permissive 0.0.1 → 0.2.0.alpha
Sign up to get free protection for your applications and to get access to all the features.
- data/.gemspec +19 -1
- data/.gitignore +3 -1
- data/CHANGELOG +0 -0
- data/README.markdown +37 -29
- data/Rakefile +2 -2
- data/VERSION +1 -1
- data/generators/permissive_migration/templates/permissive_migration.rb +0 -2
- data/lib/permissive.rb +14 -12
- data/lib/permissive/errors.rb +4 -0
- data/lib/permissive/has_permissions.rb +153 -0
- data/lib/permissive/permission.rb +12 -30
- data/lib/permissive/permission_definition.rb +94 -0
- data/spec/has_permissions_spec.rb +326 -0
- data/spec/rcov.opts +2 -1
- data/spec/spec_helper.rb +2 -22
- metadata +23 -16
- data/README.markdown.html +0 -191
- data/lib/permissive/acts_as_permissive.rb +0 -134
- data/lib/permissive/permissions.rb +0 -29
- data/spec/acts_as_permissive_spec.rb +0 -192
- data/spec/permissions_spec.rb +0 -44
@@ -0,0 +1,326 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), 'spec_helper')
|
2
|
+
|
3
|
+
# Setup some basic models to test with. We'll set permissions on both,
|
4
|
+
# and then test :scope'd permissions through both.
|
5
|
+
class Permissive::Organization < ActiveRecord::Base
|
6
|
+
set_table_name :permissive_organizations
|
7
|
+
end
|
8
|
+
|
9
|
+
class Permissive::User < ActiveRecord::Base
|
10
|
+
set_table_name :permissive_users
|
11
|
+
end
|
12
|
+
|
13
|
+
describe Permissive::Permission do
|
14
|
+
before :each do
|
15
|
+
PermissiveSpecHelper.db_up
|
16
|
+
end
|
17
|
+
|
18
|
+
describe "`has_permissions' default class method" do
|
19
|
+
[Permissive::User, Permissive::Organization].each do |model|
|
20
|
+
before :each do
|
21
|
+
model.has_permissions do
|
22
|
+
on :organizations
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
describe model do
|
27
|
+
it "should create a permissions reflection" do
|
28
|
+
model.new.should respond_to(:permissions)
|
29
|
+
end
|
30
|
+
|
31
|
+
it "should create a `can?' method" do
|
32
|
+
model.new.should respond_to(:can?)
|
33
|
+
end
|
34
|
+
|
35
|
+
it "should create a `revoke' method" do
|
36
|
+
model.new.should respond_to(:revoke)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
describe "permissions definitions" do
|
43
|
+
it "should require Numeric permissions" do
|
44
|
+
lambda {
|
45
|
+
Permissive::User.has_permissions { to :dance_on_the_rooftops, "Dance, bitches!" }
|
46
|
+
}.should raise_error(Permissive::PermissionError)
|
47
|
+
end
|
48
|
+
|
49
|
+
it "should allow me to scope permissions inside the block" do
|
50
|
+
Permissive::Organization.has_permissions do
|
51
|
+
to :hire_employees, 0
|
52
|
+
to :fire_employees, 1
|
53
|
+
|
54
|
+
on :users do
|
55
|
+
to :hire, 0
|
56
|
+
to :fire, 1
|
57
|
+
end
|
58
|
+
end
|
59
|
+
# Ew, lots of assertions here...
|
60
|
+
Permissive::Organization.permissions[:global].permissions.should have_key(:hire_employees)
|
61
|
+
Permissive::Organization.permissions[:global].permissions.should have_key(:fire_employees)
|
62
|
+
Permissive::Organization.permissions[:global].permissions.should_not have_key(:hire)
|
63
|
+
Permissive::Organization.permissions[:global].permissions.should_not have_key(:fire)
|
64
|
+
|
65
|
+
Permissive::Organization.permissions[:permissive_users].permissions.should have_key(:hire)
|
66
|
+
Permissive::Organization.permissions[:permissive_users].permissions.should have_key(:fire)
|
67
|
+
Permissive::Organization.permissions[:permissive_users].permissions.should_not have_key(:hire_employees)
|
68
|
+
Permissive::Organization.permissions[:permissive_users].permissions.should_not have_key(:fire_employees)
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
describe "permissions checking" do
|
73
|
+
before :each do
|
74
|
+
Permissive::User.has_permissions do
|
75
|
+
to :manage_games, 0
|
76
|
+
to :control_rides, 1
|
77
|
+
to :punch, 2
|
78
|
+
end
|
79
|
+
@user = Permissive::User.create
|
80
|
+
end
|
81
|
+
|
82
|
+
it "should allow permissions checks through the `can?' method" do
|
83
|
+
@user.can?(:manage_games).should be_false
|
84
|
+
end
|
85
|
+
|
86
|
+
it "should respond to the `can!' method" do
|
87
|
+
@user.should respond_to(:can!)
|
88
|
+
end
|
89
|
+
|
90
|
+
it "should allow permissions setting through the `can!' method" do
|
91
|
+
count = @user.permissions.count
|
92
|
+
@user.can!(:manage_games)
|
93
|
+
@user.permissions.count.should == count.next
|
94
|
+
end
|
95
|
+
|
96
|
+
it "should return correct permissions through the `can?' method" do
|
97
|
+
@user.can!(:manage_games)
|
98
|
+
@user.can?(:manage_games).should be_true
|
99
|
+
@user.can?(:control_rides).should be_false
|
100
|
+
@user.can?(:punch).should be_false
|
101
|
+
end
|
102
|
+
|
103
|
+
it "should return correct permissions on multiple requests" do
|
104
|
+
@user.can!(:manage_games)
|
105
|
+
@user.can!(:control_rides)
|
106
|
+
@user.can?(:manage_games, :control_rides).should be_true
|
107
|
+
@user.can?(:manage_games, :punch).should be_false
|
108
|
+
@user.can?(:control_rides, :punch).should be_false
|
109
|
+
@user.can?(:manage_games, :control_rides, :punch).should be_false
|
110
|
+
end
|
111
|
+
|
112
|
+
it "should revoke the correct permissions through the `revoke' method" do
|
113
|
+
@user.can!(:manage_games, :control_rides)
|
114
|
+
@user.can?(:manage_games).should be_true
|
115
|
+
@user.can?(:control_rides).should be_true
|
116
|
+
@user.revoke(:control_rides)
|
117
|
+
@user.can?(:control_rides).should be_false
|
118
|
+
@user.can?(:manage_games).should be_true
|
119
|
+
end
|
120
|
+
|
121
|
+
it "should revoke the full permissions through the `revoke' method w/an :all argument" do
|
122
|
+
@user.can!(:manage_games, :control_rides)
|
123
|
+
@user.can?(:manage_games).should be_true
|
124
|
+
@user.can?(:control_rides).should be_true
|
125
|
+
@user.revoke(:all)
|
126
|
+
@user.can?(:manage_games).should be_false
|
127
|
+
@user.can?(:control_rides).should be_false
|
128
|
+
end
|
129
|
+
|
130
|
+
it "should support a :reset option" do
|
131
|
+
@user.can!(:manage_games, :control_rides)
|
132
|
+
@user.can?(:manage_games).should be_true
|
133
|
+
@user.can!(:punch, :reset => true)
|
134
|
+
@user.can?(:manage_games).should_not be_true
|
135
|
+
@user.can?(:punch).should be_true
|
136
|
+
end
|
137
|
+
end
|
138
|
+
|
139
|
+
describe "scoped permissions" do
|
140
|
+
before :each do
|
141
|
+
Permissive::User.has_permissions(:on => :organizations) do
|
142
|
+
to :manage_games, 0
|
143
|
+
to :control_rides, 1
|
144
|
+
|
145
|
+
on :users do
|
146
|
+
to :punch, 2
|
147
|
+
end
|
148
|
+
end
|
149
|
+
@user = Permissive::User.create
|
150
|
+
@organization = Permissive::Organization.create
|
151
|
+
end
|
152
|
+
|
153
|
+
it "should allow scoped permissions checks through the `can?' method" do
|
154
|
+
@user.can?(:manage_games, :on => @organization).should be_false
|
155
|
+
end
|
156
|
+
|
157
|
+
describe "on instances" do
|
158
|
+
it "should return correct permissions through a scoped `can?' method" do
|
159
|
+
@user.can!(:manage_games, :on => @organization)
|
160
|
+
@user.can?(:manage_games, :on => @organization).should be_true
|
161
|
+
end
|
162
|
+
|
163
|
+
it "should not respond to generic permissions on scoped permissions" do
|
164
|
+
@user.can!(:manage_games, :on => @organization)
|
165
|
+
@user.can?(:manage_games).should be_false
|
166
|
+
@user.can?(:manage_games, :on => @organization).should be_true
|
167
|
+
end
|
168
|
+
|
169
|
+
it "should revoke the correct permissions through the `revoke' method" do
|
170
|
+
@user.can!(:manage_games, :control_rides, :on => @organization)
|
171
|
+
@user.can?(:manage_games, :on => @organization).should be_true
|
172
|
+
@user.can?(:control_rides, :on => @organization).should be_true
|
173
|
+
@user.revoke(:manage_games, :on => @organization)
|
174
|
+
@user.can?(:manage_games, :on => @organization).should be_false
|
175
|
+
@user.can?(:control_rides, :on => @organization).should be_true
|
176
|
+
end
|
177
|
+
|
178
|
+
it "should revoke the full permissions through the `revoke' method w/an :all argument" do
|
179
|
+
@user.can!(:punch)
|
180
|
+
@user.can!(:manage_games, :control_rides, :on => @organization)
|
181
|
+
@user.can?(:manage_games, :on => @organization).should be_true
|
182
|
+
@user.can?(:control_rides, :on => @organization).should be_true
|
183
|
+
@user.can?(:punch).should be_true
|
184
|
+
@user.revoke(:all, :on => @organization)
|
185
|
+
!@user.can?(:manage_games, :on => @organization).should be_false
|
186
|
+
!@user.can?(:control_rides, :on => @organization).should be_false
|
187
|
+
@user.can?(:punch).should be_true
|
188
|
+
end
|
189
|
+
end
|
190
|
+
|
191
|
+
describe "on classes" do
|
192
|
+
it "should ignore instance-specific permissions" do
|
193
|
+
@user.can!(:punch, :on => Permissive::User)
|
194
|
+
@user.can?(:punch, :on => Permissive::User).should be_true
|
195
|
+
@user.can?(:punch, :on => Permissive::User.create).should be_false
|
196
|
+
end
|
197
|
+
|
198
|
+
it "should interpolate symbols" do
|
199
|
+
@user.can!(:punch, :on => :users)
|
200
|
+
@user.can?(:punch, :on => Permissive::User).should be_true
|
201
|
+
end
|
202
|
+
|
203
|
+
it "should interpolate strings" do
|
204
|
+
@user.can!(:punch, :on => 'users')
|
205
|
+
@user.can?(:punch, :on => Permissive::User).should be_true
|
206
|
+
end
|
207
|
+
|
208
|
+
it "should forget strings if a corresponding class doesn't exist" do
|
209
|
+
Permissive::User.has_permissions(:on => :foobar) { to :punch, 0 }
|
210
|
+
@user.can!(:punch, :on => :foobar)
|
211
|
+
@user.can?(:punch, :on => :foobar).should be_true
|
212
|
+
end
|
213
|
+
|
214
|
+
it "should probably work with non-namespaced models, since those are standard these days" do
|
215
|
+
class PermissiveUser < ActiveRecord::Base
|
216
|
+
has_permissions do
|
217
|
+
to :do_stuff, 0
|
218
|
+
to :be_lazy, 1
|
219
|
+
|
220
|
+
on Permissive::Organization do
|
221
|
+
to :dance, 0
|
222
|
+
to :sing, 1
|
223
|
+
end
|
224
|
+
end
|
225
|
+
end
|
226
|
+
|
227
|
+
user = PermissiveUser.create
|
228
|
+
user.can!(:do_stuff)
|
229
|
+
user.can?(:do_stuff).should be_true
|
230
|
+
|
231
|
+
user.can!(:dance, :on => Permissive::Organization)
|
232
|
+
user.can?(:dance, :on => Permissive::Organization).should be_true
|
233
|
+
end
|
234
|
+
end
|
235
|
+
end
|
236
|
+
|
237
|
+
describe "automatic method creation" do
|
238
|
+
before :each do
|
239
|
+
Permissive::User.has_permissions(:on => :organizations)
|
240
|
+
@user = Permissive::User.create
|
241
|
+
@organization = Permissive::Organization.create
|
242
|
+
@user.can!(:control_rides)
|
243
|
+
@user.can!(:punch)
|
244
|
+
@user.can!(:manage_games, :on => @organization)
|
245
|
+
end
|
246
|
+
|
247
|
+
it "should not respond to invalid permission methods" do
|
248
|
+
lambda {
|
249
|
+
@user.can_control_rides_fu?
|
250
|
+
}.should raise_error(NoMethodError)
|
251
|
+
end
|
252
|
+
|
253
|
+
it "should cache chained methods" do
|
254
|
+
@user.respond_to?(:can_control_rides_and_manage_games?).should be_false
|
255
|
+
@user.can_control_rides_and_manage_games?.should be_false
|
256
|
+
@user.should respond_to(:can_control_rides_and_manage_games?)
|
257
|
+
end
|
258
|
+
|
259
|
+
it "should respond to valid permission methods" do
|
260
|
+
@user.can_control_rides?.should be_true
|
261
|
+
@user.can_punch?.should be_true
|
262
|
+
@user.can_manage_games?.should be_false
|
263
|
+
end
|
264
|
+
|
265
|
+
it "should respond to chained permission methods" do
|
266
|
+
@user.can_control_rides_and_punch?.should be_true
|
267
|
+
@user.can_control_rides_and_manage_games?.should be_false
|
268
|
+
end
|
269
|
+
|
270
|
+
it "should respond to scoped permission methods" do
|
271
|
+
@user.can_manage_games_on?(@organization).should be_true
|
272
|
+
@user.can_punch?(@organization).should be_false
|
273
|
+
['control_rides', 'punch'].each do |permission|
|
274
|
+
@user.send("can_#{permission}_on?", @organization).should be_false
|
275
|
+
end
|
276
|
+
end
|
277
|
+
|
278
|
+
describe "for setting permissions" do
|
279
|
+
it "should return the permission" do
|
280
|
+
@user.can_manage_games!.should be_instance_of Permissive::Permission
|
281
|
+
@user.can_manage_games?.should be_true
|
282
|
+
end
|
283
|
+
|
284
|
+
it "should support scoping" do
|
285
|
+
@user.can_manage_games_in!(@organization).should be_instance_of Permissive::Permission
|
286
|
+
@user.can_manage_games?.should be_false
|
287
|
+
@user.can_manage_games_in?(@organization).should be_true
|
288
|
+
end
|
289
|
+
end
|
290
|
+
end
|
291
|
+
|
292
|
+
describe "roles" do
|
293
|
+
|
294
|
+
before :each do
|
295
|
+
Permissive::User.has_permissions do
|
296
|
+
to :hire_employees, 0
|
297
|
+
to :manage_games, 1
|
298
|
+
to :control_rides, 2
|
299
|
+
|
300
|
+
role :games do
|
301
|
+
can :manage_games
|
302
|
+
end
|
303
|
+
|
304
|
+
role :rides do
|
305
|
+
can :control_rides
|
306
|
+
end
|
307
|
+
end
|
308
|
+
end
|
309
|
+
|
310
|
+
it "should provide a `roles` hash" do
|
311
|
+
Permissive::User.permissions[:global].roles[:games].should == [:manage_games]
|
312
|
+
Permissive::User.permissions[:global].roles[:rides].should == [:control_rides]
|
313
|
+
end
|
314
|
+
|
315
|
+
it "should allow me to assign a role" do
|
316
|
+
@james = Permissive::User.create!
|
317
|
+
@james.should respond_to(:role=)
|
318
|
+
@james.role = 'rides'
|
319
|
+
@james.can_control_rides?.should be_true
|
320
|
+
@james.can_manage_games?.should be_false
|
321
|
+
end
|
322
|
+
|
323
|
+
end
|
324
|
+
end
|
325
|
+
|
326
|
+
PermissiveSpecHelper.clear_log
|
data/spec/rcov.opts
CHANGED
data/spec/spec_helper.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
require 'rubygems'
|
2
|
-
require '
|
2
|
+
require 'active_record'
|
3
3
|
require 'permissive'
|
4
4
|
|
5
5
|
module PermissiveSpecHelper
|
@@ -9,13 +9,8 @@ module PermissiveSpecHelper
|
|
9
9
|
end
|
10
10
|
end
|
11
11
|
|
12
|
-
def self.db_down
|
13
|
-
File.unlink(db) if File.exists?(db)
|
14
|
-
end
|
15
|
-
|
16
12
|
def self.db_up
|
17
|
-
|
18
|
-
ActiveRecord::Base.establish_connection({:adapter => 'sqlite3', :database => db, :pool => 5, :timeout => 5000})
|
13
|
+
ActiveRecord::Base.establish_connection({:adapter => 'sqlite3', :database => ':memory:', :pool => 5, :timeout => 5000})
|
19
14
|
silence_stream(STDOUT) do
|
20
15
|
ActiveRecord::Schema.define do
|
21
16
|
create_table :permissive_users, :force => true do |t|
|
@@ -30,7 +25,6 @@ module PermissiveSpecHelper
|
|
30
25
|
t.integer :scoped_object_id
|
31
26
|
t.string :scoped_object_type, :limit => 32
|
32
27
|
t.integer :mask, :default => 0
|
33
|
-
t.integer :grant_mask, :default => 0
|
34
28
|
end
|
35
29
|
end
|
36
30
|
end
|
@@ -39,20 +33,6 @@ module PermissiveSpecHelper
|
|
39
33
|
def self.log_path
|
40
34
|
File.join(File.dirname(__FILE__), 'spec.log')
|
41
35
|
end
|
42
|
-
|
43
|
-
private
|
44
|
-
def self.db
|
45
|
-
@@db ||= File.expand_path(File.join(File.dirname(__FILE__), 'test.sqlite3'))
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
# Setup some test permissions
|
50
|
-
module Permissive::Permissions
|
51
|
-
FINALIZE_LAB_SELECTION_LIST = 0
|
52
|
-
SEARCH_APPLICANTS = 1
|
53
|
-
CREATE_BASIC_USER = 2
|
54
|
-
VIEW_USERS = 3
|
55
|
-
VIEW_BUDGET_REPORT = 4
|
56
36
|
end
|
57
37
|
|
58
38
|
# Setup the logging
|
metadata
CHANGED
@@ -1,16 +1,21 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: permissive
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
|
4
|
+
prerelease: true
|
5
|
+
segments:
|
6
|
+
- 0
|
7
|
+
- 2
|
8
|
+
- 0
|
9
|
+
- alpha
|
10
|
+
version: 0.2.0.alpha
|
5
11
|
platform: ruby
|
6
12
|
authors:
|
7
13
|
- Flip Sasser
|
8
|
-
- Simon Parsons
|
9
14
|
autorequire:
|
10
15
|
bindir: bin
|
11
16
|
cert_chain: []
|
12
17
|
|
13
|
-
date:
|
18
|
+
date: 2010-04-19 00:00:00 -04:00
|
14
19
|
default_executable:
|
15
20
|
dependencies: []
|
16
21
|
|
@@ -26,10 +31,10 @@ extensions: []
|
|
26
31
|
|
27
32
|
extra_rdoc_files:
|
28
33
|
- README.markdown
|
29
|
-
- README.markdown.html
|
30
34
|
files:
|
31
35
|
- .gemspec
|
32
36
|
- .gitignore
|
37
|
+
- CHANGELOG
|
33
38
|
- MIT-LICENSE
|
34
39
|
- README.markdown
|
35
40
|
- Rakefile
|
@@ -38,16 +43,15 @@ files:
|
|
38
43
|
- generators/permissive_migration/permissive_migration_generator.rb
|
39
44
|
- generators/permissive_migration/templates/permissive_migration.rb
|
40
45
|
- lib/permissive.rb
|
41
|
-
- lib/permissive/
|
46
|
+
- lib/permissive/errors.rb
|
47
|
+
- lib/permissive/has_permissions.rb
|
42
48
|
- lib/permissive/permission.rb
|
43
|
-
- lib/permissive/
|
49
|
+
- lib/permissive/permission_definition.rb
|
44
50
|
- rails/init.rb
|
45
|
-
- spec/
|
46
|
-
- spec/permissions_spec.rb
|
51
|
+
- spec/has_permissions_spec.rb
|
47
52
|
- spec/rcov.opts
|
48
53
|
- spec/spec.opts
|
49
54
|
- spec/spec_helper.rb
|
50
|
-
- README.markdown.html
|
51
55
|
has_rdoc: true
|
52
56
|
homepage: http://github.com/flipsasser/permissive
|
53
57
|
licenses: []
|
@@ -61,22 +65,25 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
61
65
|
requirements:
|
62
66
|
- - ">="
|
63
67
|
- !ruby/object:Gem::Version
|
68
|
+
segments:
|
69
|
+
- 0
|
64
70
|
version: "0"
|
65
|
-
version:
|
66
71
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
67
72
|
requirements:
|
68
|
-
- - "
|
73
|
+
- - ">"
|
69
74
|
- !ruby/object:Gem::Version
|
70
|
-
|
71
|
-
|
75
|
+
segments:
|
76
|
+
- 1
|
77
|
+
- 3
|
78
|
+
- 1
|
79
|
+
version: 1.3.1
|
72
80
|
requirements: []
|
73
81
|
|
74
82
|
rubyforge_project:
|
75
|
-
rubygems_version: 1.3.
|
83
|
+
rubygems_version: 1.3.6
|
76
84
|
signing_key:
|
77
85
|
specification_version: 3
|
78
86
|
summary: Permissive gives your ActiveRecord models granular permission support
|
79
87
|
test_files:
|
80
|
-
- spec/
|
81
|
-
- spec/permissions_spec.rb
|
88
|
+
- spec/has_permissions_spec.rb
|
82
89
|
- spec/spec_helper.rb
|