ixtlan-guard 0.7.2 → 0.8.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +104 -0
- data/lib/ixtlan/guard.rb +1 -1
- data/lib/ixtlan/guard/{guard_ng.rb → guard.rb} +50 -34
- data/lib/ixtlan/guard/guard.rb~ +195 -0
- data/lib/ixtlan/guard/guard_config.rb +1 -2
- data/lib/ixtlan/guard/guard_rails.rb +181 -35
- data/lib/ixtlan/guard/railtie.rb +8 -5
- data/spec/guard_cache_spec.rb +4 -4
- data/spec/guard_export_spec.rb +48 -20
- data/spec/guard_rails_spec.rb +150 -0
- data/spec/guard_rails_spec.rb~ +150 -0
- data/spec/guard_spec.rb +17 -11
- data/spec/guard_with_associations_spec.rb +91 -75
- data/spec/guards/re_users_guard.yaml~ +4 -0
- metadata +10 -8
- data/features/step_definitions/ruby_maven.rb +0 -170
@@ -0,0 +1,150 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'ixtlan/guard/guard'
|
3
|
+
require 'ixtlan/guard/guard_rails'
|
4
|
+
require 'logger'
|
5
|
+
class Logger
|
6
|
+
def debug(&block)
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
module Rails
|
11
|
+
def self.application
|
12
|
+
self
|
13
|
+
end
|
14
|
+
def self.config
|
15
|
+
self
|
16
|
+
end
|
17
|
+
def self.guard
|
18
|
+
@guard ||=
|
19
|
+
begin
|
20
|
+
logger = Logger.new(STDOUT)
|
21
|
+
Ixtlan::Guard::Guard.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"),
|
22
|
+
:logger => logger)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
class Controller
|
28
|
+
include Ixtlan::Guard::ActionController
|
29
|
+
|
30
|
+
attr_accessor :params
|
31
|
+
def new_user
|
32
|
+
user = Object.new
|
33
|
+
def user.groups(groups = ['users'])
|
34
|
+
@groups ||= groups
|
35
|
+
end
|
36
|
+
user
|
37
|
+
end
|
38
|
+
def current_user
|
39
|
+
@user ||= new_user
|
40
|
+
end
|
41
|
+
end
|
42
|
+
class RestrictedController < Controller
|
43
|
+
|
44
|
+
guard_filter :only => [:index] do |groups|
|
45
|
+
groups.select {|g| g =~ /^user/ }
|
46
|
+
end
|
47
|
+
|
48
|
+
guard_filter :except => [:index] do |groups|
|
49
|
+
groups.select {|g| g == 'admin' }
|
50
|
+
end
|
51
|
+
|
52
|
+
|
53
|
+
end
|
54
|
+
|
55
|
+
describe Ixtlan::Guard::ActionController do
|
56
|
+
|
57
|
+
describe "without filter" do
|
58
|
+
subject do
|
59
|
+
Controller.new
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'should return a guard' do
|
63
|
+
subject.send(:guard).should_not be_nil
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'should have current_groups' do
|
67
|
+
subject.send(:current_groups).should_not be_nil
|
68
|
+
end
|
69
|
+
|
70
|
+
it 'should have no guard_filters' do
|
71
|
+
subject.class.guard_filters.should == []
|
72
|
+
end
|
73
|
+
|
74
|
+
it 'raise error on unknown resource' do
|
75
|
+
lambda{subject.send(:check, "edit", "unknown_resource")}.should raise_error( Ixtlan::Guard::GuardException)
|
76
|
+
end
|
77
|
+
|
78
|
+
it 'should pass' do
|
79
|
+
subject.send(:check, "index", "users").should == ["users"]
|
80
|
+
begin
|
81
|
+
subject.params = {:controller => "users", :action => "index" }
|
82
|
+
subject.send(:authorize).should be_true
|
83
|
+
subject.params.delete(:action)
|
84
|
+
subject.send(:allowed?, "index").should be_true
|
85
|
+
ensure
|
86
|
+
subject.params = {}
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
it 'should not pass' do
|
91
|
+
subject.send(:check, "doit", "no_defaults").should be_nil
|
92
|
+
begin
|
93
|
+
subject.params = {:controller => "no_defaults", :action => "doit" }
|
94
|
+
lambda{subject.send(:authorize)}.should raise_error(Ixtlan::Guard::PermissionDenied)
|
95
|
+
subject.params.delete(:action)
|
96
|
+
subject.send(:allowed?, "doitagain").should be_false
|
97
|
+
ensure
|
98
|
+
subject.params = {}
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
describe "with filter" do
|
104
|
+
subject do
|
105
|
+
c = RestrictedController.new
|
106
|
+
c.current_user.groups ['users', 'useradmin', 'admin']
|
107
|
+
c
|
108
|
+
end
|
109
|
+
|
110
|
+
it 'should return a guard' do
|
111
|
+
subject.send(:guard).should_not be_nil
|
112
|
+
end
|
113
|
+
|
114
|
+
it 'should have current_groups' do
|
115
|
+
subject.send(:current_groups).should_not be_nil
|
116
|
+
end
|
117
|
+
|
118
|
+
it 'should have no guard_filters' do
|
119
|
+
subject.class.guard_filters.size.should == 2
|
120
|
+
end
|
121
|
+
|
122
|
+
it 'raise error on unknown resource' do
|
123
|
+
lambda{subject.send(:check, "edit", "unknown_resource")}.should raise_error( Ixtlan::Guard::GuardException)
|
124
|
+
end
|
125
|
+
|
126
|
+
it 'should pass' do
|
127
|
+
subject.send(:check, "destroy", "person").should == ["admin"]
|
128
|
+
begin
|
129
|
+
subject.params = {:controller => "person", :action => "destroy" }
|
130
|
+
subject.send(:authorize).should be_true
|
131
|
+
subject.params.delete(:action)
|
132
|
+
subject.send(:allowed?, "destroy").should be_true
|
133
|
+
ensure
|
134
|
+
subject.params = {}
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
it 'should not pass' do
|
139
|
+
subject.send(:check, "edit", "person").should be_nil
|
140
|
+
begin
|
141
|
+
subject.params = {:controller => "person", :action => "edit" }
|
142
|
+
lambda{subject.send(:authorize)}.should raise_error(Ixtlan::Guard::PermissionDenied)
|
143
|
+
subject.params.delete(:action)
|
144
|
+
subject.send(:allowed?, "edit").should be_false
|
145
|
+
ensure
|
146
|
+
subject.params = {}
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
@@ -0,0 +1,150 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'ixtlan/guard/guard'
|
3
|
+
require 'ixtlan/guard/guard_rails'
|
4
|
+
require 'logger'
|
5
|
+
class Logger
|
6
|
+
def debug(&block)
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
class Rails
|
11
|
+
def self.application
|
12
|
+
self
|
13
|
+
end
|
14
|
+
def self.config
|
15
|
+
self
|
16
|
+
end
|
17
|
+
def self.guard
|
18
|
+
@guard ||=
|
19
|
+
begin
|
20
|
+
logger = Logger.new(STDOUT)
|
21
|
+
Ixtlan::Guard::Guard.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"),
|
22
|
+
:logger => logger)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
class Controller
|
28
|
+
include Ixtlan::ActionController::Guard
|
29
|
+
|
30
|
+
attr_accessor :params
|
31
|
+
def new_user
|
32
|
+
user = Object.new
|
33
|
+
def user.groups(groups = ['users'])
|
34
|
+
@groups ||= groups
|
35
|
+
end
|
36
|
+
user
|
37
|
+
end
|
38
|
+
def current_user
|
39
|
+
@user ||= new_user
|
40
|
+
end
|
41
|
+
end
|
42
|
+
class RestrictedController < Controller
|
43
|
+
|
44
|
+
guard_filter :only => [:index] do |groups|
|
45
|
+
groups.select {|g| g =~ /^user/ }
|
46
|
+
end
|
47
|
+
|
48
|
+
guard_filter :except => [:index] do |groups|
|
49
|
+
groups.select {|g| g == 'admin' }
|
50
|
+
end
|
51
|
+
|
52
|
+
|
53
|
+
end
|
54
|
+
|
55
|
+
describe Ixtlan::ActionController::Guard do
|
56
|
+
|
57
|
+
describe "without filter" do
|
58
|
+
subject do
|
59
|
+
Controller.new
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'should return a guard' do
|
63
|
+
subject.send(:guard).should_not be_nil
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'should have current_groups' do
|
67
|
+
subject.send(:current_groups).should_not be_nil
|
68
|
+
end
|
69
|
+
|
70
|
+
it 'should have no guard_filters' do
|
71
|
+
subject.class.guard_filters.should == []
|
72
|
+
end
|
73
|
+
|
74
|
+
it 'raise error on unknown resource' do
|
75
|
+
lambda{subject.send(:check, "edit", "unknown_resource")}.should raise_error( Ixtlan::Guard::GuardException)
|
76
|
+
end
|
77
|
+
|
78
|
+
it 'should pass' do
|
79
|
+
subject.send(:check, "index", "users").should == ["users"]
|
80
|
+
begin
|
81
|
+
subject.params = {:controller => "users", :action => "index" }
|
82
|
+
subject.send(:authorize).should be_true
|
83
|
+
subject.params.delete(:action)
|
84
|
+
subject.send(:allowed?, "index").should be_true
|
85
|
+
ensure
|
86
|
+
subject.params = {}
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
it 'should not pass' do
|
91
|
+
subject.send(:check, "doit", "no_defaults").should be_nil
|
92
|
+
begin
|
93
|
+
subject.params = {:controller => "no_defaults", :action => "doit" }
|
94
|
+
lambda{subject.send(:authorize)}.should raise_error(Ixtlan::Guard::PermissionDenied)
|
95
|
+
subject.params.delete(:action)
|
96
|
+
subject.send(:allowed?, "doitagain").should be_false
|
97
|
+
ensure
|
98
|
+
subject.params = {}
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
describe "with filter" do
|
104
|
+
subject do
|
105
|
+
c = RestrictedController.new
|
106
|
+
c.current_user.groups ['users', 'useradmin', 'admin']
|
107
|
+
c
|
108
|
+
end
|
109
|
+
|
110
|
+
it 'should return a guard' do
|
111
|
+
subject.send(:guard).should_not be_nil
|
112
|
+
end
|
113
|
+
|
114
|
+
it 'should have current_groups' do
|
115
|
+
subject.send(:current_groups).should_not be_nil
|
116
|
+
end
|
117
|
+
|
118
|
+
it 'should have no guard_filters' do
|
119
|
+
subject.class.guard_filters.size.should == 2
|
120
|
+
end
|
121
|
+
|
122
|
+
it 'raise error on unknown resource' do
|
123
|
+
lambda{subject.send(:check, "edit", "unknown_resource")}.should raise_error( Ixtlan::Guard::GuardException)
|
124
|
+
end
|
125
|
+
|
126
|
+
it 'should pass' do
|
127
|
+
subject.send(:check, "destroy", "person").should == ["admin"]
|
128
|
+
begin
|
129
|
+
subject.params = {:controller => "person", :action => "destroy" }
|
130
|
+
subject.send(:authorize).should be_true
|
131
|
+
subject.params.delete(:action)
|
132
|
+
subject.send(:allowed?, "destroy").should be_true
|
133
|
+
ensure
|
134
|
+
subject.params = {}
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
it 'should not pass' do
|
139
|
+
subject.send(:check, "edit", "person").should be_nil
|
140
|
+
begin
|
141
|
+
subject.params = {:controller => "person", :action => "edit" }
|
142
|
+
lambda{subject.send(:authorize)}.should raise_error(Ixtlan::Guard::PermissionDenied)
|
143
|
+
subject.params.delete(:action)
|
144
|
+
subject.send(:allowed?, "edit").should be_false
|
145
|
+
ensure
|
146
|
+
subject.params = {}
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
data/spec/guard_spec.rb
CHANGED
@@ -1,19 +1,19 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
-
require 'ixtlan/guard/
|
2
|
+
require 'ixtlan/guard/guard'
|
3
3
|
require 'logger'
|
4
4
|
|
5
|
-
describe Ixtlan::Guard::
|
5
|
+
describe Ixtlan::Guard::Guard do
|
6
6
|
|
7
7
|
subject do
|
8
8
|
logger = Logger.new(STDOUT)
|
9
9
|
def logger.debug(&block)
|
10
10
|
#info("\n\t[debug] " + block.call)
|
11
11
|
end
|
12
|
-
Ixtlan::Guard::
|
12
|
+
Ixtlan::Guard::Guard.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"), :logger => logger )
|
13
13
|
end
|
14
14
|
|
15
15
|
it 'should fail with missing guard dir' do
|
16
|
-
lambda {Ixtlan::Guard::
|
16
|
+
lambda {Ixtlan::Guard::Guard.new(:guards_dir => "does_not_exists") }.should raise_error(Ixtlan::Guard::GuardException)
|
17
17
|
end
|
18
18
|
|
19
19
|
it 'should initialize' do
|
@@ -28,13 +28,15 @@ describe Ixtlan::Guard::GuardNG do
|
|
28
28
|
subject.allowed?(:users, :show, [:root]).should be_true
|
29
29
|
end
|
30
30
|
|
31
|
-
it 'should pass "allow all groups" with
|
32
|
-
|
31
|
+
it 'should pass "allow all groups" with any groups' do
|
32
|
+
# users resource ask for a block since it is restricted
|
33
|
+
subject.allowed?(:users, :index, [:any_possible_group]){|g| g}.should be_true
|
33
34
|
subject.allowed?(:only_defaults, :index, [:any_possible_group]).should be_true
|
34
35
|
end
|
35
36
|
|
36
37
|
it 'should pass' do
|
37
|
-
|
38
|
+
# users resource ask for a block since it is restricted
|
39
|
+
subject.allowed?(:users, :update, [:users]){|g| g}.should be_true
|
38
40
|
subject.allowed?(:only_defaults, :update, [:users]).should be_true
|
39
41
|
subject.allowed?(:allow_all_defaults, :update, [:users]).should be_true
|
40
42
|
end
|
@@ -42,7 +44,8 @@ describe Ixtlan::Guard::GuardNG do
|
|
42
44
|
it 'should not pass with user when in blocked group' do
|
43
45
|
subject.block_groups([:users])
|
44
46
|
begin
|
45
|
-
|
47
|
+
# users resource ask for a block since it is restricted
|
48
|
+
subject.allowed?(:users, :update, [:users]){|g| g}.should be_false
|
46
49
|
subject.allowed?(:only_defaults, :update, [:users]).should be_false
|
47
50
|
subject.allowed?(:allow_all_defaults, :update, [:users]).should be_false
|
48
51
|
ensure
|
@@ -53,7 +56,8 @@ describe Ixtlan::Guard::GuardNG do
|
|
53
56
|
it 'should pass with user when not in blocked group' do
|
54
57
|
subject.block_groups([:accounts])
|
55
58
|
begin
|
56
|
-
|
59
|
+
# users resource ask for a block since it is restricted
|
60
|
+
subject.allowed?(:users, :update, [:users]){|g| g}.should be_true
|
57
61
|
subject.allowed?(:only_defaults, :update, [:users]).should be_true
|
58
62
|
subject.allowed?(:allow_all_defaults, :update, [:users]).should be_true
|
59
63
|
ensure
|
@@ -64,7 +68,8 @@ describe Ixtlan::Guard::GuardNG do
|
|
64
68
|
it 'should not block root group' do
|
65
69
|
subject.block_groups([:root])
|
66
70
|
begin
|
67
|
-
|
71
|
+
# users resource ask for a block since it is restricted
|
72
|
+
subject.allowed?(:users, :update, [:root]){|g| g}.should be_true
|
68
73
|
subject.allowed?(:only_defaults, :update, [:root]).should be_true
|
69
74
|
subject.allowed?(:allow_all_defaults, :update, [:root]).should be_true
|
70
75
|
ensure
|
@@ -78,7 +83,8 @@ describe Ixtlan::Guard::GuardNG do
|
|
78
83
|
end
|
79
84
|
|
80
85
|
it 'should should use defaults on unknown action' do
|
81
|
-
|
86
|
+
# users resource ask for a block since it is restricted
|
87
|
+
subject.allowed?(:users, :unknow, [:users]){|g| g}.should be_true
|
82
88
|
subject.allowed?(:only_defaults, :unknow, [:users]).should be_true
|
83
89
|
subject.allowed?(:allow_all_defaults, :update, [:users]).should be_true
|
84
90
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
-
require 'ixtlan/guard/
|
2
|
+
require 'ixtlan/guard/guard'
|
3
3
|
require 'logger'
|
4
4
|
|
5
5
|
class Group
|
@@ -12,103 +12,119 @@ class Group
|
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
-
describe Ixtlan::Guard::
|
15
|
+
describe Ixtlan::Guard::Guard do
|
16
16
|
|
17
17
|
subject do
|
18
18
|
logger = Logger.new(STDOUT)
|
19
19
|
def logger.debug(&block)
|
20
20
|
# info("\n\t[debug] " + block.call)
|
21
21
|
end
|
22
|
-
Ixtlan::Guard::
|
22
|
+
Ixtlan::Guard::Guard.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"), :logger => logger )
|
23
23
|
end
|
24
24
|
|
25
|
-
it 'should pass without
|
26
|
-
subject.allowed?(:users, :
|
25
|
+
it 'should pass without block' do
|
26
|
+
subject.allowed?(:users, :edit, [Group.new(:users)]).should be_true
|
27
27
|
end
|
28
28
|
|
29
|
-
it 'should deny
|
30
|
-
subject.allowed?(:users, :update, [Group.new(:users)]){}.should be_false
|
29
|
+
it 'should deny with block returning empty array' do
|
30
|
+
subject.allowed?(:users, :update, [Group.new(:users)]){ |groups| [] }.should be_false
|
31
31
|
end
|
32
32
|
|
33
|
-
it 'should
|
34
|
-
subject.allowed?(:users, :update, [Group.new(:
|
33
|
+
it 'should allow root user' do
|
34
|
+
subject.allowed?(:users, :update, [Group.new(:root)]){ |groups| [] }.should be_true
|
35
35
|
end
|
36
36
|
|
37
|
-
it 'should pass with matching association
|
38
|
-
subject.allowed?(:users, :update, [Group.new(:users, :manager)]
|
39
|
-
|
40
|
-
end.should
|
37
|
+
it 'should pass with matching association' do
|
38
|
+
subject.allowed?(:users, :update, [Group.new(:users, :manager)]) do |groups|
|
39
|
+
groups.select { |g| g.domains.member? :manager }
|
40
|
+
end.should be_true
|
41
41
|
end
|
42
42
|
|
43
|
-
it 'should fail with mismatching association
|
44
|
-
subject.allowed?(:users, :update, [Group.new(:users, :manager)]
|
45
|
-
|
43
|
+
it 'should fail with mismatching association' do
|
44
|
+
subject.allowed?(:users, :update, [Group.new(:users, :manager)]) do |groups|
|
45
|
+
groups.select { |g| g.domains.detect {|d| d == 'nomanager' } }
|
46
46
|
end.should be_false
|
47
47
|
end
|
48
48
|
|
49
49
|
it 'should add associations to node' do
|
50
|
-
subject.permissions([Group.new('admin', [:german, :french])]) do |resource,
|
50
|
+
perms = subject.permissions([Group.new('admin', [:german, :french])]) do |resource, groups|
|
51
51
|
if groups && groups.first && groups.first.name == 'admin'
|
52
|
-
|
52
|
+
groups.first.domains
|
53
53
|
else
|
54
54
|
{}
|
55
55
|
end
|
56
|
-
end
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
56
|
+
end
|
57
|
+
|
58
|
+
expected = {}
|
59
|
+
expected[:accounts] = {
|
60
|
+
:permission=>{
|
61
|
+
:resource=>"accounts",
|
62
|
+
:actions=>[{:action=>{
|
63
|
+
:name=>"destroy",
|
64
|
+
:associations=>[:german, :french]}}],
|
65
|
+
:deny=>false}
|
66
|
+
}
|
67
|
+
expected[:allow_all_defaults] = {
|
68
|
+
:permission=>{
|
69
|
+
:resource=>"allow_all_defaults",
|
70
|
+
:actions=>[{:action=>{:name=>"index"}}],
|
71
|
+
:deny=>true,
|
72
|
+
:associations=>[:german, :french]}
|
73
|
+
}
|
74
|
+
expected[:defaults] = {
|
75
|
+
:permission=>{
|
76
|
+
:resource=>"defaults",
|
77
|
+
:actions=>[{:action=>{
|
78
|
+
:name=>"index",
|
79
|
+
:associations=>[:german, :french]}}],
|
80
|
+
:deny=>false}
|
81
|
+
}
|
82
|
+
expected[:no_defaults] = {
|
83
|
+
:permission=>{
|
84
|
+
:resource=>"no_defaults",
|
85
|
+
:actions=>[{:action=>{
|
86
|
+
:name=>"index",
|
87
|
+
:associations=>[:german, :french]}}],
|
88
|
+
:deny=>false}
|
89
|
+
}
|
90
|
+
expected[:only_defaults] = {
|
91
|
+
:permission=>{
|
92
|
+
:resource=>"only_defaults",
|
93
|
+
:actions=>[],
|
94
|
+
:associations=>[:german, :french],
|
95
|
+
:deny=>true}
|
96
|
+
}
|
97
|
+
expected[:person]= {
|
98
|
+
:permission=>{
|
99
|
+
:resource=>"person",
|
100
|
+
:actions=> [{:action=>{
|
101
|
+
:name=>"destroy",
|
102
|
+
:associations=>[:german, :french]}},
|
103
|
+
{:action=>{
|
104
|
+
:name=>"index",
|
105
|
+
:associations=>[:german, :french]}}],
|
106
|
+
:deny=>false}
|
107
|
+
}
|
108
|
+
expected[:regions] = {
|
109
|
+
:permission=>{
|
110
|
+
:resource=>"regions",
|
111
|
+
:actions=>[
|
112
|
+
{:action=>{:name=>"create", :associations=>[:german, :french]}},
|
113
|
+
{:action=>{:name=>"show", :associations=>[:german, :french]}}
|
114
|
+
],
|
115
|
+
:deny=>false}
|
116
|
+
}
|
117
|
+
expected[:users] = {
|
118
|
+
:permission=>{
|
119
|
+
:resource=>"users",
|
120
|
+
:actions=>[],
|
121
|
+
:deny=>false}
|
122
|
+
}
|
123
|
+
perms.each do |perm|
|
124
|
+
if perm[:actions]
|
125
|
+
perm[:actions].sort!{ |n,m| n.content[:name] <=> m.content[:name] }
|
126
|
+
end
|
127
|
+
expected[perm[:resource].to_sym].should == perm
|
128
|
+
end
|
113
129
|
end
|
114
130
|
end
|