RubyGems - cjbottaro-aegis - Versions diffs - 1.3.0 - Mend

cjbottaro-aegis 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

data/.gitignore +3 -0
data/MIT-LICENSE +20 -0
data/README.rdoc +182 -0
data/Rakefile +37 -0
data/VERSION +1 -0
data/aegis.gemspec +117 -0
data/lib/aegis.rb +11 -0
data/lib/aegis/constants.rb +6 -0
data/lib/aegis/has_role.rb +156 -0
data/lib/aegis/meta_class.rb +13 -0
data/lib/aegis/normalization.rb +26 -0
data/lib/aegis/permission_error.rb +5 -0
data/lib/aegis/permission_evaluator.rb +41 -0
data/lib/aegis/permissions.rb +108 -0
data/lib/aegis/role.rb +57 -0
data/lib/aegis/role_assignments.rb +10 -0
data/lib/rails/active_record.rb +5 -0
data/test/app_root/app/controllers/application_controller.rb +2 -0
data/test/app_root/app/models/account.rb +3 -0
data/test/app_root/app/models/forum.rb +8 -0
data/test/app_root/app/models/permissions.rb +70 -0
data/test/app_root/app/models/post.rb +7 -0
data/test/app_root/app/models/soldier.rb +5 -0
data/test/app_root/app/models/user.rb +7 -0
data/test/app_root/config/boot.rb +114 -0
data/test/app_root/config/database.yml +21 -0
data/test/app_root/config/environment.rb +14 -0
data/test/app_root/config/environments/in_memory.rb +0 -0
data/test/app_root/config/environments/mysql.rb +0 -0
data/test/app_root/config/environments/postgresql.rb +0 -0
data/test/app_root/config/environments/sqlite.rb +0 -0
data/test/app_root/config/environments/sqlite3.rb +0 -0
data/test/app_root/config/routes.rb +4 -0
data/test/app_root/db/migrate/20090408115228_create_users.rb +15 -0
data/test/app_root/db/migrate/20090429075648_create_soldiers.rb +16 -0
data/test/app_root/db/migrate/20090903234709_create_role_assignments.rb +16 -0
data/test/app_root/db/migrate/20090903234759_create_accounts.rb +11 -0
data/test/app_root/db/migrate/20090903234821_create_forums.rb +12 -0
data/test/app_root/db/migrate/20090903234828_create_posts.rb +12 -0
data/test/app_root/lib/console_with_fixtures.rb +4 -0
data/test/app_root/log/.gitignore +1 -0
data/test/app_root/script/console +7 -0
data/test/fixtures/accounts.yml +5 -0
data/test/fixtures/forums.yml +11 -0
data/test/fixtures/posts.yml +23 -0
data/test/fixtures/role_assignments.yml +0 -0
data/test/fixtures/users.yml +2 -0
data/test/has_role_options_test.rb +33 -0
data/test/has_role_test.rb +88 -0
data/test/permissions_test.rb +117 -0
data/test/test_helper.rb +44 -0
data/test/validation_test.rb +49 -0
metadata +130 -0

data/test/app_root/config/database.yml ADDED Viewed

@@ -0,0 +1,21 @@
+in_memory:
+  adapter: sqlite3
+  database: ":memory:"
+  verbosity: quiet
+sqlite:
+  adapter: sqlite
+  dbfile: plugin_test.sqlite.db
+sqlite3:
+  adapter: sqlite3
+  dbfile: plugin_test.sqlite3.db
+postgresql:
+  adapter: postgresql
+  username: postgres
+  password: postgres
+  database: plugin_test
+mysql:
+  adapter: mysql
+  host: localhost
+  username: root
+  password:
+  database: plugin_test

data/test/app_root/config/environment.rb ADDED Viewed

@@ -0,0 +1,14 @@
+require File.join(File.dirname(__FILE__), 'boot')
+Rails::Initializer.run do |config|
+  config.cache_classes = false
+  config.whiny_nils = true
+  config.action_controller.session = { :key => "_myapp_session", :secret => "gwirofjweroijger8924rt2zfwehfuiwehb1378rifowenfoqwphf23" }
+  config.plugin_locators.unshift(
+    Class.new(Rails::Plugin::Locator) do
+      def plugins
+        [Rails::Plugin.new(File.expand_path('.'))]
+      end
+    end
+  ) unless defined?(PluginTestHelper::PluginLocator)
+end

data/test/app_root/config/environments/in_memory.rb ADDED Viewed

File without changes

data/test/app_root/config/environments/mysql.rb ADDED Viewed

File without changes

data/test/app_root/config/environments/postgresql.rb ADDED Viewed

File without changes

data/test/app_root/config/environments/sqlite.rb ADDED Viewed

File without changes

data/test/app_root/config/environments/sqlite3.rb ADDED Viewed

File without changes

data/test/app_root/config/routes.rb ADDED Viewed

@@ -0,0 +1,4 @@
+ActionController::Routing::Routes.draw do |map|
+  map.connect ':controller/:action/:id'
+  map.connect ':controller/:action/:id.:format'
+end

data/test/app_root/db/migrate/20090408115228_create_users.rb ADDED Viewed

@@ -0,0 +1,15 @@
+class CreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table :users do |t|
+      t.string "role_name"
+      t.boolean "is_admin", :null => false, :default => false
+      t.timestamps
+    end
+  end
+  def self.down
+    drop_table :users
+  end
+end

data/test/app_root/db/migrate/20090429075648_create_soldiers.rb ADDED Viewed

@@ -0,0 +1,16 @@
+class CreateSoldiers < ActiveRecord::Migration
+  def self.up
+    create_table :soldiers do |t|
+      t.string :rank
+      t.timestamps
+    end
+  end
+  def self.down
+    drop_table :soldiers
+  end
+end

data/test/app_root/db/migrate/20090903234709_create_role_assignments.rb ADDED Viewed

@@ -0,0 +1,16 @@
+class CreateRoleAssignments < ActiveRecord::Migration
+  def self.up
+    create_table :role_assignments do |t|
+      t.string  :actor_type,    :null => false
+      t.integer :actor_id,      :null => false
+      t.string  :role_name,     :null => false
+      t.string  :context_type,  :null => false
+      t.integer :context_id,    :null => false
+      t.timestamps
+    end
+  end
+  def self.down
+    drop_table :role_assignments
+  end
+end

data/test/app_root/db/migrate/20090903234759_create_accounts.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class CreateAccounts < ActiveRecord::Migration
+  def self.up
+    create_table :accounts do |t|
+      t.string :name, :null => false
+    end
+  end
+  def self.down
+    drop_table :accounts
+  end
+end

data/test/app_root/db/migrate/20090903234821_create_forums.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreateForums < ActiveRecord::Migration
+  def self.up
+    create_table :forums do |t|
+      t.integer :account_id, :null => false
+      t.string  :name,       :null => false
+    end
+  end
+  def self.down
+    drop_table :forums
+  end
+end

data/test/app_root/db/migrate/20090903234828_create_posts.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class CreatePosts < ActiveRecord::Migration
+  def self.up
+    create_table :posts do |t|
+      t.integer :forum_id, :null => false
+      t.string  :title,    :null => false
+    end
+  end
+  def self.down
+    drop_table :posts
+  end
+end

data/test/app_root/lib/console_with_fixtures.rb ADDED Viewed

@@ -0,0 +1,4 @@
+# Loads fixtures into the database when running the test app via the console
+(ENV['FIXTURES'] ? ENV['FIXTURES'].split(/,/) : Dir.glob(File.join(Rails.root, '../fixtures/*.{yml,csv}'))).each do |fixture_file|
+  Fixtures.create_fixtures(File.join(Rails.root, '../fixtures'), File.basename(fixture_file, '.*'))
+end

data/test/app_root/log/.gitignore ADDED Viewed

	@@ -0,0 +1 @@
1	+ *.log

data/test/app_root/script/console ADDED Viewed

@@ -0,0 +1,7 @@
+irb = RUBY_PLATFORM =~ /(:?mswin|mingw)/ ? 'irb.bat' : 'irb'
+libs =  " -r irb/completion"
+libs << " -r test/test_helper"
+libs << " -r console_app"
+libs << " -r console_with_helpers"
+libs << " -r console_with_fixtures"
+exec "#{irb} #{libs} --simple-prompt"

data/test/fixtures/accounts.yml ADDED Viewed

@@ -0,0 +1,5 @@
+google:
+  name: google.com
+yahoo:
+  name: yahoo.com

data/test/fixtures/forums.yml ADDED Viewed

@@ -0,0 +1,11 @@
+searching:
+  account: google
+  name: searching
+crawling:
+  account: google
+  name: crawling
+advertising:
+  account: google
+  name: advertising

data/test/fixtures/posts.yml ADDED Viewed

@@ -0,0 +1,23 @@
+searching101:
+  forum: searching
+  title: searching101
+searching102:
+  forum: searching
+  title: searching102
+crawling101:
+  forum: crawling
+  title: crawling101
+crawling102:
+  forum: crawling
+  title: crawling102
+advertising101:
+  forum: advertising
+  title: advertising101
+advertising102:
+  forum: advertising
+  title: advertising102

data/test/fixtures/role_assignments.yml ADDED Viewed

File without changes

data/test/fixtures/users.yml ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ with_hierarchy:
2	+ role_name: guest

data/test/has_role_options_test.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require "test/test_helper"
+class HasRoleOptionsTest < ActiveSupport::TestCase
+  context "A record with a custom role field" do
+    setup do
+      @soldier = Soldier.new
+    end
+    should "allow its role to be written and read" do
+      @soldier.role = "guest"
+      assert "guest", @soldier.role.name
+    end
+    should "store the role name in the custom field" do
+      assert "guest", @soldier.rank
+    end
+    should "still work with permissions" do
+      @soldier.role = "guest"
+      assert @soldier.may_hug?
+      assert !@soldier.may_update_users?
+    end
+  end
+  def test_setting_hierarchy
+    assert_equal "forum", User.aegis_role_hierarchy["Post"]
+    assert_equal "account", User.aegis_role_hierarchy["Forum"]
+  end
+end

data/test/has_role_test.rb ADDED Viewed

@@ -0,0 +1,88 @@
+require "test/test_helper"
+class HasRoleTest < ActiveSupport::TestCase
+  context "Objects that have an aegis role" do
+    setup do
+      @guest = User.new(:role_name => "guest")
+      @student = User.new(:role_name => "student")
+      @admin = User.new(:role_name => "admin")
+    end
+    should "know their role" do
+      assert :guest, @guest.role.name
+      assert :student, @student.role.name
+      assert :admin, @admin.role.name
+    end
+    should "know if they belong to a role" do
+      assert @guest.guest?
+      assert !@guest.student?
+      assert !@guest.admin?
+      assert !@student.guest?
+      assert @student.student?
+      assert !@student.admin?
+      assert !@admin.guest?
+      assert !@admin.student?
+      assert @admin.admin?
+    end
+    should "still behave as usual when a method ending in a '?' does not map to a role query" do
+      assert_raise NoMethodError do
+        @guest.nonexisting_method?
+      end
+    end
+  end
+  def test_role_in
+    create_role_assignments
+    user = users(:with_hierarchy)
+    do_test_role_in(user)
+  end
+  def test_role_in_using_hierarchy_accessor
+    create_role_assignments
+    saved_role_heirarchy = User.aegis_role_hierarchy
+    assert_not_nil User.aegis_role_hierarchy
+    User.instance_variable_set("@aegis_role_hierarchy", nil)
+    assert_nil User.aegis_role_hierarchy
+    User.instance_variable_set("@aegis_role_hierarchy_accessor", "parent")
+    assert_equal "parent", User.aegis_role_hierarchy_accessor
+    do_test_role_in(users(:with_hierarchy))
+    # So the rest of the tests don't break.
+    User.instance_variable_set("@aegis_role_hierarchy", saved_role_heirarchy)
+    User.instance_variable_set("@aegis_role_hierarchy_accessor", nil)
+  end
+  def test_forced_role
+    create_role_assignments
+    user = users(:with_hierarchy)
+    user.update_attribute(:is_admin, true)
+    assert_equal "superuser", user.role
+    assert_equal "superuser", user.role_in(accounts(:google))
+    assert_equal "superuser", user.role_in(forums(:searching))
+    assert_equal "superuser", user.role_in(posts(:searching101))
+    assert_equal "superuser", user.role_in(posts(:searching102))
+  end
+private
+  def do_test_role_in(user)
+    assert_equal :admin, user.role_in(accounts(:google)).name
+    assert_equal :writer, user.role_in(forums(:searching)).name
+    assert_equal :writer, user.role_in(posts(:searching101)).name
+    assert_equal :reader, user.role_in(posts(:searching102)).name
+    assert_equal :admin, user.role_in(forums(:crawling)).name
+    assert_equal :admin, user.role_in(posts(:crawling101)).name
+    assert_equal :admin, user.role_in(posts(:crawling102)).name
+  end
+end

data/test/permissions_test.rb ADDED Viewed

@@ -0,0 +1,117 @@
+require "test/test_helper"
+class PermissionsTest < ActiveSupport::TestCase
+  context "Aegis permissions" do
+    setup do
+      @guest = User.new(:role_name => "guest")
+      @student = User.new(:role_name => "student")
+      @admin = User.new(:role_name => "admin")
+    end
+    should "use the default permission for actions without any allow or grant directives" do
+      assert !@guest.may_use_empty?
+      assert !@student.may_use_empty?
+      assert @admin.may_use_empty?
+    end
+    should "understand simple allow and deny directives" do
+      assert !@guest.may_use_simple?
+      assert @student.may_use_simple?
+      assert !@admin.may_use_simple?
+    end
+    should 'raise exceptions when a denied action is queried with an exclamation mark' do
+      assert_raise Aegis::PermissionError do
+        @guest.may_use_simple!
+      end
+      assert_raise Aegis::PermissionError do
+        @admin.may_use_simple!
+      end
+    end
+    should 'do nothing if an allowed action is queried with an exclamation mark' do
+      assert_nothing_raised do
+        @student.may_use_simple!
+      end
+    end
+    should "implicate the singular form of an action described in plural form" do
+      assert !@guest.may_update_users?
+      assert !@guest.may_update_user?("foo")
+      assert @student.may_update_users?
+      assert @student.may_update_user?("foo")
+      assert !@admin.may_update_users?
+      assert !@admin.may_update_user?("foo")
+    end
+    should 'implicate create, read, update and destroy forms for actions named "crud_..."' do
+      assert @student.may_create_projects?
+      assert @student.may_read_projects?
+      assert @student.may_update_projects?
+      assert @student.may_destroy_projects?
+    end
+    should 'perform normalization of CRUD verbs (e.g. "edit" and "update")' do
+      assert !@guest.may_edit_drinks?
+      assert @student.may_edit_drinks?
+      assert !@admin.may_edit_drinks?
+      assert !@guest.may_update_drinks?
+      assert @student.may_update_drinks?
+      assert !@admin.may_update_drinks?
+    end
+    should "be able to grant or deny actions to all roles using :everyone" do
+      assert @guest.may_hug?
+      assert @student.may_hug?
+      assert @admin.may_hug?
+    end
+    should "allow the definition of parametrized actions" do
+      assert !@guest.may_divide?(10, 2)
+      assert @student.may_divide?(10, 2)
+      assert !@student.may_divide?(10, 0)
+      assert @admin.may_divide?(10, 2)
+      assert @admin.may_divide?(10, 0)
+    end
+    should 'use default permissions for undefined actions' do
+      !@student.may_do_undefined_stuff?("foo")
+      @admin.may_do_undefined_stuff?("foo")
+    end
+    should 'overshadow previous action definitions with the same name' do
+      assert @guest.may_draw?
+      assert !@student.may_draw?
+      assert !@admin.may_draw?
+    end
+  end
+  def test_hierarchical_permissions
+    create_role_assignments
+    user = users(:with_hierarchy)
+    assert  user.may_edit_post_in?(posts(:searching101))
+    assert !user.may_edit_post_in?(posts(:searching102))
+    assert  user.may_view_post_in?(posts(:searching101))
+    assert  user.may_view_post_in?(posts(:searching102))
+    assert  user.may_create_post_in?(forums(:searching))
+    assert  user.may_create_post_in?(forums(:crawling))
+    assert  user.may_create_forum_in?(accounts(:google))
+    assert !user.may_create_forum_in?(accounts(:yahoo))
+  end
+  def test_invalid_permission_context
+    create_role_assignments
+    user = users(:with_hierarchy)
+    assert_nothing_raised{ user.may_create_post_in?(forums(:searching)) }
+    assert_raise(Aegis::PermissionError){ user.may_create_post_in?(posts(:searching101)) }
+  end
+end