forest_liana 5.3.3 → 5.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/forest_liana/resources_controller.rb +14 -17
- data/app/controllers/forest_liana/smart_actions_controller.rb +10 -5
- data/app/services/forest_liana/permissions_checker.rb +118 -56
- data/app/services/forest_liana/permissions_formatter.rb +52 -0
- data/app/services/forest_liana/permissions_getter.rb +52 -17
- data/app/services/forest_liana/scope_validator.rb +8 -7
- data/app/services/forest_liana/utils/beta_schema_utils.rb +13 -0
- data/lib/forest_liana/version.rb +1 -1
- data/spec/services/forest_liana/permissions_checker_acl_disabled_spec.rb +711 -0
- data/spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb +831 -0
- data/spec/services/forest_liana/permissions_formatter_spec.rb +222 -0
- data/spec/services/forest_liana/permissions_getter_spec.rb +82 -0
- data/spec/spec_helper.rb +3 -0
- metadata +12 -2
|
@@ -0,0 +1,222 @@
|
|
|
1
|
+
module ForestLiana
|
|
2
|
+
describe PermissionsFormatter do
|
|
3
|
+
describe '#convert_to_new_format' do
|
|
4
|
+
let(:rendering_id) { 1 }
|
|
5
|
+
let(:old_format_collection_permissions) {
|
|
6
|
+
{
|
|
7
|
+
'list'=>true,
|
|
8
|
+
'show'=>false,
|
|
9
|
+
'create'=>true,
|
|
10
|
+
'update'=>false,
|
|
11
|
+
'delete'=>true,
|
|
12
|
+
'export'=>false,
|
|
13
|
+
'searchToEdit'=>false
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
let(:old_format_action_permissions) { { 'allowed' => true, 'users' => nil } }
|
|
17
|
+
let(:old_format_scope_permissions) { nil }
|
|
18
|
+
let(:old_format_permissions) {
|
|
19
|
+
{
|
|
20
|
+
'collection_1' => {
|
|
21
|
+
'collection' => old_format_collection_permissions,
|
|
22
|
+
'actions' => {
|
|
23
|
+
'action_1' => old_format_action_permissions
|
|
24
|
+
},
|
|
25
|
+
'scope' => old_format_scope_permissions
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
|
|
30
|
+
let(:converted_permission) { described_class.convert_to_new_format(old_format_permissions, rendering_id) }
|
|
31
|
+
|
|
32
|
+
describe 'collection permissions' do
|
|
33
|
+
subject { converted_permission['collections']['collection_1']['collection'] }
|
|
34
|
+
|
|
35
|
+
let(:expected_new_collection_permissions_format) {
|
|
36
|
+
{
|
|
37
|
+
'browseEnabled'=>true,
|
|
38
|
+
'readEnabled'=>false,
|
|
39
|
+
'addEnabled'=>true,
|
|
40
|
+
'editEnabled'=>false,
|
|
41
|
+
'deleteEnabled'=>true,
|
|
42
|
+
'exportEnabled'=>false
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
it 'should convert the old format to the new one' do
|
|
47
|
+
expect(subject).to eq expected_new_collection_permissions_format
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
describe 'with searchToEdit true and list false' do
|
|
51
|
+
let(:old_format_collection_permissions) {
|
|
52
|
+
{
|
|
53
|
+
'list'=>false,
|
|
54
|
+
'show'=>false,
|
|
55
|
+
'create'=>false,
|
|
56
|
+
'update'=>false,
|
|
57
|
+
'delete'=>false,
|
|
58
|
+
'export'=>false,
|
|
59
|
+
'searchToEdit'=>true
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
let(:expected_new_collection_permissions_format) {
|
|
64
|
+
{
|
|
65
|
+
'browseEnabled'=>true,
|
|
66
|
+
'readEnabled'=>false,
|
|
67
|
+
'addEnabled'=>false,
|
|
68
|
+
'editEnabled'=>false,
|
|
69
|
+
'deleteEnabled'=>false,
|
|
70
|
+
'exportEnabled'=>false
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
it 'should convert the old format to the new one with browseEnabled at true' do
|
|
75
|
+
expect(subject).to eq expected_new_collection_permissions_format
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
describe 'with searchToEdit false and list true' do
|
|
80
|
+
let(:old_format_collection_permissions) {
|
|
81
|
+
{
|
|
82
|
+
'list'=>true,
|
|
83
|
+
'show'=>false,
|
|
84
|
+
'create'=>false,
|
|
85
|
+
'update'=>false,
|
|
86
|
+
'delete'=>false,
|
|
87
|
+
'export'=>false,
|
|
88
|
+
'searchToEdit'=>false
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
|
|
92
|
+
let(:expected_new_collection_permissions_format) {
|
|
93
|
+
{
|
|
94
|
+
'browseEnabled'=>true,
|
|
95
|
+
'readEnabled'=>false,
|
|
96
|
+
'addEnabled'=>false,
|
|
97
|
+
'editEnabled'=>false,
|
|
98
|
+
'deleteEnabled'=>false,
|
|
99
|
+
'exportEnabled'=>false
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
|
|
103
|
+
it 'should convert the old format to the new one with browseEnabled at true' do
|
|
104
|
+
expect(subject).to eq expected_new_collection_permissions_format
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
describe 'with searchToEdit false and list false' do
|
|
109
|
+
let(:old_format_collection_permissions) {
|
|
110
|
+
{
|
|
111
|
+
'list'=>false,
|
|
112
|
+
'show'=>false,
|
|
113
|
+
'create'=>false,
|
|
114
|
+
'update'=>false,
|
|
115
|
+
'delete'=>false,
|
|
116
|
+
'export'=>false,
|
|
117
|
+
'searchToEdit'=>false
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
let(:expected_new_collection_permissions_format) {
|
|
122
|
+
{
|
|
123
|
+
'browseEnabled'=>false,
|
|
124
|
+
'readEnabled'=>false,
|
|
125
|
+
'addEnabled'=>false,
|
|
126
|
+
'editEnabled'=>false,
|
|
127
|
+
'deleteEnabled'=>false,
|
|
128
|
+
'exportEnabled'=>false
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
it 'should convert the old format to the new one with browseEnabled at false' do
|
|
133
|
+
expect(subject).to eq expected_new_collection_permissions_format
|
|
134
|
+
end
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
describe 'action permissions' do
|
|
139
|
+
subject { converted_permission['collections']['collection_1']['actions']['action_1'] }
|
|
140
|
+
|
|
141
|
+
context 'when allowed is true' do
|
|
142
|
+
context 'when users is nil' do
|
|
143
|
+
let(:old_format_action_permissions) { { 'allowed' => true, 'users' => nil } }
|
|
144
|
+
let(:expected_new_action_permissions_format) { { 'triggerEnabled' => true } }
|
|
145
|
+
|
|
146
|
+
it 'expected action permission triggerEnabled field should be true' do
|
|
147
|
+
expect(subject).to eq expected_new_action_permissions_format
|
|
148
|
+
end
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
context 'when users is an empty array' do
|
|
152
|
+
let(:old_format_action_permissions) { { 'allowed' => true, 'users' => [] } }
|
|
153
|
+
let(:expected_new_action_permissions_format) { { 'triggerEnabled' => [] } }
|
|
154
|
+
|
|
155
|
+
it 'expected action permission triggerEnabled field should be an empty array' do
|
|
156
|
+
expect(subject).to eq expected_new_action_permissions_format
|
|
157
|
+
end
|
|
158
|
+
end
|
|
159
|
+
|
|
160
|
+
context 'when users is NOT an empty array' do
|
|
161
|
+
let(:old_format_action_permissions) { { 'allowed' => true, 'users' => [2, 3] } }
|
|
162
|
+
let(:expected_new_action_permissions_format) { { 'triggerEnabled' => [2, 3] } }
|
|
163
|
+
|
|
164
|
+
it 'expected action permission triggerEnabled field should be equal to the users array' do
|
|
165
|
+
expect(subject).to eq expected_new_action_permissions_format
|
|
166
|
+
end
|
|
167
|
+
end
|
|
168
|
+
end
|
|
169
|
+
|
|
170
|
+
context 'when allowed is false' do
|
|
171
|
+
context 'when users is nil' do
|
|
172
|
+
let(:old_format_action_permissions) { { 'allowed' => false, 'users' => nil } }
|
|
173
|
+
let(:expected_new_action_permissions_format) { { 'triggerEnabled' => false } }
|
|
174
|
+
|
|
175
|
+
it 'expected action permission triggerEnabled field should be false' do
|
|
176
|
+
expect(subject).to eq expected_new_action_permissions_format
|
|
177
|
+
end
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
context 'when users is an empty array' do
|
|
181
|
+
let(:old_format_action_permissions) { { 'allowed' => false, 'users' => [] } }
|
|
182
|
+
let(:expected_new_action_permissions_format) { { 'triggerEnabled' => false } }
|
|
183
|
+
|
|
184
|
+
it 'expected action permission triggerEnabled field should be false' do
|
|
185
|
+
expect(subject).to eq expected_new_action_permissions_format
|
|
186
|
+
end
|
|
187
|
+
end
|
|
188
|
+
|
|
189
|
+
context 'when users is NOT an empty array' do
|
|
190
|
+
let(:old_format_action_permissions) { { 'allowed' => false, 'users' => [2, 3] } }
|
|
191
|
+
let(:expected_new_action_permissions_format) { { 'triggerEnabled' => false } }
|
|
192
|
+
|
|
193
|
+
it 'expected action permission triggerEnabled field should be false' do
|
|
194
|
+
expect(subject).to eq expected_new_action_permissions_format
|
|
195
|
+
end
|
|
196
|
+
end
|
|
197
|
+
end
|
|
198
|
+
end
|
|
199
|
+
|
|
200
|
+
describe 'scope permissions' do
|
|
201
|
+
subject { converted_permission['renderings'][rendering_id]['collection_1']['scope'] }
|
|
202
|
+
let(:expected_new_format_permissions) { old_format_scope_permissions }
|
|
203
|
+
|
|
204
|
+
context 'when scope permissions are set' do
|
|
205
|
+
let(:old_format_scope_permissions) { { 'dynamicScopesValues' => {}, 'filter' => { 'aggregator' => 'and', 'conditions' => [{ 'field' => 'field_1', 'operator' => 'equal', 'value' => true }] } } }
|
|
206
|
+
|
|
207
|
+
it 'expected scope permissions should be set' do
|
|
208
|
+
expect(subject).to eq expected_new_format_permissions
|
|
209
|
+
end
|
|
210
|
+
end
|
|
211
|
+
|
|
212
|
+
context 'when scope permissions are nil' do
|
|
213
|
+
let(:old_format_scope_permissions) { nil }
|
|
214
|
+
|
|
215
|
+
it 'expected scope permissions should be nil' do
|
|
216
|
+
expect(subject).to eq expected_new_format_permissions
|
|
217
|
+
end
|
|
218
|
+
end
|
|
219
|
+
end
|
|
220
|
+
end
|
|
221
|
+
end
|
|
222
|
+
end
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
module ForestLiana
|
|
2
|
+
describe PermissionsGetter do
|
|
3
|
+
describe '#get_permissions_api_route' do
|
|
4
|
+
it 'should respond with the v3 permissions route' do
|
|
5
|
+
expect(described_class.get_permissions_api_route).to eq '/liana/v3/permissions'
|
|
6
|
+
end
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
describe '#get_permissions_for_rendering' do
|
|
10
|
+
let(:rendering_id) { 34 }
|
|
11
|
+
let(:liana_permissions_url) { 'https://api.forestadmin.com/liana/v3/permissions' }
|
|
12
|
+
let(:liana_permissions_api_call_response) { instance_double(HTTParty::Response) }
|
|
13
|
+
let(:expected_request_parameters) {
|
|
14
|
+
{
|
|
15
|
+
:headers => {
|
|
16
|
+
"Content-Type" => "application/json",
|
|
17
|
+
"forest-secret-key" => "env_secret_test"
|
|
18
|
+
},
|
|
19
|
+
:query => expected_query_parameters
|
|
20
|
+
}
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
before do
|
|
24
|
+
allow(HTTParty).to receive(:get).and_return(liana_permissions_api_call_response)
|
|
25
|
+
allow(liana_permissions_api_call_response).to receive(:response).and_return(liana_permissions_api_call_response_content)
|
|
26
|
+
allow(liana_permissions_api_call_response_content).to receive(:body).and_return(liana_permissions_api_call_response_content_body)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
describe 'when the API returns a success' do
|
|
30
|
+
let(:liana_permissions_api_call_response_content) { Net::HTTPOK.new({}, 200, liana_permissions_api_call_response_content_body) }
|
|
31
|
+
let(:liana_permissions_api_call_response_content_body) { '{"test": true}' }
|
|
32
|
+
let(:expected_parsed_result) { { "test" => true } }
|
|
33
|
+
|
|
34
|
+
describe 'when NOT calling for rendering specific only' do
|
|
35
|
+
let(:expected_query_parameters) { { "renderingId" => rendering_id } }
|
|
36
|
+
|
|
37
|
+
it 'should call the API with correct URL' do
|
|
38
|
+
described_class.get_permissions_for_rendering(rendering_id)
|
|
39
|
+
expect(HTTParty).to have_received(:get).with(liana_permissions_url, expected_request_parameters)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
it 'should return the expected JSON body' do
|
|
43
|
+
expect(described_class.get_permissions_for_rendering(rendering_id)).to eq expected_parsed_result
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
describe 'when calling for rendering specific only' do
|
|
48
|
+
let(:expected_query_parameters) { { "renderingId" => rendering_id, 'renderingSpecificOnly' => true } }
|
|
49
|
+
|
|
50
|
+
it 'should call the API with correct URL and parameters' do
|
|
51
|
+
described_class.get_permissions_for_rendering(rendering_id, rendering_specific_only: true)
|
|
52
|
+
expect(HTTParty).to have_received(:get).with(liana_permissions_url, expected_request_parameters)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
it 'should return the expected JSON body' do
|
|
56
|
+
expect(described_class.get_permissions_for_rendering(rendering_id, rendering_specific_only: true)).to eq expected_parsed_result
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
describe 'when the API returns a not found error' do
|
|
62
|
+
let(:liana_permissions_api_call_response_content) { Net::HTTPNotFound.new({}, 404, liana_permissions_api_call_response_content_body) }
|
|
63
|
+
let(:liana_permissions_api_call_response_content_body) { 'Not Found' }
|
|
64
|
+
|
|
65
|
+
before do
|
|
66
|
+
allow(FOREST_LOGGER).to receive(:error)
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
it 'should return nil' do
|
|
70
|
+
expect(described_class.get_permissions_for_rendering(rendering_id)).to eq nil
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
it 'should log the not found error' do
|
|
74
|
+
described_class.get_permissions_for_rendering(rendering_id)
|
|
75
|
+
expect(FOREST_LOGGER).to have_received(:error).with('Cannot retrieve the permissions from the Forest server.')
|
|
76
|
+
expect(FOREST_LOGGER).to have_received(:error).with('Which was caused by:')
|
|
77
|
+
expect(FOREST_LOGGER).to have_received(:error).with(' Forest API returned an HTTP error 404')
|
|
78
|
+
end
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
require 'simplecov'
|
|
2
|
+
SimpleCov.start 'rails'
|
|
3
|
+
|
|
1
4
|
# This file was generated by the `rails generate rspec:install` command. Conventionally, all
|
|
2
5
|
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
|
|
3
6
|
# The generated `.rspec` file contains `--require spec_helper` which will cause
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: forest_liana
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 5.
|
|
4
|
+
version: 5.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sandro Munda
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-12-
|
|
11
|
+
date: 2020-12-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -255,6 +255,7 @@ files:
|
|
|
255
255
|
- app/services/forest_liana/objective_stat_getter.rb
|
|
256
256
|
- app/services/forest_liana/operator_date_interval_parser.rb
|
|
257
257
|
- app/services/forest_liana/permissions_checker.rb
|
|
258
|
+
- app/services/forest_liana/permissions_formatter.rb
|
|
258
259
|
- app/services/forest_liana/permissions_getter.rb
|
|
259
260
|
- app/services/forest_liana/pie_stat_getter.rb
|
|
260
261
|
- app/services/forest_liana/query_stat_getter.rb
|
|
@@ -279,6 +280,7 @@ files:
|
|
|
279
280
|
- app/services/forest_liana/stripe_subscriptions_getter.rb
|
|
280
281
|
- app/services/forest_liana/two_factor_registration_confirmer.rb
|
|
281
282
|
- app/services/forest_liana/user_secret_creator.rb
|
|
283
|
+
- app/services/forest_liana/utils/beta_schema_utils.rb
|
|
282
284
|
- app/services/forest_liana/value_stat_getter.rb
|
|
283
285
|
- app/views/layouts/forest_liana/application.html.erb
|
|
284
286
|
- config/initializers/arel-helpers.rb
|
|
@@ -347,6 +349,10 @@ files:
|
|
|
347
349
|
- spec/services/forest_liana/apimap_sorter_spec.rb
|
|
348
350
|
- spec/services/forest_liana/filters_parser_spec.rb
|
|
349
351
|
- spec/services/forest_liana/ip_whitelist_checker_spec.rb
|
|
352
|
+
- spec/services/forest_liana/permissions_checker_acl_disabled_spec.rb
|
|
353
|
+
- spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb
|
|
354
|
+
- spec/services/forest_liana/permissions_formatter_spec.rb
|
|
355
|
+
- spec/services/forest_liana/permissions_getter_spec.rb
|
|
350
356
|
- spec/services/forest_liana/schema_adapter_spec.rb
|
|
351
357
|
- spec/spec_helper.rb
|
|
352
358
|
- test/dummy/README.rdoc
|
|
@@ -555,10 +561,14 @@ test_files:
|
|
|
555
561
|
- test/dummy/config/database.yml
|
|
556
562
|
- test/forest_liana_test.rb
|
|
557
563
|
- test/routing/route_test.rb
|
|
564
|
+
- spec/services/forest_liana/permissions_formatter_spec.rb
|
|
565
|
+
- spec/services/forest_liana/permissions_checker_acl_disabled_spec.rb
|
|
558
566
|
- spec/services/forest_liana/ip_whitelist_checker_spec.rb
|
|
567
|
+
- spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb
|
|
559
568
|
- spec/services/forest_liana/schema_adapter_spec.rb
|
|
560
569
|
- spec/services/forest_liana/apimap_sorter_spec.rb
|
|
561
570
|
- spec/services/forest_liana/filters_parser_spec.rb
|
|
571
|
+
- spec/services/forest_liana/permissions_getter_spec.rb
|
|
562
572
|
- spec/spec_helper.rb
|
|
563
573
|
- spec/requests/actions_controller_spec.rb
|
|
564
574
|
- spec/requests/resources_spec.rb
|