lockdown_vail 1.6.2.1

data/spec/lockdown/rules_spec.rb

@@ -0,0 +1,245 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+
+class TestSystem; extend Lockdown::Rules; end
+
+describe Lockdown::Rules do
+  before do
+    @rules = TestSystem
+    @rules.set_defaults
+  end
+
+  describe "#set_permission" do
+    it "should create and return a Permission object" do
+      @rules.set_permission(:user_management).
+        should == Lockdown::Permission.new(:user_management) 
+    end
+  end
+
+  describe "#set_public_access" do
+    it "should define the permission as public" do
+      @rules.set_permission(:home_page)
+      @rules.set_public_access(:home_page)
+      perm = @rules.permission_objects.find{|name, object| name == :home_page}
+      perm[1].public_access?.should be_true
+    end
+
+    it "should raise and InvalidRuleAssignment if permission does not exist" do
+      msg = "Permission not found: toy_management"
+
+      @rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
+
+      @rules.set_public_access(:toy_management)
+    end
+  end
+
+  describe "#public_access?" do
+    it "should return true when permission is public" do
+      @rules.set_permission(:home_page)
+      @rules.set_public_access(:home_page)
+      @rules.public_access?(:home_page).should == true
+    end
+
+    it "should return false when permission is not public" do
+      @rules.set_permission(:home_page)
+      @rules.set_protected_access(:home_page)
+      @rules.public_access?(:home_page).should == false
+    end
+  end
+
+  describe "#set_protected_access" do
+    it "should define the permission as protected" do
+      @rules.set_permission(:user_management)
+      @rules.set_protected_access(:user_management)
+      perm = @rules.permission_objects.find{|name, object| name == :user_management}
+      perm[1].protected_access?.should be_true
+    end
+
+    it "should raise and InvalidRuleAssignment if permission does not exist" do
+      msg = "Permission not found: user_management"
+
+      @rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
+
+      @rules.set_protected_access(:user_management)
+    end
+  end
+
+  describe "#protected_access?" do
+    it "should return true when permission is protected" do
+      @rules.set_permission(:home_page)
+      @rules.set_protected_access(:home_page)
+      @rules.protected_access?(:home_page).should == true
+    end
+
+    it "should return false when permission is not protected" do
+      @rules.set_permission(:home_page)
+      @rules.set_public_access(:home_page)
+      @rules.protected_access?(:home_page).should == false
+    end
+  end
+
+  describe "#get_permissions" do
+    it "should return array of permission names as symbols" do
+      Lockdown.should_receive(:add_controller_method)
+      
+      @rules.set_permission(:home_page)
+      @rules.set_permission(:user_management)
+      @rules.process_rules
+      @rules.get_permissions.should include(:home_page) 
+      @rules.get_permissions.should include(:user_management)
+    end
+  end
+
+  describe "#permission_exists?" do
+    it "should return true if permission exists" do
+      Lockdown.should_receive(:add_controller_method)
+
+      @rules.set_permission(:home_page)
+      @rules.process_rules
+      @rules.permission_exists?(:home_page).should be_true
+    end
+
+    it "should return false if permission does not exist" do
+      @rules.permission_exists?(:home_page).should be_false
+    end
+  end
+
+  describe "#permission_assigned_automatically?" do
+    it "should return true when permission is public" do
+      @rules.set_permission(:home_page)
+      @rules.set_public_access(:home_page)
+      @rules.permission_assigned_automatically?(:home_page).should == true
+    end
+
+    it "should return true when permission is protected" do
+      @rules.set_permission(:home_page)
+      @rules.set_protected_access(:home_page)
+      @rules.permission_assigned_automatically?(:home_page).should == true
+    end
+
+    it "should return false when permission is not public" do
+      @rules.set_permission(:home_page)
+      @rules.permission_assigned_automatically?(:home_page).should == false
+    end
+  end
+
+  describe "#get_user_groups" do
+    it "should return array of user group names as symbols" do
+      @rules.set_permission(:user_management)
+      @rules.set_user_group(:security_management, :user_management)
+      @rules.get_user_groups.should == [:security_management]
+    end
+  end
+
+  describe "#user_group_exists?" do
+    it "should return true if user_group exists" do
+      @rules.set_user_group(:user_management, :some_perm)
+      @rules.user_group_exists?(:user_management).should be_true
+    end
+
+    it "should return false if user_group does not exist" do
+      @rules.user_group_exists?(:user_management).should be_false
+    end
+  end
+
+  describe "#make_user_administrator" do
+    it "should add admin to user groups" do
+      ugc = mock('user_group_class',:find_or_create_by_name => :admin)
+      Lockdown.should_receive(:user_group_class).and_return(ugc)
+
+      usr = mock('user', :user_groups => [])
+
+      @rules.make_user_administrator(usr).should include(:admin)
+    end
+  end
+
+  describe "#access_rights_for_user" do
+    it "should array of rights for user who is not an admin" do
+      @rules.should_receive(:administrator?).and_return(false)
+
+      @rules.set_permission(:register_account).
+        with_controller(:users).
+        only_methods(:new, :create)
+
+      @rules.set_public_access(:register_account)
+
+      perm = @rules.set_permission(:perm_one).
+        with_controller("a_controller").
+        only_methods("show","edit","update")
+
+      ug = @rules.set_user_group(:ug_one, :perm_one)
+
+      @rules.should_receive(:set_model_access)
+      @rules.process_rules
+
+      usr = mock('user', :user_groups => [:ug_one])
+
+      @rules.access_rights_for_user(usr).
+        should == ["users/new", "users/create", "a_controller/show", "a_controller/edit", "a_controller/update"]
+    end
+  end
+
+  describe "#access_rights_for_user_group" do
+    it "should return array of rights for user_group" do
+      perm = @rules.set_permission(:perm_one).
+        with_controller("a_controller").
+        only_methods("show","edit","update")
+
+      ug = @rules.set_user_group(:ug_one, :perm_one)
+
+      @rules.should_receive(:set_model_access)
+      @rules.process_rules
+
+      @rules.access_rights_for_user_group(:ug_one).
+        should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
+    end
+  end
+
+  describe "#access_rights_for_permission" do
+    it "should return array of rights for permission" do
+
+      perm = @rules.set_permission(:perm_one).
+        with_controller("a_controller").
+        only_methods("show","edit","update")
+
+      @rules.should_receive(:set_model_access)
+      @rules.process_rules
+
+      @rules.access_rights_for_permission(perm).
+        should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
+    end
+  end
+
+  describe "#standard_authorized_user_rights" do
+    it "should receive public_access + protected_access" do
+      @rules.set_permission(:register_account).
+        with_controller(:users).
+        only_methods(:new, :create)
+
+      @rules.set_permission(:my_profile).
+        with_controller(:users).
+        only_methods(:show, :edit, :update)
+      
+
+      @rules.set_public_access(:register_account)
+      @rules.set_protected_access(:my_profile)
+
+      @rules.should_receive(:set_model_access)
+      @rules.process_rules
+
+      @rules.standard_authorized_user_rights.
+        should == ["users/new", "users/create", "users/show", "users/edit", "users/update"]
+    end
+  end
+
+  describe "#process_rules" do
+    it "should validate user_group permissions" do
+      Lockdown.should_receive(:add_controller_method)
+      
+      @rules.set_user_group(:test_group, :a_perm)
+      error =  "User Group: test_group, permission not found: a_perm"
+
+      lambda{@rules.process_rules}.
+        should raise_error(Lockdown::InvalidRuleAssignment, error)
+    end
+  end
+end

data/spec/lockdown/session_spec.rb

@@ -0,0 +1,125 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+
+class TestAController
+  include Lockdown::Session
+end
+
+describe Lockdown::Session do
+  before do
+    @controller = TestAController.new
+
+    @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
+
+    @session = {:access_rights => @actions, :user_groups => [:collaborator]}
+
+    @controller.stub!(:session).and_return(@session)
+  end
+  
+  describe "access_rights_from_session" do
+    
+    it "should get allowed paths from groups in session" do
+      Lockdown::System.stub!(:permissions).and_return({:post_r => %w(posts/index posts/show), :post_w => %w(posts/new posts/edit posts/create posts/update posts/destroy)})
+      Lockdown::System.stub!(:user_groups).and_return({:collaborator => [:post_r, :post_w]})
+      
+      @controller.send(:access_rights_from_session).should == @actions
+    end
+    
+  end
+  
+  describe "#logged_in?" do
+    it "should return false withou current_user_id" do
+      @controller.send(:logged_in?).should == false
+    end
+  end
+
+  describe "#current_user_id" do
+    it "should return false withou current_user_id" do
+      @session[:current_user_id] = 2
+      @controller.send(:current_user_id).should == 2
+    end
+  end
+
+  describe "#nil_lockdown_values" do
+    it "should nil access_rights" do
+      @controller.send :nil_lockdown_values
+      @session[:access_rights].should == nil
+    end
+  end
+
+  describe "#current_user_access_in_group?" do
+    it "should return true if current user is admin" do
+      @actions = :all
+      @session = {:access_rights => @actions}
+      @controller.stub!(:session).and_return(@session)
+
+      @controller.send(:current_user_access_in_group?,:group).should == true
+    end
+
+    it "should return true if current_user has access" do
+      user_groups = {:public_group => [:public_access]}
+      hash  = {:public_access => ["posts/index", "posts/show"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+
+      Lockdown::System.stub!(:user_groups).and_return(user_groups)
+      @controller.send(:current_user_access_in_group?,:public_group).should be_true
+    end
+
+    it "should return false if current_user has access" do
+      user_groups = {:public_group => [:public_access]}
+      hash  = {:public_access => ["books/edit", "books/update"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+
+      Lockdown::System.stub!(:user_groups).and_return(user_groups)
+      @controller.send(:current_user_access_in_group?,:public_group).should be_false
+    end
+  end
+
+  describe "#current_user_is_admin?" do
+    it "should return true if access_rights == :all" do
+      @actions = :all
+      @session = {:access_rights => @actions}
+      @controller.stub!(:session).and_return(@session)
+
+      @controller.send(:current_user_is_admin?).should == true
+    end
+  end
+
+  describe "#add_lockdown_session_values" do
+    it "should set the access_rights from the user list" do
+      #array  = ["posts/index", "posts/show"]
+      #Lockdown::System.stub!(:access_rights_for_user).and_return(array)
+      user_groups = [:contributor, :collaborator]
+      @controller.stub!(:groups_for_user).and_return(user_groups)
+      usr = mock('user')
+      usr.should_receive(:id).and_return(1234)
+      @controller.send(:add_lockdown_session_values, usr)
+      @session[:user_groups].should == user_groups
+    end
+  end
+
+
+  describe "#access_in_perm" do
+    it "should return false if permissions nil" do
+      Lockdown::System.stub!(:permissions).and_return({})
+      @controller.send(:access_in_perm?,:dummy).should be_false
+    end
+
+    it "should return true if permission found" do
+      hash  = {:public => ["posts/index", "posts/show"]}
+      Lockdown::System.stub!(:permissions).and_return(hash)
+      @controller.send(:access_in_perm?,:public).should be_true
+    end
+  end
+
+  describe "#session_access_rights_include?" do
+    it "should return true for posts/index" do
+      @controller.send(:session_access_rights_include?,'posts/index').
+        should == true
+    end
+
+    it "should return false for pages/index" do
+      @controller.send(:session_access_rights_include?,'pages/index').
+        should == false
+    end
+  end
+end

data/spec/lockdown/system_spec.rb

@@ -0,0 +1,51 @@
+require File.join(File.dirname(__FILE__), %w[.. spec_helper])
+require File.join(File.dirname(__FILE__), %w[.. .. lib lockdown rules])
+
+describe Lockdown::System do
+  it "should fetch the option" do
+    Lockdown::System.options = {}
+    Lockdown::System.options['test'] = "my test"
+    Lockdown::System.fetch('test').should == "my test"
+  end
+  
+  describe "#configure" do
+    it "should call the methods responsible for defining the rules" do
+      Lockdown::System.stub!(:skip_sync?).and_return(false)
+
+      Lockdown::System.should_receive :set_defaults 
+ 
+      Lockdown::System.should_receive :instance_eval
+ 
+      Lockdown::System.should_receive :process_rules
+ 
+      #Lockdown::Database.should_receive :sync_with_db 
+     
+      Lockdown.should_receive :caching?
+
+      Lockdown::System.configure do
+      end
+    end
+  end
+
+  describe "#paths_for" do
+    it "should join the str_sym to the methods" do 
+      Lockdown::System.paths_for(:users, :show, :edit).
+        should == ["users/show", "users/edit"]
+    end
+
+    it "should add users to the array if access is granted on index" do 
+      Lockdown::System.paths_for(:users, :index, :show, :edit).
+        should == ["users/index", "users/show", "users/edit", "users"]
+    end
+
+    it "should build the paths from the controller class if no methods specified" do
+      methods = ["new","edit","create","update"]
+      Lockdown.stub!(:fetch_controller_class)
+      Lockdown::System.stub!(:available_actions).
+        and_return(methods)
+
+      Lockdown::System.paths_for(:users).
+        should == ["users/new","users/edit","users/create","users/update"]
+    end
+  end
+end

data/spec/lockdown_spec.rb

@@ -0,0 +1,19 @@
+require File.join(File.dirname(__FILE__), 'spec_helper')
+
+describe Lockdown do
+  before do
+    Lockdown.stub!(:version).and_return('1.2.3')
+  end
+
+  it "should return the correct major version" do
+    Lockdown.major_version.should equal(1)
+  end
+
+  it "should return the correct minor version" do
+    Lockdown.minor_version.should equal(2)
+  end
+
+  it "should return the correct patch version" do
+    Lockdown.patch_version.should equal(3)
+  end
+end

data/spec/rcov.opts

@@ -0,0 +1,5 @@
+--text-summary
+--exclude
+  json,FakeWeb,rcov.rb,rspec,spec
+--sort
+  coverage