scram 0.1.0

data/spec/dummy/public/404.html

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <div>
+      <h1>The page you were looking for doesn't exist.</h1>
+      <p>You may have mistyped the address or the page may have moved.</p>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/public/422.html

@@ -0,0 +1,67 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <div>
+      <h1>The change you wanted was rejected.</h1>
+      <p>Maybe you tried to change something you didn't have access to.</p>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/public/500.html

@@ -0,0 +1,66 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+    margin: 0;
+  }
+
+  div.dialog {
+    width: 95%;
+    max-width: 33em;
+    margin: 4em auto 0;
+  }
+
+  div.dialog > div {
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 12% 0;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  div.dialog > p {
+    margin: 0 0 1em;
+    padding: 1em;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow: 0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <div>
+      <h1>We're sorry, but something went wrong.</h1>
+    </div>
+    <p>If you are the application owner check the logs for more information.</p>
+  </div>
+</body>
+</html>

data/spec/rails_helper.rb

@@ -0,0 +1,78 @@
+# This file is copied to spec/ when you run 'rails generate rspec:install'
+ENV['RAILS_ENV'] ||= 'test'
+require File.expand_path('../dummy/config/environment', __FILE__)
+# Prevent database truncation if the environment is production
+abort("The Rails environment is running in production mode!") if Rails.env.production?
+require 'spec_helper'
+require 'rspec/rails'
+# Add additional requires below this line. Rails is not loaded until this point!
+
+require 'database_cleaner'
+require 'support/factory_girl'
+
+require 'coveralls'
+Coveralls.wear!
+
+require "scram/test_implementations/simple_holder"
+require "scram/test_implementations/simple_aggregate_holder"
+require "scram/test_implementations/test_model"
+
+# Requires supporting ruby files with custom matchers and macros, etc, in
+# spec/support/ and its subdirectories. Files matching `spec/**/*_spec.rb` are
+# run as spec files by default. This means that files in spec/support that end
+# in _spec.rb will both be required and run as specs, causing the specs to be
+# run twice. It is recommended that you do not name files matching this glob to
+# end with _spec.rb. You can configure this pattern with the --pattern
+# option on the command line or in ~/.rspec, .rspec or `.rspec-local`.
+#
+# The following line is provided for convenience purposes. It has the downside
+# of increasing the boot-up time by auto-requiring all files in the support
+# directory. Alternatively, in the individual `*_spec.rb` files, manually
+# require only the support files necessary.
+#
+# Dir[Rails.root.join('spec/support/**/*.rb')].each { |f| require f }
+
+# Checks for pending migration and applies them before tests are run.
+# If you are not using ActiveRecord, you can remove this line.
+# ActiveRecord::Migration.maintain_test_schema!
+
+RSpec.configure do |config|
+  config.before(:suite) do
+    DatabaseCleaner.strategy = :truncation
+    DatabaseCleaner.clean_with(:truncation)
+  end
+
+  config.around(:each) do |example|
+    DatabaseCleaner.cleaning do
+      example.run
+    end
+  end
+
+  # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
+  config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+  # If you're not using ActiveRecord, or you'd prefer not to run each of your
+  # examples within a transaction, remove the following line or assign false
+  # instead of true.
+  # config.use_transactional_fixtures = true
+
+  # RSpec Rails can automatically mix in different behaviours to your tests
+  # based on their file location, for example enabling you to call `get` and
+  # `post` in specs under `spec/controllers`.
+  #
+  # You can disable this behaviour by removing the line below, and instead
+  # explicitly tag your specs with their type, e.g.:
+  #
+  #     RSpec.describe UsersController, :type => :controller do
+  #       # ...
+  #     end
+  #
+  # The different available types are documented in the features, such as in
+  # https://relishapp.com/rspec/rspec-rails/docs
+  config.infer_spec_type_from_file_location!
+
+  # Filter lines from Rails gems in backtraces.
+  config.filter_rails_from_backtrace!
+  # arbitrary gems may also be filtered via:
+  # config.filter_gems_from_backtrace("gem name")
+end

data/spec/scram/concerns/aggregate_holder_spec.rb

@@ -0,0 +1,58 @@
+require "rails_helper"
+
+module Scram
+  describe Scram::AggregateHolder do
+
+    it "cannot be used without an implementation" do
+      expect {UnimplementedAggregateHolder.new.policies}.to raise_error(NotImplementedError)
+      expect {UnimplementedAggregateHolder.new.aggregates}.to raise_error(NotImplementedError)
+      expect {UnimplementedAggregateHolder.new.scram_compare_value}.to raise_error(NotImplementedError)
+    end
+
+    it "uses permissions from aggregates" do
+      target1 = Target.new
+      target1.actions << "woot"
+      policy1 = Policy.new
+      policy1.context = TestModel.name # A misc policy for strings
+      policy1.targets << target1
+      holder1 = SimpleHolder.new(policies: [policy1])
+
+      target2 = Target.new
+      target2.actions << "donk"
+      policy2 = Policy.new
+      policy2.context = TestModel.name # A misc policy for strings
+      policy2.targets << target2
+      holder2 = SimpleHolder.new(policies: [policy2])
+
+      user = SimpleAggregateHolder.new(aggregates: [holder1, holder2])
+      expect(user.can? :woot, TestModel.new).to be true
+      expect(user.can? :donk, TestModel.new).to be true
+      expect(user.can? :zing, TestModel.new).to be false
+    end
+
+    it "uses the aggregate holder compare value for ownership checking" do
+      target = Target.new
+      target.actions << "woot"
+      target.conditions = {:equals => {:owner => "*holder"}}
+
+      policy = Policy.new
+      policy.context = TestModel.name # A misc policy for strings
+      policy.targets << target
+      holder = SimpleHolder.new(policies: [policy])
+
+      user = SimpleAggregateHolder.new(aggregates: [holder])
+      expect(user.can? :woot, TestModel.new(owner: "Mr. Aggregate Holder Guy")).to be true
+      expect(user.can? :woot, TestModel.new(owner: "Mr. Holder Guy")).to be false
+
+      another_user = SimpleAggregateHolder.new(aggregates: [])
+      class << another_user
+        def scram_compare_value
+          "Mr. Aggregate Holder Guy Jr."
+        end
+      end
+
+      expect(another_user.can? :woot, TestModel.new(owner: "Mr. Aggregate Holder Guy")).to be false
+
+    end
+  end
+end

data/spec/scram/concerns/holder_spec.rb

@@ -0,0 +1,100 @@
+require "rails_helper"
+
+module Scram
+  describe Scram::Holder do
+
+    it "cannot be used without an implementation" do
+      expect {UnimplementedHolder.new.policies}.to raise_error(NotImplementedError)
+      expect {UnimplementedHolder.new.scram_compare_value}.to raise_error(NotImplementedError)
+    end
+
+    it "holds model permissions" do
+      target = Target.new
+      target.actions << "woot"
+
+      policy = Policy.new
+      policy.context = TestModel.name # A misc policy for strings
+      policy.targets << target
+      dude = SimpleHolder.new(policies: [policy]) # This is a test holder, his scram_compare_value by default is "Mr. Holder Guy"
+
+      # Check that it tests a field equals something
+      target.conditions = {:equals => { :targetable_int =>  3}}
+      policy.save
+      expect(dude.can? :woot, TestModel.new).to be true
+
+      # Check that it tests a field is less than something
+      target.conditions = {:less_than => { :targetable_int =>  4}}
+      policy.save
+      expect(dude.can? :woot, TestModel.new).to be true
+
+      # Test that it checks if an array includes something
+      target.conditions = {:includes => {:targetable_array => "a"}}
+      policy.save
+      expect(dude.can? :woot, TestModel.new).to be true
+
+      # Test that it checks if a document is owned by holder
+      target.conditions = {:equals => {:owner => "*holder"}}
+      policy.save
+      expect(dude.can? :woot, TestModel.new(owner: "Mr. Holder Guy")).to be true
+      expect(dude.can? :woot, TestModel.new(owner: "Mr. Holder Dude")).to be false
+
+    end
+
+    it "holds string permissions" do
+      target = Target.new
+      target.conditions = {:equals => { :'*target_name' =>  "donk"}}
+      target.actions << "woot"
+
+      policy = Policy.new
+      policy.name = "globals" # A misc policy for strings, context wil be nil!
+      policy.targets << target
+
+      policy.save
+
+      dude = SimpleHolder.new(policies: [policy]) # This is a test holder
+      expect(dude.can? :woot, :donk).to be true
+      expect(dude.can? :woot, :donkers).to be false
+    end
+
+    it "differentiates model and string policies" do
+      string_policy = Policy.new
+      string_policy.context = "non-existent-model"
+      string_policy.save
+
+      expect(string_policy.model?).to be false
+
+      model_policy = Policy.new
+      model_policy.context = SimpleHolder.name
+      model_policy.save
+
+      expect(model_policy.model?).to be true
+    end
+
+    it "prioritizes policies" do
+      # Allow zing and woot
+      target1 = Target.new
+      target1.actions << "woot"
+      target1.actions << "zing"
+
+      policy1 = Policy.new
+      policy1.context = TestModel.name # A misc policy for strings
+      policy1.targets << target1
+
+      # Deny woot in higher priority policy
+      target2 = Target.new
+      target2.actions << "woot"
+      target2.allow = false
+
+      policy2 = Policy.new
+      policy2.context = TestModel.name # A misc policy for strings
+      policy2.priority = 1
+      policy2.targets << target2
+
+      user = SimpleHolder.new(policies: [policy1, policy2])
+      expect(user.can? :woot, TestModel.new).to be false
+      expect(user.can? :donk, TestModel.new).to be false
+      expect(user.can? :zing, TestModel.new).to be true
+    end
+
+  end
+end