ixtlan-guard 0.1.0 → 0.4.0

data/lib/ixtlan/guard/railtie.rb

@@ -0,0 +1,33 @@
+require 'rails'
+require 'ixtlan/guard'
+require 'logger'
+
+module Ixtlan
+  module Guard
+    class Railtie < Rails::Railtie
+
+      config.before_configuration do |app|
+        app.config.guard = 
+          Ixtlan::Guard::Guard.new(:guard_dir => File.join(Rails.root, "app", "guards")) 
+      end
+      
+      config.after_initialize do |app|
+        logger = app.config.logger || Rails.logger || Logger.new(STDERR)
+        app.config.guard.logger = logger unless defined?(Slf4r)
+        begin
+          app.config.guard.setup
+        rescue Ixtlan::Guard::GuardException => e
+          logger.warn e.message
+        end
+      end
+      
+      config.generators do
+        require 'rails/generators'
+        require 'rails/generators/rails/controller/controller_generator'
+        Rails::Generators::ControllerGenerator.hook_for :guard, :type => :boolean, :default => true do |controller|
+          invoke controller, [ class_name, actions ]
+        end
+      end
+    end
+  end
+end

data/lib/ixtlan/guard/spec/user_management_models_spec.rb

@@ -0,0 +1,193 @@
+shared_examples_for 'integration-test' do
+
+  describe "UserManagementModels" do
+
+    before :all do
+      @root = Group.find_by_name(Group::ROOT) || Group.create(:name => Group::ROOT)
+      @admin = Group.find_by_name(Group::ADMIN) || Group.create(:name => Group::ADMIN)
+      @translator = Group.find_by_name("translator") || Group.create(:name => "translator")
+      @superuser = User.find_by_id(1)
+      if @superuser.nil? || @superuser.groups == []
+        @superuser = User.create!
+        @superuser.groups << @root
+        @superuser.save!
+      end
+      @main = Domain.find_by_name('main') || Domain.create(:name => 'main')
+      @sub = Domain.find_by_name('sub') || Domain.create(:name => 'sub')
+      DomainsGroupsUser.delete_all
+      @adminuser = User.new('group_ids' => [@admin.id])
+      @adminuser.current_user = @superuser
+      @adminuser.save
+    end
+
+    describe "root user" do
+      it 'should create user' do
+        @adminuser.id.should_not be_nil
+        @adminuser.groups.should == [@admin]
+        @adminuser.domains_for_group(@admin).should == []
+      end
+
+      it 'should add domain to user via update' do
+        @adminuser.domains_for_group(@admin).member?(@main).should be_false
+        @adminuser.current_user = @superuser
+        @adminuser.update_attributes(Group::ADMIN => { 'domain_ids' => [@main.id.to_s] }, 'group_ids' => [@admin.id.to_s])
+        @adminuser.domains_for_group(@admin).member?(@main).should be_true
+        @adminuser.current_user.should be_nil
+      end
+
+      it 'should raise error when adding a domain without current_user set' do
+        @adminuser.current_user = nil
+        lambda { @adminuser.update_attributes(Group::ADMIN => { 'domain_ids' => [@sub.id.to_s] }, 'group_ids' => [@admin.id.to_s]) }.should raise_error
+        @adminuser.current_user.should be_nil
+      end
+
+      it 'should add new group through update' do
+        @adminuser.groups.member?(@translator).should be_false
+        @adminuser.current_user = @superuser
+        @adminuser.update_attributes('group_ids' => [@translator.id.to_s])
+        @adminuser.groups.member?(@translator).should be_true
+      end
+
+      it 'should raise error when adding new group' do
+        @adminuser.groups.member?(@root).should be_false
+        @adminuser.current_user = nil
+        lambda{ @adminuser.update_attributes('group_ids' => [@translator.id.to_s])}.should raise_error
+        @adminuser.current_user.should be_nil
+      end
+    end
+
+    describe "admin user" do
+
+      before :all do
+        @locales = Group.find_by_name("locales") || Group.create(:name => "locales")
+        @adminuser.current_user = @superuser
+        @adminuser.update_attributes('group_ids' => [@admin.id.to_s, @locales.id.to_s], Group::ADMIN => {"domain_ids" => [@main.id.to_s]})
+        @adminuser.save
+      end
+
+      it 'should create new users' do
+        user = User.new('group_ids' => [@admin.id.to_s])
+        user.current_user = @adminuser
+        user.save.should be_true
+        user.groups.member?(@admin).should be_true
+        user.groups.size.should == 1
+      end
+
+      it 'should not add group via update_attributes which admin does not belong to' do
+        user = User.create({:current_user => @adminuser, 'group_ids' => [@root.id.to_s]})
+        user.id.should_not be_nil
+
+        user.groups.member?(@root).should be_false
+        user.groups.size.should == 0
+      end
+
+      it 'should not add group via update_attributes which admin does not belong to' do
+        user = User.create(:current_user => @adminuser)
+        user.id.should_not be_nil
+
+        user.current_user = @adminuser
+        user.update_attributes('group_ids' => [@root.id.to_s]).should be_true
+
+        user.groups.member?(@root).should be_false
+        user.groups.size.should == 0
+      end
+
+      it 'should be able to delete only groups belonging to admin, leave others alone' do
+        user = User.create(:current_user => @superuser, 'group_ids' => [@translator.id.to_s])
+        user.groups.member?(@translator).should be_true
+
+        user.current_user = @adminuser
+        user.update_attributes('group_ids' => []).should be_true
+
+        user.groups.member?(@translator).should be_true
+        user.groups.size.should == 1
+      end
+
+      it 'should be able to add and delete groups belonging to admin' do
+        user = User.create(:current_user => @superuser, 'group_ids' => [@translator.id.to_s])
+        user.id.should_not be_nil
+        user.groups.member?(@translator).should be_true
+
+        user.current_user = @adminuser
+        user.update_attributes('group_ids' => [@admin.id.to_s, @locales.id.to_s]).should be_true
+
+        user.groups.member?(@translator).should be_true
+        user.groups.size.should == 3
+
+        user.current_user = @adminuser
+        user.update_attributes('group_ids' => [@locales.id.to_s]).should be_true
+
+        user.groups.member?(@locales).should be_true
+        user.groups.member?(@translator).should be_true
+        user.groups.size.should == 2
+      end 
+
+      it 'should create new users with domains' do
+        # first create to have an ID
+        user = User.create(:current_user => @adminuser)
+        user.id.should_not be_nil
+        # then add the domain
+        user.update_attributes(:current_user => @adminuser, 'group_ids' => [@admin.id.to_s], "admin" => {"domain_ids" => [@main.id.to_s] })
+
+        user.groups.member?(@admin).should be_true
+        user.groups.size.should == 1
+
+        user.domains_for_group(@admin).member?(@main).should be_true
+        user.domains_for_group(@admin).size.should == 1
+      end
+      
+      it 'should add only domains which belongs to admin' do
+        # first create to have an ID
+        user = User.create(:current_user => @adminuser, 'group_ids' => [@admin.id.to_s])
+        user.id.should_not be_nil
+        # then add the domain
+        user.update_attributes(:current_user => @adminuser, 'group_ids' => [@admin.id.to_s], "admin" => {"domain_ids" => [@main.id.to_s, @sub.id.to_s] })
+
+        user.groups.member?(@admin).should be_true
+        user.groups.size.should == 1
+
+        user.domains_for_group(@admin).member?(@main).should be_true
+        user.domains_for_group(@admin).size.should == 1
+      end
+
+      it 'should add only domains belonging to the admin' do
+        # first create to have an ID
+        user = User.create(:current_user => @adminuser, 'group_ids' => [@admin.id.to_s])
+        user.id.should_not be_nil
+        # then add the domain
+        user.update_attributes(:current_user => @adminuser, 'group_ids' => [@admin.id.to_s], "admin" => {"domain_ids" => [@main.id.to_s, @sub.id.to_s] })
+
+        user.groups.member?(@admin).should be_true
+        user.groups.size.should == 1
+
+        user.domains_for_group(@admin).member?(@main).should be_true
+        user.domains_for_group(@admin).size.should == 1
+
+        user.update_attributes(:current_user => @adminuser, 'group_ids' => [@admin.id.to_s], "admin" => {"domain_ids" => [] })
+        user.domains_for_group(@admin).size.should == 0      
+      end
+
+      it 'should delete only domains belonging to the admin' do
+        # first create to have an ID
+        user = User.create(:current_user => @adminuser, 'group_ids' => [@admin.id.to_s])
+        user.id.should_not be_nil
+        # then add the domain
+        user.update_attributes(:current_user => @superuser, 'group_ids' => [@admin.id.to_s], "admin" => {"domain_ids" => [@main.id.to_s, @sub.id.to_s] })
+
+        user.groups.member?(@admin).should be_true
+        user.groups.size.should == 1
+
+        user.domains_for_group(@admin).member?(@main).should be_true
+        user.domains_for_group(@admin).member?(@sub).should be_true
+        user.domains_for_group(@admin).size.should == 2
+
+        user.update_attributes(:current_user => @adminuser, 'group_ids' => [@admin.id.to_s], "admin" => {"domain_ids" => [] })
+
+        user.domains_for_group(@admin).member?(@main).should be_false
+        user.domains_for_group(@admin).member?(@sub).should be_true
+        user.domains_for_group(@admin).size.should == 1      
+      end
+    end
+  end
+end
+

data/spec/guard_spec.rb

@@ -4,15 +4,23 @@ require 'ixtlan/guard'
 describe Ixtlan::Guard do
 
   before :all do
-    @guard = Ixtlan::Guard.new(Logger.new(STDOUT), 
-                               :root, 
-                               File.join(File.dirname(__FILE__), "guards") )
+    @guard = Ixtlan::Guard::Guard.new(:guard_dir => File.join(File.dirname(__FILE__), "guards") )
 
     @guard.setup
     @current_user = Object.new
     def @current_user.groups(g = nil)
-      @g = g if g
-      @g || []
+      if g
+        @groups = g.collect do |gg|
+          group = Object.new
+          def group.name(name =nil)
+            @name = name if name
+            @name
+          end
+          group.name(gg)
+          group
+        end
+      end
+      @groups || []
     end
 
     @controller = Object.new
@@ -24,20 +32,18 @@ describe Ixtlan::Guard do
   end
 
   it 'should fail with missing guard dir' do
-    lambda {Ixtlan::Guard.new(Logger.new(STDOUT), 
-                              :root, 
-                              "does_not_exists").setup }.should raise_error(Ixtlan::GuardException)
+    lambda {Ixtlan::Guard::Guard.new(:guard_dir => "does_not_exists").setup }.should raise_error(Ixtlan::Guard::GuardException)
   end
 
   it 'should initialize' do
     @guard.should_not be_nil
   end
 
-  it 'should pass check without user' do
+  it 'should fail check without current user' do
     controller = Object.new
     def controller.current_user
     end
-    @guard.check(controller, :none, :something).should be_true
+    @guard.check(controller, :none, :something).should be_false
   end
 
   it 'should pass check with user being root' do
@@ -65,6 +71,36 @@ describe Ixtlan::Guard do
     @guard.check(@controller, :users, :update).should be_true
   end
 
+  it 'should not pass check with user when in blocked group' do
+    @current_user.groups([:users])
+    @guard.block_groups([:users])
+    begin
+      @guard.check(@controller, :users, :update).should be_false
+    ensure
+      @guard.block_groups([])
+    end
+  end
+
+  it 'should pass check with user when not in blocked group' do
+    @current_user.groups([:users])
+    @guard.block_groups([:accounts])
+    begin
+      @guard.check(@controller, :users, :update).should be_true
+    ensure
+      @guard.block_groups([])
+    end
+  end
+
+  it 'should pass check with root-user when not in blocked group' do
+    @current_user.groups([:root])
+    @guard.block_groups([:root])
+    begin
+      @guard.check(@controller, :users, :update).should be_true
+    ensure
+      @guard.block_groups([])
+    end
+  end
+
   it 'should not pass check with user' do
     @current_user.groups([:accounts])
     @guard.check(@controller, :users, :update).should be_false
@@ -85,10 +121,10 @@ describe Ixtlan::Guard do
   end
 
   it 'should raise exception on unknown action' do
-    lambda {@guard.check(@controller, :users, :unknown_action) }.should raise_error(Ixtlan::GuardException)
+    lambda {@guard.check(@controller, :users, :unknown_action) }.should raise_error(Ixtlan::Guard::GuardException)
   end
 
   it 'should raise exception on unknown resource' do
-    lambda {@guard.check(@controller, :unknown_resource, :update) }.should raise_error(Ixtlan::GuardException)
+    lambda {@guard.check(@controller, :unknown_resource, :update) }.should raise_error(Ixtlan::Guard::GuardException)
   end
 end

data/spec/railtie_spec.rb

@@ -1,2 +1,2 @@
 require 'spec_helper'
-require 'ixtlan/guard_railtie'
+require 'ixtlan/guard/railtie'

metadata

@@ -1,12 +1,8 @@
 --- !ruby/object:Gem::Specification 
 name: ixtlan-guard
 version: !ruby/object:Gem::Version 
-  prerelease: false
-  segments: 
-    - 0
-    - 1
-    - 0
-  version: 0.1.0
+  prerelease: 
+  version: 0.4.0
 platform: ruby
 authors: 
   - mkristian
@@ -14,65 +10,75 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-17 00:00:00 +05:30
+date: 2011-07-23 00:00:00 +05:30
 default_executable: 
 dependencies: 
   - !ruby/object:Gem::Dependency 
-    name: rails
+    name: ixtlan-core
     prerelease: false
     requirement: &id001 !ruby/object:Gem::Requirement 
+      none: false
       requirements: 
         - - "="
           - !ruby/object:Gem::Version 
-            segments: 
-              - 3
-              - 0
-              - 0
-            version: 3.0.0
-    type: :development
+            version: 0.4.0
+    type: :runtime
     version_requirements: *id001
   - !ruby/object:Gem::Dependency 
-    name: rspec
+    name: rails
     prerelease: false
     requirement: &id002 !ruby/object:Gem::Requirement 
+      none: false
       requirements: 
         - - "="
           - !ruby/object:Gem::Version 
-            segments: 
-              - 1
-              - 3
-              - 1
-            version: 1.3.1
+            version: 3.0.9
     type: :development
     version_requirements: *id002
   - !ruby/object:Gem::Dependency 
-    name: cucumber
+    name: rspec
     prerelease: false
     requirement: &id003 !ruby/object:Gem::Requirement 
+      none: false
       requirements: 
         - - "="
           - !ruby/object:Gem::Version 
-            segments: 
-              - 0
-              - 9
-              - 2
-            version: 0.9.2
+            version: 2.6.0
     type: :development
     version_requirements: *id003
   - !ruby/object:Gem::Dependency 
-    name: rake
+    name: cucumber
     prerelease: false
     requirement: &id004 !ruby/object:Gem::Requirement 
+      none: false
       requirements: 
         - - "="
           - !ruby/object:Gem::Version 
-            segments: 
-              - 0
-              - 8
-              - 7
-            version: 0.8.7
+            version: 0.9.4
     type: :development
     version_requirements: *id004
+  - !ruby/object:Gem::Dependency 
+    name: rake
+    prerelease: false
+    requirement: &id005 !ruby/object:Gem::Requirement 
+      none: false
+      requirements: 
+        - - "="
+          - !ruby/object:Gem::Version 
+            version: 0.8.7
+    type: :development
+    version_requirements: *id005
+  - !ruby/object:Gem::Dependency 
+    name: ruby-maven
+    prerelease: false
+    requirement: &id006 !ruby/object:Gem::Requirement 
+      none: false
+      requirements: 
+        - - "="
+          - !ruby/object:Gem::Version 
+            version: 0.8.3.0.3.0.28.3
+    type: :development
+    version_requirements: *id006
 description: simple authorization framework for rails controllers
 email: 
   - m.kristian@web.de
@@ -83,28 +89,47 @@ extensions: []
 extra_rdoc_files: []
 
 files: 
+  - MIT-LICENSE
   - lib/ixtlan-guard.rb
-  - lib/generators/scaffold/scaffold/scaffold_generator.rb
-  - lib/generators/ixtlan/controller/USAGE
-  - lib/generators/ixtlan/controller/controller_generator.rb
-  - lib/generators/ixtlan/scaffold/USAGE
-  - lib/generators/ixtlan/scaffold/scaffold_generator.rb
-  - lib/generators/ixtlan/templates/new.html.erb
-  - lib/generators/ixtlan/templates/show.html.erb
-  - lib/generators/ixtlan/templates/guard.rb
-  - lib/generators/ixtlan/templates/edit.html.erb
-  - lib/generators/ixtlan/templates/index.html.erb
-  - lib/ixtlan/guard_railtie.rb
-  - lib/ixtlan/rails_integration.rb
+  - lib/generators/erb/user_management_controller_generator.rb
+  - lib/generators/guard/controller/USAGE
+  - lib/generators/guard/controller/controller_generator.rb
+  - lib/generators/guard/scaffold/USAGE
+  - lib/generators/guard/scaffold/scaffold_generator.rb
+  - lib/generators/guard/scaffold/templates/guard.rb
+  - lib/generators/guard/templates/guard.rb
+  - lib/generators/ixtlan/user_management_scaffold/user_management_scaffold_generator.rb
+  - lib/generators/ixtlan/user_management_controller/USAGE
+  - lib/generators/ixtlan/user_management_controller/user_management_controller_generator.rb
+  - lib/generators/ixtlan/maintenance_scaffold/USAGE
+  - lib/generators/ixtlan/maintenance_scaffold/maintenance_scaffold_generator.rb
+  - lib/generators/ixtlan/permissions_scaffold/USAGE
+  - lib/generators/ixtlan/permissions_scaffold/permissions_scaffold_generator.rb
+  - lib/generators/ixtlan/user_management_models/user_management_models_generator.rb
+  - lib/generators/ixtlan/user_management_models/USAGE
+  - lib/generators/active_record/user_management_models_generator.rb
+  - lib/generators/active_record/templates/user_model.rb
+  - lib/generators/active_record/templates/group_model.rb
+  - lib/generators/active_record/templates/flavor_migration.rb
+  - lib/generators/active_record/templates/group_user_migration.rb
+  - lib/generators/active_record/templates/flavor_model.rb
   - lib/ixtlan/guard.rb
-  - spec/guard_spec.rb
+  - lib/ixtlan/guard/rails_integration.rb
+  - lib/ixtlan/guard/guard.rb
+  - lib/ixtlan/guard/railtie.rb
+  - lib/ixtlan/guard/controllers/maintenance_controller.rb
+  - lib/ixtlan/guard/controllers/permissions_controller.rb
+  - lib/ixtlan/guard/spec/user_management_models_spec.rb
+  - lib/ixtlan/guard/models/maintenance.rb
+  - lib/ixtlan/guard/models/user_update_manager.rb
   - spec/spec_helper.rb
+  - spec/guard_spec.rb
   - spec/railtie_spec.rb
   - spec/guards/users_guard.rb
 has_rdoc: true
 homepage: http://github.com/mkristian/ixtlan-guard
-licenses: []
-
+licenses: 
+  - MIT-LICENSE
 post_install_message: 
 rdoc_options: 
   - --main
@@ -112,23 +137,21 @@ rdoc_options:
 require_paths: 
   - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-          - 0
         version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-          - 0
         version: "0"
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.6
+rubygems_version: 1.5.1
 signing_key: 
 specification_version: 3
 summary: guard your controller actions