cbac 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. data/Manifest +70 -74
  2. data/README.rdoc +51 -51
  3. data/Rakefile +39 -39
  4. data/cbac.gemspec +30 -31
  5. data/config/cbac/context_roles.rb +21 -21
  6. data/config/cbac/privileges.rb +50 -50
  7. data/context_roles.rb +21 -21
  8. data/init.rb +3 -3
  9. data/lib/cbac.rb +132 -132
  10. data/lib/cbac/cbac_pristine/pristine.rb +138 -135
  11. data/lib/cbac/cbac_pristine/pristine_file.rb +173 -170
  12. data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -194
  13. data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
  14. data/lib/cbac/config.rb +9 -9
  15. data/lib/cbac/context_role.rb +27 -27
  16. data/lib/cbac/generic_role.rb +5 -5
  17. data/lib/cbac/known_permission.rb +14 -14
  18. data/lib/cbac/membership.rb +3 -3
  19. data/lib/cbac/permission.rb +5 -5
  20. data/lib/cbac/privilege.rb +117 -117
  21. data/lib/cbac/privilege_new_api.rb +56 -56
  22. data/lib/cbac/privilege_set.rb +29 -29
  23. data/lib/cbac/privilege_set_record.rb +6 -6
  24. data/lib/cbac/setup.rb +37 -37
  25. data/lib/generators/cbac/USAGE +33 -33
  26. data/lib/generators/cbac/cbac_generator.rb +75 -75
  27. data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
  28. data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
  29. data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
  30. data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
  31. data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
  32. data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
  33. data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
  34. data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
  35. data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
  36. data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
  37. data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
  38. data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
  39. data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -31
  40. data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
  41. data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
  42. data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
  43. data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
  44. data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
  45. data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
  46. data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
  47. data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
  48. data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
  49. data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
  50. data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -0
  51. data/privileges.rb +50 -50
  52. data/spec/cbac_pristine_file_spec.rb +329 -329
  53. data/spec/cbac_pristine_permission_spec.rb +358 -358
  54. data/spec/cbac_pristine_role_spec.rb +85 -85
  55. data/spec/rcov.opts +1 -1
  56. data/spec/spec.opts +4 -4
  57. data/spec/spec_helper.rb +11 -11
  58. data/tasks/cbac.rake +345 -345
  59. data/test/fixtures/cbac_generic_roles.yml +9 -9
  60. data/test/fixtures/cbac_memberships.yml +8 -8
  61. data/test/fixtures/cbac_permissions.yml +14 -14
  62. data/test/fixtures/cbac_privilege_set.yml +18 -18
  63. data/test/test_cbac_actions.rb +71 -71
  64. data/test/test_cbac_authorize_context_roles.rb +39 -39
  65. data/test/test_cbac_authorize_generic_roles.rb +36 -36
  66. data/test/test_cbac_context_role.rb +50 -50
  67. data/test/test_cbac_privilege.rb +151 -151
  68. data/test/test_cbac_privilege_set.rb +50 -50
  69. data/test/test_helper.rb +28 -28
  70. metadata +14 -15
  71. data/nbproject/private/private.properties +0 -3
  72. data/nbproject/private/private.xml +0 -4
  73. data/nbproject/private/rake-d.txt +0 -0
  74. data/nbproject/project.properties +0 -9
  75. data/nbproject/project.xml +0 -16
@@ -1,330 +1,330 @@
1
- require 'spec'
2
- require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
3
- require 'cbac/cbac_pristine/pristine'
4
- require 'cbac/cbac_pristine/pristine_permission'
5
- require 'cbac/cbac_pristine/pristine_role'
6
- require 'cbac/cbac_pristine/pristine_file'
7
- include Cbac::CbacPristine
8
-
9
- describe "CbacPristineFile" do
10
- before(:each) do
11
- @pristine_file = PristineFile.new("cbac.pristine")
12
- end
13
-
14
- describe "indicate if a line looks like a pristine line" do
15
-
16
- it "should indicate that a ruby style comment line is not a pristine line" do
17
- comment_line = "#this is a comment line in Ruby"
18
-
19
- @pristine_file.is_pristine_permission_line?(comment_line, 1).should be_false
20
- end
21
-
22
- it "should raise an error if the line does not look like a pristine line" do
23
- line = "this is not pristine line. And it isn't a comment. 1"
24
-
25
- proc{
26
- @pristine_file.is_pristine_permission_line?(line, 0)
27
- }.should raise_error(SyntaxError)
28
- end
29
-
30
- it "should return true in case of a valid pristine line" do
31
- line = "0:+:PrivilegeSet(login)ContextRole(everybody)"
32
-
33
- @pristine_file.is_pristine_permission_line?(line, 0).should be_true
34
- end
35
-
36
- it "should fail if the id of the pristine line contains a character" do
37
- line = "0b:+:PrivilegeSet(login)ContextRole(everybody)"
38
-
39
- proc{
40
- @pristine_file.is_pristine_permission_line?(line, 0)
41
- }.should raise_error(SyntaxError)
42
- end
43
-
44
- it "should succeed if the privilege set name is not provided" do
45
- line = "0:+:PrivilegeSet()Admin()"
46
-
47
- @pristine_file.is_pristine_permission_line?(line, 0).should be_true
48
- end
49
-
50
- it "should succeed if the context role name is not provided" do
51
- line = "0:+:PrivilegeSet(login)ContextRole()"
52
-
53
- @pristine_file.is_pristine_permission_line?(line, 0).should be_true
54
- end
55
-
56
- end
57
-
58
- describe "parse the privilege set name from a pristine line" do
59
- it "should fail if the privilege set name is not provided" do
60
- line = "0:+:PrivilegeSet()Admin()"
61
-
62
- proc{
63
- @pristine_file.parse_privilege_set_name(line, 0)
64
- }.should raise_error(SyntaxError)
65
- end
66
-
67
- it "should return the name of the privilege set provided in the line" do
68
- privilege_set_name = "chat"
69
- line = "0:+:PrivilegeSet(#{privilege_set_name})Admin()"
70
-
71
- @pristine_file.parse_privilege_set_name(line, 0).should == privilege_set_name
72
- end
73
-
74
- it "should fail if an invalid line is provided" do
75
- line = "0:+:ContextRole(toeteraars)"
76
-
77
- proc{
78
- @pristine_file.parse_privilege_set_name(line, 0)
79
- }.should raise_error(SyntaxError)
80
- end
81
- end
82
-
83
- describe "parse the role from a pristine line" do
84
- it "should return the admin role if the role is Admin()" do
85
- admin_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:admin], :name => 'administrator')
86
- PristineRole.stub!(:admin_role).and_return(admin_role)
87
- line = "0:+:PrivilegeSet(chat)Admin()"
88
-
89
- @pristine_file.parse_role(line, 0).should == admin_role
90
- end
91
-
92
- it "should return a context role if the role specified as ContextRole" do
93
- line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
94
-
95
- @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:context]
96
- end
97
-
98
- it "should return a context role with specified name if the role specified as ContextRole" do
99
- context_role_name = "logged_in_user"
100
- line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
101
-
102
- @pristine_file.parse_role(line, 0).name.should == context_role_name
103
- end
104
-
105
- it "should return an existing context role with specified name if possible" do
106
- context_role_name = "logged_in_user"
107
- line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
108
- existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
109
-
110
- @pristine_file.parse_role(line, 0).should == existing_context_role
111
- end
112
-
113
- it "should not return an existing context role with specified name if db should not be used" do
114
- context_role_name = "logged_in_user"
115
- line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
116
- existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
117
-
118
- @pristine_file.parse_role(line, 0, false).should_not == existing_context_role
119
- end
120
-
121
- it "should return a context role with id of 0 if the role specified as ContextRole" do
122
- line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
123
-
124
- @pristine_file.parse_role(line, 0).role_id.should == 0
125
- end
126
-
127
- it "should fail if an invalid line is provided" do
128
- line = "0:+:PrivilegeSet(toeteraars)"
129
-
130
- proc{
131
- @pristine_file.parse_role(line, 0)
132
- }.should raise_error(SyntaxError)
133
- end
134
-
135
- it "should fail if a generic role is provided for the normal (non-generic) pristine file" do
136
- line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
137
-
138
- proc{
139
- @pristine_file.parse_role(line, 0)
140
- }.should raise_error(SyntaxError)
141
- end
142
-
143
-
144
- it "should return a generic role if a generic pristine file is used" do
145
- @pristine_file = GenericPristineFile.new("cbac.pristine")
146
- line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
147
-
148
- @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:generic]
149
- end
150
-
151
- it "should return an existing generic role if use_db is not specified" do
152
- generic_role_name = 'group_admins'
153
- @pristine_file = GenericPristineFile.new("cbac.pristine")
154
- line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
155
- existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
156
-
157
- @pristine_file.parse_role(line, 0).should == existing_role
158
- end
159
-
160
- it "should not use an existing role if use_db is set to false" do
161
- generic_role_name = 'group_admins'
162
- @pristine_file = GenericPristineFile.new("cbac.pristine")
163
- line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
164
- existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
165
-
166
- @pristine_file.parse_role(line, 0, false).should_not == existing_role
167
- end
168
-
169
- it "should fail if an Admin role is used in a generic pristine file" do
170
- @pristine_file = GenericPristineFile.new("cbac.pristine")
171
- line = "0:+:PrivilegeSet(chat)Admin()"
172
-
173
- proc{
174
- @pristine_file.parse_role(line, 0)
175
- }.should raise_error(SyntaxError)
176
- end
177
-
178
- it "should fail if an context role is used in a generic pristine file" do
179
- @pristine_file = GenericPristineFile.new("cbac.pristine")
180
- line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
181
-
182
- proc{
183
- @pristine_file.parse_role(line, 0)
184
- }.should raise_error(SyntaxError)
185
- end
186
-
187
- it "should fail if an invalid line is provided in a generic pristine file" do
188
- @pristine_file = GenericPristineFile.new("cbac.pristine")
189
- line = "0:+:PrivilegeSet(toeteraars)"
190
-
191
- proc{
192
- @pristine_file.parse_role(line, 0)
193
- }.should raise_error(SyntaxError)
194
- end
195
- end
196
-
197
- describe "parsing a cbac_pristine file" do
198
-
199
- it "should fail if a row number is used twice" do
200
- pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
201
- pristine_file_lines.push("0:+:PrivilegeSet(log_in)ContextRole(everybody)")
202
-
203
- File.stub!(:open).and_return(pristine_file_lines)
204
-
205
- pristine_file = PristineFile.new("cbac.pristine")
206
-
207
- proc{
208
- pristine_file.parse
209
- }.should raise_error(SyntaxError)
210
- end
211
-
212
- it "should fill the lines array with an object for each file line" do
213
- pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
214
- pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
215
- pristine_file_lines.push("2:+:PrivilegeSet(log_out)ContextRole(logged_in_user)")
216
-
217
- File.stub!(:open).and_return(pristine_file_lines)
218
-
219
- pristine_file = PristineFile.new("cbac.pristine")
220
- pristine_file.parse
221
-
222
- pristine_file.permissions.length.should == pristine_file_lines.length
223
- end
224
-
225
- it "should not create an object for a comment line" do
226
- pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
227
- pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
228
- pristine_file_lines.push("#this is a Ruby comment line")
229
-
230
- File.stub!(:open).and_return(pristine_file_lines)
231
-
232
- pristine_file = PristineFile.new("cbac.pristine")
233
- pristine_file.parse
234
-
235
- pristine_file.permissions.length.should == 2
236
- end
237
-
238
- it "should also add a permission object if permission is revoked (operand - is used)" do
239
- pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
240
- pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
241
- pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(logged_in_user)")
242
-
243
- File.stub!(:open).and_return(pristine_file_lines)
244
-
245
- pristine_file = PristineFile.new("cbac.pristine")
246
- pristine_file.parse
247
-
248
- pristine_file.permissions.length.should == 3
249
- pristine_file.permissions[2].operation.should == '-'
250
- end
251
-
252
- it "should fail if a permission is revoked which wasn't added before" do
253
- pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
254
- pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
255
- pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(everybody)")
256
-
257
- File.stub!(:open).and_return(pristine_file_lines)
258
-
259
- pristine_file = PristineFile.new("cbac.pristine")
260
- proc{
261
- pristine_file.parse
262
- }.should raise_error(SyntaxError)
263
- end
264
-
265
- it "should fail if an x is used as an operand" do
266
- pristine_file_lines = ["0:x:PrivilegeSet(chat)ContextRole(logged_in_user)"]
267
- File.stub!(:open).and_return(pristine_file_lines)
268
-
269
- pristine_file = PristineFile.new("cbac.pristine")
270
- proc{
271
- pristine_file.parse
272
- }.should raise_error(NotImplementedError)
273
- end
274
-
275
- it "should fail if an => is used as an operand" do
276
- pristine_file_lines = ["0:=>:PrivilegeSet(chat)ContextRole(logged_in_user)"]
277
- File.stub!(:open).and_return(pristine_file_lines)
278
-
279
- pristine_file = PristineFile.new("cbac.pristine")
280
- proc{
281
- pristine_file.parse
282
- }.should raise_error(NotImplementedError)
283
- end
284
- end
285
-
286
- describe "permission set" do
287
- before(:each) do
288
- @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
289
- @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin],:name => "administrator")
290
- @pristine_file = PristineFile.new("cbac.pristine")
291
- end
292
-
293
- it "should filter out the permissions which were revoked" do
294
- permission_to_revoke = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
295
- @pristine_file.permissions.push(permission_to_revoke)
296
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => permission_to_revoke.privilege_set_name, :pristine_role => permission_to_revoke.pristine_role, :operation => '-'))
297
-
298
- @pristine_file.permission_set.should_not include(permission_to_revoke)
299
- end
300
-
301
- it "should not include the revoke permission itself" do
302
- revoke_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '-')
303
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => revoke_permission.privilege_set_name, :pristine_role => revoke_permission.pristine_role, :operation => '+'))
304
- @pristine_file.permissions.push(revoke_permission)
305
-
306
- @pristine_file.permission_set.should_not include(revoke_permission)
307
- end
308
-
309
- it "should contain the permission if it is re-applied" do
310
- re_applied_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
311
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '+'))
312
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '-'))
313
- @pristine_file.permissions.push(re_applied_permission)
314
-
315
- @pristine_file.permission_set.should include(re_applied_permission)
316
- end
317
-
318
- it "should raise an error if a permission is revoked which wasn't created before" do
319
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+'))
320
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "login", :pristine_role => @context_role, :operation => '+'))
321
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "blog_read", :pristine_role => @context_role, :operation => '-'))
322
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "update_blog", :pristine_role => @context_role, :operation => '+'))
323
-
324
- proc {
325
- @pristine_file.permission_set
326
- }.should raise_error(ArgumentError)
327
-
328
- end
329
- end
1
+ require 'spec'
2
+ require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
3
+ require 'cbac/cbac_pristine/pristine'
4
+ require 'cbac/cbac_pristine/pristine_permission'
5
+ require 'cbac/cbac_pristine/pristine_role'
6
+ require 'cbac/cbac_pristine/pristine_file'
7
+ include Cbac::CbacPristine
8
+
9
+ describe "CbacPristineFile" do
10
+ before(:each) do
11
+ @pristine_file = PristineFile.new("cbac.pristine")
12
+ end
13
+
14
+ describe "indicate if a line looks like a pristine line" do
15
+
16
+ it "should indicate that a ruby style comment line is not a pristine line" do
17
+ comment_line = "#this is a comment line in Ruby"
18
+
19
+ @pristine_file.is_pristine_permission_line?(comment_line, 1).should be_false
20
+ end
21
+
22
+ it "should raise an error if the line does not look like a pristine line" do
23
+ line = "this is not pristine line. And it isn't a comment. 1"
24
+
25
+ proc{
26
+ @pristine_file.is_pristine_permission_line?(line, 0)
27
+ }.should raise_error(SyntaxError)
28
+ end
29
+
30
+ it "should return true in case of a valid pristine line" do
31
+ line = "0:+:PrivilegeSet(login)ContextRole(everybody)"
32
+
33
+ @pristine_file.is_pristine_permission_line?(line, 0).should be_true
34
+ end
35
+
36
+ it "should fail if the id of the pristine line contains a character" do
37
+ line = "0b:+:PrivilegeSet(login)ContextRole(everybody)"
38
+
39
+ proc{
40
+ @pristine_file.is_pristine_permission_line?(line, 0)
41
+ }.should raise_error(SyntaxError)
42
+ end
43
+
44
+ it "should succeed if the privilege set name is not provided" do
45
+ line = "0:+:PrivilegeSet()Admin()"
46
+
47
+ @pristine_file.is_pristine_permission_line?(line, 0).should be_true
48
+ end
49
+
50
+ it "should succeed if the context role name is not provided" do
51
+ line = "0:+:PrivilegeSet(login)ContextRole()"
52
+
53
+ @pristine_file.is_pristine_permission_line?(line, 0).should be_true
54
+ end
55
+
56
+ end
57
+
58
+ describe "parse the privilege set name from a pristine line" do
59
+ it "should fail if the privilege set name is not provided" do
60
+ line = "0:+:PrivilegeSet()Admin()"
61
+
62
+ proc{
63
+ @pristine_file.parse_privilege_set_name(line, 0)
64
+ }.should raise_error(SyntaxError)
65
+ end
66
+
67
+ it "should return the name of the privilege set provided in the line" do
68
+ privilege_set_name = "chat"
69
+ line = "0:+:PrivilegeSet(#{privilege_set_name})Admin()"
70
+
71
+ @pristine_file.parse_privilege_set_name(line, 0).should == privilege_set_name
72
+ end
73
+
74
+ it "should fail if an invalid line is provided" do
75
+ line = "0:+:ContextRole(toeteraars)"
76
+
77
+ proc{
78
+ @pristine_file.parse_privilege_set_name(line, 0)
79
+ }.should raise_error(SyntaxError)
80
+ end
81
+ end
82
+
83
+ describe "parse the role from a pristine line" do
84
+ it "should return the admin role if the role is Admin()" do
85
+ admin_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:admin], :name => 'administrator')
86
+ PristineRole.stub!(:admin_role).and_return(admin_role)
87
+ line = "0:+:PrivilegeSet(chat)Admin()"
88
+
89
+ @pristine_file.parse_role(line, 0).should == admin_role
90
+ end
91
+
92
+ it "should return a context role if the role specified as ContextRole" do
93
+ line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
94
+
95
+ @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:context]
96
+ end
97
+
98
+ it "should return a context role with specified name if the role specified as ContextRole" do
99
+ context_role_name = "logged_in_user"
100
+ line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
101
+
102
+ @pristine_file.parse_role(line, 0).name.should == context_role_name
103
+ end
104
+
105
+ it "should return an existing context role with specified name if possible" do
106
+ context_role_name = "logged_in_user"
107
+ line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
108
+ existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
109
+
110
+ @pristine_file.parse_role(line, 0).should == existing_context_role
111
+ end
112
+
113
+ it "should not return an existing context role with specified name if db should not be used" do
114
+ context_role_name = "logged_in_user"
115
+ line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
116
+ existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
117
+
118
+ @pristine_file.parse_role(line, 0, false).should_not == existing_context_role
119
+ end
120
+
121
+ it "should return a context role with id of 0 if the role specified as ContextRole" do
122
+ line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
123
+
124
+ @pristine_file.parse_role(line, 0).role_id.should == 0
125
+ end
126
+
127
+ it "should fail if an invalid line is provided" do
128
+ line = "0:+:PrivilegeSet(toeteraars)"
129
+
130
+ proc{
131
+ @pristine_file.parse_role(line, 0)
132
+ }.should raise_error(SyntaxError)
133
+ end
134
+
135
+ it "should fail if a generic role is provided for the normal (non-generic) pristine file" do
136
+ line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
137
+
138
+ proc{
139
+ @pristine_file.parse_role(line, 0)
140
+ }.should raise_error(SyntaxError)
141
+ end
142
+
143
+
144
+ it "should return a generic role if a generic pristine file is used" do
145
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
146
+ line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
147
+
148
+ @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:generic]
149
+ end
150
+
151
+ it "should return an existing generic role if use_db is not specified" do
152
+ generic_role_name = 'group_admins'
153
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
154
+ line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
155
+ existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
156
+
157
+ @pristine_file.parse_role(line, 0).should == existing_role
158
+ end
159
+
160
+ it "should not use an existing role if use_db is set to false" do
161
+ generic_role_name = 'group_admins'
162
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
163
+ line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
164
+ existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
165
+
166
+ @pristine_file.parse_role(line, 0, false).should_not == existing_role
167
+ end
168
+
169
+ it "should fail if an Admin role is used in a generic pristine file" do
170
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
171
+ line = "0:+:PrivilegeSet(chat)Admin()"
172
+
173
+ proc{
174
+ @pristine_file.parse_role(line, 0)
175
+ }.should raise_error(SyntaxError)
176
+ end
177
+
178
+ it "should fail if an context role is used in a generic pristine file" do
179
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
180
+ line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
181
+
182
+ proc{
183
+ @pristine_file.parse_role(line, 0)
184
+ }.should raise_error(SyntaxError)
185
+ end
186
+
187
+ it "should fail if an invalid line is provided in a generic pristine file" do
188
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
189
+ line = "0:+:PrivilegeSet(toeteraars)"
190
+
191
+ proc{
192
+ @pristine_file.parse_role(line, 0)
193
+ }.should raise_error(SyntaxError)
194
+ end
195
+ end
196
+
197
+ describe "parsing a cbac_pristine file" do
198
+
199
+ it "should fail if a row number is used twice" do
200
+ pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
201
+ pristine_file_lines.push("0:+:PrivilegeSet(log_in)ContextRole(everybody)")
202
+
203
+ File.stub!(:open).and_return(pristine_file_lines)
204
+
205
+ pristine_file = PristineFile.new("cbac.pristine")
206
+
207
+ proc{
208
+ pristine_file.parse
209
+ }.should raise_error(SyntaxError)
210
+ end
211
+
212
+ it "should fill the lines array with an object for each file line" do
213
+ pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
214
+ pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
215
+ pristine_file_lines.push("2:+:PrivilegeSet(log_out)ContextRole(logged_in_user)")
216
+
217
+ File.stub!(:open).and_return(pristine_file_lines)
218
+
219
+ pristine_file = PristineFile.new("cbac.pristine")
220
+ pristine_file.parse
221
+
222
+ pristine_file.permissions.length.should == pristine_file_lines.length
223
+ end
224
+
225
+ it "should not create an object for a comment line" do
226
+ pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
227
+ pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
228
+ pristine_file_lines.push("#this is a Ruby comment line")
229
+
230
+ File.stub!(:open).and_return(pristine_file_lines)
231
+
232
+ pristine_file = PristineFile.new("cbac.pristine")
233
+ pristine_file.parse
234
+
235
+ pristine_file.permissions.length.should == 2
236
+ end
237
+
238
+ it "should also add a permission object if permission is revoked (operand - is used)" do
239
+ pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
240
+ pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
241
+ pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(logged_in_user)")
242
+
243
+ File.stub!(:open).and_return(pristine_file_lines)
244
+
245
+ pristine_file = PristineFile.new("cbac.pristine")
246
+ pristine_file.parse
247
+
248
+ pristine_file.permissions.length.should == 3
249
+ pristine_file.permissions[2].operation.should == '-'
250
+ end
251
+
252
+ it "should fail if a permission is revoked which wasn't added before" do
253
+ pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
254
+ pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
255
+ pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(everybody)")
256
+
257
+ File.stub!(:open).and_return(pristine_file_lines)
258
+
259
+ pristine_file = PristineFile.new("cbac.pristine")
260
+ proc{
261
+ pristine_file.parse
262
+ }.should raise_error(SyntaxError)
263
+ end
264
+
265
+ it "should fail if an x is used as an operand" do
266
+ pristine_file_lines = ["0:x:PrivilegeSet(chat)ContextRole(logged_in_user)"]
267
+ File.stub!(:open).and_return(pristine_file_lines)
268
+
269
+ pristine_file = PristineFile.new("cbac.pristine")
270
+ proc{
271
+ pristine_file.parse
272
+ }.should raise_error(NotImplementedError)
273
+ end
274
+
275
+ it "should fail if an => is used as an operand" do
276
+ pristine_file_lines = ["0:=>:PrivilegeSet(chat)ContextRole(logged_in_user)"]
277
+ File.stub!(:open).and_return(pristine_file_lines)
278
+
279
+ pristine_file = PristineFile.new("cbac.pristine")
280
+ proc{
281
+ pristine_file.parse
282
+ }.should raise_error(NotImplementedError)
283
+ end
284
+ end
285
+
286
+ describe "permission set" do
287
+ before(:each) do
288
+ @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
289
+ @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin],:name => "administrator")
290
+ @pristine_file = PristineFile.new("cbac.pristine")
291
+ end
292
+
293
+ it "should filter out the permissions which were revoked" do
294
+ permission_to_revoke = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
295
+ @pristine_file.permissions.push(permission_to_revoke)
296
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => permission_to_revoke.privilege_set_name, :pristine_role => permission_to_revoke.pristine_role, :operation => '-'))
297
+
298
+ @pristine_file.permission_set.should_not include(permission_to_revoke)
299
+ end
300
+
301
+ it "should not include the revoke permission itself" do
302
+ revoke_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '-')
303
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => revoke_permission.privilege_set_name, :pristine_role => revoke_permission.pristine_role, :operation => '+'))
304
+ @pristine_file.permissions.push(revoke_permission)
305
+
306
+ @pristine_file.permission_set.should_not include(revoke_permission)
307
+ end
308
+
309
+ it "should contain the permission if it is re-applied" do
310
+ re_applied_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
311
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '+'))
312
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '-'))
313
+ @pristine_file.permissions.push(re_applied_permission)
314
+
315
+ @pristine_file.permission_set.should include(re_applied_permission)
316
+ end
317
+
318
+ it "should raise an error if a permission is revoked which wasn't created before" do
319
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+'))
320
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "login", :pristine_role => @context_role, :operation => '+'))
321
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "blog_read", :pristine_role => @context_role, :operation => '-'))
322
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "update_blog", :pristine_role => @context_role, :operation => '+'))
323
+
324
+ proc {
325
+ @pristine_file.permission_set
326
+ }.should raise_error(ArgumentError)
327
+
328
+ end
329
+ end
330
330
  end