RubyGems - declarative_authorization - Versions diffs - 0.5.1 → 0.5.2 - Mend

declarative_authorization 0.5.1 → 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

data/CHANGELOG +4 -0
data/README.rdoc +24 -4
data/config/routes.rb +19 -9
data/lib/declarative_authorization/authorization.rb +15 -6
data/lib/declarative_authorization/in_controller.rb +2 -0
data/test/authorization_test.rb +20 -0
data/test/controller_test.rb +15 -0
data/test/model_test.rb +46 -0
data/test/test_helper.rb +1 -1
metadata +4 -4

data/CHANGELOG CHANGED Viewed

@@ -1,3 +1,7 @@
+** RELEASE 0.5.2 (Dec 31, 2010) **
+* Bugfixes and documentation updates
 ** RELEASE 0.5.1 (Sep 12, 2010) **
 ** RELEASE 0.5 (July 21, 2010) **

data/README.rdoc CHANGED Viewed

@@ -332,6 +332,12 @@ In your test_helper.rb, to enable the helpers add
       ...
     end
+For using the test helpers with RSpec, just add the following lines to your
+spec_helper.rb (somewhere after require 'spec/rails'):
+    require 'declarative_authorization/maintenance'
+    include Authorization::TestHelper
 Now, in unit tests, you may deactivate authorization if needed e.g. for test
 setup and assume certain identities for tests:
@@ -347,6 +353,19 @@ setup and assume certain identities for tests:
         end
       end
     end
+Or, with RSpec, it would work like this:
+  describe Employee do
+    it "should read" do
+      without_access_control do
+        Employee.create(...)
+      end
+      with_user(admin) do
+        Employee.find(:first)
+      end
+    end
+  end
 In functional tests, get, posts, etc. may be tested in the name of certain users:
@@ -491,10 +510,11 @@ sbartsch at tzi.org
 = Contributors
-Thanks to John Joseph Bachir, Eike Carls, Kai Chen, Erik Dahlstrand, Jeroen van Dijk,
-Alexander Dobriakov, Sebastian Dyck, Ari Epstein, Jeremy Friesen, Tim Harper, hollownest,
-Daniel Kristensen, Brian Langenfeld, Georg Ledermann, Geoff Longman, Olly Lylo, Mark Mansour,
-Thomas Maurer, TJ Singleton, Mike Vincent
+Thanks to John Joseph Bachir, Eike Carls, Dennis Blöte, Kai Chen, Erik Dahlstrand,
+Jeroen van Dijk, Alexander Dobriakov, Sebastian Dyck, Ari Epstein, Jeremy Friesen,
+Tim Harper, hollownest, Daniel Kristensen, Brad Langhorst, Brian Langenfeld,
+Georg Ledermann, Geoff Longman, Olly Lylo, Mark Mansour, Thomas Maurer, Sharagoz,
+TJ Singleton, Mike Vincent
 = Licence

data/config/routes.rb CHANGED Viewed

@@ -1,10 +1,20 @@
-# Rails 3 depreciates ActionController::Routing::Routes
-routes = (Rails.respond_to?(:application) ? Rails.application.routes : ActionController::Routing::Routes)
-routes.draw do |map|
-  if Authorization::activate_authorization_rules_browser?
-    map.resources :authorization_rules, :only => [:index],
-        :collection => {:graph => :get, :change => :get, :suggest_change => :get}
-    map.resources :authorization_usages, :only => :index
+if Authorization::activate_authorization_rules_browser?
+  if Rails.respond_to?(:application)
+    Rails.application.routes.draw do
+      resources :authorization_rules, :only => [:index] do
+          collection do
+            get :graph
+            get :change
+            get :suggest_change
+          end
+      end
+      resources :authorization_usages, :only => :index
+    end
+  else
+    ActionController::Routing::Routes.draw do |map|
+      map.resources :authorization_rules, :only => [:index],
+          :collection => {:graph => :get, :change => :get, :suggest_change => :get}
+      map.resources :authorization_usages, :only => :index
+    end
   end
-end
+end

data/lib/declarative_authorization/authorization.rb CHANGED Viewed

@@ -296,7 +296,7 @@ module Authorization
     def flatten_roles (roles)
       # TODO caching?
-      flattened_roles = roles.clone.to_a
+      flattened_roles = roles.dup.to_a
       flattened_roles.each do |role|
         flattened_roles.concat(@role_hierarchy[role]).uniq! if @role_hierarchy[role]
       end
@@ -373,18 +373,27 @@ module Authorization
           exceptions << e
           nil
         end
-      end.flatten.compact
+      end
       if exceptions.length > 0 and (@join_operator == :and or exceptions.length == @attributes.length)
         raise NotAuthorized, "Missing authorization in collecting obligations: #{exceptions.map(&:to_s) * ", "}"
       end
       if @join_operator == :and and !obligations.empty?
-        merged_obligation = obligations.first
-        obligations[1..-1].each do |obligation|
-          merged_obligation = merged_obligation.deep_merge(obligation)
+        # cross product of OR'ed obligations in arrays
+        arrayed_obligations = obligations.map {|obligation| obligation.is_a?(Hash) ? [obligation] : obligation}
+        merged_obligations = arrayed_obligations.first
+        arrayed_obligations[1..-1].each do |inner_obligations|
+          previous_merged_obligations = merged_obligations
+          merged_obligations = inner_obligations.collect do |inner_obligation|
+            previous_merged_obligations.collect do |merged_obligation|
+              merged_obligation.deep_merge(inner_obligation)
+            end
+          end.flatten
         end
-        obligations = [merged_obligation]
+        obligations = merged_obligations
+      else
+        obligations = obligations.flatten.compact
       end
       obligations.empty? ? [{}] : obligations
     end

data/lib/declarative_authorization/in_controller.rb CHANGED Viewed

@@ -274,6 +274,8 @@ module Authorization
         context = options[:context]
         actions = args.flatten
+        # prevent setting filter_access_filter multiple times
+        skip_before_filter :filter_access_filter
         before_filter :filter_access_filter
         filter_access_permissions.each do |perm|

data/test/authorization_test.rb CHANGED Viewed

@@ -69,6 +69,26 @@ class AuthorizationTest < Test::Unit::TestCase
     assert  engine.permit?(:test, :context => :permissions_4, :user => MockUser.new(:test_role))
     assert  engine.permit?(:test, :context => :permissions_5, :user => MockUser.new(:test_role))
   end
+  def test_permit_with_frozen_roles
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :other_role do
+          includes :test_role
+        end
+        role :test_role do
+          has_permission_on :permissions, :to => :test
+        end
+      end
+    }
+    engine = Authorization::Engine.new(reader)
+    roles = [:other_role].freeze
+    assert_nothing_raised do
+      assert engine.permit?(:test, :context => :permissions,
+        :user => MockUser.new(:role_symbols => roles))
+    end
+  end
   def test_obligations_without_conditions
     reader = Authorization::Reader::DSLReader.new

data/test/controller_test.rb CHANGED Viewed

@@ -198,6 +198,7 @@ end
 ##################
 class LoadMockObjectsController < MocksController
+  before_filter { @@load_method_call_count = 0 }
   filter_access_to :show, :attribute_check => true, :model => LoadMockObject
   filter_access_to :edit, :attribute_check => true
   filter_access_to :update, :delete, :attribute_check => true,
@@ -207,9 +208,18 @@ class LoadMockObjectsController < MocksController
   end
   filter_access_to :view, :attribute_check => true, :load_method => :load_method
   def load_method
+    self.class.load_method_called
     MockDataObject.new(:test => 2)
   end
   define_action_methods :show, :edit, :update, :delete, :create, :view
+  def self.load_method_called
+    @@load_method_call_count ||= 0
+    @@load_method_call_count += 1
+  end
+  def self.load_method_call_count
+    @@load_method_call_count || 0
+  end
 end
 class LoadObjectControllerTest < ActionController::TestCase
   tests LoadMockObjectsController
@@ -287,7 +297,12 @@ class LoadObjectControllerTest < ActionController::TestCase
     request!(MockUser.new(:test_role), "view", reader)
     assert @controller.authorized?
+    assert_equal 1, @controller.class.load_method_call_count
+    request!(MockUser.new(:test_role_2), "view", reader)
+    assert !@controller.authorized?
+    assert_equal 1, @controller.class.load_method_call_count
     request!(MockUser.new(:test_role), "update", reader)
     assert @controller.authorized?
   end

data/test/model_test.rb CHANGED Viewed

@@ -1099,6 +1099,52 @@ class NamedScopeModelTest < Test::Unit::TestCase
     TestAttr.delete_all
   end
+  def test_with_anded_if_permitted_to
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :base_role do
+          has_permission_on :test_attrs, :to => :read, :join_by => :and do
+            if_permitted_to :read, :test_model
+            if_attribute :attr => 1
+          end
+        end
+        role :first_role do
+          includes :base_role
+          has_permission_on :test_models, :to => :read do
+            if_attribute :content => "first test"
+          end
+        end
+        role :second_role do
+          includes :base_role
+          has_permission_on :test_models, :to => :read do
+            if_attribute :country_id => 2
+          end
+        end
+      end
+    }
+    Authorization::Engine.instance(reader)
+    test_model_1 = TestModel.create!(:content => "first test")
+    test_model_1.test_attrs.create!(:attr => 1)
+    test_model_for_second_role = TestModel.create!(:country_id => 2)
+    test_model_for_second_role.test_attrs.create!(:attr => 1)
+    test_model_for_second_role.test_attrs.create!(:attr => 2)
+    user = MockUser.new(:first_role)
+    assert Authorization::Engine.instance.permit?(:read, :object => test_model_1.test_attrs.first, :user => user)
+    assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
+    user_with_both_roles = MockUser.new(:first_role, :second_role)
+    assert Authorization::Engine.instance.permit?(:read, :object => test_model_1.test_attrs.first, :user => user_with_both_roles)
+    assert Authorization::Engine.instance.permit?(:read, :object => test_model_for_second_role.test_attrs.first, :user => user_with_both_roles)
+    #p Authorization::Engine.instance.obligations(:read, :user => user_with_both_roles, :context => :test_attrs)
+    assert_equal 2, TestAttr.with_permissions_to(:read, :user => user_with_both_roles).length
+    TestModel.delete_all
+    TestAttr.delete_all
+  end
   def test_with_if_permitted_to_with_no_child_permissions
     reader = Authorization::Reader::DSLReader.new
     reader.parse %{

data/test/test_helper.rb CHANGED Viewed

@@ -70,7 +70,7 @@ end
 class MockUser < MockDataObject
   def initialize (*roles)
     options = roles.last.is_a?(::Hash) ? roles.pop : {}
-    super(options.merge(:role_symbols => roles, :login => hash))
+    super({:role_symbols => roles, :login => hash}.merge(options))
   end
   def initialize_copy (other)

metadata CHANGED Viewed

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments:
   - 0
   - 5
-  - 1
-  version: 0.5.1
+  - 2
+  version: 0.5.2
 platform: ruby
 authors:
 - Steffen Bartsch
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-09-12 00:00:00 +02:00
+date: 2010-12-31 00:00:00 +01:00
 default_executable:
 dependencies: []
@@ -102,6 +102,6 @@ rubyforge_project:
 rubygems_version: 1.3.6
 signing_key:
 specification_version: 3
-summary: declarative_authorization is a Rails plugin for authorization based on readable authorization rules.
+summary: declarative_authorization is a Rails plugin for maintainable authorization based on readable authorization rules.
 test_files: []