vigilante 1.0.6 → 1.0.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/vigilante/watched_operator.rb +87 -1
  4. data/spec/models/watched_operator_spec.rb +68 -0
  5. data/vigilante.gemspec +4 -3
  6. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1f2d45e60a17ae2b8f06c9b6aa47e876621072d5
4
- data.tar.gz: cb9ff533bb9cc95b34e567986e1f8b5221dc62a6
3
+ metadata.gz: c6b42cabb2b3994a8c768046c4721afa1ee9a306
4
+ data.tar.gz: 2d40422c1c3700ec5bbe2fe00ba98852fd994f8f
5
5
  SHA512:
6
- metadata.gz: 1bdb0977b997234eee874f4850ffd5f5d724251f9d48be0c43095917a81d3a4aeb17d136cd7b940002e1d3f7a9a4f285bd843d02777be359520b52b3b65ed8a9
7
- data.tar.gz: 4495f38059766ff6e73f6e9137bb925922d00f83f6c1a805ead89128c5ba739129dcfa8d674acc9da0feba17ae99b6b59a900db8721f344f0a1659c7d869aa8a
6
+ metadata.gz: 3e2f8964d2f40e8d7f3514ca3156208dfa15a31d4bfa187aad2ddb322c78d1c9fbc801f8f7074d43d040b224804eb6baf4983e7facfb35597c14c20f4481aa56
7
+ data.tar.gz: 1b3cb2d860aec190c4002862b002adf2d3eeb71c1cacd4dc361c55d3f23d59803da095b6b63c71da168885feee6d26f4073f9fa4928eb46c968b664d935ccfef
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.0.6
1
+ 1.0.7
data/lib/vigilante/watched_operator.rb CHANGED
@@ -74,6 +74,21 @@ module Vigilante
74
74
  authorizations.collect {|a| a.ability.try(:name) + "[" + a.authorization_extents.collect{|e| e.extent}.join(',') + "]"}
75
75
  end
76
76
 
77
+ def max_ability(extent=nil)
78
+ if extent && has_extent?
79
+ result_max = 0
80
+ self.reload.authorizations.each do |auth|
81
+ if auth.has_extent?
82
+ result_max = auth.ability.importance if auth.match_extent(extent) && auth.ability.importance > result_max
83
+ end
84
+ end
85
+ result_max
86
+ else
87
+ @max_importance ||= abilities.maximum(:importance)
88
+ end
89
+ end
90
+
91
+
77
92
  #### Extent-specific
78
93
 
79
94
  def add_to_extent(extent, role = nil)
@@ -93,13 +108,84 @@ module Vigilante
93
108
  end
94
109
 
95
110
  def has_extent?
96
- asp_roles.count >= 1
111
+ extent_roles.count >= 1
97
112
  end
98
113
 
99
114
  def extent_roles
100
115
  self.authorizations.select{|x| x.has_extent? }.collect{|x| x.ability.name }
101
116
  end
102
117
 
118
+ def extents_with_roles
119
+ extent_hash = Hash.new { |h, k| h[k] = [] }
120
+ self.authorizations.each do |authorization|
121
+ if authorization.has_extent?
122
+ authorization.authorization_extents.each do |x|
123
+ extent_hash[x.extent_objid] << authorization.ability.name
124
+ end
125
+ else
126
+ extent_hash[:all] << authorization.ability.name
127
+ end
128
+ end
129
+ extent_hash
130
+ end
131
+
132
+
133
+ def validate_authorizations(max_allowed_importance, only_with_extents)
134
+ authorizations = self.authorizations
135
+
136
+ authorizations.each do |auth|
137
+ ability = auth.ability
138
+
139
+ if ability.needs_extent? && auth.authorization_extents.empty?
140
+ errors.add(:authorizations, "ability #{ability.name} requires an organisation!")
141
+ end
142
+ if ability.importance > max_allowed_importance || (!ability.needs_extent? && only_with_extents)
143
+ errors.add(:authorizations, "you do not have the necessary permission to add ability #{ability.name}")
144
+ end
145
+ end
146
+
147
+ logger.debug "###### Validate_operator_authorizations: authorizations = #{authorizations.inspect}"
148
+ logger.debug "###### Validate_operator_authorizations: authorizations = #{abilities.inspect}"
149
+
150
+ if authorizations.empty?
151
+ valid? # add the other errors, if any
152
+ errors.add(:authorizations, 'must have at least one ability')
153
+ end
154
+ end
155
+
156
+
157
+ def simplify_authorizations
158
+ if authorizations.count != distinct_authorizations.count
159
+ minimize_authorizations
160
+ self.reload
161
+ end
162
+ end
163
+
164
+ def distinct_authorizations
165
+ authorizations.joins(:ability).select('distinct(name)')
166
+ end
167
+
168
+ def authorizations_by_ability_name(ability_name)
169
+ #TODO: this can be written with better perfomance by using an SQL select instead of the ruby method select
170
+ authorizations.select{|authorization|authorization.ability.name == ability_name}
171
+ end
172
+
173
+ def minimize_authorizations
174
+ distinct_authorizations.each do |ability|
175
+ authorizations_with_possible_duplicates = authorizations_by_ability_name(ability.name)
176
+ if authorizations_with_possible_duplicates.size > 1
177
+ keep_auth = authorizations_with_possible_duplicates.delete_at(0)
178
+ authorizations_with_possible_duplicates.each do |dup_auth|
179
+ dup_auth.authorization_extents.each do |auth_ext|
180
+ keep_auth.authorization_extents.create(:extent_objid => auth_ext.extent_objid, :extent_type => auth_ext.extent_type)
181
+ end
182
+ dup_auth.destroy
183
+ end
184
+ end
185
+ end
186
+ end
187
+
188
+
103
189
 
104
190
  #### Permits: what is an user/operator/... allowed to do
105
191
 
data/spec/models/watched_operator_spec.rb ADDED
@@ -0,0 +1,68 @@
1
+ require 'spec_helper.rb'
2
+
3
+ describe Author do
4
+ # test the code inserted into the Author (from the "watched_operator" module )
5
+
6
+ # !!! TODO: fix extracted test-code
7
+ #
8
+ # context "validate_authorizations" do
9
+ # # validate_authorizations expects
10
+ # # - the current-operators max permission (weight)
11
+ # # - whether the current-operators has an extent or not
12
+ # #
13
+ # # These two are then combined to check whether added authorizations are valid or not
14
+ # before(:each) do
15
+ # @test_operator = FactoryGirl.create(:operator)
16
+ # end
17
+ # context "no authorizations added" do
18
+ # before(:each) do
19
+ # @test_operator.validate_authorizations(100, true)
20
+ # end
21
+ # it "sets an error on authorizations" do
22
+ # @test_operator.errors[:authorizations].size.should == 1
23
+ # end
24
+ # it "must have at least one ability" do
25
+ # @test_operator.errors[:authorizations].should == ["must have at least one ability"]
26
+ # end
27
+ # end
28
+ # context "with one authorization added that needs extent, without an extent" do
29
+ # before(:each) do
30
+ # @test_operator.abilities << Ability.find_by_name("asp_admin")
31
+ # @test_operator.validate_authorizations(100, true)
32
+ # end
33
+ # it "sets an error on authorizations" do
34
+ # @test_operator.errors[:authorizations].size.should == 1
35
+ # end
36
+ # it "this ability requires an organisation" do
37
+ # @test_operator.errors[:authorizations].should == ["ability asp_admin requires an organisation!"]
38
+ # end
39
+ # end
40
+ # context "with one authorization added that does not need an extent, but the current operator does" do
41
+ # before(:each) do
42
+ # @test_operator.abilities << Ability.find_by_name("can-read-all")
43
+ # @test_operator.validate_authorizations(100, true)
44
+ # end
45
+ # it "sets an error on authorizations" do
46
+ # @test_operator.errors[:authorizations].size.should == 1
47
+ # end
48
+ # it "this ability requires an organisation" do
49
+ # @test_operator.errors[:authorizations].should == ["you do not have the necessary permission to add ability can-read-all"]
50
+ # end
51
+ # end
52
+ # context "with one authorization added that exceeds the current operator's permissions'" do
53
+ # before(:each) do
54
+ # @test_operator.abilities << Ability.find_by_name("can-read-all")
55
+ # @test_operator.validate_authorizations(9, false)
56
+ # end
57
+ # it "sets an error on authorizations" do
58
+ # @test_operator.errors[:authorizations].size.should == 1
59
+ # end
60
+ # it "this ability requires an organisation" do
61
+ # @test_operator.errors[:authorizations].should == ["you do not have the necessary permission to add ability can-read-all"]
62
+ # end
63
+ # end
64
+ # # !!!!! should also add all the positive cases, that do NOT add an error ...
65
+ # end
66
+
67
+
68
+ end
data/vigilante.gemspec CHANGED
@@ -2,16 +2,16 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: vigilante 1.0.6 ruby lib
5
+ # stub: vigilante 1.0.7 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "vigilante"
9
- s.version = "1.0.6"
9
+ s.version = "1.0.7"
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib"]
13
13
  s.authors = ["Nathan Van der Auwera"]
14
- s.date = "2015-09-07"
14
+ s.date = "2015-09-22"
15
15
  s.description = "Vigilante is a db-backed authorisation, completely configurable and dynamic; where permissions can be limited to extents."
16
16
  s.email = "nathan@dixis.com"
17
17
  s.extra_rdoc_files = [
@@ -112,6 +112,7 @@ Gem::Specification.new do |s|
112
112
  "spec/models/authorization_spec.rb",
113
113
  "spec/models/permission_hash_spec.rb",
114
114
  "spec/models/permission_spec.rb",
115
+ "spec/models/watched_operator_spec.rb",
115
116
  "spec/spec_helper.rb",
116
117
  "spec/vigilante_spec.rb",
117
118
  "vigilante.gemspec"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vigilante
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.6
4
+ version: 1.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Van der Auwera
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-09-07 00:00:00.000000000 Z
11
+ date: 2015-09-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -154,6 +154,7 @@ files:
154
154
  - spec/models/authorization_spec.rb
155
155
  - spec/models/permission_hash_spec.rb
156
156
  - spec/models/permission_spec.rb
157
+ - spec/models/watched_operator_spec.rb
157
158
  - spec/spec_helper.rb
158
159
  - spec/vigilante_spec.rb
159
160
  - vigilante.gemspec