trust 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +23 -0
- data/README.md +244 -0
- data/Rakefile +37 -0
- data/lib/tasks/trust_tasks.rake +42 -0
- data/lib/trust/active_record.rb +65 -0
- data/lib/trust/authorization.rb +85 -0
- data/lib/trust/controller/properties.rb +134 -0
- data/lib/trust/controller/resource.rb +306 -0
- data/lib/trust/controller.rb +197 -0
- data/lib/trust/exceptions.rb +45 -0
- data/lib/trust/inheritable_attribute.rb +91 -0
- data/lib/trust/permissions.rb +268 -0
- data/lib/trust/test_helper.rb +56 -0
- data/lib/trust/version.rb +27 -0
- data/lib/trust.rb +39 -0
- data/test/dummy/README.rdoc +261 -0
- data/test/dummy/Rakefile +7 -0
- data/test/dummy/app/assets/javascripts/accounts.js +2 -0
- data/test/dummy/app/assets/javascripts/application.js +15 -0
- data/test/dummy/app/assets/javascripts/clients.js +2 -0
- data/test/dummy/app/assets/javascripts/users.js +2 -0
- data/test/dummy/app/assets/stylesheets/accounts.css +4 -0
- data/test/dummy/app/assets/stylesheets/application.css +13 -0
- data/test/dummy/app/assets/stylesheets/clients.css +4 -0
- data/test/dummy/app/assets/stylesheets/scaffold.css +56 -0
- data/test/dummy/app/assets/stylesheets/users.css +4 -0
- data/test/dummy/app/controllers/accounts_controller.rb +100 -0
- data/test/dummy/app/controllers/application_controller.rb +31 -0
- data/test/dummy/app/controllers/clients_controller.rb +107 -0
- data/test/dummy/app/controllers/savings_accounts_controller.rb +27 -0
- data/test/dummy/app/controllers/settlements_controller.rb +26 -0
- data/test/dummy/app/controllers/users_controller.rb +107 -0
- data/test/dummy/app/helpers/accounts_helper.rb +26 -0
- data/test/dummy/app/helpers/application_helper.rb +26 -0
- data/test/dummy/app/helpers/clients_helper.rb +26 -0
- data/test/dummy/app/helpers/users_helper.rb +26 -0
- data/test/dummy/app/models/account/credit.rb +26 -0
- data/test/dummy/app/models/account.rb +35 -0
- data/test/dummy/app/models/client.rb +35 -0
- data/test/dummy/app/models/permissions.rb +68 -0
- data/test/dummy/app/models/savings_account.rb +26 -0
- data/test/dummy/app/models/user.rb +40 -0
- data/test/dummy/app/views/accounts/_form.html.erb +46 -0
- data/test/dummy/app/views/accounts/edit.html.erb +31 -0
- data/test/dummy/app/views/accounts/index.html.erb +48 -0
- data/test/dummy/app/views/accounts/new.html.erb +30 -0
- data/test/dummy/app/views/accounts/show.html.erb +35 -0
- data/test/dummy/app/views/clients/_form.html.erb +46 -0
- data/test/dummy/app/views/clients/edit.html.erb +31 -0
- data/test/dummy/app/views/clients/index.html.erb +48 -0
- data/test/dummy/app/views/clients/new.html.erb +30 -0
- data/test/dummy/app/views/clients/show.html.erb +35 -0
- data/test/dummy/app/views/layouts/application.html.erb +39 -0
- data/test/dummy/app/views/users/_form.html.erb +46 -0
- data/test/dummy/app/views/users/edit.html.erb +31 -0
- data/test/dummy/app/views/users/index.html.erb +48 -0
- data/test/dummy/app/views/users/new.html.erb +30 -0
- data/test/dummy/app/views/users/show.html.erb +35 -0
- data/test/dummy/config/application.rb +56 -0
- data/test/dummy/config/boot.rb +10 -0
- data/test/dummy/config/database.yml +25 -0
- data/test/dummy/config/environment.rb +5 -0
- data/test/dummy/config/environments/development.rb +37 -0
- data/test/dummy/config/environments/production.rb +67 -0
- data/test/dummy/config/environments/test.rb +37 -0
- data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/test/dummy/config/initializers/inflections.rb +15 -0
- data/test/dummy/config/initializers/mime_types.rb +5 -0
- data/test/dummy/config/initializers/secret_token.rb +7 -0
- data/test/dummy/config/initializers/session_store.rb +8 -0
- data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/test/dummy/config/locales/en.yml +5 -0
- data/test/dummy/config/routes.rb +38 -0
- data/test/dummy/config.ru +4 -0
- data/test/dummy/db/migrate/20120522115011_create_accounts.rb +36 -0
- data/test/dummy/db/migrate/20120522130322_create_users.rb +33 -0
- data/test/dummy/db/migrate/20120523144144_create_clients.rb +34 -0
- data/test/dummy/db/schema.rb +38 -0
- data/test/dummy/public/404.html +26 -0
- data/test/dummy/public/422.html +26 -0
- data/test/dummy/public/500.html +25 -0
- data/test/dummy/public/favicon.ico +0 -0
- data/test/dummy/script/rails +6 -0
- data/test/dummy/test/fixtures/accounts.yml +7 -0
- data/test/dummy/test/fixtures/clients.yml +7 -0
- data/test/dummy/test/fixtures/users.yml +7 -0
- data/test/dummy/test/functional/accounts_controller_test.rb +123 -0
- data/test/dummy/test/functional/clients_controller_test.rb +74 -0
- data/test/dummy/test/functional/users_controller_test.rb +74 -0
- data/test/dummy/test/unit/account_test.rb +31 -0
- data/test/dummy/test/unit/client_test.rb +31 -0
- data/test/dummy/test/unit/helpers/accounts_helper_test.rb +28 -0
- data/test/dummy/test/unit/helpers/clients_helper_test.rb +28 -0
- data/test/dummy/test/unit/helpers/users_helper_test.rb +28 -0
- data/test/dummy/test/unit/permissions_test.rb +171 -0
- data/test/dummy/test/unit/user_test.rb +31 -0
- data/test/test_helper.rb +45 -0
- data/test/trust_test.rb +31 -0
- data/test/unit/trust/active_record_test.rb +56 -0
- data/test/unit/trust/authorization_test.rb +108 -0
- data/test/unit/trust/controller/properties_test.rb +132 -0
- data/test/unit/trust/controller/resource_test.rb +251 -0
- data/test/unit/trust/controller_test.rb +160 -0
- data/test/unit/trust/inheritable_attribute_test.rb +65 -0
- data/test/unit/trust/permissions_test.rb +258 -0
- metadata +280 -0
@@ -0,0 +1,171 @@
|
|
1
|
+
# Copyright (c) 2012 Bingo Entreprenøren AS
|
2
|
+
# Copyright (c) 2012 Teknobingo Scandinavia AS
|
3
|
+
# Copyright (c) 2012 Knut I. Stenmark
|
4
|
+
# Copyright (c) 2012 Patrick Hanevold
|
5
|
+
#
|
6
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
7
|
+
# a copy of this software and associated documentation files (the
|
8
|
+
# "Software"), to deal in the Software without restriction, including
|
9
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
10
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
11
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
12
|
+
# the following conditions:
|
13
|
+
#
|
14
|
+
# The above copyright notice and this permission notice shall be
|
15
|
+
# included in all copies or substantial portions of the Software.
|
16
|
+
#
|
17
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
18
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
19
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
20
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
21
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
22
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
23
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
24
|
+
|
25
|
+
require 'test_helper'
|
26
|
+
|
27
|
+
class PermissionsTest < ActiveSupport::TestCase
|
28
|
+
setup do
|
29
|
+
def login_as(role)
|
30
|
+
Trust::Authorization.user = @user = User.find_or_create_by_name(role)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
context 'Client' do
|
34
|
+
should 'be managed by system admins' do
|
35
|
+
login_as(:system_admin)
|
36
|
+
assert Client.permits?(:create)
|
37
|
+
assert Client.new.permits?(:create)
|
38
|
+
end
|
39
|
+
should 'be audited by system admins' do
|
40
|
+
login_as(:system_admin)
|
41
|
+
assert Client.permits?(:audit)
|
42
|
+
assert Client.new.permits?(:audit)
|
43
|
+
end
|
44
|
+
should 'be managed by accauntants' do
|
45
|
+
login_as(:accountant)
|
46
|
+
assert Client.permits?(:create)
|
47
|
+
assert Client.new.permits?(:create)
|
48
|
+
end
|
49
|
+
should 'not be managed by guests' do
|
50
|
+
login_as(:guest)
|
51
|
+
assert !Client.permits?(:create)
|
52
|
+
assert !Client.new.permits?(:create)
|
53
|
+
end
|
54
|
+
should 'be read by all roles' do
|
55
|
+
Permissions::Default.all do |role|
|
56
|
+
login_as(role)
|
57
|
+
assert Client.permits?(:read)
|
58
|
+
assert Client.new.permits?(:read)
|
59
|
+
end
|
60
|
+
end
|
61
|
+
should 'not be read by other roles' do
|
62
|
+
login_as(:blind_man)
|
63
|
+
assert !Client.permits?(:read)
|
64
|
+
assert !Client.new.permits?(:read)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
context 'Account' do
|
68
|
+
should 'be managed by system admins' do
|
69
|
+
login_as(:system_admin)
|
70
|
+
assert Account.permits?(:create)
|
71
|
+
assert Account.new.permits?(:create)
|
72
|
+
end
|
73
|
+
should 'be audited by system admins' do
|
74
|
+
login_as(:system_admin)
|
75
|
+
assert Account.permits?(:audit)
|
76
|
+
assert Account.new.permits?(:audit)
|
77
|
+
end
|
78
|
+
should 'not be managed by accauntants' do
|
79
|
+
login_as(:accountant)
|
80
|
+
assert !Account.permits?(:destroy)
|
81
|
+
assert !Account.new.permits?(:destroy)
|
82
|
+
assert !Account.permits?(:create)
|
83
|
+
assert !Account.new.permits?(:create)
|
84
|
+
end
|
85
|
+
should 'be created by accauntants associated to clients' do
|
86
|
+
login_as(:accountant)
|
87
|
+
parent = Client.new
|
88
|
+
parent.expects(:accountant).returns(@user.name).twice
|
89
|
+
assert Account.permits?(:create,parent)
|
90
|
+
assert Account.new.permits?(:create,parent)
|
91
|
+
end
|
92
|
+
should 'not be created by accauntants unless associated to clients' do
|
93
|
+
login_as(:accountant)
|
94
|
+
parent = Client.new
|
95
|
+
parent.expects(:accountant).returns(stub('bogus', :accountant => :bogus)).times(4)
|
96
|
+
assert !Account.permits?(:create,stub('bogus', :accountant => :bogus))
|
97
|
+
assert !Account.new.permits?(:create,stub('bogus', :accountant => :bogus))
|
98
|
+
assert !Account.permits?(:create,parent)
|
99
|
+
assert !Account.new.permits?(:create,parent)
|
100
|
+
end
|
101
|
+
should 'be created by department managers if parent is superspecial' do
|
102
|
+
login_as(:department_manager)
|
103
|
+
parent = Client.new
|
104
|
+
parent.expects(:accountant).returns(:superspecial).twice
|
105
|
+
assert Account.permits?(:create,parent)
|
106
|
+
assert Account.new.permits?(:create,parent)
|
107
|
+
end
|
108
|
+
should 'be created by accauntants if parent is superspecial' do
|
109
|
+
login_as(:accountant)
|
110
|
+
parent = Client.new
|
111
|
+
parent.expects(:accountant).returns(:superspecial).times(4)
|
112
|
+
assert Account.permits?(:create,parent)
|
113
|
+
assert Account.new.permits?(:create,parent)
|
114
|
+
end
|
115
|
+
should 'not be created by department managers unless parent is superspecial' do
|
116
|
+
login_as(:department_manager)
|
117
|
+
parent = Client.new
|
118
|
+
parent.expects(:accountant).returns(:not_so_superspecial).twice
|
119
|
+
assert !Account.permits?(:create,parent)
|
120
|
+
assert !Account.new.permits?(:create,parent)
|
121
|
+
end
|
122
|
+
should 'not be created by accauntants unless parent is superspecial' do
|
123
|
+
login_as(:accountant)
|
124
|
+
parent = Client.new
|
125
|
+
parent.expects(:accountant).returns(:not_so_superspecial).times(4)
|
126
|
+
assert !Account.permits?(:create,parent)
|
127
|
+
assert !Account.new.permits?(:create,parent)
|
128
|
+
end
|
129
|
+
should 'not be created by guests if parent' do
|
130
|
+
login_as(:guest)
|
131
|
+
assert !Account.permits?(:create)
|
132
|
+
assert !Account.new.permits?(:create)
|
133
|
+
end
|
134
|
+
should 'be updateable by creator' do
|
135
|
+
login_as(:accountant)
|
136
|
+
assert Account.create.permits?(:update)
|
137
|
+
end
|
138
|
+
should 'be not be updateable by others' do
|
139
|
+
login_as(:guest)
|
140
|
+
account = Account.create
|
141
|
+
login_as(:accountant)
|
142
|
+
assert !account.permits?(:update)
|
143
|
+
end
|
144
|
+
end
|
145
|
+
context 'Account::Credit' do
|
146
|
+
should 'be managed by system admins' do
|
147
|
+
login_as(:system_admin)
|
148
|
+
assert Account::Credit.permits?(:create)
|
149
|
+
assert Account::Credit.new.permits?(:create)
|
150
|
+
end
|
151
|
+
should 'be audited by system admins' do
|
152
|
+
login_as(:system_admin)
|
153
|
+
assert Account::Credit.permits?(:audit)
|
154
|
+
assert Account::Credit.new.permits?(:audit)
|
155
|
+
end
|
156
|
+
should 'be created by guests if guest is wife' do
|
157
|
+
login_as(:guest)
|
158
|
+
User.any_instance.stubs(:role_symbols).returns([:guest])
|
159
|
+
User.any_instance.stubs(:name).returns('wife')
|
160
|
+
assert Account::Credit.permits?(:create)
|
161
|
+
assert Account::Credit.new.permits?(:create)
|
162
|
+
end
|
163
|
+
should 'not be created by guests unless guest is wife' do
|
164
|
+
login_as(:guest)
|
165
|
+
User.any_instance.stubs(:role_symbols).returns([:guest])
|
166
|
+
User.any_instance.stubs(:name).returns('mistress')
|
167
|
+
assert !Account::Credit.permits?(:create)
|
168
|
+
assert !Account::Credit.new.permits?(:create)
|
169
|
+
end
|
170
|
+
end
|
171
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
# Copyright (c) 2012 Bingo Entreprenøren AS
|
2
|
+
# Copyright (c) 2012 Teknobingo Scandinavia AS
|
3
|
+
# Copyright (c) 2012 Knut I. Stenmark
|
4
|
+
# Copyright (c) 2012 Patrick Hanevold
|
5
|
+
#
|
6
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
7
|
+
# a copy of this software and associated documentation files (the
|
8
|
+
# "Software"), to deal in the Software without restriction, including
|
9
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
10
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
11
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
12
|
+
# the following conditions:
|
13
|
+
#
|
14
|
+
# The above copyright notice and this permission notice shall be
|
15
|
+
# included in all copies or substantial portions of the Software.
|
16
|
+
#
|
17
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
18
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
19
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
20
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
21
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
22
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
23
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
24
|
+
|
25
|
+
require 'test_helper'
|
26
|
+
|
27
|
+
class UserTest < ActiveSupport::TestCase
|
28
|
+
# test "the truth" do
|
29
|
+
# assert true
|
30
|
+
# end
|
31
|
+
end
|
data/test/test_helper.rb
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
# Copyright (c) 2012 Bingo Entreprenøren AS
|
2
|
+
# Copyright (c) 2012 Teknobingo Scandinavia AS
|
3
|
+
# Copyright (c) 2012 Knut I. Stenmark
|
4
|
+
# Copyright (c) 2012 Patrick Hanevold
|
5
|
+
#
|
6
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
7
|
+
# a copy of this software and associated documentation files (the
|
8
|
+
# "Software"), to deal in the Software without restriction, including
|
9
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
10
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
11
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
12
|
+
# the following conditions:
|
13
|
+
#
|
14
|
+
# The above copyright notice and this permission notice shall be
|
15
|
+
# included in all copies or substantial portions of the Software.
|
16
|
+
#
|
17
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
18
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
19
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
20
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
21
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
22
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
23
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
24
|
+
|
25
|
+
# Configure Rails Environment
|
26
|
+
ENV["RAILS_ENV"] = "test"
|
27
|
+
|
28
|
+
require File.expand_path("../dummy/config/environment.rb", __FILE__)
|
29
|
+
require "rails/test_help"
|
30
|
+
|
31
|
+
Rails.backtrace_cleaner.remove_silencers!
|
32
|
+
|
33
|
+
# Load support files
|
34
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
|
35
|
+
|
36
|
+
# Load fixtures from the engine
|
37
|
+
if ActiveSupport::TestCase.method_defined?(:fixture_path=)
|
38
|
+
ActiveSupport::TestCase.fixture_path = File.expand_path("../fixtures", __FILE__)
|
39
|
+
end
|
40
|
+
|
41
|
+
class ActionController::TestCase
|
42
|
+
def login_as(role = :guest)
|
43
|
+
User.current = @controller.send(:current_user=, User.find_or_create_by_name(role.to_s))
|
44
|
+
end
|
45
|
+
end
|
data/test/trust_test.rb
ADDED
@@ -0,0 +1,31 @@
|
|
1
|
+
# Copyright (c) 2012 Bingo Entreprenøren AS
|
2
|
+
# Copyright (c) 2012 Teknobingo Scandinavia AS
|
3
|
+
# Copyright (c) 2012 Knut I. Stenmark
|
4
|
+
# Copyright (c) 2012 Patrick Hanevold
|
5
|
+
#
|
6
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
7
|
+
# a copy of this software and associated documentation files (the
|
8
|
+
# "Software"), to deal in the Software without restriction, including
|
9
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
10
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
11
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
12
|
+
# the following conditions:
|
13
|
+
#
|
14
|
+
# The above copyright notice and this permission notice shall be
|
15
|
+
# included in all copies or substantial portions of the Software.
|
16
|
+
#
|
17
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
18
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
19
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
20
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
21
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
22
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
23
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
24
|
+
|
25
|
+
require 'test_helper'
|
26
|
+
|
27
|
+
class TrustTest < ActiveSupport::TestCase
|
28
|
+
test "truth" do
|
29
|
+
assert_kind_of Module, Trust
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
# Copyright (c) 2012 Bingo Entreprenøren AS
|
2
|
+
# Copyright (c) 2012 Teknobingo Scandinavia AS
|
3
|
+
# Copyright (c) 2012 Knut I. Stenmark
|
4
|
+
# Copyright (c) 2012 Patrick Hanevold
|
5
|
+
#
|
6
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
7
|
+
# a copy of this software and associated documentation files (the
|
8
|
+
# "Software"), to deal in the Software without restriction, including
|
9
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
10
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
11
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
12
|
+
# the following conditions:
|
13
|
+
#
|
14
|
+
# The above copyright notice and this permission notice shall be
|
15
|
+
# included in all copies or substantial portions of the Software.
|
16
|
+
#
|
17
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
18
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
19
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
20
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
21
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
22
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
23
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
24
|
+
|
25
|
+
require 'test_helper'
|
26
|
+
|
27
|
+
class Trust::ActiveRecordTest < ActiveSupport::TestCase
|
28
|
+
context 'permits?' do
|
29
|
+
setup do
|
30
|
+
@user = User.new
|
31
|
+
@account = Account.new
|
32
|
+
end
|
33
|
+
should 'support calls to athorized? on class level' do
|
34
|
+
Trust::Authorization.expects(:authorized?).with(:manage,Account,:foo)
|
35
|
+
Account.permits? :manage, :foo
|
36
|
+
end
|
37
|
+
should 'support calls to athorized? on instance' do
|
38
|
+
Trust::Authorization.expects(:authorized?).with(:manage,@account,:foo)
|
39
|
+
@account.permits? :manage, :foo
|
40
|
+
end
|
41
|
+
end
|
42
|
+
context 'ensure_permitted!' do
|
43
|
+
setup do
|
44
|
+
@user = User.new
|
45
|
+
@account = Account.new
|
46
|
+
end
|
47
|
+
should 'support calls to athorized? on class level' do
|
48
|
+
Trust::Authorization.expects(:authorize!).with(:manage,Account,:foo)
|
49
|
+
Account.ensure_permitted! :manage, :foo
|
50
|
+
end
|
51
|
+
should 'support calls to athorized? on instance' do
|
52
|
+
Trust::Authorization.expects(:authorize!).with(:manage,@account,:foo)
|
53
|
+
@account.ensure_permitted! :manage, :foo
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,108 @@
|
|
1
|
+
# Copyright (c) 2012 Bingo Entreprenøren AS
|
2
|
+
# Copyright (c) 2012 Teknobingo Scandinavia AS
|
3
|
+
# Copyright (c) 2012 Knut I. Stenmark
|
4
|
+
# Copyright (c) 2012 Patrick Hanevold
|
5
|
+
#
|
6
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
7
|
+
# a copy of this software and associated documentation files (the
|
8
|
+
# "Software"), to deal in the Software without restriction, including
|
9
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
10
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
11
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
12
|
+
# the following conditions:
|
13
|
+
#
|
14
|
+
# The above copyright notice and this permission notice shall be
|
15
|
+
# included in all copies or substantial portions of the Software.
|
16
|
+
#
|
17
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
18
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
19
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
20
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
21
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
22
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
23
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
24
|
+
|
25
|
+
require 'test_helper'
|
26
|
+
|
27
|
+
class Trust::AuthorizationTest < ActiveSupport::TestCase
|
28
|
+
context 'user' do
|
29
|
+
should 'be set in thread' do
|
30
|
+
Trust::Authorization.user = 1
|
31
|
+
assert_equal 1, Thread.current["current_user"]
|
32
|
+
end
|
33
|
+
should 'be retrieved from thread' do
|
34
|
+
Thread.current["current_user"] = 2
|
35
|
+
assert_equal 2, Trust::Authorization.user
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
context 'authorizing_class' do
|
40
|
+
setup do
|
41
|
+
class ::TestBase < ActiveRecord::Base
|
42
|
+
end
|
43
|
+
class ::TestDescendant < TestBase
|
44
|
+
end
|
45
|
+
def authorizing_class(klass)
|
46
|
+
Trust::Authorization.send(:authorizing_class, klass)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
should 'return associated Authorization class if it exists' do
|
50
|
+
class ::Permissions::TestBase < Trust::Permissions
|
51
|
+
end
|
52
|
+
assert_equal ::Permissions::TestBase, authorizing_class(::TestBase)
|
53
|
+
end
|
54
|
+
should 'return Authorization::Default if no assocated Authorization class' do
|
55
|
+
assert_equal ::Permissions::Default, authorizing_class(::TestDescendant)
|
56
|
+
end
|
57
|
+
should 'return parent Authorization if specified and none exist for the class' do
|
58
|
+
class ::Permissions::TestBase < Trust::Permissions
|
59
|
+
end
|
60
|
+
assert_equal ::Permissions::TestBase, authorizing_class(::TestDescendant)
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
context 'authorize?' do
|
65
|
+
setup do
|
66
|
+
class Validator
|
67
|
+
end
|
68
|
+
class TestAuthorizing
|
69
|
+
def initialize(user, action, klass, object, parent)
|
70
|
+
Validator.values user, action, klass, object, parent
|
71
|
+
end
|
72
|
+
end
|
73
|
+
Trust::Authorization.expects(:user).returns(:user)
|
74
|
+
TestAuthorizing.any_instance.expects(:authorized?).returns(true)
|
75
|
+
Trust::Authorization.expects(:authorizing_class).with(String).returns(TestAuthorizing)
|
76
|
+
end
|
77
|
+
should 'instanciate authorizing class and set correct parameters for object' do
|
78
|
+
Validator.expects(:values).with(:user, :action, String, 'object_or_class', :parent)
|
79
|
+
assert Trust::Authorization.authorized?('action', 'object_or_class', :parent)
|
80
|
+
end
|
81
|
+
should 'instanciate authorizing class and set correct parameters for class' do
|
82
|
+
Validator.expects(:values).with(:user, :action, String, nil, :parent)
|
83
|
+
assert Trust::Authorization.authorized?('action', String, :parent)
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
context 'authorize!' do
|
88
|
+
should 'call access_denied! unless authorized?' do
|
89
|
+
Trust::Authorization.expects(:access_denied!).once
|
90
|
+
Trust::Authorization.expects(:authorized?).with(1, 2, 3).returns(false)
|
91
|
+
Trust::Authorization.authorize!(1,2,3)
|
92
|
+
end
|
93
|
+
should 'call access_denied! if authorized?' do
|
94
|
+
Trust::Authorization.expects(:access_denied!).never
|
95
|
+
Trust::Authorization.expects(:authorized?).with(1, 2, 3).returns(true)
|
96
|
+
Trust::Authorization.authorize!(1,2,3)
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
context 'access_denied!' do
|
101
|
+
should 'raise exception' do
|
102
|
+
assert_raises Trust::AccessDenied do
|
103
|
+
Trust::Authorization.access_denied!
|
104
|
+
end
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
end
|
@@ -0,0 +1,132 @@
|
|
1
|
+
# Copyright (c) 2012 Bingo Entreprenøren AS
|
2
|
+
# Copyright (c) 2012 Teknobingo Scandinavia AS
|
3
|
+
# Copyright (c) 2012 Knut I. Stenmark
|
4
|
+
# Copyright (c) 2012 Patrick Hanevold
|
5
|
+
#
|
6
|
+
# Permission is hereby granted, free of charge, to any person obtaining
|
7
|
+
# a copy of this software and associated documentation files (the
|
8
|
+
# "Software"), to deal in the Software without restriction, including
|
9
|
+
# without limitation the rights to use, copy, modify, merge, publish,
|
10
|
+
# distribute, sublicense, and/or sell copies of the Software, and to
|
11
|
+
# permit persons to whom the Software is furnished to do so, subject to
|
12
|
+
# the following conditions:
|
13
|
+
#
|
14
|
+
# The above copyright notice and this permission notice shall be
|
15
|
+
# included in all copies or substantial portions of the Software.
|
16
|
+
#
|
17
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
18
|
+
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
19
|
+
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
20
|
+
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
21
|
+
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
22
|
+
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
23
|
+
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
24
|
+
|
25
|
+
require 'test_helper'
|
26
|
+
|
27
|
+
class Trust::Controller::PropertiesTest < ActiveSupport::TestCase
|
28
|
+
setup do
|
29
|
+
class Controller
|
30
|
+
def self.properties
|
31
|
+
# traditional new, but controversiol code
|
32
|
+
@properties ||= Trust::Controller::Properties.instantiate(self)
|
33
|
+
end
|
34
|
+
def self.controller_path
|
35
|
+
'controller'
|
36
|
+
end
|
37
|
+
end
|
38
|
+
class PeopleController < Controller
|
39
|
+
def self.controller_path
|
40
|
+
'people'
|
41
|
+
end
|
42
|
+
end
|
43
|
+
class ::Person
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
context 'instantiating' do
|
48
|
+
should 'make a fresh object' do
|
49
|
+
Trust::Controller::Properties.expects(:new).with(PeopleController, nil).once
|
50
|
+
assert !Trust::Controller::Properties.instantiate(PeopleController).instance_variable_get(:@controller)
|
51
|
+
end
|
52
|
+
|
53
|
+
should 'clone controllers properties' do
|
54
|
+
new_actions = [:new, :create, :confirm]
|
55
|
+
parent = Trust::Controller::Properties.new(Controller, nil)
|
56
|
+
parent.new_actions = new_actions
|
57
|
+
child = Trust::Controller::Properties.new(PeopleController, parent)
|
58
|
+
assert_equal PeopleController, child.instance_variable_get(:@controller)
|
59
|
+
assert_equal new_actions, child.new_actions
|
60
|
+
child.new_actions = [:confirm]
|
61
|
+
assert_equal new_actions, parent.new_actions
|
62
|
+
assert_equal [:confirm], child.new_actions
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
context 'information' do
|
67
|
+
should 'resolve class from model' do
|
68
|
+
assert_equal Person, PeopleController.properties.model_class
|
69
|
+
end
|
70
|
+
end
|
71
|
+
|
72
|
+
context 'actions' do
|
73
|
+
setup do
|
74
|
+
@properties = Trust::Controller::Properties.instantiate(Controller)
|
75
|
+
end
|
76
|
+
should 'accumulate add actions' do
|
77
|
+
@properties.actions(:add => {:new => :yes, :member => :no, :collection => :maybe})
|
78
|
+
assert_equal [:new, :create, :yes], @properties.new_actions
|
79
|
+
assert_equal [:show, :edit, :update, :destroy, :no], @properties.member_actions
|
80
|
+
assert_equal [:index, :maybe], @properties.collection_actions
|
81
|
+
end
|
82
|
+
should 'overide actions on new, member and collection' do
|
83
|
+
@properties.actions(:add => {:new => :yes, :member => :no, :collection => :maybe}, :new => :really, :member => :do, :collection => :override)
|
84
|
+
assert_equal [:really], @properties.new_actions
|
85
|
+
assert_equal [:do], @properties.member_actions
|
86
|
+
assert_equal [:override], @properties.collection_actions
|
87
|
+
end
|
88
|
+
should 'mask with only' do
|
89
|
+
@properties.actions(:add => {:new => :yes, :member => :no, :collection => :maybe}, :only => [:yes,:no,:maybe])
|
90
|
+
assert_equal [:yes], @properties.new_actions
|
91
|
+
assert_equal [:no], @properties.member_actions
|
92
|
+
assert_equal [:maybe], @properties.collection_actions
|
93
|
+
end
|
94
|
+
should 'filter with except' do
|
95
|
+
@properties.actions(:add => {:new => :yes, :member => :no, :collection => :maybe}, :except => [:yes, :no, :maybe])
|
96
|
+
assert_equal [:new, :create], @properties.new_actions
|
97
|
+
assert_equal [:show, :edit, :update, :destroy], @properties.member_actions
|
98
|
+
assert_equal [:index], @properties.collection_actions
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
context 'belongs_to' do
|
103
|
+
setup do
|
104
|
+
@properties = Trust::Controller::Properties.instantiate(Controller)
|
105
|
+
end
|
106
|
+
should 'affect has_associations?' do
|
107
|
+
assert !@properties.has_associations?
|
108
|
+
end
|
109
|
+
should 'accept simple association' do
|
110
|
+
@properties.belongs_to :heaven
|
111
|
+
assert @properties.has_associations?
|
112
|
+
expected = {:heaven => nil}
|
113
|
+
assert_equal expected, @properties.associations
|
114
|
+
end
|
115
|
+
should 'accept multiple associations' do
|
116
|
+
@properties.belongs_to :heaven, :hell
|
117
|
+
assert @properties.has_associations?
|
118
|
+
expected = {:heaven => nil, :hell => nil}
|
119
|
+
assert_equal expected, @properties.associations
|
120
|
+
@properties.belongs_to :earth
|
121
|
+
expected = {:heaven => nil, :hell => nil, :earth => nil}
|
122
|
+
assert_equal expected, @properties.associations
|
123
|
+
end
|
124
|
+
should 'accept association as' do
|
125
|
+
@properties.belongs_to :heaven, :as => :earth
|
126
|
+
assert @properties.has_associations?
|
127
|
+
expected = {:heaven => :earth}
|
128
|
+
assert_equal expected, @properties.associations
|
129
|
+
end
|
130
|
+
end
|
131
|
+
|
132
|
+
end
|