role-auth 0.1.9

data/spec/in_memory_spec.rb

@@ -0,0 +1,123 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+sysop_role = Memory::Role.new('sysop')
+admin_role = Memory::Role.new('admin')
+alternative_admin_role = Memory::Role.new('alternative_admin')
+author_role = Memory::Role.new('author','Memory::Site',1)
+class_author_role = Memory::Role.new('author','Memory::Site')
+general_author_role = Memory::Role.new('author')
+alternative_author_role = Memory::Role.new('alternative_author','Memory::Site',1)
+moderator_author_role = Memory::Role.new('moderator_author')
+site_admin_role = Memory::Role.new('site_admin','Memory::Site',1)
+malformed_site_admin_role = Memory::Role.new('site_admin','site',1)
+moderator_role = Memory::Role.new('moderator')
+user_role = Memory::Role.new('user')
+guest_role = Memory::Role.new('guest')
+
+sysop = Memory::User.new(1,[sysop_role])
+admin = Memory::User.new(2,[admin_role])
+alternative_admin = Memory::User.new(2,[alternative_admin_role])
+author = Memory::User.new(3,[author_role])
+class_author = Memory::User.new(3,[class_author_role])
+general_author = Memory::User.new(3,[general_author_role])
+alternative_author = Memory::User.new(3,[alternative_author_role])
+moderator = Memory::User.new(4,[moderator_role])
+moderator_author = Memory::User.new(3,[moderator_author_role])
+site_admin = Memory::User.new(3,[site_admin_role])
+malformed_site_admin = Memory::User.new(3,[malformed_site_admin_role])
+user = Memory::User.new(5, [user_role])
+
+site = Memory::Site.new(1)
+own_post = Memory::Post.new(1,site,3) # Memory::Post by author
+other_authors_post = Memory::Post.new(3,site,2)
+published_post = Memory::Post.new(4,site,3,true)
+comment = Memory::Comment.new(1,site,own_post)
+comment_on_published_post = Memory::Comment.new(1,site,published_post)
+
+other_site = Memory::Site.new(2)
+other_post = Memory::Post.new(2,other_site,2)
+other_comment = Memory::Comment.new(2,other_site,other_post)
+
+describe "RoleAuth in memory" do
+  before :all do
+    Comment = Memory::Comment
+    Site = Memory::Site
+    Role = Memory::Role
+    Post = Memory::Post
+    User = Memory::User
+    load_authorization_file
+    @site = site
+    @own_post = own_post
+    @other_authors_post = other_authors_post
+    @published_post = published_post
+    @comment = comment
+    @comment_on_published_post = comment_on_published_post
+    @other_site = other_site
+    @other_post = other_post
+    @other_comment = other_comment
+  end
+
+  def update_attributes(object, *attr)
+    object.updated_attributes = attr
+  end
+
+  describe 'admin' do
+    include_context "admin_role"
+    before(:all){ User.current = admin }
+  end
+
+  describe 'alternative admin' do
+    include_context "admin_role"
+    before(:all){ User.current = alternative_admin }
+  end
+
+  describe 'author on site instance' do
+    include_context "author_role"
+    before(:all){ User.current = author }
+  end
+
+  describe 'author on site class' do
+    include_context "class_author_role"
+    before(:all){ User.current = class_author }
+  end
+
+  describe 'author' do
+    include_context "general_author_role"
+    before(:all){ User.current = general_author }
+  end
+
+  describe 'alternative author' do
+    include_context "author_role"
+    before(:all){ User.current = alternative_author }
+  end
+
+  describe 'moderator author' do
+    include_context "moderator_author_role"
+    before(:all){ User.current = moderator_author }
+  end
+
+  describe 'site admin' do
+    include_context "site_admin_role"
+    before(:all) { User.current = site_admin}
+  end
+
+  describe 'malformed site admin' do
+    include_context "malformed_site_admin_role"
+    before(:all) { User.current = malformed_site_admin}
+  end
+
+  describe 'moderator' do
+    include_context "moderator_role"
+    before(:all){ User.current = moderator }
+  end
+
+  describe 'sysop' do
+    include_context "sysop_role"
+    before(:all){ User.current = sysop }
+  end
+
+  describe 'user' do
+    include_context "user_role"
+    before(:all){ User.current = user }
+  end
+end

data/spec/shared_specs.rb

@@ -0,0 +1,225 @@
+shared_examples "user_role" do
+  it 'should behave like user' do
+    #is?(:user, :on => @site).should be_true
+    #is?(:user).should be_true
+
+    can?(:create, Comment.new).should be_true
+    can?(:push, Comment.new).should be_true
+  end
+end
+shared_examples "admin_role" do
+  it "should behave like admin" do
+
+    can?(:build, Post).should be_true
+
+    can?(:create, Post.new).should be_true
+    can?(:create, Role.new).should be_false
+    can?(:create, Comment.new).should be_true
+    can?(:create, Site.new).should be_true
+
+    can?(:update, @own_post).should be_true
+
+    can?(:publish, @own_post).should be_true
+  end
+end
+
+shared_examples "shared_author_role" do
+  include_context "user_role"
+  it 'should behave like all authors' do
+    update_attributes(@own_post, :content)
+
+    can?(:update, @own_post).should be_true
+
+    update_attributes(@other_authors_post, :content)
+    can?(:update, @other_authors_post).should be_false
+
+    can?(:publish, @comment).should be_false
+    can?(:publish, @comment_on_published_post).should be_true
+    can?(:publish, @other_comment).should be_false
+
+    can?(:delete, @own_post).should be_true
+    can?(:delete, @other_authors_post).should be_false
+    can?(:delete, @published_post).should be_false
+  end
+end
+
+shared_examples "author_role" do
+  include_context "shared_author_role"
+  it "should behave like author" do
+    user, User.current = User.current, nil
+    post = Post.new
+    User.current = user
+    can?(:create, post).should be_false
+    can?(:create, post, :on => @site).should be_true
+    can?(:create, post, :on => @other_site).should be_false
+    can?(:create, @own_post).should be_true
+    can?(:create, @other_post).should be_false
+
+    can?(:update, @own_post).should be_true
+    can?(:update, @published_post).should be_false
+
+    update_attributes(@own_post, :published)
+    can?(:update, @own_post).should be_false
+  end
+end
+
+shared_examples "general_author_role" do
+  include_context "shared_author_role"
+  it 'should behave like general author' do
+    is?(:author, :on => @site).should be_true
+    is?(:author, :on => @other_site).should be_true
+    is?(:author).should be_true
+
+    user, User.current = User.current, nil
+    post = Post.new
+    User.current = user
+    can?(:create, post).should be_true
+    can?(:create, post, :on => @site).should be_true
+    can?(:create, post, :on => @other_site).should be_true
+
+    can?(:update, @own_post).should be_true
+    can?(:update, @published_post).should be_false
+
+    update_attributes(@own_post, :published)
+    can?(:update, @own_post).should be_false
+  end
+end
+
+shared_examples "class_author_role" do
+  include_context "shared_author_role"
+  it 'should behave like class author' do
+    user, User.current = User.current, nil
+    post = Post.new
+    User.current = user
+    can?(:create, post).should be_false
+    can?(:create, post, :on => @site).should be_true
+    can?(:create, post, :on => @other_site).should be_true
+
+    can?(:update, @own_post).should be_true
+    can?(:update, @published_post).should be_false
+
+    update_attributes(@own_post, :published)
+    can?(:update, @own_post).should be_false
+  end
+end
+
+shared_examples "shared_moderator_role" do
+  it 'should behave like all moderators' do
+    is?(:moderator, :on => @site).should be_true
+    is?(:moderator, :on => Comment.new).should be_true
+    is?(:moderator).should be_true
+
+    update_attributes(@own_post)
+    can?(:update, @own_post).should be_true
+    can?(:update, @published_post).should be_true
+
+    update_attributes(@other_post, :published)
+    can?(:publish, @other_post).should be_true
+    can?(:update, @other_post).should be_true
+    can?(:moderate, @other_comment).should be_true
+    can?(:update, @other_comment).should be_true
+
+    update_attributes(@own_post, :published)
+    can?(:publish, @own_post).should be_true
+    can?(:update, @own_post).should be_true
+    can?(:moderate, @comment).should be_true
+    can?(:update, @comment).should be_true
+
+    update_attributes(@own_post, :published, :user_id)
+    can?(:publish, @own_post).should be_false
+  end
+end
+
+shared_examples "site_admin_role" do
+  include_context "shared_author_role"
+  include_context "shared_moderator_role"
+  it 'should behave like site admin' do
+    is?(:site_admin, :on => @site).should be_true
+    is?(:site_admin, :on => @other_site).should be_false
+    comment = Comment.new
+    comment.id = @site.id
+    is?(:site_admin, :on => comment).should be_false
+    is?(:site_admin).should be_false
+
+    can?(:update, @site).should be_true
+    can?(:delete, @site).should be_false
+
+    user, User.current = User.current, nil
+    post = Post.new
+    User.current = user
+    can?(:create, post).should be_false
+    can?(:create, post, :on => @site).should be_true
+    can?(:create, post, :on => @other_site).should be_false
+    can?(:create, @own_post).should be_true
+    can?(:create, @other_post).should be_false
+
+    update_attributes(@own_post, :published, :content)
+    can?(:create, @own_post).should be_true
+
+    can?(:delete, @comment).should be_true
+    can?(:delete, @other_comment).should be_false
+  end
+end
+
+shared_examples "malformed_site_admin_role" do
+  it 'should not behave like site admin' do
+    is?(:site_admin, :on => @site).should be_false
+    is?(:site_admin, :on => @other_site).should be_false
+  end
+end
+
+shared_examples "moderator_author_role" do
+  include_context "shared_author_role"
+  include_context "shared_moderator_role"
+  it "should behave like moderator author" do
+    is?(:moderator_author, :on => @site).should be_true
+    is?(:moderator_author).should be_true
+
+    is?(:author).should be_true
+    is?(:author, :on => @site).should be_true
+
+    can?(:create, Post.new).should be_true
+    can?(:create, Post.new, :on => @site).should be_true
+    can?(:create, Post.new, :on => @other_site).should be_true
+    can?(:create, @own_post).should be_true
+    can?(:create, @other_post).should be_true
+
+    update_attributes(@own_post, :published, :content)
+    can?(:create, @own_post).should be_true
+  end
+end
+
+shared_examples "sysop_role" do
+  it "should allow all normal options to sysop" do
+    is?(:sysop).should be_true
+
+    can?(:create, Post).should be_true
+    can?(:create, Role).should be_true
+    can?(:create, Comment.new).should be_true
+
+    can?(:update, @own_post).should be_true
+
+    can?(:publish, @own_post).should be_false
+  end
+end
+
+shared_examples "moderator_role" do
+  include_context "shared_moderator_role"
+  it "should allow moderators to publish posts" do
+    user, User.current = User.current, nil
+    post = Post.new
+    User.current = user
+    can?(:create, user).should be_false
+    can?(:create, user, :on => @site).should be_false
+    can?(:create, user, :on => @other_site).should be_false
+
+    update_attributes(@own_post, :content)
+    can?(:publish, @own_post).should be_false
+    can?(:update, @own_post).should be_false
+    can?(:moderate, @comment).should be_false
+    can?(:update, @comment).should be_false
+
+    update_attributes(@own_post)
+    can?(:delete, @own_post).should be_false
+  end
+end

data/spec/spec.opts

@@ -0,0 +1,3 @@
+--color
+--backtrace
+

data/spec/spec_helper.rb

@@ -0,0 +1,28 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'rubygems'
+require 'dm-core'
+require 'dm-migrations'
+require 'role-auth'
+#require 'sequel'
+require 'rspec'
+require 'rspec/autorun'
+
+require 'support/classes'
+require 'shared_specs'
+
+RSpec.configure do |config|
+  config.include RoleAuth::InstanceMethods
+end
+
+# If you want the logs displayed you have to do this before the call to setup
+# DataMapper::Logger.new($stdout, :debug)
+
+# An in-memory Sqlite3 connection:
+DataMapper.setup(:default, 'sqlite3::memory:')
+
+DataMapper.auto_migrate!
+
+def load_authorization_file(name = 'authorization')
+  file = File.new(File.expand_path(File.dirname(__FILE__) + "/support/#{name}.rb"))
+  RoleAuth::Builder.new(file).build
+end

data/spec/support/authorization.rb

@@ -0,0 +1,68 @@
+role :sysop do
+  can :create, :update, :delete, :any
+end
+
+role :admin do
+  can :do, Post, Comment, Site
+end
+
+role :alternative_admin do
+  can :do, :any
+  can_not :do, Role
+end
+
+role :author, :on => Site do
+  is :user
+
+  can :create, Post
+  can :update, Post, :if => only_changed(:content)
+  can :update, :delete, Post, :if => [is_owner, %{!post.published}]
+  can :publish, Comment, :if => %{ comment.post.published }
+end
+
+role :alternative_author, :on => Site do
+  is :user
+
+  can :create, :update_and_delete, Post
+  can :publish, Comment, :if => %{ comment.post.published }
+end
+
+role :moderator do
+  is :user
+
+  can :publish, Post
+  can :moderate, Comment
+end
+
+role :site_admin, :on => Site do
+  is :moderator
+  is :author
+
+  can :delete, Comment
+  can :update, Site # Document
+end
+
+role :moderator_author do
+  is :author, :moderator
+
+  can :create_and_publish, Post
+end
+
+role :user do
+  can :create, Comment
+  can :push, Comment
+end
+
+task :push
+
+task :publish, :is => :update, :if => only_changed(:published)
+
+task :moderate, :is => :update, :if => %{ user.can?(:publish, comment.post) }
+
+task :create_update_own, :is => [:create, :update], :if => is_owner
+
+task :create_and_publish, :is => :create_update_own, :if => only_changed(:published, :content)
+
+task :update_and_delete, :is => [:update, :delete], :if => [is_owner, %{ !post.published}, only_changed(:content)]
+
+task :build