lockdown 1.2.2 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/lockdown/frameworks/rails.rb +1 -1
- data/lib/lockdown/permission.rb +6 -4
- data/lib/lockdown/rspec_helper.rb +100 -0
- data/lib/lockdown/rules.rb +27 -20
- data/lib/lockdown.rb +10 -8
- data/spec/lockdown/context_spec.rb +191 -0
- data/spec/lockdown/rspec_helper_spec.rb +39 -0
- data/spec/lockdown/rules_spec.rb +48 -1
- data/spec/lockdown/session_spec.rb +22 -0
- metadata +5 -2
|
@@ -34,7 +34,7 @@ module Lockdown
|
|
|
34
34
|
|
|
35
35
|
klass.helper_method :authorized?
|
|
36
36
|
|
|
37
|
-
klass.hide_action(:set_current_user, :configure_lockdown, :check_request_authorization)
|
|
37
|
+
klass.hide_action(:set_current_user, :configure_lockdown, :check_request_authorization, :check_model_authorization)
|
|
38
38
|
|
|
39
39
|
klass.before_filter do |c|
|
|
40
40
|
c.set_current_user
|
data/lib/lockdown/permission.rb
CHANGED
|
@@ -98,10 +98,12 @@ module Lockdown
|
|
|
98
98
|
# equals(:id)
|
|
99
99
|
#
|
|
100
100
|
def initialize(name_symbol)
|
|
101
|
-
@name
|
|
102
|
-
@controllers
|
|
103
|
-
@models
|
|
104
|
-
@current_context
|
|
101
|
+
@name = name_symbol
|
|
102
|
+
@controllers = {}
|
|
103
|
+
@models = {}
|
|
104
|
+
@current_context = Lockdown::RootContext.new(name_symbol)
|
|
105
|
+
@public_access = false
|
|
106
|
+
@protected_access = false
|
|
105
107
|
end
|
|
106
108
|
|
|
107
109
|
def with_controller(name_symbol)
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
module Lockdown
|
|
2
|
+
module RspecHelper
|
|
3
|
+
def login_admin
|
|
4
|
+
login_user(:admin)
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def login_with_groups(*user_group_symbols)
|
|
8
|
+
access_rights = Lockdown::System.standard_authorized_user_rights
|
|
9
|
+
user_group_symbols.each do |ugs|
|
|
10
|
+
access_rights << Lockdown::System.access_rights_for_user_group(ugs)
|
|
11
|
+
end
|
|
12
|
+
controller.session[:access_rights] = access_rights.flatten
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
alias login_with_group login_with_groups
|
|
16
|
+
|
|
17
|
+
def login_standard
|
|
18
|
+
login_user
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def public_user
|
|
22
|
+
setup_public_user
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
|
|
26
|
+
private
|
|
27
|
+
|
|
28
|
+
def login_user(user_type = :standard)
|
|
29
|
+
initialize_user(user_type)
|
|
30
|
+
|
|
31
|
+
create_user_session
|
|
32
|
+
|
|
33
|
+
controller.stub!(:current_user).and_return(@current_user)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def setup_public_user
|
|
37
|
+
controller.session[:access_rights] = Lockdown::System.public_access
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def all_actions(hash = {})
|
|
41
|
+
methods = controller.send :action_methods
|
|
42
|
+
|
|
43
|
+
if excepts = hash.delete(:except)
|
|
44
|
+
methods.reject!{|m| excepts.include?(m.to_sym)}
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
Lockdown::System.paths_for(controller.controller_name,methods.to_a).sort
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def only_actions(*actions)
|
|
51
|
+
Lockdown::System.paths_for(controller.controller_name,actions).sort
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def allowed_actions
|
|
55
|
+
if rights = controller.session[:access_rights]
|
|
56
|
+
if rights == :all
|
|
57
|
+
all_actions
|
|
58
|
+
else
|
|
59
|
+
name = controller.controller_name
|
|
60
|
+
rights.collect{|r| r if r =~ /^#{name}\// || r == name}.compact.sort
|
|
61
|
+
end
|
|
62
|
+
else
|
|
63
|
+
[]
|
|
64
|
+
end
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
def initialize_user(user_type)
|
|
68
|
+
@current_user = mock_user
|
|
69
|
+
|
|
70
|
+
if user_type == :admin
|
|
71
|
+
set_user_group(Lockdown.administrator_group_symbol)
|
|
72
|
+
end
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
# You may want to override this method
|
|
76
|
+
def mock_user
|
|
77
|
+
mock :user,
|
|
78
|
+
:first_name => 'John',
|
|
79
|
+
:last_name => 'Smith',
|
|
80
|
+
:password => "mysecret",
|
|
81
|
+
:password_confirmation => "mysecret"
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
def create_user_session
|
|
85
|
+
controller.send :add_lockdown_session_values, @current_user
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
# Lockdown.convert_reference_name converts :users to "Users"
|
|
89
|
+
def set_user_group(sym)
|
|
90
|
+
user_group = mock_user_group
|
|
91
|
+
user_group.stub!(:name).and_return( Lockdown.convert_reference_name(sym) )
|
|
92
|
+
@current_user.stub!(Lockdown.user_groups_hbtm_reference).and_return([user_group])
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
# You may want to override this method
|
|
96
|
+
def mock_user_group
|
|
97
|
+
mock_model(UserGroup)
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
end
|
data/lib/lockdown/rules.rb
CHANGED
|
@@ -30,19 +30,10 @@ module Lockdown
|
|
|
30
30
|
:successful_login_path => "/",
|
|
31
31
|
:subdirectory => nil,
|
|
32
32
|
:skip_db_sync_in => ["test"],
|
|
33
|
-
:link_separator => ' | '
|
|
33
|
+
:link_separator => ' | ',
|
|
34
|
+
:user_group_model => "UserGroup",
|
|
35
|
+
:user_model => "User"
|
|
34
36
|
}
|
|
35
|
-
|
|
36
|
-
begin
|
|
37
|
-
@options[:user_group_model] = "UserGroup"
|
|
38
|
-
rescue NameError
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
begin
|
|
42
|
-
@options[:user_model] = "User"
|
|
43
|
-
rescue NameError
|
|
44
|
-
end
|
|
45
|
-
|
|
46
37
|
end
|
|
47
38
|
|
|
48
39
|
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
@@ -62,9 +53,9 @@ module Lockdown
|
|
|
62
53
|
#
|
|
63
54
|
def set_public_access(*perms)
|
|
64
55
|
perms.each do |perm_symbol|
|
|
65
|
-
perm =
|
|
56
|
+
perm = find_permission_object(perm_symbol)
|
|
66
57
|
if perm
|
|
67
|
-
perm
|
|
58
|
+
perm.set_as_public_access
|
|
68
59
|
else
|
|
69
60
|
msg = "Permission not found: #{perm_symbol}"
|
|
70
61
|
raise InvalidRuleAssigment, msg
|
|
@@ -79,9 +70,9 @@ module Lockdown
|
|
|
79
70
|
#
|
|
80
71
|
def set_protected_access(*perms)
|
|
81
72
|
perms.each do |perm_symbol|
|
|
82
|
-
perm =
|
|
73
|
+
perm = find_permission_object(perm_symbol)
|
|
83
74
|
if perm
|
|
84
|
-
perm
|
|
75
|
+
perm.set_as_protected_access
|
|
85
76
|
else
|
|
86
77
|
msg = "Permission not found: #{perm_symbol}"
|
|
87
78
|
raise InvalidRuleAssigment, msg
|
|
@@ -118,13 +109,15 @@ module Lockdown
|
|
|
118
109
|
alias_method :has_permission?, :permission_exists?
|
|
119
110
|
|
|
120
111
|
# returns true if the permission is public
|
|
121
|
-
def public_access?(
|
|
122
|
-
|
|
112
|
+
def public_access?(perm_symbol)
|
|
113
|
+
obj = find_permission_object(perm_symbol)
|
|
114
|
+
obj.nil? ? false : obj.public_access?
|
|
123
115
|
end
|
|
124
116
|
|
|
125
117
|
# returns true if the permission is public
|
|
126
|
-
def protected_access?(
|
|
127
|
-
|
|
118
|
+
def protected_access?(perm_symbol)
|
|
119
|
+
obj = find_permission_object(perm_symbol)
|
|
120
|
+
obj.nil? ? false : obj.protected_access?
|
|
128
121
|
end
|
|
129
122
|
|
|
130
123
|
# These permissions are assigned by the system
|
|
@@ -180,6 +173,15 @@ module Lockdown
|
|
|
180
173
|
rights
|
|
181
174
|
end
|
|
182
175
|
|
|
176
|
+
# Return array of controller/action for a user group
|
|
177
|
+
def access_rights_for_user_group(user_group_sym)
|
|
178
|
+
res = []
|
|
179
|
+
permissions_for_user_group(user_group_sym).each do |perm|
|
|
180
|
+
res << access_rights_for_permission(perm)
|
|
181
|
+
end
|
|
182
|
+
res.flatten
|
|
183
|
+
end
|
|
184
|
+
|
|
183
185
|
# Return array of controller/action for a permission
|
|
184
186
|
def access_rights_for_permission(perm)
|
|
185
187
|
sym = Lockdown.get_symbol(perm)
|
|
@@ -278,6 +280,11 @@ module Lockdown
|
|
|
278
280
|
|
|
279
281
|
private
|
|
280
282
|
|
|
283
|
+
def find_permission_object(perm_symbol)
|
|
284
|
+
obj = permission_objects.find{|name, pobj| pobj.name == perm_symbol}
|
|
285
|
+
obj[1] if obj
|
|
286
|
+
end
|
|
287
|
+
|
|
281
288
|
def validate_user_groups
|
|
282
289
|
user_groups.each do |user_group, perms|
|
|
283
290
|
perms.each do |perm|
|
data/lib/lockdown.rb
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
|
-
|
|
1
|
+
$:.unshift File.dirname(__FILE__)
|
|
2
|
+
|
|
3
|
+
require File.join("lockdown", "helper")
|
|
2
4
|
|
|
3
5
|
module Lockdown
|
|
4
6
|
extend Lockdown::Helper
|
|
5
7
|
|
|
6
|
-
VERSION = '1.
|
|
8
|
+
VERSION = '1.3.0'
|
|
7
9
|
|
|
8
10
|
# Returns the version string for the library.
|
|
9
11
|
def self.version
|
|
@@ -57,12 +59,12 @@ module Lockdown
|
|
|
57
59
|
end # mixin_resource?
|
|
58
60
|
end # Lockdown
|
|
59
61
|
|
|
60
|
-
require File.join(
|
|
61
|
-
require File.join(
|
|
62
|
-
require File.join(
|
|
63
|
-
require File.join(
|
|
64
|
-
require File.join(
|
|
65
|
-
require File.join(
|
|
62
|
+
require File.join("lockdown", "session")
|
|
63
|
+
require File.join("lockdown", "context")
|
|
64
|
+
require File.join("lockdown", "permission")
|
|
65
|
+
require File.join("lockdown", "database")
|
|
66
|
+
require File.join("lockdown", "rules")
|
|
67
|
+
require File.join("lockdown", "system")
|
|
66
68
|
|
|
67
69
|
puts "=> Mixing in Lockdown version: #{Lockdown.version} \n"
|
|
68
70
|
|
|
@@ -0,0 +1,191 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
|
2
|
+
|
|
3
|
+
describe Lockdown::Context do
|
|
4
|
+
before do
|
|
5
|
+
@name = :my_account
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
describe Lockdown::RootContext do
|
|
9
|
+
before do
|
|
10
|
+
@c = Lockdown::RootContext.new(@name)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it "should return rootcontext" do
|
|
14
|
+
@c.to_s.should == "Lockdown::RootContext"
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
it "should allow with_controller" do
|
|
18
|
+
@c.allows?('with_controller').should == true
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
it "should allow and_controller" do
|
|
22
|
+
@c.allows?('and_controller').should == true
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
it "should allow to_model" do
|
|
26
|
+
@c.allows?('to_model').should == true
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
it "should not allow only_methods" do
|
|
30
|
+
@c.allows?('only_methods').should == false
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
it "should not allow except_methods" do
|
|
34
|
+
@c.allows?('except_methods').should == false
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
it "should not allow where" do
|
|
38
|
+
@c.allows?('where').should == false
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
it "should not allow is_in" do
|
|
42
|
+
@c.allows?('is_in').should == false
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
it "should not allow includes" do
|
|
46
|
+
@c.allows?('includes').should == false
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
it "should not allow equals" do
|
|
50
|
+
@c.allows?('equals').should == false
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
describe Lockdown::ControllerContext do
|
|
55
|
+
before do
|
|
56
|
+
@c = Lockdown::ControllerContext.new(@name)
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
it "should return rootcontext" do
|
|
60
|
+
@c.to_s.should == "Lockdown::ControllerContext"
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
it "should allow with_controller" do
|
|
64
|
+
@c.allows?('with_controller').should == true
|
|
65
|
+
end
|
|
66
|
+
|
|
67
|
+
it "should allow and_controller" do
|
|
68
|
+
@c.allows?('and_controller').should == true
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
it "should allow to_model" do
|
|
72
|
+
@c.allows?('to_model').should == true
|
|
73
|
+
end
|
|
74
|
+
|
|
75
|
+
it "should allow only_methods" do
|
|
76
|
+
@c.allows?('only_methods').should == true
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
it "should allow except_methods" do
|
|
80
|
+
@c.allows?('except_methods').should == true
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
it "should not allow where" do
|
|
84
|
+
@c.allows?('where').should == false
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
it "should not allow is_in" do
|
|
88
|
+
@c.allows?('is_in').should == false
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
it "should not allow includes" do
|
|
92
|
+
@c.allows?('includes').should == false
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
it "should not allow equals" do
|
|
96
|
+
@c.allows?('equals').should == false
|
|
97
|
+
end
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
describe Lockdown::ModelContext do
|
|
101
|
+
before do
|
|
102
|
+
@c = Lockdown::ModelContext.new(@name)
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
it "should return rootcontext" do
|
|
106
|
+
@c.to_s.should == "Lockdown::ModelContext"
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
it "should not allow with_controller" do
|
|
110
|
+
@c.allows?('with_controller').should == false
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
it "should not allow and_controller" do
|
|
114
|
+
@c.allows?('and_controller').should == false
|
|
115
|
+
end
|
|
116
|
+
|
|
117
|
+
it "should not allow to_model" do
|
|
118
|
+
@c.allows?('to_model').should == false
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
it "should not allow only_methods" do
|
|
122
|
+
@c.allows?('only_methods').should == false
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
it "should not allow except_methods" do
|
|
126
|
+
@c.allows?('except_methods').should == false
|
|
127
|
+
end
|
|
128
|
+
|
|
129
|
+
it "should allow where" do
|
|
130
|
+
@c.allows?('where').should == true
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
it "should not allow is_in" do
|
|
134
|
+
@c.allows?('is_in').should == false
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
it "should not allow includes" do
|
|
138
|
+
@c.allows?('includes').should == false
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
it "should not allow equals" do
|
|
142
|
+
@c.allows?('equals').should == false
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
|
|
146
|
+
describe Lockdown::ModelWhereContext do
|
|
147
|
+
before do
|
|
148
|
+
@c = Lockdown::ModelWhereContext.new(@name)
|
|
149
|
+
end
|
|
150
|
+
|
|
151
|
+
it "should return rootcontext" do
|
|
152
|
+
@c.to_s.should == "Lockdown::ModelWhereContext"
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
it "should not allow with_controller" do
|
|
156
|
+
@c.allows?('with_controller').should == false
|
|
157
|
+
end
|
|
158
|
+
|
|
159
|
+
it "should not allow and_controller" do
|
|
160
|
+
@c.allows?('and_controller').should == false
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
it "should not allow to_model" do
|
|
164
|
+
@c.allows?('to_model').should == false
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
it "should not allow only_methods" do
|
|
168
|
+
@c.allows?('only_methods').should == false
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
it "should not allow except_methods" do
|
|
172
|
+
@c.allows?('except_methods').should == false
|
|
173
|
+
end
|
|
174
|
+
|
|
175
|
+
it "should not allow where" do
|
|
176
|
+
@c.allows?('where').should == false
|
|
177
|
+
end
|
|
178
|
+
|
|
179
|
+
it "should allow is_in" do
|
|
180
|
+
@c.allows?('is_in').should == true
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
it "should allow includes" do
|
|
184
|
+
@c.allows?('includes').should == true
|
|
185
|
+
end
|
|
186
|
+
|
|
187
|
+
it "should allow equals" do
|
|
188
|
+
@c.allows?('equals').should == true
|
|
189
|
+
end
|
|
190
|
+
end
|
|
191
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
|
2
|
+
|
|
3
|
+
require 'lockdown/rspec_helper'
|
|
4
|
+
|
|
5
|
+
class TestAController
|
|
6
|
+
extend Lockdown::Frameworks::Rails::Controller
|
|
7
|
+
include Lockdown::Frameworks::Rails::Controller::Lock
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
class RspecEnv
|
|
11
|
+
include Lockdown::RspecHelper
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
describe Lockdown::RspecHelper do
|
|
15
|
+
before do
|
|
16
|
+
@controller = TestAController.new
|
|
17
|
+
@controller.stub!(:session).and_return({})
|
|
18
|
+
|
|
19
|
+
usr = mock :user,
|
|
20
|
+
:first_name => 'John',
|
|
21
|
+
:last_name => 'Smith',
|
|
22
|
+
:password => 'mysecret',
|
|
23
|
+
:password_confirmation => 'mysecret'
|
|
24
|
+
|
|
25
|
+
usr_group = mock :usr_group
|
|
26
|
+
|
|
27
|
+
@rspec_env = RspecEnv.new
|
|
28
|
+
@rspec_env.stub!(:controller).and_return(@controller)
|
|
29
|
+
@rspec_env.stub!(:mock_user).and_return(usr)
|
|
30
|
+
@rspec_env.stub!(:mock_user_group).and_return(usr_group)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
describe "#login_admin" do
|
|
34
|
+
it "should set access_rights to :all" do
|
|
35
|
+
@rspec_env.login_admin
|
|
36
|
+
@rspec_env.controller.session[:access_rights].should == :all
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
data/spec/lockdown/rules_spec.rb
CHANGED
|
@@ -32,11 +32,25 @@ describe Lockdown::Rules do
|
|
|
32
32
|
|
|
33
33
|
it "should raise and InvalidRuleAssignment if permission does not exist" do
|
|
34
34
|
msg = "Permission not found: user_management"
|
|
35
|
-
lambda{@rules.set_public_access(:
|
|
35
|
+
lambda{@rules.set_public_access(:toy_management)}.should
|
|
36
36
|
raise_error(Lockdown::InvalidRuleAssignment, msg)
|
|
37
37
|
end
|
|
38
38
|
end
|
|
39
39
|
|
|
40
|
+
describe "#public_access?" do
|
|
41
|
+
it "should return true when permission is public" do
|
|
42
|
+
@rules.set_permission(:home_page)
|
|
43
|
+
@rules.set_public_access(:home_page)
|
|
44
|
+
@rules.public_access?(:home_page).should == true
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
it "should return false when permission is not public" do
|
|
48
|
+
@rules.set_permission(:home_page)
|
|
49
|
+
@rules.set_protected_access(:home_page)
|
|
50
|
+
@rules.public_access?(:home_page).should == false
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
40
54
|
describe "#set_protected_access" do
|
|
41
55
|
it "should define the permission as protected" do
|
|
42
56
|
@rules.set_permission(:user_management)
|
|
@@ -52,6 +66,20 @@ describe Lockdown::Rules do
|
|
|
52
66
|
end
|
|
53
67
|
end
|
|
54
68
|
|
|
69
|
+
describe "#protected_access?" do
|
|
70
|
+
it "should return true when permission is protected" do
|
|
71
|
+
@rules.set_permission(:home_page)
|
|
72
|
+
@rules.set_protected_access(:home_page)
|
|
73
|
+
@rules.protected_access?(:home_page).should == true
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
it "should return false when permission is not protected" do
|
|
77
|
+
@rules.set_permission(:home_page)
|
|
78
|
+
@rules.set_public_access(:home_page)
|
|
79
|
+
@rules.protected_access?(:home_page).should == false
|
|
80
|
+
end
|
|
81
|
+
end
|
|
82
|
+
|
|
55
83
|
describe "#get_permissions" do
|
|
56
84
|
it "should return array of permission names as symbols" do
|
|
57
85
|
Lockdown.should_receive(:add_controller_method)
|
|
@@ -78,6 +106,25 @@ describe Lockdown::Rules do
|
|
|
78
106
|
end
|
|
79
107
|
end
|
|
80
108
|
|
|
109
|
+
describe "#permission_assigned_automatically?" do
|
|
110
|
+
it "should return true when permission is public" do
|
|
111
|
+
@rules.set_permission(:home_page)
|
|
112
|
+
@rules.set_public_access(:home_page)
|
|
113
|
+
@rules.permission_assigned_automatically?(:home_page).should == true
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
it "should return true when permission is protected" do
|
|
117
|
+
@rules.set_permission(:home_page)
|
|
118
|
+
@rules.set_protected_access(:home_page)
|
|
119
|
+
@rules.permission_assigned_automatically?(:home_page).should == true
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
it "should return false when permission is not public" do
|
|
123
|
+
@rules.set_permission(:home_page)
|
|
124
|
+
@rules.permission_assigned_automatically?(:home_page).should == false
|
|
125
|
+
end
|
|
126
|
+
end
|
|
127
|
+
|
|
81
128
|
describe "#get_user_groups" do
|
|
82
129
|
it "should return array of user group names as symbols" do
|
|
83
130
|
@rules.set_permission(:user_management)
|
|
@@ -14,6 +14,19 @@ describe Lockdown::Session do
|
|
|
14
14
|
|
|
15
15
|
@controller.stub!(:session).and_return(@session)
|
|
16
16
|
end
|
|
17
|
+
|
|
18
|
+
describe "#logged_in?" do
|
|
19
|
+
it "should return false withou current_user_id" do
|
|
20
|
+
@controller.send(:logged_in?).should == false
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
describe "#current_user_id" do
|
|
25
|
+
it "should return false withou current_user_id" do
|
|
26
|
+
@session[:current_user_id] = 2
|
|
27
|
+
@controller.send(:current_user_id).should == 2
|
|
28
|
+
end
|
|
29
|
+
end
|
|
17
30
|
|
|
18
31
|
describe "#nil_lockdown_values" do
|
|
19
32
|
it "should nil access_rights" do
|
|
@@ -86,5 +99,14 @@ describe Lockdown::Session do
|
|
|
86
99
|
end
|
|
87
100
|
|
|
88
101
|
describe "#session_access_rights_include?" do
|
|
102
|
+
it "should return true for posts/index" do
|
|
103
|
+
@controller.send(:session_access_rights_include?,'posts/index').
|
|
104
|
+
should == true
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
it "should return false for pages/index" do
|
|
108
|
+
@controller.send(:session_access_rights_include?,'pages/index').
|
|
109
|
+
should == false
|
|
110
|
+
end
|
|
89
111
|
end
|
|
90
112
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: lockdown
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andrew Stone
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-08-
|
|
12
|
+
date: 2009-08-18 00:00:00 -04:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
@@ -44,6 +44,7 @@ files:
|
|
|
44
44
|
- lib/lockdown/helper.rb
|
|
45
45
|
- lib/lockdown/orms/active_record.rb
|
|
46
46
|
- lib/lockdown/permission.rb
|
|
47
|
+
- lib/lockdown/rspec_helper.rb
|
|
47
48
|
- lib/lockdown/rules.rb
|
|
48
49
|
- lib/lockdown/session.rb
|
|
49
50
|
- lib/lockdown/system.rb
|
|
@@ -78,11 +79,13 @@ files:
|
|
|
78
79
|
- rails_generators/lockdown/templates/db/migrate/create_users.rb
|
|
79
80
|
- rails_generators/lockdown/templates/lib/lockdown/README
|
|
80
81
|
- rails_generators/lockdown/templates/lib/lockdown/init.rb
|
|
82
|
+
- spec/lockdown/context_spec.rb
|
|
81
83
|
- spec/lockdown/database_spec.rb
|
|
82
84
|
- spec/lockdown/frameworks/rails/controller_spec.rb
|
|
83
85
|
- spec/lockdown/frameworks/rails/view_spec.rb
|
|
84
86
|
- spec/lockdown/frameworks/rails_spec.rb
|
|
85
87
|
- spec/lockdown/permission_spec.rb
|
|
88
|
+
- spec/lockdown/rspec_helper_spec.rb
|
|
86
89
|
- spec/lockdown/rules_spec.rb
|
|
87
90
|
- spec/lockdown/session_spec.rb
|
|
88
91
|
- spec/lockdown/system_spec.rb
|