forest_liana 7.6.13 → 7.6.14

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9b031b66a7afc9e69d6d16fdc8787ce99087abe166faa9e708bf19ad4583b464
4
- data.tar.gz: a94b3ad5cc17306b53e43424e1b4317561bcd59484aa270422cb5a0a20216d7d
3
+ metadata.gz: 4c0be19be3d243bda2e6ed0a9b926c6e1f1b24b7ab44187698d7fa08bdd8cfbb
4
+ data.tar.gz: cd4076fa6837e825d545ccc0995dfef7a2326c652ab659ff615f582069b59c12
5
5
  SHA512:
6
- metadata.gz: 6f29bbbed569c99ec65dc51711c98744dd4e249bc62845c3bc0b0c0eda3c734ce9fc8dd15fc23a29e83ad884430e25b5315183f0d95c00102376f8c930fcee58
7
- data.tar.gz: d27f1c9eec56ddb0889552e6edcf2312866b5df5a5f11a924611b84c00f02b48ed332dac5fd884b31e3fd3000be38015ecfdc393c1c4a083b6fcef4d4baaf402
6
+ metadata.gz: 0c34125014fb5025c6d9bfbe4c1fc4076d876ca2a436671743c5c529ac8b8c9cbb9add104ad03f01142a31ae17c0a04f3c9e76b73b1eb4785dfe01d4cbb1d3c2
7
+ data.tar.gz: d189bf3ccd299236868d97c8fc32464c9c22f095c1c0a1c5f28c990b2690f63fe6f9c25f45c374b510849f3246dcd4e572b110194e0ca2ce0cc60e209d511133
@@ -16,14 +16,14 @@ module ForestLiana
16
16
  def index
17
17
  begin
18
18
  if request.format == 'csv'
19
- checker = ForestLiana::PermissionsChecker.new(@resource, 'exportEnabled', @rendering_id, user_id: forest_user['id'])
19
+ checker = ForestLiana::PermissionsChecker.new(@resource, 'exportEnabled', @rendering_id, user: forest_user)
20
20
  return head :forbidden unless checker.is_authorized?
21
21
  else
22
22
  checker = ForestLiana::PermissionsChecker.new(
23
23
  @resource,
24
24
  'browseEnabled',
25
25
  @rendering_id,
26
- user_id: forest_user['id'],
26
+ user: forest_user,
27
27
  collection_list_parameters: get_collection_list_permission_info(forest_user, request)
28
28
  )
29
29
  return head :forbidden unless checker.is_authorized?
@@ -60,7 +60,7 @@ module ForestLiana
60
60
  @resource,
61
61
  'browseEnabled',
62
62
  @rendering_id,
63
- user_id: forest_user['id'],
63
+ user: forest_user,
64
64
  collection_list_parameters: get_collection_list_permission_info(forest_user, request)
65
65
  )
66
66
  return head :forbidden unless checker.is_authorized?
@@ -89,7 +89,7 @@ module ForestLiana
89
89
 
90
90
  def show
91
91
  begin
92
- checker = ForestLiana::PermissionsChecker.new(@resource, 'readEnabled', @rendering_id, user_id: forest_user['id'])
92
+ checker = ForestLiana::PermissionsChecker.new(@resource, 'readEnabled', @rendering_id, user: forest_user)
93
93
  return head :forbidden unless checker.is_authorized?
94
94
 
95
95
  getter = ForestLiana::ResourceGetter.new(@resource, params, forest_user)
@@ -107,7 +107,7 @@ module ForestLiana
107
107
 
108
108
  def create
109
109
  begin
110
- checker = ForestLiana::PermissionsChecker.new(@resource, 'addEnabled', @rendering_id, user_id: forest_user['id'])
110
+ checker = ForestLiana::PermissionsChecker.new(@resource, 'addEnabled', @rendering_id, user: forest_user)
111
111
  return head :forbidden unless checker.is_authorized?
112
112
 
113
113
  creator = ForestLiana::ResourceCreator.new(@resource, params)
@@ -131,7 +131,7 @@ module ForestLiana
131
131
 
132
132
  def update
133
133
  begin
134
- checker = ForestLiana::PermissionsChecker.new(@resource, 'editEnabled', @rendering_id, user_id: forest_user['id'])
134
+ checker = ForestLiana::PermissionsChecker.new(@resource, 'editEnabled', @rendering_id, user: forest_user)
135
135
  return head :forbidden unless checker.is_authorized?
136
136
 
137
137
  updater = ForestLiana::ResourceUpdater.new(@resource, params, forest_user)
@@ -154,7 +154,7 @@ module ForestLiana
154
154
  end
155
155
 
156
156
  def destroy
157
- checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user_id: forest_user['id'])
157
+ checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user: forest_user)
158
158
  return head :forbidden unless checker.is_authorized?
159
159
 
160
160
  collection_name = ForestLiana.name_for(@resource)
@@ -174,7 +174,7 @@ module ForestLiana
174
174
  end
175
175
 
176
176
  def destroy_bulk
177
- checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user_id: forest_user['id'])
177
+ checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user: forest_user)
178
178
  return head :forbidden unless checker.is_authorized?
179
179
 
180
180
  ids = ForestLiana::ResourcesGetter.get_ids_from_request(params, forest_user)
@@ -63,7 +63,7 @@ module ForestLiana
63
63
  find_resource(smart_action_request[:collection_name]),
64
64
  'actions',
65
65
  @rendering_id,
66
- user_id: forest_user['id'],
66
+ user: forest_user,
67
67
  smart_action_request_info: get_smart_action_request_info
68
68
  )
69
69
  return head :forbidden unless checker.is_authorized?
@@ -105,7 +105,7 @@ module ForestLiana
105
105
  nil,
106
106
  permission_name,
107
107
  @rendering_id,
108
- user_id: forest_user['id'],
108
+ user: forest_user,
109
109
  query_request_info: query_request
110
110
  )
111
111
 
@@ -6,12 +6,14 @@ module ForestLiana
6
6
 
7
7
  @@expiration_in_seconds = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 3600).to_i
8
8
 
9
- def initialize(resource, permission_name, rendering_id, user_id: nil, smart_action_request_info: nil, collection_list_parameters: Hash.new, query_request_info: nil)
9
+ ALLOWED_PERMISSION_LEVELS = %w[admin editor developer]
10
+
11
+ def initialize(resource, permission_name, rendering_id, user: nil, smart_action_request_info: nil, collection_list_parameters: Hash.new, query_request_info: nil)
10
12
  @collection_name = resource.present? ? ForestLiana.name_for(resource) : nil
11
13
  @permission_name = permission_name
12
14
  @rendering_id = rendering_id
13
15
 
14
- @user_id = user_id
16
+ @user = user
15
17
  @smart_action_request_info = smart_action_request_info
16
18
  @collection_list_parameters = collection_list_parameters
17
19
  @query_request_info = query_request_info
@@ -56,9 +58,9 @@ module ForestLiana
56
58
 
57
59
  # NOTICE: check liveQueries permissions
58
60
  if @permission_name === 'liveQueries'
59
- return live_query_allowed?
61
+ return ALLOWED_PERMISSION_LEVELS.include?(@user['permission_level']) || live_query_allowed?
60
62
  elsif @permission_name === 'statWithParameters'
61
- return stat_with_parameters_allowed?
63
+ return ALLOWED_PERMISSION_LEVELS.include?(@user['permission_level']) || stat_with_parameters_allowed?
62
64
  end
63
65
 
64
66
  if permissions && permissions[@collection_name] &&
@@ -146,7 +148,7 @@ module ForestLiana
146
148
  def is_user_allowed(permission_value)
147
149
  return false if permission_value.nil?
148
150
  return permission_value if permission_value.in? [true, false]
149
- permission_value.include?(@user_id.to_i)
151
+ permission_value.include?(@user['id'].to_i)
150
152
  end
151
153
 
152
154
  def smart_action_allowed?(smart_actions_permissions)
@@ -22,7 +22,8 @@ module ForestLiana
22
22
  role: user['role'],
23
23
  tags: user['tags'],
24
24
  rendering_id: rendering_id,
25
- exp: expiration_in_seconds()
25
+ exp: expiration_in_seconds(),
26
+ permission_level: user['permission_level'],
26
27
  }, ForestLiana.auth_secret, 'HS256')
27
28
  end
28
29
  end
@@ -1,3 +1,3 @@
1
1
  module ForestLiana
2
- VERSION = "7.6.13"
2
+ VERSION = "7.6.14"
3
3
  end
@@ -25,7 +25,8 @@ describe 'Requesting Actions routes', :type => :request do
25
25
  last_name: 'Kelso',
26
26
  team: 'Operations',
27
27
  rendering_id: rendering_id,
28
- exp: Time.now.to_i + 2.weeks.to_i
28
+ exp: Time.now.to_i + 2.weeks.to_i,
29
+ permission_level: 'admin'
29
30
  }, ForestLiana.auth_secret, 'HS256')
30
31
  }
31
32
 
@@ -29,7 +29,8 @@ describe 'Requesting Owner', :type => :request do
29
29
  last_name: 'Kelso',
30
30
  team: 'Operations',
31
31
  rendering_id: 16,
32
- exp: Time.now.to_i + 2.weeks.to_i
32
+ exp: Time.now.to_i + 2.weeks.to_i,
33
+ permission_level: 'admin'
33
34
  }, ForestLiana.auth_secret, 'HS256')
34
35
 
35
36
  headers = {
@@ -28,7 +28,8 @@ describe 'Requesting Tree resources', :type => :request do
28
28
  last_name: 'Kelso',
29
29
  team: 'Operations',
30
30
  rendering_id: 16,
31
- exp: Time.now.to_i + 2.weeks.to_i
31
+ exp: Time.now.to_i + 2.weeks.to_i,
32
+ permission_level: 'admin'
32
33
  }, ForestLiana.auth_secret, 'HS256')
33
34
 
34
35
  headers = {
@@ -10,7 +10,8 @@ describe "Stats", type: :request do
10
10
  last_name: 'Kelso',
11
11
  team: 'Operations',
12
12
  rendering_id: 16,
13
- exp: Time.now.to_i + 2.weeks.to_i
13
+ exp: Time.now.to_i + 2.weeks.to_i,
14
+ permission_level: 'admin'
14
15
  }, ForestLiana.auth_secret, 'HS256')
15
16
 
16
17
  headers = {
@@ -37,7 +38,7 @@ describe "Stats", type: :request do
37
38
  allow(ForestLiana::IpWhitelist).to receive(:retrieve) { true }
38
39
  allow(ForestLiana::IpWhitelist).to receive(:is_ip_whitelist_retrieved) { true }
39
40
  allow(ForestLiana::IpWhitelist).to receive(:is_ip_valid) { true }
40
-
41
+
41
42
  allow_any_instance_of(ForestLiana::PermissionsChecker).to receive(:is_authorized?) { true }
42
43
 
43
44
  allow_any_instance_of(ForestLiana::ValueStatGetter).to receive(:perform) { true }
@@ -81,7 +82,7 @@ describe "Stats", type: :request do
81
82
  expect(response.status).to eq(403)
82
83
  end
83
84
  end
84
-
85
+
85
86
  describe 'POST /stats' do
86
87
  params = { query: 'SELECT COUNT(*) AS value FROM products;' }
87
88
 
@@ -107,7 +108,7 @@ describe "Stats", type: :request do
107
108
 
108
109
  it 'should respond 422 with unprocessable query' do
109
110
  allow_any_instance_of(ForestLiana::QueryStatGetter).to receive(:perform) { raise ForestLiana::Errors::LiveQueryError.new }
110
-
111
+
111
112
  post '/forest/stats', params: JSON.dump(params), headers: headers
112
113
  expect(response.status).to eq(422)
113
114
  end
@@ -4,7 +4,7 @@ module ForestLiana
4
4
  described_class.empty_cache
5
5
  end
6
6
 
7
- let(:user_id) { 1 }
7
+ let(:user) { { 'id' => '1' } }
8
8
  let(:schema) {
9
9
  [
10
10
  ForestLiana::Model::Collection.new({
@@ -127,8 +127,8 @@ module ForestLiana
127
127
  end
128
128
 
129
129
  it 'should call the API twice' do
130
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id).is_authorized?
131
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id).is_authorized?
130
+ described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
131
+ described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
132
132
 
133
133
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).twice
134
134
  end
@@ -136,8 +136,8 @@ module ForestLiana
136
136
 
137
137
  context 'before expiration time' do
138
138
  it 'should call the API only once' do
139
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id).is_authorized?
140
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id).is_authorized?
139
+ described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
140
+ described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
141
141
 
142
142
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).once
143
143
  end
@@ -175,8 +175,8 @@ module ForestLiana
175
175
  api_permissions_rendering_2['data']['custom']['collection']['export'] = false
176
176
  api_permissions_rendering_2
177
177
  }
178
- let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1, user_id: user_id).is_authorized? }
179
- let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2, user_id: user_id).is_authorized? }
178
+ let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1, user: user).is_authorized? }
179
+ let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2, user: user).is_authorized? }
180
180
 
181
181
  before do
182
182
  allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering)
@@ -241,7 +241,7 @@ module ForestLiana
241
241
  context 'when checking browseEnabled' do
242
242
  context 'when expiration value is set to its default' do
243
243
  it 'should not call the API to refresh the renderings cache' do
244
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
244
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
245
245
 
246
246
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
247
247
  expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
@@ -256,7 +256,7 @@ module ForestLiana
256
256
  end
257
257
 
258
258
  it 'should call the API to refresh the renderings cache' do
259
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
259
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
260
260
 
261
261
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
262
262
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).once
@@ -275,7 +275,7 @@ module ForestLiana
275
275
  end
276
276
 
277
277
  it 'should NOT call the API to refresh the renderings cache' do
278
- described_class.new(fake_ressource, 'exportEnabled', rendering_id, user_id: user_id).is_authorized?
278
+ described_class.new(fake_ressource, 'exportEnabled', rendering_id, user: user).is_authorized?
279
279
 
280
280
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
281
281
  expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
@@ -287,8 +287,8 @@ module ForestLiana
287
287
  context 'on the same rendering' do
288
288
  context 'when renderings permission has NOT expired' do
289
289
  it 'should NOT call the API to refresh the renderings permissions' do
290
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
291
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
290
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
291
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
292
292
 
293
293
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
294
294
  expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
@@ -303,8 +303,8 @@ module ForestLiana
303
303
  end
304
304
 
305
305
  it 'should call the API to refresh the renderings permissions' do
306
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
307
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
306
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
307
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
308
308
 
309
309
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).twice
310
310
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).twice
@@ -335,8 +335,8 @@ module ForestLiana
335
335
  end
336
336
 
337
337
  it 'should not call the API to refresh the rederings permissions' do
338
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
339
- described_class.new(fake_ressource, 'browseEnabled', other_rendering_id, user_id: user_id).is_authorized?
338
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
339
+ described_class.new(fake_ressource, 'browseEnabled', other_rendering_id, user: user).is_authorized?
340
340
 
341
341
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
342
342
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(other_rendering_id).once
@@ -361,7 +361,7 @@ module ForestLiana
361
361
 
362
362
  context 'when permissions does NOT have rolesACLActivated' do
363
363
  describe 'exportEnabled permission' do
364
- subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id) }
364
+ subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
365
365
 
366
366
  context 'when user has the required permission' do
367
367
  it 'should be authorized' do
@@ -380,7 +380,7 @@ module ForestLiana
380
380
 
381
381
  describe 'browseEnabled permission' do
382
382
  let(:collection_name) { 'custom' }
383
- subject { described_class.new(fake_ressource, 'browseEnabled', default_rendering_id, user_id: user_id) }
383
+ subject { described_class.new(fake_ressource, 'browseEnabled', default_rendering_id, user: user) }
384
384
  let(:segments_permissions) { nil }
385
385
  let(:default_api_permissions) {
386
386
  {
@@ -463,14 +463,14 @@ module ForestLiana
463
463
  "searchToEdit" => false
464
464
  }
465
465
  }
466
- let(:collection_list_parameters) { { :user_id => "1", :filters => nil } }
466
+ let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
467
467
 
468
468
  subject {
469
469
  described_class.new(
470
470
  fake_ressource,
471
471
  'browseEnabled',
472
472
  default_rendering_id,
473
- user_id: user_id,
473
+ user: user,
474
474
  collection_list_parameters: collection_list_parameters
475
475
  )
476
476
  }
@@ -483,7 +483,7 @@ module ForestLiana
483
483
 
484
484
  context 'when user has no segments and param segmentQuery is there' do
485
485
  let(:segmentQuery) { 'SELECT * FROM products;' }
486
- let(:collection_list_parameters) { { :user_id => "1", :segmentQuery => segmentQuery } }
486
+ let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
487
487
  it 'should be authorized' do
488
488
  expect(subject.is_authorized?).to be false
489
489
  end
@@ -491,7 +491,7 @@ module ForestLiana
491
491
 
492
492
  context 'when segments are defined' do
493
493
  let(:segments_permissions) { ['SELECT * FROM products;', 'SELECT * FROM sellers;'] }
494
- let(:collection_list_parameters) { { :user_id => "1", :segmentQuery => segmentQuery } }
494
+ let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
495
495
 
496
496
  context 'when segments are passing validation' do
497
497
  let(:segmentQuery) { 'SELECT * FROM products;' }
@@ -550,7 +550,7 @@ module ForestLiana
550
550
  end
551
551
 
552
552
  describe 'readEnabled permission' do
553
- subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user_id: user_id) }
553
+ subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
554
554
 
555
555
  context 'when user has the required permission' do
556
556
  it 'should be authorized' do
@@ -568,7 +568,7 @@ module ForestLiana
568
568
  end
569
569
 
570
570
  describe 'addEnabled permission' do
571
- subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user_id: user_id) }
571
+ subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
572
572
 
573
573
  context 'when user has the required permission' do
574
574
  it 'should be authorized' do
@@ -586,7 +586,7 @@ module ForestLiana
586
586
  end
587
587
 
588
588
  describe 'editEnabled permission' do
589
- subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user_id: user_id) }
589
+ subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
590
590
 
591
591
  context 'when user has the required permission' do
592
592
  it 'should be authorized' do
@@ -604,7 +604,7 @@ module ForestLiana
604
604
  end
605
605
 
606
606
  describe 'deleteEnabled permission' do
607
- subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user_id: user_id) }
607
+ subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
608
608
 
609
609
  context 'when user has the required permission' do
610
610
  it 'should be authorized' do
@@ -628,7 +628,7 @@ module ForestLiana
628
628
  fake_ressource,
629
629
  'actions',
630
630
  default_rendering_id,
631
- user_id: user_id,
631
+ user: user,
632
632
  smart_action_request_info: smart_action_request_info
633
633
  )
634
634
  }
@@ -674,7 +674,7 @@ module ForestLiana
674
674
 
675
675
  context 'when the action permissions contains a list of user ids' do
676
676
  context 'when user id is NOT part of the authorized users' do
677
- let(:user_id) { 2 }
677
+ let(:user) { { 'id' => '2' } }
678
678
  let(:smart_action_request_info) { { endpoint: 'forest/actions/TestRestricted', http_method: 'POST' } }
679
679
 
680
680
  it 'user should NOT be authorized' do
@@ -4,7 +4,7 @@ module ForestLiana
4
4
  described_class.empty_cache
5
5
  end
6
6
 
7
- let(:user_id) { 1 }
7
+ let(:user) { { 'id' => '1' } }
8
8
  let(:schema) {
9
9
  [
10
10
  ForestLiana::Model::Collection.new({
@@ -152,8 +152,8 @@ module ForestLiana
152
152
  end
153
153
 
154
154
  it 'should call the API twice' do
155
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id).is_authorized?
156
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id).is_authorized?
155
+ described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
156
+ described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
157
157
 
158
158
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).twice
159
159
  end
@@ -161,8 +161,8 @@ module ForestLiana
161
161
 
162
162
  context 'before expiration time' do
163
163
  it 'should call the API only once' do
164
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id).is_authorized?
165
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id).is_authorized?
164
+ described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
165
+ described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
166
166
 
167
167
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).once
168
168
  end
@@ -209,8 +209,8 @@ module ForestLiana
209
209
  }
210
210
 
211
211
  context 'when the first call is authorized' do
212
- let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1, user_id: user_id).is_authorized? }
213
- let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2, user_id: user_id).is_authorized? }
212
+ let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1, user: user).is_authorized? }
213
+ let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2, user: user).is_authorized? }
214
214
 
215
215
  # Even if the value are different, the permissions are cross rendering thus another call
216
216
  # to the api wont be made until the permission expires
@@ -228,8 +228,8 @@ module ForestLiana
228
228
 
229
229
  # If not authorized the cached version is not used
230
230
  context 'when the first call is not authorized' do
231
- let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'browseEnabled', 1, user_id: user_id).is_authorized? }
232
- let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'browseEnabled', 2, user_id: user_id).is_authorized? }
231
+ let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'browseEnabled', 1, user: user).is_authorized? }
232
+ let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'browseEnabled', 2, user: user).is_authorized? }
233
233
 
234
234
  it 'should return different value' do
235
235
  expect(authorized_to_export_rendering_1).to eq false
@@ -293,7 +293,7 @@ module ForestLiana
293
293
  context 'when checking browseEnabled' do
294
294
  context 'when expiration value is set to its default' do
295
295
  it 'should not call the API to refresh the renderings cache' do
296
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
296
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
297
297
 
298
298
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
299
299
  expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
@@ -308,7 +308,7 @@ module ForestLiana
308
308
  end
309
309
 
310
310
  it 'should call the API to refresh the renderings cache' do
311
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
311
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
312
312
 
313
313
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
314
314
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).once
@@ -327,7 +327,7 @@ module ForestLiana
327
327
  end
328
328
 
329
329
  it 'should NOT call the API to refresh the rendering cache' do
330
- described_class.new(fake_ressource, 'exportEnabled', rendering_id, user_id: user_id).is_authorized?
330
+ described_class.new(fake_ressource, 'exportEnabled', rendering_id, user: user).is_authorized?
331
331
 
332
332
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
333
333
  expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
@@ -339,8 +339,8 @@ module ForestLiana
339
339
  context 'on the same rendering' do
340
340
  context 'when rendering permission has NOT expired' do
341
341
  it 'should NOT call the API to refresh the rendering permissions' do
342
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
343
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
342
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
343
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
344
344
 
345
345
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
346
346
  expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
@@ -355,8 +355,8 @@ module ForestLiana
355
355
  end
356
356
 
357
357
  it 'should call the API to refresh the rendering permissions' do
358
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
359
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
358
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
359
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
360
360
 
361
361
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).twice
362
362
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).twice
@@ -388,8 +388,8 @@ module ForestLiana
388
388
  end
389
389
 
390
390
  it 'should call the API to refresh the rendering permissions' do
391
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user_id: user_id).is_authorized?
392
- described_class.new(fake_ressource, 'browseEnabled', other_rendering_id, user_id: user_id).is_authorized?
391
+ described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
392
+ described_class.new(fake_ressource, 'browseEnabled', other_rendering_id, user: user).is_authorized?
393
393
 
394
394
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
395
395
  expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(other_rendering_id, rendering_specific_only: true).once
@@ -415,7 +415,7 @@ module ForestLiana
415
415
  let(:collection_name) { 'all_rights_collection_boolean' }
416
416
 
417
417
  describe 'exportEnabled permission' do
418
- subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id) }
418
+ subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
419
419
 
420
420
  context 'when user has the required permission' do
421
421
  it 'should be authorized' do
@@ -433,13 +433,13 @@ module ForestLiana
433
433
  end
434
434
 
435
435
  describe 'browseEnbled permission' do
436
- let(:collection_list_parameters) { { :user_id => "1", :filters => nil } }
436
+ let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
437
437
  subject {
438
438
  described_class.new(
439
439
  fake_ressource,
440
440
  'browseEnabled',
441
441
  default_rendering_id,
442
- user_id: user_id,
442
+ user: user,
443
443
  collection_list_parameters: collection_list_parameters
444
444
  )
445
445
  }
@@ -460,7 +460,7 @@ module ForestLiana
460
460
 
461
461
  context 'when user has no segments queries permissions and param segmentQuery is there' do
462
462
  let(:segmentQuery) { 'SELECT * FROM products;' }
463
- let(:collection_list_parameters) { { :user_id => "1", :segmentQuery => segmentQuery } }
463
+ let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
464
464
  it 'should be authorized' do
465
465
  expect(subject.is_authorized?).to be false
466
466
  end
@@ -477,7 +477,7 @@ module ForestLiana
477
477
  }
478
478
  }
479
479
  }
480
- let(:collection_list_parameters) { { :user_id => "1", :segmentQuery => segmentQuery } }
480
+ let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
481
481
 
482
482
  context 'when segments are passing validation' do
483
483
  let(:segmentQuery) { 'SELECT * FROM products;' }
@@ -526,7 +526,7 @@ module ForestLiana
526
526
  end
527
527
 
528
528
  describe 'readEnabled permission' do
529
- subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user_id: user_id) }
529
+ subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
530
530
 
531
531
  context 'when user has the required permission' do
532
532
  it 'should be authorized' do
@@ -544,7 +544,7 @@ module ForestLiana
544
544
  end
545
545
 
546
546
  describe 'addEnabled permission' do
547
- subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user_id: user_id) }
547
+ subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
548
548
 
549
549
  context 'when user has the required permission' do
550
550
  it 'should be authorized' do
@@ -562,7 +562,7 @@ module ForestLiana
562
562
  end
563
563
 
564
564
  describe 'editEnabled permission' do
565
- subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user_id: user_id) }
565
+ subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
566
566
 
567
567
  context 'when user has the required permission' do
568
568
  it 'should be authorized' do
@@ -580,7 +580,7 @@ module ForestLiana
580
580
  end
581
581
 
582
582
  describe 'deleteEnabled permission' do
583
- subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user_id: user_id) }
583
+ subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
584
584
 
585
585
  context 'when user has the required permission' do
586
586
  it 'should be authorized' do
@@ -604,7 +604,7 @@ module ForestLiana
604
604
  fake_ressource,
605
605
  'actions',
606
606
  default_rendering_id,
607
- user_id: user_id,
607
+ user: user,
608
608
  smart_action_request_info: smart_action_request_info
609
609
  )
610
610
  }
@@ -653,7 +653,7 @@ module ForestLiana
653
653
  let(:collection_name) { 'all_rights_collection_user_list' }
654
654
 
655
655
  describe 'exportEnabled permission' do
656
- subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user_id: user_id) }
656
+ subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
657
657
 
658
658
  context 'when user has the required permission' do
659
659
  it 'should be authorized' do
@@ -671,13 +671,13 @@ module ForestLiana
671
671
  end
672
672
 
673
673
  describe 'browseEnabled permission' do
674
- let(:collection_list_parameters) { { :user_id => "1", :filters => nil } }
674
+ let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
675
675
  subject {
676
676
  described_class.new(
677
677
  fake_ressource,
678
678
  'browseEnabled',
679
679
  default_rendering_id,
680
- user_id: user_id,
680
+ user: user,
681
681
  collection_list_parameters: collection_list_parameters
682
682
  )
683
683
  }
@@ -698,7 +698,7 @@ module ForestLiana
698
698
  end
699
699
 
700
700
  describe 'readEnabled permission' do
701
- subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user_id: user_id) }
701
+ subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
702
702
 
703
703
  context 'when user has the required permission' do
704
704
  it 'should be authorized' do
@@ -716,7 +716,7 @@ module ForestLiana
716
716
  end
717
717
 
718
718
  describe 'addEnabled permission' do
719
- subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user_id: user_id) }
719
+ subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
720
720
 
721
721
  context 'when user has the required permission' do
722
722
  it 'should be authorized' do
@@ -734,7 +734,7 @@ module ForestLiana
734
734
  end
735
735
 
736
736
  describe 'editEnabled permission' do
737
- subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user_id: user_id) }
737
+ subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
738
738
 
739
739
  context 'when user has the required permission' do
740
740
  it 'should be authorized' do
@@ -752,7 +752,7 @@ module ForestLiana
752
752
  end
753
753
 
754
754
  describe 'deleteEnabled permission' do
755
- subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user_id: user_id) }
755
+ subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
756
756
 
757
757
  context 'when user has the required permission' do
758
758
  it 'should be authorized' do
@@ -776,7 +776,7 @@ module ForestLiana
776
776
  fake_ressource,
777
777
  'actions',
778
778
  default_rendering_id,
779
- user_id: user_id,
779
+ user: user,
780
780
  smart_action_request_info: smart_action_request_info
781
781
  )
782
782
  }
@@ -822,7 +822,7 @@ module ForestLiana
822
822
 
823
823
  # searchToEdit permission checker should not be called anymore once rolesAcl activated
824
824
  describe 'searchToEdit permission' do
825
- subject { described_class.new(fake_ressource, 'searchToEdit', default_rendering_id, user_id: user_id) }
825
+ subject { described_class.new(fake_ressource, 'searchToEdit', default_rendering_id, user: user) }
826
826
 
827
827
  context 'when user has all permissions' do
828
828
  it 'should NOT be authorized' do
@@ -4,7 +4,6 @@ module ForestLiana
4
4
  described_class.empty_cache
5
5
  end
6
6
 
7
- let(:user_id) { 1 }
8
7
  let(:schema) {
9
8
  [
10
9
  ForestLiana::Model::Collection.new({
@@ -50,7 +49,7 @@ module ForestLiana
50
49
  "stats" => {
51
50
  "queries" => [
52
51
  'SELECT COUNT(*) AS value FROM products;',
53
- 'SELECT COUNT(*) AS value FROM sometings;'
52
+ 'SELECT COUNT(*) AS value FROM somethings;'
54
53
  ],
55
54
  "values" => [
56
55
  {
@@ -79,35 +78,79 @@ module ForestLiana
79
78
  end
80
79
 
81
80
  context 'when permissions liveQueries' do
81
+ let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
82
82
  context 'contains the query' do
83
+ subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT COUNT(*) AS value FROM somethings;') }
84
+
85
+ it 'should be authorized' do
86
+ expect(subject.is_authorized?).to be true
87
+ end
88
+ end
89
+
90
+ context 'does not contains the query' do
91
+ subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT * FROM products WHERE category = Gifts OR 1=1-- AND released = 1') }
92
+ it 'should NOT be authorized' do
93
+ expect(subject.is_authorized?).to be false
94
+ end
95
+ end
96
+ end
97
+
98
+ context 'exectute liveQueries when user' do
99
+ context 'has correct permission_level' do
100
+ let(:user) { { 'id' => '1', 'permission_level' => 'admin' } }
101
+ subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT COUNT(*) AS value FROM somethings;') }
102
+
103
+ it 'should be authorized' do
104
+ expect(subject.is_authorized?).to be true
105
+ end
106
+ end
107
+
108
+ context 'does not have the correct permission_level' do
109
+ let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
110
+ subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT * FROM products WHERE category = Gifts OR 1=1-- AND released = 1') }
111
+ it 'should NOT be authorized' do
112
+ expect(subject.is_authorized?).to be false
113
+ end
114
+ end
115
+ end
116
+
117
+ context 'when permissions statWithParameters' do
118
+ let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
119
+ context 'contains the stat with the same parameters' do
83
120
  request_info = {
84
121
  "type" => "Value",
85
122
  "collection" => "Product",
86
123
  "aggregate" => "Count"
87
124
  };
88
- subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user_id: user_id, query_request_info: 'SELECT COUNT(*) AS value FROM sometings;') }
125
+ subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: request_info) }
89
126
 
90
127
  it 'should be authorized' do
91
128
  expect(subject.is_authorized?).to be true
92
129
  end
93
130
  end
94
131
 
95
- context 'does not contains the query' do
96
- subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user_id: user_id, query_request_info: 'SELECT * FROM products WHERE category = Gifts OR 1=1-- AND released = 1') }
132
+ context 'does not contains the stat with the same parameters' do
133
+ other_request_info = {
134
+ "type" => "Leaderboard",
135
+ "collection" => "Product",
136
+ "aggregate" => "Sum"
137
+ };
138
+ subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: other_request_info) }
97
139
  it 'should NOT be authorized' do
98
140
  expect(subject.is_authorized?).to be false
99
141
  end
100
142
  end
101
143
  end
102
144
 
103
- context 'when permissions statWithParameters' do
104
- context 'contains the stat with the same parameters' do
145
+ context 'execute statWithParameters when user' do
146
+ context 'has correct permission_level' do
147
+ let(:user) { { 'id' => '1', 'permission_level' => 'admin' } }
105
148
  request_info = {
106
149
  "type" => "Value",
107
150
  "collection" => "Product",
108
151
  "aggregate" => "Count"
109
152
  };
110
- subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user_id: user_id, query_request_info: request_info) }
153
+ subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: request_info) }
111
154
 
112
155
  it 'should be authorized' do
113
156
  expect(subject.is_authorized?).to be true
@@ -115,12 +158,13 @@ module ForestLiana
115
158
  end
116
159
 
117
160
  context 'does not contains the stat with the same parameters' do
161
+ let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
118
162
  other_request_info = {
119
163
  "type" => "Leaderboard",
120
164
  "collection" => "Product",
121
165
  "aggregate" => "Sum"
122
166
  };
123
- subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user_id: user_id, query_request_info: other_request_info) }
167
+ subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: other_request_info) }
124
168
  it 'should NOT be authorized' do
125
169
  expect(subject.is_authorized?).to be false
126
170
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: forest_liana
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.6.13
4
+ version: 7.6.14
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sandro Munda
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-08-23 00:00:00.000000000 Z
11
+ date: 2022-09-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails