cbac 0.3.1 → 0.5.1

data/spec/cbac_pristine_permission_spec.rb

@@ -0,0 +1,358 @@
+
+require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
+require 'spec'
+require 'cbac/cbac_pristine/pristine'
+require 'cbac/cbac_pristine/pristine_role'
+require 'cbac/cbac_pristine/pristine_permission'
+
+include Cbac::CbacPristine
+
+describe "CbacPristinePermission" do
+
+
+  describe "convert pristine line to a yml fixture" do
+    before(:each) do
+      @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
+      @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
+    end
+
+
+    it "should raise an error if the pristine line has no role" do
+      pristine_permission =  PristinePermission.new(:line_number => 1, :privilege_set_name => 'log_in', :pristine_role =>  nil)
+      lambda{
+        pristine_permission.to_yml_fixture
+      }.should raise_error(ArgumentError)
+    end
+
+    it "should raise an error if the pristine line has no privilege_set_name" do
+      pristine_permission =  PristinePermission.new(:line_number => 1, :privilege_set_name => "", :pristine_role => @context_role)
+      lambda{
+        pristine_permission.to_yml_fixture
+      }.should raise_error(ArgumentError)
+    end
+
+    it "should return a yml string starting with cbac_permission_ " do
+      pristine_permission =  PristinePermission.new(:line_number => 1, :privilege_set_name => "chat", :pristine_role => @context_role)
+
+      pristine_permission.to_yml_fixture.should match(/\Acbac_permission_/)
+    end
+
+    it "should return a yml string containing the line number of the pristine line" do
+      line_number= 100
+      pristine_permission =  PristinePermission.new(:line_number => line_number, :privilege_set_name => "chat", :pristine_role => @context_role)
+
+      pristine_permission.to_yml_fixture.should match(/id: #{line_number}/)
+    end
+
+    it "should return a yml string containing a generic role id of 0 if a context_role is used" do
+      pristine_permission =  PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
+
+      pristine_permission.to_yml_fixture.should match(/generic_role_id: 0/)
+    end
+
+    it "should return a yml string containing the name of the context role if a context_role is used" do
+      pristine_permission =  PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
+
+      pristine_permission.to_yml_fixture.should match(/context_role: #{@context_role.name}/)
+    end
+
+    it "should return a yml string containing the id of the generic role if a generic role is used" do
+      pristine_permission =  PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @admin_role)
+
+      pristine_permission.to_yml_fixture.should match(/generic_role_id: #{@admin_role.id.to_s}/)
+    end
+
+    it "should return a yml string containing ruby code to find the privilege set by name" do
+      pristine_permission =  PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
+
+      pristine_permission.to_yml_fixture.should match(/privilege_set_id: \<%= Cbac::PrivilegeSetRecord.find\(:first, :conditions => \{:name => '#{pristine_permission.privilege_set_name}'\}\)\.id %>/)
+    end
+
+    it "should return a yml string containing created_at and updated_at" do
+      pristine_permission =  PristinePermission.new(:line_number => 1, :privilege_set_name => "chat", :pristine_role => @context_role)
+      pristine_permission.to_yml_fixture.should match(/created_at:.+updated_at:/m)
+    end
+  end
+
+  describe "check if this pristine permission exists" do
+    before(:each) do
+      @privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
+      @admin_role = Cbac::GenericRole.create(:name => "administrator")
+
+      @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
+      @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin],  :name => @admin_role.name)
+    end
+
+    it "should return true if the pristine permission exists as generic cbac permission in the database" do
+      Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => @admin_role.id)
+      
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
+
+      pristine_permission.cbac_permission_exists?.should be_true
+    end
+
+    it "should return true if the pristine permission exists as context cbac permission in the database" do
+      Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
+
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
+
+      pristine_permission.cbac_permission_exists?.should be_true
+    end
+
+    it "should return false if the pristine permission does not exist as context cbac permission in the database" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
+
+      pristine_permission.cbac_permission_exists?.should be_false
+    end
+
+    it "should return false if the pristine permission does not exist as a generic cbac permission in the database" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
+
+      pristine_permission.cbac_permission_exists?.should be_false
+    end
+
+    it "should return false if a similar pristine permission exist as a generic cbac permission in the database, but for another generic role" do
+      group_admin = Cbac::GenericRole.create(:name => "group_administrator")
+      Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => group_admin.id)
+
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
+
+      pristine_permission.cbac_permission_exists?.should be_false
+    end
+
+    it "should return false if a similar pristine permission exist as a context cbac permission in the database, but for another context role" do
+      Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => "group_owner")
+
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
+
+      pristine_permission.cbac_permission_exists?.should be_false
+    end
+  end
+
+  describe "check if a known permission exists for this pristine permission" do
+     before(:each) do
+
+      @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
+      @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin],  :name => "administrator")
+    end
+
+    it "should return true if the pristine permission exists as a known permission in the database" do
+      pristine_permission =  PristinePermission.new(:pristine_role => @pristine_admin_role, :line_number => 4, :privilege_set_name => "not relevant")
+
+      Cbac::KnownPermission.create(:permission_number => pristine_permission.line_number, :permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:context])
+
+      pristine_permission.known_permission_exists?.should be_true
+    end
+  end
+
+  describe "apply the permission" do
+    before(:each) do
+      @privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
+      @admin_role = Cbac::GenericRole.create(:name => "administrator")
+
+      @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
+      @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => @admin_role.name)
+    end
+
+
+    it "should add the context permission to the database if operation + is used" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name =>  @privilege_set.name, :pristine_role => @pristine_context_role)
+      pristine_permission.operation = '+'
+
+      proc {
+        pristine_permission.accept
+      }.should change(Cbac::Permission, :count).by(1)
+    end
+
+    it "should create a generic permission if operation + is used" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
+      pristine_permission.operation = '+'
+
+      proc {
+        pristine_permission.accept
+      }.should change(Cbac::Permission, :count).by(1)
+    end
+
+    it "should delete the pristine permission since it was accepted" do
+      pristine_permission =  PristinePermission.create(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role, :operation => '+')
+
+      proc {
+        pristine_permission.accept
+      }.should change(PristinePermission, :count).by(-1)
+    end
+
+    it "should create a generic role if it doesn't exist in yet" do
+      cbac_privilege_set = Cbac::PrivilegeSetRecord.create(:name => "cbac_administration")
+
+      cbac_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => "cbac_administrator")
+      pristine_permission =  PristinePermission.new(:privilege_set_name => cbac_privilege_set.name, :pristine_role => cbac_admin_role)
+      pristine_permission.operation = '+'
+
+      proc {
+        pristine_permission.accept
+      }.should change(Cbac::GenericRole, :count).by(1)
+    end
+
+    it "should use an existing role if possible" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
+      pristine_permission.operation = '+'
+
+      pristine_permission.accept
+      # test smell: depends on a clean database
+      cbac_permission = Cbac::Permission.first
+
+      cbac_permission.generic_role.should == @admin_role
+    end
+
+    it "should remove an existing permission if operation - is used" do
+      Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
+
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
+      pristine_permission.operation = '-'
+
+      proc {
+        pristine_permission.accept
+      }.should change(Cbac::Permission, :count).by(-1)
+    end
+
+    it "should raise an error if operation - is used and the permission does not exist" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
+      pristine_permission.operation = '-'
+
+      proc {
+        pristine_permission.accept
+      }.should raise_error(ArgumentError)
+    end
+
+    it "should create a known permission to record a change" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name =>  @privilege_set.name, :pristine_role => @pristine_context_role)
+      pristine_permission.operation = '+'
+
+      proc {
+        pristine_permission.accept
+      }.should change(Cbac::KnownPermission, :count).by(1)
+    end
+
+    it "should create a known permission with specified permission identifier" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
+      pristine_permission.operation = '+'
+
+      pristine_permission.accept
+
+      known_permission = Cbac::KnownPermission.last
+
+      known_permission.permission_number.should == pristine_permission.line_number
+    end
+
+    it "should create a known permission with specified role type" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
+      pristine_permission.operation = '+'
+
+      pristine_permission.accept
+
+      known_permission = Cbac::KnownPermission.last
+
+      known_permission.permission_type.should == Cbac::KnownPermission.PERMISSION_TYPES[:context]
+    end
+
+    it "should also create a known permission if operation - is used to revoke a permission" do
+      Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
+
+      pristine_permission =  PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
+      pristine_permission.operation = '-'
+
+      proc {
+        pristine_permission.accept
+      }.should change(Cbac::KnownPermission, :count).by(1)
+    end
+  end
+
+  describe "stage the permission so it can be applied" do
+    before(:each) do
+      @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
+      @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
+    end
+
+    it "should persist the pristine permission to the database" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name => "login", :pristine_role => @pristine_context_role, :operation => '+')
+
+      proc {
+        pristine_permission.stage
+      }.should change(Cbac::CbacPristine::PristinePermission, :count).by(1)
+
+    end
+
+    it "should persist the associated role if it doesn't exist yet" do
+      pristine_permission =  PristinePermission.new(:privilege_set_name => "login", :pristine_role => @pristine_context_role, :operation => '+')
+
+      proc {
+        pristine_permission.stage
+      }.should change(Cbac::CbacPristine::PristineRole, :count).by(1)
+    end
+
+    it "should not create a new pristine permission if the cbac permission exists and the pristine permission wants to add" do
+      privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
+      Cbac::Permission.create(:privilege_set_id => privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
+
+      pristine_permission =  PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set.name, :pristine_role => @pristine_context_role)
+      proc {
+        pristine_permission.stage
+      }.should_not change(Cbac::CbacPristine::PristinePermission, :count)
+    end
+
+    it "should create a new pristine permission if the cbac permission exists and the pristine permission wants to revoke" do
+      privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
+      Cbac::Permission.create(:privilege_set_id => privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
+
+      pristine_permission =  PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set.name, :pristine_role => @pristine_context_role)
+      proc {
+        pristine_permission.stage
+      }.should change(Cbac::CbacPristine::PristinePermission, :count).by(1)
+    end
+
+    it "should not create a new pristine permission if a staged add permission exists and this pristine permission wants to revoke" do
+      privilege_set_name = "chat"
+      PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
+      pristine_revoke_permission =  PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
+
+      proc {
+        pristine_revoke_permission.stage
+      }.should_not change(Cbac::CbacPristine::PristinePermission, :count).by(1)
+    end
+
+    it "should delete a staged add permission if the pristine permission wants to revoke the same permission" do
+      privilege_set_name = "chat"
+      PristinePermission.create(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
+      pristine_revoke_permission =  PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
+
+      proc {
+        pristine_revoke_permission.stage
+      }.should change(Cbac::CbacPristine::PristinePermission, :count).by(-1)
+    end
+
+    it "should not create a new pristine permission if a cbac known permission exists" do
+      known_number = 1
+      pristine_permission =  PristinePermission.new(:line_number => known_number, :privilege_set_name => "name not relevant", :pristine_role => @pristine_context_role)
+      Cbac::KnownPermission.create(:permission_number => known_number, :permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:context])
+
+      proc {
+        pristine_permission.stage
+      }.should_not change(Cbac::CbacPristine::PristinePermission, :count)
+
+    end
+
+    it "should raise an error if the same pristine permission is staged twice" do
+      privilege_set_name = "chat"
+      PristinePermission.create(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role, :line_number => 2)
+      pristine_permission =  PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role, :line_number => 3)
+
+      proc {
+        pristine_permission.stage
+      }.should raise_error(ArgumentError)
+    end
+
+
+  end
+
+end
+

data/spec/cbac_pristine_role_spec.rb

@@ -0,0 +1,85 @@
+require 'spec'
+require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
+require 'cbac/cbac_pristine/pristine_role'
+
+include Cbac::CbacPristine
+
+describe "CbacPristineRole" do
+
+  describe "convert pristine role to a yml fixture" do
+    it "should return an empty string if the pristine role is of type :context" do
+      pristine_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "name is irrelevant")
+
+      pristine_role.to_yml_fixture.should be_empty
+    end
+
+    it "should raise an error if the role name is not specified" do
+      pristine_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "")
+
+      proc{
+        pristine_role.to_yml_fixture
+      }.should raise_error(ArgumentError)
+    end
+
+
+    it "should return a yml string starting with cbac_generic_role_ " do
+      pristine_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:generic], :name => "name is irrelevant")
+
+      pristine_role.to_yml_fixture.should match(/\Acbac_generic_role_/)
+    end
+
+    it "should return a yml string containing the id of the pristine role" do
+      role_id = 100
+      pristine_role = PristineRole.new(:role_id => role_id, :role_type => PristineRole.ROLE_TYPES[:generic], :name => "name is irrelevant")
+
+      pristine_role.to_yml_fixture.should match(/id: #{role_id}/)
+    end
+
+    it "should return a yml string containing the name of the pristine role" do
+      name = "Administrator"
+      pristine_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:generic], :name => name)
+      pristine_role.to_yml_fixture.should match(/name: #{name}/)
+    end
+
+    it "should return a yml string containing created_at and updated_at" do
+      pristine_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:generic], :name => "name is irrelevant")
+
+      pristine_role.to_yml_fixture.should match(/created_at:.+updated_at:/m)
+    end
+  end
+
+  describe "admin role" do
+    it "should return a role with the admin role_type" do
+      admin_role = PristineRole.admin_role
+
+      admin_role.role_type.should == PristineRole.ROLE_TYPES[:admin]
+    end
+
+    it "should return a new admin role if the role does not exist in the database" do
+      admin_role = PristineRole.admin_role
+
+      admin_role.id.should be_nil
+    end
+
+    it "should return an existing admin role if possible" do
+      existing_admin_role = PristineRole.create(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
+
+      admin_role = PristineRole.admin_role
+
+      admin_role.should == existing_admin_role
+    end
+
+    it "should not return an existing admin role if database should not be used" do
+      existing_admin_role = PristineRole.create(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
+
+      admin_role = PristineRole.admin_role(false)
+
+      admin_role.should_not == existing_admin_role
+      admin_role.id.should be_nil
+    end
+  end
+
+
+
+end
+

data/spec/rcov.opts

@@ -0,0 +1,2 @@
+--exclude "spec/*,gems/*"
+--rails

data/spec/spec.opts

@@ -0,0 +1,4 @@
+--colour
+--format progress
+--loadby mtime
+--reverse