cbac 0.6.1 → 0.6.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (75) hide show
  1. data/Manifest +70 -74
  2. data/README.rdoc +51 -51
  3. data/Rakefile +39 -39
  4. data/cbac.gemspec +30 -31
  5. data/config/cbac/context_roles.rb +21 -21
  6. data/config/cbac/privileges.rb +50 -50
  7. data/context_roles.rb +21 -21
  8. data/init.rb +3 -3
  9. data/lib/cbac.rb +132 -132
  10. data/lib/cbac/cbac_pristine/pristine.rb +138 -135
  11. data/lib/cbac/cbac_pristine/pristine_file.rb +173 -170
  12. data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -194
  13. data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
  14. data/lib/cbac/config.rb +9 -9
  15. data/lib/cbac/context_role.rb +27 -27
  16. data/lib/cbac/generic_role.rb +5 -5
  17. data/lib/cbac/known_permission.rb +14 -14
  18. data/lib/cbac/membership.rb +3 -3
  19. data/lib/cbac/permission.rb +5 -5
  20. data/lib/cbac/privilege.rb +117 -117
  21. data/lib/cbac/privilege_new_api.rb +56 -56
  22. data/lib/cbac/privilege_set.rb +29 -29
  23. data/lib/cbac/privilege_set_record.rb +6 -6
  24. data/lib/cbac/setup.rb +37 -37
  25. data/lib/generators/cbac/USAGE +33 -33
  26. data/lib/generators/cbac/cbac_generator.rb +75 -75
  27. data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
  28. data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
  29. data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
  30. data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
  31. data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
  32. data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
  33. data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
  34. data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
  35. data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
  36. data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
  37. data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
  38. data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
  39. data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -31
  40. data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
  41. data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
  42. data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
  43. data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
  44. data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
  45. data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
  46. data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
  47. data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
  48. data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
  49. data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
  50. data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -0
  51. data/privileges.rb +50 -50
  52. data/spec/cbac_pristine_file_spec.rb +329 -329
  53. data/spec/cbac_pristine_permission_spec.rb +358 -358
  54. data/spec/cbac_pristine_role_spec.rb +85 -85
  55. data/spec/rcov.opts +1 -1
  56. data/spec/spec.opts +4 -4
  57. data/spec/spec_helper.rb +11 -11
  58. data/tasks/cbac.rake +345 -345
  59. data/test/fixtures/cbac_generic_roles.yml +9 -9
  60. data/test/fixtures/cbac_memberships.yml +8 -8
  61. data/test/fixtures/cbac_permissions.yml +14 -14
  62. data/test/fixtures/cbac_privilege_set.yml +18 -18
  63. data/test/test_cbac_actions.rb +71 -71
  64. data/test/test_cbac_authorize_context_roles.rb +39 -39
  65. data/test/test_cbac_authorize_generic_roles.rb +36 -36
  66. data/test/test_cbac_context_role.rb +50 -50
  67. data/test/test_cbac_privilege.rb +151 -151
  68. data/test/test_cbac_privilege_set.rb +50 -50
  69. data/test/test_helper.rb +28 -28
  70. metadata +14 -15
  71. data/nbproject/private/private.properties +0 -3
  72. data/nbproject/private/private.xml +0 -4
  73. data/nbproject/private/rake-d.txt +0 -0
  74. data/nbproject/project.properties +0 -9
  75. data/nbproject/project.xml +0 -16
@@ -1,330 +1,330 @@
1
- require 'spec'
2
- require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
3
- require 'cbac/cbac_pristine/pristine'
4
- require 'cbac/cbac_pristine/pristine_permission'
5
- require 'cbac/cbac_pristine/pristine_role'
6
- require 'cbac/cbac_pristine/pristine_file'
7
- include Cbac::CbacPristine
8
-
9
- describe "CbacPristineFile" do
10
- before(:each) do
11
- @pristine_file = PristineFile.new("cbac.pristine")
12
- end
13
-
14
- describe "indicate if a line looks like a pristine line" do
15
-
16
- it "should indicate that a ruby style comment line is not a pristine line" do
17
- comment_line = "#this is a comment line in Ruby"
18
-
19
- @pristine_file.is_pristine_permission_line?(comment_line, 1).should be_false
20
- end
21
-
22
- it "should raise an error if the line does not look like a pristine line" do
23
- line = "this is not pristine line. And it isn't a comment. 1"
24
-
25
- proc{
26
- @pristine_file.is_pristine_permission_line?(line, 0)
27
- }.should raise_error(SyntaxError)
28
- end
29
-
30
- it "should return true in case of a valid pristine line" do
31
- line = "0:+:PrivilegeSet(login)ContextRole(everybody)"
32
-
33
- @pristine_file.is_pristine_permission_line?(line, 0).should be_true
34
- end
35
-
36
- it "should fail if the id of the pristine line contains a character" do
37
- line = "0b:+:PrivilegeSet(login)ContextRole(everybody)"
38
-
39
- proc{
40
- @pristine_file.is_pristine_permission_line?(line, 0)
41
- }.should raise_error(SyntaxError)
42
- end
43
-
44
- it "should succeed if the privilege set name is not provided" do
45
- line = "0:+:PrivilegeSet()Admin()"
46
-
47
- @pristine_file.is_pristine_permission_line?(line, 0).should be_true
48
- end
49
-
50
- it "should succeed if the context role name is not provided" do
51
- line = "0:+:PrivilegeSet(login)ContextRole()"
52
-
53
- @pristine_file.is_pristine_permission_line?(line, 0).should be_true
54
- end
55
-
56
- end
57
-
58
- describe "parse the privilege set name from a pristine line" do
59
- it "should fail if the privilege set name is not provided" do
60
- line = "0:+:PrivilegeSet()Admin()"
61
-
62
- proc{
63
- @pristine_file.parse_privilege_set_name(line, 0)
64
- }.should raise_error(SyntaxError)
65
- end
66
-
67
- it "should return the name of the privilege set provided in the line" do
68
- privilege_set_name = "chat"
69
- line = "0:+:PrivilegeSet(#{privilege_set_name})Admin()"
70
-
71
- @pristine_file.parse_privilege_set_name(line, 0).should == privilege_set_name
72
- end
73
-
74
- it "should fail if an invalid line is provided" do
75
- line = "0:+:ContextRole(toeteraars)"
76
-
77
- proc{
78
- @pristine_file.parse_privilege_set_name(line, 0)
79
- }.should raise_error(SyntaxError)
80
- end
81
- end
82
-
83
- describe "parse the role from a pristine line" do
84
- it "should return the admin role if the role is Admin()" do
85
- admin_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:admin], :name => 'administrator')
86
- PristineRole.stub!(:admin_role).and_return(admin_role)
87
- line = "0:+:PrivilegeSet(chat)Admin()"
88
-
89
- @pristine_file.parse_role(line, 0).should == admin_role
90
- end
91
-
92
- it "should return a context role if the role specified as ContextRole" do
93
- line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
94
-
95
- @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:context]
96
- end
97
-
98
- it "should return a context role with specified name if the role specified as ContextRole" do
99
- context_role_name = "logged_in_user"
100
- line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
101
-
102
- @pristine_file.parse_role(line, 0).name.should == context_role_name
103
- end
104
-
105
- it "should return an existing context role with specified name if possible" do
106
- context_role_name = "logged_in_user"
107
- line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
108
- existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
109
-
110
- @pristine_file.parse_role(line, 0).should == existing_context_role
111
- end
112
-
113
- it "should not return an existing context role with specified name if db should not be used" do
114
- context_role_name = "logged_in_user"
115
- line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
116
- existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
117
-
118
- @pristine_file.parse_role(line, 0, false).should_not == existing_context_role
119
- end
120
-
121
- it "should return a context role with id of 0 if the role specified as ContextRole" do
122
- line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
123
-
124
- @pristine_file.parse_role(line, 0).role_id.should == 0
125
- end
126
-
127
- it "should fail if an invalid line is provided" do
128
- line = "0:+:PrivilegeSet(toeteraars)"
129
-
130
- proc{
131
- @pristine_file.parse_role(line, 0)
132
- }.should raise_error(SyntaxError)
133
- end
134
-
135
- it "should fail if a generic role is provided for the normal (non-generic) pristine file" do
136
- line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
137
-
138
- proc{
139
- @pristine_file.parse_role(line, 0)
140
- }.should raise_error(SyntaxError)
141
- end
142
-
143
-
144
- it "should return a generic role if a generic pristine file is used" do
145
- @pristine_file = GenericPristineFile.new("cbac.pristine")
146
- line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
147
-
148
- @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:generic]
149
- end
150
-
151
- it "should return an existing generic role if use_db is not specified" do
152
- generic_role_name = 'group_admins'
153
- @pristine_file = GenericPristineFile.new("cbac.pristine")
154
- line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
155
- existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
156
-
157
- @pristine_file.parse_role(line, 0).should == existing_role
158
- end
159
-
160
- it "should not use an existing role if use_db is set to false" do
161
- generic_role_name = 'group_admins'
162
- @pristine_file = GenericPristineFile.new("cbac.pristine")
163
- line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
164
- existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
165
-
166
- @pristine_file.parse_role(line, 0, false).should_not == existing_role
167
- end
168
-
169
- it "should fail if an Admin role is used in a generic pristine file" do
170
- @pristine_file = GenericPristineFile.new("cbac.pristine")
171
- line = "0:+:PrivilegeSet(chat)Admin()"
172
-
173
- proc{
174
- @pristine_file.parse_role(line, 0)
175
- }.should raise_error(SyntaxError)
176
- end
177
-
178
- it "should fail if an context role is used in a generic pristine file" do
179
- @pristine_file = GenericPristineFile.new("cbac.pristine")
180
- line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
181
-
182
- proc{
183
- @pristine_file.parse_role(line, 0)
184
- }.should raise_error(SyntaxError)
185
- end
186
-
187
- it "should fail if an invalid line is provided in a generic pristine file" do
188
- @pristine_file = GenericPristineFile.new("cbac.pristine")
189
- line = "0:+:PrivilegeSet(toeteraars)"
190
-
191
- proc{
192
- @pristine_file.parse_role(line, 0)
193
- }.should raise_error(SyntaxError)
194
- end
195
- end
196
-
197
- describe "parsing a cbac_pristine file" do
198
-
199
- it "should fail if a row number is used twice" do
200
- pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
201
- pristine_file_lines.push("0:+:PrivilegeSet(log_in)ContextRole(everybody)")
202
-
203
- File.stub!(:open).and_return(pristine_file_lines)
204
-
205
- pristine_file = PristineFile.new("cbac.pristine")
206
-
207
- proc{
208
- pristine_file.parse
209
- }.should raise_error(SyntaxError)
210
- end
211
-
212
- it "should fill the lines array with an object for each file line" do
213
- pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
214
- pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
215
- pristine_file_lines.push("2:+:PrivilegeSet(log_out)ContextRole(logged_in_user)")
216
-
217
- File.stub!(:open).and_return(pristine_file_lines)
218
-
219
- pristine_file = PristineFile.new("cbac.pristine")
220
- pristine_file.parse
221
-
222
- pristine_file.permissions.length.should == pristine_file_lines.length
223
- end
224
-
225
- it "should not create an object for a comment line" do
226
- pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
227
- pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
228
- pristine_file_lines.push("#this is a Ruby comment line")
229
-
230
- File.stub!(:open).and_return(pristine_file_lines)
231
-
232
- pristine_file = PristineFile.new("cbac.pristine")
233
- pristine_file.parse
234
-
235
- pristine_file.permissions.length.should == 2
236
- end
237
-
238
- it "should also add a permission object if permission is revoked (operand - is used)" do
239
- pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
240
- pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
241
- pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(logged_in_user)")
242
-
243
- File.stub!(:open).and_return(pristine_file_lines)
244
-
245
- pristine_file = PristineFile.new("cbac.pristine")
246
- pristine_file.parse
247
-
248
- pristine_file.permissions.length.should == 3
249
- pristine_file.permissions[2].operation.should == '-'
250
- end
251
-
252
- it "should fail if a permission is revoked which wasn't added before" do
253
- pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
254
- pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
255
- pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(everybody)")
256
-
257
- File.stub!(:open).and_return(pristine_file_lines)
258
-
259
- pristine_file = PristineFile.new("cbac.pristine")
260
- proc{
261
- pristine_file.parse
262
- }.should raise_error(SyntaxError)
263
- end
264
-
265
- it "should fail if an x is used as an operand" do
266
- pristine_file_lines = ["0:x:PrivilegeSet(chat)ContextRole(logged_in_user)"]
267
- File.stub!(:open).and_return(pristine_file_lines)
268
-
269
- pristine_file = PristineFile.new("cbac.pristine")
270
- proc{
271
- pristine_file.parse
272
- }.should raise_error(NotImplementedError)
273
- end
274
-
275
- it "should fail if an => is used as an operand" do
276
- pristine_file_lines = ["0:=>:PrivilegeSet(chat)ContextRole(logged_in_user)"]
277
- File.stub!(:open).and_return(pristine_file_lines)
278
-
279
- pristine_file = PristineFile.new("cbac.pristine")
280
- proc{
281
- pristine_file.parse
282
- }.should raise_error(NotImplementedError)
283
- end
284
- end
285
-
286
- describe "permission set" do
287
- before(:each) do
288
- @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
289
- @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin],:name => "administrator")
290
- @pristine_file = PristineFile.new("cbac.pristine")
291
- end
292
-
293
- it "should filter out the permissions which were revoked" do
294
- permission_to_revoke = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
295
- @pristine_file.permissions.push(permission_to_revoke)
296
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => permission_to_revoke.privilege_set_name, :pristine_role => permission_to_revoke.pristine_role, :operation => '-'))
297
-
298
- @pristine_file.permission_set.should_not include(permission_to_revoke)
299
- end
300
-
301
- it "should not include the revoke permission itself" do
302
- revoke_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '-')
303
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => revoke_permission.privilege_set_name, :pristine_role => revoke_permission.pristine_role, :operation => '+'))
304
- @pristine_file.permissions.push(revoke_permission)
305
-
306
- @pristine_file.permission_set.should_not include(revoke_permission)
307
- end
308
-
309
- it "should contain the permission if it is re-applied" do
310
- re_applied_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
311
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '+'))
312
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '-'))
313
- @pristine_file.permissions.push(re_applied_permission)
314
-
315
- @pristine_file.permission_set.should include(re_applied_permission)
316
- end
317
-
318
- it "should raise an error if a permission is revoked which wasn't created before" do
319
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+'))
320
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "login", :pristine_role => @context_role, :operation => '+'))
321
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "blog_read", :pristine_role => @context_role, :operation => '-'))
322
- @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "update_blog", :pristine_role => @context_role, :operation => '+'))
323
-
324
- proc {
325
- @pristine_file.permission_set
326
- }.should raise_error(ArgumentError)
327
-
328
- end
329
- end
1
+ require 'spec'
2
+ require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
3
+ require 'cbac/cbac_pristine/pristine'
4
+ require 'cbac/cbac_pristine/pristine_permission'
5
+ require 'cbac/cbac_pristine/pristine_role'
6
+ require 'cbac/cbac_pristine/pristine_file'
7
+ include Cbac::CbacPristine
8
+
9
+ describe "CbacPristineFile" do
10
+ before(:each) do
11
+ @pristine_file = PristineFile.new("cbac.pristine")
12
+ end
13
+
14
+ describe "indicate if a line looks like a pristine line" do
15
+
16
+ it "should indicate that a ruby style comment line is not a pristine line" do
17
+ comment_line = "#this is a comment line in Ruby"
18
+
19
+ @pristine_file.is_pristine_permission_line?(comment_line, 1).should be_false
20
+ end
21
+
22
+ it "should raise an error if the line does not look like a pristine line" do
23
+ line = "this is not pristine line. And it isn't a comment. 1"
24
+
25
+ proc{
26
+ @pristine_file.is_pristine_permission_line?(line, 0)
27
+ }.should raise_error(SyntaxError)
28
+ end
29
+
30
+ it "should return true in case of a valid pristine line" do
31
+ line = "0:+:PrivilegeSet(login)ContextRole(everybody)"
32
+
33
+ @pristine_file.is_pristine_permission_line?(line, 0).should be_true
34
+ end
35
+
36
+ it "should fail if the id of the pristine line contains a character" do
37
+ line = "0b:+:PrivilegeSet(login)ContextRole(everybody)"
38
+
39
+ proc{
40
+ @pristine_file.is_pristine_permission_line?(line, 0)
41
+ }.should raise_error(SyntaxError)
42
+ end
43
+
44
+ it "should succeed if the privilege set name is not provided" do
45
+ line = "0:+:PrivilegeSet()Admin()"
46
+
47
+ @pristine_file.is_pristine_permission_line?(line, 0).should be_true
48
+ end
49
+
50
+ it "should succeed if the context role name is not provided" do
51
+ line = "0:+:PrivilegeSet(login)ContextRole()"
52
+
53
+ @pristine_file.is_pristine_permission_line?(line, 0).should be_true
54
+ end
55
+
56
+ end
57
+
58
+ describe "parse the privilege set name from a pristine line" do
59
+ it "should fail if the privilege set name is not provided" do
60
+ line = "0:+:PrivilegeSet()Admin()"
61
+
62
+ proc{
63
+ @pristine_file.parse_privilege_set_name(line, 0)
64
+ }.should raise_error(SyntaxError)
65
+ end
66
+
67
+ it "should return the name of the privilege set provided in the line" do
68
+ privilege_set_name = "chat"
69
+ line = "0:+:PrivilegeSet(#{privilege_set_name})Admin()"
70
+
71
+ @pristine_file.parse_privilege_set_name(line, 0).should == privilege_set_name
72
+ end
73
+
74
+ it "should fail if an invalid line is provided" do
75
+ line = "0:+:ContextRole(toeteraars)"
76
+
77
+ proc{
78
+ @pristine_file.parse_privilege_set_name(line, 0)
79
+ }.should raise_error(SyntaxError)
80
+ end
81
+ end
82
+
83
+ describe "parse the role from a pristine line" do
84
+ it "should return the admin role if the role is Admin()" do
85
+ admin_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:admin], :name => 'administrator')
86
+ PristineRole.stub!(:admin_role).and_return(admin_role)
87
+ line = "0:+:PrivilegeSet(chat)Admin()"
88
+
89
+ @pristine_file.parse_role(line, 0).should == admin_role
90
+ end
91
+
92
+ it "should return a context role if the role specified as ContextRole" do
93
+ line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
94
+
95
+ @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:context]
96
+ end
97
+
98
+ it "should return a context role with specified name if the role specified as ContextRole" do
99
+ context_role_name = "logged_in_user"
100
+ line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
101
+
102
+ @pristine_file.parse_role(line, 0).name.should == context_role_name
103
+ end
104
+
105
+ it "should return an existing context role with specified name if possible" do
106
+ context_role_name = "logged_in_user"
107
+ line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
108
+ existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
109
+
110
+ @pristine_file.parse_role(line, 0).should == existing_context_role
111
+ end
112
+
113
+ it "should not return an existing context role with specified name if db should not be used" do
114
+ context_role_name = "logged_in_user"
115
+ line = "0:+:PrivilegeSet(chat)ContextRole(#{context_role_name})"
116
+ existing_context_role = PristineRole.create(:name => context_role_name, :role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context])
117
+
118
+ @pristine_file.parse_role(line, 0, false).should_not == existing_context_role
119
+ end
120
+
121
+ it "should return a context role with id of 0 if the role specified as ContextRole" do
122
+ line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
123
+
124
+ @pristine_file.parse_role(line, 0).role_id.should == 0
125
+ end
126
+
127
+ it "should fail if an invalid line is provided" do
128
+ line = "0:+:PrivilegeSet(toeteraars)"
129
+
130
+ proc{
131
+ @pristine_file.parse_role(line, 0)
132
+ }.should raise_error(SyntaxError)
133
+ end
134
+
135
+ it "should fail if a generic role is provided for the normal (non-generic) pristine file" do
136
+ line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
137
+
138
+ proc{
139
+ @pristine_file.parse_role(line, 0)
140
+ }.should raise_error(SyntaxError)
141
+ end
142
+
143
+
144
+ it "should return a generic role if a generic pristine file is used" do
145
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
146
+ line = "0:+:PrivilegeSet(chat)GenericRole(group_admins)"
147
+
148
+ @pristine_file.parse_role(line, 0).role_type.should == PristineRole.ROLE_TYPES[:generic]
149
+ end
150
+
151
+ it "should return an existing generic role if use_db is not specified" do
152
+ generic_role_name = 'group_admins'
153
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
154
+ line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
155
+ existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
156
+
157
+ @pristine_file.parse_role(line, 0).should == existing_role
158
+ end
159
+
160
+ it "should not use an existing role if use_db is set to false" do
161
+ generic_role_name = 'group_admins'
162
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
163
+ line = "0:+:PrivilegeSet(chat)GenericRole(#{generic_role_name})"
164
+ existing_role = PristineRole.create(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => generic_role_name)
165
+
166
+ @pristine_file.parse_role(line, 0, false).should_not == existing_role
167
+ end
168
+
169
+ it "should fail if an Admin role is used in a generic pristine file" do
170
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
171
+ line = "0:+:PrivilegeSet(chat)Admin()"
172
+
173
+ proc{
174
+ @pristine_file.parse_role(line, 0)
175
+ }.should raise_error(SyntaxError)
176
+ end
177
+
178
+ it "should fail if an context role is used in a generic pristine file" do
179
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
180
+ line = "0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"
181
+
182
+ proc{
183
+ @pristine_file.parse_role(line, 0)
184
+ }.should raise_error(SyntaxError)
185
+ end
186
+
187
+ it "should fail if an invalid line is provided in a generic pristine file" do
188
+ @pristine_file = GenericPristineFile.new("cbac.pristine")
189
+ line = "0:+:PrivilegeSet(toeteraars)"
190
+
191
+ proc{
192
+ @pristine_file.parse_role(line, 0)
193
+ }.should raise_error(SyntaxError)
194
+ end
195
+ end
196
+
197
+ describe "parsing a cbac_pristine file" do
198
+
199
+ it "should fail if a row number is used twice" do
200
+ pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
201
+ pristine_file_lines.push("0:+:PrivilegeSet(log_in)ContextRole(everybody)")
202
+
203
+ File.stub!(:open).and_return(pristine_file_lines)
204
+
205
+ pristine_file = PristineFile.new("cbac.pristine")
206
+
207
+ proc{
208
+ pristine_file.parse
209
+ }.should raise_error(SyntaxError)
210
+ end
211
+
212
+ it "should fill the lines array with an object for each file line" do
213
+ pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
214
+ pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
215
+ pristine_file_lines.push("2:+:PrivilegeSet(log_out)ContextRole(logged_in_user)")
216
+
217
+ File.stub!(:open).and_return(pristine_file_lines)
218
+
219
+ pristine_file = PristineFile.new("cbac.pristine")
220
+ pristine_file.parse
221
+
222
+ pristine_file.permissions.length.should == pristine_file_lines.length
223
+ end
224
+
225
+ it "should not create an object for a comment line" do
226
+ pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
227
+ pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
228
+ pristine_file_lines.push("#this is a Ruby comment line")
229
+
230
+ File.stub!(:open).and_return(pristine_file_lines)
231
+
232
+ pristine_file = PristineFile.new("cbac.pristine")
233
+ pristine_file.parse
234
+
235
+ pristine_file.permissions.length.should == 2
236
+ end
237
+
238
+ it "should also add a permission object if permission is revoked (operand - is used)" do
239
+ pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
240
+ pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
241
+ pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(logged_in_user)")
242
+
243
+ File.stub!(:open).and_return(pristine_file_lines)
244
+
245
+ pristine_file = PristineFile.new("cbac.pristine")
246
+ pristine_file.parse
247
+
248
+ pristine_file.permissions.length.should == 3
249
+ pristine_file.permissions[2].operation.should == '-'
250
+ end
251
+
252
+ it "should fail if a permission is revoked which wasn't added before" do
253
+ pristine_file_lines = ["0:+:PrivilegeSet(chat)ContextRole(logged_in_user)"]
254
+ pristine_file_lines.push("1:+:PrivilegeSet(log_in)ContextRole(everybody)")
255
+ pristine_file_lines.push("2:-:PrivilegeSet(chat)ContextRole(everybody)")
256
+
257
+ File.stub!(:open).and_return(pristine_file_lines)
258
+
259
+ pristine_file = PristineFile.new("cbac.pristine")
260
+ proc{
261
+ pristine_file.parse
262
+ }.should raise_error(SyntaxError)
263
+ end
264
+
265
+ it "should fail if an x is used as an operand" do
266
+ pristine_file_lines = ["0:x:PrivilegeSet(chat)ContextRole(logged_in_user)"]
267
+ File.stub!(:open).and_return(pristine_file_lines)
268
+
269
+ pristine_file = PristineFile.new("cbac.pristine")
270
+ proc{
271
+ pristine_file.parse
272
+ }.should raise_error(NotImplementedError)
273
+ end
274
+
275
+ it "should fail if an => is used as an operand" do
276
+ pristine_file_lines = ["0:=>:PrivilegeSet(chat)ContextRole(logged_in_user)"]
277
+ File.stub!(:open).and_return(pristine_file_lines)
278
+
279
+ pristine_file = PristineFile.new("cbac.pristine")
280
+ proc{
281
+ pristine_file.parse
282
+ }.should raise_error(NotImplementedError)
283
+ end
284
+ end
285
+
286
+ describe "permission set" do
287
+ before(:each) do
288
+ @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
289
+ @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin],:name => "administrator")
290
+ @pristine_file = PristineFile.new("cbac.pristine")
291
+ end
292
+
293
+ it "should filter out the permissions which were revoked" do
294
+ permission_to_revoke = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
295
+ @pristine_file.permissions.push(permission_to_revoke)
296
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => permission_to_revoke.privilege_set_name, :pristine_role => permission_to_revoke.pristine_role, :operation => '-'))
297
+
298
+ @pristine_file.permission_set.should_not include(permission_to_revoke)
299
+ end
300
+
301
+ it "should not include the revoke permission itself" do
302
+ revoke_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '-')
303
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => revoke_permission.privilege_set_name, :pristine_role => revoke_permission.pristine_role, :operation => '+'))
304
+ @pristine_file.permissions.push(revoke_permission)
305
+
306
+ @pristine_file.permission_set.should_not include(revoke_permission)
307
+ end
308
+
309
+ it "should contain the permission if it is re-applied" do
310
+ re_applied_permission = PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+')
311
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '+'))
312
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => re_applied_permission.privilege_set_name, :pristine_role => re_applied_permission.pristine_role, :operation => '-'))
313
+ @pristine_file.permissions.push(re_applied_permission)
314
+
315
+ @pristine_file.permission_set.should include(re_applied_permission)
316
+ end
317
+
318
+ it "should raise an error if a permission is revoked which wasn't created before" do
319
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "chat", :pristine_role => @context_role, :operation => '+'))
320
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "login", :pristine_role => @context_role, :operation => '+'))
321
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "blog_read", :pristine_role => @context_role, :operation => '-'))
322
+ @pristine_file.permissions.push(PristinePermission.new(:privilege_set_name => "update_blog", :pristine_role => @context_role, :operation => '+'))
323
+
324
+ proc {
325
+ @pristine_file.permission_set
326
+ }.should raise_error(ArgumentError)
327
+
328
+ end
329
+ end
330
330
  end