lockdown_vail 1.6.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +6 -0
- data/README.txt +36 -0
- data/Rakefile +38 -0
- data/VERSION +1 -0
- data/lib/lockdown/context.rb +41 -0
- data/lib/lockdown/database.rb +41 -0
- data/lib/lockdown/errors.rb +11 -0
- data/lib/lockdown/frameworks/rails/controller.rb +187 -0
- data/lib/lockdown/frameworks/rails/view.rb +50 -0
- data/lib/lockdown/frameworks/rails.rb +114 -0
- data/lib/lockdown/helper.rb +111 -0
- data/lib/lockdown/orms/active_record.rb +68 -0
- data/lib/lockdown/permission.rb +222 -0
- data/lib/lockdown/references.rb +19 -0
- data/lib/lockdown/rspec_helper.rb +114 -0
- data/lib/lockdown/rules.rb +372 -0
- data/lib/lockdown/session.rb +66 -0
- data/lib/lockdown/system.rb +58 -0
- data/lib/lockdown.rb +87 -0
- data/lockdown.gemspec +118 -0
- data/lockdown_vail.gemspec +120 -0
- data/rails_generators/lockdown/lockdown_generator.rb +274 -0
- data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
- data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
- data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
- data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
- data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
- data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
- data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
- data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
- data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
- data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
- data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
- data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
- data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
- data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
- data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
- data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
- data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
- data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
- data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
- data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
- data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
- data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
- data/rails_generators/lockdown/templates/lib/lockdown/init.rb +136 -0
- data/spec/lockdown/context_spec.rb +191 -0
- data/spec/lockdown/database_spec.rb +66 -0
- data/spec/lockdown/frameworks/rails/controller_spec.rb +240 -0
- data/spec/lockdown/frameworks/rails/view_spec.rb +87 -0
- data/spec/lockdown/frameworks/rails_spec.rb +163 -0
- data/spec/lockdown/permission_spec.rb +156 -0
- data/spec/lockdown/rspec_helper_spec.rb +41 -0
- data/spec/lockdown/rules_spec.rb +245 -0
- data/spec/lockdown/session_spec.rb +125 -0
- data/spec/lockdown/system_spec.rb +51 -0
- data/spec/lockdown_spec.rb +19 -0
- data/spec/rcov.opts +5 -0
- data/spec/spec.opts +3 -0
- data/spec/spec_helper.rb +8 -0
- metadata +140 -0
@@ -0,0 +1,87 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
|
2
|
+
|
3
|
+
class TestAView
|
4
|
+
def link_to
|
5
|
+
"link_to"
|
6
|
+
end
|
7
|
+
|
8
|
+
def button_to
|
9
|
+
"button_to"
|
10
|
+
end
|
11
|
+
|
12
|
+
include Lockdown::Frameworks::Rails::View
|
13
|
+
end
|
14
|
+
|
15
|
+
describe Lockdown::Frameworks::Rails::Controller do
|
16
|
+
|
17
|
+
before do
|
18
|
+
@view = TestAView.new
|
19
|
+
|
20
|
+
@view.stub!(:url_for).and_return("posts/new")
|
21
|
+
|
22
|
+
@options = {:controller => "posts", :action => "new"}
|
23
|
+
end
|
24
|
+
|
25
|
+
describe "#link_to_secured" do
|
26
|
+
it "should return the link if authorized" do
|
27
|
+
link = "<a href='http://a.com'>my_link</a>"
|
28
|
+
@view.stub!(:authorized?).and_return(true)
|
29
|
+
@view.stub!(:link_to_open).and_return(link)
|
30
|
+
|
31
|
+
@view.link_to_secured("my link", @options).should == link
|
32
|
+
end
|
33
|
+
|
34
|
+
it "should return an empty string if authorized" do
|
35
|
+
@view.stub!(:authorized?).and_return(false)
|
36
|
+
|
37
|
+
@view.link_to_secured("my link", @options).should == ""
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
describe "#button_to_secured" do
|
42
|
+
it "should return the link if authorized" do
|
43
|
+
link = "<a href='http://a.com'>my_link</a>"
|
44
|
+
@view.stub!(:authorized?).and_return(true)
|
45
|
+
@view.stub!(:button_to_open).and_return(link)
|
46
|
+
|
47
|
+
@view.button_to_secured("my link", @options).should == link
|
48
|
+
end
|
49
|
+
|
50
|
+
it "should return an empty string if authorized" do
|
51
|
+
@view.stub!(:authorized?).and_return(false)
|
52
|
+
|
53
|
+
@view.button_to_secured("my link", @options).should == ""
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
describe "#link_to_or_show" do
|
58
|
+
it "should return the name if link_to returned an empty string" do
|
59
|
+
@view.stub!(:link_to).and_return('')
|
60
|
+
|
61
|
+
@view.link_to_or_show("my_link", @options).
|
62
|
+
should == "my_link"
|
63
|
+
end
|
64
|
+
|
65
|
+
it "should return the link if access is allowed" do
|
66
|
+
link = "<a href='http://a.com'>my_link</a>"
|
67
|
+
@view.stub!(:link_to).and_return(link)
|
68
|
+
|
69
|
+
@view.link_to_or_show("my_link", @options).
|
70
|
+
should == link
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
describe "#link_to_or_show" do
|
75
|
+
it "should return links separated by | " do
|
76
|
+
Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
|
77
|
+
links = ["link_one", "link_two"]
|
78
|
+
@view.links(links).should == links.join(' | ')
|
79
|
+
end
|
80
|
+
|
81
|
+
it "should return links separated by | and handle empty strings" do
|
82
|
+
Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
|
83
|
+
links = ["link_one", "link_two", ""]
|
84
|
+
@view.links(links).should == links.join(' | ')
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
@@ -0,0 +1,163 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), %w[.. .. spec_helper])
|
2
|
+
|
3
|
+
describe Lockdown::Frameworks::Rails do
|
4
|
+
before do
|
5
|
+
@rails = Lockdown::Frameworks::Rails
|
6
|
+
|
7
|
+
@rails.stub!(:use_me?).and_return(true)
|
8
|
+
|
9
|
+
@lockdown = mock("lockdown")
|
10
|
+
end
|
11
|
+
|
12
|
+
|
13
|
+
describe "#included" do
|
14
|
+
it "should extend lockdown with rails environment" do
|
15
|
+
@lockdown.should_receive(:extend).
|
16
|
+
with(Lockdown::Frameworks::Rails::Environment)
|
17
|
+
|
18
|
+
@rails.should_receive(:mixin)
|
19
|
+
|
20
|
+
@rails.included(@lockdown)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
describe "#mixin" do
|
25
|
+
it "should perform class_eval on controller view and system to inject itself" do
|
26
|
+
|
27
|
+
@view_helper = Mikey
|
28
|
+
@view_helper.should_receive(:include).
|
29
|
+
with( Lockdown::Frameworks::Rails::View )
|
30
|
+
|
31
|
+
Lockdown.should_receive(:view_helper) do
|
32
|
+
@view_helper
|
33
|
+
end
|
34
|
+
|
35
|
+
@system = Mikey
|
36
|
+
@system.should_receive(:extend).
|
37
|
+
with( Lockdown::Frameworks::Rails::System )
|
38
|
+
|
39
|
+
Lockdown.should_receive(:system) do
|
40
|
+
@system
|
41
|
+
end
|
42
|
+
|
43
|
+
@rails.should_receive(:mixin_controller)
|
44
|
+
|
45
|
+
@rails.mixin
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
|
50
|
+
describe "#mixin_controller" do
|
51
|
+
|
52
|
+
it "should inject itself" do
|
53
|
+
klass = Mikey
|
54
|
+
|
55
|
+
klass.should_receive(:include).
|
56
|
+
with(Lockdown::Session)
|
57
|
+
|
58
|
+
klass.should_receive(:include).
|
59
|
+
with(Lockdown::Frameworks::Rails::Controller::Lock)
|
60
|
+
|
61
|
+
klass.should_receive(:helper_method).with(:authorized?)
|
62
|
+
|
63
|
+
klass.should_receive(:hide_action).with(:set_current_user, :configure_lockdown, :check_request_authorization, :check_model_authorization)
|
64
|
+
|
65
|
+
klass.should_receive(:before_filter).and_return do |c|
|
66
|
+
#not working yet. very frustrating trying to test this
|
67
|
+
end
|
68
|
+
|
69
|
+
klass.should_receive(:filter_parameter_logging)
|
70
|
+
|
71
|
+
klass.should_receive(:rescue_from).exactly(:twice)
|
72
|
+
|
73
|
+
@rails.mixin_controller(klass)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
end
|
78
|
+
|
79
|
+
RAILS_ROOT = "/shibby/dibby/do"
|
80
|
+
|
81
|
+
module ActionController; class Base; end end
|
82
|
+
|
83
|
+
class ApplicationController; end
|
84
|
+
|
85
|
+
module ActionView; class Base; end end
|
86
|
+
|
87
|
+
describe Lockdown::Frameworks::Rails::Environment do
|
88
|
+
|
89
|
+
before do
|
90
|
+
@env = class Test; extend Lockdown::Frameworks::Rails::Environment; end
|
91
|
+
end
|
92
|
+
|
93
|
+
describe "#project_root" do
|
94
|
+
it "should return rails root" do
|
95
|
+
@env.project_root.should == "/shibby/dibby/do"
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
describe "#init_file" do
|
100
|
+
it "should return path to init_file" do
|
101
|
+
@env.stub!(:project_root).and_return("/shibby/dibby/do")
|
102
|
+
@env.init_file.should == "/shibby/dibby/do/lib/lockdown/init.rb"
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
describe "#controller_class_name" do
|
107
|
+
it "should add Controller to name" do
|
108
|
+
@env.controller_class_name("user").should == "UserController"
|
109
|
+
end
|
110
|
+
|
111
|
+
it "should convert two underscores to a namespaced controller" do
|
112
|
+
@env.controller_class_name("admin__user").should == "Admin::UserController"
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
describe "#controller_parent" do
|
117
|
+
it "should return ActionController::Base if not caching classes" do
|
118
|
+
@env.should_receive(:caching?).and_return(false)
|
119
|
+
@env.controller_parent.should == ActionController::Base
|
120
|
+
end
|
121
|
+
|
122
|
+
it "should return ApplicationController if caching classes" do
|
123
|
+
@env.should_receive(:caching?).and_return(true)
|
124
|
+
@env.controller_parent.should == ApplicationController
|
125
|
+
end
|
126
|
+
|
127
|
+
end
|
128
|
+
|
129
|
+
describe "#view_helper" do
|
130
|
+
it "should return ActionView::Base" do
|
131
|
+
|
132
|
+
@env.view_helper.should == ActionView::Base
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
describe Lockdown::Frameworks::Rails::System do
|
138
|
+
class Test
|
139
|
+
extend Lockdown::Frameworks::Rails::System
|
140
|
+
end
|
141
|
+
|
142
|
+
before do
|
143
|
+
@env = Test
|
144
|
+
end
|
145
|
+
|
146
|
+
describe "#skip_sync?" do
|
147
|
+
it "should return true if env == skip sync" do
|
148
|
+
Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test'])
|
149
|
+
@env.should_receive(:framework_environment).and_return("test")
|
150
|
+
|
151
|
+
@env.skip_sync?.should == true
|
152
|
+
end
|
153
|
+
|
154
|
+
it "should return false if env not in skip_sync" do
|
155
|
+
Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test', 'ci'])
|
156
|
+
@env.should_receive(:framework_environment).and_return("qa")
|
157
|
+
|
158
|
+
@env.skip_sync?.should == false
|
159
|
+
end
|
160
|
+
|
161
|
+
end
|
162
|
+
|
163
|
+
end
|
@@ -0,0 +1,156 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
2
|
+
|
3
|
+
describe Lockdown::Permission do
|
4
|
+
before do
|
5
|
+
|
6
|
+
@permission = Lockdown::Permission.new(:user_management)
|
7
|
+
@permission.stub!(:paths_for).and_return([])
|
8
|
+
end
|
9
|
+
|
10
|
+
describe "#with_controller" do
|
11
|
+
before do
|
12
|
+
@permission.with_controller(:users)
|
13
|
+
end
|
14
|
+
|
15
|
+
it "should set current_context to ControllerContext" do
|
16
|
+
@permission.current_context.class.should equal(Lockdown::ControllerContext)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
describe "#only_methods" do
|
21
|
+
before do
|
22
|
+
@permission.with_controller(:users).only_methods(:show, :edit)
|
23
|
+
end
|
24
|
+
|
25
|
+
it "should set current_context to RootContext" do
|
26
|
+
@permission.current_context.class.should equal(Lockdown::RootContext)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
describe "#except_methods" do
|
31
|
+
before do
|
32
|
+
@permission.with_controller(:users).except_methods(:destroy)
|
33
|
+
end
|
34
|
+
|
35
|
+
it "should set current_context to RootContext" do
|
36
|
+
@permission.current_context.class.should equal(Lockdown::RootContext)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
describe "#to_model" do
|
41
|
+
before do
|
42
|
+
@permission.to_model(:user)
|
43
|
+
end
|
44
|
+
|
45
|
+
it "should set current_context to ModelContext" do
|
46
|
+
@permission.current_context.class.should equal(Lockdown::ModelContext)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
describe "#where" do
|
51
|
+
before do
|
52
|
+
@permission.to_model(:user).where(:current_user_id)
|
53
|
+
end
|
54
|
+
|
55
|
+
it "should set current_context to ModelWhereContext" do
|
56
|
+
@permission.current_context.class.should equal(Lockdown::ModelWhereContext)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
describe "#equals" do
|
61
|
+
before do
|
62
|
+
@permission.to_model(:user).where(:current_user_id).equals(:id)
|
63
|
+
end
|
64
|
+
|
65
|
+
it "should set current_context to RootContext" do
|
66
|
+
@permission.current_context.class.should equal(Lockdown::RootContext)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
describe "#is_in" do
|
71
|
+
before do
|
72
|
+
@permission.to_model(:user).where(:current_user_id).is_in(:manager_ids)
|
73
|
+
end
|
74
|
+
|
75
|
+
it "should set current_context to RootContext" do
|
76
|
+
@permission.current_context.class.should equal(Lockdown::RootContext)
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
describe "#set_as_public_access" do
|
81
|
+
it "should raise an PermissionScopeCollision if already protected" do
|
82
|
+
@permission.set_as_protected_access
|
83
|
+
lambda{@permission.set_as_public_access}.
|
84
|
+
should raise_error(Lockdown::PermissionScopeCollision)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
|
89
|
+
describe "#set_as_protected_access" do
|
90
|
+
it "should raise an PermissionScopeCollision if already public" do
|
91
|
+
@permission.set_as_public_access
|
92
|
+
lambda{@permission.set_as_protected_access}.
|
93
|
+
should raise_error(Lockdown::PermissionScopeCollision)
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
describe "while in RootContext" do
|
98
|
+
before do
|
99
|
+
@permission.with_controller(:users).only_methods(:show, :edit)
|
100
|
+
end
|
101
|
+
|
102
|
+
it "should raise InvalidRuleContext trying to access methods out of context" do
|
103
|
+
methods = [:only_methods, :except_methods, :where, :equals, :is_in, :includes]
|
104
|
+
|
105
|
+
methods.each do |method|
|
106
|
+
lambda{@permission.send(method, :sample_param)}.
|
107
|
+
should raise_error(Lockdown::InvalidRuleContext)
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
112
|
+
describe "while in ControllerContext" do
|
113
|
+
before do
|
114
|
+
@permission.with_controller(:users)
|
115
|
+
end
|
116
|
+
|
117
|
+
it "should raise InvalidRuleContext trying to access methods out of context" do
|
118
|
+
methods = [:where, :equals, :is_in, :includes]
|
119
|
+
|
120
|
+
methods.each do |method|
|
121
|
+
lambda{@permission.send(method, :sample_param)}.
|
122
|
+
should raise_error(Lockdown::InvalidRuleContext)
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
describe "while in ModelContext" do
|
128
|
+
before do
|
129
|
+
@permission.to_model(:user)
|
130
|
+
end
|
131
|
+
|
132
|
+
it "should raise InvalidRuleContext trying to access methods out of context" do
|
133
|
+
methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :equals, :is_in, :includes]
|
134
|
+
|
135
|
+
methods.each do |method|
|
136
|
+
lambda{@permission.send(method, :sample_param)}.
|
137
|
+
should raise_error(Lockdown::InvalidRuleContext)
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
142
|
+
describe "while in ModelWhereContext" do
|
143
|
+
before do
|
144
|
+
@permission.to_model(:user).where(:current_user_id)
|
145
|
+
end
|
146
|
+
|
147
|
+
it "should raise InvalidRuleContext trying to access methods out of context" do
|
148
|
+
methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :where]
|
149
|
+
|
150
|
+
methods.each do |method|
|
151
|
+
lambda{@permission.send(method, :sample_param)}.
|
152
|
+
should raise_error(Lockdown::InvalidRuleContext)
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
156
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
2
|
+
|
3
|
+
require 'lockdown/rspec_helper'
|
4
|
+
|
5
|
+
class TestAController
|
6
|
+
extend Lockdown::Frameworks::Rails::Controller
|
7
|
+
include Lockdown::Frameworks::Rails::Controller::Lock
|
8
|
+
end
|
9
|
+
|
10
|
+
class RspecEnv
|
11
|
+
end
|
12
|
+
|
13
|
+
describe Lockdown::RspecHelper do
|
14
|
+
before do
|
15
|
+
@controller = TestAController.new
|
16
|
+
@controller.stub!(:session).and_return({})
|
17
|
+
|
18
|
+
usr = mock :user,
|
19
|
+
:first_name => 'John',
|
20
|
+
:last_name => 'Smith',
|
21
|
+
:password => 'mysecret',
|
22
|
+
:password_confirmation => 'mysecret'
|
23
|
+
|
24
|
+
usr_group = mock :usr_group
|
25
|
+
|
26
|
+
Lockdown.should_receive(:maybe_parse_init)
|
27
|
+
RspecEnv.send :include, Lockdown::RspecHelper
|
28
|
+
@rspec_env = RspecEnv.new
|
29
|
+
@rspec_env.stub!(:controller).and_return(@controller)
|
30
|
+
@rspec_env.stub!(:mock_user).and_return(usr)
|
31
|
+
@rspec_env.stub!(:mock_user_group).and_return(usr_group)
|
32
|
+
end
|
33
|
+
|
34
|
+
describe "#login_admin" do
|
35
|
+
it "should set access_rights to :all" do
|
36
|
+
@rspec_env.login_admin
|
37
|
+
#@rspec_env.controller.session[:access_rights].should == :all
|
38
|
+
@rspec_env.controller.session[:user_groups].should == [Lockdown.administrator_group_symbol]
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|