lockdown 1.6.5 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +1 -0
- data/README.txt +8 -5
- data/Rakefile +43 -26
- data/lib/lockdown/access.rb +108 -0
- data/lib/lockdown/configuration.rb +201 -0
- data/lib/lockdown/database.rb +31 -36
- data/lib/lockdown/delivery.rb +26 -0
- data/lib/lockdown/errors.rb +3 -7
- data/lib/lockdown/frameworks/rails/controller.rb +21 -59
- data/lib/lockdown/frameworks/rails/view.rb +1 -1
- data/lib/lockdown/frameworks/rails.rb +7 -43
- data/lib/lockdown/helper.rb +14 -85
- data/lib/lockdown/orms/active_record.rb +7 -9
- data/lib/lockdown/permission.rb +37 -203
- data/lib/lockdown/resource.rb +54 -0
- data/lib/lockdown/session.rb +16 -25
- data/lib/lockdown/user_group.rb +16 -0
- data/lib/lockdown.rb +15 -60
- data/lockdown.gemspec +29 -69
- data/test/helper.rb +9 -0
- data/test/lockdown/test_access.rb +80 -0
- data/test/lockdown/test_configuration.rb +194 -0
- data/test/lockdown/test_delivery.rb +163 -0
- data/test/lockdown/test_helper.rb +33 -0
- data/test/lockdown/test_permission.rb +73 -0
- data/test/lockdown/test_resource.rb +47 -0
- data/test/lockdown/test_session.rb +31 -0
- data/test/lockdown/test_user_group.rb +17 -0
- data/test/test_lockdown.rb +11 -0
- metadata +41 -78
- data/lib/lockdown/context.rb +0 -41
- data/lib/lockdown/references.rb +0 -19
- data/lib/lockdown/rspec_helper.rb +0 -118
- data/lib/lockdown/rules.rb +0 -372
- data/lib/lockdown/system.rb +0 -58
- data/rails_generators/lockdown/lockdown_generator.rb +0 -274
- data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +0 -22
- data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +0 -39
- data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +0 -122
- data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +0 -117
- data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/models/permission.rb +0 -13
- data/rails_generators/lockdown/templates/app/models/profile.rb +0 -10
- data/rails_generators/lockdown/templates/app/models/user.rb +0 -95
- data/rails_generators/lockdown/templates/app/models/user_group.rb +0 -15
- data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +0 -16
- data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +0 -26
- data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +0 -12
- data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +0 -33
- data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +0 -20
- data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +0 -31
- data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +0 -29
- data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +0 -51
- data/rails_generators/lockdown/templates/app/views/users/index.html.erb +0 -22
- data/rails_generators/lockdown/templates/app/views/users/new.html.erb +0 -50
- data/rails_generators/lockdown/templates/app/views/users/show.html.erb +0 -33
- data/rails_generators/lockdown/templates/config/initializers/lockit.rb +0 -1
- data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +0 -17
- data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +0 -19
- data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +0 -26
- data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +0 -19
- data/rails_generators/lockdown/templates/db/migrate/create_users.rb +0 -17
- data/rails_generators/lockdown/templates/lib/lockdown/README +0 -42
- data/rails_generators/lockdown/templates/lib/lockdown/init.rb +0 -131
- data/spec/lockdown/context_spec.rb +0 -191
- data/spec/lockdown/database_spec.rb +0 -162
- data/spec/lockdown/frameworks/rails/controller_spec.rb +0 -215
- data/spec/lockdown/frameworks/rails/view_spec.rb +0 -96
- data/spec/lockdown/frameworks/rails_spec.rb +0 -163
- data/spec/lockdown/permission_spec.rb +0 -156
- data/spec/lockdown/rspec_helper_spec.rb +0 -40
- data/spec/lockdown/rules_spec.rb +0 -245
- data/spec/lockdown/session_spec.rb +0 -112
- data/spec/lockdown/system_spec.rb +0 -51
- data/spec/lockdown_spec.rb +0 -19
- data/spec/rcov.opts +0 -5
- data/spec/spec.opts +0 -3
- data/spec/spec_helper.rb +0 -8
@@ -1,131 +0,0 @@
|
|
1
|
-
Lockdown::System.configure do
|
2
|
-
|
3
|
-
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
4
|
-
# Configuration Options
|
5
|
-
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
6
|
-
# Options with defaults:
|
7
|
-
#
|
8
|
-
#
|
9
|
-
# Set User model:
|
10
|
-
# # make sure you use the string "User", not the constant
|
11
|
-
# options[:user_model] = "User"
|
12
|
-
#
|
13
|
-
# Set UserGroup model:
|
14
|
-
# # make sure you use the string "UserGroup", not the constant
|
15
|
-
# options[:user_group_model] = "UserGroup"
|
16
|
-
#
|
17
|
-
# Set who_did_it method:
|
18
|
-
# This method is used in setting the created_by/updated_by fields and
|
19
|
-
# should be accessible to the controller
|
20
|
-
# options[:who_did_it] = :current_user_id
|
21
|
-
#
|
22
|
-
# Set default_who_did_it:
|
23
|
-
# When current_user_id returns nil, this is the value to use
|
24
|
-
# options[:default_who_did_it] = 1
|
25
|
-
#
|
26
|
-
# Lockdown version < 0.9.0 set this to:
|
27
|
-
# options[:default_who_did_it] = Profile::System
|
28
|
-
#
|
29
|
-
# Should probably be something like:
|
30
|
-
# options[:default_who_did_it] = User::SystemId
|
31
|
-
#
|
32
|
-
# Set timeout to 1 hour:
|
33
|
-
# options[:session_timeout] = (60 * 60)
|
34
|
-
#
|
35
|
-
# Call method when timeout occurs (method must be callable by controller):
|
36
|
-
# options[:session_timeout_method] = :clear_session_values
|
37
|
-
#
|
38
|
-
# Set system to logout if unauthorized access is attempted:
|
39
|
-
# options[:logout_on_access_violation] = false
|
40
|
-
#
|
41
|
-
# Set redirect to path on unauthorized access attempt:
|
42
|
-
# options[:access_denied_path] = "/"
|
43
|
-
#
|
44
|
-
# Set redirect to path on successful login:
|
45
|
-
# options[:successful_login_path] = "/"
|
46
|
-
#
|
47
|
-
# Set separator on links call
|
48
|
-
# options[:links_separator] = "|"
|
49
|
-
#
|
50
|
-
# If deploying to a subdirectory, set that here. Defaults to nil
|
51
|
-
# options[:subdirectory] = "blog"
|
52
|
-
# *Notice: Do not add leading or trailing slashes,
|
53
|
-
# Lockdown will handle this
|
54
|
-
#
|
55
|
-
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
56
|
-
# Define permissions
|
57
|
-
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
58
|
-
#
|
59
|
-
# set_permission(:product_management).
|
60
|
-
# with_controller(:products)
|
61
|
-
#
|
62
|
-
# :product_management is the name of the permission which is later
|
63
|
-
# referenced by the set_user_group method
|
64
|
-
#
|
65
|
-
# .with_controller(:products) defaults to all action_methods available on that
|
66
|
-
# controller. You can change this behaviour by chaining on except_methods or
|
67
|
-
# only_methods. (see examples below)
|
68
|
-
#
|
69
|
-
# ** To define a namespaced controller use two underscores:
|
70
|
-
# :admin__products
|
71
|
-
#
|
72
|
-
# if products is your standard RESTful resource you'll get:
|
73
|
-
# ["products/index , "products/show",
|
74
|
-
# "products/new", "products/edit",
|
75
|
-
# "products/create", "products/update",
|
76
|
-
# "products/destroy"]
|
77
|
-
#
|
78
|
-
# You can chain method calls to restrict the methods for one controller
|
79
|
-
# or you can add multiple controllers to one permission.
|
80
|
-
#
|
81
|
-
# set_permission(:security_management).
|
82
|
-
# with_controller(:users).
|
83
|
-
# and_controller(:user_groups).
|
84
|
-
# and_controller(:permissions)
|
85
|
-
#
|
86
|
-
# In addition to with_controller(:controller) there are:
|
87
|
-
#
|
88
|
-
# set_permission(:some_nice_permission_name).
|
89
|
-
# with_controller(:some_controller_name).
|
90
|
-
# only_methods(:only_method_1, :only_method_2)
|
91
|
-
#
|
92
|
-
# set_permission(:some_nice_permission_name).
|
93
|
-
# with_controller(:some_controller_name).
|
94
|
-
# except_methods(:except_method_1, :except_method_2)
|
95
|
-
#
|
96
|
-
# set_permission(:some_nice_permission_name).
|
97
|
-
# with_controller(:some_controller_name).
|
98
|
-
# except_methods(:except_method_1, :except_method_2).
|
99
|
-
# and_controller(:another_controller_name).
|
100
|
-
# and_controller(:yet_another_controller_name)
|
101
|
-
#
|
102
|
-
# Define your permissions here:
|
103
|
-
|
104
|
-
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
105
|
-
# Built-in user groups
|
106
|
-
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
107
|
-
# You can assign the above permission to one of the built-in user groups
|
108
|
-
# by using the following:
|
109
|
-
#
|
110
|
-
# To allow public access on the permissions :sessions and :home:
|
111
|
-
# set_public_access :sessions, :home
|
112
|
-
#
|
113
|
-
# Restrict :my_account access to only authenticated users:
|
114
|
-
# set_protected_access :my_account
|
115
|
-
#
|
116
|
-
# Define the built-in user groups here:
|
117
|
-
|
118
|
-
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
119
|
-
# Define user groups
|
120
|
-
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
121
|
-
#
|
122
|
-
# set_user_group(:catalog_management, :category_management,
|
123
|
-
# :product_management)
|
124
|
-
#
|
125
|
-
# :catalog_management is the name of the user group
|
126
|
-
# :category_management and :product_management refer to permission names
|
127
|
-
#
|
128
|
-
#
|
129
|
-
# Define your user groups here:
|
130
|
-
|
131
|
-
end
|
@@ -1,191 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
2
|
-
|
3
|
-
describe Lockdown::Context do
|
4
|
-
before do
|
5
|
-
@name = :my_account
|
6
|
-
end
|
7
|
-
|
8
|
-
describe Lockdown::RootContext do
|
9
|
-
before do
|
10
|
-
@c = Lockdown::RootContext.new(@name)
|
11
|
-
end
|
12
|
-
|
13
|
-
it "should return rootcontext" do
|
14
|
-
@c.to_s.should == "Lockdown::RootContext"
|
15
|
-
end
|
16
|
-
|
17
|
-
it "should allow with_controller" do
|
18
|
-
@c.allows?('with_controller').should == true
|
19
|
-
end
|
20
|
-
|
21
|
-
it "should allow and_controller" do
|
22
|
-
@c.allows?('and_controller').should == true
|
23
|
-
end
|
24
|
-
|
25
|
-
it "should allow to_model" do
|
26
|
-
@c.allows?('to_model').should == true
|
27
|
-
end
|
28
|
-
|
29
|
-
it "should not allow only_methods" do
|
30
|
-
@c.allows?('only_methods').should == false
|
31
|
-
end
|
32
|
-
|
33
|
-
it "should not allow except_methods" do
|
34
|
-
@c.allows?('except_methods').should == false
|
35
|
-
end
|
36
|
-
|
37
|
-
it "should not allow where" do
|
38
|
-
@c.allows?('where').should == false
|
39
|
-
end
|
40
|
-
|
41
|
-
it "should not allow is_in" do
|
42
|
-
@c.allows?('is_in').should == false
|
43
|
-
end
|
44
|
-
|
45
|
-
it "should not allow includes" do
|
46
|
-
@c.allows?('includes').should == false
|
47
|
-
end
|
48
|
-
|
49
|
-
it "should not allow equals" do
|
50
|
-
@c.allows?('equals').should == false
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
describe Lockdown::ControllerContext do
|
55
|
-
before do
|
56
|
-
@c = Lockdown::ControllerContext.new(@name)
|
57
|
-
end
|
58
|
-
|
59
|
-
it "should return rootcontext" do
|
60
|
-
@c.to_s.should == "Lockdown::ControllerContext"
|
61
|
-
end
|
62
|
-
|
63
|
-
it "should allow with_controller" do
|
64
|
-
@c.allows?('with_controller').should == true
|
65
|
-
end
|
66
|
-
|
67
|
-
it "should allow and_controller" do
|
68
|
-
@c.allows?('and_controller').should == true
|
69
|
-
end
|
70
|
-
|
71
|
-
it "should allow to_model" do
|
72
|
-
@c.allows?('to_model').should == true
|
73
|
-
end
|
74
|
-
|
75
|
-
it "should allow only_methods" do
|
76
|
-
@c.allows?('only_methods').should == true
|
77
|
-
end
|
78
|
-
|
79
|
-
it "should allow except_methods" do
|
80
|
-
@c.allows?('except_methods').should == true
|
81
|
-
end
|
82
|
-
|
83
|
-
it "should not allow where" do
|
84
|
-
@c.allows?('where').should == false
|
85
|
-
end
|
86
|
-
|
87
|
-
it "should not allow is_in" do
|
88
|
-
@c.allows?('is_in').should == false
|
89
|
-
end
|
90
|
-
|
91
|
-
it "should not allow includes" do
|
92
|
-
@c.allows?('includes').should == false
|
93
|
-
end
|
94
|
-
|
95
|
-
it "should not allow equals" do
|
96
|
-
@c.allows?('equals').should == false
|
97
|
-
end
|
98
|
-
end
|
99
|
-
|
100
|
-
describe Lockdown::ModelContext do
|
101
|
-
before do
|
102
|
-
@c = Lockdown::ModelContext.new(@name)
|
103
|
-
end
|
104
|
-
|
105
|
-
it "should return rootcontext" do
|
106
|
-
@c.to_s.should == "Lockdown::ModelContext"
|
107
|
-
end
|
108
|
-
|
109
|
-
it "should not allow with_controller" do
|
110
|
-
@c.allows?('with_controller').should == false
|
111
|
-
end
|
112
|
-
|
113
|
-
it "should not allow and_controller" do
|
114
|
-
@c.allows?('and_controller').should == false
|
115
|
-
end
|
116
|
-
|
117
|
-
it "should not allow to_model" do
|
118
|
-
@c.allows?('to_model').should == false
|
119
|
-
end
|
120
|
-
|
121
|
-
it "should not allow only_methods" do
|
122
|
-
@c.allows?('only_methods').should == false
|
123
|
-
end
|
124
|
-
|
125
|
-
it "should not allow except_methods" do
|
126
|
-
@c.allows?('except_methods').should == false
|
127
|
-
end
|
128
|
-
|
129
|
-
it "should allow where" do
|
130
|
-
@c.allows?('where').should == true
|
131
|
-
end
|
132
|
-
|
133
|
-
it "should not allow is_in" do
|
134
|
-
@c.allows?('is_in').should == false
|
135
|
-
end
|
136
|
-
|
137
|
-
it "should not allow includes" do
|
138
|
-
@c.allows?('includes').should == false
|
139
|
-
end
|
140
|
-
|
141
|
-
it "should not allow equals" do
|
142
|
-
@c.allows?('equals').should == false
|
143
|
-
end
|
144
|
-
end
|
145
|
-
|
146
|
-
describe Lockdown::ModelWhereContext do
|
147
|
-
before do
|
148
|
-
@c = Lockdown::ModelWhereContext.new(@name)
|
149
|
-
end
|
150
|
-
|
151
|
-
it "should return rootcontext" do
|
152
|
-
@c.to_s.should == "Lockdown::ModelWhereContext"
|
153
|
-
end
|
154
|
-
|
155
|
-
it "should not allow with_controller" do
|
156
|
-
@c.allows?('with_controller').should == false
|
157
|
-
end
|
158
|
-
|
159
|
-
it "should not allow and_controller" do
|
160
|
-
@c.allows?('and_controller').should == false
|
161
|
-
end
|
162
|
-
|
163
|
-
it "should not allow to_model" do
|
164
|
-
@c.allows?('to_model').should == false
|
165
|
-
end
|
166
|
-
|
167
|
-
it "should not allow only_methods" do
|
168
|
-
@c.allows?('only_methods').should == false
|
169
|
-
end
|
170
|
-
|
171
|
-
it "should not allow except_methods" do
|
172
|
-
@c.allows?('except_methods').should == false
|
173
|
-
end
|
174
|
-
|
175
|
-
it "should not allow where" do
|
176
|
-
@c.allows?('where').should == false
|
177
|
-
end
|
178
|
-
|
179
|
-
it "should allow is_in" do
|
180
|
-
@c.allows?('is_in').should == true
|
181
|
-
end
|
182
|
-
|
183
|
-
it "should allow includes" do
|
184
|
-
@c.allows?('includes').should == true
|
185
|
-
end
|
186
|
-
|
187
|
-
it "should allow equals" do
|
188
|
-
@c.allows?('equals').should == true
|
189
|
-
end
|
190
|
-
end
|
191
|
-
end
|
@@ -1,162 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
2
|
-
|
3
|
-
class Permission; end;
|
4
|
-
|
5
|
-
describe Lockdown::Database do
|
6
|
-
before do
|
7
|
-
Lockdown::System.stub!(:get_permissions).and_return([:permission])
|
8
|
-
Lockdown::System.stub!(:get_user_groups).and_return([:user_group])
|
9
|
-
@user_group_class = mock(:table_exists? => true, :find => false)
|
10
|
-
Lockdown.stub!(:user_group_class).and_return @user_group_class
|
11
|
-
|
12
|
-
end
|
13
|
-
|
14
|
-
describe "#sync_with_db" do
|
15
|
-
it "should call create_new_permissions, delete_extinct_permissions and maintain_user_groups" do
|
16
|
-
Permission.stub!(:table_exists?).and_return(true)
|
17
|
-
Lockdown::Database.should_receive :create_new_permissions
|
18
|
-
Lockdown::Database.should_receive :delete_extinct_permissions
|
19
|
-
Lockdown::Database.should_receive :maintain_user_groups
|
20
|
-
|
21
|
-
Lockdown::Database.sync_with_db
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
describe "#create_new_permissions" do
|
26
|
-
it "should create permission from @permissions" do
|
27
|
-
Lockdown::System.stub!(:permission_assigned_automatically?).and_return(false)
|
28
|
-
|
29
|
-
Permission.stub!(:find).and_return(false)
|
30
|
-
Permission.should_receive(:create).with(:name => 'Permission')
|
31
|
-
|
32
|
-
Lockdown::Database.create_new_permissions
|
33
|
-
end
|
34
|
-
end
|
35
|
-
|
36
|
-
describe "#delete_extinct_permissions" do
|
37
|
-
it "should create permission from @permissions" do
|
38
|
-
permission = mock('permission')
|
39
|
-
permission.stub!(:id).and_return("3344")
|
40
|
-
permission.stub!(:name).and_return("sweet permission")
|
41
|
-
permissions = [permission]
|
42
|
-
|
43
|
-
Permission = mock('Permission') unless defined?(Permission)
|
44
|
-
Permission.stub!(:find).with(:all).and_return(permissions)
|
45
|
-
|
46
|
-
Lockdown.should_receive(:database_execute).
|
47
|
-
with("delete from permissions_user_groups where permission_id = 3344")
|
48
|
-
permission.should_receive(:destroy)
|
49
|
-
|
50
|
-
Lockdown::Database.delete_extinct_permissions
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
describe "#maintain_user_groups" do
|
55
|
-
before do
|
56
|
-
UserGroup = mock('UserGroup') unless defined?(UserGroup)
|
57
|
-
end
|
58
|
-
|
59
|
-
it "should create user group for non-existent user group" do
|
60
|
-
@user_group_class.should_receive(:find).and_return(false)
|
61
|
-
|
62
|
-
Lockdown::Database.should_receive(:create_user_group).
|
63
|
-
with("User Group",:user_group)
|
64
|
-
|
65
|
-
Lockdown::Database.maintain_user_groups
|
66
|
-
end
|
67
|
-
|
68
|
-
it "should sync user group permissions for existing user group" do
|
69
|
-
ug = mock('user group')
|
70
|
-
|
71
|
-
@user_group_class.should_receive(:find).
|
72
|
-
with(:first, :conditions => ["name = ?", "User Group"]).
|
73
|
-
and_return(ug)
|
74
|
-
|
75
|
-
Lockdown::Database.should_receive(:remove_invalid_permissions).
|
76
|
-
with(ug,:user_group)
|
77
|
-
|
78
|
-
Lockdown::Database.should_receive(:add_valid_permissions).
|
79
|
-
with(ug,:user_group)
|
80
|
-
|
81
|
-
Lockdown::Database.maintain_user_groups
|
82
|
-
end
|
83
|
-
end
|
84
|
-
|
85
|
-
describe "#create_user_group" do
|
86
|
-
it "should create new user group" do
|
87
|
-
ug = mock('user group')
|
88
|
-
ug.stub!(:id).and_return(123)
|
89
|
-
|
90
|
-
@user_group_class.should_receive(:create).
|
91
|
-
with(:name => "some group").
|
92
|
-
and_return(ug)
|
93
|
-
|
94
|
-
Lockdown::System.stub!(:permissions_for_user_group).
|
95
|
-
and_return([:perm])
|
96
|
-
|
97
|
-
Lockdown::System.stub!(:permission_assigned_automatically?).
|
98
|
-
and_return(false)
|
99
|
-
|
100
|
-
perm = mock('permission')
|
101
|
-
perm.stub!(:id).and_return(3344)
|
102
|
-
|
103
|
-
Permission = mock('Permission') unless defined?(Permission)
|
104
|
-
|
105
|
-
Permission.should_receive(:find).
|
106
|
-
with(:first, :conditions => ["name = ?",'Perm']).
|
107
|
-
and_return(perm)
|
108
|
-
|
109
|
-
Lockdown.should_receive(:database_execute).
|
110
|
-
with("insert into permissions_user_groups(permission_id, user_group_id) values(3344, 123)")
|
111
|
-
|
112
|
-
Lockdown::Database.create_user_group("some group", :some_group)
|
113
|
-
end
|
114
|
-
end
|
115
|
-
|
116
|
-
describe "#remove_invalid_permissions" do
|
117
|
-
it "should remove permissions that no longer exist" do
|
118
|
-
permissions = [:good_perm, :bad_perm]
|
119
|
-
|
120
|
-
user_group = mock("user group", :name => "user group")
|
121
|
-
|
122
|
-
#returns what's in the database
|
123
|
-
user_group.stub!(:permissions).and_return(permissions)
|
124
|
-
|
125
|
-
#return what's defined in init.rb
|
126
|
-
Lockdown::System.stub!(:permissions_for_user_group).
|
127
|
-
and_return([:good_perm])
|
128
|
-
|
129
|
-
#delete what's not in init.rb
|
130
|
-
permissions.should_receive(:delete).with(:bad_perm)
|
131
|
-
|
132
|
-
Lockdown::Database.remove_invalid_permissions(user_group, :user_group)
|
133
|
-
end
|
134
|
-
end
|
135
|
-
|
136
|
-
describe "#add_invalid_permissions" do
|
137
|
-
it "should add permissions that are defined in init.rb" do
|
138
|
-
#return what's defined in init.rb
|
139
|
-
Lockdown::System.stub!(:permissions_for_user_group).
|
140
|
-
and_return([:defined_perm, :undefined_perm])
|
141
|
-
|
142
|
-
permissions = [:defined_perm]
|
143
|
-
|
144
|
-
user_group = mock("user group", :name => "user group")
|
145
|
-
|
146
|
-
#returns what's in the database
|
147
|
-
user_group.stub!(:permissions).and_return(permissions)
|
148
|
-
|
149
|
-
Permission = mock('Permission') unless defined?(Permission)
|
150
|
-
|
151
|
-
#get the permission object for the undefined_perm
|
152
|
-
Permission.should_receive(:find).
|
153
|
-
with(:first, :conditions => ["name = ?",'Undefined Perm']).
|
154
|
-
and_return(:undefined_perm)
|
155
|
-
|
156
|
-
#add the perm to the user group
|
157
|
-
permissions.should_receive(:<<).with(:undefined_perm)
|
158
|
-
|
159
|
-
Lockdown::Database.add_valid_permissions(user_group, :user_group)
|
160
|
-
end
|
161
|
-
end
|
162
|
-
end
|
@@ -1,215 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
|
2
|
-
|
3
|
-
class TestAController
|
4
|
-
extend Lockdown::Frameworks::Rails::Controller
|
5
|
-
include Lockdown::Frameworks::Rails::Controller::Lock
|
6
|
-
end
|
7
|
-
|
8
|
-
describe Lockdown::Frameworks::Rails::Controller do
|
9
|
-
before do
|
10
|
-
@controller = TestAController
|
11
|
-
|
12
|
-
@actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
|
13
|
-
|
14
|
-
@lockdown = mock("lockdown")
|
15
|
-
end
|
16
|
-
|
17
|
-
describe "#controller_name" do
|
18
|
-
it "should return action_methods" do
|
19
|
-
post_controller = mock("PostController")
|
20
|
-
post_controller.stub!(:controller_name).and_return("PostController")
|
21
|
-
|
22
|
-
@controller.controller_name(post_controller).should == "PostController"
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
end
|
27
|
-
|
28
|
-
describe Lockdown::Frameworks::Rails::Controller::Lock do
|
29
|
-
before do
|
30
|
-
@controller = TestAController.new
|
31
|
-
|
32
|
-
@actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
|
33
|
-
|
34
|
-
@session = {:access_rights => @actions}
|
35
|
-
|
36
|
-
@controller.stub!(:session).and_return(@session)
|
37
|
-
end
|
38
|
-
|
39
|
-
describe "#configure_lockdown" do
|
40
|
-
it "should call Lockdown.maybe_parse_init, check_session_expiry and store_location" do
|
41
|
-
Lockdown.should_receive(:maybe_parse_init)
|
42
|
-
@controller.should_receive(:check_session_expiry)
|
43
|
-
@controller.should_receive(:store_location)
|
44
|
-
|
45
|
-
@controller.configure_lockdown
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
describe "#set_current_user" do
|
50
|
-
it "should set who_did_it in Thread.current" do
|
51
|
-
Lockdown::System.stub!(:fetch).with(:who_did_it).and_return(:current_user_id)
|
52
|
-
@controller.stub!(:logged_in?).and_return(true)
|
53
|
-
@controller.stub!(:current_user_id).and_return(1234)
|
54
|
-
|
55
|
-
@controller.set_current_user
|
56
|
-
|
57
|
-
Thread.current[:who_did_it].should == 1234
|
58
|
-
end
|
59
|
-
end
|
60
|
-
|
61
|
-
describe "#check_request_authorization" do
|
62
|
-
it "should raise SecurityError if not authorized" do
|
63
|
-
@controller.stub!(:authorized?).and_return(false)
|
64
|
-
@controller.stub!(:params).and_return({:p => 1})
|
65
|
-
|
66
|
-
lambda{@controller.check_request_authorization}.
|
67
|
-
should raise_error(SecurityError)
|
68
|
-
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
describe "#path_allowed" do
|
73
|
-
it "should return false for an invalid path" do
|
74
|
-
@controller.send(:path_allowed?,"/no/good").should be_false
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
|
-
describe "#check_session_expiry" do
|
79
|
-
it "should set expiry if null" do
|
80
|
-
Lockdown::System.stub!(:fetch).with(:session_timeout).and_return(10)
|
81
|
-
@session[:expiry_time].should be_nil
|
82
|
-
@controller.send(:check_session_expiry)
|
83
|
-
@session[:expiry_time].should_not be_nil
|
84
|
-
end
|
85
|
-
end
|
86
|
-
|
87
|
-
describe "#store_location" do
|
88
|
-
it "should set prevpage and thispage" do
|
89
|
-
request = mock("request")
|
90
|
-
request.stub!(:method).and_return(:get)
|
91
|
-
@controller.stub!(:request).and_return(request)
|
92
|
-
|
93
|
-
@controller.stub!(:sent_from_uri).and_return("/blop")
|
94
|
-
@controller.send(:store_location)
|
95
|
-
|
96
|
-
@session[:prevpage].should == ''
|
97
|
-
@session[:thispage].should == '/blop'
|
98
|
-
end
|
99
|
-
end
|
100
|
-
|
101
|
-
describe "#sent_from_uri" do
|
102
|
-
it "should return request.request_uri" do
|
103
|
-
request = mock("request")
|
104
|
-
request.stub!(:request_uri).and_return("/blip")
|
105
|
-
|
106
|
-
@controller.stub!(:request).and_return(request)
|
107
|
-
|
108
|
-
@controller.send(:sent_from_uri).should == "/blip"
|
109
|
-
end
|
110
|
-
end
|
111
|
-
|
112
|
-
describe "#authorized?" do
|
113
|
-
before do
|
114
|
-
@sample_url = "http://stonean.com/posts/index"
|
115
|
-
@a_path = "/a_path"
|
116
|
-
|
117
|
-
request = mock("request")
|
118
|
-
request.stub!(:method).and_return(:get)
|
119
|
-
Lockdown.stub(:caching?).and_return(true)
|
120
|
-
@controller.stub!(:params).and_return({})
|
121
|
-
@controller.stub!(:request).and_return(request)
|
122
|
-
|
123
|
-
stonean_parts = ["http", nil, "stonean.com", nil, nil, "posts/index", nil, nil, nil]
|
124
|
-
|
125
|
-
a_path_parts = [nil, nil, nil, nil, nil, "/a_path", nil, nil, nil]
|
126
|
-
|
127
|
-
URI = mock('uri class') unless defined?(URI)
|
128
|
-
URI.stub!(:split).with(@sample_url).and_return(stonean_parts)
|
129
|
-
URI.stub!(:split).with(@a_path).and_return(a_path_parts)
|
130
|
-
end
|
131
|
-
|
132
|
-
it "should call add_lockdown_session_values unless caching" do
|
133
|
-
Lockdown.stub(:caching?).and_return(false)
|
134
|
-
@controller.should_receive(:add_lockdown_session_values)
|
135
|
-
|
136
|
-
@controller.send(:authorized?,nil)
|
137
|
-
end
|
138
|
-
|
139
|
-
it "should return false if url is nil" do
|
140
|
-
@controller.send(:authorized?,nil).should be_false
|
141
|
-
end
|
142
|
-
|
143
|
-
it "should return true if current_user_is_admin" do
|
144
|
-
@controller.stub!(:current_user_is_admin?).and_return(true)
|
145
|
-
@controller.send(:authorized?,@a_path).should be_true
|
146
|
-
end
|
147
|
-
|
148
|
-
it "should return false if path not in access_rights" do
|
149
|
-
@controller.send(:authorized?,@a_path).should be_false
|
150
|
-
end
|
151
|
-
|
152
|
-
it "should return true if path is in access_rights" do
|
153
|
-
@controller.send(:authorized?,@sample_url).should be_true
|
154
|
-
end
|
155
|
-
|
156
|
-
end
|
157
|
-
|
158
|
-
describe "#access_denied" do
|
159
|
-
end
|
160
|
-
|
161
|
-
describe "#path_from_hash" do
|
162
|
-
it "should return controller/action string" do
|
163
|
-
hash = {:controller => "users", :action => "show", :id => "1"}
|
164
|
-
@controller.send(:path_from_hash,hash).should == "users/show"
|
165
|
-
end
|
166
|
-
end
|
167
|
-
|
168
|
-
describe "#remote_url?" do
|
169
|
-
it "should return false if domain is nil" do
|
170
|
-
@controller.send(:remote_url?).should be_false
|
171
|
-
end
|
172
|
-
|
173
|
-
it "should return false if domain matches request domain" do
|
174
|
-
request = mock("request")
|
175
|
-
request.stub!(:host).and_return("stonean.com")
|
176
|
-
@controller.stub!(:request).and_return(request)
|
177
|
-
@controller.send(:remote_url?,"stonean.com").should be_false
|
178
|
-
end
|
179
|
-
|
180
|
-
it "should return true if subdomain differs" do
|
181
|
-
request = mock("request")
|
182
|
-
request.stub!(:host).and_return("blog.stonean.com")
|
183
|
-
@controller.stub!(:request).and_return(request)
|
184
|
-
@controller.send(:remote_url?,"stonean.com").should be_true
|
185
|
-
end
|
186
|
-
|
187
|
-
it "should return true if host doesn't match domain" do
|
188
|
-
request = mock("request")
|
189
|
-
request.stub!(:host).and_return("stonean.com")
|
190
|
-
@controller.stub!(:request).and_return(request)
|
191
|
-
@controller.send(:remote_url?,"google.com").should be_true
|
192
|
-
end
|
193
|
-
end
|
194
|
-
|
195
|
-
describe "#redirect_back_or_default" do
|
196
|
-
it "should redirect to default without session[:prevpage]" do
|
197
|
-
@controller.should_receive(:redirect_to).with("/")
|
198
|
-
@controller.send :redirect_back_or_default, "/"
|
199
|
-
end
|
200
|
-
|
201
|
-
it "should redirect to session[:prevpage]" do
|
202
|
-
path = "/previous"
|
203
|
-
path.stub!(:blank?).and_return(false)
|
204
|
-
@session[:prevpage] = path
|
205
|
-
@controller.should_receive(:redirect_to).with(path)
|
206
|
-
@controller.send :redirect_back_or_default, "/"
|
207
|
-
end
|
208
|
-
end
|
209
|
-
|
210
|
-
describe "#login_from_basic_auth?" do
|
211
|
-
end
|
212
|
-
|
213
|
-
describe "#get_auth_data" do
|
214
|
-
end
|
215
|
-
end
|