releaf-permissions 0.2.1 → 1.0.3

data/spec/builders/releaf/permissions/roles/form_builder_spec.rb

@@ -0,0 +1,56 @@
+require 'rails_helper'
+
+describe Releaf::Permissions::Roles::FormBuilder, type: :class do
+  class FormBuilderTestHelper < ActionView::Base; end
+  let(:template){ FormBuilderTestHelper.new }
+  let(:object){ Releaf::Permissions::Role.new }
+  let(:subject){ described_class.new(:resource, object, template, {}) }
+
+  before do
+    allow(Releaf.application.config).to receive(:available_controllers)
+      .and_return(["releaf/content/nodes", "admin/chapters"])
+
+    definition_1 = Releaf::ControllerDefinition.new("xx")
+    allow(definition_1).to receive(:localized_name).and_return("controller 1")
+    allow(definition_1).to receive(:controller_name).and_return("admin/controller_1")
+
+    definition_2 = Releaf::ControllerDefinition.new("xx")
+    allow(definition_2).to receive(:localized_name).and_return("controller 2")
+    allow(definition_2).to receive(:controller_name).and_return("admin/controller_2")
+
+    allow(Releaf::ControllerDefinition).to receive(:for).with("releaf/content/nodes").and_return(definition_1)
+    allow(Releaf::ControllerDefinition).to receive(:for).with("admin/chapters").and_return(definition_2)
+  end
+
+  describe "#render_default_controller" do
+    it "pass localized controller options to releaf item field" do
+      translated_controllers = {
+        "controller 1" => "admin/controller_1",
+        "controller 2" => "admin/controller_2"
+      }
+
+      allow(subject).to receive(:releaf_item_field)
+        .with(:default_controller, options: {select_options: translated_controllers})
+        .and_return("x")
+      expect(subject.render_default_controller).to eq("x")
+    end
+  end
+
+  describe "#render_permissions" do
+    it "returns associated set field" do
+      options = {association: {items: "x", field: :permission}}
+      allow(subject).to receive(:permission_items).and_return("x")
+      allow(subject).to receive(:releaf_associated_set_field).with(:permissions, options: options).and_return("y")
+      expect(subject.render_permissions).to eq("y")
+    end
+  end
+
+  describe "#permission_items" do
+    it "returns scoped and translated controller values" do
+      expect(subject.permission_items).to eq(
+        "controller.admin/controller_1" => "controller 1",
+        "controller.admin/controller_2" => "controller 2"
+      )
+    end
+  end
+end

data/spec/builders/releaf/permissions/roles/table_builder_spec.rb

@@ -0,0 +1,41 @@
+require "rails_helper"
+
+describe Releaf::Permissions::Roles::TableBuilder, type: :class do
+  class TableBuilderTestHelper < ActionView::Base; end
+  let(:template){ TableBuilderTestHelper.new }
+  let(:resource_class){ Releaf::Permissions::Role }
+  let(:subject){ described_class.new([], resource_class, template, {}) }
+
+  describe "#column_names" do
+    it "returns name and default_controller as column names array" do
+      expect(subject.column_names).to eq([:name, :default_controller])
+    end
+  end
+
+  describe "#default_controller_content" do
+    context "when given resource default controller definition exists" do
+      it "returns localized controller name from definitioned followed by application name" do
+        definition = Releaf::ControllerDefinition.new("xx")
+        allow(definition).to receive(:localized_name).and_return("x")
+        allow(Releaf::ControllerDefinition).to receive(:for).with("contr").and_return(definition)
+        expect(subject.default_controller_content(resource_class.new(default_controller: "contr"))).to eq("x")
+      end
+    end
+
+    context "when given resource default controller definition does not exist" do
+      it "returns dash" do
+        definition = Releaf::ControllerDefinition.new("xx")
+        allow(definition).to receive(:localized_name).and_return("x")
+        allow(Releaf::ControllerDefinition).to receive(:for).with("contr").and_return(nil)
+        expect(subject.default_controller_content(resource_class.new(default_controller: "contr"))).to eq("-")
+      end
+    end
+
+    context "when default controller is not defined for given resource" do
+      it "returns dash" do
+        expect(Releaf::ControllerDefinition).to_not receive(:for)
+        expect(subject.default_controller_content(resource_class.new)).to eq("-")
+      end
+    end
+  end
+end

data/spec/controllers/permissions/profile_controller_spec.rb

@@ -36,31 +36,4 @@ describe Releaf::Permissions::ProfileController do
       end
     end
   end
-
-  describe "PUT settings", db_strategy: :truncation do
-    context 'when params[:settings] is not Hash' do
-      it "has a 422 status code" do
-        put :settings
-        expect(response.status).to eq(422)
-      end
-    end
-
-    context 'when params[:settings] is Hash' do
-      it "has a 200 status code" do
-        put :settings, {settings: {dummy: 'maybe'}}
-        expect(response.status).to eq(200)
-      end
-
-      it "saves given data within current user settings" do
-        put :settings, {settings: {dummy: 'maybe'}}
-        expect(user.settings.dummy).to eq('maybe')
-      end
-
-      it "casts bolean values from strings to booleans" do
-        put :settings, {settings: {be_true: 'true', be_false: 'false'}}
-        expect(user.settings.be_true).to be true
-        expect(user.settings.be_false).to be false
-      end
-    end
-  end
 end

data/spec/controllers/permissions/users_controller_spec.rb

@@ -1,6 +1,6 @@
 require 'rails_helper'
 
-# use Admin::BooksController as it inherit Releaf::BaseController and
+# use Admin::BooksController as it inherit Releaf::ActionController and
 # have no extra methods or overrides
 describe Releaf::Permissions::UsersController do
   before do

data/spec/features/roles_spec.rb

@@ -19,7 +19,7 @@ feature "Roles management", js: true do
     visit releaf_permissions_roles_path
     create_resource do
       fill_in("Name", with: "second role")
-      select('Releaf/content/nodes', from: 'Default controller')
+      select('Admin/nodes', from: 'Default controller')
     end
     visit releaf_permissions_roles_path
     expect(page).to have_content "second role"
@@ -55,9 +55,9 @@ feature "Roles management", js: true do
 
     Releaf.application.config.available_controllers.each do |controller|
       if controller == "admin/books"
-        expect(page).to have_unchecked_field(I18n.t(controller, scope: 'admin.controllers'))
+        expect(page).to have_unchecked_field(I18n.t(controller))
       else
-        expect(page).to have_checked_field(I18n.t(controller, scope: 'admin.controllers'))
+        expect(page).to have_checked_field(I18n.t(controller))
       end
     end
   end

data/spec/features/users_spec.rb

@@ -57,7 +57,7 @@ feature "Users", js: true do
 
     scenario "user page content" do
       expect(page).to have_css('body > header form.sign-out button')
-      expect(page).to have_content 'Releaf/content'
+      expect(page).to have_content 'Admin/nodes'
       expect(page).to have_content 'Permissions'
       expect(page).to have_content 'Releaf/i18n database/translations'
       # admin/users index view
@@ -87,7 +87,7 @@ feature "Users", js: true do
 
     scenario "user page content" do
       expect(page).to have_css('body > header form.sign-out button')
-      expect(page).to have_content 'Releaf/content'
+      expect(page).to have_content 'Admin/nodes'
     end
 
     scenario "translations module access denied" do

data/spec/lib/access_control_spec.rb

@@ -1,81 +1,66 @@
 require "rails_helper"
 
 describe Releaf::Permissions::AccessControl do
-  class AcessControllDummyController < ActionController::Base; end
-
-  let(:controller){ AcessControllDummyController.new }
   let(:role){ Releaf::Permissions::Role.new }
   let(:user){ Releaf::Permissions::User.new(role: role) }
-  subject{ described_class.new(controller: controller) }
-
-  before do
-    allow(controller).to receive(:current_releaf_permissions_user).and_return(user)
-  end
+  subject{ described_class.new(user: user) }
 
-  describe "#controller_permitted" do
-    before do
-      allow(subject).to receive(:permitted_controllers).and_return(["a", "b"])
-      allow(role).to receive(:controller_permitted?).with("c").and_return(true)
-      allow(role).to receive(:controller_permitted?).with("d").and_return(false)
-    end
 
-    context "when permitted controllers contains given controller" do
+  describe "#controller_permitted?" do
+    context "when allowed controllers contains given controller" do
       it "returns true" do
+        allow(subject).to receive(:allowed_controllers).and_return(["a", "b"])
         expect(subject.controller_permitted?("a")).to be true
       end
     end
 
-    context "when user role permit given controller" do
-      it "returns true" do
-        expect(subject.controller_permitted?("c")).to be true
-      end
-    end
-
-    context "when neither permitted controllers contains given controller or user role permit given controller" do
-      it "returns true" do
-        expect(subject.controller_permitted?("d")).to be false
+    context "when allowed controllers does not contain given controller" do
+      it "returns false" do
+        allow(subject).to receive(:allowed_controllers).and_return(["c", "b"])
+        expect(subject.controller_permitted?("a")).to be false
       end
     end
   end
 
-  describe "#current_controller_name" do
-    it "returns normalized access controller assign controller name" do
-      expect(subject.current_controller_name).to eq("acess_controll_dummy")
+  describe "#allowed_controllers" do
+    it "returns array with permanent allowed controllers and role allowed controllers" do
+      allow(subject).to receive(:permanent_allowed_controllers).and_return(["a", "b"])
+      allow(subject).to receive(:role_allowed_controllers).and_return(["c", "d"])
+      expect(subject.allowed_controllers).to eq(%w(a b c d))
     end
   end
 
-  describe "#user" do
-    it "returns current controller devise user instance" do
-      expect(subject.user).to eq(user)
+  describe "#permanent_allowed_controllers" do
+    it "returns array with permanent allowed controllers" do
+      allow(Releaf.application.config.permissions).to receive(:permanent_allowed_controllers).and_return("x")
+      expect(subject.permanent_allowed_controllers).to eq("x")
     end
   end
 
-  describe "#permitted_controllers" do
-    it "returns array with `releaf/permissions/home` and `releaf/core/errors` as permanently permitted controllers" do
-      expect(subject.permitted_controllers).to match_array(['releaf/permissions/home', 'releaf/core/errors'])
-    end
-  end
+  describe "#role_allowed_controllers" do
+    it "returns array of roles allowed controllers" do
+      role.permissions.build(permission: "controller.a")
+      role.permissions.build(permission: "controller.x")
+      role.permissions.build(permission: "export.some_data")
+      allow(subject).to receive(:controller_name_from_permission).with("controller.a").and_return(nil)
+      allow(subject).to receive(:controller_name_from_permission).with("controller.x").and_return("asd")
+      allow(subject).to receive(:controller_name_from_permission).with("export.some_data").and_return("fd")
 
-  describe "#authorized?" do
-    it "returns whether devise has signed in current user" do
-      expect(controller).to receive(:releaf_permissions_user_signed_in?).and_return(true)
-      expect(subject.authorized?).to be true
-      expect(controller).to receive(:releaf_permissions_user_signed_in?).and_return(false)
-      expect(subject.authorized?).to be false
+      expect(subject.role_allowed_controllers).to match_array(["asd", "fd"])
     end
   end
 
-  describe "#authenticate!" do
-    it "returns whether devise has signed in current user" do
-      expect(controller).to receive(:authenticate_releaf_permissions_user!)
-      subject.authenticate!
+  describe "#controller_name_from_permission" do
+    context "when given permission contains `controller`" do
+      it "returns name" do
+        expect(subject.controller_name_from_permission("controller.a")).to eq("a")
+      end
     end
-  end
 
-  describe "#devise_model_name" do
-    it "returns normalized Releaf devise model name" do
-      allow(Releaf.application.config).to receive(:devise_for).and_return("asdasd/asdasd")
-      expect(subject.devise_model_name).to eq("asdasd_asdasd")
+    context "when given permission does not contain `controller`" do
+      it "returns nil" do
+        expect(subject.controller_name_from_permission("aasd.a")).to be nil
+      end
     end
   end
 end

data/spec/lib/releaf/permissions/configuration_spec.rb

@@ -0,0 +1,38 @@
+require "rails_helper"
+
+describe Releaf::Permissions::Configuration do
+  subject{ described_class.new(devise_for: "asd", access_control: "X", permanent_allowed_controllers: [1, 2]) }
+
+  it do
+    is_expected.to have_attributes(devise_for: "asd")
+    is_expected.to have_attributes(access_control: "X")
+    is_expected.to have_attributes(permanent_allowed_controllers: [1, 2])
+  end
+
+  describe "#devise_model_name" do
+    it "returns devise model name with slashes replaced by underscores" do
+      subject.devise_for = "releaf/permissions/user"
+      expect(subject.devise_model_name).to eq("releaf_permissions_user")
+    end
+  end
+
+  describe "#devise_model_class" do
+    it "returns devise model class" do
+      subject.devise_for = "releaf/permissions/role"
+      expect(subject.devise_model_class).to eq(Releaf::Permissions::Role)
+    end
+  end
+
+  describe ".configure_component" do
+    it "adds `Releaf::Permissions::Configuration` configuration with devise, access_control and permanent allowed controllers configured" do
+      allow(Releaf::Permissions::Configuration).to receive(:new)
+        .with(
+          devise_for: "releaf/permissions/user",
+          access_control: Releaf::Permissions::AccessControl,
+          permanent_allowed_controllers: ['releaf/root', 'releaf/errors']
+      ).and_return("_new")
+      expect(Releaf.application.config).to receive(:add_configuration).with("_new")
+      described_class.configure_component
+    end
+  end
+end

data/spec/lib/releaf/permissions/controller_support_spec.rb

@@ -0,0 +1,76 @@
+require "rails_helper"
+
+describe Releaf::Permissions::ControllerSupport do
+  let(:user){ Releaf::Permissions::User.new(locale: "de") }
+
+  class AcessControllDummyController < Releaf::ActionController
+    include Releaf::Permissions::ControllerSupport
+  end
+
+  subject{ AcessControllDummyController.new }
+
+  before do
+    allow(subject).to receive(:current_releaf_permissions_user).and_return(user)
+  end
+
+  describe "before filters" do
+    it "prepends `:authenticate!, :verify_controller_access!, :set_locale` before filters" do
+      all_before_actions = subject._process_action_callbacks.select{|f| f.kind == :before}.map{|f| f.filter }
+      expect(all_before_actions).to start_with(:authenticate!, :verify_controller_access!, :set_locale)
+    end
+  end
+
+  describe "#set_locale" do
+    it "assigns user locale to I18n locale" do
+      expect(I18n).to receive(:locale=).with("de")
+      subject.set_locale
+    end
+  end
+
+  describe "#verify_controller_access!" do
+    let(:access_control){ Releaf::Permissions::AccessControl.new(user: user) }
+
+    before do
+      allow(subject).to receive(:short_name).and_return("some_controller")
+      allow(Releaf.application.config.permissions.access_control).to receive(:new)
+        .with(user: user).and_return(access_control)
+    end
+
+    context "when controller is not permitted" do
+      it "raises `Releaf::AccessDenied exception`" do
+        allow(access_control).to receive(:controller_permitted?).with("some_controller").and_return(false)
+        expect{ subject.verify_controller_access! }.to raise_error(Releaf::AccessDenied)
+      end
+    end
+
+    context "when controller is permitted" do
+      it "does not raise `Releaf::AccessDenied exception`" do
+        allow(access_control).to receive(:controller_permitted?).with("some_controller").and_return(true)
+        expect{ subject.verify_controller_access! }.to_not raise_error
+      end
+    end
+  end
+
+  describe "#user" do
+    it "returns current controller devise user instance" do
+      expect(subject.user).to eq(user)
+    end
+  end
+
+  describe "#authorized?" do
+    it "returns whether devise has signed in current user" do
+      allow(subject).to receive(:releaf_permissions_user_signed_in?).and_return(true)
+      expect(subject.authorized?).to be true
+
+      allow(subject).to receive(:releaf_permissions_user_signed_in?).and_return(false)
+      expect(subject.authorized?).to be false
+    end
+  end
+
+  describe "#authenticate!" do
+    it "returns whether devise has signed in current user" do
+      expect(subject).to receive(:authenticate_releaf_permissions_user!)
+      subject.authenticate!
+    end
+  end
+end

data/spec/lib/releaf/permissions/default_controller_resolver_spec.rb

@@ -0,0 +1,49 @@
+require "rails_helper"
+
+describe Releaf::Permissions::DefaultControllerResolver do
+  subject{ described_class.new(current_controller: Releaf::RootController.new) }
+
+  it "inherit `Releaf::Root::DefaultControllerResolver`" do
+    expect(described_class.ancestors.include?(Releaf::Root::DefaultControllerResolver)).to be true
+  end
+
+  describe ".configure_component" do
+    it "adds itself as default controller resolver" do
+      expect(Releaf.application.config.root).to receive(:default_controller_resolver=).with(described_class)
+      described_class.configure_component
+    end
+  end
+
+  describe "#controllers" do
+    it "returns user available controllers with role default controller as first" do
+      role = Releaf::Permissions::Role.new(default_controller: "a")
+      user = Releaf::Permissions::User.new(role: role)
+      allow(Releaf.application.config).to receive(:available_controllers).and_return(["a", "b", "c"])
+      allow(subject).to receive(:user).and_return(user)
+
+      allow(subject).to receive(:allowed_controllers).and_return(["a", "c", "d"])
+      expect(subject.controllers).to eq(["a", "c"])
+
+      allow(subject).to receive(:allowed_controllers).and_return(["c", "d"])
+      expect(subject.controllers).to eq(["c"])
+    end
+  end
+
+  describe "#allowed_controllers" do
+    it "returns allowed controllers from access contro for given user" do
+      allow(subject).to receive(:user).and_return("_user")
+      access_control = Releaf::Permissions::AccessControl.new(user: Releaf::Permissions::User.new)
+      allow(access_control).to receive(:allowed_controllers).and_return(["a", "d"])
+      allow(Releaf.application.config.permissions.access_control).to receive(:new).with(user: "_user").and_return(access_control)
+
+      expect(subject.allowed_controllers).to eq(["a", "d"])
+    end
+  end
+
+  describe "#user" do
+    it "returns controller user" do
+      allow(subject.current_controller).to receive(:user).and_return("_user")
+      expect(subject.user).to eq("_user")
+    end
+  end
+end