cbac 0.6.5 → 0.6.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +2 -0
- data/Gemfile.lock +92 -0
- data/Manifest +5 -2
- data/cbac.gemspec +9 -5
- data/lib/cbac.rb +12 -9
- data/lib/cbac/cbac_pristine/pristine_permission.rb +1 -2
- data/lib/cbac/privilege.rb +9 -10
- data/lib/cbac/setup.rb +9 -9
- data/lib/cbac/version.rb +3 -0
- data/lib/generators/cbac/cbac_generator.rb +2 -8
- data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +55 -32
- data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +1 -1
- data/spec/cbac_authorization_check_spec.rb +70 -0
- data/spec/cbac_pristine_file_spec.rb +20 -27
- data/spec/cbac_pristine_permission_spec.rb +168 -132
- data/spec/cbac_pristine_role_spec.rb +1 -8
- data/spec/fixtures/controllers/dating/daughter_controller.rb +11 -0
- data/spec/spec_helper.rb +35 -10
- data/spec/support/schema.rb +30 -0
- data/test/test_cbac_privilege.rb +13 -9
- metadata +74 -9
- data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +0 -40
- data/test/test_cbac_authorize_context_roles.rb +0 -39
@@ -1,11 +1,8 @@
|
|
1
|
-
require '
|
2
|
-
require File.expand_path(File.join(File.dirname(__FILE__), 'spec_helper'))
|
3
|
-
require 'cbac/cbac_pristine/pristine_role'
|
1
|
+
require 'spec_helper'
|
4
2
|
|
5
3
|
include Cbac::CbacPristine
|
6
4
|
|
7
5
|
describe "CbacPristineRole" do
|
8
|
-
|
9
6
|
describe "convert pristine role to a yml fixture" do
|
10
7
|
it "should return an empty string if the pristine role is of type :context" do
|
11
8
|
pristine_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:context], :name => "name is irrelevant")
|
@@ -21,7 +18,6 @@ describe "CbacPristineRole" do
|
|
21
18
|
}.should raise_error(ArgumentError)
|
22
19
|
end
|
23
20
|
|
24
|
-
|
25
21
|
it "should return a yml string starting with cbac_generic_role_ " do
|
26
22
|
pristine_role = PristineRole.new(:role_id => 0, :role_type => PristineRole.ROLE_TYPES[:generic], :name => "name is irrelevant")
|
27
23
|
|
@@ -78,8 +74,5 @@ describe "CbacPristineRole" do
|
|
78
74
|
admin_role.id.should be_nil
|
79
75
|
end
|
80
76
|
end
|
81
|
-
|
82
|
-
|
83
|
-
|
84
77
|
end
|
85
78
|
|
data/spec/spec_helper.rb
CHANGED
@@ -1,12 +1,37 @@
|
|
1
1
|
ENV["RAILS_ENV"] ||= 'test'
|
2
2
|
|
3
|
-
require '
|
4
|
-
require
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
3
|
+
require 'bundler'
|
4
|
+
Bundler.require
|
5
|
+
require 'rails/all'
|
6
|
+
require 'rspec/rails'
|
7
|
+
|
8
|
+
require 'cbac'
|
9
|
+
|
10
|
+
require 'support/schema'
|
11
|
+
require 'database_cleaner'
|
12
|
+
|
13
|
+
DatabaseCleaner.strategy = :transaction
|
14
|
+
|
15
|
+
RSpec.configure do |config|
|
16
|
+
config.before(:suite) do
|
17
|
+
Cbac::Schema.load
|
18
|
+
|
19
|
+
Cbac::Config.verbose = false
|
20
|
+
|
21
|
+
o = Object.new
|
22
|
+
o.send :extend, Cbac
|
23
|
+
o.cbac_boot!
|
24
|
+
end
|
25
|
+
|
26
|
+
config.after(:suite) do
|
27
|
+
Cbac::Schema.drop
|
28
|
+
end
|
29
|
+
|
30
|
+
config.before(:each) do
|
31
|
+
DatabaseCleaner.start
|
32
|
+
end
|
33
|
+
|
34
|
+
config.after(:each) do
|
35
|
+
DatabaseCleaner.clean
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require File.expand_path('../../../lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb', __FILE__)
|
2
|
+
|
3
|
+
class Cbac::Schema
|
4
|
+
DATABASE_FILE = File.expand_path('../test.sqlite3', __FILE__)
|
5
|
+
|
6
|
+
def self.load
|
7
|
+
print "Loading fresh database schema..."
|
8
|
+
|
9
|
+
connect!
|
10
|
+
CreateCbacFromScratch.suppress_messages do
|
11
|
+
CreateCbacFromScratch.up
|
12
|
+
end
|
13
|
+
connect!
|
14
|
+
|
15
|
+
puts "done"
|
16
|
+
end
|
17
|
+
|
18
|
+
def self.drop
|
19
|
+
FileUtils.rm_rf(DATABASE_FILE)
|
20
|
+
end
|
21
|
+
|
22
|
+
private
|
23
|
+
def self.connect!
|
24
|
+
ActiveRecord::Base.establish_connection(
|
25
|
+
:adapter => 'sqlite3',
|
26
|
+
:database => Cbac::Schema::DATABASE_FILE
|
27
|
+
)
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
data/test/test_cbac_privilege.rb
CHANGED
@@ -99,18 +99,22 @@ class CbacPrivilegeTest < ActiveSupport::TestCase
|
|
99
99
|
|
100
100
|
# Test the Privilege.select method. This method accepts a controller method
|
101
101
|
# string and an action type It returns the privilegesets that comply with this
|
102
|
-
# combination The actions post, put and delete are identical. This test aims
|
102
|
+
# combination The actions post, put, patch and delete are identical. This test aims
|
103
103
|
# at testing this assumption.
|
104
104
|
def test_select_correct
|
105
105
|
Privilege.resource :cbac_privilege, "select/correct/get", :get
|
106
|
-
|
107
|
-
|
108
|
-
|
106
|
+
post_action_types = [:post, :put, :patch, :delete]
|
107
|
+
|
108
|
+
post_action_types.each do |action|
|
109
|
+
Privilege.resource :cbac_privilege, "select/correct/#{action}", :post
|
110
|
+
end
|
111
|
+
|
109
112
|
assert_equal 1, Privilege.select("select/correct/get", :get).length
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
113
|
+
|
114
|
+
post_action_types.each do |configured_action|
|
115
|
+
post_action_types.each do |actual_action|
|
116
|
+
assert_equal 1, Privilege.select("select/correct/#{configured_action}", actual_action).length
|
117
|
+
end
|
114
118
|
end
|
115
119
|
end
|
116
120
|
|
@@ -149,4 +153,4 @@ class CbacPrivilegeTest < ActiveSupport::TestCase
|
|
149
153
|
Privilege.select(controller_method, :post)
|
150
154
|
end
|
151
155
|
end
|
152
|
-
end
|
156
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cbac
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.7
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,8 +9,72 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
13
|
-
dependencies:
|
12
|
+
date: 2013-01-09 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: rails
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ! '>='
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '3.0'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ! '>='
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '3.0'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: rspec-rails
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ! '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
38
|
+
type: :development
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ! '>='
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '0'
|
46
|
+
- !ruby/object:Gem::Dependency
|
47
|
+
name: sqlite3
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
50
|
+
requirements:
|
51
|
+
- - ! '>='
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0'
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ! '>='
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
- !ruby/object:Gem::Dependency
|
63
|
+
name: database_cleaner
|
64
|
+
requirement: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
66
|
+
requirements:
|
67
|
+
- - ! '>='
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0'
|
70
|
+
type: :development
|
71
|
+
prerelease: false
|
72
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ! '>='
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: '0'
|
14
78
|
description: Simple authorization system for Rails applications. Allows you to develop
|
15
79
|
applications with a mixed role based authorization and a context based authorization
|
16
80
|
model. Does not supply authentication.
|
@@ -35,6 +99,7 @@ extra_rdoc_files:
|
|
35
99
|
- lib/cbac/privilege_set.rb
|
36
100
|
- lib/cbac/privilege_set_record.rb
|
37
101
|
- lib/cbac/setup.rb
|
102
|
+
- lib/cbac/version.rb
|
38
103
|
- lib/generators/cbac/USAGE
|
39
104
|
- lib/generators/cbac/cbac_generator.rb
|
40
105
|
- lib/generators/cbac/copy_files/config/cbac.pristine
|
@@ -49,7 +114,6 @@ extra_rdoc_files:
|
|
49
114
|
- lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml
|
50
115
|
- lib/generators/cbac/copy_files/initializers/cbac_config.rb
|
51
116
|
- lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb
|
52
|
-
- lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb
|
53
117
|
- lib/generators/cbac/copy_files/stylesheets/cbac.css
|
54
118
|
- lib/generators/cbac/copy_files/tasks/cbac.rake
|
55
119
|
- lib/generators/cbac/copy_files/views/generic_roles/index.html.erb
|
@@ -64,9 +128,9 @@ extra_rdoc_files:
|
|
64
128
|
files:
|
65
129
|
- Gemfile
|
66
130
|
- Gemfile.lock
|
67
|
-
- Manifest
|
68
131
|
- README.rdoc
|
69
132
|
- Rakefile
|
133
|
+
- cbac.gemspec
|
70
134
|
- config/cbac/context_roles.rb
|
71
135
|
- config/cbac/privileges.rb
|
72
136
|
- context_roles.rb
|
@@ -87,6 +151,7 @@ files:
|
|
87
151
|
- lib/cbac/privilege_set.rb
|
88
152
|
- lib/cbac/privilege_set_record.rb
|
89
153
|
- lib/cbac/setup.rb
|
154
|
+
- lib/cbac/version.rb
|
90
155
|
- lib/generators/cbac/USAGE
|
91
156
|
- lib/generators/cbac/cbac_generator.rb
|
92
157
|
- lib/generators/cbac/copy_files/config/cbac.pristine
|
@@ -101,7 +166,6 @@ files:
|
|
101
166
|
- lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml
|
102
167
|
- lib/generators/cbac/copy_files/initializers/cbac_config.rb
|
103
168
|
- lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb
|
104
|
-
- lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb
|
105
169
|
- lib/generators/cbac/copy_files/stylesheets/cbac.css
|
106
170
|
- lib/generators/cbac/copy_files/tasks/cbac.rake
|
107
171
|
- lib/generators/cbac/copy_files/views/generic_roles/index.html.erb
|
@@ -115,25 +179,27 @@ files:
|
|
115
179
|
- migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb
|
116
180
|
- privileges.rb
|
117
181
|
- rails/init.rb
|
182
|
+
- spec/cbac_authorization_check_spec.rb
|
118
183
|
- spec/cbac_pristine_file_spec.rb
|
119
184
|
- spec/cbac_pristine_permission_spec.rb
|
120
185
|
- spec/cbac_pristine_role_spec.rb
|
186
|
+
- spec/fixtures/controllers/dating/daughter_controller.rb
|
121
187
|
- spec/rcov.opts
|
122
188
|
- spec/spec.opts
|
123
189
|
- spec/spec_helper.rb
|
190
|
+
- spec/support/schema.rb
|
124
191
|
- tasks/cbac.rake
|
125
192
|
- test/fixtures/cbac_generic_roles.yml
|
126
193
|
- test/fixtures/cbac_memberships.yml
|
127
194
|
- test/fixtures/cbac_permissions.yml
|
128
195
|
- test/fixtures/cbac_privilege_set.yml
|
129
196
|
- test/test_cbac_actions.rb
|
130
|
-
- test/test_cbac_authorize_context_roles.rb
|
131
197
|
- test/test_cbac_authorize_generic_roles.rb
|
132
198
|
- test/test_cbac_context_role.rb
|
133
199
|
- test/test_cbac_privilege.rb
|
134
200
|
- test/test_cbac_privilege_set.rb
|
135
201
|
- test/test_helper.rb
|
136
|
-
-
|
202
|
+
- Manifest
|
137
203
|
homepage: http://cbac.rubyforge.org
|
138
204
|
licenses: []
|
139
205
|
post_install_message:
|
@@ -170,5 +236,4 @@ test_files:
|
|
170
236
|
- test/test_helper.rb
|
171
237
|
- test/test_cbac_actions.rb
|
172
238
|
- test/test_cbac_privilege_set.rb
|
173
|
-
- test/test_cbac_authorize_context_roles.rb
|
174
239
|
- test/test_cbac_authorize_generic_roles.rb
|
@@ -1,40 +0,0 @@
|
|
1
|
-
class CreateCbacUpgradePath < ActiveRecord::Migration
|
2
|
-
def self.up
|
3
|
-
|
4
|
-
create_table :cbac_pristine_files do |t|
|
5
|
-
t.string :type
|
6
|
-
t.string :file_name
|
7
|
-
t.timestamps
|
8
|
-
end
|
9
|
-
|
10
|
-
create_table :cbac_staged_permissions do |t|
|
11
|
-
t.integer :pristine_role_id
|
12
|
-
t.integer :pristine_file_id
|
13
|
-
t.string :privilege_set_name
|
14
|
-
t.integer :line_number
|
15
|
-
t.string :comment
|
16
|
-
t.text :operation, :limit => 2
|
17
|
-
t.timestamps
|
18
|
-
end
|
19
|
-
|
20
|
-
create_table :cbac_staged_roles do |t|
|
21
|
-
t.string :role_type
|
22
|
-
t.string :name
|
23
|
-
t.integer :role_id
|
24
|
-
t.timestamps
|
25
|
-
end
|
26
|
-
|
27
|
-
create_table :cbac_known_permissions do |t|
|
28
|
-
t.integer :permission_number, :null => :no
|
29
|
-
t.integer :permission_type, :default => 0
|
30
|
-
end
|
31
|
-
|
32
|
-
end
|
33
|
-
|
34
|
-
def self.down
|
35
|
-
drop_table :cbac_pristine_files
|
36
|
-
drop_table :cbac_staged_permissions
|
37
|
-
drop_table :cbac_staged_roles
|
38
|
-
drop_table :cbac_known_permissions
|
39
|
-
end
|
40
|
-
end
|
@@ -1,39 +0,0 @@
|
|
1
|
-
# Copyright 2010 Bert Meerman
|
2
|
-
require File.expand_path(File.join(File.dirname(__FILE__), 'test_helper'))
|
3
|
-
|
4
|
-
# Dummy code for overriding the default current_user behavior
|
5
|
-
module Cbac
|
6
|
-
def current_user
|
7
|
-
1
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
###
|
12
|
-
# Tests the Cbac system for authorization with context roles
|
13
|
-
#
|
14
|
-
class CbacAuthorizeContextRolesTest < ActiveSupport::TestCase
|
15
|
-
include Cbac
|
16
|
-
|
17
|
-
#self.fixture_path = File.join(File.dirname(__FILE__), "fixtures")
|
18
|
-
#fixtures :all
|
19
|
-
attr_accessor :authorize_context_eval_string
|
20
|
-
attr_accessor :session
|
21
|
-
|
22
|
-
# Setup defines the PrivilegeSet that is being used by all PrivilegeTest methods
|
23
|
-
def setup
|
24
|
-
return if PrivilegeSet.sets.include?(:cbac_context_role)
|
25
|
-
PrivilegeSet.add :cbac_context_role, ""
|
26
|
-
Privilege.resource :cbac_context_role, "authorize/context/roles", :get
|
27
|
-
ContextRole.add :authorize_context_role, "context[:authorize_context_eval_string]"
|
28
|
-
end
|
29
|
-
|
30
|
-
# Check to see if action is correctly authorized
|
31
|
-
def test_authorize_ok
|
32
|
-
assert_equal true, authorization_check("authorize/context", "roles", :get, {:authorize_context_eval_string => true})
|
33
|
-
end
|
34
|
-
|
35
|
-
# Run authorization with incorrect authorization
|
36
|
-
def test_authorize_incorrect_privilege
|
37
|
-
assert_equal false, authorization_check("authorize/context", "roles", :get, {:authorize_context_eval_string => false})
|
38
|
-
end
|
39
|
-
end
|