vigilante 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/.travis.yml +5 -0
- data/Gemfile +27 -0
- data/Gemfile.lock +107 -0
- data/History.md +7 -0
- data/MIT-LICENSE +20 -0
- data/README.markdown +109 -0
- data/Rakefile +48 -0
- data/VERSION +1 -0
- data/app/controllers/abilities_controller.rb +18 -0
- data/app/models/ability.rb +6 -0
- data/app/models/ability_permission.rb +4 -0
- data/app/models/authorization.rb +34 -0
- data/app/models/authorization_extent.rb +34 -0
- data/app/models/permission.rb +2 -0
- data/app/models/permission_hash.rb +131 -0
- data/app/views/abilities/index.html.haml +15 -0
- data/app/views/abilities/show.html.haml +71 -0
- data/lib/config/vigilante_config.yml +19 -0
- data/lib/db/migrate/20101028091755_create_permissions.rb +13 -0
- data/lib/db/migrate/20101028091859_create_abilities.rb +14 -0
- data/lib/db/migrate/20101028091927_create_ability_permissions.rb +14 -0
- data/lib/db/migrate/20101028092014_create_authorizations.rb +16 -0
- data/lib/db/migrate/20101124131334_add_extent_flag_to_ability.rb +9 -0
- data/lib/db/migrate/20101129084538_add_authorization_extent.rb +15 -0
- data/lib/db/migrate/20101129084620_remove_extent_from_authorization.rb +11 -0
- data/lib/generators/vigilante/install/install_generator.rb +104 -0
- data/lib/generators/vigilante/install/templates/create_abilities.rb +14 -0
- data/lib/generators/vigilante/install/templates/create_ability_permissions.rb +14 -0
- data/lib/generators/vigilante/install/templates/create_authorization_extents.rb +15 -0
- data/lib/generators/vigilante/install/templates/create_authorizations.rb +13 -0
- data/lib/generators/vigilante/install/templates/create_permissions.rb +13 -0
- data/lib/generators/vigilante/install/templates/watchman_config.yml +19 -0
- data/lib/vigilante/active_record_extensions.rb +33 -0
- data/lib/vigilante/authorization.rb +169 -0
- data/lib/vigilante/controller_extension.rb +34 -0
- data/lib/vigilante/finder_helper.rb +24 -0
- data/lib/vigilante/watched_operator.rb +149 -0
- data/lib/vigilante.rb +47 -0
- data/spec/controllers/application_controller_spec.rb +8 -0
- data/spec/controllers/blogs_controller_spec.rb +8 -0
- data/spec/dummy/Rakefile +7 -0
- data/spec/dummy/app/controllers/application_controller.rb +5 -0
- data/spec/dummy/app/controllers/blogs_controller.rb +6 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/author.rb +3 -0
- data/spec/dummy/app/models/blog.rb +3 -0
- data/spec/dummy/app/models/post.rb +3 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/config/application.rb +45 -0
- data/spec/dummy/config/boot.rb +10 -0
- data/spec/dummy/config/database.yml +22 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +26 -0
- data/spec/dummy/config/environments/production.rb +49 -0
- data/spec/dummy/config/environments/test.rb +35 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/inflections.rb +10 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +7 -0
- data/spec/dummy/config/initializers/session_store.rb +8 -0
- data/spec/dummy/config/locales/en.yml +5 -0
- data/spec/dummy/config/routes.rb +58 -0
- data/spec/dummy/config/vigilante_config.yml +18 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/db/migrate/20101028091755_create_permissions.rb +13 -0
- data/spec/dummy/db/migrate/20101028091859_create_abilities.rb +14 -0
- data/spec/dummy/db/migrate/20101028091927_create_ability_permissions.rb +14 -0
- data/spec/dummy/db/migrate/20101028092014_create_authorizations.rb +16 -0
- data/spec/dummy/db/migrate/20101124131334_add_extent_flag_to_ability.rb +9 -0
- data/spec/dummy/db/migrate/20101129084538_add_authorization_extent.rb +15 -0
- data/spec/dummy/db/migrate/20101129084620_remove_extent_from_authorization.rb +11 -0
- data/spec/dummy/db/migrate/20110118120344_create_blogs.rb +14 -0
- data/spec/dummy/db/migrate/20110118120421_create_posts.rb +16 -0
- data/spec/dummy/db/migrate/20110118120448_create_authors.rb +15 -0
- data/spec/dummy/db/schema.rb +75 -0
- data/spec/dummy/db/seeds/initial_watchman_permissions.rb +37 -0
- data/spec/dummy/db/seeds.rb +6 -0
- data/spec/dummy/public/404.html +26 -0
- data/spec/dummy/public/422.html +26 -0
- data/spec/dummy/public/500.html +26 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/dummy/public/javascripts/application.js +2 -0
- data/spec/dummy/public/javascripts/controls.js +965 -0
- data/spec/dummy/public/javascripts/dragdrop.js +974 -0
- data/spec/dummy/public/javascripts/effects.js +1123 -0
- data/spec/dummy/public/javascripts/prototype.js +6001 -0
- data/spec/dummy/public/javascripts/rails.js +175 -0
- data/spec/dummy/public/stylesheets/.gitkeep +0 -0
- data/spec/dummy/script/rails +6 -0
- data/spec/models/ability_permission_spec.rb +6 -0
- data/spec/models/ability_spec.rb +20 -0
- data/spec/models/author_spec.rb +7 -0
- data/spec/models/authorization_extent_spec.rb +94 -0
- data/spec/models/authorization_spec.rb +104 -0
- data/spec/models/permission_hash_spec.rb +162 -0
- data/spec/models/permission_spec.rb +5 -0
- data/spec/spec_helper.rb +49 -0
- data/spec/vigilante_spec.rb +5 -0
- metadata +236 -0
@@ -0,0 +1,175 @@
|
|
1
|
+
(function() {
|
2
|
+
// Technique from Juriy Zaytsev
|
3
|
+
// http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
|
4
|
+
function isEventSupported(eventName) {
|
5
|
+
var el = document.createElement('div');
|
6
|
+
eventName = 'on' + eventName;
|
7
|
+
var isSupported = (eventName in el);
|
8
|
+
if (!isSupported) {
|
9
|
+
el.setAttribute(eventName, 'return;');
|
10
|
+
isSupported = typeof el[eventName] == 'function';
|
11
|
+
}
|
12
|
+
el = null;
|
13
|
+
return isSupported;
|
14
|
+
}
|
15
|
+
|
16
|
+
function isForm(element) {
|
17
|
+
return Object.isElement(element) && element.nodeName.toUpperCase() == 'FORM'
|
18
|
+
}
|
19
|
+
|
20
|
+
function isInput(element) {
|
21
|
+
if (Object.isElement(element)) {
|
22
|
+
var name = element.nodeName.toUpperCase()
|
23
|
+
return name == 'INPUT' || name == 'SELECT' || name == 'TEXTAREA'
|
24
|
+
}
|
25
|
+
else return false
|
26
|
+
}
|
27
|
+
|
28
|
+
var submitBubbles = isEventSupported('submit'),
|
29
|
+
changeBubbles = isEventSupported('change')
|
30
|
+
|
31
|
+
if (!submitBubbles || !changeBubbles) {
|
32
|
+
// augment the Event.Handler class to observe custom events when needed
|
33
|
+
Event.Handler.prototype.initialize = Event.Handler.prototype.initialize.wrap(
|
34
|
+
function(init, element, eventName, selector, callback) {
|
35
|
+
init(element, eventName, selector, callback)
|
36
|
+
// is the handler being attached to an element that doesn't support this event?
|
37
|
+
if ( (!submitBubbles && this.eventName == 'submit' && !isForm(this.element)) ||
|
38
|
+
(!changeBubbles && this.eventName == 'change' && !isInput(this.element)) ) {
|
39
|
+
// "submit" => "emulated:submit"
|
40
|
+
this.eventName = 'emulated:' + this.eventName
|
41
|
+
}
|
42
|
+
}
|
43
|
+
)
|
44
|
+
}
|
45
|
+
|
46
|
+
if (!submitBubbles) {
|
47
|
+
// discover forms on the page by observing focus events which always bubble
|
48
|
+
document.on('focusin', 'form', function(focusEvent, form) {
|
49
|
+
// special handler for the real "submit" event (one-time operation)
|
50
|
+
if (!form.retrieve('emulated:submit')) {
|
51
|
+
form.on('submit', function(submitEvent) {
|
52
|
+
var emulated = form.fire('emulated:submit', submitEvent, true)
|
53
|
+
// if custom event received preventDefault, cancel the real one too
|
54
|
+
if (emulated.returnValue === false) submitEvent.preventDefault()
|
55
|
+
})
|
56
|
+
form.store('emulated:submit', true)
|
57
|
+
}
|
58
|
+
})
|
59
|
+
}
|
60
|
+
|
61
|
+
if (!changeBubbles) {
|
62
|
+
// discover form inputs on the page
|
63
|
+
document.on('focusin', 'input, select, texarea', function(focusEvent, input) {
|
64
|
+
// special handler for real "change" events
|
65
|
+
if (!input.retrieve('emulated:change')) {
|
66
|
+
input.on('change', function(changeEvent) {
|
67
|
+
input.fire('emulated:change', changeEvent, true)
|
68
|
+
})
|
69
|
+
input.store('emulated:change', true)
|
70
|
+
}
|
71
|
+
})
|
72
|
+
}
|
73
|
+
|
74
|
+
function handleRemote(element) {
|
75
|
+
var method, url, params;
|
76
|
+
|
77
|
+
var event = element.fire("ajax:before");
|
78
|
+
if (event.stopped) return false;
|
79
|
+
|
80
|
+
if (element.tagName.toLowerCase() === 'form') {
|
81
|
+
method = element.readAttribute('method') || 'post';
|
82
|
+
url = element.readAttribute('action');
|
83
|
+
params = element.serialize();
|
84
|
+
} else {
|
85
|
+
method = element.readAttribute('data-method') || 'get';
|
86
|
+
url = element.readAttribute('href');
|
87
|
+
params = {};
|
88
|
+
}
|
89
|
+
|
90
|
+
new Ajax.Request(url, {
|
91
|
+
method: method,
|
92
|
+
parameters: params,
|
93
|
+
evalScripts: true,
|
94
|
+
|
95
|
+
onComplete: function(request) { element.fire("ajax:complete", request); },
|
96
|
+
onSuccess: function(request) { element.fire("ajax:success", request); },
|
97
|
+
onFailure: function(request) { element.fire("ajax:failure", request); }
|
98
|
+
});
|
99
|
+
|
100
|
+
element.fire("ajax:after");
|
101
|
+
}
|
102
|
+
|
103
|
+
function handleMethod(element) {
|
104
|
+
var method = element.readAttribute('data-method'),
|
105
|
+
url = element.readAttribute('href'),
|
106
|
+
csrf_param = $$('meta[name=csrf-param]')[0],
|
107
|
+
csrf_token = $$('meta[name=csrf-token]')[0];
|
108
|
+
|
109
|
+
var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
|
110
|
+
element.parentNode.insert(form);
|
111
|
+
|
112
|
+
if (method !== 'post') {
|
113
|
+
var field = new Element('input', { type: 'hidden', name: '_method', value: method });
|
114
|
+
form.insert(field);
|
115
|
+
}
|
116
|
+
|
117
|
+
if (csrf_param) {
|
118
|
+
var param = csrf_param.readAttribute('content'),
|
119
|
+
token = csrf_token.readAttribute('content'),
|
120
|
+
field = new Element('input', { type: 'hidden', name: param, value: token });
|
121
|
+
form.insert(field);
|
122
|
+
}
|
123
|
+
|
124
|
+
form.submit();
|
125
|
+
}
|
126
|
+
|
127
|
+
|
128
|
+
document.on("click", "*[data-confirm]", function(event, element) {
|
129
|
+
var message = element.readAttribute('data-confirm');
|
130
|
+
if (!confirm(message)) event.stop();
|
131
|
+
});
|
132
|
+
|
133
|
+
document.on("click", "a[data-remote]", function(event, element) {
|
134
|
+
if (event.stopped) return;
|
135
|
+
handleRemote(element);
|
136
|
+
event.stop();
|
137
|
+
});
|
138
|
+
|
139
|
+
document.on("click", "a[data-method]", function(event, element) {
|
140
|
+
if (event.stopped) return;
|
141
|
+
handleMethod(element);
|
142
|
+
event.stop();
|
143
|
+
});
|
144
|
+
|
145
|
+
document.on("submit", function(event) {
|
146
|
+
var element = event.findElement(),
|
147
|
+
message = element.readAttribute('data-confirm');
|
148
|
+
if (message && !confirm(message)) {
|
149
|
+
event.stop();
|
150
|
+
return false;
|
151
|
+
}
|
152
|
+
|
153
|
+
var inputs = element.select("input[type=submit][data-disable-with]");
|
154
|
+
inputs.each(function(input) {
|
155
|
+
input.disabled = true;
|
156
|
+
input.writeAttribute('data-original-value', input.value);
|
157
|
+
input.value = input.readAttribute('data-disable-with');
|
158
|
+
});
|
159
|
+
|
160
|
+
var element = event.findElement("form[data-remote]");
|
161
|
+
if (element) {
|
162
|
+
handleRemote(element);
|
163
|
+
event.stop();
|
164
|
+
}
|
165
|
+
});
|
166
|
+
|
167
|
+
document.on("ajax:after", "form", function(event, element) {
|
168
|
+
var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
|
169
|
+
inputs.each(function(input) {
|
170
|
+
input.value = input.readAttribute('data-original-value');
|
171
|
+
input.removeAttribute('data-original-value');
|
172
|
+
input.disabled = false;
|
173
|
+
});
|
174
|
+
});
|
175
|
+
})();
|
File without changes
|
@@ -0,0 +1,6 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
|
3
|
+
|
4
|
+
APP_PATH = File.expand_path('../../config/application', __FILE__)
|
5
|
+
require File.expand_path('../../config/boot', __FILE__)
|
6
|
+
require 'rails/commands'
|
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe Ability do
|
4
|
+
it {should have_many :ability_permissions}
|
5
|
+
it {should have_many :permissions}
|
6
|
+
|
7
|
+
describe "that need extent" do
|
8
|
+
before (:each) do
|
9
|
+
@ab_with = Ability.create(:name => "test_with", :needs_extent => true)
|
10
|
+
@ab_without = Ability.create(:name => "test_without", :needs_extent => false)
|
11
|
+
end
|
12
|
+
it "should include with neeD_extent flag" do
|
13
|
+
Ability.that_need_extent.should include(@ab_with)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should not include abilities without need_extent flag" do
|
17
|
+
Ability.that_need_extent.should_not include(@ab_without)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,94 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
# create some object that will serve as extent
|
4
|
+
# --> we need an id method!
|
5
|
+
class FakeExtentObject
|
6
|
+
attr_reader :id
|
7
|
+
|
8
|
+
def initialize()
|
9
|
+
@@id ||= 0
|
10
|
+
@@id += 1
|
11
|
+
@id = @@id
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
describe AuthorizationExtent do
|
16
|
+
it {should belong_to :authorization}
|
17
|
+
|
18
|
+
describe "extent helpers" do
|
19
|
+
before (:each) do
|
20
|
+
@extent_obj = FakeExtentObject.new
|
21
|
+
@auth = Authorization.create(:ability_id => Ability.first.id)
|
22
|
+
@auth_extent = @auth.authorization_extents.build
|
23
|
+
@auth_extent.set_extent(@extent_obj)
|
24
|
+
@auth_extent.save
|
25
|
+
end
|
26
|
+
|
27
|
+
describe "set extent" do
|
28
|
+
|
29
|
+
it("should set the type correctly") { @auth_extent.extent_type.should == @extent_obj.class.name }
|
30
|
+
it("should set the id correctly") { @auth_extent.extent_objid.should == @extent_obj.id }
|
31
|
+
|
32
|
+
end
|
33
|
+
|
34
|
+
describe "match extent" do
|
35
|
+
before (:each) do
|
36
|
+
@other_extent = FakeExtentObject.new
|
37
|
+
end
|
38
|
+
it "should match the same object" do
|
39
|
+
@auth_extent.match_extent(@extent_obj).should be_true
|
40
|
+
end
|
41
|
+
|
42
|
+
it "should not match a different object" do
|
43
|
+
@auth_extent.match_extent(@other_extent).should be_false
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
# ## DPS specific code: this should me moved into DPS (out of plugin)
|
49
|
+
# # these are helpers that can retrieve or set the extent based on the Asp-label
|
50
|
+
# describe "Asp extent helpers" do
|
51
|
+
# describe "on existing object" do
|
52
|
+
# before(:each) do
|
53
|
+
# @auth_extent = AuthorizationExtent.create
|
54
|
+
# @auth_extent.save
|
55
|
+
# raise @auth_extent.errors unless @auth_extent.valid?
|
56
|
+
# @asp = Factory(:asp)
|
57
|
+
# @asp.save
|
58
|
+
# @auth_extent.extent = @asp.identifier
|
59
|
+
# @auth_extent.save
|
60
|
+
# end
|
61
|
+
# it "should set the extent" do
|
62
|
+
# @auth_extent.match_extent(@asp).should be_true
|
63
|
+
# end
|
64
|
+
#
|
65
|
+
# it "should set the extent-objid" do
|
66
|
+
# @auth_extent.extent_objid.should == @asp.id
|
67
|
+
# end
|
68
|
+
# it "should set the extent-type" do
|
69
|
+
# @auth_extent.extent_type.should == @asp.class.name
|
70
|
+
# end
|
71
|
+
#
|
72
|
+
# it "extent should be equal to the identifier" do
|
73
|
+
# @auth_extent.extent.should == @asp.identifier
|
74
|
+
# end
|
75
|
+
# end
|
76
|
+
#
|
77
|
+
# describe "on unsaved object" do
|
78
|
+
# before(:each) do
|
79
|
+
# @auth_extent = AuthorizationExtent.new
|
80
|
+
# @asp = Factory(:asp)
|
81
|
+
# @auth_extent.extent = @asp.identifier
|
82
|
+
# end
|
83
|
+
# it "should set the extent" do
|
84
|
+
# @auth_extent.match_extent(@asp).should be_true
|
85
|
+
# end
|
86
|
+
# it "extent should be equal to the identifier" do
|
87
|
+
# @auth_extent.extent.should == @asp.identifier
|
88
|
+
# end
|
89
|
+
# it "should not be saved" do
|
90
|
+
# @auth_extent.should be_new_record
|
91
|
+
# end
|
92
|
+
# end
|
93
|
+
# end
|
94
|
+
end
|
@@ -0,0 +1,104 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
# create some object that will serve as extent
|
4
|
+
# --> we need an id method!
|
5
|
+
class FakeExtentObject
|
6
|
+
attr_reader :id
|
7
|
+
|
8
|
+
def initialize()
|
9
|
+
@@id ||= 0
|
10
|
+
@@id += 1
|
11
|
+
@id = @@id
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
|
16
|
+
describe Authorization do
|
17
|
+
it {should belong_to :operator, :class_name => ::VIGILANTE_CONFIG['current_user_class']}
|
18
|
+
it {should belong_to :ability}
|
19
|
+
it {should have_many :authorization_extents}
|
20
|
+
|
21
|
+
# !!! TO DO: we need to use remarkable to be able to easily test for :accepts_nested_attributes_for
|
22
|
+
# shoulda does not offer the same level of matchers ... time to switch?
|
23
|
+
#it {should_accept_nested_attributes_for :authorization_extents}
|
24
|
+
|
25
|
+
describe "extent helper methods" do
|
26
|
+
before (:each) do
|
27
|
+
@auth_with = Authorization.create(:ability_id => Ability.first.id)
|
28
|
+
@auth_extent = @auth_with.authorization_extents.build()
|
29
|
+
@extent = FakeExtentObject.new
|
30
|
+
@auth_extent.set_extent(@extent)
|
31
|
+
@auth_extent.save
|
32
|
+
|
33
|
+
@auth_without =Authorization.create(:ability_id => Ability.first.id)
|
34
|
+
end
|
35
|
+
|
36
|
+
describe "has_extent?" do
|
37
|
+
it "returns false if there is no extent" do
|
38
|
+
# which is most readable?
|
39
|
+
@auth_without.should_not be_has_extent
|
40
|
+
@auth_without.has_extent?.should be_false
|
41
|
+
end
|
42
|
+
it "returns true if there is extent" do
|
43
|
+
@auth_with.should be_has_extent
|
44
|
+
@auth_with.has_extent?.should be_true
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
describe "match_extent" do
|
49
|
+
describe "without extent" do
|
50
|
+
it "should match nil" do
|
51
|
+
@auth_without.match_extent(nil).should be_true
|
52
|
+
end
|
53
|
+
|
54
|
+
it "should not match any other object" do
|
55
|
+
@auth_without.match_extent(@extent).should be_false
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
describe "with extent" do
|
60
|
+
it "should not match nil" do
|
61
|
+
@auth_with.match_extent(nil).should be_false
|
62
|
+
end
|
63
|
+
|
64
|
+
it "should match the extent object" do
|
65
|
+
@auth_with.match_extent(@extent).should be_true
|
66
|
+
end
|
67
|
+
|
68
|
+
it "should not match any other object" do
|
69
|
+
@auth_with.match_extent(FakeExtentObject.new).should be_false
|
70
|
+
end
|
71
|
+
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
describe "add extent" do
|
76
|
+
describe "a real extent" do
|
77
|
+
before(:each) do
|
78
|
+
@other_extent = FakeExtentObject.new
|
79
|
+
@auth_with.add_extent(@other_extent)
|
80
|
+
end
|
81
|
+
it "should have 2 extents" do
|
82
|
+
@auth_with.authorization_extents.count.should == 2
|
83
|
+
end
|
84
|
+
it "should match both extents" do
|
85
|
+
@auth_with.match_extent(@extent).should be_true
|
86
|
+
@auth_with.match_extent(@other_extent).should be_true
|
87
|
+
end
|
88
|
+
end
|
89
|
+
describe "a nil extent" do
|
90
|
+
before(:each) do
|
91
|
+
@auth_with.add_extent(nil)
|
92
|
+
end
|
93
|
+
it "should still have 1 extents" do
|
94
|
+
@auth_with.authorization_extents.count.should == 1
|
95
|
+
end
|
96
|
+
it "should match both extents" do
|
97
|
+
@auth_with.match_extent(@extent).should be_true
|
98
|
+
@auth_with.match_extent(nil).should be_false
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
end
|
@@ -0,0 +1,162 @@
|
|
1
|
+
require 'spec_helper.rb'
|
2
|
+
|
3
|
+
describe PermissionHash do
|
4
|
+
|
5
|
+
context "initializer" do
|
6
|
+
it "should have a good default" do
|
7
|
+
pp = PermissionHash.new
|
8
|
+
pp.keys.count.should == 1
|
9
|
+
pp['*']['homepage'].should == PermissionHash::DEFAULT_PERMISSIONS['*']['homepage']
|
10
|
+
end
|
11
|
+
|
12
|
+
it "should use the given hash as a start" do
|
13
|
+
sample_hash = {}
|
14
|
+
sample_hash['1'] = {'asps[index, show' => 1}
|
15
|
+
pp = PermissionHash.new(sample_hash)
|
16
|
+
pp.keys.count.should == 1
|
17
|
+
pp['1'].should == sample_hash['1']
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
context "is_allowed_by_context" do
|
22
|
+
context "default permissions" do
|
23
|
+
before (:each) do
|
24
|
+
@ph = PermissionHash.new
|
25
|
+
end
|
26
|
+
it "can visit the homepage" do
|
27
|
+
@ph.is_allowed_by_context('homepage', :index, nil).should be_true
|
28
|
+
end
|
29
|
+
it "can visit the homepage (alternative notation)" do
|
30
|
+
@ph.is_allowed_by_context('/', :index, nil).should be_true
|
31
|
+
end
|
32
|
+
it "can visit the homepage in a random context" do
|
33
|
+
@ph.is_allowed_by_context('homepage', :index, ['1', '34','69']).should be_true
|
34
|
+
end
|
35
|
+
it "can visit the homepage show page" do
|
36
|
+
@ph.is_allowed_by_context('/', :show, nil).should be_true
|
37
|
+
end
|
38
|
+
it "cannot visit any homepage edit" do
|
39
|
+
@ph.is_allowed_by_context('/', :edit, nil).should be_false
|
40
|
+
end
|
41
|
+
it "can not visit any other page" do
|
42
|
+
@ph.is_allowed_by_context('something_else', :show, nil).should be_false
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
context "special permissions, global and specific" do
|
47
|
+
before (:each) do
|
48
|
+
@ph = PermissionHash.new()
|
49
|
+
@ph.add '1', 'posts', [:index, :show]
|
50
|
+
@ph.add '1', 'homepage', [:index]
|
51
|
+
@ph.add '2', 'comments', [:index, :show, :edit]
|
52
|
+
end
|
53
|
+
|
54
|
+
it "can visit the homepage" do
|
55
|
+
@ph.is_allowed_by_context('homepage', :index, nil).should be_true
|
56
|
+
end
|
57
|
+
it "can visit the homepage in an unknown context" do
|
58
|
+
@ph.is_allowed_by_context('homepage', :index, ['69']).should be_true
|
59
|
+
end
|
60
|
+
it "can visit the homepage in a context with the correct right" do
|
61
|
+
@ph.is_allowed_by_context('homepage', :index, ['1']).should be_true
|
62
|
+
end
|
63
|
+
it "cannot visit the homepage in a known context without homepage rights" do
|
64
|
+
@ph.is_allowed_by_context('homepage', :index, ['2']).should be_false
|
65
|
+
end
|
66
|
+
it "can visit posts index in context 1" do
|
67
|
+
@ph.is_allowed_by_context('posts', :index, ['1']).should be_true
|
68
|
+
end
|
69
|
+
it "cannot visit posts index without context" do
|
70
|
+
@ph.is_allowed_by_context('posts', :index, nil).should be_false
|
71
|
+
end
|
72
|
+
|
73
|
+
context "get_extent_of" do
|
74
|
+
it "of posts index should be correct" do
|
75
|
+
@ph.get_extent_of('posts', "index").should == ['1']
|
76
|
+
end
|
77
|
+
it "of comments index should be correct" do
|
78
|
+
@ph.get_extent_of('comments', :index).should == ['2']
|
79
|
+
end
|
80
|
+
it "of homepage index should be correct" do
|
81
|
+
@ph.get_extent_of('/', :index).should =~ ['1', '*']
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
it "is not global a permission hash (or: we have extents)" do
|
86
|
+
@ph.is_global?.should be_false
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
context "add a permission" do
|
92
|
+
before (:each) do
|
93
|
+
@ph = PermissionHash.new
|
94
|
+
end
|
95
|
+
|
96
|
+
context "on index" do
|
97
|
+
before (:each) do
|
98
|
+
@ph.add '1', 'asps', [:index]
|
99
|
+
end
|
100
|
+
|
101
|
+
it "should be added to the hash" do
|
102
|
+
expected_result = HashWithIndifferentAccess.new(PermissionHash::DEFAULT_PERMISSIONS).merge("1"=>{"asps"=>{"index"=>1}})
|
103
|
+
@ph.should == expected_result
|
104
|
+
end
|
105
|
+
|
106
|
+
it "should now be allowed" do
|
107
|
+
@ph.is_allowed_by_context('asps', :index, ['1']).should be_true
|
108
|
+
end
|
109
|
+
end
|
110
|
+
|
111
|
+
context "on new" do
|
112
|
+
before (:each) do
|
113
|
+
@ph.add '1', 'asps', [:new]
|
114
|
+
end
|
115
|
+
it "should now be allowed" do
|
116
|
+
@ph.is_allowed_by_context('asps', :new, ['1']).should be_true
|
117
|
+
end
|
118
|
+
it "and create should now be allowed" do
|
119
|
+
@ph.is_allowed_by_context('asps', :create, ['1']).should be_true
|
120
|
+
end
|
121
|
+
end
|
122
|
+
|
123
|
+
context "on edit" do
|
124
|
+
before (:each) do
|
125
|
+
@ph.add '1', 'asps', [:edit]
|
126
|
+
end
|
127
|
+
it "should now be allowed" do
|
128
|
+
@ph.is_allowed_by_context('asps', :edit, ['1']).should be_true
|
129
|
+
end
|
130
|
+
it "and create should now be allowed" do
|
131
|
+
@ph.is_allowed_by_context('asps', :update, ['1']).should be_true
|
132
|
+
end
|
133
|
+
end
|
134
|
+
end
|
135
|
+
|
136
|
+
context "is_global?" do
|
137
|
+
context "with global permissions" do
|
138
|
+
before (:each) do
|
139
|
+
@ph = PermissionHash.new
|
140
|
+
end
|
141
|
+
it "returns true" do
|
142
|
+
@ph.is_global?.should be_true
|
143
|
+
end
|
144
|
+
it "returns true (alternative notation)" do
|
145
|
+
@ph.are_only_global?.should be_true
|
146
|
+
end
|
147
|
+
end
|
148
|
+
context "with global permissions" do
|
149
|
+
before (:each) do
|
150
|
+
@ph = PermissionHash.new
|
151
|
+
@ph.add '1', 'posts', [:index, :show, :edit, :new]
|
152
|
+
end
|
153
|
+
it "returns true" do
|
154
|
+
@ph.is_global?.should be_false
|
155
|
+
end
|
156
|
+
it "returns true (alternative notation)" do
|
157
|
+
@ph.are_only_global?.should be_false
|
158
|
+
end
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
162
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
# Configure Rails Envinronment
|
2
|
+
ENV["RAILS_ENV"] = "test"
|
3
|
+
|
4
|
+
require File.expand_path("../dummy/config/environment.rb", __FILE__)
|
5
|
+
require "rspec/rails"
|
6
|
+
require 'remarkable/active_record'
|
7
|
+
|
8
|
+
#Rails.backtrace_cleaner.remove_silencers!
|
9
|
+
#
|
10
|
+
### Configure capybara for integration testing
|
11
|
+
##require "capybara/rails"
|
12
|
+
##Capybara.default_driver = :rack_test
|
13
|
+
##Capybara.default_selector = :css
|
14
|
+
#
|
15
|
+
|
16
|
+
# Run any available migration
|
17
|
+
ActiveRecord::Migrator.migrate File.expand_path("../dummy/db/migrate/", __FILE__)
|
18
|
+
|
19
|
+
# Load support files
|
20
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
|
21
|
+
|
22
|
+
|
23
|
+
# Requires supporting ruby files with custom matchers and macros, etc,
|
24
|
+
# in spec/support/ and its subdirectories.
|
25
|
+
Dir[Rails.root.join("spec/support/**/*.rb")].each {|f| require f}
|
26
|
+
|
27
|
+
RSpec.configure do |config|
|
28
|
+
# == Mock Framework
|
29
|
+
#
|
30
|
+
# If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
|
31
|
+
#
|
32
|
+
# config.mock_with :mocha
|
33
|
+
# config.mock_with :flexmock
|
34
|
+
# config.mock_with :rr
|
35
|
+
config.mock_with :rspec
|
36
|
+
|
37
|
+
# Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
|
38
|
+
config.fixture_path = "#{::Rails.root}/spec/fixtures"
|
39
|
+
|
40
|
+
# If you're not using ActiveRecord, or you'd prefer not to run each of your
|
41
|
+
# examples within a transaction, remove the following line or assign false
|
42
|
+
# instead of true.
|
43
|
+
config.use_transactional_fixtures = true
|
44
|
+
|
45
|
+
config.before(:all) do
|
46
|
+
seed_file = File.join(Rails.root, 'db', 'seeds.rb')
|
47
|
+
load(seed_file)
|
48
|
+
end
|
49
|
+
end
|