strongbolt 0.3.12 → 0.3.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +56 -0
- data/.rubocop_todo.yml +91 -0
- data/Gemfile +1 -1
- data/Gemfile.lock +18 -2
- data/Rakefile +1 -1
- data/app/controllers/strongbolt/capabilities_controller.rb +36 -45
- data/app/controllers/strongbolt/roles_controller.rb +39 -47
- data/app/controllers/strongbolt/security_controller.rb +2 -3
- data/app/controllers/strongbolt/user_groups_controller.rb +48 -54
- data/app/controllers/strongbolt/user_groups_users_controller.rb +2 -4
- data/app/controllers/strongbolt_controller.rb +1 -1
- data/circle.yml +13 -0
- data/lib/generators/strongbolt/fix_generator.rb +5 -6
- data/lib/generators/strongbolt/fix_unique_group_members_generator.rb +2 -3
- data/lib/generators/strongbolt/indexes_generator.rb +3 -4
- data/lib/generators/strongbolt/install_generator.rb +8 -9
- data/lib/generators/strongbolt/templates/fix_unique_group_members.rb +1 -1
- data/lib/generators/strongbolt/templates/indexes.rb +1 -1
- data/lib/generators/strongbolt/templates/migration.rb +11 -12
- data/lib/generators/strongbolt/templates/strongbolt.rb +1 -1
- data/lib/generators/strongbolt/views_generator.rb +4 -4
- data/lib/strongbolt.rb +51 -54
- data/lib/strongbolt/base.rb +1 -1
- data/lib/strongbolt/bolted.rb +12 -13
- data/lib/strongbolt/bolted_controller.rb +46 -57
- data/lib/strongbolt/capabilities_role.rb +5 -5
- data/lib/strongbolt/capability.rb +32 -31
- data/lib/strongbolt/configuration.rb +18 -19
- data/lib/strongbolt/controllers/url_helpers.rb +5 -5
- data/lib/strongbolt/engine.rb +9 -9
- data/lib/strongbolt/errors.rb +4 -4
- data/lib/strongbolt/generators/migration.rb +4 -6
- data/lib/strongbolt/helpers.rb +5 -7
- data/lib/strongbolt/rails/routes.rb +4 -4
- data/lib/strongbolt/role.rb +11 -12
- data/lib/strongbolt/roles_user_group.rb +5 -5
- data/lib/strongbolt/rspec.rb +2 -2
- data/lib/strongbolt/rspec/user.rb +13 -15
- data/lib/strongbolt/tenantable.rb +78 -80
- data/lib/strongbolt/user_abilities.rb +44 -54
- data/lib/strongbolt/user_group.rb +8 -10
- data/lib/strongbolt/user_groups_user.rb +6 -6
- data/lib/strongbolt/version.rb +1 -1
- data/lib/tasks/strongbolt_tasks.rake +4 -4
- data/spec/controllers/strongbolt/capabilities_controller_spec.rb +28 -45
- data/spec/controllers/strongbolt/roles_controller_spec.rb +39 -72
- data/spec/controllers/strongbolt/user_groups_controller_spec.rb +34 -65
- data/spec/controllers/strongbolt/user_groups_users_controller_spec.rb +11 -19
- data/spec/controllers/without_authorization_controller_spec.rb +5 -5
- data/spec/dummy/app/controllers/posts_controller.rb +2 -2
- data/spec/dummy/app/controllers/test_controller.rb +1 -1
- data/spec/dummy/app/controllers/without_authorization_controller.rb +1 -1
- data/spec/dummy/bin/rails +1 -1
- data/spec/dummy/config.ru +1 -1
- data/spec/dummy/config/application.rb +4 -5
- data/spec/dummy/config/initializers/cookies_serializer.rb +1 -1
- data/spec/dummy/config/initializers/strongbolt.rb +2 -2
- data/spec/dummy/config/routes.rb +1 -3
- data/spec/dummy/db/migrate/20150630212236_create_strongbolt_tables.rb +9 -10
- data/spec/dummy/db/migrate/20150630212251_create_strongbolt_tables_indexes.rb +2 -2
- data/spec/dummy/db/migrate/20160531110509_fix_unique_group_members.rb +1 -1
- data/spec/fabricators/capability_fabricator.rb +4 -4
- data/spec/fabricators/role_fabricator.rb +3 -3
- data/spec/fabricators/user_fabricator.rb +2 -2
- data/spec/fabricators/user_group_fabricator.rb +3 -3
- data/spec/fixtures/application.rb +6 -3
- data/spec/fixtures/controllers.rb +1 -1
- data/spec/spec_helper.rb +7 -8
- data/spec/strongbolt/bolted_controller_spec.rb +110 -208
- data/spec/strongbolt/bolted_spec.rb +26 -40
- data/spec/strongbolt/capability_spec.rb +72 -86
- data/spec/strongbolt/configuration_spec.rb +33 -46
- data/spec/strongbolt/controllers/url_helpers_spec.rb +7 -9
- data/spec/strongbolt/helpers_spec.rb +14 -16
- data/spec/strongbolt/role_spec.rb +32 -35
- data/spec/strongbolt/tenantable_spec.rb +88 -86
- data/spec/strongbolt/user_abilities_multiple_tenants_spec.rb +29 -34
- data/spec/strongbolt/user_abilities_spec.rb +142 -188
- data/spec/strongbolt/user_group_spec.rb +14 -14
- data/spec/strongbolt/users_tenant_spec.rb +10 -12
- data/spec/strongbolt_spec.rb +53 -73
- data/spec/support/controller_macros.rb +1 -3
- data/spec/support/db_setup.rb +31 -25
- data/spec/support/helpers.rb +12 -12
- data/spec/support/transactional_specs.rb +1 -3
- data/strongbolt.gemspec +14 -12
- metadata +20 -3
@@ -1,21 +1,20 @@
|
|
1
|
-
require
|
1
|
+
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Strongbolt::UserAbilities do
|
4
|
-
|
5
4
|
before(:all) do
|
6
|
-
define_model
|
7
|
-
self.table_name =
|
5
|
+
define_model 'TenantA' do
|
6
|
+
self.table_name = 'tenant_a'
|
8
7
|
|
9
8
|
has_many :model_with_tenant
|
10
9
|
end
|
11
|
-
define_model
|
12
|
-
self.table_name =
|
10
|
+
define_model 'TenantB' do
|
11
|
+
self.table_name = 'tenant_b'
|
13
12
|
|
14
13
|
has_many :model_with_tenant
|
15
14
|
end
|
16
15
|
|
17
|
-
define_model
|
18
|
-
self.table_name =
|
16
|
+
define_model 'ModelWithTenant' do
|
17
|
+
self.table_name = 'model_with_tenants'
|
19
18
|
|
20
19
|
belongs_to :tenant_a
|
21
20
|
belongs_to :tenant_b
|
@@ -30,7 +29,6 @@ describe Strongbolt::UserAbilities do
|
|
30
29
|
Strongbolt::Configuration.tenants = []
|
31
30
|
end
|
32
31
|
|
33
|
-
|
34
32
|
#
|
35
33
|
# Creates some fixtures for the tests here
|
36
34
|
#
|
@@ -50,44 +48,41 @@ describe Strongbolt::UserAbilities do
|
|
50
48
|
@tenanted_model2 = ModelWithTenant.create! tenant_a: @tenant_a
|
51
49
|
@tenanted_model3 = ModelWithTenant.create! tenant_b: @tenant_b
|
52
50
|
|
53
|
-
@group = Strongbolt::UserGroup.create! name:
|
51
|
+
@group = Strongbolt::UserGroup.create! name: 'Normal'
|
54
52
|
@group.users << @user1
|
55
53
|
@group.users << @user2
|
56
54
|
@group.users << @user3
|
57
55
|
|
58
|
-
@role = @group.roles.create! name:
|
59
|
-
@role.capabilities.create! model:
|
60
|
-
@role.capabilities.create! model:
|
56
|
+
@role = @group.roles.create! name: 'Normal'
|
57
|
+
@role.capabilities.create! model: 'User', action: 'update', require_ownership: true
|
58
|
+
@role.capabilities.create! model: 'ModelWithTenant', action: 'find', require_tenant_access: true
|
61
59
|
end
|
62
60
|
|
63
|
-
|
64
|
-
|
65
61
|
#
|
66
62
|
# Has access to tenants?
|
67
63
|
#
|
68
|
-
describe
|
64
|
+
describe 'has_access_to_tenants?' do
|
69
65
|
before { create_fixtures }
|
70
66
|
|
71
|
-
it
|
72
|
-
expect(@user1.send
|
73
|
-
expect(@user1.send
|
74
|
-
expect(@user2.send
|
75
|
-
expect(@user2.send
|
76
|
-
expect(@user3.send
|
77
|
-
expect(@user3.send
|
67
|
+
it 'should be true when model is tenant' do
|
68
|
+
expect(@user1.send(:has_access_to_tenants?, @tenant_a)).to eq true
|
69
|
+
expect(@user1.send(:has_access_to_tenants?, @tenant_b)).to eq true
|
70
|
+
expect(@user2.send(:has_access_to_tenants?, @tenant_a)).to eq true
|
71
|
+
expect(@user2.send(:has_access_to_tenants?, @tenant_b)).to eq false
|
72
|
+
expect(@user3.send(:has_access_to_tenants?, @tenant_a)).to eq false
|
73
|
+
expect(@user3.send(:has_access_to_tenants?, @tenant_b)).to eq true
|
78
74
|
end
|
79
75
|
|
80
|
-
it
|
81
|
-
expect(@user1.send
|
82
|
-
expect(@user1.send
|
83
|
-
expect(@user1.send
|
84
|
-
expect(@user2.send
|
85
|
-
expect(@user2.send
|
86
|
-
expect(@user2.send
|
87
|
-
expect(@user3.send
|
88
|
-
expect(@user3.send
|
89
|
-
expect(@user3.send
|
76
|
+
it 'should be true when model is first child' do
|
77
|
+
expect(@user1.send(:has_access_to_tenants?, @tenanted_model1)).to eq true
|
78
|
+
expect(@user1.send(:has_access_to_tenants?, @tenanted_model2)).to eq true
|
79
|
+
expect(@user1.send(:has_access_to_tenants?, @tenanted_model3)).to eq true
|
80
|
+
expect(@user2.send(:has_access_to_tenants?, @tenanted_model1)).to eq true
|
81
|
+
expect(@user2.send(:has_access_to_tenants?, @tenanted_model2)).to eq true
|
82
|
+
expect(@user2.send(:has_access_to_tenants?, @tenanted_model3)).to eq false
|
83
|
+
expect(@user3.send(:has_access_to_tenants?, @tenanted_model1)).to eq true
|
84
|
+
expect(@user3.send(:has_access_to_tenants?, @tenanted_model2)).to eq false
|
85
|
+
expect(@user3.send(:has_access_to_tenants?, @tenanted_model3)).to eq true
|
90
86
|
end
|
91
87
|
end
|
92
|
-
|
93
88
|
end
|
@@ -1,21 +1,20 @@
|
|
1
|
-
require
|
1
|
+
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Strongbolt::UserAbilities do
|
4
|
-
|
5
4
|
before(:all) do
|
6
5
|
#
|
7
6
|
# This is a very basic schema that allows having a model,
|
8
7
|
# ChildModel, being tenanted by Model
|
9
8
|
#
|
10
|
-
define_model
|
11
|
-
self.table_name =
|
9
|
+
define_model 'TenantModel' do
|
10
|
+
self.table_name = 'models'
|
12
11
|
|
13
12
|
has_many :owned_models, foreign_key: :parent_id
|
14
13
|
belongs_to :unowned_model, foreign_key: :parent_id
|
15
14
|
end
|
16
15
|
|
17
|
-
define_model
|
18
|
-
self.table_name =
|
16
|
+
define_model 'OwnedModel' do
|
17
|
+
self.table_name = 'child_models'
|
19
18
|
|
20
19
|
belongs_to :user, foreign_key: :model_id
|
21
20
|
belongs_to :tenant_model, foreign_key: :parent_id
|
@@ -25,22 +24,22 @@ describe Strongbolt::UserAbilities do
|
|
25
24
|
validates :tenant_model, presence: true
|
26
25
|
end
|
27
26
|
|
28
|
-
define_model
|
29
|
-
self.table_name =
|
27
|
+
define_model 'ChildModel' do
|
28
|
+
self.table_name = 'model_models'
|
30
29
|
|
31
30
|
belongs_to :owned_model, foreign_key: :parent_id
|
32
31
|
end
|
33
32
|
|
34
|
-
define_model
|
35
|
-
self.table_name =
|
33
|
+
define_model 'UnownedModel' do
|
34
|
+
self.table_name = 'unowned_models'
|
36
35
|
|
37
36
|
has_many :tenant_models, foreign_key: :parent_id
|
38
37
|
end
|
39
38
|
|
40
|
-
define_model
|
41
|
-
self.table_name =
|
39
|
+
define_model 'OtherModel' do
|
40
|
+
self.table_name = 'models'
|
42
41
|
|
43
|
-
authorize_as
|
42
|
+
authorize_as 'UnownedModel'
|
44
43
|
end
|
45
44
|
|
46
45
|
Strongbolt::Configuration.add_tenant TenantModel
|
@@ -54,18 +53,19 @@ describe Strongbolt::UserAbilities do
|
|
54
53
|
|
55
54
|
subject { user }
|
56
55
|
|
57
|
-
it {
|
58
|
-
.
|
56
|
+
it {
|
57
|
+
is_expected.to have_many(:user_groups_users).class_name('Strongbolt::UserGroupsUser')
|
58
|
+
.dependent :delete_all
|
59
|
+
}
|
59
60
|
it { is_expected.to have_many(:user_groups).through :user_groups_users }
|
60
61
|
it { is_expected.to have_many(:roles).through :user_groups }
|
61
62
|
it { is_expected.to respond_to(:capabilities) }
|
62
63
|
it { is_expected.to have_many(:tenant_models) }
|
63
64
|
|
64
|
-
it
|
65
|
-
expect(user.can?
|
65
|
+
it 'should let user find itself' do
|
66
|
+
expect(user.can?(:find, user)).to eq true
|
66
67
|
end
|
67
68
|
|
68
|
-
|
69
69
|
#
|
70
70
|
# Creates some fixtures for the tests here
|
71
71
|
#
|
@@ -81,10 +81,10 @@ describe Strongbolt::UserAbilities do
|
|
81
81
|
@other_user = User.create!
|
82
82
|
# A owned model, owned
|
83
83
|
@owned_model = OwnedModel.create! user: user,
|
84
|
-
|
84
|
+
tenant_model: @tenant_model
|
85
85
|
# An model not owned
|
86
86
|
@unowned_model = OwnedModel.create! user: @other_user,
|
87
|
-
|
87
|
+
tenant_model: @tenant_model
|
88
88
|
# Other tenant model
|
89
89
|
@unmanaged_model = OwnedModel.create! tenant_model: @other_tenant_model
|
90
90
|
# An unownable model
|
@@ -94,52 +94,48 @@ describe Strongbolt::UserAbilities do
|
|
94
94
|
@child_model = @owned_model.child_models.create!
|
95
95
|
|
96
96
|
# The user belong to a group
|
97
|
-
@group = Strongbolt::UserGroup.create! name:
|
97
|
+
@group = Strongbolt::UserGroup.create! name: 'Normal'
|
98
98
|
@group.users << user
|
99
99
|
|
100
100
|
# That has a role
|
101
|
-
@guest_role = Strongbolt::Role.create! name:
|
102
|
-
@parent_role = Strongbolt::Role.create! name:
|
103
|
-
@other_role = Strongbolt::Role.create! name:
|
104
|
-
@role = @group.roles.create! name:
|
101
|
+
@guest_role = Strongbolt::Role.create! name: 'Guest'
|
102
|
+
@parent_role = Strongbolt::Role.create! name: 'Basic', parent_id: @guest_role.id
|
103
|
+
@other_role = Strongbolt::Role.create! name: 'Admin'
|
104
|
+
@role = @group.roles.create! name: 'Normal', parent_id: @parent_role.id
|
105
105
|
|
106
106
|
# Which has capabilities
|
107
107
|
|
108
108
|
# User can update self
|
109
|
-
@parent_role.capabilities.create! model:
|
109
|
+
@parent_role.capabilities.create! model: 'User', action: 'update', require_ownership: true
|
110
110
|
|
111
111
|
# User can read all owned models
|
112
|
-
@parent_role.capabilities.create! model:
|
112
|
+
@parent_role.capabilities.create! model: 'OwnedModel', action: 'find'
|
113
113
|
|
114
114
|
# And create some
|
115
|
-
@role.capabilities.create! model:
|
115
|
+
@role.capabilities.create! model: 'OwnedModel', action: 'create', require_ownership: true
|
116
116
|
|
117
117
|
# But can delete only owned models
|
118
|
-
@role.capabilities.create! model:
|
118
|
+
@role.capabilities.create! model: 'OwnedModel', action: 'destroy', require_ownership: true
|
119
119
|
|
120
120
|
# User can read any unowned models
|
121
|
-
@guest_role.capabilities.create! model:
|
121
|
+
@guest_role.capabilities.create! model: 'UnownedModel', action: 'find'
|
122
122
|
|
123
123
|
# But can create setting only the attribute name
|
124
|
-
@role.capabilities.create! model:
|
125
|
-
|
124
|
+
@role.capabilities.create! model: 'UnownedModel', action: 'create', attr: 'name',
|
125
|
+
require_tenant_access: false
|
126
126
|
|
127
127
|
# Admin can do whatever
|
128
|
-
@other_role.capabilities.create! model:
|
128
|
+
@other_role.capabilities.create! model: 'UnownedModel', action: 'create'
|
129
129
|
end
|
130
130
|
|
131
|
-
|
132
|
-
|
133
|
-
|
134
131
|
#
|
135
132
|
# Adding a tenant to the user
|
136
133
|
#
|
137
|
-
describe
|
138
|
-
|
134
|
+
describe 'add_tenant' do
|
139
135
|
context 'when instance is from a tenant' do
|
140
136
|
let(:model) { TenantModel.create! }
|
141
137
|
|
142
|
-
it
|
138
|
+
it 'should create an association' do
|
143
139
|
expect do
|
144
140
|
user.add_tenant model
|
145
141
|
end.to change(Strongbolt::UsersTenant, :count).by 1
|
@@ -151,136 +147,123 @@ describe Strongbolt::UserAbilities do
|
|
151
147
|
end
|
152
148
|
end
|
153
149
|
|
154
|
-
context
|
150
|
+
context 'when instance is not from a tenant' do
|
155
151
|
let(:model) { Model.create! }
|
156
152
|
|
157
|
-
it
|
153
|
+
it 'should raise an error' do
|
158
154
|
expect do
|
159
155
|
user.add_tenant model
|
160
156
|
end.to raise_error NoMethodError
|
161
157
|
end
|
162
158
|
end
|
163
|
-
|
164
159
|
end
|
165
160
|
|
166
|
-
|
167
|
-
|
168
161
|
#
|
169
162
|
# Has access to tenants?
|
170
163
|
#
|
171
|
-
describe
|
164
|
+
describe 'has_access_to_tenants?' do
|
172
165
|
before { create_fixtures }
|
173
166
|
|
174
|
-
context
|
175
|
-
|
176
|
-
|
177
|
-
expect(user.send :has_access_to_tenants?, @tenant_model).to eq true
|
167
|
+
context 'when same tenant' do
|
168
|
+
it 'should be true when model is tenant' do
|
169
|
+
expect(user.send(:has_access_to_tenants?, @tenant_model)).to eq true
|
178
170
|
end
|
179
171
|
|
180
|
-
it
|
181
|
-
expect(user.send
|
172
|
+
it 'should be true when model is first child' do
|
173
|
+
expect(user.send(:has_access_to_tenants?, @unowned_model)).to eq true
|
182
174
|
end
|
183
175
|
|
184
|
-
it
|
185
|
-
expect(user.send
|
176
|
+
it 'should be true when grand child' do
|
177
|
+
expect(user.send(:has_access_to_tenants?, @child_model)).to eq true
|
186
178
|
end
|
187
179
|
|
188
|
-
it
|
189
|
-
expect(user.send
|
180
|
+
it 'should be true for a user defined association' do
|
181
|
+
expect(user.send(:has_access_to_tenants?, @linked_to_tenant)).to eq true
|
190
182
|
end
|
191
|
-
|
192
183
|
end
|
193
184
|
|
194
|
-
context
|
195
|
-
it
|
196
|
-
expect(user.send
|
185
|
+
context 'when different tenant' do
|
186
|
+
it 'should be false when model is tenant' do
|
187
|
+
expect(user.send(:has_access_to_tenants?, @other_tenant_model)).to eq false
|
197
188
|
end
|
198
189
|
|
199
|
-
it
|
200
|
-
expect(user.send
|
190
|
+
it 'should be false when model is first child' do
|
191
|
+
expect(user.send(:has_access_to_tenants?, @unmanaged_model)).to eq false
|
201
192
|
end
|
202
193
|
end
|
203
194
|
|
204
195
|
context "when model doesn't have link to tenant" do
|
205
|
-
it
|
206
|
-
expect(user.send
|
196
|
+
it 'should return true' do
|
197
|
+
expect(user.send(:has_access_to_tenants?, @model)).to eq true
|
207
198
|
end
|
208
199
|
end
|
209
200
|
end
|
210
201
|
|
211
|
-
|
212
|
-
|
213
202
|
#
|
214
203
|
# All Capabilities
|
215
204
|
#
|
216
205
|
describe 'capabilities' do
|
217
|
-
|
218
206
|
before { create_fixtures }
|
219
207
|
|
220
208
|
let(:capabilities) { user.capabilities }
|
221
209
|
|
222
210
|
subject { capabilities }
|
223
211
|
|
224
|
-
it
|
212
|
+
it 'should have 6 capabilities' do
|
225
213
|
expect(capabilities.size).to eq 6
|
226
214
|
end
|
227
|
-
|
228
215
|
end
|
229
216
|
|
230
|
-
|
231
217
|
#
|
232
218
|
# CAN?
|
233
219
|
#
|
234
220
|
|
235
|
-
describe
|
236
|
-
|
221
|
+
describe 'can?' do
|
237
222
|
before { create_fixtures }
|
238
223
|
|
239
|
-
describe
|
240
|
-
|
241
|
-
context "when authorized" do
|
224
|
+
describe 'creating an owned model' do
|
225
|
+
context 'when authorized' do
|
242
226
|
let(:tenant_model) { TenantModel.create! }
|
243
227
|
|
244
228
|
before { user.tenant_models << tenant_model }
|
245
229
|
|
246
|
-
context
|
230
|
+
context 'when same tenant' do
|
247
231
|
let(:instance) { OwnedModel.new tenant_model: tenant_model }
|
248
232
|
|
249
|
-
it
|
250
|
-
expect(user.can?
|
233
|
+
it 'should return true when passing instance' do
|
234
|
+
expect(user.can?(:create, instance)).to eq true
|
251
235
|
end
|
252
236
|
end
|
253
237
|
|
254
|
-
context
|
255
|
-
|
238
|
+
context 'when not same tenant' do
|
256
239
|
let(:instance) { OwnedModel.new tenant_model: TenantModel.create! }
|
257
240
|
|
258
|
-
it
|
259
|
-
expect(user.can?
|
241
|
+
it 'should return false when passing instance' do
|
242
|
+
expect(user.can?(:create, instance)).to eq false
|
260
243
|
end
|
261
244
|
end
|
262
245
|
|
263
|
-
it
|
264
|
-
expect(user.can?
|
246
|
+
it 'should return true when passing class' do
|
247
|
+
expect(user.can?(:create, OwnedModel)).to eq true
|
265
248
|
end
|
266
249
|
end
|
267
250
|
|
268
|
-
context
|
269
|
-
it
|
270
|
-
expect(user.can?
|
251
|
+
context 'when not authorized' do
|
252
|
+
it 'should return true when passing instance' do
|
253
|
+
expect(user.can?(:create, User.new)).to eq false
|
271
254
|
end
|
272
255
|
|
273
|
-
it
|
274
|
-
expect(user.can?
|
256
|
+
it 'should return true when passing class' do
|
257
|
+
expect(user.can?(:create, User)).to eq false
|
275
258
|
end
|
276
259
|
end
|
277
260
|
|
278
|
-
context
|
261
|
+
context 'when default set of permissions' do
|
279
262
|
before do
|
280
263
|
Strongbolt.setup do |config|
|
281
264
|
config.default_capabilities = [
|
282
|
-
{:
|
283
|
-
{:
|
265
|
+
{ model: 'OwnedModel', require_ownership: true, actions: :update },
|
266
|
+
{ model: 'TenantModel', require_tenant_access: false, require_ownership: false, actions: 'find' }
|
284
267
|
]
|
285
268
|
end
|
286
269
|
end
|
@@ -291,108 +274,99 @@ describe Strongbolt::UserAbilities do
|
|
291
274
|
end
|
292
275
|
|
293
276
|
let(:other_user) { User.create! }
|
294
|
-
let(:owned_model) { OwnedModel.create! :
|
295
|
-
let(:unowned_model) { OwnedModel.create! :
|
277
|
+
let(:owned_model) { OwnedModel.create! user: user, tenant_model: TenantModel.create! }
|
278
|
+
let(:unowned_model) { OwnedModel.create! user: other_user, tenant_model: TenantModel.create! }
|
296
279
|
|
297
|
-
it
|
298
|
-
expect(user.can?
|
280
|
+
it 'should let the user update an owned model' do
|
281
|
+
expect(user.can?(:update, owned_model)).to eq true
|
299
282
|
end
|
300
283
|
|
301
|
-
it
|
302
|
-
expect(user.can?
|
284
|
+
it 'should not let the user update an owned model from another user' do
|
285
|
+
expect(user.can?(:update, unowned_model)).to eq false
|
303
286
|
end
|
304
287
|
end
|
305
|
-
|
306
288
|
end # Creating an owned model
|
307
289
|
|
308
|
-
describe
|
309
|
-
context
|
310
|
-
it
|
311
|
-
expect(user.can?
|
290
|
+
describe 'updating an owned model' do
|
291
|
+
context 'when owning model' do
|
292
|
+
it 'should return true' do
|
293
|
+
expect(user.can?(:update, user)).to eq true
|
312
294
|
end
|
313
295
|
end
|
314
296
|
|
315
|
-
context
|
316
|
-
it
|
317
|
-
expect(user.can?
|
297
|
+
context 'when not owning model' do
|
298
|
+
it 'should return false' do
|
299
|
+
expect(user.can?(:update, @other_user)).to eq false
|
318
300
|
end
|
319
301
|
end
|
320
302
|
end # Updating an owned model
|
321
303
|
|
322
|
-
describe
|
323
|
-
|
324
|
-
|
325
|
-
|
326
|
-
expect(user.can? :create, UnownedModel, :all).to eq false
|
304
|
+
describe 'creating a model with attribute restriction' do
|
305
|
+
context 'when requiring all attributes' do
|
306
|
+
it 'should return false' do
|
307
|
+
expect(user.can?(:create, UnownedModel, :all)).to eq false
|
327
308
|
end
|
328
309
|
|
329
|
-
it
|
330
|
-
expect(user.can?
|
310
|
+
it 'should return false for other model authorized as it' do
|
311
|
+
expect(user.can?(:create, OtherModel, :all)).to eq false
|
331
312
|
end
|
332
313
|
end
|
333
314
|
|
334
|
-
context
|
335
|
-
it
|
336
|
-
expect(user.can?
|
315
|
+
context 'when requiring any attribute' do
|
316
|
+
it 'should return true' do
|
317
|
+
expect(user.can?(:create, UnownedModel, :any)).to eq true
|
337
318
|
end
|
338
319
|
|
339
|
-
it
|
340
|
-
expect(user.can?
|
320
|
+
it 'should return true for other model authorized as it' do
|
321
|
+
expect(user.can?(:create, OtherModel, :any)).to eq true
|
341
322
|
end
|
342
323
|
end
|
343
|
-
|
344
324
|
end # Creating a model with restricted attributes
|
345
325
|
|
346
|
-
describe
|
326
|
+
describe 'creating a non tenanted model' do
|
347
327
|
let(:instance) { UnownedModel.new }
|
348
328
|
|
349
|
-
context
|
350
|
-
it
|
351
|
-
expect(user.can?
|
329
|
+
context 'when user has the right' do
|
330
|
+
it 'should return true' do
|
331
|
+
expect(user.can?(:create, instance)).to eq true
|
352
332
|
end
|
353
333
|
end
|
354
334
|
end
|
355
335
|
|
356
336
|
describe 'destroying an owned model' do
|
357
|
-
context
|
358
|
-
it
|
359
|
-
expect(user.can?
|
337
|
+
context 'when owning' do
|
338
|
+
it 'should be true' do
|
339
|
+
expect(user.can?(:destroy, @owned_model)).to eq true
|
360
340
|
end
|
361
341
|
end
|
362
342
|
|
363
|
-
context
|
364
|
-
it
|
365
|
-
expect(user.can?
|
343
|
+
context 'when not owning' do
|
344
|
+
it 'should be false' do
|
345
|
+
expect(user.can?(:destroy, @unowned_model)).to eq false
|
366
346
|
end
|
367
347
|
end
|
368
348
|
end
|
369
349
|
|
370
|
-
describe
|
371
|
-
context
|
372
|
-
it
|
373
|
-
expect(user.can?
|
350
|
+
describe 'finding model' do
|
351
|
+
context 'when same tenant' do
|
352
|
+
it 'should be true' do
|
353
|
+
expect(user.can?(:find, @unowned_model)).to eq true
|
374
354
|
end
|
375
355
|
end
|
376
356
|
|
377
|
-
context
|
378
|
-
it
|
379
|
-
expect(user.can?
|
357
|
+
context 'when not same tenant' do
|
358
|
+
it 'should be false' do
|
359
|
+
expect(user.can?(:find, @unmanaged_model)).to eq false
|
380
360
|
end
|
381
361
|
end
|
382
362
|
end
|
383
|
-
|
384
363
|
end # End can?
|
385
364
|
|
386
|
-
|
387
|
-
|
388
|
-
|
389
|
-
|
390
365
|
#
|
391
366
|
# Populate Capabilities Cache
|
392
367
|
#
|
393
368
|
|
394
|
-
describe
|
395
|
-
|
369
|
+
describe 'Populate Capabilities Cache' do
|
396
370
|
#
|
397
371
|
# We create some fixtures for the population of cache to be tested
|
398
372
|
#
|
@@ -402,108 +376,88 @@ describe Strongbolt::UserAbilities do
|
|
402
376
|
|
403
377
|
subject { cache }
|
404
378
|
|
405
|
-
it
|
379
|
+
it 'should have the right number of capabilities' do
|
406
380
|
expect(cache.size).to eq 4 * 6 + 2
|
407
381
|
end
|
408
382
|
|
409
383
|
[
|
410
|
-
|
411
|
-
|
412
|
-
|
413
|
-
|
414
|
-
|
415
|
-
|
384
|
+
'updateUserall-any', 'updateUserany-any', # "updateUserall-#{User.first.id}", "updateUserany-#{User.first.id}",
|
385
|
+
'findOwnedModelall-any', 'findOwnedModelany-any', 'findOwnedModelall-tenanted', 'findOwnedModelany-tenanted',
|
386
|
+
'createOwnedModelall-any', 'createOwnedModelany-any', 'createOwnedModelall-owned', 'createOwnedModelany-owned',
|
387
|
+
'destroyOwnedModelall-any', 'destroyOwnedModelany-any', 'destroyOwnedModelall-owned', 'destroyOwnedModelany-owned',
|
388
|
+
'findUnownedModelall-any', 'findUnownedModelany-any', 'findUnownedModelall-tenanted', 'findUnownedModelany-tenanted',
|
389
|
+
'createUnownedModelname-any', 'createUnownedModelany-any', 'createUnownedModelname-all', 'createUnownedModelany-all'
|
416
390
|
].each do |key|
|
417
391
|
it "should have set true to #{key}" do
|
418
392
|
expect(cache[key]).to eq true
|
419
393
|
end
|
420
394
|
end
|
421
|
-
|
422
395
|
end
|
423
396
|
|
424
|
-
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
397
|
#
|
430
398
|
# OWNS?
|
431
399
|
#
|
432
|
-
describe
|
433
|
-
|
400
|
+
describe 'owns?' do
|
434
401
|
#
|
435
402
|
# Another user
|
436
403
|
#
|
437
|
-
context
|
438
|
-
|
404
|
+
context 'when testing against a user' do
|
439
405
|
context 'when other user' do
|
440
|
-
|
441
406
|
let(:other_user) { User.create! }
|
442
407
|
|
443
|
-
it
|
444
|
-
expect(user.owns?
|
408
|
+
it 'should not own it' do
|
409
|
+
expect(user.owns?(other_user)).to eq false
|
445
410
|
end
|
446
|
-
|
447
411
|
end
|
448
412
|
|
449
|
-
context
|
450
|
-
it
|
451
|
-
expect(user.owns?
|
413
|
+
context 'when same user' do
|
414
|
+
it 'should own it' do
|
415
|
+
expect(user.owns?(user)).to eq true
|
452
416
|
end
|
453
417
|
end
|
454
|
-
|
455
418
|
end # End owning user
|
456
419
|
|
457
|
-
|
458
420
|
#
|
459
421
|
# Another object
|
460
422
|
#
|
461
|
-
context
|
462
|
-
|
463
|
-
context "when owning it" do
|
423
|
+
context 'when testing against another model having user_id' do
|
424
|
+
context 'when owning it' do
|
464
425
|
let(:model) { Model.create! user_id: user.id }
|
465
426
|
|
466
|
-
it
|
467
|
-
expect(user.owns?
|
427
|
+
it 'should own it' do
|
428
|
+
expect(user.owns?(model)).to eq true
|
468
429
|
end
|
469
430
|
end
|
470
431
|
|
471
|
-
context
|
432
|
+
context 'when not owning it' do
|
472
433
|
let(:model) { Model.create! user_id: 0 }
|
473
434
|
|
474
|
-
it
|
475
|
-
expect(user.owns?
|
435
|
+
it 'should own it' do
|
436
|
+
expect(user.owns?(model)).to eq false
|
476
437
|
end
|
477
438
|
end
|
478
|
-
|
479
439
|
end # End testing against model having user id
|
480
|
-
|
481
440
|
end
|
482
441
|
|
483
|
-
|
484
442
|
#
|
485
443
|
# Another object unowned
|
486
444
|
#
|
487
|
-
context
|
488
|
-
|
445
|
+
context 'when testing against a model not having user id' do
|
489
446
|
let(:model) { UnownedModel.create! }
|
490
447
|
|
491
|
-
it
|
492
|
-
expect(user.owns?
|
448
|
+
it 'should not own it' do
|
449
|
+
expect(user.owns?(model)).to eq false
|
493
450
|
end
|
494
|
-
|
495
451
|
end
|
496
452
|
|
497
|
-
|
498
453
|
#
|
499
454
|
# Wrong arguments
|
500
455
|
#
|
501
|
-
context
|
502
|
-
it
|
456
|
+
context 'when given something else than an object' do
|
457
|
+
it 'should raise error' do
|
503
458
|
expect do
|
504
459
|
user.owns? Model
|
505
460
|
end.to raise_error ArgumentError
|
506
461
|
end
|
507
462
|
end
|
508
|
-
|
509
463
|
end
|