rend-acl 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/Changelog.md ADDED
@@ -0,0 +1,27 @@
1
+ # Change Log
2
+
3
+ ### Version 0.0.4 - June 11th, 2013
4
+
5
+ * Assertions
6
+ * Implemented ported test coverage for this feature.
7
+ * Implemented "Assertion" feature that exists in the original Zend_Acl library.
8
+
9
+ * Added a generic `acl.add!()` method which enables many intuitive ways to add Roles and Resources to the ACL.
10
+ * See [Documentation In Code](https://github.com/veloper/rend-acl/blob/master/lib/rend/acl.rb#L51-L76) for usage examples.
11
+
12
+ * Added ability to me a bit more explicit with the following methods...
13
+ * `.allow!()`
14
+ * `.remove_allow!()`
15
+ * `.deny!()`
16
+ * `.remove_deny!()`
17
+ * `.allowed?()`
18
+
19
+ ... using hash with the options of ...
20
+
21
+ * `:role`
22
+ * `:resource`
23
+ * `:prilvilege`
24
+ * `:assertion` -- _Not utilized in `.allowed?()` method._
25
+
26
+ ### Version <= 0.0.3
27
+ * Initial Port
data/lib/rend/acl.rb CHANGED
@@ -4,6 +4,7 @@ require 'rend/acl/version'
4
4
  require 'rend/acl/exception'
5
5
  require 'rend/acl/role'
6
6
  require 'rend/acl/resource'
7
+ require 'rend/acl/assertion'
7
8
 
8
9
  module Rend
9
10
  class Acl
@@ -36,7 +37,8 @@ module Rend
36
37
  :all_resources => {
37
38
  :all_roles => {
38
39
  :all_privileges => {
39
- :type => TYPE_DENY
40
+ :type => TYPE_DENY,
41
+ :assertion => nil
40
42
  },
41
43
  :by_privilege_id => {}
42
44
  },
@@ -46,6 +48,62 @@ module Rend
46
48
  }
47
49
  end
48
50
 
51
+ # Adds Roles & Resources in various ways.
52
+ #
53
+ # - Roles
54
+ # - Arguments
55
+ # .add! Rend::Acl::Role.new("editor") # Single Role
56
+ # .add! Rend::Acl::Role.new("editor"), 'guest' # Single Role w/ Single Inheritance
57
+ # .add! Rend::Acl::Role.new("editor"), ['guest', 'contributor'] # Single Role w/ Multiple Inheritance
58
+ # - Hash
59
+ # .add! :role => 'editor' # Single Role
60
+ # .add! :role => {'editor' => 'guest'} # Single Role w/ Single Inheritance
61
+ # .add! :role => {'editor' => ['guest', 'contributor']} # Single Role w/ Multiple Inheritance
62
+ # .add! :role => ['guest', 'editor'] # Multiple Roles
63
+ # .add! :role => ['guest', 'contributor', {'editor' => 'guest'}] # Multiple Roles w/ Single Inheritance
64
+ # .add! :role => ['guest', 'contributor', {'editor' => ['guest', 'contributor']}] # Multiple Roles w/ Multiple Inheritance
65
+ # - Resources
66
+ # - Arguments
67
+ # .add! Rend::Acl::Resource.new("city") # Single Resource
68
+ # .add! Rend::Acl::Resource.new("building"), 'city' # Single Resource w/ Inheritance
69
+ # - Hash
70
+ # .add! :resource => 'city' # Single Resource
71
+ # .add! :resource => {'building' => 'city'} # Single Resource w/ Inheritance
72
+ # .add! :resource => ['city', 'building'] # Multiple Resources
73
+ # .add! :resource => ['city', 'building', {'building' => 'city'}] # Multiple Resources w/ Inheritance
74
+ # - Combined Roles & Resources
75
+ # .add! :role => ['guest', {'editor' => 'guest'}], :resource => ['city', {'building' => 'city'}]
76
+ #
77
+ def add!(*args)
78
+ raise ArgumentError, "wrong number of arguments(0 for 1..2)" if args.empty?
79
+ method_args = {:role => [], :resource => []}
80
+ case args[0]
81
+ when Rend::Acl::Role then method_args[:role] << args
82
+ when Rend::Acl::Resource then method_args[:resource] << args
83
+ when Hash
84
+ args[0].each do |key, value|
85
+ if [:role, :resource].include?(key.to_sym)
86
+ case value
87
+ when String then method_args[key] << value
88
+ when Hash then method_args[key] << value.flatten
89
+ when Array then value.each {|x| method_args[key] << (x.is_a?(Hash) ? x.flatten : x) }
90
+ else
91
+ raise Rend::Acl::Exception, "Invalid value (#{value.inspect}) for key (#{key.to_s}) in options hash."
92
+ end
93
+ else
94
+ raise Rend::Acl::Exception, "Invalid key (#{key.to_s}) in options hash."
95
+ end
96
+ end
97
+ else
98
+ raise Rend::Acl::Exception, "First argument is not an instance of Rend::Acl::Role, Rend::Acl::Resource, or Hash."
99
+ end
100
+ method_args.each do |type, arguments|
101
+ method = "add_#{type.to_s}!".to_sym
102
+ arguments.each {|args| send(method, *args)}
103
+ end
104
+ self
105
+ end
106
+
49
107
  # Adds a Role having an identifier unique to the registry
50
108
  #
51
109
  # The parents parameter may be a reference to, or the string identifier for,
@@ -61,7 +119,7 @@ module Rend
61
119
  #
62
120
  # @param Rend::Acl::Role|string role
63
121
  # @param Rend::Acl::Role|string|array parents
64
- # @uses Rend::Acl::Role::Registry::add?()
122
+ # @uses Rend::Acl::Role::Registry::add!()
65
123
  # @return Rend::Acl Provides a fluent interface
66
124
  def add_role!(role, parents = nil)
67
125
  role = Rend::Acl::Role.new(role) if role.is_a?(String)
@@ -88,7 +146,7 @@ module Rend
88
146
  # @param Rend::Acl::Role|string role
89
147
  # @uses Rend::Acl::Role::Registry::has?()
90
148
  # @return boolean
91
- def has_role?(role)
149
+ def role?(role)
92
150
  role_registry.has?(role)
93
151
  end
94
152
 
@@ -175,7 +233,7 @@ module Rend
175
233
 
176
234
  resource_id = resource.id
177
235
 
178
- raise Rend::Acl::Exception, "Resource id 'resource_id' already exists in the ACL" if has_resource?(resource_id)
236
+ raise Rend::Acl::Exception, "Resource id 'resource_id' already exists in the ACL" if resource?(resource_id)
179
237
 
180
238
  resource_parent = nil
181
239
 
@@ -203,7 +261,7 @@ module Rend
203
261
 
204
262
  def resource!(resource)
205
263
  resource_id = (resource.class <= Rend::Acl::Resource) ? resource.id : resource.to_s
206
- raise Rend::Acl::Exception, "Resource 'resource_id' not found" unless has_resource?(resource)
264
+ raise Rend::Acl::Exception, "Resource 'resource_id' not found" unless resource?(resource)
207
265
  @_resources[resource_id][:instance]
208
266
  end
209
267
 
@@ -213,7 +271,7 @@ module Rend
213
271
  #
214
272
  # @param Rend::Acl::Resource|string resource
215
273
  # @return boolean
216
- def has_resource?(resource)
274
+ def resource?(resource)
217
275
  resource_id = (resource.class <= Rend::Acl::Resource) ? resource.id : resource.to_s
218
276
  @_resources.keys.include?(resource_id)
219
277
  end
@@ -228,7 +286,7 @@ module Rend
228
286
  #
229
287
  # @param Rend::Acl::Resource|string resource
230
288
  # @param Rend::Acl::Resource|string inherit
231
- # @param boolean onlyParent
289
+ # @param boolean only_parent
232
290
  # @throws Rend_Acl_Resource_Registry_Exception
233
291
  # @return boolean
234
292
  def inherits_resource?(resource, inherit, only_parent = false)
@@ -302,22 +360,50 @@ module Rend
302
360
  #
303
361
  # @param Rend::Acl::Role|string|array roles
304
362
  # @param Rend::Acl::Resource|string|array resources
305
- # @param string|array privileges
363
+ # @param string|array privileges
364
+ # @param Rend::Acl::Assertion assertion
306
365
  # @uses Rend::Acl::set_rule!()
307
366
  # @return Rend::Acl Provides a fluent interface
308
- def allow!(roles = nil, resources = nil, privileges = nil)
309
- set_rule!(OP_ADD, TYPE_ALLOW, roles, resources, privileges)
367
+ def allow!(roles = nil, resources = nil, privileges = nil, assertion = nil)
368
+ if roles.is_a?(Hash)
369
+ options = roles
370
+ roles = options.fetch(:role, nil)
371
+ resources = options.fetch(:resource, nil)
372
+ privileges = options.fetch(:privilege, nil)
373
+ assertion = options.fetch(:assertion, nil)
374
+ end
375
+ roles = nil if roles == :all
376
+ resources = nil if resources == :all
377
+ privileges = nil if privileges == :all
378
+
379
+ type_hint! Rend::Acl::Assertion, assertion
380
+
381
+ set_rule!(OP_ADD, TYPE_ALLOW, roles, resources, privileges, assertion)
310
382
  end
311
383
 
312
384
  # Adds a "deny" rule to the ACL
313
385
  #
314
386
  # @param Rend::Acl::Role|string|array roles
315
387
  # @param Rend::Acl::Resource|string|array resources
316
- # @param string|array privileges
388
+ # @param string|array privileges
389
+ # @param Rend::Acl::Assertion assertion
317
390
  # @uses Rend::Acl::set_rule!()
318
391
  # @return Rend::Acl Provides a fluent interface
319
- def deny!(roles = nil, resources = nil, privileges = nil)
320
- set_rule!(OP_ADD, TYPE_DENY, roles, resources, privileges)
392
+ def deny!(roles = nil, resources = nil, privileges = nil, assertion = nil)
393
+ if roles.is_a?(Hash)
394
+ options = roles
395
+ roles = options.fetch(:role, nil)
396
+ resources = options.fetch(:resource, nil)
397
+ privileges = options.fetch(:privilege, nil)
398
+ assertion = options.fetch(:assertion, nil)
399
+ end
400
+ roles = nil if roles == :all
401
+ resources = nil if resources == :all
402
+ privileges = nil if privileges == :all
403
+
404
+ type_hint! Rend::Acl::Assertion, assertion
405
+
406
+ set_rule!(OP_ADD, TYPE_DENY, roles, resources, privileges, assertion)
321
407
  end
322
408
 
323
409
  # Removes "allow" permissions from the ACL
@@ -327,8 +413,19 @@ module Rend
327
413
  # @param string|array privileges
328
414
  # @uses Rend::Acl::set_rule!()
329
415
  # @return Rend::Acl Provides a fluent interface
330
- def remove_allow!(roles = nil, resources = nil, privileges = nil)
331
- set_rule!(OP_REMOVE, TYPE_ALLOW, roles, resources, privileges)
416
+ def remove_allow!(roles = nil, resources = nil, privileges = nil, assertion = nil)
417
+ if roles.is_a?(Hash)
418
+ options = roles
419
+ roles = options.fetch(:role, nil)
420
+ resources = options.fetch(:resource, nil)
421
+ privileges = options.fetch(:privilege, nil)
422
+ assertion = options.fetch(:assertion, nil)
423
+ end
424
+ roles = nil if roles == :all
425
+ resources = nil if resources == :all
426
+ privileges = nil if privileges == :all
427
+
428
+ set_rule!(OP_REMOVE, TYPE_ALLOW, roles, resources, privileges, assertion)
332
429
  end
333
430
 
334
431
  # Removes "deny" restrictions from the ACL
@@ -338,8 +435,19 @@ module Rend
338
435
  # @param string|array privileges
339
436
  # @uses Rend::Acl::set_rule!()
340
437
  # @return Rend::Acl Provides a fluent interface
341
- def remove_deny!(roles = nil, resources = nil, privileges = nil)
342
- set_rule!(OP_REMOVE, TYPE_DENY, roles, resources, privileges)
438
+ def remove_deny!(roles = nil, resources = nil, privileges = nil, assertion = nil)
439
+ if roles.is_a?(Hash)
440
+ options = roles
441
+ roles = options.fetch(:role, nil)
442
+ resources = options.fetch(:resource, nil)
443
+ privileges = options.fetch(:privilege, nil)
444
+ assertion = options.fetch(:assertion, nil)
445
+ end
446
+ roles = nil if roles == :all
447
+ resources = nil if resources == :all
448
+ privileges = nil if privileges == :all
449
+
450
+ set_rule!(OP_REMOVE, TYPE_DENY, roles, resources, privileges, assertion)
343
451
  end
344
452
 
345
453
  # Performs operations on ACL rules
@@ -372,20 +480,23 @@ module Rend
372
480
  # privilege with a string, and multiple privileges may be specified as an array of strings.
373
481
  #
374
482
  #
375
- # @param string operation
376
- # @param string type
377
- # @param Rend::Acl::Role|string|array roles
378
- # @param Rend::Acl::Resource|string|array resources
379
- # @param string|array privileges
483
+ # @param string operation
484
+ # @param string type
485
+ # @param Rend::Acl::Role|string|array roles
486
+ # @param Rend::Acl::Resource|string|array resources
487
+ # @param string|array privileges
488
+ # @param Rend::Acl::Assert::Interface assertion
380
489
  # @throws Rend::Acl::Exception
381
490
  # @uses Rend::Acl::Role::Registry::get!()
382
491
  # @uses Rend::Acl::get!()
383
492
  # @return Rend::Acl Provides a fluent interface
384
- def set_rule!(operation, type, roles = nil, resources = nil, privileges = nil)
493
+ def set_rule!(operation, type, roles = nil, resources = nil, privileges = nil, assertion = nil)
494
+ type_hint! Rend::Acl::Assertion, assertion
495
+
385
496
  # ensure that the rule type is valid normalize input to uppercase
386
497
  type = type.upcase
387
498
  if type != TYPE_ALLOW && type != TYPE_DENY
388
- raise Zend::Acl::Exception, "Unsupported rule type must be either '#{TYPE_ALLOW}' or '#{TYPE_DENY}'"
499
+ raise Rend::Acl::Exception, "Unsupported rule type must be either '#{TYPE_ALLOW}' or '#{TYPE_DENY}'"
389
500
  end
390
501
 
391
502
  # ensure that all specified Roles exist normalize input to array of Role objects or nil
@@ -429,11 +540,17 @@ module Rend
429
540
  roles.each do |role|
430
541
  rules = _rules(resource, role, true)
431
542
  if privileges.empty?
432
- rules[:all_privileges] = {:type => type}
543
+ rules[:all_privileges] = {
544
+ :type => type,
545
+ :assertion => assertion
546
+ }
433
547
  rules[:by_privilege_id] = {} unless rules.has_key?(:by_privilege_id)
434
548
  else
435
549
  privileges.each do |privilege|
436
- rules[:by_privilege_id][privilege] = {:type => type}
550
+ rules[:by_privilege_id][privilege] = {
551
+ :type => type,
552
+ :assertion => assertion
553
+ }
437
554
  end
438
555
  end
439
556
  end
@@ -443,10 +560,16 @@ module Rend
443
560
  roles.each do |role|
444
561
  rules = _rules(nil, role, true)
445
562
  if privileges.empty?
446
- rules[:all_privileges] = {:type => type}
563
+ rules[:all_privileges] = {
564
+ :type => type,
565
+ :assertion => assertion
566
+ }
447
567
  else
448
568
  privileges.each do |privilege|
449
- rules[:by_privilege_id][privilege] = {:type => type}
569
+ rules[:by_privilege_id][privilege] = {
570
+ :type => type,
571
+ :assertion => assertion
572
+ }
450
573
  end
451
574
  end
452
575
  end
@@ -463,7 +586,10 @@ module Rend
463
586
  if resource.nil? && role.nil?
464
587
  if rules[:all_privileges][:type] == type
465
588
  rules.replace({
466
- :all_privileges => { :type => TYPE_DENY },
589
+ :all_privileges => {
590
+ :type => TYPE_DENY,
591
+ :assertion => nil
592
+ },
467
593
  :by_privilege_id => {}
468
594
  })
469
595
  end
@@ -495,7 +621,10 @@ module Rend
495
621
  if role.nil?
496
622
  if rules[:all_privileges][:type] == type
497
623
  rules.replace({
498
- :all_privileges => { :type => TYPE_DENY },
624
+ :all_privileges => {
625
+ :type => TYPE_DENY,
626
+ :assertion => nil
627
+ },
499
628
  :by_privilege_id => {}
500
629
  })
501
630
  end
@@ -554,6 +683,19 @@ module Rend
554
683
  @_is_allowed_resource = nil
555
684
  @_is_allowed_privilege = nil
556
685
 
686
+ # Readability
687
+ if role.is_a?(Hash)
688
+ options = role
689
+ role = options.fetch(:role, nil)
690
+ resource = options.fetch(:resource, nil)
691
+ privilege = options.fetch(:privilege, nil)
692
+ end
693
+
694
+ # Readability
695
+ role = nil if role == :all
696
+ resource = nil if resource == :all
697
+ privilege = nil if privilege == :all
698
+
557
699
  if role
558
700
  # keep track of originally called role
559
701
  @_is_allowed_role = role
@@ -789,19 +931,19 @@ module Rend
789
931
  rule = rules[:by_privilege_id][privilege]
790
932
  end
791
933
 
792
- # check assertion first
793
- assertion_value = nil
794
- if rule[:assert]
795
- # assertion = rule[:assert]
796
- # assertion_value = assertion.assert(
797
- # self,
798
- # (@_isAllowedRole instanceof Zend_Acl_Role_Interface) ? @_isAllowedRole : role,
799
- # (@_isAllowedResource instanceof Zend_Acl_Resource_Interface) ? @_isAllowedResource : resource,
800
- # @_isAllowedPrivilege
801
- # )
934
+ # Check assertion first
935
+ assertion_passed = nil
936
+ if rule[:assertion]
937
+ args = {
938
+ :acl => self,
939
+ :role => @_is_allowed_role.is_a?(Rend::Acl::Role) ? @_is_allowed_role : role,
940
+ :resource => @_is_allowed_resource.is_a?(Rend::Acl::Resource) ? @_is_allowed_resource : resource,
941
+ :privilege => @_is_allowed_privilege
942
+ }
943
+ assertion_passed = rule[:assertion].pass?(args[:acl], args[:role], args[:resource], args[:privilege])
802
944
  end
803
945
 
804
- if rule[:assert].nil? || assertion_value
946
+ if rule[:assertion].nil? || assertion_passed == true
805
947
  rule[:type]
806
948
  elsif resource != nil || role != nil || privilege != nil
807
949
  nil
@@ -0,0 +1,24 @@
1
+ module Rend
2
+ class Acl
3
+ class Assertion
4
+ # Returns true if and only if the assertion conditions are met
5
+ #
6
+ # This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the
7
+ # $role, $resource, or $privilege parameters are nil, it means that the query applies to all Roles, Resources, or
8
+ # privileges, respectively.
9
+ #
10
+ # @param Zend_Acl $acl
11
+ # @param Zend_Acl_Role_Interface $role
12
+ # @param Zend_Acl_Resource_Interface $resource
13
+ # @param string $privilege
14
+ # @return boolean
15
+ def pass?(acl, role = nil, resource = nil, privilege = nil)
16
+ type_hint! Rend::Acl, acl, :is_required => true
17
+ type_hint! Rend::Acl::Role, role
18
+ type_hint! Rend::Acl::Resources, resource
19
+ type_hint! String, privilege
20
+ end
21
+
22
+ end
23
+ end
24
+ end
@@ -0,0 +1,28 @@
1
+ # Not a required file -- used for testing
2
+ module Rend
3
+ class Acl
4
+ class MockAssertion < Rend::Acl::Assertion
5
+
6
+ attr_reader :last_acl
7
+ attr_reader :last_role
8
+ attr_reader :last_resource
9
+ attr_reader :last_privilege
10
+
11
+ attr_accessor :pass
12
+
13
+ def initialize(pass = nil, &block)
14
+ self.pass = block_given? ? block : pass
15
+ end
16
+
17
+ def pass=(value)
18
+ @pass = value.is_a?(Proc) ? value : lambda {|acl, role, resource, privilege| value}
19
+ end
20
+
21
+ def pass?(acl, role = nil, resource = nil, privilege = nil)
22
+ @last_acl, @last_role, @last_resource, @last_privilege = acl, role, resource, privilege
23
+ pass.call(acl, role, resource, privilege)
24
+ end
25
+
26
+ end
27
+ end
28
+ end
@@ -1,7 +1,7 @@
1
1
  module Rend
2
2
  class Acl
3
3
  module Version
4
- STRING = "0.0.3"
4
+ STRING = "0.0.4"
5
5
  end
6
6
  end
7
7
  end
data/rend-acl.gemspec CHANGED
@@ -16,11 +16,12 @@ Gem::Specification.new do |spec|
16
16
  spec.files = `git ls-files`.split($/)
17
17
  spec.files += ["LICENSE.txt", "ZEND_FRAMEWORK_LICENSE.txt"]
18
18
  spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
19
- spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.test_files = spec.files.grep(%r{^(test|spec|features|)/})
20
20
  spec.require_paths = ["lib"]
21
21
 
22
22
  spec.add_development_dependency "bundler", "~> 1.3"
23
23
  spec.add_development_dependency "rake"
24
+ spec.add_development_dependency "turn"
24
25
 
25
26
  dependency_gems = ['rend-core']
26
27
 
data/test/test_acl.rb CHANGED
@@ -1,5 +1,9 @@
1
1
  require 'test/unit'
2
2
  require 'rend/acl'
3
+ require 'rend/acl/mock_assertion'
4
+ require 'yaml'
5
+ begin; require 'turn/autorun'; rescue LoadError; end
6
+
3
7
 
4
8
  class AclTest < Test::Unit::TestCase
5
9
 
@@ -12,15 +16,129 @@ class AclTest < Test::Unit::TestCase
12
16
  end
13
17
 
14
18
  def test_storing_acl_data_for_persistence_with_yaml
15
- require 'yaml'
16
19
  assert_use_case_1 YAML.load( YAML.dump(use_case_1) )
17
20
  end
18
21
 
19
- def test_acl_user_case_1
22
+ def test_use_case_1
20
23
  assert_use_case_1(use_case_1)
21
24
  end
22
25
 
23
- # ==== Orignal Zend_Acl Tests Below
26
+ def test_add_raises_argument_error_with_no_args
27
+ assert_raises ArgumentError do
28
+ @acl.add!
29
+ end
30
+ end
31
+
32
+ def test_add_method_raises_exception_on_unknown_hash_keys
33
+ assert_raises Rend::Acl::Exception do
34
+ @acl.add! :roles => []
35
+ end
36
+ end
37
+
38
+ def test_add_method_raises_exception_on_unknown_object_type
39
+ assert_raises Rend::Acl::Exception do
40
+ @acl.add! Rend::Acl
41
+ end
42
+ end
43
+
44
+ def test_add_method_raises_exception_on_invalid_hash_value_type
45
+ assert_raises Rend::Acl::Exception do
46
+ @acl.add! :role => 423423
47
+ end
48
+ end
49
+
50
+
51
+ def test_add_method_returns_self
52
+ result = @acl.add! Rend::Acl::Role.new("editor")
53
+ assert_same @acl, result
54
+ end
55
+
56
+ def test_add_method_role_via_arguments
57
+ assert @acl.add!(Rend::Acl::Role.new("editor")).role?("editor")
58
+ end
59
+
60
+ def test_add_method_role_via_hash
61
+ assert @acl.add!(:role => "editor").role?("editor")
62
+ end
63
+
64
+ def test_add_method_roles_via_hash
65
+ @acl.add! :role => ['guest', 'contributor', 'editor']
66
+ assert @acl.role? "guest"
67
+ assert @acl.role? "contributor"
68
+ assert @acl.role? "editor"
69
+ end
70
+
71
+ def test_add_method_role_with_single_inheritance_via_arguments
72
+ @acl.add! Rend::Acl::Role.new("guest")
73
+ @acl.add! Rend::Acl::Role.new("editor"), "guest"
74
+ assert @acl.inherits_role? "editor", "guest"
75
+ end
76
+
77
+ def test_add_method_role_with_single_inheritance_via_hash
78
+ @acl.add! Rend::Acl::Role.new("guest")
79
+ @acl.add! :role => {"editor" => "guest"}
80
+ assert @acl.inherits_role? "editor", "guest"
81
+ end
82
+
83
+ def test_add_method_role_with_multiple_inheritance_via_arguments
84
+ @acl.add! Rend::Acl::Role.new("guest")
85
+ @acl.add! Rend::Acl::Role.new("contributor")
86
+ @acl.add! Rend::Acl::Role.new("editor"), ["guest", "contributor"]
87
+ assert @acl.inherits_role? "editor", "guest"
88
+ assert @acl.inherits_role? "editor", "contributor"
89
+ end
90
+
91
+ def test_add_method_role_with_multiple_inheritance_via_hash
92
+ @acl.add! :role => [ "guest", "contributor", {"editor" => ["guest", "contributor"]}]
93
+ assert @acl.inherits_role? "editor", "guest"
94
+ assert @acl.inherits_role? "editor", "contributor"
95
+ end
96
+
97
+ def test_add_method_resource_via_arguments
98
+ assert @acl.add!(Rend::Acl::Resource.new("building")).resource?("building")
99
+ end
100
+
101
+ def test_add_method_resource_via_hash
102
+ assert @acl.add!(:resource => "building").resource?("building")
103
+ end
104
+
105
+ def test_add_method_resources_via_hash
106
+ @acl.add! :resource => ['city', 'building', 'room']
107
+ assert @acl.resource? "city"
108
+ assert @acl.resource? "building"
109
+ assert @acl.resource? "room"
110
+ end
111
+
112
+ def test_add_method_resource_with_single_inheritance_via_arguments
113
+ @acl.add! Rend::Acl::Resource.new("city")
114
+ @acl.add! Rend::Acl::Resource.new("building"), "city"
115
+ assert @acl.inherits_resource? "building", "city"
116
+ end
117
+
118
+ def test_add_method_resource_with_single_inheritance_via_hash
119
+ @acl.add! :resource => ["city", {"building" => "city"}, {"room" => "building"}]
120
+ assert @acl.inherits_resource? "building", "city"
121
+ assert @acl.inherits_resource? "room", "building"
122
+ end
123
+
124
+ def test_add_method_roles_and_resources
125
+ @acl.add!(
126
+ :role => ["guest", {"contributor" => "guest"}, {'editor' => "contributor"}],
127
+ :resource => ["city", {"building" => "city"}, {"room" => "building"}]
128
+ )
129
+ assert @acl.role? "guest"
130
+ assert @acl.role? "contributor"
131
+ assert @acl.role? "editor"
132
+ assert @acl.inherits_role? "contributor", "guest"
133
+ assert @acl.inherits_role? "editor", "contributor"
134
+ assert @acl.resource? "city"
135
+ assert @acl.resource? "building"
136
+ assert @acl.resource? "room"
137
+ assert @acl.inherits_resource? "building", "city"
138
+ assert @acl.inherits_resource? "room", "building"
139
+ end
140
+
141
+ # == Orignal Zend_Acl Tests Below ==
24
142
 
25
143
  # Ensures that basic addition and retrieval of a single Role works
26
144
  def test_role_registry_add_and_get_one
@@ -36,11 +154,11 @@ class AclTest < Test::Unit::TestCase
36
154
  assert_equal 'area', role.id
37
155
  end
38
156
 
39
- # # Ensures that basic removal of a single Role works
157
+ # Ensures that basic removal of a single Role works
40
158
  def test_role_registry_remove_one
41
159
  role_guest = Rend::Acl::Role.new('guest')
42
160
  @acl.add_role!(role_guest).remove_role!(role_guest)
43
- assert_equal false, @acl.has_role?(role_guest)
161
+ assert_equal false, @acl.role?(role_guest)
44
162
  end
45
163
 
46
164
  # Ensures that an exception is thrown when a non-existent Role is specified for removal
@@ -51,11 +169,11 @@ class AclTest < Test::Unit::TestCase
51
169
  end
52
170
  end
53
171
 
54
- # # Ensures that removal of all Roles works
172
+ # Ensures that removal of all Roles works
55
173
  def test_role_registry_remove_all
56
174
  role_guest = Rend::Acl::Role.new('guest')
57
175
  @acl.add_role!(role_guest).remove_role_all!
58
- assert_equal false, @acl.has_role?(role_guest)
176
+ assert_equal false, @acl.role?(role_guest)
59
177
  end
60
178
 
61
179
  # Ensures that an exception is thrown when a non-existent Role is specified as a parent upon Role addition
@@ -184,7 +302,7 @@ class AclTest < Test::Unit::TestCase
184
302
  def test_resource_remove_one
185
303
  resource_area = Rend::Acl::Resource.new('area')
186
304
  @acl.add_resource!(resource_area).remove_resource!(resource_area)
187
- assert_equal false, @acl.has_resource?(resource_area)
305
+ assert_equal false, @acl.resource?(resource_area)
188
306
  end
189
307
 
190
308
  # Ensures that an exception is thrown when a non-existent Resource is specified for removal
@@ -199,7 +317,7 @@ class AclTest < Test::Unit::TestCase
199
317
  def test_resource_remove_all
200
318
  resource_area = Rend::Acl::Resource.new('area')
201
319
  @acl.add_resource!(resource_area).remove_resource_all!
202
- assert_equal false, @acl.has_resource?(resource_area)
320
+ assert_equal false, @acl.resource?(resource_area)
203
321
  end
204
322
 
205
323
  # Ensures that an exception is thrown when a non-existent Resource is specified as a parent upon Resource addition
@@ -242,7 +360,7 @@ class AclTest < Test::Unit::TestCase
242
360
  assert_equal false, @acl.inherits_resource?(resource_city, resource_room)
243
361
 
244
362
  @acl.remove_resource!(resource_building)
245
- assert_equal false, @acl.has_resource?(resource_room)
363
+ assert_equal false, @acl.resource?(resource_room)
246
364
  end
247
365
 
248
366
  # Ensures that the same Resource cannot be added more than once
@@ -333,14 +451,6 @@ class AclTest < Test::Unit::TestCase
333
451
  assert_equal false, @acl.allowed?(nil, nil, 'p3')
334
452
  end
335
453
 
336
- # # [NOT IMPLEMENTED YET] Ensures that assertions on privileges work properly
337
- # def test_privilege_assert
338
- # @acl.allow!(nil, nil, 'some_privilege', Rend::Acl::Mock_assertion.new(true))
339
- # assert_equal true, @acl.allowed?(nil, nil, 'some_privilege')
340
- # @acl.allow!(nil, nil, 'some_privilege', Rend::Acl::Mock_assertion.new(false))
341
- # assert_equal false, @acl.allowed?(nil, nil, 'some_privilege')
342
- # end
343
-
344
454
  # Ensures that by default, Zend_Acl denies access to everything for a particular Role
345
455
  def test_role_default_deny
346
456
  role_guest = Rend::Acl::Role.new('guest')
@@ -437,7 +547,7 @@ class AclTest < Test::Unit::TestCase
437
547
  assert_equal true, @acl.allowed?
438
548
  end
439
549
 
440
- # # Ensure that basic rule removal works
550
+ # Ensure that basic rule removal works
441
551
  def test_rules_remove
442
552
  @acl.allow!(nil, nil, ['privilege1', 'privilege2'])
443
553
  assert_equal false, @acl.allowed?
@@ -665,12 +775,12 @@ class AclTest < Test::Unit::TestCase
665
775
 
666
776
  end
667
777
 
668
- # [NOT IMPLEMENTED YET] Ensures that the default rule obeys its assertion
669
- # def test_default_assert
670
- # @acl.deny!(nil, nil, nil, Rend::Acl::Mock_assertion.new(false))
671
- # assert_equal true, @acl.allowed?
672
- # assert_equal true, @acl.allowed?(nil, nil, 'some_privilege')
673
- # end
778
+ # Ensures that the default rule obeys its assertion
779
+ def test_default_assert
780
+ @acl.deny!(nil, nil, nil, Rend::Acl::MockAssertion.new(false))
781
+ assert_equal true, @acl.allowed?
782
+ assert_equal true, @acl.allowed?(nil, nil, 'some_privilege')
783
+ end
674
784
 
675
785
  # Ensures that the only_parents argument to inherits_role? works
676
786
  # @group ZF-2502
@@ -682,9 +792,7 @@ class AclTest < Test::Unit::TestCase
682
792
  end
683
793
 
684
794
  # Returns an array of registered roles
685
- # @expected_exception PHPUnit_Framework_Error
686
795
  # @group ZF-5638
687
- # Porter Note: Seems like an odd test... investigate more
688
796
  def test_get_registered_roles
689
797
  @acl.add_role!('developer')
690
798
 
@@ -696,26 +804,26 @@ class AclTest < Test::Unit::TestCase
696
804
  # Confirm that deleting a role after allowing access to all roles
697
805
  # raise undefined index error
698
806
  # @group ZF-5700
699
- # Porter Note: Seems like an odd test... investigate more
807
+ # TODO: Does this test matter in ruby? -- Daniel Doezema
700
808
  def test_removing_role_after_it_was_allowed_access_to_all_resources_gives_error
701
809
  @acl.add_role!(Rend::Acl::Role.new('test0'))
702
810
  @acl.add_role!(Rend::Acl::Role.new('test1'))
703
811
  @acl.add_role!(Rend::Acl::Role.new('test2'))
704
812
  @acl.add_resource!(Rend::Acl::Resource.new('Test'))
705
813
 
706
- @acl.allow!(nil,'Test','xxx')
814
+ @acl.allow!(nil, 'Test','xxx')
707
815
 
708
816
  # error test
709
817
  @acl.remove_role!('test0')
710
818
 
711
819
  # Check after fix
712
- assert_equal false, @acl.has_role?('test0')
820
+ assert_equal false, @acl.role?('test0')
713
821
  end
714
822
 
715
823
  # @group ZF-8039
716
824
  # Meant to test for the (in)existance of this notice:
717
825
  # "Notice: Undefined index: all_privileges in lib/Zend/Acl.php on line 682"
718
- # Porter Note: Seems like an odd test... investigate more
826
+ # TODO: Does this test matter in ruby? -- Daniel Doezema
719
827
  def test_method_remove_allow_does_not_throw_notice
720
828
  acl = Rend::Acl.new
721
829
  acl.add_role!('admin')
@@ -848,98 +956,71 @@ class AclTest < Test::Unit::TestCase
848
956
  assert_equal false, @acl.allowed?('guest', 'blogpost', 'read')
849
957
  end
850
958
 
851
- #### [TESTS TO BE IMPLEMENTED LATER] ####
852
-
853
- # # Ensures that assertions on privileges work properly for a particular Role
854
- # def test_role_privilege_assert
855
- # role_guest = Rend::Acl::Role.new('guest')
856
- # @acl.add_role!(role_guest)
857
- # .allow!(role_guest, nil, 'some_privilege', Rend::Acl::Mock_assertion.new(true))
858
- # assert_equal true, @acl.allowed?(role_guest, nil, 'some_privilege')
859
- # @acl.allow!(role_guest, nil, 'some_privilege', Rend::Acl::Mock_assertion.new(false))
860
- # assert_equal false, @acl.allowed?(role_guest, nil, 'some_privilege')
861
- # end
862
-
863
- # # Ensures that removing the default deny rule results in assertion method being removed
864
- # def test_remove_default_deny_assert
865
- # @acl.deny!(nil, nil, nil, Rend::Acl::Mock_assertion.new(false))
866
- # assert_equal true, @acl.allowed?
867
- # @acl.remove_deny
868
- # assert_equal false, @acl.allowed?
869
- # end
870
-
871
-
872
- # # @group ZF-1721
873
- # def test_acl_assertions_get_proper_role_when_inheritence_is_used
874
- # acl = this._load_use_case1
875
-
876
- # user = Rend::Acl::Role.new('publisher')
877
- # blog_post = Rend::Acl::Resource.new('blog_post')
959
+ # Ensures that assertions on privileges work properly
960
+ def test_privilege_assert
961
+ @acl.allow!(nil, nil, 'some_privilege', Rend::Acl::MockAssertion.new(true))
962
+ assert_equal true, @acl.allowed?(nil, nil, 'some_privilege')
878
963
 
879
- # # @var Zend_Acl_Use_case1_User_is_blog_post_owner_assertion
880
- # assertion = acl.custom_assertion
964
+ @acl.allow!(nil, nil, 'some_privilege', Rend::Acl::MockAssertion.new(false))
965
+ assert_equal false, @acl.allowed?(nil, nil, 'some_privilege')
966
+ end
881
967
 
882
- # assert_equal true, acl.is_allowed(user, blog_post, 'modify')
968
+ # Ensures that assertions on privileges work properly for a particular Role
969
+ def test_role_privilege_assert
970
+ role_guest = Rend::Acl::Role.new('guest')
971
+ @acl.add_role!(role_guest)
883
972
 
884
- # assert_equal 'publisher', assertion.last_assert_role.id
973
+ @acl.allow!(role_guest, nil, 'some_privilege', Rend::Acl::MockAssertion.new(true))
974
+ assert_equal true, @acl.allowed?(role_guest, nil, 'some_privilege')
885
975
 
886
- # end
976
+ @acl.allow!(role_guest, nil, 'some_privilege', Rend::Acl::MockAssertion.new(false))
977
+ assert_equal false, @acl.allowed?(role_guest, nil, 'some_privilege')
978
+ end
887
979
 
888
- # # @group ZF-1722
889
- # def test_acl_assertions_get_original_is_allowed_objects
890
- # acl = this._load_use_case1
980
+ # # Ensures that removing the default deny rule results in assertion method being removed
981
+ def test_remove_default_deny_assert
982
+ @acl.deny!(nil, nil, nil, Rend::Acl::MockAssertion.new(false))
983
+ assert_equal true, @acl.allowed?
984
+ @acl.remove_deny!
985
+ assert_equal false, @acl.allowed?
986
+ end
891
987
 
892
- # user = Rend::Acl_Use_case1::User.new
893
- # blog_post = Rend::Acl_Use_case1::Blog_post.new
894
988
 
895
- # assert_equal true, acl.is_allowed(user, blog_post, 'view')
989
+ # @group ZF-1721
990
+ def test_acl_assertions_get_proper_role_when_inheritence_is_used
991
+ assertion = Rend::Acl::MockAssertion.new(true)
896
992
 
897
- # /**
898
- # * @var Zend_Acl_Use_case1_User_is_blog_post_owner_assertion
899
- # */
900
- # assertion = acl.custom_assertion
993
+ @acl.add! :role => ['guest', {'contributor' => 'guest'}, {'publisher' => 'contributor'}, 'admin'], :resource => 'blog_post'
901
994
 
902
- # assertion.assert_return_value = true
903
- # user.role = 'contributor'
904
- # assert_equal true, acl.is_allowed(user, blog_post, 'modify'), 'Assertion should return true'
905
- # assertion.assert_return_value = false
906
- # assert_equal false, acl.is_allowed(user, blog_post, 'modify'), 'Assertion should return false'
995
+ @acl.allow!('guest', 'blog_post', 'view')
996
+ @acl.allow!('contributor', 'blog_post', 'contribute')
997
+ @acl.allow!('contributor', 'blog_post', 'modify', assertion)
998
+ @acl.allow!('publisher', 'blog_post', 'publish')
907
999
 
908
- # # check to see if the last assertion has the proper objets
909
- # assert_kind_of Zend_Acl_Use_case1_User, assertion.last_assert_role, 'Assertion did not recieve proper role object'
910
- # assert_kind_of Zend_Acl_Use_case1_Blog_post, assertion.last_assert_resource, 'Assertion did not recieve proper resource object'
1000
+ assert_equal true, @acl.allowed?("publisher", "blog_post", "modify")
1001
+ assert_equal 'publisher', assertion.last_role.id
1002
+ end
911
1003
 
912
- # end
1004
+ # @group ZF-1722
1005
+ def test_acl_assertions_get_original_is_allowed_objects
1006
+ # I'm invalidating this test as role.id and resource.id are both attr_reader properties -- Daniel Doezema
1007
+ end
913
1008
 
914
- # # @group ZF-7973
915
- # def test_acl_passes_privilege_to_assert_class {
916
- # require_once dirname(__FILE__) . '/_files/Assertion_z_f7973.php'
917
- # assertion = Rend::Acl_Acl_test::Assertion_z_f7973.new
1009
+ # @group ZF-7973
1010
+ def test_acl_passes_privilege_to_assert_class
1011
+ assertion = Rend::Acl::MockAssertion.new do |acl, role, resource, privilege|
1012
+ privilege == "read"
1013
+ end
918
1014
 
919
- # acl = Rend::Acl.new
920
- # acl.add_role!('role')
921
- # acl.add_resource!('resource')
922
- # acl.allow!('role',nil,nil,assertion)
923
- # allowed = acl.is_allowed('role','resource','privilege',assertion)
1015
+ @acl.add! :role => 'guest', :resource => 'blog_post'
1016
+ @acl.allow!('guest', nil, nil, assertion)
924
1017
 
925
- # assert_equal true, allowed
926
- # end
1018
+ assert @acl.allowed?('guest', 'blog_post', 'read')
1019
+ end
927
1020
 
928
1021
 
929
1022
  protected
930
1023
 
931
- # def use_case_2
932
- # @acl.add_role!('guest')
933
- # @acl.add_role!('contributor', 'guest')
934
- # @acl.add_role!('publisher', 'contributor')
935
- # @acl.add_role!('admin')
936
- # @acl.add_resource!('blogPost')
937
- # @acl.allow!('guest', 'blogPost', 'view')
938
- # @acl.allow!('contributor', 'blogPost', 'contribute')
939
- # @acl.allow!('contributor', 'blogPost', 'modify', @acl.customAssertion)
940
- # @acl.allow!('publisher', 'blogPost', 'publish')
941
- # end
942
-
943
1024
  # http:#framework.zend.com/manual/1.12/en/zend.acl.introduction.html#zend.acl.introduction.role_registry
944
1025
  def use_case_1
945
1026
  acl = Rend::Acl.new
@@ -997,4 +1078,4 @@ class AclTest < Test::Unit::TestCase
997
1078
  assert_equal false, acl.allowed?('editor' , 'announcement' , 'archive') # denied
998
1079
  assert_equal false, acl.allowed?('administrator' , 'announcement' , 'archive') # denied
999
1080
  end
1000
- end
1081
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rend-acl
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3
4
+ version: 0.0.4
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2013-06-02 00:00:00.000000000 Z
12
+ date: 2013-06-11 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -43,6 +43,22 @@ dependencies:
43
43
  - - ! '>='
44
44
  - !ruby/object:Gem::Version
45
45
  version: '0'
46
+ - !ruby/object:Gem::Dependency
47
+ name: turn
48
+ requirement: !ruby/object:Gem::Requirement
49
+ none: false
50
+ requirements:
51
+ - - ! '>='
52
+ - !ruby/object:Gem::Version
53
+ version: '0'
54
+ type: :development
55
+ prerelease: false
56
+ version_requirements: !ruby/object:Gem::Requirement
57
+ none: false
58
+ requirements:
59
+ - - ! '>='
60
+ - !ruby/object:Gem::Version
61
+ version: '0'
46
62
  - !ruby/object:Gem::Dependency
47
63
  name: rend-core
48
64
  requirement: !ruby/object:Gem::Requirement
@@ -68,13 +84,16 @@ extensions: []
68
84
  extra_rdoc_files: []
69
85
  files:
70
86
  - .gitignore
87
+ - Changelog.md
71
88
  - Gemfile
72
89
  - LICENSE.txt
73
90
  - README.md
74
91
  - Rakefile
75
92
  - ZEND_FRAMEWORK_LICENSE.txt
76
93
  - lib/rend/acl.rb
94
+ - lib/rend/acl/assertion.rb
77
95
  - lib/rend/acl/exception.rb
96
+ - lib/rend/acl/mock_assertion.rb
78
97
  - lib/rend/acl/resource.rb
79
98
  - lib/rend/acl/role.rb
80
99
  - lib/rend/acl/role/registry.rb
@@ -97,7 +116,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
97
116
  version: '0'
98
117
  segments:
99
118
  - 0
100
- hash: -3810453347064388093
119
+ hash: -2809420582677817181
101
120
  required_rubygems_version: !ruby/object:Gem::Requirement
102
121
  none: false
103
122
  requirements:
@@ -106,12 +125,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
106
125
  version: '0'
107
126
  segments:
108
127
  - 0
109
- hash: -3810453347064388093
128
+ hash: -2809420582677817181
110
129
  requirements: []
111
130
  rubyforge_project:
112
131
  rubygems_version: 1.8.25
113
132
  signing_key:
114
133
  specification_version: 3
115
- summary: rend-acl-0.0.3
134
+ summary: rend-acl-0.0.4
116
135
  test_files:
117
136
  - test/test_acl.rb