ixtlan-guard 0.7.2 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +104 -0
- data/lib/ixtlan/guard.rb +1 -1
- data/lib/ixtlan/guard/{guard_ng.rb → guard.rb} +50 -34
- data/lib/ixtlan/guard/guard.rb~ +195 -0
- data/lib/ixtlan/guard/guard_config.rb +1 -2
- data/lib/ixtlan/guard/guard_rails.rb +181 -35
- data/lib/ixtlan/guard/railtie.rb +8 -5
- data/spec/guard_cache_spec.rb +4 -4
- data/spec/guard_export_spec.rb +48 -20
- data/spec/guard_rails_spec.rb +150 -0
- data/spec/guard_rails_spec.rb~ +150 -0
- data/spec/guard_spec.rb +17 -11
- data/spec/guard_with_associations_spec.rb +91 -75
- data/spec/guards/re_users_guard.yaml~ +4 -0
- metadata +10 -8
- data/features/step_definitions/ruby_maven.rb +0 -170
@@ -0,0 +1,150 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'ixtlan/guard/guard'
|
3
|
+
require 'ixtlan/guard/guard_rails'
|
4
|
+
require 'logger'
|
5
|
+
class Logger
|
6
|
+
def debug(&block)
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
module Rails
|
11
|
+
def self.application
|
12
|
+
self
|
13
|
+
end
|
14
|
+
def self.config
|
15
|
+
self
|
16
|
+
end
|
17
|
+
def self.guard
|
18
|
+
@guard ||=
|
19
|
+
begin
|
20
|
+
logger = Logger.new(STDOUT)
|
21
|
+
Ixtlan::Guard::Guard.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"),
|
22
|
+
:logger => logger)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
class Controller
|
28
|
+
include Ixtlan::Guard::ActionController
|
29
|
+
|
30
|
+
attr_accessor :params
|
31
|
+
def new_user
|
32
|
+
user = Object.new
|
33
|
+
def user.groups(groups = ['users'])
|
34
|
+
@groups ||= groups
|
35
|
+
end
|
36
|
+
user
|
37
|
+
end
|
38
|
+
def current_user
|
39
|
+
@user ||= new_user
|
40
|
+
end
|
41
|
+
end
|
42
|
+
class RestrictedController < Controller
|
43
|
+
|
44
|
+
guard_filter :only => [:index] do |groups|
|
45
|
+
groups.select {|g| g =~ /^user/ }
|
46
|
+
end
|
47
|
+
|
48
|
+
guard_filter :except => [:index] do |groups|
|
49
|
+
groups.select {|g| g == 'admin' }
|
50
|
+
end
|
51
|
+
|
52
|
+
|
53
|
+
end
|
54
|
+
|
55
|
+
describe Ixtlan::Guard::ActionController do
|
56
|
+
|
57
|
+
describe "without filter" do
|
58
|
+
subject do
|
59
|
+
Controller.new
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'should return a guard' do
|
63
|
+
subject.send(:guard).should_not be_nil
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'should have current_groups' do
|
67
|
+
subject.send(:current_groups).should_not be_nil
|
68
|
+
end
|
69
|
+
|
70
|
+
it 'should have no guard_filters' do
|
71
|
+
subject.class.guard_filters.should == []
|
72
|
+
end
|
73
|
+
|
74
|
+
it 'raise error on unknown resource' do
|
75
|
+
lambda{subject.send(:check, "edit", "unknown_resource")}.should raise_error( Ixtlan::Guard::GuardException)
|
76
|
+
end
|
77
|
+
|
78
|
+
it 'should pass' do
|
79
|
+
subject.send(:check, "index", "users").should == ["users"]
|
80
|
+
begin
|
81
|
+
subject.params = {:controller => "users", :action => "index" }
|
82
|
+
subject.send(:authorize).should be_true
|
83
|
+
subject.params.delete(:action)
|
84
|
+
subject.send(:allowed?, "index").should be_true
|
85
|
+
ensure
|
86
|
+
subject.params = {}
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
it 'should not pass' do
|
91
|
+
subject.send(:check, "doit", "no_defaults").should be_nil
|
92
|
+
begin
|
93
|
+
subject.params = {:controller => "no_defaults", :action => "doit" }
|
94
|
+
lambda{subject.send(:authorize)}.should raise_error(Ixtlan::Guard::PermissionDenied)
|
95
|
+
subject.params.delete(:action)
|
96
|
+
subject.send(:allowed?, "doitagain").should be_false
|
97
|
+
ensure
|
98
|
+
subject.params = {}
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
describe "with filter" do
|
104
|
+
subject do
|
105
|
+
c = RestrictedController.new
|
106
|
+
c.current_user.groups ['users', 'useradmin', 'admin']
|
107
|
+
c
|
108
|
+
end
|
109
|
+
|
110
|
+
it 'should return a guard' do
|
111
|
+
subject.send(:guard).should_not be_nil
|
112
|
+
end
|
113
|
+
|
114
|
+
it 'should have current_groups' do
|
115
|
+
subject.send(:current_groups).should_not be_nil
|
116
|
+
end
|
117
|
+
|
118
|
+
it 'should have no guard_filters' do
|
119
|
+
subject.class.guard_filters.size.should == 2
|
120
|
+
end
|
121
|
+
|
122
|
+
it 'raise error on unknown resource' do
|
123
|
+
lambda{subject.send(:check, "edit", "unknown_resource")}.should raise_error( Ixtlan::Guard::GuardException)
|
124
|
+
end
|
125
|
+
|
126
|
+
it 'should pass' do
|
127
|
+
subject.send(:check, "destroy", "person").should == ["admin"]
|
128
|
+
begin
|
129
|
+
subject.params = {:controller => "person", :action => "destroy" }
|
130
|
+
subject.send(:authorize).should be_true
|
131
|
+
subject.params.delete(:action)
|
132
|
+
subject.send(:allowed?, "destroy").should be_true
|
133
|
+
ensure
|
134
|
+
subject.params = {}
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
it 'should not pass' do
|
139
|
+
subject.send(:check, "edit", "person").should be_nil
|
140
|
+
begin
|
141
|
+
subject.params = {:controller => "person", :action => "edit" }
|
142
|
+
lambda{subject.send(:authorize)}.should raise_error(Ixtlan::Guard::PermissionDenied)
|
143
|
+
subject.params.delete(:action)
|
144
|
+
subject.send(:allowed?, "edit").should be_false
|
145
|
+
ensure
|
146
|
+
subject.params = {}
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
@@ -0,0 +1,150 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'ixtlan/guard/guard'
|
3
|
+
require 'ixtlan/guard/guard_rails'
|
4
|
+
require 'logger'
|
5
|
+
class Logger
|
6
|
+
def debug(&block)
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
class Rails
|
11
|
+
def self.application
|
12
|
+
self
|
13
|
+
end
|
14
|
+
def self.config
|
15
|
+
self
|
16
|
+
end
|
17
|
+
def self.guard
|
18
|
+
@guard ||=
|
19
|
+
begin
|
20
|
+
logger = Logger.new(STDOUT)
|
21
|
+
Ixtlan::Guard::Guard.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"),
|
22
|
+
:logger => logger)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
class Controller
|
28
|
+
include Ixtlan::ActionController::Guard
|
29
|
+
|
30
|
+
attr_accessor :params
|
31
|
+
def new_user
|
32
|
+
user = Object.new
|
33
|
+
def user.groups(groups = ['users'])
|
34
|
+
@groups ||= groups
|
35
|
+
end
|
36
|
+
user
|
37
|
+
end
|
38
|
+
def current_user
|
39
|
+
@user ||= new_user
|
40
|
+
end
|
41
|
+
end
|
42
|
+
class RestrictedController < Controller
|
43
|
+
|
44
|
+
guard_filter :only => [:index] do |groups|
|
45
|
+
groups.select {|g| g =~ /^user/ }
|
46
|
+
end
|
47
|
+
|
48
|
+
guard_filter :except => [:index] do |groups|
|
49
|
+
groups.select {|g| g == 'admin' }
|
50
|
+
end
|
51
|
+
|
52
|
+
|
53
|
+
end
|
54
|
+
|
55
|
+
describe Ixtlan::ActionController::Guard do
|
56
|
+
|
57
|
+
describe "without filter" do
|
58
|
+
subject do
|
59
|
+
Controller.new
|
60
|
+
end
|
61
|
+
|
62
|
+
it 'should return a guard' do
|
63
|
+
subject.send(:guard).should_not be_nil
|
64
|
+
end
|
65
|
+
|
66
|
+
it 'should have current_groups' do
|
67
|
+
subject.send(:current_groups).should_not be_nil
|
68
|
+
end
|
69
|
+
|
70
|
+
it 'should have no guard_filters' do
|
71
|
+
subject.class.guard_filters.should == []
|
72
|
+
end
|
73
|
+
|
74
|
+
it 'raise error on unknown resource' do
|
75
|
+
lambda{subject.send(:check, "edit", "unknown_resource")}.should raise_error( Ixtlan::Guard::GuardException)
|
76
|
+
end
|
77
|
+
|
78
|
+
it 'should pass' do
|
79
|
+
subject.send(:check, "index", "users").should == ["users"]
|
80
|
+
begin
|
81
|
+
subject.params = {:controller => "users", :action => "index" }
|
82
|
+
subject.send(:authorize).should be_true
|
83
|
+
subject.params.delete(:action)
|
84
|
+
subject.send(:allowed?, "index").should be_true
|
85
|
+
ensure
|
86
|
+
subject.params = {}
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
it 'should not pass' do
|
91
|
+
subject.send(:check, "doit", "no_defaults").should be_nil
|
92
|
+
begin
|
93
|
+
subject.params = {:controller => "no_defaults", :action => "doit" }
|
94
|
+
lambda{subject.send(:authorize)}.should raise_error(Ixtlan::Guard::PermissionDenied)
|
95
|
+
subject.params.delete(:action)
|
96
|
+
subject.send(:allowed?, "doitagain").should be_false
|
97
|
+
ensure
|
98
|
+
subject.params = {}
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
describe "with filter" do
|
104
|
+
subject do
|
105
|
+
c = RestrictedController.new
|
106
|
+
c.current_user.groups ['users', 'useradmin', 'admin']
|
107
|
+
c
|
108
|
+
end
|
109
|
+
|
110
|
+
it 'should return a guard' do
|
111
|
+
subject.send(:guard).should_not be_nil
|
112
|
+
end
|
113
|
+
|
114
|
+
it 'should have current_groups' do
|
115
|
+
subject.send(:current_groups).should_not be_nil
|
116
|
+
end
|
117
|
+
|
118
|
+
it 'should have no guard_filters' do
|
119
|
+
subject.class.guard_filters.size.should == 2
|
120
|
+
end
|
121
|
+
|
122
|
+
it 'raise error on unknown resource' do
|
123
|
+
lambda{subject.send(:check, "edit", "unknown_resource")}.should raise_error( Ixtlan::Guard::GuardException)
|
124
|
+
end
|
125
|
+
|
126
|
+
it 'should pass' do
|
127
|
+
subject.send(:check, "destroy", "person").should == ["admin"]
|
128
|
+
begin
|
129
|
+
subject.params = {:controller => "person", :action => "destroy" }
|
130
|
+
subject.send(:authorize).should be_true
|
131
|
+
subject.params.delete(:action)
|
132
|
+
subject.send(:allowed?, "destroy").should be_true
|
133
|
+
ensure
|
134
|
+
subject.params = {}
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
it 'should not pass' do
|
139
|
+
subject.send(:check, "edit", "person").should be_nil
|
140
|
+
begin
|
141
|
+
subject.params = {:controller => "person", :action => "edit" }
|
142
|
+
lambda{subject.send(:authorize)}.should raise_error(Ixtlan::Guard::PermissionDenied)
|
143
|
+
subject.params.delete(:action)
|
144
|
+
subject.send(:allowed?, "edit").should be_false
|
145
|
+
ensure
|
146
|
+
subject.params = {}
|
147
|
+
end
|
148
|
+
end
|
149
|
+
end
|
150
|
+
end
|
data/spec/guard_spec.rb
CHANGED
@@ -1,19 +1,19 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
-
require 'ixtlan/guard/
|
2
|
+
require 'ixtlan/guard/guard'
|
3
3
|
require 'logger'
|
4
4
|
|
5
|
-
describe Ixtlan::Guard::
|
5
|
+
describe Ixtlan::Guard::Guard do
|
6
6
|
|
7
7
|
subject do
|
8
8
|
logger = Logger.new(STDOUT)
|
9
9
|
def logger.debug(&block)
|
10
10
|
#info("\n\t[debug] " + block.call)
|
11
11
|
end
|
12
|
-
Ixtlan::Guard::
|
12
|
+
Ixtlan::Guard::Guard.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"), :logger => logger )
|
13
13
|
end
|
14
14
|
|
15
15
|
it 'should fail with missing guard dir' do
|
16
|
-
lambda {Ixtlan::Guard::
|
16
|
+
lambda {Ixtlan::Guard::Guard.new(:guards_dir => "does_not_exists") }.should raise_error(Ixtlan::Guard::GuardException)
|
17
17
|
end
|
18
18
|
|
19
19
|
it 'should initialize' do
|
@@ -28,13 +28,15 @@ describe Ixtlan::Guard::GuardNG do
|
|
28
28
|
subject.allowed?(:users, :show, [:root]).should be_true
|
29
29
|
end
|
30
30
|
|
31
|
-
it 'should pass "allow all groups" with
|
32
|
-
|
31
|
+
it 'should pass "allow all groups" with any groups' do
|
32
|
+
# users resource ask for a block since it is restricted
|
33
|
+
subject.allowed?(:users, :index, [:any_possible_group]){|g| g}.should be_true
|
33
34
|
subject.allowed?(:only_defaults, :index, [:any_possible_group]).should be_true
|
34
35
|
end
|
35
36
|
|
36
37
|
it 'should pass' do
|
37
|
-
|
38
|
+
# users resource ask for a block since it is restricted
|
39
|
+
subject.allowed?(:users, :update, [:users]){|g| g}.should be_true
|
38
40
|
subject.allowed?(:only_defaults, :update, [:users]).should be_true
|
39
41
|
subject.allowed?(:allow_all_defaults, :update, [:users]).should be_true
|
40
42
|
end
|
@@ -42,7 +44,8 @@ describe Ixtlan::Guard::GuardNG do
|
|
42
44
|
it 'should not pass with user when in blocked group' do
|
43
45
|
subject.block_groups([:users])
|
44
46
|
begin
|
45
|
-
|
47
|
+
# users resource ask for a block since it is restricted
|
48
|
+
subject.allowed?(:users, :update, [:users]){|g| g}.should be_false
|
46
49
|
subject.allowed?(:only_defaults, :update, [:users]).should be_false
|
47
50
|
subject.allowed?(:allow_all_defaults, :update, [:users]).should be_false
|
48
51
|
ensure
|
@@ -53,7 +56,8 @@ describe Ixtlan::Guard::GuardNG do
|
|
53
56
|
it 'should pass with user when not in blocked group' do
|
54
57
|
subject.block_groups([:accounts])
|
55
58
|
begin
|
56
|
-
|
59
|
+
# users resource ask for a block since it is restricted
|
60
|
+
subject.allowed?(:users, :update, [:users]){|g| g}.should be_true
|
57
61
|
subject.allowed?(:only_defaults, :update, [:users]).should be_true
|
58
62
|
subject.allowed?(:allow_all_defaults, :update, [:users]).should be_true
|
59
63
|
ensure
|
@@ -64,7 +68,8 @@ describe Ixtlan::Guard::GuardNG do
|
|
64
68
|
it 'should not block root group' do
|
65
69
|
subject.block_groups([:root])
|
66
70
|
begin
|
67
|
-
|
71
|
+
# users resource ask for a block since it is restricted
|
72
|
+
subject.allowed?(:users, :update, [:root]){|g| g}.should be_true
|
68
73
|
subject.allowed?(:only_defaults, :update, [:root]).should be_true
|
69
74
|
subject.allowed?(:allow_all_defaults, :update, [:root]).should be_true
|
70
75
|
ensure
|
@@ -78,7 +83,8 @@ describe Ixtlan::Guard::GuardNG do
|
|
78
83
|
end
|
79
84
|
|
80
85
|
it 'should should use defaults on unknown action' do
|
81
|
-
|
86
|
+
# users resource ask for a block since it is restricted
|
87
|
+
subject.allowed?(:users, :unknow, [:users]){|g| g}.should be_true
|
82
88
|
subject.allowed?(:only_defaults, :unknow, [:users]).should be_true
|
83
89
|
subject.allowed?(:allow_all_defaults, :update, [:users]).should be_true
|
84
90
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
-
require 'ixtlan/guard/
|
2
|
+
require 'ixtlan/guard/guard'
|
3
3
|
require 'logger'
|
4
4
|
|
5
5
|
class Group
|
@@ -12,103 +12,119 @@ class Group
|
|
12
12
|
end
|
13
13
|
end
|
14
14
|
|
15
|
-
describe Ixtlan::Guard::
|
15
|
+
describe Ixtlan::Guard::Guard do
|
16
16
|
|
17
17
|
subject do
|
18
18
|
logger = Logger.new(STDOUT)
|
19
19
|
def logger.debug(&block)
|
20
20
|
# info("\n\t[debug] " + block.call)
|
21
21
|
end
|
22
|
-
Ixtlan::Guard::
|
22
|
+
Ixtlan::Guard::Guard.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"), :logger => logger )
|
23
23
|
end
|
24
24
|
|
25
|
-
it 'should pass without
|
26
|
-
subject.allowed?(:users, :
|
25
|
+
it 'should pass without block' do
|
26
|
+
subject.allowed?(:users, :edit, [Group.new(:users)]).should be_true
|
27
27
|
end
|
28
28
|
|
29
|
-
it 'should deny
|
30
|
-
subject.allowed?(:users, :update, [Group.new(:users)]){}.should be_false
|
29
|
+
it 'should deny with block returning empty array' do
|
30
|
+
subject.allowed?(:users, :update, [Group.new(:users)]){ |groups| [] }.should be_false
|
31
31
|
end
|
32
32
|
|
33
|
-
it 'should
|
34
|
-
subject.allowed?(:users, :update, [Group.new(:
|
33
|
+
it 'should allow root user' do
|
34
|
+
subject.allowed?(:users, :update, [Group.new(:root)]){ |groups| [] }.should be_true
|
35
35
|
end
|
36
36
|
|
37
|
-
it 'should pass with matching association
|
38
|
-
subject.allowed?(:users, :update, [Group.new(:users, :manager)]
|
39
|
-
|
40
|
-
end.should
|
37
|
+
it 'should pass with matching association' do
|
38
|
+
subject.allowed?(:users, :update, [Group.new(:users, :manager)]) do |groups|
|
39
|
+
groups.select { |g| g.domains.member? :manager }
|
40
|
+
end.should be_true
|
41
41
|
end
|
42
42
|
|
43
|
-
it 'should fail with mismatching association
|
44
|
-
subject.allowed?(:users, :update, [Group.new(:users, :manager)]
|
45
|
-
|
43
|
+
it 'should fail with mismatching association' do
|
44
|
+
subject.allowed?(:users, :update, [Group.new(:users, :manager)]) do |groups|
|
45
|
+
groups.select { |g| g.domains.detect {|d| d == 'nomanager' } }
|
46
46
|
end.should be_false
|
47
47
|
end
|
48
48
|
|
49
49
|
it 'should add associations to node' do
|
50
|
-
subject.permissions([Group.new('admin', [:german, :french])]) do |resource,
|
50
|
+
perms = subject.permissions([Group.new('admin', [:german, :french])]) do |resource, groups|
|
51
51
|
if groups && groups.first && groups.first.name == 'admin'
|
52
|
-
|
52
|
+
groups.first.domains
|
53
53
|
else
|
54
54
|
{}
|
55
55
|
end
|
56
|
-
end
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
56
|
+
end
|
57
|
+
|
58
|
+
expected = {}
|
59
|
+
expected[:accounts] = {
|
60
|
+
:permission=>{
|
61
|
+
:resource=>"accounts",
|
62
|
+
:actions=>[{:action=>{
|
63
|
+
:name=>"destroy",
|
64
|
+
:associations=>[:german, :french]}}],
|
65
|
+
:deny=>false}
|
66
|
+
}
|
67
|
+
expected[:allow_all_defaults] = {
|
68
|
+
:permission=>{
|
69
|
+
:resource=>"allow_all_defaults",
|
70
|
+
:actions=>[{:action=>{:name=>"index"}}],
|
71
|
+
:deny=>true,
|
72
|
+
:associations=>[:german, :french]}
|
73
|
+
}
|
74
|
+
expected[:defaults] = {
|
75
|
+
:permission=>{
|
76
|
+
:resource=>"defaults",
|
77
|
+
:actions=>[{:action=>{
|
78
|
+
:name=>"index",
|
79
|
+
:associations=>[:german, :french]}}],
|
80
|
+
:deny=>false}
|
81
|
+
}
|
82
|
+
expected[:no_defaults] = {
|
83
|
+
:permission=>{
|
84
|
+
:resource=>"no_defaults",
|
85
|
+
:actions=>[{:action=>{
|
86
|
+
:name=>"index",
|
87
|
+
:associations=>[:german, :french]}}],
|
88
|
+
:deny=>false}
|
89
|
+
}
|
90
|
+
expected[:only_defaults] = {
|
91
|
+
:permission=>{
|
92
|
+
:resource=>"only_defaults",
|
93
|
+
:actions=>[],
|
94
|
+
:associations=>[:german, :french],
|
95
|
+
:deny=>true}
|
96
|
+
}
|
97
|
+
expected[:person]= {
|
98
|
+
:permission=>{
|
99
|
+
:resource=>"person",
|
100
|
+
:actions=> [{:action=>{
|
101
|
+
:name=>"destroy",
|
102
|
+
:associations=>[:german, :french]}},
|
103
|
+
{:action=>{
|
104
|
+
:name=>"index",
|
105
|
+
:associations=>[:german, :french]}}],
|
106
|
+
:deny=>false}
|
107
|
+
}
|
108
|
+
expected[:regions] = {
|
109
|
+
:permission=>{
|
110
|
+
:resource=>"regions",
|
111
|
+
:actions=>[
|
112
|
+
{:action=>{:name=>"create", :associations=>[:german, :french]}},
|
113
|
+
{:action=>{:name=>"show", :associations=>[:german, :french]}}
|
114
|
+
],
|
115
|
+
:deny=>false}
|
116
|
+
}
|
117
|
+
expected[:users] = {
|
118
|
+
:permission=>{
|
119
|
+
:resource=>"users",
|
120
|
+
:actions=>[],
|
121
|
+
:deny=>false}
|
122
|
+
}
|
123
|
+
perms.each do |perm|
|
124
|
+
if perm[:actions]
|
125
|
+
perm[:actions].sort!{ |n,m| n.content[:name] <=> m.content[:name] }
|
126
|
+
end
|
127
|
+
expected[perm[:resource].to_sym].should == perm
|
128
|
+
end
|
113
129
|
end
|
114
130
|
end
|