sanction 0.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (28) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +9 -17
  3. data/.travis.yml +6 -0
  4. data/LICENSE.txt +1 -1
  5. data/README.md +105 -5
  6. data/Rakefile +5 -0
  7. data/lib/sanction/attached_list.rb +57 -0
  8. data/lib/sanction/blacklist/list.rb +34 -0
  9. data/lib/sanction/blacklist/node.rb +42 -0
  10. data/lib/sanction/blacklist/null_list.rb +21 -0
  11. data/lib/sanction/blacklist/null_node.rb +37 -0
  12. data/lib/sanction/node.rb +135 -0
  13. data/lib/sanction/permission.rb +38 -0
  14. data/lib/sanction/tree.rb +124 -0
  15. data/lib/sanction/version.rb +1 -1
  16. data/lib/sanction/whitelist/list.rb +34 -0
  17. data/lib/sanction/whitelist/node.rb +43 -0
  18. data/lib/sanction/whitelist/null_list.rb +21 -0
  19. data/lib/sanction/whitelist/null_node.rb +37 -0
  20. data/lib/sanction.rb +32 -1
  21. data/sanction.gemspec +11 -6
  22. data/spec/application_spec.rb +91 -0
  23. data/spec/node_spec.rb +49 -0
  24. data/spec/permission_spec.rb +218 -0
  25. data/spec/resources_spec.rb +158 -0
  26. data/spec/spec_helper.rb +91 -0
  27. data/spec/wildcard_spec.rb +95 -0
  28. metadata +91 -8
data/spec/resources_spec.rb ADDED
@@ -0,0 +1,158 @@
1
+ require 'spec_helper'
2
+
3
+ describe 'Nodes with resource restrictions' do
4
+
5
+ let(:permissions_hash) { {} }
6
+ let(:permissions) { Sanction.build(permissions_hash) }
7
+ let(:predicates) { [] }
8
+ let(:permission) { Sanction::Permission.new(permissions, *predicates)}
9
+
10
+ describe 'whitelisted resources' do
11
+ let(:permissions_hash) do
12
+ {
13
+ mode: 'whitelist',
14
+ scope: ['manage', 'read'],
15
+ resources: ['bookcase'],
16
+ subjects: [
17
+ {
18
+ id: 3,
19
+ mode: 'blacklist',
20
+ type: 'bookcase',
21
+ scope: [],
22
+ resources: ['pack'],
23
+ subjects: [
24
+ {
25
+ id: 12,
26
+ type: 'shelf'
27
+ }
28
+ ]
29
+ },
30
+ {
31
+ id: 6,
32
+ mode: 'whitelist',
33
+ type: 'bookcase',
34
+ scope: [],
35
+ resources: ['*'],
36
+ subjects: [
37
+ {
38
+ id: 8,
39
+ type: 'shelf'
40
+ }
41
+ ]
42
+ }
43
+ ]
44
+ }
45
+ end
46
+
47
+ describe 'nested wildcard' do
48
+ let(:predicates) { [Bookcase.new(6), Shelf]}
49
+
50
+ it 'should allow shelves' do
51
+ permission.permitted?.must_equal true
52
+ end
53
+ end
54
+
55
+ describe 'nested blacklist' do
56
+ let(:predicates) { [Bookcase.new(3), Pack] }
57
+
58
+ it 'should not allow packs' do
59
+ permission.permitted?.must_equal false
60
+ end
61
+ end
62
+
63
+ describe 'bookcase' do
64
+ let(:predicates) { [Bookcase] }
65
+
66
+ it 'should allow bookcases' do
67
+ permission.permitted?.must_equal true
68
+ end
69
+ end
70
+
71
+ describe 'shelf' do
72
+ let(:predicates) { [Shelf] }
73
+
74
+ it 'should not allow shelves' do
75
+ permission.permitted?.must_equal false
76
+ end
77
+ end
78
+
79
+ end
80
+
81
+ describe 'none blacklisted resource type' do
82
+ let(:permissions_hash) do
83
+ {
84
+ mode: 'blacklist',
85
+ scope: ['manage', 'read'],
86
+ resources: ['bookcase'],
87
+ subjects: [
88
+ {
89
+ id: 6,
90
+ type: 'bookcase',
91
+ scope: []
92
+ }
93
+ ]
94
+ }
95
+ end
96
+
97
+ it 'should not return the bookcase ids' do
98
+ permission.path[:bookcase].denied_ids.must_equal [6]
99
+ end
100
+ end
101
+
102
+ describe 'none whitelisted resource type' do
103
+ let(:permissions_hash) do
104
+ {
105
+ mode: 'whitelist',
106
+ scope: ['manage', 'read'],
107
+ resources: [],
108
+ subjects: [
109
+ {
110
+ id: 6,
111
+ type: 'bookcase',
112
+ scope: []
113
+ }
114
+ ]
115
+ }
116
+ end
117
+
118
+ it 'should not return the bookcase ids' do
119
+ permission.path[:bookcase].allowed_ids.must_equal []
120
+ end
121
+
122
+ end
123
+
124
+ describe 'blacklisted resources' do
125
+ let(:permissions_hash) do
126
+ {
127
+ mode: 'whitelist',
128
+ scope: ['manage', 'read'],
129
+ resources: ['bookcase'],
130
+ subjects: [
131
+ {
132
+ id: 6,
133
+ type: 'bookcase',
134
+ scope: []
135
+ }
136
+ ]
137
+ }
138
+ end
139
+
140
+ describe 'bookcase' do
141
+ let(:predicates) { [Bookcase] }
142
+
143
+ it 'should allow bookcases' do
144
+ permission.permitted?.must_equal true
145
+ end
146
+ end
147
+
148
+ describe 'shelf' do
149
+ let(:predicates) { [Shelf] }
150
+
151
+ it 'should not allow shelves' do
152
+ permission.permitted?.must_equal false
153
+ end
154
+ end
155
+
156
+ end
157
+
158
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,91 @@
1
+ require 'sanction'
2
+ require 'awesome_print'
3
+
4
+ require 'minitest/spec'
5
+ require 'minitest/autorun'
6
+ require 'minitest/pride'
7
+
8
+ class Bookcase
9
+ attr_accessor :id
10
+
11
+ def initialize(id)
12
+ @id = id
13
+ end
14
+ end
15
+
16
+ class Shelf
17
+ attr_accessor :id
18
+
19
+ def initialize(id)
20
+ @id = id
21
+ end
22
+ end
23
+
24
+ class User
25
+ attr_accessor :id
26
+
27
+ def initialize(id)
28
+ @id = id
29
+ end
30
+ end
31
+
32
+ class Pack
33
+ attr_accessor :id
34
+
35
+ def initialize(id)
36
+ @id = id
37
+ end
38
+ end
39
+
40
+
41
+ PERMISSIONS = {
42
+ mode: 'whitelist',
43
+ scope: ['manage', 'read'],
44
+ resources: ['bookcase', 'shelf', 'pack', 'user'],
45
+ subjects: [
46
+ {
47
+ id: 1,
48
+ mode: 'blacklist',
49
+ type: 'bookcase',
50
+ scope: [],
51
+ subjects: [
52
+ {
53
+ id: 6,
54
+ type: 'shelf',
55
+ scope: ['manage']
56
+ }
57
+ ]
58
+ },{
59
+ id: 2,
60
+ mode: 'whitelist',
61
+ type: 'bookcase',
62
+ scope: ['read'],
63
+ subjects: [
64
+ {
65
+ id: 7,
66
+ mode: 'blacklist',
67
+ type: 'shelf',
68
+ scope: ['manage', 'read'],
69
+ subjects: [
70
+ {
71
+ id: 8,
72
+ type: 'pack'
73
+ }
74
+ ]
75
+ },
76
+ {
77
+ id: 4,
78
+ mode: 'whitelist',
79
+ type: 'shelf',
80
+ subjects: [
81
+ {
82
+ id: 5,
83
+ type: 'pack',
84
+ scope: ['manage', 'read']
85
+ }
86
+ ]
87
+ }
88
+ ]
89
+ }
90
+ ]
91
+ }
data/spec/wildcard_spec.rb ADDED
@@ -0,0 +1,95 @@
1
+ require 'spec_helper'
2
+
3
+ describe 'Wildcarding' do
4
+
5
+ let(:permissions_hash) { {} }
6
+ let(:permissions) { Sanction.build(permissions_hash) }
7
+ let(:predicates) { [] }
8
+ let(:permission) { Sanction::Permission.new(permissions, *predicates)}
9
+
10
+ describe 'whitelist' do
11
+
12
+ let(:permissions_hash) { {
13
+ mode: 'whitelist',
14
+ scope: ['manage', 'read'],
15
+ resources: ['bookcase', 'user'],
16
+ subjects: [
17
+ {
18
+ id: 1,
19
+ type: 'bookcase',
20
+ scope: ['read']
21
+ },
22
+ {
23
+ id: '*',
24
+ mode: 'blacklist',
25
+ type: 'user',
26
+ scope: ['manage', 'read'],
27
+ subjects: [
28
+ {
29
+ id: '*',
30
+ type: 'bookcase',
31
+ subjects: [
32
+ id: '1',
33
+ type: 'pack'
34
+ ]
35
+ }
36
+ ]
37
+ }
38
+ ]
39
+ } }
40
+ let(:user) { User.new(7) }
41
+ let(:predicates) { [user] }
42
+
43
+ it 'should be permitted' do
44
+ permission.permitted?.must_equal true
45
+ end
46
+
47
+ it 'should have the scope of manage' do
48
+ permission.permitted_with_scope?(:manage).must_equal true
49
+ end
50
+
51
+ describe 'nested block' do
52
+ let(:bookcase) { Bookcase.new(121) }
53
+ let(:predicates) { [user, bookcase] }
54
+
55
+ it 'should not be permitted' do
56
+ permission.permitted?.must_equal false
57
+ end
58
+
59
+ describe 'with a pack' do
60
+ let(:pack) { Pack.new(1) }
61
+ let(:predicates) { [user, bookcase, pack] }
62
+ it 'should not be permitted' do
63
+ permission.permitted?.must_equal false
64
+ end
65
+ end
66
+
67
+ end
68
+ end
69
+
70
+ describe 'blacklist' do
71
+ let(:permissions_hash) { {
72
+ mode: 'blacklist',
73
+ scope: ['manage', 'read'],
74
+ resources: ['bookcase'],
75
+ subjects: [
76
+ {
77
+ id: 1,
78
+ type: 'bookcase',
79
+ scope: ['read']
80
+ },
81
+ {
82
+ id: '*',
83
+ type: 'user',
84
+ scope: ['manage', 'read']
85
+ }
86
+ ]
87
+ } }
88
+ let(:user) { User.new(7) }
89
+ let(:predicates) { [user] }
90
+
91
+ it 'should not be permitted' do
92
+ permission.permitted?.must_equal false
93
+ end
94
+ end
95
+ end
metadata CHANGED
@@ -1,15 +1,44 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sanction
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 2.1.0
5
5
  platform: ruby
6
6
  authors:
7
- - JGW Maxwell
7
+ - Adam Carlile
8
+ - John Maxwell
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
11
- date: 2014-08-26 00:00:00.000000000 Z
12
+ date: 2014-11-26 00:00:00.000000000 Z
12
13
  dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: activesupport
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - ">="
19
+ - !ruby/object:Gem::Version
20
+ version: '0'
21
+ type: :runtime
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ version: '0'
28
+ - !ruby/object:Gem::Dependency
29
+ name: minitest
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - ">="
33
+ - !ruby/object:Gem::Version
34
+ version: '0'
35
+ type: :development
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - ">="
40
+ - !ruby/object:Gem::Version
41
+ version: '0'
13
42
  - !ruby/object:Gem::Dependency
14
43
  name: bundler
15
44
  requirement: !ruby/object:Gem::Requirement
@@ -26,6 +55,20 @@ dependencies:
26
55
  version: '1.6'
27
56
  - !ruby/object:Gem::Dependency
28
57
  name: rake
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '10.0'
63
+ type: :development
64
+ prerelease: false
65
+ version_requirements: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - "~>"
68
+ - !ruby/object:Gem::Version
69
+ version: '10.0'
70
+ - !ruby/object:Gem::Dependency
71
+ name: pry
29
72
  requirement: !ruby/object:Gem::Requirement
30
73
  requirements:
31
74
  - - ">="
@@ -38,23 +81,56 @@ dependencies:
38
81
  - - ">="
39
82
  - !ruby/object:Gem::Version
40
83
  version: '0'
41
- description: Sanction.
84
+ - !ruby/object:Gem::Dependency
85
+ name: awesome_print
86
+ requirement: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - ">="
89
+ - !ruby/object:Gem::Version
90
+ version: '0'
91
+ type: :development
92
+ prerelease: false
93
+ version_requirements: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - ">="
96
+ - !ruby/object:Gem::Version
97
+ version: '0'
98
+ description: Provides a JSON format for describing complex nested permission sets
42
99
  email:
43
- - john.maxwell@boardintelligence.co.uk
44
100
  - adam.carlile@boardintelligence.co.uk
101
+ - john.maxwell@boardintelligence.co.uk
45
102
  executables: []
46
103
  extensions: []
47
104
  extra_rdoc_files: []
48
105
  files:
49
106
  - ".gitignore"
107
+ - ".travis.yml"
50
108
  - Gemfile
51
109
  - LICENSE.txt
52
110
  - README.md
53
111
  - Rakefile
54
112
  - lib/sanction.rb
113
+ - lib/sanction/attached_list.rb
114
+ - lib/sanction/blacklist/list.rb
115
+ - lib/sanction/blacklist/node.rb
116
+ - lib/sanction/blacklist/null_list.rb
117
+ - lib/sanction/blacklist/null_node.rb
118
+ - lib/sanction/node.rb
119
+ - lib/sanction/permission.rb
120
+ - lib/sanction/tree.rb
55
121
  - lib/sanction/version.rb
122
+ - lib/sanction/whitelist/list.rb
123
+ - lib/sanction/whitelist/node.rb
124
+ - lib/sanction/whitelist/null_list.rb
125
+ - lib/sanction/whitelist/null_node.rb
56
126
  - sanction.gemspec
57
- homepage: http://www.boardintelligence.co.uk
127
+ - spec/application_spec.rb
128
+ - spec/node_spec.rb
129
+ - spec/permission_spec.rb
130
+ - spec/resources_spec.rb
131
+ - spec/spec_helper.rb
132
+ - spec/wildcard_spec.rb
133
+ homepage: http://github.com/boardiq/sanction
58
134
  licenses:
59
135
  - MIT
60
136
  metadata: {}
@@ -77,5 +153,12 @@ rubyforge_project:
77
153
  rubygems_version: 2.2.2
78
154
  signing_key:
79
155
  specification_version: 4
80
- summary: Sanction.
81
- test_files: []
156
+ summary: A permissions gem for people who love JSON
157
+ test_files:
158
+ - spec/application_spec.rb
159
+ - spec/node_spec.rb
160
+ - spec/permission_spec.rb
161
+ - spec/resources_spec.rb
162
+ - spec/spec_helper.rb
163
+ - spec/wildcard_spec.rb
164
+ has_rdoc: