uhees-declarative_authorization 0.3.1 → 0.3.2.2.1

data/test/controller_test.rb

@@ -2,12 +2,11 @@ require File.join(File.dirname(__FILE__), 'test_helper.rb')
 
 
 class LoadMockObject < MockDataObject
-  def self.find(*args)
-    new :id => args[0]
+  def self.name
+    "LoadMockObject"
   end
 end
 
-
 ##################
 class SpecificMocksController < MocksController
   filter_access_to :test_action, :require => :test, :context => :permissions
@@ -26,7 +25,6 @@ end
 class BasicControllerTest < ActionController::TestCase
   tests SpecificMocksController
   
-  
   def test_filter_access_to_receiving_an_explicit_array
     reader = Authorization::Reader::DSLReader.new
 
@@ -129,9 +127,6 @@ class BasicControllerTest < ActionController::TestCase
     }
     request!(MockUser.new(:test_role), "new", reader)
     assert @controller.authorized?
-    
-    request!(MockUser.new(:test_role), "edit_2", reader)
-    assert !@controller.authorized?
   end
   
   def test_existing_instance_var_remains_unchanged
@@ -243,6 +238,23 @@ class LoadObjectControllerTest < ActionController::TestCase
     assert @controller.authorized?
     assert @controller.instance_variable_defined?(:@load_mock_object)
   end
+
+  def test_filter_access_object_load_without_param
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :load_mock_objects, :to => [:show, :edit] do
+            if_attribute :id => is {"1"}
+          end
+        end
+      end
+    }
+
+    assert_raise RuntimeError, "No id param supplied" do
+      request!(MockUser.new(:test_role), "show", reader)
+    end
+  end
   
   def test_filter_access_with_object_load_custom
     reader = Authorization::Reader::DSLReader.new
@@ -415,4 +427,3 @@ class NamespacedControllerTest < ActionController::TestCase
     assert @controller.authorized?
   end
 end
-

data/test/maintenance_test.rb

@@ -2,6 +2,7 @@ require File.join(File.dirname(__FILE__), 'test_helper.rb')
 require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization maintenance})
 
 class MaintenanceTest < Test::Unit::TestCase
+  include Authorization::TestHelper
 
   def test_usages_by_controllers
     usage_test_controller = Class.new(ActionController::Base)
@@ -25,6 +26,10 @@ class MaintenanceTest < Test::Unit::TestCase
     assert !engine.permit?(:test_2, :context => :permissions,
         :user => MockUser.new(:test_role))
     Authorization::Maintenance::without_access_control do
+      assert engine.permit!(:test_2, :context => :permissions,
+          :user => MockUser.new(:test_role))
+    end
+    without_access_control do
       assert engine.permit?(:test_2, :context => :permissions,
           :user => MockUser.new(:test_role))
     end

data/test/model_test.rb

@@ -28,6 +28,8 @@ class TestModel < ActiveRecord::Base
   has_and_belongs_to_many :test_attr_throughs_habtm, :join_table => :test_attrs,
       :class_name => "TestAttrThrough"
 
+  named_scope :with_content, :conditions => "test_models.content IS NOT NULL"
+
   # Primary key test
   # take this out for Rails prior to 2.2
   if ([Rails::VERSION::MAJOR, Rails::VERSION::MINOR] <=> [2, 2]) > -1
@@ -84,6 +86,11 @@ class Company < ActiveRecord::Base
   has_many :branches
   belongs_to :country
 end
+class SmallCompany < Company
+  def self.decl_auth_context
+    :companies
+  end
+end
 class Country < ActiveRecord::Base
   has_many :test_models
   has_many :companies
@@ -168,6 +175,74 @@ class ModelTest < Test::Unit::TestCase
     TestModel.delete_all
   end
 
+  def test_named_scope_on_proxy
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :test_attrs, :to => :read do
+            if_attribute :id => is { user.test_attr_value }
+          end
+        end
+      end
+    }
+    Authorization::Engine.instance(reader)
+
+    test_model_1 = TestModel.create!
+    test_attr_1 = test_model_1.test_attrs.create!
+    test_model_1.test_attrs.create!
+    TestAttr.create!
+
+    user = MockUser.new(:test_role, :test_attr_value => test_attr_1.id)
+    assert_equal 1, test_model_1.test_attrs.with_permissions_to(:read, :user => user).length
+    TestModel.delete_all
+    TestAttr.delete_all
+  end
+
+  def test_named_scope_on_named_scope
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :test_models, :to => :read do
+            if_attribute :country_id => 1
+          end
+        end
+      end
+    }
+    Authorization::Engine.instance(reader)
+
+    TestModel.create!(:country_id => 1, :content => "Content")
+    TestModel.create!(:country_id => 1)
+    TestModel.create!(:country_id => 2, :content => "Content")
+
+    user = MockUser.new(:test_role)
+    assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
+    assert_equal 1, TestModel.with_content.with_permissions_to(:read, :user => user).length
+    TestModel.delete_all
+  end
+
+  def test_named_scope_with_modified_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :companies, :to => :read do
+            if_attribute :id => is { user.test_company_id }
+          end
+        end
+      end
+    }
+    Authorization::Engine.instance(reader)
+
+    test_company = SmallCompany.create!
+
+    user = MockUser.new(:test_role, :test_company_id => test_company.id)
+    assert_equal 1, SmallCompany.with_permissions_to(:read,
+      :user => user).length
+    SmallCompany.delete_all
+  end
+
   def test_named_scope_with_is_nil
     reader = Authorization::Reader::DSLReader.new
     reader.parse %{
@@ -1168,4 +1243,66 @@ class ModelTest < Test::Unit::TestCase
     TestModel.delete_all
     TestAttr.delete_all
   end
+
+  def test_model_permitted_to
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :companies, :to => :read do
+            if_attribute :name => "company_1"
+          end
+        end
+      end
+    }
+    Authorization::Engine.instance(reader)
+
+    user = MockUser.new(:test_role)
+    allowed_read_company = Company.new(:name => 'company_1')
+    prohibited_company = Company.new(:name => 'company_2')
+
+    assert allowed_read_company.permitted_to?(:read, :user => user)
+    assert !allowed_read_company.permitted_to?(:update, :user => user)
+    assert !prohibited_company.permitted_to?(:read, :user => user)
+
+    executed_block = false
+    allowed_read_company.permitted_to?(:read, :user => user) do
+      executed_block = true
+    end
+    assert executed_block
+
+    executed_block = false
+    prohibited_company.permitted_to?(:read, :user => user) do
+      executed_block = true
+    end
+    assert !executed_block
+
+    assert_nothing_raised do
+      allowed_read_company.permitted_to!(:read, :user => user)
+    end
+    assert_raise Authorization::NotAuthorized do
+      prohibited_company.permitted_to!(:update, :user => user)
+    end
+    assert_raise Authorization::AttributeAuthorizationError do
+      prohibited_company.permitted_to!(:read, :user => user)
+    end
+  end
+
+  def test_model_permitted_to_with_modified_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :companies, :to => :read
+        end
+      end
+    }
+    Authorization::Engine.instance(reader)
+
+    user = MockUser.new(:test_role)
+    allowed_read_company = SmallCompany.new(:name => 'small_company_1')
+
+    assert allowed_read_company.permitted_to?(:read, :user => user)
+    assert !allowed_read_company.permitted_to?(:update, :user => user)
+  end
 end

data/test/schema.sql

@@ -44,6 +44,7 @@ CREATE TABLE 'branches' (
 CREATE TABLE 'companies' (
   'id' INTEGER PRIMARY KEY NOT NULL,
   'country_id' integer,
+  'type' text,
   'name' text
 );
 

data/test/test_helper.rb

@@ -34,12 +34,21 @@ class MockDataObject
     end
   end
   
-  def descends_from_active_record?
+  def self.descends_from_active_record?
     true
   end
-  
+
   def self.table_name
-    "mocks"
+    name.tableize
+  end
+
+  def self.name
+    "Mock"
+  end
+  
+  def self.find(*args)
+    raise "Couldn't find #{self.name} with id #{args[0].inspect}" unless args[0]
+    new :id => args[0]
   end
 end
 
@@ -70,6 +79,10 @@ class MocksController < ActionController::Base
       end
     end
   end
+
+  def self.define_resource_actions
+    define_action_methods :index, :show, :edit, :update, :new, :create, :destroy
+  end
   
   def logger (*args)
     Class.new do 
@@ -77,8 +90,10 @@ class MocksController < ActionController::Base
         #p args
       end
       alias_method :info, :warn
+      alias_method :debug, :warn
       def warn?; end
       alias_method :info?, :warn?
+      alias_method :debug?, :warn?
     end.new
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: uhees-declarative_authorization
 version: !ruby/object:Gem::Version 
-  version: 0.3.1
+  version: 0.3.2.2.1
 platform: ruby
 authors: 
 - Steffen Bartsch
@@ -28,8 +28,9 @@ executables: []
 
 extensions: []
 
-extra_rdoc_files: []
-
+extra_rdoc_files: 
+- README.rdoc
+- CHANGELOG
 files: 
 - CHANGELOG
 - MIT-LICENSE
@@ -43,7 +44,6 @@ files:
 - app/helpers/authorization_rules_helper.rb
 - app/views/authorization_rules/_change.erb
 - app/views/authorization_rules/_show_graph.erb
-- app/views/authorization_rules/_suggestion.erb
 - app/views/authorization_rules/_suggestions.erb
 - app/views/authorization_rules/change.html.erb
 - app/views/authorization_rules/graph.dot.erb
@@ -65,6 +65,7 @@ files:
 - lib/declarative_authorization/rails_legacy.rb
 - lib/declarative_authorization/reader.rb
 - test/authorization_test.rb
+- test/controller_filter_resource_access_test.rb
 - test/controller_test.rb
 - test/development_support
 - test/dsl_reader_test.rb

data/app/views/authorization_rules/_suggestion.erb

@@ -1,9 +0,0 @@
-<ul>
-  <% suggestion.changes.each do |action| %>
-    <% (action.to_a[0].is_a?(Enumerable) ? action.to_a : [action.to_a]).each do |step| %>
-      <li>
-        <%= describe_step(step.to_a, :with_removal => true) %>
-      </li>
-    <% end %>
-  <% end %>
-</ul>