forest_liana 7.8.0 → 8.0.0.beta.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/forest_liana/actions_controller.rb +5 -3
  3. data/app/controllers/forest_liana/application_controller.rb +15 -0
  4. data/app/controllers/forest_liana/resources_controller.rb +31 -57
  5. data/app/controllers/forest_liana/smart_actions_controller.rb +44 -58
  6. data/app/controllers/forest_liana/stats_controller.rb +14 -58
  7. data/app/services/forest_liana/ability/exceptions/access_denied.rb +16 -0
  8. data/app/services/forest_liana/ability/exceptions/action_condition_error.rb +16 -0
  9. data/app/services/forest_liana/ability/exceptions/require_approval.rb +18 -0
  10. data/app/services/forest_liana/ability/exceptions/trigger_forbidden.rb +16 -0
  11. data/app/services/forest_liana/ability/fetch.rb +23 -0
  12. data/app/services/forest_liana/ability/permission/request_permission.rb +19 -0
  13. data/app/services/forest_liana/ability/permission/smart_action_checker.rb +71 -0
  14. data/app/services/forest_liana/ability/permission.rb +148 -0
  15. data/app/services/forest_liana/ability.rb +24 -0
  16. data/app/services/forest_liana/filters_parser.rb +7 -7
  17. data/app/services/forest_liana/leaderboard_stat_getter.rb +7 -7
  18. data/app/services/forest_liana/line_stat_getter.rb +8 -8
  19. data/app/services/forest_liana/pie_stat_getter.rb +17 -17
  20. data/app/services/forest_liana/stat_getter.rb +1 -2
  21. data/app/services/forest_liana/value_stat_getter.rb +7 -7
  22. data/lib/forest_liana/bootstrapper.rb +1 -1
  23. data/lib/forest_liana/version.rb +1 -1
  24. data/spec/dummy/lib/forest_liana/collections/island.rb +1 -1
  25. data/spec/requests/actions_controller_spec.rb +3 -4
  26. data/spec/requests/count_spec.rb +5 -9
  27. data/spec/requests/resources_spec.rb +55 -11
  28. data/spec/requests/stats_spec.rb +103 -42
  29. data/spec/services/forest_liana/ability/ability_spec.rb +48 -0
  30. data/spec/services/forest_liana/ability/permission/smart_action_checker_spec.rb +357 -0
  31. data/spec/services/forest_liana/ability/permission_spec.rb +332 -0
  32. data/spec/services/forest_liana/filters_parser_spec.rb +0 -12
  33. data/spec/services/forest_liana/line_stat_getter_spec.rb +9 -9
  34. data/spec/services/forest_liana/pie_stat_getter_spec.rb +7 -7
  35. data/spec/services/forest_liana/value_stat_getter_spec.rb +11 -11
  36. data/spec/spec_helper.rb +1 -0
  37. metadata +33 -17
  38. data/app/services/forest_liana/permissions_checker.rb +0 -223
  39. data/app/services/forest_liana/permissions_formatter.rb +0 -52
  40. data/app/services/forest_liana/permissions_getter.rb +0 -59
  41. data/spec/services/forest_liana/permissions_checker_acl_disabled_spec.rb +0 -713
  42. data/spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb +0 -845
  43. data/spec/services/forest_liana/permissions_checker_live_queries_spec.rb +0 -175
  44. data/spec/services/forest_liana/permissions_formatter_spec.rb +0 -222
  45. data/spec/services/forest_liana/permissions_getter_spec.rb +0 -83
@@ -1,713 +0,0 @@
1
- module ForestLiana
2
- describe PermissionsChecker do
3
- before(:each) do
4
- described_class.empty_cache
5
- end
6
-
7
- let(:user) { { 'id' => '1' } }
8
- let(:schema) {
9
- [
10
- ForestLiana::Model::Collection.new({
11
- name: 'all_rights_collection',
12
- fields: [],
13
- actions: [
14
- ForestLiana::Model::Action.new({
15
- name: 'Test',
16
- endpoint: 'forest/actions/Test',
17
- http_method: 'POST'
18
- }), ForestLiana::Model::Action.new({
19
- name: 'TestPut',
20
- endpoint: 'forest/actions/Test',
21
- http_method: 'PUT'
22
- }), ForestLiana::Model::Action.new({
23
- name: 'TestRestricted',
24
- endpoint: 'forest/actions/TestRestricted',
25
- http_method: 'POST'
26
- }), ForestLiana::Model::Action.new({
27
- name: 'Test Default Values',
28
- })
29
- ]
30
- }), ForestLiana::Model::Collection.new({
31
- name: 'no_rights_collection',
32
- fields: [],
33
- actions: [
34
- ForestLiana::Model::Action.new({
35
- name: 'Test',
36
- endpoint: 'forest/actions/Test',
37
- http_method: 'POST'
38
- })
39
- ]
40
- }), ForestLiana::Model::Collection.new({
41
- name: 'custom',
42
- fields: [],
43
- actions: []
44
- })
45
- ]
46
- }
47
- let(:default_api_permissions) {
48
- {
49
- "data" => {
50
- "all_rights_collection" => {
51
- "collection" => {
52
- "list" => true,
53
- "show" => true,
54
- "create" => true,
55
- "update" => true,
56
- "delete" => true,
57
- "export" => true,
58
- "searchToEdit" => true
59
- },
60
- "actions" => {
61
- "Test" => {
62
- "allowed" => true,
63
- "users" => nil
64
- },
65
- "TestPut" => {
66
- "allowed" => false,
67
- "users" => nil
68
- },
69
- "TestRestricted" => {
70
- "allowed" => true,
71
- "users" => [1]
72
- },
73
- "Test Default Values" => {
74
- "allowed" => true,
75
- "users" => nil
76
- },
77
- },
78
- "segments" => nil
79
- },
80
- "no_rights_collection" => {
81
- "collection" => {
82
- "list" => false,
83
- "show" => false,
84
- "create" => false,
85
- "update" => false,
86
- "delete" => false,
87
- "export" => false,
88
- "searchToEdit" => false
89
- },
90
- "actions" => {
91
- "Test" => {
92
- "allowed" => false,
93
- "users" => nil
94
- }
95
- },
96
- "segments" => nil
97
- },
98
- },
99
- "meta" => {
100
- "rolesACLActivated" => false
101
- }
102
- }
103
- }
104
-
105
- before do
106
- allow(ForestLiana).to receive(:name_for).and_return(collection_name)
107
- allow(ForestLiana).to receive(:apimap).and_return(schema)
108
- end
109
-
110
- describe 'handling cache' do
111
- let(:collection_name) { 'all_rights_collection' }
112
- let(:fake_ressource) { collection_name }
113
- let(:default_rendering_id) { 1 }
114
-
115
- context 'when calling twice the same permissions' do
116
- before do
117
- # clones is called to duplicate the returned value and not use to same (which results in an error
118
- # as the permissions is edited through the formatter)
119
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering) { default_api_permissions.clone }
120
- end
121
-
122
- context 'after expiration time' do
123
- before do
124
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
125
- # Needed to enforce ENV stub
126
- described_class.empty_cache
127
- end
128
-
129
- it 'should call the API twice' do
130
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
131
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
132
-
133
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).twice
134
- end
135
- end
136
-
137
- context 'before expiration time' do
138
- it 'should call the API only once' do
139
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
140
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
141
-
142
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).once
143
- end
144
- end
145
- end
146
-
147
- context 'with permissions coming from 2 different renderings' do
148
- let(:collection_name) { 'custom' }
149
-
150
- let(:segments_permissions) { nil }
151
- let(:api_permissions_rendering_1) {
152
- {
153
- "data" => {
154
- "custom" => {
155
- "collection" => {
156
- "list" => true,
157
- "show" => true,
158
- "create" => true,
159
- "update" => true,
160
- "delete" => true,
161
- "export" => true,
162
- "searchToEdit" => true
163
- },
164
- "actions" => { },
165
- "segments" => segments_permissions
166
- },
167
- },
168
- "meta" => {
169
- "rolesACLActivated" => false
170
- }
171
- }
172
- }
173
- let(:api_permissions_rendering_2) {
174
- api_permissions_rendering_2 = api_permissions_rendering_1.deep_dup
175
- api_permissions_rendering_2['data']['custom']['collection']['export'] = false
176
- api_permissions_rendering_2
177
- }
178
- let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1, user: user).is_authorized? }
179
- let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2, user: user).is_authorized? }
180
-
181
- before do
182
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering)
183
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(1).and_return(api_permissions_rendering_1)
184
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(2).and_return(api_permissions_rendering_2)
185
- end
186
-
187
- it 'should return 2 different values' do
188
- expect(authorized_to_export_rendering_1).to eq true
189
- expect(authorized_to_export_rendering_2).to eq false
190
- end
191
- end
192
- end
193
-
194
- context 'renderings cache' do
195
- let(:fake_ressource) { collection_name }
196
- let(:rendering_id) { 1 }
197
- let(:collection_name) { 'custom' }
198
- let(:segments_permissions) { { rendering_id => { 'custom' => nil } } }
199
- let(:api_permissions) {
200
- {
201
- "data" => {
202
- "custom" => {
203
- "collection" => {
204
- "list" => true,
205
- "show" => true,
206
- "create" => true,
207
- "update" => true,
208
- "delete" => true,
209
- "export" => true,
210
- "searchToEdit" => true
211
- },
212
- "actions" => { },
213
- "segments" => nil
214
- },
215
- },
216
- "meta" => {
217
- "rolesACLActivated" => false
218
- }
219
- }
220
- }
221
- let(:api_permissions_rendering_only) {
222
- {
223
- "data" => {
224
- 'collections' => { },
225
- 'renderings' => segments_permissions
226
- },
227
- "meta" => {
228
- "rolesACLActivated" => false
229
- }
230
- }
231
- }
232
-
233
- before do
234
- # clones is called to duplicate the returned value and not use to same (which results in an error
235
- # as the permissions is edited through the formatter)
236
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(rendering_id) { api_permissions.clone }
237
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).and_return(api_permissions_rendering_only)
238
- end
239
-
240
- context 'when checking once for authorization' do
241
- context 'when checking browseEnabled' do
242
- context 'when expiration value is set to its default' do
243
- it 'should not call the API to refresh the renderings cache' do
244
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
245
-
246
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
247
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
248
- end
249
- end
250
-
251
- context 'when expiration value is set in the past' do
252
- before do
253
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
254
- # Needed to enforce ENV stub
255
- described_class.empty_cache
256
- end
257
-
258
- it 'should call the API to refresh the renderings cache' do
259
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
260
-
261
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
262
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).once
263
- end
264
- end
265
- end
266
-
267
- # Only browse permission requires segments
268
- context 'when checking exportEnabled' do
269
- context 'when expiration value is set in the past' do
270
- before do
271
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
272
- # Needed to enforce ENV stub
273
- described_class.empty_cache
274
- end
275
- end
276
-
277
- it 'should NOT call the API to refresh the renderings cache' do
278
- described_class.new(fake_ressource, 'exportEnabled', rendering_id, user: user).is_authorized?
279
-
280
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
281
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
282
- end
283
- end
284
- end
285
-
286
- context 'when checking twice for authorization' do
287
- context 'on the same rendering' do
288
- context 'when renderings permission has NOT expired' do
289
- it 'should NOT call the API to refresh the renderings permissions' do
290
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
291
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
292
-
293
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
294
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
295
- end
296
- end
297
-
298
- context 'when renderings permission has expired' do
299
- before do
300
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
301
- # Needed to enforce ENV stub
302
- described_class.empty_cache
303
- end
304
-
305
- it 'should call the API to refresh the renderings permissions' do
306
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
307
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
308
-
309
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).twice
310
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).twice
311
- end
312
- end
313
- end
314
-
315
- context 'on two different renderings' do
316
- let(:other_rendering_id) { 2 }
317
- let(:api_permissions_rendering_only) {
318
- {
319
- "data" => {
320
- 'collections' => { },
321
- 'renderings' => {
322
- '2' => { 'custom' => nil }
323
- }
324
- },
325
- "meta" => {
326
- "rolesACLActivated" => false
327
- }
328
- }
329
- }
330
- let(:api_permissions_copy) { api_permissions.clone }
331
-
332
- before do
333
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(other_rendering_id).and_return(api_permissions_copy)
334
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(other_rendering_id, rendering_specific_only: true).and_return(api_permissions_rendering_only)
335
- end
336
-
337
- it 'should not call the API to refresh the rederings permissions' do
338
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
339
- described_class.new(fake_ressource, 'browseEnabled', other_rendering_id, user: user).is_authorized?
340
-
341
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
342
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(other_rendering_id).once
343
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
344
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(other_rendering_id, rendering_specific_only: true)
345
- end
346
- end
347
- end
348
- end
349
-
350
- describe '#is_authorized?' do
351
- # Resource is only used to retrieve the collection name as it's stubbed it does not
352
- # need to be defined
353
- let(:fake_ressource) { collection_name }
354
- let(:default_rendering_id) { 1 }
355
- let(:api_permissions) { default_api_permissions }
356
- let(:collection_name) { 'all_rights_collection' }
357
-
358
- before do
359
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).and_return(api_permissions)
360
- end
361
-
362
- context 'when permissions does NOT have rolesACLActivated' do
363
- describe 'exportEnabled permission' do
364
- subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
365
-
366
- context 'when user has the required permission' do
367
- it 'should be authorized' do
368
- expect(subject.is_authorized?).to be true
369
- end
370
- end
371
-
372
- context 'when user has not the required permission' do
373
- let(:collection_name) { 'no_rights_collection' }
374
-
375
- it 'should NOT be authorized' do
376
- expect(subject.is_authorized?).to be false
377
- end
378
- end
379
- end
380
-
381
- describe 'browseEnabled permission' do
382
- let(:collection_name) { 'custom' }
383
- subject { described_class.new(fake_ressource, 'browseEnabled', default_rendering_id, user: user) }
384
- let(:segments_permissions) { nil }
385
- let(:default_api_permissions) {
386
- {
387
- "data" => {
388
- "custom" => {
389
- "collection" => collection_permissions,
390
- "actions" => { },
391
- "segments" => segments_permissions
392
- },
393
- },
394
- "meta" => {
395
- "rolesACLActivated" => false
396
- }
397
- }
398
- }
399
-
400
- context 'when user has list permission' do
401
- let(:collection_permissions) {
402
- {
403
- "list" => true,
404
- "show" => false,
405
- "create" => false,
406
- "update" => false,
407
- "delete" => false,
408
- "export" => false,
409
- "searchToEdit" => false
410
- }
411
- }
412
-
413
- it 'should be authorized' do
414
- expect(subject.is_authorized?).to be true
415
- end
416
- end
417
-
418
- context 'when user has searchToEdit permission' do
419
- let(:collection_permissions) {
420
- {
421
- "list" => false,
422
- "show" => false,
423
- "create" => false,
424
- "update" => false,
425
- "delete" => false,
426
- "export" => false,
427
- "searchToEdit" => true
428
- }
429
- }
430
-
431
- it 'should be authorized' do
432
- expect(subject.is_authorized?).to be true
433
- end
434
- end
435
-
436
- context 'when user has not the list nor the searchToEdit permission' do
437
- let(:collection_permissions) {
438
- {
439
- "list" => false,
440
- "show" => false,
441
- "create" => false,
442
- "update" => false,
443
- "delete" => false,
444
- "export" => false,
445
- "searchToEdit" => false
446
- }
447
- }
448
-
449
- it 'should be NOT authorized' do
450
- expect(subject.is_authorized?).to be false
451
- end
452
- end
453
-
454
- context 'when providing collection_list_parameters' do
455
- let(:collection_permissions) {
456
- {
457
- "list" => true,
458
- "show" => false,
459
- "create" => false,
460
- "update" => false,
461
- "delete" => false,
462
- "export" => false,
463
- "searchToEdit" => false
464
- }
465
- }
466
- let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
467
-
468
- subject {
469
- described_class.new(
470
- fake_ressource,
471
- 'browseEnabled',
472
- default_rendering_id,
473
- user: user,
474
- collection_list_parameters: collection_list_parameters
475
- )
476
- }
477
-
478
- context 'when user has the required permission' do
479
- it 'should be authorized' do
480
- expect(subject.is_authorized?).to be true
481
- end
482
- end
483
-
484
- context 'when user has no segments and param segmentQuery is there' do
485
- let(:segmentQuery) { 'SELECT * FROM products;' }
486
- let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
487
- it 'should be authorized' do
488
- expect(subject.is_authorized?).to be false
489
- end
490
- end
491
-
492
- context 'when segments are defined' do
493
- let(:segments_permissions) { ['SELECT * FROM products;', 'SELECT * FROM sellers;'] }
494
- let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
495
-
496
- context 'when segments are passing validation' do
497
- let(:segmentQuery) { 'SELECT * FROM products;' }
498
- it 'should return true' do
499
- expect(subject.is_authorized?).to be true
500
- end
501
- end
502
-
503
- context 'when segments are NOT passing validation' do
504
- let(:segmentQuery) { 'SELECT * FROM rockets WHERE name = "Starship";' }
505
- it 'should return false' do
506
- expect(subject.is_authorized?).to be false
507
- end
508
- end
509
-
510
- context 'when received union segments NOT passing validation' do
511
- let(:segmentQuery) { 'SELECT * FROM sellers/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2' }
512
- it 'should return false' do
513
- expect(subject.is_authorized?).to be false
514
- end
515
- end
516
-
517
- context 'when received union segments passing validation' do
518
- let(:segmentQuery) { 'SELECT * FROM sellers/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION SELECT * FROM products' }
519
- it 'should return true' do
520
- expect(subject.is_authorized?).to be true
521
- end
522
- end
523
- context 'when received union segments with UNION inside passing validation' do
524
- let(:segmentQuery) { 'SELECT COUNT(*) AS value FROM products/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2' }
525
- let(:segments_permissions) { ['SELECT COUNT(*) AS value FROM products;', 'SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2;', 'SELECT * FROM products;', 'SELECT * FROM sellers;'] }
526
- it 'should return true' do
527
- expect(subject.is_authorized?).to be true
528
- end
529
- end
530
- end
531
-
532
- context 'when user has not the required permission' do
533
- let(:collection_permissions) {
534
- {
535
- "list" => false,
536
- "show" => false,
537
- "create" => false,
538
- "update" => false,
539
- "delete" => false,
540
- "export" => false,
541
- "searchToEdit" => false
542
- }
543
- }
544
-
545
- it 'should NOT be authorized' do
546
- expect(subject.is_authorized?).to be false
547
- end
548
- end
549
- end
550
- end
551
-
552
- describe 'readEnabled permission' do
553
- subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
554
-
555
- context 'when user has the required permission' do
556
- it 'should be authorized' do
557
- expect(subject.is_authorized?).to be true
558
- end
559
- end
560
-
561
- context 'when user has not the required permission' do
562
- let(:collection_name) { 'no_rights_collection' }
563
-
564
- it 'should NOT be authorized' do
565
- expect(subject.is_authorized?).to be false
566
- end
567
- end
568
- end
569
-
570
- describe 'addEnabled permission' do
571
- subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
572
-
573
- context 'when user has the required permission' do
574
- it 'should be authorized' do
575
- expect(subject.is_authorized?).to be true
576
- end
577
- end
578
-
579
- context 'when user has not the required permission' do
580
- let(:collection_name) { 'no_rights_collection' }
581
-
582
- it 'should NOT be authorized' do
583
- expect(subject.is_authorized?).to be false
584
- end
585
- end
586
- end
587
-
588
- describe 'editEnabled permission' do
589
- subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
590
-
591
- context 'when user has the required permission' do
592
- it 'should be authorized' do
593
- expect(subject.is_authorized?).to be true
594
- end
595
- end
596
-
597
- context 'when user has not the required permission' do
598
- let(:collection_name) { 'no_rights_collection' }
599
-
600
- it 'should NOT be authorized' do
601
- expect(subject.is_authorized?).to be false
602
- end
603
- end
604
- end
605
-
606
- describe 'deleteEnabled permission' do
607
- subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
608
-
609
- context 'when user has the required permission' do
610
- it 'should be authorized' do
611
- expect(subject.is_authorized?).to be true
612
- end
613
- end
614
-
615
- context 'when user has not the required permission' do
616
- let(:collection_name) { 'no_rights_collection' }
617
-
618
- it 'should NOT be authorized' do
619
- expect(subject.is_authorized?).to be false
620
- end
621
- end
622
- end
623
-
624
- describe 'actions permission' do
625
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'POST' } }
626
- subject {
627
- described_class.new(
628
- fake_ressource,
629
- 'actions',
630
- default_rendering_id,
631
- user: user,
632
- smart_action_request_info: smart_action_request_info
633
- )
634
- }
635
-
636
- context 'when user has the required permission' do
637
-
638
- it 'should be authorized' do
639
- expect(subject.is_authorized?).to be true
640
- end
641
- end
642
-
643
- context 'when user has not the required permission' do
644
- let(:collection_name) { 'no_rights_collection' }
645
-
646
- it 'should NOT be authorized' do
647
- expect(subject.is_authorized?).to be false
648
- end
649
- end
650
-
651
- context 'when endpoint is missing from smart action parameters' do
652
- let(:smart_action_request_info) { { http_method: 'POST' } }
653
-
654
- it 'user should NOT be authorized' do
655
- expect(subject.is_authorized?).to be false
656
- end
657
- end
658
-
659
- context 'when http_method is missing from smart action parameters' do
660
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test' } }
661
-
662
- it 'user should NOT be authorized' do
663
- expect(subject.is_authorized?).to be false
664
- end
665
- end
666
-
667
- context 'when the provided endpoint is not part of the schema' do
668
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'DELETE' } }
669
-
670
- it 'user should NOT be authorized' do
671
- expect(subject.is_authorized?).to be false
672
- end
673
- end
674
-
675
- context 'when the action permissions contains a list of user ids' do
676
- context 'when user id is NOT part of the authorized users' do
677
- let(:user) { { 'id' => '2' } }
678
- let(:smart_action_request_info) { { endpoint: 'forest/actions/TestRestricted', http_method: 'POST' } }
679
-
680
- it 'user should NOT be authorized' do
681
- expect(subject.is_authorized?).to be false
682
- end
683
- end
684
-
685
- context 'when user id is part of the authorized users' do
686
- let(:smart_action_request_info) { { endpoint: 'forest/actions/TestRestricted', http_method: 'POST' } }
687
-
688
- it 'user should be authorized' do
689
- expect(subject.is_authorized?).to be true
690
- end
691
- end
692
- end
693
-
694
- context 'when the action has been created with default http endpoint and method in the schema' do
695
- let(:smart_action_request_info) { { endpoint: 'forest/actions/test-default-values', http_method: 'POST' } }
696
-
697
- it 'user should be authorized' do
698
- expect(subject.is_authorized?).to be true
699
- end
700
- end
701
-
702
- context 'when the action has the same enpoint as an other' do
703
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'PUT' } }
704
-
705
- it 'user should NOT be authorized' do
706
- expect(subject.is_authorized?).to be false
707
- end
708
- end
709
- end
710
- end
711
- end
712
- end
713
- end