tuersteher 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6c9a87b5dd44b07d9d007776268488b17bc54eac69e7b2ca9c34ead5dd9e5ca7
4
- data.tar.gz: e899723582f2090efd837a7a2d308d40c2cbc43a089ca0b8a6dcd4a6fe1e3de4
3
+ metadata.gz: 75d9524809994df44c397d4b61a7679245e9155e9170a52e4669ad424501b077
4
+ data.tar.gz: aebdc4bcf3723217544dd6d7a032cba0a763ded1b4bbf02652de6ef77a638a4b
5
5
  SHA512:
6
- metadata.gz: eb765c3d95fcbd938c675e0396128aead6cfd81f5cfa037cec31e04a188ae8f7e6bbae7f9fa6113066e6e685e5679f37e3b7377e4ff5bad08f33a3f7a3e83a96
7
- data.tar.gz: 71893a402e3327ecd40c9b2e2d9932da4df596c328ad0ce7d91fe469203e629c0b79b64fde50b3b0ba500befe5e378eaeb0d4f07bb1dccf806239745b58e44a5
6
+ metadata.gz: 250f03314650921efdfd4ea6b8b82c01a6d3dfc4321993c65d7d41eefb4ebf17566db8508a9ad5a41f9dfb7ca6e027e266ddd945456a21ac7681e3506fe3ca17
7
+ data.tar.gz: e72fcd1ba11b5df1cf25a933900e7dd0d29a4af24099205284c21790294160807aabe65cc0b41a467e8993855bf3f37796038295254c043a7c215f15667ad82a
data/.rspec ADDED
@@ -0,0 +1 @@
1
+ --require spec_helper
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 2.5.7
data/lib/tuersteher.rb CHANGED
@@ -194,13 +194,13 @@ module Tuersteher
194
194
  class << self
195
195
 
196
196
  # Pruefen Zugriff fuer eine Web-action
197
- # @param login_contex Login-Contex, für den der Zugriff geprüft werden soll (muss Methode has_role? haben)
197
+ # @param login_context Login-Contex, für den der Zugriff geprüft werden soll (muss Methode has_role? haben)
198
198
  # @param path Pfad der Webresource (String)
199
199
  # @param method http-Methode (:get, :put, :delete, :post), default ist :get
200
200
  #
201
- def path_access?(login_contex, path, method = :get)
201
+ def path_access?(login_context, path, method = :get)
202
202
  rule = AccessRulesStorage.instance.path_rules.detect do |r|
203
- r.fired?(path, method, login_contex)
203
+ r.fired?(path, method, login_context)
204
204
  end
205
205
  if Tuersteher::TLogger.logger.debug?
206
206
  if rule.nil?
@@ -208,8 +208,8 @@ module Tuersteher
208
208
  else
209
209
  s = "fired with #{rule}"
210
210
  end
211
- lc_id = login_contex && login_contex.respond_to?(:id) ? login_contex.id : login_contex.object_id
212
- Tuersteher::TLogger.logger.debug("Tuersteher: path_access?(login_contex.id=#{lc_id}, path=#{path}, method=#{method}) => #{s}")
211
+ lc_id = login_context && login_context.respond_to?(:id) ? login_context.id : login_context.object_id
212
+ Tuersteher::TLogger.logger.debug("Tuersteher: path_access?(login_context.id=#{lc_id}, path=#{path}, method=#{method}) => #{s}")
213
213
  end
214
214
  !(rule.nil? || rule.deny?)
215
215
  end
@@ -217,38 +217,38 @@ module Tuersteher
217
217
 
218
218
  # Pruefen Zugriff auf ein Model-Object
219
219
  #
220
- # @param login_contex Login-Contex, für den der Zugriff geprüft werden soll (muss Methode has_role? haben)
220
+ # @param login_context Login-Contex, für den der Zugriff geprüft werden soll (muss Methode has_role? haben)
221
221
  # @param model das Model-Object
222
222
  # @param permission das geforderte Zugriffsrecht (:create, :update, :destroy, :get)
223
223
  #
224
224
  # liefert true/false
225
- def model_access? login_contex, model, permission
225
+ def model_access? login_context, model, permission
226
226
  raise "Wrong call! Use: model_access(model-instance-or-class, permission)" unless permission.is_a? Symbol
227
227
  return false unless model
228
228
 
229
229
  rule = AccessRulesStorage.instance.model_rules.detect do |rule|
230
- rule.fired? model, permission, login_contex
230
+ rule.fired? model, permission, login_context
231
231
  end
232
232
  access = rule && !rule.deny?
233
233
  if Tuersteher::TLogger.logger.debug?
234
- lc_id = login_contex && login_contex.respond_to?(:id) ? login_contex.id : login_contex.object_id
234
+ lc_id = login_context && login_context.respond_to?(:id) ? login_context.id : login_context.object_id
235
235
  if model.instance_of?(Class)
236
236
  Tuersteher::TLogger.logger.debug(
237
- "Tuersteher: model_access?(login_contex.id=#{lc_id}, model=#{model}, permission=#{permission}) => #{access || 'denied'} #{rule}")
237
+ "Tuersteher: model_access?(login_context.id=#{lc_id}, model=#{model}, permission=#{permission}) => #{access || 'denied'} #{rule}")
238
238
  else
239
239
  Tuersteher::TLogger.logger.debug(
240
- "Tuersteher: model_access?(login_contex.id=#{lc_id}, model=#{model.class}(#{model.respond_to?(:id) ? model.id : model.object_id }), permission=#{permission}) => #{access || 'denied'} #{rule}")
240
+ "Tuersteher: model_access?(login_context.id=#{lc_id}, model=#{model.class}(#{model.respond_to?(:id) ? model.id : model.object_id }), permission=#{permission}) => #{access || 'denied'} #{rule}")
241
241
  end
242
242
  end
243
243
  access
244
244
  end
245
245
 
246
246
  # Bereinigen (entfernen) aller Objecte aus der angebenen Collection,
247
- # wo der angegebene login_contex nicht das angegebene Recht hat
247
+ # wo der angegebene login_context nicht das angegebene Recht hat
248
248
  #
249
249
  # liefert ein neues Array mit den Objecten, wo der spez. Zugriff arlaubt ist
250
- def purge_collection login_contex, collection, permission
251
- collection.select{|model| model_access?(login_contex, model, permission)}
250
+ def purge_collection login_context, collection, permission
251
+ collection.select{|model| model_access?(login_context, model, permission)}
252
252
  end
253
253
  end # of Class-Methods
254
254
  end # of AccessRules
@@ -258,7 +258,7 @@ module Tuersteher
258
258
  # Module zum Include in Controllers
259
259
  # Dieser muss die folgenden Methoden bereitstellen:
260
260
  #
261
- # login_contex : akt. Login-Contex
261
+ # login_context : akt. Login-Contex
262
262
  # access_denied : Methode aus dem authenticated_system, welche ein redirect zum login auslöst
263
263
  #
264
264
  # Der Loginlogin_contex muss fuer die hier benoetigte Funktionalitaet
@@ -278,7 +278,7 @@ module Tuersteher
278
278
  # method http-Methode (:get, :put, :delete, :post), default ist :get
279
279
  #
280
280
  def path_access?(path, method = :get)
281
- AccessRules.path_access? login_contex, path, method
281
+ AccessRules.path_access? login_context, path, method
282
282
  end
283
283
 
284
284
  # Pruefen Zugriff auf ein Model-Object
@@ -288,15 +288,15 @@ module Tuersteher
288
288
  #
289
289
  # liefert true/false
290
290
  def model_access? model, permission
291
- AccessRules.model_access? login_contex, model, permission
291
+ AccessRules.model_access? login_context, model, permission
292
292
  end
293
293
 
294
294
  # Bereinigen (entfernen) aller Objecte aus der angebenen Collection,
295
- # wo der akt. login_contex nicht das angegebene Recht hat
295
+ # wo der akt. login_context nicht das angegebene Recht hat
296
296
  #
297
297
  # liefert ein neues Array mit den Objecten, wo der spez. Zugriff arlaubt ist
298
298
  def purge_collection collection, permission
299
- AccessRules.purge_collection(login_contex, collection, permission)
299
+ AccessRules.purge_collection(login_context, collection, permission)
300
300
  end
301
301
 
302
302
 
@@ -309,7 +309,7 @@ module Tuersteher
309
309
 
310
310
  protected
311
311
 
312
- # Pruefen, ob Zugriff des login_contex
312
+ # Pruefen, ob Zugriff des login_context
313
313
  # fuer aktullen Request erlaubt ist
314
314
  def check_access
315
315
 
@@ -323,15 +323,15 @@ module Tuersteher
323
323
  ar_storage.read_rules
324
324
  end
325
325
 
326
- # bind login_contex on the current thread
327
- Thread.current[:login_contex] = login_contex
326
+ # bind login_context on the current thread
327
+ Thread.current[:login_context] = login_context
328
328
 
329
329
  req_method = request.method
330
330
  req_method = req_method.downcase.to_sym if req_method.is_a?(String)
331
331
  url_path = request.fullpath
332
332
  unless path_access?(url_path, req_method)
333
- lc_id = login_contex && login_contex.respond_to?(:id) ? login_contex.id : login_contex.object_id
334
- msg = "Tuersteher#check_access: access denied for #{url_path} :#{req_method} login_contex.id=#{lc_id}"
333
+ lc_id = login_context && login_context.respond_to?(:id) ? login_context.id : login_context.object_id
334
+ msg = "Tuersteher#check_access: access denied for #{url_path} :#{req_method} login_context.id=#{lc_id}"
335
335
  Tuersteher::TLogger.logger.warn msg
336
336
  logger.warn msg # log message also for Rails-Default logger
337
337
  access_denied # Methode aus dem authenticated_system, welche z.B. ein redirect zum login auslöst
@@ -344,7 +344,7 @@ module Tuersteher
344
344
 
345
345
  # Module for include in Model-Object-Classes
346
346
  #
347
- # The module get the login_contex from Thread.current[:login_contex]
347
+ # The module get the login_context from Thread.current[:login_context]
348
348
  #
349
349
  # Sample for ActiveRecord-Class
350
350
  # class Sample < ActiveRecord::Base
@@ -364,9 +364,9 @@ module Tuersteher
364
364
  #
365
365
  # raise a SecurityError-Exception if access denied
366
366
  def check_access permission
367
- login_contex = Thread.current[:login_contex]
368
- unless AccessRules.model_access? login_contex, self, permission
369
- raise SecurityError, "Access denied! Current login_contex have no permission '#{permission}' on Model-Object #{self}."
367
+ login_context = Thread.current[:login_context]
368
+ unless AccessRules.model_access? login_context, self, permission
369
+ raise SecurityError, "Access denied! Current login_context have no permission '#{permission}' on Model-Object #{self}."
370
370
  end
371
371
  end
372
372
 
@@ -377,12 +377,12 @@ module Tuersteher
377
377
  module ClassMethods
378
378
 
379
379
  # Bereinigen (entfernen) aller Objecte aus der angebenen Collection,
380
- # wo der akt. login_contex nicht das angegebene Recht hat
380
+ # wo der akt. login_context nicht das angegebene Recht hat
381
381
  #
382
382
  # liefert ein neues Array mit den Objecten, wo der spez. Zugriff arlaubt ist
383
383
  def purge_collection collection, permission
384
- login_contex = Thread.current[:login_contex]
385
- AccessRules.purge_collection(login_contex, collection, permission)
384
+ login_context = Thread.current[:login_context]
385
+ AccessRules.purge_collection(login_context, collection, permission)
386
386
  end
387
387
  end # of ClassMethods
388
388
 
@@ -640,7 +640,7 @@ module Tuersteher
640
640
 
641
641
  # check, if this rule fired for specified parameter
642
642
  def fired? path_or_model, method, login_ctx
643
- login_ctx = nil if login_ctx==:false # manche Authenticate-System setzen den login_ctx/login_contex auf :false
643
+ login_ctx = nil if login_ctx==:false # manche Authenticate-System setzen den login_ctx/login_context auf :false
644
644
  @rule_spezifications.all?{|spec| spec.grant?(path_or_model, method, login_ctx)}
645
645
  end
646
646
 
@@ -12,74 +12,72 @@ module Tuersteher
12
12
  PathAccessRule.new('/images').method(:get),
13
13
  PathAccessRule.new('/status').method(:get).role(:system)
14
14
  ]
15
- AccessRulesStorage.instance.stub(:path_rules).and_return(rules)
16
- @user = double('user')
15
+ expect(AccessRulesStorage.instance).to receive(:path_rules).at_least(:once){ rules }
16
+ @login_context = double('login_context')
17
17
  end
18
18
 
19
19
 
20
- context "User with role :user" do
21
- before do
22
- @user.stub(:has_role?){|role| role==:user}
23
- end
20
+ context "LoginContext with role :user" do
24
21
 
25
22
  it "should be true for this paths" do
26
- AccessRules.path_access?(@user, '/', :get).should be_truthy
27
- AccessRules.path_access?(@user, '/', :post).should be_truthy
28
- AccessRules.path_access?(@user, '/images', :get).should be_truthy
23
+ expect(AccessRules.path_access?(@login_context, '/', :get)).to be_truthy
24
+ expect(AccessRules.path_access?(@login_context, '/', :post)).to be_truthy
25
+ expect(AccessRules.path_access?(@login_context, '/images', :get)).to be_truthy
29
26
  end
30
27
 
31
28
  it "should not be true for this paths" do
32
- AccessRules.path_access?(@user, '/admin', :get).should_not be_truthy
33
- AccessRules.path_access?(@user, '/images', :post).should_not be_truthy
34
- AccessRules.path_access?(@user, '/status', :get).should_not be_truthy
29
+ expect(@login_context).to receive(:has_role?){|role| role==:user}.at_least(:once)
30
+ expect(AccessRules.path_access?(@login_context, '/admin', :get)).to_not be_truthy
31
+ expect(AccessRules.path_access?(@login_context, '/images', :post)).to_not be_truthy
32
+ expect(AccessRules.path_access?(@login_context, '/status', :get)).to_not be_truthy
35
33
  end
36
34
  end
37
35
 
38
36
 
39
- context "User with role :admin" do
37
+ context "LoginContext with role :admin" do
40
38
  before do
41
- @user.stub(:has_role?){|role| role==:admin}
39
+ expect(@login_context).to receive(:has_role?){|role| role==:admin}.at_least(:once)
42
40
  end
43
41
 
44
42
  it "should be true for this paths" do
45
- AccessRules.path_access?(@user, '/', :get).should be_truthy
46
- AccessRules.path_access?(@user, '/admin', :post).should be_truthy
47
- AccessRules.path_access?(@user, '/images', :get).should be_truthy
43
+ expect(AccessRules.path_access?(@login_context, '/', :get)).to be_truthy
44
+ expect(AccessRules.path_access?(@login_context, '/admin', :post)).to be_truthy
45
+ expect(AccessRules.path_access?(@login_context, '/images', :get)).to be_truthy
48
46
  end
49
47
 
50
48
  it "should not be true for this paths" do
51
- AccessRules.path_access?(@user, '/xyz', :get).should_not be_truthy
52
- AccessRules.path_access?(@user, '/images', :post).should_not be_truthy
53
- AccessRules.path_access?(@user, '/status', :get).should_not be_truthy
49
+ expect(AccessRules.path_access?(@login_context, '/xyz', :get)).to_not be_truthy
50
+ expect(AccessRules.path_access?(@login_context, '/images', :post)).to_not be_truthy
51
+ expect(AccessRules.path_access?(@login_context, '/status', :get)).to_not be_truthy
54
52
  end
55
53
  end
56
54
 
57
55
 
58
- context "User with role :system" do
56
+ context "LoginContext with role :system" do
59
57
  before do
60
- @user.stub(:has_role?){|role| role==:system}
58
+ expect(@login_context).to receive(:has_role?){|role| role==:system}.at_least(:once)
61
59
  end
62
60
 
63
61
  it "should be true for this paths" do
64
- AccessRules.path_access?(@user, '/', :get).should be_truthy
65
- AccessRules.path_access?(@user, '/status', :get).should be_truthy
62
+ expect(AccessRules.path_access?(@login_context, '/', :get)).to be_truthy
63
+ expect(AccessRules.path_access?(@login_context, '/status', :get)).to be_truthy
66
64
  end
67
65
 
68
66
  it "should not be true for this paths" do
69
- AccessRules.path_access?(@user, '/xyz', :get).should_not be_truthy
70
- AccessRules.path_access?(@user, '/admin', :post).should_not be_truthy
67
+ expect(AccessRules.path_access?(@login_context, '/xyz', :get)).to_not be_truthy
68
+ expect(AccessRules.path_access?(@login_context, '/admin', :post)).to_not be_truthy
71
69
  end
72
70
  end
73
71
 
74
72
 
75
73
  context "without user" do
76
74
  it "should be true for this paths" do
77
- AccessRules.path_access?(nil, '/', :get).should be_truthy
75
+ expect(AccessRules.path_access?(nil, '/', :get)).to be_truthy
78
76
  end
79
77
 
80
78
  it "should not be true for this paths" do
81
- AccessRules.path_access?(nil, '/xyz', :get).should_not be_truthy
82
- AccessRules.path_access?(nil, '/admin', :post).should_not be_truthy
79
+ expect(AccessRules.path_access?(nil, '/xyz', :get)).to_not be_truthy
80
+ expect(AccessRules.path_access?(nil, '/admin', :post)).to_not be_truthy
83
81
  end
84
82
  end
85
83
  end
@@ -88,7 +86,8 @@ module Tuersteher
88
86
  context 'model_access?' do
89
87
 
90
88
  class SampleModel1; end
91
- class SampleModel2; end
89
+ class SampleModel2; def owner?(user); false; end; end
90
+
92
91
 
93
92
  before do
94
93
  rules = [
@@ -99,75 +98,75 @@ module Tuersteher
99
98
  ModelAccessRule.new(SampleModel2).deny.method(:create),
100
99
  ModelAccessRule.new(SampleModel2).grant.method(:all).role(:admin),
101
100
  ]
102
- AccessRulesStorage.instance.stub(:model_rules).and_return(rules)
103
- @user = double('user')
101
+ expect(AccessRulesStorage.instance).to receive(:model_rules).at_least(:once){ rules }
102
+ @login_context = double('login_context')
104
103
  @model1 = SampleModel1.new
105
104
  @model2 = SampleModel2.new
106
- @model2.stub(:owner?).and_return(false)
105
+ @model2.stub(:owner?){ false }
107
106
  end
108
107
 
109
108
 
110
- context "User with role :user" do
109
+ context "LoginContext with role :user" do
111
110
  before do
112
- @user.stub(:has_role?){|role| role==:user}
111
+ @login_context.stub(:has_role?){|role| role==:user}
113
112
  end
114
113
 
115
- it "should be true for this" do
116
- AccessRules.model_access?(@user, @model1, :xyz).should be_truthy
117
- @model2.stub(:owner?).and_return true
118
- AccessRules.model_access?(@user, @model2, :read).should be_truthy
119
- AccessRules.model_access?(@user, @model2, :update).should be_truthy
114
+ it "should be true for this rules" do
115
+ expect(AccessRules.model_access?(@login_context, @model1, :xyz)).to be_truthy
116
+ @model2.stub(:owner?){ true }
117
+ expect(AccessRules.model_access?(@login_context, @model2, :read)).to be_truthy
118
+ expect(AccessRules.model_access?(@login_context, @model2, :update)).to be_truthy
120
119
  end
121
120
 
122
121
  it "should not be true for this" do
123
- AccessRules.model_access?(@user, @model2, :update).should_not be_truthy
124
- AccessRules.model_access?(@user, @model2, :delete).should_not be_truthy
122
+ expect(AccessRules.model_access?(@login_context, @model2, :update)).to be_falsy
123
+ expect(AccessRules.model_access?(@login_context, @model2, :delete)).to be_falsy
125
124
  end
126
125
  end
127
126
 
128
127
 
129
- context "User with role :admin" do
128
+ context "LoginContext with role :admin" do
130
129
  before do
131
- @user.stub(:has_role?){|role| role==:admin}
130
+ @login_context.stub(:has_role?){|role| role==:admin}
132
131
  end
133
132
 
134
133
  it "should be true for this" do
135
- AccessRules.model_access?(@user, @model1, :xyz).should be_truthy
136
- AccessRules.model_access?(@user, @model2, :read).should be_truthy
137
- AccessRules.model_access?(@user, @model2, :update).should be_truthy
138
- AccessRules.model_access?(@user, @model2, :delete).should be_truthy
134
+ expect(AccessRules.model_access?(@login_context, @model1, :xyz)).to be_truthy
135
+ expect(AccessRules.model_access?(@login_context, @model2, :read)).to be_truthy
136
+ expect(AccessRules.model_access?(@login_context, @model2, :update)).to be_truthy
137
+ expect(AccessRules.model_access?(@login_context, @model2, :delete)).to be_truthy
139
138
  end
140
139
 
141
140
  it "should not be true for this" do
142
- AccessRules.model_access?(@user, @model2, :create).should_not be_truthy
141
+ expect(AccessRules.model_access?(@login_context, @model2, :create)).to be_falsy
143
142
  end
144
143
  end
145
144
 
146
145
 
147
- context "User with role :sysadmin" do
146
+ context "LoginContext with role :sysadmin" do
148
147
  before do
149
- @user.stub(:has_role?){|role| role==:sysadmin}
148
+ @login_context.stub(:has_role?){|role| role==:sysadmin}
150
149
  end
151
150
 
152
151
  it "should be true for this" do
153
- AccessRules.model_access?(@user, "test", :xyz).should be_truthy
154
- AccessRules.model_access?(@user, @model1, :xyz).should be_truthy
155
- AccessRules.model_access?(@user, @model2, :read).should be_truthy
156
- AccessRules.model_access?(@user, @model2, :update).should be_truthy
157
- AccessRules.model_access?(@user, @model2, :delete).should be_truthy
158
- AccessRules.model_access?(@user, @model2, :create).should be_truthy
152
+ expect(AccessRules.model_access?(@login_context, "test", :xyz)).to be_truthy
153
+ expect(AccessRules.model_access?(@login_context, @model1, :xyz)).to be_truthy
154
+ expect(AccessRules.model_access?(@login_context, @model2, :read)).to be_truthy
155
+ expect(AccessRules.model_access?(@login_context, @model2, :update)).to be_truthy
156
+ expect(AccessRules.model_access?(@login_context, @model2, :delete)).to be_truthy
157
+ expect(AccessRules.model_access?(@login_context, @model2, :create)).to be_truthy
159
158
  end
160
159
  end
161
160
 
162
161
 
163
162
  context "without user" do
164
163
  it "should be true for this models" do
165
- AccessRules.model_access?(nil, @model1, :xyz).should be_truthy
166
- AccessRules.model_access?(nil, @model2, :read).should be_truthy
164
+ expect(AccessRules.model_access?(nil, @model1, :xyz)).to be_truthy
165
+ expect(AccessRules.model_access?(nil, @model2, :read)).to be_truthy
167
166
  end
168
167
 
169
168
  it "should not be true for this models" do
170
- AccessRules.model_access?(nil, @model2, :update).should_not be_truthy
169
+ expect(AccessRules.model_access?(nil, @model2, :update)).to be_falsy
171
170
  end
172
171
  end
173
172
  end # of context 'model_access?'
@@ -186,7 +185,7 @@ module Tuersteher
186
185
  ModelAccessRule.new(SampleModel).method(:update).role(:user).extension(:owner?),
187
186
  ]
188
187
  AccessRulesStorage.instance.stub(:model_rules).and_return(rules)
189
- @user = double('user')
188
+ @login_context = double('user')
190
189
  @model1 = SampleModel.new
191
190
  @model2 = SampleModel.new
192
191
  @model3 = SampleModel.new
@@ -195,13 +194,13 @@ module Tuersteher
195
194
  end
196
195
 
197
196
  it "Should return [@model3] for user with role=:user" do
198
- @user.stub(:has_role?){|role| role==:user}
199
- AccessRules.purge_collection(@user, @collection, :update).should == [@model3]
197
+ @login_context.stub(:has_role?){|role| role==:user}
198
+ expect(AccessRules.purge_collection(@login_context, @collection, :update)).to eq [@model3]
200
199
  end
201
200
 
202
201
  it "Should return all for user with role=:admin" do
203
- @user.stub(:has_role?){|role| role==:admin}
204
- AccessRules.purge_collection(@user, @collection, :update).should == @collection
202
+ @login_context.stub(:has_role?){|role| role==:admin}
203
+ expect(AccessRules.purge_collection(@login_context, @collection, :update)).to eq @collection
205
204
  end
206
205
  end
207
206
 
@@ -58,8 +58,8 @@ end
58
58
  @path_rules = AccessRulesStorage.instance.path_rules
59
59
  end
60
60
 
61
- specify{ @path_rules.first.path_spezification.should be_nil }
62
- specify{ @path_rules.last.path_spezification.path.should == '/test/special' }
61
+ specify{ expect(@path_rules.first.path_spezification).to be_nil }
62
+ specify{ expect(@path_rules.last.path_spezification.path).to eq '/test/special' }
63
63
 
64
64
  end
65
65
  end
@@ -15,22 +15,23 @@ module Tuersteher
15
15
 
16
16
  before do
17
17
  rules = [ModelAccessRule.new(SampleModel).grant.method(:deactived).role(:admin)]
18
- AccessRulesStorage.instance.stub(:model_rules).and_return(rules)
19
- @user = double('user')
20
- Thread.current[:user] = @user
18
+ #AccessRulesStorage.instance.stub(:model_rules){ rules }
19
+ expect(AccessRulesStorage.instance).to receive(:model_rules){ rules }
20
+ @login_context = double('login_context')
21
+ Thread.current[:login_context] = @login_context
21
22
  end
22
23
 
23
24
 
24
25
  context "check_access" do
25
26
 
26
- it "should not raise a Error for user with role :admin" do
27
- @user.stub(:has_role?){|role| role==:admin}
27
+ it "should not raise a Error for login_context with role :admin" do
28
+ expect(@login_context).to receive(:has_role?){|role| role==:admin}
28
29
  model = SampleModel.new
29
30
  model.deactived
30
31
  end
31
32
 
32
- it "should raise a SecurityError for user with not role :admin" do
33
- @user.stub(:has_role?){|role| role==:user}
33
+ it "should raise a SecurityError for login_context with not role :admin" do
34
+ expect(@login_context).to receive(:has_role?){|role| role==:user}
34
35
  model = SampleModel.new
35
36
  expect{ model.deactived }.to raise_error(SecurityError)
36
37
  end
@@ -40,16 +41,16 @@ module Tuersteher
40
41
 
41
42
  context "purge_collection" do
42
43
 
43
- it "should purge nothing for user with role :admin" do
44
- @user.stub(:has_role?){|role| role==:admin}
44
+ it "should purge nothing for login_context with role :admin" do
45
+ expect(@login_context).to receive(:has_role?){|role| role==:admin}
45
46
  list = [SampleModel.new]
46
- SampleModel.purge_collection(list, :deactived).should == list
47
+ expect(SampleModel.purge_collection(list, :deactived)).to eq list
47
48
  end
48
49
 
49
- it "should purge all for user with not role :admin" do
50
- @user.stub(:has_role?){|role| role==:user}
50
+ it "should purge all for login_context with not role :admin" do
51
+ expect(@login_context).to receive(:has_role?){|role| role==:user}
51
52
  list = [SampleModel.new]
52
- SampleModel.purge_collection(list, :deactived).should == []
53
+ expect(SampleModel.purge_collection(list, :deactived)).to eq []
53
54
  end
54
55
 
55
56
  end # of context "purge_collection"
data/spec/spec_helper.rb CHANGED
@@ -1,7 +1,108 @@
1
- require 'rspec'
1
+ # This file was generated by the `rspec --init` command. Conventionally, all
2
+ # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
3
+ # The generated `.rspec` file contains `--require spec_helper` which will cause
4
+ # this file to always be loaded, without a need to explicitly require it in any
5
+ # files.
6
+
2
7
  require 'logger'
3
8
  require File.expand_path(File.dirname(__FILE__) + "/../lib/tuersteher")
4
9
 
5
10
  # Logger auf stdout stellen
6
11
  Tuersteher::TLogger.logger = Logger.new(STDOUT)
7
12
  Tuersteher::TLogger.logger.level = Logger::ERROR
13
+
14
+
15
+ # Given that it is always loaded, you are encouraged to keep this file as
16
+ # light-weight as possible. Requiring heavyweight dependencies from this file
17
+ # will add to the boot time of your test suite on EVERY test run, even for an
18
+ # individual file that may not need all of that loaded. Instead, consider making
19
+ # a separate helper file that requires the additional dependencies and performs
20
+ # the additional setup, and require it from the spec files that actually need
21
+ # it.
22
+ #
23
+ # See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
24
+ RSpec.configure do |config|
25
+ # rspec-expectations config goes here. You can use an alternate
26
+ # assertion/expectation library such as wrong or the stdlib/minitest
27
+ # assertions if you prefer.
28
+ config.expect_with :rspec do |expectations|
29
+ # This option will default to `true` in RSpec 4. It makes the `description`
30
+ # and `failure_message` of custom matchers include text for helper methods
31
+ # defined using `chain`, e.g.:
32
+ # be_bigger_than(2).and_smaller_than(4).description
33
+ # # => "be bigger than 2 and smaller than 4"
34
+ # ...rather than:
35
+ # # => "be bigger than 2"
36
+ expectations.include_chain_clauses_in_custom_matcher_descriptions = true
37
+ end
38
+
39
+ # rspec-mocks config goes here. You can use an alternate test double
40
+ # library (such as bogus or mocha) by changing the `mock_with` option here.
41
+ config.mock_with :rspec do |mocks|
42
+ # Prevents you from mocking or stubbing a method that does not exist on
43
+ # a real object. This is generally recommended, and will default to
44
+ # `true` in RSpec 4.
45
+ mocks.verify_partial_doubles = true
46
+ end
47
+
48
+ # This option will default to `:apply_to_host_groups` in RSpec 4 (and will
49
+ # have no way to turn it off -- the option exists only for backwards
50
+ # compatibility in RSpec 3). It causes shared context metadata to be
51
+ # inherited by the metadata hash of host groups and examples, rather than
52
+ # triggering implicit auto-inclusion in groups with matching metadata.
53
+ config.shared_context_metadata_behavior = :apply_to_host_groups
54
+
55
+ # The settings below are suggested to provide a good initial experience
56
+ # with RSpec, but feel free to customize to your heart's content.
57
+ =begin
58
+ # This allows you to limit a spec run to individual examples or groups
59
+ # you care about by tagging them with `:focus` metadata. When nothing
60
+ # is tagged with `:focus`, all examples get run. RSpec also provides
61
+ # aliases for `it`, `describe`, and `context` that include `:focus`
62
+ # metadata: `fit`, `fdescribe` and `fcontext`, respectively.
63
+ config.filter_run_when_matching :focus
64
+
65
+ # Allows RSpec to persist some state between runs in order to support
66
+ # the `--only-failures` and `--next-failure` CLI options. We recommend
67
+ # you configure your source control system to ignore this file.
68
+ config.example_status_persistence_file_path = "spec/examples.txt"
69
+
70
+ # Limits the available syntax to the non-monkey patched syntax that is
71
+ # recommended. For more details, see:
72
+ # - http://rspec.info/blog/2012/06/rspecs-new-expectation-syntax/
73
+ # - http://www.teaisaweso.me/blog/2013/05/27/rspecs-new-message-expectation-syntax/
74
+ # - http://rspec.info/blog/2014/05/notable-changes-in-rspec-3/#zero-monkey-patching-mode
75
+ config.disable_monkey_patching!
76
+
77
+ # This setting enables warnings. It's recommended, but in some cases may
78
+ # be too noisy due to issues in dependencies.
79
+ config.warnings = true
80
+
81
+ # Many RSpec users commonly either run the entire suite or an individual
82
+ # file, and it's useful to allow more verbose output when running an
83
+ # individual spec file.
84
+ if config.files_to_run.one?
85
+ # Use the documentation formatter for detailed output,
86
+ # unless a formatter has already been configured
87
+ # (e.g. via a command-line flag).
88
+ config.default_formatter = "doc"
89
+ end
90
+
91
+ # Print the 10 slowest examples and example groups at the
92
+ # end of the spec run, to help surface which specs are running
93
+ # particularly slow.
94
+ config.profile_examples = 10
95
+
96
+ # Run specs in random order to surface order dependencies. If you find an
97
+ # order dependency and want to debug it, you can fix the order by providing
98
+ # the seed, which is printed after each run.
99
+ # --seed 1234
100
+ config.order = :random
101
+
102
+ # Seed global randomization in this process using the `--seed` CLI option.
103
+ # Setting this allows you to use `--seed` to deterministically reproduce
104
+ # test failures related to randomization by passing the same `--seed` value
105
+ # as the one that triggered the failure.
106
+ Kernel.srand config.seed
107
+ =end
108
+ end
data/tuersteher.gemspec CHANGED
@@ -3,8 +3,8 @@ $:.push File.expand_path("../lib", __FILE__)
3
3
 
4
4
  Gem::Specification.new do |s|
5
5
  s.name = 'tuersteher'
6
- s.version = '1.0.1'
7
- s.authors = ["Bernd Ledig"]
6
+ s.version = '1.0.2'
7
+ s.authors = ["Bernd Ledig","BerndL"]
8
8
  s.email = ["bernd@ledig.info","bernd.ledig@ottogroup.com"]
9
9
  s.homepage = "https://gitlab.com/bledig/tuersteher"
10
10
  s.summary = "Access-Handling for Rails-Apps"
@@ -25,7 +25,7 @@ Gem::Specification.new do |s|
25
25
  #s.add_runtime_dependency "i18n"
26
26
 
27
27
  s.add_development_dependency "rake", '~> 10.5'
28
- s.add_development_dependency "rspec", '~> 2.14'
28
+ s.add_development_dependency "rspec", '~> 3.8'
29
29
 
30
30
  end
31
31
 
metadata CHANGED
@@ -1,10 +1,11 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tuersteher
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bernd Ledig
8
+ - BerndL
8
9
  autorequire:
9
10
  bindir: bin
10
11
  cert_chain: []
@@ -30,14 +31,14 @@ dependencies:
30
31
  requirements:
31
32
  - - "~>"
32
33
  - !ruby/object:Gem::Version
33
- version: '2.14'
34
+ version: '3.8'
34
35
  type: :development
35
36
  prerelease: false
36
37
  version_requirements: !ruby/object:Gem::Requirement
37
38
  requirements:
38
39
  - - "~>"
39
40
  - !ruby/object:Gem::Version
40
- version: '2.14'
41
+ version: '3.8'
41
42
  description: " Security-Layer for Rails-Application acts like a firewall.\n"
42
43
  email:
43
44
  - bernd@ledig.info
@@ -48,6 +49,8 @@ extra_rdoc_files:
48
49
  - README.rdoc
49
50
  files:
50
51
  - ".gitignore"
52
+ - ".rspec"
53
+ - ".ruby-version"
51
54
  - Gemfile
52
55
  - README.rdoc
53
56
  - Rakefile
@@ -56,12 +59,11 @@ files:
56
59
  - license.txt
57
60
  - samples/access_rules.rb
58
61
  - samples/application_controller.rb
59
- - spec/acces_rules_storage_spec.rb
60
62
  - spec/access_rules_spec.rb
63
+ - spec/access_rules_storage_spec.rb
61
64
  - spec/model_access_rule_spec.rb
62
65
  - spec/model_extensions_spec.rb
63
66
  - spec/path_access_rule_spec.rb
64
- - spec/spec.opts
65
67
  - spec/spec_helper.rb
66
68
  - tuersteher.gemspec
67
69
  homepage: https://gitlab.com/bledig/tuersteher
data/spec/spec.opts DELETED
@@ -1,5 +0,0 @@
1
- --colour
2
- --format
3
- progress
4
- --loadby
5
- mtime