rurounijones-acl9 0.10.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,93 @@
1
+ require 'test_helper'
2
+
3
+ require File.join(File.dirname(__FILE__), '..', 'lib', 'acl9')
4
+
5
+ module SomeHelper
6
+ include Acl9Helpers
7
+
8
+ access_control :the_question do
9
+ allow :hamlet, :to => :be
10
+ allow :hamlet, :except => :be
11
+ end
12
+ end
13
+
14
+ class HelperTest < Test::Unit::TestCase
15
+ module Hamlet
16
+ def current_user
17
+ user = Object.new
18
+
19
+ class <<user
20
+ def has_role?(role, obj=nil)
21
+ role == 'hamlet'
22
+ end
23
+ end
24
+
25
+ user
26
+ end
27
+ end
28
+
29
+ module NotLoggedIn
30
+ def current_user; nil end
31
+ end
32
+
33
+ module Noone
34
+ def current_user
35
+ user = Object.new
36
+
37
+ class <<user
38
+ def has_role?(*_); false end
39
+ end
40
+
41
+ user
42
+ end
43
+ end
44
+
45
+ class Base
46
+ include SomeHelper
47
+
48
+ attr_accessor :action_name
49
+ def controller
50
+ self
51
+ end
52
+ end
53
+
54
+ class Klass1 < Base
55
+ include Hamlet
56
+ end
57
+
58
+ class Klass2 < Base
59
+ include NotLoggedIn
60
+ end
61
+
62
+ class Klass3 < Base
63
+ include Noone
64
+ end
65
+
66
+ it "has :the_question method" do
67
+ Base.new.should respond_to(:the_question)
68
+ end
69
+
70
+ it "role :hamlet is allowed to be" do
71
+ k = Klass1.new
72
+ k.action_name = 'be'
73
+ k.the_question.should be_true
74
+ end
75
+
76
+ it "role :hamlet is allowed to not_be" do
77
+ k = Klass1.new
78
+ k.action_name = 'not_be'
79
+ k.the_question.should be_true
80
+ end
81
+
82
+ it "not logged in is not allowed to be" do
83
+ k = Klass2.new
84
+ k.action_name = 'be'
85
+ k.the_question.should == false
86
+ end
87
+
88
+ it "noone is not allowed to be" do
89
+ k = Klass3.new
90
+ k.action_name = 'be'
91
+ k.the_question.should == false
92
+ end
93
+ end
@@ -0,0 +1,293 @@
1
+ require 'test_helper'
2
+ require File.join(File.dirname(__FILE__), '..', 'lib', 'acl9')
3
+ require 'support/models'
4
+
5
+ #Logger = ActiveRecord::Base.logger
6
+ load 'support/schema.rb'
7
+
8
+ class RolesTest < Test::Unit::TestCase
9
+ before do
10
+ Role.destroy_all
11
+ [User, Foo, Bar].each { |model| model.delete_all }
12
+
13
+ @user = User.create!
14
+ @user2 = User.create!
15
+ @foo = Foo.create!
16
+ @bar = Bar.create!
17
+ end
18
+
19
+ it "should not have any roles by default" do
20
+ %w(user manager admin owner).each do |role|
21
+ @user.has_role?(role).should be_false
22
+ end
23
+ end
24
+
25
+ it "#has_role! without object (global role)" do
26
+ lambda do
27
+ @user.has_role!('admin')
28
+ end.should change { Role.count }.from(0).to(1)
29
+
30
+ @user.has_role?('admin').should be_true
31
+ @user2.has_role?('admin').should be_false
32
+ end
33
+
34
+ it "should not count global role as object role" do
35
+ @user.has_role!('admin')
36
+
37
+ [@foo, @bar, Foo, Bar, @user].each do |obj|
38
+ @user.has_role?('admin', obj).should be_false
39
+ @user.has_roles_for?(obj).should be_false
40
+ @user.roles_for(obj).should == []
41
+ end
42
+
43
+ [@foo, @bar].each do |obj|
44
+ obj.accepts_role?('admin', @user).should be_false
45
+ end
46
+ end
47
+
48
+ it "#has_role! with object (object role)" do
49
+ @user.has_role!('manager', @foo)
50
+
51
+ @user.has_role?('manager', @foo).should be_true
52
+ @user.has_roles_for?(@foo).should be_true
53
+ @user.has_role_for?(@foo).should be_true
54
+
55
+ roles = @user.roles_for(@foo)
56
+ roles.should == @foo.accepted_roles_by(@user)
57
+ roles.size.should == 1
58
+ roles.first.name.should == "manager"
59
+
60
+ @user.has_role?('manager', @bar).should be_false
61
+ @user2.has_role?('manager', @foo).should be_false
62
+
63
+ @foo.accepts_role?('manager', @user).should be_true
64
+ @foo.accepts_role_by?(@user).should be_true
65
+ @foo.accepts_roles_by?(@user).should be_true
66
+ end
67
+
68
+ it "shoud count object role also as global role" do
69
+ @user.has_role!('manager', @foo)
70
+
71
+ @user.has_role?('manager').should be_true
72
+ end
73
+
74
+ it "should not count object role as object class role" do
75
+ @user.has_role!('manager', @foo)
76
+ @user.has_role?('manager', Foo).should be_false
77
+ end
78
+
79
+ it "#has_role! with class" do
80
+ @user.has_role!('user', Bar)
81
+
82
+ @user.has_role?('user', Bar).should be_true
83
+ @user.has_roles_for?(Bar).should be_true
84
+ @user.has_role_for?(Bar).should be_true
85
+
86
+ roles = @user.roles_for(Bar)
87
+ roles.size.should == 1
88
+ roles.first.name.should == "user"
89
+
90
+ @user.has_role?('user', Foo).should be_false
91
+ @user2.has_role?('user', Bar).should be_false
92
+ end
93
+
94
+ it "should not count class role as object role" do
95
+ @user.has_role!('manager', Foo)
96
+ @user.has_role?('manager', @foo).should be_false
97
+ end
98
+
99
+ it "should be able to have several roles on the same object" do
100
+ @user.has_role!('manager', @foo)
101
+ @user.has_role!('user', @foo)
102
+ @user.has_role!('admin', @foo)
103
+
104
+ @user.has_role!('owner', @bar)
105
+
106
+ @user.roles_for(@foo) .map(&:name).sort.should == %w(admin manager user)
107
+ @foo.accepted_roles_by(@user).map(&:name).sort.should == %w(admin manager user)
108
+ end
109
+
110
+ it "should reuse existing roles" do
111
+ @user.has_role!('owner', @bar)
112
+ @user2.has_role!('owner', @bar)
113
+
114
+ @user.role_objects.should == @user2.role_objects
115
+ end
116
+
117
+ it "#has_no_role! should unassign a global role from user" do
118
+ set_some_roles
119
+
120
+ lambda do
121
+ @user.has_no_role!('3133t')
122
+ end.should change { @user.role_objects.count }.by(-1)
123
+
124
+ @user.has_role?('3133t').should be_false
125
+ end
126
+
127
+ it "#has_no_role! should unassign an object role from user" do
128
+ set_some_roles
129
+
130
+ lambda do
131
+ @user.has_no_role!('manager', @foo)
132
+ end.should change { @user.role_objects.count }.by(-1)
133
+
134
+ @user.has_role?('manager', @foo).should be_false
135
+ @user.has_role?('user', @foo).should be_true # another role on the same object
136
+ end
137
+
138
+ it "#has_no_role! should unassign a class role from user" do
139
+ set_some_roles
140
+
141
+ lambda do
142
+ @user.has_no_role!('admin', Foo)
143
+ end.should change { @user.role_objects.count }.by(-1)
144
+
145
+ @user.has_role?('admin', Foo).should be_false
146
+ @user.has_role?('admin').should be_true # global role
147
+ end
148
+
149
+ it "#has_no_roles_for! should unassign global and class roles with nil object" do
150
+ set_some_roles
151
+
152
+ lambda do
153
+ @user.has_no_roles_for!
154
+ end.should change { @user.role_objects.count }.by(-4)
155
+
156
+ @user.has_role?('admin').should be_false
157
+ @user.has_role?('3133t').should be_false
158
+ @user.has_role?('admin', Foo).should be_false
159
+ @user.has_role?('manager', Foo).should be_false
160
+ end
161
+
162
+ it "#has_no_roles_for! should unassign object roles" do
163
+ set_some_roles
164
+
165
+ lambda do
166
+ @user.has_no_roles_for! @foo
167
+ end.should change { @user.role_objects.count }.by(-2)
168
+
169
+ @user.has_role?('user', @foo).should be_false
170
+ @user.has_role?('manager', @foo).should be_false
171
+ end
172
+
173
+ it "#has_no_roles_for! should unassign both class roles and object roles for objects of that class" do
174
+ set_some_roles
175
+
176
+ lambda do
177
+ @user.has_no_roles_for! Foo
178
+ end.should change { @user.role_objects.count }.by(-4)
179
+
180
+ @user.has_role?('admin', Foo).should be_false
181
+ @user.has_role?('manager', Foo).should be_false
182
+ @user.has_role?('user', @foo).should be_false
183
+ @user.has_role?('manager', @foo).should be_false
184
+ end
185
+
186
+ it "#has_no_roles! should unassign all roles" do
187
+ set_some_roles
188
+
189
+ @user.has_no_roles!
190
+ @user.role_objects.count.should == 0
191
+ end
192
+
193
+ it "should delete unused roles from table" do
194
+ @user.has_role!('owner', @bar)
195
+ @user2.has_role!('owner', @bar)
196
+
197
+ Role.count.should == 1
198
+
199
+ @bar.accepts_no_role!('owner', @user2)
200
+ Role.count.should == 1
201
+
202
+ @bar.accepts_no_role!('owner', @user)
203
+
204
+ Role.count.should == 0
205
+ end
206
+
207
+ it "should accept :symbols as role names" do
208
+ @user.has_role! :admin
209
+ @user.has_role! :_3133t
210
+
211
+ @user.has_role! :admin, Foo
212
+ @user.has_role! :manager, Foo
213
+ @user.has_role! :user, @foo
214
+ @foo.accepts_role! :manager, @user
215
+ @bar.accepts_role! :owner, @user
216
+
217
+ @user.has_role?(:admin).should be_true
218
+ @user.has_role?(:_3133t).should be_true
219
+ @user.has_role?(:admin, Foo).should be_true
220
+ @user.has_role?(:manager, @foo).should be_true
221
+ end
222
+
223
+ private
224
+
225
+ def set_some_roles
226
+ @user.has_role!('admin')
227
+ @user.has_role!('3133t')
228
+
229
+ @user.has_role!('admin', Foo)
230
+ @user.has_role!('manager', Foo)
231
+ @user.has_role!('user', @foo)
232
+ @foo.accepts_role!('manager', @user)
233
+ @bar.accepts_role!('owner', @user)
234
+ end
235
+ end
236
+
237
+ class RolesWithCustomClassNamesTest < Test::Unit::TestCase
238
+ before do
239
+ AnotherRole.destroy_all
240
+ [AnotherSubject, FooBar].each { |model| model.delete_all }
241
+
242
+ @subj = AnotherSubject.create!
243
+ @subj2 = AnotherSubject.create!
244
+ @foobar = FooBar.create!
245
+ end
246
+
247
+ it "should basically work" do
248
+ lambda do
249
+ @subj.has_role!('admin')
250
+ @subj.has_role!('user', @foobar)
251
+ end.should change { AnotherRole.count }.from(0).to(2)
252
+
253
+ @subj.has_role?('admin').should be_true
254
+ @subj2.has_role?('admin').should be_false
255
+
256
+ @subj.has_role?(:user, @foobar).should be_true
257
+ @subj2.has_role?(:user, @foobar).should be_false
258
+
259
+ @subj.has_no_roles!
260
+ @subj2.has_no_roles!
261
+ end
262
+ end
263
+
264
+ class UsersRolesAndSubjectsWithNamespacedClassNamesTest < Test::Unit::TestCase
265
+ before do
266
+ Other::Role.destroy_all
267
+ [Other::User, Other::FooBar].each { |model| model.delete_all }
268
+
269
+ @user = Other::User.create!
270
+ @user2 = Other::User.create!
271
+ @foobar = Other::FooBar.create!
272
+
273
+ end
274
+
275
+ it "should basically work" do
276
+ lambda do
277
+ @user.has_role!('admin')
278
+ @user.has_role!('user', @foobar)
279
+ end.should change { Other::Role.count }.from(0).to(2)
280
+
281
+ @user.has_role?('admin').should be_true
282
+ @user2.has_role?('admin').should be_false
283
+
284
+ @user.has_role?(:user, @foobar).should be_true
285
+ @user2.has_role?(:user, @foobar).should be_false
286
+
287
+ @foobar.accepted_roles.count.should == 1
288
+
289
+ @user.has_no_roles!
290
+ @user2.has_no_roles!
291
+ end
292
+ end
293
+
@@ -0,0 +1,207 @@
1
+ class ApplicationController < ActionController::Base
2
+ rescue_from Acl9::AccessDenied do |e|
3
+ render :text => 'AccessDenied'
4
+ end
5
+ end
6
+
7
+ class EmptyController < ApplicationController
8
+ attr_accessor :current_user
9
+ before_filter :set_current_user
10
+
11
+ [:index, :show, :new, :edit, :update, :delete, :destroy].each do |act|
12
+ define_method(act) { render :text => 'OK' }
13
+ end
14
+
15
+ private
16
+
17
+ def set_current_user
18
+ if params[:user]
19
+ self.current_user = params[:user]
20
+ end
21
+ end
22
+ end
23
+
24
+ module TrueFalse
25
+ private
26
+
27
+ def true_meth; true end
28
+ def false_meth; false end
29
+ end
30
+
31
+ # all these controllers behave the same way
32
+
33
+ class ACLBlock < EmptyController
34
+ access_control :debug => true do
35
+ allow all, :to => [:index, :show]
36
+ allow :admin
37
+ end
38
+ end
39
+
40
+ class ACLMethod < EmptyController
41
+ access_control :as_method => :acl do
42
+ allow all, :to => [:index, :show]
43
+ allow :admin, :except => [:index, :show]
44
+ end
45
+ end
46
+
47
+ class ACLMethod2 < EmptyController
48
+ access_control :acl do
49
+ allow all, :to => [:index, :show]
50
+ allow :admin, :except => [:index, :show]
51
+ end
52
+ end
53
+
54
+ class ACLArguments < EmptyController
55
+ access_control :except => [:index, :show] do
56
+ allow :admin, :if => :true_meth, :unless => :false_meth
57
+ end
58
+
59
+ include TrueFalse
60
+ end
61
+
62
+ class ACLBooleanMethod < EmptyController
63
+ access_control :acl, :filter => false do
64
+ allow all, :to => [:index, :show], :if => :true_meth
65
+ allow :admin, :unless => :false_meth
66
+ allow all, :if => :false_meth
67
+ allow all, :unless => :true_meth
68
+ end
69
+
70
+ before_filter :check_acl
71
+
72
+ def check_acl
73
+ if self.acl
74
+ true
75
+ else
76
+ raise Acl9::AccessDenied
77
+ end
78
+ end
79
+
80
+ include TrueFalse
81
+ end
82
+
83
+ ###########################################
84
+ class MyDearFoo
85
+ include Singleton
86
+ end
87
+
88
+ class ACLIvars < EmptyController
89
+ class VenerableBar; end
90
+
91
+ before_filter :set_ivars
92
+
93
+ access_control do
94
+ action :destroy do
95
+ allow :owner, :of => :foo
96
+ allow :bartender, :at => VenerableBar
97
+ end
98
+ end
99
+
100
+ private
101
+
102
+ def set_ivars
103
+ @foo = MyDearFoo.instance
104
+ end
105
+ end
106
+
107
+ class ACLSubjectMethod < ApplicationController
108
+ access_control :subject_method => :the_only_user do
109
+ allow :the_only_one
110
+ end
111
+
112
+ def index
113
+ render :text => 'OK'
114
+ end
115
+
116
+ private
117
+
118
+ def the_only_user
119
+ params[:user]
120
+ end
121
+ end
122
+
123
+ class ACLObjectsHash < ApplicationController
124
+ access_control :allowed?, :filter => false do
125
+ allow :owner, :of => :foo
126
+ end
127
+
128
+ def allow
129
+ @foo = nil
130
+ render :text => (allowed?(:foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
131
+ end
132
+
133
+ def current_user
134
+ params[:user]
135
+ end
136
+ end
137
+
138
+ class ACLActionOverride < ApplicationController
139
+ access_control :allowed?, :filter => false do
140
+ allow all, :to => :index
141
+ deny all, :to => :show
142
+ allow :owner, :of => :foo, :to => :edit
143
+ end
144
+
145
+ def check_allow
146
+ render :text => (allowed?(params[:_action]) ? 'OK' : 'AccessDenied')
147
+ end
148
+
149
+ def check_allow_with_foo
150
+ render :text => (allowed?(params[:_action], :foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
151
+ end
152
+
153
+ def current_user
154
+ params[:user]
155
+ end
156
+ end
157
+
158
+
159
+ class ACLHelperMethod < ApplicationController
160
+ access_control :helper => :foo? do
161
+ allow :owner, :of => :foo
162
+ end
163
+
164
+ def allow
165
+ @foo = MyDearFoo.instance
166
+
167
+ render :inline => "<%= foo? ? 'OK' : 'AccessDenied' %>"
168
+ end
169
+
170
+ def current_user
171
+ params[:user]
172
+ end
173
+ end
174
+
175
+ class ACLQueryMethod < ApplicationController
176
+ attr_accessor :current_user
177
+
178
+ access_control :acl, :query_method => true do
179
+ allow :editor, :to => [:edit, :update, :destroy]
180
+ allow :viewer, :to => [:index, :show]
181
+ allow :owner, :of => :foo, :to => :fooize
182
+ end
183
+ end
184
+
185
+ class ACLQueryMethodWithLambda < ApplicationController
186
+ attr_accessor :current_user
187
+
188
+ access_control :query_method => :acl? do
189
+ allow :editor, :to => [:edit, :update, :destroy]
190
+ allow :viewer, :to => [:index, :show]
191
+ allow :owner, :of => :foo, :to => :fooize
192
+ end
193
+ end
194
+
195
+ class ACLNamedQueryMethod < ApplicationController
196
+ attr_accessor :current_user
197
+
198
+ access_control :acl, :query_method => 'allow_ay' do
199
+ allow :editor, :to => [:edit, :update, :destroy]
200
+ allow :viewer, :to => [:index, :show]
201
+ allow :owner, :of => :foo, :to => :fooize
202
+ end
203
+
204
+ def acl?(*args)
205
+ allow_ay(*args)
206
+ end
207
+ end