permitter 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (77) hide show
  1. checksums.yaml +7 -0
  2. data/MIT-LICENSE +20 -0
  3. data/README.rdoc +302 -0
  4. data/Rakefile +32 -0
  5. data/lib/generators/permitter/permission/USAGE +5 -0
  6. data/lib/generators/permitter/permission/permission_generator.rb +16 -0
  7. data/lib/generators/permitter/permission/templates/permission.rb +22 -0
  8. data/lib/generators/permitter/permission/templates/permission_spec.rb +17 -0
  9. data/lib/permitter.rb +4 -0
  10. data/lib/permitter/controller_additions.rb +43 -0
  11. data/lib/permitter/exceptions.rb +17 -0
  12. data/lib/permitter/matchers.rb +11 -0
  13. data/lib/permitter/model_additions.rb +30 -0
  14. data/lib/permitter/permission.rb +72 -0
  15. data/lib/permitter/version.rb +3 -0
  16. data/spec/README.rdoc +21 -0
  17. data/spec/controllers/projects_controller_spec.rb +243 -0
  18. data/spec/controllers/users_controller_spec.rb +77 -0
  19. data/spec/dummy/Rakefile +6 -0
  20. data/spec/dummy/app/assets/javascripts/application.js +13 -0
  21. data/spec/dummy/app/assets/stylesheets/application.css +13 -0
  22. data/spec/dummy/app/controllers/application_controller.rb +19 -0
  23. data/spec/dummy/app/controllers/projects_controller.rb +49 -0
  24. data/spec/dummy/app/controllers/users_controller.rb +17 -0
  25. data/spec/dummy/app/helpers/application_helper.rb +2 -0
  26. data/spec/dummy/app/models/permission.rb +26 -0
  27. data/spec/dummy/app/models/project.rb +3 -0
  28. data/spec/dummy/app/models/user.rb +3 -0
  29. data/spec/dummy/app/views/layouts/application.html.erb +14 -0
  30. data/spec/dummy/app/views/projects/edit.html.erb +0 -0
  31. data/spec/dummy/app/views/projects/index.html.erb +0 -0
  32. data/spec/dummy/app/views/projects/new.html.erb +0 -0
  33. data/spec/dummy/app/views/projects/show.html.erb +0 -0
  34. data/spec/dummy/app/views/users/index.html.erb +0 -0
  35. data/spec/dummy/app/views/users/show.html.erb +0 -0
  36. data/spec/dummy/bin/bundle +3 -0
  37. data/spec/dummy/bin/rails +4 -0
  38. data/spec/dummy/bin/rake +4 -0
  39. data/spec/dummy/config.ru +4 -0
  40. data/spec/dummy/config/application.rb +23 -0
  41. data/spec/dummy/config/boot.rb +5 -0
  42. data/spec/dummy/config/database.yml +25 -0
  43. data/spec/dummy/config/environment.rb +5 -0
  44. data/spec/dummy/config/environments/development.rb +29 -0
  45. data/spec/dummy/config/environments/production.rb +80 -0
  46. data/spec/dummy/config/environments/test.rb +36 -0
  47. data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
  48. data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
  49. data/spec/dummy/config/initializers/inflections.rb +16 -0
  50. data/spec/dummy/config/initializers/mime_types.rb +5 -0
  51. data/spec/dummy/config/initializers/secret_token.rb +12 -0
  52. data/spec/dummy/config/initializers/session_store.rb +3 -0
  53. data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
  54. data/spec/dummy/config/locales/en.yml +23 -0
  55. data/spec/dummy/config/routes.rb +59 -0
  56. data/spec/dummy/db/development.sqlite3 +0 -0
  57. data/spec/dummy/db/migrate/20131205175023_create_projects.rb +10 -0
  58. data/spec/dummy/db/migrate/20131205175100_create_users.rb +10 -0
  59. data/spec/dummy/db/migrate/20131210152022_add_columns_to_projects.rb +5 -0
  60. data/spec/dummy/db/schema.rb +31 -0
  61. data/spec/dummy/db/test.sqlite3 +0 -0
  62. data/spec/dummy/log/development.log +825 -0
  63. data/spec/dummy/log/test.log +44662 -0
  64. data/spec/dummy/public/404.html +58 -0
  65. data/spec/dummy/public/422.html +58 -0
  66. data/spec/dummy/public/500.html +57 -0
  67. data/spec/dummy/public/favicon.ico +0 -0
  68. data/spec/factories/project.rb +6 -0
  69. data/spec/factories/user.rb +10 -0
  70. data/spec/models/permission_spec.rb +72 -0
  71. data/spec/permitter/controller_additions_spec.rb +44 -0
  72. data/spec/permitter/exceptions_spec.rb +36 -0
  73. data/spec/permitter/matchers_spec.rb +9 -0
  74. data/spec/permitter/model_additions_spec.rb +138 -0
  75. data/spec/permitter/permission_spec.rb +84 -0
  76. data/spec/spec_helper.rb +32 -0
  77. metadata +278 -0
@@ -0,0 +1,58 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>The page you were looking for doesn't exist (404)</title>
5
+ <style>
6
+ body {
7
+ background-color: #EFEFEF;
8
+ color: #2E2F30;
9
+ text-align: center;
10
+ font-family: arial, sans-serif;
11
+ }
12
+
13
+ div.dialog {
14
+ width: 25em;
15
+ margin: 4em auto 0 auto;
16
+ border: 1px solid #CCC;
17
+ border-right-color: #999;
18
+ border-left-color: #999;
19
+ border-bottom-color: #BBB;
20
+ border-top: #B00100 solid 4px;
21
+ border-top-left-radius: 9px;
22
+ border-top-right-radius: 9px;
23
+ background-color: white;
24
+ padding: 7px 4em 0 4em;
25
+ }
26
+
27
+ h1 {
28
+ font-size: 100%;
29
+ color: #730E15;
30
+ line-height: 1.5em;
31
+ }
32
+
33
+ body > p {
34
+ width: 33em;
35
+ margin: 0 auto 1em;
36
+ padding: 1em 0;
37
+ background-color: #F7F7F7;
38
+ border: 1px solid #CCC;
39
+ border-right-color: #999;
40
+ border-bottom-color: #999;
41
+ border-bottom-left-radius: 4px;
42
+ border-bottom-right-radius: 4px;
43
+ border-top-color: #DADADA;
44
+ color: #666;
45
+ box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
46
+ }
47
+ </style>
48
+ </head>
49
+
50
+ <body>
51
+ <!-- This file lives in public/404.html -->
52
+ <div class="dialog">
53
+ <h1>The page you were looking for doesn't exist.</h1>
54
+ <p>You may have mistyped the address or the page may have moved.</p>
55
+ </div>
56
+ <p>If you are the application owner check the logs for more information.</p>
57
+ </body>
58
+ </html>
@@ -0,0 +1,58 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>The change you wanted was rejected (422)</title>
5
+ <style>
6
+ body {
7
+ background-color: #EFEFEF;
8
+ color: #2E2F30;
9
+ text-align: center;
10
+ font-family: arial, sans-serif;
11
+ }
12
+
13
+ div.dialog {
14
+ width: 25em;
15
+ margin: 4em auto 0 auto;
16
+ border: 1px solid #CCC;
17
+ border-right-color: #999;
18
+ border-left-color: #999;
19
+ border-bottom-color: #BBB;
20
+ border-top: #B00100 solid 4px;
21
+ border-top-left-radius: 9px;
22
+ border-top-right-radius: 9px;
23
+ background-color: white;
24
+ padding: 7px 4em 0 4em;
25
+ }
26
+
27
+ h1 {
28
+ font-size: 100%;
29
+ color: #730E15;
30
+ line-height: 1.5em;
31
+ }
32
+
33
+ body > p {
34
+ width: 33em;
35
+ margin: 0 auto 1em;
36
+ padding: 1em 0;
37
+ background-color: #F7F7F7;
38
+ border: 1px solid #CCC;
39
+ border-right-color: #999;
40
+ border-bottom-color: #999;
41
+ border-bottom-left-radius: 4px;
42
+ border-bottom-right-radius: 4px;
43
+ border-top-color: #DADADA;
44
+ color: #666;
45
+ box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
46
+ }
47
+ </style>
48
+ </head>
49
+
50
+ <body>
51
+ <!-- This file lives in public/422.html -->
52
+ <div class="dialog">
53
+ <h1>The change you wanted was rejected.</h1>
54
+ <p>Maybe you tried to change something you didn't have access to.</p>
55
+ </div>
56
+ <p>If you are the application owner check the logs for more information.</p>
57
+ </body>
58
+ </html>
@@ -0,0 +1,57 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>We're sorry, but something went wrong (500)</title>
5
+ <style>
6
+ body {
7
+ background-color: #EFEFEF;
8
+ color: #2E2F30;
9
+ text-align: center;
10
+ font-family: arial, sans-serif;
11
+ }
12
+
13
+ div.dialog {
14
+ width: 25em;
15
+ margin: 4em auto 0 auto;
16
+ border: 1px solid #CCC;
17
+ border-right-color: #999;
18
+ border-left-color: #999;
19
+ border-bottom-color: #BBB;
20
+ border-top: #B00100 solid 4px;
21
+ border-top-left-radius: 9px;
22
+ border-top-right-radius: 9px;
23
+ background-color: white;
24
+ padding: 7px 4em 0 4em;
25
+ }
26
+
27
+ h1 {
28
+ font-size: 100%;
29
+ color: #730E15;
30
+ line-height: 1.5em;
31
+ }
32
+
33
+ body > p {
34
+ width: 33em;
35
+ margin: 0 auto 1em;
36
+ padding: 1em 0;
37
+ background-color: #F7F7F7;
38
+ border: 1px solid #CCC;
39
+ border-right-color: #999;
40
+ border-bottom-color: #999;
41
+ border-bottom-left-radius: 4px;
42
+ border-bottom-right-radius: 4px;
43
+ border-top-color: #DADADA;
44
+ color: #666;
45
+ box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
46
+ }
47
+ </style>
48
+ </head>
49
+
50
+ <body>
51
+ <!-- This file lives in public/500.html -->
52
+ <div class="dialog">
53
+ <h1>We're sorry, but something went wrong.</h1>
54
+ </div>
55
+ <p>If you are the application owner check the logs for more information.</p>
56
+ </body>
57
+ </html>
File without changes
@@ -0,0 +1,6 @@
1
+ FactoryGirl.define do
2
+ factory :project do
3
+ sequence (:title) { |n| "ti#{n}tle" }
4
+ sticky false
5
+ end
6
+ end
@@ -0,0 +1,10 @@
1
+ FactoryGirl.define do
2
+ factory :user do
3
+ sequence (:username) { |n| "user#{n}name" }
4
+
5
+ factory :admin do
6
+ admin true
7
+ end
8
+
9
+ end
10
+ end
@@ -0,0 +1,72 @@
1
+ require "spec_helper"
2
+
3
+ describe Permission do
4
+ let(:admin) { build(:admin) }
5
+ let(:user1) { create(:user) }
6
+ let(:user2) { create(:user) }
7
+ let(:project1) { build(:project, user: user1) }
8
+ let(:project2) { build(:project, user: user2) }
9
+
10
+
11
+ describe "as admin" do
12
+ subject { Permission.new(admin) }
13
+
14
+ it "allows anything" do
15
+ should allow_action(:anything, :here)
16
+ should allow_param(:anything, :here)
17
+ end
18
+ end
19
+
20
+
21
+ describe "for user" do
22
+ subject { Permission.new(user1) }
23
+
24
+ it "projects" do
25
+ should allow_action(:projects, :index)
26
+ should allow_action(:projects, :new)
27
+ should allow_action(:projects, :create)
28
+ should allow_action(:projects, :show)
29
+ should_not allow_action(:projects, :edit)
30
+ should_not allow_action(:projects, :update)
31
+ should_not allow_action(:projects, :edit, project2)
32
+ should_not allow_action(:projects, :update, project2)
33
+ should allow_action(:projects, :edit, project1)
34
+ should allow_action(:projects, :update, project1)
35
+ should_not allow_action(:projects, :destroy)
36
+ should_not allow_action(:projects, :destroy, project1)
37
+ should_not allow_action(:projects, :destroy, project2)
38
+ should allow_param(:project, :title)
39
+ should_not allow_param(:project, :sticky)
40
+ end
41
+
42
+ it 'users' do
43
+ should allow_action(:users, :index)
44
+ should_not allow_action(:users, :show)
45
+ should_not allow_action(:users, :show, user2)
46
+ should allow_action(:users, :show, user1)
47
+ end
48
+ end
49
+
50
+
51
+ describe "for visitor" do
52
+ subject { Permission.new(nil) }
53
+
54
+ it "projects" do
55
+ should allow_action(:projects, :index)
56
+ should_not allow_action(:projects, :new)
57
+ should_not allow_action(:projects, :create)
58
+ should_not allow_action(:projects, :show)
59
+ should_not allow_action(:projects, :edit)
60
+ should_not allow_action(:projects, :update)
61
+ should_not allow_action(:projects, :destroy)
62
+ should_not allow_action(:projects, :show, project1)
63
+ should_not allow_action(:projects, :edit, project1)
64
+ should_not allow_action(:projects, :update, project1)
65
+ should_not allow_action(:projects, :destroy, project1)
66
+ should_not allow_action(:projects, :show, project2)
67
+ should_not allow_action(:projects, :edit, project2)
68
+ should_not allow_action(:projects, :update, project2)
69
+ should_not allow_action(:projects, :destroy, project2)
70
+ end
71
+ end
72
+ end
@@ -0,0 +1,44 @@
1
+ require "spec_helper"
2
+
3
+ class StubbedPermission
4
+ include Permitter::Permission
5
+
6
+ def initialize(user)
7
+ allow_action :foo, :bar
8
+ end
9
+
10
+ end
11
+
12
+
13
+ describe Permitter::ControllerAdditions do
14
+ before(:each) do
15
+ @params = HashWithIndifferentAccess.new
16
+ @current_user = nil
17
+
18
+ @controller_class = Class.new
19
+ @controller = @controller_class.new
20
+
21
+ @controller.stub(:params) { @params }
22
+ @controller_class.stub(:helper_method) { :helper_method }
23
+ @controller.stub(:current_permissions) { StubbedPermission.new(@current_user) }
24
+
25
+ @controller_class.send(:include, Permitter::ControllerAdditions)
26
+ end
27
+
28
+ it "provides an allowed_action? method which goes through the current permissions" do
29
+ expect(@controller.allowed_action?(:foo, :bar)).to be true
30
+ expect(@controller.allowed_action?(:foo, :baz)).to be false
31
+ end
32
+
33
+ it "authorize_user! should raise Unauthorized when user not authoried" do
34
+ authorization = ->(action) do
35
+ @params.merge!(controller: "foo", action: action)
36
+ @controller.instance_eval{ authorize_user! }
37
+ end
38
+
39
+ expect(-> {authorization.call('bar')}).to_not raise_error
40
+ expect(-> {authorization.call('baz')}).to raise_error Permitter::Unauthorized
41
+ end
42
+
43
+
44
+ end
@@ -0,0 +1,36 @@
1
+ require "spec_helper"
2
+
3
+ describe Permitter::Unauthorized do
4
+ describe "with action and subject" do
5
+ before(:each) do
6
+ @exception = Permitter::Unauthorized.new(nil, :some_action, :some_subject)
7
+ end
8
+
9
+ it "has action and subject accessors" do
10
+ expect(@exception.action).to eq :some_action
11
+ expect(@exception.subject).to eq :some_subject
12
+ end
13
+
14
+ it "has a changable default message" do
15
+ expect(@exception.message).to eq "You are not authorized to access this page."
16
+ @exception.default_message = "Unauthorized!"
17
+ expect(@exception.message).to eq "Unauthorized!"
18
+ end
19
+ end
20
+
21
+ describe "with only a message" do
22
+ before(:each) do
23
+ @exception = Permitter::Unauthorized.new("Access denied!")
24
+ end
25
+
26
+ it "has nil action and subject" do
27
+ expect(@exception.action).to be nil
28
+ expect(@exception.subject).to be nil
29
+ end
30
+
31
+ it "has passed message" do
32
+ expect(@exception.message).to eq "Access denied!"
33
+ end
34
+ end
35
+
36
+ end
@@ -0,0 +1,9 @@
1
+ require "spec_helper"
2
+
3
+ describe "allow_action" do
4
+ it "delegates to allow_action?" do
5
+ object = Object.new
6
+ expect(object).to receive(:allowed_action?).with(:foo, :bar) { true }
7
+ expect(object).to allow_action(:foo, :bar)
8
+ end
9
+ end
@@ -0,0 +1,138 @@
1
+ require "spec_helper"
2
+
3
+ class Category < ActiveRecord::Base
4
+ unless connection.tables.include?(table_name)
5
+ connection.create_table(table_name) do |t|
6
+ t.boolean :visible
7
+ end
8
+ end
9
+ has_many :articles
10
+ end
11
+
12
+ class Article < ActiveRecord::Base
13
+ unless connection.tables.include?(table_name)
14
+ connection.create_table(table_name) do |t|
15
+ t.integer :category_id
16
+ t.string :name
17
+ t.boolean :published
18
+ t.boolean :secret
19
+ t.integer :priority
20
+ end
21
+ end
22
+ belongs_to :category
23
+ has_many :comments
24
+ end
25
+
26
+ class Comment < ActiveRecord::Base
27
+ unless connection.tables.include?(table_name)
28
+ connection.create_table(table_name) do |t|
29
+ t.integer :article_id
30
+ t.boolean :spam
31
+ end
32
+ end
33
+ belongs_to :article
34
+ end
35
+
36
+ describe Permitter::ModelAdditions do
37
+ before do
38
+ Article.delete_all
39
+ Comment.delete_all
40
+
41
+ @permissions = Object.new
42
+ @permissions.extend(Permitter::Permission)
43
+
44
+ @article_table = Article.table_name
45
+ @comment_table = Comment.table_name
46
+ end
47
+
48
+ it "does not fetch any records when no permissions are defined" do
49
+ Article.create!
50
+
51
+ expect(Article.permitted_by(@permissions)).to be_empty
52
+ end
53
+
54
+ it "fetches all articles when one can read all" do
55
+ @permissions.allow_action(:articles, :show)
56
+
57
+ article1 = Article.create!
58
+ article2 = Article.create!
59
+
60
+ expect(@permissions).to allow_action(:articles, :show)
61
+ expect(Article.permitted_by(@permissions)).to eq([article1, article2])
62
+ end
63
+
64
+ it "fetches only the articles that are published" do
65
+ block = Proc.new { |article| article.published == true }
66
+
67
+ @permissions.allow_action(:articles, :show, &block)
68
+
69
+ article1 = Article.create!(published: true)
70
+ article2 = Article.create!(published: false)
71
+
72
+ expect(@permissions).to allow_action(:articles, :show, article1)
73
+ expect(@permissions).to_not allow_action(:articles, :show, article2)
74
+ expect(Article.permitted_by(@permissions)).to eq([article1])
75
+ end
76
+
77
+ it "fetches any articles which are published or secret" do
78
+ block = Proc.new { |article| (article.published == true) | (article.secret == true) }
79
+
80
+ @permissions.allow_action(:articles, :show, &block)
81
+
82
+ article1 = Article.create!(published: true, secret: false)
83
+ article2 = Article.create!(published: true, secret: true)
84
+ article3 = Article.create!(published: false, secret: true)
85
+ article4 = Article.create!(published: false, secret: false)
86
+
87
+ expect(@permissions).to allow_action(:articles, :show, article1)
88
+ expect(@permissions).to allow_action(:articles, :show, article2)
89
+ expect(@permissions).to allow_action(:articles, :show, article3)
90
+ expect(@permissions).to_not allow_action(:articles, :show, article4)
91
+ expect(Article.permitted_by(@permissions)).to eq([article1, article2, article3])
92
+ end
93
+
94
+ it "fetches only the articles that are published and not secret" do
95
+ block = Proc.new { |article| (article.published == true) & (article.secret == false) }
96
+
97
+ @permissions.allow_action(:articles, :show, &block)
98
+
99
+ article1 = Article.create!(published: true, secret: false)
100
+ article2 = Article.create!(published: true, secret: true)
101
+ article3 = Article.create!(published: false, secret: true)
102
+ article4 = Article.create!(published: false, secret: false)
103
+
104
+ expect(@permissions).to allow_action(:articles, :show, article1)
105
+ expect(@permissions).to_not allow_action(:articles, :show, article2)
106
+ expect(@permissions).to_not allow_action(:articles, :show, article3)
107
+ expect(@permissions).to_not allow_action(:articles, :show, article4)
108
+ expect(Article.permitted_by(@permissions)).to eq([article1])
109
+ end
110
+
111
+ it "only reads comments for articles which are published" do
112
+ block = Proc.new { article.published == true }
113
+
114
+ @permissions.allow_action(:comments, :permitted, &block)
115
+
116
+ comment1 = Comment.create!(article: Article.create!(published: true))
117
+ comment2 = Comment.create!(article: Article.create!(published: false))
118
+
119
+ @comments = Comment.joins(:article).permitted_by(@permissions, :permitted)
120
+ expect(@comments).to eq([comment1])
121
+
122
+ @comments = Comment.joins{article}.permitted_by(@permissions, :permitted)
123
+ expect(@comments).to eq([comment1])
124
+ end
125
+
126
+ it "only reads comments for visible categories through articles" do
127
+ block = Proc.new { article.category.visible == true }
128
+
129
+ @permissions.allow_action(:comments, :permitted, &block)
130
+
131
+ comment1 = Comment.create!(article: Article.create!(category: Category.create!(visible: true)))
132
+ comment2 = Comment.create!(article: Article.create!(category: Category.create!(visible: false)))
133
+
134
+ @comments = Comment.joins{article.category}.permitted_by(@permissions, :permitted)
135
+ expect(@comments).to eq([comment1])
136
+ end
137
+
138
+ end