role-auth 0.1.9
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +15 -0
- data/Gemfile +4 -0
- data/Gemfile.lock +48 -0
- data/LICENSE +22 -0
- data/README.md +58 -0
- data/Rakefile +1 -0
- data/lib/role-auth.rb +86 -0
- data/lib/role-auth/adapters/data_mapper.rb +60 -0
- data/lib/role-auth/adapters/merb.rb +39 -0
- data/lib/role-auth/builder.rb +141 -0
- data/lib/role-auth/checker.rb +46 -0
- data/lib/role-auth/parser.rb +250 -0
- data/lib/role-auth/version.rb +3 -0
- data/role-auth.gemspec +28 -0
- data/spec/authorization_file_spec.rb +62 -0
- data/spec/datamapper_spec.rb +250 -0
- data/spec/in_memory_spec.rb +123 -0
- data/spec/shared_specs.rb +225 -0
- data/spec/spec.opts +3 -0
- data/spec/spec_helper.rb +28 -0
- data/spec/support/authorization.rb +68 -0
- data/spec/support/authorization2.rb +3 -0
- data/spec/support/authorization3.rb +5 -0
- data/spec/support/authorization4.rb +4 -0
- data/spec/support/classes.rb +80 -0
- metadata +216 -0
@@ -0,0 +1,123 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
|
2
|
+
|
3
|
+
sysop_role = Memory::Role.new('sysop')
|
4
|
+
admin_role = Memory::Role.new('admin')
|
5
|
+
alternative_admin_role = Memory::Role.new('alternative_admin')
|
6
|
+
author_role = Memory::Role.new('author','Memory::Site',1)
|
7
|
+
class_author_role = Memory::Role.new('author','Memory::Site')
|
8
|
+
general_author_role = Memory::Role.new('author')
|
9
|
+
alternative_author_role = Memory::Role.new('alternative_author','Memory::Site',1)
|
10
|
+
moderator_author_role = Memory::Role.new('moderator_author')
|
11
|
+
site_admin_role = Memory::Role.new('site_admin','Memory::Site',1)
|
12
|
+
malformed_site_admin_role = Memory::Role.new('site_admin','site',1)
|
13
|
+
moderator_role = Memory::Role.new('moderator')
|
14
|
+
user_role = Memory::Role.new('user')
|
15
|
+
guest_role = Memory::Role.new('guest')
|
16
|
+
|
17
|
+
sysop = Memory::User.new(1,[sysop_role])
|
18
|
+
admin = Memory::User.new(2,[admin_role])
|
19
|
+
alternative_admin = Memory::User.new(2,[alternative_admin_role])
|
20
|
+
author = Memory::User.new(3,[author_role])
|
21
|
+
class_author = Memory::User.new(3,[class_author_role])
|
22
|
+
general_author = Memory::User.new(3,[general_author_role])
|
23
|
+
alternative_author = Memory::User.new(3,[alternative_author_role])
|
24
|
+
moderator = Memory::User.new(4,[moderator_role])
|
25
|
+
moderator_author = Memory::User.new(3,[moderator_author_role])
|
26
|
+
site_admin = Memory::User.new(3,[site_admin_role])
|
27
|
+
malformed_site_admin = Memory::User.new(3,[malformed_site_admin_role])
|
28
|
+
user = Memory::User.new(5, [user_role])
|
29
|
+
|
30
|
+
site = Memory::Site.new(1)
|
31
|
+
own_post = Memory::Post.new(1,site,3) # Memory::Post by author
|
32
|
+
other_authors_post = Memory::Post.new(3,site,2)
|
33
|
+
published_post = Memory::Post.new(4,site,3,true)
|
34
|
+
comment = Memory::Comment.new(1,site,own_post)
|
35
|
+
comment_on_published_post = Memory::Comment.new(1,site,published_post)
|
36
|
+
|
37
|
+
other_site = Memory::Site.new(2)
|
38
|
+
other_post = Memory::Post.new(2,other_site,2)
|
39
|
+
other_comment = Memory::Comment.new(2,other_site,other_post)
|
40
|
+
|
41
|
+
describe "RoleAuth in memory" do
|
42
|
+
before :all do
|
43
|
+
Comment = Memory::Comment
|
44
|
+
Site = Memory::Site
|
45
|
+
Role = Memory::Role
|
46
|
+
Post = Memory::Post
|
47
|
+
User = Memory::User
|
48
|
+
load_authorization_file
|
49
|
+
@site = site
|
50
|
+
@own_post = own_post
|
51
|
+
@other_authors_post = other_authors_post
|
52
|
+
@published_post = published_post
|
53
|
+
@comment = comment
|
54
|
+
@comment_on_published_post = comment_on_published_post
|
55
|
+
@other_site = other_site
|
56
|
+
@other_post = other_post
|
57
|
+
@other_comment = other_comment
|
58
|
+
end
|
59
|
+
|
60
|
+
def update_attributes(object, *attr)
|
61
|
+
object.updated_attributes = attr
|
62
|
+
end
|
63
|
+
|
64
|
+
describe 'admin' do
|
65
|
+
include_context "admin_role"
|
66
|
+
before(:all){ User.current = admin }
|
67
|
+
end
|
68
|
+
|
69
|
+
describe 'alternative admin' do
|
70
|
+
include_context "admin_role"
|
71
|
+
before(:all){ User.current = alternative_admin }
|
72
|
+
end
|
73
|
+
|
74
|
+
describe 'author on site instance' do
|
75
|
+
include_context "author_role"
|
76
|
+
before(:all){ User.current = author }
|
77
|
+
end
|
78
|
+
|
79
|
+
describe 'author on site class' do
|
80
|
+
include_context "class_author_role"
|
81
|
+
before(:all){ User.current = class_author }
|
82
|
+
end
|
83
|
+
|
84
|
+
describe 'author' do
|
85
|
+
include_context "general_author_role"
|
86
|
+
before(:all){ User.current = general_author }
|
87
|
+
end
|
88
|
+
|
89
|
+
describe 'alternative author' do
|
90
|
+
include_context "author_role"
|
91
|
+
before(:all){ User.current = alternative_author }
|
92
|
+
end
|
93
|
+
|
94
|
+
describe 'moderator author' do
|
95
|
+
include_context "moderator_author_role"
|
96
|
+
before(:all){ User.current = moderator_author }
|
97
|
+
end
|
98
|
+
|
99
|
+
describe 'site admin' do
|
100
|
+
include_context "site_admin_role"
|
101
|
+
before(:all) { User.current = site_admin}
|
102
|
+
end
|
103
|
+
|
104
|
+
describe 'malformed site admin' do
|
105
|
+
include_context "malformed_site_admin_role"
|
106
|
+
before(:all) { User.current = malformed_site_admin}
|
107
|
+
end
|
108
|
+
|
109
|
+
describe 'moderator' do
|
110
|
+
include_context "moderator_role"
|
111
|
+
before(:all){ User.current = moderator }
|
112
|
+
end
|
113
|
+
|
114
|
+
describe 'sysop' do
|
115
|
+
include_context "sysop_role"
|
116
|
+
before(:all){ User.current = sysop }
|
117
|
+
end
|
118
|
+
|
119
|
+
describe 'user' do
|
120
|
+
include_context "user_role"
|
121
|
+
before(:all){ User.current = user }
|
122
|
+
end
|
123
|
+
end
|
@@ -0,0 +1,225 @@
|
|
1
|
+
shared_examples "user_role" do
|
2
|
+
it 'should behave like user' do
|
3
|
+
#is?(:user, :on => @site).should be_true
|
4
|
+
#is?(:user).should be_true
|
5
|
+
|
6
|
+
can?(:create, Comment.new).should be_true
|
7
|
+
can?(:push, Comment.new).should be_true
|
8
|
+
end
|
9
|
+
end
|
10
|
+
shared_examples "admin_role" do
|
11
|
+
it "should behave like admin" do
|
12
|
+
|
13
|
+
can?(:build, Post).should be_true
|
14
|
+
|
15
|
+
can?(:create, Post.new).should be_true
|
16
|
+
can?(:create, Role.new).should be_false
|
17
|
+
can?(:create, Comment.new).should be_true
|
18
|
+
can?(:create, Site.new).should be_true
|
19
|
+
|
20
|
+
can?(:update, @own_post).should be_true
|
21
|
+
|
22
|
+
can?(:publish, @own_post).should be_true
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
shared_examples "shared_author_role" do
|
27
|
+
include_context "user_role"
|
28
|
+
it 'should behave like all authors' do
|
29
|
+
update_attributes(@own_post, :content)
|
30
|
+
|
31
|
+
can?(:update, @own_post).should be_true
|
32
|
+
|
33
|
+
update_attributes(@other_authors_post, :content)
|
34
|
+
can?(:update, @other_authors_post).should be_false
|
35
|
+
|
36
|
+
can?(:publish, @comment).should be_false
|
37
|
+
can?(:publish, @comment_on_published_post).should be_true
|
38
|
+
can?(:publish, @other_comment).should be_false
|
39
|
+
|
40
|
+
can?(:delete, @own_post).should be_true
|
41
|
+
can?(:delete, @other_authors_post).should be_false
|
42
|
+
can?(:delete, @published_post).should be_false
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
shared_examples "author_role" do
|
47
|
+
include_context "shared_author_role"
|
48
|
+
it "should behave like author" do
|
49
|
+
user, User.current = User.current, nil
|
50
|
+
post = Post.new
|
51
|
+
User.current = user
|
52
|
+
can?(:create, post).should be_false
|
53
|
+
can?(:create, post, :on => @site).should be_true
|
54
|
+
can?(:create, post, :on => @other_site).should be_false
|
55
|
+
can?(:create, @own_post).should be_true
|
56
|
+
can?(:create, @other_post).should be_false
|
57
|
+
|
58
|
+
can?(:update, @own_post).should be_true
|
59
|
+
can?(:update, @published_post).should be_false
|
60
|
+
|
61
|
+
update_attributes(@own_post, :published)
|
62
|
+
can?(:update, @own_post).should be_false
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
shared_examples "general_author_role" do
|
67
|
+
include_context "shared_author_role"
|
68
|
+
it 'should behave like general author' do
|
69
|
+
is?(:author, :on => @site).should be_true
|
70
|
+
is?(:author, :on => @other_site).should be_true
|
71
|
+
is?(:author).should be_true
|
72
|
+
|
73
|
+
user, User.current = User.current, nil
|
74
|
+
post = Post.new
|
75
|
+
User.current = user
|
76
|
+
can?(:create, post).should be_true
|
77
|
+
can?(:create, post, :on => @site).should be_true
|
78
|
+
can?(:create, post, :on => @other_site).should be_true
|
79
|
+
|
80
|
+
can?(:update, @own_post).should be_true
|
81
|
+
can?(:update, @published_post).should be_false
|
82
|
+
|
83
|
+
update_attributes(@own_post, :published)
|
84
|
+
can?(:update, @own_post).should be_false
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
shared_examples "class_author_role" do
|
89
|
+
include_context "shared_author_role"
|
90
|
+
it 'should behave like class author' do
|
91
|
+
user, User.current = User.current, nil
|
92
|
+
post = Post.new
|
93
|
+
User.current = user
|
94
|
+
can?(:create, post).should be_false
|
95
|
+
can?(:create, post, :on => @site).should be_true
|
96
|
+
can?(:create, post, :on => @other_site).should be_true
|
97
|
+
|
98
|
+
can?(:update, @own_post).should be_true
|
99
|
+
can?(:update, @published_post).should be_false
|
100
|
+
|
101
|
+
update_attributes(@own_post, :published)
|
102
|
+
can?(:update, @own_post).should be_false
|
103
|
+
end
|
104
|
+
end
|
105
|
+
|
106
|
+
shared_examples "shared_moderator_role" do
|
107
|
+
it 'should behave like all moderators' do
|
108
|
+
is?(:moderator, :on => @site).should be_true
|
109
|
+
is?(:moderator, :on => Comment.new).should be_true
|
110
|
+
is?(:moderator).should be_true
|
111
|
+
|
112
|
+
update_attributes(@own_post)
|
113
|
+
can?(:update, @own_post).should be_true
|
114
|
+
can?(:update, @published_post).should be_true
|
115
|
+
|
116
|
+
update_attributes(@other_post, :published)
|
117
|
+
can?(:publish, @other_post).should be_true
|
118
|
+
can?(:update, @other_post).should be_true
|
119
|
+
can?(:moderate, @other_comment).should be_true
|
120
|
+
can?(:update, @other_comment).should be_true
|
121
|
+
|
122
|
+
update_attributes(@own_post, :published)
|
123
|
+
can?(:publish, @own_post).should be_true
|
124
|
+
can?(:update, @own_post).should be_true
|
125
|
+
can?(:moderate, @comment).should be_true
|
126
|
+
can?(:update, @comment).should be_true
|
127
|
+
|
128
|
+
update_attributes(@own_post, :published, :user_id)
|
129
|
+
can?(:publish, @own_post).should be_false
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
shared_examples "site_admin_role" do
|
134
|
+
include_context "shared_author_role"
|
135
|
+
include_context "shared_moderator_role"
|
136
|
+
it 'should behave like site admin' do
|
137
|
+
is?(:site_admin, :on => @site).should be_true
|
138
|
+
is?(:site_admin, :on => @other_site).should be_false
|
139
|
+
comment = Comment.new
|
140
|
+
comment.id = @site.id
|
141
|
+
is?(:site_admin, :on => comment).should be_false
|
142
|
+
is?(:site_admin).should be_false
|
143
|
+
|
144
|
+
can?(:update, @site).should be_true
|
145
|
+
can?(:delete, @site).should be_false
|
146
|
+
|
147
|
+
user, User.current = User.current, nil
|
148
|
+
post = Post.new
|
149
|
+
User.current = user
|
150
|
+
can?(:create, post).should be_false
|
151
|
+
can?(:create, post, :on => @site).should be_true
|
152
|
+
can?(:create, post, :on => @other_site).should be_false
|
153
|
+
can?(:create, @own_post).should be_true
|
154
|
+
can?(:create, @other_post).should be_false
|
155
|
+
|
156
|
+
update_attributes(@own_post, :published, :content)
|
157
|
+
can?(:create, @own_post).should be_true
|
158
|
+
|
159
|
+
can?(:delete, @comment).should be_true
|
160
|
+
can?(:delete, @other_comment).should be_false
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
shared_examples "malformed_site_admin_role" do
|
165
|
+
it 'should not behave like site admin' do
|
166
|
+
is?(:site_admin, :on => @site).should be_false
|
167
|
+
is?(:site_admin, :on => @other_site).should be_false
|
168
|
+
end
|
169
|
+
end
|
170
|
+
|
171
|
+
shared_examples "moderator_author_role" do
|
172
|
+
include_context "shared_author_role"
|
173
|
+
include_context "shared_moderator_role"
|
174
|
+
it "should behave like moderator author" do
|
175
|
+
is?(:moderator_author, :on => @site).should be_true
|
176
|
+
is?(:moderator_author).should be_true
|
177
|
+
|
178
|
+
is?(:author).should be_true
|
179
|
+
is?(:author, :on => @site).should be_true
|
180
|
+
|
181
|
+
can?(:create, Post.new).should be_true
|
182
|
+
can?(:create, Post.new, :on => @site).should be_true
|
183
|
+
can?(:create, Post.new, :on => @other_site).should be_true
|
184
|
+
can?(:create, @own_post).should be_true
|
185
|
+
can?(:create, @other_post).should be_true
|
186
|
+
|
187
|
+
update_attributes(@own_post, :published, :content)
|
188
|
+
can?(:create, @own_post).should be_true
|
189
|
+
end
|
190
|
+
end
|
191
|
+
|
192
|
+
shared_examples "sysop_role" do
|
193
|
+
it "should allow all normal options to sysop" do
|
194
|
+
is?(:sysop).should be_true
|
195
|
+
|
196
|
+
can?(:create, Post).should be_true
|
197
|
+
can?(:create, Role).should be_true
|
198
|
+
can?(:create, Comment.new).should be_true
|
199
|
+
|
200
|
+
can?(:update, @own_post).should be_true
|
201
|
+
|
202
|
+
can?(:publish, @own_post).should be_false
|
203
|
+
end
|
204
|
+
end
|
205
|
+
|
206
|
+
shared_examples "moderator_role" do
|
207
|
+
include_context "shared_moderator_role"
|
208
|
+
it "should allow moderators to publish posts" do
|
209
|
+
user, User.current = User.current, nil
|
210
|
+
post = Post.new
|
211
|
+
User.current = user
|
212
|
+
can?(:create, user).should be_false
|
213
|
+
can?(:create, user, :on => @site).should be_false
|
214
|
+
can?(:create, user, :on => @other_site).should be_false
|
215
|
+
|
216
|
+
update_attributes(@own_post, :content)
|
217
|
+
can?(:publish, @own_post).should be_false
|
218
|
+
can?(:update, @own_post).should be_false
|
219
|
+
can?(:moderate, @comment).should be_false
|
220
|
+
can?(:update, @comment).should be_false
|
221
|
+
|
222
|
+
update_attributes(@own_post)
|
223
|
+
can?(:delete, @own_post).should be_false
|
224
|
+
end
|
225
|
+
end
|
data/spec/spec.opts
ADDED
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
+
require 'rubygems'
|
3
|
+
require 'dm-core'
|
4
|
+
require 'dm-migrations'
|
5
|
+
require 'role-auth'
|
6
|
+
#require 'sequel'
|
7
|
+
require 'rspec'
|
8
|
+
require 'rspec/autorun'
|
9
|
+
|
10
|
+
require 'support/classes'
|
11
|
+
require 'shared_specs'
|
12
|
+
|
13
|
+
RSpec.configure do |config|
|
14
|
+
config.include RoleAuth::InstanceMethods
|
15
|
+
end
|
16
|
+
|
17
|
+
# If you want the logs displayed you have to do this before the call to setup
|
18
|
+
# DataMapper::Logger.new($stdout, :debug)
|
19
|
+
|
20
|
+
# An in-memory Sqlite3 connection:
|
21
|
+
DataMapper.setup(:default, 'sqlite3::memory:')
|
22
|
+
|
23
|
+
DataMapper.auto_migrate!
|
24
|
+
|
25
|
+
def load_authorization_file(name = 'authorization')
|
26
|
+
file = File.new(File.expand_path(File.dirname(__FILE__) + "/support/#{name}.rb"))
|
27
|
+
RoleAuth::Builder.new(file).build
|
28
|
+
end
|
@@ -0,0 +1,68 @@
|
|
1
|
+
role :sysop do
|
2
|
+
can :create, :update, :delete, :any
|
3
|
+
end
|
4
|
+
|
5
|
+
role :admin do
|
6
|
+
can :do, Post, Comment, Site
|
7
|
+
end
|
8
|
+
|
9
|
+
role :alternative_admin do
|
10
|
+
can :do, :any
|
11
|
+
can_not :do, Role
|
12
|
+
end
|
13
|
+
|
14
|
+
role :author, :on => Site do
|
15
|
+
is :user
|
16
|
+
|
17
|
+
can :create, Post
|
18
|
+
can :update, Post, :if => only_changed(:content)
|
19
|
+
can :update, :delete, Post, :if => [is_owner, %{!post.published}]
|
20
|
+
can :publish, Comment, :if => %{ comment.post.published }
|
21
|
+
end
|
22
|
+
|
23
|
+
role :alternative_author, :on => Site do
|
24
|
+
is :user
|
25
|
+
|
26
|
+
can :create, :update_and_delete, Post
|
27
|
+
can :publish, Comment, :if => %{ comment.post.published }
|
28
|
+
end
|
29
|
+
|
30
|
+
role :moderator do
|
31
|
+
is :user
|
32
|
+
|
33
|
+
can :publish, Post
|
34
|
+
can :moderate, Comment
|
35
|
+
end
|
36
|
+
|
37
|
+
role :site_admin, :on => Site do
|
38
|
+
is :moderator
|
39
|
+
is :author
|
40
|
+
|
41
|
+
can :delete, Comment
|
42
|
+
can :update, Site # Document
|
43
|
+
end
|
44
|
+
|
45
|
+
role :moderator_author do
|
46
|
+
is :author, :moderator
|
47
|
+
|
48
|
+
can :create_and_publish, Post
|
49
|
+
end
|
50
|
+
|
51
|
+
role :user do
|
52
|
+
can :create, Comment
|
53
|
+
can :push, Comment
|
54
|
+
end
|
55
|
+
|
56
|
+
task :push
|
57
|
+
|
58
|
+
task :publish, :is => :update, :if => only_changed(:published)
|
59
|
+
|
60
|
+
task :moderate, :is => :update, :if => %{ user.can?(:publish, comment.post) }
|
61
|
+
|
62
|
+
task :create_update_own, :is => [:create, :update], :if => is_owner
|
63
|
+
|
64
|
+
task :create_and_publish, :is => :create_update_own, :if => only_changed(:published, :content)
|
65
|
+
|
66
|
+
task :update_and_delete, :is => [:update, :delete], :if => [is_owner, %{ !post.published}, only_changed(:content)]
|
67
|
+
|
68
|
+
task :build
|