rend-acl 0.0.3 → 0.0.4

data/Changelog.md

@@ -0,0 +1,27 @@
+# Change Log
+
+### Version 0.0.4 - June 11th, 2013
+
+* Assertions
+    * Implemented ported test coverage for this feature.
+    * Implemented "Assertion" feature that exists in the original Zend_Acl library.
+
+* Added a generic `acl.add!()` method which enables many intuitive ways to add Roles and Resources to the ACL.
+    * See [Documentation In Code](https://github.com/veloper/rend-acl/blob/master/lib/rend/acl.rb#L51-L76) for usage examples.
+
+* Added ability to me a bit more explicit with the following methods...
+    * `.allow!()`
+    * `.remove_allow!()`
+    * `.deny!()`
+    * `.remove_deny!()`
+    * `.allowed?()`
+
+    ... using hash with the options of ...
+
+    * `:role`
+    * `:resource`
+    * `:prilvilege`
+    * `:assertion` -- _Not utilized in `.allowed?()` method._
+
+### Version <= 0.0.3
+* Initial Port

data/lib/rend/acl.rb

@@ -4,6 +4,7 @@ require 'rend/acl/version'
 require 'rend/acl/exception'
 require 'rend/acl/role'
 require 'rend/acl/resource'
+require 'rend/acl/assertion'
 
 module Rend
   class Acl
@@ -36,7 +37,8 @@ module Rend
         :all_resources => {
           :all_roles => {
             :all_privileges => {
-              :type => TYPE_DENY
+              :type       => TYPE_DENY,
+              :assertion  => nil
             },
             :by_privilege_id => {}
           },
@@ -46,6 +48,62 @@ module Rend
       }
     end
 
+    # Adds Roles & Resources in various ways.
+    #
+    # - Roles
+    #   - Arguments
+    #     .add! Rend::Acl::Role.new("editor")                                             # Single Role
+    #     .add! Rend::Acl::Role.new("editor"), 'guest'                                    # Single Role w/ Single Inheritance
+    #     .add! Rend::Acl::Role.new("editor"), ['guest', 'contributor']                   # Single Role w/ Multiple Inheritance
+    #   - Hash
+    #     .add! :role => 'editor'                                                         # Single Role
+    #     .add! :role => {'editor' => 'guest'}                                            # Single Role w/ Single Inheritance
+    #     .add! :role => {'editor' => ['guest', 'contributor']}                           # Single Role w/ Multiple Inheritance
+    #     .add! :role => ['guest', 'editor']                                              # Multiple Roles
+    #     .add! :role => ['guest', 'contributor', {'editor' => 'guest'}]                  # Multiple Roles w/ Single Inheritance
+    #     .add! :role => ['guest', 'contributor', {'editor' => ['guest', 'contributor']}] # Multiple Roles w/ Multiple Inheritance
+    # - Resources
+    #   - Arguments
+    #     .add! Rend::Acl::Resource.new("city")                                           # Single Resource
+    #     .add! Rend::Acl::Resource.new("building"), 'city'                               # Single Resource w/ Inheritance
+    #   - Hash
+    #     .add! :resource => 'city'                                                       # Single Resource
+    #     .add! :resource => {'building' => 'city'}                                       # Single Resource w/ Inheritance
+    #     .add! :resource => ['city', 'building']                                         # Multiple Resources
+    #     .add! :resource => ['city', 'building', {'building' => 'city'}]                 # Multiple Resources w/ Inheritance
+    # - Combined Roles & Resources
+    #     .add! :role => ['guest', {'editor' => 'guest'}], :resource => ['city', {'building' => 'city'}]
+    #
+    def add!(*args)
+      raise ArgumentError, "wrong number of arguments(0 for 1..2)" if args.empty?
+      method_args = {:role => [], :resource => []}
+      case args[0]
+      when Rend::Acl::Role      then method_args[:role]     << args
+      when Rend::Acl::Resource  then method_args[:resource] << args
+      when Hash
+        args[0].each do |key, value|
+          if [:role, :resource].include?(key.to_sym)
+            case value
+            when String then method_args[key] << value
+            when Hash   then method_args[key] << value.flatten
+            when Array  then value.each {|x| method_args[key] << (x.is_a?(Hash) ? x.flatten : x) }
+            else
+              raise Rend::Acl::Exception, "Invalid value (#{value.inspect}) for key (#{key.to_s}) in options hash."
+            end
+          else
+            raise Rend::Acl::Exception, "Invalid key (#{key.to_s}) in options hash."
+          end
+        end
+      else
+        raise Rend::Acl::Exception, "First argument is not an instance of Rend::Acl::Role, Rend::Acl::Resource, or Hash."
+      end
+      method_args.each do |type, arguments|
+        method = "add_#{type.to_s}!".to_sym
+        arguments.each {|args| send(method, *args)}
+      end
+      self
+    end
+
     # Adds a Role having an identifier unique to the registry
     #
     # The parents parameter may be a reference to, or the string identifier for,
@@ -61,7 +119,7 @@ module Rend
     #
     # @param  Rend::Acl::Role|string       role
     # @param  Rend::Acl::Role|string|array parents
-    # @uses   Rend::Acl::Role::Registry::add?()
+    # @uses   Rend::Acl::Role::Registry::add!()
     # @return Rend::Acl Provides a fluent interface
     def add_role!(role, parents = nil)
       role = Rend::Acl::Role.new(role) if role.is_a?(String)
@@ -88,7 +146,7 @@ module Rend
     # @param  Rend::Acl::Role|string role
     # @uses   Rend::Acl::Role::Registry::has?()
     # @return boolean
-    def has_role?(role)
+    def role?(role)
       role_registry.has?(role)
     end
 
@@ -175,7 +233,7 @@ module Rend
 
       resource_id = resource.id
 
-      raise Rend::Acl::Exception, "Resource id 'resource_id' already exists in the ACL" if has_resource?(resource_id)
+      raise Rend::Acl::Exception, "Resource id 'resource_id' already exists in the ACL" if resource?(resource_id)
 
       resource_parent = nil
 
@@ -203,7 +261,7 @@ module Rend
 
     def resource!(resource)
       resource_id = (resource.class <= Rend::Acl::Resource) ? resource.id : resource.to_s
-      raise Rend::Acl::Exception, "Resource 'resource_id' not found" unless has_resource?(resource)
+      raise Rend::Acl::Exception, "Resource 'resource_id' not found" unless resource?(resource)
       @_resources[resource_id][:instance]
     end
 
@@ -213,7 +271,7 @@ module Rend
     #
     # @param  Rend::Acl::Resource|string resource
     # @return boolean
-    def has_resource?(resource)
+    def resource?(resource)
       resource_id = (resource.class <= Rend::Acl::Resource) ? resource.id : resource.to_s
       @_resources.keys.include?(resource_id)
     end
@@ -228,7 +286,7 @@ module Rend
     #
     # @param  Rend::Acl::Resource|string resource
     # @param  Rend::Acl::Resource|string inherit
-    # @param  boolean                    onlyParent
+    # @param  boolean                    only_parent
     # @throws Rend_Acl_Resource_Registry_Exception
     # @return boolean
     def inherits_resource?(resource, inherit, only_parent = false)
@@ -302,22 +360,50 @@ module Rend
     #
     # @param  Rend::Acl::Role|string|array     roles
     # @param  Rend::Acl::Resource|string|array resources
-    # @param  string|array                        privileges
+    # @param  string|array                     privileges
+    # @param  Rend::Acl::Assertion             assertion
     # @uses   Rend::Acl::set_rule!()
     # @return Rend::Acl Provides a fluent interface
-    def allow!(roles = nil, resources = nil, privileges = nil)
-      set_rule!(OP_ADD, TYPE_ALLOW, roles, resources, privileges)
+    def allow!(roles = nil, resources = nil, privileges = nil, assertion = nil)
+      if roles.is_a?(Hash)
+        options     = roles
+        roles       = options.fetch(:role,      nil)
+        resources   = options.fetch(:resource,  nil)
+        privileges  = options.fetch(:privilege, nil)
+        assertion   = options.fetch(:assertion, nil)
+      end
+      roles      = nil if roles      == :all
+      resources  = nil if resources  == :all
+      privileges = nil if privileges == :all
+
+      type_hint! Rend::Acl::Assertion, assertion
+
+      set_rule!(OP_ADD, TYPE_ALLOW, roles, resources, privileges, assertion)
     end
 
     # Adds a "deny" rule to the ACL
     #
     # @param  Rend::Acl::Role|string|array     roles
     # @param  Rend::Acl::Resource|string|array resources
-    # @param  string|array                        privileges
+    # @param  string|array                     privileges
+    # @param  Rend::Acl::Assertion             assertion
     # @uses   Rend::Acl::set_rule!()
     # @return Rend::Acl Provides a fluent interface
-    def deny!(roles = nil, resources = nil, privileges = nil)
-      set_rule!(OP_ADD, TYPE_DENY, roles, resources, privileges)
+    def deny!(roles = nil, resources = nil, privileges = nil, assertion = nil)
+      if roles.is_a?(Hash)
+        options     = roles
+        roles       = options.fetch(:role,      nil)
+        resources   = options.fetch(:resource,  nil)
+        privileges  = options.fetch(:privilege, nil)
+        assertion   = options.fetch(:assertion, nil)
+      end
+      roles      = nil if roles      == :all
+      resources  = nil if resources  == :all
+      privileges = nil if privileges == :all
+
+      type_hint! Rend::Acl::Assertion, assertion
+
+      set_rule!(OP_ADD, TYPE_DENY, roles, resources, privileges, assertion)
     end
 
     # Removes "allow" permissions from the ACL
@@ -327,8 +413,19 @@ module Rend
     # @param  string|array                     privileges
     # @uses   Rend::Acl::set_rule!()
     # @return Rend::Acl Provides a fluent interface
-    def remove_allow!(roles = nil, resources = nil, privileges = nil)
-      set_rule!(OP_REMOVE, TYPE_ALLOW, roles, resources, privileges)
+    def remove_allow!(roles = nil, resources = nil, privileges = nil, assertion = nil)
+      if roles.is_a?(Hash)
+        options     = roles
+        roles       = options.fetch(:role,      nil)
+        resources   = options.fetch(:resource,  nil)
+        privileges  = options.fetch(:privilege, nil)
+        assertion   = options.fetch(:assertion, nil)
+      end
+      roles      = nil if roles      == :all
+      resources  = nil if resources  == :all
+      privileges = nil if privileges == :all
+
+      set_rule!(OP_REMOVE, TYPE_ALLOW, roles, resources, privileges, assertion)
     end
 
     # Removes "deny" restrictions from the ACL
@@ -338,8 +435,19 @@ module Rend
     # @param  string|array                     privileges
     # @uses   Rend::Acl::set_rule!()
     # @return Rend::Acl Provides a fluent interface
-    def remove_deny!(roles = nil, resources = nil, privileges = nil)
-      set_rule!(OP_REMOVE, TYPE_DENY, roles, resources, privileges)
+    def remove_deny!(roles = nil, resources = nil, privileges = nil, assertion = nil)
+      if roles.is_a?(Hash)
+        options     = roles
+        roles       = options.fetch(:role,      nil)
+        resources   = options.fetch(:resource,  nil)
+        privileges  = options.fetch(:privilege, nil)
+        assertion   = options.fetch(:assertion, nil)
+      end
+      roles      = nil if roles      == :all
+      resources  = nil if resources  == :all
+      privileges = nil if privileges == :all
+
+      set_rule!(OP_REMOVE, TYPE_DENY, roles, resources, privileges, assertion)
     end
 
     # Performs operations on ACL rules
@@ -372,20 +480,23 @@ module Rend
     # privilege with a string, and multiple privileges may be specified as an array of strings.
     #
     #
-    # @param  string                              operation
-    # @param  string                              type
-    # @param  Rend::Acl::Role|string|array     roles
-    # @param  Rend::Acl::Resource|string|array resources
-    # @param  string|array                        privileges
+    # @param  string                            operation
+    # @param  string                            type
+    # @param  Rend::Acl::Role|string|array      roles
+    # @param  Rend::Acl::Resource|string|array  resources
+    # @param  string|array                      privileges
+    # @param  Rend::Acl::Assert::Interface      assertion
     # @throws Rend::Acl::Exception
     # @uses   Rend::Acl::Role::Registry::get!()
     # @uses   Rend::Acl::get!()
     # @return Rend::Acl Provides a fluent interface
-    def set_rule!(operation, type, roles = nil, resources = nil, privileges = nil)
+    def set_rule!(operation, type, roles = nil, resources = nil, privileges = nil, assertion = nil)
+        type_hint! Rend::Acl::Assertion, assertion
+
         # ensure that the rule type is valid normalize input to uppercase
         type = type.upcase
         if type != TYPE_ALLOW && type != TYPE_DENY
-          raise Zend::Acl::Exception, "Unsupported rule type must be either '#{TYPE_ALLOW}' or '#{TYPE_DENY}'"
+          raise Rend::Acl::Exception, "Unsupported rule type must be either '#{TYPE_ALLOW}' or '#{TYPE_DENY}'"
         end
 
         # ensure that all specified Roles exist normalize input to array of Role objects or nil
@@ -429,11 +540,17 @@ module Rend
               roles.each do |role|
                 rules = _rules(resource, role, true)
                 if privileges.empty?
-                  rules[:all_privileges]  = {:type => type}
+                  rules[:all_privileges] = {
+                    :type       => type,
+                    :assertion  => assertion
+                  }
                   rules[:by_privilege_id] = {} unless rules.has_key?(:by_privilege_id)
                 else
                   privileges.each do |privilege|
-                    rules[:by_privilege_id][privilege] = {:type => type}
+                    rules[:by_privilege_id][privilege] = {
+                      :type       => type,
+                      :assertion  => assertion
+                    }
                   end
                 end
               end
@@ -443,10 +560,16 @@ module Rend
             roles.each do |role|
               rules = _rules(nil, role, true)
               if privileges.empty?
-                rules[:all_privileges] = {:type => type}
+                rules[:all_privileges] = {
+                  :type       => type,
+                  :assertion  => assertion
+                }
               else
                 privileges.each do |privilege|
-                  rules[:by_privilege_id][privilege] = {:type => type}
+                  rules[:by_privilege_id][privilege] = {
+                    :type       => type,
+                    :assertion  => assertion
+                  }
                 end
               end
             end
@@ -463,7 +586,10 @@ module Rend
                   if resource.nil? && role.nil?
                     if rules[:all_privileges][:type] == type
                       rules.replace({
-                        :all_privileges   => { :type => TYPE_DENY },
+                        :all_privileges => {
+                          :type       => TYPE_DENY,
+                          :assertion  => nil
+                        },
                         :by_privilege_id  => {}
                       })
                     end
@@ -495,7 +621,10 @@ module Rend
                   if role.nil?
                     if rules[:all_privileges][:type] == type
                       rules.replace({
-                        :all_privileges   => { :type => TYPE_DENY },
+                        :all_privileges => {
+                          :type       => TYPE_DENY,
+                          :assertion  => nil
+                        },
                         :by_privilege_id  => {}
                       })
                     end
@@ -554,6 +683,19 @@ module Rend
       @_is_allowed_resource   = nil
       @_is_allowed_privilege  = nil
 
+      # Readability
+      if role.is_a?(Hash)
+        options   = role
+        role      = options.fetch(:role,      nil)
+        resource  = options.fetch(:resource,  nil)
+        privilege = options.fetch(:privilege, nil)
+      end
+
+      # Readability
+      role      = nil if role      == :all
+      resource  = nil if resource  == :all
+      privilege = nil if privilege == :all
+
       if role
         # keep track of originally called role
         @_is_allowed_role = role
@@ -789,19 +931,19 @@ module Rend
         rule = rules[:by_privilege_id][privilege]
       end
 
-      # check assertion first
-      assertion_value = nil
-      if rule[:assert]
-          # assertion = rule[:assert]
-          # assertion_value = assertion.assert(
-          #   self,
-          #   (@_isAllowedRole instanceof Zend_Acl_Role_Interface) ? @_isAllowedRole : role,
-          #   (@_isAllowedResource instanceof Zend_Acl_Resource_Interface) ? @_isAllowedResource : resource,
-          #   @_isAllowedPrivilege
-          # )
+      # Check assertion first
+      assertion_passed = nil
+      if rule[:assertion]
+          args = {
+            :acl        => self,
+            :role       => @_is_allowed_role.is_a?(Rend::Acl::Role)         ? @_is_allowed_role     : role,
+            :resource   => @_is_allowed_resource.is_a?(Rend::Acl::Resource) ? @_is_allowed_resource : resource,
+            :privilege  => @_is_allowed_privilege
+          }
+          assertion_passed = rule[:assertion].pass?(args[:acl], args[:role], args[:resource], args[:privilege])
       end
 
-      if rule[:assert].nil? || assertion_value
+      if rule[:assertion].nil? || assertion_passed == true
         rule[:type]
       elsif resource != nil || role != nil || privilege != nil
         nil

data/lib/rend/acl/assertion.rb

@@ -0,0 +1,24 @@
+module Rend
+  class Acl
+    class Assertion
+      # Returns true if and only if the assertion conditions are met
+      #
+      # This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the
+      # $role, $resource, or $privilege parameters are nil, it means that the query applies to all Roles, Resources, or
+      # privileges, respectively.
+      #
+      # @param  Zend_Acl                    $acl
+      # @param  Zend_Acl_Role_Interface     $role
+      # @param  Zend_Acl_Resource_Interface $resource
+      # @param  string                      $privilege
+      # @return boolean
+      def pass?(acl, role = nil, resource = nil, privilege = nil)
+        type_hint! Rend::Acl, acl, :is_required => true
+        type_hint! Rend::Acl::Role, role
+        type_hint! Rend::Acl::Resources, resource
+        type_hint! String, privilege
+      end
+
+    end
+  end
+end

data/lib/rend/acl/mock_assertion.rb

@@ -0,0 +1,28 @@
+# Not a required file -- used for testing
+module Rend
+  class Acl
+    class MockAssertion < Rend::Acl::Assertion
+
+      attr_reader   :last_acl
+      attr_reader   :last_role
+      attr_reader   :last_resource
+      attr_reader   :last_privilege
+
+      attr_accessor :pass
+
+      def initialize(pass = nil, &block)
+        self.pass = block_given? ? block : pass
+      end
+
+      def pass=(value)
+        @pass = value.is_a?(Proc) ? value : lambda {|acl, role, resource, privilege| value}
+      end
+
+      def pass?(acl, role = nil, resource = nil, privilege = nil)
+        @last_acl, @last_role, @last_resource, @last_privilege = acl, role, resource, privilege
+        pass.call(acl, role, resource, privilege)
+      end
+
+    end
+  end
+end

data/lib/rend/acl/version.rb

@@ -1,7 +1,7 @@
 module Rend
   class Acl
     module Version
-      STRING = "0.0.3"
+      STRING = "0.0.4"
     end
   end
 end

data/rend-acl.gemspec

@@ -16,11 +16,12 @@ Gem::Specification.new do |spec|
   spec.files         = `git ls-files`.split($/)
   spec.files        += ["LICENSE.txt", "ZEND_FRAMEWORK_LICENSE.txt"]
   spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features|)/})
   spec.require_paths = ["lib"]
 
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"
+  spec.add_development_dependency "turn"
 
   dependency_gems = ['rend-core']
 

data/test/test_acl.rb

@@ -1,5 +1,9 @@
 require 'test/unit'
 require 'rend/acl'
+require 'rend/acl/mock_assertion'
+require 'yaml'
+begin; require 'turn/autorun'; rescue LoadError; end
+
 
 class AclTest < Test::Unit::TestCase
 
@@ -12,15 +16,129 @@ class AclTest < Test::Unit::TestCase
   end
 
   def test_storing_acl_data_for_persistence_with_yaml
-    require 'yaml'
     assert_use_case_1 YAML.load( YAML.dump(use_case_1) )
   end
 
-  def test_acl_user_case_1
+  def test_use_case_1
     assert_use_case_1(use_case_1)
   end
 
-  # ==== Orignal Zend_Acl Tests Below
+  def test_add_raises_argument_error_with_no_args
+    assert_raises ArgumentError do
+      @acl.add!
+    end
+  end
+
+  def test_add_method_raises_exception_on_unknown_hash_keys
+    assert_raises Rend::Acl::Exception do
+      @acl.add! :roles => []
+    end
+  end
+
+  def test_add_method_raises_exception_on_unknown_object_type
+    assert_raises Rend::Acl::Exception do
+      @acl.add! Rend::Acl
+    end
+  end
+
+  def test_add_method_raises_exception_on_invalid_hash_value_type
+    assert_raises Rend::Acl::Exception do
+      @acl.add! :role => 423423
+    end
+  end
+
+
+  def test_add_method_returns_self
+    result = @acl.add! Rend::Acl::Role.new("editor")
+    assert_same @acl, result
+  end
+
+  def test_add_method_role_via_arguments
+    assert @acl.add!(Rend::Acl::Role.new("editor")).role?("editor")
+  end
+
+  def test_add_method_role_via_hash
+    assert @acl.add!(:role => "editor").role?("editor")
+  end
+
+  def test_add_method_roles_via_hash
+    @acl.add! :role => ['guest', 'contributor', 'editor']
+    assert @acl.role? "guest"
+    assert @acl.role? "contributor"
+    assert @acl.role? "editor"
+  end
+
+  def test_add_method_role_with_single_inheritance_via_arguments
+    @acl.add! Rend::Acl::Role.new("guest")
+    @acl.add! Rend::Acl::Role.new("editor"), "guest"
+    assert @acl.inherits_role? "editor", "guest"
+  end
+
+  def test_add_method_role_with_single_inheritance_via_hash
+    @acl.add! Rend::Acl::Role.new("guest")
+    @acl.add! :role => {"editor" => "guest"}
+    assert @acl.inherits_role? "editor", "guest"
+  end
+
+  def test_add_method_role_with_multiple_inheritance_via_arguments
+    @acl.add! Rend::Acl::Role.new("guest")
+    @acl.add! Rend::Acl::Role.new("contributor")
+    @acl.add! Rend::Acl::Role.new("editor"), ["guest", "contributor"]
+    assert @acl.inherits_role? "editor", "guest"
+    assert @acl.inherits_role? "editor", "contributor"
+  end
+
+  def test_add_method_role_with_multiple_inheritance_via_hash
+    @acl.add! :role => [ "guest", "contributor", {"editor" => ["guest", "contributor"]}]
+    assert @acl.inherits_role? "editor", "guest"
+    assert @acl.inherits_role? "editor", "contributor"
+  end
+
+  def test_add_method_resource_via_arguments
+    assert @acl.add!(Rend::Acl::Resource.new("building")).resource?("building")
+  end
+
+  def test_add_method_resource_via_hash
+    assert @acl.add!(:resource => "building").resource?("building")
+  end
+
+  def test_add_method_resources_via_hash
+    @acl.add! :resource => ['city', 'building', 'room']
+    assert @acl.resource? "city"
+    assert @acl.resource? "building"
+    assert @acl.resource? "room"
+  end
+
+  def test_add_method_resource_with_single_inheritance_via_arguments
+    @acl.add! Rend::Acl::Resource.new("city")
+    @acl.add! Rend::Acl::Resource.new("building"), "city"
+    assert @acl.inherits_resource? "building", "city"
+  end
+
+  def test_add_method_resource_with_single_inheritance_via_hash
+    @acl.add! :resource => ["city", {"building" => "city"}, {"room" => "building"}]
+    assert @acl.inherits_resource? "building", "city"
+    assert @acl.inherits_resource? "room", "building"
+  end
+
+  def test_add_method_roles_and_resources
+    @acl.add!(
+      :role     => ["guest",  {"contributor" => "guest"}, {'editor' => "contributor"}],
+      :resource => ["city",   {"building" => "city"},     {"room" => "building"}]
+    )
+    assert @acl.role? "guest"
+    assert @acl.role? "contributor"
+    assert @acl.role? "editor"
+    assert @acl.inherits_role? "contributor", "guest"
+    assert @acl.inherits_role? "editor", "contributor"
+    assert @acl.resource? "city"
+    assert @acl.resource? "building"
+    assert @acl.resource? "room"
+    assert @acl.inherits_resource? "building", "city"
+    assert @acl.inherits_resource? "room", "building"
+  end
+
+  # == Orignal Zend_Acl Tests Below ==
 
   # Ensures that basic addition and retrieval of a single Role works
   def test_role_registry_add_and_get_one
@@ -36,11 +154,11 @@ class AclTest < Test::Unit::TestCase
     assert_equal 'area', role.id
   end
 
-  # # Ensures that basic removal of a single Role works
+  # Ensures that basic removal of a single Role works
   def test_role_registry_remove_one
     role_guest = Rend::Acl::Role.new('guest')
     @acl.add_role!(role_guest).remove_role!(role_guest)
-    assert_equal false, @acl.has_role?(role_guest)
+    assert_equal false, @acl.role?(role_guest)
   end
 
   # Ensures that an exception is thrown when a non-existent Role is specified for removal
@@ -51,11 +169,11 @@ class AclTest < Test::Unit::TestCase
     end
   end
 
-  # # Ensures that removal of all Roles works
+  # Ensures that removal of all Roles works
   def test_role_registry_remove_all
     role_guest = Rend::Acl::Role.new('guest')
     @acl.add_role!(role_guest).remove_role_all!
-    assert_equal false, @acl.has_role?(role_guest)
+    assert_equal false, @acl.role?(role_guest)
   end
 
   # Ensures that an exception is thrown when a non-existent Role is specified as a parent upon Role addition
@@ -184,7 +302,7 @@ class AclTest < Test::Unit::TestCase
   def test_resource_remove_one
     resource_area = Rend::Acl::Resource.new('area')
     @acl.add_resource!(resource_area).remove_resource!(resource_area)
-    assert_equal false, @acl.has_resource?(resource_area)
+    assert_equal false, @acl.resource?(resource_area)
   end
 
   # Ensures that an exception is thrown when a non-existent Resource is specified for removal
@@ -199,7 +317,7 @@ class AclTest < Test::Unit::TestCase
   def test_resource_remove_all
     resource_area = Rend::Acl::Resource.new('area')
     @acl.add_resource!(resource_area).remove_resource_all!
-    assert_equal false, @acl.has_resource?(resource_area)
+    assert_equal false, @acl.resource?(resource_area)
   end
 
   # Ensures that an exception is thrown when a non-existent Resource is specified as a parent upon Resource addition
@@ -242,7 +360,7 @@ class AclTest < Test::Unit::TestCase
     assert_equal false, @acl.inherits_resource?(resource_city, resource_room)
 
     @acl.remove_resource!(resource_building)
-    assert_equal false, @acl.has_resource?(resource_room)
+    assert_equal false, @acl.resource?(resource_room)
   end
 
   # Ensures that the same Resource cannot be added more than once
@@ -333,14 +451,6 @@ class AclTest < Test::Unit::TestCase
     assert_equal false, @acl.allowed?(nil, nil, 'p3')
   end
 
-  # # [NOT IMPLEMENTED YET] Ensures that assertions on privileges work properly
-  # def test_privilege_assert
-  #   @acl.allow!(nil, nil, 'some_privilege', Rend::Acl::Mock_assertion.new(true))
-  #   assert_equal true, @acl.allowed?(nil, nil, 'some_privilege')
-  #   @acl.allow!(nil, nil, 'some_privilege', Rend::Acl::Mock_assertion.new(false))
-  #   assert_equal false, @acl.allowed?(nil, nil, 'some_privilege')
-  # end
-
   # Ensures that by default, Zend_Acl denies access to everything for a particular Role
   def test_role_default_deny
     role_guest = Rend::Acl::Role.new('guest')
@@ -437,7 +547,7 @@ class AclTest < Test::Unit::TestCase
     assert_equal true, @acl.allowed?
   end
 
-  # # Ensure that basic rule removal works
+  # Ensure that basic rule removal works
   def test_rules_remove
     @acl.allow!(nil, nil, ['privilege1', 'privilege2'])
     assert_equal false, @acl.allowed?
@@ -665,12 +775,12 @@ class AclTest < Test::Unit::TestCase
 
   end
 
-  # [NOT IMPLEMENTED YET] Ensures that the default rule obeys its assertion
-  # def test_default_assert
-  #   @acl.deny!(nil, nil, nil, Rend::Acl::Mock_assertion.new(false))
-  #   assert_equal true, @acl.allowed?
-  #   assert_equal true, @acl.allowed?(nil, nil, 'some_privilege')
-  # end
+  # Ensures that the default rule obeys its assertion
+  def test_default_assert
+    @acl.deny!(nil, nil, nil, Rend::Acl::MockAssertion.new(false))
+    assert_equal true, @acl.allowed?
+    assert_equal true, @acl.allowed?(nil, nil, 'some_privilege')
+  end
 
   # Ensures that the only_parents argument to inherits_role? works
   # @group ZF-2502
@@ -682,9 +792,7 @@ class AclTest < Test::Unit::TestCase
   end
 
   # Returns an array of registered roles
-  # @expected_exception PHPUnit_Framework_Error
   # @group ZF-5638
-  # Porter Note: Seems like an odd test... investigate more
   def test_get_registered_roles
     @acl.add_role!('developer')
 
@@ -696,26 +804,26 @@ class AclTest < Test::Unit::TestCase
   # Confirm that deleting a role after allowing access to all roles
   # raise undefined index error
   # @group ZF-5700
-  # Porter Note: Seems like an odd test... investigate more
+  # TODO: Does this test matter in ruby? -- Daniel Doezema
   def test_removing_role_after_it_was_allowed_access_to_all_resources_gives_error
     @acl.add_role!(Rend::Acl::Role.new('test0'))
     @acl.add_role!(Rend::Acl::Role.new('test1'))
     @acl.add_role!(Rend::Acl::Role.new('test2'))
     @acl.add_resource!(Rend::Acl::Resource.new('Test'))
 
-    @acl.allow!(nil,'Test','xxx')
+    @acl.allow!(nil, 'Test','xxx')
 
     # error test
     @acl.remove_role!('test0')
 
     # Check after fix
-    assert_equal false, @acl.has_role?('test0')
+    assert_equal false, @acl.role?('test0')
   end
 
   # @group ZF-8039
   # Meant to test for the (in)existance of this notice:
   #   "Notice: Undefined index: all_privileges in lib/Zend/Acl.php on line 682"
-  # Porter Note: Seems like an odd test... investigate more
+  # TODO: Does this test matter in ruby? -- Daniel Doezema
   def test_method_remove_allow_does_not_throw_notice
     acl = Rend::Acl.new
     acl.add_role!('admin')
@@ -848,98 +956,71 @@ class AclTest < Test::Unit::TestCase
     assert_equal false, @acl.allowed?('guest', 'blogpost', 'read')
   end
 
-  #### [TESTS TO BE IMPLEMENTED LATER] ####
-
-  # # Ensures that assertions on privileges work properly for a particular Role
-  # def test_role_privilege_assert
-  #   role_guest = Rend::Acl::Role.new('guest')
-  #   @acl.add_role!(role_guest)
-  #              .allow!(role_guest, nil, 'some_privilege', Rend::Acl::Mock_assertion.new(true))
-  #   assert_equal true, @acl.allowed?(role_guest, nil, 'some_privilege')
-  #   @acl.allow!(role_guest, nil, 'some_privilege', Rend::Acl::Mock_assertion.new(false))
-  #   assert_equal false, @acl.allowed?(role_guest, nil, 'some_privilege')
-  # end
-
-  # # Ensures that removing the default deny rule results in assertion method being removed
-  # def test_remove_default_deny_assert
-  #   @acl.deny!(nil, nil, nil, Rend::Acl::Mock_assertion.new(false))
-  #   assert_equal true, @acl.allowed?
-  #   @acl.remove_deny
-  #   assert_equal false, @acl.allowed?
-  # end
-
-
-  # # @group ZF-1721
-  # def test_acl_assertions_get_proper_role_when_inheritence_is_used
-  #   acl = this._load_use_case1
-
-  #   user = Rend::Acl::Role.new('publisher')
-  #   blog_post = Rend::Acl::Resource.new('blog_post')
+  # Ensures that assertions on privileges work properly
+  def test_privilege_assert
+    @acl.allow!(nil, nil, 'some_privilege', Rend::Acl::MockAssertion.new(true))
+    assert_equal true, @acl.allowed?(nil, nil, 'some_privilege')
 
-  #   # @var Zend_Acl_Use_case1_User_is_blog_post_owner_assertion
-  #   assertion = acl.custom_assertion
+    @acl.allow!(nil, nil, 'some_privilege', Rend::Acl::MockAssertion.new(false))
+    assert_equal false, @acl.allowed?(nil, nil, 'some_privilege')
+  end
 
-  #   assert_equal true, acl.is_allowed(user, blog_post, 'modify')
+  # Ensures that assertions on privileges work properly for a particular Role
+  def test_role_privilege_assert
+    role_guest = Rend::Acl::Role.new('guest')
+    @acl.add_role!(role_guest)
 
-  #   assert_equal 'publisher', assertion.last_assert_role.id
+    @acl.allow!(role_guest, nil, 'some_privilege', Rend::Acl::MockAssertion.new(true))
+    assert_equal true, @acl.allowed?(role_guest, nil, 'some_privilege')
 
-  # end
+    @acl.allow!(role_guest, nil, 'some_privilege', Rend::Acl::MockAssertion.new(false))
+    assert_equal false, @acl.allowed?(role_guest, nil, 'some_privilege')
+  end
 
-  # # @group ZF-1722
-  # def test_acl_assertions_get_original_is_allowed_objects
-  #   acl = this._load_use_case1
+  # # Ensures that removing the default deny rule results in assertion method being removed
+  def test_remove_default_deny_assert
+    @acl.deny!(nil, nil, nil, Rend::Acl::MockAssertion.new(false))
+    assert_equal true, @acl.allowed?
+    @acl.remove_deny!
+    assert_equal false, @acl.allowed?
+  end
 
-  #   user = Rend::Acl_Use_case1::User.new
-  #   blog_post = Rend::Acl_Use_case1::Blog_post.new
 
-  #   assert_equal true, acl.is_allowed(user, blog_post, 'view')
+  # @group ZF-1721
+  def test_acl_assertions_get_proper_role_when_inheritence_is_used
+    assertion = Rend::Acl::MockAssertion.new(true)
 
-  #   /**
-  #    * @var Zend_Acl_Use_case1_User_is_blog_post_owner_assertion
-  #    */
-  #   assertion = acl.custom_assertion
+    @acl.add! :role => ['guest', {'contributor' => 'guest'}, {'publisher' => 'contributor'}, 'admin'], :resource => 'blog_post'
 
-  #   assertion.assert_return_value = true
-  #   user.role = 'contributor'
-  #   assert_equal true, acl.is_allowed(user, blog_post, 'modify'), 'Assertion should return true'
-  #   assertion.assert_return_value = false
-  #   assert_equal false, acl.is_allowed(user, blog_post, 'modify'), 'Assertion should return false'
+    @acl.allow!('guest',        'blog_post', 'view')
+    @acl.allow!('contributor',  'blog_post', 'contribute')
+    @acl.allow!('contributor',  'blog_post', 'modify', assertion)
+    @acl.allow!('publisher',    'blog_post', 'publish')
 
-  #   # check to see if the last assertion has the proper objets
-  #   assert_kind_of Zend_Acl_Use_case1_User, assertion.last_assert_role, 'Assertion did not recieve proper role object'
-  #   assert_kind_of Zend_Acl_Use_case1_Blog_post, assertion.last_assert_resource, 'Assertion did not recieve proper resource object'
+    assert_equal true,        @acl.allowed?("publisher", "blog_post", "modify")
+    assert_equal 'publisher', assertion.last_role.id
+  end
 
-  # end
+  # @group ZF-1722
+  def test_acl_assertions_get_original_is_allowed_objects
+    # I'm invalidating this test as role.id and resource.id are both attr_reader properties -- Daniel Doezema
+  end
 
-  # # @group ZF-7973
-  # def test_acl_passes_privilege_to_assert_class {
-  #   require_once dirname(__FILE__) . '/_files/Assertion_z_f7973.php'
-  #   assertion = Rend::Acl_Acl_test::Assertion_z_f7973.new
+  # @group ZF-7973
+  def test_acl_passes_privilege_to_assert_class
+    assertion = Rend::Acl::MockAssertion.new do |acl, role, resource, privilege|
+      privilege == "read"
+    end
 
-  #   acl = Rend::Acl.new
-  #   acl.add_role!('role')
-  #   acl.add_resource!('resource')
-  #   acl.allow!('role',nil,nil,assertion)
-  #   allowed = acl.is_allowed('role','resource','privilege',assertion)
+    @acl.add! :role => 'guest', :resource => 'blog_post'
+    @acl.allow!('guest', nil, nil, assertion)
 
-  #   assert_equal true, allowed
-  # end
+    assert @acl.allowed?('guest', 'blog_post', 'read')
+  end
 
 
   protected
 
-  # def use_case_2
-  #   @acl.add_role!('guest')
-  #   @acl.add_role!('contributor', 'guest')
-  #   @acl.add_role!('publisher', 'contributor')
-  #   @acl.add_role!('admin')
-  #   @acl.add_resource!('blogPost')
-  #   @acl.allow!('guest', 'blogPost', 'view')
-  #   @acl.allow!('contributor', 'blogPost', 'contribute')
-  #   @acl.allow!('contributor', 'blogPost', 'modify', @acl.customAssertion)
-  #   @acl.allow!('publisher', 'blogPost', 'publish')
-  # end
-
   # http:#framework.zend.com/manual/1.12/en/zend.acl.introduction.html#zend.acl.introduction.role_registry
   def use_case_1
     acl = Rend::Acl.new
@@ -997,4 +1078,4 @@ class AclTest < Test::Unit::TestCase
     assert_equal false, acl.allowed?('editor'        , 'announcement' , 'archive') # denied
     assert_equal false, acl.allowed?('administrator' , 'announcement' , 'archive') # denied
   end
-end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rend-acl
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-02 00:00:00.000000000 Z
+date: 2013-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -43,6 +43,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: turn
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rend-core
   requirement: !ruby/object:Gem::Requirement
@@ -68,13 +84,16 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- Changelog.md
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - ZEND_FRAMEWORK_LICENSE.txt
 - lib/rend/acl.rb
+- lib/rend/acl/assertion.rb
 - lib/rend/acl/exception.rb
+- lib/rend/acl/mock_assertion.rb
 - lib/rend/acl/resource.rb
 - lib/rend/acl/role.rb
 - lib/rend/acl/role/registry.rb
@@ -97,7 +116,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3810453347064388093
+      hash: -2809420582677817181
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -106,12 +125,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3810453347064388093
+      hash: -2809420582677817181
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.25
 signing_key: 
 specification_version: 3
-summary: rend-acl-0.0.3
+summary: rend-acl-0.0.4
 test_files:
 - test/test_acl.rb