zeiv-declarative_authorization 1.0.0.pre

data/test/database.yml

@@ -0,0 +1,3 @@
+test:
+  adapter: sqlite3
+  database: ":memory:"

data/test/dsl_reader_test.rb

@@ -0,0 +1,178 @@
+require 'test_helper'
+
+class DSLReaderTest < Test::Unit::TestCase
+  def test_privileges
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      privileges do
+        privilege :test_priv do
+          includes :lower_priv
+        end
+      end
+    }
+    assert_equal 2, reader.privileges_reader.privileges.length
+    assert_equal [[:lower_priv, nil]], 
+      reader.privileges_reader.privilege_hierarchy[:test_priv]
+  end
+  
+  def test_privileges_with_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      privileges do
+        privilege :test_priv, :test_context do
+          includes :lower_priv
+        end
+      end
+    }
+    assert_equal [[:lower_priv, :test_context]], 
+      reader.privileges_reader.privilege_hierarchy[:test_priv]
+  end
+  
+  def test_privileges_one_line
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      privileges do
+        privilege :test_priv, :test_context, :includes => :lower_priv
+        privilege :test_priv_2, :test_context, :includes => [:lower_priv]
+        privilege :test_priv_3, :includes => [:lower_priv]
+      end
+    }
+    assert_equal [[:lower_priv, :test_context]], 
+      reader.privileges_reader.privilege_hierarchy[:test_priv]
+    assert_equal [[:lower_priv, :test_context]], 
+      reader.privileges_reader.privilege_hierarchy[:test_priv_2]
+    assert_equal [[:lower_priv, nil]], 
+      reader.privileges_reader.privilege_hierarchy[:test_priv_3]
+  end
+  
+  def test_auth_role
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          includes :lesser_role
+          has_permission_on :items, :to => :read
+        end
+      end
+    }
+    assert_equal 1, reader.auth_rules_reader.roles.length
+    assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role]
+    assert_equal 1, reader.auth_rules_reader.auth_rules.length
+  end
+  
+  def test_auth_role_permit_on
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %|
+      authorization do
+        role :test_role do
+          has_permission_on :test_context do
+            to :test_perm, :manage
+            if_attribute :test_attr => is { user.test_attr }
+          end
+        end
+      end
+    |
+    assert_equal 1, reader.auth_rules_reader.roles.length
+    assert_equal 1, reader.auth_rules_reader.auth_rules.length
+    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
+    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
+  end
+  
+  def test_permit_block
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %|
+      authorization do
+        role :test_role do
+          has_permission_on :perms, :to => :test do
+            if_attribute :test_attr   => is { user.test_attr }
+            if_attribute :test_attr_2 => is_not { user.test_attr }
+            if_attribute :test_attr_3 => contains { user.test_attr }
+            if_attribute :test_attr_4 => does_not_contain { user.test_attr }
+            if_attribute :test_attr_5 => is_in { user.test_attr }
+            if_attribute :test_attr_5 => is_not_in { user.test_attr }
+            if_attribute :test_attr_6 => lt { user.test_attr }
+            if_attribute :test_attr_6 => lte { user.test_attr }
+            if_attribute :test_attr_6 => gt { user.test_attr }
+            if_attribute :test_attr_6 => gte { user.test_attr }
+          end
+        end
+      end
+    |
+    assert_equal 1, reader.auth_rules_reader.roles.length
+    assert_equal 1, reader.auth_rules_reader.auth_rules.length
+    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
+  end
+  
+  def test_has_permission_to_with_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %|
+      authorization do
+        role :test_role do
+          has_permission_on :perms, :to => :test
+        end
+      end
+    |
+    assert_equal 1, reader.auth_rules_reader.roles.length
+    assert_equal 1, reader.auth_rules_reader.auth_rules.length
+    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
+  end
+  
+  def test_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      contexts do
+        context :high_level_context do
+          includes :low_level_context_1, :low_level_context_2
+        end
+      end
+    }
+  end
+  
+  def test_dsl_error
+    reader = Authorization::Reader::DSLReader.new
+    assert_raise(Authorization::Reader::DSLError) do
+      reader.parse %{
+        authorization do
+          includes :lesser_role
+        end
+      }
+    end
+  end
+  
+  def test_syntax_error
+    reader = Authorization::Reader::DSLReader.new
+    assert_raise(Authorization::Reader::DSLSyntaxError) do
+      reader.parse %{
+        authorizations do
+        end
+      }
+    end
+  end
+  
+  def test_syntax_error_2
+    reader = Authorization::Reader::DSLReader.new
+    assert_raise(Authorization::Reader::DSLSyntaxError) do
+      reader.parse %{
+        authorizations
+        end
+      }
+    end
+  end
+
+  def test_factory_returns_self
+    reader = Authorization::Reader::DSLReader.new
+    assert_equal(Authorization::Reader::DSLReader.factory(reader).object_id, reader.object_id)
+  end
+
+  def test_factory_loads_file
+    reader = Authorization::Reader::DSLReader.factory((DA_ROOT + "authorization_rules.dist.rb").to_s)
+    assert_equal(Authorization::Reader::DSLReader, reader.class)
+  end
+
+  def test_load_file_not_found
+    assert_raise(Authorization::Reader::DSLFileNotFoundError) do
+      Authorization::Reader::DSLReader.new.load!("nonexistent_file.rb")
+    end
+  end
+end
+

data/test/helper_test.rb

@@ -0,0 +1,247 @@
+require 'test_helper'
+require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization helper})
+
+
+class HelperMocksController < MocksController
+  filter_access_to :action, :require => :show, :context => :mocks
+  define_action_methods :action
+end
+class HelperTest < ActionController::TestCase
+  tests HelperMocksController
+  include Authorization::AuthorizationHelper
+  attr_reader :controller
+  
+  def test_permit
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+        role :test_role_2 do
+          has_permission_on :mocks, :to => :update
+        end
+      end
+    }
+    user = MockUser.new(:test_role)
+    request!(user, :action, reader)
+    
+    assert permitted_to?(:show, :mocks)
+    assert !permitted_to?(:update, :mocks)
+    
+    block_evaled = false
+    permitted_to?(:show, :mocks) do
+      block_evaled = true
+    end
+    assert block_evaled
+    
+    block_evaled = false
+    permitted_to?(:update, :mocks) do
+      block_evaled = true
+    end
+    assert !block_evaled
+  end
+
+  def test_permit_with_object
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks do
+            to :show
+            if_attribute :test_attr => is {user.test_attr}
+          end
+        end
+      end
+    }
+    user = MockUser.new(:test_role, :test_attr => 1)
+    mock = MockDataObject.new(:test_attr => 1)
+    mock_2 = MockDataObject.new(:test_attr => 2)
+    request!(user, :action, reader)
+    
+    assert permitted_to?(:show, mock)
+    assert permitted_to?(:show, :mocks)
+    assert !permitted_to?(:show, mock_2)
+  end
+
+  def test_permit_with_object_and_context
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :other_mocks do
+            to :show
+            if_attribute :test_attr => is {user.test_attr}
+          end
+        end
+      end
+    }
+    user = MockUser.new(:test_role, :test_attr => 1)
+    mock = MockDataObject.new(:test_attr => 1)
+    mock_2 = MockDataObject.new(:test_attr => 2)
+    request!(user, :action, reader)
+
+    assert permitted_to?(:show, mock, :context => :other_mocks)
+    assert !permitted_to?(:show, mock_2, :context => :other_mocks)
+  end
+  
+  def test_has_role
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+      end
+    }
+    user = MockUser.new(:test_role)
+    request!(user, :action, reader)
+    
+    assert has_role?(:test_role)
+    assert !has_role?(:test_role2)
+    assert !has_role?(:test_role, :test_role2)
+    
+    block_evaled = false
+    has_role?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    
+    block_evaled = false
+    has_role?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+  end
+  
+  def test_has_any_role
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+      end
+    }
+    user = MockUser.new(:test_role)
+    request!(user, :action, reader)
+    
+    assert has_any_role?(:test_role)
+    assert !has_any_role?(:test_role2)
+    assert has_any_role?(:test_role, :test_role2)
+    
+    block_evaled = false
+    has_any_role?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    
+    block_evaled = false
+    has_any_role?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+    
+    block_evaled = false
+    has_any_role?(:test_role,:test_role2) do
+      block_evaled = true
+    end
+    assert block_evaled
+  end
+  
+  def test_has_role_with_guest_user
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+      end
+    }
+    request!(nil, :action, reader)
+
+    assert !has_role?(:test_role)
+
+    block_evaled = false
+    has_role?(:test_role) do
+      block_evaled = true
+    end
+    assert !block_evaled
+  end
+  
+  def test_has_role_with_hierarchy
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+        role :other_role do
+          has_permission_on :another_mocks, :to => :show
+        end
+
+        role :root do
+          includes :test_role
+        end
+      end
+    }    
+    
+    user = MockUser.new(:root)
+    request!(user, :action, reader)
+    
+    assert has_role_with_hierarchy?(:test_role)
+    assert !has_role_with_hierarchy?(:other_role)
+
+    block_evaled = false
+    has_role_with_hierarchy?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    
+    block_evaled = false
+    has_role_with_hierarchy?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+  end
+  
+  def test_has_any_role_with_hierarchy
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :mocks, :to => :show
+        end
+        role :other_role do
+          has_permission_on :another_mocks, :to => :show
+        end
+
+        role :root do
+          includes :test_role
+        end
+      end
+    }    
+    
+    user = MockUser.new(:root)
+    request!(user, :action, reader)
+    
+    assert has_any_role_with_hierarchy?(:test_role)
+    assert !has_any_role_with_hierarchy?(:other_role)
+    assert has_any_role_with_hierarchy?(:test_role,:other_role)
+
+    block_evaled = false
+    has_any_role_with_hierarchy?(:test_role) do
+      block_evaled = true
+    end
+    assert block_evaled
+    
+    block_evaled = false
+    has_any_role_with_hierarchy?(:test_role2) do
+      block_evaled = true
+    end
+    assert !block_evaled
+    
+    block_evaled = false
+    has_any_role_with_hierarchy?(:test_role,:test_role2) do
+      block_evaled = true
+    end
+    assert block_evaled
+  end
+end

data/test/maintenance_test.rb

@@ -0,0 +1,46 @@
+require 'test_helper'
+require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization maintenance})
+
+class MaintenanceTest < Test::Unit::TestCase
+  include Authorization::TestHelper
+
+  def test_usages_by_controllers
+    usage_test_controller = Class.new(ActionController::Base)
+    usage_test_controller.send(:define_method, :an_action) {}
+    usage_test_controller.filter_access_to :an_action
+
+    assert Authorization::Maintenance::Usage::usages_by_controller.
+              include?(usage_test_controller)
+  end
+
+  def test_without_access_control
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :test_role do
+          has_permission_on :permissions, :to => :test
+        end
+      end
+    }
+    engine = Authorization::Engine.new(reader)
+    assert !engine.permit?(:test_2, :context => :permissions,
+        :user => MockUser.new(:test_role))
+    Authorization::Maintenance::without_access_control do
+      assert engine.permit!(:test_2, :context => :permissions,
+          :user => MockUser.new(:test_role))
+    end
+    without_access_control do
+      assert engine.permit?(:test_2, :context => :permissions,
+          :user => MockUser.new(:test_role))
+    end
+    Authorization::Maintenance::without_access_control do
+      Authorization::Maintenance::without_access_control do
+        assert engine.permit?(:test_2, :context => :permissions,
+            :user => MockUser.new(:test_role))
+      end
+      assert engine.permit?(:test_2, :context => :permissions,
+          :user => MockUser.new(:test_role))
+    end
+  end
+
+end