cbac 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. data/Manifest +70 -74
  2. data/README.rdoc +51 -51
  3. data/Rakefile +39 -39
  4. data/cbac.gemspec +30 -31
  5. data/config/cbac/context_roles.rb +21 -21
  6. data/config/cbac/privileges.rb +50 -50
  7. data/context_roles.rb +21 -21
  8. data/init.rb +3 -3
  9. data/lib/cbac.rb +132 -132
  10. data/lib/cbac/cbac_pristine/pristine.rb +138 -135
  11. data/lib/cbac/cbac_pristine/pristine_file.rb +173 -170
  12. data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -194
  13. data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
  14. data/lib/cbac/config.rb +9 -9
  15. data/lib/cbac/context_role.rb +27 -27
  16. data/lib/cbac/generic_role.rb +5 -5
  17. data/lib/cbac/known_permission.rb +14 -14
  18. data/lib/cbac/membership.rb +3 -3
  19. data/lib/cbac/permission.rb +5 -5
  20. data/lib/cbac/privilege.rb +117 -117
  21. data/lib/cbac/privilege_new_api.rb +56 -56
  22. data/lib/cbac/privilege_set.rb +29 -29
  23. data/lib/cbac/privilege_set_record.rb +6 -6
  24. data/lib/cbac/setup.rb +37 -37
  25. data/lib/generators/cbac/USAGE +33 -33
  26. data/lib/generators/cbac/cbac_generator.rb +75 -75
  27. data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
  28. data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
  29. data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
  30. data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
  31. data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
  32. data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
  33. data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
  34. data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
  35. data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
  36. data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
  37. data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
  38. data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
  39. data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -31
  40. data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
  41. data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
  42. data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
  43. data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
  44. data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
  45. data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
  46. data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
  47. data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
  48. data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
  49. data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
  50. data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -0
  51. data/privileges.rb +50 -50
  52. data/spec/cbac_pristine_file_spec.rb +329 -329
  53. data/spec/cbac_pristine_permission_spec.rb +358 -358
  54. data/spec/cbac_pristine_role_spec.rb +85 -85
  55. data/spec/rcov.opts +1 -1
  56. data/spec/spec.opts +4 -4
  57. data/spec/spec_helper.rb +11 -11
  58. data/tasks/cbac.rake +345 -345
  59. data/test/fixtures/cbac_generic_roles.yml +9 -9
  60. data/test/fixtures/cbac_memberships.yml +8 -8
  61. data/test/fixtures/cbac_permissions.yml +14 -14
  62. data/test/fixtures/cbac_privilege_set.yml +18 -18
  63. data/test/test_cbac_actions.rb +71 -71
  64. data/test/test_cbac_authorize_context_roles.rb +39 -39
  65. data/test/test_cbac_authorize_generic_roles.rb +36 -36
  66. data/test/test_cbac_context_role.rb +50 -50
  67. data/test/test_cbac_privilege.rb +151 -151
  68. data/test/test_cbac_privilege_set.rb +50 -50
  69. data/test/test_helper.rb +28 -28
  70. metadata +14 -15
  71. data/nbproject/private/private.properties +0 -3
  72. data/nbproject/private/private.xml +0 -4
  73. data/nbproject/private/rake-d.txt +0 -0
  74. data/nbproject/project.properties +0 -9
  75. data/nbproject/project.xml +0 -16
@@ -1,358 +1,358 @@
1
-
2
- require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
3
- require 'spec'
4
- require 'cbac/cbac_pristine/pristine'
5
- require 'cbac/cbac_pristine/pristine_role'
6
- require 'cbac/cbac_pristine/pristine_permission'
7
-
8
- include Cbac::CbacPristine
9
-
10
- describe "CbacPristinePermission" do
11
-
12
-
13
- describe "convert pristine line to a yml fixture" do
14
- before(:each) do
15
- @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
16
- @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
17
- end
18
-
19
-
20
- it "should raise an error if the pristine line has no role" do
21
- pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => 'log_in', :pristine_role => nil)
22
- lambda{
23
- pristine_permission.to_yml_fixture
24
- }.should raise_error(ArgumentError)
25
- end
26
-
27
- it "should raise an error if the pristine line has no privilege_set_name" do
28
- pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "", :pristine_role => @context_role)
29
- lambda{
30
- pristine_permission.to_yml_fixture
31
- }.should raise_error(ArgumentError)
32
- end
33
-
34
- it "should return a yml string starting with cbac_permission_ " do
35
- pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "chat", :pristine_role => @context_role)
36
-
37
- pristine_permission.to_yml_fixture.should match(/\Acbac_permission_/)
38
- end
39
-
40
- it "should return a yml string containing the line number of the pristine line" do
41
- line_number= 100
42
- pristine_permission = PristinePermission.new(:line_number => line_number, :privilege_set_name => "chat", :pristine_role => @context_role)
43
-
44
- pristine_permission.to_yml_fixture.should match(/id: #{line_number}/)
45
- end
46
-
47
- it "should return a yml string containing a generic role id of 0 if a context_role is used" do
48
- pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
49
-
50
- pristine_permission.to_yml_fixture.should match(/generic_role_id: 0/)
51
- end
52
-
53
- it "should return a yml string containing the name of the context role if a context_role is used" do
54
- pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
55
-
56
- pristine_permission.to_yml_fixture.should match(/context_role: #{@context_role.name}/)
57
- end
58
-
59
- it "should return a yml string containing the id of the generic role if a generic role is used" do
60
- pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @admin_role)
61
-
62
- pristine_permission.to_yml_fixture.should match(/generic_role_id: #{@admin_role.id.to_s}/)
63
- end
64
-
65
- it "should return a yml string containing ruby code to find the privilege set by name" do
66
- pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
67
-
68
- pristine_permission.to_yml_fixture.should match(/privilege_set_id: \<%= Cbac::PrivilegeSetRecord.find\(:first, :conditions => \{:name => '#{pristine_permission.privilege_set_name}'\}\)\.id %>/)
69
- end
70
-
71
- it "should return a yml string containing created_at and updated_at" do
72
- pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "chat", :pristine_role => @context_role)
73
- pristine_permission.to_yml_fixture.should match(/created_at:.+updated_at:/m)
74
- end
75
- end
76
-
77
- describe "check if this pristine permission exists" do
78
- before(:each) do
79
- @privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
80
- @admin_role = Cbac::GenericRole.create(:name => "administrator")
81
-
82
- @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
83
- @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => @admin_role.name)
84
- end
85
-
86
- it "should return true if the pristine permission exists as generic cbac permission in the database" do
87
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => @admin_role.id)
88
-
89
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
90
-
91
- pristine_permission.cbac_permission_exists?.should be_true
92
- end
93
-
94
- it "should return true if the pristine permission exists as context cbac permission in the database" do
95
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
96
-
97
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
98
-
99
- pristine_permission.cbac_permission_exists?.should be_true
100
- end
101
-
102
- it "should return false if the pristine permission does not exist as context cbac permission in the database" do
103
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
104
-
105
- pristine_permission.cbac_permission_exists?.should be_false
106
- end
107
-
108
- it "should return false if the pristine permission does not exist as a generic cbac permission in the database" do
109
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
110
-
111
- pristine_permission.cbac_permission_exists?.should be_false
112
- end
113
-
114
- it "should return false if a similar pristine permission exist as a generic cbac permission in the database, but for another generic role" do
115
- group_admin = Cbac::GenericRole.create(:name => "group_administrator")
116
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => group_admin.id)
117
-
118
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
119
-
120
- pristine_permission.cbac_permission_exists?.should be_false
121
- end
122
-
123
- it "should return false if a similar pristine permission exist as a context cbac permission in the database, but for another context role" do
124
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => "group_owner")
125
-
126
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
127
-
128
- pristine_permission.cbac_permission_exists?.should be_false
129
- end
130
- end
131
-
132
- describe "check if a known permission exists for this pristine permission" do
133
- before(:each) do
134
-
135
- @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
136
- @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
137
- end
138
-
139
- it "should return true if the pristine permission exists as a known permission in the database" do
140
- pristine_permission = PristinePermission.new(:pristine_role => @pristine_admin_role, :line_number => 4, :privilege_set_name => "not relevant")
141
-
142
- Cbac::KnownPermission.create(:permission_number => pristine_permission.line_number, :permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:context])
143
-
144
- pristine_permission.known_permission_exists?.should be_true
145
- end
146
- end
147
-
148
- describe "apply the permission" do
149
- before(:each) do
150
- @privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
151
- @admin_role = Cbac::GenericRole.create(:name => "administrator")
152
-
153
- @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
154
- @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => @admin_role.name)
155
- end
156
-
157
-
158
- it "should add the context permission to the database if operation + is used" do
159
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
160
- pristine_permission.operation = '+'
161
-
162
- proc {
163
- pristine_permission.accept
164
- }.should change(Cbac::Permission, :count).by(1)
165
- end
166
-
167
- it "should create a generic permission if operation + is used" do
168
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
169
- pristine_permission.operation = '+'
170
-
171
- proc {
172
- pristine_permission.accept
173
- }.should change(Cbac::Permission, :count).by(1)
174
- end
175
-
176
- it "should delete the pristine permission since it was accepted" do
177
- pristine_permission = PristinePermission.create(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role, :operation => '+')
178
-
179
- proc {
180
- pristine_permission.accept
181
- }.should change(PristinePermission, :count).by(-1)
182
- end
183
-
184
- it "should create a generic role if it doesn't exist in yet" do
185
- cbac_privilege_set = Cbac::PrivilegeSetRecord.create(:name => "cbac_administration")
186
-
187
- cbac_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => "cbac_administrator")
188
- pristine_permission = PristinePermission.new(:privilege_set_name => cbac_privilege_set.name, :pristine_role => cbac_admin_role)
189
- pristine_permission.operation = '+'
190
-
191
- proc {
192
- pristine_permission.accept
193
- }.should change(Cbac::GenericRole, :count).by(1)
194
- end
195
-
196
- it "should use an existing role if possible" do
197
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
198
- pristine_permission.operation = '+'
199
-
200
- pristine_permission.accept
201
- # test smell: depends on a clean database
202
- cbac_permission = Cbac::Permission.first
203
-
204
- cbac_permission.generic_role.should == @admin_role
205
- end
206
-
207
- it "should remove an existing permission if operation - is used" do
208
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
209
-
210
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
211
- pristine_permission.operation = '-'
212
-
213
- proc {
214
- pristine_permission.accept
215
- }.should change(Cbac::Permission, :count).by(-1)
216
- end
217
-
218
- it "should raise an error if operation - is used and the permission does not exist" do
219
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
220
- pristine_permission.operation = '-'
221
-
222
- proc {
223
- pristine_permission.accept
224
- }.should raise_error(ArgumentError)
225
- end
226
-
227
- it "should create a known permission to record a change" do
228
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
229
- pristine_permission.operation = '+'
230
-
231
- proc {
232
- pristine_permission.accept
233
- }.should change(Cbac::KnownPermission, :count).by(1)
234
- end
235
-
236
- it "should create a known permission with specified permission identifier" do
237
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
238
- pristine_permission.operation = '+'
239
-
240
- pristine_permission.accept
241
-
242
- known_permission = Cbac::KnownPermission.last
243
-
244
- known_permission.permission_number.should == pristine_permission.line_number
245
- end
246
-
247
- it "should create a known permission with specified role type" do
248
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
249
- pristine_permission.operation = '+'
250
-
251
- pristine_permission.accept
252
-
253
- known_permission = Cbac::KnownPermission.last
254
-
255
- known_permission.permission_type.should == Cbac::KnownPermission.PERMISSION_TYPES[:context]
256
- end
257
-
258
- it "should also create a known permission if operation - is used to revoke a permission" do
259
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
260
-
261
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
262
- pristine_permission.operation = '-'
263
-
264
- proc {
265
- pristine_permission.accept
266
- }.should change(Cbac::KnownPermission, :count).by(1)
267
- end
268
- end
269
-
270
- describe "stage the permission so it can be applied" do
271
- before(:each) do
272
- @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
273
- @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
274
- end
275
-
276
- it "should persist the pristine permission to the database" do
277
- pristine_permission = PristinePermission.new(:privilege_set_name => "login", :pristine_role => @pristine_context_role, :operation => '+')
278
-
279
- proc {
280
- pristine_permission.stage
281
- }.should change(Cbac::CbacPristine::PristinePermission, :count).by(1)
282
-
283
- end
284
-
285
- it "should persist the associated role if it doesn't exist yet" do
286
- pristine_permission = PristinePermission.new(:privilege_set_name => "login", :pristine_role => @pristine_context_role, :operation => '+')
287
-
288
- proc {
289
- pristine_permission.stage
290
- }.should change(Cbac::CbacPristine::PristineRole, :count).by(1)
291
- end
292
-
293
- it "should not create a new pristine permission if the cbac permission exists and the pristine permission wants to add" do
294
- privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
295
- Cbac::Permission.create(:privilege_set_id => privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
296
-
297
- pristine_permission = PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set.name, :pristine_role => @pristine_context_role)
298
- proc {
299
- pristine_permission.stage
300
- }.should_not change(Cbac::CbacPristine::PristinePermission, :count)
301
- end
302
-
303
- it "should create a new pristine permission if the cbac permission exists and the pristine permission wants to revoke" do
304
- privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
305
- Cbac::Permission.create(:privilege_set_id => privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
306
-
307
- pristine_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set.name, :pristine_role => @pristine_context_role)
308
- proc {
309
- pristine_permission.stage
310
- }.should change(Cbac::CbacPristine::PristinePermission, :count).by(1)
311
- end
312
-
313
- it "should not create a new pristine permission if a staged add permission exists and this pristine permission wants to revoke" do
314
- privilege_set_name = "chat"
315
- PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
316
- pristine_revoke_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
317
-
318
- proc {
319
- pristine_revoke_permission.stage
320
- }.should_not change(Cbac::CbacPristine::PristinePermission, :count).by(1)
321
- end
322
-
323
- it "should delete a staged add permission if the pristine permission wants to revoke the same permission" do
324
- privilege_set_name = "chat"
325
- PristinePermission.create(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
326
- pristine_revoke_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
327
-
328
- proc {
329
- pristine_revoke_permission.stage
330
- }.should change(Cbac::CbacPristine::PristinePermission, :count).by(-1)
331
- end
332
-
333
- it "should not create a new pristine permission if a cbac known permission exists" do
334
- known_number = 1
335
- pristine_permission = PristinePermission.new(:line_number => known_number, :privilege_set_name => "name not relevant", :pristine_role => @pristine_context_role)
336
- Cbac::KnownPermission.create(:permission_number => known_number, :permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:context])
337
-
338
- proc {
339
- pristine_permission.stage
340
- }.should_not change(Cbac::CbacPristine::PristinePermission, :count)
341
-
342
- end
343
-
344
- it "should raise an error if the same pristine permission is staged twice" do
345
- privilege_set_name = "chat"
346
- PristinePermission.create(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role, :line_number => 2)
347
- pristine_permission = PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role, :line_number => 3)
348
-
349
- proc {
350
- pristine_permission.stage
351
- }.should raise_error(ArgumentError)
352
- end
353
-
354
-
355
- end
356
-
357
- end
358
-
1
+
2
+ require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
3
+ require 'spec'
4
+ require '../lib/cbac/cbac_pristine/pristine'
5
+ require '../lib/cbac/cbac_pristine/pristine_role'
6
+ require '../lib/cbac/cbac_pristine/pristine_permission'
7
+
8
+ include Cbac::CbacPristine
9
+
10
+ describe "CbacPristinePermission" do
11
+
12
+
13
+ describe "convert pristine line to a yml fixture" do
14
+ before(:each) do
15
+ @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
16
+ @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
17
+ end
18
+
19
+
20
+ it "should raise an error if the pristine line has no role" do
21
+ pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => 'log_in', :pristine_role => nil)
22
+ lambda{
23
+ pristine_permission.to_yml_fixture
24
+ }.should raise_error(ArgumentError)
25
+ end
26
+
27
+ it "should raise an error if the pristine line has no privilege_set_name" do
28
+ pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "", :pristine_role => @context_role)
29
+ lambda{
30
+ pristine_permission.to_yml_fixture
31
+ }.should raise_error(ArgumentError)
32
+ end
33
+
34
+ it "should return a yml string starting with cbac_permission_ " do
35
+ pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "chat", :pristine_role => @context_role)
36
+
37
+ pristine_permission.to_yml_fixture.should match(/\Acbac_permission_/)
38
+ end
39
+
40
+ it "should return a yml string containing the line number of the pristine line" do
41
+ line_number= 100
42
+ pristine_permission = PristinePermission.new(:line_number => line_number, :privilege_set_name => "chat", :pristine_role => @context_role)
43
+
44
+ pristine_permission.to_yml_fixture.should match(/id: #{line_number}/)
45
+ end
46
+
47
+ it "should return a yml string containing a generic role id of 0 if a context_role is used" do
48
+ pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
49
+
50
+ pristine_permission.to_yml_fixture.should match(/generic_role_id: 0/)
51
+ end
52
+
53
+ it "should return a yml string containing the name of the context role if a context_role is used" do
54
+ pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
55
+
56
+ pristine_permission.to_yml_fixture.should match(/context_role: #{@context_role.name}/)
57
+ end
58
+
59
+ it "should return a yml string containing the id of the generic role if a generic role is used" do
60
+ pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @admin_role)
61
+
62
+ pristine_permission.to_yml_fixture.should match(/generic_role_id: #{@admin_role.id.to_s}/)
63
+ end
64
+
65
+ it "should return a yml string containing ruby code to find the privilege set by name" do
66
+ pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
67
+
68
+ pristine_permission.to_yml_fixture.should match(/privilege_set_id: \<%= Cbac::PrivilegeSetRecord.find\(:first, :conditions => \{:name => '#{pristine_permission.privilege_set_name}'\}\)\.id %>/)
69
+ end
70
+
71
+ it "should return a yml string containing created_at and updated_at" do
72
+ pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "chat", :pristine_role => @context_role)
73
+ pristine_permission.to_yml_fixture.should match(/created_at:.+updated_at:/m)
74
+ end
75
+ end
76
+
77
+ describe "check if this pristine permission exists" do
78
+ before(:each) do
79
+ @privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
80
+ @admin_role = Cbac::GenericRole.create(:name => "administrator")
81
+
82
+ @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
83
+ @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => @admin_role.name)
84
+ end
85
+
86
+ it "should return true if the pristine permission exists as generic cbac permission in the database" do
87
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => @admin_role.id)
88
+
89
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
90
+
91
+ pristine_permission.cbac_permission_exists?.should be_true
92
+ end
93
+
94
+ it "should return true if the pristine permission exists as context cbac permission in the database" do
95
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
96
+
97
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
98
+
99
+ pristine_permission.cbac_permission_exists?.should be_true
100
+ end
101
+
102
+ it "should return false if the pristine permission does not exist as context cbac permission in the database" do
103
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
104
+
105
+ pristine_permission.cbac_permission_exists?.should be_false
106
+ end
107
+
108
+ it "should return false if the pristine permission does not exist as a generic cbac permission in the database" do
109
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
110
+
111
+ pristine_permission.cbac_permission_exists?.should be_false
112
+ end
113
+
114
+ it "should return false if a similar pristine permission exist as a generic cbac permission in the database, but for another generic role" do
115
+ group_admin = Cbac::GenericRole.create(:name => "group_administrator")
116
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => group_admin.id)
117
+
118
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
119
+
120
+ pristine_permission.cbac_permission_exists?.should be_false
121
+ end
122
+
123
+ it "should return false if a similar pristine permission exist as a context cbac permission in the database, but for another context role" do
124
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => "group_owner")
125
+
126
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
127
+
128
+ pristine_permission.cbac_permission_exists?.should be_false
129
+ end
130
+ end
131
+
132
+ describe "check if a known permission exists for this pristine permission" do
133
+ before(:each) do
134
+
135
+ @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
136
+ @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
137
+ end
138
+
139
+ it "should return true if the pristine permission exists as a known permission in the database" do
140
+ pristine_permission = PristinePermission.new(:pristine_role => @pristine_admin_role, :line_number => 4, :privilege_set_name => "not relevant")
141
+
142
+ Cbac::KnownPermission.create(:permission_number => pristine_permission.line_number, :permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:context])
143
+
144
+ pristine_permission.known_permission_exists?.should be_true
145
+ end
146
+ end
147
+
148
+ describe "apply the permission" do
149
+ before(:each) do
150
+ @privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
151
+ @admin_role = Cbac::GenericRole.create(:name => "administrator")
152
+
153
+ @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
154
+ @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => @admin_role.name)
155
+ end
156
+
157
+
158
+ it "should add the context permission to the database if operation + is used" do
159
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
160
+ pristine_permission.operation = '+'
161
+
162
+ proc {
163
+ pristine_permission.accept
164
+ }.should change(Cbac::Permission, :count).by(1)
165
+ end
166
+
167
+ it "should create a generic permission if operation + is used" do
168
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
169
+ pristine_permission.operation = '+'
170
+
171
+ proc {
172
+ pristine_permission.accept
173
+ }.should change(Cbac::Permission, :count).by(1)
174
+ end
175
+
176
+ it "should delete the pristine permission since it was accepted" do
177
+ pristine_permission = PristinePermission.create(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role, :operation => '+')
178
+
179
+ proc {
180
+ pristine_permission.accept
181
+ }.should change(PristinePermission, :count).by(-1)
182
+ end
183
+
184
+ it "should create a generic role if it doesn't exist in yet" do
185
+ cbac_privilege_set = Cbac::PrivilegeSetRecord.create(:name => "cbac_administration")
186
+
187
+ cbac_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => "cbac_administrator")
188
+ pristine_permission = PristinePermission.new(:privilege_set_name => cbac_privilege_set.name, :pristine_role => cbac_admin_role)
189
+ pristine_permission.operation = '+'
190
+
191
+ proc {
192
+ pristine_permission.accept
193
+ }.should change(Cbac::GenericRole, :count).by(1)
194
+ end
195
+
196
+ it "should use an existing role if possible" do
197
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
198
+ pristine_permission.operation = '+'
199
+
200
+ pristine_permission.accept
201
+ # test smell: depends on a clean database
202
+ cbac_permission = Cbac::Permission.first
203
+
204
+ cbac_permission.generic_role.should == @admin_role
205
+ end
206
+
207
+ it "should remove an existing permission if operation - is used" do
208
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
209
+
210
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
211
+ pristine_permission.operation = '-'
212
+
213
+ proc {
214
+ pristine_permission.accept
215
+ }.should change(Cbac::Permission, :count).by(-1)
216
+ end
217
+
218
+ it "should raise an error if operation - is used and the permission does not exist" do
219
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
220
+ pristine_permission.operation = '-'
221
+
222
+ proc {
223
+ pristine_permission.accept
224
+ }.should raise_error(ArgumentError)
225
+ end
226
+
227
+ it "should create a known permission to record a change" do
228
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
229
+ pristine_permission.operation = '+'
230
+
231
+ proc {
232
+ pristine_permission.accept
233
+ }.should change(Cbac::KnownPermission, :count).by(1)
234
+ end
235
+
236
+ it "should create a known permission with specified permission identifier" do
237
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
238
+ pristine_permission.operation = '+'
239
+
240
+ pristine_permission.accept
241
+
242
+ known_permission = Cbac::KnownPermission.last
243
+
244
+ known_permission.permission_number.should == pristine_permission.line_number
245
+ end
246
+
247
+ it "should create a known permission with specified role type" do
248
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
249
+ pristine_permission.operation = '+'
250
+
251
+ pristine_permission.accept
252
+
253
+ known_permission = Cbac::KnownPermission.last
254
+
255
+ known_permission.permission_type.should == Cbac::KnownPermission.PERMISSION_TYPES[:context]
256
+ end
257
+
258
+ it "should also create a known permission if operation - is used to revoke a permission" do
259
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
260
+
261
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
262
+ pristine_permission.operation = '-'
263
+
264
+ proc {
265
+ pristine_permission.accept
266
+ }.should change(Cbac::KnownPermission, :count).by(1)
267
+ end
268
+ end
269
+
270
+ describe "stage the permission so it can be applied" do
271
+ before(:each) do
272
+ @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
273
+ @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
274
+ end
275
+
276
+ it "should persist the pristine permission to the database" do
277
+ pristine_permission = PristinePermission.new(:privilege_set_name => "login", :pristine_role => @pristine_context_role, :operation => '+')
278
+
279
+ proc {
280
+ pristine_permission.stage
281
+ }.should change(Cbac::CbacPristine::PristinePermission, :count).by(1)
282
+
283
+ end
284
+
285
+ it "should persist the associated role if it doesn't exist yet" do
286
+ pristine_permission = PristinePermission.new(:privilege_set_name => "login", :pristine_role => @pristine_context_role, :operation => '+')
287
+
288
+ proc {
289
+ pristine_permission.stage
290
+ }.should change(Cbac::CbacPristine::PristineRole, :count).by(1)
291
+ end
292
+
293
+ it "should not create a new pristine permission if the cbac permission exists and the pristine permission wants to add" do
294
+ privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
295
+ Cbac::Permission.create(:privilege_set_id => privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
296
+
297
+ pristine_permission = PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set.name, :pristine_role => @pristine_context_role)
298
+ proc {
299
+ pristine_permission.stage
300
+ }.should_not change(Cbac::CbacPristine::PristinePermission, :count)
301
+ end
302
+
303
+ it "should create a new pristine permission if the cbac permission exists and the pristine permission wants to revoke" do
304
+ privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
305
+ Cbac::Permission.create(:privilege_set_id => privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
306
+
307
+ pristine_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set.name, :pristine_role => @pristine_context_role)
308
+ proc {
309
+ pristine_permission.stage
310
+ }.should change(Cbac::CbacPristine::PristinePermission, :count).by(1)
311
+ end
312
+
313
+ it "should not create a new pristine permission if a staged add permission exists and this pristine permission wants to revoke" do
314
+ privilege_set_name = "chat"
315
+ PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
316
+ pristine_revoke_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
317
+
318
+ proc {
319
+ pristine_revoke_permission.stage
320
+ }.should_not change(Cbac::CbacPristine::PristinePermission, :count).by(1)
321
+ end
322
+
323
+ it "should delete a staged add permission if the pristine permission wants to revoke the same permission" do
324
+ privilege_set_name = "chat"
325
+ PristinePermission.create(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
326
+ pristine_revoke_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
327
+
328
+ proc {
329
+ pristine_revoke_permission.stage
330
+ }.should change(Cbac::CbacPristine::PristinePermission, :count).by(-1)
331
+ end
332
+
333
+ it "should not create a new pristine permission if a cbac known permission exists" do
334
+ known_number = 1
335
+ pristine_permission = PristinePermission.new(:line_number => known_number, :privilege_set_name => "name not relevant", :pristine_role => @pristine_context_role)
336
+ Cbac::KnownPermission.create(:permission_number => known_number, :permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:context])
337
+
338
+ proc {
339
+ pristine_permission.stage
340
+ }.should_not change(Cbac::CbacPristine::PristinePermission, :count)
341
+
342
+ end
343
+
344
+ it "should raise an error if the same pristine permission is staged twice" do
345
+ privilege_set_name = "chat"
346
+ PristinePermission.create(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role, :line_number => 2)
347
+ pristine_permission = PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role, :line_number => 3)
348
+
349
+ proc {
350
+ pristine_permission.stage
351
+ }.should raise_error(ArgumentError)
352
+ end
353
+
354
+
355
+ end
356
+
357
+ end
358
+