releaf-permissions 0.2.1 → 1.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/LICENSE +19 -21
- data/app/assets/stylesheets/{releaf/controllers → controllers}/releaf/permissions/sessions.scss +0 -0
- data/app/builders/releaf/permissions/page/header_builder.rb +35 -0
- data/app/builders/releaf/permissions/page/layout_builder.rb +17 -0
- data/app/builders/releaf/permissions/page/menu_builder.rb +18 -0
- data/app/builders/releaf/permissions/roles/form_builder.rb +10 -6
- data/app/builders/releaf/permissions/roles/table_builder.rb +2 -6
- data/app/controllers/releaf/permissions/profile_controller.rb +25 -46
- data/app/controllers/releaf/permissions/roles_controller.rb +3 -5
- data/app/controllers/releaf/permissions/sessions_controller.rb +17 -27
- data/app/controllers/releaf/permissions/users_controller.rb +11 -14
- data/app/models/releaf/permissions/role.rb +0 -25
- data/app/models/releaf/permissions/user.rb +3 -9
- data/lib/releaf-permissions.rb +23 -27
- data/lib/releaf/permissions/access_control.rb +37 -0
- data/lib/releaf/permissions/configuration.rb +26 -0
- data/lib/releaf/permissions/controller_support.rb +33 -0
- data/lib/releaf/permissions/default_controller_resolver.rb +22 -0
- data/lib/releaf/permissions/engine.rb +1 -18
- data/lib/releaf/permissions/layout.rb +5 -0
- data/lib/releaf/permissions/{profile_component.rb → profile.rb} +6 -2
- data/lib/releaf/permissions/{roles_component.rb → roles.rb} +2 -2
- data/lib/releaf/permissions/settings_manager.rb +22 -0
- data/lib/releaf/permissions/users.rb +11 -0
- data/spec/builders/releaf/permissions/page/header_builder_spec.rb +87 -0
- data/spec/builders/releaf/permissions/page/layout_builder_spec.rb +64 -0
- data/spec/builders/releaf/permissions/page/menu_builder_spec.rb +100 -0
- data/spec/builders/{profile → releaf/permissions/profile}/form_builder_spec.rb +0 -0
- data/spec/builders/releaf/permissions/roles/form_builder_spec.rb +56 -0
- data/spec/builders/releaf/permissions/roles/table_builder_spec.rb +41 -0
- data/spec/builders/{users → releaf/permissions/users}/form_builder_spec.rb +0 -0
- data/spec/builders/{users → releaf/permissions/users}/table_builder_spec.rb +0 -0
- data/spec/controllers/permissions/profile_controller_spec.rb +0 -27
- data/spec/controllers/permissions/users_controller_spec.rb +1 -1
- data/spec/features/roles_spec.rb +3 -3
- data/spec/features/users_spec.rb +2 -2
- data/spec/lib/access_control_spec.rb +35 -50
- data/spec/lib/releaf/permissions/configuration_spec.rb +38 -0
- data/spec/lib/releaf/permissions/controller_support_spec.rb +76 -0
- data/spec/lib/releaf/permissions/default_controller_resolver_spec.rb +49 -0
- data/spec/lib/releaf/permissions/layout_spec.rb +10 -0
- data/spec/lib/releaf/permissions/profile_spec.rb +11 -0
- data/spec/lib/releaf/permissions/roles_spec.rb +10 -0
- data/spec/lib/releaf/permissions/settings_manager_spec.rb +38 -0
- data/spec/lib/releaf/permissions/users_spec.rb +17 -0
- data/spec/models/permissions/role_spec.rb +0 -28
- data/spec/models/permissions/user_spec.rb +33 -3
- metadata +56 -32
- data/app/controllers/releaf/permissions/home_controller.rb +0 -32
- data/app/lib/releaf/permissions/access_control.rb +0 -36
- data/lib/releaf/permissions/builders_autoload.rb +0 -11
- data/lib/releaf/permissions/devise_component.rb +0 -8
- data/lib/releaf/permissions/users_component.rb +0 -7
- data/releaf-permissions.gemspec +0 -19
- data/spec/builders/roles/form_builder_spec.rb +0 -38
- data/spec/builders/roles/table_builder_spec.rb +0 -29
- data/spec/controllers/permissions/home_controller_spec.rb +0 -52
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
module Releaf::Permissions
|
|
2
|
+
class AccessControl
|
|
3
|
+
include Virtus.model(strict: true)
|
|
4
|
+
attribute :user, Object
|
|
5
|
+
|
|
6
|
+
def self.initialize_component
|
|
7
|
+
ActiveSupport.on_load :base_controller do
|
|
8
|
+
Releaf::ActionController.send(:include, Releaf::Permissions::ControllerSupport)
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def self.draw_component_routes(router)
|
|
13
|
+
router.devise_for(Releaf.application.config.permissions.devise_for, path: "", controllers: { sessions: "releaf/permissions/sessions" })
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def controller_permitted?(controller_name)
|
|
17
|
+
allowed_controllers.include?(controller_name)
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
def allowed_controllers
|
|
21
|
+
permanent_allowed_controllers + role_allowed_controllers
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
def role_allowed_controllers
|
|
25
|
+
user.role.permissions.map{|permission| controller_name_from_permission(permission.permission) }.compact
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def controller_name_from_permission(permission)
|
|
29
|
+
match = permission.match(/^controller\.(.+)/)
|
|
30
|
+
match[1] if match
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def permanent_allowed_controllers
|
|
34
|
+
Releaf.application.config.permissions.permanent_allowed_controllers
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
module Releaf::Permissions
|
|
2
|
+
class Configuration
|
|
3
|
+
include Virtus.model(strict: true)
|
|
4
|
+
attribute :devise_for, String
|
|
5
|
+
attribute :access_control, Object
|
|
6
|
+
attribute :permanent_allowed_controllers, Array
|
|
7
|
+
|
|
8
|
+
def devise_model_name
|
|
9
|
+
devise_for.tr("/", "_")
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def devise_model_class
|
|
13
|
+
devise_for.classify.constantize
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def self.configure_component
|
|
17
|
+
Releaf.application.config.add_configuration(
|
|
18
|
+
new(
|
|
19
|
+
devise_for: "releaf/permissions/user",
|
|
20
|
+
access_control: Releaf::Permissions::AccessControl,
|
|
21
|
+
permanent_allowed_controllers: ['releaf/root', 'releaf/errors']
|
|
22
|
+
)
|
|
23
|
+
)
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
module Releaf::Permissions
|
|
2
|
+
module ControllerSupport
|
|
3
|
+
extend ActiveSupport::Concern
|
|
4
|
+
|
|
5
|
+
included do
|
|
6
|
+
prepend_before_action :set_locale, :verify_controller_access!, :authenticate!
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def set_locale
|
|
10
|
+
I18n.locale = user.locale
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def verify_controller_access!
|
|
14
|
+
unless Releaf.application.config.permissions.access_control.new(user: user).controller_permitted?(short_name)
|
|
15
|
+
raise Releaf::AccessDenied
|
|
16
|
+
end
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def user
|
|
20
|
+
send("current_#{Releaf.application.config.permissions.devise_model_name}")
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def authorized?
|
|
24
|
+
method_name = "#{Releaf.application.config.permissions.devise_model_name}_signed_in?"
|
|
25
|
+
send(method_name)
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
def authenticate!
|
|
29
|
+
method_name = "authenticate_#{Releaf.application.config.permissions.devise_model_name}!"
|
|
30
|
+
send(method_name)
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
module Releaf::Permissions
|
|
2
|
+
class DefaultControllerResolver < Releaf::Root::DefaultControllerResolver
|
|
3
|
+
|
|
4
|
+
def self.configure_component
|
|
5
|
+
Releaf.application.config.root.default_controller_resolver = self
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def controllers
|
|
9
|
+
# Note: This basically sorts allowed controllers in order specified by
|
|
10
|
+
# Releaf.application.config.available_controllers
|
|
11
|
+
([user.role.default_controller] + super).uniq & allowed_controllers
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def allowed_controllers
|
|
15
|
+
Releaf.application.config.permissions.access_control.new(user: user).allowed_controllers
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def user
|
|
19
|
+
current_controller.user
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
@@ -1,24 +1,7 @@
|
|
|
1
|
-
require 'devise'
|
|
2
|
-
|
|
3
1
|
module Releaf::Permissions
|
|
4
|
-
require 'releaf/permissions/devise_component'
|
|
5
|
-
require 'releaf/permissions/profile_component'
|
|
6
|
-
require 'releaf/permissions/roles_component'
|
|
7
|
-
require 'releaf/permissions/users_component'
|
|
8
|
-
require 'releaf/permissions/builders_autoload'
|
|
9
|
-
|
|
10
2
|
class Engine < ::Rails::Engine
|
|
11
3
|
initializer 'precompile', group: :all do |app|
|
|
12
|
-
app.config.assets.precompile += %w(
|
|
4
|
+
app.config.assets.precompile += %w(controllers/releaf/permissions/*)
|
|
13
5
|
end
|
|
14
6
|
end
|
|
15
|
-
|
|
16
|
-
def self.components
|
|
17
|
-
[
|
|
18
|
-
Releaf::Permissions::DeviseComponent,
|
|
19
|
-
Releaf::Permissions::RolesComponent,
|
|
20
|
-
Releaf::Permissions::UsersComponent,
|
|
21
|
-
Releaf::Permissions::ProfileComponent
|
|
22
|
-
]
|
|
23
|
-
end
|
|
24
7
|
end
|
|
@@ -1,9 +1,13 @@
|
|
|
1
|
-
module Releaf::Permissions::
|
|
1
|
+
module Releaf::Permissions::Profile
|
|
2
|
+
|
|
3
|
+
def self.configure_component
|
|
4
|
+
Releaf.application.config.additional_controllers = Releaf.application.config.additional_controllers + ['releaf/permissions/profile']
|
|
5
|
+
end
|
|
6
|
+
|
|
2
7
|
def self.draw_component_routes router
|
|
3
8
|
router.namespace :releaf, path: nil do
|
|
4
9
|
router.get "profile", to: "permissions/profile#edit", as: :permissions_user_profile
|
|
5
10
|
router.patch "profile", to: "permissions/profile#update"
|
|
6
|
-
router.post "profile/settings", to: "permissions/profile#settings", as: :permissions_user_profile_settings
|
|
7
11
|
end
|
|
8
12
|
end
|
|
9
13
|
end
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
module Releaf::Permissions
|
|
2
|
+
class SettingsManager
|
|
3
|
+
def self.configure_component
|
|
4
|
+
Releaf.application.config.settings_manager = self
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def self.read(controller:, key:)
|
|
8
|
+
controller.user.settings[key] if controller.respond_to? :user
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def self.write(controller:, key:, value:)
|
|
12
|
+
# Sometimes concurrency happens, so lets try until
|
|
13
|
+
# record get updated
|
|
14
|
+
begin
|
|
15
|
+
controller.user.settings[key] = value
|
|
16
|
+
rescue ActiveRecord::RecordNotUnique
|
|
17
|
+
retry
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
module Releaf::Permissions::Users
|
|
2
|
+
extend Releaf::Component
|
|
3
|
+
|
|
4
|
+
def self.configure_component
|
|
5
|
+
Releaf.application.config.permissions.devise_for = 'releaf/permissions/user'
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def self.draw_component_routes(router)
|
|
9
|
+
resource_route(router, :permissions, :users)
|
|
10
|
+
end
|
|
11
|
+
end
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
require "rails_helper"
|
|
2
|
+
|
|
3
|
+
describe Releaf::Permissions::Page::HeaderBuilder, type: :class do
|
|
4
|
+
class PageHeaderBuilderTestHelper < ActionView::Base
|
|
5
|
+
include Rails.application.routes.url_helpers
|
|
6
|
+
include FontAwesome::Rails::IconHelper
|
|
7
|
+
|
|
8
|
+
def protect_against_forgery?
|
|
9
|
+
true
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def form_authenticity_token
|
|
13
|
+
"xxx"
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def request_forgery_protection_token
|
|
17
|
+
"yyy"
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
subject { described_class.new(template) }
|
|
22
|
+
let(:template){ PageHeaderBuilderTestHelper.new }
|
|
23
|
+
|
|
24
|
+
describe "#items" do
|
|
25
|
+
it "returns array of home link, profile block and logout form content" do
|
|
26
|
+
allow(subject).to receive(:home_link).and_return("a")
|
|
27
|
+
allow(subject).to receive(:profile_block).and_return("b")
|
|
28
|
+
allow(subject).to receive(:sign_out_form).and_return("c")
|
|
29
|
+
expect(subject.items).to eq(["a", "b", "c"])
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
describe "#profile_path" do
|
|
34
|
+
it "returns profile edit url for defined profile controller" do
|
|
35
|
+
expect(subject.profile_path).to eq("/admin/profile")
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
describe "#profile_block" do
|
|
40
|
+
it "returns profile block with content" do
|
|
41
|
+
allow(subject).to receive(:profile_user_name).and_return("neim")
|
|
42
|
+
allow(subject).to receive(:profile_path).and_return("url_b")
|
|
43
|
+
content = '<a class="button profile" href="url_b"><span class="name">neim</span></a>'
|
|
44
|
+
expect(subject.profile_block).to eq(content)
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
describe "#user" do
|
|
49
|
+
it "returns permissions manager user" do
|
|
50
|
+
controller = Releaf::RootController.new
|
|
51
|
+
allow(subject).to receive(:controller).and_return(controller)
|
|
52
|
+
allow(controller).to receive(:user).and_return("x")
|
|
53
|
+
expect(subject.user).to eq("x")
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
describe "#profile_user_name" do
|
|
58
|
+
it "returns title for user instance" do
|
|
59
|
+
user = Releaf::Permissions::User.new(name: "a", surname: "b")
|
|
60
|
+
allow(subject).to receive(:user).and_return(user)
|
|
61
|
+
allow(subject).to receive(:resource_title).with(user).and_return("x t")
|
|
62
|
+
expect(subject.profile_user_name).to eq("x t")
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
|
|
66
|
+
describe "#sign_out_path" do
|
|
67
|
+
it "returns sign out url" do
|
|
68
|
+
expect(subject.sign_out_path).to eq("/admin/sign_out")
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
describe "#sign_out_form" do
|
|
73
|
+
it "returns sign out form" do
|
|
74
|
+
allow(subject).to receive(:sign_out_path).and_return("url_a")
|
|
75
|
+
content = %Q[
|
|
76
|
+
<form class="sign-out" action="url_a" accept-charset="UTF-8" method="post">
|
|
77
|
+
<input name="utf8" type="hidden" value="✓" />
|
|
78
|
+
<input type="hidden" name="_method" value="delete" />
|
|
79
|
+
<input type="hidden" name="yyy" value="xxx" />
|
|
80
|
+
<button class="button only-icon" type="submit" title="Sign out">
|
|
81
|
+
<i class="fa fa-power-off fa-icon-header"></i>
|
|
82
|
+
</button>
|
|
83
|
+
</form>]
|
|
84
|
+
expect(subject.sign_out_form).to match_html( content )
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
@@ -0,0 +1,64 @@
|
|
|
1
|
+
require "rails_helper"
|
|
2
|
+
|
|
3
|
+
describe Releaf::Permissions::Page::LayoutBuilder, type: :class do
|
|
4
|
+
class PermissionsLayoutBuilderView < ActionView::Base; end
|
|
5
|
+
let(:controller){ Releaf::RootController.new }
|
|
6
|
+
let(:template){ PermissionsLayoutBuilderView.new }
|
|
7
|
+
subject { described_class.new(template) }
|
|
8
|
+
|
|
9
|
+
before do
|
|
10
|
+
allow(subject).to receive(:controller).and_return(controller)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
it "inherits Releaf::Builders::Page::LayoutBuilder" do
|
|
14
|
+
expect(described_class.superclass).to eq(Releaf::Builders::Page::LayoutBuilder)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
describe "#header_builder" do
|
|
18
|
+
it "returns `Releaf::Permissions::Page::HeaderBuilder` class" do
|
|
19
|
+
expect(subject.header_builder).to eq(Releaf::Permissions::Page::HeaderBuilder)
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
describe "#menu_builder" do
|
|
24
|
+
it "returns `Releaf::Permissions::Page::MenuBuilder` class" do
|
|
25
|
+
expect(subject.menu_builder).to eq(Releaf::Permissions::Page::MenuBuilder)
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
describe "#body_content" do
|
|
30
|
+
before do
|
|
31
|
+
allow(subject).to receive(:header).and_return("_header")
|
|
32
|
+
allow(subject).to receive(:menu).and_return("_menu")
|
|
33
|
+
allow(subject).to receive(:notifications).and_return("_notifications")
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
context "when controller responds to `authorized?` and `authorized?` call return true" do
|
|
37
|
+
it "returns `super` content" do
|
|
38
|
+
allow(controller).to receive(:authorized?).and_return(true)
|
|
39
|
+
expect(subject.body_content{ "x" }).to eq("_header_menu<main id=\"main\">x</main>_notifications")
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
context "when controller responds to `authorized?` and `authorized?` call return false" do
|
|
44
|
+
it "returns given block content" do
|
|
45
|
+
allow(controller).to receive(:authorized?).and_return(false)
|
|
46
|
+
expect(subject.body_content{ "x" }).to eq("x")
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
context "when controller does not responds to `authorized?`" do
|
|
51
|
+
it "returns given block content" do
|
|
52
|
+
allow(controller).to receive(:respond_to?).with(:authorized?).and_return(false)
|
|
53
|
+
expect(subject.body_content{ "x" }).to eq("x")
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
#def body_content(&block)
|
|
58
|
+
#if controller.respond_to?(:authorized?) && controller.authorized?
|
|
59
|
+
#super
|
|
60
|
+
#else
|
|
61
|
+
#yield
|
|
62
|
+
#end
|
|
63
|
+
#end
|
|
64
|
+
end
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
require "rails_helper"
|
|
2
|
+
|
|
3
|
+
describe Releaf::Permissions::Page::MenuBuilder, type: :class do
|
|
4
|
+
class MenuBuilderTestHelper < ActionView::Base
|
|
5
|
+
include FontAwesome::Rails::IconHelper
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
let(:controller){ Releaf::ActionController.new }
|
|
9
|
+
let(:template){ MenuBuilderTestHelper.new }
|
|
10
|
+
let(:group_item){ Releaf::ControllerGroupDefinition.new(name: "x", items: []) }
|
|
11
|
+
let(:controller_item){ Releaf::ControllerDefinition.new(name: "y", controller: "_controller_") }
|
|
12
|
+
subject { described_class.new(template) }
|
|
13
|
+
|
|
14
|
+
before do
|
|
15
|
+
allow(template).to receive(:controller).and_return(controller)
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
it "inherits `Releaf::Builders::Page::MenuBuilder`" do
|
|
19
|
+
expect(described_class.ancestors).to include(Releaf::Builders::Page::MenuBuilder)
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
describe "#menu_item" do
|
|
23
|
+
before do
|
|
24
|
+
allow(subject).to receive(:item_attributes).and_return({})
|
|
25
|
+
allow(subject).to receive(:menu_item_group).and_return("_content_")
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
context "when item is permitted" do
|
|
29
|
+
it "returns parent method content" do
|
|
30
|
+
allow(subject).to receive(:menu_item_permitted?).with(group_item).and_return(true)
|
|
31
|
+
expect(subject.menu_item(group_item)).to eq("<li>_content_</li>")
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
context "when item is not permitted" do
|
|
36
|
+
it "returns nil" do
|
|
37
|
+
allow(subject).to receive(:menu_item_permitted?).with(group_item).and_return(false)
|
|
38
|
+
expect(subject.menu_item(group_item)).to be nil
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
describe "#menu_item_permitted?" do
|
|
44
|
+
context "when item is instance of `Releaf::ControllerGroupDefinition`" do
|
|
45
|
+
before do
|
|
46
|
+
allow(group_item).to receive(:controllers).and_return([
|
|
47
|
+
Releaf::ControllerDefinition.new(name: "a1", controller: "c1"),
|
|
48
|
+
Releaf::ControllerDefinition.new(name: "a2", controller: "c2"),
|
|
49
|
+
Releaf::ControllerDefinition.new(name: "a3", controller: "c3"),
|
|
50
|
+
])
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
context "when any of group item controller is allowed" do
|
|
54
|
+
it "returns true" do
|
|
55
|
+
allow(subject).to receive(:controller_permitted?).with("c1").and_return(false)
|
|
56
|
+
allow(subject).to receive(:controller_permitted?).with("c2").and_return(true)
|
|
57
|
+
expect(subject).to_not receive(:controller_permitted?).with("c3")
|
|
58
|
+
expect(subject.menu_item_permitted?(group_item)).to be true
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
context "when none of group item controller is allowed" do
|
|
63
|
+
it "returns false" do
|
|
64
|
+
allow(subject).to receive(:controller_permitted?).with("c1").and_return(false)
|
|
65
|
+
allow(subject).to receive(:controller_permitted?).with("c2").and_return(false)
|
|
66
|
+
allow(subject).to receive(:controller_permitted?).with("c3").and_return(false)
|
|
67
|
+
expect(subject.menu_item_permitted?(group_item)).to be false
|
|
68
|
+
end
|
|
69
|
+
end
|
|
70
|
+
end
|
|
71
|
+
|
|
72
|
+
context "when item is instance of `Releaf::ControllerDefinition`" do
|
|
73
|
+
context "when item controller is allowed" do
|
|
74
|
+
it "returns true" do
|
|
75
|
+
allow(subject).to receive(:controller_permitted?).with("_controller_").and_return(true)
|
|
76
|
+
expect(subject.menu_item_permitted?(controller_item)).to be true
|
|
77
|
+
end
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
context "when item controller is not allowed" do
|
|
81
|
+
it "returns false" do
|
|
82
|
+
allow(subject).to receive(:controller_permitted?).with("_controller_").and_return(false)
|
|
83
|
+
expect(subject.menu_item_permitted?(controller_item)).to be false
|
|
84
|
+
end
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
describe "#controller_permitted?" do
|
|
90
|
+
it "returns access controller controller permission query result for given controller name" do
|
|
91
|
+
user = Releaf::Permissions::User.new
|
|
92
|
+
allow(controller).to receive(:user).and_return("x")
|
|
93
|
+
access_control = Releaf::Permissions::AccessControl.new(user: user)
|
|
94
|
+
allow(Releaf.application.config.permissions.access_control).to receive(:new).with(user: "x").and_return(access_control)
|
|
95
|
+
allow(access_control).to receive(:controller_permitted?).with("kjasdasd").and_return("_true")
|
|
96
|
+
|
|
97
|
+
expect(subject.controller_permitted?("kjasdasd")).to eq("_true")
|
|
98
|
+
end
|
|
99
|
+
end
|
|
100
|
+
end
|