lockdown_vail 1.6.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. data/.gitignore +6 -0
  2. data/README.txt +36 -0
  3. data/Rakefile +38 -0
  4. data/VERSION +1 -0
  5. data/lib/lockdown/context.rb +41 -0
  6. data/lib/lockdown/database.rb +41 -0
  7. data/lib/lockdown/errors.rb +11 -0
  8. data/lib/lockdown/frameworks/rails/controller.rb +187 -0
  9. data/lib/lockdown/frameworks/rails/view.rb +50 -0
  10. data/lib/lockdown/frameworks/rails.rb +114 -0
  11. data/lib/lockdown/helper.rb +111 -0
  12. data/lib/lockdown/orms/active_record.rb +68 -0
  13. data/lib/lockdown/permission.rb +222 -0
  14. data/lib/lockdown/references.rb +19 -0
  15. data/lib/lockdown/rspec_helper.rb +114 -0
  16. data/lib/lockdown/rules.rb +372 -0
  17. data/lib/lockdown/session.rb +66 -0
  18. data/lib/lockdown/system.rb +58 -0
  19. data/lib/lockdown.rb +87 -0
  20. data/lockdown.gemspec +118 -0
  21. data/lockdown_vail.gemspec +120 -0
  22. data/rails_generators/lockdown/lockdown_generator.rb +274 -0
  23. data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
  24. data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
  25. data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
  26. data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
  27. data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
  28. data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
  29. data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
  30. data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
  31. data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
  32. data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
  33. data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
  34. data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
  35. data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
  36. data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
  37. data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
  38. data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
  39. data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
  40. data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
  41. data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
  42. data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
  43. data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
  44. data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
  45. data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
  46. data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
  47. data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
  48. data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
  49. data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
  50. data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
  51. data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
  52. data/rails_generators/lockdown/templates/lib/lockdown/init.rb +136 -0
  53. data/spec/lockdown/context_spec.rb +191 -0
  54. data/spec/lockdown/database_spec.rb +66 -0
  55. data/spec/lockdown/frameworks/rails/controller_spec.rb +240 -0
  56. data/spec/lockdown/frameworks/rails/view_spec.rb +87 -0
  57. data/spec/lockdown/frameworks/rails_spec.rb +163 -0
  58. data/spec/lockdown/permission_spec.rb +156 -0
  59. data/spec/lockdown/rspec_helper_spec.rb +41 -0
  60. data/spec/lockdown/rules_spec.rb +245 -0
  61. data/spec/lockdown/session_spec.rb +125 -0
  62. data/spec/lockdown/system_spec.rb +51 -0
  63. data/spec/lockdown_spec.rb +19 -0
  64. data/spec/rcov.opts +5 -0
  65. data/spec/spec.opts +3 -0
  66. data/spec/spec_helper.rb +8 -0
  67. metadata +140 -0
@@ -0,0 +1,87 @@
1
+ require File.join(File.dirname(__FILE__), %w[.. .. .. spec_helper])
2
+
3
+ class TestAView
4
+ def link_to
5
+ "link_to"
6
+ end
7
+
8
+ def button_to
9
+ "button_to"
10
+ end
11
+
12
+ include Lockdown::Frameworks::Rails::View
13
+ end
14
+
15
+ describe Lockdown::Frameworks::Rails::Controller do
16
+
17
+ before do
18
+ @view = TestAView.new
19
+
20
+ @view.stub!(:url_for).and_return("posts/new")
21
+
22
+ @options = {:controller => "posts", :action => "new"}
23
+ end
24
+
25
+ describe "#link_to_secured" do
26
+ it "should return the link if authorized" do
27
+ link = "<a href='http://a.com'>my_link</a>"
28
+ @view.stub!(:authorized?).and_return(true)
29
+ @view.stub!(:link_to_open).and_return(link)
30
+
31
+ @view.link_to_secured("my link", @options).should == link
32
+ end
33
+
34
+ it "should return an empty string if authorized" do
35
+ @view.stub!(:authorized?).and_return(false)
36
+
37
+ @view.link_to_secured("my link", @options).should == ""
38
+ end
39
+ end
40
+
41
+ describe "#button_to_secured" do
42
+ it "should return the link if authorized" do
43
+ link = "<a href='http://a.com'>my_link</a>"
44
+ @view.stub!(:authorized?).and_return(true)
45
+ @view.stub!(:button_to_open).and_return(link)
46
+
47
+ @view.button_to_secured("my link", @options).should == link
48
+ end
49
+
50
+ it "should return an empty string if authorized" do
51
+ @view.stub!(:authorized?).and_return(false)
52
+
53
+ @view.button_to_secured("my link", @options).should == ""
54
+ end
55
+ end
56
+
57
+ describe "#link_to_or_show" do
58
+ it "should return the name if link_to returned an empty string" do
59
+ @view.stub!(:link_to).and_return('')
60
+
61
+ @view.link_to_or_show("my_link", @options).
62
+ should == "my_link"
63
+ end
64
+
65
+ it "should return the link if access is allowed" do
66
+ link = "<a href='http://a.com'>my_link</a>"
67
+ @view.stub!(:link_to).and_return(link)
68
+
69
+ @view.link_to_or_show("my_link", @options).
70
+ should == link
71
+ end
72
+ end
73
+
74
+ describe "#link_to_or_show" do
75
+ it "should return links separated by | " do
76
+ Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
77
+ links = ["link_one", "link_two"]
78
+ @view.links(links).should == links.join(' | ')
79
+ end
80
+
81
+ it "should return links separated by | and handle empty strings" do
82
+ Lockdown::System.stub!(:fetch).with(:link_separator).and_return(' | ')
83
+ links = ["link_one", "link_two", ""]
84
+ @view.links(links).should == links.join(' | ')
85
+ end
86
+ end
87
+ end
@@ -0,0 +1,163 @@
1
+ require File.join(File.dirname(__FILE__), %w[.. .. spec_helper])
2
+
3
+ describe Lockdown::Frameworks::Rails do
4
+ before do
5
+ @rails = Lockdown::Frameworks::Rails
6
+
7
+ @rails.stub!(:use_me?).and_return(true)
8
+
9
+ @lockdown = mock("lockdown")
10
+ end
11
+
12
+
13
+ describe "#included" do
14
+ it "should extend lockdown with rails environment" do
15
+ @lockdown.should_receive(:extend).
16
+ with(Lockdown::Frameworks::Rails::Environment)
17
+
18
+ @rails.should_receive(:mixin)
19
+
20
+ @rails.included(@lockdown)
21
+ end
22
+ end
23
+
24
+ describe "#mixin" do
25
+ it "should perform class_eval on controller view and system to inject itself" do
26
+
27
+ @view_helper = Mikey
28
+ @view_helper.should_receive(:include).
29
+ with( Lockdown::Frameworks::Rails::View )
30
+
31
+ Lockdown.should_receive(:view_helper) do
32
+ @view_helper
33
+ end
34
+
35
+ @system = Mikey
36
+ @system.should_receive(:extend).
37
+ with( Lockdown::Frameworks::Rails::System )
38
+
39
+ Lockdown.should_receive(:system) do
40
+ @system
41
+ end
42
+
43
+ @rails.should_receive(:mixin_controller)
44
+
45
+ @rails.mixin
46
+ end
47
+
48
+ end
49
+
50
+ describe "#mixin_controller" do
51
+
52
+ it "should inject itself" do
53
+ klass = Mikey
54
+
55
+ klass.should_receive(:include).
56
+ with(Lockdown::Session)
57
+
58
+ klass.should_receive(:include).
59
+ with(Lockdown::Frameworks::Rails::Controller::Lock)
60
+
61
+ klass.should_receive(:helper_method).with(:authorized?)
62
+
63
+ klass.should_receive(:hide_action).with(:set_current_user, :configure_lockdown, :check_request_authorization, :check_model_authorization)
64
+
65
+ klass.should_receive(:before_filter).and_return do |c|
66
+ #not working yet. very frustrating trying to test this
67
+ end
68
+
69
+ klass.should_receive(:filter_parameter_logging)
70
+
71
+ klass.should_receive(:rescue_from).exactly(:twice)
72
+
73
+ @rails.mixin_controller(klass)
74
+ end
75
+ end
76
+
77
+ end
78
+
79
+ RAILS_ROOT = "/shibby/dibby/do"
80
+
81
+ module ActionController; class Base; end end
82
+
83
+ class ApplicationController; end
84
+
85
+ module ActionView; class Base; end end
86
+
87
+ describe Lockdown::Frameworks::Rails::Environment do
88
+
89
+ before do
90
+ @env = class Test; extend Lockdown::Frameworks::Rails::Environment; end
91
+ end
92
+
93
+ describe "#project_root" do
94
+ it "should return rails root" do
95
+ @env.project_root.should == "/shibby/dibby/do"
96
+ end
97
+ end
98
+
99
+ describe "#init_file" do
100
+ it "should return path to init_file" do
101
+ @env.stub!(:project_root).and_return("/shibby/dibby/do")
102
+ @env.init_file.should == "/shibby/dibby/do/lib/lockdown/init.rb"
103
+ end
104
+ end
105
+
106
+ describe "#controller_class_name" do
107
+ it "should add Controller to name" do
108
+ @env.controller_class_name("user").should == "UserController"
109
+ end
110
+
111
+ it "should convert two underscores to a namespaced controller" do
112
+ @env.controller_class_name("admin__user").should == "Admin::UserController"
113
+ end
114
+ end
115
+
116
+ describe "#controller_parent" do
117
+ it "should return ActionController::Base if not caching classes" do
118
+ @env.should_receive(:caching?).and_return(false)
119
+ @env.controller_parent.should == ActionController::Base
120
+ end
121
+
122
+ it "should return ApplicationController if caching classes" do
123
+ @env.should_receive(:caching?).and_return(true)
124
+ @env.controller_parent.should == ApplicationController
125
+ end
126
+
127
+ end
128
+
129
+ describe "#view_helper" do
130
+ it "should return ActionView::Base" do
131
+
132
+ @env.view_helper.should == ActionView::Base
133
+ end
134
+ end
135
+ end
136
+
137
+ describe Lockdown::Frameworks::Rails::System do
138
+ class Test
139
+ extend Lockdown::Frameworks::Rails::System
140
+ end
141
+
142
+ before do
143
+ @env = Test
144
+ end
145
+
146
+ describe "#skip_sync?" do
147
+ it "should return true if env == skip sync" do
148
+ Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test'])
149
+ @env.should_receive(:framework_environment).and_return("test")
150
+
151
+ @env.skip_sync?.should == true
152
+ end
153
+
154
+ it "should return false if env not in skip_sync" do
155
+ Lockdown::System.stub!(:fetch).with(:skip_db_sync_in).and_return(['test', 'ci'])
156
+ @env.should_receive(:framework_environment).and_return("qa")
157
+
158
+ @env.skip_sync?.should == false
159
+ end
160
+
161
+ end
162
+
163
+ end
@@ -0,0 +1,156 @@
1
+ require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
+
3
+ describe Lockdown::Permission do
4
+ before do
5
+
6
+ @permission = Lockdown::Permission.new(:user_management)
7
+ @permission.stub!(:paths_for).and_return([])
8
+ end
9
+
10
+ describe "#with_controller" do
11
+ before do
12
+ @permission.with_controller(:users)
13
+ end
14
+
15
+ it "should set current_context to ControllerContext" do
16
+ @permission.current_context.class.should equal(Lockdown::ControllerContext)
17
+ end
18
+ end
19
+
20
+ describe "#only_methods" do
21
+ before do
22
+ @permission.with_controller(:users).only_methods(:show, :edit)
23
+ end
24
+
25
+ it "should set current_context to RootContext" do
26
+ @permission.current_context.class.should equal(Lockdown::RootContext)
27
+ end
28
+ end
29
+
30
+ describe "#except_methods" do
31
+ before do
32
+ @permission.with_controller(:users).except_methods(:destroy)
33
+ end
34
+
35
+ it "should set current_context to RootContext" do
36
+ @permission.current_context.class.should equal(Lockdown::RootContext)
37
+ end
38
+ end
39
+
40
+ describe "#to_model" do
41
+ before do
42
+ @permission.to_model(:user)
43
+ end
44
+
45
+ it "should set current_context to ModelContext" do
46
+ @permission.current_context.class.should equal(Lockdown::ModelContext)
47
+ end
48
+ end
49
+
50
+ describe "#where" do
51
+ before do
52
+ @permission.to_model(:user).where(:current_user_id)
53
+ end
54
+
55
+ it "should set current_context to ModelWhereContext" do
56
+ @permission.current_context.class.should equal(Lockdown::ModelWhereContext)
57
+ end
58
+ end
59
+
60
+ describe "#equals" do
61
+ before do
62
+ @permission.to_model(:user).where(:current_user_id).equals(:id)
63
+ end
64
+
65
+ it "should set current_context to RootContext" do
66
+ @permission.current_context.class.should equal(Lockdown::RootContext)
67
+ end
68
+ end
69
+
70
+ describe "#is_in" do
71
+ before do
72
+ @permission.to_model(:user).where(:current_user_id).is_in(:manager_ids)
73
+ end
74
+
75
+ it "should set current_context to RootContext" do
76
+ @permission.current_context.class.should equal(Lockdown::RootContext)
77
+ end
78
+ end
79
+
80
+ describe "#set_as_public_access" do
81
+ it "should raise an PermissionScopeCollision if already protected" do
82
+ @permission.set_as_protected_access
83
+ lambda{@permission.set_as_public_access}.
84
+ should raise_error(Lockdown::PermissionScopeCollision)
85
+ end
86
+ end
87
+
88
+
89
+ describe "#set_as_protected_access" do
90
+ it "should raise an PermissionScopeCollision if already public" do
91
+ @permission.set_as_public_access
92
+ lambda{@permission.set_as_protected_access}.
93
+ should raise_error(Lockdown::PermissionScopeCollision)
94
+ end
95
+ end
96
+
97
+ describe "while in RootContext" do
98
+ before do
99
+ @permission.with_controller(:users).only_methods(:show, :edit)
100
+ end
101
+
102
+ it "should raise InvalidRuleContext trying to access methods out of context" do
103
+ methods = [:only_methods, :except_methods, :where, :equals, :is_in, :includes]
104
+
105
+ methods.each do |method|
106
+ lambda{@permission.send(method, :sample_param)}.
107
+ should raise_error(Lockdown::InvalidRuleContext)
108
+ end
109
+ end
110
+ end
111
+
112
+ describe "while in ControllerContext" do
113
+ before do
114
+ @permission.with_controller(:users)
115
+ end
116
+
117
+ it "should raise InvalidRuleContext trying to access methods out of context" do
118
+ methods = [:where, :equals, :is_in, :includes]
119
+
120
+ methods.each do |method|
121
+ lambda{@permission.send(method, :sample_param)}.
122
+ should raise_error(Lockdown::InvalidRuleContext)
123
+ end
124
+ end
125
+ end
126
+
127
+ describe "while in ModelContext" do
128
+ before do
129
+ @permission.to_model(:user)
130
+ end
131
+
132
+ it "should raise InvalidRuleContext trying to access methods out of context" do
133
+ methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :equals, :is_in, :includes]
134
+
135
+ methods.each do |method|
136
+ lambda{@permission.send(method, :sample_param)}.
137
+ should raise_error(Lockdown::InvalidRuleContext)
138
+ end
139
+ end
140
+ end
141
+
142
+ describe "while in ModelWhereContext" do
143
+ before do
144
+ @permission.to_model(:user).where(:current_user_id)
145
+ end
146
+
147
+ it "should raise InvalidRuleContext trying to access methods out of context" do
148
+ methods = [:with_controller, :and_controller, :only_methods, :except_methods, :to_model, :where]
149
+
150
+ methods.each do |method|
151
+ lambda{@permission.send(method, :sample_param)}.
152
+ should raise_error(Lockdown::InvalidRuleContext)
153
+ end
154
+ end
155
+ end
156
+ end
@@ -0,0 +1,41 @@
1
+ require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
+
3
+ require 'lockdown/rspec_helper'
4
+
5
+ class TestAController
6
+ extend Lockdown::Frameworks::Rails::Controller
7
+ include Lockdown::Frameworks::Rails::Controller::Lock
8
+ end
9
+
10
+ class RspecEnv
11
+ end
12
+
13
+ describe Lockdown::RspecHelper do
14
+ before do
15
+ @controller = TestAController.new
16
+ @controller.stub!(:session).and_return({})
17
+
18
+ usr = mock :user,
19
+ :first_name => 'John',
20
+ :last_name => 'Smith',
21
+ :password => 'mysecret',
22
+ :password_confirmation => 'mysecret'
23
+
24
+ usr_group = mock :usr_group
25
+
26
+ Lockdown.should_receive(:maybe_parse_init)
27
+ RspecEnv.send :include, Lockdown::RspecHelper
28
+ @rspec_env = RspecEnv.new
29
+ @rspec_env.stub!(:controller).and_return(@controller)
30
+ @rspec_env.stub!(:mock_user).and_return(usr)
31
+ @rspec_env.stub!(:mock_user_group).and_return(usr_group)
32
+ end
33
+
34
+ describe "#login_admin" do
35
+ it "should set access_rights to :all" do
36
+ @rspec_env.login_admin
37
+ #@rspec_env.controller.session[:access_rights].should == :all
38
+ @rspec_env.controller.session[:user_groups].should == [Lockdown.administrator_group_symbol]
39
+ end
40
+ end
41
+ end