lockdown 1.2.2 → 1.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. data/lib/lockdown/frameworks/rails.rb +1 -1
  2. data/lib/lockdown/permission.rb +6 -4
  3. data/lib/lockdown/rspec_helper.rb +100 -0
  4. data/lib/lockdown/rules.rb +27 -20
  5. data/lib/lockdown.rb +10 -8
  6. data/spec/lockdown/context_spec.rb +191 -0
  7. data/spec/lockdown/rspec_helper_spec.rb +39 -0
  8. data/spec/lockdown/rules_spec.rb +48 -1
  9. data/spec/lockdown/session_spec.rb +22 -0
  10. metadata +5 -2
data/lib/lockdown/frameworks/rails.rb CHANGED
@@ -34,7 +34,7 @@ module Lockdown
34
34
 
35
35
  klass.helper_method :authorized?
36
36
 
37
- klass.hide_action(:set_current_user, :configure_lockdown, :check_request_authorization)
37
+ klass.hide_action(:set_current_user, :configure_lockdown, :check_request_authorization, :check_model_authorization)
38
38
 
39
39
  klass.before_filter do |c|
40
40
  c.set_current_user
data/lib/lockdown/permission.rb CHANGED
@@ -98,10 +98,12 @@ module Lockdown
98
98
  # equals(:id)
99
99
  #
100
100
  def initialize(name_symbol)
101
- @name = name_symbol
102
- @controllers = {}
103
- @models = {}
104
- @current_context = Lockdown::RootContext.new(name_symbol)
101
+ @name = name_symbol
102
+ @controllers = {}
103
+ @models = {}
104
+ @current_context = Lockdown::RootContext.new(name_symbol)
105
+ @public_access = false
106
+ @protected_access = false
105
107
  end
106
108
 
107
109
  def with_controller(name_symbol)
data/lib/lockdown/rspec_helper.rb ADDED
@@ -0,0 +1,100 @@
1
+ module Lockdown
2
+ module RspecHelper
3
+ def login_admin
4
+ login_user(:admin)
5
+ end
6
+
7
+ def login_with_groups(*user_group_symbols)
8
+ access_rights = Lockdown::System.standard_authorized_user_rights
9
+ user_group_symbols.each do |ugs|
10
+ access_rights << Lockdown::System.access_rights_for_user_group(ugs)
11
+ end
12
+ controller.session[:access_rights] = access_rights.flatten
13
+ end
14
+
15
+ alias login_with_group login_with_groups
16
+
17
+ def login_standard
18
+ login_user
19
+ end
20
+
21
+ def public_user
22
+ setup_public_user
23
+ end
24
+
25
+
26
+ private
27
+
28
+ def login_user(user_type = :standard)
29
+ initialize_user(user_type)
30
+
31
+ create_user_session
32
+
33
+ controller.stub!(:current_user).and_return(@current_user)
34
+ end
35
+
36
+ def setup_public_user
37
+ controller.session[:access_rights] = Lockdown::System.public_access
38
+ end
39
+
40
+ def all_actions(hash = {})
41
+ methods = controller.send :action_methods
42
+
43
+ if excepts = hash.delete(:except)
44
+ methods.reject!{|m| excepts.include?(m.to_sym)}
45
+ end
46
+
47
+ Lockdown::System.paths_for(controller.controller_name,methods.to_a).sort
48
+ end
49
+
50
+ def only_actions(*actions)
51
+ Lockdown::System.paths_for(controller.controller_name,actions).sort
52
+ end
53
+
54
+ def allowed_actions
55
+ if rights = controller.session[:access_rights]
56
+ if rights == :all
57
+ all_actions
58
+ else
59
+ name = controller.controller_name
60
+ rights.collect{|r| r if r =~ /^#{name}\// || r == name}.compact.sort
61
+ end
62
+ else
63
+ []
64
+ end
65
+ end
66
+
67
+ def initialize_user(user_type)
68
+ @current_user = mock_user
69
+
70
+ if user_type == :admin
71
+ set_user_group(Lockdown.administrator_group_symbol)
72
+ end
73
+ end
74
+
75
+ # You may want to override this method
76
+ def mock_user
77
+ mock :user,
78
+ :first_name => 'John',
79
+ :last_name => 'Smith',
80
+ :password => "mysecret",
81
+ :password_confirmation => "mysecret"
82
+ end
83
+
84
+ def create_user_session
85
+ controller.send :add_lockdown_session_values, @current_user
86
+ end
87
+
88
+ # Lockdown.convert_reference_name converts :users to "Users"
89
+ def set_user_group(sym)
90
+ user_group = mock_user_group
91
+ user_group.stub!(:name).and_return( Lockdown.convert_reference_name(sym) )
92
+ @current_user.stub!(Lockdown.user_groups_hbtm_reference).and_return([user_group])
93
+ end
94
+
95
+ # You may want to override this method
96
+ def mock_user_group
97
+ mock_model(UserGroup)
98
+ end
99
+ end
100
+ end
data/lib/lockdown/rules.rb CHANGED
@@ -30,19 +30,10 @@ module Lockdown
30
30
  :successful_login_path => "/",
31
31
  :subdirectory => nil,
32
32
  :skip_db_sync_in => ["test"],
33
- :link_separator => ' | '
33
+ :link_separator => ' | ',
34
+ :user_group_model => "UserGroup",
35
+ :user_model => "User"
34
36
  }
35
-
36
- begin
37
- @options[:user_group_model] = "UserGroup"
38
- rescue NameError
39
- end
40
-
41
- begin
42
- @options[:user_model] = "User"
43
- rescue NameError
44
- end
45
-
46
37
  end
47
38
 
48
39
  #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -62,9 +53,9 @@ module Lockdown
62
53
  #
63
54
  def set_public_access(*perms)
64
55
  perms.each do |perm_symbol|
65
- perm = permission_objects.find{|name, pobj| pobj.name == perm_symbol}
56
+ perm = find_permission_object(perm_symbol)
66
57
  if perm
67
- perm[1].set_as_public_access
58
+ perm.set_as_public_access
68
59
  else
69
60
  msg = "Permission not found: #{perm_symbol}"
70
61
  raise InvalidRuleAssigment, msg
@@ -79,9 +70,9 @@ module Lockdown
79
70
  #
80
71
  def set_protected_access(*perms)
81
72
  perms.each do |perm_symbol|
82
- perm = permission_objects.find{|name, pobj| pobj.name == perm_symbol}
73
+ perm = find_permission_object(perm_symbol)
83
74
  if perm
84
- perm[1].set_as_protected_access
75
+ perm.set_as_protected_access
85
76
  else
86
77
  msg = "Permission not found: #{perm_symbol}"
87
78
  raise InvalidRuleAssigment, msg
@@ -118,13 +109,15 @@ module Lockdown
118
109
  alias_method :has_permission?, :permission_exists?
119
110
 
120
111
  # returns true if the permission is public
121
- def public_access?(permmision_symbol)
122
- public_access.include?(permmision_symbol)
112
+ def public_access?(perm_symbol)
113
+ obj = find_permission_object(perm_symbol)
114
+ obj.nil? ? false : obj.public_access?
123
115
  end
124
116
 
125
117
  # returns true if the permission is public
126
- def protected_access?(permmision_symbol)
127
- protected_access.include?(permmision_symbol)
118
+ def protected_access?(perm_symbol)
119
+ obj = find_permission_object(perm_symbol)
120
+ obj.nil? ? false : obj.protected_access?
128
121
  end
129
122
 
130
123
  # These permissions are assigned by the system
@@ -180,6 +173,15 @@ module Lockdown
180
173
  rights
181
174
  end
182
175
 
176
+ # Return array of controller/action for a user group
177
+ def access_rights_for_user_group(user_group_sym)
178
+ res = []
179
+ permissions_for_user_group(user_group_sym).each do |perm|
180
+ res << access_rights_for_permission(perm)
181
+ end
182
+ res.flatten
183
+ end
184
+
183
185
  # Return array of controller/action for a permission
184
186
  def access_rights_for_permission(perm)
185
187
  sym = Lockdown.get_symbol(perm)
@@ -278,6 +280,11 @@ module Lockdown
278
280
 
279
281
  private
280
282
 
283
+ def find_permission_object(perm_symbol)
284
+ obj = permission_objects.find{|name, pobj| pobj.name == perm_symbol}
285
+ obj[1] if obj
286
+ end
287
+
281
288
  def validate_user_groups
282
289
  user_groups.each do |user_group, perms|
283
290
  perms.each do |perm|
data/lib/lockdown.rb CHANGED
@@ -1,9 +1,11 @@
1
- require File.join(File.dirname(__FILE__), "lockdown", "helper")
1
+ $:.unshift File.dirname(__FILE__)
2
+
3
+ require File.join("lockdown", "helper")
2
4
 
3
5
  module Lockdown
4
6
  extend Lockdown::Helper
5
7
 
6
- VERSION = '1.2.2'
8
+ VERSION = '1.3.0'
7
9
 
8
10
  # Returns the version string for the library.
9
11
  def self.version
@@ -57,12 +59,12 @@ module Lockdown
57
59
  end # mixin_resource?
58
60
  end # Lockdown
59
61
 
60
- require File.join(File.dirname(__FILE__), "lockdown", "session")
61
- require File.join(File.dirname(__FILE__), "lockdown", "context")
62
- require File.join(File.dirname(__FILE__), "lockdown", "permission")
63
- require File.join(File.dirname(__FILE__), "lockdown", "database")
64
- require File.join(File.dirname(__FILE__), "lockdown", "rules")
65
- require File.join(File.dirname(__FILE__), "lockdown", "system")
62
+ require File.join("lockdown", "session")
63
+ require File.join("lockdown", "context")
64
+ require File.join("lockdown", "permission")
65
+ require File.join("lockdown", "database")
66
+ require File.join("lockdown", "rules")
67
+ require File.join("lockdown", "system")
66
68
 
67
69
  puts "=> Mixing in Lockdown version: #{Lockdown.version} \n"
68
70
 
data/spec/lockdown/context_spec.rb ADDED
@@ -0,0 +1,191 @@
1
+ require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
+
3
+ describe Lockdown::Context do
4
+ before do
5
+ @name = :my_account
6
+ end
7
+
8
+ describe Lockdown::RootContext do
9
+ before do
10
+ @c = Lockdown::RootContext.new(@name)
11
+ end
12
+
13
+ it "should return rootcontext" do
14
+ @c.to_s.should == "Lockdown::RootContext"
15
+ end
16
+
17
+ it "should allow with_controller" do
18
+ @c.allows?('with_controller').should == true
19
+ end
20
+
21
+ it "should allow and_controller" do
22
+ @c.allows?('and_controller').should == true
23
+ end
24
+
25
+ it "should allow to_model" do
26
+ @c.allows?('to_model').should == true
27
+ end
28
+
29
+ it "should not allow only_methods" do
30
+ @c.allows?('only_methods').should == false
31
+ end
32
+
33
+ it "should not allow except_methods" do
34
+ @c.allows?('except_methods').should == false
35
+ end
36
+
37
+ it "should not allow where" do
38
+ @c.allows?('where').should == false
39
+ end
40
+
41
+ it "should not allow is_in" do
42
+ @c.allows?('is_in').should == false
43
+ end
44
+
45
+ it "should not allow includes" do
46
+ @c.allows?('includes').should == false
47
+ end
48
+
49
+ it "should not allow equals" do
50
+ @c.allows?('equals').should == false
51
+ end
52
+ end
53
+
54
+ describe Lockdown::ControllerContext do
55
+ before do
56
+ @c = Lockdown::ControllerContext.new(@name)
57
+ end
58
+
59
+ it "should return rootcontext" do
60
+ @c.to_s.should == "Lockdown::ControllerContext"
61
+ end
62
+
63
+ it "should allow with_controller" do
64
+ @c.allows?('with_controller').should == true
65
+ end
66
+
67
+ it "should allow and_controller" do
68
+ @c.allows?('and_controller').should == true
69
+ end
70
+
71
+ it "should allow to_model" do
72
+ @c.allows?('to_model').should == true
73
+ end
74
+
75
+ it "should allow only_methods" do
76
+ @c.allows?('only_methods').should == true
77
+ end
78
+
79
+ it "should allow except_methods" do
80
+ @c.allows?('except_methods').should == true
81
+ end
82
+
83
+ it "should not allow where" do
84
+ @c.allows?('where').should == false
85
+ end
86
+
87
+ it "should not allow is_in" do
88
+ @c.allows?('is_in').should == false
89
+ end
90
+
91
+ it "should not allow includes" do
92
+ @c.allows?('includes').should == false
93
+ end
94
+
95
+ it "should not allow equals" do
96
+ @c.allows?('equals').should == false
97
+ end
98
+ end
99
+
100
+ describe Lockdown::ModelContext do
101
+ before do
102
+ @c = Lockdown::ModelContext.new(@name)
103
+ end
104
+
105
+ it "should return rootcontext" do
106
+ @c.to_s.should == "Lockdown::ModelContext"
107
+ end
108
+
109
+ it "should not allow with_controller" do
110
+ @c.allows?('with_controller').should == false
111
+ end
112
+
113
+ it "should not allow and_controller" do
114
+ @c.allows?('and_controller').should == false
115
+ end
116
+
117
+ it "should not allow to_model" do
118
+ @c.allows?('to_model').should == false
119
+ end
120
+
121
+ it "should not allow only_methods" do
122
+ @c.allows?('only_methods').should == false
123
+ end
124
+
125
+ it "should not allow except_methods" do
126
+ @c.allows?('except_methods').should == false
127
+ end
128
+
129
+ it "should allow where" do
130
+ @c.allows?('where').should == true
131
+ end
132
+
133
+ it "should not allow is_in" do
134
+ @c.allows?('is_in').should == false
135
+ end
136
+
137
+ it "should not allow includes" do
138
+ @c.allows?('includes').should == false
139
+ end
140
+
141
+ it "should not allow equals" do
142
+ @c.allows?('equals').should == false
143
+ end
144
+ end
145
+
146
+ describe Lockdown::ModelWhereContext do
147
+ before do
148
+ @c = Lockdown::ModelWhereContext.new(@name)
149
+ end
150
+
151
+ it "should return rootcontext" do
152
+ @c.to_s.should == "Lockdown::ModelWhereContext"
153
+ end
154
+
155
+ it "should not allow with_controller" do
156
+ @c.allows?('with_controller').should == false
157
+ end
158
+
159
+ it "should not allow and_controller" do
160
+ @c.allows?('and_controller').should == false
161
+ end
162
+
163
+ it "should not allow to_model" do
164
+ @c.allows?('to_model').should == false
165
+ end
166
+
167
+ it "should not allow only_methods" do
168
+ @c.allows?('only_methods').should == false
169
+ end
170
+
171
+ it "should not allow except_methods" do
172
+ @c.allows?('except_methods').should == false
173
+ end
174
+
175
+ it "should not allow where" do
176
+ @c.allows?('where').should == false
177
+ end
178
+
179
+ it "should allow is_in" do
180
+ @c.allows?('is_in').should == true
181
+ end
182
+
183
+ it "should allow includes" do
184
+ @c.allows?('includes').should == true
185
+ end
186
+
187
+ it "should allow equals" do
188
+ @c.allows?('equals').should == true
189
+ end
190
+ end
191
+ end
data/spec/lockdown/rspec_helper_spec.rb ADDED
@@ -0,0 +1,39 @@
1
+ require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
+
3
+ require 'lockdown/rspec_helper'
4
+
5
+ class TestAController
6
+ extend Lockdown::Frameworks::Rails::Controller
7
+ include Lockdown::Frameworks::Rails::Controller::Lock
8
+ end
9
+
10
+ class RspecEnv
11
+ include Lockdown::RspecHelper
12
+ end
13
+
14
+ describe Lockdown::RspecHelper do
15
+ before do
16
+ @controller = TestAController.new
17
+ @controller.stub!(:session).and_return({})
18
+
19
+ usr = mock :user,
20
+ :first_name => 'John',
21
+ :last_name => 'Smith',
22
+ :password => 'mysecret',
23
+ :password_confirmation => 'mysecret'
24
+
25
+ usr_group = mock :usr_group
26
+
27
+ @rspec_env = RspecEnv.new
28
+ @rspec_env.stub!(:controller).and_return(@controller)
29
+ @rspec_env.stub!(:mock_user).and_return(usr)
30
+ @rspec_env.stub!(:mock_user_group).and_return(usr_group)
31
+ end
32
+
33
+ describe "#login_admin" do
34
+ it "should set access_rights to :all" do
35
+ @rspec_env.login_admin
36
+ @rspec_env.controller.session[:access_rights].should == :all
37
+ end
38
+ end
39
+ end
data/spec/lockdown/rules_spec.rb CHANGED
@@ -32,11 +32,25 @@ describe Lockdown::Rules do
32
32
 
33
33
  it "should raise and InvalidRuleAssignment if permission does not exist" do
34
34
  msg = "Permission not found: user_management"
35
- lambda{@rules.set_public_access(:user_management)}.should
35
+ lambda{@rules.set_public_access(:toy_management)}.should
36
36
  raise_error(Lockdown::InvalidRuleAssignment, msg)
37
37
  end
38
38
  end
39
39
 
40
+ describe "#public_access?" do
41
+ it "should return true when permission is public" do
42
+ @rules.set_permission(:home_page)
43
+ @rules.set_public_access(:home_page)
44
+ @rules.public_access?(:home_page).should == true
45
+ end
46
+
47
+ it "should return false when permission is not public" do
48
+ @rules.set_permission(:home_page)
49
+ @rules.set_protected_access(:home_page)
50
+ @rules.public_access?(:home_page).should == false
51
+ end
52
+ end
53
+
40
54
  describe "#set_protected_access" do
41
55
  it "should define the permission as protected" do
42
56
  @rules.set_permission(:user_management)
@@ -52,6 +66,20 @@ describe Lockdown::Rules do
52
66
  end
53
67
  end
54
68
 
69
+ describe "#protected_access?" do
70
+ it "should return true when permission is protected" do
71
+ @rules.set_permission(:home_page)
72
+ @rules.set_protected_access(:home_page)
73
+ @rules.protected_access?(:home_page).should == true
74
+ end
75
+
76
+ it "should return false when permission is not protected" do
77
+ @rules.set_permission(:home_page)
78
+ @rules.set_public_access(:home_page)
79
+ @rules.protected_access?(:home_page).should == false
80
+ end
81
+ end
82
+
55
83
  describe "#get_permissions" do
56
84
  it "should return array of permission names as symbols" do
57
85
  Lockdown.should_receive(:add_controller_method)
@@ -78,6 +106,25 @@ describe Lockdown::Rules do
78
106
  end
79
107
  end
80
108
 
109
+ describe "#permission_assigned_automatically?" do
110
+ it "should return true when permission is public" do
111
+ @rules.set_permission(:home_page)
112
+ @rules.set_public_access(:home_page)
113
+ @rules.permission_assigned_automatically?(:home_page).should == true
114
+ end
115
+
116
+ it "should return true when permission is protected" do
117
+ @rules.set_permission(:home_page)
118
+ @rules.set_protected_access(:home_page)
119
+ @rules.permission_assigned_automatically?(:home_page).should == true
120
+ end
121
+
122
+ it "should return false when permission is not public" do
123
+ @rules.set_permission(:home_page)
124
+ @rules.permission_assigned_automatically?(:home_page).should == false
125
+ end
126
+ end
127
+
81
128
  describe "#get_user_groups" do
82
129
  it "should return array of user group names as symbols" do
83
130
  @rules.set_permission(:user_management)
data/spec/lockdown/session_spec.rb CHANGED
@@ -14,6 +14,19 @@ describe Lockdown::Session do
14
14
 
15
15
  @controller.stub!(:session).and_return(@session)
16
16
  end
17
+
18
+ describe "#logged_in?" do
19
+ it "should return false withou current_user_id" do
20
+ @controller.send(:logged_in?).should == false
21
+ end
22
+ end
23
+
24
+ describe "#current_user_id" do
25
+ it "should return false withou current_user_id" do
26
+ @session[:current_user_id] = 2
27
+ @controller.send(:current_user_id).should == 2
28
+ end
29
+ end
17
30
 
18
31
  describe "#nil_lockdown_values" do
19
32
  it "should nil access_rights" do
@@ -86,5 +99,14 @@ describe Lockdown::Session do
86
99
  end
87
100
 
88
101
  describe "#session_access_rights_include?" do
102
+ it "should return true for posts/index" do
103
+ @controller.send(:session_access_rights_include?,'posts/index').
104
+ should == true
105
+ end
106
+
107
+ it "should return false for pages/index" do
108
+ @controller.send(:session_access_rights_include?,'pages/index').
109
+ should == false
110
+ end
89
111
  end
90
112
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lockdown
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.2
4
+ version: 1.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Stone
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2009-08-16 00:00:00 -04:00
12
+ date: 2009-08-18 00:00:00 -04:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
@@ -44,6 +44,7 @@ files:
44
44
  - lib/lockdown/helper.rb
45
45
  - lib/lockdown/orms/active_record.rb
46
46
  - lib/lockdown/permission.rb
47
+ - lib/lockdown/rspec_helper.rb
47
48
  - lib/lockdown/rules.rb
48
49
  - lib/lockdown/session.rb
49
50
  - lib/lockdown/system.rb
@@ -78,11 +79,13 @@ files:
78
79
  - rails_generators/lockdown/templates/db/migrate/create_users.rb
79
80
  - rails_generators/lockdown/templates/lib/lockdown/README
80
81
  - rails_generators/lockdown/templates/lib/lockdown/init.rb
82
+ - spec/lockdown/context_spec.rb
81
83
  - spec/lockdown/database_spec.rb
82
84
  - spec/lockdown/frameworks/rails/controller_spec.rb
83
85
  - spec/lockdown/frameworks/rails/view_spec.rb
84
86
  - spec/lockdown/frameworks/rails_spec.rb
85
87
  - spec/lockdown/permission_spec.rb
88
+ - spec/lockdown/rspec_helper_spec.rb
86
89
  - spec/lockdown/rules_spec.rb
87
90
  - spec/lockdown/session_spec.rb
88
91
  - spec/lockdown/system_spec.rb