '/root') }
9
9
 
10
10
  it 'is called' do
11
- expect(subject.redirect_url.call(context)).to eq('/root')
11
+ expect(config.redirect_url.call(context)).to eq('/root')
12
12
  end
13
13
  end
14
14
 
@@ -16,14 +16,14 @@ RSpec.describe Authorizy::Config, '#redirect_url' do
16
16
  let!(:context) { 'context' }
17
17
 
18
18
  it 'returns just a slash' do
19
- expect(subject.redirect_url.call(context)).to eq('/')
19
+ expect(config.redirect_url.call(context)).to eq('/')
20
20
  end
21
21
  end
22
22
  end
23
23
 
24
24
  context 'when uses custom value' do
25
25
  it 'executes what you want' do
26
- config.redirect_url = -> (context) { context[:value] }
26
+ config.redirect_url = ->(context) { context[:value] }
27
27
 
28
28
  expect(config.redirect_url.call({ value: 'value' })).to eq('value')
29
29
  end
@@ -5,7 +5,6 @@ require 'support/models/empty_cop'
5
5
  require 'support/controllers/dummy_controller'
6
6
 
7
7
  RSpec.describe DummyController, '#authorizy', type: :controller do
8
- let!(:parameters) { ActionController::Parameters.new(key: 'value', controller: 'dummy', action: 'action') }
9
8
  let!(:user) { User.new }
10
9
 
11
10
  context 'when cop responds to the controller name' do
@@ -30,7 +29,7 @@ RSpec.describe DummyController, '#authorizy', type: :controller do
30
29
  end
31
30
  end
32
31
 
33
- context 'when cop responds to the controller name' do
32
+ context 'when cop does not respond to the controller name' do
34
33
  it 'denies the access' do
35
34
  config_mock(cop: EmptyCop, current_user: user) do
36
35
  get :action
@@ -3,13 +3,14 @@
3
3
  require 'support/models/authorizy_cop'
4
4
 
5
5
  RSpec.describe AuthorizyCop do
6
- subject(:cop) { described_class.new('current_user', 'params', 'session', 'controller', 'action') }
6
+ let!(:params) { { controller: 'controller', action: 'action' } }
7
+ let(:cop) { described_class.new('current_user', params, 'session') }
7
8
 
8
9
  it 'adds private attributes readers' do
9
- expect(cop.get_action).to eq('action')
10
- expect(cop.get_controller).to eq('controller')
11
- expect(cop.get_current_user).to eq('current_user')
12
- expect(cop.get_params).to eq('params')
13
- expect(cop.get_session).to eq('session')
10
+ expect(cop.fetch_action).to eq('action')
11
+ expect(cop.fetch_controller).to eq('controller')
12
+ expect(cop.fetch_current_user).to eq('current_user')
13
+ expect(cop.fetch_params).to eq(controller: 'controller', action: 'action')
14
+ expect(cop.fetch_session).to eq('session')
14
15
  end
15
16
  end
@@ -5,7 +5,6 @@ require 'support/models/empty_cop'
5
5
  require 'support/controllers/admin/dummy_controller'
6
6
 
7
7
  RSpec.describe Admin::DummyController, '#authorizy', type: :controller do
8
- let!(:parameters) { ActionController::Parameters.new(key: 'value', controller: 'admin/users', action: 'action') }
9
8
  let!(:user) { User.new }
10
9
 
11
10
  context 'when cop responds to the controller name' do
@@ -30,7 +29,7 @@ RSpec.describe Admin::DummyController, '#authorizy', type: :controller do
30
29
  end
31
30
  end
32
31
 
33
- context 'when cop responds to the controller name' do
32
+ context 'when cop does not respond to the controller name' do
34
33
  it 'denies the access' do
35
34
  config_mock(cop: EmptyCop, current_user: user) do
36
35
  get :action
@@ -1,137 +1,111 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  RSpec.describe Authorizy::Core, '#access?' do
4
- context 'when permissions is in session as string' do
4
+ context 'when cop#access? returns true' do
5
+ let!(:cop) { OpenStruct.new(access?: true) }
5
6
  let!(:current_user) { User.new }
6
- let!(:params) { { 'action' => 'create', 'controller' => 'controller' } }
7
- let!(:session) { { 'permissions' => [{ 'action' => 'create', 'controller' => 'controller' }] } }
7
+ let!(:params) { { action: 'any', controller: 'any' } }
8
+ let!(:session) { {} }
8
9
 
9
- it 'uses the session value skipping the user fetch' do
10
- expect(described_class.new(current_user, params, session).access?).to be(true)
10
+ it 'is authorized based in the cop response' do
11
+ expect(described_class.new(current_user, params, session, cop: cop).access?).to be(true)
11
12
  end
12
13
  end
13
14
 
14
- context 'when permissions is not in session' do
15
- subject(:authorizy) { described_class.new(current_user, params, session) }
16
-
17
- let!(:current_user) { User.new(authorizy: { permissions: [{ action: 'create', controller: 'match' }] }) }
18
- let!(:params) { { 'action' => 'create', 'controller' => 'match' } }
15
+ context 'when permissions is in the current user' do
16
+ let!(:cop) { OpenStruct.new(access?: false) }
17
+ let!(:current_user) { User.new(authorizy: { permissions: [%w[controller create]] }) }
18
+ let!(:params) { { controller: 'controller', action: 'create' } }
19
19
  let!(:session) { {} }
20
20
 
21
- it 'fetches the permission from user' do
22
- expect(authorizy.access?).to be(true)
21
+ it 'is authorized based on the user permissions' do
22
+ expect(described_class.new(current_user, params, session, cop: cop).access?).to be(true)
23
23
  end
24
24
  end
25
25
 
26
26
  context 'when session has no permission nor the user' do
27
- subject(:authorizy) { described_class.new(current_user, params, session) }
28
-
27
+ let!(:cop) { OpenStruct.new(access?: false) }
29
28
  let!(:current_user) { User.new }
30
- let!(:params) { { 'action' => 'create', 'controller' => 'match' } }
29
+ let!(:params) { { controller: 'match', action: 'create' } }
31
30
  let!(:session) { {} }
32
31
 
33
- it { expect(authorizy.access?).to be(false) }
32
+ it 'does not authorize' do
33
+ expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
34
+ end
34
35
  end
35
36
 
36
37
  context 'when cop does not respond to controller' do
37
- subject(:authorizy) { described_class.new(current_user, params, session) }
38
-
39
- let!(:cop) { instance_double('Authorizy.config.cop') }
38
+ let!(:cop) { instance_double('Authorizy::BaseCop', access?: false) }
40
39
  let!(:current_user) { User.new }
41
- let!(:params) { { 'action' => 'create', 'controller' => 'missing' } }
40
+ let!(:params) { { action: 'create', controller: 'missing' } }
42
41
  let!(:session) { {} }
43
42
 
44
- before do
45
- allow(Authorizy.config.cop).to receive(:new)
46
- .with(current_user, params, session, 'missing', 'create')
47
- .and_return(cop)
48
-
49
- allow(cop).to receive(:respond_to?).with('missing').and_return(false)
50
- end
51
-
52
43
  it 'does not authorize via cop' do
53
- expect(authorizy.access?).to be(false)
44
+ expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
54
45
  end
55
46
  end
56
47
 
57
48
  context 'when cop responds to controller' do
58
- subject(:authorizy) { described_class.new(current_user, params, session) }
59
-
60
- let!(:cop) { instance_double('Authorizy.config.cop') }
61
49
  let!(:current_user) { User.new }
62
- let!(:params) { { 'action' => 'create', 'controller' => 'match' } }
50
+ let!(:params) { { controller: 'admin/controller', action: 'create' } }
63
51
  let!(:session) { {} }
64
52
 
65
- before do
66
- allow(Authorizy.config.cop).to receive(:new)
67
- .with(current_user, params, session, 'match', 'create')
68
- .and_return(cop)
69
-
70
- allow(cop).to receive(:respond_to?).with('match').and_return(true)
71
- end
72
-
73
53
  context 'when cop does not release the access' do
74
- it 'continues trying via session and so user permissions' do
75
- allow(cop).to receive(:public_send).with('match').and_return(false)
54
+ let!(:cop) do
55
+ Class.new(Authorizy::BaseCop) do
56
+ def access?
57
+ false
58
+ end
59
+
60
+ def admin__controller
61
+ false
62
+ end
63
+ end.new(current_user, params, session)
64
+ end
76
65
 
77
- expect(authorizy.access?).to be(false)
66
+ it 'is not authorized by cop' do
67
+ expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
78
68
  end
79
69
  end
80
70
 
81
71
  context 'when cop releases the access' do
82
- it 'skips session and user permission return true to the access' do
83
- allow(cop).to receive(:public_send).with('match').and_return(true)
84
-
85
- expect(authorizy.access?).to be(true)
72
+ let!(:cop) do
73
+ Class.new(Authorizy::BaseCop) do
74
+ def access?
75
+ false
76
+ end
77
+
78
+ def admin__controller
79
+ true
80
+ end
81
+ end.new(current_user, params, session)
86
82
  end
87
- end
88
- end
89
-
90
- context 'when controller is given' do
91
- subject(:authorizy) { described_class.new(current_user, params, session, controller: 'controller') }
92
-
93
- let!(:current_user) { User.new }
94
- let!(:params) { { 'action' => 'action', 'controller' => 'ignored' } }
95
- let!(:session) { { 'permissions' => [{ 'action' => 'action', 'controller' => 'controller' }] } }
96
-
97
- it 'uses the given controller over the one on params' do
98
- expect(authorizy.access?).to be(true)
99
- end
100
- end
101
-
102
- context 'when action is given' do
103
- subject(:authorizy) { described_class.new(current_user, params, session, action: 'action') }
104
-
105
- let!(:current_user) { User.new }
106
- let!(:params) { { 'action' => 'ignored', 'controller' => 'controller' } }
107
- let!(:session) { { 'permissions' => [{ 'action' => 'action', 'controller' => 'controller' }] } }
108
83
 
109
- it 'uses the given action over the one on params' do
110
- expect(authorizy.access?).to be(true)
84
+ it 'is authorized by the cop' do
85
+ expect(described_class.new(current_user, params, session, cop: cop).access?).to be(true)
86
+ end
111
87
  end
112
88
  end
113
89
 
114
90
  context 'when user has the controller permission but not action' do
115
- subject(:authorizy) { described_class.new(current_user, params, session) }
116
-
91
+ let!(:cop) { instance_double('Authorizy::BaseCop', access?: false) }
117
92
  let!(:current_user) { User.new }
118
- let!(:params) { { 'action' => 'action', 'controller' => 'controller' } }
119
- let!(:session) { { 'permissions' => [{ 'action' => 'miss', 'controller' => 'controller' }] } }
93
+ let!(:params) { { controller: 'controller', action: 'action' } }
94
+ let!(:session) { { permissions: [%w[controller miss]] } }
120
95
 
121
- it 'cannot access' do
122
- expect(authorizy.access?).to be(false)
96
+ it 'is not authorized' do
97
+ expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
123
98
  end
124
99
  end
125
100
 
126
101
  context 'when user has the action permission but not controller' do
127
- subject(:authorizy) { described_class.new(current_user, params, session) }
128
-
102
+ let!(:cop) { instance_double('Authorizy::BaseCop', access?: false) }
129
103
  let!(:current_user) { User.new }
130
- let!(:params) { { 'action' => 'action', 'controller' => 'controller' } }
131
- let!(:session) { { 'permissions' => [{ 'action' => 'create', 'controller' => 'miss' }] } }
104
+ let!(:params) { { controller: 'controller', action: 'action' } }
105
+ let!(:session) { { permissions: [%w[miss action]] } }
132
106
 
133
- it 'cannot access' do
134
- expect(authorizy.access?).to be(false)
107
+ it 'is not authorized' do
108
+ expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
135
109
  end
136
110
  end
137
111
  end
@@ -15,19 +15,17 @@ RSpec.describe Authorizy::Expander, '#expand' do
15
15
  context 'when data is symbol' do
16
16
  let(:permissions) do
17
17
  [
18
- { action: :create, controller: :controller },
19
- { action: :edit, controller: :controller },
20
- { action: :new, controller: :controller },
21
- { action: :update, controller: :controller },
18
+ %i[controller create],
19
+ %i[controller update],
22
20
  ]
23
21
  end
24
22
 
25
- it 'mappes the default actions aliases' do
23
+ it 'maps the default actions aliases' do
26
24
  expect(expander.expand(permissions)).to match_array [
27
- { 'action' => 'create', 'controller' => 'controller' },
28
- { 'action' => 'edit', 'controller' => 'controller' },
29
- { 'action' => 'new', 'controller' => 'controller' },
30
- { 'action' => 'update', 'controller' => 'controller' },
25
+ %w[controller create],
26
+ %w[controller edit],
27
+ %w[controller new],
28
+ %w[controller update],
31
29
  ]
32
30
  end
33
31
  end
@@ -35,19 +33,17 @@ RSpec.describe Authorizy::Expander, '#expand' do
35
33
  context 'when data is string' do
36
34
  let(:permissions) do
37
35
  [
38
- { 'action' => 'create', 'controller' => 'controller' },
39
- { 'action' => 'edit', 'controller' => 'controller' },
40
- { 'action' => 'new', 'controller' => 'controller' },
41
- { 'action' => 'update', 'controller' => 'controller' },
36
+ %w[controller create],
37
+ %w[controller update],
42
38
  ]
43
39
  end
44
40
 
45
- it 'mappes the default actions aliases' do
41
+ it 'maps the default actions aliases' do
46
42
  expect(expander.expand(permissions)).to match_array [
47
- { 'action' => 'create', 'controller' => 'controller' },
48
- { 'action' => 'edit', 'controller' => 'controller' },
49
- { 'action' => 'new', 'controller' => 'controller' },
50
- { 'action' => 'update', 'controller' => 'controller' },
43
+ %w[controller create],
44
+ %w[controller edit],
45
+ %w[controller new],
46
+ %w[controller update],
51
47
  ]
52
48
  end
53
49
  end
@@ -55,87 +51,86 @@ RSpec.describe Authorizy::Expander, '#expand' do
55
51
 
56
52
  context 'when a dependencies is given' do
57
53
  context 'when keys and values are strings' do
58
- let(:dependencies) { { 'controller' => { 'action' => [{ 'action' => 'action2', 'controller' => 'controller2' }] } } }
59
- let!(:permissions) { [{ 'action' => 'action', 'controller' => 'controller' }] }
54
+ let(:dependencies) { { 'controller' => { 'action' => [%w[controller_2 action_2]] } } }
55
+ let!(:permissions) { [%w[controller action]] }
60
56
 
61
57
  it 'addes the dependencies permissions' do
62
58
  config_mock(dependencies: dependencies) do
63
59
  expect(expander.expand(permissions)).to match_array [
64
- { 'action' => 'action', 'controller' => 'controller' },
65
- { 'action' => 'action2', 'controller' => 'controller2' },
60
+ %w[controller action],
61
+ %w[controller_2 action_2],
66
62
  ]
67
63
  end
68
64
  end
69
65
  end
70
66
 
71
67
  context 'when keys and values are symbol' do
72
- let(:dependencies) { { controller: { action: [{ action: :action2, controller: :controller2 }] } } }
73
- let!(:permissions) { [{ 'action' => 'action', 'controller' => 'controller' }] }
68
+ let(:dependencies) { { controller: { action: [%i[controller_2 action_2]] } } }
69
+ let!(:permissions) { [%w[controller action]] }
74
70
 
75
71
  it 'addes the dependencies permissions' do
76
72
  config_mock(dependencies: dependencies) do
77
73
  expect(expander.expand(permissions)).to match_array [
78
- { 'action' => 'action', 'controller' => 'controller' },
79
- { 'action' => 'action2', 'controller' => 'controller2' },
74
+ %w[controller action],
75
+ %w[controller_2 action_2],
80
76
  ]
81
77
  end
82
78
  end
83
79
  end
84
80
  end
85
81
 
86
-
87
82
  context 'when aliases is given' do
88
- let!(:permissions) { [{ 'action' => 'action', 'controller' => 'controller' }] }
83
+ let!(:permissions) { [%w[controller action]] }
89
84
 
90
85
  context 'when key and values are strings' do
91
- let(:aliases) { { 'action' => 'action2' } }
86
+ let(:aliases) { { 'action' => 'action_2' } }
92
87
 
93
- it 'mappes the action with the current controller' do
88
+ it 'maps the action with the current controller' do
94
89
  config_mock(aliases: aliases) do
95
90
  expect(expander.expand(permissions)).to match_array [
96
- { 'action' => 'action', 'controller' => 'controller' },
97
- { 'action' => 'action2', 'controller' => 'controller' },
91
+ %w[controller action],
92
+ %w[controller action_2],
98
93
  ]
99
94
  end
100
95
  end
101
96
  end
102
97
 
103
98
  context 'when key and values are symbols' do
104
- let(:aliases) { { action: :action2 } }
99
+ let(:aliases) { { action: :action_2 } }
105
100
 
106
- it 'mappes the action with the current controller' do
101
+ it 'maps the action with the current controller' do
107
102
  config_mock(aliases: aliases) do
108
103
  expect(expander.expand(permissions)).to match_array [
109
- { 'action' => 'action', 'controller' => 'controller' },
110
- { 'action' => 'action2', 'controller' => 'controller' },
104
+ %w[controller action],
105
+ %w[controller action_2],
111
106
  ]
112
107
  end
113
108
  end
114
109
  end
115
110
 
116
111
  context 'when key and values are array of strings' do
117
- let(:aliases) { { action: %w[action2 action3] } }
112
+ let(:aliases) { { action: %w[action_2 action_3] } }
118
113
 
119
- it 'mappes the actions with the current controller' do
114
+ it 'maps the actions with the current controller' do
120
115
  config_mock(aliases: aliases) do
121
116
  expect(expander.expand(permissions)).to match_array [
122
- { 'action' => 'action', 'controller' => 'controller' },
123
- { 'action' => 'action2', 'controller' => 'controller' },
124
- { 'action' => 'action3', 'controller' => 'controller' },
117
+ %w[controller action],
118
+ %w[controller action_2],
119
+ %w[controller action_3],
125
120
  ]
126
121
  end
127
122
  end
128
123
  end
129
124
 
130
125
  context 'when key and values are array of symbols' do
131
- let(:aliases) { { action: %i[action2 action3] } }
126
+ let(:aliases) { { action: %i[action_2 action_3] } }
132
127
 
133
- it 'mappes the actions with the current controller' do
128
+ it 'maps the actions with the current controller' do
134
129
  config_mock(aliases: aliases) do
135
130
  expect(expander.expand(permissions)).to match_array [
136
- { 'action' => 'action', 'controller' => 'controller' },
137
- { 'action' => 'action2', 'controller' => 'controller' },
138
- { 'action' => 'action3', 'controller' => 'controller' },
131
+ %w[controller action],
132
+ %w[controller action_2],
133
+ %w[controller action_3],
139
134
  ]
140
135
  end
141
136
  end