trust 0.8.3 → 1.4.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +33 -1
- data/lib/trust.rb +9 -0
- data/lib/trust/authorization.rb +83 -36
- data/lib/trust/controller.rb +32 -8
- data/lib/trust/controller/properties.rb +12 -0
- data/lib/trust/controller/resource.rb +79 -11
- data/lib/trust/permissions.rb +177 -24
- data/lib/trust/version.rb +1 -1
- data/test/dummy/app/controllers/accounts_controller.rb +2 -2
- data/test/dummy/app/controllers/clients_controller.rb +1 -1
- data/test/dummy/app/controllers/mongo_accounts_controller.rb +5 -4
- data/test/dummy/app/controllers/mongo_clients_controller.rb +1 -1
- data/test/dummy/app/controllers/users_controller.rb +1 -5
- data/test/dummy/app/models/account.rb +1 -1
- data/test/dummy/app/models/client.rb +1 -1
- data/test/dummy/app/models/permissions.rb +18 -11
- data/test/dummy/app/models/user.rb +1 -1
- data/test/dummy/app/views/accounts/edit.html.erb +1 -1
- data/test/dummy/app/views/accounts/show.html.erb +1 -1
- data/test/dummy/app/views/mongo_accounts/_form.html.erb +1 -1
- data/test/dummy/app/views/mongo_accounts/edit.html.erb +2 -2
- data/test/dummy/app/views/mongo_accounts/index.html.erb +3 -3
- data/test/dummy/app/views/mongo_accounts/show.html.erb +2 -2
- data/test/dummy/bin/bundle +3 -0
- data/test/dummy/bin/rails +4 -0
- data/test/dummy/bin/rake +4 -0
- data/test/dummy/bin/setup +29 -0
- data/test/dummy/config/application.rb +3 -34
- data/test/dummy/config/boot.rb +4 -9
- data/test/dummy/config/environment.rb +3 -3
- data/test/dummy/config/environments/development.rb +22 -18
- data/test/dummy/config/environments/production.rb +46 -34
- data/test/dummy/config/environments/test.rb +19 -14
- data/test/dummy/config/initializers/assets.rb +11 -0
- data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
- data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/test/dummy/config/initializers/inflections.rb +6 -5
- data/test/dummy/config/initializers/mime_types.rb +0 -1
- data/test/dummy/config/initializers/session_store.rb +1 -6
- data/test/dummy/config/initializers/wrap_parameters.rb +6 -6
- data/test/dummy/config/locales/en.yml +20 -2
- data/test/dummy/config/mongoid.yml +16 -18
- data/test/dummy/config/routes.rb +3 -3
- data/test/dummy/config/secrets.yml +22 -0
- data/test/dummy/db/test.sqlite3 +0 -0
- data/test/dummy/log/development.log +30 -0
- data/test/dummy/log/test.log +6382 -0
- data/test/dummy/test/functional/accounts_controller_test.rb +2 -2
- data/test/dummy/test/functional/mongo_accounts_controller_test.rb +8 -8
- data/test/dummy/test/functional/mongo_clients_controller_test.rb +1 -1
- data/test/dummy/test/unit/permissions_test.rb +1 -1
- data/test/dummy/tmp/cache/assets/test/sprockets/0e74e8595d4c5c03160356ab9bf6f67c +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/13fe41fee1fe35b49d145bcc06610705 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/189460d2a0f63f35d55c384e0beb9cc4 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/2f5173deea6c795b8fdde723bb4b63af +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/357970feca3ac29060c1e3861e2c0953 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/371bf96e99717688ed7313a0c53f4212 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/4050a4e5062ab95c9f32e9b6940821ea +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/5f1a0d05e77ca8b9a1fc2a47e17a8174 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/6fc757c2c8329244ca95d6909865bbc2 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/75f67b2244ba6a4914d71df068f5fda9 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/7ed0985e7e627ac5280078ee9c7078fe +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/86d19eda31629412e6817570ffde9a93 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/87b209c0c9da28094a8d5581a21262c6 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/954318d0d3412eec67db5c2508ae5169 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/95c1a034126598a432130d7fc227c189 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/b55283b385e5692ecf1b59332bbc5a11 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/b678ce3482f77c68a19e697960645cb6 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/ca9d9c205bcfa05de1ddd180f8ecc168 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/cffd775d018f68ce5dba1ee0d951a994 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/d36f675d4251ea3868635d299f3bb166 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/d771ace226fc8215a3572e0aa35bb0d6 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/f56253b5f374fff1a33fbbc9881c9124 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/f7cbd26ba1d28d48de824f0e94586655 +0 -0
- data/test/dummy/tmp/cache/assets/test/sprockets/fe1f20fb032685e2e1fcad23f0ad6601 +0 -0
- data/test/test_helper.rb +6 -2
- data/test/trust_test.rb +4 -0
- data/test/unit/trust/authorization_test.rb +165 -71
- data/test/unit/trust/controller/properties_test.rb +15 -0
- data/test/unit/trust/controller/resource_test.rb +29 -9
- data/test/unit/trust/controller_test.rb +53 -40
- data/test/unit/trust/permissions_test.rb +196 -69
- metadata +93 -28
@@ -140,20 +140,20 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
|
|
140
140
|
end
|
141
141
|
context 'when found' do
|
142
142
|
should 'return object for namespaced resource' do
|
143
|
-
@request.stubs(:
|
143
|
+
@request.stubs(:path_parameters).returns({:name_spaced_resource_person_id => 2 })
|
144
144
|
NameSpacedResource::Person.expects(:find).with(2).returns(@object = NameSpacedResource::Person.new)
|
145
145
|
@res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
|
146
146
|
assert_equal @object, @res.object
|
147
147
|
end
|
148
148
|
should 'return object for regular resource' do
|
149
|
-
@request.stubs(:
|
149
|
+
@request.stubs(:path_parameters).returns({:child_id => 2 })
|
150
150
|
Child.expects(:find).with(2).returns(@object = Child.new)
|
151
151
|
@res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
|
152
152
|
assert_equal @object, @res.object
|
153
153
|
end
|
154
154
|
context 'the attributes' do
|
155
155
|
setup do
|
156
|
-
@request.stubs(:
|
156
|
+
@request.stubs(:path_parameters).returns({:child_id => 2 })
|
157
157
|
Child.expects(:find).with(2).returns(@object = Child.new)
|
158
158
|
@res = Trust::Controller::Resource::ParentInfo.new(@resources, {:child => 'tie'}, @request)
|
159
159
|
end
|
@@ -173,20 +173,20 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
|
|
173
173
|
end
|
174
174
|
end
|
175
175
|
should 'return nil for object if not found' do
|
176
|
-
@request.stubs(:
|
176
|
+
@request.stubs(:path_parameters).returns({:child_id => 2 })
|
177
177
|
Child.expects(:find).with(2).returns(nil)
|
178
178
|
@res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
|
179
179
|
assert_nil @res.object
|
180
180
|
assert !@res.object?
|
181
181
|
end
|
182
182
|
should 'return nil for object if not specified' do
|
183
|
-
@request.stubs(:
|
183
|
+
@request.stubs(:path_parameters).returns({})
|
184
184
|
@res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
|
185
185
|
assert_nil @res.object
|
186
186
|
assert !@res.object?
|
187
187
|
end
|
188
188
|
should 'return nil for klass when not found' do
|
189
|
-
@request.stubs(:
|
189
|
+
@request.stubs(:path_parameters).returns({})
|
190
190
|
@res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
|
191
191
|
assert_nil @res.klass
|
192
192
|
end
|
@@ -196,7 +196,7 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
|
|
196
196
|
setup do
|
197
197
|
@request = Object.new
|
198
198
|
@resources = [:parent]
|
199
|
-
@request.stubs(:
|
199
|
+
@request.stubs(:path_parameters).returns({:child_id => 2 })
|
200
200
|
Parent.expects(:find).with(2).returns(@object = Child.new)
|
201
201
|
@res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
|
202
202
|
end
|
@@ -252,6 +252,14 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
|
|
252
252
|
@resource.expects(:instance).returns(2)
|
253
253
|
assert_equal 2, @resource.instantiated
|
254
254
|
end
|
255
|
+
should 'provide access to nested' do
|
256
|
+
@resource.expects(:parent).twice.returns(:parent)
|
257
|
+
@resource.expects(:instance).returns(:instance)
|
258
|
+
assert_equal [:parent, :instance], @resource.nested
|
259
|
+
@resource.expects(:parent).returns(nil)
|
260
|
+
@resource.expects(:instance).returns(:instance)
|
261
|
+
assert_equal :instance, *@resource.nested
|
262
|
+
end
|
255
263
|
should 'provide collection' do
|
256
264
|
@resource_info.expects(:collection).with(@parent_info, nil).returns(1)
|
257
265
|
assert_equal 1, @resource.collection
|
@@ -268,12 +276,12 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
|
|
268
276
|
assert @resource.instance.is_a?(Child)
|
269
277
|
end
|
270
278
|
end
|
271
|
-
context '
|
279
|
+
context 'Actions' do
|
272
280
|
setup do
|
273
281
|
Trust::Controller::Resource.any_instance.expects(:extract_resource_info).with('child', { :id => 1 }).returns(@resource_info)
|
274
282
|
Trust::Controller::Resource.any_instance.expects(:extract_parent_info).with({:parent => nil}, { :id => 1 }, @request).returns(@parent_info)
|
275
283
|
end
|
276
|
-
should 'load as expected' do
|
284
|
+
should 'load member as expected' do
|
277
285
|
@resource = Trust::Controller::Resource.new(@controller, @properties, 'member',{ :id => 1 }, @request)
|
278
286
|
@properties.actions :member => [:member]
|
279
287
|
@resource_info.stubs(:params).returns({})
|
@@ -285,6 +293,18 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
|
|
285
293
|
assert @controller.instance_variable_get(:@child).is_a?(Child)
|
286
294
|
assert @resource.instance.is_a?(Child)
|
287
295
|
end
|
296
|
+
should 'discovered collection_action? as a method' do
|
297
|
+
@resource = Trust::Controller::Resource.new(@controller, @properties, 'index',{ :id => 1 }, @request)
|
298
|
+
assert @resource.collection_action?
|
299
|
+
end
|
300
|
+
should 'discovered member_action? as a method' do
|
301
|
+
@resource = Trust::Controller::Resource.new(@controller, @properties, 'show',{ :id => 1 }, @request)
|
302
|
+
assert @resource.member_action?
|
303
|
+
end
|
304
|
+
should 'discovered new_action? as a method' do
|
305
|
+
@resource = Trust::Controller::Resource.new(@controller, @properties, 'new',{ :id => 1 }, @request)
|
306
|
+
assert @resource.new_action?
|
307
|
+
end
|
288
308
|
end
|
289
309
|
context 'Nested resources' do
|
290
310
|
setup do
|
@@ -25,22 +25,25 @@
|
|
25
25
|
require 'test_helper'
|
26
26
|
|
27
27
|
class Trust::ControllerTest < ActiveSupport::TestCase
|
28
|
+
class Controller < ActionController::Base
|
29
|
+
trustee
|
30
|
+
end
|
31
|
+
class DerivedController < Controller
|
32
|
+
end
|
33
|
+
|
28
34
|
setup do
|
29
|
-
|
30
|
-
trustee
|
31
|
-
end
|
32
|
-
class DerivedController < Controller
|
33
|
-
end
|
35
|
+
@filter_keyword = Trust.rails_generation < 4 ? :before_filter : :before_action
|
34
36
|
end
|
37
|
+
|
35
38
|
context 'class method' do
|
36
39
|
should 'instantiate properties' do
|
37
40
|
assert_kind_of Trust::Controller::Properties, Controller.properties
|
38
41
|
end
|
39
42
|
should 'trustee set filers' do
|
40
43
|
options = {:hello => :there}
|
41
|
-
Controller.expects(
|
42
|
-
Controller.expects(
|
43
|
-
Controller.expects(
|
44
|
+
Controller.expects(@filter_keyword).with(:set_user, options)
|
45
|
+
Controller.expects(@filter_keyword).with(:load_resource, options)
|
46
|
+
Controller.expects(@filter_keyword).with(:access_control, options)
|
44
47
|
Controller.trustee options
|
45
48
|
end
|
46
49
|
should 'delegate to resource' do
|
@@ -64,29 +67,29 @@ class Trust::ControllerTest < ActiveSupport::TestCase
|
|
64
67
|
|
65
68
|
context '_filter_setting' do
|
66
69
|
should 'setup correct instance method callback' do
|
67
|
-
Controller.expects(:
|
68
|
-
Controller.expects(
|
70
|
+
Controller.expects(:"skip_#{@filter_keyword}").with(:access_control).times(3)
|
71
|
+
Controller.expects(@filter_keyword).with(:access_control,{})
|
69
72
|
Controller.access_control
|
70
|
-
Controller.expects(
|
73
|
+
Controller.expects(@filter_keyword).with(:access_control,{:only => :index})
|
71
74
|
Controller.access_control :only => :index
|
72
|
-
Controller.expects(
|
75
|
+
Controller.expects(@filter_keyword).never
|
73
76
|
Controller.access_control :off
|
74
77
|
end
|
75
78
|
should 'only set filters that are not off' do
|
76
79
|
options = {:hello => :there, :set_user => :off}
|
77
|
-
Controller.expects(
|
78
|
-
Controller.expects(
|
79
|
-
Controller.expects(
|
80
|
+
Controller.expects(@filter_keyword).with(:set_user).never
|
81
|
+
Controller.expects(@filter_keyword).with(:load_resource, options)
|
82
|
+
Controller.expects(@filter_keyword).with(:access_control, options)
|
80
83
|
Controller.trustee options
|
81
84
|
options = {:hello => :there, :load_resource => :off}
|
82
|
-
Controller.expects(
|
83
|
-
Controller.expects(
|
84
|
-
Controller.expects(
|
85
|
+
Controller.expects(@filter_keyword).with(:set_user, options)
|
86
|
+
Controller.expects(@filter_keyword).with(:load_resource).never
|
87
|
+
Controller.expects(@filter_keyword).with(:access_control, options)
|
85
88
|
Controller.trustee options
|
86
89
|
options = {:hello => :there, :access_control => :off}
|
87
|
-
Controller.expects(
|
88
|
-
Controller.expects(
|
89
|
-
Controller.expects(
|
90
|
+
Controller.expects(@filter_keyword).with(:set_user, options)
|
91
|
+
Controller.expects(@filter_keyword).with(:load_resource, options)
|
92
|
+
Controller.expects(@filter_keyword).with(:access_control).never
|
90
93
|
Controller.trustee options
|
91
94
|
end
|
92
95
|
end
|
@@ -102,30 +105,40 @@ class Trust::ControllerTest < ActiveSupport::TestCase
|
|
102
105
|
Trust::Authorization.expects(:user=).with(user)
|
103
106
|
@controller.set_user
|
104
107
|
end
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
+
context 'load_resource' do
|
109
|
+
setup do
|
110
|
+
@authorization = stub('authorization')
|
111
|
+
@controller.stubs(:authorization).returns(@authorization)
|
112
|
+
@controller.stubs(:params).returns({})
|
113
|
+
@controller.stubs(:request).returns(stub('request', params: {}))
|
114
|
+
end
|
115
|
+
should 'preload authorizations upon new actions' do
|
116
|
+
@controller.expects(:action_name).returns('new')
|
117
|
+
@authorization.expects(:preload)
|
118
|
+
@controller.resource.expects(:load).returns(:the_instance)
|
119
|
+
@authorization.expects(:instance_loaded).with(:the_instance)
|
120
|
+
@controller.load_resource
|
121
|
+
end
|
122
|
+
should 'just load existing resources' do
|
123
|
+
@controller.expects(:action_name).returns('index')
|
124
|
+
@controller.resource.expects(:load).returns(:the_instance)
|
125
|
+
@controller.load_resource
|
126
|
+
end
|
108
127
|
end
|
109
128
|
should 'expose resource as helper' do
|
110
129
|
assert @controller.class._helper_methods.include?(:resource)
|
111
130
|
end
|
131
|
+
should 'initialize authorization object properly' do
|
132
|
+
@controller.instance_variable_set :@authorization, nil
|
133
|
+
@controller.expects(:resource).returns(:the_resource)
|
134
|
+
@controller.expects(:action_name).returns('index')
|
135
|
+
Trust::Authorization.expects(:new).with('index', :the_resource).returns(:an_authorization)
|
136
|
+
assert_equal :an_authorization, @controller.authorization
|
137
|
+
assert_equal :an_authorization, @controller.instance_variable_get( :@authorization)
|
138
|
+
end
|
112
139
|
should 'provide access control' do
|
113
|
-
|
114
|
-
|
115
|
-
klass = stub('resource klass')
|
116
|
-
parent = stub('resource parent')
|
117
|
-
|
118
|
-
resource.expects(:instance).returns(instance)
|
119
|
-
resource.expects(:parent).returns(parent)
|
120
|
-
@controller.expects(:resource).returns(resource).twice
|
121
|
-
Trust::Authorization.expects(:authorize!).with(nil,instance,parent)
|
122
|
-
@controller.access_control
|
123
|
-
|
124
|
-
resource.expects(:instance).returns(nil)
|
125
|
-
resource.expects(:parent).returns(parent)
|
126
|
-
resource.expects(:klass).returns(klass)
|
127
|
-
@controller.expects(:resource).returns(resource).times(3)
|
128
|
-
Trust::Authorization.expects(:authorize!).with(nil,klass,parent)
|
140
|
+
@controller.stubs(:authorization).returns(stub('authorization'))
|
141
|
+
@controller.authorization.expects(:authorize!)
|
129
142
|
@controller.access_control
|
130
143
|
end
|
131
144
|
context 'can?' do
|
@@ -25,23 +25,40 @@
|
|
25
25
|
require 'test_helper'
|
26
26
|
|
27
27
|
class Trust::PermissionsTest < ActiveSupport::TestCase
|
28
|
+
|
29
|
+
class Fund < Trust::Permissions
|
30
|
+
end
|
31
|
+
|
28
32
|
setup do
|
29
|
-
class Fund < Trust::Permissions
|
30
|
-
end
|
31
33
|
@base = Fund
|
34
|
+
@action_aliases = Trust::Permissions.action_aliases
|
35
|
+
Trust::Permissions.action_aliases[:update] = [:update, :edit]
|
36
|
+
end
|
37
|
+
teardown do
|
38
|
+
Trust::Permissions.action_aliases = @action_aliases
|
32
39
|
end
|
33
40
|
context 'class_attributes' do
|
34
41
|
should 'have default values' do
|
35
42
|
assert_equal @base.permissions, {}
|
43
|
+
assert_equal @base.member_permissions, {}
|
36
44
|
assert_equal @base.action_aliases, {
|
37
|
-
read: [:index, :show],
|
38
|
-
create: [:create, :new],
|
45
|
+
# read: [:index, :show],
|
46
|
+
# create: [:create, :new],
|
39
47
|
update: [:update, :edit],
|
40
|
-
manage: [:index, :show, :create, :new, :update, :edit, :destroy]
|
48
|
+
# manage: [:index, :show, :create, :new, :update, :edit, :destroy]
|
41
49
|
}
|
42
50
|
end
|
43
51
|
end
|
44
52
|
|
53
|
+
class TestAuth < Trust::Permissions
|
54
|
+
end
|
55
|
+
|
56
|
+
class TestMemberAuth < Trust::Permissions
|
57
|
+
end
|
58
|
+
|
59
|
+
class TestRoleCan < Trust::Permissions
|
60
|
+
end
|
61
|
+
|
45
62
|
context 'class method' do
|
46
63
|
context 'can' do
|
47
64
|
should 'work without using block' do
|
@@ -52,10 +69,6 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
52
69
|
end
|
53
70
|
end
|
54
71
|
context 'can with role block' do
|
55
|
-
setup do
|
56
|
-
class TestAuth < Trust::Permissions
|
57
|
-
end
|
58
|
-
end
|
59
72
|
should 'set permissions correctly' do
|
60
73
|
TestAuth.role :tester do
|
61
74
|
TestAuth.can :hi
|
@@ -68,24 +81,31 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
68
81
|
# Verify that parent class is not affected
|
69
82
|
assert_equal expected, @base.permissions, "#{@base.name} was modified"
|
70
83
|
# Verify that aliases are expanded
|
71
|
-
expected = {:tester
|
84
|
+
expected = {:tester=>[[:hi, {}], [:wink, {}], [:create, {}]]}
|
72
85
|
TestAuth.role :tester do
|
73
86
|
TestAuth.can :create
|
74
87
|
end
|
75
88
|
assert_equal expected, TestAuth.permissions
|
76
89
|
# Verify support for multiple roles
|
77
|
-
expected = {:tester => [[:hi, {}],[:wink, {}],[:create, {}]
|
90
|
+
expected = {:tester => [[:hi, {}],[:wink, {}],[:create, {}]], :manager => [[:hi, {}]]}
|
78
91
|
TestAuth.role :manager do
|
79
92
|
TestAuth.can :hi
|
80
93
|
end
|
81
94
|
assert_equal expected, TestAuth.permissions
|
82
95
|
end
|
83
96
|
end
|
84
|
-
context 'can
|
85
|
-
|
86
|
-
|
97
|
+
context 'can with member_role block' do
|
98
|
+
should 'set permissions correctly' do
|
99
|
+
TestMemberAuth.member_role :tester do
|
100
|
+
TestMemberAuth.can :hi
|
101
|
+
TestMemberAuth.can :wink
|
87
102
|
end
|
103
|
+
# verfy that permissions are structured correctly
|
104
|
+
expected = {:tester => [[:hi, {}],[:wink, {}]]}
|
105
|
+
assert_equal expected, TestMemberAuth.member_permissions
|
88
106
|
end
|
107
|
+
end
|
108
|
+
context 'can assigning role wihtout block' do
|
89
109
|
should 'set permissions correctly' do
|
90
110
|
TestRoleCan.role :tester, :manager, TestRoleCan.can(:hi, :wink, :if => true)
|
91
111
|
expected = {:tester => [[:hi, {:if => true}],[:wink, {:if => true}]], :manager => [[:hi, {:if => true}],[:wink, {:if => true}]]}
|
@@ -100,7 +120,7 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
100
120
|
assert_equal [:update, :edit], @base.send(:expand_aliases, :update)
|
101
121
|
end
|
102
122
|
should 'expand multiple aliases' do
|
103
|
-
assert_equal [:update, :edit, :create
|
123
|
+
assert_equal [:update, :edit, :create], @base.send(:expand_aliases, [:update, :create])
|
104
124
|
end
|
105
125
|
should 'return action if there are no aliases' do
|
106
126
|
assert_equal [:hi], @base.send(:expand_aliases, :hi)
|
@@ -125,7 +145,7 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
125
145
|
|
126
146
|
context 'instance method' do
|
127
147
|
setup do
|
128
|
-
@subject = @base.new(:user, :wink,
|
148
|
+
@subject = @base.new(:user, :wink, @base, :subject, :parent)
|
129
149
|
end
|
130
150
|
context 'authorized?' do
|
131
151
|
setup do
|
@@ -133,6 +153,12 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
133
153
|
@subject.send(:authorized?)
|
134
154
|
end
|
135
155
|
end
|
156
|
+
should 'return params_handler' do
|
157
|
+
@user = stub(:role_symbols => [:manager])
|
158
|
+
@base.expects(:permissions).returns({:manager => [ [:wink, {permit: [:a, :b]}] ]})
|
159
|
+
@subject.stubs(:user).returns(@user)
|
160
|
+
assert_equal ({require: :trust_permissions_test_fund, permit: [:a, :b]}), authorized?
|
161
|
+
end
|
136
162
|
should 'by default be false' do
|
137
163
|
@user = stub(:role_symbols => [])
|
138
164
|
@subject.stubs(:user).returns(@user)
|
@@ -154,9 +180,20 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
154
180
|
@base.stubs(:permissions).
|
155
181
|
returns({:tester => [[:hi, {}],[:wink, {}]]}).then.
|
156
182
|
returns({:manager => [[:hi, {}],[:wink, {}]]})
|
157
|
-
assert authorized?
|
158
183
|
assert authorized?
|
159
184
|
end
|
185
|
+
should 'delegate to members_role if required' do
|
186
|
+
@user = stub(:role_symbols => [:gurba])
|
187
|
+
@subject.stubs(:user).returns(@user)
|
188
|
+
@base.stubs(:permissions).returns({})
|
189
|
+
assert !authorized?
|
190
|
+
@base.stubs(:member_permissions).returns({:manager => [[:hi, {}],[:wink, {}]]})
|
191
|
+
assert !authorized?
|
192
|
+
@base.any_instance.stubs(:members_role).returns(:manager)
|
193
|
+
assert authorized?
|
194
|
+
@base.stubs(:member_permissions).returns({})
|
195
|
+
assert !authorized?
|
196
|
+
end
|
160
197
|
end
|
161
198
|
context 'eval_expr' do
|
162
199
|
setup do
|
@@ -173,7 +210,7 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
173
210
|
assert !eval_expr(:if => true, :unless => true)
|
174
211
|
assert !eval_expr(:if => false, :unless => true)
|
175
212
|
assert !eval_expr(:if => true, :unless => true)
|
176
|
-
|
213
|
+
assert_equal ({}), eval_expr(:if => true, :unless => false)
|
177
214
|
end
|
178
215
|
should 'support the following conditions' do
|
179
216
|
assert eval_expr(:if => true)
|
@@ -181,33 +218,62 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
181
218
|
end
|
182
219
|
should 'support symbol expression' do
|
183
220
|
@subject.expects(:hello).returns(true)
|
184
|
-
|
221
|
+
assert_equal ({}), eval_expr(:if => :hello)
|
185
222
|
end
|
186
223
|
should 'support proc expression' do
|
187
|
-
|
188
|
-
|
189
|
-
|
224
|
+
assert_equal ({}), eval_expr(:if => Proc.new { true })
|
225
|
+
assert_equal ({}), eval_expr(:if => lambda { true })
|
226
|
+
assert_equal ({}), eval_expr(:unless => lambda { false })
|
227
|
+
end
|
228
|
+
context 'preloaded' do
|
229
|
+
should 'parse well known expressions' do
|
230
|
+
assert_equal ({require: :x, permit: [:name, :address]}), eval_expr(require: :x, permit: [:name, :address])
|
231
|
+
end
|
232
|
+
should 'support preload? method' do
|
233
|
+
@subject.instance_variable_set(:@preload, true)
|
234
|
+
assert !eval_expr(require: :x, permit: [:name, :address], unless: :preload?)
|
235
|
+
assert ({require: :x, permit: [:name, :address]}), eval_expr(require: :x, permit: [:name, :address], if: :preload?)
|
236
|
+
end
|
237
|
+
end
|
238
|
+
end
|
239
|
+
context 'preloading' do
|
240
|
+
should 'set preload attribute' do
|
241
|
+
@var = nil
|
242
|
+
@subject.expects(:authorized?).with() { @var = @subject.preload? }
|
243
|
+
assert !@var
|
244
|
+
@subject.preload
|
245
|
+
assert @var
|
246
|
+
end
|
247
|
+
should 'allow instance writer to subject' do
|
248
|
+
@subject.subject = :new_subject
|
249
|
+
assert_equal :new_subject, @subject.subject
|
250
|
+
end
|
251
|
+
end
|
252
|
+
context 'route key' do
|
253
|
+
should 'convert class to names appropriately' do
|
254
|
+
assert_equal :trust_permissions_test_account, @subject.send(:route_key, Account)
|
190
255
|
end
|
191
256
|
end
|
192
257
|
end
|
193
258
|
|
259
|
+
class Account < Trust::Permissions
|
260
|
+
role :tester do
|
261
|
+
can :test_user, :if => Proc.new { user.name == 'mcgormic' }
|
262
|
+
can :test_action, :if => lambda { action == :test_action }
|
263
|
+
can :test_klass, :if => lambda { klass == Account }
|
264
|
+
can :test_subject, :if => lambda { subject == :subject }
|
265
|
+
can :test_parent, :if => lambda { parent == :parent }
|
266
|
+
can :test_failure, :if => lambda { failure == :failure }
|
267
|
+
end
|
268
|
+
end
|
269
|
+
|
194
270
|
context 'accessing accessors in Permission instance' do
|
195
271
|
setup do
|
196
|
-
class Account < Trust::Permissions
|
197
|
-
role :tester do
|
198
|
-
can :test_user, :if => Proc.new { user.name == 'mcgormic' }
|
199
|
-
can :test_action, :if => lambda { action == :test_action }
|
200
|
-
can :test_klass, :if => lambda { klass == :klass }
|
201
|
-
can :test_subject, :if => lambda { subject == :subject }
|
202
|
-
can :test_parent, :if => lambda { parent == :parent }
|
203
|
-
can :test_failure, :if => lambda { failure == :failure }
|
204
|
-
end
|
205
|
-
end
|
206
272
|
@user = stub(:name => 'mcgormic', :role_symbols => [:tester])
|
207
273
|
end
|
208
274
|
should 'expose accessors' do
|
209
275
|
%w(user action klass subject parent).each do |attr|
|
210
|
-
@perm = Account.new(@user, :"test_#{attr}",
|
276
|
+
@perm = Account.new(@user, :"test_#{attr}", Account, :subject, :parent)
|
211
277
|
assert @perm.authorized?, "test_#{attr} failed"
|
212
278
|
end
|
213
279
|
assert_raises NameError do
|
@@ -215,20 +281,50 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
215
281
|
assert @perm.authorized?
|
216
282
|
end
|
217
283
|
end
|
218
|
-
|
284
|
+
end
|
285
|
+
|
286
|
+
|
287
|
+
class TestBaseAuth < Trust::Permissions
|
288
|
+
end
|
289
|
+
class TestBaseAuth2 < Trust::Permissions
|
290
|
+
end
|
291
|
+
class TestInheritedAuth < TestBaseAuth
|
292
|
+
end
|
293
|
+
class TestOverride < TestBaseAuth2
|
294
|
+
end
|
295
|
+
class TestCannnotArgumentError < Trust::Permissions
|
296
|
+
end
|
297
|
+
class TestBaseAuth3 < Trust::Permissions
|
298
|
+
role :tester, :friend do
|
299
|
+
can :hi, :if => :ho
|
300
|
+
can :wink
|
301
|
+
end
|
302
|
+
end
|
303
|
+
class TestCannot < TestBaseAuth3
|
304
|
+
role :tester, cannot(:wink)
|
305
|
+
role :friend do
|
306
|
+
cannot :hi
|
307
|
+
end
|
308
|
+
end
|
309
|
+
class TestBaseAuth4 < Trust::Permissions
|
310
|
+
role :tester, :friend do
|
311
|
+
can :hi, :if => :ho
|
312
|
+
can :wink
|
313
|
+
end
|
314
|
+
end
|
315
|
+
class TestEnforce < TestBaseAuth4
|
316
|
+
role :tester, can(:wink, :enforce => true, :if => :yo)
|
317
|
+
role :friend do
|
318
|
+
can :hi, :enforce => true, :if => :sure
|
319
|
+
end
|
219
320
|
end
|
220
321
|
|
221
322
|
context 'inheritance' do
|
222
323
|
should 'clone deeply' do
|
223
|
-
class TestBaseAuth < Trust::Permissions
|
224
|
-
end
|
225
324
|
TestBaseAuth.role :tester do
|
226
325
|
TestBaseAuth.can :hi, :if => :ho
|
227
326
|
TestBaseAuth.can :wink
|
228
327
|
end
|
229
|
-
|
230
|
-
class TestInheritedAuth < TestBaseAuth
|
231
|
-
end
|
232
328
|
TestInheritedAuth.role :tester do
|
233
329
|
TestInheritedAuth.can :foo, :if => :foobar
|
234
330
|
TestInheritedAuth.can :bar
|
@@ -239,15 +335,11 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
239
335
|
assert_equal expect, TestInheritedAuth.permissions
|
240
336
|
end
|
241
337
|
should 'accumulate inherited permissions' do
|
242
|
-
class TestBaseAuth2 < Trust::Permissions
|
243
|
-
end
|
244
338
|
TestBaseAuth2.role :tester do
|
245
339
|
TestBaseAuth2.can :hi, :if => :ho
|
246
340
|
TestBaseAuth2.can :wink
|
247
341
|
end
|
248
342
|
|
249
|
-
class TestOverride < TestBaseAuth2
|
250
|
-
end
|
251
343
|
TestOverride.role :tester do
|
252
344
|
TestOverride.can :hi, :if => :ha
|
253
345
|
end
|
@@ -257,47 +349,21 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
257
349
|
|
258
350
|
context 'with cannot' do
|
259
351
|
should 'not accept options' do
|
260
|
-
class TestCannnotArgumentError < Trust::Permissions
|
261
|
-
end
|
262
352
|
assert_raises ArgumentError do
|
263
353
|
TestCannnotArgumentError.cannot :do, :options => true
|
264
354
|
end
|
265
355
|
end
|
266
356
|
should 'revoke permissions' do
|
267
|
-
class TestBaseAuth3 < Trust::Permissions
|
268
|
-
role :tester, :friend do
|
269
|
-
can :hi, :if => :ho
|
270
|
-
can :wink
|
271
|
-
end
|
272
|
-
end
|
273
357
|
expect = {:tester => [[:hi, {:if => :ho}],[:wink, {}]], :friend => [[:hi, {:if => :ho}],[:wink, {}]]}
|
274
358
|
assert_equal expect, TestBaseAuth3.permissions
|
275
|
-
class TestCannot < TestBaseAuth3
|
276
|
-
role :tester, cannot(:wink)
|
277
|
-
role :friend do
|
278
|
-
cannot :hi
|
279
|
-
end
|
280
|
-
end
|
281
359
|
expect = {:tester => [[:hi, {:if => :ho}]], :friend => [[:wink, {}]]}
|
282
360
|
assert_equal expect, TestCannot.permissions
|
283
361
|
end
|
284
362
|
end
|
285
363
|
context 'with enforce' do
|
286
364
|
should 'override previous cans' do
|
287
|
-
class TestBaseAuth4 < Trust::Permissions
|
288
|
-
role :tester, :friend do
|
289
|
-
can :hi, :if => :ho
|
290
|
-
can :wink
|
291
|
-
end
|
292
|
-
end
|
293
365
|
expect = {:tester => [[:hi, {:if => :ho}],[:wink, {}]], :friend => [[:hi, {:if => :ho}],[:wink, {}]]}
|
294
366
|
assert_equal expect, TestBaseAuth4.permissions
|
295
|
-
class TestEnforce < TestBaseAuth4
|
296
|
-
role :tester, can(:wink, :enforce => true, :if => :yo)
|
297
|
-
role :friend do
|
298
|
-
can :hi, :enforce => true, :if => :sure
|
299
|
-
end
|
300
|
-
end
|
301
367
|
expect = {:tester => [[:hi, {:if => :ho}],[:wink, {:if => :yo}]], :friend => [[:wink, {}],[:hi, {:if => :sure}]]}
|
302
368
|
assert_equal expect, TestEnforce.permissions
|
303
369
|
# Parent permissions should not be affected
|
@@ -306,4 +372,65 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
|
|
306
372
|
end
|
307
373
|
end
|
308
374
|
end
|
375
|
+
|
376
|
+
|
377
|
+
class TestPermit < Trust::Permissions
|
378
|
+
require :entity
|
379
|
+
permit :aha, :joho
|
380
|
+
role :tester do
|
381
|
+
can :wink, require: :special, permit: [:no, :way]
|
382
|
+
can :blink, require: :somewhat_special
|
383
|
+
can :wave, permit: [:hands]
|
384
|
+
end
|
385
|
+
end
|
386
|
+
|
387
|
+
class TestInheritedPermit < TestPermit
|
388
|
+
end
|
389
|
+
|
390
|
+
context 'params handler storage' do
|
391
|
+
setup do
|
392
|
+
@ta = TestPermit.new(:user, :wink, TestPermit, :subject, :parent)
|
393
|
+
@user = stub(:role_symbols => [:tester])
|
394
|
+
end
|
395
|
+
context 'of require' do
|
396
|
+
should 'default unless specified' do
|
397
|
+
TestPermit.entity_required = nil
|
398
|
+
ph = @ta.send(:params_handler_default, {})
|
399
|
+
assert_equal :trust_permissions_test_test_permit, ph[:require]
|
400
|
+
TestPermit.entity_required = :entity
|
401
|
+
end
|
402
|
+
should 'store default' do
|
403
|
+
assert_equal :entity, @ta.entity_required
|
404
|
+
end
|
405
|
+
should 'inherit default' do
|
406
|
+
ta = TestInheritedPermit.new(:user, :wink, TestInheritedPermit, :subject, :parent)
|
407
|
+
assert_equal :entity, ta.entity_required
|
408
|
+
end
|
409
|
+
should 'override on action' do
|
410
|
+
ta = TestInheritedPermit.new(@user, :wave, TestInheritedPermit, :subject, :parent)
|
411
|
+
expected = {require: :entity, permit: [:hands]}
|
412
|
+
assert_equal expected, ta.authorized?
|
413
|
+
end
|
414
|
+
end
|
415
|
+
context 'of permit' do
|
416
|
+
should 'store default' do
|
417
|
+
assert_equal [:aha, :joho], @ta.entity_attributes
|
418
|
+
end
|
419
|
+
should 'inherit default' do
|
420
|
+
ta = TestInheritedPermit.new(:user, :wink, TestInheritedPermit, :subject, :parent)
|
421
|
+
assert_equal [:aha, :joho], ta.entity_attributes
|
422
|
+
end
|
423
|
+
should 'override on action' do
|
424
|
+
ta = TestInheritedPermit.new(@user, :blink, TestInheritedPermit, :subject, :parent)
|
425
|
+
expected = {require: :somewhat_special, permit: [:aha, :joho]}
|
426
|
+
assert_equal expected, ta.authorized?
|
427
|
+
end
|
428
|
+
end
|
429
|
+
should 'override on action' do
|
430
|
+
ta = TestInheritedPermit.new(@user, :wink, TestInheritedPermit, :subject, :parent)
|
431
|
+
expected = {require: :special, permit: [:no, :way]}
|
432
|
+
assert_equal expected, ta.authorized?
|
433
|
+
end
|
434
|
+
end
|
435
|
+
|
309
436
|
end
|