forest_liana 7.6.13 → 7.6.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/app/controllers/forest_liana/resources_controller.rb +8 -8
- data/app/controllers/forest_liana/smart_actions_controller.rb +1 -1
- data/app/controllers/forest_liana/stats_controller.rb +1 -1
- data/app/services/forest_liana/permissions_checker.rb +7 -5
- data/app/services/forest_liana/token.rb +2 -1
- data/lib/forest_liana/version.rb +1 -1
- data/spec/requests/actions_controller_spec.rb +2 -1
- data/spec/requests/count_spec.rb +2 -1
- data/spec/requests/resources_spec.rb +2 -1
- data/spec/requests/stats_spec.rb +5 -4
- data/spec/services/forest_liana/permissions_checker_acl_disabled_spec.rb +28 -28
- data/spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb +37 -37
- data/spec/services/forest_liana/permissions_checker_live_queries_spec.rb +53 -9
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4c0be19be3d243bda2e6ed0a9b926c6e1f1b24b7ab44187698d7fa08bdd8cfbb
|
|
4
|
+
data.tar.gz: cd4076fa6837e825d545ccc0995dfef7a2326c652ab659ff615f582069b59c12
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 0c34125014fb5025c6d9bfbe4c1fc4076d876ca2a436671743c5c529ac8b8c9cbb9add104ad03f01142a31ae17c0a04f3c9e76b73b1eb4785dfe01d4cbb1d3c2
|
|
7
|
+
data.tar.gz: d189bf3ccd299236868d97c8fc32464c9c22f095c1c0a1c5f28c990b2690f63fe6f9c25f45c374b510849f3246dcd4e572b110194e0ca2ce0cc60e209d511133
|
|
@@ -16,14 +16,14 @@ module ForestLiana
|
|
|
16
16
|
def index
|
|
17
17
|
begin
|
|
18
18
|
if request.format == 'csv'
|
|
19
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, 'exportEnabled', @rendering_id,
|
|
19
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'exportEnabled', @rendering_id, user: forest_user)
|
|
20
20
|
return head :forbidden unless checker.is_authorized?
|
|
21
21
|
else
|
|
22
22
|
checker = ForestLiana::PermissionsChecker.new(
|
|
23
23
|
@resource,
|
|
24
24
|
'browseEnabled',
|
|
25
25
|
@rendering_id,
|
|
26
|
-
|
|
26
|
+
user: forest_user,
|
|
27
27
|
collection_list_parameters: get_collection_list_permission_info(forest_user, request)
|
|
28
28
|
)
|
|
29
29
|
return head :forbidden unless checker.is_authorized?
|
|
@@ -60,7 +60,7 @@ module ForestLiana
|
|
|
60
60
|
@resource,
|
|
61
61
|
'browseEnabled',
|
|
62
62
|
@rendering_id,
|
|
63
|
-
|
|
63
|
+
user: forest_user,
|
|
64
64
|
collection_list_parameters: get_collection_list_permission_info(forest_user, request)
|
|
65
65
|
)
|
|
66
66
|
return head :forbidden unless checker.is_authorized?
|
|
@@ -89,7 +89,7 @@ module ForestLiana
|
|
|
89
89
|
|
|
90
90
|
def show
|
|
91
91
|
begin
|
|
92
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, 'readEnabled', @rendering_id,
|
|
92
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'readEnabled', @rendering_id, user: forest_user)
|
|
93
93
|
return head :forbidden unless checker.is_authorized?
|
|
94
94
|
|
|
95
95
|
getter = ForestLiana::ResourceGetter.new(@resource, params, forest_user)
|
|
@@ -107,7 +107,7 @@ module ForestLiana
|
|
|
107
107
|
|
|
108
108
|
def create
|
|
109
109
|
begin
|
|
110
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, 'addEnabled', @rendering_id,
|
|
110
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'addEnabled', @rendering_id, user: forest_user)
|
|
111
111
|
return head :forbidden unless checker.is_authorized?
|
|
112
112
|
|
|
113
113
|
creator = ForestLiana::ResourceCreator.new(@resource, params)
|
|
@@ -131,7 +131,7 @@ module ForestLiana
|
|
|
131
131
|
|
|
132
132
|
def update
|
|
133
133
|
begin
|
|
134
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, 'editEnabled', @rendering_id,
|
|
134
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'editEnabled', @rendering_id, user: forest_user)
|
|
135
135
|
return head :forbidden unless checker.is_authorized?
|
|
136
136
|
|
|
137
137
|
updater = ForestLiana::ResourceUpdater.new(@resource, params, forest_user)
|
|
@@ -154,7 +154,7 @@ module ForestLiana
|
|
|
154
154
|
end
|
|
155
155
|
|
|
156
156
|
def destroy
|
|
157
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id,
|
|
157
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user: forest_user)
|
|
158
158
|
return head :forbidden unless checker.is_authorized?
|
|
159
159
|
|
|
160
160
|
collection_name = ForestLiana.name_for(@resource)
|
|
@@ -174,7 +174,7 @@ module ForestLiana
|
|
|
174
174
|
end
|
|
175
175
|
|
|
176
176
|
def destroy_bulk
|
|
177
|
-
checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id,
|
|
177
|
+
checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user: forest_user)
|
|
178
178
|
return head :forbidden unless checker.is_authorized?
|
|
179
179
|
|
|
180
180
|
ids = ForestLiana::ResourcesGetter.get_ids_from_request(params, forest_user)
|
|
@@ -63,7 +63,7 @@ module ForestLiana
|
|
|
63
63
|
find_resource(smart_action_request[:collection_name]),
|
|
64
64
|
'actions',
|
|
65
65
|
@rendering_id,
|
|
66
|
-
|
|
66
|
+
user: forest_user,
|
|
67
67
|
smart_action_request_info: get_smart_action_request_info
|
|
68
68
|
)
|
|
69
69
|
return head :forbidden unless checker.is_authorized?
|
|
@@ -6,12 +6,14 @@ module ForestLiana
|
|
|
6
6
|
|
|
7
7
|
@@expiration_in_seconds = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 3600).to_i
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
ALLOWED_PERMISSION_LEVELS = %w[admin editor developer]
|
|
10
|
+
|
|
11
|
+
def initialize(resource, permission_name, rendering_id, user: nil, smart_action_request_info: nil, collection_list_parameters: Hash.new, query_request_info: nil)
|
|
10
12
|
@collection_name = resource.present? ? ForestLiana.name_for(resource) : nil
|
|
11
13
|
@permission_name = permission_name
|
|
12
14
|
@rendering_id = rendering_id
|
|
13
15
|
|
|
14
|
-
@
|
|
16
|
+
@user = user
|
|
15
17
|
@smart_action_request_info = smart_action_request_info
|
|
16
18
|
@collection_list_parameters = collection_list_parameters
|
|
17
19
|
@query_request_info = query_request_info
|
|
@@ -56,9 +58,9 @@ module ForestLiana
|
|
|
56
58
|
|
|
57
59
|
# NOTICE: check liveQueries permissions
|
|
58
60
|
if @permission_name === 'liveQueries'
|
|
59
|
-
return live_query_allowed?
|
|
61
|
+
return ALLOWED_PERMISSION_LEVELS.include?(@user['permission_level']) || live_query_allowed?
|
|
60
62
|
elsif @permission_name === 'statWithParameters'
|
|
61
|
-
return stat_with_parameters_allowed?
|
|
63
|
+
return ALLOWED_PERMISSION_LEVELS.include?(@user['permission_level']) || stat_with_parameters_allowed?
|
|
62
64
|
end
|
|
63
65
|
|
|
64
66
|
if permissions && permissions[@collection_name] &&
|
|
@@ -146,7 +148,7 @@ module ForestLiana
|
|
|
146
148
|
def is_user_allowed(permission_value)
|
|
147
149
|
return false if permission_value.nil?
|
|
148
150
|
return permission_value if permission_value.in? [true, false]
|
|
149
|
-
permission_value.include?(@
|
|
151
|
+
permission_value.include?(@user['id'].to_i)
|
|
150
152
|
end
|
|
151
153
|
|
|
152
154
|
def smart_action_allowed?(smart_actions_permissions)
|
|
@@ -22,7 +22,8 @@ module ForestLiana
|
|
|
22
22
|
role: user['role'],
|
|
23
23
|
tags: user['tags'],
|
|
24
24
|
rendering_id: rendering_id,
|
|
25
|
-
exp: expiration_in_seconds()
|
|
25
|
+
exp: expiration_in_seconds(),
|
|
26
|
+
permission_level: user['permission_level'],
|
|
26
27
|
}, ForestLiana.auth_secret, 'HS256')
|
|
27
28
|
end
|
|
28
29
|
end
|
data/lib/forest_liana/version.rb
CHANGED
|
@@ -25,7 +25,8 @@ describe 'Requesting Actions routes', :type => :request do
|
|
|
25
25
|
last_name: 'Kelso',
|
|
26
26
|
team: 'Operations',
|
|
27
27
|
rendering_id: rendering_id,
|
|
28
|
-
exp: Time.now.to_i + 2.weeks.to_i
|
|
28
|
+
exp: Time.now.to_i + 2.weeks.to_i,
|
|
29
|
+
permission_level: 'admin'
|
|
29
30
|
}, ForestLiana.auth_secret, 'HS256')
|
|
30
31
|
}
|
|
31
32
|
|
data/spec/requests/count_spec.rb
CHANGED
|
@@ -29,7 +29,8 @@ describe 'Requesting Owner', :type => :request do
|
|
|
29
29
|
last_name: 'Kelso',
|
|
30
30
|
team: 'Operations',
|
|
31
31
|
rendering_id: 16,
|
|
32
|
-
exp: Time.now.to_i + 2.weeks.to_i
|
|
32
|
+
exp: Time.now.to_i + 2.weeks.to_i,
|
|
33
|
+
permission_level: 'admin'
|
|
33
34
|
}, ForestLiana.auth_secret, 'HS256')
|
|
34
35
|
|
|
35
36
|
headers = {
|
|
@@ -28,7 +28,8 @@ describe 'Requesting Tree resources', :type => :request do
|
|
|
28
28
|
last_name: 'Kelso',
|
|
29
29
|
team: 'Operations',
|
|
30
30
|
rendering_id: 16,
|
|
31
|
-
exp: Time.now.to_i + 2.weeks.to_i
|
|
31
|
+
exp: Time.now.to_i + 2.weeks.to_i,
|
|
32
|
+
permission_level: 'admin'
|
|
32
33
|
}, ForestLiana.auth_secret, 'HS256')
|
|
33
34
|
|
|
34
35
|
headers = {
|
data/spec/requests/stats_spec.rb
CHANGED
|
@@ -10,7 +10,8 @@ describe "Stats", type: :request do
|
|
|
10
10
|
last_name: 'Kelso',
|
|
11
11
|
team: 'Operations',
|
|
12
12
|
rendering_id: 16,
|
|
13
|
-
exp: Time.now.to_i + 2.weeks.to_i
|
|
13
|
+
exp: Time.now.to_i + 2.weeks.to_i,
|
|
14
|
+
permission_level: 'admin'
|
|
14
15
|
}, ForestLiana.auth_secret, 'HS256')
|
|
15
16
|
|
|
16
17
|
headers = {
|
|
@@ -37,7 +38,7 @@ describe "Stats", type: :request do
|
|
|
37
38
|
allow(ForestLiana::IpWhitelist).to receive(:retrieve) { true }
|
|
38
39
|
allow(ForestLiana::IpWhitelist).to receive(:is_ip_whitelist_retrieved) { true }
|
|
39
40
|
allow(ForestLiana::IpWhitelist).to receive(:is_ip_valid) { true }
|
|
40
|
-
|
|
41
|
+
|
|
41
42
|
allow_any_instance_of(ForestLiana::PermissionsChecker).to receive(:is_authorized?) { true }
|
|
42
43
|
|
|
43
44
|
allow_any_instance_of(ForestLiana::ValueStatGetter).to receive(:perform) { true }
|
|
@@ -81,7 +82,7 @@ describe "Stats", type: :request do
|
|
|
81
82
|
expect(response.status).to eq(403)
|
|
82
83
|
end
|
|
83
84
|
end
|
|
84
|
-
|
|
85
|
+
|
|
85
86
|
describe 'POST /stats' do
|
|
86
87
|
params = { query: 'SELECT COUNT(*) AS value FROM products;' }
|
|
87
88
|
|
|
@@ -107,7 +108,7 @@ describe "Stats", type: :request do
|
|
|
107
108
|
|
|
108
109
|
it 'should respond 422 with unprocessable query' do
|
|
109
110
|
allow_any_instance_of(ForestLiana::QueryStatGetter).to receive(:perform) { raise ForestLiana::Errors::LiveQueryError.new }
|
|
110
|
-
|
|
111
|
+
|
|
111
112
|
post '/forest/stats', params: JSON.dump(params), headers: headers
|
|
112
113
|
expect(response.status).to eq(422)
|
|
113
114
|
end
|
|
@@ -4,7 +4,7 @@ module ForestLiana
|
|
|
4
4
|
described_class.empty_cache
|
|
5
5
|
end
|
|
6
6
|
|
|
7
|
-
let(:
|
|
7
|
+
let(:user) { { 'id' => '1' } }
|
|
8
8
|
let(:schema) {
|
|
9
9
|
[
|
|
10
10
|
ForestLiana::Model::Collection.new({
|
|
@@ -127,8 +127,8 @@ module ForestLiana
|
|
|
127
127
|
end
|
|
128
128
|
|
|
129
129
|
it 'should call the API twice' do
|
|
130
|
-
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
131
|
-
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
130
|
+
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
|
|
131
|
+
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
|
|
132
132
|
|
|
133
133
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).twice
|
|
134
134
|
end
|
|
@@ -136,8 +136,8 @@ module ForestLiana
|
|
|
136
136
|
|
|
137
137
|
context 'before expiration time' do
|
|
138
138
|
it 'should call the API only once' do
|
|
139
|
-
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
140
|
-
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
139
|
+
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
|
|
140
|
+
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
|
|
141
141
|
|
|
142
142
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).once
|
|
143
143
|
end
|
|
@@ -175,8 +175,8 @@ module ForestLiana
|
|
|
175
175
|
api_permissions_rendering_2['data']['custom']['collection']['export'] = false
|
|
176
176
|
api_permissions_rendering_2
|
|
177
177
|
}
|
|
178
|
-
let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1,
|
|
179
|
-
let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2,
|
|
178
|
+
let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1, user: user).is_authorized? }
|
|
179
|
+
let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2, user: user).is_authorized? }
|
|
180
180
|
|
|
181
181
|
before do
|
|
182
182
|
allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering)
|
|
@@ -241,7 +241,7 @@ module ForestLiana
|
|
|
241
241
|
context 'when checking browseEnabled' do
|
|
242
242
|
context 'when expiration value is set to its default' do
|
|
243
243
|
it 'should not call the API to refresh the renderings cache' do
|
|
244
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
244
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
245
245
|
|
|
246
246
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
|
|
247
247
|
expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
|
|
@@ -256,7 +256,7 @@ module ForestLiana
|
|
|
256
256
|
end
|
|
257
257
|
|
|
258
258
|
it 'should call the API to refresh the renderings cache' do
|
|
259
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
259
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
260
260
|
|
|
261
261
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
|
|
262
262
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).once
|
|
@@ -275,7 +275,7 @@ module ForestLiana
|
|
|
275
275
|
end
|
|
276
276
|
|
|
277
277
|
it 'should NOT call the API to refresh the renderings cache' do
|
|
278
|
-
described_class.new(fake_ressource, 'exportEnabled', rendering_id,
|
|
278
|
+
described_class.new(fake_ressource, 'exportEnabled', rendering_id, user: user).is_authorized?
|
|
279
279
|
|
|
280
280
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
|
|
281
281
|
expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
|
|
@@ -287,8 +287,8 @@ module ForestLiana
|
|
|
287
287
|
context 'on the same rendering' do
|
|
288
288
|
context 'when renderings permission has NOT expired' do
|
|
289
289
|
it 'should NOT call the API to refresh the renderings permissions' do
|
|
290
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
291
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
290
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
291
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
292
292
|
|
|
293
293
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
|
|
294
294
|
expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
|
|
@@ -303,8 +303,8 @@ module ForestLiana
|
|
|
303
303
|
end
|
|
304
304
|
|
|
305
305
|
it 'should call the API to refresh the renderings permissions' do
|
|
306
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
307
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
306
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
307
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
308
308
|
|
|
309
309
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).twice
|
|
310
310
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).twice
|
|
@@ -335,8 +335,8 @@ module ForestLiana
|
|
|
335
335
|
end
|
|
336
336
|
|
|
337
337
|
it 'should not call the API to refresh the rederings permissions' do
|
|
338
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
339
|
-
described_class.new(fake_ressource, 'browseEnabled', other_rendering_id,
|
|
338
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
339
|
+
described_class.new(fake_ressource, 'browseEnabled', other_rendering_id, user: user).is_authorized?
|
|
340
340
|
|
|
341
341
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
|
|
342
342
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(other_rendering_id).once
|
|
@@ -361,7 +361,7 @@ module ForestLiana
|
|
|
361
361
|
|
|
362
362
|
context 'when permissions does NOT have rolesACLActivated' do
|
|
363
363
|
describe 'exportEnabled permission' do
|
|
364
|
-
subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
364
|
+
subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
|
|
365
365
|
|
|
366
366
|
context 'when user has the required permission' do
|
|
367
367
|
it 'should be authorized' do
|
|
@@ -380,7 +380,7 @@ module ForestLiana
|
|
|
380
380
|
|
|
381
381
|
describe 'browseEnabled permission' do
|
|
382
382
|
let(:collection_name) { 'custom' }
|
|
383
|
-
subject { described_class.new(fake_ressource, 'browseEnabled', default_rendering_id,
|
|
383
|
+
subject { described_class.new(fake_ressource, 'browseEnabled', default_rendering_id, user: user) }
|
|
384
384
|
let(:segments_permissions) { nil }
|
|
385
385
|
let(:default_api_permissions) {
|
|
386
386
|
{
|
|
@@ -463,14 +463,14 @@ module ForestLiana
|
|
|
463
463
|
"searchToEdit" => false
|
|
464
464
|
}
|
|
465
465
|
}
|
|
466
|
-
let(:collection_list_parameters) { { :
|
|
466
|
+
let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
|
|
467
467
|
|
|
468
468
|
subject {
|
|
469
469
|
described_class.new(
|
|
470
470
|
fake_ressource,
|
|
471
471
|
'browseEnabled',
|
|
472
472
|
default_rendering_id,
|
|
473
|
-
|
|
473
|
+
user: user,
|
|
474
474
|
collection_list_parameters: collection_list_parameters
|
|
475
475
|
)
|
|
476
476
|
}
|
|
@@ -483,7 +483,7 @@ module ForestLiana
|
|
|
483
483
|
|
|
484
484
|
context 'when user has no segments and param segmentQuery is there' do
|
|
485
485
|
let(:segmentQuery) { 'SELECT * FROM products;' }
|
|
486
|
-
let(:collection_list_parameters) { { :
|
|
486
|
+
let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
|
|
487
487
|
it 'should be authorized' do
|
|
488
488
|
expect(subject.is_authorized?).to be false
|
|
489
489
|
end
|
|
@@ -491,7 +491,7 @@ module ForestLiana
|
|
|
491
491
|
|
|
492
492
|
context 'when segments are defined' do
|
|
493
493
|
let(:segments_permissions) { ['SELECT * FROM products;', 'SELECT * FROM sellers;'] }
|
|
494
|
-
let(:collection_list_parameters) { { :
|
|
494
|
+
let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
|
|
495
495
|
|
|
496
496
|
context 'when segments are passing validation' do
|
|
497
497
|
let(:segmentQuery) { 'SELECT * FROM products;' }
|
|
@@ -550,7 +550,7 @@ module ForestLiana
|
|
|
550
550
|
end
|
|
551
551
|
|
|
552
552
|
describe 'readEnabled permission' do
|
|
553
|
-
subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id,
|
|
553
|
+
subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
|
|
554
554
|
|
|
555
555
|
context 'when user has the required permission' do
|
|
556
556
|
it 'should be authorized' do
|
|
@@ -568,7 +568,7 @@ module ForestLiana
|
|
|
568
568
|
end
|
|
569
569
|
|
|
570
570
|
describe 'addEnabled permission' do
|
|
571
|
-
subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id,
|
|
571
|
+
subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
|
|
572
572
|
|
|
573
573
|
context 'when user has the required permission' do
|
|
574
574
|
it 'should be authorized' do
|
|
@@ -586,7 +586,7 @@ module ForestLiana
|
|
|
586
586
|
end
|
|
587
587
|
|
|
588
588
|
describe 'editEnabled permission' do
|
|
589
|
-
subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id,
|
|
589
|
+
subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
|
|
590
590
|
|
|
591
591
|
context 'when user has the required permission' do
|
|
592
592
|
it 'should be authorized' do
|
|
@@ -604,7 +604,7 @@ module ForestLiana
|
|
|
604
604
|
end
|
|
605
605
|
|
|
606
606
|
describe 'deleteEnabled permission' do
|
|
607
|
-
subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id,
|
|
607
|
+
subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
|
|
608
608
|
|
|
609
609
|
context 'when user has the required permission' do
|
|
610
610
|
it 'should be authorized' do
|
|
@@ -628,7 +628,7 @@ module ForestLiana
|
|
|
628
628
|
fake_ressource,
|
|
629
629
|
'actions',
|
|
630
630
|
default_rendering_id,
|
|
631
|
-
|
|
631
|
+
user: user,
|
|
632
632
|
smart_action_request_info: smart_action_request_info
|
|
633
633
|
)
|
|
634
634
|
}
|
|
@@ -674,7 +674,7 @@ module ForestLiana
|
|
|
674
674
|
|
|
675
675
|
context 'when the action permissions contains a list of user ids' do
|
|
676
676
|
context 'when user id is NOT part of the authorized users' do
|
|
677
|
-
let(:
|
|
677
|
+
let(:user) { { 'id' => '2' } }
|
|
678
678
|
let(:smart_action_request_info) { { endpoint: 'forest/actions/TestRestricted', http_method: 'POST' } }
|
|
679
679
|
|
|
680
680
|
it 'user should NOT be authorized' do
|
|
@@ -4,7 +4,7 @@ module ForestLiana
|
|
|
4
4
|
described_class.empty_cache
|
|
5
5
|
end
|
|
6
6
|
|
|
7
|
-
let(:
|
|
7
|
+
let(:user) { { 'id' => '1' } }
|
|
8
8
|
let(:schema) {
|
|
9
9
|
[
|
|
10
10
|
ForestLiana::Model::Collection.new({
|
|
@@ -152,8 +152,8 @@ module ForestLiana
|
|
|
152
152
|
end
|
|
153
153
|
|
|
154
154
|
it 'should call the API twice' do
|
|
155
|
-
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
156
|
-
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
155
|
+
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
|
|
156
|
+
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
|
|
157
157
|
|
|
158
158
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).twice
|
|
159
159
|
end
|
|
@@ -161,8 +161,8 @@ module ForestLiana
|
|
|
161
161
|
|
|
162
162
|
context 'before expiration time' do
|
|
163
163
|
it 'should call the API only once' do
|
|
164
|
-
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
165
|
-
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
164
|
+
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
|
|
165
|
+
described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
|
|
166
166
|
|
|
167
167
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).once
|
|
168
168
|
end
|
|
@@ -209,8 +209,8 @@ module ForestLiana
|
|
|
209
209
|
}
|
|
210
210
|
|
|
211
211
|
context 'when the first call is authorized' do
|
|
212
|
-
let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1,
|
|
213
|
-
let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2,
|
|
212
|
+
let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1, user: user).is_authorized? }
|
|
213
|
+
let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2, user: user).is_authorized? }
|
|
214
214
|
|
|
215
215
|
# Even if the value are different, the permissions are cross rendering thus another call
|
|
216
216
|
# to the api wont be made until the permission expires
|
|
@@ -228,8 +228,8 @@ module ForestLiana
|
|
|
228
228
|
|
|
229
229
|
# If not authorized the cached version is not used
|
|
230
230
|
context 'when the first call is not authorized' do
|
|
231
|
-
let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'browseEnabled', 1,
|
|
232
|
-
let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'browseEnabled', 2,
|
|
231
|
+
let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'browseEnabled', 1, user: user).is_authorized? }
|
|
232
|
+
let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'browseEnabled', 2, user: user).is_authorized? }
|
|
233
233
|
|
|
234
234
|
it 'should return different value' do
|
|
235
235
|
expect(authorized_to_export_rendering_1).to eq false
|
|
@@ -293,7 +293,7 @@ module ForestLiana
|
|
|
293
293
|
context 'when checking browseEnabled' do
|
|
294
294
|
context 'when expiration value is set to its default' do
|
|
295
295
|
it 'should not call the API to refresh the renderings cache' do
|
|
296
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
296
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
297
297
|
|
|
298
298
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
|
|
299
299
|
expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
|
|
@@ -308,7 +308,7 @@ module ForestLiana
|
|
|
308
308
|
end
|
|
309
309
|
|
|
310
310
|
it 'should call the API to refresh the renderings cache' do
|
|
311
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
311
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
312
312
|
|
|
313
313
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
|
|
314
314
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).once
|
|
@@ -327,7 +327,7 @@ module ForestLiana
|
|
|
327
327
|
end
|
|
328
328
|
|
|
329
329
|
it 'should NOT call the API to refresh the rendering cache' do
|
|
330
|
-
described_class.new(fake_ressource, 'exportEnabled', rendering_id,
|
|
330
|
+
described_class.new(fake_ressource, 'exportEnabled', rendering_id, user: user).is_authorized?
|
|
331
331
|
|
|
332
332
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
|
|
333
333
|
expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
|
|
@@ -339,8 +339,8 @@ module ForestLiana
|
|
|
339
339
|
context 'on the same rendering' do
|
|
340
340
|
context 'when rendering permission has NOT expired' do
|
|
341
341
|
it 'should NOT call the API to refresh the rendering permissions' do
|
|
342
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
343
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
342
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
343
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
344
344
|
|
|
345
345
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
|
|
346
346
|
expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
|
|
@@ -355,8 +355,8 @@ module ForestLiana
|
|
|
355
355
|
end
|
|
356
356
|
|
|
357
357
|
it 'should call the API to refresh the rendering permissions' do
|
|
358
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
359
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
358
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
359
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
360
360
|
|
|
361
361
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).twice
|
|
362
362
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).twice
|
|
@@ -388,8 +388,8 @@ module ForestLiana
|
|
|
388
388
|
end
|
|
389
389
|
|
|
390
390
|
it 'should call the API to refresh the rendering permissions' do
|
|
391
|
-
described_class.new(fake_ressource, 'browseEnabled', rendering_id,
|
|
392
|
-
described_class.new(fake_ressource, 'browseEnabled', other_rendering_id,
|
|
391
|
+
described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
|
|
392
|
+
described_class.new(fake_ressource, 'browseEnabled', other_rendering_id, user: user).is_authorized?
|
|
393
393
|
|
|
394
394
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
|
|
395
395
|
expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(other_rendering_id, rendering_specific_only: true).once
|
|
@@ -415,7 +415,7 @@ module ForestLiana
|
|
|
415
415
|
let(:collection_name) { 'all_rights_collection_boolean' }
|
|
416
416
|
|
|
417
417
|
describe 'exportEnabled permission' do
|
|
418
|
-
subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
418
|
+
subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
|
|
419
419
|
|
|
420
420
|
context 'when user has the required permission' do
|
|
421
421
|
it 'should be authorized' do
|
|
@@ -433,13 +433,13 @@ module ForestLiana
|
|
|
433
433
|
end
|
|
434
434
|
|
|
435
435
|
describe 'browseEnbled permission' do
|
|
436
|
-
let(:collection_list_parameters) { { :
|
|
436
|
+
let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
|
|
437
437
|
subject {
|
|
438
438
|
described_class.new(
|
|
439
439
|
fake_ressource,
|
|
440
440
|
'browseEnabled',
|
|
441
441
|
default_rendering_id,
|
|
442
|
-
|
|
442
|
+
user: user,
|
|
443
443
|
collection_list_parameters: collection_list_parameters
|
|
444
444
|
)
|
|
445
445
|
}
|
|
@@ -460,7 +460,7 @@ module ForestLiana
|
|
|
460
460
|
|
|
461
461
|
context 'when user has no segments queries permissions and param segmentQuery is there' do
|
|
462
462
|
let(:segmentQuery) { 'SELECT * FROM products;' }
|
|
463
|
-
let(:collection_list_parameters) { { :
|
|
463
|
+
let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
|
|
464
464
|
it 'should be authorized' do
|
|
465
465
|
expect(subject.is_authorized?).to be false
|
|
466
466
|
end
|
|
@@ -477,7 +477,7 @@ module ForestLiana
|
|
|
477
477
|
}
|
|
478
478
|
}
|
|
479
479
|
}
|
|
480
|
-
let(:collection_list_parameters) { { :
|
|
480
|
+
let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
|
|
481
481
|
|
|
482
482
|
context 'when segments are passing validation' do
|
|
483
483
|
let(:segmentQuery) { 'SELECT * FROM products;' }
|
|
@@ -526,7 +526,7 @@ module ForestLiana
|
|
|
526
526
|
end
|
|
527
527
|
|
|
528
528
|
describe 'readEnabled permission' do
|
|
529
|
-
subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id,
|
|
529
|
+
subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
|
|
530
530
|
|
|
531
531
|
context 'when user has the required permission' do
|
|
532
532
|
it 'should be authorized' do
|
|
@@ -544,7 +544,7 @@ module ForestLiana
|
|
|
544
544
|
end
|
|
545
545
|
|
|
546
546
|
describe 'addEnabled permission' do
|
|
547
|
-
subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id,
|
|
547
|
+
subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
|
|
548
548
|
|
|
549
549
|
context 'when user has the required permission' do
|
|
550
550
|
it 'should be authorized' do
|
|
@@ -562,7 +562,7 @@ module ForestLiana
|
|
|
562
562
|
end
|
|
563
563
|
|
|
564
564
|
describe 'editEnabled permission' do
|
|
565
|
-
subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id,
|
|
565
|
+
subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
|
|
566
566
|
|
|
567
567
|
context 'when user has the required permission' do
|
|
568
568
|
it 'should be authorized' do
|
|
@@ -580,7 +580,7 @@ module ForestLiana
|
|
|
580
580
|
end
|
|
581
581
|
|
|
582
582
|
describe 'deleteEnabled permission' do
|
|
583
|
-
subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id,
|
|
583
|
+
subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
|
|
584
584
|
|
|
585
585
|
context 'when user has the required permission' do
|
|
586
586
|
it 'should be authorized' do
|
|
@@ -604,7 +604,7 @@ module ForestLiana
|
|
|
604
604
|
fake_ressource,
|
|
605
605
|
'actions',
|
|
606
606
|
default_rendering_id,
|
|
607
|
-
|
|
607
|
+
user: user,
|
|
608
608
|
smart_action_request_info: smart_action_request_info
|
|
609
609
|
)
|
|
610
610
|
}
|
|
@@ -653,7 +653,7 @@ module ForestLiana
|
|
|
653
653
|
let(:collection_name) { 'all_rights_collection_user_list' }
|
|
654
654
|
|
|
655
655
|
describe 'exportEnabled permission' do
|
|
656
|
-
subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id,
|
|
656
|
+
subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
|
|
657
657
|
|
|
658
658
|
context 'when user has the required permission' do
|
|
659
659
|
it 'should be authorized' do
|
|
@@ -671,13 +671,13 @@ module ForestLiana
|
|
|
671
671
|
end
|
|
672
672
|
|
|
673
673
|
describe 'browseEnabled permission' do
|
|
674
|
-
let(:collection_list_parameters) { { :
|
|
674
|
+
let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
|
|
675
675
|
subject {
|
|
676
676
|
described_class.new(
|
|
677
677
|
fake_ressource,
|
|
678
678
|
'browseEnabled',
|
|
679
679
|
default_rendering_id,
|
|
680
|
-
|
|
680
|
+
user: user,
|
|
681
681
|
collection_list_parameters: collection_list_parameters
|
|
682
682
|
)
|
|
683
683
|
}
|
|
@@ -698,7 +698,7 @@ module ForestLiana
|
|
|
698
698
|
end
|
|
699
699
|
|
|
700
700
|
describe 'readEnabled permission' do
|
|
701
|
-
subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id,
|
|
701
|
+
subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
|
|
702
702
|
|
|
703
703
|
context 'when user has the required permission' do
|
|
704
704
|
it 'should be authorized' do
|
|
@@ -716,7 +716,7 @@ module ForestLiana
|
|
|
716
716
|
end
|
|
717
717
|
|
|
718
718
|
describe 'addEnabled permission' do
|
|
719
|
-
subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id,
|
|
719
|
+
subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
|
|
720
720
|
|
|
721
721
|
context 'when user has the required permission' do
|
|
722
722
|
it 'should be authorized' do
|
|
@@ -734,7 +734,7 @@ module ForestLiana
|
|
|
734
734
|
end
|
|
735
735
|
|
|
736
736
|
describe 'editEnabled permission' do
|
|
737
|
-
subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id,
|
|
737
|
+
subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
|
|
738
738
|
|
|
739
739
|
context 'when user has the required permission' do
|
|
740
740
|
it 'should be authorized' do
|
|
@@ -752,7 +752,7 @@ module ForestLiana
|
|
|
752
752
|
end
|
|
753
753
|
|
|
754
754
|
describe 'deleteEnabled permission' do
|
|
755
|
-
subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id,
|
|
755
|
+
subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
|
|
756
756
|
|
|
757
757
|
context 'when user has the required permission' do
|
|
758
758
|
it 'should be authorized' do
|
|
@@ -776,7 +776,7 @@ module ForestLiana
|
|
|
776
776
|
fake_ressource,
|
|
777
777
|
'actions',
|
|
778
778
|
default_rendering_id,
|
|
779
|
-
|
|
779
|
+
user: user,
|
|
780
780
|
smart_action_request_info: smart_action_request_info
|
|
781
781
|
)
|
|
782
782
|
}
|
|
@@ -822,7 +822,7 @@ module ForestLiana
|
|
|
822
822
|
|
|
823
823
|
# searchToEdit permission checker should not be called anymore once rolesAcl activated
|
|
824
824
|
describe 'searchToEdit permission' do
|
|
825
|
-
subject { described_class.new(fake_ressource, 'searchToEdit', default_rendering_id,
|
|
825
|
+
subject { described_class.new(fake_ressource, 'searchToEdit', default_rendering_id, user: user) }
|
|
826
826
|
|
|
827
827
|
context 'when user has all permissions' do
|
|
828
828
|
it 'should NOT be authorized' do
|
|
@@ -4,7 +4,6 @@ module ForestLiana
|
|
|
4
4
|
described_class.empty_cache
|
|
5
5
|
end
|
|
6
6
|
|
|
7
|
-
let(:user_id) { 1 }
|
|
8
7
|
let(:schema) {
|
|
9
8
|
[
|
|
10
9
|
ForestLiana::Model::Collection.new({
|
|
@@ -50,7 +49,7 @@ module ForestLiana
|
|
|
50
49
|
"stats" => {
|
|
51
50
|
"queries" => [
|
|
52
51
|
'SELECT COUNT(*) AS value FROM products;',
|
|
53
|
-
'SELECT COUNT(*) AS value FROM
|
|
52
|
+
'SELECT COUNT(*) AS value FROM somethings;'
|
|
54
53
|
],
|
|
55
54
|
"values" => [
|
|
56
55
|
{
|
|
@@ -79,35 +78,79 @@ module ForestLiana
|
|
|
79
78
|
end
|
|
80
79
|
|
|
81
80
|
context 'when permissions liveQueries' do
|
|
81
|
+
let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
|
|
82
82
|
context 'contains the query' do
|
|
83
|
+
subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT COUNT(*) AS value FROM somethings;') }
|
|
84
|
+
|
|
85
|
+
it 'should be authorized' do
|
|
86
|
+
expect(subject.is_authorized?).to be true
|
|
87
|
+
end
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
context 'does not contains the query' do
|
|
91
|
+
subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT * FROM products WHERE category = Gifts OR 1=1-- AND released = 1') }
|
|
92
|
+
it 'should NOT be authorized' do
|
|
93
|
+
expect(subject.is_authorized?).to be false
|
|
94
|
+
end
|
|
95
|
+
end
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
context 'exectute liveQueries when user' do
|
|
99
|
+
context 'has correct permission_level' do
|
|
100
|
+
let(:user) { { 'id' => '1', 'permission_level' => 'admin' } }
|
|
101
|
+
subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT COUNT(*) AS value FROM somethings;') }
|
|
102
|
+
|
|
103
|
+
it 'should be authorized' do
|
|
104
|
+
expect(subject.is_authorized?).to be true
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
context 'does not have the correct permission_level' do
|
|
109
|
+
let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
|
|
110
|
+
subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT * FROM products WHERE category = Gifts OR 1=1-- AND released = 1') }
|
|
111
|
+
it 'should NOT be authorized' do
|
|
112
|
+
expect(subject.is_authorized?).to be false
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
context 'when permissions statWithParameters' do
|
|
118
|
+
let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
|
|
119
|
+
context 'contains the stat with the same parameters' do
|
|
83
120
|
request_info = {
|
|
84
121
|
"type" => "Value",
|
|
85
122
|
"collection" => "Product",
|
|
86
123
|
"aggregate" => "Count"
|
|
87
124
|
};
|
|
88
|
-
subject { described_class.new(fake_ressource, '
|
|
125
|
+
subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: request_info) }
|
|
89
126
|
|
|
90
127
|
it 'should be authorized' do
|
|
91
128
|
expect(subject.is_authorized?).to be true
|
|
92
129
|
end
|
|
93
130
|
end
|
|
94
131
|
|
|
95
|
-
context 'does not contains the
|
|
96
|
-
|
|
132
|
+
context 'does not contains the stat with the same parameters' do
|
|
133
|
+
other_request_info = {
|
|
134
|
+
"type" => "Leaderboard",
|
|
135
|
+
"collection" => "Product",
|
|
136
|
+
"aggregate" => "Sum"
|
|
137
|
+
};
|
|
138
|
+
subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: other_request_info) }
|
|
97
139
|
it 'should NOT be authorized' do
|
|
98
140
|
expect(subject.is_authorized?).to be false
|
|
99
141
|
end
|
|
100
142
|
end
|
|
101
143
|
end
|
|
102
144
|
|
|
103
|
-
context 'when
|
|
104
|
-
context '
|
|
145
|
+
context 'execute statWithParameters when user' do
|
|
146
|
+
context 'has correct permission_level' do
|
|
147
|
+
let(:user) { { 'id' => '1', 'permission_level' => 'admin' } }
|
|
105
148
|
request_info = {
|
|
106
149
|
"type" => "Value",
|
|
107
150
|
"collection" => "Product",
|
|
108
151
|
"aggregate" => "Count"
|
|
109
152
|
};
|
|
110
|
-
subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id,
|
|
153
|
+
subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: request_info) }
|
|
111
154
|
|
|
112
155
|
it 'should be authorized' do
|
|
113
156
|
expect(subject.is_authorized?).to be true
|
|
@@ -115,12 +158,13 @@ module ForestLiana
|
|
|
115
158
|
end
|
|
116
159
|
|
|
117
160
|
context 'does not contains the stat with the same parameters' do
|
|
161
|
+
let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
|
|
118
162
|
other_request_info = {
|
|
119
163
|
"type" => "Leaderboard",
|
|
120
164
|
"collection" => "Product",
|
|
121
165
|
"aggregate" => "Sum"
|
|
122
166
|
};
|
|
123
|
-
subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id,
|
|
167
|
+
subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: other_request_info) }
|
|
124
168
|
it 'should NOT be authorized' do
|
|
125
169
|
expect(subject.is_authorized?).to be false
|
|
126
170
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: forest_liana
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.6.
|
|
4
|
+
version: 7.6.14
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sandro Munda
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-08
|
|
11
|
+
date: 2022-09-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|