lockdown_vail 1.6.2.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +6 -0
- data/README.txt +36 -0
- data/Rakefile +38 -0
- data/VERSION +1 -0
- data/lib/lockdown/context.rb +41 -0
- data/lib/lockdown/database.rb +41 -0
- data/lib/lockdown/errors.rb +11 -0
- data/lib/lockdown/frameworks/rails/controller.rb +187 -0
- data/lib/lockdown/frameworks/rails/view.rb +50 -0
- data/lib/lockdown/frameworks/rails.rb +114 -0
- data/lib/lockdown/helper.rb +111 -0
- data/lib/lockdown/orms/active_record.rb +68 -0
- data/lib/lockdown/permission.rb +222 -0
- data/lib/lockdown/references.rb +19 -0
- data/lib/lockdown/rspec_helper.rb +114 -0
- data/lib/lockdown/rules.rb +372 -0
- data/lib/lockdown/session.rb +66 -0
- data/lib/lockdown/system.rb +58 -0
- data/lib/lockdown.rb +87 -0
- data/lockdown.gemspec +118 -0
- data/lockdown_vail.gemspec +120 -0
- data/rails_generators/lockdown/lockdown_generator.rb +274 -0
- data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
- data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
- data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
- data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
- data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
- data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
- data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
- data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
- data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
- data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
- data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
- data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
- data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
- data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
- data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
- data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
- data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
- data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
- data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
- data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
- data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
- data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
- data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
- data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
- data/rails_generators/lockdown/templates/lib/lockdown/init.rb +136 -0
- data/spec/lockdown/context_spec.rb +191 -0
- data/spec/lockdown/database_spec.rb +66 -0
- data/spec/lockdown/frameworks/rails/controller_spec.rb +240 -0
- data/spec/lockdown/frameworks/rails/view_spec.rb +87 -0
- data/spec/lockdown/frameworks/rails_spec.rb +163 -0
- data/spec/lockdown/permission_spec.rb +156 -0
- data/spec/lockdown/rspec_helper_spec.rb +41 -0
- data/spec/lockdown/rules_spec.rb +245 -0
- data/spec/lockdown/session_spec.rb +125 -0
- data/spec/lockdown/system_spec.rb +51 -0
- data/spec/lockdown_spec.rb +19 -0
- data/spec/rcov.opts +5 -0
- data/spec/spec.opts +3 -0
- data/spec/spec_helper.rb +8 -0
- metadata +140 -0
@@ -0,0 +1,87 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
|
2
|
+
|
3
|
+
class TestAView
|
4
|
+
def link_to
|
5
|
+
"link_to"
|
6
|
+
end
|
7
|
+
|
8
|
+
def button_to
|
9
|
+
"button_to"
|
10
|
+
end
|
11
|
+
|
12
|
+
include Lockdown::Frameworks::Rails::View
|
13
|
+
end
|
14
|
+
|
15
|
+
describe Lockdown::Frameworks::Rails::Controller do
|
16
|
+
|
17
|
+
before do
|
18
|
+
@view = TestAView.new
|
19
|
+
|
20
|
+
@view.stub!(:url_for).and_return("posts/new")
|
21
|
+
|
22
|
+
@options = {:controller => "posts", :action => "new"}
|
23
|
+
end
|
24
|
+
|
25
|
+
describe "#link_to_secured" do
|
26
|
+
it "should return the link if authorized" do
|
27
|
+
link = "<a href='http://a.com'>my_link</a>"
|
28
|
+
@view.stub!(:authorized?).and_return(true)
|
29
|
+
@view.stub!(:link_to_open).and_return(link)
|
30
|
+
|
31
|
+
@view.link_to_secured("my link", @options).should == link
|
32
|
+
end
|
33
|
+
|
34
|
+
it "should return an empty string if authorized" do
|
35
|
+
@view.stub!(:authorized?).and_return(false)
|
36
|
+
|
37
|
+
@view.link_to_secured("my link", @options).should == ""
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
describe "#button_to_secured" do
|
42
|
+
it "should return the link if authorized" do
|
43
|
+
link = "<a href='http://a.com'>my_link</a>"
|
44
|
+
@view.stub!(:authorized?).and_return(true)
|
45
|
+
@view.stub!(:button_to_open).and_return(link)
|
46
|
+
|
47
|
+
@view.button_to_secured("my link", @options).should == link
|
48
|
+
end
|
49
|
+
|
50
|
+
it "should return an empty string if authorized" do
|
51
|
+
@view.stub!(:authorized?).and_return(false)
|
52
|
+
|
53
|
+
@view.button_to_secured("my link", @options).should == ""
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
describe "#link_to_or_show" do
|
58
|
+
it "should return the name if link_to returned an empty string" do
|
59
|
+
@view.stub!(:link_to).and_return('')
|
60
|
+
|
61
|
+
@view.link_to_or_show("my_link", @options).
|
62
|
+
should == "my_link"
|
63
|
+
end
|
64
|
+
|
65
|
+
it "should return the link if access is allowed" do
|
66
|
+
link = "<a href='http://a.com'>my_link</a>"
|
67
|
+
@view.stub!(:link_to).and_return(link)
|
68
|
+
|
69
|
+
@view.link_to_or_show("my_link", @options).
|
70
|
+
should == link
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
describe "#link_to_or_show" do
|
75
|
+
it "should return links separated by | " do
|
76
|
+
Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
|
77
|
+
links = ["link_one", "link_two"]
|
78
|
+
@view.links(links).should == links.join(' | ')
|
79
|
+
end
|
80
|
+
|
81
|
+
it "should return links separated by | and handle empty strings" do
|
82
|
+
Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
|
83
|
+
links = ["link_one", "link_two", ""]
|
84
|
+
@view.links(links).should == links.join(' | ')
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
@@ -0,0 +1,163 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), %w[.. .. spec_helper])
|
2
|
+
|
3
|
+
describe Lockdown::Frameworks::Rails do
|
4
|
+
before do
|
5
|
+
@rails = Lockdown::Frameworks::Rails
|
6
|
+
|
7
|
+
@rails.stub!(:use_me?).and_return(true)
|
8
|
+
|
9
|
+
@lockdown = mock("lockdown")
|
10
|
+
end
|
11
|
+
|
12
|
+
|
13
|
+
describe "#included" do
|
14
|
+
it "should extend lockdown with rails environment" do
|
15
|
+
@lockdown.should_receive(:extend).
|
16
|
+
with(Lockdown::Frameworks::Rails::Environment)
|
17
|
+
|
18
|
+
@rails.should_receive(:mixin)
|
19
|
+
|
20
|
+
@rails.included(@lockdown)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
describe "#mixin" do
|
25
|
+
it "should perform class_eval on controller view and system to inject itself" do
|
26
|
+
|
27
|
+
@view_helper = Mikey
|
28
|
+
@view_helper.should_receive(:include).
|
29
|
+
with( Lockdown::Frameworks::Rails::View )
|
30
|
+
|
31
|
+
Lockdown.should_receive(:view_helper) do
|
32
|
+
@view_helper
|
33
|
+
end
|
34
|
+
|
35
|
+
@system = Mikey
|
36
|
+
@system.should_receive(:extend).
|
37
|
+
with( Lockdown::Frameworks::Rails::System )
|
38
|
+
|
39
|
+
Lockdown.should_receive(:system) do
|
40
|
+
@system
|
41
|
+
end
|
42
|
+
|
43
|
+
@rails.should_receive(:mixin_controller)
|
44
|
+
|
45
|
+
@rails.mixin
|
46
|
+
end
|
47
|
+
|
48
|
+
end
|
49
|
+
|
50
|
+
describe "#mixin_controller" do
|
51
|
+
|
52
|
+
it "should inject itself" do
|
53
|
+
klass = Mikey
|
54
|
+
|
55
|
+
klass.should_receive(:include).
|
56
|
+
with(Lockdown::Session)
|
57
|
+
|
58
|
+
klass.should_receive(:include).
|
59
|
+
with(Lockdown::Frameworks::Rails::Controller::Lock)
|
60
|
+
|
61
|
+
klass.should_receive(:helper_method).with(:authorized?)
|
62
|
+
|
63
|
+
klass.should_receive(:hide_action).with(:set_current_user, :configure_lockdown, :check_request_authorization, :check_model_authorization)
|
64
|
+
|
65
|
+
klass.should_receive(:before_filter).and_return do |c|
|
66
|
+
#not working yet. very frustrating trying to test this
|
67
|
+
end
|
68
|
+
|
69
|
+
klass.should_receive(:filter_parameter_logging)
|
70
|
+
|
71
|
+
klass.should_receive(:rescue_from).exactly(:twice)
|
72
|
+
|
73
|
+
@rails.mixin_controller(klass)
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
end
|
78
|
+
|
79
|
+
RAILS_ROOT = "/shibby/dibby/do"
|
80
|
+
|
81
|
+
module ActionController; class Base; end end
|
82
|
+
|
83
|
+
class ApplicationController; end
|
84
|
+
|
85
|
+
module ActionView; class Base; end end
|
86
|
+
|
87
|
+
describe Lockdown::Frameworks::Rails::Environment do
|
88
|
+
|
89
|
+
before do
|
90
|
+
@env = class Test; extend Lockdown::Frameworks::Rails::Environment; end
|
91
|
+
end
|
92
|
+
|
93
|
+
describe "#project_root" do
|
94
|
+
it "should return rails root" do
|
95
|
+
@env.project_root.should == "/shibby/dibby/do"
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
describe "#init_file" do
|
100
|
+
it "should return path to init_file" do
|
101
|
+
@env.stub!(:project_root).and_return("/shibby/dibby/do")
|
102
|
+
@env.init_file.should == "/shibby/dibby/do/lib/lockdown/init.rb"
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
describe "#controller_class_name" do
|
107
|
+
it "should add Controller to name" do
|
108
|
+
@env.controller_class_name("user").should == "UserController"
|
109
|
+
end
|
110
|
+
|
111
|
+
it "should convert two underscores to a namespaced controller" do
|
112
|
+
@env.controller_class_name("admin__user").should == "Admin::UserController"
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
describe "#controller_parent" do
|
117
|
+
it "should return ActionController::Base if not caching classes" do
|
118
|
+
@env.should_receive(:caching?).and_return(false)
|
119
|
+
@env.controller_parent.should == ActionController::Base
|
120
|
+
end
|
121
|
+
|
122
|
+
it "should return ApplicationController if caching classes" do
|
123
|
+
@env.should_receive(:caching?).and_return(true)
|
124
|
+
@env.controller_parent.should == ApplicationController
|
125
|
+
end
|
126
|
+
|
127
|
+
end
|
128
|
+
|
129
|
+
describe "#view_helper" do
|
130
|
+
it "should return ActionView::Base" do
|
131
|
+
|
132
|
+
@env.view_helper.should == ActionView::Base
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
describe Lockdown::Frameworks::Rails::System do
|
138
|
+
class Test
|
139
|
+
extend Lockdown::Frameworks::Rails::System
|
140
|
+
end
|
141
|
+
|
142
|
+
before do
|
143
|
+
@env = Test
|
144
|
+
end
|
145
|
+
|
146
|
+
describe "#skip_sync?" do
|
147
|
+
it "should return true if env == skip sync" do
|
148
|
+
Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test'])
|
149
|
+
@env.should_receive(:framework_environment).and_return("test")
|
150
|
+
|
151
|
+
@env.skip_sync?.should == true
|
152
|
+
end
|
153
|
+
|
154
|
+
it "should return false if env not in skip_sync" do
|
155
|
+
Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test', 'ci'])
|
156
|
+
@env.should_receive(:framework_environment).and_return("qa")
|
157
|
+
|
158
|
+
@env.skip_sync?.should == false
|
159
|
+
end
|
160
|
+
|
161
|
+
end
|
162
|
+
|
163
|
+
end
|
@@ -0,0 +1,156 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
2
|
+
|
3
|
+
describe Lockdown::Permission do
|
4
|
+
before do
|
5
|
+
|
6
|
+
@permission = Lockdown::Permission.new(:user_management)
|
7
|
+
@permission.stub!(:paths_for).and_return([])
|
8
|
+
end
|
9
|
+
|
10
|
+
describe "#with_controller" do
|
11
|
+
before do
|
12
|
+
@permission.with_controller(:users)
|
13
|
+
end
|
14
|
+
|
15
|
+
it "should set current_context to ControllerContext" do
|
16
|
+
@permission.current_context.class.should equal(Lockdown::ControllerContext)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
describe "#only_methods" do
|
21
|
+
before do
|
22
|
+
@permission.with_controller(:users).only_methods(:show, :edit)
|
23
|
+
end
|
24
|
+
|
25
|
+
it "should set current_context to RootContext" do
|
26
|
+
@permission.current_context.class.should equal(Lockdown::RootContext)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
describe "#except_methods" do
|
31
|
+
before do
|
32
|
+
@permission.with_controller(:users).except_methods(:destroy)
|
33
|
+
end
|
34
|
+
|
35
|
+
it "should set current_context to RootContext" do
|
36
|
+
@permission.current_context.class.should equal(Lockdown::RootContext)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
describe "#to_model" do
|
41
|
+
before do
|
42
|
+
@permission.to_model(:user)
|
43
|
+
end
|
44
|
+
|
45
|
+
it "should set current_context to ModelContext" do
|
46
|
+
@permission.current_context.class.should equal(Lockdown::ModelContext)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
describe "#where" do
|
51
|
+
before do
|
52
|
+
@permission.to_model(:user).where(:current_user_id)
|
53
|
+
end
|
54
|
+
|
55
|
+
it "should set current_context to ModelWhereContext" do
|
56
|
+
@permission.current_context.class.should equal(Lockdown::ModelWhereContext)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
describe "#equals" do
|
61
|
+
before do
|
62
|
+
@permission.to_model(:user).where(:current_user_id).equals(:id)
|
63
|
+
end
|
64
|
+
|
65
|
+
it "should set current_context to RootContext" do
|
66
|
+
@permission.current_context.class.should equal(Lockdown::RootContext)
|
67
|
+
end
|
68
|
+
end
|
69
|
+
|
70
|
+
describe "#is_in" do
|
71
|
+
before do
|
72
|
+
@permission.to_model(:user).where(:current_user_id).is_in(:manager_ids)
|
73
|
+
end
|
74
|
+
|
75
|
+
it "should set current_context to RootContext" do
|
76
|
+
@permission.current_context.class.should equal(Lockdown::RootContext)
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
describe "#set_as_public_access" do
|
81
|
+
it "should raise an PermissionScopeCollision if already protected" do
|
82
|
+
@permission.set_as_protected_access
|
83
|
+
lambda{@permission.set_as_public_access}.
|
84
|
+
should raise_error(Lockdown::PermissionScopeCollision)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
|
89
|
+
describe "#set_as_protected_access" do
|
90
|
+
it "should raise an PermissionScopeCollision if already public" do
|
91
|
+
@permission.set_as_public_access
|
92
|
+
lambda{@permission.set_as_protected_access}.
|
93
|
+
should raise_error(Lockdown::PermissionScopeCollision)
|
94
|
+
end
|
95
|
+
end
|
96
|
+
|
97
|
+
describe "while in RootContext" do
|
98
|
+
before do
|
99
|
+
@permission.with_controller(:users).only_methods(:show, :edit)
|
100
|
+
end
|
101
|
+
|
102
|
+
it "should raise InvalidRuleContext trying to access methods out of context" do
|
103
|
+
methods = [:only_methods, :except_methods, :where, :equals, :is_in, :includes]
|
104
|
+
|
105
|
+
methods.each do |method|
|
106
|
+
lambda{@permission.send(method, :sample_param)}.
|
107
|
+
should raise_error(Lockdown::InvalidRuleContext)
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
112
|
+
describe "while in ControllerContext" do
|
113
|
+
before do
|
114
|
+
@permission.with_controller(:users)
|
115
|
+
end
|
116
|
+
|
117
|
+
it "should raise InvalidRuleContext trying to access methods out of context" do
|
118
|
+
methods = [:where, :equals, :is_in, :includes]
|
119
|
+
|
120
|
+
methods.each do |method|
|
121
|
+
lambda{@permission.send(method, :sample_param)}.
|
122
|
+
should raise_error(Lockdown::InvalidRuleContext)
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
describe "while in ModelContext" do
|
128
|
+
before do
|
129
|
+
@permission.to_model(:user)
|
130
|
+
end
|
131
|
+
|
132
|
+
it "should raise InvalidRuleContext trying to access methods out of context" do
|
133
|
+
methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :equals, :is_in, :includes]
|
134
|
+
|
135
|
+
methods.each do |method|
|
136
|
+
lambda{@permission.send(method, :sample_param)}.
|
137
|
+
should raise_error(Lockdown::InvalidRuleContext)
|
138
|
+
end
|
139
|
+
end
|
140
|
+
end
|
141
|
+
|
142
|
+
describe "while in ModelWhereContext" do
|
143
|
+
before do
|
144
|
+
@permission.to_model(:user).where(:current_user_id)
|
145
|
+
end
|
146
|
+
|
147
|
+
it "should raise InvalidRuleContext trying to access methods out of context" do
|
148
|
+
methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :where]
|
149
|
+
|
150
|
+
methods.each do |method|
|
151
|
+
lambda{@permission.send(method, :sample_param)}.
|
152
|
+
should raise_error(Lockdown::InvalidRuleContext)
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
156
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), %w[.. spec_helper])
|
2
|
+
|
3
|
+
require 'lockdown/rspec_helper'
|
4
|
+
|
5
|
+
class TestAController
|
6
|
+
extend Lockdown::Frameworks::Rails::Controller
|
7
|
+
include Lockdown::Frameworks::Rails::Controller::Lock
|
8
|
+
end
|
9
|
+
|
10
|
+
class RspecEnv
|
11
|
+
end
|
12
|
+
|
13
|
+
describe Lockdown::RspecHelper do
|
14
|
+
before do
|
15
|
+
@controller = TestAController.new
|
16
|
+
@controller.stub!(:session).and_return({})
|
17
|
+
|
18
|
+
usr = mock :user,
|
19
|
+
:first_name => 'John',
|
20
|
+
:last_name => 'Smith',
|
21
|
+
:password => 'mysecret',
|
22
|
+
:password_confirmation => 'mysecret'
|
23
|
+
|
24
|
+
usr_group = mock :usr_group
|
25
|
+
|
26
|
+
Lockdown.should_receive(:maybe_parse_init)
|
27
|
+
RspecEnv.send :include, Lockdown::RspecHelper
|
28
|
+
@rspec_env = RspecEnv.new
|
29
|
+
@rspec_env.stub!(:controller).and_return(@controller)
|
30
|
+
@rspec_env.stub!(:mock_user).and_return(usr)
|
31
|
+
@rspec_env.stub!(:mock_user_group).and_return(usr_group)
|
32
|
+
end
|
33
|
+
|
34
|
+
describe "#login_admin" do
|
35
|
+
it "should set access_rights to :all" do
|
36
|
+
@rspec_env.login_admin
|
37
|
+
#@rspec_env.controller.session[:access_rights].should == :all
|
38
|
+
@rspec_env.controller.session[:user_groups].should == [Lockdown.administrator_group_symbol]
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|