patrick-lockdown 2.0.4.1

data/test/helper.rb

@@ -0,0 +1,10 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'minitest/unit'
+
+MiniTest::Unit.autorun
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+
+require 'lockdown'

data/test/lockdown/test_access.rb

@@ -0,0 +1,80 @@
+require 'helper'
+
+class TestLockdownAccess < MiniTest::Unit::TestCase
+  include Lockdown::Access
+
+  def teardown
+    Lockdown::Configuration.reset
+  end
+
+  def test_model_responds_to_permission
+    assert_respond_to self, :permission
+  end
+
+  def test_permission_with_single_resource
+    perm = permission(:my_perm) do 
+              resource :my_resource
+           end
+
+    resource = perm.resources.first
+    assert_equal 'my_resource', resource.name
+    assert_equal "\/my_resource(\/.*)?", resource.regex_pattern
+  end
+
+  def test_permission_without_block
+    perm = permission(:users) 
+
+    resource = perm.resources.first
+    assert_equal 'users', resource.name
+    assert_equal "\/users(\/.*)?", resource.regex_pattern
+  end
+
+  def test_public_access
+    permission(:site)
+    public_access :site
+
+    assert_equal Lockdown::Configuration.public_access, "(\/site(\/.*)?)"
+  end
+
+  def test_public_access_with_multiple_permissions
+    permission(:site)
+    permission(:registration)
+    permission(:view_posts)
+    public_access :site, :registration, :view_posts
+
+    assert_equal Lockdown::Configuration.public_access, 
+      "(\/site(\/.*)?)|(\/registration(\/.*)?)|(\/view_posts(\/.*)?)"
+  end
+
+  def test_protected_access
+    permission(:my_account)
+    protected_access :my_account
+
+    assert_equal Lockdown::Configuration.protected_access, "(\/my_account(\/.*)?)"
+  end
+
+  def test_protected_access_with_multiple_permissions
+    permission(:my_account)
+    permission(:edit_posts)
+    protected_access :my_account, :edit_posts
+
+    assert_equal Lockdown::Configuration.protected_access, 
+      "(\/my_account(\/.*)?)|(\/edit_posts(\/.*)?)"
+  end
+
+  def test_user_group
+    permission(:site)
+    permission(:registration)
+    permission(:view_posts)
+    user_group(:all, :site, :registration, :view_posts)
+
+    ug =  Lockdown::Configuration.find_or_create_user_group(:all)
+
+    assert_equal 'all', ug.name
+
+    assert_equal 'view_posts', ug.permissions.pop.name
+    assert_equal 'registration', ug.permissions.pop.name
+    assert_equal 'site', ug.permissions.pop.name
+  end
+
+end

data/test/lockdown/test_configuration.rb

@@ -0,0 +1,195 @@
+require 'helper'
+
+class Authorization
+  include Lockdown::Access
+end
+
+class TestLockdownConfiguration < MiniTest::Unit::TestCase
+
+  def setup
+    @config = Lockdown::Configuration
+  end
+
+  def teardown
+    Lockdown::Configuration.reset
+  end
+
+  def test_initial_state
+    assert_equal false, @config.configured
+    assert_equal "", @config.public_access
+    assert_equal "", @config.protected_access
+    assert_equal [], @config.permissions
+    assert_equal [], @config.user_groups
+
+    assert_equal :current_user_id, @config.who_did_it
+    assert_equal 1, @config.default_who_did_it
+
+    assert_equal "/", @config.access_denied_path
+    assert_equal "/", @config.successful_login_path
+    assert_equal false, @config.logout_on_access_violation
+
+    assert_equal "|", @config.link_separator
+
+    assert_equal "UserGroup", @config.user_group_model
+    assert_equal "User", @config.user_model
+
+    assert_equal ['test'] , @config.skip_db_sync_in
+    assert_nil @config.subdirectory
+  end
+
+  def test_authenticated_access
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('users')
+
+    Authorization.public_access('home', 'faq')
+    Authorization.protected_access('users')
+
+    assert_equal "(/home(/.*)?)|(/faq(/.*)?)|(/users(/.*)?)", @config.authenticated_access
+  end
+
+  def test_permission
+    Authorization.permission('home')
+    Authorization.permission('faq')
+
+    perm  = Lockdown::Permission.new('home')
+
+    assert_equal perm.name, @config.permission('home').name
+
+    assert_raises(Lockdown::PermissionNotFound){ @config.permission('delta') }
+  end
+
+  def test_make_permission_public
+    Authorization.permission('home')
+
+    @config.make_permission_public('home')
+
+    perm = @config.permission('home')
+
+    assert_equal true, perm.public?
+  end
+
+  def test_has_permission
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    perm  = Lockdown::Permission.new('home')
+    perm2 = Lockdown::Permission.new('homey')
+
+    assert_equal true, @config.has_permission?(perm)
+
+    assert_equal false, @config.has_permission?(perm2)
+  end
+
+  def test_permission_names
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    assert_equal 'about', @config.permissions.pop.name
+    assert_equal 'faq', @config.permissions.pop.name
+    assert_equal 'home', @config.permissions.pop.name
+
+    assert_equal true, @config.permissions.empty?
+  end
+
+  def test_permission_assigned_automatically
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('users')
+
+    Authorization.public_access('home', 'faq')
+
+    assert_equal true, @config.permission_assigned_automatically?('home')
+    assert_equal true, @config.permission_assigned_automatically?('faq')
+    assert_equal false, @config.permission_assigned_automatically?('users')
+  end
+
+  def test_user_group
+    Authorization.permission('home')
+    Authorization.permission('faq')
+
+    Authorization.user_group 'all', 'home', 'faq'
+
+    ug =  @config.user_group('all')
+
+    assert_equal 'faq', ug.permissions.pop.name
+    assert_equal 'home',ug.permissions.pop.name
+  end
+
+  def test_maybe_add_user_group
+    Authorization.permission('home')
+    Authorization.permission('faq')
+
+    Authorization.user_group 'all', 'home', 'faq'
+    groups_1 = @config.user_groups
+
+    Authorization.user_group 'all', 'home', 'faq'
+    groups_2 = @config.user_groups
+
+    assert_equal groups_1, groups_2
+  end
+
+  def test_find_or_create_user_group
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    Authorization.user_group 'testone', 'home', 'faq', 'about'
+
+    ug = @config.find_or_create_user_group('testone')
+
+    assert_equal 'testone', ug.name
+
+    assert_equal 'about', ug.permissions.pop.name
+    assert_equal 'faq', ug.permissions.pop.name
+    assert_equal 'home', ug.permissions.pop.name
+
+    assert_equal true, ug.permissions.empty?
+
+    ug2 = @config.find_or_create_user_group('testtwo')
+
+    assert_equal 'testtwo', ug2.name
+    assert_equal true, ug2.permissions.empty?
+  end
+
+  def test_user_group_names
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    Authorization.user_group 'testone', 'home'
+    Authorization.user_group 'testtwo', 'faq', 'about'
+
+    assert_equal 'testtwo', @config.user_groups.pop.name
+    assert_equal 'testone', @config.user_groups.pop.name
+
+    assert_equal true, @config.user_groups.empty?
+  end
+
+  def test_user_group_permission_names
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    Authorization.user_group 'testone', 'home'
+    Authorization.user_group 'testtwo', 'faq', 'about'
+
+    assert_equal ['home'], @config.user_group_permissions_names('testone')
+    assert_equal ['faq', 'about'], @config.user_group_permissions_names('testtwo')
+  end
+
+  def test_access_rights_for_permissions
+    Authorization.permission('home')
+    Authorization.permission('faq')
+    Authorization.permission('about')
+
+    assert_equal "((/home(/.*)?))|((/faq(/.*)?))|((/about(/.*)?))",
+      @config.access_rights_for_permissions('home', 'faq', 'about')
+  end
+
+  def test_skip_sync?
+    assert_equal true, @config.skip_sync?
+  end
+end

data/test/lockdown/test_delivery.rb

@@ -0,0 +1,224 @@
+require 'helper'
+
+class Authorization
+  extend Lockdown::Access
+end
+
+class TestLockdown < MiniTest::Unit::TestCase
+
+  def setup
+    Lockdown::Configuration.reset
+  end
+
+  def test_it_allows_uri_without_beginning_slash
+    Authorization.permission :posts
+    Authorization.public_access :posts
+
+    assert_equal true, Lockdown::Delivery.allowed?('posts')
+  end
+
+  def test_it_allows_uri_without_ending_slash
+    Authorization.permission :posts
+    Authorization.public_access :posts
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts')
+  end
+
+  def test_it_allows_uri_with_ending_slash
+    Authorization.permission :posts
+    Authorization.public_access :posts
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/')
+  end
+
+  def test_it_allows_uri_with_action
+    Authorization.permission :posts
+    Authorization.public_access :posts
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/new')
+  end
+
+  def test_it_allows_uri_access_to_only_show
+    Authorization.permission :posts do
+      resource :posts do
+        only :show
+      end
+    end
+    Authorization.public_access :posts
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/show')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/show')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/postsshow')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/posts/')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/posts/edit')
+  end
+
+  def test_it_allows_uri_access_to_all_except_show
+    Authorization.permission :posts do
+      resource :posts do
+        except :show
+      end
+    end
+    Authorization.public_access :posts
+
+    assert_equal false, Lockdown::Delivery.allowed?('/posts/show')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/postsshow')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/edit')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/edit/')
+  end
+
+  def test_it_allows_uri_access_to_create_as_post
+    Authorization.permission :posts do
+      resource :posts do
+        only :new, :create
+      end
+    end
+    Authorization.public_access :posts
+
+
+    assert_equal false, Lockdown::Delivery.allowed?('/posts')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/posts/')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/new')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/new/')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/create')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/create/')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/posts/show')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/posts/show/')
+  end
+
+  def test_it_allows_uri_access_to_update_as_put
+    Authorization.permission :posts do
+      resource :posts do
+        only :show, :edit, :update
+      end
+    end
+    Authorization.public_access :posts
+
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/update')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/update/')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/edit')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/edit/')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/show')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/show/')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/posts/')
+  end
+
+  def test_it_denies_uri_access_to_destroy
+    Authorization.permission :posts do
+      resource :posts do
+        except :destroy
+      end
+    end
+    Authorization.public_access :posts
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/update')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/edit')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/posts/show')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/posts/destroy')
+  end
+
+  def test_it_denies_uri_access_to_new_create_and_destroy
+    Authorization.permission :users do
+      resource :users do
+        except :new, :create, :destroy
+      end
+    end
+    Authorization.public_access :users
+
+    assert_equal true, Lockdown::Delivery.allowed?('/users/show')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/users/new')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/users/create')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/users/destroy')
+  end
+
+  def test_it_denies_index_access_to_resource_assigned_to_administrators
+    Authorization.permission :register_account do
+      resource :users do
+        only :new, :create
+      end
+    end
+    Authorization.public_access :register_account
+
+    Authorization.permission :my_account do
+      resource :users do
+        only :show, :update
+      end
+    end
+    Authorization.protected_access :my_account
+
+    Authorization.permission 'users'
+    Authorization.user_group 'Administrators', 'users'
+
+    assert_equal true, Lockdown::Delivery.allowed?('/users/new')
+    assert_equal true, Lockdown::Delivery.allowed?('/users/create')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/users/')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/users/', Lockdown::Configuration.authenticated_access)
+    assert_equal false, Lockdown::Delivery.allowed?('/users', Lockdown::Configuration.authenticated_access)
+  end
+
+  def test_it_handles_namespaced_routes_correctly
+    Authorization.permission :posts
+    Authorization.permission :users
+    Authorization.public_access :posts, :users
+
+    Authorization.permission :protected_users do
+      resource 'nested/users'
+    end
+    Authorization.protected_access :protected_users
+
+    assert_equal true, Lockdown::Delivery.allowed?('/users')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/nested/users')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/users', Lockdown::Configuration.authenticated_access)
+    assert_equal true, Lockdown::Delivery.allowed?('/nested/users', Lockdown::Configuration.authenticated_access)
+  end
+
+  def test_it_matches_exact_paths_only
+    Authorization.permission :users
+    Authorization.public_access :users
+
+    Authorization.permission :users_that_should_be_protected
+    Authorization.protected_access :users_that_should_be_protected
+
+    assert_equal true, Lockdown::Delivery.allowed?('/users')
+
+    assert_equal false, Lockdown::Delivery.allowed?('/users_that_should_be_protected')
+
+    assert_equal true, Lockdown::Delivery.allowed?('/users', Lockdown::Configuration.authenticated_access)
+    assert_equal true, Lockdown::Delivery.allowed?('/users_that_should_be_protected', Lockdown::Configuration.authenticated_access)
+  end
+end