be9-acl9 0.10.0 → 0.11.0

data/test/roles_test.rb

@@ -23,7 +23,7 @@ class RolesTest < Test::Unit::TestCase
   end
 
   it "#has_role! without object (global role)" do
-    lambda do 
+    lambda do
       @user.has_role!('admin')
     end.should change { Role.count }.from(0).to(1)
 
@@ -51,12 +51,12 @@ class RolesTest < Test::Unit::TestCase
     @user.has_role?('manager', @foo).should be_true
     @user.has_roles_for?(@foo).should be_true
     @user.has_role_for?(@foo).should be_true
-    
+
     roles = @user.roles_for(@foo)
     roles.should == @foo.accepted_roles_by(@user)
     roles.size.should == 1
     roles.first.name.should == "manager"
-    
+
     @user.has_role?('manager', @bar).should be_false
     @user2.has_role?('manager', @foo).should be_false
 
@@ -65,9 +65,9 @@ class RolesTest < Test::Unit::TestCase
     @foo.accepts_roles_by?(@user).should be_true
   end
 
-  it "shoud count object role also as global role" do
+  it "should count object role also as global role" do
     @user.has_role!('manager', @foo)
-    
+
     @user.has_role?('manager').should be_true
   end
 
@@ -76,17 +76,34 @@ class RolesTest < Test::Unit::TestCase
     @user.has_role?('manager', Foo).should be_false
   end
 
+  context "protect_global_roles is true" do
+    before do
+      @saved_option = Acl9.config[:protect_global_roles]
+      Acl9.config[:protect_global_roles] = true
+    end
+
+    it "should not count object role also as global role" do
+      @user.has_role!('manager', @foo)
+
+      @user.has_role?('manager').should be_false
+    end
+
+    after do
+      Acl9.config[:protect_global_roles] = @saved_option
+    end
+  end
+
   it "#has_role! with class" do
     @user.has_role!('user', Bar)
 
     @user.has_role?('user', Bar).should be_true
     @user.has_roles_for?(Bar).should be_true
     @user.has_role_for?(Bar).should be_true
-    
+
     roles = @user.roles_for(Bar)
     roles.size.should == 1
     roles.first.name.should == "user"
-    
+
     @user.has_role?('user', Foo).should be_false
     @user2.has_role?('user', Bar).should be_false
   end
@@ -100,7 +117,7 @@ class RolesTest < Test::Unit::TestCase
     @user.has_role!('manager', @foo)
     @user.has_role!('user',    @foo)
     @user.has_role!('admin',   @foo)
-    
+
     @user.has_role!('owner',   @bar)
 
     @user.roles_for(@foo)        .map(&:name).sort.should == %w(admin manager user)
@@ -111,7 +128,7 @@ class RolesTest < Test::Unit::TestCase
     @user.has_role!('owner', @bar)
     @user2.has_role!('owner', @bar)
 
-    @user.roles.should == @user2.roles
+    @user.role_objects.should == @user2.role_objects
   end
 
   it "#has_no_role! should unassign a global role from user" do
@@ -119,17 +136,17 @@ class RolesTest < Test::Unit::TestCase
 
     lambda do
       @user.has_no_role!('3133t')
-    end.should change { @user.roles.count }.by(-1)
+    end.should change { @user.role_objects.count }.by(-1)
 
     @user.has_role?('3133t').should be_false
   end
-  
+
   it "#has_no_role! should unassign an object role from user" do
     set_some_roles
 
     lambda do
       @user.has_no_role!('manager', @foo)
-    end.should change { @user.roles.count }.by(-1)
+    end.should change { @user.role_objects.count }.by(-1)
 
     @user.has_role?('manager', @foo).should be_false
     @user.has_role?('user', @foo).should be_true      # another role on the same object
@@ -140,7 +157,7 @@ class RolesTest < Test::Unit::TestCase
 
     lambda do
       @user.has_no_role!('admin', Foo)
-    end.should change { @user.roles.count }.by(-1)
+    end.should change { @user.role_objects.count }.by(-1)
 
     @user.has_role?('admin', Foo).should be_false
     @user.has_role?('admin').should be_true           # global role
@@ -151,7 +168,7 @@ class RolesTest < Test::Unit::TestCase
 
     lambda do
       @user.has_no_roles_for!
-    end.should change { @user.roles.count }.by(-4)
+    end.should change { @user.role_objects.count }.by(-4)
 
     @user.has_role?('admin').should be_false
     @user.has_role?('3133t').should be_false
@@ -164,18 +181,18 @@ class RolesTest < Test::Unit::TestCase
 
     lambda do
       @user.has_no_roles_for! @foo
-    end.should change { @user.roles.count }.by(-2)
+    end.should change { @user.role_objects.count }.by(-2)
 
     @user.has_role?('user', @foo).should be_false
     @user.has_role?('manager', @foo).should be_false
   end
-  
+
   it "#has_no_roles_for! should unassign both class roles and object roles for objects of that class" do
     set_some_roles
 
     lambda do
       @user.has_no_roles_for! Foo
-    end.should change { @user.roles.count }.by(-4)
+    end.should change { @user.role_objects.count }.by(-4)
 
     @user.has_role?('admin', Foo).should be_false
     @user.has_role?('manager', Foo).should be_false
@@ -187,7 +204,7 @@ class RolesTest < Test::Unit::TestCase
     set_some_roles
 
     @user.has_no_roles!
-    @user.roles.count.should == 0
+    @user.role_objects.count.should == 0
   end
 
   it "should delete unused roles from table" do
@@ -200,7 +217,7 @@ class RolesTest < Test::Unit::TestCase
     Role.count.should == 1
 
     @bar.accepts_no_role!('owner', @user)
-    
+
     Role.count.should == 0
   end
 
@@ -218,8 +235,6 @@ class RolesTest < Test::Unit::TestCase
     @user.has_role?(:_3133t).should be_true
     @user.has_role?(:admin, Foo).should be_true
     @user.has_role?(:manager, @foo).should be_true
-
-
   end
 
   private
@@ -247,7 +262,7 @@ class RolesWithCustomClassNamesTest < Test::Unit::TestCase
   end
 
   it "should basically work" do
-    lambda do 
+    lambda do
       @subj.has_role!('admin')
       @subj.has_role!('user', @foobar)
     end.should change { AnotherRole.count }.from(0).to(2)
@@ -263,3 +278,33 @@ class RolesWithCustomClassNamesTest < Test::Unit::TestCase
   end
 end
 
+class UsersRolesAndSubjectsWithNamespacedClassNamesTest < Test::Unit::TestCase
+  before do
+    Other::Role.destroy_all
+    [Other::User, Other::FooBar].each { |model| model.delete_all }
+
+    @user = Other::User.create!
+    @user2 = Other::User.create!
+    @foobar = Other::FooBar.create!
+
+  end
+
+  it "should basically work" do
+    lambda do
+      @user.has_role!('admin')
+      @user.has_role!('user', @foobar)
+    end.should change { Other::Role.count }.from(0).to(2)
+
+    @user.has_role?('admin').should be_true
+    @user2.has_role?('admin').should be_false
+
+    @user.has_role?(:user, @foobar).should be_true
+    @user2.has_role?(:user, @foobar).should be_false
+
+    @foobar.accepted_roles.count.should == 1
+
+    @user.has_no_roles!
+    @user2.has_no_roles!
+  end
+end
+

data/test/support/controllers.rb

@@ -55,7 +55,7 @@ class ACLArguments < EmptyController
   access_control :except => [:index, :show] do
     allow :admin, :if => :true_meth, :unless => :false_meth
   end
-  
+
   include TrueFalse
 end
 
@@ -129,12 +129,33 @@ class ACLObjectsHash < ApplicationController
     @foo = nil
     render :text => (allowed?(:foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
   end
-  
+
+  def current_user
+    params[:user]
+  end
+end
+
+class ACLActionOverride < ApplicationController
+  access_control :allowed?, :filter => false do
+    allow all, :to => :index
+    deny all, :to => :show
+    allow :owner, :of => :foo, :to => :edit
+  end
+
+  def check_allow
+    render :text => (allowed?(params[:_action]) ? 'OK' : 'AccessDenied')
+  end
+
+  def check_allow_with_foo
+    render :text => (allowed?(params[:_action], :foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
+  end
+
   def current_user
     params[:user]
   end
 end
 
+
 class ACLHelperMethod < ApplicationController
   access_control :helper => :foo? do
     allow :owner, :of => :foo
@@ -145,9 +166,42 @@ class ACLHelperMethod < ApplicationController
 
     render :inline => "<%= foo? ? 'OK' : 'AccessDenied' %>"
   end
-  
+
   def current_user
     params[:user]
   end
 end
 
+class ACLQueryMethod < ApplicationController
+  attr_accessor :current_user
+
+  access_control :acl, :query_method => true do
+    allow :editor, :to => [:edit, :update, :destroy]
+    allow :viewer, :to => [:index, :show]
+    allow :owner,  :of => :foo, :to => :fooize
+  end
+end
+
+class ACLQueryMethodWithLambda < ApplicationController
+  attr_accessor :current_user
+
+  access_control :query_method => :acl? do
+    allow :editor, :to => [:edit, :update, :destroy]
+    allow :viewer, :to => [:index, :show]
+    allow :owner,  :of => :foo, :to => :fooize
+  end
+end
+
+class ACLNamedQueryMethod < ApplicationController
+  attr_accessor :current_user
+
+  access_control :acl, :query_method => 'allow_ay' do
+    allow :editor, :to => [:edit, :update, :destroy]
+    allow :viewer, :to => [:index, :show]
+    allow :owner,  :of => :foo, :to => :fooize
+  end
+
+  def acl?(*args)
+    allow_ay(*args)
+  end
+end

data/test/support/models.rb

@@ -25,3 +25,23 @@ end
 class FooBar < ActiveRecord::Base
   acts_as_authorization_object :role_class_name => 'AnotherRole', :subject_class_name => "AnotherSubject"
 end
+
+
+module Other
+
+  class Other::User < ActiveRecord::Base
+    set_table_name "other_users"
+    acts_as_authorization_subject :join_table_name => "other_roles_other_users", :role_class_name => "Other::Role"
+  end
+
+  class Other::Role < ActiveRecord::Base
+    set_table_name "other_roles"
+    acts_as_authorization_role :join_table_name => "other_roles_other_users", :subject_class_name => "Other::User"
+  end
+
+  class Other::FooBar < ActiveRecord::Base
+    set_table_name "other_foo_bars"
+    acts_as_authorization_object :role_class_name => 'Other::Role', :subject_class_name => "Other::User"
+  end
+
+end

data/test/support/schema.rb

@@ -44,4 +44,26 @@ ActiveRecord::Schema.define(:version => 0) do
     t.datetime "created_at"
     t.datetime "updated_at"
   end
+
+  # namespaced
+  
+  create_table "other_roles", :force => true do |t|
+    t.string   "name",              :limit => 40
+    t.string   "authorizable_type", :limit => 40
+    t.integer  "authorizable_id"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+  create_table "other_users", :force => true do |t| end
+  create_table "other_roles_other_users", :id => false, :force => true do |t|
+    t.integer  "user_id"
+    t.integer  "role_id"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+  create_table "other_foo_bars", :force => true do |t|
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+  
 end

data/test/test_helper.rb

@@ -1,4 +1,8 @@
 require 'rubygems'
+
+gem 'jnunemaker-matchy', '>= 0.4.0'
+gem 'jeremymcanally-context', '>= 0.5.5'
+
 require 'test/unit'
 require 'context'
 require 'matchy'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: be9-acl9
 version: !ruby/object:Gem::Version 
-  version: 0.10.0
+  version: 0.11.0
 platform: ruby
 authors: 
 - oleg dashevskii
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-05-03 00:00:00 -07:00
+date: 2009-09-16 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -64,8 +64,9 @@ files:
 - test/support/models.rb
 - test/support/schema.rb
 - test/test_helper.rb
-has_rdoc: true
+has_rdoc: false
 homepage: http://github.com/be9/acl9
+licenses: 
 post_install_message: 
 rdoc_options: 
 - --charset=UTF-8
@@ -86,16 +87,16 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.2.0
+rubygems_version: 1.3.5
 signing_key: 
 specification_version: 3
 summary: Yet another role-based authorization system for Rails
 test_files: 
-- test/helpers_test.rb
+- test/dsl_base_test.rb
+- test/test_helper.rb
+- test/access_control_test.rb
 - test/support/schema.rb
 - test/support/models.rb
 - test/support/controllers.rb
-- test/dsl_base_test.rb
-- test/access_control_test.rb
-- test/test_helper.rb
+- test/helpers_test.rb
 - test/roles_test.rb