rspec-authorization 0.0.2 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,260 @@
1
+ GIT
2
+ remote: git://github.com/stffn/declarative_authorization.git
3
+ revision: 45e91af20eba71b2828c5c84066bcce3ef032e8a
4
+ specs:
5
+ declarative_authorization (1.0.0.pre)
6
+
7
+ PATH
8
+ remote: ../
9
+ specs:
10
+ rspec-authorization (0.0.6)
11
+ declarative_authorization
12
+ rspec-rails (~> 3.0, < 3.2)
13
+
14
+ GEM
15
+ remote: https://rubygems.org/
16
+ specs:
17
+ actionmailer (4.2.0)
18
+ actionpack (= 4.2.0)
19
+ actionview (= 4.2.0)
20
+ activejob (= 4.2.0)
21
+ mail (~> 2.5, >= 2.5.4)
22
+ rails-dom-testing (~> 1.0, >= 1.0.5)
23
+ actionpack (4.2.0)
24
+ actionview (= 4.2.0)
25
+ activesupport (= 4.2.0)
26
+ rack (~> 1.6.0)
27
+ rack-test (~> 0.6.2)
28
+ rails-dom-testing (~> 1.0, >= 1.0.5)
29
+ rails-html-sanitizer (~> 1.0, >= 1.0.1)
30
+ actionview (4.2.0)
31
+ activesupport (= 4.2.0)
32
+ builder (~> 3.1)
33
+ erubis (~> 2.7.0)
34
+ rails-dom-testing (~> 1.0, >= 1.0.5)
35
+ rails-html-sanitizer (~> 1.0, >= 1.0.1)
36
+ activejob (4.2.0)
37
+ activesupport (= 4.2.0)
38
+ globalid (>= 0.3.0)
39
+ activemodel (4.2.0)
40
+ activesupport (= 4.2.0)
41
+ builder (~> 3.1)
42
+ activerecord (4.2.0)
43
+ activemodel (= 4.2.0)
44
+ activesupport (= 4.2.0)
45
+ arel (~> 6.0)
46
+ activesupport (4.2.0)
47
+ i18n (~> 0.7)
48
+ json (~> 1.7, >= 1.7.7)
49
+ minitest (~> 5.1)
50
+ thread_safe (~> 0.3, >= 0.3.4)
51
+ tzinfo (~> 1.1)
52
+ appraisal (1.0.3)
53
+ bundler
54
+ rake
55
+ thor (>= 0.14.0)
56
+ arel (6.0.0)
57
+ bcrypt (3.1.10)
58
+ builder (3.2.2)
59
+ byebug (4.0.3)
60
+ columnize (= 0.9.0)
61
+ celluloid (0.16.0)
62
+ timers (~> 4.0.0)
63
+ codeclimate-test-reporter (0.4.7)
64
+ simplecov (>= 0.7.1, < 1.0.0)
65
+ coderay (1.1.0)
66
+ coffee-rails (4.1.0)
67
+ coffee-script (>= 2.2.0)
68
+ railties (>= 4.0.0, < 5.0)
69
+ coffee-script (2.3.0)
70
+ coffee-script-source
71
+ execjs
72
+ coffee-script-source (1.9.1)
73
+ columnize (0.9.0)
74
+ devise (3.4.1)
75
+ bcrypt (~> 3.0)
76
+ orm_adapter (~> 0.1)
77
+ railties (>= 3.2.6, < 5)
78
+ responders
79
+ thread_safe (~> 0.1)
80
+ warden (~> 1.2.3)
81
+ diff-lcs (1.2.5)
82
+ docile (1.1.5)
83
+ erubis (2.7.0)
84
+ execjs (2.4.0)
85
+ ffi (1.9.8)
86
+ formatador (0.2.5)
87
+ globalid (0.3.3)
88
+ activesupport (>= 4.1.0)
89
+ guard (2.12.5)
90
+ formatador (>= 0.2.4)
91
+ listen (~> 2.7)
92
+ lumberjack (~> 1.0)
93
+ nenv (~> 0.1)
94
+ notiffany (~> 0.0)
95
+ pry (>= 0.9.12)
96
+ shellany (~> 0.0)
97
+ thor (>= 0.18.1)
98
+ guard-compat (1.2.1)
99
+ guard-rspec (4.5.0)
100
+ guard (~> 2.1)
101
+ guard-compat (~> 1.1)
102
+ rspec (>= 2.99.0, < 4.0)
103
+ hike (1.2.3)
104
+ hitimes (1.2.2)
105
+ i18n (0.7.0)
106
+ inch (0.5.10)
107
+ pry
108
+ sparkr (>= 0.2.0)
109
+ term-ansicolor
110
+ yard (~> 0.8.7.5)
111
+ jquery-rails (4.0.3)
112
+ rails-dom-testing (~> 1.0)
113
+ railties (>= 4.2.0)
114
+ thor (>= 0.14, < 2.0)
115
+ json (1.8.2)
116
+ listen (2.9.0)
117
+ celluloid (>= 0.15.2)
118
+ rb-fsevent (>= 0.9.3)
119
+ rb-inotify (>= 0.9)
120
+ loofah (2.0.1)
121
+ nokogiri (>= 1.5.9)
122
+ lumberjack (1.0.9)
123
+ mail (2.6.3)
124
+ mime-types (>= 1.16, < 3)
125
+ method_source (0.8.2)
126
+ mime-types (2.4.3)
127
+ mini_portile (0.6.2)
128
+ minitest (5.5.1)
129
+ multi_json (1.11.0)
130
+ nenv (0.2.0)
131
+ nokogiri (1.6.6.2)
132
+ mini_portile (~> 0.6.0)
133
+ notiffany (0.0.6)
134
+ nenv (~> 0.1)
135
+ shellany (~> 0.0)
136
+ orm_adapter (0.5.0)
137
+ pry (0.10.1)
138
+ coderay (~> 1.1.0)
139
+ method_source (~> 0.8.1)
140
+ slop (~> 3.4)
141
+ pry-byebug (3.1.0)
142
+ byebug (~> 4.0)
143
+ pry (~> 0.10)
144
+ rack (1.6.0)
145
+ rack-test (0.6.3)
146
+ rack (>= 1.0)
147
+ rails (4.2.0)
148
+ actionmailer (= 4.2.0)
149
+ actionpack (= 4.2.0)
150
+ actionview (= 4.2.0)
151
+ activejob (= 4.2.0)
152
+ activemodel (= 4.2.0)
153
+ activerecord (= 4.2.0)
154
+ activesupport (= 4.2.0)
155
+ bundler (>= 1.3.0, < 2.0)
156
+ railties (= 4.2.0)
157
+ sprockets-rails
158
+ rails-deprecated_sanitizer (1.0.3)
159
+ activesupport (>= 4.2.0.alpha)
160
+ rails-dom-testing (1.0.6)
161
+ activesupport (>= 4.2.0.beta, < 5.0)
162
+ nokogiri (~> 1.6.0)
163
+ rails-deprecated_sanitizer (>= 1.0.1)
164
+ rails-html-sanitizer (1.0.2)
165
+ loofah (~> 2.0)
166
+ railties (4.2.0)
167
+ actionpack (= 4.2.0)
168
+ activesupport (= 4.2.0)
169
+ rake (>= 0.8.7)
170
+ thor (>= 0.18.1, < 2.0)
171
+ rake (10.4.2)
172
+ rb-fsevent (0.9.4)
173
+ rb-inotify (0.9.5)
174
+ ffi (>= 0.5.0)
175
+ rdoc (4.2.0)
176
+ json (~> 1.4)
177
+ responders (2.1.0)
178
+ railties (>= 4.2.0, < 5)
179
+ rspec (3.1.0)
180
+ rspec-core (~> 3.1.0)
181
+ rspec-expectations (~> 3.1.0)
182
+ rspec-mocks (~> 3.1.0)
183
+ rspec-core (3.1.7)
184
+ rspec-support (~> 3.1.0)
185
+ rspec-expectations (3.1.2)
186
+ diff-lcs (>= 1.2.0, < 2.0)
187
+ rspec-support (~> 3.1.0)
188
+ rspec-its (1.2.0)
189
+ rspec-core (>= 3.0.0)
190
+ rspec-expectations (>= 3.0.0)
191
+ rspec-mocks (3.1.3)
192
+ rspec-support (~> 3.1.0)
193
+ rspec-rails (3.1.0)
194
+ actionpack (>= 3.0)
195
+ activesupport (>= 3.0)
196
+ railties (>= 3.0)
197
+ rspec-core (~> 3.1.0)
198
+ rspec-expectations (~> 3.1.0)
199
+ rspec-mocks (~> 3.1.0)
200
+ rspec-support (~> 3.1.0)
201
+ rspec-support (3.1.2)
202
+ shellany (0.0.1)
203
+ shoulda-matchers (2.8.0)
204
+ activesupport (>= 3.0.0)
205
+ simplecov (0.9.2)
206
+ docile (~> 1.1.0)
207
+ multi_json (~> 1.0)
208
+ simplecov-html (~> 0.9.0)
209
+ simplecov-html (0.9.0)
210
+ slop (3.6.0)
211
+ sparkr (0.4.1)
212
+ sprockets (2.12.3)
213
+ hike (~> 1.2)
214
+ multi_json (~> 1.0)
215
+ rack (~> 1.0)
216
+ tilt (~> 1.1, != 1.3.0)
217
+ sprockets-rails (2.2.4)
218
+ actionpack (>= 3.0)
219
+ activesupport (>= 3.0)
220
+ sprockets (>= 2.8, < 4.0)
221
+ sqlite3 (1.3.10)
222
+ term-ansicolor (1.3.0)
223
+ tins (~> 1.0)
224
+ thor (0.19.1)
225
+ thread_safe (0.3.5)
226
+ tilt (1.4.1)
227
+ timers (4.0.1)
228
+ hitimes
229
+ tins (1.3.5)
230
+ turbolinks (2.5.3)
231
+ coffee-rails
232
+ tzinfo (1.2.2)
233
+ thread_safe (~> 0.1)
234
+ warden (1.2.3)
235
+ rack (>= 1.0)
236
+ yard (0.8.7.6)
237
+
238
+ PLATFORMS
239
+ ruby
240
+
241
+ DEPENDENCIES
242
+ appraisal
243
+ bundler (~> 1.7)
244
+ codeclimate-test-reporter
245
+ declarative_authorization!
246
+ devise
247
+ guard-rspec
248
+ inch
249
+ jquery-rails
250
+ pry
251
+ pry-byebug
252
+ rails (= 4.2.0)
253
+ rake (~> 10.0)
254
+ rdoc
255
+ rspec-authorization!
256
+ rspec-its
257
+ shoulda-matchers
258
+ sqlite3
259
+ turbolinks
260
+ yard
@@ -1,5 +1,8 @@
1
1
  require "rspec/authorization/adapters/example"
2
2
  require "rspec/authorization/adapters/example_group"
3
+ require "rspec/authorization/adapters/privilege"
4
+ require "rspec/authorization/adapters/resource"
5
+ require "rspec/authorization/adapters/restful_helper_method"
3
6
  require "rspec/authorization/adapters/request"
4
7
  require "rspec/authorization/adapters/route"
5
8
 
@@ -0,0 +1,14 @@
1
+ module RSpec::Authorization
2
+ module Adapters
3
+ class Privilege # :nodoc:
4
+ attr_reader :actions, :negated_actions, :controller_class, :role
5
+
6
+ def initialize(**params)
7
+ @actions = params[:actions]
8
+ @negated_actions = params[:negated_actions]
9
+ @controller_class = params[:controller_class]
10
+ @role = params[:role]
11
+ end
12
+ end
13
+ end
14
+ end
@@ -136,7 +136,10 @@ module RSpec::Authorization
136
136
 
137
137
  def stub_callbacks
138
138
  group.before do
139
- methods = controller._process_action_callbacks.map(&:filter).split(:filter_access_filter).last
139
+ methods = controller._process_action_callbacks.map(&:filter)
140
+ methods.delete(:filter_access_filter)
141
+
142
+ methods = methods.select { |m| m.is_a? Symbol }
140
143
  controller.instance_eval do
141
144
  methods.each do |method|
142
145
  define_singleton_method method do |*args, &block|
@@ -0,0 +1,58 @@
1
+ module RSpec::Authorization
2
+ module Adapters
3
+ class Resource # :nodoc:
4
+ attr_reader :results, :negated_results, :privilege
5
+
6
+ delegate :actions, to: :privilege
7
+ delegate :negated_actions, to: :privilege
8
+ delegate :controller_class, to: :privilege
9
+ delegate :role, to: :privilege
10
+
11
+ def initialize(privilege)
12
+ @privilege = privilege
13
+ end
14
+
15
+ def run(actions)
16
+ actions.map do |action|
17
+ request = Request.new(controller_class, action, role)
18
+ [action, request.response.status != 403]
19
+ end
20
+ end
21
+
22
+ def run_all
23
+ requests
24
+ negated_requests
25
+ end
26
+
27
+ def permitted?
28
+ permitted_or_forbidden?(:permitted_for?, :forbidden_for?)
29
+ end
30
+
31
+ def forbidden?
32
+ permitted_or_forbidden?(:forbidden_for?, :permitted_for?)
33
+ end
34
+
35
+ private
36
+
37
+ def requests
38
+ @results = Hash[run(actions)]
39
+ end
40
+
41
+ def negated_requests
42
+ @negated_results = Hash[run(negated_actions)]
43
+ end
44
+
45
+ def permitted_or_forbidden?(primary, secondary)
46
+ send(primary, results) && (negated_results.present? ? send(secondary, negated_results) : true)
47
+ end
48
+
49
+ def permitted_for?(requests)
50
+ true unless requests.value? false
51
+ end
52
+
53
+ def forbidden_for?(requests)
54
+ true unless requests.value? true
55
+ end
56
+ end
57
+ end
58
+ end
@@ -0,0 +1,137 @@
1
+ module RSpec::Authorization
2
+ module Adapters
3
+ # Create a new restful helper method using the available dictionaries. Method
4
+ # that is not available raise a +NoMethodError+, consider the following
5
+ # example:
6
+ #
7
+ # RestfulHelperMethod.new(:to_read)
8
+ #
9
+ # This class can be inferred automatically as an array, for example on
10
+ # multiple assignment, consider the following example:
11
+ #
12
+ # behavior, actions = RestfulHelperMethod(:to_read)
13
+ # behavior # => :read
14
+ # actions # => [:index, :show]
15
+ #
16
+ # === RESTful helper methods
17
+ #
18
+ # Currently available helper method are:
19
+ #
20
+ # - +to_read+
21
+ # - +to_create+
22
+ # - +to_update+
23
+ # - +to_delete+
24
+ # - +to_manage+
25
+ #
26
+ # The above method is not related to declarative_authorization privileges,
27
+ # and serve simply as convinience method, below is a table of restful actions
28
+ # returned from the restful helper method:
29
+ #
30
+ # Method RESTful actions
31
+ # ----------------------------------------------------------------------
32
+ # to_read [:index, :show]
33
+ # to_create [:new, :create]
34
+ # to_update [:edit, :update]
35
+ # to_delete [:destroy]
36
+ # to_manage [:index, :show, :new, :create, :edit, :update, :destroy]
37
+ #
38
+ # === Focused RESTful helper methods
39
+ #
40
+ # Currently available focused helper methods are:
41
+ #
42
+ # - +only_to_read+
43
+ # - +only_to_create+
44
+ # - +only_to_update+
45
+ # - +only_to_delete+
46
+ #
47
+ # And their negated counterparts are:
48
+ #
49
+ # - +except_to_read+
50
+ # - +except_to_create+
51
+ # - +except_to_update+
52
+ # - +except_to_delete+
53
+ #
54
+ # The above helper methods have a different action table compared to the
55
+ # regular helper methods, this is due to it's nature to focus only on certain
56
+ # behavior, and it negates other actions:
57
+ #
58
+ # Method Focused actions Negated actions
59
+ # -------------------------------------------------------------------------
60
+ # only_to_read [:index, :show] [:new, :create, :edit, :update, :delete]
61
+ # only_to_create [:new, :create] [:index, :show, :edit, :update, :delete]
62
+ # only_to_update [:edit, :update] [:index, :show, :new, :create, :delete]
63
+ # only_to_delete [:destroy] [:index, :show, :new, :create, :edit, :update]
64
+ #
65
+ # The negated focused helper methods have exactly the opposite matching table,
66
+ # following is actions table for negated focused helper methods:
67
+ #
68
+ # Method Focused actions Negated actions
69
+ # -------------------------------------------------------------------------------
70
+ # except_to_read [:new, :create, :edit, :update, :delete] [:index, :show]
71
+ # except_to_create [:index, :show, :edit, :update, :delete] [:new, :create]
72
+ # except_to_update [:index, :show, :new, :create, :delete] [:edit, :update]
73
+ # except_to_delete [:index, :show, :new, :create, :edit, :update] [:destroy]
74
+ #
75
+ class RestfulHelperMethod
76
+ # @return [Symbol] Restful helper method prefix
77
+ attr_reader :prefix
78
+ # @return [Symbol] Restful helper method name
79
+ attr_reader :name
80
+ # @return [Symbol] The behavior of the restful helper method
81
+ attr_reader :behavior
82
+ # @return [Array<Symbol>] The list of actions for a given behavior
83
+ attr_reader :actions
84
+ # @return [Array<Symbol>] The list of negated actions for a given behavior
85
+ attr_reader :negated_actions
86
+
87
+ # Creates a restful helper method using the available dictionaries. Invalid
88
+ # or a non-available helper method that passed in raise an error, consider
89
+ # the following example:
90
+ #
91
+ # RestfulHelperMethod.new(:to_explode) # this will explode
92
+ # => NoMethodError: undefined method `to_explode' for RestfulHelperMethod
93
+ #
94
+ # @param name [Symbol] restful method name to be retrieved
95
+ def initialize(name)
96
+ @name, @prefix, @behavior = find_method(name).to_a.map(&:to_sym)
97
+
98
+ raise NoMethodError, error_message unless DICTIONARIES.key?(behavior)
99
+
100
+ @actions = DICTIONARIES[behavior]
101
+ @negated_actions = prefix.eql?(:to) ? [] : (DICTIONARIES[:manage] - actions)
102
+
103
+ swap_negated_actions if prefix.eql?(:except_to)
104
+ end
105
+
106
+ def humanize
107
+ name.to_s.gsub("_", " ")
108
+ end
109
+
110
+ private
111
+
112
+ def error_message
113
+ "undefined method `#{name}' for #{self.class}"
114
+ end
115
+
116
+ def find_method(name)
117
+ /^(to|only_to|except_to)_(.*)$/.match(name)
118
+ end
119
+
120
+ def swap_negated_actions
121
+ @actions, @negated_actions = negated_actions, actions
122
+ end
123
+
124
+ def to_a
125
+ [actions, negated_actions]
126
+ end
127
+
128
+ DICTIONARIES = {
129
+ read: %i(index show),
130
+ create: %i(new create),
131
+ update: %i(edit update),
132
+ delete: %i(destroy),
133
+ manage: %i(index show new create edit update destroy)
134
+ }
135
+ end
136
+ end
137
+ end