lockdown 1.3.0 → 1.3.1

data/lib/lockdown.rb

@@ -1,11 +1,23 @@
 $:.unshift File.dirname(__FILE__)
 
+require File.join("lockdown", "errors")
+
 require File.join("lockdown", "helper")
+require File.join("lockdown", "session")
+require File.join("lockdown", "context")
+require File.join("lockdown", "permission")
+require File.join("lockdown", "database")
+require File.join("lockdown", "rules")
+require File.join("lockdown", "system")
+
+require File.join("lockdown", "references")
 
 module Lockdown
+  extend Lockdown::References
   extend Lockdown::Helper
 
-  VERSION = '1.3.0'
+  # current version is 1.3.0
+  VERSION = '1.3.1'
 
   # Returns the version string for the library.
   def self.version
@@ -59,14 +71,7 @@ module Lockdown
   end # mixin_resource?
 end # Lockdown
 
-require File.join("lockdown", "session")
-require File.join("lockdown", "context")
-require File.join("lockdown", "permission")
-require File.join("lockdown", "database")
-require File.join("lockdown", "rules")
-require File.join("lockdown", "system")
-
 puts "=> Mixing in Lockdown version: #{Lockdown.version} \n"
-
 Lockdown.mixin
 
+

data/lib/lockdown/errors.rb

@@ -0,0 +1,7 @@
+module Lockdown
+  class InvalidRuleAssignment < StandardError; end
+
+  class InvalidRuleContext < StandardError; end
+
+  class PermissionScopeCollision < StandardError; end
+end

data/lib/lockdown/frameworks/rails.rb

@@ -21,7 +21,7 @@ module Lockdown
             include Lockdown::Frameworks::Rails::View
           end
 
-          Lockdown::System.class_eval do 
+          Lockdown.system.class_eval do 
             extend Lockdown::Frameworks::Rails::System
           end
         end
@@ -45,7 +45,7 @@ module Lockdown
 
           klass.filter_parameter_logging :password, :password_confirmation
       
-          klass.rescue_from SecurityError, :with => proc{|e| access_denied(e)}
+          klass.rescue_from SecurityError, :with => proc{|e| ld_access_denied(e)}
         end
       end # class block
 
@@ -101,7 +101,7 @@ module Lockdown
         include Lockdown::Frameworks::Rails::Controller
 
         def skip_sync?
-          Lockdown::System.fetch(:skip_db_sync_in).include?(framework_environment)
+          Lockdown.system.fetch(:skip_db_sync_in).include?(framework_environment)
         end
         
         def framework_environment

data/lib/lockdown/frameworks/rails/controller.rb

@@ -92,7 +92,7 @@ module Lockdown
             return remote_url?(url_parts[2])
           end
     
-          def access_denied(e)
+          def ld_access_denied(e)
 
             RAILS_DEFAULT_LOGGER.info "Access denied: #{e}"
 

data/lib/lockdown/helper.rb

@@ -41,11 +41,11 @@ module Lockdown
     end
 
     def user_group_model_string
-      Lockdown::System.fetch(:user_group_model) || "UserGroup"
+      Lockdown.system.fetch(:user_group_model) || "UserGroup"
     end
     
     def user_model_string
-      Lockdown::System.fetch(:user_model) || "User"
+      Lockdown.system.fetch(:user_model) || "User"
     end
     
     def get_string(value)

data/lib/lockdown/permission.rb

@@ -1,7 +1,4 @@
 module Lockdown
-  class InvalidRuleContext < StandardError; end
-  class PermissionScopeCollision < StandardError; end
-
   class Controller
     attr_accessor :name, :access_methods, :only_methods, :except_methods
 
@@ -178,14 +175,14 @@ module Lockdown
 
     def set_as_public_access
       if protected_access?
-        raise PermissionScopeCollision, "Permission: #{name} already marked as protected and trying to set as public."
+        raise Lockdown::PermissionScopeCollision, "Permission: #{name} already marked as protected and trying to set as public."
       end
       @public_access = true
     end
 
     def set_as_protected_access
       if public_access?
-        raise PermissionScopeCollision, "Permission: #{name} already marked as public and trying to set as protected."
+        raise Lockdown::PermissionScopeCollision, "Permission: #{name} already marked as public and trying to set as protected."
       end
       @protected_access = true
     end
@@ -218,7 +215,7 @@ module Lockdown
       method_trace = caller.first;  
       calling_method = caller.first[/#{__FILE__}:(\d+):in `(.*)'/,2]
       unless current_context.allows?(calling_method)
-        raise InvalidRuleContext, "Method: #{calling_method} was called on wrong context #{current_context}. Allowed methods are: #{current_context.allowed_methods.join(',')}."
+        raise Lockdown::InvalidRuleContext, "Method: #{calling_method} was called on wrong context #{current_context}. Allowed methods are: #{current_context.allowed_methods.join(',')}."
       end
     end
   end

data/lib/lockdown/references.rb

@@ -0,0 +1,19 @@
+module Lockdown
+  module References
+    def helper
+      Lockdown::Helper
+    end
+
+    def rules
+      Lockdown::Rules
+    end
+
+    def session
+      Lockdown::Session
+    end
+
+    def system
+      Lockdown::System
+    end
+  end
+end

data/lib/lockdown/rspec_helper.rb

@@ -9,11 +9,23 @@ module Lockdown
       user_group_symbols.each do |ugs|
         access_rights << Lockdown::System.access_rights_for_user_group(ugs)
       end
+      login_user
       controller.session[:access_rights] = access_rights.flatten
     end
 
     alias login_with_group login_with_groups 
 
+    def login_with_permissions(*permissions_symbols)
+      access_rights = Lockdown::System.standard_authorized_user_rights
+      permissions_symbols.each do |ps|
+        access_rights << Lockdown::System.access_rights_for_permission(ps)
+      end
+      login_user
+      controller.session[:access_rights] = access_rights.flatten.uniq
+    end
+    
+    alias login_with_permission login_with_permissions    
+
     def login_standard
       login_user
     end

data/lib/lockdown/rules.rb

@@ -1,6 +1,4 @@
 module Lockdown
-  class InvalidRuleAssignment < StandardError; end
-
   module Rules
     attr_accessor :options
     attr_accessor :permissions
@@ -58,7 +56,7 @@ module Lockdown
           perm.set_as_public_access 
         else
           msg = "Permission not found: #{perm_symbol}"
-          raise InvalidRuleAssigment, msg
+          raise Lockdown::InvalidRuleAssignment, msg
         end
       end
     end
@@ -75,7 +73,7 @@ module Lockdown
           perm.set_as_protected_access 
         else
           msg = "Permission not found: #{perm_symbol}"
-          raise InvalidRuleAssigment, msg
+          raise Lockdown::InvalidRuleAssignment, msg
         end
       end
     end
@@ -290,7 +288,7 @@ module Lockdown
         perms.each do |perm|
           unless permission_exists?(perm)
             msg ="User Group: #{user_group}, permission not found: #{perm}"
-            raise InvalidRuleAssignment, msg
+            raise Lockdown::InvalidRuleAssignment, msg
           end
         end
       end

data/spec/lockdown/frameworks/rails_spec.rb

@@ -23,29 +23,57 @@ describe Lockdown::Frameworks::Rails do
 
   describe "#mixin" do
     it "should perform class_eval on controller view and system to inject itself" do
-      module ActionController; class Base; end end
-      module ActionView; class Base; end end
 
-      Lockdown.stub!(:controller_parent).and_return(ActionController::Base)
-      Lockdown.stub!(:view_helper).and_return(ActionView::Base)
+      @view_helper = Mikey
+      @view_helper.should_receive(:include).
+        with( Lockdown::Frameworks::Rails::View )
 
-      ActionView::Base.should_receive(:class_eval)
+      Lockdown.should_receive(:view_helper) do 
+        @view_helper
+      end
 
-      ActionController::Base.should_receive(:helper_method)
-      ActionController::Base.should_receive(:before_filter)
-      ActionController::Base.should_receive(:filter_parameter_logging)
-      ActionController::Base.should_receive(:rescue_from)
+      @system = Mikey
+      @system.should_receive(:extend).
+        with( Lockdown::Frameworks::Rails::System )
 
-      ActionController::Base.should_receive(:class_eval)
-      ActionController::Base.should_receive(:hide_action)
-
-      Lockdown::System.should_receive(:class_eval)
+      Lockdown.should_receive(:system) do 
+        @system
+      end
 
+      @rails.should_receive(:mixin_controller)
 
       @rails.mixin
     end
 
   end
+
+  describe "#mixin_controller" do
+
+    it "should inject itself" do
+      klass = Mikey
+
+      klass.should_receive(:include).
+        with(Lockdown::Session)
+
+      klass.should_receive(:include).
+        with(Lockdown::Frameworks::Rails::Controller::Lock)
+
+      klass.should_receive(:helper_method).with(:authorized?)
+
+      klass.should_receive(:hide_action).with(:set_current_user, :configure_lockdown, :check_request_authorization, :check_model_authorization)
+
+      klass.should_receive(:before_filter).and_return do |c|
+        #not working yet. very frustrating trying to test this
+      end
+
+      klass.should_receive(:filter_parameter_logging)
+
+      klass.should_receive(:rescue_from)
+
+      @rails.mixin_controller(klass)
+    end
+  end
+
 end
 
 RAILS_ROOT = "/shibby/dibby/do"

data/spec/lockdown/rules_spec.rb

@@ -15,13 +15,6 @@ describe Lockdown::Rules do
     end
   end
 
-  describe "#set_public_access" do
-    it "should define the permission as public" do
-      @rules.set_permission(:user_management)
-      @rules.set_public_access(:user_management)
-    end
-  end
-
   describe "#set_public_access" do
     it "should define the permission as public" do
       @rules.set_permission(:home_page)
@@ -31,9 +24,11 @@ describe Lockdown::Rules do
     end
 
     it "should raise and InvalidRuleAssignment if permission does not exist" do
-      msg = "Permission not found: user_management"
-      lambda{@rules.set_public_access(:toy_management)}.should
-        raise_error(Lockdown::InvalidRuleAssignment, msg)
+      msg = "Permission not found: toy_management"
+
+      @rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
+
+      @rules.set_public_access(:toy_management)
     end
   end
 
@@ -61,8 +56,10 @@ describe Lockdown::Rules do
 
     it "should raise and InvalidRuleAssignment if permission does not exist" do
       msg = "Permission not found: user_management"
-      lambda{@rules.set_protected_access(:user_management)}.should
-        raise_error(Lockdown::InvalidRuleAssignment, msg)
+
+      @rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
+
+      @rules.set_protected_access(:user_management)
     end
   end
 
@@ -144,8 +141,94 @@ describe Lockdown::Rules do
     end
   end
 
-
   describe "#make_user_administrator" do
+    it "should add admin to user groups" do
+      ugc = mock('user_group_class',:find_or_create_by_name => :admin)
+      Lockdown.should_receive(:user_group_class).and_return(ugc)
+
+      usr = mock('user', :user_groups => [])
+
+      @rules.make_user_administrator(usr).should include(:admin)
+    end
+  end
+
+  describe "#access_rights_for_user" do
+    it "should array of rights for user who is not an admin" do
+      @rules.should_receive(:administrator?).and_return(false)
+
+      @rules.set_permission(:register_account).
+        with_controller(:users).
+        only_methods(:new, :create)
+
+      @rules.set_public_access(:register_account)
+
+      perm = @rules.set_permission(:perm_one).
+        with_controller("a_controller").
+        only_methods("show","edit","update")
+
+      ug = @rules.set_user_group(:ug_one, :perm_one)
+
+      @rules.should_receive(:set_model_access)
+      @rules.process_rules
+
+      usr = mock('user', :user_groups => [:ug_one])
+
+      @rules.access_rights_for_user(usr).
+        should == ["users/new", "users/create", "a_controller/show", "a_controller/edit", "a_controller/update"]
+    end
+  end
+
+  describe "#access_rights_for_user_group" do
+    it "should return array of rights for user_group" do
+      perm = @rules.set_permission(:perm_one).
+        with_controller("a_controller").
+        only_methods("show","edit","update")
+
+      ug = @rules.set_user_group(:ug_one, :perm_one)
+
+      @rules.should_receive(:set_model_access)
+      @rules.process_rules
+
+      @rules.access_rights_for_user_group(:ug_one).
+        should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
+    end
+  end
+
+  describe "#access_rights_for_permission" do
+    it "should return array of rights for permission" do
+
+      perm = @rules.set_permission(:perm_one).
+        with_controller("a_controller").
+        only_methods("show","edit","update")
+
+      @rules.should_receive(:set_model_access)
+      @rules.process_rules
+
+      @rules.access_rights_for_permission(perm).
+        should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
+    end
+  end
+
+  describe "#standard_authorized_user_rights" do
+    it "should receive public_access + protected_access" do
+      @rules.set_permission(:register_account).
+        with_controller(:users).
+        only_methods(:new, :create)
+
+      @rules.set_permission(:my_profile).
+        with_controller(:users).
+        only_methods(:show, :edit, :update)
+      
+
+      @rules.set_public_access(:register_account)
+      @rules.set_protected_access(:my_profile)
+
+      @rules.should_receive(:set_model_access)
+      @rules.process_rules
+
+      @rules.standard_authorized_user_rights.
+        should == ["users/new", "users/create", "users/show", "users/edit", "users/update"]
+    end
   end
 
   describe "#process_rules" do

data/spec/lockdown/session_spec.rb

@@ -77,9 +77,9 @@ describe Lockdown::Session do
     it "should set the access_rights from the user list" do
       array  = ["posts/index", "posts/show"]
       Lockdown::System.stub!(:access_rights_for_user).and_return(array)
-      usr = mock(:id => 1234)
-      @controller.stub!(:current_user).and_return(usr)
-      @controller.send(:add_lockdown_session_values)
+      usr = mock('user')
+      usr.should_receive(:id).and_return(1234)
+      @controller.send(:add_lockdown_session_values, usr)
       @session[:access_rights].should == array
     end
   end

data/spec/spec_helper.rb

@@ -1 +1,8 @@
 require File.expand_path(File.join(File.dirname(__FILE__), %w[.. lib lockdown]))
+
+class Mikey  
+  def method_missing(method, *args)    
+    true
+  end
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: lockdown
 version: !ruby/object:Gem::Version 
-  version: 1.3.0
+  version: 1.3.1
 platform: ruby
 authors: 
 - Andrew Stone
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-08-18 00:00:00 -04:00
+date: 2009-09-02 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -38,12 +38,14 @@ files:
 - lib/lockdown.rb
 - lib/lockdown/context.rb
 - lib/lockdown/database.rb
+- lib/lockdown/errors.rb
 - lib/lockdown/frameworks/rails.rb
 - lib/lockdown/frameworks/rails/controller.rb
 - lib/lockdown/frameworks/rails/view.rb
 - lib/lockdown/helper.rb
 - lib/lockdown/orms/active_record.rb
 - lib/lockdown/permission.rb
+- lib/lockdown/references.rb
 - lib/lockdown/rspec_helper.rb
 - lib/lockdown/rules.rb
 - lib/lockdown/session.rb