lockdown 1.6.5 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. data/.gitignore +1 -0
  2. data/README.txt +8 -5
  3. data/Rakefile +43 -26
  4. data/lib/lockdown/access.rb +108 -0
  5. data/lib/lockdown/configuration.rb +201 -0
  6. data/lib/lockdown/database.rb +31 -36
  7. data/lib/lockdown/delivery.rb +26 -0
  8. data/lib/lockdown/errors.rb +3 -7
  9. data/lib/lockdown/frameworks/rails/controller.rb +21 -59
  10. data/lib/lockdown/frameworks/rails/view.rb +1 -1
  11. data/lib/lockdown/frameworks/rails.rb +7 -43
  12. data/lib/lockdown/helper.rb +14 -85
  13. data/lib/lockdown/orms/active_record.rb +7 -9
  14. data/lib/lockdown/permission.rb +37 -203
  15. data/lib/lockdown/resource.rb +54 -0
  16. data/lib/lockdown/session.rb +16 -25
  17. data/lib/lockdown/user_group.rb +16 -0
  18. data/lib/lockdown.rb +15 -60
  19. data/lockdown.gemspec +29 -69
  20. data/test/helper.rb +9 -0
  21. data/test/lockdown/test_access.rb +80 -0
  22. data/test/lockdown/test_configuration.rb +194 -0
  23. data/test/lockdown/test_delivery.rb +163 -0
  24. data/test/lockdown/test_helper.rb +33 -0
  25. data/test/lockdown/test_permission.rb +73 -0
  26. data/test/lockdown/test_resource.rb +47 -0
  27. data/test/lockdown/test_session.rb +31 -0
  28. data/test/lockdown/test_user_group.rb +17 -0
  29. data/test/test_lockdown.rb +11 -0
  30. metadata +41 -78
  31. data/lib/lockdown/context.rb +0 -41
  32. data/lib/lockdown/references.rb +0 -19
  33. data/lib/lockdown/rspec_helper.rb +0 -118
  34. data/lib/lockdown/rules.rb +0 -372
  35. data/lib/lockdown/system.rb +0 -58
  36. data/rails_generators/lockdown/lockdown_generator.rb +0 -274
  37. data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +0 -22
  38. data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +0 -39
  39. data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +0 -122
  40. data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +0 -117
  41. data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +0 -2
  42. data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +0 -2
  43. data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +0 -2
  44. data/rails_generators/lockdown/templates/app/models/permission.rb +0 -13
  45. data/rails_generators/lockdown/templates/app/models/profile.rb +0 -10
  46. data/rails_generators/lockdown/templates/app/models/user.rb +0 -95
  47. data/rails_generators/lockdown/templates/app/models/user_group.rb +0 -15
  48. data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +0 -16
  49. data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +0 -26
  50. data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +0 -12
  51. data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +0 -33
  52. data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +0 -20
  53. data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +0 -31
  54. data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +0 -29
  55. data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +0 -51
  56. data/rails_generators/lockdown/templates/app/views/users/index.html.erb +0 -22
  57. data/rails_generators/lockdown/templates/app/views/users/new.html.erb +0 -50
  58. data/rails_generators/lockdown/templates/app/views/users/show.html.erb +0 -33
  59. data/rails_generators/lockdown/templates/config/initializers/lockit.rb +0 -1
  60. data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +0 -17
  61. data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +0 -19
  62. data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +0 -26
  63. data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +0 -19
  64. data/rails_generators/lockdown/templates/db/migrate/create_users.rb +0 -17
  65. data/rails_generators/lockdown/templates/lib/lockdown/README +0 -42
  66. data/rails_generators/lockdown/templates/lib/lockdown/init.rb +0 -131
  67. data/spec/lockdown/context_spec.rb +0 -191
  68. data/spec/lockdown/database_spec.rb +0 -162
  69. data/spec/lockdown/frameworks/rails/controller_spec.rb +0 -215
  70. data/spec/lockdown/frameworks/rails/view_spec.rb +0 -96
  71. data/spec/lockdown/frameworks/rails_spec.rb +0 -163
  72. data/spec/lockdown/permission_spec.rb +0 -156
  73. data/spec/lockdown/rspec_helper_spec.rb +0 -40
  74. data/spec/lockdown/rules_spec.rb +0 -245
  75. data/spec/lockdown/session_spec.rb +0 -112
  76. data/spec/lockdown/system_spec.rb +0 -51
  77. data/spec/lockdown_spec.rb +0 -19
  78. data/spec/rcov.opts +0 -5
  79. data/spec/spec.opts +0 -3
  80. data/spec/spec_helper.rb +0 -8
@@ -1,131 +0,0 @@
1
- Lockdown::System.configure do
2
-
3
- #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4
- # Configuration Options
5
- #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6
- # Options with defaults:
7
- #
8
- #
9
- # Set User model:
10
- # # make sure you use the string "User", not the constant
11
- # options[:user_model] = "User"
12
- #
13
- # Set UserGroup model:
14
- # # make sure you use the string "UserGroup", not the constant
15
- # options[:user_group_model] = "UserGroup"
16
- #
17
- # Set who_did_it method:
18
- # This method is used in setting the created_by/updated_by fields and
19
- # should be accessible to the controller
20
- # options[:who_did_it] = :current_user_id
21
- #
22
- # Set default_who_did_it:
23
- # When current_user_id returns nil, this is the value to use
24
- # options[:default_who_did_it] = 1
25
- #
26
- # Lockdown version < 0.9.0 set this to:
27
- # options[:default_who_did_it] = Profile::System
28
- #
29
- # Should probably be something like:
30
- # options[:default_who_did_it] = User::SystemId
31
- #
32
- # Set timeout to 1 hour:
33
- # options[:session_timeout] = (60 * 60)
34
- #
35
- # Call method when timeout occurs (method must be callable by controller):
36
- # options[:session_timeout_method] = :clear_session_values
37
- #
38
- # Set system to logout if unauthorized access is attempted:
39
- # options[:logout_on_access_violation] = false
40
- #
41
- # Set redirect to path on unauthorized access attempt:
42
- # options[:access_denied_path] = "/"
43
- #
44
- # Set redirect to path on successful login:
45
- # options[:successful_login_path] = "/"
46
- #
47
- # Set separator on links call
48
- # options[:links_separator] = "|"
49
- #
50
- # If deploying to a subdirectory, set that here. Defaults to nil
51
- # options[:subdirectory] = "blog"
52
- # *Notice: Do not add leading or trailing slashes,
53
- # Lockdown will handle this
54
- #
55
- #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
56
- # Define permissions
57
- #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
58
- #
59
- # set_permission(:product_management).
60
- # with_controller(:products)
61
- #
62
- # :product_management is the name of the permission which is later
63
- # referenced by the set_user_group method
64
- #
65
- # .with_controller(:products) defaults to all action_methods available on that
66
- # controller. You can change this behaviour by chaining on except_methods or
67
- # only_methods. (see examples below)
68
- #
69
- # ** To define a namespaced controller use two underscores:
70
- # :admin__products
71
- #
72
- # if products is your standard RESTful resource you'll get:
73
- # ["products/index , "products/show",
74
- # "products/new", "products/edit",
75
- # "products/create", "products/update",
76
- # "products/destroy"]
77
- #
78
- # You can chain method calls to restrict the methods for one controller
79
- # or you can add multiple controllers to one permission.
80
- #
81
- # set_permission(:security_management).
82
- # with_controller(:users).
83
- # and_controller(:user_groups).
84
- # and_controller(:permissions)
85
- #
86
- # In addition to with_controller(:controller) there are:
87
- #
88
- # set_permission(:some_nice_permission_name).
89
- # with_controller(:some_controller_name).
90
- # only_methods(:only_method_1, :only_method_2)
91
- #
92
- # set_permission(:some_nice_permission_name).
93
- # with_controller(:some_controller_name).
94
- # except_methods(:except_method_1, :except_method_2)
95
- #
96
- # set_permission(:some_nice_permission_name).
97
- # with_controller(:some_controller_name).
98
- # except_methods(:except_method_1, :except_method_2).
99
- # and_controller(:another_controller_name).
100
- # and_controller(:yet_another_controller_name)
101
- #
102
- # Define your permissions here:
103
-
104
- #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
105
- # Built-in user groups
106
- #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
107
- # You can assign the above permission to one of the built-in user groups
108
- # by using the following:
109
- #
110
- # To allow public access on the permissions :sessions and :home:
111
- # set_public_access :sessions, :home
112
- #
113
- # Restrict :my_account access to only authenticated users:
114
- # set_protected_access :my_account
115
- #
116
- # Define the built-in user groups here:
117
-
118
- #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
119
- # Define user groups
120
- #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
121
- #
122
- # set_user_group(:catalog_management, :category_management,
123
- # :product_management)
124
- #
125
- # :catalog_management is the name of the user group
126
- # :category_management and :product_management refer to permission names
127
- #
128
- #
129
- # Define your user groups here:
130
-
131
- end
@@ -1,191 +0,0 @@
1
- require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
-
3
- describe Lockdown::Context do
4
- before do
5
- @name = :my_account
6
- end
7
-
8
- describe Lockdown::RootContext do
9
- before do
10
- @c = Lockdown::RootContext.new(@name)
11
- end
12
-
13
- it "should return rootcontext" do
14
- @c.to_s.should == "Lockdown::RootContext"
15
- end
16
-
17
- it "should allow with_controller" do
18
- @c.allows?('with_controller').should == true
19
- end
20
-
21
- it "should allow and_controller" do
22
- @c.allows?('and_controller').should == true
23
- end
24
-
25
- it "should allow to_model" do
26
- @c.allows?('to_model').should == true
27
- end
28
-
29
- it "should not allow only_methods" do
30
- @c.allows?('only_methods').should == false
31
- end
32
-
33
- it "should not allow except_methods" do
34
- @c.allows?('except_methods').should == false
35
- end
36
-
37
- it "should not allow where" do
38
- @c.allows?('where').should == false
39
- end
40
-
41
- it "should not allow is_in" do
42
- @c.allows?('is_in').should == false
43
- end
44
-
45
- it "should not allow includes" do
46
- @c.allows?('includes').should == false
47
- end
48
-
49
- it "should not allow equals" do
50
- @c.allows?('equals').should == false
51
- end
52
- end
53
-
54
- describe Lockdown::ControllerContext do
55
- before do
56
- @c = Lockdown::ControllerContext.new(@name)
57
- end
58
-
59
- it "should return rootcontext" do
60
- @c.to_s.should == "Lockdown::ControllerContext"
61
- end
62
-
63
- it "should allow with_controller" do
64
- @c.allows?('with_controller').should == true
65
- end
66
-
67
- it "should allow and_controller" do
68
- @c.allows?('and_controller').should == true
69
- end
70
-
71
- it "should allow to_model" do
72
- @c.allows?('to_model').should == true
73
- end
74
-
75
- it "should allow only_methods" do
76
- @c.allows?('only_methods').should == true
77
- end
78
-
79
- it "should allow except_methods" do
80
- @c.allows?('except_methods').should == true
81
- end
82
-
83
- it "should not allow where" do
84
- @c.allows?('where').should == false
85
- end
86
-
87
- it "should not allow is_in" do
88
- @c.allows?('is_in').should == false
89
- end
90
-
91
- it "should not allow includes" do
92
- @c.allows?('includes').should == false
93
- end
94
-
95
- it "should not allow equals" do
96
- @c.allows?('equals').should == false
97
- end
98
- end
99
-
100
- describe Lockdown::ModelContext do
101
- before do
102
- @c = Lockdown::ModelContext.new(@name)
103
- end
104
-
105
- it "should return rootcontext" do
106
- @c.to_s.should == "Lockdown::ModelContext"
107
- end
108
-
109
- it "should not allow with_controller" do
110
- @c.allows?('with_controller').should == false
111
- end
112
-
113
- it "should not allow and_controller" do
114
- @c.allows?('and_controller').should == false
115
- end
116
-
117
- it "should not allow to_model" do
118
- @c.allows?('to_model').should == false
119
- end
120
-
121
- it "should not allow only_methods" do
122
- @c.allows?('only_methods').should == false
123
- end
124
-
125
- it "should not allow except_methods" do
126
- @c.allows?('except_methods').should == false
127
- end
128
-
129
- it "should allow where" do
130
- @c.allows?('where').should == true
131
- end
132
-
133
- it "should not allow is_in" do
134
- @c.allows?('is_in').should == false
135
- end
136
-
137
- it "should not allow includes" do
138
- @c.allows?('includes').should == false
139
- end
140
-
141
- it "should not allow equals" do
142
- @c.allows?('equals').should == false
143
- end
144
- end
145
-
146
- describe Lockdown::ModelWhereContext do
147
- before do
148
- @c = Lockdown::ModelWhereContext.new(@name)
149
- end
150
-
151
- it "should return rootcontext" do
152
- @c.to_s.should == "Lockdown::ModelWhereContext"
153
- end
154
-
155
- it "should not allow with_controller" do
156
- @c.allows?('with_controller').should == false
157
- end
158
-
159
- it "should not allow and_controller" do
160
- @c.allows?('and_controller').should == false
161
- end
162
-
163
- it "should not allow to_model" do
164
- @c.allows?('to_model').should == false
165
- end
166
-
167
- it "should not allow only_methods" do
168
- @c.allows?('only_methods').should == false
169
- end
170
-
171
- it "should not allow except_methods" do
172
- @c.allows?('except_methods').should == false
173
- end
174
-
175
- it "should not allow where" do
176
- @c.allows?('where').should == false
177
- end
178
-
179
- it "should allow is_in" do
180
- @c.allows?('is_in').should == true
181
- end
182
-
183
- it "should allow includes" do
184
- @c.allows?('includes').should == true
185
- end
186
-
187
- it "should allow equals" do
188
- @c.allows?('equals').should == true
189
- end
190
- end
191
- end
@@ -1,162 +0,0 @@
1
- require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
-
3
- class Permission; end;
4
-
5
- describe Lockdown::Database do
6
- before do
7
- Lockdown::System.stub!(:get_permissions).and_return([:permission])
8
- Lockdown::System.stub!(:get_user_groups).and_return([:user_group])
9
- @user_group_class = mock(:table_exists? => true, :find => false)
10
- Lockdown.stub!(:user_group_class).and_return @user_group_class
11
-
12
- end
13
-
14
- describe "#sync_with_db" do
15
- it "should call create_new_permissions, delete_extinct_permissions and maintain_user_groups" do
16
- Permission.stub!(:table_exists?).and_return(true)
17
- Lockdown::Database.should_receive :create_new_permissions
18
- Lockdown::Database.should_receive :delete_extinct_permissions
19
- Lockdown::Database.should_receive :maintain_user_groups
20
-
21
- Lockdown::Database.sync_with_db
22
- end
23
- end
24
-
25
- describe "#create_new_permissions" do
26
- it "should create permission from @permissions" do
27
- Lockdown::System.stub!(:permission_assigned_automatically?).and_return(false)
28
-
29
- Permission.stub!(:find).and_return(false)
30
- Permission.should_receive(:create).with(:name => 'Permission')
31
-
32
- Lockdown::Database.create_new_permissions
33
- end
34
- end
35
-
36
- describe "#delete_extinct_permissions" do
37
- it "should create permission from @permissions" do
38
- permission = mock('permission')
39
- permission.stub!(:id).and_return("3344")
40
- permission.stub!(:name).and_return("sweet permission")
41
- permissions = [permission]
42
-
43
- Permission = mock('Permission') unless defined?(Permission)
44
- Permission.stub!(:find).with(:all).and_return(permissions)
45
-
46
- Lockdown.should_receive(:database_execute).
47
- with("delete from permissions_user_groups where permission_id = 3344")
48
- permission.should_receive(:destroy)
49
-
50
- Lockdown::Database.delete_extinct_permissions
51
- end
52
- end
53
-
54
- describe "#maintain_user_groups" do
55
- before do
56
- UserGroup = mock('UserGroup') unless defined?(UserGroup)
57
- end
58
-
59
- it "should create user group for non-existent user group" do
60
- @user_group_class.should_receive(:find).and_return(false)
61
-
62
- Lockdown::Database.should_receive(:create_user_group).
63
- with("User Group",:user_group)
64
-
65
- Lockdown::Database.maintain_user_groups
66
- end
67
-
68
- it "should sync user group permissions for existing user group" do
69
- ug = mock('user group')
70
-
71
- @user_group_class.should_receive(:find).
72
- with(:first, :conditions => ["name = ?", "User Group"]).
73
- and_return(ug)
74
-
75
- Lockdown::Database.should_receive(:remove_invalid_permissions).
76
- with(ug,:user_group)
77
-
78
- Lockdown::Database.should_receive(:add_valid_permissions).
79
- with(ug,:user_group)
80
-
81
- Lockdown::Database.maintain_user_groups
82
- end
83
- end
84
-
85
- describe "#create_user_group" do
86
- it "should create new user group" do
87
- ug = mock('user group')
88
- ug.stub!(:id).and_return(123)
89
-
90
- @user_group_class.should_receive(:create).
91
- with(:name => "some group").
92
- and_return(ug)
93
-
94
- Lockdown::System.stub!(:permissions_for_user_group).
95
- and_return([:perm])
96
-
97
- Lockdown::System.stub!(:permission_assigned_automatically?).
98
- and_return(false)
99
-
100
- perm = mock('permission')
101
- perm.stub!(:id).and_return(3344)
102
-
103
- Permission = mock('Permission') unless defined?(Permission)
104
-
105
- Permission.should_receive(:find).
106
- with(:first, :conditions => ["name = ?",'Perm']).
107
- and_return(perm)
108
-
109
- Lockdown.should_receive(:database_execute).
110
- with("insert into permissions_user_groups(permission_id, user_group_id) values(3344, 123)")
111
-
112
- Lockdown::Database.create_user_group("some group", :some_group)
113
- end
114
- end
115
-
116
- describe "#remove_invalid_permissions" do
117
- it "should remove permissions that no longer exist" do
118
- permissions = [:good_perm, :bad_perm]
119
-
120
- user_group = mock("user group", :name => "user group")
121
-
122
- #returns what's in the database
123
- user_group.stub!(:permissions).and_return(permissions)
124
-
125
- #return what's defined in init.rb
126
- Lockdown::System.stub!(:permissions_for_user_group).
127
- and_return([:good_perm])
128
-
129
- #delete what's not in init.rb
130
- permissions.should_receive(:delete).with(:bad_perm)
131
-
132
- Lockdown::Database.remove_invalid_permissions(user_group, :user_group)
133
- end
134
- end
135
-
136
- describe "#add_invalid_permissions" do
137
- it "should add permissions that are defined in init.rb" do
138
- #return what's defined in init.rb
139
- Lockdown::System.stub!(:permissions_for_user_group).
140
- and_return([:defined_perm, :undefined_perm])
141
-
142
- permissions = [:defined_perm]
143
-
144
- user_group = mock("user group", :name => "user group")
145
-
146
- #returns what's in the database
147
- user_group.stub!(:permissions).and_return(permissions)
148
-
149
- Permission = mock('Permission') unless defined?(Permission)
150
-
151
- #get the permission object for the undefined_perm
152
- Permission.should_receive(:find).
153
- with(:first, :conditions => ["name = ?",'Undefined Perm']).
154
- and_return(:undefined_perm)
155
-
156
- #add the perm to the user group
157
- permissions.should_receive(:<<).with(:undefined_perm)
158
-
159
- Lockdown::Database.add_valid_permissions(user_group, :user_group)
160
- end
161
- end
162
- end
@@ -1,215 +0,0 @@
1
- require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
2
-
3
- class TestAController
4
- extend Lockdown::Frameworks::Rails::Controller
5
- include Lockdown::Frameworks::Rails::Controller::Lock
6
- end
7
-
8
- describe Lockdown::Frameworks::Rails::Controller do
9
- before do
10
- @controller = TestAController
11
-
12
- @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
13
-
14
- @lockdown = mock("lockdown")
15
- end
16
-
17
- describe "#controller_name" do
18
- it "should return action_methods" do
19
- post_controller = mock("PostController")
20
- post_controller.stub!(:controller_name).and_return("PostController")
21
-
22
- @controller.controller_name(post_controller).should == "PostController"
23
- end
24
- end
25
-
26
- end
27
-
28
- describe Lockdown::Frameworks::Rails::Controller::Lock do
29
- before do
30
- @controller = TestAController.new
31
-
32
- @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
33
-
34
- @session = {:access_rights => @actions}
35
-
36
- @controller.stub!(:session).and_return(@session)
37
- end
38
-
39
- describe "#configure_lockdown" do
40
- it "should call Lockdown.maybe_parse_init, check_session_expiry and store_location" do
41
- Lockdown.should_receive(:maybe_parse_init)
42
- @controller.should_receive(:check_session_expiry)
43
- @controller.should_receive(:store_location)
44
-
45
- @controller.configure_lockdown
46
- end
47
- end
48
-
49
- describe "#set_current_user" do
50
- it "should set who_did_it in Thread.current" do
51
- Lockdown::System.stub!(:fetch).with(:who_did_it).and_return(:current_user_id)
52
- @controller.stub!(:logged_in?).and_return(true)
53
- @controller.stub!(:current_user_id).and_return(1234)
54
-
55
- @controller.set_current_user
56
-
57
- Thread.current[:who_did_it].should == 1234
58
- end
59
- end
60
-
61
- describe "#check_request_authorization" do
62
- it "should raise SecurityError if not authorized" do
63
- @controller.stub!(:authorized?).and_return(false)
64
- @controller.stub!(:params).and_return({:p => 1})
65
-
66
- lambda{@controller.check_request_authorization}.
67
- should raise_error(SecurityError)
68
-
69
- end
70
- end
71
-
72
- describe "#path_allowed" do
73
- it "should return false for an invalid path" do
74
- @controller.send(:path_allowed?,"/no/good").should be_false
75
- end
76
- end
77
-
78
- describe "#check_session_expiry" do
79
- it "should set expiry if null" do
80
- Lockdown::System.stub!(:fetch).with(:session_timeout).and_return(10)
81
- @session[:expiry_time].should be_nil
82
- @controller.send(:check_session_expiry)
83
- @session[:expiry_time].should_not be_nil
84
- end
85
- end
86
-
87
- describe "#store_location" do
88
- it "should set prevpage and thispage" do
89
- request = mock("request")
90
- request.stub!(:method).and_return(:get)
91
- @controller.stub!(:request).and_return(request)
92
-
93
- @controller.stub!(:sent_from_uri).and_return("/blop")
94
- @controller.send(:store_location)
95
-
96
- @session[:prevpage].should == ''
97
- @session[:thispage].should == '/blop'
98
- end
99
- end
100
-
101
- describe "#sent_from_uri" do
102
- it "should return request.request_uri" do
103
- request = mock("request")
104
- request.stub!(:request_uri).and_return("/blip")
105
-
106
- @controller.stub!(:request).and_return(request)
107
-
108
- @controller.send(:sent_from_uri).should == "/blip"
109
- end
110
- end
111
-
112
- describe "#authorized?" do
113
- before do
114
- @sample_url = "http://stonean.com/posts/index"
115
- @a_path = "/a_path"
116
-
117
- request = mock("request")
118
- request.stub!(:method).and_return(:get)
119
- Lockdown.stub(:caching?).and_return(true)
120
- @controller.stub!(:params).and_return({})
121
- @controller.stub!(:request).and_return(request)
122
-
123
- stonean_parts = ["http", nil, "stonean.com", nil, nil, "posts/index", nil, nil, nil]
124
-
125
- a_path_parts = [nil, nil, nil, nil, nil, "/a_path", nil, nil, nil]
126
-
127
- URI = mock('uri class') unless defined?(URI)
128
- URI.stub!(:split).with(@sample_url).and_return(stonean_parts)
129
- URI.stub!(:split).with(@a_path).and_return(a_path_parts)
130
- end
131
-
132
- it "should call add_lockdown_session_values unless caching" do
133
- Lockdown.stub(:caching?).and_return(false)
134
- @controller.should_receive(:add_lockdown_session_values)
135
-
136
- @controller.send(:authorized?,nil)
137
- end
138
-
139
- it "should return false if url is nil" do
140
- @controller.send(:authorized?,nil).should be_false
141
- end
142
-
143
- it "should return true if current_user_is_admin" do
144
- @controller.stub!(:current_user_is_admin?).and_return(true)
145
- @controller.send(:authorized?,@a_path).should be_true
146
- end
147
-
148
- it "should return false if path not in access_rights" do
149
- @controller.send(:authorized?,@a_path).should be_false
150
- end
151
-
152
- it "should return true if path is in access_rights" do
153
- @controller.send(:authorized?,@sample_url).should be_true
154
- end
155
-
156
- end
157
-
158
- describe "#access_denied" do
159
- end
160
-
161
- describe "#path_from_hash" do
162
- it "should return controller/action string" do
163
- hash = {:controller => "users", :action => "show", :id => "1"}
164
- @controller.send(:path_from_hash,hash).should == "users/show"
165
- end
166
- end
167
-
168
- describe "#remote_url?" do
169
- it "should return false if domain is nil" do
170
- @controller.send(:remote_url?).should be_false
171
- end
172
-
173
- it "should return false if domain matches request domain" do
174
- request = mock("request")
175
- request.stub!(:host).and_return("stonean.com")
176
- @controller.stub!(:request).and_return(request)
177
- @controller.send(:remote_url?,"stonean.com").should be_false
178
- end
179
-
180
- it "should return true if subdomain differs" do
181
- request = mock("request")
182
- request.stub!(:host).and_return("blog.stonean.com")
183
- @controller.stub!(:request).and_return(request)
184
- @controller.send(:remote_url?,"stonean.com").should be_true
185
- end
186
-
187
- it "should return true if host doesn't match domain" do
188
- request = mock("request")
189
- request.stub!(:host).and_return("stonean.com")
190
- @controller.stub!(:request).and_return(request)
191
- @controller.send(:remote_url?,"google.com").should be_true
192
- end
193
- end
194
-
195
- describe "#redirect_back_or_default" do
196
- it "should redirect to default without session[:prevpage]" do
197
- @controller.should_receive(:redirect_to).with("/")
198
- @controller.send :redirect_back_or_default, "/"
199
- end
200
-
201
- it "should redirect to session[:prevpage]" do
202
- path = "/previous"
203
- path.stub!(:blank?).and_return(false)
204
- @session[:prevpage] = path
205
- @controller.should_receive(:redirect_to).with(path)
206
- @controller.send :redirect_back_or_default, "/"
207
- end
208
- end
209
-
210
- describe "#login_from_basic_auth?" do
211
- end
212
-
213
- describe "#get_auth_data" do
214
- end
215
- end