vigilante 1.0.6 → 1.0.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/lib/vigilante/watched_operator.rb +87 -1
  4. data/spec/models/watched_operator_spec.rb +68 -0
  5. data/vigilante.gemspec +4 -3
  6. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 1f2d45e60a17ae2b8f06c9b6aa47e876621072d5
4
- data.tar.gz: cb9ff533bb9cc95b34e567986e1f8b5221dc62a6
3
+ metadata.gz: c6b42cabb2b3994a8c768046c4721afa1ee9a306
4
+ data.tar.gz: 2d40422c1c3700ec5bbe2fe00ba98852fd994f8f
5
5
  SHA512:
6
- metadata.gz: 1bdb0977b997234eee874f4850ffd5f5d724251f9d48be0c43095917a81d3a4aeb17d136cd7b940002e1d3f7a9a4f285bd843d02777be359520b52b3b65ed8a9
7
- data.tar.gz: 4495f38059766ff6e73f6e9137bb925922d00f83f6c1a805ead89128c5ba739129dcfa8d674acc9da0feba17ae99b6b59a900db8721f344f0a1659c7d869aa8a
6
+ metadata.gz: 3e2f8964d2f40e8d7f3514ca3156208dfa15a31d4bfa187aad2ddb322c78d1c9fbc801f8f7074d43d040b224804eb6baf4983e7facfb35597c14c20f4481aa56
7
+ data.tar.gz: 1b3cb2d860aec190c4002862b002adf2d3eeb71c1cacd4dc361c55d3f23d59803da095b6b63c71da168885feee6d26f4073f9fa4928eb46c968b664d935ccfef
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.0.6
1
+ 1.0.7
data/lib/vigilante/watched_operator.rb CHANGED
@@ -74,6 +74,21 @@ module Vigilante
74
74
  authorizations.collect {|a| a.ability.try(:name) + "[" + a.authorization_extents.collect{|e| e.extent}.join(',') + "]"}
75
75
  end
76
76
 
77
+ def max_ability(extent=nil)
78
+ if extent && has_extent?
79
+ result_max = 0
80
+ self.reload.authorizations.each do |auth|
81
+ if auth.has_extent?
82
+ result_max = auth.ability.importance if auth.match_extent(extent) && auth.ability.importance > result_max
83
+ end
84
+ end
85
+ result_max
86
+ else
87
+ @max_importance ||= abilities.maximum(:importance)
88
+ end
89
+ end
90
+
91
+
77
92
  #### Extent-specific
78
93
 
79
94
  def add_to_extent(extent, role = nil)
@@ -93,13 +108,84 @@ module Vigilante
93
108
  end
94
109
 
95
110
  def has_extent?
96
- asp_roles.count >= 1
111
+ extent_roles.count >= 1
97
112
  end
98
113
 
99
114
  def extent_roles
100
115
  self.authorizations.select{|x| x.has_extent? }.collect{|x| x.ability.name }
101
116
  end
102
117
 
118
+ def extents_with_roles
119
+ extent_hash = Hash.new { |h, k| h[k] = [] }
120
+ self.authorizations.each do |authorization|
121
+ if authorization.has_extent?
122
+ authorization.authorization_extents.each do |x|
123
+ extent_hash[x.extent_objid] << authorization.ability.name
124
+ end
125
+ else
126
+ extent_hash[:all] << authorization.ability.name
127
+ end
128
+ end
129
+ extent_hash
130
+ end
131
+
132
+
133
+ def validate_authorizations(max_allowed_importance, only_with_extents)
134
+ authorizations = self.authorizations
135
+
136
+ authorizations.each do |auth|
137
+ ability = auth.ability
138
+
139
+ if ability.needs_extent? && auth.authorization_extents.empty?
140
+ errors.add(:authorizations, "ability #{ability.name} requires an organisation!")
141
+ end
142
+ if ability.importance > max_allowed_importance || (!ability.needs_extent? && only_with_extents)
143
+ errors.add(:authorizations, "you do not have the necessary permission to add ability #{ability.name}")
144
+ end
145
+ end
146
+
147
+ logger.debug "###### Validate_operator_authorizations: authorizations = #{authorizations.inspect}"
148
+ logger.debug "###### Validate_operator_authorizations: authorizations = #{abilities.inspect}"
149
+
150
+ if authorizations.empty?
151
+ valid? # add the other errors, if any
152
+ errors.add(:authorizations, 'must have at least one ability')
153
+ end
154
+ end
155
+
156
+
157
+ def simplify_authorizations
158
+ if authorizations.count != distinct_authorizations.count
159
+ minimize_authorizations
160
+ self.reload
161
+ end
162
+ end
163
+
164
+ def distinct_authorizations
165
+ authorizations.joins(:ability).select('distinct(name)')
166
+ end
167
+
168
+ def authorizations_by_ability_name(ability_name)
169
+ #TODO: this can be written with better perfomance by using an SQL select instead of the ruby method select
170
+ authorizations.select{|authorization|authorization.ability.name == ability_name}
171
+ end
172
+
173
+ def minimize_authorizations
174
+ distinct_authorizations.each do |ability|
175
+ authorizations_with_possible_duplicates = authorizations_by_ability_name(ability.name)
176
+ if authorizations_with_possible_duplicates.size > 1
177
+ keep_auth = authorizations_with_possible_duplicates.delete_at(0)
178
+ authorizations_with_possible_duplicates.each do |dup_auth|
179
+ dup_auth.authorization_extents.each do |auth_ext|
180
+ keep_auth.authorization_extents.create(:extent_objid => auth_ext.extent_objid, :extent_type => auth_ext.extent_type)
181
+ end
182
+ dup_auth.destroy
183
+ end
184
+ end
185
+ end
186
+ end
187
+
188
+
103
189
 
104
190
  #### Permits: what is an user/operator/... allowed to do
105
191
 
data/spec/models/watched_operator_spec.rb ADDED
@@ -0,0 +1,68 @@
1
+ require 'spec_helper.rb'
2
+
3
+ describe Author do
4
+ # test the code inserted into the Author (from the "watched_operator" module )
5
+
6
+ # !!! TODO: fix extracted test-code
7
+ #
8
+ # context "validate_authorizations" do
9
+ # # validate_authorizations expects
10
+ # # - the current-operators max permission (weight)
11
+ # # - whether the current-operators has an extent or not
12
+ # #
13
+ # # These two are then combined to check whether added authorizations are valid or not
14
+ # before(:each) do
15
+ # @test_operator = FactoryGirl.create(:operator)
16
+ # end
17
+ # context "no authorizations added" do
18
+ # before(:each) do
19
+ # @test_operator.validate_authorizations(100, true)
20
+ # end
21
+ # it "sets an error on authorizations" do
22
+ # @test_operator.errors[:authorizations].size.should == 1
23
+ # end
24
+ # it "must have at least one ability" do
25
+ # @test_operator.errors[:authorizations].should == ["must have at least one ability"]
26
+ # end
27
+ # end
28
+ # context "with one authorization added that needs extent, without an extent" do
29
+ # before(:each) do
30
+ # @test_operator.abilities << Ability.find_by_name("asp_admin")
31
+ # @test_operator.validate_authorizations(100, true)
32
+ # end
33
+ # it "sets an error on authorizations" do
34
+ # @test_operator.errors[:authorizations].size.should == 1
35
+ # end
36
+ # it "this ability requires an organisation" do
37
+ # @test_operator.errors[:authorizations].should == ["ability asp_admin requires an organisation!"]
38
+ # end
39
+ # end
40
+ # context "with one authorization added that does not need an extent, but the current operator does" do
41
+ # before(:each) do
42
+ # @test_operator.abilities << Ability.find_by_name("can-read-all")
43
+ # @test_operator.validate_authorizations(100, true)
44
+ # end
45
+ # it "sets an error on authorizations" do
46
+ # @test_operator.errors[:authorizations].size.should == 1
47
+ # end
48
+ # it "this ability requires an organisation" do
49
+ # @test_operator.errors[:authorizations].should == ["you do not have the necessary permission to add ability can-read-all"]
50
+ # end
51
+ # end
52
+ # context "with one authorization added that exceeds the current operator's permissions'" do
53
+ # before(:each) do
54
+ # @test_operator.abilities << Ability.find_by_name("can-read-all")
55
+ # @test_operator.validate_authorizations(9, false)
56
+ # end
57
+ # it "sets an error on authorizations" do
58
+ # @test_operator.errors[:authorizations].size.should == 1
59
+ # end
60
+ # it "this ability requires an organisation" do
61
+ # @test_operator.errors[:authorizations].should == ["you do not have the necessary permission to add ability can-read-all"]
62
+ # end
63
+ # end
64
+ # # !!!!! should also add all the positive cases, that do NOT add an error ...
65
+ # end
66
+
67
+
68
+ end
data/vigilante.gemspec CHANGED
@@ -2,16 +2,16 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: vigilante 1.0.6 ruby lib
5
+ # stub: vigilante 1.0.7 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "vigilante"
9
- s.version = "1.0.6"
9
+ s.version = "1.0.7"
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib"]
13
13
  s.authors = ["Nathan Van der Auwera"]
14
- s.date = "2015-09-07"
14
+ s.date = "2015-09-22"
15
15
  s.description = "Vigilante is a db-backed authorisation, completely configurable and dynamic; where permissions can be limited to extents."
16
16
  s.email = "nathan@dixis.com"
17
17
  s.extra_rdoc_files = [
@@ -112,6 +112,7 @@ Gem::Specification.new do |s|
112
112
  "spec/models/authorization_spec.rb",
113
113
  "spec/models/permission_hash_spec.rb",
114
114
  "spec/models/permission_spec.rb",
115
+ "spec/models/watched_operator_spec.rb",
115
116
  "spec/spec_helper.rb",
116
117
  "spec/vigilante_spec.rb",
117
118
  "vigilante.gemspec"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vigilante
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.6
4
+ version: 1.0.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nathan Van der Auwera
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-09-07 00:00:00.000000000 Z
11
+ date: 2015-09-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -154,6 +154,7 @@ files:
154
154
  - spec/models/authorization_spec.rb
155
155
  - spec/models/permission_hash_spec.rb
156
156
  - spec/models/permission_spec.rb
157
+ - spec/models/watched_operator_spec.rb
157
158
  - spec/spec_helper.rb
158
159
  - spec/vigilante_spec.rb
159
160
  - vigilante.gemspec