forest_liana 7.8.0 → 8.0.0.beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/forest_liana/actions_controller.rb +5 -3
  3. data/app/controllers/forest_liana/application_controller.rb +15 -0
  4. data/app/controllers/forest_liana/resources_controller.rb +31 -57
  5. data/app/controllers/forest_liana/smart_actions_controller.rb +44 -58
  6. data/app/controllers/forest_liana/stats_controller.rb +14 -58
  7. data/app/services/forest_liana/ability/exceptions/access_denied.rb +16 -0
  8. data/app/services/forest_liana/ability/exceptions/action_condition_error.rb +16 -0
  9. data/app/services/forest_liana/ability/exceptions/require_approval.rb +18 -0
  10. data/app/services/forest_liana/ability/exceptions/trigger_forbidden.rb +16 -0
  11. data/app/services/forest_liana/ability/fetch.rb +23 -0
  12. data/app/services/forest_liana/ability/permission/request_permission.rb +19 -0
  13. data/app/services/forest_liana/ability/permission/smart_action_checker.rb +71 -0
  14. data/app/services/forest_liana/ability/permission.rb +148 -0
  15. data/app/services/forest_liana/ability.rb +24 -0
  16. data/app/services/forest_liana/filters_parser.rb +7 -7
  17. data/app/services/forest_liana/leaderboard_stat_getter.rb +7 -7
  18. data/app/services/forest_liana/line_stat_getter.rb +8 -8
  19. data/app/services/forest_liana/pie_stat_getter.rb +17 -17
  20. data/app/services/forest_liana/stat_getter.rb +1 -2
  21. data/app/services/forest_liana/value_stat_getter.rb +7 -7
  22. data/lib/forest_liana/bootstrapper.rb +1 -1
  23. data/lib/forest_liana/version.rb +1 -1
  24. data/spec/dummy/lib/forest_liana/collections/island.rb +1 -1
  25. data/spec/requests/actions_controller_spec.rb +3 -4
  26. data/spec/requests/count_spec.rb +5 -9
  27. data/spec/requests/resources_spec.rb +55 -11
  28. data/spec/requests/stats_spec.rb +103 -42
  29. data/spec/services/forest_liana/ability/ability_spec.rb +48 -0
  30. data/spec/services/forest_liana/ability/permission/smart_action_checker_spec.rb +357 -0
  31. data/spec/services/forest_liana/ability/permission_spec.rb +332 -0
  32. data/spec/services/forest_liana/filters_parser_spec.rb +0 -12
  33. data/spec/services/forest_liana/line_stat_getter_spec.rb +9 -9
  34. data/spec/services/forest_liana/pie_stat_getter_spec.rb +7 -7
  35. data/spec/services/forest_liana/value_stat_getter_spec.rb +11 -11
  36. data/spec/spec_helper.rb +1 -0
  37. metadata +33 -17
  38. data/app/services/forest_liana/permissions_checker.rb +0 -223
  39. data/app/services/forest_liana/permissions_formatter.rb +0 -52
  40. data/app/services/forest_liana/permissions_getter.rb +0 -59
  41. data/spec/services/forest_liana/permissions_checker_acl_disabled_spec.rb +0 -713
  42. data/spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb +0 -845
  43. data/spec/services/forest_liana/permissions_checker_live_queries_spec.rb +0 -175
  44. data/spec/services/forest_liana/permissions_formatter_spec.rb +0 -222
  45. data/spec/services/forest_liana/permissions_getter_spec.rb +0 -83
data/spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb DELETED
@@ -1,845 +0,0 @@
1
- module ForestLiana
2
- describe PermissionsChecker do
3
- before(:each) do
4
- described_class.empty_cache
5
- end
6
-
7
- let(:user) { { 'id' => '1' } }
8
- let(:schema) {
9
- [
10
- ForestLiana::Model::Collection.new({
11
- name: 'all_rights_collection_boolean',
12
- fields: [],
13
- actions: [
14
- ForestLiana::Model::Action.new({
15
- name: 'Test',
16
- endpoint: 'forest/actions/Test',
17
- http_method: 'POST'
18
- })
19
- ]
20
- }), ForestLiana::Model::Collection.new({
21
- name: 'no_rights_collection_boolean',
22
- fields: [],
23
- actions: [
24
- ForestLiana::Model::Action.new({
25
- name: 'Test',
26
- endpoint: 'forest/actions/Test',
27
- http_method: 'POST'
28
- })
29
- ]
30
- }), ForestLiana::Model::Collection.new({
31
- name: 'all_rights_collection_user_list',
32
- fields: [],
33
- actions: [
34
- ForestLiana::Model::Action.new({
35
- name: 'Test',
36
- endpoint: 'forest/actions/Test',
37
- http_method: 'POST'
38
- })
39
- ]
40
- }), ForestLiana::Model::Collection.new({
41
- name: 'no_rights_collection_user_list',
42
- fields: [],
43
- actions: [
44
- ForestLiana::Model::Action.new({
45
- name: 'Test',
46
- endpoint: 'forest/actions/Test',
47
- http_method: 'POST'
48
- })
49
- ]
50
- })
51
- ]
52
- }
53
- let(:default_rendering_id) { 1 }
54
- let(:segments_permissions) { { default_rendering_id => { 'segments' => nil } } }
55
- let(:default_api_permissions) {
56
- {
57
- "data" => {
58
- 'collections' => {
59
- "all_rights_collection_boolean" => {
60
- "collection" => {
61
- "browseEnabled" => true,
62
- "readEnabled" => true,
63
- "editEnabled" => true,
64
- "addEnabled" => true,
65
- "deleteEnabled" => true,
66
- "exportEnabled" => true
67
- },
68
- "actions" => {
69
- "Test" => {
70
- "triggerEnabled" => true
71
- },
72
- }
73
- },
74
- "all_rights_collection_user_list" => {
75
- "collection" => {
76
- "browseEnabled" => [1],
77
- "readEnabled" => [1],
78
- "editEnabled" => [1],
79
- "addEnabled" => [1],
80
- "deleteEnabled" => [1],
81
- "exportEnabled" => [1]
82
- },
83
- "actions" => {
84
- "Test" => {
85
- "triggerEnabled" => [1]
86
- },
87
- }
88
- },
89
- "no_rights_collection_boolean" => {
90
- "collection" => {
91
- "browseEnabled" => false,
92
- "readEnabled" => false,
93
- "editEnabled" => false,
94
- "addEnabled" => false,
95
- "deleteEnabled" => false,
96
- "exportEnabled" => false
97
- },
98
- "actions" => {
99
- "Test" => {
100
- "triggerEnabled" => false
101
- },
102
- }
103
- },
104
- "no_rights_collection_user_list" => {
105
- "collection" => {
106
- "browseEnabled" => [],
107
- "readEnabled" => [],
108
- "editEnabled" => [],
109
- "addEnabled" => [],
110
- "deleteEnabled" => [],
111
- "exportEnabled" => []
112
- },
113
- "actions" => {
114
- "Test" => {
115
- "triggerEnabled" => []
116
- },
117
- }
118
- },
119
- },
120
- 'renderings' => segments_permissions
121
- },
122
- "stats" => {
123
- "queries"=>[],
124
- },
125
- "meta" => {
126
- "rolesACLActivated" => true
127
- }
128
- }
129
- }
130
-
131
- before do
132
- allow(ForestLiana).to receive(:apimap).and_return(schema)
133
- allow(ForestLiana).to receive(:name_for).and_return(collection_name)
134
- end
135
-
136
- describe 'handling cache' do
137
- let(:collection_name) { 'all_rights_collection_boolean' }
138
- let(:fake_ressource) { collection_name }
139
- let(:default_rendering_id) { 1 }
140
-
141
- context 'collections cache' do
142
- context 'when calling twice the same permissions' do
143
- before do
144
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).and_return(default_api_permissions)
145
- end
146
-
147
- context 'after expiration time' do
148
- before do
149
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
150
- # Needed to enforce ENV stub
151
- described_class.empty_cache
152
- end
153
-
154
- it 'should call the API twice' do
155
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
156
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
157
-
158
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).twice
159
- end
160
- end
161
-
162
- context 'before expiration time' do
163
- it 'should call the API only once' do
164
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
165
- described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user).is_authorized?
166
-
167
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).once
168
- end
169
- end
170
- end
171
-
172
- context 'with permissions coming from 2 different renderings' do
173
- before do
174
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering)
175
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(1).and_return(api_permissions_rendering_1)
176
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(2).and_return(api_permissions_rendering_2)
177
- end
178
-
179
- let(:collection_name) { 'custom' }
180
- let(:segments_permissions) { { default_rendering_id => { 'custom' => nil }, 2 => { 'custom' => nil } } }
181
- let(:api_permissions_rendering_1) {
182
- {
183
- "data" => {
184
- 'collections' => {
185
- "custom" => {
186
- "collection" => {
187
- "browseEnabled" => false,
188
- "readEnabled" => true,
189
- "editEnabled" => true,
190
- "addEnabled" => true,
191
- "deleteEnabled" => true,
192
- "exportEnabled" => true
193
- },
194
- "actions" => { }
195
- },
196
- },
197
- 'renderings' => segments_permissions
198
- },
199
- "meta" => {
200
- "rolesACLActivated" => true
201
- }
202
- }
203
- }
204
- let(:api_permissions_rendering_2) {
205
- api_permissions_rendering_2 = api_permissions_rendering_1.deep_dup
206
- api_permissions_rendering_2['data']['collections']['custom']['collection']['exportEnabled'] = false
207
- api_permissions_rendering_2['data']['collections']['custom']['collection']['browseEnabled'] = true
208
- api_permissions_rendering_2
209
- }
210
-
211
- context 'when the first call is authorized' do
212
- let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'exportEnabled', 1, user: user).is_authorized? }
213
- let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'exportEnabled', 2, user: user).is_authorized? }
214
-
215
- # Even if the value are different, the permissions are cross rendering thus another call
216
- # to the api wont be made until the permission expires
217
- it 'should return the same value' do
218
- expect(authorized_to_export_rendering_1).to eq true
219
- expect(authorized_to_export_rendering_2).to eq true
220
- end
221
-
222
- it 'should call the API only once' do
223
- authorized_to_export_rendering_1
224
- authorized_to_export_rendering_2
225
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).once
226
- end
227
- end
228
-
229
- # If not authorized the cached version is not used
230
- context 'when the first call is not authorized' do
231
- let(:authorized_to_export_rendering_1) { described_class.new(fake_ressource, 'browseEnabled', 1, user: user).is_authorized? }
232
- let(:authorized_to_export_rendering_2) { described_class.new(fake_ressource, 'browseEnabled', 2, user: user).is_authorized? }
233
-
234
- it 'should return different value' do
235
- expect(authorized_to_export_rendering_1).to eq false
236
- expect(authorized_to_export_rendering_2).to eq true
237
- end
238
-
239
- it 'should call the API twice' do
240
- authorized_to_export_rendering_1
241
- authorized_to_export_rendering_2
242
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).twice
243
- end
244
- end
245
- end
246
- end
247
-
248
- context 'renderings cache' do
249
- let(:rendering_id) { 1 }
250
- let(:collection_name) { 'custom' }
251
- let(:segments_permissions) { { rendering_id => { 'custom' => nil } } }
252
- let(:api_permissions) {
253
- {
254
- "data" => {
255
- 'collections' => {
256
- "custom" => {
257
- "collection" => {
258
- "browseEnabled" => true,
259
- "readEnabled" => true,
260
- "editEnabled" => true,
261
- "addEnabled" => true,
262
- "deleteEnabled" => true,
263
- "exportEnabled" => true
264
- },
265
- "actions" => { }
266
- },
267
- },
268
- 'renderings' => segments_permissions
269
- },
270
- "meta" => {
271
- "rolesACLActivated" => true
272
- }
273
- }
274
- }
275
- let(:api_permissions_rendering_only) {
276
- {
277
- "data" => {
278
- 'collections' => { },
279
- 'renderings' => segments_permissions
280
- },
281
- "meta" => {
282
- "rolesACLActivated" => true
283
- }
284
- }
285
- }
286
-
287
- before do
288
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(rendering_id).and_return(api_permissions)
289
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).and_return(api_permissions_rendering_only)
290
- end
291
-
292
- context 'when checking once for authorization' do
293
- context 'when checking browseEnabled' do
294
- context 'when expiration value is set to its default' do
295
- it 'should not call the API to refresh the renderings cache' do
296
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
297
-
298
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
299
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
300
- end
301
- end
302
-
303
- context 'when expiration value is set in the past' do
304
- before do
305
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
306
- # Needed to enforce ENV stub
307
- described_class.empty_cache
308
- end
309
-
310
- it 'should call the API to refresh the renderings cache' do
311
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
312
-
313
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
314
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).once
315
- end
316
- end
317
- end
318
-
319
- # Only browse permission requires segments
320
- context 'when checking exportEnabled' do
321
- context 'when expiration value is set in the past' do
322
- before do
323
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
324
- # Needed to enforce ENV stub
325
- described_class.empty_cache
326
- end
327
- end
328
-
329
- it 'should NOT call the API to refresh the rendering cache' do
330
- described_class.new(fake_ressource, 'exportEnabled', rendering_id, user: user).is_authorized?
331
-
332
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
333
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
334
- end
335
- end
336
- end
337
-
338
- context 'when checking twice for authorization' do
339
- context 'on the same rendering' do
340
- context 'when rendering permission has NOT expired' do
341
- it 'should NOT call the API to refresh the rendering permissions' do
342
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
343
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
344
-
345
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
346
- expect(ForestLiana::PermissionsGetter).not_to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true)
347
- end
348
- end
349
-
350
- context 'when renderings permission has expired' do
351
- before do
352
- allow(ENV).to receive(:[]).with('FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS').and_return('-1')
353
- # Needed to enforce ENV stub
354
- described_class.empty_cache
355
- end
356
-
357
- it 'should call the API to refresh the rendering permissions' do
358
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
359
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
360
-
361
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).twice
362
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id, rendering_specific_only: true).twice
363
- end
364
- end
365
- end
366
-
367
- context 'on two different renderings' do
368
- let(:other_rendering_id) { 2 }
369
- let(:api_permissions_rendering_only) {
370
- {
371
- "data" => {
372
- 'collections' => { },
373
- 'renderings' => {
374
- other_rendering_id => { 'custom' => nil }
375
- }
376
- },
377
- "stats" => {
378
- "somestats" => [],
379
- },
380
- "meta" => {
381
- "rolesACLActivated" => true
382
- }
383
- }
384
- }
385
-
386
- before do
387
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).with(other_rendering_id, rendering_specific_only: true).and_return(api_permissions_rendering_only)
388
- end
389
-
390
- it 'should call the API to refresh the rendering permissions' do
391
- described_class.new(fake_ressource, 'browseEnabled', rendering_id, user: user).is_authorized?
392
- described_class.new(fake_ressource, 'browseEnabled', other_rendering_id, user: user).is_authorized?
393
-
394
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(rendering_id).once
395
- expect(ForestLiana::PermissionsGetter).to have_received(:get_permissions_for_rendering).with(other_rendering_id, rendering_specific_only: true).once
396
- end
397
- end
398
- end
399
- end
400
- end
401
-
402
- describe '#is_authorized?' do
403
- # Resource is only used to retrieve the collection name as it's stub it does not
404
- # need to be defined
405
- let(:fake_ressource) { collection_name }
406
- let(:default_rendering_id) { nil }
407
- let(:api_permissions) { default_api_permissions }
408
-
409
- before do
410
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).and_return(api_permissions)
411
- end
412
-
413
- context 'when permissions have rolesACLActivated' do
414
- context 'with true/false permission values' do
415
- let(:collection_name) { 'all_rights_collection_boolean' }
416
-
417
- describe 'exportEnabled permission' do
418
- subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
419
-
420
- context 'when user has the required permission' do
421
- it 'should be authorized' do
422
- expect(subject.is_authorized?).to be true
423
- end
424
- end
425
-
426
- context 'when user has not the required permission' do
427
- let(:collection_name) { 'no_rights_collection_boolean' }
428
-
429
- it 'should NOT be authorized' do
430
- expect(subject.is_authorized?).to be false
431
- end
432
- end
433
- end
434
-
435
- describe 'browseEnbled permission' do
436
- let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
437
- subject {
438
- described_class.new(
439
- fake_ressource,
440
- 'browseEnabled',
441
- default_rendering_id,
442
- user: user,
443
- collection_list_parameters: collection_list_parameters
444
- )
445
- }
446
-
447
- context 'when user has the required permission' do
448
- it 'should be authorized' do
449
- expect(subject.is_authorized?).to be true
450
- end
451
- end
452
-
453
- context 'when user has not the required permission' do
454
- let(:collection_name) { 'no_rights_collection_boolean' }
455
-
456
- it 'should NOT be authorized' do
457
- expect(subject.is_authorized?).to be false
458
- end
459
- end
460
-
461
- context 'when user has no segments queries permissions and param segmentQuery is there' do
462
- let(:segmentQuery) { 'SELECT * FROM products;' }
463
- let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
464
- it 'should be authorized' do
465
- expect(subject.is_authorized?).to be false
466
- end
467
- end
468
-
469
- context 'when segments are defined' do
470
- let(:default_rendering_id) { 1 }
471
- let(:segments_permissions) {
472
- {
473
- default_rendering_id => {
474
- collection_name => {
475
- 'segments' => ['SELECT * FROM products;', 'SELECT * FROM sellers;']
476
- }
477
- }
478
- }
479
- }
480
- let(:collection_list_parameters) { { :user => ["id" => "1"], :segmentQuery => segmentQuery } }
481
-
482
- context 'when segments are passing validation' do
483
- let(:segmentQuery) { 'SELECT * FROM products;' }
484
- it 'should return true' do
485
- expect(subject.is_authorized?).to be true
486
- end
487
- end
488
-
489
- context 'when segments are NOT passing validation' do
490
- let(:segmentQuery) { 'SELECT * FROM rockets WHERE name = "Starship";' }
491
- it 'should return false' do
492
- expect(subject.is_authorized?).to be false
493
- end
494
- end
495
-
496
- context 'when received union segments NOT passing validation' do
497
- let(:segmentQuery) { 'SELECT * FROM sellers/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2' }
498
- it 'should return false' do
499
- expect(subject.is_authorized?).to be false
500
- end
501
- end
502
-
503
- context 'when received union segments passing validation' do
504
- let(:segmentQuery) { 'SELECT * FROM sellers/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION SELECT * FROM products' }
505
- it 'should return true' do
506
- expect(subject.is_authorized?).to be true
507
- end
508
- end
509
-
510
- context 'when received union segments with UNION inside passing validation' do
511
- let(:segmentQuery) { 'SELECT COUNT(*) AS value FROM products/*MULTI-SEGMENTS-QUERIES-UNION*/ UNION SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2' }
512
- let(:segments_permissions) {
513
- {
514
- default_rendering_id => {
515
- collection_name => {
516
- 'segments' => ['SELECT COUNT(*) AS value FROM products;', 'SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2;', 'SELECT * FROM products;', 'SELECT * FROM sellers;']
517
- }
518
- }
519
- }
520
- }
521
- it 'should return true' do
522
- expect(subject.is_authorized?).to be true
523
- end
524
- end
525
- end
526
- end
527
-
528
- describe 'readEnabled permission' do
529
- subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
530
-
531
- context 'when user has the required permission' do
532
- it 'should be authorized' do
533
- expect(subject.is_authorized?).to be true
534
- end
535
- end
536
-
537
- context 'when user has not the required permission' do
538
- let(:collection_name) { 'no_rights_collection_boolean' }
539
-
540
- it 'should NOT be authorized' do
541
- expect(subject.is_authorized?).to be false
542
- end
543
- end
544
- end
545
-
546
- describe 'addEnabled permission' do
547
- subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
548
-
549
- context 'when user has the required permission' do
550
- it 'should be authorized' do
551
- expect(subject.is_authorized?).to be true
552
- end
553
- end
554
-
555
- context 'when user has not the required permission' do
556
- let(:collection_name) { 'no_rights_collection_boolean' }
557
-
558
- it 'should NOT be authorized' do
559
- expect(subject.is_authorized?).to be false
560
- end
561
- end
562
- end
563
-
564
- describe 'editEnabled permission' do
565
- subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
566
-
567
- context 'when user has the required permission' do
568
- it 'should be authorized' do
569
- expect(subject.is_authorized?).to be true
570
- end
571
- end
572
-
573
- context 'when user has not the required permission' do
574
- let(:collection_name) { 'no_rights_collection_boolean' }
575
-
576
- it 'should NOT be authorized' do
577
- expect(subject.is_authorized?).to be false
578
- end
579
- end
580
- end
581
-
582
- describe 'deleteEnabled permission' do
583
- subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
584
-
585
- context 'when user has the required permission' do
586
- it 'should be authorized' do
587
- expect(subject.is_authorized?).to be true
588
- end
589
- end
590
-
591
- context 'when user has not the required permission' do
592
- let(:collection_name) { 'no_rights_collection_boolean' }
593
-
594
- it 'should NOT be authorized' do
595
- expect(subject.is_authorized?).to be false
596
- end
597
- end
598
- end
599
-
600
- describe 'actions permission' do
601
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'POST' } }
602
- subject {
603
- described_class.new(
604
- fake_ressource,
605
- 'actions',
606
- default_rendering_id,
607
- user: user,
608
- smart_action_request_info: smart_action_request_info
609
- )
610
- }
611
-
612
- context 'when user has the required permission' do
613
- it 'should be authorized' do
614
- expect(subject.is_authorized?).to be true
615
- end
616
- end
617
-
618
- context 'when user has not the required permission' do
619
- let(:collection_name) { 'no_rights_collection_boolean' }
620
-
621
- it 'should NOT be authorized' do
622
- expect(subject.is_authorized?).to be false
623
- end
624
- end
625
-
626
- context 'when endpoint is missing from smart action parameters' do
627
- let(:smart_action_request_info) { { http_method: 'POST' } }
628
-
629
- it 'user should NOT be authorized' do
630
- expect(subject.is_authorized?).to be false
631
- end
632
- end
633
-
634
- context 'when http_method is missing from smart action parameters' do
635
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test' } }
636
-
637
- it 'user should NOT be authorized' do
638
- expect(subject.is_authorized?).to be false
639
- end
640
- end
641
-
642
- context 'when the provided endpoint is not part of the schema' do
643
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'DELETE' } }
644
-
645
- it 'user should NOT be authorized' do
646
- expect(subject.is_authorized?).to be false
647
- end
648
- end
649
- end
650
- end
651
-
652
- context 'with userId list permission values' do
653
- let(:collection_name) { 'all_rights_collection_user_list' }
654
-
655
- describe 'exportEnabled permission' do
656
- subject { described_class.new(fake_ressource, 'exportEnabled', default_rendering_id, user: user) }
657
-
658
- context 'when user has the required permission' do
659
- it 'should be authorized' do
660
- expect(subject.is_authorized?).to be true
661
- end
662
- end
663
-
664
- context 'when user has not the required permission' do
665
- let(:collection_name) { 'no_rights_collection_user_list' }
666
-
667
- it 'should NOT be authorized' do
668
- expect(subject.is_authorized?).to be false
669
- end
670
- end
671
- end
672
-
673
- describe 'browseEnabled permission' do
674
- let(:collection_list_parameters) { { :user => ["id" => "1"], :filters => nil } }
675
- subject {
676
- described_class.new(
677
- fake_ressource,
678
- 'browseEnabled',
679
- default_rendering_id,
680
- user: user,
681
- collection_list_parameters: collection_list_parameters
682
- )
683
- }
684
-
685
- context 'when user has the required permission' do
686
- it 'should be authorized' do
687
- expect(subject.is_authorized?).to be true
688
- end
689
- end
690
-
691
- context 'when user has not the required permission' do
692
- let(:collection_name) { 'no_rights_collection_user_list' }
693
-
694
- it 'should NOT be authorized' do
695
- expect(subject.is_authorized?).to be false
696
- end
697
- end
698
- end
699
-
700
- describe 'readEnabled permission' do
701
- subject { described_class.new(fake_ressource, 'readEnabled', default_rendering_id, user: user) }
702
-
703
- context 'when user has the required permission' do
704
- it 'should be authorized' do
705
- expect(subject.is_authorized?).to be true
706
- end
707
- end
708
-
709
- context 'when user has not the required permission' do
710
- let(:collection_name) { 'no_rights_collection_user_list' }
711
-
712
- it 'should NOT be authorized' do
713
- expect(subject.is_authorized?).to be false
714
- end
715
- end
716
- end
717
-
718
- describe 'addEnabled permission' do
719
- subject { described_class.new(fake_ressource, 'addEnabled', default_rendering_id, user: user) }
720
-
721
- context 'when user has the required permission' do
722
- it 'should be authorized' do
723
- expect(subject.is_authorized?).to be true
724
- end
725
- end
726
-
727
- context 'when user has not the required permission' do
728
- let(:collection_name) { 'no_rights_collection_user_list' }
729
-
730
- it 'should NOT be authorized' do
731
- expect(subject.is_authorized?).to be false
732
- end
733
- end
734
- end
735
-
736
- describe 'editEnabled permission' do
737
- subject { described_class.new(fake_ressource, 'editEnabled', default_rendering_id, user: user) }
738
-
739
- context 'when user has the required permission' do
740
- it 'should be authorized' do
741
- expect(subject.is_authorized?).to be true
742
- end
743
- end
744
-
745
- context 'when user has not the required permission' do
746
- let(:collection_name) { 'no_rights_collection_user_list' }
747
-
748
- it 'should NOT be authorized' do
749
- expect(subject.is_authorized?).to be false
750
- end
751
- end
752
- end
753
-
754
- describe 'deleteEnabled permission' do
755
- subject { described_class.new(fake_ressource, 'deleteEnabled', default_rendering_id, user: user) }
756
-
757
- context 'when user has the required permission' do
758
- it 'should be authorized' do
759
- expect(subject.is_authorized?).to be true
760
- end
761
- end
762
-
763
- context 'when user has not the required permission' do
764
- let(:collection_name) { 'no_rights_collection_user_list' }
765
-
766
- it 'should NOT be authorized' do
767
- expect(subject.is_authorized?).to be false
768
- end
769
- end
770
- end
771
-
772
- describe 'actions permission' do
773
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'POST' } }
774
- subject {
775
- described_class.new(
776
- fake_ressource,
777
- 'actions',
778
- default_rendering_id,
779
- user: user,
780
- smart_action_request_info: smart_action_request_info
781
- )
782
- }
783
-
784
- context 'when user has the required permission' do
785
- it 'should be authorized' do
786
- expect(subject.is_authorized?).to be true
787
- end
788
- end
789
-
790
- context 'when user has not the required permission' do
791
- let(:collection_name) { 'no_rights_collection_user_list' }
792
-
793
- it 'should NOT be authorized' do
794
- expect(subject.is_authorized?).to be false
795
- end
796
- end
797
-
798
- context 'when endpoint is missing from smart action parameters' do
799
- let(:smart_action_request_info) { { http_method: 'POST' } }
800
-
801
- it 'user should NOT be authorized' do
802
- expect(subject.is_authorized?).to be false
803
- end
804
- end
805
-
806
- context 'when http_method is missing from smart action parameters' do
807
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test' } }
808
-
809
- it 'user should NOT be authorized' do
810
- expect(subject.is_authorized?).to be false
811
- end
812
- end
813
-
814
- context 'when the provided endpoint is not part of the schema' do
815
- let(:smart_action_request_info) { { endpoint: 'forest/actions/Test', http_method: 'DELETE' } }
816
-
817
- it 'user should NOT be authorized' do
818
- expect(subject.is_authorized?).to be false
819
- end
820
- end
821
- end
822
-
823
- # searchToEdit permission checker should not be called anymore once rolesAcl activated
824
- describe 'searchToEdit permission' do
825
- subject { described_class.new(fake_ressource, 'searchToEdit', default_rendering_id, user: user) }
826
-
827
- context 'when user has all permissions' do
828
- it 'should NOT be authorized' do
829
- expect(subject.is_authorized?).to be false
830
- end
831
- end
832
-
833
- context 'when user has no permissions' do
834
- let(:collection_name) { 'no_rights_collection_user_list' }
835
-
836
- it 'should NOT be authorized' do
837
- expect(subject.is_authorized?).to be false
838
- end
839
- end
840
- end
841
- end
842
- end
843
- end
844
- end
845
- end