rspec-authorization 0.0.2 → 0.0.6

data/gemfiles/rails_4.2.0.gemfile.lock

@@ -0,0 +1,260 @@
+GIT
+  remote: git://github.com/stffn/declarative_authorization.git
+  revision: 45e91af20eba71b2828c5c84066bcce3ef032e8a
+  specs:
+    declarative_authorization (1.0.0.pre)
+
+PATH
+  remote: ../
+  specs:
+    rspec-authorization (0.0.6)
+      declarative_authorization
+      rspec-rails (~> 3.0, < 3.2)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (4.2.0)
+      actionpack (= 4.2.0)
+      actionview (= 4.2.0)
+      activejob (= 4.2.0)
+      mail (~> 2.5, >= 2.5.4)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+    actionpack (4.2.0)
+      actionview (= 4.2.0)
+      activesupport (= 4.2.0)
+      rack (~> 1.6.0)
+      rack-test (~> 0.6.2)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    actionview (4.2.0)
+      activesupport (= 4.2.0)
+      builder (~> 3.1)
+      erubis (~> 2.7.0)
+      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-html-sanitizer (~> 1.0, >= 1.0.1)
+    activejob (4.2.0)
+      activesupport (= 4.2.0)
+      globalid (>= 0.3.0)
+    activemodel (4.2.0)
+      activesupport (= 4.2.0)
+      builder (~> 3.1)
+    activerecord (4.2.0)
+      activemodel (= 4.2.0)
+      activesupport (= 4.2.0)
+      arel (~> 6.0)
+    activesupport (4.2.0)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    appraisal (1.0.3)
+      bundler
+      rake
+      thor (>= 0.14.0)
+    arel (6.0.0)
+    bcrypt (3.1.10)
+    builder (3.2.2)
+    byebug (4.0.3)
+      columnize (= 0.9.0)
+    celluloid (0.16.0)
+      timers (~> 4.0.0)
+    codeclimate-test-reporter (0.4.7)
+      simplecov (>= 0.7.1, < 1.0.0)
+    coderay (1.1.0)
+    coffee-rails (4.1.0)
+      coffee-script (>= 2.2.0)
+      railties (>= 4.0.0, < 5.0)
+    coffee-script (2.3.0)
+      coffee-script-source
+      execjs
+    coffee-script-source (1.9.1)
+    columnize (0.9.0)
+    devise (3.4.1)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
+    diff-lcs (1.2.5)
+    docile (1.1.5)
+    erubis (2.7.0)
+    execjs (2.4.0)
+    ffi (1.9.8)
+    formatador (0.2.5)
+    globalid (0.3.3)
+      activesupport (>= 4.1.0)
+    guard (2.12.5)
+      formatador (>= 0.2.4)
+      listen (~> 2.7)
+      lumberjack (~> 1.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.5.0)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    hike (1.2.3)
+    hitimes (1.2.2)
+    i18n (0.7.0)
+    inch (0.5.10)
+      pry
+      sparkr (>= 0.2.0)
+      term-ansicolor
+      yard (~> 0.8.7.5)
+    jquery-rails (4.0.3)
+      rails-dom-testing (~> 1.0)
+      railties (>= 4.2.0)
+      thor (>= 0.14, < 2.0)
+    json (1.8.2)
+    listen (2.9.0)
+      celluloid (>= 0.15.2)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9)
+    loofah (2.0.1)
+      nokogiri (>= 1.5.9)
+    lumberjack (1.0.9)
+    mail (2.6.3)
+      mime-types (>= 1.16, < 3)
+    method_source (0.8.2)
+    mime-types (2.4.3)
+    mini_portile (0.6.2)
+    minitest (5.5.1)
+    multi_json (1.11.0)
+    nenv (0.2.0)
+    nokogiri (1.6.6.2)
+      mini_portile (~> 0.6.0)
+    notiffany (0.0.6)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    orm_adapter (0.5.0)
+    pry (0.10.1)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    pry-byebug (3.1.0)
+      byebug (~> 4.0)
+      pry (~> 0.10)
+    rack (1.6.0)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rails (4.2.0)
+      actionmailer (= 4.2.0)
+      actionpack (= 4.2.0)
+      actionview (= 4.2.0)
+      activejob (= 4.2.0)
+      activemodel (= 4.2.0)
+      activerecord (= 4.2.0)
+      activesupport (= 4.2.0)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.2.0)
+      sprockets-rails
+    rails-deprecated_sanitizer (1.0.3)
+      activesupport (>= 4.2.0.alpha)
+    rails-dom-testing (1.0.6)
+      activesupport (>= 4.2.0.beta, < 5.0)
+      nokogiri (~> 1.6.0)
+      rails-deprecated_sanitizer (>= 1.0.1)
+    rails-html-sanitizer (1.0.2)
+      loofah (~> 2.0)
+    railties (4.2.0)
+      actionpack (= 4.2.0)
+      activesupport (= 4.2.0)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.4.2)
+    rb-fsevent (0.9.4)
+    rb-inotify (0.9.5)
+      ffi (>= 0.5.0)
+    rdoc (4.2.0)
+      json (~> 1.4)
+    responders (2.1.0)
+      railties (>= 4.2.0, < 5)
+    rspec (3.1.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+    rspec-core (3.1.7)
+      rspec-support (~> 3.1.0)
+    rspec-expectations (3.1.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.1.0)
+    rspec-its (1.2.0)
+      rspec-core (>= 3.0.0)
+      rspec-expectations (>= 3.0.0)
+    rspec-mocks (3.1.3)
+      rspec-support (~> 3.1.0)
+    rspec-rails (3.1.0)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 3.1.0)
+      rspec-expectations (~> 3.1.0)
+      rspec-mocks (~> 3.1.0)
+      rspec-support (~> 3.1.0)
+    rspec-support (3.1.2)
+    shellany (0.0.1)
+    shoulda-matchers (2.8.0)
+      activesupport (>= 3.0.0)
+    simplecov (0.9.2)
+      docile (~> 1.1.0)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.9.0)
+    simplecov-html (0.9.0)
+    slop (3.6.0)
+    sparkr (0.4.1)
+    sprockets (2.12.3)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.2.4)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (>= 2.8, < 4.0)
+    sqlite3 (1.3.10)
+    term-ansicolor (1.3.0)
+      tins (~> 1.0)
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    tilt (1.4.1)
+    timers (4.0.1)
+      hitimes
+    tins (1.3.5)
+    turbolinks (2.5.3)
+      coffee-rails
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    warden (1.2.3)
+      rack (>= 1.0)
+    yard (0.8.7.6)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  appraisal
+  bundler (~> 1.7)
+  codeclimate-test-reporter
+  declarative_authorization!
+  devise
+  guard-rspec
+  inch
+  jquery-rails
+  pry
+  pry-byebug
+  rails (= 4.2.0)
+  rake (~> 10.0)
+  rdoc
+  rspec-authorization!
+  rspec-its
+  shoulda-matchers
+  sqlite3
+  turbolinks
+  yard

data/lib/rspec/authorization/adapters.rb

@@ -1,5 +1,8 @@
 require "rspec/authorization/adapters/example"
 require "rspec/authorization/adapters/example_group"
+require "rspec/authorization/adapters/privilege"
+require "rspec/authorization/adapters/resource"
+require "rspec/authorization/adapters/restful_helper_method"
 require "rspec/authorization/adapters/request"
 require "rspec/authorization/adapters/route"
 

data/lib/rspec/authorization/adapters/privilege.rb

@@ -0,0 +1,14 @@
+module RSpec::Authorization
+  module Adapters
+    class Privilege # :nodoc:
+      attr_reader :actions, :negated_actions, :controller_class, :role
+
+      def initialize(**params)
+        @actions          = params[:actions]
+        @negated_actions  = params[:negated_actions]
+        @controller_class = params[:controller_class]
+        @role             = params[:role]
+      end
+    end
+  end
+end

data/lib/rspec/authorization/adapters/request.rb

@@ -136,7 +136,10 @@ module RSpec::Authorization
 
       def stub_callbacks
         group.before do
-          methods = controller._process_action_callbacks.map(&:filter).split(:filter_access_filter).last
+          methods = controller._process_action_callbacks.map(&:filter)
+          methods.delete(:filter_access_filter)
+
+          methods = methods.select { |m| m.is_a? Symbol }
           controller.instance_eval do
             methods.each do |method|
               define_singleton_method method do |*args, &block|

data/lib/rspec/authorization/adapters/resource.rb

@@ -0,0 +1,58 @@
+module RSpec::Authorization
+  module Adapters
+    class Resource # :nodoc:
+      attr_reader :results, :negated_results, :privilege
+
+      delegate :actions, to: :privilege
+      delegate :negated_actions, to: :privilege
+      delegate :controller_class, to: :privilege
+      delegate :role, to: :privilege
+
+      def initialize(privilege)
+        @privilege = privilege
+      end
+
+      def run(actions)
+        actions.map do |action|
+          request = Request.new(controller_class, action, role)
+          [action, request.response.status != 403]
+        end
+      end
+
+      def run_all
+        requests
+        negated_requests
+      end
+
+      def permitted?
+        permitted_or_forbidden?(:permitted_for?, :forbidden_for?)
+      end
+
+      def forbidden?
+        permitted_or_forbidden?(:forbidden_for?, :permitted_for?)
+      end
+
+      private
+
+      def requests
+        @results = Hash[run(actions)]
+      end
+
+      def negated_requests
+        @negated_results = Hash[run(negated_actions)]
+      end
+
+      def permitted_or_forbidden?(primary, secondary)
+        send(primary, results) && (negated_results.present? ? send(secondary, negated_results) : true)
+      end
+
+      def permitted_for?(requests)
+        true unless requests.value? false
+      end
+
+      def forbidden_for?(requests)
+        true unless requests.value? true
+      end
+    end
+  end
+end

data/lib/rspec/authorization/adapters/restful_helper_method.rb

@@ -0,0 +1,137 @@
+module RSpec::Authorization
+  module Adapters
+    # Create a new restful helper method using the available dictionaries. Method
+    # that is not available raise a +NoMethodError+, consider the following
+    # example:
+    #
+    #   RestfulHelperMethod.new(:to_read)
+    #
+    # This class can be inferred automatically as an array, for example on
+    # multiple assignment, consider the following example:
+    #
+    #   behavior, actions = RestfulHelperMethod(:to_read)
+    #   behavior # => :read
+    #   actions  # => [:index, :show]
+    #
+    # === RESTful helper methods
+    #
+    # Currently available helper method are:
+    #
+    # - +to_read+
+    # - +to_create+
+    # - +to_update+
+    # - +to_delete+
+    # - +to_manage+
+    #
+    # The above method is not related to declarative_authorization privileges,
+    # and serve simply as convinience method, below is a table of restful actions
+    # returned from the restful helper method:
+    #
+    #   Method        RESTful actions
+    #   ----------------------------------------------------------------------
+    #   to_read       [:index, :show]
+    #   to_create     [:new, :create]
+    #   to_update     [:edit, :update]
+    #   to_delete     [:destroy]
+    #   to_manage     [:index, :show, :new, :create, :edit, :update, :destroy]
+    #
+    # === Focused RESTful helper methods
+    #
+    # Currently available focused helper methods are:
+    #
+    # - +only_to_read+
+    # - +only_to_create+
+    # - +only_to_update+
+    # - +only_to_delete+
+    #
+    # And their negated counterparts are:
+    #
+    # - +except_to_read+
+    # - +except_to_create+
+    # - +except_to_update+
+    # - +except_to_delete+
+    #
+    # The above helper methods have a different action table compared to the
+    # regular helper methods, this is due to it's nature to focus only on certain
+    # behavior, and it negates other actions:
+    #
+    #   Method         Focused actions   Negated actions
+    #   -------------------------------------------------------------------------
+    #   only_to_read   [:index, :show]   [:new, :create, :edit, :update, :delete]
+    #   only_to_create [:new, :create]   [:index, :show, :edit, :update, :delete]
+    #   only_to_update [:edit, :update]  [:index, :show, :new, :create, :delete]
+    #   only_to_delete [:destroy]        [:index, :show, :new, :create, :edit, :update]
+    #
+    # The negated focused helper methods have exactly the opposite matching table,
+    # following is actions table for negated focused helper methods:
+    #
+    #   Method           Focused actions                                Negated actions
+    #   -------------------------------------------------------------------------------
+    #   except_to_read   [:new, :create, :edit, :update, :delete]       [:index, :show]
+    #   except_to_create [:index, :show, :edit, :update, :delete]       [:new, :create]
+    #   except_to_update [:index, :show, :new, :create, :delete]        [:edit, :update]
+    #   except_to_delete [:index, :show, :new, :create, :edit, :update] [:destroy]
+    #
+    class RestfulHelperMethod
+      # @return [Symbol] Restful helper method prefix
+      attr_reader :prefix
+      # @return [Symbol] Restful helper method name
+      attr_reader :name
+      # @return [Symbol] The behavior of the restful helper method
+      attr_reader :behavior
+      # @return [Array<Symbol>] The list of actions for a given behavior
+      attr_reader :actions
+      # @return [Array<Symbol>] The list of negated actions for a given behavior
+      attr_reader :negated_actions
+
+      # Creates a restful helper method using the available dictionaries. Invalid
+      # or a non-available helper method that passed in raise an error, consider
+      # the following example:
+      #
+      #   RestfulHelperMethod.new(:to_explode) # this will explode
+      #   => NoMethodError: undefined method `to_explode' for RestfulHelperMethod
+      #
+      # @param name [Symbol] restful method name to be retrieved
+      def initialize(name)
+        @name, @prefix, @behavior = find_method(name).to_a.map(&:to_sym)
+
+        raise NoMethodError, error_message unless DICTIONARIES.key?(behavior)
+
+        @actions         = DICTIONARIES[behavior]
+        @negated_actions = prefix.eql?(:to) ? [] : (DICTIONARIES[:manage] - actions)
+
+        swap_negated_actions if prefix.eql?(:except_to)
+      end
+
+      def humanize
+        name.to_s.gsub("_", " ")
+      end
+
+      private
+
+      def error_message
+        "undefined method `#{name}' for #{self.class}"
+      end
+
+      def find_method(name)
+        /^(to|only_to|except_to)_(.*)$/.match(name)
+      end
+
+      def swap_negated_actions
+        @actions, @negated_actions = negated_actions, actions
+      end
+
+      def to_a
+        [actions, negated_actions]
+      end
+
+      DICTIONARIES = {
+        read:   %i(index show),
+        create: %i(new create),
+        update: %i(edit update),
+        delete: %i(destroy),
+        manage: %i(index show new create edit update destroy)
+      }
+    end
+  end
+end