decision_agent 0.2.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +313 -8
- data/bin/decision_agent +104 -0
- data/lib/decision_agent/agent.rb +72 -1
- data/lib/decision_agent/context.rb +1 -0
- data/lib/decision_agent/data_enrichment/cache/memory_adapter.rb +86 -0
- data/lib/decision_agent/data_enrichment/cache_adapter.rb +49 -0
- data/lib/decision_agent/data_enrichment/circuit_breaker.rb +135 -0
- data/lib/decision_agent/data_enrichment/client.rb +220 -0
- data/lib/decision_agent/data_enrichment/config.rb +78 -0
- data/lib/decision_agent/data_enrichment/errors.rb +36 -0
- data/lib/decision_agent/decision.rb +102 -2
- data/lib/decision_agent/dmn/adapter.rb +135 -0
- data/lib/decision_agent/dmn/cache.rb +306 -0
- data/lib/decision_agent/dmn/decision_graph.rb +327 -0
- data/lib/decision_agent/dmn/decision_tree.rb +192 -0
- data/lib/decision_agent/dmn/errors.rb +30 -0
- data/lib/decision_agent/dmn/exporter.rb +217 -0
- data/lib/decision_agent/dmn/feel/evaluator.rb +819 -0
- data/lib/decision_agent/dmn/feel/functions.rb +420 -0
- data/lib/decision_agent/dmn/feel/parser.rb +349 -0
- data/lib/decision_agent/dmn/feel/simple_parser.rb +276 -0
- data/lib/decision_agent/dmn/feel/transformer.rb +372 -0
- data/lib/decision_agent/dmn/feel/types.rb +276 -0
- data/lib/decision_agent/dmn/importer.rb +77 -0
- data/lib/decision_agent/dmn/model.rb +197 -0
- data/lib/decision_agent/dmn/parser.rb +191 -0
- data/lib/decision_agent/dmn/testing.rb +333 -0
- data/lib/decision_agent/dmn/validator.rb +315 -0
- data/lib/decision_agent/dmn/versioning.rb +229 -0
- data/lib/decision_agent/dmn/visualizer.rb +513 -0
- data/lib/decision_agent/dsl/condition_evaluator.rb +984 -838
- data/lib/decision_agent/dsl/schema_validator.rb +53 -14
- data/lib/decision_agent/evaluators/dmn_evaluator.rb +308 -0
- data/lib/decision_agent/evaluators/json_rule_evaluator.rb +69 -9
- data/lib/decision_agent/explainability/condition_trace.rb +83 -0
- data/lib/decision_agent/explainability/explainability_result.rb +52 -0
- data/lib/decision_agent/explainability/rule_trace.rb +39 -0
- data/lib/decision_agent/explainability/trace_collector.rb +24 -0
- data/lib/decision_agent/monitoring/alert_manager.rb +5 -1
- data/lib/decision_agent/simulation/errors.rb +18 -0
- data/lib/decision_agent/simulation/impact_analyzer.rb +498 -0
- data/lib/decision_agent/simulation/monte_carlo_simulator.rb +635 -0
- data/lib/decision_agent/simulation/replay_engine.rb +486 -0
- data/lib/decision_agent/simulation/scenario_engine.rb +318 -0
- data/lib/decision_agent/simulation/scenario_library.rb +163 -0
- data/lib/decision_agent/simulation/shadow_test_engine.rb +287 -0
- data/lib/decision_agent/simulation/what_if_analyzer.rb +1002 -0
- data/lib/decision_agent/simulation.rb +17 -0
- data/lib/decision_agent/version.rb +1 -1
- data/lib/decision_agent/versioning/activerecord_adapter.rb +23 -8
- data/lib/decision_agent/web/dmn_editor.rb +426 -0
- data/lib/decision_agent/web/public/app.js +119 -0
- data/lib/decision_agent/web/public/dmn-editor.css +596 -0
- data/lib/decision_agent/web/public/dmn-editor.html +250 -0
- data/lib/decision_agent/web/public/dmn-editor.js +553 -0
- data/lib/decision_agent/web/public/index.html +52 -0
- data/lib/decision_agent/web/public/simulation.html +130 -0
- data/lib/decision_agent/web/public/simulation_impact.html +478 -0
- data/lib/decision_agent/web/public/simulation_replay.html +551 -0
- data/lib/decision_agent/web/public/simulation_shadow.html +546 -0
- data/lib/decision_agent/web/public/simulation_whatif.html +532 -0
- data/lib/decision_agent/web/public/styles.css +86 -0
- data/lib/decision_agent/web/server.rb +1059 -23
- data/lib/decision_agent.rb +60 -2
- metadata +105 -61
- data/spec/ab_testing/ab_test_assignment_spec.rb +0 -253
- data/spec/ab_testing/ab_test_manager_spec.rb +0 -612
- data/spec/ab_testing/ab_test_spec.rb +0 -270
- data/spec/ab_testing/ab_testing_agent_spec.rb +0 -481
- data/spec/ab_testing/storage/adapter_spec.rb +0 -64
- data/spec/ab_testing/storage/memory_adapter_spec.rb +0 -485
- data/spec/activerecord_thread_safety_spec.rb +0 -553
- data/spec/advanced_operators_spec.rb +0 -3150
- data/spec/agent_spec.rb +0 -289
- data/spec/api_contract_spec.rb +0 -430
- data/spec/audit_adapters_spec.rb +0 -92
- data/spec/auth/access_audit_logger_spec.rb +0 -394
- data/spec/auth/authenticator_spec.rb +0 -112
- data/spec/auth/password_reset_spec.rb +0 -294
- data/spec/auth/permission_checker_spec.rb +0 -207
- data/spec/auth/permission_spec.rb +0 -73
- data/spec/auth/rbac_adapter_spec.rb +0 -550
- data/spec/auth/rbac_config_spec.rb +0 -82
- data/spec/auth/role_spec.rb +0 -51
- data/spec/auth/session_manager_spec.rb +0 -172
- data/spec/auth/session_spec.rb +0 -112
- data/spec/auth/user_spec.rb +0 -130
- data/spec/comprehensive_edge_cases_spec.rb +0 -1777
- data/spec/context_spec.rb +0 -127
- data/spec/decision_agent_spec.rb +0 -96
- data/spec/decision_spec.rb +0 -423
- data/spec/dsl/condition_evaluator_spec.rb +0 -774
- data/spec/dsl_validation_spec.rb +0 -648
- data/spec/edge_cases_spec.rb +0 -353
- data/spec/evaluation_spec.rb +0 -364
- data/spec/evaluation_validator_spec.rb +0 -165
- data/spec/examples/feedback_aware_evaluator_spec.rb +0 -460
- data/spec/examples.txt +0 -1633
- data/spec/issue_verification_spec.rb +0 -759
- data/spec/json_rule_evaluator_spec.rb +0 -587
- data/spec/monitoring/alert_manager_spec.rb +0 -378
- data/spec/monitoring/metrics_collector_spec.rb +0 -499
- data/spec/monitoring/monitored_agent_spec.rb +0 -222
- data/spec/monitoring/prometheus_exporter_spec.rb +0 -242
- data/spec/monitoring/storage/activerecord_adapter_spec.rb +0 -498
- data/spec/monitoring/storage/base_adapter_spec.rb +0 -61
- data/spec/monitoring/storage/memory_adapter_spec.rb +0 -247
- data/spec/performance_optimizations_spec.rb +0 -486
- data/spec/replay_edge_cases_spec.rb +0 -699
- data/spec/replay_spec.rb +0 -210
- data/spec/rfc8785_canonicalization_spec.rb +0 -215
- data/spec/scoring_spec.rb +0 -225
- data/spec/spec_helper.rb +0 -60
- data/spec/testing/batch_test_importer_spec.rb +0 -693
- data/spec/testing/batch_test_runner_spec.rb +0 -307
- data/spec/testing/test_coverage_analyzer_spec.rb +0 -292
- data/spec/testing/test_result_comparator_spec.rb +0 -392
- data/spec/testing/test_scenario_spec.rb +0 -113
- data/spec/thread_safety_spec.rb +0 -482
- data/spec/thread_safety_spec.rb.broken +0 -878
- data/spec/versioning/adapter_spec.rb +0 -156
- data/spec/versioning_spec.rb +0 -1030
- data/spec/web/middleware/auth_middleware_spec.rb +0 -133
- data/spec/web/middleware/permission_middleware_spec.rb +0 -247
- data/spec/web_ui_rack_spec.rb +0 -1840
|
@@ -1,133 +0,0 @@
|
|
|
1
|
-
require "spec_helper"
|
|
2
|
-
require "rack/test"
|
|
3
|
-
require_relative "../../../lib/decision_agent/web/middleware/auth_middleware"
|
|
4
|
-
|
|
5
|
-
RSpec.describe DecisionAgent::Web::Middleware::AuthMiddleware do
|
|
6
|
-
include Rack::Test::Methods
|
|
7
|
-
|
|
8
|
-
let(:authenticator) { double("Authenticator") }
|
|
9
|
-
let(:access_audit_logger) { double("AccessAuditLogger") }
|
|
10
|
-
let(:app) { ->(_env) { [200, {}, ["OK"]] } }
|
|
11
|
-
let(:middleware) { described_class.new(app, authenticator: authenticator, access_audit_logger: access_audit_logger) }
|
|
12
|
-
|
|
13
|
-
describe "#initialize" do
|
|
14
|
-
it "initializes with app and authenticator" do
|
|
15
|
-
expect(middleware.instance_variable_get(:@app)).to eq(app)
|
|
16
|
-
expect(middleware.instance_variable_get(:@authenticator)).to eq(authenticator)
|
|
17
|
-
expect(middleware.instance_variable_get(:@access_audit_logger)).to eq(access_audit_logger)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
it "initializes without access_audit_logger" do
|
|
21
|
-
middleware = described_class.new(app, authenticator: authenticator)
|
|
22
|
-
expect(middleware.instance_variable_get(:@access_audit_logger)).to be_nil
|
|
23
|
-
end
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
describe "#call" do
|
|
27
|
-
context "with Authorization header" do
|
|
28
|
-
it "extracts token from Bearer header" do
|
|
29
|
-
user = double("User", id: "user1")
|
|
30
|
-
session = double("Session", token: "token123")
|
|
31
|
-
auth_result = { user: user, session: session }
|
|
32
|
-
|
|
33
|
-
allow(authenticator).to receive(:authenticate).with("token123").and_return(auth_result)
|
|
34
|
-
|
|
35
|
-
env = Rack::MockRequest.env_for("/", "HTTP_AUTHORIZATION" => "Bearer token123")
|
|
36
|
-
status, = middleware.call(env)
|
|
37
|
-
|
|
38
|
-
expect(status).to eq(200)
|
|
39
|
-
expect(env["decision_agent.user"]).to eq(user)
|
|
40
|
-
expect(env["decision_agent.session"]).to eq(session)
|
|
41
|
-
end
|
|
42
|
-
|
|
43
|
-
it "handles missing Bearer prefix" do
|
|
44
|
-
env = Rack::MockRequest.env_for("/", "HTTP_AUTHORIZATION" => "token123")
|
|
45
|
-
status, = middleware.call(env)
|
|
46
|
-
|
|
47
|
-
expect(status).to eq(200)
|
|
48
|
-
expect(env["decision_agent.user"]).to be_nil
|
|
49
|
-
end
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
context "with session cookie" do
|
|
53
|
-
it "extracts token from cookie" do
|
|
54
|
-
user = double("User", id: "user1")
|
|
55
|
-
session = double("Session", token: "cookie_token")
|
|
56
|
-
auth_result = { user: user, session: session }
|
|
57
|
-
|
|
58
|
-
allow(authenticator).to receive(:authenticate).with("cookie_token").and_return(auth_result)
|
|
59
|
-
|
|
60
|
-
env = Rack::MockRequest.env_for("/")
|
|
61
|
-
request = Rack::Request.new(env)
|
|
62
|
-
allow(request).to receive(:cookies).and_return("decision_agent_session" => "cookie_token")
|
|
63
|
-
allow(Rack::Request).to receive(:new).and_return(request)
|
|
64
|
-
|
|
65
|
-
status, = middleware.call(env)
|
|
66
|
-
|
|
67
|
-
expect(status).to eq(200)
|
|
68
|
-
expect(env["decision_agent.user"]).to eq(user)
|
|
69
|
-
end
|
|
70
|
-
end
|
|
71
|
-
|
|
72
|
-
context "with query parameter" do
|
|
73
|
-
it "extracts token from query parameter" do
|
|
74
|
-
user = double("User", id: "user1")
|
|
75
|
-
session = double("Session", token: "query_token")
|
|
76
|
-
auth_result = { user: user, session: session }
|
|
77
|
-
|
|
78
|
-
allow(authenticator).to receive(:authenticate).with("query_token").and_return(auth_result)
|
|
79
|
-
|
|
80
|
-
env = Rack::MockRequest.env_for("/?token=query_token")
|
|
81
|
-
status, = middleware.call(env)
|
|
82
|
-
|
|
83
|
-
expect(status).to eq(200)
|
|
84
|
-
expect(env["decision_agent.user"]).to eq(user)
|
|
85
|
-
end
|
|
86
|
-
end
|
|
87
|
-
|
|
88
|
-
context "without token" do
|
|
89
|
-
it "calls app without setting user" do
|
|
90
|
-
env = Rack::MockRequest.env_for("/")
|
|
91
|
-
status, = middleware.call(env)
|
|
92
|
-
|
|
93
|
-
expect(status).to eq(200)
|
|
94
|
-
expect(env["decision_agent.user"]).to be_nil
|
|
95
|
-
expect(env["decision_agent.session"]).to be_nil
|
|
96
|
-
end
|
|
97
|
-
end
|
|
98
|
-
|
|
99
|
-
context "with invalid token" do
|
|
100
|
-
it "calls app without setting user when authentication fails" do
|
|
101
|
-
allow(authenticator).to receive(:authenticate).with("invalid_token").and_return(nil)
|
|
102
|
-
|
|
103
|
-
env = Rack::MockRequest.env_for("/", "HTTP_AUTHORIZATION" => "Bearer invalid_token")
|
|
104
|
-
status, = middleware.call(env)
|
|
105
|
-
|
|
106
|
-
expect(status).to eq(200)
|
|
107
|
-
expect(env["decision_agent.user"]).to be_nil
|
|
108
|
-
expect(env["decision_agent.session"]).to be_nil
|
|
109
|
-
end
|
|
110
|
-
end
|
|
111
|
-
|
|
112
|
-
context "token priority" do
|
|
113
|
-
it "prefers Authorization header over cookie" do
|
|
114
|
-
user_header = double("User", id: "header_user")
|
|
115
|
-
user_cookie = double("User", id: "cookie_user")
|
|
116
|
-
session_header = double("Session")
|
|
117
|
-
session_cookie = double("Session")
|
|
118
|
-
|
|
119
|
-
allow(authenticator).to receive(:authenticate).with("header_token").and_return({ user: user_header, session: session_header })
|
|
120
|
-
allow(authenticator).to receive(:authenticate).with("cookie_token").and_return({ user: user_cookie, session: session_cookie })
|
|
121
|
-
|
|
122
|
-
env = Rack::MockRequest.env_for("/?token=cookie_token", "HTTP_AUTHORIZATION" => "Bearer header_token")
|
|
123
|
-
request = Rack::Request.new(env)
|
|
124
|
-
allow(request).to receive(:cookies).and_return("decision_agent_session" => "cookie_token")
|
|
125
|
-
allow(Rack::Request).to receive(:new).and_return(request)
|
|
126
|
-
|
|
127
|
-
middleware.call(env)
|
|
128
|
-
|
|
129
|
-
expect(env["decision_agent.user"]).to eq(user_header)
|
|
130
|
-
end
|
|
131
|
-
end
|
|
132
|
-
end
|
|
133
|
-
end
|
|
@@ -1,247 +0,0 @@
|
|
|
1
|
-
require "spec_helper"
|
|
2
|
-
require "rack/test"
|
|
3
|
-
require_relative "../../../lib/decision_agent/web/middleware/permission_middleware"
|
|
4
|
-
|
|
5
|
-
RSpec.describe DecisionAgent::Web::Middleware::PermissionMiddleware do
|
|
6
|
-
include Rack::Test::Methods
|
|
7
|
-
|
|
8
|
-
let(:permission_checker) { double("PermissionChecker") }
|
|
9
|
-
let(:access_audit_logger) { double("AccessAuditLogger") }
|
|
10
|
-
let(:app) { ->(_env) { [200, {}, ["OK"]] } }
|
|
11
|
-
let(:user) { double("User", id: "user1", email: "user@example.com") }
|
|
12
|
-
|
|
13
|
-
describe "#initialize" do
|
|
14
|
-
it "initializes with app and permission_checker" do
|
|
15
|
-
middleware = described_class.new(app, permission_checker: permission_checker)
|
|
16
|
-
expect(middleware.instance_variable_get(:@app)).to eq(app)
|
|
17
|
-
expect(middleware.instance_variable_get(:@permission_checker)).to eq(permission_checker)
|
|
18
|
-
expect(middleware.instance_variable_get(:@required_permission)).to be_nil
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
it "initializes with required_permission" do
|
|
22
|
-
middleware = described_class.new(app, permission_checker: permission_checker, required_permission: :write)
|
|
23
|
-
expect(middleware.instance_variable_get(:@required_permission)).to eq(:write)
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
it "initializes with access_audit_logger" do
|
|
27
|
-
middleware = described_class.new(app, permission_checker: permission_checker, access_audit_logger: access_audit_logger)
|
|
28
|
-
expect(middleware.instance_variable_get(:@access_audit_logger)).to eq(access_audit_logger)
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
|
|
32
|
-
describe "#call" do
|
|
33
|
-
context "without user" do
|
|
34
|
-
it "returns 401 when user is not authenticated" do
|
|
35
|
-
middleware = described_class.new(app, permission_checker: permission_checker)
|
|
36
|
-
env = Rack::MockRequest.env_for("/")
|
|
37
|
-
|
|
38
|
-
status, headers, body = middleware.call(env)
|
|
39
|
-
|
|
40
|
-
expect(status).to eq(401)
|
|
41
|
-
expect(headers["Content-Type"]).to include("application/json")
|
|
42
|
-
body_text = body.first
|
|
43
|
-
expect(JSON.parse(body_text)["error"]).to eq("Authentication required")
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
context "with inactive user" do
|
|
48
|
-
it "returns 403 when user is not active" do
|
|
49
|
-
middleware = described_class.new(app, permission_checker: permission_checker)
|
|
50
|
-
env = Rack::MockRequest.env_for("/")
|
|
51
|
-
env["decision_agent.user"] = user
|
|
52
|
-
|
|
53
|
-
allow(permission_checker).to receive(:active?).with(user).and_return(false)
|
|
54
|
-
|
|
55
|
-
status, _, body = middleware.call(env)
|
|
56
|
-
|
|
57
|
-
expect(status).to eq(403)
|
|
58
|
-
body_text = body.first
|
|
59
|
-
expect(JSON.parse(body_text)["error"]).to eq("User account is not active")
|
|
60
|
-
end
|
|
61
|
-
end
|
|
62
|
-
|
|
63
|
-
context "without required permission" do
|
|
64
|
-
it "calls app when no permission required" do
|
|
65
|
-
middleware = described_class.new(app, permission_checker: permission_checker)
|
|
66
|
-
env = Rack::MockRequest.env_for("/")
|
|
67
|
-
env["decision_agent.user"] = user
|
|
68
|
-
|
|
69
|
-
allow(permission_checker).to receive(:active?).with(user).and_return(true)
|
|
70
|
-
|
|
71
|
-
status, _, body = middleware.call(env)
|
|
72
|
-
|
|
73
|
-
expect(status).to eq(200)
|
|
74
|
-
expect(body.first).to eq("OK")
|
|
75
|
-
end
|
|
76
|
-
end
|
|
77
|
-
|
|
78
|
-
context "with required permission" do
|
|
79
|
-
let(:middleware) { described_class.new(app, permission_checker: permission_checker, required_permission: :write, access_audit_logger: access_audit_logger) }
|
|
80
|
-
|
|
81
|
-
before do
|
|
82
|
-
allow(permission_checker).to receive(:active?).with(user).and_return(true)
|
|
83
|
-
end
|
|
84
|
-
|
|
85
|
-
it "calls app when permission is granted" do
|
|
86
|
-
env = Rack::MockRequest.env_for("/api/rules/123")
|
|
87
|
-
env["decision_agent.user"] = user
|
|
88
|
-
|
|
89
|
-
allow(permission_checker).to receive(:can?).with(user, :write, nil).and_return(true)
|
|
90
|
-
allow(permission_checker).to receive(:user_id).with(user).and_return("user1")
|
|
91
|
-
allow(access_audit_logger).to receive(:log_permission_check)
|
|
92
|
-
|
|
93
|
-
status, _, body = middleware.call(env)
|
|
94
|
-
|
|
95
|
-
expect(status).to eq(200)
|
|
96
|
-
expect(body.first).to eq("OK")
|
|
97
|
-
end
|
|
98
|
-
|
|
99
|
-
it "returns 403 when permission is denied" do
|
|
100
|
-
env = Rack::MockRequest.env_for("/api/rules/123")
|
|
101
|
-
env["decision_agent.user"] = user
|
|
102
|
-
|
|
103
|
-
allow(permission_checker).to receive(:can?).with(user, :write, nil).and_return(false)
|
|
104
|
-
allow(permission_checker).to receive(:user_id).with(user).and_return("user1")
|
|
105
|
-
allow(access_audit_logger).to receive(:log_permission_check)
|
|
106
|
-
|
|
107
|
-
status, _, body = middleware.call(env)
|
|
108
|
-
|
|
109
|
-
expect(status).to eq(403)
|
|
110
|
-
body_text = body.first
|
|
111
|
-
expect(JSON.parse(body_text)["error"]).to eq("Permission denied: write")
|
|
112
|
-
end
|
|
113
|
-
|
|
114
|
-
it "logs permission check when access_audit_logger is provided" do
|
|
115
|
-
env = Rack::MockRequest.env_for("/api/rules/123")
|
|
116
|
-
env["decision_agent.user"] = user
|
|
117
|
-
|
|
118
|
-
allow(permission_checker).to receive(:can?).with(user, :write, nil).and_return(true)
|
|
119
|
-
allow(permission_checker).to receive(:user_id).with(user).and_return("user1")
|
|
120
|
-
allow(access_audit_logger).to receive(:log_permission_check)
|
|
121
|
-
|
|
122
|
-
middleware.call(env)
|
|
123
|
-
|
|
124
|
-
expect(access_audit_logger).to have_received(:log_permission_check).with(
|
|
125
|
-
user_id: "user1",
|
|
126
|
-
permission: :write,
|
|
127
|
-
resource_type: "rule",
|
|
128
|
-
resource_id: "123",
|
|
129
|
-
granted: true
|
|
130
|
-
)
|
|
131
|
-
end
|
|
132
|
-
|
|
133
|
-
it "does not log when access_audit_logger is not provided" do
|
|
134
|
-
middleware = described_class.new(app, permission_checker: permission_checker, required_permission: :write)
|
|
135
|
-
env = Rack::MockRequest.env_for("/api/rules/123")
|
|
136
|
-
env["decision_agent.user"] = user
|
|
137
|
-
|
|
138
|
-
allow(permission_checker).to receive(:can?).with(user, :write, nil).and_return(true)
|
|
139
|
-
|
|
140
|
-
expect { middleware.call(env) }.not_to raise_error
|
|
141
|
-
end
|
|
142
|
-
end
|
|
143
|
-
|
|
144
|
-
describe "#extract_resource_type" do
|
|
145
|
-
it "extracts resource type from path" do
|
|
146
|
-
middleware = described_class.new(app, permission_checker: permission_checker)
|
|
147
|
-
env = Rack::MockRequest.env_for("/api/rules/123")
|
|
148
|
-
env["decision_agent.user"] = user
|
|
149
|
-
|
|
150
|
-
allow(permission_checker).to receive(:active?).with(user).and_return(true)
|
|
151
|
-
|
|
152
|
-
middleware.call(env)
|
|
153
|
-
|
|
154
|
-
# Verify extraction happened (indirectly through logging)
|
|
155
|
-
expect(permission_checker).to have_received(:active?).with(user)
|
|
156
|
-
end
|
|
157
|
-
|
|
158
|
-
it "handles paths without /api/ prefix" do
|
|
159
|
-
middleware = described_class.new(app, permission_checker: permission_checker, required_permission: :read)
|
|
160
|
-
env = Rack::MockRequest.env_for("/other/path")
|
|
161
|
-
env["decision_agent.user"] = user
|
|
162
|
-
|
|
163
|
-
allow(permission_checker).to receive(:active?).with(user).and_return(true)
|
|
164
|
-
allow(permission_checker).to receive(:can?).with(user, :read, nil).and_return(true)
|
|
165
|
-
allow(permission_checker).to receive(:user_id).with(user).and_return("user1")
|
|
166
|
-
|
|
167
|
-
status, = middleware.call(env)
|
|
168
|
-
|
|
169
|
-
expect(status).to eq(200)
|
|
170
|
-
end
|
|
171
|
-
|
|
172
|
-
it "singularizes resource type (removes trailing 's')" do
|
|
173
|
-
middleware = described_class.new(app, permission_checker: permission_checker, required_permission: :read, access_audit_logger: access_audit_logger)
|
|
174
|
-
env = Rack::MockRequest.env_for("/api/rules/123")
|
|
175
|
-
env["decision_agent.user"] = user
|
|
176
|
-
|
|
177
|
-
allow(permission_checker).to receive(:active?).with(user).and_return(true)
|
|
178
|
-
allow(permission_checker).to receive(:can?).with(user, :read, nil).and_return(true)
|
|
179
|
-
allow(permission_checker).to receive(:user_id).with(user).and_return("user1")
|
|
180
|
-
allow(access_audit_logger).to receive(:log_permission_check)
|
|
181
|
-
|
|
182
|
-
middleware.call(env)
|
|
183
|
-
|
|
184
|
-
expect(access_audit_logger).to have_received(:log_permission_check).with(
|
|
185
|
-
user_id: "user1",
|
|
186
|
-
permission: :read,
|
|
187
|
-
resource_type: "rule",
|
|
188
|
-
resource_id: "123",
|
|
189
|
-
granted: true
|
|
190
|
-
)
|
|
191
|
-
end
|
|
192
|
-
end
|
|
193
|
-
|
|
194
|
-
describe "#extract_resource_id" do
|
|
195
|
-
it "extracts id from params" do
|
|
196
|
-
middleware = described_class.new(app, permission_checker: permission_checker, required_permission: :read, access_audit_logger: access_audit_logger)
|
|
197
|
-
env = Rack::MockRequest.env_for("/api/rules/123?id=456")
|
|
198
|
-
env["decision_agent.user"] = user
|
|
199
|
-
|
|
200
|
-
allow(permission_checker).to receive(:active?).with(user).and_return(true)
|
|
201
|
-
allow(permission_checker).to receive(:can?).with(user, :read, nil).and_return(true)
|
|
202
|
-
allow(permission_checker).to receive(:user_id).with(user).and_return("user1")
|
|
203
|
-
allow(access_audit_logger).to receive(:log_permission_check)
|
|
204
|
-
|
|
205
|
-
middleware.call(env)
|
|
206
|
-
|
|
207
|
-
expect(access_audit_logger).to have_received(:log_permission_check) do |args|
|
|
208
|
-
expect(args[:resource_id]).to eq("456")
|
|
209
|
-
end
|
|
210
|
-
end
|
|
211
|
-
|
|
212
|
-
it "extracts rule_id from params" do
|
|
213
|
-
middleware = described_class.new(app, permission_checker: permission_checker, required_permission: :read, access_audit_logger: access_audit_logger)
|
|
214
|
-
env = Rack::MockRequest.env_for("/api/rules?rule_id=789")
|
|
215
|
-
env["decision_agent.user"] = user
|
|
216
|
-
|
|
217
|
-
allow(permission_checker).to receive(:active?).with(user).and_return(true)
|
|
218
|
-
allow(permission_checker).to receive(:can?).with(user, :read, nil).and_return(true)
|
|
219
|
-
allow(permission_checker).to receive(:user_id).with(user).and_return("user1")
|
|
220
|
-
allow(access_audit_logger).to receive(:log_permission_check)
|
|
221
|
-
|
|
222
|
-
middleware.call(env)
|
|
223
|
-
|
|
224
|
-
expect(access_audit_logger).to have_received(:log_permission_check) do |args|
|
|
225
|
-
expect(args[:resource_id]).to eq("789")
|
|
226
|
-
end
|
|
227
|
-
end
|
|
228
|
-
|
|
229
|
-
it "extracts version_id from params" do
|
|
230
|
-
middleware = described_class.new(app, permission_checker: permission_checker, required_permission: :read, access_audit_logger: access_audit_logger)
|
|
231
|
-
env = Rack::MockRequest.env_for("/api/versions?version_id=999")
|
|
232
|
-
env["decision_agent.user"] = user
|
|
233
|
-
|
|
234
|
-
allow(permission_checker).to receive(:active?).with(user).and_return(true)
|
|
235
|
-
allow(permission_checker).to receive(:can?).with(user, :read, nil).and_return(true)
|
|
236
|
-
allow(permission_checker).to receive(:user_id).with(user).and_return("user1")
|
|
237
|
-
allow(access_audit_logger).to receive(:log_permission_check)
|
|
238
|
-
|
|
239
|
-
middleware.call(env)
|
|
240
|
-
|
|
241
|
-
expect(access_audit_logger).to have_received(:log_permission_check) do |args|
|
|
242
|
-
expect(args[:resource_id]).to eq("999")
|
|
243
|
-
end
|
|
244
|
-
end
|
|
245
|
-
end
|
|
246
|
-
end
|
|
247
|
-
end
|