lockdown 1.6.5 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +1 -0
- data/README.txt +8 -5
- data/Rakefile +43 -26
- data/lib/lockdown/access.rb +108 -0
- data/lib/lockdown/configuration.rb +201 -0
- data/lib/lockdown/database.rb +31 -36
- data/lib/lockdown/delivery.rb +26 -0
- data/lib/lockdown/errors.rb +3 -7
- data/lib/lockdown/frameworks/rails/controller.rb +21 -59
- data/lib/lockdown/frameworks/rails/view.rb +1 -1
- data/lib/lockdown/frameworks/rails.rb +7 -43
- data/lib/lockdown/helper.rb +14 -85
- data/lib/lockdown/orms/active_record.rb +7 -9
- data/lib/lockdown/permission.rb +37 -203
- data/lib/lockdown/resource.rb +54 -0
- data/lib/lockdown/session.rb +16 -25
- data/lib/lockdown/user_group.rb +16 -0
- data/lib/lockdown.rb +15 -60
- data/lockdown.gemspec +29 -69
- data/test/helper.rb +9 -0
- data/test/lockdown/test_access.rb +80 -0
- data/test/lockdown/test_configuration.rb +194 -0
- data/test/lockdown/test_delivery.rb +163 -0
- data/test/lockdown/test_helper.rb +33 -0
- data/test/lockdown/test_permission.rb +73 -0
- data/test/lockdown/test_resource.rb +47 -0
- data/test/lockdown/test_session.rb +31 -0
- data/test/lockdown/test_user_group.rb +17 -0
- data/test/test_lockdown.rb +11 -0
- metadata +41 -78
- data/lib/lockdown/context.rb +0 -41
- data/lib/lockdown/references.rb +0 -19
- data/lib/lockdown/rspec_helper.rb +0 -118
- data/lib/lockdown/rules.rb +0 -372
- data/lib/lockdown/system.rb +0 -58
- data/rails_generators/lockdown/lockdown_generator.rb +0 -274
- data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +0 -22
- data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +0 -39
- data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +0 -122
- data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +0 -117
- data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +0 -2
- data/rails_generators/lockdown/templates/app/models/permission.rb +0 -13
- data/rails_generators/lockdown/templates/app/models/profile.rb +0 -10
- data/rails_generators/lockdown/templates/app/models/user.rb +0 -95
- data/rails_generators/lockdown/templates/app/models/user_group.rb +0 -15
- data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +0 -16
- data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +0 -26
- data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +0 -12
- data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +0 -33
- data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +0 -20
- data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +0 -31
- data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +0 -29
- data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +0 -51
- data/rails_generators/lockdown/templates/app/views/users/index.html.erb +0 -22
- data/rails_generators/lockdown/templates/app/views/users/new.html.erb +0 -50
- data/rails_generators/lockdown/templates/app/views/users/show.html.erb +0 -33
- data/rails_generators/lockdown/templates/config/initializers/lockit.rb +0 -1
- data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +0 -17
- data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +0 -19
- data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +0 -26
- data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +0 -19
- data/rails_generators/lockdown/templates/db/migrate/create_users.rb +0 -17
- data/rails_generators/lockdown/templates/lib/lockdown/README +0 -42
- data/rails_generators/lockdown/templates/lib/lockdown/init.rb +0 -131
- data/spec/lockdown/context_spec.rb +0 -191
- data/spec/lockdown/database_spec.rb +0 -162
- data/spec/lockdown/frameworks/rails/controller_spec.rb +0 -215
- data/spec/lockdown/frameworks/rails/view_spec.rb +0 -96
- data/spec/lockdown/frameworks/rails_spec.rb +0 -163
- data/spec/lockdown/permission_spec.rb +0 -156
- data/spec/lockdown/rspec_helper_spec.rb +0 -40
- data/spec/lockdown/rules_spec.rb +0 -245
- data/spec/lockdown/session_spec.rb +0 -112
- data/spec/lockdown/system_spec.rb +0 -51
- data/spec/lockdown_spec.rb +0 -19
- data/spec/rcov.opts +0 -5
- data/spec/spec.opts +0 -3
- data/spec/spec_helper.rb +0 -8
@@ -1,96 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
|
2
|
-
|
3
|
-
class TestAView
|
4
|
-
def link_to
|
5
|
-
"link_to"
|
6
|
-
end
|
7
|
-
|
8
|
-
def button_to
|
9
|
-
"button_to"
|
10
|
-
end
|
11
|
-
|
12
|
-
include Lockdown::Frameworks::Rails::View
|
13
|
-
end
|
14
|
-
|
15
|
-
describe Lockdown::Frameworks::Rails::Controller do
|
16
|
-
|
17
|
-
before do
|
18
|
-
@view = TestAView.new
|
19
|
-
|
20
|
-
@view.stub!(:url_for).and_return("posts/new")
|
21
|
-
|
22
|
-
@options = {:controller => "posts", :action => "new"}
|
23
|
-
end
|
24
|
-
|
25
|
-
describe "#link_to_secured" do
|
26
|
-
it "should return the link if authorized" do
|
27
|
-
link = "<a href='http://a.com'>my_link</a>"
|
28
|
-
@view.stub!(:authorized?).and_return(true)
|
29
|
-
@view.stub!(:link_to_open).and_return(link)
|
30
|
-
|
31
|
-
@view.link_to_secured("my link", @options).should == link
|
32
|
-
end
|
33
|
-
|
34
|
-
it "should return an empty string if authorized" do
|
35
|
-
@view.stub!(:authorized?).and_return(false)
|
36
|
-
|
37
|
-
@view.link_to_secured("my link", @options).should == ""
|
38
|
-
end
|
39
|
-
|
40
|
-
it 'should use the default "get" when html_options[:method] is nil' do
|
41
|
-
link = "<a href='http://a.com'>my_link</a>"
|
42
|
-
|
43
|
-
@view.should_receive(:authorized?).with('posts/new', :get)
|
44
|
-
|
45
|
-
@view.link_to_secured("my link", @options, {})
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
describe "#button_to_secured" do
|
50
|
-
it "should return the link if authorized" do
|
51
|
-
link = "<a href='http://a.com'>my_link</a>"
|
52
|
-
@view.stub!(:authorized?).and_return(true)
|
53
|
-
@view.stub!(:button_to_open).and_return(link)
|
54
|
-
|
55
|
-
@view.button_to_secured("my link", @options).should == link
|
56
|
-
end
|
57
|
-
|
58
|
-
it "should return an empty string if authorized" do
|
59
|
-
@view.stub!(:authorized?).and_return(false)
|
60
|
-
|
61
|
-
@view.button_to_secured("my link", @options).should == ""
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
describe "#link_to_or_show" do
|
66
|
-
it "should return the name if link_to returned an empty string" do
|
67
|
-
@view.stub!(:link_to).and_return('')
|
68
|
-
|
69
|
-
@view.link_to_or_show("my_link", @options).
|
70
|
-
should == "my_link"
|
71
|
-
end
|
72
|
-
|
73
|
-
it "should return the link if access is allowed" do
|
74
|
-
link = "<a href='http://a.com'>my_link</a>"
|
75
|
-
@view.stub!(:link_to).and_return(link)
|
76
|
-
|
77
|
-
@view.link_to_or_show("my_link", @options).
|
78
|
-
should == link
|
79
|
-
end
|
80
|
-
end
|
81
|
-
|
82
|
-
describe "#link_to_or_show" do
|
83
|
-
it "should return links separated by | " do
|
84
|
-
Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
|
85
|
-
links = ["link_one", "link_two"]
|
86
|
-
@view.links(links).should == links.join(' | ')
|
87
|
-
end
|
88
|
-
|
89
|
-
it "should return links separated by | and handle empty strings" do
|
90
|
-
Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
|
91
|
-
links = ["link_one", "link_two", ""]
|
92
|
-
@view.links(links).should == links.join(' | ')
|
93
|
-
end
|
94
|
-
end
|
95
|
-
end
|
96
|
-
|
@@ -1,163 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), %w[.. .. spec_helper])
|
2
|
-
|
3
|
-
describe Lockdown::Frameworks::Rails do
|
4
|
-
before do
|
5
|
-
@rails = Lockdown::Frameworks::Rails
|
6
|
-
|
7
|
-
@rails.stub!(:use_me?).and_return(true)
|
8
|
-
|
9
|
-
@lockdown = mock("lockdown")
|
10
|
-
end
|
11
|
-
|
12
|
-
|
13
|
-
describe "#included" do
|
14
|
-
it "should extend lockdown with rails environment" do
|
15
|
-
@lockdown.should_receive(:extend).
|
16
|
-
with(Lockdown::Frameworks::Rails::Environment)
|
17
|
-
|
18
|
-
@rails.should_receive(:mixin)
|
19
|
-
|
20
|
-
@rails.included(@lockdown)
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
|
-
describe "#mixin" do
|
25
|
-
it "should perform class_eval on controller view and system to inject itself" do
|
26
|
-
|
27
|
-
@view_helper = Mikey
|
28
|
-
@view_helper.should_receive(:include).
|
29
|
-
with( Lockdown::Frameworks::Rails::View )
|
30
|
-
|
31
|
-
Lockdown.should_receive(:view_helper) do
|
32
|
-
@view_helper
|
33
|
-
end
|
34
|
-
|
35
|
-
@system = Mikey
|
36
|
-
@system.should_receive(:extend).
|
37
|
-
with( Lockdown::Frameworks::Rails::System )
|
38
|
-
|
39
|
-
Lockdown.should_receive(:system) do
|
40
|
-
@system
|
41
|
-
end
|
42
|
-
|
43
|
-
@rails.should_receive(:mixin_controller)
|
44
|
-
|
45
|
-
@rails.mixin
|
46
|
-
end
|
47
|
-
|
48
|
-
end
|
49
|
-
|
50
|
-
describe "#mixin_controller" do
|
51
|
-
|
52
|
-
it "should inject itself" do
|
53
|
-
klass = Mikey
|
54
|
-
|
55
|
-
klass.should_receive(:include).
|
56
|
-
with(Lockdown::Session)
|
57
|
-
|
58
|
-
klass.should_receive(:include).
|
59
|
-
with(Lockdown::Frameworks::Rails::Controller::Lock)
|
60
|
-
|
61
|
-
klass.should_receive(:helper_method).with(:authorized?)
|
62
|
-
|
63
|
-
klass.should_receive(:hide_action).with(:set_current_user, :configure_lockdown, :check_request_authorization, :check_model_authorization)
|
64
|
-
|
65
|
-
klass.should_receive(:before_filter).and_return do |c|
|
66
|
-
#not working yet. very frustrating trying to test this
|
67
|
-
end
|
68
|
-
|
69
|
-
klass.should_receive(:filter_parameter_logging)
|
70
|
-
|
71
|
-
klass.should_receive(:rescue_from)
|
72
|
-
|
73
|
-
@rails.mixin_controller(klass)
|
74
|
-
end
|
75
|
-
end
|
76
|
-
|
77
|
-
end
|
78
|
-
|
79
|
-
RAILS_ROOT = "/shibby/dibby/do"
|
80
|
-
|
81
|
-
module ActionController; class Base; end end
|
82
|
-
|
83
|
-
class ApplicationController; end
|
84
|
-
|
85
|
-
module ActionView; class Base; end end
|
86
|
-
|
87
|
-
describe Lockdown::Frameworks::Rails::Environment do
|
88
|
-
|
89
|
-
before do
|
90
|
-
@env = class Test; extend Lockdown::Frameworks::Rails::Environment; end
|
91
|
-
end
|
92
|
-
|
93
|
-
describe "#project_root" do
|
94
|
-
it "should return rails root" do
|
95
|
-
@env.project_root.should == "/shibby/dibby/do"
|
96
|
-
end
|
97
|
-
end
|
98
|
-
|
99
|
-
describe "#init_file" do
|
100
|
-
it "should return path to init_file" do
|
101
|
-
@env.stub!(:project_root).and_return("/shibby/dibby/do")
|
102
|
-
@env.init_file.should == "/shibby/dibby/do/lib/lockdown/init.rb"
|
103
|
-
end
|
104
|
-
end
|
105
|
-
|
106
|
-
describe "#controller_class_name" do
|
107
|
-
it "should add Controller to name" do
|
108
|
-
@env.controller_class_name("user").should == "UserController"
|
109
|
-
end
|
110
|
-
|
111
|
-
it "should convert two underscores to a namespaced controller" do
|
112
|
-
@env.controller_class_name("admin__user").should == "Admin::UserController"
|
113
|
-
end
|
114
|
-
end
|
115
|
-
|
116
|
-
describe "#controller_parent" do
|
117
|
-
it "should return ActionController::Base if not caching classes" do
|
118
|
-
@env.should_receive(:caching?).and_return(false)
|
119
|
-
@env.controller_parent.should == ActionController::Base
|
120
|
-
end
|
121
|
-
|
122
|
-
it "should return ApplicationController if caching classes" do
|
123
|
-
@env.should_receive(:caching?).and_return(true)
|
124
|
-
@env.controller_parent.should == ApplicationController
|
125
|
-
end
|
126
|
-
|
127
|
-
end
|
128
|
-
|
129
|
-
describe "#view_helper" do
|
130
|
-
it "should return ActionView::Base" do
|
131
|
-
|
132
|
-
@env.view_helper.should == ActionView::Base
|
133
|
-
end
|
134
|
-
end
|
135
|
-
end
|
136
|
-
|
137
|
-
describe Lockdown::Frameworks::Rails::System do
|
138
|
-
class Test
|
139
|
-
extend Lockdown::Frameworks::Rails::System
|
140
|
-
end
|
141
|
-
|
142
|
-
before do
|
143
|
-
@env = Test
|
144
|
-
end
|
145
|
-
|
146
|
-
describe "#skip_sync?" do
|
147
|
-
it "should return true if env == skip sync" do
|
148
|
-
Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test'])
|
149
|
-
@env.should_receive(:framework_environment).and_return("test")
|
150
|
-
|
151
|
-
@env.skip_sync?.should == true
|
152
|
-
end
|
153
|
-
|
154
|
-
it "should return false if env not in skip_sync" do
|
155
|
-
Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test', 'ci'])
|
156
|
-
@env.should_receive(:framework_environment).and_return("qa")
|
157
|
-
|
158
|
-
@env.skip_sync?.should == false
|
159
|
-
end
|
160
|
-
|
161
|
-
end
|
162
|
-
|
163
|
-
end
|
@@ -1,156 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
2
|
-
|
3
|
-
describe Lockdown::Permission do
|
4
|
-
before do
|
5
|
-
|
6
|
-
@permission = Lockdown::Permission.new(:user_management)
|
7
|
-
@permission.stub!(:paths_for).and_return([])
|
8
|
-
end
|
9
|
-
|
10
|
-
describe "#with_controller" do
|
11
|
-
before do
|
12
|
-
@permission.with_controller(:users)
|
13
|
-
end
|
14
|
-
|
15
|
-
it "should set current_context to ControllerContext" do
|
16
|
-
@permission.current_context.class.should equal(Lockdown::ControllerContext)
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
describe "#only_methods" do
|
21
|
-
before do
|
22
|
-
@permission.with_controller(:users).only_methods(:show, :edit)
|
23
|
-
end
|
24
|
-
|
25
|
-
it "should set current_context to RootContext" do
|
26
|
-
@permission.current_context.class.should equal(Lockdown::RootContext)
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
describe "#except_methods" do
|
31
|
-
before do
|
32
|
-
@permission.with_controller(:users).except_methods(:destroy)
|
33
|
-
end
|
34
|
-
|
35
|
-
it "should set current_context to RootContext" do
|
36
|
-
@permission.current_context.class.should equal(Lockdown::RootContext)
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
describe "#to_model" do
|
41
|
-
before do
|
42
|
-
@permission.to_model(:user)
|
43
|
-
end
|
44
|
-
|
45
|
-
it "should set current_context to ModelContext" do
|
46
|
-
@permission.current_context.class.should equal(Lockdown::ModelContext)
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
describe "#where" do
|
51
|
-
before do
|
52
|
-
@permission.to_model(:user).where(:current_user_id)
|
53
|
-
end
|
54
|
-
|
55
|
-
it "should set current_context to ModelWhereContext" do
|
56
|
-
@permission.current_context.class.should equal(Lockdown::ModelWhereContext)
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
describe "#equals" do
|
61
|
-
before do
|
62
|
-
@permission.to_model(:user).where(:current_user_id).equals(:id)
|
63
|
-
end
|
64
|
-
|
65
|
-
it "should set current_context to RootContext" do
|
66
|
-
@permission.current_context.class.should equal(Lockdown::RootContext)
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
describe "#is_in" do
|
71
|
-
before do
|
72
|
-
@permission.to_model(:user).where(:current_user_id).is_in(:manager_ids)
|
73
|
-
end
|
74
|
-
|
75
|
-
it "should set current_context to RootContext" do
|
76
|
-
@permission.current_context.class.should equal(Lockdown::RootContext)
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
describe "#set_as_public_access" do
|
81
|
-
it "should raise an PermissionScopeCollision if already protected" do
|
82
|
-
@permission.set_as_protected_access
|
83
|
-
lambda{@permission.set_as_public_access}.
|
84
|
-
should raise_error(Lockdown::PermissionScopeCollision)
|
85
|
-
end
|
86
|
-
end
|
87
|
-
|
88
|
-
|
89
|
-
describe "#set_as_protected_access" do
|
90
|
-
it "should raise an PermissionScopeCollision if already public" do
|
91
|
-
@permission.set_as_public_access
|
92
|
-
lambda{@permission.set_as_protected_access}.
|
93
|
-
should raise_error(Lockdown::PermissionScopeCollision)
|
94
|
-
end
|
95
|
-
end
|
96
|
-
|
97
|
-
describe "while in RootContext" do
|
98
|
-
before do
|
99
|
-
@permission.with_controller(:users).only_methods(:show, :edit)
|
100
|
-
end
|
101
|
-
|
102
|
-
it "should raise InvalidRuleContext trying to access methods out of context" do
|
103
|
-
methods = [:only_methods, :except_methods, :where, :equals, :is_in, :includes]
|
104
|
-
|
105
|
-
methods.each do |method|
|
106
|
-
lambda{@permission.send(method, :sample_param)}.
|
107
|
-
should raise_error(Lockdown::InvalidRuleContext)
|
108
|
-
end
|
109
|
-
end
|
110
|
-
end
|
111
|
-
|
112
|
-
describe "while in ControllerContext" do
|
113
|
-
before do
|
114
|
-
@permission.with_controller(:users)
|
115
|
-
end
|
116
|
-
|
117
|
-
it "should raise InvalidRuleContext trying to access methods out of context" do
|
118
|
-
methods = [:where, :equals, :is_in, :includes]
|
119
|
-
|
120
|
-
methods.each do |method|
|
121
|
-
lambda{@permission.send(method, :sample_param)}.
|
122
|
-
should raise_error(Lockdown::InvalidRuleContext)
|
123
|
-
end
|
124
|
-
end
|
125
|
-
end
|
126
|
-
|
127
|
-
describe "while in ModelContext" do
|
128
|
-
before do
|
129
|
-
@permission.to_model(:user)
|
130
|
-
end
|
131
|
-
|
132
|
-
it "should raise InvalidRuleContext trying to access methods out of context" do
|
133
|
-
methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :equals, :is_in, :includes]
|
134
|
-
|
135
|
-
methods.each do |method|
|
136
|
-
lambda{@permission.send(method, :sample_param)}.
|
137
|
-
should raise_error(Lockdown::InvalidRuleContext)
|
138
|
-
end
|
139
|
-
end
|
140
|
-
end
|
141
|
-
|
142
|
-
describe "while in ModelWhereContext" do
|
143
|
-
before do
|
144
|
-
@permission.to_model(:user).where(:current_user_id)
|
145
|
-
end
|
146
|
-
|
147
|
-
it "should raise InvalidRuleContext trying to access methods out of context" do
|
148
|
-
methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :where]
|
149
|
-
|
150
|
-
methods.each do |method|
|
151
|
-
lambda{@permission.send(method, :sample_param)}.
|
152
|
-
should raise_error(Lockdown::InvalidRuleContext)
|
153
|
-
end
|
154
|
-
end
|
155
|
-
end
|
156
|
-
end
|
@@ -1,40 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
2
|
-
|
3
|
-
require 'lockdown/rspec_helper'
|
4
|
-
|
5
|
-
class TestAController
|
6
|
-
extend Lockdown::Frameworks::Rails::Controller
|
7
|
-
include Lockdown::Frameworks::Rails::Controller::Lock
|
8
|
-
end
|
9
|
-
|
10
|
-
class RspecEnv
|
11
|
-
end
|
12
|
-
|
13
|
-
describe Lockdown::RspecHelper do
|
14
|
-
before do
|
15
|
-
@controller = TestAController.new
|
16
|
-
@controller.stub!(:session).and_return({})
|
17
|
-
|
18
|
-
usr = mock :user,
|
19
|
-
:first_name => 'John',
|
20
|
-
:last_name => 'Smith',
|
21
|
-
:password => 'mysecret',
|
22
|
-
:password_confirmation => 'mysecret'
|
23
|
-
|
24
|
-
usr_group = mock :usr_group
|
25
|
-
|
26
|
-
Lockdown.should_receive(:maybe_parse_init)
|
27
|
-
RspecEnv.send :include, Lockdown::RspecHelper
|
28
|
-
@rspec_env = RspecEnv.new
|
29
|
-
@rspec_env.stub!(:controller).and_return(@controller)
|
30
|
-
@rspec_env.stub!(:mock_user).and_return(usr)
|
31
|
-
@rspec_env.stub!(:mock_user_group).and_return(usr_group)
|
32
|
-
end
|
33
|
-
|
34
|
-
describe "#login_admin" do
|
35
|
-
it "should set access_rights to :all" do
|
36
|
-
@rspec_env.login_admin
|
37
|
-
@rspec_env.controller.session[:access_rights].should == :all
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
data/spec/lockdown/rules_spec.rb
DELETED
@@ -1,245 +0,0 @@
|
|
1
|
-
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
2
|
-
|
3
|
-
class TestSystem; extend Lockdown::Rules; end
|
4
|
-
|
5
|
-
describe Lockdown::Rules do
|
6
|
-
before do
|
7
|
-
@rules = TestSystem
|
8
|
-
@rules.set_defaults
|
9
|
-
end
|
10
|
-
|
11
|
-
describe "#set_permission" do
|
12
|
-
it "should create and return a Permission object" do
|
13
|
-
@rules.set_permission(:user_management).
|
14
|
-
should == Lockdown::Permission.new(:user_management)
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
describe "#set_public_access" do
|
19
|
-
it "should define the permission as public" do
|
20
|
-
@rules.set_permission(:home_page)
|
21
|
-
@rules.set_public_access(:home_page)
|
22
|
-
perm = @rules.permission_objects.find{|name, object| name == :home_page}
|
23
|
-
perm[1].public_access?.should be_true
|
24
|
-
end
|
25
|
-
|
26
|
-
it "should raise and InvalidRuleAssignment if permission does not exist" do
|
27
|
-
msg = "Permission not found: toy_management"
|
28
|
-
|
29
|
-
@rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
|
30
|
-
|
31
|
-
@rules.set_public_access(:toy_management)
|
32
|
-
end
|
33
|
-
end
|
34
|
-
|
35
|
-
describe "#public_access?" do
|
36
|
-
it "should return true when permission is public" do
|
37
|
-
@rules.set_permission(:home_page)
|
38
|
-
@rules.set_public_access(:home_page)
|
39
|
-
@rules.public_access?(:home_page).should == true
|
40
|
-
end
|
41
|
-
|
42
|
-
it "should return false when permission is not public" do
|
43
|
-
@rules.set_permission(:home_page)
|
44
|
-
@rules.set_protected_access(:home_page)
|
45
|
-
@rules.public_access?(:home_page).should == false
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
describe "#set_protected_access" do
|
50
|
-
it "should define the permission as protected" do
|
51
|
-
@rules.set_permission(:user_management)
|
52
|
-
@rules.set_protected_access(:user_management)
|
53
|
-
perm = @rules.permission_objects.find{|name, object| name == :user_management}
|
54
|
-
perm[1].protected_access?.should be_true
|
55
|
-
end
|
56
|
-
|
57
|
-
it "should raise and InvalidRuleAssignment if permission does not exist" do
|
58
|
-
msg = "Permission not found: user_management"
|
59
|
-
|
60
|
-
@rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
|
61
|
-
|
62
|
-
@rules.set_protected_access(:user_management)
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
describe "#protected_access?" do
|
67
|
-
it "should return true when permission is protected" do
|
68
|
-
@rules.set_permission(:home_page)
|
69
|
-
@rules.set_protected_access(:home_page)
|
70
|
-
@rules.protected_access?(:home_page).should == true
|
71
|
-
end
|
72
|
-
|
73
|
-
it "should return false when permission is not protected" do
|
74
|
-
@rules.set_permission(:home_page)
|
75
|
-
@rules.set_public_access(:home_page)
|
76
|
-
@rules.protected_access?(:home_page).should == false
|
77
|
-
end
|
78
|
-
end
|
79
|
-
|
80
|
-
describe "#get_permissions" do
|
81
|
-
it "should return array of permission names as symbols" do
|
82
|
-
Lockdown.should_receive(:add_controller_method)
|
83
|
-
|
84
|
-
@rules.set_permission(:home_page)
|
85
|
-
@rules.set_permission(:user_management)
|
86
|
-
@rules.process_rules
|
87
|
-
@rules.get_permissions.should include(:home_page)
|
88
|
-
@rules.get_permissions.should include(:user_management)
|
89
|
-
end
|
90
|
-
end
|
91
|
-
|
92
|
-
describe "#permission_exists?" do
|
93
|
-
it "should return true if permission exists" do
|
94
|
-
Lockdown.should_receive(:add_controller_method)
|
95
|
-
|
96
|
-
@rules.set_permission(:home_page)
|
97
|
-
@rules.process_rules
|
98
|
-
@rules.permission_exists?(:home_page).should be_true
|
99
|
-
end
|
100
|
-
|
101
|
-
it "should return false if permission does not exist" do
|
102
|
-
@rules.permission_exists?(:home_page).should be_false
|
103
|
-
end
|
104
|
-
end
|
105
|
-
|
106
|
-
describe "#permission_assigned_automatically?" do
|
107
|
-
it "should return true when permission is public" do
|
108
|
-
@rules.set_permission(:home_page)
|
109
|
-
@rules.set_public_access(:home_page)
|
110
|
-
@rules.permission_assigned_automatically?(:home_page).should == true
|
111
|
-
end
|
112
|
-
|
113
|
-
it "should return true when permission is protected" do
|
114
|
-
@rules.set_permission(:home_page)
|
115
|
-
@rules.set_protected_access(:home_page)
|
116
|
-
@rules.permission_assigned_automatically?(:home_page).should == true
|
117
|
-
end
|
118
|
-
|
119
|
-
it "should return false when permission is not public" do
|
120
|
-
@rules.set_permission(:home_page)
|
121
|
-
@rules.permission_assigned_automatically?(:home_page).should == false
|
122
|
-
end
|
123
|
-
end
|
124
|
-
|
125
|
-
describe "#get_user_groups" do
|
126
|
-
it "should return array of user group names as symbols" do
|
127
|
-
@rules.set_permission(:user_management)
|
128
|
-
@rules.set_user_group(:security_management, :user_management)
|
129
|
-
@rules.get_user_groups.should == [:security_management]
|
130
|
-
end
|
131
|
-
end
|
132
|
-
|
133
|
-
describe "#user_group_exists?" do
|
134
|
-
it "should return true if user_group exists" do
|
135
|
-
@rules.set_user_group(:user_management, :some_perm)
|
136
|
-
@rules.user_group_exists?(:user_management).should be_true
|
137
|
-
end
|
138
|
-
|
139
|
-
it "should return false if user_group does not exist" do
|
140
|
-
@rules.user_group_exists?(:user_management).should be_false
|
141
|
-
end
|
142
|
-
end
|
143
|
-
|
144
|
-
describe "#make_user_administrator" do
|
145
|
-
it "should add admin to user groups" do
|
146
|
-
ugc = mock('user_group_class',:find_or_create_by_name => :admin)
|
147
|
-
Lockdown.should_receive(:user_group_class).and_return(ugc)
|
148
|
-
|
149
|
-
usr = mock('user', :user_groups => [])
|
150
|
-
|
151
|
-
@rules.make_user_administrator(usr).should include(:admin)
|
152
|
-
end
|
153
|
-
end
|
154
|
-
|
155
|
-
describe "#access_rights_for_user" do
|
156
|
-
it "should array of rights for user who is not an admin" do
|
157
|
-
@rules.should_receive(:administrator?).and_return(false)
|
158
|
-
|
159
|
-
@rules.set_permission(:register_account).
|
160
|
-
with_controller(:users).
|
161
|
-
only_methods(:new, :create)
|
162
|
-
|
163
|
-
@rules.set_public_access(:register_account)
|
164
|
-
|
165
|
-
perm = @rules.set_permission(:perm_one).
|
166
|
-
with_controller("a_controller").
|
167
|
-
only_methods("show","edit","update")
|
168
|
-
|
169
|
-
ug = @rules.set_user_group(:ug_one, :perm_one)
|
170
|
-
|
171
|
-
@rules.should_receive(:set_model_access)
|
172
|
-
@rules.process_rules
|
173
|
-
|
174
|
-
usr = mock('user', :user_groups => [:ug_one])
|
175
|
-
|
176
|
-
@rules.access_rights_for_user(usr).
|
177
|
-
should == ["users/new", "users/create", "a_controller/show", "a_controller/edit", "a_controller/update"]
|
178
|
-
end
|
179
|
-
end
|
180
|
-
|
181
|
-
describe "#access_rights_for_user_group" do
|
182
|
-
it "should return array of rights for user_group" do
|
183
|
-
perm = @rules.set_permission(:perm_one).
|
184
|
-
with_controller("a_controller").
|
185
|
-
only_methods("show","edit","update")
|
186
|
-
|
187
|
-
ug = @rules.set_user_group(:ug_one, :perm_one)
|
188
|
-
|
189
|
-
@rules.should_receive(:set_model_access)
|
190
|
-
@rules.process_rules
|
191
|
-
|
192
|
-
@rules.access_rights_for_user_group(:ug_one).
|
193
|
-
should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
|
194
|
-
end
|
195
|
-
end
|
196
|
-
|
197
|
-
describe "#access_rights_for_permission" do
|
198
|
-
it "should return array of rights for permission" do
|
199
|
-
|
200
|
-
perm = @rules.set_permission(:perm_one).
|
201
|
-
with_controller("a_controller").
|
202
|
-
only_methods("show","edit","update")
|
203
|
-
|
204
|
-
@rules.should_receive(:set_model_access)
|
205
|
-
@rules.process_rules
|
206
|
-
|
207
|
-
@rules.access_rights_for_permission(perm).
|
208
|
-
should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
|
209
|
-
end
|
210
|
-
end
|
211
|
-
|
212
|
-
describe "#standard_authorized_user_rights" do
|
213
|
-
it "should receive public_access + protected_access" do
|
214
|
-
@rules.set_permission(:register_account).
|
215
|
-
with_controller(:users).
|
216
|
-
only_methods(:new, :create)
|
217
|
-
|
218
|
-
@rules.set_permission(:my_profile).
|
219
|
-
with_controller(:users).
|
220
|
-
only_methods(:show, :edit, :update)
|
221
|
-
|
222
|
-
|
223
|
-
@rules.set_public_access(:register_account)
|
224
|
-
@rules.set_protected_access(:my_profile)
|
225
|
-
|
226
|
-
@rules.should_receive(:set_model_access)
|
227
|
-
@rules.process_rules
|
228
|
-
|
229
|
-
@rules.standard_authorized_user_rights.
|
230
|
-
should == ["users/new", "users/create", "users/show", "users/edit", "users/update"]
|
231
|
-
end
|
232
|
-
end
|
233
|
-
|
234
|
-
describe "#process_rules" do
|
235
|
-
it "should validate user_group permissions" do
|
236
|
-
Lockdown.should_receive(:add_controller_method)
|
237
|
-
|
238
|
-
@rules.set_user_group(:test_group, :a_perm)
|
239
|
-
error = "User Group: test_group, permission not found: a_perm"
|
240
|
-
|
241
|
-
lambda{@rules.process_rules}.
|
242
|
-
should raise_error(Lockdown::InvalidRuleAssignment, error)
|
243
|
-
end
|
244
|
-
end
|
245
|
-
end
|