pebblebed 0.0.43 → 0.0.44
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +1 -0
- data/lib/pebblebed/sinatra.rb +9 -0
- data/lib/pebblebed/version.rb +1 -1
- data/spec/sinatra_spec.rb +48 -0
- metadata +3 -3
data/README.md
CHANGED
|
@@ -57,6 +57,7 @@ Other helper methods provided by this extension:
|
|
|
57
57
|
require_identity # Halts with 403 if there is no current user
|
|
58
58
|
require_god # Halts with 403 if the current user is not a god
|
|
59
59
|
require_access_to_path(path) # Halts with 403 if the current user is not a member of a checkpoint access group with privileged access to that path
|
|
60
|
+
require_action_allowed(action, uid) # Halts with 403 if the current user is not allowed by checkpoint to perform this action for that uid
|
|
60
61
|
require_parameters(parameters, *keys) # Halts with 409 if the at least one of the provided keys is not in the params-hash
|
|
61
62
|
|
|
62
63
|
### Testing Sinatra APIs
|
data/lib/pebblebed/sinatra.rb
CHANGED
|
@@ -93,6 +93,15 @@ module Sinatra
|
|
|
93
93
|
halt 403, "Access denied."
|
|
94
94
|
end
|
|
95
95
|
|
|
96
|
+
def require_action_allowed(action, uid)
|
|
97
|
+
require_identity
|
|
98
|
+
uid = ::Pebblebed::Uid.new(uid) if uid.is_a?(String)
|
|
99
|
+
return if current_identity.god and uid.path.split(".")[0] == current_identity.realm
|
|
100
|
+
res = pebbles.checkpoint.get("/callbacks/allowed/#{action}/#{uid}")
|
|
101
|
+
return if res['allowed']
|
|
102
|
+
halt 403, ":#{action} denied for #{uid} : #{res['reason']}"
|
|
103
|
+
end
|
|
104
|
+
|
|
96
105
|
def limit_offset_collection(collection, options)
|
|
97
106
|
limit = (options[:limit] || 20).to_i
|
|
98
107
|
offset = (options[:offset] || 0).to_i
|
data/lib/pebblebed/version.rb
CHANGED
data/spec/sinatra_spec.rb
CHANGED
|
@@ -34,6 +34,11 @@ class TestApp < Sinatra::Base
|
|
|
34
34
|
"You are most powerful"
|
|
35
35
|
end
|
|
36
36
|
|
|
37
|
+
post '/create/:uid' do |uid|
|
|
38
|
+
require_action_allowed(:create, uid)
|
|
39
|
+
"You are creative"
|
|
40
|
+
end
|
|
41
|
+
|
|
37
42
|
get '/nonexistant' do
|
|
38
43
|
raise Pebblebed::HttpNotFoundError, "Not found /nonexistant"
|
|
39
44
|
end
|
|
@@ -154,6 +159,49 @@ describe Sinatra::Pebblebed do
|
|
|
154
159
|
end
|
|
155
160
|
end
|
|
156
161
|
|
|
162
|
+
describe "with checkpoint psm2 callbacks" do
|
|
163
|
+
let(:checkpoint) {
|
|
164
|
+
checkpoint = stub
|
|
165
|
+
checkpoint.stub!(:service_url => 'http://example.com')
|
|
166
|
+
checkpoint
|
|
167
|
+
}
|
|
168
|
+
context "as a guest" do
|
|
169
|
+
specify "not allowed" do
|
|
170
|
+
guest!
|
|
171
|
+
post '/create/post.foo:testrealm'
|
|
172
|
+
last_response.status.should == 403
|
|
173
|
+
end
|
|
174
|
+
end
|
|
175
|
+
context "as a god" do
|
|
176
|
+
specify "allowed without callbacks" do
|
|
177
|
+
god!(:session => random_session)
|
|
178
|
+
post '/create/post.foo:testrealm'
|
|
179
|
+
last_response.body.should == "You are creative"
|
|
180
|
+
end
|
|
181
|
+
end
|
|
182
|
+
context "as user without permissions" do
|
|
183
|
+
specify "is disallowed" do
|
|
184
|
+
user!
|
|
185
|
+
checkpoint.should_receive(:get).with("/identities/me").and_return(DeepStruct.wrap(:identity => {:realm => 'testrealm', :id => 1, :god => false}))
|
|
186
|
+
checkpoint.should_receive(:get).with("/callbacks/allowed/create/post.foo:testrealm").and_return(DeepStruct.wrap(:allowed => false, :reason => "You are not worthy!"))
|
|
187
|
+
Pebblebed::Connector.any_instance.stub(:checkpoint => checkpoint)
|
|
188
|
+
post '/create/post.foo:testrealm'
|
|
189
|
+
last_response.status.should == 403
|
|
190
|
+
last_response.body.should == ":create denied for post.foo:testrealm : You are not worthy!"
|
|
191
|
+
end
|
|
192
|
+
end
|
|
193
|
+
context "as user with permissions" do
|
|
194
|
+
specify "is allowed" do
|
|
195
|
+
user!
|
|
196
|
+
checkpoint.should_receive(:get).with("/identities/me").and_return(DeepStruct.wrap(:identity => {:realm => 'testrealm', :id => 1, :god => false}))
|
|
197
|
+
checkpoint.should_receive(:get).with("/callbacks/allowed/create/post.foo:testrealm").and_return(DeepStruct.wrap(:allowed => true))
|
|
198
|
+
Pebblebed::Connector.any_instance.stub(:checkpoint => checkpoint)
|
|
199
|
+
post '/create/post.foo:testrealm'
|
|
200
|
+
last_response.body.should == "You are creative"
|
|
201
|
+
end
|
|
202
|
+
end
|
|
203
|
+
end
|
|
204
|
+
|
|
157
205
|
describe "error handling" do
|
|
158
206
|
before(:each) { guest! }
|
|
159
207
|
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pebblebed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.44
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -329,7 +329,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
329
329
|
version: '0'
|
|
330
330
|
segments:
|
|
331
331
|
- 0
|
|
332
|
-
hash: -
|
|
332
|
+
hash: -110595815413794395
|
|
333
333
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
334
334
|
none: false
|
|
335
335
|
requirements:
|
|
@@ -338,7 +338,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
338
338
|
version: '0'
|
|
339
339
|
segments:
|
|
340
340
|
- 0
|
|
341
|
-
hash: -
|
|
341
|
+
hash: -110595815413794395
|
|
342
342
|
requirements: []
|
|
343
343
|
rubyforge_project: pebblebed
|
|
344
344
|
rubygems_version: 1.8.25
|