cbac 0.6.1 → 0.6.2

data/spec/cbac_pristine_file_spec.rb

@@ -1,330 +1,330 @@
-require 'spec'
-require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
-require 'cbac/cbac_pristine/pristine'
-require 'cbac/cbac_pristine/pristine_permission'
-require 'cbac/cbac_pristine/pristine_role'
-require 'cbac/cbac_pristine/pristine_file'
-include Cbac::CbacPristine
-
-describe "CbacPristineFile" do
-  before(:each) do
-      @pristine_file = PristineFile.new("cbac.pristine")
-  end
-
-  describe "indicate if a line looks like a pristine line" do
-    
-    it "should indicate that a ruby style comment line is not a pristine line" do
-      comment_line = "#this is a comment line in Ruby"
-
-      @pristine_file.is_pristine_permission_line?(comment_line, 1).should be_false
-    end
-
-    it "should raise an error if the line does not look like a pristine line" do
-      line = "this is not pristine line. And it isn't a comment. 1"
-
-      proc{
-        @pristine_file.is_pristine_permission_line?(line, 0)
-      }.should raise_error(SyntaxError)
-    end
-
-    it "should return true in case of a valid pristine line" do
-      line = "0:+:PrivilegeSet(login)ContextRole(everybody)"
-
-      @pristine_file.is_pristine_permission_line?(line, 0).should be_true
-    end
-
-    it "should fail if the id of the pristine line contains a character" do
-      line = "0b:+:PrivilegeSet(login)ContextRole(everybody)"
-
-      proc{
-        @pristine_file.is_pristine_permission_line?(line, 0)
-      }.should raise_error(SyntaxError)
-      end
-
-    it "should succeed if the privilege set name is not provided" do
-      line = "0:+:PrivilegeSet()Admin()"
-
-      @pristine_file.is_pristine_permission_line?(line, 0).should be_true
-    end
-
-    it "should succeed if the context role name is not provided" do
-      line = "0:+:PrivilegeSet(login)ContextRole()"
-
-      @pristine_file.is_pristine_permission_line?(line, 0).should be_true
-    end
-
-  end
-
-  describe "parse the privilege set name from a pristine line" do
-    it "should fail if the privilege set name is not provided" do
-      line = "0:+:PrivilegeSet()Admin()"
-
-      proc{
-        @pristine_file.parse_privilege_set_name(line, 0)
-      }.should raise_error(SyntaxError)
-    end
-
-    it "should return the name of the privilege set provided in the line" do
-      privilege_set_name = "chat"
-      line = "0:+:PrivilegeSet(#{privilege_set_name})Admin()"
-
-      @pristine_file.parse_privilege_set_name(line, 0).should == privilege_set_name      
-    end
-
-    it "should fail if an invalid line is provided" do
-      line = "0:+:ContextRole(toeteraars)"
-
-      proc{
-          @pristine_file.parse_privilege_set_name(line, 0)
-      }.should raise_error(SyntaxError)
-    end
-  end
-
-  describe "parse the role from a pristine line" do
-    it "should return the admin role if the role is Admin()" do
-      admin_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:admin], :name => 'administrator')
-      PristineRole.stub!(:admin_role).and_return(admin_role)
-      line = "0:+:PrivilegeSet(chat)Admin()"
-
-      @pristine_file.parse_role(line, 0).should == admin_role
-    end
-
-    it "should return a context role if the role specified as ContextRole" do
-      line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
-
-      @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:context]
-    end
-
-    it "should return a context role with specified name if the role specified as ContextRole" do
-      context_role_name = "logged_in_user"
-      line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
-
-      @pristine_file.parse_role(line, 0).name.should == context_role_name
-    end
-
-    it "should return an existing context role with specified name if possible" do
-      context_role_name = "logged_in_user"
-      line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
-      existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
-
-      @pristine_file.parse_role(line, 0).should == existing_context_role
-    end
-
-    it "should not return an existing context role with specified name if db should not be used" do
-      context_role_name = "logged_in_user"
-      line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
-      existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
-
-      @pristine_file.parse_role(line, 0, false).should_not == existing_context_role
-    end
-
-    it "should return a context role with id of 0 if the role specified as ContextRole" do
-      line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
-
-      @pristine_file.parse_role(line, 0).role_id.should == 0
-    end
-
-    it "should fail if an invalid line is provided" do
-      line = "0:+:PrivilegeSet(toeteraars)"
-
-      proc{
-           @pristine_file.parse_role(line, 0)
-      }.should raise_error(SyntaxError)
-    end
-
-    it "should fail if a generic role is provided for the normal (non-generic) pristine file" do
-      line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
-
-      proc{
-           @pristine_file.parse_role(line, 0)
-      }.should raise_error(SyntaxError)
-    end
-
-
-    it "should return a generic role if a generic pristine file is used" do
-      @pristine_file = GenericPristineFile.new("cbac.pristine")
-      line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
-
-      @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:generic]
-    end
-
-    it "should return an existing generic role if use_db is not specified" do
-      generic_role_name = 'group_admins'
-      @pristine_file = GenericPristineFile.new("cbac.pristine")
-      line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
-      existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
-
-      @pristine_file.parse_role(line, 0).should == existing_role
-    end
-
-    it "should not use an existing role if use_db is set to false" do
-      generic_role_name = 'group_admins'
-      @pristine_file = GenericPristineFile.new("cbac.pristine")
-      line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
-      existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
-
-      @pristine_file.parse_role(line, 0, false).should_not == existing_role
-    end
-
-    it "should fail if an Admin role is used in a generic pristine file" do
-      @pristine_file = GenericPristineFile.new("cbac.pristine")
-      line = "0:+:PrivilegeSet(chat)Admin()"
-
-      proc{
-           @pristine_file.parse_role(line, 0)
-      }.should raise_error(SyntaxError)
-    end
-
-    it "should fail if an context role is used in a generic pristine file" do
-      @pristine_file = GenericPristineFile.new("cbac.pristine")
-      line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
-
-      proc{
-           @pristine_file.parse_role(line, 0)
-      }.should raise_error(SyntaxError)
-    end
-
-    it "should fail if an invalid line is provided in a generic pristine file" do
-      @pristine_file = GenericPristineFile.new("cbac.pristine")
-      line = "0:+:PrivilegeSet(toeteraars)"
-
-      proc{
-           @pristine_file.parse_role(line, 0)
-      }.should raise_error(SyntaxError)
-    end
-  end
-
-  describe "parsing a cbac_pristine file" do
-
-    it "should fail if a row number is used twice" do
-      pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
-      pristine_file_lines.push("0:+:PrivilegeSet(log_in)ContextRole(everybody)")
-      
-      File.stub!(:open).and_return(pristine_file_lines)
-
-      pristine_file = PristineFile.new("cbac.pristine")
-
-      proc{
-        pristine_file.parse
-      }.should raise_error(SyntaxError)
-    end
-
-    it "should fill the lines array with an object for each file line" do
-      pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
-      pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
-      pristine_file_lines.push("2:+:PrivilegeSet(log_out)ContextRole(logged_in_user)")
-
-      File.stub!(:open).and_return(pristine_file_lines)
-
-      pristine_file = PristineFile.new("cbac.pristine")
-      pristine_file.parse
-
-      pristine_file.permissions.length.should == pristine_file_lines.length
-    end
-
-    it "should not create an object for a comment line" do
-      pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
-      pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
-      pristine_file_lines.push("#this is a Ruby comment line")
-
-      File.stub!(:open).and_return(pristine_file_lines)
-
-      pristine_file = PristineFile.new("cbac.pristine")
-      pristine_file.parse
-
-      pristine_file.permissions.length.should == 2
-    end
-
-    it "should also add a permission object if permission is revoked (operand - is used)" do
-      pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
-      pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
-      pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(logged_in_user)")
-
-      File.stub!(:open).and_return(pristine_file_lines)
-
-      pristine_file = PristineFile.new("cbac.pristine")
-      pristine_file.parse
-
-      pristine_file.permissions.length.should == 3
-      pristine_file.permissions[2].operation.should == '-'
-    end
-
-    it "should fail if a permission is revoked which wasn't added before" do
-      pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
-      pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
-      pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(everybody)")
-
-      File.stub!(:open).and_return(pristine_file_lines)
-
-      pristine_file = PristineFile.new("cbac.pristine")
-      proc{
-        pristine_file.parse
-      }.should raise_error(SyntaxError)
-    end
-
-    it "should fail if an x is used as an operand" do
-      pristine_file_lines = ["0:x:PrivilegeSet(chat)ContextRole(logged_in_user)"]
-      File.stub!(:open).and_return(pristine_file_lines)
-
-      pristine_file = PristineFile.new("cbac.pristine")
-      proc{
-        pristine_file.parse
-      }.should raise_error(NotImplementedError)
-    end
-
-    it "should fail if an => is used as an operand" do
-      pristine_file_lines = ["0:=>:PrivilegeSet(chat)ContextRole(logged_in_user)"]
-      File.stub!(:open).and_return(pristine_file_lines)
-
-      pristine_file = PristineFile.new("cbac.pristine")
-      proc{
-        pristine_file.parse
-      }.should raise_error(NotImplementedError)
-    end
-  end
-
-  describe "permission set" do
-    before(:each) do
-      @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
-      @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin],:name => "administrator")
-      @pristine_file = PristineFile.new("cbac.pristine")
-    end
-
-    it "should filter out the permissions which were revoked" do
-      permission_to_revoke = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
-      @pristine_file.permissions.push(permission_to_revoke)
-      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => permission_to_revoke.privilege_set_name, :pristine_role => permission_to_revoke.pristine_role, :operation => '-'))
-
-      @pristine_file.permission_set.should_not include(permission_to_revoke)
-    end
-
-     it "should not include the revoke permission itself" do
-      revoke_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '-')
-      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => revoke_permission.privilege_set_name, :pristine_role => revoke_permission.pristine_role, :operation => '+'))
-      @pristine_file.permissions.push(revoke_permission)
-
-      @pristine_file.permission_set.should_not include(revoke_permission)
-    end
-
-    it "should contain the permission if it is re-applied" do
-      re_applied_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
-      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '+'))
-      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name =>  re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '-'))
-      @pristine_file.permissions.push(re_applied_permission)
-
-      @pristine_file.permission_set.should include(re_applied_permission)
-    end
-
-    it "should raise an error if a permission is revoked which wasn't created before" do
-      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name =>  "chat", :pristine_role => @context_role, :operation => '+'))
-      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name =>  "login", :pristine_role => @context_role, :operation =>  '+'))
-      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name =>  "blog_read", :pristine_role => @context_role, :operation =>  '-'))
-      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name =>  "update_blog", :pristine_role => @context_role, :operation => '+'))
-
-      proc {
-        @pristine_file.permission_set
-      }.should raise_error(ArgumentError)
-
-    end
-  end
+require 'spec'
+require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
+require 'cbac/cbac_pristine/pristine'
+require 'cbac/cbac_pristine/pristine_permission'
+require 'cbac/cbac_pristine/pristine_role'
+require 'cbac/cbac_pristine/pristine_file'
+include Cbac::CbacPristine
+
+describe "CbacPristineFile" do
+  before(:each) do
+      @pristine_file = PristineFile.new("cbac.pristine")
+  end
+
+  describe "indicate if a line looks like a pristine line" do
+    
+    it "should indicate that a ruby style comment line is not a pristine line" do
+      comment_line = "#this is a comment line in Ruby"
+
+      @pristine_file.is_pristine_permission_line?(comment_line, 1).should be_false
+    end
+
+    it "should raise an error if the line does not look like a pristine line" do
+      line = "this is not pristine line. And it isn't a comment. 1"
+
+      proc{
+        @pristine_file.is_pristine_permission_line?(line, 0)
+      }.should raise_error(SyntaxError)
+    end
+
+    it "should return true in case of a valid pristine line" do
+      line = "0:+:PrivilegeSet(login)ContextRole(everybody)"
+
+      @pristine_file.is_pristine_permission_line?(line, 0).should be_true
+    end
+
+    it "should fail if the id of the pristine line contains a character" do
+      line = "0b:+:PrivilegeSet(login)ContextRole(everybody)"
+
+      proc{
+        @pristine_file.is_pristine_permission_line?(line, 0)
+      }.should raise_error(SyntaxError)
+      end
+
+    it "should succeed if the privilege set name is not provided" do
+      line = "0:+:PrivilegeSet()Admin()"
+
+      @pristine_file.is_pristine_permission_line?(line, 0).should be_true
+    end
+
+    it "should succeed if the context role name is not provided" do
+      line = "0:+:PrivilegeSet(login)ContextRole()"
+
+      @pristine_file.is_pristine_permission_line?(line, 0).should be_true
+    end
+
+  end
+
+  describe "parse the privilege set name from a pristine line" do
+    it "should fail if the privilege set name is not provided" do
+      line = "0:+:PrivilegeSet()Admin()"
+
+      proc{
+        @pristine_file.parse_privilege_set_name(line, 0)
+      }.should raise_error(SyntaxError)
+    end
+
+    it "should return the name of the privilege set provided in the line" do
+      privilege_set_name = "chat"
+      line = "0:+:PrivilegeSet(#{privilege_set_name})Admin()"
+
+      @pristine_file.parse_privilege_set_name(line, 0).should == privilege_set_name      
+    end
+
+    it "should fail if an invalid line is provided" do
+      line = "0:+:ContextRole(toeteraars)"
+
+      proc{
+          @pristine_file.parse_privilege_set_name(line, 0)
+      }.should raise_error(SyntaxError)
+    end
+  end
+
+  describe "parse the role from a pristine line" do
+    it "should return the admin role if the role is Admin()" do
+      admin_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:admin], :name => 'administrator')
+      PristineRole.stub!(:admin_role).and_return(admin_role)
+      line = "0:+:PrivilegeSet(chat)Admin()"
+
+      @pristine_file.parse_role(line, 0).should == admin_role
+    end
+
+    it "should return a context role if the role specified as ContextRole" do
+      line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
+
+      @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:context]
+    end
+
+    it "should return a context role with specified name if the role specified as ContextRole" do
+      context_role_name = "logged_in_user"
+      line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
+
+      @pristine_file.parse_role(line, 0).name.should == context_role_name
+    end
+
+    it "should return an existing context role with specified name if possible" do
+      context_role_name = "logged_in_user"
+      line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
+      existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
+
+      @pristine_file.parse_role(line, 0).should == existing_context_role
+    end
+
+    it "should not return an existing context role with specified name if db should not be used" do
+      context_role_name = "logged_in_user"
+      line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
+      existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
+
+      @pristine_file.parse_role(line, 0, false).should_not == existing_context_role
+    end
+
+    it "should return a context role with id of 0 if the role specified as ContextRole" do
+      line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
+
+      @pristine_file.parse_role(line, 0).role_id.should == 0
+    end
+
+    it "should fail if an invalid line is provided" do
+      line = "0:+:PrivilegeSet(toeteraars)"
+
+      proc{
+           @pristine_file.parse_role(line, 0)
+      }.should raise_error(SyntaxError)
+    end
+
+    it "should fail if a generic role is provided for the normal (non-generic) pristine file" do
+      line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
+
+      proc{
+           @pristine_file.parse_role(line, 0)
+      }.should raise_error(SyntaxError)
+    end
+
+
+    it "should return a generic role if a generic pristine file is used" do
+      @pristine_file = GenericPristineFile.new("cbac.pristine")
+      line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
+
+      @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:generic]
+    end
+
+    it "should return an existing generic role if use_db is not specified" do
+      generic_role_name = 'group_admins'
+      @pristine_file = GenericPristineFile.new("cbac.pristine")
+      line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
+      existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
+
+      @pristine_file.parse_role(line, 0).should == existing_role
+    end
+
+    it "should not use an existing role if use_db is set to false" do
+      generic_role_name = 'group_admins'
+      @pristine_file = GenericPristineFile.new("cbac.pristine")
+      line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
+      existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
+
+      @pristine_file.parse_role(line, 0, false).should_not == existing_role
+    end
+
+    it "should fail if an Admin role is used in a generic pristine file" do
+      @pristine_file = GenericPristineFile.new("cbac.pristine")
+      line = "0:+:PrivilegeSet(chat)Admin()"
+
+      proc{
+           @pristine_file.parse_role(line, 0)
+      }.should raise_error(SyntaxError)
+    end
+
+    it "should fail if an context role is used in a generic pristine file" do
+      @pristine_file = GenericPristineFile.new("cbac.pristine")
+      line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
+
+      proc{
+           @pristine_file.parse_role(line, 0)
+      }.should raise_error(SyntaxError)
+    end
+
+    it "should fail if an invalid line is provided in a generic pristine file" do
+      @pristine_file = GenericPristineFile.new("cbac.pristine")
+      line = "0:+:PrivilegeSet(toeteraars)"
+
+      proc{
+           @pristine_file.parse_role(line, 0)
+      }.should raise_error(SyntaxError)
+    end
+  end
+
+  describe "parsing a cbac_pristine file" do
+
+    it "should fail if a row number is used twice" do
+      pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
+      pristine_file_lines.push("0:+:PrivilegeSet(log_in)ContextRole(everybody)")
+      
+      File.stub!(:open).and_return(pristine_file_lines)
+
+      pristine_file = PristineFile.new("cbac.pristine")
+
+      proc{
+        pristine_file.parse
+      }.should raise_error(SyntaxError)
+    end
+
+    it "should fill the lines array with an object for each file line" do
+      pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
+      pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
+      pristine_file_lines.push("2:+:PrivilegeSet(log_out)ContextRole(logged_in_user)")
+
+      File.stub!(:open).and_return(pristine_file_lines)
+
+      pristine_file = PristineFile.new("cbac.pristine")
+      pristine_file.parse
+
+      pristine_file.permissions.length.should == pristine_file_lines.length
+    end
+
+    it "should not create an object for a comment line" do
+      pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
+      pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
+      pristine_file_lines.push("#this is a Ruby comment line")
+
+      File.stub!(:open).and_return(pristine_file_lines)
+
+      pristine_file = PristineFile.new("cbac.pristine")
+      pristine_file.parse
+
+      pristine_file.permissions.length.should == 2
+    end
+
+    it "should also add a permission object if permission is revoked (operand - is used)" do
+      pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
+      pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
+      pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(logged_in_user)")
+
+      File.stub!(:open).and_return(pristine_file_lines)
+
+      pristine_file = PristineFile.new("cbac.pristine")
+      pristine_file.parse
+
+      pristine_file.permissions.length.should == 3
+      pristine_file.permissions[2].operation.should == '-'
+    end
+
+    it "should fail if a permission is revoked which wasn't added before" do
+      pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
+      pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
+      pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(everybody)")
+
+      File.stub!(:open).and_return(pristine_file_lines)
+
+      pristine_file = PristineFile.new("cbac.pristine")
+      proc{
+        pristine_file.parse
+      }.should raise_error(SyntaxError)
+    end
+
+    it "should fail if an x is used as an operand" do
+      pristine_file_lines = ["0:x:PrivilegeSet(chat)ContextRole(logged_in_user)"]
+      File.stub!(:open).and_return(pristine_file_lines)
+
+      pristine_file = PristineFile.new("cbac.pristine")
+      proc{
+        pristine_file.parse
+      }.should raise_error(NotImplementedError)
+    end
+
+    it "should fail if an => is used as an operand" do
+      pristine_file_lines = ["0:=>:PrivilegeSet(chat)ContextRole(logged_in_user)"]
+      File.stub!(:open).and_return(pristine_file_lines)
+
+      pristine_file = PristineFile.new("cbac.pristine")
+      proc{
+        pristine_file.parse
+      }.should raise_error(NotImplementedError)
+    end
+  end
+
+  describe "permission set" do
+    before(:each) do
+      @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
+      @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin],:name => "administrator")
+      @pristine_file = PristineFile.new("cbac.pristine")
+    end
+
+    it "should filter out the permissions which were revoked" do
+      permission_to_revoke = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
+      @pristine_file.permissions.push(permission_to_revoke)
+      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => permission_to_revoke.privilege_set_name, :pristine_role => permission_to_revoke.pristine_role, :operation => '-'))
+
+      @pristine_file.permission_set.should_not include(permission_to_revoke)
+    end
+
+     it "should not include the revoke permission itself" do
+      revoke_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '-')
+      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => revoke_permission.privilege_set_name, :pristine_role => revoke_permission.pristine_role, :operation => '+'))
+      @pristine_file.permissions.push(revoke_permission)
+
+      @pristine_file.permission_set.should_not include(revoke_permission)
+    end
+
+    it "should contain the permission if it is re-applied" do
+      re_applied_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
+      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '+'))
+      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name =>  re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '-'))
+      @pristine_file.permissions.push(re_applied_permission)
+
+      @pristine_file.permission_set.should include(re_applied_permission)
+    end
+
+    it "should raise an error if a permission is revoked which wasn't created before" do
+      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name =>  "chat", :pristine_role => @context_role, :operation => '+'))
+      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name =>  "login", :pristine_role => @context_role, :operation =>  '+'))
+      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name =>  "blog_read", :pristine_role => @context_role, :operation =>  '-'))
+      @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name =>  "update_blog", :pristine_role => @context_role, :operation => '+'))
+
+      proc {
+        @pristine_file.permission_set
+      }.should raise_error(ArgumentError)
+
+    end
+  end
 end