thwart 0.0.0

data/spec/role_builder_spec.rb

@@ -0,0 +1,197 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Thwart::RoleBuilder do  
+  before do
+    @example_actions = double("Actionables Store", :actionables => {:view => [:view], :update => [:update], :manage => [:view, :update]})
+    @builder = Thwart::RoleBuilder.new(@example_actions)
+  end
+  
+  it "should build roles" do
+    role = @builder.create_role :a_name
+    role.class.include?(Thwart::Role).should == true
+  end
+  
+  it "should fire the build callback" do
+    receiver = double("receiver")
+    receiver.should_receive(:after_build_role)
+    klass = Thwart::RoleBuilder.clone
+    klass.set_callback :build_role, :after, receiver
+    role = klass.new(@example_actions).create_role :a_name
+  end
+  
+  it "should apply the default action to built roles" do 
+    role = @builder.create_role :a_name do
+      default false
+    end
+    role2 = @builder.create_role :another_name do
+      default true
+    end
+    role.responses.should == {}
+    role.default_response.should == false
+    role.query(nil, nil, nil).should == false
+
+    role2.responses.should == {}
+    role2.default_response.should == true
+    role2.query(nil, nil, nil).should == true
+  end
+  
+  it "should only allow permissions to be defined using recognizable actions" do
+    lambda {
+      @builder.create_role :name do
+        define_permission :non_existant_action, :resource
+      end
+    }.should raise_error(ArgumentError)
+  end
+  
+  it "should default to allowing actions" do
+    role1 = @builder.create_role :name do
+      view :foo
+      update :bar
+    end
+    role2 = @builder.create_role :a_name do
+      allow do
+        view :foo
+        update :bar
+      end
+    end
+    role1.responses.should == role2.responses
+  end
+  
+  it "should provide deny blocks" do
+    role = @builder.create_role :name do
+      deny do
+        view :foo
+        update :bar
+      end
+    end
+    role.responses.should == {:view => {:foo => false}, :update => {:bar => false}}
+  end
+  
+  it "should accept permissions outside of deny blocks as allows on both sides" do
+    role = @builder.create_role :name do
+      view :foo
+      deny do
+        update :foo
+      end
+      view :bar
+    end
+    role.responses.should == {:view => {:foo => true, :bar => true}, :update => {:foo => false}}
+  end
+  
+  it "should build responses with :all" do
+    role = @builder.create_role :a_name do
+      view :all
+    end
+    role.responses.should == {:view => {:_other => true}}
+  end
+  
+  it "should build :all responses without arguments" do
+    role = @builder.create_role :a_name do
+      view
+    end
+    role.responses.should == {:view => {:_other => true}}
+  end
+  
+  it "should build roles which respond to simple actions" do
+    role = @builder.create_role :a_name do
+      update :this, :that
+    end
+    role.responses.should == {:update => {:this => true, :that => true}}
+  end
+  
+  it "should build roles which respond to simple actions" do
+    role = @builder.create_role :a_name do
+      update :this, :that
+    end
+    role.responses.should == {:update => {:this => true, :that => true}}
+  end
+
+  it "should build roles which respond to action groups" do
+    role = @builder.create_role :a_name do
+      manage :this, :that
+    end
+    role.responses.should == {:view => {:this => true, :that => true}, :update => {:this => true, :that => true}}
+  end
+  
+  it "should merge all declarations with others" do
+    role = @builder.create_role :a_name do
+      update :this, :that
+      deny do 
+        update :all
+      end
+    end
+    role.responses.should == {:update => {:this => true, :that => true, :_other => false}}
+  end
+
+  context "passed conditions" do
+    before do
+      @good_actor = double("actor", :is_allowed => true)
+      @bad_actor = double("actor", :is_allowed => false)
+    end    
+    
+    context "at the resource level" do
+      before do
+        @role = @builder.create_role :a_name do
+          update :foo, :if => lambda {|actor| actor.is_allowed == true }
+          update :bar, :unless => lambda {|actor| actor.is_allowed == true }
+          update :baz do |actor| actor.is_allowed == true end
+        end
+      end  
+      it "should build procs using the :if option" do
+        @role.responses[:update][:foo].call(@good_actor).should == true
+        @role.responses[:update][:foo].call(@bad_actor).should == false     
+      end
+      it "should build procs using the :unless option" do
+        @role.responses[:update][:bar].call(@good_actor).should == false
+        @role.responses[:update][:bar].call(@bad_actor).should == true
+      end
+      it "should build procs using action level blocks" do
+        @role.responses[:update][:baz].call(@good_actor).should == true
+        @role.responses[:update][:baz].call(@bad_actor).should == false
+      end
+    end
+  
+    context "at the action level" do
+      it "should build procs using the :if option" do
+        @role = @builder.create_role :a_name do
+          update :if => lambda {|actor| actor.is_allowed == true }
+        end
+        @role.responses[:update][:_other].call(@good_actor).should == true
+        @role.responses[:update][:_other].call(@bad_actor).should == false     
+      end
+      it "should build procs using the :unless option" do
+        @role = @builder.create_role :a_name do
+          update :unless => lambda {|actor| actor.is_allowed == true }
+        end
+        @role.responses[:update][:_other].call(@good_actor).should == false
+        @role.responses[:update][:_other].call(@bad_actor).should == true
+      end
+      it "should build procs using action level blocks" do
+        @role = @builder.create_role :a_name do
+          update do |actor| actor.is_allowed == true end
+        end
+        @role.responses[:update][:_other].call(@good_actor).should == true
+        @role.responses[:update][:_other].call(@bad_actor).should == false
+      end
+    end
+  end
+  
+  context "building roles which include other roles" do
+    it "should allow parents to be specified as options to the role" do
+      @role = @builder.create_role :name, :parents => [:foo, :bar]
+      @role.parents.should == [:foo, :bar]
+    end
+    it "should allow parents to be included in the role definition" do
+      @role = @builder.create_role :name do
+        include :foo
+        include :bar
+      end
+    end
+    it "should allow parents to be included on the same line in the role definition" do
+      @role = @builder.create_role :name do
+        include :foo, :bar
+      end
+    end
+  end
+  
+end

data/spec/role_registry_spec.rb

@@ -0,0 +1,137 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+def actor_with_role(a_role)
+  double("Actor", :thwart_role => a_role.name)
+end
+
+describe Thwart::RoleRegistry do
+  before do 
+    @role_builder = double("Role Builder")
+    @role_builder.class.stub(:set_callback => true)
+    @registry = Thwart::RoleRegistry.new(@role_builder)
+  end
+
+  it "should initialize a callback on the action creator" do
+    store_class = Class.new do
+      include ActiveSupport::Callbacks
+    end
+    store_class.should_receive(:set_callback)
+    Thwart::RoleRegistry.new(store_class.new)
+  end
+
+  it "should add roles to the registry" do
+    role = double("Role")
+    @registry.add(role)
+    @registry.roles.should include(role)
+    @registry.has_role?(role).should == true
+  end
+  
+  it "should prevent addition of duplicate roles" do
+    role = double("Role")
+    @registry.add(role)
+    lambda {
+      @registry.add(role)
+    }.should raise_error(Thwart::DuplicateRoleError)
+  end
+  context "role finding" do
+    before do
+      @role = double("A Role", :name => :role1)
+      @registry.add(@role)
+    end
+    it "should find nil for nil" do
+      @registry.find_actor_role(nil).should == nil
+    end
+    it "should use the thwart_role attribute" do
+      actor = double("Actor", :thwart_role => @role)
+      @registry.find_actor_role(actor).should == @role
+    end
+    it "should convert symbols to roles" do
+      actor = double("Actor", :thwart_role => :role1)
+      @registry.find_actor_role(actor).should == @role
+    end
+    it "should find nil for symbols pointing to non registered roles " do
+      actor = double("Actor", :thwart_role => :role2)
+      @registry.find_actor_role(actor).should == nil
+    end
+  end
+  context "resource finding" do
+    it "should find nil for nil" do
+      @registry.find_resource_identifier(nil).should == nil
+    end
+    it "should find using the thwart_name attribute" do
+      resource = double("Resource", :thwart_name => :balls)
+      @registry.find_resource_identifier(resource).should == :balls
+    end
+    it "should find using the class thwart_name attribute" do
+      klass = Class.new do
+        def thwart_name
+          :balls
+        end
+      end
+      @registry.find_resource_identifier(klass.new).should == :balls
+    end
+    it "should find using the class name if the gem wide setting is set" do
+      Thwart.all_classes_are_resources = true
+      class Bollocks; end
+      @registry.find_resource_identifier(Bollocks.new).should == :bollocks
+      Thwart.all_classes_are_resources = false
+    end
+    
+  end
+  context "querying" do
+    it "should return the default if the role can't be found and the gem wide setting is set" do
+      Thwart.actor_must_play_role = false
+      resp = double("A Bool")
+      Thwart.should_receive(:default_query_response).and_return(resp)
+      @registry.query(nil, nil, nil).should == resp
+    end
+    
+    it "should raise an error if the role can't be found and the gem wide setting is set" do 
+      Thwart.actor_must_play_role = true
+      lambda { 
+        @registry.query(nil, nil, nil)
+      }.should raise_error(Thwart::MissingRoleError)
+    end
+    
+    context "with roles in the registry" do
+      before do
+        Thwart.actor_must_play_role = true
+        Thwart.default_query_response = false
+        @role1 = double("Low Level Role", :name => :role1, :query => false)
+        @role2 = double("High Level Role", :name => :role2, :query => true)
+        @role3 = double("No Rules Role", :name => :role3, :query => nil, :parents => [@role2, @role1])
+        @role4 = double("Really low role", :name => :role4, :query => nil, :parents => [@role3])
+        [@role1, @role2, @role3, @role4].each do |r|
+          @registry.add(r)
+        end
+      end
+      
+      it "should query the role" do
+        @registry.query(actor_with_role(@role1), nil, nil).should == false
+      end
+      
+      it "should query the parents in a breadth first order if the role query is unsuccessful" do 
+        @role3.should_receive(:parents)
+        @registry.query(actor_with_role(@role3), nil, nil).should == true # this ensures role2 is checked before role1
+      end
+       
+      it "should query more than one level of parents" do
+        @role3.should_receive(:parents)
+        @role4.should_receive(:parents)
+        @registry.query(actor_with_role(@role4), nil, nil).should == true # this ensures role2 is checked before role1
+      end
+      
+      it "should return the default if the role can't be found and the gem wide setting is set" do
+        Thwart.actor_must_play_role = false
+        @registry.query(actor_with_role(double("A role not in the registry", :name => :not_present)), nil, nil).should == false
+      end
+      
+      it "should raise an error if the role can't be found and the gem wide setting is set" do
+        Thwart.actor_must_play_role = true
+        lambda {
+          @registry.query(actor_with_role(double("A role not in the registry", :name => :not_present)), nil, nil)
+        }.should raise_error(Thwart::MissingRoleError)
+      end
+    end
+  end
+end

data/spec/role_spec.rb

@@ -0,0 +1,146 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Thwart::Role do
+  it "should be queryable" do
+    instance_with_module(Thwart::Role).respond_to?(:query).should == true
+  end
+  
+  it "should respond with nil if no rule applies" do
+    instance_with_role_definition.query(nil, nil, nil).should == nil
+  end
+  
+  it "should respond to queries with its role level default" do
+    a_val = mock('default query response')
+    @role1 = instance_with_role_definition do
+      self.default_response = a_val
+    end
+    @role1.query(nil, nil, nil).should == a_val
+    @role1.query(:foo, :bar, :baz).should == a_val
+  end
+  
+  it "should uniqueify its parents upon assignment" do
+    @role = instance_with_role_definition
+    @role.parents = [:a, :b]
+    @role.parents += [:a, :c]
+    @role.parents.should == [:a, :b, :c]
+  end
+  
+  context "with simple responses set" do
+    before do
+      @role = instance_with_role_definition do
+        self.responses = {:view => true, :update => false}
+      end
+    end
+    it "should respond to simple queries with actions" do
+      @role.query(nil, nil, :view).should == true
+      @role.query(nil, nil, :update).should == false
+    end
+    it "shouldn't respond to queries it has no rules for" do
+      @role.query(nil, nil, nil).should == nil
+    end
+    it "should return the default if it is set" do
+      @role.default_response = true
+      @role.query(nil, nil, nil).should == true
+    end
+  end
+  
+  context "with response sets scoped by resource" do
+    before do
+      @role = instance_with_role_definition do
+        self.responses = {:view => {:foo => true, :bar => false}, :update => false, :destroy => {:foo => true, :_other => false}}
+      end
+    end
+    it "should respond to simple queries with actions" do
+      @role.query(nil, :foo, :view).should == true
+      @role.query(nil, :bar, :view).should == false
+      @role.query(nil, :baz, :view).should == nil
+      
+      @role.query(nil, :foo, :update).should == false
+      @role.query(nil, :bar, :update).should == false
+    end
+  end
+  
+  context "with defaults at all levels" do
+    before do
+      @role = instance_with_role_definition do
+        self.default_response = true
+        self.responses = {:view => nil, :update => false, :destroy => {:foo => true, :_other => false}}
+      end
+    end
+    it "should respond with the role level default for an unknown action" do
+      @role.query(nil, :foo, :create).should == true
+    end
+    it "should respond with the action level default for known actions" do
+      @role.query(nil, :foo, :view).should == nil
+      @role.query(nil, :foo, :update).should == false
+    end
+    it "should respond with the resource level default for known action and unknown permissions" do
+      @role.query(nil, :foo, :destroy).should == true # Known permission
+      @role.query(nil, :bar, :destroy).should == false
+    end
+  end
+  
+  context "with response sets with procs" do
+    before do
+      @good_actor = double("actor", :is_allowed => true)
+      @bad_actor = double("actor", :is_allowed => false)
+    end
+    context "procs at action level" do
+      before do
+        @role = instance_with_role_definition do
+          self.responses = {:view => Proc.new {|actor, resource| actor.is_allowed == true}, :update => false}
+        end
+      end
+      it "should run the proc" do
+        @good_actor.should_receive(:is_allowed).twice
+        @role.query(@good_actor, :foo, :view).should == true
+        @role.query(@good_actor, :bar, :view).should == true
+        @role.query(@good_actor, :foo, :update).should == false
+        @role.query(@good_actor, :bar, :update).should == false
+        
+        @bad_actor.should_receive(:is_allowed).twice
+        @role.query(@bad_actor, :foo, :view).should == false
+        @role.query(@bad_actor, :bar, :view).should == false
+        @role.query(@bad_actor, :foo, :update).should == false
+        @role.query(@bad_actor, :bar, :update).should == false
+      end
+    end
+    
+    context "procs at resource level" do      
+      before do
+        @role = instance_with_role_definition do
+          self.responses = {:view => {:foo => true, 
+                                      :bar => Proc.new {|actor, resource| actor.is_allowed == true},
+                                      :_other => Proc.new {|actor, resource| actor.is_allowed == true}}, 
+                            :update => false
+                          }
+        end
+      end
+      
+      it "should respond to other actions without procs" do 
+        @role.query(nil, :foo, :view).should == true
+        @role.query(nil, :foo, :update).should == false
+        @role.query(nil, :bar, :update).should == false
+        @role.query(nil, :baz, :update).should == false
+      end
+      
+      it "should respond to actions with procs by calling them" do
+        @role.query(@good_actor, :bar, :view).should == true
+        @role.query(@bad_actor, :bar, :view).should == false 
+      end
+      
+      it "should respond to unknown resources by calling the :_other proc" do
+        @role.query(@good_actor, :baz, :view).should == true
+        @role.query(@bad_actor, :baz, :view).should == false 
+      end
+    end
+  end
+end
+
+describe Thwart::DefaultRole do
+  it "should respond to queries with the Thwart response default" do
+    a_val = mock('default query')
+    Thwart.should_receive(:default_query_response).and_return(a_val) 
+    subject.query(nil, nil, nil).should == a_val
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,49 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+require 'thwart'
+require 'rspec'
+require 'rspec/autorun'
+
+RSpec.configure do |c|
+end
+
+class User
+  include Thwart::Actor
+  attr_accessor :name
+end
+
+class Post
+  include Thwart::Resource
+  attr_accessor :title
+end
+
+def generic_model(name=nil, &block)
+  klass = Class.new do
+    def self.table_name
+      "generics"
+    end
+    if name
+      class_eval "def self.name; '#{name}' end"
+      class_eval "def self.to_s; '#{name}' end"
+    end
+  end
+
+  klass.class_eval(&block) if block_given?
+  klass
+end
+
+def class_with_module(mod)
+  Class.new do
+    include mod
+  end
+end
+
+def instance_with_module(mod)
+  class_with_module(mod).new
+end
+
+def instance_with_role_definition(&block)
+  role = instance_with_module(Thwart::Role)
+  role.instance_eval(&block) if block_given?
+  role
+end

data/spec/thwart_spec.rb

@@ -0,0 +1,60 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe Thwart do
+  it "should autoload all the classes" do
+    lambda {
+      Thwart::Actor
+      Thwart::Role
+      Thwart::DefaultRole
+      Thwart::Resource
+      Thwart::Dsl
+      Thwart::Cans
+      Thwart::Ables
+      Thwart::ActionsStore
+      Thwart::ActionGroupBuilder
+      Thwart::RoleRegistry
+      Thwart::RoleBuilder
+    }.should_not raise_error
+  end
+  
+  describe "configuration" do
+    it "should realize the configured values" do
+      Thwart.configure do 
+        role_registry 'role_registry'
+        default_query_response 'false'
+      end
+      Thwart.role_registry.should == 'role_registry'
+      Thwart.default_query_response.should == 'false'
+    end
+    it "should create new actions" do
+      Thwart::Actions.should_receive(:create_action).with(:add, :addable)
+      Thwart.configure do
+        action :add, :addable
+      end
+    end
+    it "should create new roles" do
+      role_dsl = double("dsl")
+      Thwart::RoleBuilder.should_receive(:new).and_return(role_dsl)
+      role_dsl.should_receive(:create_role).with(:a)
+      role_dsl.should_receive(:create_role).with(:b, 'something else')
+      role_dsl.class.stub(:set_callback)
+      role_dsl.class.stub(:reset_callbacks)
+      Thwart.configure do
+        role :a
+        role :b, 'something else'
+      end
+    end
+    it "should create new action groups" do
+      actionables = double("actionables")
+      Thwart::ActionGroupBuilder.should_receive(:new).and_return(actionables)
+      actionables.should_receive(:create_action_group).with(:manage)
+      actionables.should_receive(:create_action_group).with(:inspect, [])
+      Thwart.configure do
+        action_group :manage
+        action_group :inspect, []
+      end
+    end
+  end
+  describe "query" do
+  end
+end