pebblebed 0.0.43 → 0.0.44
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +1 -0
- data/lib/pebblebed/sinatra.rb +9 -0
- data/lib/pebblebed/version.rb +1 -1
- data/spec/sinatra_spec.rb +48 -0
- metadata +3 -3
data/README.md
CHANGED
|
@@ -57,6 +57,7 @@ Other helper methods provided by this extension:
|
|
|
57
57
|
require_identity # Halts with 403 if there is no current user
|
|
58
58
|
require_god # Halts with 403 if the current user is not a god
|
|
59
59
|
require_access_to_path(path) # Halts with 403 if the current user is not a member of a checkpoint access group with privileged access to that path
|
|
60
|
+
require_action_allowed(action, uid) # Halts with 403 if the current user is not allowed by checkpoint to perform this action for that uid
|
|
60
61
|
require_parameters(parameters, *keys) # Halts with 409 if the at least one of the provided keys is not in the params-hash
|
|
61
62
|
|
|
62
63
|
### Testing Sinatra APIs
|
data/lib/pebblebed/sinatra.rb
CHANGED
|
@@ -93,6 +93,15 @@ module Sinatra
|
|
|
93
93
|
halt 403, "Access denied."
|
|
94
94
|
end
|
|
95
95
|
|
|
96
|
+
def require_action_allowed(action, uid)
|
|
97
|
+
require_identity
|
|
98
|
+
uid = ::Pebblebed::Uid.new(uid) if uid.is_a?(String)
|
|
99
|
+
return if current_identity.god and uid.path.split(".")[0] == current_identity.realm
|
|
100
|
+
res = pebbles.checkpoint.get("/callbacks/allowed/#{action}/#{uid}")
|
|
101
|
+
return if res['allowed']
|
|
102
|
+
halt 403, ":#{action} denied for #{uid} : #{res['reason']}"
|
|
103
|
+
end
|
|
104
|
+
|
|
96
105
|
def limit_offset_collection(collection, options)
|
|
97
106
|
limit = (options[:limit] || 20).to_i
|
|
98
107
|
offset = (options[:offset] || 0).to_i
|
data/lib/pebblebed/version.rb
CHANGED
data/spec/sinatra_spec.rb
CHANGED
|
@@ -34,6 +34,11 @@ class TestApp < Sinatra::Base
|
|
|
34
34
|
"You are most powerful"
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
+
post '/create/:uid' do |uid|
|
|
38
|
+
require_action_allowed(:create, uid)
|
|
39
|
+
"You are creative"
|
|
40
|
+
end
|
|
41
|
+
|
|
37
42
|
get '/nonexistant' do
|
|
38
43
|
raise Pebblebed::HttpNotFoundError, "Not found /nonexistant"
|
|
39
44
|
end
|
|
@@ -154,6 +159,49 @@ describe Sinatra::Pebblebed do
|
|
|
154
159
|
end
|
|
155
160
|
end
|
|
156
161
|
|
|
162
|
+
describe "with checkpoint psm2 callbacks" do
|
|
163
|
+
let(:checkpoint) {
|
|
164
|
+
checkpoint = stub
|
|
165
|
+
checkpoint.stub!(:service_url => 'http://example.com')
|
|
166
|
+
checkpoint
|
|
167
|
+
}
|
|
168
|
+
context "as a guest" do
|
|
169
|
+
specify "not allowed" do
|
|
170
|
+
guest!
|
|
171
|
+
post '/create/post.foo:testrealm'
|
|
172
|
+
last_response.status.should == 403
|
|
173
|
+
end
|
|
174
|
+
end
|
|
175
|
+
context "as a god" do
|
|
176
|
+
specify "allowed without callbacks" do
|
|
177
|
+
god!(:session => random_session)
|
|
178
|
+
post '/create/post.foo:testrealm'
|
|
179
|
+
last_response.body.should == "You are creative"
|
|
180
|
+
end
|
|
181
|
+
end
|
|
182
|
+
context "as user without permissions" do
|
|
183
|
+
specify "is disallowed" do
|
|
184
|
+
user!
|
|
185
|
+
checkpoint.should_receive(:get).with("/identities/me").and_return(DeepStruct.wrap(:identity => {:realm => 'testrealm', :id => 1, :god => false}))
|
|
186
|
+
checkpoint.should_receive(:get).with("/callbacks/allowed/create/post.foo:testrealm").and_return(DeepStruct.wrap(:allowed => false, :reason => "You are not worthy!"))
|
|
187
|
+
Pebblebed::Connector.any_instance.stub(:checkpoint => checkpoint)
|
|
188
|
+
post '/create/post.foo:testrealm'
|
|
189
|
+
last_response.status.should == 403
|
|
190
|
+
last_response.body.should == ":create denied for post.foo:testrealm : You are not worthy!"
|
|
191
|
+
end
|
|
192
|
+
end
|
|
193
|
+
context "as user with permissions" do
|
|
194
|
+
specify "is allowed" do
|
|
195
|
+
user!
|
|
196
|
+
checkpoint.should_receive(:get).with("/identities/me").and_return(DeepStruct.wrap(:identity => {:realm => 'testrealm', :id => 1, :god => false}))
|
|
197
|
+
checkpoint.should_receive(:get).with("/callbacks/allowed/create/post.foo:testrealm").and_return(DeepStruct.wrap(:allowed => true))
|
|
198
|
+
Pebblebed::Connector.any_instance.stub(:checkpoint => checkpoint)
|
|
199
|
+
post '/create/post.foo:testrealm'
|
|
200
|
+
last_response.body.should == "You are creative"
|
|
201
|
+
end
|
|
202
|
+
end
|
|
203
|
+
end
|
|
204
|
+
|
|
157
205
|
describe "error handling" do
|
|
158
206
|
before(:each) { guest! }
|
|
159
207
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pebblebed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.44
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -329,7 +329,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
329
329
|
version: '0'
|
|
330
330
|
segments:
|
|
331
331
|
- 0
|
|
332
|
-
hash: -
|
|
332
|
+
hash: -110595815413794395
|
|
333
333
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
334
334
|
none: false
|
|
335
335
|
requirements:
|
|
@@ -338,7 +338,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
338
338
|
version: '0'
|
|
339
339
|
segments:
|
|
340
340
|
- 0
|
|
341
|
-
hash: -
|
|
341
|
+
hash: -110595815413794395
|
|
342
342
|
requirements: []
|
|
343
343
|
rubyforge_project: pebblebed
|
|
344
344
|
rubygems_version: 1.8.25
|