lockdown 1.6.5 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (80) hide show
  1. data/.gitignore +1 -0
  2. data/README.txt +8 -5
  3. data/Rakefile +43 -26
  4. data/lib/lockdown/access.rb +108 -0
  5. data/lib/lockdown/configuration.rb +201 -0
  6. data/lib/lockdown/database.rb +31 -36
  7. data/lib/lockdown/delivery.rb +26 -0
  8. data/lib/lockdown/errors.rb +3 -7
  9. data/lib/lockdown/frameworks/rails/controller.rb +21 -59
  10. data/lib/lockdown/frameworks/rails/view.rb +1 -1
  11. data/lib/lockdown/frameworks/rails.rb +7 -43
  12. data/lib/lockdown/helper.rb +14 -85
  13. data/lib/lockdown/orms/active_record.rb +7 -9
  14. data/lib/lockdown/permission.rb +37 -203
  15. data/lib/lockdown/resource.rb +54 -0
  16. data/lib/lockdown/session.rb +16 -25
  17. data/lib/lockdown/user_group.rb +16 -0
  18. data/lib/lockdown.rb +15 -60
  19. data/lockdown.gemspec +29 -69
  20. data/test/helper.rb +9 -0
  21. data/test/lockdown/test_access.rb +80 -0
  22. data/test/lockdown/test_configuration.rb +194 -0
  23. data/test/lockdown/test_delivery.rb +163 -0
  24. data/test/lockdown/test_helper.rb +33 -0
  25. data/test/lockdown/test_permission.rb +73 -0
  26. data/test/lockdown/test_resource.rb +47 -0
  27. data/test/lockdown/test_session.rb +31 -0
  28. data/test/lockdown/test_user_group.rb +17 -0
  29. data/test/test_lockdown.rb +11 -0
  30. metadata +41 -78
  31. data/lib/lockdown/context.rb +0 -41
  32. data/lib/lockdown/references.rb +0 -19
  33. data/lib/lockdown/rspec_helper.rb +0 -118
  34. data/lib/lockdown/rules.rb +0 -372
  35. data/lib/lockdown/system.rb +0 -58
  36. data/rails_generators/lockdown/lockdown_generator.rb +0 -274
  37. data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +0 -22
  38. data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +0 -39
  39. data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +0 -122
  40. data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +0 -117
  41. data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +0 -2
  42. data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +0 -2
  43. data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +0 -2
  44. data/rails_generators/lockdown/templates/app/models/permission.rb +0 -13
  45. data/rails_generators/lockdown/templates/app/models/profile.rb +0 -10
  46. data/rails_generators/lockdown/templates/app/models/user.rb +0 -95
  47. data/rails_generators/lockdown/templates/app/models/user_group.rb +0 -15
  48. data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +0 -16
  49. data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +0 -26
  50. data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +0 -12
  51. data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +0 -33
  52. data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +0 -20
  53. data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +0 -31
  54. data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +0 -29
  55. data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +0 -51
  56. data/rails_generators/lockdown/templates/app/views/users/index.html.erb +0 -22
  57. data/rails_generators/lockdown/templates/app/views/users/new.html.erb +0 -50
  58. data/rails_generators/lockdown/templates/app/views/users/show.html.erb +0 -33
  59. data/rails_generators/lockdown/templates/config/initializers/lockit.rb +0 -1
  60. data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +0 -17
  61. data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +0 -19
  62. data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +0 -26
  63. data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +0 -19
  64. data/rails_generators/lockdown/templates/db/migrate/create_users.rb +0 -17
  65. data/rails_generators/lockdown/templates/lib/lockdown/README +0 -42
  66. data/rails_generators/lockdown/templates/lib/lockdown/init.rb +0 -131
  67. data/spec/lockdown/context_spec.rb +0 -191
  68. data/spec/lockdown/database_spec.rb +0 -162
  69. data/spec/lockdown/frameworks/rails/controller_spec.rb +0 -215
  70. data/spec/lockdown/frameworks/rails/view_spec.rb +0 -96
  71. data/spec/lockdown/frameworks/rails_spec.rb +0 -163
  72. data/spec/lockdown/permission_spec.rb +0 -156
  73. data/spec/lockdown/rspec_helper_spec.rb +0 -40
  74. data/spec/lockdown/rules_spec.rb +0 -245
  75. data/spec/lockdown/session_spec.rb +0 -112
  76. data/spec/lockdown/system_spec.rb +0 -51
  77. data/spec/lockdown_spec.rb +0 -19
  78. data/spec/rcov.opts +0 -5
  79. data/spec/spec.opts +0 -3
  80. data/spec/spec_helper.rb +0 -8
@@ -1,96 +0,0 @@
1
- require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
2
-
3
- class TestAView
4
- def link_to
5
- "link_to"
6
- end
7
-
8
- def button_to
9
- "button_to"
10
- end
11
-
12
- include Lockdown::Frameworks::Rails::View
13
- end
14
-
15
- describe Lockdown::Frameworks::Rails::Controller do
16
-
17
- before do
18
- @view = TestAView.new
19
-
20
- @view.stub!(:url_for).and_return("posts/new")
21
-
22
- @options = {:controller => "posts", :action => "new"}
23
- end
24
-
25
- describe "#link_to_secured" do
26
- it "should return the link if authorized" do
27
- link = "<a href='http://a.com'>my_link</a>"
28
- @view.stub!(:authorized?).and_return(true)
29
- @view.stub!(:link_to_open).and_return(link)
30
-
31
- @view.link_to_secured("my link", @options).should == link
32
- end
33
-
34
- it "should return an empty string if authorized" do
35
- @view.stub!(:authorized?).and_return(false)
36
-
37
- @view.link_to_secured("my link", @options).should == ""
38
- end
39
-
40
- it 'should use the default "get" when html_options[:method] is nil' do
41
- link = "<a href='http://a.com'>my_link</a>"
42
-
43
- @view.should_receive(:authorized?).with('posts/new', :get)
44
-
45
- @view.link_to_secured("my link", @options, {})
46
- end
47
- end
48
-
49
- describe "#button_to_secured" do
50
- it "should return the link if authorized" do
51
- link = "<a href='http://a.com'>my_link</a>"
52
- @view.stub!(:authorized?).and_return(true)
53
- @view.stub!(:button_to_open).and_return(link)
54
-
55
- @view.button_to_secured("my link", @options).should == link
56
- end
57
-
58
- it "should return an empty string if authorized" do
59
- @view.stub!(:authorized?).and_return(false)
60
-
61
- @view.button_to_secured("my link", @options).should == ""
62
- end
63
- end
64
-
65
- describe "#link_to_or_show" do
66
- it "should return the name if link_to returned an empty string" do
67
- @view.stub!(:link_to).and_return('')
68
-
69
- @view.link_to_or_show("my_link", @options).
70
- should == "my_link"
71
- end
72
-
73
- it "should return the link if access is allowed" do
74
- link = "<a href='http://a.com'>my_link</a>"
75
- @view.stub!(:link_to).and_return(link)
76
-
77
- @view.link_to_or_show("my_link", @options).
78
- should == link
79
- end
80
- end
81
-
82
- describe "#link_to_or_show" do
83
- it "should return links separated by | " do
84
- Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
85
- links = ["link_one", "link_two"]
86
- @view.links(links).should == links.join(' | ')
87
- end
88
-
89
- it "should return links separated by | and handle empty strings" do
90
- Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
91
- links = ["link_one", "link_two", ""]
92
- @view.links(links).should == links.join(' | ')
93
- end
94
- end
95
- end
96
-
@@ -1,163 +0,0 @@
1
- require File.join(File.dirname(__FILE__), %w[.. .. spec_helper])
2
-
3
- describe Lockdown::Frameworks::Rails do
4
- before do
5
- @rails = Lockdown::Frameworks::Rails
6
-
7
- @rails.stub!(:use_me?).and_return(true)
8
-
9
- @lockdown = mock("lockdown")
10
- end
11
-
12
-
13
- describe "#included" do
14
- it "should extend lockdown with rails environment" do
15
- @lockdown.should_receive(:extend).
16
- with(Lockdown::Frameworks::Rails::Environment)
17
-
18
- @rails.should_receive(:mixin)
19
-
20
- @rails.included(@lockdown)
21
- end
22
- end
23
-
24
- describe "#mixin" do
25
- it "should perform class_eval on controller view and system to inject itself" do
26
-
27
- @view_helper = Mikey
28
- @view_helper.should_receive(:include).
29
- with( Lockdown::Frameworks::Rails::View )
30
-
31
- Lockdown.should_receive(:view_helper) do
32
- @view_helper
33
- end
34
-
35
- @system = Mikey
36
- @system.should_receive(:extend).
37
- with( Lockdown::Frameworks::Rails::System )
38
-
39
- Lockdown.should_receive(:system) do
40
- @system
41
- end
42
-
43
- @rails.should_receive(:mixin_controller)
44
-
45
- @rails.mixin
46
- end
47
-
48
- end
49
-
50
- describe "#mixin_controller" do
51
-
52
- it "should inject itself" do
53
- klass = Mikey
54
-
55
- klass.should_receive(:include).
56
- with(Lockdown::Session)
57
-
58
- klass.should_receive(:include).
59
- with(Lockdown::Frameworks::Rails::Controller::Lock)
60
-
61
- klass.should_receive(:helper_method).with(:authorized?)
62
-
63
- klass.should_receive(:hide_action).with(:set_current_user, :configure_lockdown, :check_request_authorization, :check_model_authorization)
64
-
65
- klass.should_receive(:before_filter).and_return do |c|
66
- #not working yet. very frustrating trying to test this
67
- end
68
-
69
- klass.should_receive(:filter_parameter_logging)
70
-
71
- klass.should_receive(:rescue_from)
72
-
73
- @rails.mixin_controller(klass)
74
- end
75
- end
76
-
77
- end
78
-
79
- RAILS_ROOT = "/shibby/dibby/do"
80
-
81
- module ActionController; class Base; end end
82
-
83
- class ApplicationController; end
84
-
85
- module ActionView; class Base; end end
86
-
87
- describe Lockdown::Frameworks::Rails::Environment do
88
-
89
- before do
90
- @env = class Test; extend Lockdown::Frameworks::Rails::Environment; end
91
- end
92
-
93
- describe "#project_root" do
94
- it "should return rails root" do
95
- @env.project_root.should == "/shibby/dibby/do"
96
- end
97
- end
98
-
99
- describe "#init_file" do
100
- it "should return path to init_file" do
101
- @env.stub!(:project_root).and_return("/shibby/dibby/do")
102
- @env.init_file.should == "/shibby/dibby/do/lib/lockdown/init.rb"
103
- end
104
- end
105
-
106
- describe "#controller_class_name" do
107
- it "should add Controller to name" do
108
- @env.controller_class_name("user").should == "UserController"
109
- end
110
-
111
- it "should convert two underscores to a namespaced controller" do
112
- @env.controller_class_name("admin__user").should == "Admin::UserController"
113
- end
114
- end
115
-
116
- describe "#controller_parent" do
117
- it "should return ActionController::Base if not caching classes" do
118
- @env.should_receive(:caching?).and_return(false)
119
- @env.controller_parent.should == ActionController::Base
120
- end
121
-
122
- it "should return ApplicationController if caching classes" do
123
- @env.should_receive(:caching?).and_return(true)
124
- @env.controller_parent.should == ApplicationController
125
- end
126
-
127
- end
128
-
129
- describe "#view_helper" do
130
- it "should return ActionView::Base" do
131
-
132
- @env.view_helper.should == ActionView::Base
133
- end
134
- end
135
- end
136
-
137
- describe Lockdown::Frameworks::Rails::System do
138
- class Test
139
- extend Lockdown::Frameworks::Rails::System
140
- end
141
-
142
- before do
143
- @env = Test
144
- end
145
-
146
- describe "#skip_sync?" do
147
- it "should return true if env == skip sync" do
148
- Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test'])
149
- @env.should_receive(:framework_environment).and_return("test")
150
-
151
- @env.skip_sync?.should == true
152
- end
153
-
154
- it "should return false if env not in skip_sync" do
155
- Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test', 'ci'])
156
- @env.should_receive(:framework_environment).and_return("qa")
157
-
158
- @env.skip_sync?.should == false
159
- end
160
-
161
- end
162
-
163
- end
@@ -1,156 +0,0 @@
1
- require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
-
3
- describe Lockdown::Permission do
4
- before do
5
-
6
- @permission = Lockdown::Permission.new(:user_management)
7
- @permission.stub!(:paths_for).and_return([])
8
- end
9
-
10
- describe "#with_controller" do
11
- before do
12
- @permission.with_controller(:users)
13
- end
14
-
15
- it "should set current_context to ControllerContext" do
16
- @permission.current_context.class.should equal(Lockdown::ControllerContext)
17
- end
18
- end
19
-
20
- describe "#only_methods" do
21
- before do
22
- @permission.with_controller(:users).only_methods(:show, :edit)
23
- end
24
-
25
- it "should set current_context to RootContext" do
26
- @permission.current_context.class.should equal(Lockdown::RootContext)
27
- end
28
- end
29
-
30
- describe "#except_methods" do
31
- before do
32
- @permission.with_controller(:users).except_methods(:destroy)
33
- end
34
-
35
- it "should set current_context to RootContext" do
36
- @permission.current_context.class.should equal(Lockdown::RootContext)
37
- end
38
- end
39
-
40
- describe "#to_model" do
41
- before do
42
- @permission.to_model(:user)
43
- end
44
-
45
- it "should set current_context to ModelContext" do
46
- @permission.current_context.class.should equal(Lockdown::ModelContext)
47
- end
48
- end
49
-
50
- describe "#where" do
51
- before do
52
- @permission.to_model(:user).where(:current_user_id)
53
- end
54
-
55
- it "should set current_context to ModelWhereContext" do
56
- @permission.current_context.class.should equal(Lockdown::ModelWhereContext)
57
- end
58
- end
59
-
60
- describe "#equals" do
61
- before do
62
- @permission.to_model(:user).where(:current_user_id).equals(:id)
63
- end
64
-
65
- it "should set current_context to RootContext" do
66
- @permission.current_context.class.should equal(Lockdown::RootContext)
67
- end
68
- end
69
-
70
- describe "#is_in" do
71
- before do
72
- @permission.to_model(:user).where(:current_user_id).is_in(:manager_ids)
73
- end
74
-
75
- it "should set current_context to RootContext" do
76
- @permission.current_context.class.should equal(Lockdown::RootContext)
77
- end
78
- end
79
-
80
- describe "#set_as_public_access" do
81
- it "should raise an PermissionScopeCollision if already protected" do
82
- @permission.set_as_protected_access
83
- lambda{@permission.set_as_public_access}.
84
- should raise_error(Lockdown::PermissionScopeCollision)
85
- end
86
- end
87
-
88
-
89
- describe "#set_as_protected_access" do
90
- it "should raise an PermissionScopeCollision if already public" do
91
- @permission.set_as_public_access
92
- lambda{@permission.set_as_protected_access}.
93
- should raise_error(Lockdown::PermissionScopeCollision)
94
- end
95
- end
96
-
97
- describe "while in RootContext" do
98
- before do
99
- @permission.with_controller(:users).only_methods(:show, :edit)
100
- end
101
-
102
- it "should raise InvalidRuleContext trying to access methods out of context" do
103
- methods = [:only_methods, :except_methods, :where, :equals, :is_in, :includes]
104
-
105
- methods.each do |method|
106
- lambda{@permission.send(method, :sample_param)}.
107
- should raise_error(Lockdown::InvalidRuleContext)
108
- end
109
- end
110
- end
111
-
112
- describe "while in ControllerContext" do
113
- before do
114
- @permission.with_controller(:users)
115
- end
116
-
117
- it "should raise InvalidRuleContext trying to access methods out of context" do
118
- methods = [:where, :equals, :is_in, :includes]
119
-
120
- methods.each do |method|
121
- lambda{@permission.send(method, :sample_param)}.
122
- should raise_error(Lockdown::InvalidRuleContext)
123
- end
124
- end
125
- end
126
-
127
- describe "while in ModelContext" do
128
- before do
129
- @permission.to_model(:user)
130
- end
131
-
132
- it "should raise InvalidRuleContext trying to access methods out of context" do
133
- methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :equals, :is_in, :includes]
134
-
135
- methods.each do |method|
136
- lambda{@permission.send(method, :sample_param)}.
137
- should raise_error(Lockdown::InvalidRuleContext)
138
- end
139
- end
140
- end
141
-
142
- describe "while in ModelWhereContext" do
143
- before do
144
- @permission.to_model(:user).where(:current_user_id)
145
- end
146
-
147
- it "should raise InvalidRuleContext trying to access methods out of context" do
148
- methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :where]
149
-
150
- methods.each do |method|
151
- lambda{@permission.send(method, :sample_param)}.
152
- should raise_error(Lockdown::InvalidRuleContext)
153
- end
154
- end
155
- end
156
- end
@@ -1,40 +0,0 @@
1
- require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
-
3
- require 'lockdown/rspec_helper'
4
-
5
- class TestAController
6
- extend Lockdown::Frameworks::Rails::Controller
7
- include Lockdown::Frameworks::Rails::Controller::Lock
8
- end
9
-
10
- class RspecEnv
11
- end
12
-
13
- describe Lockdown::RspecHelper do
14
- before do
15
- @controller = TestAController.new
16
- @controller.stub!(:session).and_return({})
17
-
18
- usr = mock :user,
19
- :first_name => 'John',
20
- :last_name => 'Smith',
21
- :password => 'mysecret',
22
- :password_confirmation => 'mysecret'
23
-
24
- usr_group = mock :usr_group
25
-
26
- Lockdown.should_receive(:maybe_parse_init)
27
- RspecEnv.send :include, Lockdown::RspecHelper
28
- @rspec_env = RspecEnv.new
29
- @rspec_env.stub!(:controller).and_return(@controller)
30
- @rspec_env.stub!(:mock_user).and_return(usr)
31
- @rspec_env.stub!(:mock_user_group).and_return(usr_group)
32
- end
33
-
34
- describe "#login_admin" do
35
- it "should set access_rights to :all" do
36
- @rspec_env.login_admin
37
- @rspec_env.controller.session[:access_rights].should == :all
38
- end
39
- end
40
- end
@@ -1,245 +0,0 @@
1
- require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
-
3
- class TestSystem; extend Lockdown::Rules; end
4
-
5
- describe Lockdown::Rules do
6
- before do
7
- @rules = TestSystem
8
- @rules.set_defaults
9
- end
10
-
11
- describe "#set_permission" do
12
- it "should create and return a Permission object" do
13
- @rules.set_permission(:user_management).
14
- should == Lockdown::Permission.new(:user_management)
15
- end
16
- end
17
-
18
- describe "#set_public_access" do
19
- it "should define the permission as public" do
20
- @rules.set_permission(:home_page)
21
- @rules.set_public_access(:home_page)
22
- perm = @rules.permission_objects.find{|name, object| name == :home_page}
23
- perm[1].public_access?.should be_true
24
- end
25
-
26
- it "should raise and InvalidRuleAssignment if permission does not exist" do
27
- msg = "Permission not found: toy_management"
28
-
29
- @rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
30
-
31
- @rules.set_public_access(:toy_management)
32
- end
33
- end
34
-
35
- describe "#public_access?" do
36
- it "should return true when permission is public" do
37
- @rules.set_permission(:home_page)
38
- @rules.set_public_access(:home_page)
39
- @rules.public_access?(:home_page).should == true
40
- end
41
-
42
- it "should return false when permission is not public" do
43
- @rules.set_permission(:home_page)
44
- @rules.set_protected_access(:home_page)
45
- @rules.public_access?(:home_page).should == false
46
- end
47
- end
48
-
49
- describe "#set_protected_access" do
50
- it "should define the permission as protected" do
51
- @rules.set_permission(:user_management)
52
- @rules.set_protected_access(:user_management)
53
- perm = @rules.permission_objects.find{|name, object| name == :user_management}
54
- perm[1].protected_access?.should be_true
55
- end
56
-
57
- it "should raise and InvalidRuleAssignment if permission does not exist" do
58
- msg = "Permission not found: user_management"
59
-
60
- @rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
61
-
62
- @rules.set_protected_access(:user_management)
63
- end
64
- end
65
-
66
- describe "#protected_access?" do
67
- it "should return true when permission is protected" do
68
- @rules.set_permission(:home_page)
69
- @rules.set_protected_access(:home_page)
70
- @rules.protected_access?(:home_page).should == true
71
- end
72
-
73
- it "should return false when permission is not protected" do
74
- @rules.set_permission(:home_page)
75
- @rules.set_public_access(:home_page)
76
- @rules.protected_access?(:home_page).should == false
77
- end
78
- end
79
-
80
- describe "#get_permissions" do
81
- it "should return array of permission names as symbols" do
82
- Lockdown.should_receive(:add_controller_method)
83
-
84
- @rules.set_permission(:home_page)
85
- @rules.set_permission(:user_management)
86
- @rules.process_rules
87
- @rules.get_permissions.should include(:home_page)
88
- @rules.get_permissions.should include(:user_management)
89
- end
90
- end
91
-
92
- describe "#permission_exists?" do
93
- it "should return true if permission exists" do
94
- Lockdown.should_receive(:add_controller_method)
95
-
96
- @rules.set_permission(:home_page)
97
- @rules.process_rules
98
- @rules.permission_exists?(:home_page).should be_true
99
- end
100
-
101
- it "should return false if permission does not exist" do
102
- @rules.permission_exists?(:home_page).should be_false
103
- end
104
- end
105
-
106
- describe "#permission_assigned_automatically?" do
107
- it "should return true when permission is public" do
108
- @rules.set_permission(:home_page)
109
- @rules.set_public_access(:home_page)
110
- @rules.permission_assigned_automatically?(:home_page).should == true
111
- end
112
-
113
- it "should return true when permission is protected" do
114
- @rules.set_permission(:home_page)
115
- @rules.set_protected_access(:home_page)
116
- @rules.permission_assigned_automatically?(:home_page).should == true
117
- end
118
-
119
- it "should return false when permission is not public" do
120
- @rules.set_permission(:home_page)
121
- @rules.permission_assigned_automatically?(:home_page).should == false
122
- end
123
- end
124
-
125
- describe "#get_user_groups" do
126
- it "should return array of user group names as symbols" do
127
- @rules.set_permission(:user_management)
128
- @rules.set_user_group(:security_management, :user_management)
129
- @rules.get_user_groups.should == [:security_management]
130
- end
131
- end
132
-
133
- describe "#user_group_exists?" do
134
- it "should return true if user_group exists" do
135
- @rules.set_user_group(:user_management, :some_perm)
136
- @rules.user_group_exists?(:user_management).should be_true
137
- end
138
-
139
- it "should return false if user_group does not exist" do
140
- @rules.user_group_exists?(:user_management).should be_false
141
- end
142
- end
143
-
144
- describe "#make_user_administrator" do
145
- it "should add admin to user groups" do
146
- ugc = mock('user_group_class',:find_or_create_by_name => :admin)
147
- Lockdown.should_receive(:user_group_class).and_return(ugc)
148
-
149
- usr = mock('user', :user_groups => [])
150
-
151
- @rules.make_user_administrator(usr).should include(:admin)
152
- end
153
- end
154
-
155
- describe "#access_rights_for_user" do
156
- it "should array of rights for user who is not an admin" do
157
- @rules.should_receive(:administrator?).and_return(false)
158
-
159
- @rules.set_permission(:register_account).
160
- with_controller(:users).
161
- only_methods(:new, :create)
162
-
163
- @rules.set_public_access(:register_account)
164
-
165
- perm = @rules.set_permission(:perm_one).
166
- with_controller("a_controller").
167
- only_methods("show","edit","update")
168
-
169
- ug = @rules.set_user_group(:ug_one, :perm_one)
170
-
171
- @rules.should_receive(:set_model_access)
172
- @rules.process_rules
173
-
174
- usr = mock('user', :user_groups => [:ug_one])
175
-
176
- @rules.access_rights_for_user(usr).
177
- should == ["users/new", "users/create", "a_controller/show", "a_controller/edit", "a_controller/update"]
178
- end
179
- end
180
-
181
- describe "#access_rights_for_user_group" do
182
- it "should return array of rights for user_group" do
183
- perm = @rules.set_permission(:perm_one).
184
- with_controller("a_controller").
185
- only_methods("show","edit","update")
186
-
187
- ug = @rules.set_user_group(:ug_one, :perm_one)
188
-
189
- @rules.should_receive(:set_model_access)
190
- @rules.process_rules
191
-
192
- @rules.access_rights_for_user_group(:ug_one).
193
- should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
194
- end
195
- end
196
-
197
- describe "#access_rights_for_permission" do
198
- it "should return array of rights for permission" do
199
-
200
- perm = @rules.set_permission(:perm_one).
201
- with_controller("a_controller").
202
- only_methods("show","edit","update")
203
-
204
- @rules.should_receive(:set_model_access)
205
- @rules.process_rules
206
-
207
- @rules.access_rights_for_permission(perm).
208
- should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
209
- end
210
- end
211
-
212
- describe "#standard_authorized_user_rights" do
213
- it "should receive public_access + protected_access" do
214
- @rules.set_permission(:register_account).
215
- with_controller(:users).
216
- only_methods(:new, :create)
217
-
218
- @rules.set_permission(:my_profile).
219
- with_controller(:users).
220
- only_methods(:show, :edit, :update)
221
-
222
-
223
- @rules.set_public_access(:register_account)
224
- @rules.set_protected_access(:my_profile)
225
-
226
- @rules.should_receive(:set_model_access)
227
- @rules.process_rules
228
-
229
- @rules.standard_authorized_user_rights.
230
- should == ["users/new", "users/create", "users/show", "users/edit", "users/update"]
231
- end
232
- end
233
-
234
- describe "#process_rules" do
235
- it "should validate user_group permissions" do
236
- Lockdown.should_receive(:add_controller_method)
237
-
238
- @rules.set_user_group(:test_group, :a_perm)
239
- error = "User Group: test_group, permission not found: a_perm"
240
-
241
- lambda{@rules.process_rules}.
242
- should raise_error(Lockdown::InvalidRuleAssignment, error)
243
- end
244
- end
245
- end