lockdown 0.7.1 → 0.8.0

data/spec/lockdown/frameworks/rails_spec.rb

@@ -0,0 +1,170 @@
+require File.join(File.dirname(__FILE__), %w[.. .. spec_helper])
+
+describe Lockdown::Frameworks::Rails do
+  before do
+    @rails = Lockdown::Frameworks::Rails
+    @rails.stub!(:use_me?).and_return(true)
+
+    @lockdown = mock("lockdown")
+  end
+
+
+  describe "#included" do
+    it "should extend lockdown with rails environment" do
+      @lockdown.should_receive(:extend).
+        with(Lockdown::Frameworks::Rails::Environment)
+
+      @rails.should_receive(:mixin)
+
+      @rails.included(@lockdown)
+    end
+  end
+
+  describe "#mixin" do
+    it "should perform class_eval on controller view and system to inject itself" do
+      module ActionController; class Base; end end
+      module ActionView; class Base; end end
+
+      Lockdown.stub!(:controller_parent).and_return(ActionController::Base)
+      Lockdown.stub!(:view_helper).and_return(ActionView::Base)
+
+      ActionView::Base.should_receive(:class_eval)
+
+      ActionController::Base.should_receive(:class_eval)
+
+      Lockdown::System.should_receive(:class_eval)
+
+
+      @rails.mixin
+    end
+
+  end
+end
+
+describe Lockdown::Frameworks::Rails::Environment do
+
+  RAILS_ROOT = "/shibby/dibby/do"
+  before do
+    @env = class Test; extend Lockdown::Frameworks::Rails::Environment; end
+  end
+
+  describe "#project_root" do
+    it "should return rails root" do
+      @env.project_root.should == "/shibby/dibby/do"
+    end
+  end
+
+  describe "#init_file" do
+    it "should return path to init_file" do
+      @env.stub!(:project_root).and_return("/shibby/dibby/do")
+      @env.init_file.should == "/shibby/dibby/do/lib/lockdown/init.rb"
+    end
+  end
+
+  describe "#controller_class_name" do
+    it "should add Controller to name" do
+      @env.controller_class_name("user").should == "UserController"
+    end
+
+    it "should convert two underscores to a namespaced controller" do
+      @env.controller_class_name("admin__user").should == "Admin::UserController"
+    end
+  end
+
+  describe "#controller_parent" do
+    it "should return ActionController::Base" do
+      module ActionController; class Base; end end
+
+      @env.controller_parent.should == ActionController::Base
+    end
+  end
+
+  describe "#view_helper" do
+    it "should return ActionView::Base" do
+      module ActionView; class Base; end end
+      
+      @env.view_helper.should == ActionView::Base
+    end
+  end
+end
+
+describe Lockdown::Frameworks::Rails::System do
+  class Test 
+    extend Lockdown::Frameworks::Rails::System
+    class << self
+      attr_accessor :controller_classes
+    end
+  end
+
+  module Rails
+    module VERSION
+      MAJOR = 2
+      MINOR = 2
+      TINY  = 2
+    end    
+  end
+
+  before do
+    @env = Test
+    @env.controller_classes = {}
+  end
+
+  describe "#skip_sync?" do
+  end
+
+  describe "#load_controller_classes" do
+  end
+
+  describe "#maybe_load_framework_controller_parent" do
+    it "should call require_or_load with application.rb < 2.3" do
+      @env.should_receive(:require_or_load).with("application.rb")
+
+      @env.maybe_load_framework_controller_parent
+    end
+
+    it "should call require_or_load with application_controller.rb >= 2.3" do
+      module Rails
+        module VERSION 
+          MINOR = 3
+          TINY  = 0
+        end    
+      end
+
+      @env.should_receive(:require_or_load).with("application_controller.rb")
+
+      @env.maybe_load_framework_controller_parent
+    end
+  end
+
+  describe "#lockdown_load" do
+    it "should add class to controller classes" do
+      @env.stub!(:class_name_from_file).and_return("controller_class")
+      Lockdown.stub!(:qualified_const_get).and_return(:controller_class)
+      @env.stub!(:require_or_load)
+
+      @env.lockdown_load("controller_file")
+
+      @env.controller_classes["ControllerFile"].should == :controller_class
+    end
+  end
+
+  describe "#require_or_load" do
+    it "should use Dependencies if not defined in ActiveSupport" do
+      module ActiveSupport; end
+      Dependencies = mock("dependencies") unless defined?(Dependencies)
+
+      Dependencies.should_receive(:require_or_load).with("controller_file")
+
+      @env.require_or_load("controller_file")
+    end
+
+    it "should use ActiveSupport::Dependencies if defined" do
+      module ActiveSupport; class Dependencies; end end
+
+      ActiveSupport::Dependencies.should_receive(:require_or_load).
+        with("controller_file")
+
+      @env.require_or_load("controller_file")
+    end
+  end
+end

data/spec/lockdown/permission_spec.rb

@@ -0,0 +1,156 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+
+describe Lockdown::Permission do
+  before do
+    
+    @permission = Lockdown::Permission.new(:user_management)
+    @permission.stub!(:paths_for).and_return([])
+  end
+
+  describe "#with_controller" do
+    before do
+      @permission.with_controller(:users)
+    end
+
+    it "should set current_context to ControllerContext" do
+      @permission.current_context.class.should equal(Lockdown::ControllerContext)
+    end
+  end
+
+  describe "#only_methods" do
+    before do
+      @permission.with_controller(:users).only_methods(:show, :edit)
+    end
+
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+
+  describe "#except_methods" do
+    before do
+      @permission.with_controller(:users).except_methods(:destroy)
+    end
+
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+
+  describe "#to_model" do
+    before do
+      @permission.to_model(:user)
+    end
+
+    it "should set current_context to ModelContext" do
+      @permission.current_context.class.should equal(Lockdown::ModelContext)
+    end
+  end
+
+  describe "#where" do
+    before do
+      @permission.to_model(:user).where(:current_user_id)
+    end
+
+    it "should set current_context to ModelWhereContext" do
+      @permission.current_context.class.should equal(Lockdown::ModelWhereContext)
+    end
+  end
+
+  describe "#equals" do
+    before do
+      @permission.to_model(:user).where(:current_user_id).equals(:id)
+    end
+
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+
+  describe "#is_in" do
+    before do
+      @permission.to_model(:user).where(:current_user_id).is_in(:manager_ids)
+    end
+
+    it "should set current_context to RootContext" do
+      @permission.current_context.class.should equal(Lockdown::RootContext)
+    end
+  end
+
+  describe "#set_as_public_access" do
+    it "should raise an PermissionScopeCollision if already protected" do
+      @permission.set_as_protected_access
+      lambda{@permission.set_as_public_access}.
+        should raise_error(Lockdown::PermissionScopeCollision)
+    end
+  end
+
+
+  describe "#set_as_protected_access" do
+    it "should raise an PermissionScopeCollision if already public" do
+      @permission.set_as_public_access
+      lambda{@permission.set_as_protected_access}.
+        should raise_error(Lockdown::PermissionScopeCollision)
+    end
+  end
+
+  describe "while in RootContext" do
+    before do
+      @permission.with_controller(:users).only_methods(:show, :edit)
+    end
+
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:only_methods, :except_methods, :where, :equals, :is_in, :includes]
+
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+
+  describe "while in ControllerContext" do
+    before do
+      @permission.with_controller(:users)
+    end
+
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:where, :equals, :is_in, :includes]
+
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+
+  describe "while in ModelContext" do
+    before do
+      @permission.to_model(:user)
+    end
+
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :equals, :is_in, :includes]
+
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+
+  describe "while in ModelWhereContext" do
+    before do
+      @permission.to_model(:user).where(:current_user_id)
+    end
+
+    it "should raise InvalidRuleContext trying to access methods out of context" do
+      methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :where]
+
+        methods.each do |method|
+          lambda{@permission.send(method, :sample_param)}.
+            should raise_error(Lockdown::InvalidRuleContext)
+        end
+    end
+  end
+end

data/spec/lockdown/rules_spec.rb

@@ -0,0 +1,109 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+
+class TestSystem; extend Lockdown::Rules; end
+
+describe Lockdown::Rules do
+  before do
+    @rules = TestSystem
+    @rules.set_defaults
+  end
+
+  describe "#set_permission" do
+    it "should create and return a Permission object" do
+      @rules.set_permission(:user_management).
+        should == Lockdown::Permission.new(:user_management) 
+    end
+  end
+
+  describe "#set_public_access" do
+    it "should define the permission as public" do
+      @rules.set_permission(:user_management)
+      @rules.set_public_access(:user_management)
+    end
+  end
+
+  describe "#set_public_access" do
+    it "should define the permission as public" do
+      @rules.set_permission(:home_page)
+      @rules.set_public_access(:home_page)
+      perm = @rules.permission_objects.find{|name, object| name == :home_page}
+      perm[1].public_access?.should be_true
+    end
+
+    it "should raise and InvalidRuleAssignment if permission does not exist" do
+      msg = "Permission not found: user_management"
+      lambda{@rules.set_public_access(:user_management)}.should
+        raise_error(Lockdown::InvalidRuleAssignment, msg)
+    end
+  end
+
+  describe "#set_protected_access" do
+    it "should define the permission as protected" do
+      @rules.set_permission(:user_management)
+      @rules.set_protected_access(:user_management)
+      perm = @rules.permission_objects.find{|name, object| name == :user_management}
+      perm[1].protected_access?.should be_true
+    end
+
+    it "should raise and InvalidRuleAssignment if permission does not exist" do
+      msg = "Permission not found: user_management"
+      lambda{@rules.set_protected_access(:user_management)}.should
+        raise_error(Lockdown::InvalidRuleAssignment, msg)
+    end
+  end
+
+  describe "#get_permissions" do
+    it "should return array of permission names as symbols" do
+      @rules.set_permission(:home_page)
+      @rules.set_permission(:user_management)
+      @rules.process_rules
+      @rules.get_permissions.should include(:home_page) 
+      @rules.get_permissions.should include(:user_management)
+    end
+  end
+
+  describe "#permission_exists?" do
+    it "should return true if permission exists" do
+      @rules.set_permission(:home_page)
+      @rules.process_rules
+      @rules.permission_exists?(:home_page).should be_true
+    end
+
+    it "should return false if permission does not exist" do
+      @rules.permission_exists?(:home_page).should be_false
+    end
+  end
+
+  describe "#get_user_groups" do
+    it "should return array of user group names as symbols" do
+      @rules.set_permission(:user_management)
+      @rules.set_user_group(:security_management, :user_management)
+      @rules.get_user_groups.should == [:security_management]
+    end
+  end
+
+  describe "#user_group_exists?" do
+    it "should return true if user_group exists" do
+      @rules.set_user_group(:user_management, :some_perm)
+      @rules.user_group_exists?(:user_management).should be_true
+    end
+
+    it "should return false if user_group does not exist" do
+      @rules.user_group_exists?(:user_management).should be_false
+    end
+  end
+
+
+  describe "#make_user_administrator" do
+  end
+
+  describe "#process_rules" do
+    it "should validate user_group permissions" do
+      @rules.set_user_group(:test_group, :a_perm)
+      error =  "User Group: test_group, permission not found: a_perm"
+
+      lambda{@rules.process_rules}.
+        should raise_error(Lockdown::InvalidRuleAssignment, error)
+    end
+  end
+end

data/spec/lockdown/session_spec.rb

@@ -0,0 +1,88 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+
+class TestAController
+  include Lockdown::Session
+end
+
+describe Lockdown::Session do
+  before do
+    @controller = TestAController.new
+
+    @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
+
+    @session = {:access_rights => @actions}
+
+    @controller.stub!(:session).and_return(@session)
+  end
+
+  describe "#nil_lockdown_values" do
+    it "should nil access_rights" do
+      @controller.send :nil_lockdown_values
+      @session[:access_rights].should == nil
+    end
+  end
+
+  describe "#current_user_access_in_group?" do
+    it "should return true if current user is admin" do
+      @actions = :all
+      @session = {:access_rights => @actions}
+      @controller.stub!(:session).and_return(@session)
+
+      @controller.send(:current_user_access_in_group?,:group).should == true
+    end
+
+    it "should return true if current_user has access" do
+      user_groups = {:public_group => [:public_access]}
+      hash  = {:public_access => ["posts/index", "posts/show"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+
+      Lockdown::System.stub!(:user_groups).and_return(user_groups)
+      @controller.send(:current_user_access_in_group?,:public_group).should be_true
+    end
+
+    it "should return false if current_user has access" do
+      user_groups = {:public_group => [:public_access]}
+      hash  = {:public_access => ["books/edit", "books/update"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+
+      Lockdown::System.stub!(:user_groups).and_return(user_groups)
+      @controller.send(:current_user_access_in_group?,:public_group).should be_false
+    end
+  end
+
+  describe "#current_user_is_admin?" do
+    it "should return true if access_rights == :all" do
+      @actions = :all
+      @session = {:access_rights => @actions}
+      @controller.stub!(:session).and_return(@session)
+
+      @controller.send(:current_user_is_admin?).should == true
+    end
+  end
+
+  describe "#add_lockdown_session_values" do
+    it "should set the access_rights from the user list" do
+      array  = ["posts/index", "posts/show"]
+      Lockdown::System.stub!(:access_rights_for_user).and_return(array)
+      @controller.send(:add_lockdown_session_values,:user_object).
+        should == array
+    end
+  end
+
+
+  describe "#access_in_perm" do
+    it "should return false if permissions nil" do
+      Lockdown::System.stub!(:permissions).and_return({})
+      @controller.send(:access_in_perm?,:dummy).should be_false
+    end
+
+    it "should return true if permission found" do
+      hash  = {:public => ["posts/index", "posts/show"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+      @controller.send(:access_in_perm?,:public).should be_true
+    end
+  end
+
+  describe "#session_access_rights_include?" do
+  end
+end

data/spec/lockdown/system_spec.rb

@@ -0,0 +1,59 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+require File.join(File.dirname(__FILE__), %w[.. .. lib lockdown rules])
+
+describe Lockdown::System do
+  it "should fetch the option" do
+    Lockdown::System.options = {}
+    Lockdown::System.options['test'] = "my test"
+    Lockdown::System.fetch('test').should == "my test"
+  end
+
+  it "should fetch the controller class" do
+    klass = mock("User Controller Class")
+    Lockdown.stub!(:controller_class_name).and_return(:users)
+    Lockdown::System.controller_classes = {}
+    Lockdown::System.controller_classes[:users] = klass
+    Lockdown::System.fetch_controller_class(:users).should equal(klass)
+  end
+
+  describe "#configure" do
+    it "should call the methods responsible for defining the rules" do
+      Lockdown::System.stub!(:skip_sync?).and_return(false)
+
+      Lockdown::System.should_receive :set_defaults 
+ 
+      Lockdown::System.should_receive :load_controller_classes
+
+      Lockdown::System.should_receive :instance_eval
+ 
+      Lockdown::System.should_receive :process_rules
+ 
+      Lockdown::Database.should_receive :sync_with_db 
+     
+      Lockdown::System.configure do
+      end
+    end
+  end
+
+  describe "#paths_for" do
+    it "should join the str_sym to the methods" do 
+      Lockdown::System.paths_for(:users, :show, :edit).
+        should == ["users/show", "users/edit"]
+    end
+
+    it "should add users to the array if access is granted on index" do 
+      Lockdown::System.paths_for(:users, :index, :show, :edit).
+        should == ["users/index", "users/show", "users/edit", "users"]
+    end
+
+    it "should build the paths from the controller class if no methods specified" do
+      methods = ["new","edit","create","update"]
+      Lockdown::System.stub!(:fetch_controller_class)
+      Lockdown::System.stub!(:available_actions).
+        and_return(methods)
+
+      Lockdown::System.paths_for(:users).
+        should == ["users/new","users/edit","users/create","users/update"]
+    end
+  end
+end

data/spec/lockdown_spec.rb

@@ -0,0 +1,19 @@
+require File.join(File.dirname(__FILE__), 'spec_helper')
+
+describe Lockdown do
+  before do
+    Lockdown.stub!(:version).and_return('1.2.3')
+  end
+
+  it "should return the correct major version" do
+    Lockdown.major_version.should equal(1)
+  end
+
+  it "should return the correct minor version" do
+    Lockdown.minor_version.should equal(2)
+  end
+
+  it "should return the correct patch version" do
+    Lockdown.patch_version.should equal(3)
+  end
+end

data/spec/rcov.opts

@@ -0,0 +1,5 @@
+--text-summary
+--exclude
+  json,FakeWeb,rcov.rb,rspec,spec
+--sort
+  coverage

data/spec/spec.opts

@@ -0,0 +1,3 @@
+--color
+--format
+  progress

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require File.expand_path(File.join(File.dirname(__FILE__), %w[.. lib lockdown]))

data/tasks/post_load.rake

@@ -2,8 +2,8 @@
 # This file does not define any rake tasks. It is used to load some project
 # settings if they are not defined by the user.
 
-PROJ.rdoc.exclude << "^#{Regexp.escape(PROJ.manifest_file)}$"
 PROJ.exclude << ["^#{Regexp.escape(PROJ.ann.file)}$",
+                 "^#{Regexp.escape(PROJ.ignore_file)}$",
                  "^#{Regexp.escape(PROJ.rdoc.dir)}/",
                  "^#{Regexp.escape(PROJ.rcov.dir)}/"]
 
@@ -25,12 +25,7 @@ PROJ.description ||= paragraphs_of(PROJ.readme_file, 'description').join("\n\n")
 
 PROJ.summary ||= PROJ.description.split('.').first
 
-PROJ.gem.files ||=
-  if test(?f, PROJ.manifest_file)
-    files = File.readlines(PROJ.manifest_file).map {|fn| fn.chomp.strip}
-    files.delete ''
-    files
-  else [] end
+PROJ.gem.files ||= manifest
 
 PROJ.gem.executables ||= PROJ.gem.files.find_all {|fn| fn =~ %r/^bin/}
 

data/tasks/setup.rb

@@ -4,6 +4,7 @@ require 'rake'
 require 'rake/clean'
 require 'fileutils'
 require 'ostruct'
+require 'find'
 
 class OpenStruct; undef :gem; end
 
@@ -27,8 +28,8 @@ PROJ = OpenStruct.new(
   :ruby_opts => %w(-w),
   :libs => [],
   :history_file => 'History.txt',
-  :manifest_file => 'Manifest.txt',
   :readme_file => 'README.txt',
+  :ignore_file => '.bnsignore',
 
   # Announce
   :ann => OpenStruct.new(
@@ -254,9 +255,29 @@ end
 # Scans the current working directory and creates a list of files that are
 # candidates to be in the manifest.
 #
-def manifest_files
+def manifest
   files = []
-  exclude = Regexp.new(PROJ.exclude.join('|'))
+  exclude = PROJ.exclude.dup
+  comment = %r/^\s*#/
+ 
+  # process the ignore file and add the items there to the exclude list
+  if test(?f, PROJ.ignore_file)
+    ary = []
+    File.readlines(PROJ.ignore_file).each do |line|
+      next if line =~ comment
+      line.chomp!
+      line.strip!
+      next if line.nil? or line.empty?
+
+      glob = line =~ %r/\*\./ ? File.join('**', line) : line
+      Dir.glob(glob).each {|fn| ary << "^#{Regexp.escape(fn)}"}
+    end
+    exclude.concat ary
+  end
+
+  # generate a regular expression from the exclude list
+  exclude = Regexp.new(exclude.join('|'))
+
   Find.find '.' do |path|
     path.sub! %r/^(\.\/|\/)/o, ''
     next unless test ?f, path