rbacanable 0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.document +5 -0
- data/.gitignore +22 -0
- data/Changes.rdoc +141 -0
- data/LICENSE +20 -0
- data/README.rdoc +164 -0
- data/Rakefile +44 -0
- data/examples/basic.rb +41 -0
- data/examples/roles.rb +100 -0
- data/lib/canable.rb +191 -0
- data/specs.watchr +47 -0
- data/test/helper.rb +33 -0
- data/test/test_ables.rb +83 -0
- data/test/test_canable.rb +26 -0
- data/test/test_cans.rb +51 -0
- data/test/test_enforcers.rb +32 -0
- data/test/test_roles.rb +353 -0
- metadata +124 -0
data/test/test_roles.rb
ADDED
|
@@ -0,0 +1,353 @@
|
|
|
1
|
+
require 'helper'
|
|
2
|
+
|
|
3
|
+
class RolesTest < Test::Unit::TestCase
|
|
4
|
+
context "Users with a Canable::Role included" do
|
|
5
|
+
setup do
|
|
6
|
+
@resource = mock('resource')
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
|
|
10
|
+
context "and with the role default set to true" do
|
|
11
|
+
setup do
|
|
12
|
+
roleklass = Module.new do
|
|
13
|
+
include Canable::Role
|
|
14
|
+
default_response true
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
userklass = Class.new do
|
|
18
|
+
include Canable::Actor
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
@user = userklass.new
|
|
22
|
+
@user.act roleklass
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
should "default viewable_by? to true" do
|
|
26
|
+
assert @user.can_view?(@resource)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
should "default creatable_by? to true" do
|
|
30
|
+
assert @user.can_create?(@resource)
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
should "default updatable_by? to true" do
|
|
34
|
+
assert @user.can_update?(@resource)
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
should "default destroyable_by? to true" do
|
|
38
|
+
assert @user.can_destroy?(@resource)
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
context "and with the role default set to false" do
|
|
43
|
+
setup do
|
|
44
|
+
roleklass = Module.new do
|
|
45
|
+
include Canable::Role
|
|
46
|
+
default_response false
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
userklass = Class.new do
|
|
50
|
+
include Canable::Actor
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
@user = userklass.new
|
|
54
|
+
@user.act roleklass
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
should "default viewable_by? to false" do
|
|
58
|
+
assert ! @user.can_view?(@resource)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
should "default creatable_by? to false" do
|
|
62
|
+
assert ! @user.can_create?(@resource)
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
should "default updatable_by? to false" do
|
|
66
|
+
assert ! @user.can_update?(@resource)
|
|
67
|
+
end
|
|
68
|
+
|
|
69
|
+
should "default destroyable_by? to false" do
|
|
70
|
+
assert ! @user.can_destroy?(@resource)
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
context "which inherits from another role should persist the default response" do
|
|
75
|
+
setup do
|
|
76
|
+
baseroleklass = Module.new do
|
|
77
|
+
include Canable::Role
|
|
78
|
+
default_response true
|
|
79
|
+
end
|
|
80
|
+
|
|
81
|
+
roleklass = Module.new do
|
|
82
|
+
include Canable::Role
|
|
83
|
+
include baseroleklass
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
userklass = Class.new do
|
|
87
|
+
include Canable::Actor
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
@user = userklass.new
|
|
91
|
+
@user.act roleklass
|
|
92
|
+
end
|
|
93
|
+
|
|
94
|
+
should "default viewable_by? to true" do
|
|
95
|
+
assert @user.can_view?(@resource)
|
|
96
|
+
end
|
|
97
|
+
|
|
98
|
+
should "default creatable_by? to true" do
|
|
99
|
+
assert @user.can_create?(@resource)
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
should "default updatable_by? to true" do
|
|
103
|
+
assert @user.can_update?(@resource)
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
should "default destroyable_by? to true" do
|
|
107
|
+
assert @user.can_destroy?(@resource)
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
context "With several roles" do
|
|
114
|
+
setup do
|
|
115
|
+
@role1klass = Module.new do
|
|
116
|
+
include Canable::Role
|
|
117
|
+
default_response true
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
@role2klass = Module.new do
|
|
121
|
+
include Canable::Role
|
|
122
|
+
default_response false
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
@resource = mock('resource');
|
|
126
|
+
end
|
|
127
|
+
|
|
128
|
+
context "and actors with a default role" do
|
|
129
|
+
setup do
|
|
130
|
+
role1klass = @role1klass
|
|
131
|
+
userklass = Class.new do
|
|
132
|
+
include Canable::Actor
|
|
133
|
+
default_role role1klass
|
|
134
|
+
|
|
135
|
+
def initialize(role=nil)
|
|
136
|
+
@role = role
|
|
137
|
+
self.__initialize_canable_role # nessecary since initialize is overridden
|
|
138
|
+
end
|
|
139
|
+
end
|
|
140
|
+
|
|
141
|
+
@default_user = userklass.new
|
|
142
|
+
@nondefault_user = userklass.new(@role2klass)
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
should "have included the correct roles" do
|
|
146
|
+
assert_equal @role1klass, @default_user.canable_included_role
|
|
147
|
+
assert_equal @role2klass, @nondefault_user.canable_included_role
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
should "be governed by the rules in their roles" do
|
|
151
|
+
assert @default_user.can_view?(@resource)
|
|
152
|
+
assert ! @nondefault_user.can_view?(@resource)
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
end
|
|
156
|
+
|
|
157
|
+
context "and actors with a default role and non standard role attribute" do
|
|
158
|
+
setup do
|
|
159
|
+
role1klass = @role1klass
|
|
160
|
+
userklass = Class.new do
|
|
161
|
+
include Canable::Actor
|
|
162
|
+
default_role role1klass
|
|
163
|
+
role_attribute :@nonstandard
|
|
164
|
+
|
|
165
|
+
def initialize(role=nil)
|
|
166
|
+
@nonstandard = role
|
|
167
|
+
self.__initialize_canable_role # nessecary since initialize is overridden
|
|
168
|
+
end
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
@default_user = userklass.new
|
|
172
|
+
@nondefault_user = userklass.new(@role2klass)
|
|
173
|
+
end
|
|
174
|
+
|
|
175
|
+
should "have included the correct roles" do
|
|
176
|
+
assert_equal @role1klass, @default_user.canable_included_role
|
|
177
|
+
assert_equal @role2klass, @nondefault_user.canable_included_role
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
should "be governed by the rules in their roles" do
|
|
181
|
+
assert @default_user.can_view?(@resource)
|
|
182
|
+
assert ! @nondefault_user.can_view?(@resource)
|
|
183
|
+
end
|
|
184
|
+
end
|
|
185
|
+
end
|
|
186
|
+
|
|
187
|
+
context "With several users with specific Canable::Roles inherited and included" do
|
|
188
|
+
setup do
|
|
189
|
+
|
|
190
|
+
# Default role where nothing is possible
|
|
191
|
+
baseroleklass = Module.new do
|
|
192
|
+
include Canable::Role
|
|
193
|
+
default_response false
|
|
194
|
+
end
|
|
195
|
+
|
|
196
|
+
# Medium level role where update, create, destroy are possible if you are the owner, and view is always possible
|
|
197
|
+
roleklass = Module.new do
|
|
198
|
+
include Canable::Role
|
|
199
|
+
include baseroleklass
|
|
200
|
+
|
|
201
|
+
def can_update_mocha_mock?(mock)
|
|
202
|
+
mock.owner == @name
|
|
203
|
+
end
|
|
204
|
+
|
|
205
|
+
def can_create_mocha_mock?(mock)
|
|
206
|
+
self.can_update_mocha_mock?(mock)
|
|
207
|
+
end
|
|
208
|
+
|
|
209
|
+
def can_destroy_mocha_mock?(mock)
|
|
210
|
+
self.can_update_mocha_mock?(mock)
|
|
211
|
+
end
|
|
212
|
+
|
|
213
|
+
def can_view_mocha_mock?(mock)
|
|
214
|
+
true
|
|
215
|
+
end
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
# Elevated role who can update anything but only destroy their own
|
|
219
|
+
elevatedroleklass = Module.new do
|
|
220
|
+
include Canable::Role
|
|
221
|
+
include roleklass
|
|
222
|
+
|
|
223
|
+
def can_update_mocha_mock?(mock)
|
|
224
|
+
true
|
|
225
|
+
end
|
|
226
|
+
|
|
227
|
+
def can_destroy_mocha_mock?(mock)
|
|
228
|
+
if mock.owner == @name
|
|
229
|
+
true
|
|
230
|
+
else
|
|
231
|
+
false
|
|
232
|
+
end
|
|
233
|
+
end
|
|
234
|
+
end
|
|
235
|
+
|
|
236
|
+
# Super admin class who can do anything
|
|
237
|
+
superroleklass = Module.new do
|
|
238
|
+
include Canable::Role
|
|
239
|
+
default_response true
|
|
240
|
+
end
|
|
241
|
+
|
|
242
|
+
# Include Actor for a user
|
|
243
|
+
userklass = Class.new do
|
|
244
|
+
include Canable::Actor
|
|
245
|
+
def initialize(_name, _role)
|
|
246
|
+
@name = _name
|
|
247
|
+
@role = _role
|
|
248
|
+
self.__initialize_canable_role # nessecary since initialize is overridden
|
|
249
|
+
end
|
|
250
|
+
end
|
|
251
|
+
|
|
252
|
+
@john = userklass.new("John", baseroleklass)
|
|
253
|
+
@steve = userklass.new("Steve", roleklass)
|
|
254
|
+
@carli = userklass.new("Carli", elevatedroleklass)
|
|
255
|
+
@harry = userklass.new("Harry", superroleklass)
|
|
256
|
+
end
|
|
257
|
+
|
|
258
|
+
context "and plain resources" do
|
|
259
|
+
setup do
|
|
260
|
+
@johns = mock('resource') do expects(:owner).returns("John").times(0) end
|
|
261
|
+
@steves = mock('resource') do expects(:owner).returns("Steve").times(0) end
|
|
262
|
+
@harrys = mock('resource') do expects(:owner).returns("Harry").times(0) end
|
|
263
|
+
end
|
|
264
|
+
|
|
265
|
+
context "the user without permissions" do
|
|
266
|
+
should "not be able to do anything" do
|
|
267
|
+
[@johns, @steves, @harrys].each do |r|
|
|
268
|
+
assert ! @john.can_view?(r)
|
|
269
|
+
assert ! @john.can_update?(r)
|
|
270
|
+
assert ! @john.can_destroy?(r)
|
|
271
|
+
assert ! @john.can_create?(r)
|
|
272
|
+
end
|
|
273
|
+
end
|
|
274
|
+
end
|
|
275
|
+
end
|
|
276
|
+
|
|
277
|
+
context "and resources that belong to them" do
|
|
278
|
+
context "the owner of a resource" do
|
|
279
|
+
setup do
|
|
280
|
+
@steves = mock('resource1') do expects(:owner).returns("Steve").times(3) end
|
|
281
|
+
@harrys = mock('resource2') do expects(:owner).returns("Harry").times(0) end
|
|
282
|
+
@carlis = mock('resource3') do expects(:owner).returns("Carli").times(1) end
|
|
283
|
+
end
|
|
284
|
+
|
|
285
|
+
should "be able to CRUD their resource" do
|
|
286
|
+
assert @steve.can_update?(@steves)
|
|
287
|
+
assert @steve.can_create?(@steves)
|
|
288
|
+
assert @steve.can_destroy?(@steves)
|
|
289
|
+
assert @steve.can_view?(@steves)
|
|
290
|
+
|
|
291
|
+
assert @harry.can_update?(@harrys)
|
|
292
|
+
assert @harry.can_create?(@harrys)
|
|
293
|
+
assert @harry.can_destroy?(@harrys)
|
|
294
|
+
assert @harry.can_view?(@harrys)
|
|
295
|
+
|
|
296
|
+
assert @carli.can_update?(@carlis)
|
|
297
|
+
assert @carli.can_create?(@carlis)
|
|
298
|
+
assert @carli.can_destroy?(@carlis)
|
|
299
|
+
assert @carli.can_view?(@carlis)
|
|
300
|
+
end
|
|
301
|
+
end
|
|
302
|
+
|
|
303
|
+
context "a user who isn't the owner of a resource" do
|
|
304
|
+
setup do
|
|
305
|
+
@noones = mock('resource')
|
|
306
|
+
@noones.expects(:owner).returns("noone").times(2)
|
|
307
|
+
end
|
|
308
|
+
should "not be able to destroy the resource" do
|
|
309
|
+
[@john, @steve, @carli].each do |u|
|
|
310
|
+
assert ! u.can_destroy?(@noones)
|
|
311
|
+
end
|
|
312
|
+
end
|
|
313
|
+
end
|
|
314
|
+
|
|
315
|
+
context "the user with elevated permissions" do
|
|
316
|
+
setup do
|
|
317
|
+
@johns = mock('resource') do expects(:owner).returns("John").times(0..1) end
|
|
318
|
+
@steves = mock('resource') do expects(:owner).returns("Steve").times(0..1) end
|
|
319
|
+
@carlis = mock('resource') do expects(:owner).returns("Carli").times(0..1) end
|
|
320
|
+
end
|
|
321
|
+
|
|
322
|
+
should "be able to edit anyones resource" do
|
|
323
|
+
assert @carli.can_update?(@steves)
|
|
324
|
+
assert @carli.can_update?(@johns)
|
|
325
|
+
assert @carli.can_update?(@carlis)
|
|
326
|
+
end
|
|
327
|
+
|
|
328
|
+
should "not be able to destroy anyone else's resource" do
|
|
329
|
+
assert ! @carli.can_destroy?(@steves)
|
|
330
|
+
assert ! @carli.can_destroy?(@johns)
|
|
331
|
+
assert @carli.can_destroy?(@carlis)
|
|
332
|
+
end
|
|
333
|
+
end
|
|
334
|
+
|
|
335
|
+
context "the super user" do
|
|
336
|
+
setup do
|
|
337
|
+
@johns = mock('resource') do expects(:owner).returns("John").times(0) end
|
|
338
|
+
@steves = mock('resource') do expects(:owner).returns("Steve").times(0) end
|
|
339
|
+
@harrys = mock('resource') do expects(:owner).returns("Harry").times(0) end
|
|
340
|
+
end
|
|
341
|
+
|
|
342
|
+
should "be able to do anything to anyone's resource" do
|
|
343
|
+
[@johns, @steves, @harrys].each do |r|
|
|
344
|
+
assert @harry.can_view?(r)
|
|
345
|
+
assert @harry.can_update?(r)
|
|
346
|
+
assert @harry.can_destroy?(r)
|
|
347
|
+
assert @harry.can_create?(r)
|
|
348
|
+
end
|
|
349
|
+
end
|
|
350
|
+
end
|
|
351
|
+
end
|
|
352
|
+
end
|
|
353
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: rbacanable
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
prerelease: false
|
|
5
|
+
segments:
|
|
6
|
+
- 0
|
|
7
|
+
- 2
|
|
8
|
+
version: "0.2"
|
|
9
|
+
platform: ruby
|
|
10
|
+
authors:
|
|
11
|
+
- John Nunemaker
|
|
12
|
+
- Harry Brundage
|
|
13
|
+
autorequire:
|
|
14
|
+
bindir: bin
|
|
15
|
+
cert_chain: []
|
|
16
|
+
|
|
17
|
+
date: 2010-03-31 00:00:00 -04:00
|
|
18
|
+
default_executable:
|
|
19
|
+
dependencies:
|
|
20
|
+
- !ruby/object:Gem::Dependency
|
|
21
|
+
name: shoulda
|
|
22
|
+
prerelease: false
|
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
24
|
+
requirements:
|
|
25
|
+
- - "="
|
|
26
|
+
- !ruby/object:Gem::Version
|
|
27
|
+
segments:
|
|
28
|
+
- 2
|
|
29
|
+
- 10
|
|
30
|
+
- 3
|
|
31
|
+
version: 2.10.3
|
|
32
|
+
type: :development
|
|
33
|
+
version_requirements: *id001
|
|
34
|
+
- !ruby/object:Gem::Dependency
|
|
35
|
+
name: mocha
|
|
36
|
+
prerelease: false
|
|
37
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
|
38
|
+
requirements:
|
|
39
|
+
- - "="
|
|
40
|
+
- !ruby/object:Gem::Version
|
|
41
|
+
segments:
|
|
42
|
+
- 0
|
|
43
|
+
- 9
|
|
44
|
+
- 8
|
|
45
|
+
version: 0.9.8
|
|
46
|
+
type: :development
|
|
47
|
+
version_requirements: *id002
|
|
48
|
+
- !ruby/object:Gem::Dependency
|
|
49
|
+
name: yard
|
|
50
|
+
prerelease: false
|
|
51
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
|
52
|
+
requirements:
|
|
53
|
+
- - ">="
|
|
54
|
+
- !ruby/object:Gem::Version
|
|
55
|
+
segments:
|
|
56
|
+
- 0
|
|
57
|
+
version: "0"
|
|
58
|
+
type: :development
|
|
59
|
+
version_requirements: *id003
|
|
60
|
+
description: Simple role based permissions system
|
|
61
|
+
email: harry.brundage@gmail.com
|
|
62
|
+
executables: []
|
|
63
|
+
|
|
64
|
+
extensions: []
|
|
65
|
+
|
|
66
|
+
extra_rdoc_files:
|
|
67
|
+
- LICENSE
|
|
68
|
+
- README.rdoc
|
|
69
|
+
files:
|
|
70
|
+
- .document
|
|
71
|
+
- .gitignore
|
|
72
|
+
- Changes.rdoc
|
|
73
|
+
- LICENSE
|
|
74
|
+
- README.rdoc
|
|
75
|
+
- Rakefile
|
|
76
|
+
- examples/basic.rb
|
|
77
|
+
- examples/roles.rb
|
|
78
|
+
- lib/canable.rb
|
|
79
|
+
- specs.watchr
|
|
80
|
+
- test/helper.rb
|
|
81
|
+
- test/test_ables.rb
|
|
82
|
+
- test/test_canable.rb
|
|
83
|
+
- test/test_cans.rb
|
|
84
|
+
- test/test_enforcers.rb
|
|
85
|
+
- test/test_roles.rb
|
|
86
|
+
has_rdoc: true
|
|
87
|
+
homepage: http://github.com/hornairs/rbacanable
|
|
88
|
+
licenses: []
|
|
89
|
+
|
|
90
|
+
post_install_message:
|
|
91
|
+
rdoc_options:
|
|
92
|
+
- --charset=UTF-8
|
|
93
|
+
require_paths:
|
|
94
|
+
- lib
|
|
95
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
96
|
+
requirements:
|
|
97
|
+
- - ">="
|
|
98
|
+
- !ruby/object:Gem::Version
|
|
99
|
+
segments:
|
|
100
|
+
- 0
|
|
101
|
+
version: "0"
|
|
102
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
103
|
+
requirements:
|
|
104
|
+
- - ">="
|
|
105
|
+
- !ruby/object:Gem::Version
|
|
106
|
+
segments:
|
|
107
|
+
- 0
|
|
108
|
+
version: "0"
|
|
109
|
+
requirements: []
|
|
110
|
+
|
|
111
|
+
rubyforge_project:
|
|
112
|
+
rubygems_version: 1.3.6
|
|
113
|
+
signing_key:
|
|
114
|
+
specification_version: 3
|
|
115
|
+
summary: Simple role based permissions system
|
|
116
|
+
test_files:
|
|
117
|
+
- test/helper.rb
|
|
118
|
+
- test/test_ables.rb
|
|
119
|
+
- test/test_canable.rb
|
|
120
|
+
- test/test_cans.rb
|
|
121
|
+
- test/test_enforcers.rb
|
|
122
|
+
- test/test_roles.rb
|
|
123
|
+
- examples/basic.rb
|
|
124
|
+
- examples/roles.rb
|