lockdown 1.6.5 → 2.0.0

data/spec/lockdown/frameworks/rails/view_spec.rb

@@ -1,96 +0,0 @@
-require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
-
-class TestAView
-  def link_to
-    "link_to"
-  end
-
-  def button_to
-    "button_to"
-  end
-
-  include Lockdown::Frameworks::Rails::View
-end
-
-describe Lockdown::Frameworks::Rails::Controller do
-
-  before do
-    @view = TestAView.new
-
-    @view.stub!(:url_for).and_return("posts/new")
-
-    @options = {:controller => "posts", :action => "new"}
-  end
-
-  describe "#link_to_secured" do
-    it "should return the link if authorized" do
-      link = "<a href='http://a.com'>my_link</a>"
-      @view.stub!(:authorized?).and_return(true)
-      @view.stub!(:link_to_open).and_return(link)
-
-      @view.link_to_secured("my link", @options).should == link
-    end
-
-     it "should return an empty string if authorized" do
-      @view.stub!(:authorized?).and_return(false)
-
-      @view.link_to_secured("my link", @options).should == ""
-    end
-
-    it 'should use the default "get" when html_options[:method] is nil' do
-      link = "<a href='http://a.com'>my_link</a>"
-
-      @view.should_receive(:authorized?).with('posts/new', :get)
-
-      @view.link_to_secured("my link", @options, {})
-    end
-  end
-
-  describe "#button_to_secured" do
-    it "should return the link if authorized" do
-      link = "<a href='http://a.com'>my_link</a>"
-      @view.stub!(:authorized?).and_return(true)
-      @view.stub!(:button_to_open).and_return(link)
-
-      @view.button_to_secured("my link", @options).should == link
-    end
-
-     it "should return an empty string if authorized" do
-      @view.stub!(:authorized?).and_return(false)
-
-      @view.button_to_secured("my link", @options).should == ""
-    end
-  end
-
-  describe "#link_to_or_show" do
-    it "should return the name if link_to returned an empty string" do
-      @view.stub!(:link_to).and_return('')
-
-      @view.link_to_or_show("my_link", @options).
-        should == "my_link"
-    end
-
-    it "should return the link if access is allowed" do
-      link = "<a href='http://a.com'>my_link</a>"
-      @view.stub!(:link_to).and_return(link)
-
-      @view.link_to_or_show("my_link", @options).
-        should == link
-    end
-  end
-
-  describe "#link_to_or_show" do
-    it "should return links separated by | " do
-      Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
-      links = ["link_one", "link_two"]
-      @view.links(links).should == links.join(' | ')
-    end
-
-    it "should return links separated by | and handle empty strings" do
-      Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
-      links = ["link_one", "link_two", ""]
-      @view.links(links).should == links.join(' | ')
-    end
-  end
-end
-

data/spec/lockdown/frameworks/rails_spec.rb

@@ -1,163 +0,0 @@
-require File.join(File.dirname(__FILE__), %w[.. .. spec_helper])
-
-describe Lockdown::Frameworks::Rails do
-  before do
-    @rails = Lockdown::Frameworks::Rails
-
-    @rails.stub!(:use_me?).and_return(true)
-
-    @lockdown = mock("lockdown")        
-  end
-
-
-  describe "#included" do
-    it "should extend lockdown with rails environment" do
-      @lockdown.should_receive(:extend).
-        with(Lockdown::Frameworks::Rails::Environment)
-
-      @rails.should_receive(:mixin)
-
-      @rails.included(@lockdown)
-    end
-  end
-
-  describe "#mixin" do
-    it "should perform class_eval on controller view and system to inject itself" do
-
-      @view_helper = Mikey
-      @view_helper.should_receive(:include).
-        with( Lockdown::Frameworks::Rails::View )
-
-      Lockdown.should_receive(:view_helper) do 
-        @view_helper
-      end
-
-      @system = Mikey
-      @system.should_receive(:extend).
-        with( Lockdown::Frameworks::Rails::System )
-
-      Lockdown.should_receive(:system) do 
-        @system
-      end
-
-      @rails.should_receive(:mixin_controller)
-
-      @rails.mixin
-    end
-
-  end
-
-  describe "#mixin_controller" do
-
-    it "should inject itself" do
-      klass = Mikey
-
-      klass.should_receive(:include).
-        with(Lockdown::Session)
-
-      klass.should_receive(:include).
-        with(Lockdown::Frameworks::Rails::Controller::Lock)
-
-      klass.should_receive(:helper_method).with(:authorized?)
-
-      klass.should_receive(:hide_action).with(:set_current_user, :configure_lockdown, :check_request_authorization, :check_model_authorization)
-
-      klass.should_receive(:before_filter).and_return do |c|
-        #not working yet. very frustrating trying to test this
-      end
-
-      klass.should_receive(:filter_parameter_logging)
-
-      klass.should_receive(:rescue_from)
-
-      @rails.mixin_controller(klass)
-    end
-  end
-
-end
-
-RAILS_ROOT = "/shibby/dibby/do"
-
-module ActionController; class Base; end end
-
-class ApplicationController; end
-
-module ActionView; class Base; end end
-
-describe Lockdown::Frameworks::Rails::Environment do
-
-  before do
-    @env = class Test; extend Lockdown::Frameworks::Rails::Environment; end
-  end
-
-  describe "#project_root" do
-    it "should return rails root" do
-      @env.project_root.should == "/shibby/dibby/do"
-    end
-  end
-
-  describe "#init_file" do
-    it "should return path to init_file" do
-      @env.stub!(:project_root).and_return("/shibby/dibby/do")
-      @env.init_file.should == "/shibby/dibby/do/lib/lockdown/init.rb"
-    end
-  end
-
-  describe "#controller_class_name" do
-    it "should add Controller to name" do
-      @env.controller_class_name("user").should == "UserController"
-    end
-
-    it "should convert two underscores to a namespaced controller" do
-      @env.controller_class_name("admin__user").should == "Admin::UserController"
-    end
-  end
-
-  describe "#controller_parent" do
-    it "should return ActionController::Base if not caching classes" do
-      @env.should_receive(:caching?).and_return(false)
-      @env.controller_parent.should == ActionController::Base
-    end
-
-    it "should return ApplicationController if caching classes" do
-      @env.should_receive(:caching?).and_return(true)
-      @env.controller_parent.should == ApplicationController
-    end
-
-  end
-
-  describe "#view_helper" do
-    it "should return ActionView::Base" do
-      
-      @env.view_helper.should == ActionView::Base
-    end
-  end
-end
-
-describe Lockdown::Frameworks::Rails::System do
-  class Test 
-    extend Lockdown::Frameworks::Rails::System
-  end
-
-  before do
-    @env = Test
-  end
-
-  describe "#skip_sync?" do
-    it "should return true if env == skip sync" do
-      Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test'])
-      @env.should_receive(:framework_environment).and_return("test")
-      
-      @env.skip_sync?.should == true
-    end
-
-    it "should return false if env not in skip_sync" do
-      Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test', 'ci'])
-      @env.should_receive(:framework_environment).and_return("qa")
-      
-      @env.skip_sync?.should == false
-    end
-    
-  end
-
-end

data/spec/lockdown/permission_spec.rb

@@ -1,156 +0,0 @@
-require File.join(File.dirname(__FILE__), %w[.. spec_helper])
-
-describe Lockdown::Permission do
-  before do
-    
-    @permission = Lockdown::Permission.new(:user_management)
-    @permission.stub!(:paths_for).and_return([])
-  end
-
-  describe "#with_controller" do
-    before do
-      @permission.with_controller(:users)
-    end
-
-    it "should set current_context to ControllerContext" do
-      @permission.current_context.class.should equal(Lockdown::ControllerContext)
-    end
-  end
-
-  describe "#only_methods" do
-    before do
-      @permission.with_controller(:users).only_methods(:show, :edit)
-    end
-
-    it "should set current_context to RootContext" do
-      @permission.current_context.class.should equal(Lockdown::RootContext)
-    end
-  end
-
-  describe "#except_methods" do
-    before do
-      @permission.with_controller(:users).except_methods(:destroy)
-    end
-
-    it "should set current_context to RootContext" do
-      @permission.current_context.class.should equal(Lockdown::RootContext)
-    end
-  end
-
-  describe "#to_model" do
-    before do
-      @permission.to_model(:user)
-    end
-
-    it "should set current_context to ModelContext" do
-      @permission.current_context.class.should equal(Lockdown::ModelContext)
-    end
-  end
-
-  describe "#where" do
-    before do
-      @permission.to_model(:user).where(:current_user_id)
-    end
-
-    it "should set current_context to ModelWhereContext" do
-      @permission.current_context.class.should equal(Lockdown::ModelWhereContext)
-    end
-  end
-
-  describe "#equals" do
-    before do
-      @permission.to_model(:user).where(:current_user_id).equals(:id)
-    end
-
-    it "should set current_context to RootContext" do
-      @permission.current_context.class.should equal(Lockdown::RootContext)
-    end
-  end
-
-  describe "#is_in" do
-    before do
-      @permission.to_model(:user).where(:current_user_id).is_in(:manager_ids)
-    end
-
-    it "should set current_context to RootContext" do
-      @permission.current_context.class.should equal(Lockdown::RootContext)
-    end
-  end
-
-  describe "#set_as_public_access" do
-    it "should raise an PermissionScopeCollision if already protected" do
-      @permission.set_as_protected_access
-      lambda{@permission.set_as_public_access}.
-        should raise_error(Lockdown::PermissionScopeCollision)
-    end
-  end
-
-
-  describe "#set_as_protected_access" do
-    it "should raise an PermissionScopeCollision if already public" do
-      @permission.set_as_public_access
-      lambda{@permission.set_as_protected_access}.
-        should raise_error(Lockdown::PermissionScopeCollision)
-    end
-  end
-
-  describe "while in RootContext" do
-    before do
-      @permission.with_controller(:users).only_methods(:show, :edit)
-    end
-
-    it "should raise InvalidRuleContext trying to access methods out of context" do
-      methods = [:only_methods, :except_methods, :where, :equals, :is_in, :includes]
-
-        methods.each do |method|
-          lambda{@permission.send(method, :sample_param)}.
-            should raise_error(Lockdown::InvalidRuleContext)
-        end
-    end
-  end
-
-  describe "while in ControllerContext" do
-    before do
-      @permission.with_controller(:users)
-    end
-
-    it "should raise InvalidRuleContext trying to access methods out of context" do
-      methods = [:where, :equals, :is_in, :includes]
-
-        methods.each do |method|
-          lambda{@permission.send(method, :sample_param)}.
-            should raise_error(Lockdown::InvalidRuleContext)
-        end
-    end
-  end
-
-  describe "while in ModelContext" do
-    before do
-      @permission.to_model(:user)
-    end
-
-    it "should raise InvalidRuleContext trying to access methods out of context" do
-      methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :equals, :is_in, :includes]
-
-        methods.each do |method|
-          lambda{@permission.send(method, :sample_param)}.
-            should raise_error(Lockdown::InvalidRuleContext)
-        end
-    end
-  end
-
-  describe "while in ModelWhereContext" do
-    before do
-      @permission.to_model(:user).where(:current_user_id)
-    end
-
-    it "should raise InvalidRuleContext trying to access methods out of context" do
-      methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :where]
-
-        methods.each do |method|
-          lambda{@permission.send(method, :sample_param)}.
-            should raise_error(Lockdown::InvalidRuleContext)
-        end
-    end
-  end
-end

data/spec/lockdown/rspec_helper_spec.rb

@@ -1,40 +0,0 @@
-require File.join(File.dirname(__FILE__), %w[.. spec_helper])
-
-require 'lockdown/rspec_helper'
-
-class TestAController
-  extend Lockdown::Frameworks::Rails::Controller
-  include Lockdown::Frameworks::Rails::Controller::Lock
-end
-
-class RspecEnv
-end
-
-describe Lockdown::RspecHelper do
-  before do
-    @controller = TestAController.new
-    @controller.stub!(:session).and_return({})
-
-    usr = mock  :user, 
-                :first_name => 'John',
-                :last_name  => 'Smith',
-                :password   => 'mysecret',
-                :password_confirmation  => 'mysecret'
-
-    usr_group = mock :usr_group
-
-    Lockdown.should_receive(:maybe_parse_init)
-    RspecEnv.send :include, Lockdown::RspecHelper
-    @rspec_env = RspecEnv.new
-    @rspec_env.stub!(:controller).and_return(@controller)
-    @rspec_env.stub!(:mock_user).and_return(usr)
-    @rspec_env.stub!(:mock_user_group).and_return(usr_group)
-  end
-
-  describe "#login_admin" do
-    it "should set access_rights to :all" do 
-      @rspec_env.login_admin
-      @rspec_env.controller.session[:access_rights].should == :all
-    end
-  end
-end

data/spec/lockdown/rules_spec.rb

@@ -1,245 +0,0 @@
-require File.join(File.dirname(__FILE__), %w[.. spec_helper])
-
-class TestSystem; extend Lockdown::Rules; end
-
-describe Lockdown::Rules do
-  before do
-    @rules = TestSystem
-    @rules.set_defaults
-  end
-
-  describe "#set_permission" do
-    it "should create and return a Permission object" do
-      @rules.set_permission(:user_management).
-        should == Lockdown::Permission.new(:user_management) 
-    end
-  end
-
-  describe "#set_public_access" do
-    it "should define the permission as public" do
-      @rules.set_permission(:home_page)
-      @rules.set_public_access(:home_page)
-      perm = @rules.permission_objects.find{|name, object| name == :home_page}
-      perm[1].public_access?.should be_true
-    end
-
-    it "should raise and InvalidRuleAssignment if permission does not exist" do
-      msg = "Permission not found: toy_management"
-
-      @rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
-
-      @rules.set_public_access(:toy_management)
-    end
-  end
-
-  describe "#public_access?" do
-    it "should return true when permission is public" do
-      @rules.set_permission(:home_page)
-      @rules.set_public_access(:home_page)
-      @rules.public_access?(:home_page).should == true
-    end
-
-    it "should return false when permission is not public" do
-      @rules.set_permission(:home_page)
-      @rules.set_protected_access(:home_page)
-      @rules.public_access?(:home_page).should == false
-    end
-  end
-
-  describe "#set_protected_access" do
-    it "should define the permission as protected" do
-      @rules.set_permission(:user_management)
-      @rules.set_protected_access(:user_management)
-      perm = @rules.permission_objects.find{|name, object| name == :user_management}
-      perm[1].protected_access?.should be_true
-    end
-
-    it "should raise and InvalidRuleAssignment if permission does not exist" do
-      msg = "Permission not found: user_management"
-
-      @rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
-
-      @rules.set_protected_access(:user_management)
-    end
-  end
-
-  describe "#protected_access?" do
-    it "should return true when permission is protected" do
-      @rules.set_permission(:home_page)
-      @rules.set_protected_access(:home_page)
-      @rules.protected_access?(:home_page).should == true
-    end
-
-    it "should return false when permission is not protected" do
-      @rules.set_permission(:home_page)
-      @rules.set_public_access(:home_page)
-      @rules.protected_access?(:home_page).should == false
-    end
-  end
-
-  describe "#get_permissions" do
-    it "should return array of permission names as symbols" do
-      Lockdown.should_receive(:add_controller_method)
-      
-      @rules.set_permission(:home_page)
-      @rules.set_permission(:user_management)
-      @rules.process_rules
-      @rules.get_permissions.should include(:home_page) 
-      @rules.get_permissions.should include(:user_management)
-    end
-  end
-
-  describe "#permission_exists?" do
-    it "should return true if permission exists" do
-      Lockdown.should_receive(:add_controller_method)
-
-      @rules.set_permission(:home_page)
-      @rules.process_rules
-      @rules.permission_exists?(:home_page).should be_true
-    end
-
-    it "should return false if permission does not exist" do
-      @rules.permission_exists?(:home_page).should be_false
-    end
-  end
-
-  describe "#permission_assigned_automatically?" do
-    it "should return true when permission is public" do
-      @rules.set_permission(:home_page)
-      @rules.set_public_access(:home_page)
-      @rules.permission_assigned_automatically?(:home_page).should == true
-    end
-
-    it "should return true when permission is protected" do
-      @rules.set_permission(:home_page)
-      @rules.set_protected_access(:home_page)
-      @rules.permission_assigned_automatically?(:home_page).should == true
-    end
-
-    it "should return false when permission is not public" do
-      @rules.set_permission(:home_page)
-      @rules.permission_assigned_automatically?(:home_page).should == false
-    end
-  end
-
-  describe "#get_user_groups" do
-    it "should return array of user group names as symbols" do
-      @rules.set_permission(:user_management)
-      @rules.set_user_group(:security_management, :user_management)
-      @rules.get_user_groups.should == [:security_management]
-    end
-  end
-
-  describe "#user_group_exists?" do
-    it "should return true if user_group exists" do
-      @rules.set_user_group(:user_management, :some_perm)
-      @rules.user_group_exists?(:user_management).should be_true
-    end
-
-    it "should return false if user_group does not exist" do
-      @rules.user_group_exists?(:user_management).should be_false
-    end
-  end
-
-  describe "#make_user_administrator" do
-    it "should add admin to user groups" do
-      ugc = mock('user_group_class',:find_or_create_by_name => :admin)
-      Lockdown.should_receive(:user_group_class).and_return(ugc)
-
-      usr = mock('user', :user_groups => [])
-
-      @rules.make_user_administrator(usr).should include(:admin)
-    end
-  end
-
-  describe "#access_rights_for_user" do
-    it "should array of rights for user who is not an admin" do
-      @rules.should_receive(:administrator?).and_return(false)
-
-      @rules.set_permission(:register_account).
-        with_controller(:users).
-        only_methods(:new, :create)
-
-      @rules.set_public_access(:register_account)
-
-      perm = @rules.set_permission(:perm_one).
-        with_controller("a_controller").
-        only_methods("show","edit","update")
-
-      ug = @rules.set_user_group(:ug_one, :perm_one)
-
-      @rules.should_receive(:set_model_access)
-      @rules.process_rules
-
-      usr = mock('user', :user_groups => [:ug_one])
-
-      @rules.access_rights_for_user(usr).
-        should == ["users/new", "users/create", "a_controller/show", "a_controller/edit", "a_controller/update"]
-    end
-  end
-
-  describe "#access_rights_for_user_group" do
-    it "should return array of rights for user_group" do
-      perm = @rules.set_permission(:perm_one).
-        with_controller("a_controller").
-        only_methods("show","edit","update")
-
-      ug = @rules.set_user_group(:ug_one, :perm_one)
-
-      @rules.should_receive(:set_model_access)
-      @rules.process_rules
-
-      @rules.access_rights_for_user_group(:ug_one).
-        should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
-    end
-  end
-
-  describe "#access_rights_for_permission" do
-    it "should return array of rights for permission" do
-
-      perm = @rules.set_permission(:perm_one).
-        with_controller("a_controller").
-        only_methods("show","edit","update")
-
-      @rules.should_receive(:set_model_access)
-      @rules.process_rules
-
-      @rules.access_rights_for_permission(perm).
-        should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
-    end
-  end
-
-  describe "#standard_authorized_user_rights" do
-    it "should receive public_access + protected_access" do
-      @rules.set_permission(:register_account).
-        with_controller(:users).
-        only_methods(:new, :create)
-
-      @rules.set_permission(:my_profile).
-        with_controller(:users).
-        only_methods(:show, :edit, :update)
-      
-
-      @rules.set_public_access(:register_account)
-      @rules.set_protected_access(:my_profile)
-
-      @rules.should_receive(:set_model_access)
-      @rules.process_rules
-
-      @rules.standard_authorized_user_rights.
-        should == ["users/new", "users/create", "users/show", "users/edit", "users/update"]
-    end
-  end
-
-  describe "#process_rules" do
-    it "should validate user_group permissions" do
-      Lockdown.should_receive(:add_controller_method)
-      
-      @rules.set_user_group(:test_group, :a_perm)
-      error =  "User Group: test_group, permission not found: a_perm"
-
-      lambda{@rules.process_rules}.
-        should raise_error(Lockdown::InvalidRuleAssignment, error)
-    end
-  end
-end