lockdown_vail 1.6.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. data/.gitignore +6 -0
  2. data/README.txt +36 -0
  3. data/Rakefile +38 -0
  4. data/VERSION +1 -0
  5. data/lib/lockdown/context.rb +41 -0
  6. data/lib/lockdown/database.rb +41 -0
  7. data/lib/lockdown/errors.rb +11 -0
  8. data/lib/lockdown/frameworks/rails/controller.rb +187 -0
  9. data/lib/lockdown/frameworks/rails/view.rb +50 -0
  10. data/lib/lockdown/frameworks/rails.rb +114 -0
  11. data/lib/lockdown/helper.rb +111 -0
  12. data/lib/lockdown/orms/active_record.rb +68 -0
  13. data/lib/lockdown/permission.rb +222 -0
  14. data/lib/lockdown/references.rb +19 -0
  15. data/lib/lockdown/rspec_helper.rb +114 -0
  16. data/lib/lockdown/rules.rb +372 -0
  17. data/lib/lockdown/session.rb +66 -0
  18. data/lib/lockdown/system.rb +58 -0
  19. data/lib/lockdown.rb +87 -0
  20. data/lockdown.gemspec +118 -0
  21. data/lockdown_vail.gemspec +120 -0
  22. data/rails_generators/lockdown/lockdown_generator.rb +274 -0
  23. data/rails_generators/lockdown/templates/app/controllers/permissions_controller.rb +22 -0
  24. data/rails_generators/lockdown/templates/app/controllers/sessions_controller.rb +39 -0
  25. data/rails_generators/lockdown/templates/app/controllers/user_groups_controller.rb +122 -0
  26. data/rails_generators/lockdown/templates/app/controllers/users_controller.rb +117 -0
  27. data/rails_generators/lockdown/templates/app/helpers/permissions_helper.rb +2 -0
  28. data/rails_generators/lockdown/templates/app/helpers/user_groups_helper.rb +2 -0
  29. data/rails_generators/lockdown/templates/app/helpers/users_helper.rb +2 -0
  30. data/rails_generators/lockdown/templates/app/models/permission.rb +13 -0
  31. data/rails_generators/lockdown/templates/app/models/profile.rb +10 -0
  32. data/rails_generators/lockdown/templates/app/models/user.rb +95 -0
  33. data/rails_generators/lockdown/templates/app/models/user_group.rb +15 -0
  34. data/rails_generators/lockdown/templates/app/views/permissions/index.html.erb +16 -0
  35. data/rails_generators/lockdown/templates/app/views/permissions/show.html.erb +26 -0
  36. data/rails_generators/lockdown/templates/app/views/sessions/new.html.erb +12 -0
  37. data/rails_generators/lockdown/templates/app/views/user_groups/edit.html.erb +33 -0
  38. data/rails_generators/lockdown/templates/app/views/user_groups/index.html.erb +20 -0
  39. data/rails_generators/lockdown/templates/app/views/user_groups/new.html.erb +31 -0
  40. data/rails_generators/lockdown/templates/app/views/user_groups/show.html.erb +29 -0
  41. data/rails_generators/lockdown/templates/app/views/users/edit.html.erb +51 -0
  42. data/rails_generators/lockdown/templates/app/views/users/index.html.erb +22 -0
  43. data/rails_generators/lockdown/templates/app/views/users/new.html.erb +50 -0
  44. data/rails_generators/lockdown/templates/app/views/users/show.html.erb +33 -0
  45. data/rails_generators/lockdown/templates/config/initializers/lockit.rb +1 -0
  46. data/rails_generators/lockdown/templates/db/migrate/create_admin_user.rb +17 -0
  47. data/rails_generators/lockdown/templates/db/migrate/create_permissions.rb +19 -0
  48. data/rails_generators/lockdown/templates/db/migrate/create_profiles.rb +26 -0
  49. data/rails_generators/lockdown/templates/db/migrate/create_user_groups.rb +19 -0
  50. data/rails_generators/lockdown/templates/db/migrate/create_users.rb +17 -0
  51. data/rails_generators/lockdown/templates/lib/lockdown/README +42 -0
  52. data/rails_generators/lockdown/templates/lib/lockdown/init.rb +136 -0
  53. data/spec/lockdown/context_spec.rb +191 -0
  54. data/spec/lockdown/database_spec.rb +66 -0
  55. data/spec/lockdown/frameworks/rails/controller_spec.rb +240 -0
  56. data/spec/lockdown/frameworks/rails/view_spec.rb +87 -0
  57. data/spec/lockdown/frameworks/rails_spec.rb +163 -0
  58. data/spec/lockdown/permission_spec.rb +156 -0
  59. data/spec/lockdown/rspec_helper_spec.rb +41 -0
  60. data/spec/lockdown/rules_spec.rb +245 -0
  61. data/spec/lockdown/session_spec.rb +125 -0
  62. data/spec/lockdown/system_spec.rb +51 -0
  63. data/spec/lockdown_spec.rb +19 -0
  64. data/spec/rcov.opts +5 -0
  65. data/spec/spec.opts +3 -0
  66. data/spec/spec_helper.rb +8 -0
  67. metadata +140 -0
@@ -0,0 +1,245 @@
1
+ require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
+
3
+ class TestSystem; extend Lockdown::Rules; end
4
+
5
+ describe Lockdown::Rules do
6
+ before do
7
+ @rules = TestSystem
8
+ @rules.set_defaults
9
+ end
10
+
11
+ describe "#set_permission" do
12
+ it "should create and return a Permission object" do
13
+ @rules.set_permission(:user_management).
14
+ should == Lockdown::Permission.new(:user_management)
15
+ end
16
+ end
17
+
18
+ describe "#set_public_access" do
19
+ it "should define the permission as public" do
20
+ @rules.set_permission(:home_page)
21
+ @rules.set_public_access(:home_page)
22
+ perm = @rules.permission_objects.find{|name, object| name == :home_page}
23
+ perm[1].public_access?.should be_true
24
+ end
25
+
26
+ it "should raise and InvalidRuleAssignment if permission does not exist" do
27
+ msg = "Permission not found: toy_management"
28
+
29
+ @rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
30
+
31
+ @rules.set_public_access(:toy_management)
32
+ end
33
+ end
34
+
35
+ describe "#public_access?" do
36
+ it "should return true when permission is public" do
37
+ @rules.set_permission(:home_page)
38
+ @rules.set_public_access(:home_page)
39
+ @rules.public_access?(:home_page).should == true
40
+ end
41
+
42
+ it "should return false when permission is not public" do
43
+ @rules.set_permission(:home_page)
44
+ @rules.set_protected_access(:home_page)
45
+ @rules.public_access?(:home_page).should == false
46
+ end
47
+ end
48
+
49
+ describe "#set_protected_access" do
50
+ it "should define the permission as protected" do
51
+ @rules.set_permission(:user_management)
52
+ @rules.set_protected_access(:user_management)
53
+ perm = @rules.permission_objects.find{|name, object| name == :user_management}
54
+ perm[1].protected_access?.should be_true
55
+ end
56
+
57
+ it "should raise and InvalidRuleAssignment if permission does not exist" do
58
+ msg = "Permission not found: user_management"
59
+
60
+ @rules.should_receive(:raise).with(Lockdown::InvalidRuleAssignment, msg)
61
+
62
+ @rules.set_protected_access(:user_management)
63
+ end
64
+ end
65
+
66
+ describe "#protected_access?" do
67
+ it "should return true when permission is protected" do
68
+ @rules.set_permission(:home_page)
69
+ @rules.set_protected_access(:home_page)
70
+ @rules.protected_access?(:home_page).should == true
71
+ end
72
+
73
+ it "should return false when permission is not protected" do
74
+ @rules.set_permission(:home_page)
75
+ @rules.set_public_access(:home_page)
76
+ @rules.protected_access?(:home_page).should == false
77
+ end
78
+ end
79
+
80
+ describe "#get_permissions" do
81
+ it "should return array of permission names as symbols" do
82
+ Lockdown.should_receive(:add_controller_method)
83
+
84
+ @rules.set_permission(:home_page)
85
+ @rules.set_permission(:user_management)
86
+ @rules.process_rules
87
+ @rules.get_permissions.should include(:home_page)
88
+ @rules.get_permissions.should include(:user_management)
89
+ end
90
+ end
91
+
92
+ describe "#permission_exists?" do
93
+ it "should return true if permission exists" do
94
+ Lockdown.should_receive(:add_controller_method)
95
+
96
+ @rules.set_permission(:home_page)
97
+ @rules.process_rules
98
+ @rules.permission_exists?(:home_page).should be_true
99
+ end
100
+
101
+ it "should return false if permission does not exist" do
102
+ @rules.permission_exists?(:home_page).should be_false
103
+ end
104
+ end
105
+
106
+ describe "#permission_assigned_automatically?" do
107
+ it "should return true when permission is public" do
108
+ @rules.set_permission(:home_page)
109
+ @rules.set_public_access(:home_page)
110
+ @rules.permission_assigned_automatically?(:home_page).should == true
111
+ end
112
+
113
+ it "should return true when permission is protected" do
114
+ @rules.set_permission(:home_page)
115
+ @rules.set_protected_access(:home_page)
116
+ @rules.permission_assigned_automatically?(:home_page).should == true
117
+ end
118
+
119
+ it "should return false when permission is not public" do
120
+ @rules.set_permission(:home_page)
121
+ @rules.permission_assigned_automatically?(:home_page).should == false
122
+ end
123
+ end
124
+
125
+ describe "#get_user_groups" do
126
+ it "should return array of user group names as symbols" do
127
+ @rules.set_permission(:user_management)
128
+ @rules.set_user_group(:security_management, :user_management)
129
+ @rules.get_user_groups.should == [:security_management]
130
+ end
131
+ end
132
+
133
+ describe "#user_group_exists?" do
134
+ it "should return true if user_group exists" do
135
+ @rules.set_user_group(:user_management, :some_perm)
136
+ @rules.user_group_exists?(:user_management).should be_true
137
+ end
138
+
139
+ it "should return false if user_group does not exist" do
140
+ @rules.user_group_exists?(:user_management).should be_false
141
+ end
142
+ end
143
+
144
+ describe "#make_user_administrator" do
145
+ it "should add admin to user groups" do
146
+ ugc = mock('user_group_class',:find_or_create_by_name => :admin)
147
+ Lockdown.should_receive(:user_group_class).and_return(ugc)
148
+
149
+ usr = mock('user', :user_groups => [])
150
+
151
+ @rules.make_user_administrator(usr).should include(:admin)
152
+ end
153
+ end
154
+
155
+ describe "#access_rights_for_user" do
156
+ it "should array of rights for user who is not an admin" do
157
+ @rules.should_receive(:administrator?).and_return(false)
158
+
159
+ @rules.set_permission(:register_account).
160
+ with_controller(:users).
161
+ only_methods(:new, :create)
162
+
163
+ @rules.set_public_access(:register_account)
164
+
165
+ perm = @rules.set_permission(:perm_one).
166
+ with_controller("a_controller").
167
+ only_methods("show","edit","update")
168
+
169
+ ug = @rules.set_user_group(:ug_one, :perm_one)
170
+
171
+ @rules.should_receive(:set_model_access)
172
+ @rules.process_rules
173
+
174
+ usr = mock('user', :user_groups => [:ug_one])
175
+
176
+ @rules.access_rights_for_user(usr).
177
+ should == ["users/new", "users/create", "a_controller/show", "a_controller/edit", "a_controller/update"]
178
+ end
179
+ end
180
+
181
+ describe "#access_rights_for_user_group" do
182
+ it "should return array of rights for user_group" do
183
+ perm = @rules.set_permission(:perm_one).
184
+ with_controller("a_controller").
185
+ only_methods("show","edit","update")
186
+
187
+ ug = @rules.set_user_group(:ug_one, :perm_one)
188
+
189
+ @rules.should_receive(:set_model_access)
190
+ @rules.process_rules
191
+
192
+ @rules.access_rights_for_user_group(:ug_one).
193
+ should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
194
+ end
195
+ end
196
+
197
+ describe "#access_rights_for_permission" do
198
+ it "should return array of rights for permission" do
199
+
200
+ perm = @rules.set_permission(:perm_one).
201
+ with_controller("a_controller").
202
+ only_methods("show","edit","update")
203
+
204
+ @rules.should_receive(:set_model_access)
205
+ @rules.process_rules
206
+
207
+ @rules.access_rights_for_permission(perm).
208
+ should == ["a_controller/show", "a_controller/edit", "a_controller/update"]
209
+ end
210
+ end
211
+
212
+ describe "#standard_authorized_user_rights" do
213
+ it "should receive public_access + protected_access" do
214
+ @rules.set_permission(:register_account).
215
+ with_controller(:users).
216
+ only_methods(:new, :create)
217
+
218
+ @rules.set_permission(:my_profile).
219
+ with_controller(:users).
220
+ only_methods(:show, :edit, :update)
221
+
222
+
223
+ @rules.set_public_access(:register_account)
224
+ @rules.set_protected_access(:my_profile)
225
+
226
+ @rules.should_receive(:set_model_access)
227
+ @rules.process_rules
228
+
229
+ @rules.standard_authorized_user_rights.
230
+ should == ["users/new", "users/create", "users/show", "users/edit", "users/update"]
231
+ end
232
+ end
233
+
234
+ describe "#process_rules" do
235
+ it "should validate user_group permissions" do
236
+ Lockdown.should_receive(:add_controller_method)
237
+
238
+ @rules.set_user_group(:test_group, :a_perm)
239
+ error = "User Group: test_group, permission not found: a_perm"
240
+
241
+ lambda{@rules.process_rules}.
242
+ should raise_error(Lockdown::InvalidRuleAssignment, error)
243
+ end
244
+ end
245
+ end
@@ -0,0 +1,125 @@
1
+ require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
+
3
+ class TestAController
4
+ include Lockdown::Session
5
+ end
6
+
7
+ describe Lockdown::Session do
8
+ before do
9
+ @controller = TestAController.new
10
+
11
+ @actions = %w(posts/index posts/show posts/new posts/edit posts/create posts/update posts/destroy)
12
+
13
+ @session = {:access_rights => @actions, :user_groups => [:collaborator]}
14
+
15
+ @controller.stub!(:session).and_return(@session)
16
+ end
17
+
18
+ describe "access_rights_from_session" do
19
+
20
+ it "should get allowed paths from groups in session" do
21
+ Lockdown::System.stub!(:permissions).and_return({:post_r => %w(posts/index posts/show), :post_w => %w(posts/new posts/edit posts/create posts/update posts/destroy)})
22
+ Lockdown::System.stub!(:user_groups).and_return({:collaborator => [:post_r, :post_w]})
23
+
24
+ @controller.send(:access_rights_from_session).should == @actions
25
+ end
26
+
27
+ end
28
+
29
+ describe "#logged_in?" do
30
+ it "should return false withou current_user_id" do
31
+ @controller.send(:logged_in?).should == false
32
+ end
33
+ end
34
+
35
+ describe "#current_user_id" do
36
+ it "should return false withou current_user_id" do
37
+ @session[:current_user_id] = 2
38
+ @controller.send(:current_user_id).should == 2
39
+ end
40
+ end
41
+
42
+ describe "#nil_lockdown_values" do
43
+ it "should nil access_rights" do
44
+ @controller.send :nil_lockdown_values
45
+ @session[:access_rights].should == nil
46
+ end
47
+ end
48
+
49
+ describe "#current_user_access_in_group?" do
50
+ it "should return true if current user is admin" do
51
+ @actions = :all
52
+ @session = {:access_rights => @actions}
53
+ @controller.stub!(:session).and_return(@session)
54
+
55
+ @controller.send(:current_user_access_in_group?,:group).should == true
56
+ end
57
+
58
+ it "should return true if current_user has access" do
59
+ user_groups = {:public_group => [:public_access]}
60
+ hash = {:public_access => ["posts/index", "posts/show"]}
61
+ Lockdown::System.stub!(:permissions).and_return(hash)
62
+
63
+ Lockdown::System.stub!(:user_groups).and_return(user_groups)
64
+ @controller.send(:current_user_access_in_group?,:public_group).should be_true
65
+ end
66
+
67
+ it "should return false if current_user has access" do
68
+ user_groups = {:public_group => [:public_access]}
69
+ hash = {:public_access => ["books/edit", "books/update"]}
70
+ Lockdown::System.stub!(:permissions).and_return(hash)
71
+
72
+ Lockdown::System.stub!(:user_groups).and_return(user_groups)
73
+ @controller.send(:current_user_access_in_group?,:public_group).should be_false
74
+ end
75
+ end
76
+
77
+ describe "#current_user_is_admin?" do
78
+ it "should return true if access_rights == :all" do
79
+ @actions = :all
80
+ @session = {:access_rights => @actions}
81
+ @controller.stub!(:session).and_return(@session)
82
+
83
+ @controller.send(:current_user_is_admin?).should == true
84
+ end
85
+ end
86
+
87
+ describe "#add_lockdown_session_values" do
88
+ it "should set the access_rights from the user list" do
89
+ #array = ["posts/index", "posts/show"]
90
+ #Lockdown::System.stub!(:access_rights_for_user).and_return(array)
91
+ user_groups = [:contributor, :collaborator]
92
+ @controller.stub!(:groups_for_user).and_return(user_groups)
93
+ usr = mock('user')
94
+ usr.should_receive(:id).and_return(1234)
95
+ @controller.send(:add_lockdown_session_values, usr)
96
+ @session[:user_groups].should == user_groups
97
+ end
98
+ end
99
+
100
+
101
+ describe "#access_in_perm" do
102
+ it "should return false if permissions nil" do
103
+ Lockdown::System.stub!(:permissions).and_return({})
104
+ @controller.send(:access_in_perm?,:dummy).should be_false
105
+ end
106
+
107
+ it "should return true if permission found" do
108
+ hash = {:public => ["posts/index", "posts/show"]}
109
+ Lockdown::System.stub!(:permissions).and_return(hash)
110
+ @controller.send(:access_in_perm?,:public).should be_true
111
+ end
112
+ end
113
+
114
+ describe "#session_access_rights_include?" do
115
+ it "should return true for posts/index" do
116
+ @controller.send(:session_access_rights_include?,'posts/index').
117
+ should == true
118
+ end
119
+
120
+ it "should return false for pages/index" do
121
+ @controller.send(:session_access_rights_include?,'pages/index').
122
+ should == false
123
+ end
124
+ end
125
+ end
@@ -0,0 +1,51 @@
1
+ require File.join(File.dirname(__FILE__), %w[.. spec_helper])
2
+ require File.join(File.dirname(__FILE__), %w[.. .. lib lockdown rules])
3
+
4
+ describe Lockdown::System do
5
+ it "should fetch the option" do
6
+ Lockdown::System.options = {}
7
+ Lockdown::System.options['test'] = "my test"
8
+ Lockdown::System.fetch('test').should == "my test"
9
+ end
10
+
11
+ describe "#configure" do
12
+ it "should call the methods responsible for defining the rules" do
13
+ Lockdown::System.stub!(:skip_sync?).and_return(false)
14
+
15
+ Lockdown::System.should_receive :set_defaults
16
+
17
+ Lockdown::System.should_receive :instance_eval
18
+
19
+ Lockdown::System.should_receive :process_rules
20
+
21
+ #Lockdown::Database.should_receive :sync_with_db
22
+
23
+ Lockdown.should_receive :caching?
24
+
25
+ Lockdown::System.configure do
26
+ end
27
+ end
28
+ end
29
+
30
+ describe "#paths_for" do
31
+ it "should join the str_sym to the methods" do
32
+ Lockdown::System.paths_for(:users, :show, :edit).
33
+ should == ["users/show", "users/edit"]
34
+ end
35
+
36
+ it "should add users to the array if access is granted on index" do
37
+ Lockdown::System.paths_for(:users, :index, :show, :edit).
38
+ should == ["users/index", "users/show", "users/edit", "users"]
39
+ end
40
+
41
+ it "should build the paths from the controller class if no methods specified" do
42
+ methods = ["new","edit","create","update"]
43
+ Lockdown.stub!(:fetch_controller_class)
44
+ Lockdown::System.stub!(:available_actions).
45
+ and_return(methods)
46
+
47
+ Lockdown::System.paths_for(:users).
48
+ should == ["users/new","users/edit","users/create","users/update"]
49
+ end
50
+ end
51
+ end
@@ -0,0 +1,19 @@
1
+ require File.join(File.dirname(__FILE__), 'spec_helper')
2
+
3
+ describe Lockdown do
4
+ before do
5
+ Lockdown.stub!(:version).and_return('1.2.3')
6
+ end
7
+
8
+ it "should return the correct major version" do
9
+ Lockdown.major_version.should equal(1)
10
+ end
11
+
12
+ it "should return the correct minor version" do
13
+ Lockdown.minor_version.should equal(2)
14
+ end
15
+
16
+ it "should return the correct patch version" do
17
+ Lockdown.patch_version.should equal(3)
18
+ end
19
+ end
data/spec/rcov.opts ADDED
@@ -0,0 +1,5 @@
1
+ --text-summary
2
+ --exclude
3
+ json,FakeWeb,rcov.rb,rspec,spec
4
+ --sort
5
+ coverage