vigilante 1.0.0

data/spec/dummy/public/javascripts/rails.js

@@ -0,0 +1,175 @@
+(function() {
+  // Technique from Juriy Zaytsev
+  // http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
+  function isEventSupported(eventName) {
+    var el = document.createElement('div');
+    eventName = 'on' + eventName;
+    var isSupported = (eventName in el);
+    if (!isSupported) {
+      el.setAttribute(eventName, 'return;');
+      isSupported = typeof el[eventName] == 'function';
+    }
+    el = null;
+    return isSupported;
+  }
+
+  function isForm(element) {
+    return Object.isElement(element) && element.nodeName.toUpperCase() == 'FORM'
+  }
+
+  function isInput(element) {
+    if (Object.isElement(element)) {
+      var name = element.nodeName.toUpperCase()
+      return name == 'INPUT' || name == 'SELECT' || name == 'TEXTAREA'
+    }
+    else return false
+  }
+
+  var submitBubbles = isEventSupported('submit'),
+      changeBubbles = isEventSupported('change')
+
+  if (!submitBubbles || !changeBubbles) {
+    // augment the Event.Handler class to observe custom events when needed
+    Event.Handler.prototype.initialize = Event.Handler.prototype.initialize.wrap(
+      function(init, element, eventName, selector, callback) {
+        init(element, eventName, selector, callback)
+        // is the handler being attached to an element that doesn't support this event?
+        if ( (!submitBubbles && this.eventName == 'submit' && !isForm(this.element)) ||
+             (!changeBubbles && this.eventName == 'change' && !isInput(this.element)) ) {
+          // "submit" => "emulated:submit"
+          this.eventName = 'emulated:' + this.eventName
+        }
+      }
+    )
+  }
+
+  if (!submitBubbles) {
+    // discover forms on the page by observing focus events which always bubble
+    document.on('focusin', 'form', function(focusEvent, form) {
+      // special handler for the real "submit" event (one-time operation)
+      if (!form.retrieve('emulated:submit')) {
+        form.on('submit', function(submitEvent) {
+          var emulated = form.fire('emulated:submit', submitEvent, true)
+          // if custom event received preventDefault, cancel the real one too
+          if (emulated.returnValue === false) submitEvent.preventDefault()
+        })
+        form.store('emulated:submit', true)
+      }
+    })
+  }
+
+  if (!changeBubbles) {
+    // discover form inputs on the page
+    document.on('focusin', 'input, select, texarea', function(focusEvent, input) {
+      // special handler for real "change" events
+      if (!input.retrieve('emulated:change')) {
+        input.on('change', function(changeEvent) {
+          input.fire('emulated:change', changeEvent, true)
+        })
+        input.store('emulated:change', true)
+      }
+    })
+  }
+
+  function handleRemote(element) {
+    var method, url, params;
+
+    var event = element.fire("ajax:before");
+    if (event.stopped) return false;
+
+    if (element.tagName.toLowerCase() === 'form') {
+      method = element.readAttribute('method') || 'post';
+      url    = element.readAttribute('action');
+      params = element.serialize();
+    } else {
+      method = element.readAttribute('data-method') || 'get';
+      url    = element.readAttribute('href');
+      params = {};
+    }
+
+    new Ajax.Request(url, {
+      method: method,
+      parameters: params,
+      evalScripts: true,
+
+      onComplete:    function(request) { element.fire("ajax:complete", request); },
+      onSuccess:     function(request) { element.fire("ajax:success",  request); },
+      onFailure:     function(request) { element.fire("ajax:failure",  request); }
+    });
+
+    element.fire("ajax:after");
+  }
+
+  function handleMethod(element) {
+    var method = element.readAttribute('data-method'),
+        url = element.readAttribute('href'),
+        csrf_param = $$('meta[name=csrf-param]')[0],
+        csrf_token = $$('meta[name=csrf-token]')[0];
+
+    var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
+    element.parentNode.insert(form);
+
+    if (method !== 'post') {
+      var field = new Element('input', { type: 'hidden', name: '_method', value: method });
+      form.insert(field);
+    }
+
+    if (csrf_param) {
+      var param = csrf_param.readAttribute('content'),
+          token = csrf_token.readAttribute('content'),
+          field = new Element('input', { type: 'hidden', name: param, value: token });
+      form.insert(field);
+    }
+
+    form.submit();
+  }
+
+
+  document.on("click", "*[data-confirm]", function(event, element) {
+    var message = element.readAttribute('data-confirm');
+    if (!confirm(message)) event.stop();
+  });
+
+  document.on("click", "a[data-remote]", function(event, element) {
+    if (event.stopped) return;
+    handleRemote(element);
+    event.stop();
+  });
+
+  document.on("click", "a[data-method]", function(event, element) {
+    if (event.stopped) return;
+    handleMethod(element);
+    event.stop();
+  });
+
+  document.on("submit", function(event) {
+    var element = event.findElement(),
+        message = element.readAttribute('data-confirm');
+    if (message && !confirm(message)) {
+      event.stop();
+      return false;
+    }
+
+    var inputs = element.select("input[type=submit][data-disable-with]");
+    inputs.each(function(input) {
+      input.disabled = true;
+      input.writeAttribute('data-original-value', input.value);
+      input.value = input.readAttribute('data-disable-with');
+    });
+
+    var element = event.findElement("form[data-remote]");
+    if (element) {
+      handleRemote(element);
+      event.stop();
+    }
+  });
+
+  document.on("ajax:after", "form", function(event, element) {
+    var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
+    inputs.each(function(input) {
+      input.value = input.readAttribute('data-original-value');
+      input.removeAttribute('data-original-value');
+      input.disabled = false;
+    });
+  });
+})();

data/spec/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/models/ability_permission_spec.rb

@@ -0,0 +1,6 @@
+require 'spec_helper.rb'
+
+describe AbilityPermission do
+  it {should belong_to :ability}
+  it {should belong_to :permission}
+end

data/spec/models/ability_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper.rb'
+
+describe Ability do
+  it {should have_many :ability_permissions}
+  it {should have_many :permissions}
+
+  describe "that need extent" do
+    before (:each) do
+      @ab_with    = Ability.create(:name => "test_with",    :needs_extent => true)
+      @ab_without = Ability.create(:name => "test_without", :needs_extent => false)
+    end
+    it "should include with neeD_extent flag" do
+      Ability.that_need_extent.should include(@ab_with)
+    end
+
+    it "should not include abilities without need_extent flag" do
+      Ability.that_need_extent.should_not include(@ab_without)
+    end
+  end
+end

data/spec/models/author_spec.rb

@@ -0,0 +1,7 @@
+require 'spec_helper.rb'
+
+describe Author do
+  # an author has the line authorisations_handled_by_vigilante inside
+  it {should have_many :authorizations}  
+  it {should respond_to :permits}
+end

data/spec/models/authorization_extent_spec.rb

@@ -0,0 +1,94 @@
+require 'spec_helper.rb'
+
+# create some object that will serve as extent
+# --> we need an id method!
+class FakeExtentObject
+  attr_reader :id
+
+  def initialize()
+    @@id ||= 0
+    @@id += 1
+    @id = @@id
+  end
+end
+
+describe AuthorizationExtent do
+  it {should belong_to :authorization}
+
+  describe "extent helpers" do
+    before (:each) do
+      @extent_obj = FakeExtentObject.new
+      @auth = Authorization.create(:ability_id => Ability.first.id)
+      @auth_extent = @auth.authorization_extents.build
+      @auth_extent.set_extent(@extent_obj)
+      @auth_extent.save
+    end
+
+    describe "set extent" do
+
+      it("should set the type correctly") { @auth_extent.extent_type.should == @extent_obj.class.name }
+      it("should set the id correctly")   { @auth_extent.extent_objid.should == @extent_obj.id }
+
+    end
+
+    describe "match extent" do
+      before (:each) do
+        @other_extent = FakeExtentObject.new
+      end
+      it "should match the same object" do
+        @auth_extent.match_extent(@extent_obj).should be_true
+      end
+
+      it "should not match a different object" do
+        @auth_extent.match_extent(@other_extent).should be_false
+      end
+    end
+  end
+
+#  ## DPS specific code: this should me moved into DPS (out of plugin)
+#  # these are helpers that can retrieve or set the extent based on the Asp-label
+#  describe "Asp extent helpers" do
+#    describe "on existing object" do
+#      before(:each) do
+#        @auth_extent = AuthorizationExtent.create
+#        @auth_extent.save
+#        raise @auth_extent.errors unless @auth_extent.valid?
+#        @asp = Factory(:asp)
+#        @asp.save
+#        @auth_extent.extent = @asp.identifier
+#        @auth_extent.save
+#      end
+#      it "should set the extent" do
+#        @auth_extent.match_extent(@asp).should be_true
+#      end
+#
+#      it "should set the extent-objid" do
+#        @auth_extent.extent_objid.should == @asp.id
+#      end
+#      it "should set the extent-type" do
+#        @auth_extent.extent_type.should == @asp.class.name
+#      end
+#
+#      it "extent should be equal to the identifier" do
+#        @auth_extent.extent.should == @asp.identifier
+#      end
+#    end
+#
+#    describe "on unsaved object" do
+#      before(:each) do
+#        @auth_extent = AuthorizationExtent.new
+#        @asp = Factory(:asp)
+#        @auth_extent.extent = @asp.identifier
+#      end
+#      it "should set the extent" do
+#        @auth_extent.match_extent(@asp).should be_true
+#      end
+#      it "extent should be equal to the identifier" do
+#        @auth_extent.extent.should == @asp.identifier
+#      end
+#      it "should not be saved" do
+#        @auth_extent.should be_new_record
+#      end
+#    end
+#  end
+end

data/spec/models/authorization_spec.rb

@@ -0,0 +1,104 @@
+require 'spec_helper.rb'
+
+# create some object that will serve as extent
+# --> we need an id method!
+class FakeExtentObject
+  attr_reader :id
+
+  def initialize()
+    @@id ||= 0
+    @@id += 1
+    @id = @@id
+  end
+end
+
+
+describe Authorization do
+  it {should belong_to :operator, :class_name => ::VIGILANTE_CONFIG['current_user_class']}
+  it {should belong_to :ability}
+  it {should have_many :authorization_extents}
+
+  # !!! TO DO: we need to use remarkable to be able to easily test for :accepts_nested_attributes_for
+  #            shoulda does not offer the same level of matchers ... time to switch?
+  #it {should_accept_nested_attributes_for :authorization_extents}
+
+  describe "extent helper methods" do
+    before (:each) do
+      @auth_with = Authorization.create(:ability_id => Ability.first.id)
+      @auth_extent = @auth_with.authorization_extents.build()
+      @extent = FakeExtentObject.new
+      @auth_extent.set_extent(@extent)
+      @auth_extent.save
+
+      @auth_without =Authorization.create(:ability_id => Ability.first.id)
+    end
+
+    describe "has_extent?" do
+      it "returns false if there is no extent" do
+        # which is most readable?
+        @auth_without.should_not be_has_extent
+        @auth_without.has_extent?.should be_false
+      end
+      it "returns true if there is extent" do
+        @auth_with.should be_has_extent
+        @auth_with.has_extent?.should be_true
+      end
+    end
+
+    describe "match_extent" do
+      describe "without extent" do
+        it "should match nil" do
+          @auth_without.match_extent(nil).should be_true
+        end
+
+        it "should not match any other object" do
+          @auth_without.match_extent(@extent).should be_false
+        end
+      end
+
+      describe "with extent" do
+        it "should not match nil" do
+          @auth_with.match_extent(nil).should be_false
+        end
+
+        it "should match the extent object" do
+          @auth_with.match_extent(@extent).should be_true
+        end
+
+        it "should not match any other object" do
+          @auth_with.match_extent(FakeExtentObject.new).should be_false
+        end
+
+      end
+    end
+
+    describe "add extent" do
+      describe "a real extent" do
+        before(:each) do
+          @other_extent = FakeExtentObject.new
+          @auth_with.add_extent(@other_extent)
+        end
+        it "should have 2 extents" do
+          @auth_with.authorization_extents.count.should == 2
+        end
+        it "should match both extents" do
+          @auth_with.match_extent(@extent).should be_true
+          @auth_with.match_extent(@other_extent).should be_true
+        end
+      end
+      describe "a nil extent" do
+        before(:each) do
+          @auth_with.add_extent(nil)
+        end
+        it "should still have 1 extents" do
+          @auth_with.authorization_extents.count.should == 1
+        end
+        it "should match both extents" do
+          @auth_with.match_extent(@extent).should be_true
+          @auth_with.match_extent(nil).should be_false
+        end
+      end
+    end
+  end
+
+end

data/spec/models/permission_hash_spec.rb

@@ -0,0 +1,162 @@
+require 'spec_helper.rb'
+
+describe PermissionHash do
+
+  context "initializer" do
+    it "should have a good default" do
+      pp = PermissionHash.new
+      pp.keys.count.should == 1
+      pp['*']['homepage'].should == PermissionHash::DEFAULT_PERMISSIONS['*']['homepage']
+    end
+
+    it "should use the given hash as a start" do
+      sample_hash = {}
+      sample_hash['1'] = {'asps[index, show' => 1}
+      pp = PermissionHash.new(sample_hash)
+      pp.keys.count.should == 1
+      pp['1'].should == sample_hash['1']
+    end
+  end
+
+  context "is_allowed_by_context" do
+    context "default permissions" do
+      before (:each) do
+        @ph = PermissionHash.new
+      end
+      it "can visit the homepage" do
+        @ph.is_allowed_by_context('homepage', :index, nil).should be_true
+      end
+      it "can visit the homepage (alternative notation)" do
+        @ph.is_allowed_by_context('/', :index, nil).should be_true
+      end
+      it "can visit the homepage in a random context" do
+        @ph.is_allowed_by_context('homepage', :index, ['1', '34','69']).should be_true
+      end
+      it "can visit the homepage show page" do
+        @ph.is_allowed_by_context('/', :show, nil).should be_true
+      end
+      it "cannot visit any homepage edit" do
+        @ph.is_allowed_by_context('/', :edit, nil).should be_false
+      end
+      it "can not visit any other page" do
+        @ph.is_allowed_by_context('something_else', :show, nil).should be_false
+      end
+    end
+
+    context "special permissions, global and specific" do
+      before (:each) do
+        @ph = PermissionHash.new()
+        @ph.add '1', 'posts', [:index, :show]
+        @ph.add '1', 'homepage', [:index]
+        @ph.add '2', 'comments', [:index, :show, :edit]
+      end
+
+      it "can visit the homepage" do
+        @ph.is_allowed_by_context('homepage', :index, nil).should be_true
+      end
+      it "can visit the homepage in an unknown context" do
+        @ph.is_allowed_by_context('homepage', :index, ['69']).should be_true
+      end
+      it "can visit the homepage in a context with the correct right" do
+        @ph.is_allowed_by_context('homepage', :index, ['1']).should be_true
+      end
+      it "cannot visit the homepage in a known context without homepage rights" do
+        @ph.is_allowed_by_context('homepage', :index, ['2']).should be_false
+      end
+      it "can visit posts index in context 1" do
+        @ph.is_allowed_by_context('posts', :index, ['1']).should be_true
+      end
+      it "cannot visit posts index without context" do
+        @ph.is_allowed_by_context('posts', :index, nil).should be_false
+      end
+
+      context "get_extent_of" do
+        it "of posts index should be correct" do
+          @ph.get_extent_of('posts', "index").should == ['1']
+        end
+        it "of comments index should be correct" do
+          @ph.get_extent_of('comments', :index).should == ['2']
+        end
+        it "of homepage index should be correct" do
+          @ph.get_extent_of('/', :index).should =~ ['1', '*']
+        end
+      end
+
+      it "is not global a permission hash (or: we have extents)" do
+        @ph.is_global?.should be_false
+      end
+    end
+  end
+
+  context "add a permission" do
+    before (:each) do
+      @ph = PermissionHash.new
+    end
+
+    context "on index" do
+      before (:each) do
+        @ph.add '1', 'asps', [:index]
+      end
+
+      it "should be added to the hash" do
+        expected_result = HashWithIndifferentAccess.new(PermissionHash::DEFAULT_PERMISSIONS).merge("1"=>{"asps"=>{"index"=>1}})
+        @ph.should == expected_result
+      end
+
+      it "should now be allowed" do
+        @ph.is_allowed_by_context('asps', :index, ['1']).should be_true
+      end
+    end
+
+    context "on new" do
+      before (:each) do
+        @ph.add '1', 'asps', [:new]
+      end
+      it "should now be allowed" do
+        @ph.is_allowed_by_context('asps', :new, ['1']).should be_true
+      end
+      it "and create should now be allowed" do
+        @ph.is_allowed_by_context('asps', :create, ['1']).should be_true
+      end
+    end
+
+    context "on edit" do
+      before (:each) do
+        @ph.add '1', 'asps', [:edit]
+      end
+      it "should now be allowed" do
+        @ph.is_allowed_by_context('asps', :edit, ['1']).should be_true
+      end
+      it "and create should now be allowed" do
+        @ph.is_allowed_by_context('asps', :update, ['1']).should be_true
+      end
+    end
+  end
+
+  context "is_global?" do
+    context "with global permissions" do
+      before (:each) do
+        @ph = PermissionHash.new
+      end
+      it "returns true" do
+        @ph.is_global?.should be_true
+      end
+      it "returns true (alternative notation)" do
+        @ph.are_only_global?.should be_true
+      end
+    end
+    context "with global permissions" do
+      before (:each) do
+        @ph = PermissionHash.new
+        @ph.add '1', 'posts', [:index, :show, :edit, :new]
+      end
+      it "returns true" do
+        @ph.is_global?.should be_false
+      end
+      it "returns true (alternative notation)" do
+        @ph.are_only_global?.should be_false
+      end
+    end
+  end
+
+end

data/spec/models/permission_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper.rb'
+
+describe Permission do
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,49 @@
+# Configure Rails Envinronment
+ENV["RAILS_ENV"] = "test"
+
+require File.expand_path("../dummy/config/environment.rb",  __FILE__)
+require "rspec/rails"
+require 'remarkable/active_record'
+
+#Rails.backtrace_cleaner.remove_silencers!
+#
+### Configure capybara for integration testing
+##require "capybara/rails"
+##Capybara.default_driver   = :rack_test
+##Capybara.default_selector = :css
+#
+
+# Run any available migration
+ActiveRecord::Migrator.migrate File.expand_path("../dummy/db/migrate/", __FILE__)
+
+# Load support files
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
+
+RSpec.configure do |config|
+  # == Mock Framework
+  #
+  # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
+  #
+  # config.mock_with :mocha
+  # config.mock_with :flexmock
+  # config.mock_with :rr
+  config.mock_with :rspec
+
+  # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
+  config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+  # If you're not using ActiveRecord, or you'd prefer not to run each of your
+  # examples within a transaction, remove the following line or assign false
+  # instead of true.
+  config.use_transactional_fixtures = true
+
+  config.before(:all) do
+    seed_file = File.join(Rails.root, 'db', 'seeds.rb')
+    load(seed_file)
+  end
+end

data/spec/vigilante_spec.rb

@@ -0,0 +1,5 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+describe "Vigilante" do
+  it "should have a pending spec"
+end