controlist 0.1.0

data/test/feature_test.rb

@@ -0,0 +1,233 @@
+require 'test_helper'
+
+include Controlist::Permissions
+
+class FeatureTest < ActiveSupport::TestCase
+
+  def setup
+    if Controlist.is_activerecord3?
+      Controlist.skip do
+        load "test/migrate.rb"
+        Clazz.create id: 1, name: "Grade 1"
+        Clazz.create id: 2, name: "Grade 2"
+        User.create id: 1, name: "Tom", clazz_id: 1, age: 1
+        User.create id: 2, name: "Jerry", clazz_id: 1, age: 1
+        User.create id: 3, name: "Henry", clazz_id: 2, age: 1
+        User.create id: 4, name: "Tom", clazz_id: 2, age: 7
+        User.create id: 5, name: "MAF", clazz_id: 2, age: 1
+      end
+    end
+  end
+
+  def test_read_constrains
+    Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+      Controlist::Permission.new(User, READ, true, [
+        SimpleConstrain.new("name", "Tom"),
+        SimpleConstrain.new("name", ["Grade 1", "Grade 2"], relation: "clazz"),
+        AdvancedConstrain.new(property: "age", value: 5, operator: ">="),
+        SimpleConstrain.new("age", "null"),
+        SimpleConstrain.new("age", [1,2,3]),
+        SimpleConstrain.new("clazz_id", -> { Clazz.select(:id).map(&:id) }),
+        AdvancedConstrain.new(clause: "age != 100"),
+        Controlist.is_activerecord3? ?  nil : AdvancedConstrain.new(proc_read: lambda{|relation| relation.order("id DESC").limit(3) })
+      ])))
+
+    relation = User.unscoped
+    relation.to_sql
+    assert_equal [:clazz], relation.joins_values
+    assert_equal ["(users.name = 'Tom') and (clazzs.name in ('Grade 1','Grade 2'))" +
+                  " and (users.age >= 5) and (users.age is null) and (users.age in (1,2,3))" +
+                  " and (users.clazz_id in (1,2)) and (age != 100)"], relation.where_values
+    unless Controlist.is_activerecord3?
+      assert_equal 3, relation.limit_value
+      assert_equal ["id DESC"], relation.order_values
+    end
+  end
+
+  def test_permission_empty
+    Controlist.permission_provider.set_permission_package(nil)
+    relation = User.unscoped
+    relation.to_sql
+    assert_equal ["1 != 1"], relation.where_values
+  end
+
+  def test_read_constrains_sql_only
+    Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+      Controlist::Permission.new(User, READ, true, "age != 100")
+    ))
+    relation = User.unscoped
+    relation.to_sql
+    assert_equal ["age != 100"], relation.where_values
+  end
+
+
+  def test_read_apply_properties
+    Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+      Controlist::Permission.new(User, READ).apply(:name)
+    ))
+
+    relation = User.unscoped
+    assert_nil relation.first._value_object.clazz_id
+    assert_nil relation.first._val(:clazz_id)
+    assert_raise(ActiveModel::MissingAttributeError) { assert_nil relation.first.clazz_id }
+    Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+      Controlist::Permission.new(User, READ)
+    ))
+
+    relation = User.unscoped
+    assert_not_nil relation.first._value_object.clazz_id
+    assert_not_nil relation.first._val(:clazz_id)
+    assert_not_nil relation.first.clazz_id
+  end
+
+  def test_update_fail_without_permissions
+    Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+      Controlist::Permission.new(User, READ)
+    ))
+    user = User.find 1
+    assert_raise(Controlist::NoPermissionError) {
+      user.name = "Test"
+      user.save
+    }
+  end
+
+  def test_persistence_constrains
+    Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+      Controlist::Permission.new(Clazz, READ),
+      Controlist::Permission.new(User, READ),
+      Controlist::Permission.new(User, UPDATE, false, AdvancedConstrain.new(property: "name", value: "To", operator: "include?")),
+      Controlist.is_activerecord3? ?  nil : Controlist::Permission.new(User, UPDATE, false, AdvancedConstrain.new(proc_persistence: lambda{|object, operation| object.name == 'Block'})),
+      Controlist::Permission.new(User, [UPDATE, DELETE], false, SimpleConstrain.new("name", "Grade 1", relation: 'clazz')),
+      Controlist::Permission.new(User, UPDATE)
+    ))
+
+    user = User.find 3
+    assert_not_equal "Tom", user.name
+    assert_not_equal "Grade 1", user.clazz.name
+    user.name = 'Test'
+    assert_equal true, user.save
+
+    unless Controlist.is_activerecord3?
+      assert_raise(Controlist::PermissionForbidden) {
+        user.name = "Block"
+        user.save
+      }
+    end
+
+    assert_raise(Controlist::NoPermissionError) {
+      user.destroy
+    }
+
+    Controlist.permission_provider.get_permission_package.add_permissions(Controlist::Permission.new(User, DELETE))
+    assert_instance_of User, user.destroy
+
+    assert_raise(Controlist::PermissionForbidden) {
+      user = User.find 1
+      assert_equal "Tom", user.name
+      user.name = "Test"
+      user.save
+    }
+
+    assert_raise(Controlist::PermissionForbidden) {
+      user = User.find 2
+      assert_equal "Grade 1", user.clazz.name
+      user.name = "Test"
+      user.save
+    }
+
+    assert_raise(Controlist::PermissionForbidden) {
+      user = User.find 2
+      assert_equal "Grade 1", user.clazz.name
+      user.delete
+    }
+
+  end
+
+  def test_persistence_apply_properties
+    Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+      Controlist::Permission.new(User, READ),
+      Controlist::Permission.new(User, UPDATE, true, SimpleConstrain.new("name", "Tom")).apply(name: "Test", clazz_id: [1, 2]),
+    ))
+
+    assert_raise(Controlist::NoPermissionError) {
+      user = User.find 2
+      assert_not_equal "Tom", user.name
+      user.name = "Test"
+      user.save
+    }
+
+    assert_raise(Controlist::NoPermissionError) {
+      user = User.find 1
+      assert_equal "Tom", user.name
+      user.name = "Jerry"
+      user.save
+    }
+
+    user = User.find 1
+    assert_equal "Tom", user.name
+    user.clazz_id = 2
+    assert_equal true, user.save
+    assert_raise(Controlist::NoPermissionError) {
+      user.clazz_id = 3
+      user.save
+    }
+
+    user = User.find 1
+    assert_equal "Tom", user.name
+    user.name = "Test"
+    assert_equal true, user.save
+
+  end
+
+  def test_modify_permissions_on_the_fly
+    Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+      Controlist::Permission.new(User, READ),
+    ))
+
+    assert_instance_of User, User.find(1)
+
+    package = Controlist.permission_provider.get_permission_package
+    package.remove_permissions package.permissions.last
+
+    assert_raise(ActiveRecord::RecordNotFound) {
+      User.find 1
+    }
+
+    package.add_permissions Controlist::Permission.new(User, READ)
+    assert_instance_of User, User.find(1)
+  end
+
+  def test_constrains_argument_error
+    assert_raise(ArgumentError) {
+      Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+        Controlist::Permission.new(User, READ, true, Object.new)
+      ))
+    }
+  end
+
+  def test_relation_not_reuseable
+    assert_raise(Controlist::NotReuseableError) {
+      relation = User.unscoped
+      relation.to_sql
+      relation_new = relation.where("1 = 1")
+      relation_new.to_sql
+    }
+    relation = User.unscoped
+    reuseable_relation = relation.clone
+    relation.to_sql
+    relation_new = reuseable_relation.where("1 = 1")
+    relation_new.to_sql
+  end
+
+  def test_skip
+    Controlist.permission_provider.set_permission_package(OrderedPackage.new(
+      Controlist::Permission.new(User, READ, true, "age != 100")
+    ))
+    Controlist.skip do
+      relation = User.unscoped
+      relation.to_sql
+      assert_equal [], relation.where_values
+    end
+  end
+
+end

data/test/fixtures/clazz.yml

@@ -0,0 +1,6 @@
+one:
+  id: 1
+  name: Grade 1
+two:
+  id: 2
+  name: Grade 2

data/test/fixtures/user.yml

@@ -0,0 +1,25 @@
+one:
+  id: 1
+  name: Tom
+  clazz_id: 1
+  age: 1
+two:
+  id: 2
+  name: Jerry
+  clazz_id: 1
+  age: 1
+three:
+  id: 3
+  name: Henry
+  clazz_id: 2
+  age: 1
+four:
+  id: 4
+  name: Tom
+  clazz_id: 2
+  age: 7
+five:
+  id: 5
+  name: MAF
+  clazz_id: 2
+  age: 1

data/test/migrate.rb

@@ -0,0 +1,20 @@
+`rm test/test.sqlite3`
+ActiveRecord::Base.establish_connection(
+  :adapter  => "sqlite3",
+  :database => "test/test.sqlite3",
+  :pool=>5,
+  :timeout=>5000)
+class CreateSchema < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+      t.integer :clazz_id
+      t.integer :age
+    end
+    create_table :clazzs do |t|
+      t.string :name
+    end
+  end
+end
+CreateSchema.new.change
+

data/test/models/clazz.rb

@@ -0,0 +1,5 @@
+class Clazz < ActiveRecord::Base
+
+  has_many :users
+
+end

data/test/models/user.rb

@@ -0,0 +1,5 @@
+class User < ActiveRecord::Base
+
+  belongs_to :clazz
+
+end

data/test/test_helper.rb

@@ -0,0 +1,40 @@
+ROOT_PATH = File.expand_path("../..", __FILE__)
+
+require 'simplecov'
+SimpleCov.start do
+  add_filter '/test/'
+end
+
+require 'rails'
+require 'active_record'
+require 'rails/test_help'
+require 'minitest/autorun'
+require 'minitest/unit'
+require 'minitest/pride'
+require "minitest/reporters"
+Minitest::Reporters.use!
+require 'sqlite3'
+
+# require controlist
+require 'models/user'
+require 'models/clazz'
+load "test/migrate.rb"
+
+ActiveRecord::Base.logger = Logger.new(STDOUT)
+
+require 'controlist'
+require 'controlist/managers/thread_based_manager'
+#Controlist.initialize Controlist::Manager::ThreadBasedManager, attribute_proxy: "_val", value_object_proxy: "_value_object", logger: Logger.new(STDOUT)
+Controlist.initialize Controlist::Managers::ThreadBasedManager
+
+unless Controlist.is_activerecord3?
+  class ActiveSupport::TestCase
+    ActiveRecord::Migration.check_pending!
+
+    self.fixture_path = ROOT_PATH + "/test/fixtures"
+    self.test_order = :random if self.respond_to?(:test_order=)
+    fixtures :all
+
+    # Add more helper methods to be used by all tests here...
+  end
+end

metadata

@@ -0,0 +1,208 @@
+--- !ruby/object:Gem::Specification
+name: controlist
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Leon Li
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-07-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: minitest-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.1.1
+- !ruby/object:Gem::Dependency
+  name: minitest-reporters
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.17
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.17
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.7.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 5.7.0
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.10
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.3.10
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.1
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.2.1
+description: 'Use Case: RBAC (Role-Based Access Control), security for API Server
+  and any scenario that need fine-grained or flexible access control'
+email:
+- qianthinking@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- Gemfile.lock.3.2
+- Gemfile.lock.4.1
+- Gemfile.lock.4.2
+- LICENSE.txt
+- README.md
+- Rakefile
+- controlist.gemspec
+- lib/controlist.rb
+- lib/controlist/errors.rb
+- lib/controlist/interceptor.rb
+- lib/controlist/managers/base_manager.rb
+- lib/controlist/managers/thread_based_manager.rb
+- lib/controlist/permission.rb
+- lib/controlist/permissions/advanced_constrain.rb
+- lib/controlist/permissions/constrain.rb
+- lib/controlist/permissions/operation.rb
+- lib/controlist/permissions/ordered_package.rb
+- lib/controlist/permissions/simple_constrain.rb
+- lib/controlist/version.rb
+- test/feature_test.rb
+- test/fixtures/clazz.yml
+- test/fixtures/user.yml
+- test/migrate.rb
+- test/models/clazz.rb
+- test/models/user.rb
+- test/test.sqlite3
+- test/test_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Fine-grained access control library for Ruby ActiveRecord
+test_files:
+- test/feature_test.rb
+- test/fixtures/clazz.yml
+- test/fixtures/user.yml
+- test/migrate.rb
+- test/models/clazz.rb
+- test/models/user.rb
+- test/test.sqlite3
+- test/test_helper.rb