forest_liana 7.8.0 → 8.0.0.beta.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (45) hide show
  1. checksums.yaml +4 -4
  2. data/app/controllers/forest_liana/actions_controller.rb +5 -3
  3. data/app/controllers/forest_liana/application_controller.rb +15 -0
  4. data/app/controllers/forest_liana/resources_controller.rb +31 -57
  5. data/app/controllers/forest_liana/smart_actions_controller.rb +44 -58
  6. data/app/controllers/forest_liana/stats_controller.rb +14 -58
  7. data/app/services/forest_liana/ability/exceptions/access_denied.rb +16 -0
  8. data/app/services/forest_liana/ability/exceptions/action_condition_error.rb +16 -0
  9. data/app/services/forest_liana/ability/exceptions/require_approval.rb +18 -0
  10. data/app/services/forest_liana/ability/exceptions/trigger_forbidden.rb +16 -0
  11. data/app/services/forest_liana/ability/fetch.rb +23 -0
  12. data/app/services/forest_liana/ability/permission/request_permission.rb +19 -0
  13. data/app/services/forest_liana/ability/permission/smart_action_checker.rb +71 -0
  14. data/app/services/forest_liana/ability/permission.rb +148 -0
  15. data/app/services/forest_liana/ability.rb +24 -0
  16. data/app/services/forest_liana/filters_parser.rb +7 -7
  17. data/app/services/forest_liana/leaderboard_stat_getter.rb +7 -7
  18. data/app/services/forest_liana/line_stat_getter.rb +8 -8
  19. data/app/services/forest_liana/pie_stat_getter.rb +17 -17
  20. data/app/services/forest_liana/stat_getter.rb +1 -2
  21. data/app/services/forest_liana/value_stat_getter.rb +7 -7
  22. data/lib/forest_liana/bootstrapper.rb +1 -1
  23. data/lib/forest_liana/version.rb +1 -1
  24. data/spec/dummy/lib/forest_liana/collections/island.rb +1 -1
  25. data/spec/requests/actions_controller_spec.rb +3 -4
  26. data/spec/requests/count_spec.rb +5 -9
  27. data/spec/requests/resources_spec.rb +55 -11
  28. data/spec/requests/stats_spec.rb +103 -42
  29. data/spec/services/forest_liana/ability/ability_spec.rb +48 -0
  30. data/spec/services/forest_liana/ability/permission/smart_action_checker_spec.rb +357 -0
  31. data/spec/services/forest_liana/ability/permission_spec.rb +332 -0
  32. data/spec/services/forest_liana/filters_parser_spec.rb +0 -12
  33. data/spec/services/forest_liana/line_stat_getter_spec.rb +9 -9
  34. data/spec/services/forest_liana/pie_stat_getter_spec.rb +7 -7
  35. data/spec/services/forest_liana/value_stat_getter_spec.rb +11 -11
  36. data/spec/spec_helper.rb +1 -0
  37. metadata +33 -17
  38. data/app/services/forest_liana/permissions_checker.rb +0 -223
  39. data/app/services/forest_liana/permissions_formatter.rb +0 -52
  40. data/app/services/forest_liana/permissions_getter.rb +0 -59
  41. data/spec/services/forest_liana/permissions_checker_acl_disabled_spec.rb +0 -713
  42. data/spec/services/forest_liana/permissions_checker_acl_enabled_spec.rb +0 -845
  43. data/spec/services/forest_liana/permissions_checker_live_queries_spec.rb +0 -175
  44. data/spec/services/forest_liana/permissions_formatter_spec.rb +0 -222
  45. data/spec/services/forest_liana/permissions_getter_spec.rb +0 -83
@@ -1,175 +0,0 @@
1
- module ForestLiana
2
- describe PermissionsChecker do
3
- before(:each) do
4
- described_class.empty_cache
5
- end
6
-
7
- let(:schema) {
8
- [
9
- ForestLiana::Model::Collection.new({
10
- name: 'all_rights_collection_boolean',
11
- fields: [],
12
- actions: [
13
- ForestLiana::Model::Action.new({
14
- name: 'Test',
15
- endpoint: 'forest/actions/Test',
16
- http_method: 'POST'
17
- })
18
- ]
19
- })
20
- ]
21
- }
22
- let(:default_rendering_id) { 1 }
23
- let(:segments_permissions) { { default_rendering_id => { 'segments' => nil } } }
24
- let(:default_api_permissions) {
25
- {
26
- "data" => {
27
- 'collections' => {
28
- "all_rights_collection_boolean" => {
29
- "collection" => {
30
- "browseEnabled" => true,
31
- "readEnabled" => true,
32
- "editEnabled" => true,
33
- "addEnabled" => true,
34
- "deleteEnabled" => true,
35
- "exportEnabled" => true
36
- },
37
- "actions" => {
38
- "Test" => {
39
- "triggerEnabled" => true
40
- },
41
- }
42
- },
43
- },
44
- 'renderings' => segments_permissions
45
- },
46
- "meta" => {
47
- "rolesACLActivated" => true
48
- },
49
- "stats" => {
50
- "queries" => [
51
- 'SELECT COUNT(*) AS value FROM products;',
52
- 'SELECT COUNT(*) AS value FROM somethings;'
53
- ],
54
- "values" => [
55
- {
56
- "type" => "Value",
57
- "collection" => "Product",
58
- "aggregate" => "Count"
59
- }
60
- ],
61
- },
62
- }
63
- }
64
-
65
- before do
66
- allow(ForestLiana).to receive(:apimap).and_return(schema)
67
- end
68
-
69
- describe '#is_authorized?' do
70
- # Resource is only used to retrieve the collection name as it's stub it does not
71
- # need to be defined
72
- let(:fake_ressource) { nil }
73
- let(:default_rendering_id) { nil }
74
- let(:api_permissions) { default_api_permissions }
75
-
76
- before do
77
- allow(ForestLiana::PermissionsGetter).to receive(:get_permissions_for_rendering).and_return(api_permissions)
78
- end
79
-
80
- context 'when permissions liveQueries' do
81
- let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
82
- context 'contains the query' do
83
- subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT COUNT(*) AS value FROM somethings;') }
84
-
85
- it 'should be authorized' do
86
- expect(subject.is_authorized?).to be true
87
- end
88
- end
89
-
90
- context 'does not contains the query' do
91
- subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT * FROM products WHERE category = Gifts OR 1=1-- AND released = 1') }
92
- it 'should NOT be authorized' do
93
- expect(subject.is_authorized?).to be false
94
- end
95
- end
96
- end
97
-
98
- context 'exectute liveQueries when user' do
99
- context 'has correct permission_level' do
100
- let(:user) { { 'id' => '1', 'permission_level' => 'admin' } }
101
- subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT COUNT(*) AS value FROM somethings;') }
102
-
103
- it 'should be authorized' do
104
- expect(subject.is_authorized?).to be true
105
- end
106
- end
107
-
108
- context 'does not have the correct permission_level' do
109
- let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
110
- subject { described_class.new(fake_ressource, 'liveQueries', default_rendering_id, user: user, query_request_info: 'SELECT * FROM products WHERE category = Gifts OR 1=1-- AND released = 1') }
111
- it 'should NOT be authorized' do
112
- expect(subject.is_authorized?).to be false
113
- end
114
- end
115
- end
116
-
117
- context 'when permissions statWithParameters' do
118
- let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
119
- context 'contains the stat with the same parameters' do
120
- request_info = {
121
- "type" => "Value",
122
- "collection" => "Product",
123
- "aggregate" => "Count"
124
- };
125
- subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: request_info) }
126
-
127
- it 'should be authorized' do
128
- expect(subject.is_authorized?).to be true
129
- end
130
- end
131
-
132
- context 'does not contains the stat with the same parameters' do
133
- other_request_info = {
134
- "type" => "Leaderboard",
135
- "collection" => "Product",
136
- "aggregate" => "Sum"
137
- };
138
- subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: other_request_info) }
139
- it 'should NOT be authorized' do
140
- expect(subject.is_authorized?).to be false
141
- end
142
- end
143
- end
144
-
145
- context 'execute statWithParameters when user' do
146
- context 'has correct permission_level' do
147
- let(:user) { { 'id' => '1', 'permission_level' => 'admin' } }
148
- request_info = {
149
- "type" => "Value",
150
- "collection" => "Product",
151
- "aggregate" => "Count"
152
- };
153
- subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: request_info) }
154
-
155
- it 'should be authorized' do
156
- expect(subject.is_authorized?).to be true
157
- end
158
- end
159
-
160
- context 'does not contains the stat with the same parameters' do
161
- let(:user) { { 'id' => '1', 'permission_level' => 'basic' } }
162
- other_request_info = {
163
- "type" => "Leaderboard",
164
- "collection" => "Product",
165
- "aggregate" => "Sum"
166
- };
167
- subject { described_class.new(fake_ressource, 'statWithParameters', default_rendering_id, user: user, query_request_info: other_request_info) }
168
- it 'should NOT be authorized' do
169
- expect(subject.is_authorized?).to be false
170
- end
171
- end
172
- end
173
- end
174
- end
175
- end
@@ -1,222 +0,0 @@
1
- module ForestLiana
2
- describe PermissionsFormatter do
3
- describe '#convert_to_new_format' do
4
- let(:rendering_id) { 1 }
5
- let(:old_format_collection_permissions) {
6
- {
7
- 'list'=>true,
8
- 'show'=>false,
9
- 'create'=>true,
10
- 'update'=>false,
11
- 'delete'=>true,
12
- 'export'=>false,
13
- 'searchToEdit'=>false
14
- }
15
- }
16
- let(:old_format_action_permissions) { { 'allowed' => true, 'users' => nil } }
17
- let(:old_format_segments_permissions) { nil }
18
- let(:old_format_permissions) {
19
- {
20
- 'collection_1' => {
21
- 'collection' => old_format_collection_permissions,
22
- 'actions' => {
23
- 'action_1' => old_format_action_permissions
24
- },
25
- 'segments' => old_format_segments_permissions
26
- }
27
- }
28
- }
29
-
30
- let(:converted_permission) { described_class.convert_to_new_format(old_format_permissions, rendering_id) }
31
-
32
- describe 'collection permissions' do
33
- subject { converted_permission['collections']['collection_1']['collection'] }
34
-
35
- let(:expected_new_collection_permissions_format) {
36
- {
37
- 'browseEnabled'=>true,
38
- 'readEnabled'=>false,
39
- 'addEnabled'=>true,
40
- 'editEnabled'=>false,
41
- 'deleteEnabled'=>true,
42
- 'exportEnabled'=>false
43
- }
44
- }
45
-
46
- it 'should convert the old format to the new one' do
47
- expect(subject).to eq expected_new_collection_permissions_format
48
- end
49
-
50
- describe 'with searchToEdit true and list false' do
51
- let(:old_format_collection_permissions) {
52
- {
53
- 'list'=>false,
54
- 'show'=>false,
55
- 'create'=>false,
56
- 'update'=>false,
57
- 'delete'=>false,
58
- 'export'=>false,
59
- 'searchToEdit'=>true
60
- }
61
- }
62
-
63
- let(:expected_new_collection_permissions_format) {
64
- {
65
- 'browseEnabled'=>true,
66
- 'readEnabled'=>false,
67
- 'addEnabled'=>false,
68
- 'editEnabled'=>false,
69
- 'deleteEnabled'=>false,
70
- 'exportEnabled'=>false
71
- }
72
- }
73
-
74
- it 'should convert the old format to the new one with browseEnabled at true' do
75
- expect(subject).to eq expected_new_collection_permissions_format
76
- end
77
- end
78
-
79
- describe 'with searchToEdit false and list true' do
80
- let(:old_format_collection_permissions) {
81
- {
82
- 'list'=>true,
83
- 'show'=>false,
84
- 'create'=>false,
85
- 'update'=>false,
86
- 'delete'=>false,
87
- 'export'=>false,
88
- 'searchToEdit'=>false
89
- }
90
- }
91
-
92
- let(:expected_new_collection_permissions_format) {
93
- {
94
- 'browseEnabled'=>true,
95
- 'readEnabled'=>false,
96
- 'addEnabled'=>false,
97
- 'editEnabled'=>false,
98
- 'deleteEnabled'=>false,
99
- 'exportEnabled'=>false
100
- }
101
- }
102
-
103
- it 'should convert the old format to the new one with browseEnabled at true' do
104
- expect(subject).to eq expected_new_collection_permissions_format
105
- end
106
- end
107
-
108
- describe 'with searchToEdit false and list false' do
109
- let(:old_format_collection_permissions) {
110
- {
111
- 'list'=>false,
112
- 'show'=>false,
113
- 'create'=>false,
114
- 'update'=>false,
115
- 'delete'=>false,
116
- 'export'=>false,
117
- 'searchToEdit'=>false
118
- }
119
- }
120
-
121
- let(:expected_new_collection_permissions_format) {
122
- {
123
- 'browseEnabled'=>false,
124
- 'readEnabled'=>false,
125
- 'addEnabled'=>false,
126
- 'editEnabled'=>false,
127
- 'deleteEnabled'=>false,
128
- 'exportEnabled'=>false
129
- }
130
- }
131
-
132
- it 'should convert the old format to the new one with browseEnabled at false' do
133
- expect(subject).to eq expected_new_collection_permissions_format
134
- end
135
- end
136
- end
137
-
138
- describe 'action permissions' do
139
- subject { converted_permission['collections']['collection_1']['actions']['action_1'] }
140
-
141
- context 'when allowed is true' do
142
- context 'when users is nil' do
143
- let(:old_format_action_permissions) { { 'allowed' => true, 'users' => nil } }
144
- let(:expected_new_action_permissions_format) { { 'triggerEnabled' => true } }
145
-
146
- it 'expected action permission triggerEnabled field should be true' do
147
- expect(subject).to eq expected_new_action_permissions_format
148
- end
149
- end
150
-
151
- context 'when users is an empty array' do
152
- let(:old_format_action_permissions) { { 'allowed' => true, 'users' => [] } }
153
- let(:expected_new_action_permissions_format) { { 'triggerEnabled' => [] } }
154
-
155
- it 'expected action permission triggerEnabled field should be an empty array' do
156
- expect(subject).to eq expected_new_action_permissions_format
157
- end
158
- end
159
-
160
- context 'when users is NOT an empty array' do
161
- let(:old_format_action_permissions) { { 'allowed' => true, 'users' => [2, 3] } }
162
- let(:expected_new_action_permissions_format) { { 'triggerEnabled' => [2, 3] } }
163
-
164
- it 'expected action permission triggerEnabled field should be equal to the users array' do
165
- expect(subject).to eq expected_new_action_permissions_format
166
- end
167
- end
168
- end
169
-
170
- context 'when allowed is false' do
171
- context 'when users is nil' do
172
- let(:old_format_action_permissions) { { 'allowed' => false, 'users' => nil } }
173
- let(:expected_new_action_permissions_format) { { 'triggerEnabled' => false } }
174
-
175
- it 'expected action permission triggerEnabled field should be false' do
176
- expect(subject).to eq expected_new_action_permissions_format
177
- end
178
- end
179
-
180
- context 'when users is an empty array' do
181
- let(:old_format_action_permissions) { { 'allowed' => false, 'users' => [] } }
182
- let(:expected_new_action_permissions_format) { { 'triggerEnabled' => false } }
183
-
184
- it 'expected action permission triggerEnabled field should be false' do
185
- expect(subject).to eq expected_new_action_permissions_format
186
- end
187
- end
188
-
189
- context 'when users is NOT an empty array' do
190
- let(:old_format_action_permissions) { { 'allowed' => false, 'users' => [2, 3] } }
191
- let(:expected_new_action_permissions_format) { { 'triggerEnabled' => false } }
192
-
193
- it 'expected action permission triggerEnabled field should be false' do
194
- expect(subject).to eq expected_new_action_permissions_format
195
- end
196
- end
197
- end
198
- end
199
-
200
- describe 'segments permissions' do
201
- subject { converted_permission['renderings'][rendering_id]['collection_1']['segments'] }
202
- let(:expected_new_format_permissions) { old_format_segments_permissions }
203
-
204
- context 'when segments permissions are set' do
205
- let(:old_format_segments_permissions) { ['segmentQuery1', 'segmentQuery2'] }
206
-
207
- it 'expected segments permissions should be set' do
208
- expect(subject).to eq expected_new_format_permissions
209
- end
210
- end
211
-
212
- context 'when segments permissions are nil' do
213
- let(:old_format_segments_permissions) { nil }
214
-
215
- it 'expected segments permissions should be nil' do
216
- expect(subject).to eq expected_new_format_permissions
217
- end
218
- end
219
- end
220
- end
221
- end
222
- end
@@ -1,83 +0,0 @@
1
- module ForestLiana
2
- describe PermissionsGetter do
3
- describe '#get_permissions_api_route' do
4
- it 'should respond with the v3 permissions route' do
5
- expect(described_class.get_permissions_api_route).to eq '/liana/v3/permissions'
6
- end
7
- end
8
-
9
- describe '#get_permissions_for_rendering' do
10
- let(:rendering_id) { 34 }
11
- let(:liana_permissions_url) { 'https://api.forestadmin.com/liana/v3/permissions' }
12
- let(:liana_permissions_api_call_response) { instance_double(HTTParty::Response) }
13
- let(:expected_request_parameters) {
14
- {
15
- :headers => {
16
- "Content-Type" => "application/json",
17
- "forest-secret-key" => "env_secret_test"
18
- },
19
- :query => expected_query_parameters,
20
- :verify => false
21
- }
22
- }
23
-
24
- before do
25
- allow(HTTParty).to receive(:get).and_return(liana_permissions_api_call_response)
26
- allow(liana_permissions_api_call_response).to receive(:response).and_return(liana_permissions_api_call_response_content)
27
- allow(liana_permissions_api_call_response_content).to receive(:body).and_return(liana_permissions_api_call_response_content_body)
28
- end
29
-
30
- describe 'when the API returns a success' do
31
- let(:liana_permissions_api_call_response_content) { Net::HTTPOK.new({}, 200, liana_permissions_api_call_response_content_body) }
32
- let(:liana_permissions_api_call_response_content_body) { '{"test": true}' }
33
- let(:expected_parsed_result) { { "test" => true } }
34
-
35
- describe 'when NOT calling for rendering specific only' do
36
- let(:expected_query_parameters) { { "renderingId" => rendering_id } }
37
-
38
- it 'should call the API with correct URL' do
39
- described_class.get_permissions_for_rendering(rendering_id)
40
- expect(HTTParty).to have_received(:get).with(liana_permissions_url, expected_request_parameters)
41
- end
42
-
43
- it 'should return the expected JSON body' do
44
- expect(described_class.get_permissions_for_rendering(rendering_id)).to eq expected_parsed_result
45
- end
46
- end
47
-
48
- describe 'when calling for rendering specific only' do
49
- let(:expected_query_parameters) { { "renderingId" => rendering_id, 'renderingSpecificOnly' => true } }
50
-
51
- it 'should call the API with correct URL and parameters' do
52
- described_class.get_permissions_for_rendering(rendering_id, rendering_specific_only: true)
53
- expect(HTTParty).to have_received(:get).with(liana_permissions_url, expected_request_parameters)
54
- end
55
-
56
- it 'should return the expected JSON body' do
57
- expect(described_class.get_permissions_for_rendering(rendering_id, rendering_specific_only: true)).to eq expected_parsed_result
58
- end
59
- end
60
- end
61
-
62
- describe 'when the API returns a not found error' do
63
- let(:liana_permissions_api_call_response_content) { Net::HTTPNotFound.new({}, 404, liana_permissions_api_call_response_content_body) }
64
- let(:liana_permissions_api_call_response_content_body) { 'Not Found' }
65
-
66
- before do
67
- allow(FOREST_LOGGER).to receive(:error)
68
- end
69
-
70
- it 'should return nil' do
71
- expect(described_class.get_permissions_for_rendering(rendering_id)).to eq nil
72
- end
73
-
74
- it 'should log the not found error' do
75
- described_class.get_permissions_for_rendering(rendering_id)
76
- expect(FOREST_LOGGER).to have_received(:error).with('Cannot retrieve the permissions from the Forest server.')
77
- expect(FOREST_LOGGER).to have_received(:error).with('Which was caused by:')
78
- expect(FOREST_LOGGER).to have_received(:error).with(' Forest API returned an HTTP error 404')
79
- end
80
- end
81
- end
82
- end
83
- end