hone-lockdown 1.2.1

data/spec/lockdown/frameworks/rails_spec.rb

@@ -0,0 +1,175 @@
+require File.join(File.dirname(__FILE__), %w[.. .. spec_helper])
+
+describe Lockdown::Frameworks::Rails do
+  before do
+    @rails = Lockdown::Frameworks::Rails
+    @rails.stub!(:use_me?).and_return(true)
+
+    @lockdown = mock("lockdown")
+  end
+
+
+  describe "#included" do
+    it "should extend lockdown with rails environment" do
+      @lockdown.should_receive(:extend).
+        with(Lockdown::Frameworks::Rails::Environment)
+
+      @rails.should_receive(:mixin)
+
+      @rails.included(@lockdown)
+    end
+  end
+
+  describe "#mixin" do
+    it "should perform class_eval on controller view and system to inject itself" do
+      module ActionController; class Base; end end
+      module ActionView; class Base; end end
+
+      Lockdown.stub!(:controller_parent).and_return(ActionController::Base)
+      Lockdown.stub!(:view_helper).and_return(ActionView::Base)
+
+      ActionView::Base.should_receive(:class_eval)
+
+      ActionController::Base.should_receive(:helper_method)
+      ActionController::Base.should_receive(:before_filter)
+      ActionController::Base.should_receive(:filter_parameter_logging)
+      ActionController::Base.should_receive(:rescue_from)
+
+      ActionController::Base.should_receive(:class_eval)
+
+      Lockdown::System.should_receive(:class_eval)
+
+
+      @rails.mixin
+    end
+
+  end
+end
+
+describe Lockdown::Frameworks::Rails::Environment do
+
+  RAILS_ROOT = "/shibby/dibby/do"
+  before do
+    @env = class Test; extend Lockdown::Frameworks::Rails::Environment; end
+  end
+
+  describe "#project_root" do
+    it "should return rails root" do
+      @env.project_root.should == "/shibby/dibby/do"
+    end
+  end
+
+  describe "#init_file" do
+    it "should return path to init_file" do
+      @env.stub!(:project_root).and_return("/shibby/dibby/do")
+      @env.init_file.should == "/shibby/dibby/do/lib/lockdown/init.rb"
+    end
+  end
+
+  describe "#controller_class_name" do
+    it "should add Controller to name" do
+      @env.controller_class_name("user").should == "UserController"
+    end
+
+    it "should convert two underscores to a namespaced controller" do
+      @env.controller_class_name("admin__user").should == "Admin::UserController"
+    end
+  end
+
+  describe "#controller_parent" do
+    it "should return ActionController::Base" do
+      module ActionController; class Base; end end
+
+      @env.controller_parent.should == ActionController::Base
+    end
+  end
+
+  describe "#view_helper" do
+    it "should return ActionView::Base" do
+      module ActionView; class Base; end end
+      
+      @env.view_helper.should == ActionView::Base
+    end
+  end
+end
+
+describe Lockdown::Frameworks::Rails::System do
+  class Test 
+    extend Lockdown::Frameworks::Rails::System
+    class << self
+      attr_accessor :controller_classes
+    end
+  end
+
+  module Rails
+    module VERSION
+      MAJOR = 2
+      MINOR = 2
+      TINY  = 2
+    end    
+  end
+
+  before do
+    @env = Test
+    @env.controller_classes = {}
+  end
+
+  describe "#skip_sync?" do
+  end
+
+  describe "#load_controller_classes" do
+  end
+
+  describe "#maybe_load_framework_controller_parent" do
+    it "should call require_or_load with application.rb < 2.3" do
+      @env.should_receive(:require_or_load).with("application.rb")
+
+      @env.maybe_load_framework_controller_parent
+    end
+
+    it "should call require_or_load with application_controller.rb >= 2.3" do
+      module Rails
+        module VERSION 
+          MINOR = 3
+          TINY  = 0
+        end    
+      end
+
+      @env.should_receive(:require_or_load).with("application_controller.rb")
+
+      @env.maybe_load_framework_controller_parent
+    end
+  end
+
+  describe "#lockdown_load" do
+    it "should add class to controller classes" do
+      @env.stub!(:class_name_from_file).and_return("controller_class")
+      Lockdown.stub!(:qualified_const_get).and_return(:controller_class)
+      @env.stub!(:require_or_load)
+
+      @env.lockdown_load("controller_file")
+
+      @env.controller_classes["ControllerFile"].should == :controller_class
+    end
+  end
+
+  describe "#require_or_load" do
+    it "should use Dependencies if not defined in ActiveSupport" do
+      module ActiveSupport; end
+      Dependencies = mock("dependencies") unless defined?(Dependencies)
+
+      Dependencies.should_receive(:require_or_load).with("controller_file")
+
+      @env.require_or_load("controller_file")
+    end
+
+    it "should use ActiveSupport::Dependencies if defined" do
+      module ActiveSupport; class Dependencies; end end
+
+      ActiveSupport::Dependencies.should_receive(:require_or_load).
+        with("controller_file")
+
+      @env.require_or_load("controller_file")
+    end
+  end
+end

data/spec/lockdown/permission_spec.rb

@@ -0,0 +1,166 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+
+describe Lockdown::Permission do
+  before do
+    
+    @permission = Lockdown::Permission.new(:user_management)
+    @permission.stub!(:paths_for).and_return([])
+  end
+
+  describe "#with_controller" do
+    before do
+      @permission.with_controller(:users)
+    end
+
+    it "should set current_context to ControllerContext" do
+      @permission.current_context.class.should equal(Lockdown::ControllerContext)
+    end
+  end
+
+  describe "#only_methods" do
+    before do
+      @permission.with_controller(:users).only_methods(:show, :edit)
+    end
+
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+
+  describe "#except_methods" do
+    before do
+      @permission.with_controller(:users).except_methods(:destroy)
+    end
+
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+
+  describe "#to_model" do
+    before do
+      @permission.to_model(:user)
+    end
+
+    it "should set current_context to ModelContext" do
+      @permission.current_context.class.should equal(Lockdown::ModelContext)
+    end
+  end
+
+  describe "#where" do
+    before do
+      @permission.to_model(:user).where(:current_user_id)
+    end
+
+    it "should set current_context to ModelWhereContext" do
+      @permission.current_context.class.should equal(Lockdown::ModelWhereContext)
+    end
+  end
+
+  describe "#with_proc" do
+    before do
+      @permission.to_model(:user).with_proc
+    end
+
+    it "should set current_context to ModelWithProcContext" do
+      @permission.current_context.should be_an_instance_of(Lockdown::ModelWithProcContext)
+    end
+  end
+
+  describe "#equals" do
+    before do
+      @permission.to_model(:user).where(:current_user_id).equals(:id)
+    end
+
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+
+  describe "#is_in" do
+    before do
+      @permission.to_model(:user).where(:current_user_id).is_in(:manager_ids)
+    end
+
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+
+  describe "#set_as_public_access" do
+    it "should raise an PermissionScopeCollision if already protected" do
+      @permission.set_as_protected_access
+      lambda{@permission.set_as_public_access}.
+        should raise_error(Lockdown::PermissionScopeCollision)
+    end
+  end
+
+
+  describe "#set_as_protected_access" do
+    it "should raise an PermissionScopeCollision if already public" do
+      @permission.set_as_public_access
+      lambda{@permission.set_as_protected_access}.
+        should raise_error(Lockdown::PermissionScopeCollision)
+    end
+  end
+
+  describe "while in RootContext" do
+    before do
+      @permission.with_controller(:users).only_methods(:show, :edit)
+    end
+
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:only_methods, :except_methods, :where, :equals, :is_in, :includes]
+
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+
+  describe "while in ControllerContext" do
+    before do
+      @permission.with_controller(:users)
+    end
+
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:where, :equals, :is_in, :includes]
+
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+
+  describe "while in ModelContext" do
+    before do
+      @permission.to_model(:user)
+    end
+
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :equals, :is_in, :includes]
+
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+
+  describe "while in ModelWhereContext" do
+    before do
+      @permission.to_model(:user).where(:current_user_id)
+    end
+
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :where]
+
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+end

data/spec/lockdown/rules_spec.rb

@@ -0,0 +1,109 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+
+class TestSystem; extend Lockdown::Rules; end
+
+describe Lockdown::Rules do
+  before do
+    @rules = TestSystem
+    @rules.set_defaults
+  end
+
+  describe "#set_permission" do
+    it "should create and return a Permission object" do
+      @rules.set_permission(:user_management).
+        should == Lockdown::Permission.new(:user_management) 
+    end
+  end
+
+  describe "#set_public_access" do
+    it "should define the permission as public" do
+      @rules.set_permission(:user_management)
+      @rules.set_public_access(:user_management)
+    end
+  end
+
+  describe "#set_public_access" do
+    it "should define the permission as public" do
+      @rules.set_permission(:home_page)
+      @rules.set_public_access(:home_page)
+      perm = @rules.permission_objects.find{|name, object| name == :home_page}
+      perm[1].public_access?.should be_true
+    end
+
+    it "should raise and InvalidRuleAssignment if permission does not exist" do
+      msg = "Permission not found: user_management"
+      lambda{@rules.set_public_access(:user_management)}.should
+        raise_error(Lockdown::InvalidRuleAssignment, msg)
+    end
+  end
+
+  describe "#set_protected_access" do
+    it "should define the permission as protected" do
+      @rules.set_permission(:user_management)
+      @rules.set_protected_access(:user_management)
+      perm = @rules.permission_objects.find{|name, object| name == :user_management}
+      perm[1].protected_access?.should be_true
+    end
+
+    it "should raise and InvalidRuleAssignment if permission does not exist" do
+      msg = "Permission not found: user_management"
+      lambda{@rules.set_protected_access(:user_management)}.should
+        raise_error(Lockdown::InvalidRuleAssignment, msg)
+    end
+  end
+
+  describe "#get_permissions" do
+    it "should return array of permission names as symbols" do
+      @rules.set_permission(:home_page)
+      @rules.set_permission(:user_management)
+      @rules.process_rules
+      @rules.get_permissions.should include(:home_page) 
+      @rules.get_permissions.should include(:user_management)
+    end
+  end
+
+  describe "#permission_exists?" do
+    it "should return true if permission exists" do
+      @rules.set_permission(:home_page)
+      @rules.process_rules
+      @rules.permission_exists?(:home_page).should be_true
+    end
+
+    it "should return false if permission does not exist" do
+      @rules.permission_exists?(:home_page).should be_false
+    end
+  end
+
+  describe "#get_user_groups" do
+    it "should return array of user group names as symbols" do
+      @rules.set_permission(:user_management)
+      @rules.set_user_group(:security_management, :user_management)
+      @rules.get_user_groups.should == [:security_management]
+    end
+  end
+
+  describe "#user_group_exists?" do
+    it "should return true if user_group exists" do
+      @rules.set_user_group(:user_management, :some_perm)
+      @rules.user_group_exists?(:user_management).should be_true
+    end
+
+    it "should return false if user_group does not exist" do
+      @rules.user_group_exists?(:user_management).should be_false
+    end
+  end
+
+
+  describe "#make_user_administrator" do
+  end
+
+  describe "#process_rules" do
+    it "should validate user_group permissions" do
+      @rules.set_user_group(:test_group, :a_perm)
+      error =  "User Group: test_group, permission not found: a_perm"
+
+      lambda{@rules.process_rules}.
+        should raise_error(Lockdown::InvalidRuleAssignment, error)
+    end
+  end
+end