trust 0.5.1 → 0.6.0

data/test/dummy/test/functional/mongo_accounts_controller_test.rb

@@ -0,0 +1,123 @@
+# Copyright (c) 2012 Bingo Entreprenøren AS
+# Copyright (c) 2012 Teknobingo Scandinavia AS
+# Copyright (c) 2012 Knut I. Stenmark
+# Copyright (c) 2012 Patrick Hanevold
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'test_helper'
+
+class MongoAccountsControllerTest < ActionController::TestCase
+  context 'with all permissions' do
+    setup do
+      login_as(:system_admin)
+      @client = MongoClient.create
+      @account = MongoAccount.create(:mongo_client_id => @client.id) #accounts(:one)
+    end
+
+    should "get index" do
+      get :index, mongo_client_id: @client
+      assert_response :success
+      assert_not_nil assigns(:mongo_accounts)
+    end
+
+    should "get new" do
+      get :new, mongo_client_id: @client
+      assert_response :success
+    end
+
+    should "create account" do
+      assert_difference('MongoAccount.count') do
+        post :create, mongo_client_id: @client, mongo_account: { name: @account.name }
+      end
+
+      assert_redirected_to mongo_client_mongo_account_path(@client,assigns(:mongo_account))
+    end
+
+    should "show account" do
+      get :show, mongo_client_id: @client.id, id: @account.id
+      assert_response :success
+    end
+
+    should "get edit" do
+      get :edit, mongo_client_id: @client, id: @account
+      assert_response :success
+    end
+
+    should "update account" do
+      put :update, mongo_client_id: @client, id: @account, mongo_account: { name: @account.name }
+      assert_redirected_to mongo_client_mongo_account_path(assigns(:mongo_account))
+    end
+
+    should "destroy account" do
+      assert_difference('MongoAccount.count', -1) do
+        delete :destroy, mongo_client_id: @client, id: @account
+      end
+
+      assert_redirected_to mongo_client_mongo_accounts_path
+    end
+  end
+  
+  context 'with limited permissions' do
+    setup do
+      login_as(:accountant)
+      @client = MongoClient.create
+      @account = @client.mongo_accounts.create
+      flunk unless @account
+    end
+    
+    should 'deny access on index' do
+      assert_raises Trust::AccessDenied do
+        get :index, mongo_client_id: @client
+      end
+    end
+    should 'deny access on new' do
+      assert_raises Trust::AccessDenied do
+        get :new, mongo_client_id: @client
+      end
+    end
+    should 'deny access on show' do
+      assert_raises Trust::AccessDenied do
+        get :show, mongo_client_id: @client, id: @account
+      end
+    end
+    should 'deny access on destroy' do
+      assert_raises Trust::AccessDenied do
+        delete :destroy, mongo_client_id: @client, id: @account
+      end
+    end
+    context 'but having ownership' do
+      should 'allow updates' do
+        put :update, mongo_client_id: @client, id: @account, mongo_account: { name: @account.name }
+        assert_redirected_to mongo_client_mongo_account_path(assigns(:mongo_account))
+      end
+    end
+    context 'having no ownership' do
+      should 'deny access' do
+        login_as(:guest)
+        assert_raises Trust::AccessDenied do
+          put :update, mongo_client_id: @client, id: @account, mongo_account: { name: @account.name }
+        end
+      end
+    end
+    
+  end
+  
+end

data/test/dummy/test/functional/mongo_clients_controller_test.rb

@@ -0,0 +1,74 @@
+# Copyright (c) 2012 Bingo Entreprenøren AS
+# Copyright (c) 2012 Teknobingo Scandinavia AS
+# Copyright (c) 2012 Knut I. Stenmark
+# Copyright (c) 2012 Patrick Hanevold
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'test_helper'
+
+class MongoClientsControllerTest < ActionController::TestCase
+  setup do
+    @client = MongoClient.create #clients(:one)
+    login_as(:system_admin)
+  end
+
+  test "should get index" do
+    get :index
+    assert_response :success
+    assert_not_nil assigns(:mongo_clients)
+  end
+
+  test "should get new" do
+    get :new
+    assert_response :success
+  end
+
+  test "should create client" do
+    assert_difference('MongoClient.count') do
+      post :create, mongo_client: { name: @client.name }
+    end
+
+    assert_redirected_to mongo_client_path(assigns(:mongo_client))
+  end
+
+  test "should show client" do
+    get :show, id: @client
+    assert_response :success
+  end
+
+  test "should get edit" do
+    get :edit, id: @client
+    assert_response :success
+  end
+
+  test "should update client" do
+    put :update, id: @client, mongo_client: { name: @client.name }
+    assert_redirected_to mongo_client_path(assigns(:mongo_client))
+  end
+
+  test "should destroy client" do
+    assert_difference('MongoClient.count', -1) do
+      delete :destroy, id: @client
+    end
+
+    assert_redirected_to mongo_clients_path
+  end
+end

data/test/dummy/test/unit/permissions_test.rb

@@ -142,6 +142,118 @@ class PermissionsTest < ActiveSupport::TestCase
       assert !account.permits?(:update)
     end
   end
+  context 'MongoClient' do
+    should 'be managed by system admins' do
+      login_as(:system_admin)
+      assert MongoClient.permits?(:create)
+      assert MongoClient.new.permits?(:create)
+    end
+    should 'be audited by system admins' do
+      login_as(:system_admin)
+      assert MongoClient.permits?(:audit)
+      assert MongoClient.new.permits?(:audit)
+    end
+    should 'be managed by accauntants' do
+      login_as(:accountant)
+      assert MongoClient.permits?(:create)
+      assert MongoClient.new.permits?(:create)
+    end
+    should 'not be managed by guests' do
+      login_as(:guest)
+      assert !MongoClient.permits?(:create)
+      assert !MongoClient.new.permits?(:create)
+    end
+    should 'be read by all roles' do
+      Permissions::Default.all do |role|
+        login_as(role)
+        assert MongoClient.permits?(:read)
+        assert MongoClient.new.permits?(:read)
+      end
+    end
+    should 'not be read by other roles' do
+      login_as(:blind_man)
+      assert !MongoClient.permits?(:read)
+      assert !MongoClient.new.permits?(:read)
+    end
+  end
+  context 'MongoAccount' do
+    should 'be managed by system admins' do
+      login_as(:system_admin)
+      assert MongoAccount.permits?(:create)
+      assert MongoAccount.new.permits?(:create)
+    end
+    should 'be audited by system admins' do
+      login_as(:system_admin)
+      assert MongoAccount.permits?(:audit)
+      assert MongoAccount.new.permits?(:audit)
+    end
+    should 'not be managed by accauntants' do
+      login_as(:accountant)
+      assert !MongoAccount.permits?(:destroy)
+      assert !MongoAccount.new.permits?(:destroy)
+      assert !MongoAccount.permits?(:create)
+      assert !MongoAccount.new.permits?(:create)
+    end
+    should 'be created by accauntants associated to clients' do
+      login_as(:accountant)
+      parent = MongoClient.new
+      parent.expects(:accountant).returns(@user.name).twice
+      assert MongoAccount.permits?(:create,parent)
+      assert MongoAccount.new.permits?(:create,parent)
+    end
+    should 'not be created by accauntants unless associated to clients' do
+      login_as(:accountant)
+      parent = MongoClient.new
+      parent.expects(:accountant).returns(stub('bogus', :accountant => :bogus)).times(4)
+      assert !MongoAccount.permits?(:create,stub('bogus', :accountant => :bogus))
+      assert !MongoAccount.new.permits?(:create,stub('bogus', :accountant => :bogus))
+      assert !MongoAccount.permits?(:create,parent)
+      assert !MongoAccount.new.permits?(:create,parent)
+    end
+    should 'be created by department managers if parent is superspecial' do
+      login_as(:department_manager)
+      parent = MongoClient.new
+      parent.expects(:accountant).returns(:superspecial).twice
+      assert MongoAccount.permits?(:create,parent)
+      assert MongoAccount.new.permits?(:create,parent)
+    end
+    should 'be created by accauntants if parent is superspecial' do
+      login_as(:accountant)
+      parent = MongoClient.new
+      parent.expects(:accountant).returns(:superspecial).times(4)
+      assert MongoAccount.permits?(:create,parent)
+      assert MongoAccount.new.permits?(:create,parent)
+    end
+    should 'not be created by department managers unless parent is superspecial' do
+      login_as(:department_manager)
+      parent = MongoClient.new
+      parent.expects(:accountant).returns(:not_so_superspecial).twice
+      assert !MongoAccount.permits?(:create,parent)
+      assert !MongoAccount.new.permits?(:create,parent)
+    end
+    should 'not be created by accauntants unless parent is superspecial' do
+      login_as(:accountant)
+      parent = MongoClient.new
+      parent.expects(:accountant).returns(:not_so_superspecial).times(4)
+      assert !MongoAccount.permits?(:create,parent)
+      assert !MongoAccount.new.permits?(:create,parent)
+    end
+    should 'not be created by guests if parent' do
+      login_as(:guest)
+      assert !MongoAccount.permits?(:create)
+      assert !MongoAccount.new.permits?(:create)
+    end
+    should 'be updateable by creator' do
+      login_as(:accountant)
+      assert MongoAccount.create.permits?(:update)
+    end
+    should 'be not be updateable by others' do
+      login_as(:guest)
+      account = MongoAccount.create
+      login_as(:accountant)
+      assert !account.permits?(:update)
+    end
+  end
   context 'Account::Credit' do
     should 'be managed by system admins' do
       login_as(:system_admin)

metadata

@@ -2,7 +2,7 @@
 name: trust
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.5.1
+  version: 0.6.0
 platform: ruby
 authors: 
 - Patrick Hanevold
@@ -11,7 +11,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-06-06 00:00:00 Z
+date: 2012-06-12 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rails
@@ -76,6 +76,8 @@ files:
 - test/dummy/app/controllers/accounts_controller.rb
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/controllers/clients_controller.rb
+- test/dummy/app/controllers/mongo_accounts_controller.rb
+- test/dummy/app/controllers/mongo_clients_controller.rb
 - test/dummy/app/controllers/savings_accounts_controller.rb
 - test/dummy/app/controllers/settlements_controller.rb
 - test/dummy/app/controllers/users_controller.rb
@@ -86,6 +88,8 @@ files:
 - test/dummy/app/models/account/credit.rb
 - test/dummy/app/models/account.rb
 - test/dummy/app/models/client.rb
+- test/dummy/app/models/mongo_account.rb
+- test/dummy/app/models/mongo_client.rb
 - test/dummy/app/models/permissions.rb
 - test/dummy/app/models/savings_account.rb
 - test/dummy/app/models/user.rb
@@ -100,6 +104,16 @@ files:
 - test/dummy/app/views/clients/new.html.erb
 - test/dummy/app/views/clients/show.html.erb
 - test/dummy/app/views/layouts/application.html.erb
+- test/dummy/app/views/mongo_accounts/_form.html.erb
+- test/dummy/app/views/mongo_accounts/edit.html.erb
+- test/dummy/app/views/mongo_accounts/index.html.erb
+- test/dummy/app/views/mongo_accounts/new.html.erb
+- test/dummy/app/views/mongo_accounts/show.html.erb
+- test/dummy/app/views/mongo_clients/_form.html.erb
+- test/dummy/app/views/mongo_clients/edit.html.erb
+- test/dummy/app/views/mongo_clients/index.html.erb
+- test/dummy/app/views/mongo_clients/new.html.erb
+- test/dummy/app/views/mongo_clients/show.html.erb
 - test/dummy/app/views/users/_form.html.erb
 - test/dummy/app/views/users/edit.html.erb
 - test/dummy/app/views/users/index.html.erb
@@ -119,6 +133,7 @@ files:
 - test/dummy/config/initializers/session_store.rb
 - test/dummy/config/initializers/wrap_parameters.rb
 - test/dummy/config/locales/en.yml
+- test/dummy/config/mongoid.yml
 - test/dummy/config/routes.rb
 - test/dummy/config.ru
 - test/dummy/db/development.sqlite3
@@ -141,6 +156,8 @@ files:
 - test/dummy/test/fixtures/users.yml
 - test/dummy/test/functional/accounts_controller_test.rb
 - test/dummy/test/functional/clients_controller_test.rb
+- test/dummy/test/functional/mongo_accounts_controller_test.rb
+- test/dummy/test/functional/mongo_clients_controller_test.rb
 - test/dummy/test/functional/users_controller_test.rb
 - test/dummy/test/unit/account_test.rb
 - test/dummy/test/unit/client_test.rb
@@ -171,7 +188,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: -3354325464732942508
+      hash: 3291721563323064298
       segments: 
       - 0
       version: "0"
@@ -180,7 +197,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: -3354325464732942508
+      hash: 3291721563323064298
       segments: 
       - 0
       version: "0"
@@ -204,6 +221,8 @@ test_files:
 - test/dummy/app/controllers/accounts_controller.rb
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/controllers/clients_controller.rb
+- test/dummy/app/controllers/mongo_accounts_controller.rb
+- test/dummy/app/controllers/mongo_clients_controller.rb
 - test/dummy/app/controllers/savings_accounts_controller.rb
 - test/dummy/app/controllers/settlements_controller.rb
 - test/dummy/app/controllers/users_controller.rb
@@ -214,6 +233,8 @@ test_files:
 - test/dummy/app/models/account/credit.rb
 - test/dummy/app/models/account.rb
 - test/dummy/app/models/client.rb
+- test/dummy/app/models/mongo_account.rb
+- test/dummy/app/models/mongo_client.rb
 - test/dummy/app/models/permissions.rb
 - test/dummy/app/models/savings_account.rb
 - test/dummy/app/models/user.rb
@@ -228,6 +249,16 @@ test_files:
 - test/dummy/app/views/clients/new.html.erb
 - test/dummy/app/views/clients/show.html.erb
 - test/dummy/app/views/layouts/application.html.erb
+- test/dummy/app/views/mongo_accounts/_form.html.erb
+- test/dummy/app/views/mongo_accounts/edit.html.erb
+- test/dummy/app/views/mongo_accounts/index.html.erb
+- test/dummy/app/views/mongo_accounts/new.html.erb
+- test/dummy/app/views/mongo_accounts/show.html.erb
+- test/dummy/app/views/mongo_clients/_form.html.erb
+- test/dummy/app/views/mongo_clients/edit.html.erb
+- test/dummy/app/views/mongo_clients/index.html.erb
+- test/dummy/app/views/mongo_clients/new.html.erb
+- test/dummy/app/views/mongo_clients/show.html.erb
 - test/dummy/app/views/users/_form.html.erb
 - test/dummy/app/views/users/edit.html.erb
 - test/dummy/app/views/users/index.html.erb
@@ -247,6 +278,7 @@ test_files:
 - test/dummy/config/initializers/session_store.rb
 - test/dummy/config/initializers/wrap_parameters.rb
 - test/dummy/config/locales/en.yml
+- test/dummy/config/mongoid.yml
 - test/dummy/config/routes.rb
 - test/dummy/config.ru
 - test/dummy/db/development.sqlite3
@@ -269,6 +301,8 @@ test_files:
 - test/dummy/test/fixtures/users.yml
 - test/dummy/test/functional/accounts_controller_test.rb
 - test/dummy/test/functional/clients_controller_test.rb
+- test/dummy/test/functional/mongo_accounts_controller_test.rb
+- test/dummy/test/functional/mongo_clients_controller_test.rb
 - test/dummy/test/functional/users_controller_test.rb
 - test/dummy/test/unit/account_test.rb
 - test/dummy/test/unit/client_test.rb