rails-acu 3.0.8 → 4.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/.travis.yml +4 -3
- data/Gemfile +2 -2
- data/Gemfile.lock +102 -80
- data/README.md +10 -7
- data/lib/acu/helpers/helpers.rb +0 -0
- data/lib/acu/monitor.rb +39 -25
- data/lib/acu/utilities.rb +0 -0
- data/lib/acu/version.rb +1 -1
- data/lib/generators/templates/rules.rb +4 -4
- data/rails-acu.gemspec +1 -1
- data/spec/dummy/app/assets/javascripts/admin/booking/chats.js +0 -0
- data/spec/dummy/app/assets/javascripts/admin/booking/lists.js +0 -0
- data/spec/dummy/app/assets/stylesheets/admin/booking/chats.css +0 -0
- data/spec/dummy/app/assets/stylesheets/admin/booking/lists.css +0 -0
- data/spec/dummy/app/controllers/admin/booking/chats_controller.rb +0 -0
- data/spec/dummy/app/controllers/admin/booking/lists_controller.rb +0 -0
- data/spec/dummy/app/helpers/admin/booking/chats_helper.rb +0 -0
- data/spec/dummy/app/helpers/admin/booking/lists_helper.rb +0 -0
- data/spec/dummy/app/models/admin/booking.rb +0 -0
- data/spec/dummy/app/models/admin/booking/chat.rb +0 -0
- data/spec/dummy/app/models/admin/booking/list.rb +0 -0
- data/spec/dummy/app/views/admin/booking/chats/_form.html.erb +0 -0
- data/spec/dummy/app/views/admin/booking/chats/edit.html.erb +0 -0
- data/spec/dummy/app/views/admin/booking/chats/index.html.erb +0 -0
- data/spec/dummy/app/views/admin/booking/chats/new.html.erb +0 -0
- data/spec/dummy/app/views/admin/booking/chats/show.html.erb +0 -0
- data/spec/dummy/app/views/admin/booking/lists/_form.html.erb +0 -0
- data/spec/dummy/app/views/admin/booking/lists/edit.html.erb +0 -0
- data/spec/dummy/app/views/admin/booking/lists/index.html.erb +0 -0
- data/spec/dummy/app/views/admin/booking/lists/new.html.erb +0 -0
- data/spec/dummy/app/views/admin/booking/lists/show.html.erb +0 -0
- data/spec/dummy/config/initializers/acu_rules.rb +6 -6
- data/spec/dummy/config/initializers/new_framework_defaults.rb +0 -3
- data/spec/dummy/config/routes.rb +0 -0
- data/spec/dummy/db/migrate/20170506054319_create_admin_booking_lists.rb +0 -0
- data/spec/dummy/db/migrate/20170506081928_create_admin_booking_chats.rb +0 -0
- data/spec/dummy/db/schema.rb +0 -0
- data/spec/dummy/db/seeds.rb +26 -24
- data/spec/dummy/spec/controllers/admin/booking/chats_controller_spec.rb +0 -0
- data/spec/dummy/spec/controllers/admin/booking/lists_controller_spec.rb +2 -2
- data/spec/dummy/spec/controllers/admin/manage_controller_spec.rb +3 -3
- data/spec/dummy/spec/controllers/home_controller_spec.rb +93 -73
- metadata +11 -12
data/lib/acu/utilities.rb
CHANGED
|
File without changes
|
data/lib/acu/version.rb
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
# This is an examble, modify it as well
|
|
2
2
|
Acu::Rules.define do
|
|
3
3
|
# anyone makes a request could be count as everyone!
|
|
4
|
-
whois
|
|
4
|
+
whois(:everyone) { true }
|
|
5
5
|
|
|
6
|
-
# whois
|
|
7
|
-
# whois
|
|
6
|
+
# whois(:admin, args: [:user]) { |c| c and c.user_type.symbol == :ADMIN.to_s }
|
|
7
|
+
# whois(:client, args: [:user]) { |c| c and c.user_type.symbol == :PUBLIC.to_s }
|
|
8
8
|
|
|
9
9
|
# admin can access anywhere
|
|
10
10
|
# allow :admin
|
|
@@ -38,7 +38,7 @@ Acu::Rules.define do
|
|
|
38
38
|
# end
|
|
39
39
|
|
|
40
40
|
# controller :contact do
|
|
41
|
-
# action
|
|
41
|
+
# action(:support) {
|
|
42
42
|
# allow :client
|
|
43
43
|
# }
|
|
44
44
|
# end
|
data/rails-acu.gemspec
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
# This is an examble, modify it as well
|
|
2
2
|
Acu::Rules.define do
|
|
3
3
|
# anyone make a request could be count as everyone!
|
|
4
|
-
whois
|
|
4
|
+
whois(:everyone) { true }
|
|
5
5
|
|
|
6
|
-
whois
|
|
6
|
+
whois(:admin, args: [:user]) { |c| c and c.user_type.symbol == :ADMIN.to_s }
|
|
7
7
|
|
|
8
|
-
whois
|
|
8
|
+
whois(:client, args: [:user]) { |c| c and c.user_type.symbol == :PUBLIC.to_s }
|
|
9
9
|
|
|
10
|
-
whois
|
|
10
|
+
whois(:pr, args: [:user]) { |c| c and c.user_type.symbol == :PR.to_s }
|
|
11
11
|
|
|
12
12
|
allow :everyone
|
|
13
13
|
|
|
14
14
|
# define how is admin?
|
|
15
|
-
# whois
|
|
15
|
+
# whois(:admin, args: [:user]) { |c| c and c.user_type == :ADMIN.to_s }
|
|
16
16
|
|
|
17
17
|
# define how is client?
|
|
18
|
-
# whois
|
|
18
|
+
# whois(:client, args: [:user]) { |c| c and c.user_type == :CLIENT.to_s }
|
|
19
19
|
|
|
20
20
|
# controller :home, except: [:some_secret_action] do
|
|
21
21
|
# allow :everyone
|
|
@@ -17,9 +17,6 @@ ActiveSupport.to_time_preserves_timezone = true
|
|
|
17
17
|
# Require `belongs_to` associations by default. Previous versions had false.
|
|
18
18
|
Rails.application.config.active_record.belongs_to_required_by_default = true
|
|
19
19
|
|
|
20
|
-
# suppress depricating waring for sqlite3
|
|
21
|
-
Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true
|
|
22
|
-
|
|
23
20
|
# Do not halt callback chains when a callback returns false. Previous versions had true.
|
|
24
21
|
# ActiveSupport.halt_callback_chains_on_return_false = false
|
|
25
22
|
|
data/spec/dummy/config/routes.rb
CHANGED
|
File without changes
|
|
File without changes
|
|
File without changes
|
data/spec/dummy/db/schema.rb
CHANGED
|
File without changes
|
data/spec/dummy/db/seeds.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
User.delete_all
|
|
2
|
+
UserType.delete_all
|
|
1
3
|
# This file should contain all the record creation needed to seed the database with its default values.
|
|
2
4
|
# The data can then be loaded with the rails db:seed command (or created alongside the database with db:setup).
|
|
3
5
|
#
|
|
@@ -6,34 +8,34 @@
|
|
|
6
8
|
# movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }])
|
|
7
9
|
# Character.create(name: 'Luke', movie: movies.first)
|
|
8
10
|
user_types_list = [
|
|
9
|
-
['ادمین', 'ADMIN', 'ادمین سایت، دسترسی کامل به کل سایت' ,1001],
|
|
10
|
-
['عموم', 'PUBLIC','دسترسی عمومی به محتویات سایت',1],
|
|
11
|
-
['روکوب', 'ROKOB','موجودیت روکوب کار، امکان دسترسی به ارزیابی اطلاعات روکوبی مبلمانها ',2],
|
|
12
|
-
['خیاط', 'KHAYAT','موجودیت خیاط کار، امکان دسترسی به ارزیابی اطلاعات خیاطی مبلمانها و مشخصات پارچه ',2],
|
|
13
|
-
['نجار', 'NAJAR','موجودیت نجار، امکان دسترسی به ارزیابی اطلاعات نجاری و کندهکاری مبلمانها ',2],
|
|
14
|
-
['نقاش', 'NAGASH','موجودیت نقاش کار، امکان دسترسی به ارزیابی اطلاعات نقاشی مبلمانها ',2],
|
|
15
|
-
['کارشناس گرافیک', 'GRAPHIC','بررسی گرافیکی و سلیقهای محصولات و ثبت پیشنهادات مرتبط',2],
|
|
16
|
-
['بازاریاب', 'MARKETER','بازاریاب محصولات',2],
|
|
17
|
-
['بازرس', 'PR','بازرسی کیفی فعالیتهای بازاریابها، روابط عمومی مشتریها',3],
|
|
18
|
-
['بازارسنج', 'MARKLINE','مسئول بروز رسانی قیمتهای کالاها و لوازم پیشنیاز محصولات خدماتی',2]
|
|
11
|
+
[1, 'ادمین', 'ADMIN', 'ادمین سایت، دسترسی کامل به کل سایت' ,1001],
|
|
12
|
+
[2, 'عموم', 'PUBLIC','دسترسی عمومی به محتویات سایت',1],
|
|
13
|
+
[3, 'روکوب', 'ROKOB','موجودیت روکوب کار، امکان دسترسی به ارزیابی اطلاعات روکوبی مبلمانها ',2],
|
|
14
|
+
[4, 'خیاط', 'KHAYAT','موجودیت خیاط کار، امکان دسترسی به ارزیابی اطلاعات خیاطی مبلمانها و مشخصات پارچه ',2],
|
|
15
|
+
[5, 'نجار', 'NAJAR','موجودیت نجار، امکان دسترسی به ارزیابی اطلاعات نجاری و کندهکاری مبلمانها ',2],
|
|
16
|
+
[6, 'نقاش', 'NAGASH','موجودیت نقاش کار، امکان دسترسی به ارزیابی اطلاعات نقاشی مبلمانها ',2],
|
|
17
|
+
[7, 'کارشناس گرافیک', 'GRAPHIC','بررسی گرافیکی و سلیقهای محصولات و ثبت پیشنهادات مرتبط',2],
|
|
18
|
+
[8, 'بازاریاب', 'MARKETER','بازاریاب محصولات',2],
|
|
19
|
+
[9, 'بازرس', 'PR','بازرسی کیفی فعالیتهای بازاریابها، روابط عمومی مشتریها',3],
|
|
20
|
+
[10, 'بازارسنج', 'MARKLINE','مسئول بروز رسانی قیمتهای کالاها و لوازم پیشنیاز محصولات خدماتی',2]
|
|
19
21
|
]
|
|
20
22
|
|
|
21
|
-
user_types_list.each do |name, symbol, comment, auth_level|
|
|
22
|
-
UserType.create!(name: name, symbol: symbol, comment: comment, auth_level: auth_level)
|
|
23
|
+
user_types_list.each do |id, name, symbol, comment, auth_level|
|
|
24
|
+
UserType.create!(id: id, name: name, symbol: symbol, comment: comment, auth_level: auth_level)
|
|
23
25
|
end
|
|
24
26
|
|
|
25
27
|
users_list = [
|
|
26
|
-
['email1@gmail.com','123456',1],
|
|
27
|
-
['email2@gmail.com','123456',2],
|
|
28
|
-
['email3@gmail.com','123456',3],
|
|
29
|
-
['email4@gmail.com','123456',4],
|
|
30
|
-
['email5@gmail.com','123456',5],
|
|
31
|
-
['email6@gmail.com','123456',6],
|
|
32
|
-
['email7@gmail.com','123456',7],
|
|
33
|
-
['email8@gmail.com','123456',8],
|
|
34
|
-
['email9@gmail.com','123456',9],
|
|
35
|
-
['email10@gmail.com','123456',10],
|
|
28
|
+
[1, 'email1@gmail.com','123456',1],
|
|
29
|
+
[2, 'email2@gmail.com','123456',2],
|
|
30
|
+
[3, 'email3@gmail.com','123456',3],
|
|
31
|
+
[4, 'email4@gmail.com','123456',4],
|
|
32
|
+
[5, 'email5@gmail.com','123456',5],
|
|
33
|
+
[6, 'email6@gmail.com','123456',6],
|
|
34
|
+
[7, 'email7@gmail.com','123456',7],
|
|
35
|
+
[8, 'email8@gmail.com','123456',8],
|
|
36
|
+
[9, 'email9@gmail.com','123456',9],
|
|
37
|
+
[10, 'email10@gmail.com','123456',10],
|
|
36
38
|
]
|
|
37
|
-
users_list.each do |email, password, user_type_id|
|
|
38
|
-
User.create!(email: email, password: password, user_type_id: user_type_id)
|
|
39
|
+
users_list.each do |id, email, password, user_type_id|
|
|
40
|
+
User.create!(id: id, email: email, password: password, user_type_id: user_type_id)
|
|
39
41
|
end
|
|
File without changes
|
|
@@ -30,8 +30,8 @@ RSpec.describe Admin::Booking::ListsController, type: :controller do
|
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
Acu::Rules.define do
|
|
33
|
-
whois
|
|
34
|
-
whois
|
|
33
|
+
whois(:admin, args: [:c]) { |c| c == :admin }
|
|
34
|
+
whois(:client, args: [:c]) { |c| c == :client }
|
|
35
35
|
end
|
|
36
36
|
}
|
|
37
37
|
|
|
@@ -14,7 +14,7 @@ RSpec.describe Admin::ManageController, type: :controller do
|
|
|
14
14
|
|
|
15
15
|
it "should work with namespaces" do
|
|
16
16
|
Acu::Rules.define do
|
|
17
|
-
whois
|
|
17
|
+
whois(:everyone) { true }
|
|
18
18
|
allow :everyone
|
|
19
19
|
end
|
|
20
20
|
get :index
|
|
@@ -47,8 +47,8 @@ RSpec.describe Admin::ManageController, type: :controller do
|
|
|
47
47
|
end
|
|
48
48
|
it '[local-global & args]' do
|
|
49
49
|
Acu::Rules.define do
|
|
50
|
-
whois
|
|
51
|
-
whois
|
|
50
|
+
whois(:admin, args: [:c]) { |c| c == :admin }
|
|
51
|
+
whois(:client, args: [:c]) { |c| c == :client }
|
|
52
52
|
namespace :admin do
|
|
53
53
|
allow :admin
|
|
54
54
|
controller :manage, only: [:show] do
|
|
@@ -23,6 +23,14 @@ RSpec.describe HomeController, type: :controller do
|
|
|
23
23
|
end
|
|
24
24
|
end
|
|
25
25
|
|
|
26
|
+
def enable_caching
|
|
27
|
+
caching = ActionController::Base.perform_caching
|
|
28
|
+
ActionController::Base.perform_caching = true
|
|
29
|
+
yield
|
|
30
|
+
ensure
|
|
31
|
+
ActionController::Base.perform_caching = caching
|
|
32
|
+
end
|
|
33
|
+
|
|
26
34
|
context 'Acu::Config' do
|
|
27
35
|
it '.allow_by_default = false' do
|
|
28
36
|
expect {get :index}.to raise_error(Acu::Errors::AccessDenied)
|
|
@@ -50,37 +58,37 @@ RSpec.describe HomeController, type: :controller do
|
|
|
50
58
|
context "[globals]" do
|
|
51
59
|
it "[single rule]" do
|
|
52
60
|
Acu::Rules.define do
|
|
53
|
-
whois
|
|
61
|
+
whois(:everyone) { true }
|
|
54
62
|
allow :everyone
|
|
55
63
|
end
|
|
56
64
|
get :index
|
|
57
65
|
end
|
|
58
66
|
it "[multiple rules]" do
|
|
59
67
|
Acu::Rules.define do
|
|
60
|
-
whois
|
|
61
|
-
whois
|
|
68
|
+
whois(:everyone) { true }
|
|
69
|
+
whois(:client) { true }
|
|
62
70
|
allow :everyone
|
|
63
71
|
allow :client
|
|
64
72
|
end
|
|
65
73
|
expect(Acu::Rules.rules.length).to be 1
|
|
66
74
|
expect(Acu::Rules.rules[{}].length).to be 2
|
|
67
75
|
get :index
|
|
68
|
-
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:
|
|
76
|
+
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:client, :everyone`/
|
|
69
77
|
end
|
|
70
78
|
it "{ one of rules failed = AccessDenied }" do
|
|
71
79
|
Acu::Rules.define do
|
|
72
|
-
whois
|
|
73
|
-
whois
|
|
80
|
+
whois(:everyone) { true }
|
|
81
|
+
whois(:client) { true }
|
|
74
82
|
# every request is :everyone
|
|
75
83
|
allow :everyone
|
|
76
84
|
# every reqyest is also :client
|
|
77
85
|
deny :client
|
|
78
86
|
end
|
|
79
87
|
expect {get :index}.to raise_error(Acu::Errors::AccessDenied)
|
|
80
|
-
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access DENIED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:
|
|
88
|
+
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access DENIED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:client, :everyone`/
|
|
81
89
|
|
|
82
90
|
Acu::Rules.define do
|
|
83
|
-
whois
|
|
91
|
+
whois(:client) { false }
|
|
84
92
|
# every reqyest is also :client
|
|
85
93
|
deny :client
|
|
86
94
|
end
|
|
@@ -92,8 +100,8 @@ RSpec.describe HomeController, type: :controller do
|
|
|
92
100
|
context "[namespace]" do
|
|
93
101
|
it "[default]" do
|
|
94
102
|
Acu::Rules.define do
|
|
95
|
-
whois
|
|
96
|
-
whois
|
|
103
|
+
whois(:everyone) { true }
|
|
104
|
+
whois(:client) { false }
|
|
97
105
|
namespace do
|
|
98
106
|
allow :everyone
|
|
99
107
|
end
|
|
@@ -118,8 +126,8 @@ RSpec.describe HomeController, type: :controller do
|
|
|
118
126
|
end
|
|
119
127
|
it "[default & global]" do
|
|
120
128
|
Acu::Rules.define do
|
|
121
|
-
whois
|
|
122
|
-
whois
|
|
129
|
+
whois(:everyone) { true }
|
|
130
|
+
whois(:client) { false }
|
|
123
131
|
|
|
124
132
|
namespace do
|
|
125
133
|
allow :everyone
|
|
@@ -132,7 +140,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
132
140
|
end
|
|
133
141
|
it "[with only]" do
|
|
134
142
|
Acu::Rules.define do
|
|
135
|
-
whois
|
|
143
|
+
whois(:everyone) { true }
|
|
136
144
|
namespace only: [:home] do
|
|
137
145
|
allow :everyone
|
|
138
146
|
end
|
|
@@ -141,7 +149,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
141
149
|
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:everyone`/
|
|
142
150
|
|
|
143
151
|
Acu::Rules.define do
|
|
144
|
-
whois
|
|
152
|
+
whois(:everyone) { true }
|
|
145
153
|
# override previous one
|
|
146
154
|
namespace only: [:home] do
|
|
147
155
|
deny :everyone
|
|
@@ -156,7 +164,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
156
164
|
end
|
|
157
165
|
it "[with except]" do
|
|
158
166
|
Acu::Rules.define do
|
|
159
|
-
whois
|
|
167
|
+
whois(:everyone) { true }
|
|
160
168
|
namespace except: [:home] do
|
|
161
169
|
allow :everyone
|
|
162
170
|
end
|
|
@@ -166,7 +174,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
166
174
|
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access DENIED to .* \[autherized by :allow_by_default\]/
|
|
167
175
|
|
|
168
176
|
Acu::Rules.define do
|
|
169
|
-
whois
|
|
177
|
+
whois(:everyone) { true }
|
|
170
178
|
namespace except: [:foobar] do
|
|
171
179
|
allow :everyone
|
|
172
180
|
end
|
|
@@ -179,7 +187,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
179
187
|
context "[controller]" do
|
|
180
188
|
it "[solo]" do
|
|
181
189
|
Acu::Rules.define do
|
|
182
|
-
whois
|
|
190
|
+
whois(:everyone) { true }
|
|
183
191
|
controller :home do
|
|
184
192
|
end
|
|
185
193
|
end
|
|
@@ -195,7 +203,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
195
203
|
end
|
|
196
204
|
it "[with only]" do
|
|
197
205
|
Acu::Rules.define do
|
|
198
|
-
whois
|
|
206
|
+
whois(:everyone) { true }
|
|
199
207
|
controller :home, only: [:contact] do
|
|
200
208
|
end
|
|
201
209
|
end
|
|
@@ -233,7 +241,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
233
241
|
end
|
|
234
242
|
it "[with except]" do
|
|
235
243
|
Acu::Rules.define do
|
|
236
|
-
whois
|
|
244
|
+
whois(:everyone) { true }
|
|
237
245
|
controller :home, except: [:contact] do
|
|
238
246
|
end
|
|
239
247
|
end
|
|
@@ -267,10 +275,10 @@ RSpec.describe HomeController, type: :controller do
|
|
|
267
275
|
context "[action]" do
|
|
268
276
|
it "[parent: namespace]" do
|
|
269
277
|
Acu::Rules.define do
|
|
270
|
-
whois
|
|
278
|
+
whois(:everyone) { true }
|
|
271
279
|
namespace do
|
|
272
|
-
action
|
|
273
|
-
action
|
|
280
|
+
action(:index) { allow :everyone }
|
|
281
|
+
action(:contact) { allow :everyone }
|
|
274
282
|
end
|
|
275
283
|
end
|
|
276
284
|
get :index
|
|
@@ -280,8 +288,8 @@ RSpec.describe HomeController, type: :controller do
|
|
|
280
288
|
|
|
281
289
|
Acu::Rules.define do
|
|
282
290
|
namespace do
|
|
283
|
-
action
|
|
284
|
-
action
|
|
291
|
+
action(:index) { allow :everyone }
|
|
292
|
+
action(:contact) { deny :everyone }
|
|
285
293
|
end
|
|
286
294
|
end
|
|
287
295
|
get :index
|
|
@@ -293,7 +301,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
293
301
|
|
|
294
302
|
it "[parent: controller]" do
|
|
295
303
|
Acu::Rules.define do
|
|
296
|
-
whois
|
|
304
|
+
whois(:everyone) { true }
|
|
297
305
|
controller :home do
|
|
298
306
|
end
|
|
299
307
|
end
|
|
@@ -303,7 +311,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
303
311
|
|
|
304
312
|
Acu::Rules.define do
|
|
305
313
|
controller :home do
|
|
306
|
-
action
|
|
314
|
+
action(:contact) { allow :everyone }
|
|
307
315
|
end
|
|
308
316
|
end
|
|
309
317
|
get :contact
|
|
@@ -313,8 +321,8 @@ RSpec.describe HomeController, type: :controller do
|
|
|
313
321
|
|
|
314
322
|
Acu::Rules.define do
|
|
315
323
|
controller :home do
|
|
316
|
-
action
|
|
317
|
-
action
|
|
324
|
+
action(:index) { allow :everyone }
|
|
325
|
+
action(:contact) { deny :everyone }
|
|
318
326
|
end
|
|
319
327
|
end
|
|
320
328
|
get :index
|
|
@@ -323,7 +331,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
323
331
|
|
|
324
332
|
it "[parent: namespace, controller]" do
|
|
325
333
|
Acu::Rules.define do
|
|
326
|
-
whois
|
|
334
|
+
whois(:everyone) { true }
|
|
327
335
|
namespace do
|
|
328
336
|
controller :home do
|
|
329
337
|
end
|
|
@@ -336,7 +344,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
336
344
|
Acu::Rules.define do
|
|
337
345
|
namespace do
|
|
338
346
|
controller :home do
|
|
339
|
-
action
|
|
347
|
+
action(:contact) { allow :everyone }
|
|
340
348
|
end
|
|
341
349
|
end
|
|
342
350
|
end
|
|
@@ -348,8 +356,8 @@ RSpec.describe HomeController, type: :controller do
|
|
|
348
356
|
Acu::Rules.define do
|
|
349
357
|
namespace do
|
|
350
358
|
controller :home do
|
|
351
|
-
action
|
|
352
|
-
action
|
|
359
|
+
action(:index) { allow :everyone }
|
|
360
|
+
action(:contact) { deny :everyone }
|
|
353
361
|
end
|
|
354
362
|
end
|
|
355
363
|
end
|
|
@@ -359,11 +367,11 @@ RSpec.describe HomeController, type: :controller do
|
|
|
359
367
|
# reset to change namespace
|
|
360
368
|
Acu::Rules.reset
|
|
361
369
|
Acu::Rules.define do
|
|
362
|
-
whois
|
|
370
|
+
whois(:everyone) { true }
|
|
363
371
|
namespace :foobar do
|
|
364
372
|
controller :home do
|
|
365
|
-
action
|
|
366
|
-
action
|
|
373
|
+
action(:index) { allow :everyone }
|
|
374
|
+
action(:contact) { deny :everyone }
|
|
367
375
|
end
|
|
368
376
|
end
|
|
369
377
|
end
|
|
@@ -374,7 +382,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
374
382
|
end
|
|
375
383
|
it '[local-global]' do
|
|
376
384
|
Acu::Rules.define do
|
|
377
|
-
whois
|
|
385
|
+
whois(:everyone) { true }
|
|
378
386
|
namespace do
|
|
379
387
|
allow :everyone
|
|
380
388
|
controller :home, only: [:index] do
|
|
@@ -397,7 +405,7 @@ RSpec.describe HomeController, type: :controller do
|
|
|
397
405
|
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access DENIED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*\[autherized by :allow_by_default\]/
|
|
398
406
|
|
|
399
407
|
Acu::Rules.define do
|
|
400
|
-
whois
|
|
408
|
+
whois(:everyone) { true }
|
|
401
409
|
namespace do
|
|
402
410
|
controller :home do
|
|
403
411
|
allow :everyone, on: [:index, :contact]
|
|
@@ -409,14 +417,14 @@ RSpec.describe HomeController, type: :controller do
|
|
|
409
417
|
end
|
|
410
418
|
it "[deny]" do
|
|
411
419
|
Acu::Rules.define do
|
|
412
|
-
whois
|
|
420
|
+
whois(:everyone) { true }
|
|
413
421
|
allow :everyone
|
|
414
422
|
end
|
|
415
423
|
get :index
|
|
416
424
|
get :contact
|
|
417
425
|
|
|
418
426
|
Acu::Rules.define do
|
|
419
|
-
whois
|
|
427
|
+
whois(:everyone) { true }
|
|
420
428
|
namespace do
|
|
421
429
|
controller :home do
|
|
422
430
|
deny :everyone, on: [:index, :contact]
|
|
@@ -430,8 +438,8 @@ RSpec.describe HomeController, type: :controller do
|
|
|
430
438
|
end
|
|
431
439
|
it "[negated entities]" do
|
|
432
440
|
Acu::Rules.define do
|
|
433
|
-
whois
|
|
434
|
-
whois
|
|
441
|
+
whois(:everyone) { true }
|
|
442
|
+
whois(:client) { false }
|
|
435
443
|
namespace do
|
|
436
444
|
controller :home do
|
|
437
445
|
deny :not_client, on: [:index, :contact]
|
|
@@ -458,8 +466,8 @@ RSpec.describe HomeController, type: :controller do
|
|
|
458
466
|
context "[bulk settings]" do
|
|
459
467
|
it "[allow/deny]" do
|
|
460
468
|
Acu::Rules.define do
|
|
461
|
-
whois
|
|
462
|
-
whois
|
|
469
|
+
whois(:everyone) { true }
|
|
470
|
+
whois(:client) { false }
|
|
463
471
|
namespace do
|
|
464
472
|
controller :home do
|
|
465
473
|
allow [:everyone, :client], on: [:index, :contact]
|
|
@@ -470,27 +478,27 @@ RSpec.describe HomeController, type: :controller do
|
|
|
470
478
|
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:everyone`/
|
|
471
479
|
get :contact
|
|
472
480
|
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*as `:everyone`/
|
|
473
|
-
Acu::Rules.define { whois
|
|
481
|
+
Acu::Rules.define { whois(:client) { true } }
|
|
474
482
|
get :index
|
|
475
|
-
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:
|
|
483
|
+
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:client, :everyone`/
|
|
476
484
|
get :contact
|
|
477
|
-
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*as `:
|
|
485
|
+
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*as `:client, :everyone`/
|
|
478
486
|
Acu::Rules.define do
|
|
479
487
|
namespace do
|
|
480
488
|
controller :home do
|
|
481
|
-
action
|
|
489
|
+
action(:index) { deny [:everyone, :client] }
|
|
482
490
|
end
|
|
483
491
|
end
|
|
484
492
|
end
|
|
485
493
|
expect {get :index}.to raise_error(Acu::Errors::AccessDenied)
|
|
486
494
|
# the first rule that failed is going to mention
|
|
487
|
-
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access DENIED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:
|
|
495
|
+
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access DENIED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:client, :everyone`/
|
|
488
496
|
get :contact
|
|
489
|
-
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*as `:
|
|
497
|
+
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*as `:client, :everyone`/
|
|
490
498
|
end
|
|
491
499
|
it "[namespace/controller]" do
|
|
492
500
|
Acu::Rules.define do
|
|
493
|
-
whois
|
|
501
|
+
whois(:everyone) { true }
|
|
494
502
|
namespace nil, :admin do
|
|
495
503
|
allow :everyone
|
|
496
504
|
controller :home, :manage, only: [:index] do
|
|
@@ -515,7 +523,10 @@ RSpec.describe HomeController, type: :controller do
|
|
|
515
523
|
end
|
|
516
524
|
it "[action]" do
|
|
517
525
|
Acu::Rules.define do
|
|
518
|
-
whois
|
|
526
|
+
whois(:pr) { false }
|
|
527
|
+
whois(:admin) { true }
|
|
528
|
+
whois(:client) { false }
|
|
529
|
+
whois(:everyone) { true }
|
|
519
530
|
namespace do
|
|
520
531
|
allow :everyone
|
|
521
532
|
end
|
|
@@ -546,16 +557,16 @@ RSpec.describe HomeController, type: :controller do
|
|
|
546
557
|
context "Acu::Helpers" do
|
|
547
558
|
it "acu_is?" do
|
|
548
559
|
Acu::Rules.define do
|
|
549
|
-
whois
|
|
550
|
-
whois
|
|
560
|
+
whois(:everyone) { true }
|
|
561
|
+
whois(:client) { false }
|
|
551
562
|
end
|
|
552
563
|
expect(acu_is? :everyone).to be true
|
|
553
564
|
expect(acu_is? :client).to be false
|
|
554
565
|
end
|
|
555
566
|
it "acu_as" do
|
|
556
567
|
Acu::Rules.define do
|
|
557
|
-
whois
|
|
558
|
-
whois
|
|
568
|
+
whois(:everyone) { true }
|
|
569
|
+
whois(:client) { false }
|
|
559
570
|
end
|
|
560
571
|
acu_as :everyone do
|
|
561
572
|
# a valid syntax
|
|
@@ -572,8 +583,8 @@ RSpec.describe HomeController, type: :controller do
|
|
|
572
583
|
end
|
|
573
584
|
it "acu_except" do
|
|
574
585
|
Acu::Rules.define do
|
|
575
|
-
whois
|
|
576
|
-
whois
|
|
586
|
+
whois(:everyone) { true }
|
|
587
|
+
whois(:client) { false }
|
|
577
588
|
end
|
|
578
589
|
acu_except :everyone do
|
|
579
590
|
# an invalid syntax, this should never run
|
|
@@ -600,11 +611,14 @@ RSpec.describe HomeController, type: :controller do
|
|
|
600
611
|
end
|
|
601
612
|
it '[caches?]' do
|
|
602
613
|
Acu::Rules.define do
|
|
603
|
-
whois
|
|
614
|
+
whois(:pr) { false }
|
|
615
|
+
whois(:admin) { true }
|
|
616
|
+
whois(:client) { false }
|
|
617
|
+
whois(:everyone) { true }
|
|
604
618
|
namespace do
|
|
605
619
|
controller :home do
|
|
606
|
-
action
|
|
607
|
-
action
|
|
620
|
+
action(:index) { allow :everyone }
|
|
621
|
+
action(:contact) { deny :everyone }
|
|
608
622
|
end
|
|
609
623
|
end
|
|
610
624
|
end
|
|
@@ -616,32 +630,38 @@ RSpec.describe HomeController, type: :controller do
|
|
|
616
630
|
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /\[x\] access DENIED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*as `:everyone`/
|
|
617
631
|
end
|
|
618
632
|
|
|
619
|
-
|
|
620
|
-
|
|
621
|
-
|
|
622
|
-
# make intial accesses, and cache
|
|
623
|
-
get :index
|
|
624
|
-
expect {get :contact}.to raise_error(Acu::Errors::AccessDenied)
|
|
633
|
+
enable_caching do
|
|
634
|
+
setup use_cache: true
|
|
635
|
+
Acu::Monitor.clear_cache
|
|
625
636
|
|
|
626
|
-
|
|
627
|
-
5.times do
|
|
637
|
+
# make intial accesses, and cache
|
|
628
638
|
get :index
|
|
629
|
-
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /\[-\]\[c\] access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:everyone`/
|
|
630
639
|
expect {get :contact}.to raise_error(Acu::Errors::AccessDenied)
|
|
631
|
-
|
|
640
|
+
|
|
641
|
+
# both request should be ruled by cache now!
|
|
642
|
+
5.times do
|
|
643
|
+
get :index
|
|
644
|
+
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /\[-\]\[c\] access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:everyone`/
|
|
645
|
+
expect {get :contact}.to raise_error(Acu::Errors::AccessDenied)
|
|
646
|
+
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /\[x\]\[c\] access DENIED to.*namespace=\[nil\].*controller=\["home"\].*action=\["contact"\].*as `:everyone`/
|
|
647
|
+
end
|
|
632
648
|
end
|
|
633
649
|
end
|
|
634
650
|
it '[maintains cache]' do
|
|
635
651
|
setup use_cache: true
|
|
636
652
|
Acu::Rules.define do
|
|
637
|
-
whois
|
|
653
|
+
whois(:pr) { false }
|
|
654
|
+
whois(:admin) { true }
|
|
655
|
+
whois(:client) { false }
|
|
656
|
+
whois(:everyone) { true }
|
|
638
657
|
namespace do
|
|
639
658
|
controller :home do
|
|
640
|
-
action
|
|
641
|
-
action
|
|
659
|
+
action(:index) { allow :everyone }
|
|
660
|
+
action(:contact) { deny :everyone }
|
|
642
661
|
end
|
|
643
662
|
end
|
|
644
663
|
end
|
|
664
|
+
|
|
645
665
|
5.times do
|
|
646
666
|
get :index
|
|
647
667
|
expect(`tail -n 1 #{Acu::Configs.get :audit_log_file}`).to match /\[-\]\[c\] access GRANTED to.*namespace=\[nil\].*controller=\["home"\].*action=\["index"\].*as `:everyone`/
|