cbac 0.6.2 → 0.6.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (71) hide show
  1. data/Manifest +71 -70
  2. data/README.rdoc +51 -51
  3. data/Rakefile +39 -39
  4. data/cbac.gemspec +30 -30
  5. data/config/cbac/context_roles.rb +21 -21
  6. data/config/cbac/privileges.rb +50 -50
  7. data/context_roles.rb +21 -21
  8. data/init.rb +3 -3
  9. data/lib/cbac.rb +132 -132
  10. data/lib/cbac/cbac_pristine/pristine.rb +138 -138
  11. data/lib/cbac/cbac_pristine/pristine_file.rb +179 -173
  12. data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -205
  13. data/lib/cbac/cbac_pristine/pristine_role.rb +43 -42
  14. data/lib/cbac/config.rb +9 -9
  15. data/lib/cbac/context_role.rb +27 -27
  16. data/lib/cbac/generic_role.rb +7 -6
  17. data/lib/cbac/known_permission.rb +15 -14
  18. data/lib/cbac/membership.rb +3 -3
  19. data/lib/cbac/permission.rb +5 -5
  20. data/lib/cbac/privilege.rb +117 -117
  21. data/lib/cbac/privilege_new_api.rb +56 -56
  22. data/lib/cbac/privilege_set.rb +29 -29
  23. data/lib/cbac/privilege_set_record.rb +6 -6
  24. data/lib/cbac/setup.rb +37 -37
  25. data/lib/generators/cbac/USAGE +33 -33
  26. data/lib/generators/cbac/cbac_generator.rb +75 -75
  27. data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
  28. data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
  29. data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
  30. data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
  31. data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
  32. data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
  33. data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
  34. data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
  35. data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
  36. data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
  37. data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
  38. data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
  39. data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -40
  40. data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
  41. data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
  42. data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
  43. data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
  44. data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
  45. data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
  46. data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
  47. data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
  48. data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
  49. data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
  50. data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -16
  51. data/privileges.rb +50 -50
  52. data/spec/cbac_pristine_file_spec.rb +329 -329
  53. data/spec/cbac_pristine_permission_spec.rb +358 -358
  54. data/spec/cbac_pristine_role_spec.rb +85 -85
  55. data/spec/rcov.opts +1 -1
  56. data/spec/spec.opts +4 -4
  57. data/spec/spec_helper.rb +11 -11
  58. data/tasks/cbac.rake +345 -345
  59. data/test/db/test.sqlite3 +0 -0
  60. data/test/fixtures/cbac_generic_roles.yml +9 -9
  61. data/test/fixtures/cbac_memberships.yml +8 -8
  62. data/test/fixtures/cbac_permissions.yml +14 -14
  63. data/test/fixtures/cbac_privilege_set.yml +18 -18
  64. data/test/test_cbac_actions.rb +71 -71
  65. data/test/test_cbac_authorize_context_roles.rb +39 -39
  66. data/test/test_cbac_authorize_generic_roles.rb +36 -36
  67. data/test/test_cbac_context_role.rb +50 -50
  68. data/test/test_cbac_privilege.rb +151 -151
  69. data/test/test_cbac_privilege_set.rb +50 -50
  70. data/test/test_helper.rb +28 -28
  71. metadata +33 -49
@@ -1,358 +1,358 @@
1
-
2
- require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
3
- require 'spec'
4
- require '../lib/cbac/cbac_pristine/pristine'
5
- require '../lib/cbac/cbac_pristine/pristine_role'
6
- require '../lib/cbac/cbac_pristine/pristine_permission'
7
-
8
- include Cbac::CbacPristine
9
-
10
- describe "CbacPristinePermission" do
11
-
12
-
13
- describe "convert pristine line to a yml fixture" do
14
- before(:each) do
15
- @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
16
- @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
17
- end
18
-
19
-
20
- it "should raise an error if the pristine line has no role" do
21
- pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => 'log_in', :pristine_role => nil)
22
- lambda{
23
- pristine_permission.to_yml_fixture
24
- }.should raise_error(ArgumentError)
25
- end
26
-
27
- it "should raise an error if the pristine line has no privilege_set_name" do
28
- pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "", :pristine_role => @context_role)
29
- lambda{
30
- pristine_permission.to_yml_fixture
31
- }.should raise_error(ArgumentError)
32
- end
33
-
34
- it "should return a yml string starting with cbac_permission_ " do
35
- pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "chat", :pristine_role => @context_role)
36
-
37
- pristine_permission.to_yml_fixture.should match(/\Acbac_permission_/)
38
- end
39
-
40
- it "should return a yml string containing the line number of the pristine line" do
41
- line_number= 100
42
- pristine_permission = PristinePermission.new(:line_number => line_number, :privilege_set_name => "chat", :pristine_role => @context_role)
43
-
44
- pristine_permission.to_yml_fixture.should match(/id: #{line_number}/)
45
- end
46
-
47
- it "should return a yml string containing a generic role id of 0 if a context_role is used" do
48
- pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
49
-
50
- pristine_permission.to_yml_fixture.should match(/generic_role_id: 0/)
51
- end
52
-
53
- it "should return a yml string containing the name of the context role if a context_role is used" do
54
- pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
55
-
56
- pristine_permission.to_yml_fixture.should match(/context_role: #{@context_role.name}/)
57
- end
58
-
59
- it "should return a yml string containing the id of the generic role if a generic role is used" do
60
- pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @admin_role)
61
-
62
- pristine_permission.to_yml_fixture.should match(/generic_role_id: #{@admin_role.id.to_s}/)
63
- end
64
-
65
- it "should return a yml string containing ruby code to find the privilege set by name" do
66
- pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
67
-
68
- pristine_permission.to_yml_fixture.should match(/privilege_set_id: \<%= Cbac::PrivilegeSetRecord.find\(:first, :conditions => \{:name => '#{pristine_permission.privilege_set_name}'\}\)\.id %>/)
69
- end
70
-
71
- it "should return a yml string containing created_at and updated_at" do
72
- pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "chat", :pristine_role => @context_role)
73
- pristine_permission.to_yml_fixture.should match(/created_at:.+updated_at:/m)
74
- end
75
- end
76
-
77
- describe "check if this pristine permission exists" do
78
- before(:each) do
79
- @privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
80
- @admin_role = Cbac::GenericRole.create(:name => "administrator")
81
-
82
- @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
83
- @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => @admin_role.name)
84
- end
85
-
86
- it "should return true if the pristine permission exists as generic cbac permission in the database" do
87
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => @admin_role.id)
88
-
89
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
90
-
91
- pristine_permission.cbac_permission_exists?.should be_true
92
- end
93
-
94
- it "should return true if the pristine permission exists as context cbac permission in the database" do
95
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
96
-
97
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
98
-
99
- pristine_permission.cbac_permission_exists?.should be_true
100
- end
101
-
102
- it "should return false if the pristine permission does not exist as context cbac permission in the database" do
103
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
104
-
105
- pristine_permission.cbac_permission_exists?.should be_false
106
- end
107
-
108
- it "should return false if the pristine permission does not exist as a generic cbac permission in the database" do
109
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
110
-
111
- pristine_permission.cbac_permission_exists?.should be_false
112
- end
113
-
114
- it "should return false if a similar pristine permission exist as a generic cbac permission in the database, but for another generic role" do
115
- group_admin = Cbac::GenericRole.create(:name => "group_administrator")
116
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => group_admin.id)
117
-
118
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
119
-
120
- pristine_permission.cbac_permission_exists?.should be_false
121
- end
122
-
123
- it "should return false if a similar pristine permission exist as a context cbac permission in the database, but for another context role" do
124
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => "group_owner")
125
-
126
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
127
-
128
- pristine_permission.cbac_permission_exists?.should be_false
129
- end
130
- end
131
-
132
- describe "check if a known permission exists for this pristine permission" do
133
- before(:each) do
134
-
135
- @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
136
- @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
137
- end
138
-
139
- it "should return true if the pristine permission exists as a known permission in the database" do
140
- pristine_permission = PristinePermission.new(:pristine_role => @pristine_admin_role, :line_number => 4, :privilege_set_name => "not relevant")
141
-
142
- Cbac::KnownPermission.create(:permission_number => pristine_permission.line_number, :permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:context])
143
-
144
- pristine_permission.known_permission_exists?.should be_true
145
- end
146
- end
147
-
148
- describe "apply the permission" do
149
- before(:each) do
150
- @privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
151
- @admin_role = Cbac::GenericRole.create(:name => "administrator")
152
-
153
- @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
154
- @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => @admin_role.name)
155
- end
156
-
157
-
158
- it "should add the context permission to the database if operation + is used" do
159
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
160
- pristine_permission.operation = '+'
161
-
162
- proc {
163
- pristine_permission.accept
164
- }.should change(Cbac::Permission, :count).by(1)
165
- end
166
-
167
- it "should create a generic permission if operation + is used" do
168
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
169
- pristine_permission.operation = '+'
170
-
171
- proc {
172
- pristine_permission.accept
173
- }.should change(Cbac::Permission, :count).by(1)
174
- end
175
-
176
- it "should delete the pristine permission since it was accepted" do
177
- pristine_permission = PristinePermission.create(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role, :operation => '+')
178
-
179
- proc {
180
- pristine_permission.accept
181
- }.should change(PristinePermission, :count).by(-1)
182
- end
183
-
184
- it "should create a generic role if it doesn't exist in yet" do
185
- cbac_privilege_set = Cbac::PrivilegeSetRecord.create(:name => "cbac_administration")
186
-
187
- cbac_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => "cbac_administrator")
188
- pristine_permission = PristinePermission.new(:privilege_set_name => cbac_privilege_set.name, :pristine_role => cbac_admin_role)
189
- pristine_permission.operation = '+'
190
-
191
- proc {
192
- pristine_permission.accept
193
- }.should change(Cbac::GenericRole, :count).by(1)
194
- end
195
-
196
- it "should use an existing role if possible" do
197
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
198
- pristine_permission.operation = '+'
199
-
200
- pristine_permission.accept
201
- # test smell: depends on a clean database
202
- cbac_permission = Cbac::Permission.first
203
-
204
- cbac_permission.generic_role.should == @admin_role
205
- end
206
-
207
- it "should remove an existing permission if operation - is used" do
208
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
209
-
210
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
211
- pristine_permission.operation = '-'
212
-
213
- proc {
214
- pristine_permission.accept
215
- }.should change(Cbac::Permission, :count).by(-1)
216
- end
217
-
218
- it "should raise an error if operation - is used and the permission does not exist" do
219
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
220
- pristine_permission.operation = '-'
221
-
222
- proc {
223
- pristine_permission.accept
224
- }.should raise_error(ArgumentError)
225
- end
226
-
227
- it "should create a known permission to record a change" do
228
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
229
- pristine_permission.operation = '+'
230
-
231
- proc {
232
- pristine_permission.accept
233
- }.should change(Cbac::KnownPermission, :count).by(1)
234
- end
235
-
236
- it "should create a known permission with specified permission identifier" do
237
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
238
- pristine_permission.operation = '+'
239
-
240
- pristine_permission.accept
241
-
242
- known_permission = Cbac::KnownPermission.last
243
-
244
- known_permission.permission_number.should == pristine_permission.line_number
245
- end
246
-
247
- it "should create a known permission with specified role type" do
248
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
249
- pristine_permission.operation = '+'
250
-
251
- pristine_permission.accept
252
-
253
- known_permission = Cbac::KnownPermission.last
254
-
255
- known_permission.permission_type.should == Cbac::KnownPermission.PERMISSION_TYPES[:context]
256
- end
257
-
258
- it "should also create a known permission if operation - is used to revoke a permission" do
259
- Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
260
-
261
- pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
262
- pristine_permission.operation = '-'
263
-
264
- proc {
265
- pristine_permission.accept
266
- }.should change(Cbac::KnownPermission, :count).by(1)
267
- end
268
- end
269
-
270
- describe "stage the permission so it can be applied" do
271
- before(:each) do
272
- @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
273
- @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
274
- end
275
-
276
- it "should persist the pristine permission to the database" do
277
- pristine_permission = PristinePermission.new(:privilege_set_name => "login", :pristine_role => @pristine_context_role, :operation => '+')
278
-
279
- proc {
280
- pristine_permission.stage
281
- }.should change(Cbac::CbacPristine::PristinePermission, :count).by(1)
282
-
283
- end
284
-
285
- it "should persist the associated role if it doesn't exist yet" do
286
- pristine_permission = PristinePermission.new(:privilege_set_name => "login", :pristine_role => @pristine_context_role, :operation => '+')
287
-
288
- proc {
289
- pristine_permission.stage
290
- }.should change(Cbac::CbacPristine::PristineRole, :count).by(1)
291
- end
292
-
293
- it "should not create a new pristine permission if the cbac permission exists and the pristine permission wants to add" do
294
- privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
295
- Cbac::Permission.create(:privilege_set_id => privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
296
-
297
- pristine_permission = PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set.name, :pristine_role => @pristine_context_role)
298
- proc {
299
- pristine_permission.stage
300
- }.should_not change(Cbac::CbacPristine::PristinePermission, :count)
301
- end
302
-
303
- it "should create a new pristine permission if the cbac permission exists and the pristine permission wants to revoke" do
304
- privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
305
- Cbac::Permission.create(:privilege_set_id => privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
306
-
307
- pristine_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set.name, :pristine_role => @pristine_context_role)
308
- proc {
309
- pristine_permission.stage
310
- }.should change(Cbac::CbacPristine::PristinePermission, :count).by(1)
311
- end
312
-
313
- it "should not create a new pristine permission if a staged add permission exists and this pristine permission wants to revoke" do
314
- privilege_set_name = "chat"
315
- PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
316
- pristine_revoke_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
317
-
318
- proc {
319
- pristine_revoke_permission.stage
320
- }.should_not change(Cbac::CbacPristine::PristinePermission, :count).by(1)
321
- end
322
-
323
- it "should delete a staged add permission if the pristine permission wants to revoke the same permission" do
324
- privilege_set_name = "chat"
325
- PristinePermission.create(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
326
- pristine_revoke_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
327
-
328
- proc {
329
- pristine_revoke_permission.stage
330
- }.should change(Cbac::CbacPristine::PristinePermission, :count).by(-1)
331
- end
332
-
333
- it "should not create a new pristine permission if a cbac known permission exists" do
334
- known_number = 1
335
- pristine_permission = PristinePermission.new(:line_number => known_number, :privilege_set_name => "name not relevant", :pristine_role => @pristine_context_role)
336
- Cbac::KnownPermission.create(:permission_number => known_number, :permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:context])
337
-
338
- proc {
339
- pristine_permission.stage
340
- }.should_not change(Cbac::CbacPristine::PristinePermission, :count)
341
-
342
- end
343
-
344
- it "should raise an error if the same pristine permission is staged twice" do
345
- privilege_set_name = "chat"
346
- PristinePermission.create(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role, :line_number => 2)
347
- pristine_permission = PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role, :line_number => 3)
348
-
349
- proc {
350
- pristine_permission.stage
351
- }.should raise_error(ArgumentError)
352
- end
353
-
354
-
355
- end
356
-
357
- end
358
-
1
+
2
+ require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
3
+ require 'spec'
4
+ require '../lib/cbac/cbac_pristine/pristine'
5
+ require '../lib/cbac/cbac_pristine/pristine_role'
6
+ require '../lib/cbac/cbac_pristine/pristine_permission'
7
+
8
+ include Cbac::CbacPristine
9
+
10
+ describe "CbacPristinePermission" do
11
+
12
+
13
+ describe "convert pristine line to a yml fixture" do
14
+ before(:each) do
15
+ @context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
16
+ @admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
17
+ end
18
+
19
+
20
+ it "should raise an error if the pristine line has no role" do
21
+ pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => 'log_in', :pristine_role => nil)
22
+ lambda{
23
+ pristine_permission.to_yml_fixture
24
+ }.should raise_error(ArgumentError)
25
+ end
26
+
27
+ it "should raise an error if the pristine line has no privilege_set_name" do
28
+ pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "", :pristine_role => @context_role)
29
+ lambda{
30
+ pristine_permission.to_yml_fixture
31
+ }.should raise_error(ArgumentError)
32
+ end
33
+
34
+ it "should return a yml string starting with cbac_permission_ " do
35
+ pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "chat", :pristine_role => @context_role)
36
+
37
+ pristine_permission.to_yml_fixture.should match(/\Acbac_permission_/)
38
+ end
39
+
40
+ it "should return a yml string containing the line number of the pristine line" do
41
+ line_number= 100
42
+ pristine_permission = PristinePermission.new(:line_number => line_number, :privilege_set_name => "chat", :pristine_role => @context_role)
43
+
44
+ pristine_permission.to_yml_fixture.should match(/id: #{line_number}/)
45
+ end
46
+
47
+ it "should return a yml string containing a generic role id of 0 if a context_role is used" do
48
+ pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
49
+
50
+ pristine_permission.to_yml_fixture.should match(/generic_role_id: 0/)
51
+ end
52
+
53
+ it "should return a yml string containing the name of the context role if a context_role is used" do
54
+ pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
55
+
56
+ pristine_permission.to_yml_fixture.should match(/context_role: #{@context_role.name}/)
57
+ end
58
+
59
+ it "should return a yml string containing the id of the generic role if a generic role is used" do
60
+ pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @admin_role)
61
+
62
+ pristine_permission.to_yml_fixture.should match(/generic_role_id: #{@admin_role.id.to_s}/)
63
+ end
64
+
65
+ it "should return a yml string containing ruby code to find the privilege set by name" do
66
+ pristine_permission = PristinePermission.new(:line_number => 150, :privilege_set_name => "chat", :pristine_role => @context_role)
67
+
68
+ pristine_permission.to_yml_fixture.should match(/privilege_set_id: \<%= Cbac::PrivilegeSetRecord.find\(:first, :conditions => \{:name => '#{pristine_permission.privilege_set_name}'\}\)\.id %>/)
69
+ end
70
+
71
+ it "should return a yml string containing created_at and updated_at" do
72
+ pristine_permission = PristinePermission.new(:line_number => 1, :privilege_set_name => "chat", :pristine_role => @context_role)
73
+ pristine_permission.to_yml_fixture.should match(/created_at:.+updated_at:/m)
74
+ end
75
+ end
76
+
77
+ describe "check if this pristine permission exists" do
78
+ before(:each) do
79
+ @privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
80
+ @admin_role = Cbac::GenericRole.create(:name => "administrator")
81
+
82
+ @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
83
+ @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => @admin_role.name)
84
+ end
85
+
86
+ it "should return true if the pristine permission exists as generic cbac permission in the database" do
87
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => @admin_role.id)
88
+
89
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
90
+
91
+ pristine_permission.cbac_permission_exists?.should be_true
92
+ end
93
+
94
+ it "should return true if the pristine permission exists as context cbac permission in the database" do
95
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
96
+
97
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
98
+
99
+ pristine_permission.cbac_permission_exists?.should be_true
100
+ end
101
+
102
+ it "should return false if the pristine permission does not exist as context cbac permission in the database" do
103
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
104
+
105
+ pristine_permission.cbac_permission_exists?.should be_false
106
+ end
107
+
108
+ it "should return false if the pristine permission does not exist as a generic cbac permission in the database" do
109
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
110
+
111
+ pristine_permission.cbac_permission_exists?.should be_false
112
+ end
113
+
114
+ it "should return false if a similar pristine permission exist as a generic cbac permission in the database, but for another generic role" do
115
+ group_admin = Cbac::GenericRole.create(:name => "group_administrator")
116
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => group_admin.id)
117
+
118
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
119
+
120
+ pristine_permission.cbac_permission_exists?.should be_false
121
+ end
122
+
123
+ it "should return false if a similar pristine permission exist as a context cbac permission in the database, but for another context role" do
124
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => "group_owner")
125
+
126
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
127
+
128
+ pristine_permission.cbac_permission_exists?.should be_false
129
+ end
130
+ end
131
+
132
+ describe "check if a known permission exists for this pristine permission" do
133
+ before(:each) do
134
+
135
+ @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
136
+ @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
137
+ end
138
+
139
+ it "should return true if the pristine permission exists as a known permission in the database" do
140
+ pristine_permission = PristinePermission.new(:pristine_role => @pristine_admin_role, :line_number => 4, :privilege_set_name => "not relevant")
141
+
142
+ Cbac::KnownPermission.create(:permission_number => pristine_permission.line_number, :permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:context])
143
+
144
+ pristine_permission.known_permission_exists?.should be_true
145
+ end
146
+ end
147
+
148
+ describe "apply the permission" do
149
+ before(:each) do
150
+ @privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
151
+ @admin_role = Cbac::GenericRole.create(:name => "administrator")
152
+
153
+ @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
154
+ @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => @admin_role.name)
155
+ end
156
+
157
+
158
+ it "should add the context permission to the database if operation + is used" do
159
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
160
+ pristine_permission.operation = '+'
161
+
162
+ proc {
163
+ pristine_permission.accept
164
+ }.should change(Cbac::Permission, :count).by(1)
165
+ end
166
+
167
+ it "should create a generic permission if operation + is used" do
168
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
169
+ pristine_permission.operation = '+'
170
+
171
+ proc {
172
+ pristine_permission.accept
173
+ }.should change(Cbac::Permission, :count).by(1)
174
+ end
175
+
176
+ it "should delete the pristine permission since it was accepted" do
177
+ pristine_permission = PristinePermission.create(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role, :operation => '+')
178
+
179
+ proc {
180
+ pristine_permission.accept
181
+ }.should change(PristinePermission, :count).by(-1)
182
+ end
183
+
184
+ it "should create a generic role if it doesn't exist in yet" do
185
+ cbac_privilege_set = Cbac::PrivilegeSetRecord.create(:name => "cbac_administration")
186
+
187
+ cbac_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:generic], :name => "cbac_administrator")
188
+ pristine_permission = PristinePermission.new(:privilege_set_name => cbac_privilege_set.name, :pristine_role => cbac_admin_role)
189
+ pristine_permission.operation = '+'
190
+
191
+ proc {
192
+ pristine_permission.accept
193
+ }.should change(Cbac::GenericRole, :count).by(1)
194
+ end
195
+
196
+ it "should use an existing role if possible" do
197
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_admin_role)
198
+ pristine_permission.operation = '+'
199
+
200
+ pristine_permission.accept
201
+ # test smell: depends on a clean database
202
+ cbac_permission = Cbac::Permission.first
203
+
204
+ cbac_permission.generic_role.should == @admin_role
205
+ end
206
+
207
+ it "should remove an existing permission if operation - is used" do
208
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
209
+
210
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
211
+ pristine_permission.operation = '-'
212
+
213
+ proc {
214
+ pristine_permission.accept
215
+ }.should change(Cbac::Permission, :count).by(-1)
216
+ end
217
+
218
+ it "should raise an error if operation - is used and the permission does not exist" do
219
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
220
+ pristine_permission.operation = '-'
221
+
222
+ proc {
223
+ pristine_permission.accept
224
+ }.should raise_error(ArgumentError)
225
+ end
226
+
227
+ it "should create a known permission to record a change" do
228
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
229
+ pristine_permission.operation = '+'
230
+
231
+ proc {
232
+ pristine_permission.accept
233
+ }.should change(Cbac::KnownPermission, :count).by(1)
234
+ end
235
+
236
+ it "should create a known permission with specified permission identifier" do
237
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
238
+ pristine_permission.operation = '+'
239
+
240
+ pristine_permission.accept
241
+
242
+ known_permission = Cbac::KnownPermission.last
243
+
244
+ known_permission.permission_number.should == pristine_permission.line_number
245
+ end
246
+
247
+ it "should create a known permission with specified role type" do
248
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
249
+ pristine_permission.operation = '+'
250
+
251
+ pristine_permission.accept
252
+
253
+ known_permission = Cbac::KnownPermission.last
254
+
255
+ known_permission.permission_type.should == Cbac::KnownPermission.PERMISSION_TYPES[:context]
256
+ end
257
+
258
+ it "should also create a known permission if operation - is used to revoke a permission" do
259
+ Cbac::Permission.create(:privilege_set_id => @privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
260
+
261
+ pristine_permission = PristinePermission.new(:privilege_set_name => @privilege_set.name, :pristine_role => @pristine_context_role)
262
+ pristine_permission.operation = '-'
263
+
264
+ proc {
265
+ pristine_permission.accept
266
+ }.should change(Cbac::KnownPermission, :count).by(1)
267
+ end
268
+ end
269
+
270
+ describe "stage the permission so it can be applied" do
271
+ before(:each) do
272
+ @pristine_context_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "logged_in_user")
273
+ @pristine_admin_role = PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator")
274
+ end
275
+
276
+ it "should persist the pristine permission to the database" do
277
+ pristine_permission = PristinePermission.new(:privilege_set_name => "login", :pristine_role => @pristine_context_role, :operation => '+')
278
+
279
+ proc {
280
+ pristine_permission.stage
281
+ }.should change(Cbac::CbacPristine::PristinePermission, :count).by(1)
282
+
283
+ end
284
+
285
+ it "should persist the associated role if it doesn't exist yet" do
286
+ pristine_permission = PristinePermission.new(:privilege_set_name => "login", :pristine_role => @pristine_context_role, :operation => '+')
287
+
288
+ proc {
289
+ pristine_permission.stage
290
+ }.should change(Cbac::CbacPristine::PristineRole, :count).by(1)
291
+ end
292
+
293
+ it "should not create a new pristine permission if the cbac permission exists and the pristine permission wants to add" do
294
+ privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
295
+ Cbac::Permission.create(:privilege_set_id => privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
296
+
297
+ pristine_permission = PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set.name, :pristine_role => @pristine_context_role)
298
+ proc {
299
+ pristine_permission.stage
300
+ }.should_not change(Cbac::CbacPristine::PristinePermission, :count)
301
+ end
302
+
303
+ it "should create a new pristine permission if the cbac permission exists and the pristine permission wants to revoke" do
304
+ privilege_set = Cbac::PrivilegeSetRecord.create(:name => "login")
305
+ Cbac::Permission.create(:privilege_set_id => privilege_set.id, :generic_role_id => 0, :context_role => @pristine_context_role.name)
306
+
307
+ pristine_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set.name, :pristine_role => @pristine_context_role)
308
+ proc {
309
+ pristine_permission.stage
310
+ }.should change(Cbac::CbacPristine::PristinePermission, :count).by(1)
311
+ end
312
+
313
+ it "should not create a new pristine permission if a staged add permission exists and this pristine permission wants to revoke" do
314
+ privilege_set_name = "chat"
315
+ PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
316
+ pristine_revoke_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
317
+
318
+ proc {
319
+ pristine_revoke_permission.stage
320
+ }.should_not change(Cbac::CbacPristine::PristinePermission, :count).by(1)
321
+ end
322
+
323
+ it "should delete a staged add permission if the pristine permission wants to revoke the same permission" do
324
+ privilege_set_name = "chat"
325
+ PristinePermission.create(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
326
+ pristine_revoke_permission = PristinePermission.new(:operation => '-', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role)
327
+
328
+ proc {
329
+ pristine_revoke_permission.stage
330
+ }.should change(Cbac::CbacPristine::PristinePermission, :count).by(-1)
331
+ end
332
+
333
+ it "should not create a new pristine permission if a cbac known permission exists" do
334
+ known_number = 1
335
+ pristine_permission = PristinePermission.new(:line_number => known_number, :privilege_set_name => "name not relevant", :pristine_role => @pristine_context_role)
336
+ Cbac::KnownPermission.create(:permission_number => known_number, :permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:context])
337
+
338
+ proc {
339
+ pristine_permission.stage
340
+ }.should_not change(Cbac::CbacPristine::PristinePermission, :count)
341
+
342
+ end
343
+
344
+ it "should raise an error if the same pristine permission is staged twice" do
345
+ privilege_set_name = "chat"
346
+ PristinePermission.create(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role, :line_number => 2)
347
+ pristine_permission = PristinePermission.new(:operation => '+', :privilege_set_name => privilege_set_name, :pristine_role => @pristine_context_role, :line_number => 3)
348
+
349
+ proc {
350
+ pristine_permission.stage
351
+ }.should raise_error(ArgumentError)
352
+ end
353
+
354
+
355
+ end
356
+
357
+ end
358
+