sanction 0.0.1 → 2.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (28) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +9 -17
  3. data/.travis.yml +6 -0
  4. data/LICENSE.txt +1 -1
  5. data/README.md +105 -5
  6. data/Rakefile +5 -0
  7. data/lib/sanction/attached_list.rb +57 -0
  8. data/lib/sanction/blacklist/list.rb +34 -0
  9. data/lib/sanction/blacklist/node.rb +42 -0
  10. data/lib/sanction/blacklist/null_list.rb +21 -0
  11. data/lib/sanction/blacklist/null_node.rb +37 -0
  12. data/lib/sanction/node.rb +135 -0
  13. data/lib/sanction/permission.rb +38 -0
  14. data/lib/sanction/tree.rb +124 -0
  15. data/lib/sanction/version.rb +1 -1
  16. data/lib/sanction/whitelist/list.rb +34 -0
  17. data/lib/sanction/whitelist/node.rb +43 -0
  18. data/lib/sanction/whitelist/null_list.rb +21 -0
  19. data/lib/sanction/whitelist/null_node.rb +37 -0
  20. data/lib/sanction.rb +32 -1
  21. data/sanction.gemspec +11 -6
  22. data/spec/application_spec.rb +91 -0
  23. data/spec/node_spec.rb +49 -0
  24. data/spec/permission_spec.rb +218 -0
  25. data/spec/resources_spec.rb +158 -0
  26. data/spec/spec_helper.rb +91 -0
  27. data/spec/wildcard_spec.rb +95 -0
  28. metadata +91 -8
data/spec/resources_spec.rb ADDED
@@ -0,0 +1,158 @@
1
+ require 'spec_helper'
2
+
3
+ describe 'Nodes with resource restrictions' do
4
+
5
+ let(:permissions_hash) { {} }
6
+ let(:permissions) { Sanction.build(permissions_hash) }
7
+ let(:predicates) { [] }
8
+ let(:permission) { Sanction::Permission.new(permissions, *predicates)}
9
+
10
+ describe 'whitelisted resources' do
11
+ let(:permissions_hash) do
12
+ {
13
+ mode: 'whitelist',
14
+ scope: ['manage', 'read'],
15
+ resources: ['bookcase'],
16
+ subjects: [
17
+ {
18
+ id: 3,
19
+ mode: 'blacklist',
20
+ type: 'bookcase',
21
+ scope: [],
22
+ resources: ['pack'],
23
+ subjects: [
24
+ {
25
+ id: 12,
26
+ type: 'shelf'
27
+ }
28
+ ]
29
+ },
30
+ {
31
+ id: 6,
32
+ mode: 'whitelist',
33
+ type: 'bookcase',
34
+ scope: [],
35
+ resources: ['*'],
36
+ subjects: [
37
+ {
38
+ id: 8,
39
+ type: 'shelf'
40
+ }
41
+ ]
42
+ }
43
+ ]
44
+ }
45
+ end
46
+
47
+ describe 'nested wildcard' do
48
+ let(:predicates) { [Bookcase.new(6), Shelf]}
49
+
50
+ it 'should allow shelves' do
51
+ permission.permitted?.must_equal true
52
+ end
53
+ end
54
+
55
+ describe 'nested blacklist' do
56
+ let(:predicates) { [Bookcase.new(3), Pack] }
57
+
58
+ it 'should not allow packs' do
59
+ permission.permitted?.must_equal false
60
+ end
61
+ end
62
+
63
+ describe 'bookcase' do
64
+ let(:predicates) { [Bookcase] }
65
+
66
+ it 'should allow bookcases' do
67
+ permission.permitted?.must_equal true
68
+ end
69
+ end
70
+
71
+ describe 'shelf' do
72
+ let(:predicates) { [Shelf] }
73
+
74
+ it 'should not allow shelves' do
75
+ permission.permitted?.must_equal false
76
+ end
77
+ end
78
+
79
+ end
80
+
81
+ describe 'none blacklisted resource type' do
82
+ let(:permissions_hash) do
83
+ {
84
+ mode: 'blacklist',
85
+ scope: ['manage', 'read'],
86
+ resources: ['bookcase'],
87
+ subjects: [
88
+ {
89
+ id: 6,
90
+ type: 'bookcase',
91
+ scope: []
92
+ }
93
+ ]
94
+ }
95
+ end
96
+
97
+ it 'should not return the bookcase ids' do
98
+ permission.path[:bookcase].denied_ids.must_equal [6]
99
+ end
100
+ end
101
+
102
+ describe 'none whitelisted resource type' do
103
+ let(:permissions_hash) do
104
+ {
105
+ mode: 'whitelist',
106
+ scope: ['manage', 'read'],
107
+ resources: [],
108
+ subjects: [
109
+ {
110
+ id: 6,
111
+ type: 'bookcase',
112
+ scope: []
113
+ }
114
+ ]
115
+ }
116
+ end
117
+
118
+ it 'should not return the bookcase ids' do
119
+ permission.path[:bookcase].allowed_ids.must_equal []
120
+ end
121
+
122
+ end
123
+
124
+ describe 'blacklisted resources' do
125
+ let(:permissions_hash) do
126
+ {
127
+ mode: 'whitelist',
128
+ scope: ['manage', 'read'],
129
+ resources: ['bookcase'],
130
+ subjects: [
131
+ {
132
+ id: 6,
133
+ type: 'bookcase',
134
+ scope: []
135
+ }
136
+ ]
137
+ }
138
+ end
139
+
140
+ describe 'bookcase' do
141
+ let(:predicates) { [Bookcase] }
142
+
143
+ it 'should allow bookcases' do
144
+ permission.permitted?.must_equal true
145
+ end
146
+ end
147
+
148
+ describe 'shelf' do
149
+ let(:predicates) { [Shelf] }
150
+
151
+ it 'should not allow shelves' do
152
+ permission.permitted?.must_equal false
153
+ end
154
+ end
155
+
156
+ end
157
+
158
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,91 @@
1
+ require 'sanction'
2
+ require 'awesome_print'
3
+
4
+ require 'minitest/spec'
5
+ require 'minitest/autorun'
6
+ require 'minitest/pride'
7
+
8
+ class Bookcase
9
+ attr_accessor :id
10
+
11
+ def initialize(id)
12
+ @id = id
13
+ end
14
+ end
15
+
16
+ class Shelf
17
+ attr_accessor :id
18
+
19
+ def initialize(id)
20
+ @id = id
21
+ end
22
+ end
23
+
24
+ class User
25
+ attr_accessor :id
26
+
27
+ def initialize(id)
28
+ @id = id
29
+ end
30
+ end
31
+
32
+ class Pack
33
+ attr_accessor :id
34
+
35
+ def initialize(id)
36
+ @id = id
37
+ end
38
+ end
39
+
40
+
41
+ PERMISSIONS = {
42
+ mode: 'whitelist',
43
+ scope: ['manage', 'read'],
44
+ resources: ['bookcase', 'shelf', 'pack', 'user'],
45
+ subjects: [
46
+ {
47
+ id: 1,
48
+ mode: 'blacklist',
49
+ type: 'bookcase',
50
+ scope: [],
51
+ subjects: [
52
+ {
53
+ id: 6,
54
+ type: 'shelf',
55
+ scope: ['manage']
56
+ }
57
+ ]
58
+ },{
59
+ id: 2,
60
+ mode: 'whitelist',
61
+ type: 'bookcase',
62
+ scope: ['read'],
63
+ subjects: [
64
+ {
65
+ id: 7,
66
+ mode: 'blacklist',
67
+ type: 'shelf',
68
+ scope: ['manage', 'read'],
69
+ subjects: [
70
+ {
71
+ id: 8,
72
+ type: 'pack'
73
+ }
74
+ ]
75
+ },
76
+ {
77
+ id: 4,
78
+ mode: 'whitelist',
79
+ type: 'shelf',
80
+ subjects: [
81
+ {
82
+ id: 5,
83
+ type: 'pack',
84
+ scope: ['manage', 'read']
85
+ }
86
+ ]
87
+ }
88
+ ]
89
+ }
90
+ ]
91
+ }
data/spec/wildcard_spec.rb ADDED
@@ -0,0 +1,95 @@
1
+ require 'spec_helper'
2
+
3
+ describe 'Wildcarding' do
4
+
5
+ let(:permissions_hash) { {} }
6
+ let(:permissions) { Sanction.build(permissions_hash) }
7
+ let(:predicates) { [] }
8
+ let(:permission) { Sanction::Permission.new(permissions, *predicates)}
9
+
10
+ describe 'whitelist' do
11
+
12
+ let(:permissions_hash) { {
13
+ mode: 'whitelist',
14
+ scope: ['manage', 'read'],
15
+ resources: ['bookcase', 'user'],
16
+ subjects: [
17
+ {
18
+ id: 1,
19
+ type: 'bookcase',
20
+ scope: ['read']
21
+ },
22
+ {
23
+ id: '*',
24
+ mode: 'blacklist',
25
+ type: 'user',
26
+ scope: ['manage', 'read'],
27
+ subjects: [
28
+ {
29
+ id: '*',
30
+ type: 'bookcase',
31
+ subjects: [
32
+ id: '1',
33
+ type: 'pack'
34
+ ]
35
+ }
36
+ ]
37
+ }
38
+ ]
39
+ } }
40
+ let(:user) { User.new(7) }
41
+ let(:predicates) { [user] }
42
+
43
+ it 'should be permitted' do
44
+ permission.permitted?.must_equal true
45
+ end
46
+
47
+ it 'should have the scope of manage' do
48
+ permission.permitted_with_scope?(:manage).must_equal true
49
+ end
50
+
51
+ describe 'nested block' do
52
+ let(:bookcase) { Bookcase.new(121) }
53
+ let(:predicates) { [user, bookcase] }
54
+
55
+ it 'should not be permitted' do
56
+ permission.permitted?.must_equal false
57
+ end
58
+
59
+ describe 'with a pack' do
60
+ let(:pack) { Pack.new(1) }
61
+ let(:predicates) { [user, bookcase, pack] }
62
+ it 'should not be permitted' do
63
+ permission.permitted?.must_equal false
64
+ end
65
+ end
66
+
67
+ end
68
+ end
69
+
70
+ describe 'blacklist' do
71
+ let(:permissions_hash) { {
72
+ mode: 'blacklist',
73
+ scope: ['manage', 'read'],
74
+ resources: ['bookcase'],
75
+ subjects: [
76
+ {
77
+ id: 1,
78
+ type: 'bookcase',
79
+ scope: ['read']
80
+ },
81
+ {
82
+ id: '*',
83
+ type: 'user',
84
+ scope: ['manage', 'read']
85
+ }
86
+ ]
87
+ } }
88
+ let(:user) { User.new(7) }
89
+ let(:predicates) { [user] }
90
+
91
+ it 'should not be permitted' do
92
+ permission.permitted?.must_equal false
93
+ end
94
+ end
95
+ end
metadata CHANGED
@@ -1,15 +1,44 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sanction
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
- - JGW Maxwell
7
+ - Adam Carlile
8
+ - John Maxwell
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2014-08-26 00:00:00.000000000 Z
12
+ date: 2014-11-26 00:00:00.000000000 Z
12
13
  dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: activesupport
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - ">="
19
+ - !ruby/object:Gem::Version
20
+ version: '0'
21
+ type: :runtime
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ version: '0'
28
+ - !ruby/object:Gem::Dependency
29
+ name: minitest
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: '0'
35
+ type: :development
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ">="
40
+ - !ruby/object:Gem::Version
41
+ version: '0'
13
42
  - !ruby/object:Gem::Dependency
14
43
  name: bundler
15
44
  requirement: !ruby/object:Gem::Requirement
@@ -26,6 +55,20 @@ dependencies:
26
55
  version: '1.6'
27
56
  - !ruby/object:Gem::Dependency
28
57
  name: rake
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '10.0'
63
+ type: :development
64
+ prerelease: false
65
+ version_requirements: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - "~>"
68
+ - !ruby/object:Gem::Version
69
+ version: '10.0'
70
+ - !ruby/object:Gem::Dependency
71
+ name: pry
29
72
  requirement: !ruby/object:Gem::Requirement
30
73
  requirements:
31
74
  - - ">="
@@ -38,23 +81,56 @@ dependencies:
38
81
  - - ">="
39
82
  - !ruby/object:Gem::Version
40
83
  version: '0'
41
- description: Sanction.
84
+ - !ruby/object:Gem::Dependency
85
+ name: awesome_print
86
+ requirement: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - ">="
89
+ - !ruby/object:Gem::Version
90
+ version: '0'
91
+ type: :development
92
+ prerelease: false
93
+ version_requirements: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - ">="
96
+ - !ruby/object:Gem::Version
97
+ version: '0'
98
+ description: Provides a JSON format for describing complex nested permission sets
42
99
  email:
43
- - john.maxwell@boardintelligence.co.uk
44
100
  - adam.carlile@boardintelligence.co.uk
101
+ - john.maxwell@boardintelligence.co.uk
45
102
  executables: []
46
103
  extensions: []
47
104
  extra_rdoc_files: []
48
105
  files:
49
106
  - ".gitignore"
107
+ - ".travis.yml"
50
108
  - Gemfile
51
109
  - LICENSE.txt
52
110
  - README.md
53
111
  - Rakefile
54
112
  - lib/sanction.rb
113
+ - lib/sanction/attached_list.rb
114
+ - lib/sanction/blacklist/list.rb
115
+ - lib/sanction/blacklist/node.rb
116
+ - lib/sanction/blacklist/null_list.rb
117
+ - lib/sanction/blacklist/null_node.rb
118
+ - lib/sanction/node.rb
119
+ - lib/sanction/permission.rb
120
+ - lib/sanction/tree.rb
55
121
  - lib/sanction/version.rb
122
+ - lib/sanction/whitelist/list.rb
123
+ - lib/sanction/whitelist/node.rb
124
+ - lib/sanction/whitelist/null_list.rb
125
+ - lib/sanction/whitelist/null_node.rb
56
126
  - sanction.gemspec
57
- homepage: http://www.boardintelligence.co.uk
127
+ - spec/application_spec.rb
128
+ - spec/node_spec.rb
129
+ - spec/permission_spec.rb
130
+ - spec/resources_spec.rb
131
+ - spec/spec_helper.rb
132
+ - spec/wildcard_spec.rb
133
+ homepage: http://github.com/boardiq/sanction
58
134
  licenses:
59
135
  - MIT
60
136
  metadata: {}
@@ -77,5 +153,12 @@ rubyforge_project:
77
153
  rubygems_version: 2.2.2
78
154
  signing_key:
79
155
  specification_version: 4
80
- summary: Sanction.
81
- test_files: []
156
+ summary: A permissions gem for people who love JSON
157
+ test_files:
158
+ - spec/application_spec.rb
159
+ - spec/node_spec.rb
160
+ - spec/permission_spec.rb
161
+ - spec/resources_spec.rb
162
+ - spec/spec_helper.rb
163
+ - spec/wildcard_spec.rb
164
+ has_rdoc: