forest_liana 7.8.0 → 8.0.0.beta.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/forest_liana/actions_controller.rb +5 -3
  3. data/app/controllers/forest_liana/application_controller.rb +15 -0
  4. data/app/controllers/forest_liana/resources_controller.rb +31 -57
  5. data/app/controllers/forest_liana/smart_actions_controller.rb +44 -58
  6. data/app/controllers/forest_liana/stats_controller.rb +14 -58
  7. data/app/services/forest_liana/ability/exceptions/access_denied.rb +16 -0
  8. data/app/services/forest_liana/ability/exceptions/action_condition_error.rb +16 -0
  9. data/app/services/forest_liana/ability/exceptions/require_approval.rb +18 -0
  10. data/app/services/forest_liana/ability/exceptions/trigger_forbidden.rb +16 -0
  11. data/app/services/forest_liana/ability/fetch.rb +23 -0
  12. data/app/services/forest_liana/ability/permission/request_permission.rb +19 -0
  13. data/app/services/forest_liana/ability/permission/smart_action_checker.rb +71 -0
  14. data/app/services/forest_liana/ability/permission.rb +148 -0
  15. data/app/services/forest_liana/ability.rb +24 -0
  16. data/app/services/forest_liana/filters_parser.rb +7 -7
  17. data/app/services/forest_liana/leaderboard_stat_getter.rb +7 -7
  18. data/app/services/forest_liana/line_stat_getter.rb +8 -8
  19. data/app/services/forest_liana/pie_stat_getter.rb +17 -17
  20. data/app/services/forest_liana/stat_getter.rb +1 -2
  21. data/app/services/forest_liana/value_stat_getter.rb +7 -7
  22. data/lib/forest_liana/bootstrapper.rb +1 -1
  23. data/lib/forest_liana/version.rb +1 -1
  24. data/spec/dummy/lib/forest_liana/collections/island.rb +1 -1
  25. data/spec/requests/actions_controller_spec.rb +3 -4
  26. data/spec/requests/count_spec.rb +5 -9
  27. data/spec/requests/resources_spec.rb +55 -11
  28. data/spec/requests/stats_spec.rb +103 -42
  29. data/spec/services/forest_liana/ability/ability_spec.rb +48 -0
  30. data/spec/services/forest_liana/ability/permission/smart_action_checker_spec.rb +357 -0
  31. data/spec/services/forest_liana/ability/permission_spec.rb +332 -0
  32. data/spec/services/forest_liana/filters_parser_spec.rb +0 -12
  33. data/spec/services/forest_liana/line_stat_getter_spec.rb +9 -9
  34. data/spec/services/forest_liana/pie_stat_getter_spec.rb +7 -7
  35. data/spec/services/forest_liana/value_stat_getter_spec.rb +11 -11
  36. data/spec/spec_helper.rb +1 -0
  37. metadata +33 -17
  38. data/app/services/forest_liana/permissions_checker.rb +0 -223
  39. data/app/services/forest_liana/permissions_formatter.rb +0 -52
  40. data/app/services/forest_liana/permissions_getter.rb +0 -59
  41. data/spec/services/forest_liana/permissions_checker_acl_disabled_spec.rb +0 -713
  42. data/spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb +0 -845
  43. data/spec/services/forest_liana/permissions_checker_live_queries_spec.rb +0 -175
  44. data/spec/services/forest_liana/permissions_formatter_spec.rb +0 -222
  45. data/spec/services/forest_liana/permissions_getter_spec.rb +0 -83
@@ -1,845 +0,0 @@
1
- module ForestLiana
2
- describe PermissionsChecker do
3
- before(:each) do
4
- described_class.empty_cache
5
- end
6
-
7
- let(:user) { { 'id' => '1' } }
8
- let(:schema) {
9
- [
10
- ForestLiana::Model::Collection.new({
11
- name: 'all_rights_collection_boolean',
12
- fields: [],
13
- actions: [
14
- ForestLiana::Model::Action.new({
15
- name: 'Test',
16
- endpoint: 'forest/actions/Test',
17
- http_method: 'POST'
18
- })
19
- ]
20
- }), ForestLiana::Model::Collection.new({
21
- name: 'no_rights_collection_boolean',
22
- fields: [],
23
- actions: [
24
- ForestLiana::Model::Action.new({
25
- name: 'Test',
26
- endpoint: 'forest/actions/Test',
27
- http_method: 'POST'
28
- })
29
- ]
30
- }), ForestLiana::Model::Collection.new({
31
- name: 'all_rights_collection_user_list',
32
- fields: [],
33
- actions: [
34
- ForestLiana::Model::Action.new({
35
- name: 'Test',
36
- endpoint: 'forest/actions/Test',
37
- http_method: 'POST'
38
- })
39
- ]
40
- }), ForestLiana::Model::Collection.new({
41
- name: 'no_rights_collection_user_list',
42
- fields: [],
43
- actions: [
44
- ForestLiana::Model::Action.new({
45
- name: 'Test',
46
- endpoint: 'forest/actions/Test',
47
- http_method: 'POST'
48
- })
49
- ]
50
- })
51
- ]
52
- }
53
- let(:default_rendering_id) { 1 }
54
- let(:segments_permissions) { { default_rendering_id => { 'segments' => nil } } }
55
- let(:default_api_permissions) {
56
- {
57
- "data" => {
58
- 'collections' => {
59
- "all_rights_collection_boolean" => {
60
- "collection" => {
61
- "browseEnabled" => true,
62
- "readEnabled" => true,
63
- "editEnabled" => true,
64
- "addEnabled" => true,
65
- "deleteEnabled" => true,
66
- "exportEnabled" => true
67
- },
68
- "actions" => {
69
- "Test" => {
70
- "triggerEnabled" => true
71
- },
72
- }
73
- },
74
- "all_rights_collection_user_list" => {
75
- "collection" => {
76
- "browseEnabled" => [1],
77
- "readEnabled" => [1],
78
- "editEnabled" => [1],
79
- "addEnabled" => [1],
80
- "deleteEnabled" => [1],
81
- "exportEnabled" => [1]
82
- },
83
- "actions" => {
84
- "Test" => {
85
- "triggerEnabled" => [1]
86
- },
87
- }
88
- },
89
- "no_rights_collection_boolean" => {
90
- "collection" => {
91
- "browseEnabled" => false,
92
- "readEnabled" => false,
93
- "editEnabled" => false,
94
- "addEnabled" => false,
95
- "deleteEnabled" => false,
96
- "exportEnabled" => false
97
- },
98
- "actions" => {
99
- "Test" => {
100
- "triggerEnabled" => false
101
- },
102
- }
103
- },
104
- "no_rights_collection_user_list" => {
105
- "collection" => {
106
- "browseEnabled" => [],
107
- "readEnabled" => [],
108
- "editEnabled" => [],
109
- "addEnabled" => [],
110
- "deleteEnabled" => [],
111
- "exportEnabled" => []
112
- },
113
- "actions" => {
114
- "Test" => {
115
- "triggerEnabled" => []
116
- },
117
- }
118
- },
119
- },
120
- 'renderings' => segments_permissions
121
- },
122
- "stats" => {
123
- "queries"=>[],
124
- },
125
- "meta" => {
126
- "rolesACLActivated" => true
127
- }
128
- }
129
- }
130
-
131
- before do
132
- allow(ForestLiana).to receive(:apimap).and_return(schema)
133
- allow(ForestLiana).to receive(:name_for).and_return(collection_name)
134
- end
135
-
136
- describe 'handling cache' do
137
- let(:collection_name) { 'all_rights_collection_boolean' }
138
- let(:fake_ressource) { collection_name }
139
- let(:default_rendering_id) { 1 }
140
-
141
- context 'collections cache' do
142
- context 'when calling twice the same permissions' do
143
- before do
144
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).and_return(default_api_permissions)
145
- end
146
-
147
- context 'after expiration time' do
148
- before do
149
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
150
- # Needed to enforce ENV stub
151
- described_class.empty_cache
152
- end
153
-
154
- it 'should call the API twice' do
155
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
156
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
157
-
158
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).twice
159
- end
160
- end
161
-
162
- context 'before expiration time' do
163
- it 'should call the API only once' do
164
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
165
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
166
-
167
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).once
168
- end
169
- end
170
- end
171
-
172
- context 'with permissions coming from 2 different renderings' do
173
- before do
174
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering)
175
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(1).and_return(api_permissions_rendering_1)
176
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(2).and_return(api_permissions_rendering_2)
177
- end
178
-
179
- let(:collection_name) { 'custom' }
180
- let(:segments_permissions) { { default_rendering_id => { 'custom' => nil }, 2 => { 'custom' => nil } } }
181
- let(:api_permissions_rendering_1) {
182
- {
183
- "data" => {
184
- 'collections' => {
185
- "custom" => {
186
- "collection" => {
187
- "browseEnabled" => false,
188
- "readEnabled" => true,
189
- "editEnabled" => true,
190
- "addEnabled" => true,
191
- "deleteEnabled" => true,
192
- "exportEnabled" => true
193
- },
194
- "actions" => { }
195
- },
196
- },
197
- 'renderings' => segments_permissions
198
- },
199
- "meta" => {
200
- "rolesACLActivated" => true
201
- }
202
- }
203
- }
204
- let(:api_permissions_rendering_2) {
205
- api_permissions_rendering_2 = api_permissions_rendering_1.deep_dup
206
- api_permissions_rendering_2['data']['collections']['custom']['collection']['exportEnabled'] = false
207
- api_permissions_rendering_2['data']['collections']['custom']['collection']['browseEnabled'] = true
208
- api_permissions_rendering_2
209
- }
210
-
211
- context 'when the first call is authorized' do
212
- let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1, user: user).is_authorized? }
213
- let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2, user: user).is_authorized? }
214
-
215
- # Even if the value are different, the permissions are cross rendering thus another call
216
- # to the api wont be made until the permission expires
217
- it 'should return the same value' do
218
- expect(authorized_to_export_rendering_1).to eq true
219
- expect(authorized_to_export_rendering_2).to eq true
220
- end
221
-
222
- it 'should call the API only once' do
223
- authorized_to_export_rendering_1
224
- authorized_to_export_rendering_2
225
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).once
226
- end
227
- end
228
-
229
- # If not authorized the cached version is not used
230
- context 'when the first call is not authorized' do
231
- let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'browseEnabled', 1, user: user).is_authorized? }
232
- let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'browseEnabled', 2, user: user).is_authorized? }
233
-
234
- it 'should return different value' do
235
- expect(authorized_to_export_rendering_1).to eq false
236
- expect(authorized_to_export_rendering_2).to eq true
237
- end
238
-
239
- it 'should call the API twice' do
240
- authorized_to_export_rendering_1
241
- authorized_to_export_rendering_2
242
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).twice
243
- end
244
- end
245
- end
246
- end
247
-
248
- context 'renderings cache' do
249
- let(:rendering_id) { 1 }
250
- let(:collection_name) { 'custom' }
251
- let(:segments_permissions) { { rendering_id => { 'custom' => nil } } }
252
- let(:api_permissions) {
253
- {
254
- "data" => {
255
- 'collections' => {
256
- "custom" => {
257
- "collection" => {
258
- "browseEnabled" => true,
259
- "readEnabled" => true,
260
- "editEnabled" => true,
261
- "addEnabled" => true,
262
- "deleteEnabled" => true,
263
- "exportEnabled" => true
264
- },
265
- "actions" => { }
266
- },
267
- },
268
- 'renderings' => segments_permissions
269
- },
270
- "meta" => {
271
- "rolesACLActivated" => true
272
- }
273
- }
274
- }
275
- let(:api_permissions_rendering_only) {
276
- {
277
- "data" => {
278
- 'collections' => { },
279
- 'renderings' => segments_permissions
280
- },
281
- "meta" => {
282
- "rolesACLActivated" => true
283
- }
284
- }
285
- }
286
-
287
- before do
288
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(rendering_id).and_return(api_permissions)
289
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).and_return(api_permissions_rendering_only)
290
- end
291
-
292
- context 'when checking once for authorization' do
293
- context 'when checking browseEnabled' do
294
- context 'when expiration value is set to its default' do
295
- it 'should not call the API to refresh the renderings cache' do
296
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
297
-
298
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
299
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
300
- end
301
- end
302
-
303
- context 'when expiration value is set in the past' do
304
- before do
305
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
306
- # Needed to enforce ENV stub
307
- described_class.empty_cache
308
- end
309
-
310
- it 'should call the API to refresh the renderings cache' do
311
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
312
-
313
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
314
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).once
315
- end
316
- end
317
- end
318
-
319
- # Only browse permission requires segments
320
- context 'when checking exportEnabled' do
321
- context 'when expiration value is set in the past' do
322
- before do
323
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
324
- # Needed to enforce ENV stub
325
- described_class.empty_cache
326
- end
327
- end
328
-
329
- it 'should NOT call the API to refresh the rendering cache' do
330
- described_class.new(fake_ressource, 'exportEnabled', rendering_id, user: user).is_authorized?
331
-
332
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
333
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
334
- end
335
- end
336
- end
337
-
338
- context 'when checking twice for authorization' do
339
- context 'on the same rendering' do
340
- context 'when rendering permission has NOT expired' do
341
- it 'should NOT call the API to refresh the rendering permissions' do
342
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
343
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
344
-
345
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
346
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
347
- end
348
- end
349
-
350
- context 'when renderings permission has expired' do
351
- before do
352
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
353
- # Needed to enforce ENV stub
354
- described_class.empty_cache
355
- end
356
-
357
- it 'should call the API to refresh the rendering permissions' do
358
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
359
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
360
-
361
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).twice
362
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).twice
363
- end
364
- end
365
- end
366
-
367
- context 'on two different renderings' do
368
- let(:other_rendering_id) { 2 }
369
- let(:api_permissions_rendering_only) {
370
- {
371
- "data" => {
372
- 'collections' => { },
373
- 'renderings' => {
374
- other_rendering_id => { 'custom' => nil }
375
- }
376
- },
377
- "stats" => {
378
- "somestats" => [],
379
- },
380
- "meta" => {
381
- "rolesACLActivated" => true
382
- }
383
- }
384
- }
385
-
386
- before do
387
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(other_rendering_id, rendering_specific_only: true).and_return(api_permissions_rendering_only)
388
- end
389
-
390
- it 'should call the API to refresh the rendering permissions' do
391
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
392
- described_class.new(fake_ressource, 'browseEnabled', other_rendering_id, user: user).is_authorized?
393
-
394
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
395
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(other_rendering_id, rendering_specific_only: true).once
396
- end
397
- end
398
- end
399
- end
400
- end
401
-
402
- describe '#is_authorized?' do
403
- # Resource is only used to retrieve the collection name as it's stub it does not
404
- # need to be defined
405
- let(:fake_ressource) { collection_name }
406
- let(:default_rendering_id) { nil }
407
- let(:api_permissions) { default_api_permissions }
408
-
409
- before do
410
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).and_return(api_permissions)
411
- end
412
-
413
- context 'when permissions have rolesACLActivated' do
414
- context 'with true/false permission values' do
415
- let(:collection_name) { 'all_rights_collection_boolean' }
416
-
417
- describe 'exportEnabled permission' do
418
- subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
419
-
420
- context 'when user has the required permission' do
421
- it 'should be authorized' do
422
- expect(subject.is_authorized?).to be true
423
- end
424
- end
425
-
426
- context 'when user has not the required permission' do
427
- let(:collection_name) { 'no_rights_collection_boolean' }
428
-
429
- it 'should NOT be authorized' do
430
- expect(subject.is_authorized?).to be false
431
- end
432
- end
433
- end
434
-
435
- describe 'browseEnbled permission' do
436
- let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
437
- subject {
438
- described_class.new(
439
- fake_ressource,
440
- 'browseEnabled',
441
- default_rendering_id,
442
- user: user,
443
- collection_list_parameters: collection_list_parameters
444
- )
445
- }
446
-
447
- context 'when user has the required permission' do
448
- it 'should be authorized' do
449
- expect(subject.is_authorized?).to be true
450
- end
451
- end
452
-
453
- context 'when user has not the required permission' do
454
- let(:collection_name) { 'no_rights_collection_boolean' }
455
-
456
- it 'should NOT be authorized' do
457
- expect(subject.is_authorized?).to be false
458
- end
459
- end
460
-
461
- context 'when user has no segments queries permissions and param segmentQuery is there' do
462
- let(:segmentQuery) { 'SELECT * FROM products;' }
463
- let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
464
- it 'should be authorized' do
465
- expect(subject.is_authorized?).to be false
466
- end
467
- end
468
-
469
- context 'when segments are defined' do
470
- let(:default_rendering_id) { 1 }
471
- let(:segments_permissions) {
472
- {
473
- default_rendering_id => {
474
- collection_name => {
475
- 'segments' => ['SELECT * FROM products;', 'SELECT * FROM sellers;']
476
- }
477
- }
478
- }
479
- }
480
- let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
481
-
482
- context 'when segments are passing validation' do
483
- let(:segmentQuery) { 'SELECT * FROM products;' }
484
- it 'should return true' do
485
- expect(subject.is_authorized?).to be true
486
- end
487
- end
488
-
489
- context 'when segments are NOT passing validation' do
490
- let(:segmentQuery) { 'SELECT * FROM rockets WHERE name = "Starship";' }
491
- it 'should return false' do
492
- expect(subject.is_authorized?).to be false
493
- end
494
- end
495
-
496
- context 'when received union segments NOT passing validation' do
497
- let(:segmentQuery) { 'SELECT * FROM sellers/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2' }
498
- it 'should return false' do
499
- expect(subject.is_authorized?).to be false
500
- end
501
- end
502
-
503
- context 'when received union segments passing validation' do
504
- let(:segmentQuery) { 'SELECT * FROM sellers/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION SELECT * FROM products' }
505
- it 'should return true' do
506
- expect(subject.is_authorized?).to be true
507
- end
508
- end
509
-
510
- context 'when received union segments with UNION inside passing validation' do
511
- let(:segmentQuery) { 'SELECT COUNT(*) AS value FROM products/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2' }
512
- let(:segments_permissions) {
513
- {
514
- default_rendering_id => {
515
- collection_name => {
516
- 'segments' => ['SELECT COUNT(*) AS value FROM products;', 'SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2;', 'SELECT * FROM products;', 'SELECT * FROM sellers;']
517
- }
518
- }
519
- }
520
- }
521
- it 'should return true' do
522
- expect(subject.is_authorized?).to be true
523
- end
524
- end
525
- end
526
- end
527
-
528
- describe 'readEnabled permission' do
529
- subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
530
-
531
- context 'when user has the required permission' do
532
- it 'should be authorized' do
533
- expect(subject.is_authorized?).to be true
534
- end
535
- end
536
-
537
- context 'when user has not the required permission' do
538
- let(:collection_name) { 'no_rights_collection_boolean' }
539
-
540
- it 'should NOT be authorized' do
541
- expect(subject.is_authorized?).to be false
542
- end
543
- end
544
- end
545
-
546
- describe 'addEnabled permission' do
547
- subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
548
-
549
- context 'when user has the required permission' do
550
- it 'should be authorized' do
551
- expect(subject.is_authorized?).to be true
552
- end
553
- end
554
-
555
- context 'when user has not the required permission' do
556
- let(:collection_name) { 'no_rights_collection_boolean' }
557
-
558
- it 'should NOT be authorized' do
559
- expect(subject.is_authorized?).to be false
560
- end
561
- end
562
- end
563
-
564
- describe 'editEnabled permission' do
565
- subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
566
-
567
- context 'when user has the required permission' do
568
- it 'should be authorized' do
569
- expect(subject.is_authorized?).to be true
570
- end
571
- end
572
-
573
- context 'when user has not the required permission' do
574
- let(:collection_name) { 'no_rights_collection_boolean' }
575
-
576
- it 'should NOT be authorized' do
577
- expect(subject.is_authorized?).to be false
578
- end
579
- end
580
- end
581
-
582
- describe 'deleteEnabled permission' do
583
- subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
584
-
585
- context 'when user has the required permission' do
586
- it 'should be authorized' do
587
- expect(subject.is_authorized?).to be true
588
- end
589
- end
590
-
591
- context 'when user has not the required permission' do
592
- let(:collection_name) { 'no_rights_collection_boolean' }
593
-
594
- it 'should NOT be authorized' do
595
- expect(subject.is_authorized?).to be false
596
- end
597
- end
598
- end
599
-
600
- describe 'actions permission' do
601
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'POST' } }
602
- subject {
603
- described_class.new(
604
- fake_ressource,
605
- 'actions',
606
- default_rendering_id,
607
- user: user,
608
- smart_action_request_info: smart_action_request_info
609
- )
610
- }
611
-
612
- context 'when user has the required permission' do
613
- it 'should be authorized' do
614
- expect(subject.is_authorized?).to be true
615
- end
616
- end
617
-
618
- context 'when user has not the required permission' do
619
- let(:collection_name) { 'no_rights_collection_boolean' }
620
-
621
- it 'should NOT be authorized' do
622
- expect(subject.is_authorized?).to be false
623
- end
624
- end
625
-
626
- context 'when endpoint is missing from smart action parameters' do
627
- let(:smart_action_request_info) { { http_method: 'POST' } }
628
-
629
- it 'user should NOT be authorized' do
630
- expect(subject.is_authorized?).to be false
631
- end
632
- end
633
-
634
- context 'when http_method is missing from smart action parameters' do
635
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test' } }
636
-
637
- it 'user should NOT be authorized' do
638
- expect(subject.is_authorized?).to be false
639
- end
640
- end
641
-
642
- context 'when the provided endpoint is not part of the schema' do
643
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'DELETE' } }
644
-
645
- it 'user should NOT be authorized' do
646
- expect(subject.is_authorized?).to be false
647
- end
648
- end
649
- end
650
- end
651
-
652
- context 'with userId list permission values' do
653
- let(:collection_name) { 'all_rights_collection_user_list' }
654
-
655
- describe 'exportEnabled permission' do
656
- subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
657
-
658
- context 'when user has the required permission' do
659
- it 'should be authorized' do
660
- expect(subject.is_authorized?).to be true
661
- end
662
- end
663
-
664
- context 'when user has not the required permission' do
665
- let(:collection_name) { 'no_rights_collection_user_list' }
666
-
667
- it 'should NOT be authorized' do
668
- expect(subject.is_authorized?).to be false
669
- end
670
- end
671
- end
672
-
673
- describe 'browseEnabled permission' do
674
- let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
675
- subject {
676
- described_class.new(
677
- fake_ressource,
678
- 'browseEnabled',
679
- default_rendering_id,
680
- user: user,
681
- collection_list_parameters: collection_list_parameters
682
- )
683
- }
684
-
685
- context 'when user has the required permission' do
686
- it 'should be authorized' do
687
- expect(subject.is_authorized?).to be true
688
- end
689
- end
690
-
691
- context 'when user has not the required permission' do
692
- let(:collection_name) { 'no_rights_collection_user_list' }
693
-
694
- it 'should NOT be authorized' do
695
- expect(subject.is_authorized?).to be false
696
- end
697
- end
698
- end
699
-
700
- describe 'readEnabled permission' do
701
- subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
702
-
703
- context 'when user has the required permission' do
704
- it 'should be authorized' do
705
- expect(subject.is_authorized?).to be true
706
- end
707
- end
708
-
709
- context 'when user has not the required permission' do
710
- let(:collection_name) { 'no_rights_collection_user_list' }
711
-
712
- it 'should NOT be authorized' do
713
- expect(subject.is_authorized?).to be false
714
- end
715
- end
716
- end
717
-
718
- describe 'addEnabled permission' do
719
- subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
720
-
721
- context 'when user has the required permission' do
722
- it 'should be authorized' do
723
- expect(subject.is_authorized?).to be true
724
- end
725
- end
726
-
727
- context 'when user has not the required permission' do
728
- let(:collection_name) { 'no_rights_collection_user_list' }
729
-
730
- it 'should NOT be authorized' do
731
- expect(subject.is_authorized?).to be false
732
- end
733
- end
734
- end
735
-
736
- describe 'editEnabled permission' do
737
- subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
738
-
739
- context 'when user has the required permission' do
740
- it 'should be authorized' do
741
- expect(subject.is_authorized?).to be true
742
- end
743
- end
744
-
745
- context 'when user has not the required permission' do
746
- let(:collection_name) { 'no_rights_collection_user_list' }
747
-
748
- it 'should NOT be authorized' do
749
- expect(subject.is_authorized?).to be false
750
- end
751
- end
752
- end
753
-
754
- describe 'deleteEnabled permission' do
755
- subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
756
-
757
- context 'when user has the required permission' do
758
- it 'should be authorized' do
759
- expect(subject.is_authorized?).to be true
760
- end
761
- end
762
-
763
- context 'when user has not the required permission' do
764
- let(:collection_name) { 'no_rights_collection_user_list' }
765
-
766
- it 'should NOT be authorized' do
767
- expect(subject.is_authorized?).to be false
768
- end
769
- end
770
- end
771
-
772
- describe 'actions permission' do
773
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'POST' } }
774
- subject {
775
- described_class.new(
776
- fake_ressource,
777
- 'actions',
778
- default_rendering_id,
779
- user: user,
780
- smart_action_request_info: smart_action_request_info
781
- )
782
- }
783
-
784
- context 'when user has the required permission' do
785
- it 'should be authorized' do
786
- expect(subject.is_authorized?).to be true
787
- end
788
- end
789
-
790
- context 'when user has not the required permission' do
791
- let(:collection_name) { 'no_rights_collection_user_list' }
792
-
793
- it 'should NOT be authorized' do
794
- expect(subject.is_authorized?).to be false
795
- end
796
- end
797
-
798
- context 'when endpoint is missing from smart action parameters' do
799
- let(:smart_action_request_info) { { http_method: 'POST' } }
800
-
801
- it 'user should NOT be authorized' do
802
- expect(subject.is_authorized?).to be false
803
- end
804
- end
805
-
806
- context 'when http_method is missing from smart action parameters' do
807
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test' } }
808
-
809
- it 'user should NOT be authorized' do
810
- expect(subject.is_authorized?).to be false
811
- end
812
- end
813
-
814
- context 'when the provided endpoint is not part of the schema' do
815
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'DELETE' } }
816
-
817
- it 'user should NOT be authorized' do
818
- expect(subject.is_authorized?).to be false
819
- end
820
- end
821
- end
822
-
823
- # searchToEdit permission checker should not be called anymore once rolesAcl activated
824
- describe 'searchToEdit permission' do
825
- subject { described_class.new(fake_ressource, 'searchToEdit', default_rendering_id, user: user) }
826
-
827
- context 'when user has all permissions' do
828
- it 'should NOT be authorized' do
829
- expect(subject.is_authorized?).to be false
830
- end
831
- end
832
-
833
- context 'when user has no permissions' do
834
- let(:collection_name) { 'no_rights_collection_user_list' }
835
-
836
- it 'should NOT be authorized' do
837
- expect(subject.is_authorized?).to be false
838
- end
839
- end
840
- end
841
- end
842
- end
843
- end
844
- end
845
- end