zuul 0.1.1 → 0.2.0

data/spec/db/schema.rb

@@ -0,0 +1,172 @@
+ActiveRecord::Schema.define(:version => 0) do
+  create_table :dummies do |t|
+  end
+  
+  create_table :users do |t|
+    t.string :name
+  end
+
+  create_table :roles do |t|
+    t.string :name
+    t.string :slug
+    t.integer :level
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :permissions do |t|
+    t.string :name
+    t.string :slug
+    t.string :context_type
+    t.integer :context_id
+  end
+
+  create_table :role_users do |t|
+    t.integer :user_id
+    t.integer :role_id
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :permission_users do |t|
+    t.integer :user_id
+    t.integer :permission_id
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :permission_roles do |t|
+    t.integer :role_id
+    t.integer :permission_id
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :contexts do |t|
+    t.string :name
+  end
+  
+  create_table :levels do |t|
+    t.string :name
+    t.string :slug
+    t.integer :level
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :abilities do |t|
+    t.string :name
+    t.string :slug
+    t.string :context_type
+    t.integer :context_id
+  end
+
+  create_table :level_users do |t|
+    t.integer :user_id
+    t.integer :level_id
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :ability_users do |t|
+    t.integer :user_id
+    t.integer :ability_id
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :ability_levels do |t|
+    t.integer :level_id
+    t.integer :ability_id
+    t.string :context_type
+    t.integer :context_id
+  end
+
+  create_table :soldiers do |t|
+    t.string :name
+  end
+
+  create_table :ranks do |t|
+    t.string :name
+    t.string :slug
+    t.integer :level
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :skills do |t|
+    t.string :name
+    t.string :slug
+    t.string :context_type
+    t.integer :context_id
+  end
+
+  create_table :rank_soldiers do |t|
+    t.integer :soldier_id
+    t.integer :rank_id
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :skill_soldiers do |t|
+    t.integer :soldier_id
+    t.integer :skill_id
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :rank_skills do |t|
+    t.integer :rank_id
+    t.integer :skill_id
+    t.string :context_type
+    t.integer :context_id
+  end
+
+  create_table :weapons do |t|
+    t.string :name
+  end
+  
+  create_table :zuul_models_users do |t|
+    t.string :name
+  end
+
+  create_table :zuul_models_roles do |t|
+    t.string :name
+    t.string :slug
+    t.integer :level
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :zuul_models_permissions do |t|
+    t.string :name
+    t.string :slug
+    t.string :context_type
+    t.integer :context_id
+  end
+
+  create_table :zuul_models_role_users do |t|
+    t.integer :user_id
+    t.integer :role_id
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :zuul_models_permission_users do |t|
+    t.integer :user_id
+    t.integer :permission_id
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :zuul_models_permission_roles do |t|
+    t.integer :role_id
+    t.integer :permission_id
+    t.string :context_type
+    t.integer :context_id
+  end
+  
+  create_table :zuul_models_contexts do |t|
+    t.string :name
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,25 @@
+require 'active_support'
+require 'active_record'
+require 'action_controller'
+require 'zuul'
+require 'rspec'
+
+Dir[File.join(File.dirname(__FILE__), '..', "spec/support/**/*.rb")].each { |f| require f }
+
+RSpec.configure do |config|
+  config.before(:suite) do
+    ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
+    capture_stdout { load "db/schema.rb" }
+  end
+
+  config.before(:each) do
+    load 'support/models.rb'
+  end
+
+  config.around(:each) do |example|
+    ActiveRecord::Base.transaction do
+      example.run
+      raise ActiveRecord::Rollback
+    end
+  end
+end

data/spec/support/capture_stdout.rb

@@ -0,0 +1,12 @@
+require 'stringio'
+ 
+module Kernel
+  def capture_stdout
+    out = StringIO.new
+    $stdout = out
+    yield
+    return out
+  ensure
+    $stdout = STDOUT
+  end
+end

data/spec/support/models.rb

@@ -0,0 +1,167 @@
+# Default Subject, Role, Permission and Context models
+Object.send(:remove_const, :User) if defined?(User) # we do this to undefine the model and start fresh, without any of the authorization stuff applied by tests
+class User < ActiveRecord::Base
+  attr_accessible :name
+end
+
+Object.send(:remove_const, :Role) if defined?(Role)
+class Role < ActiveRecord::Base
+  attr_accessible :name, :slug, :level, :context_type, :context_id
+end
+
+Object.send(:remove_const, :Permission) if defined?(Permission)
+class Permission < ActiveRecord::Base
+  attr_accessible :name, :slug, :context_type, :context_id
+end
+
+Object.send(:remove_const, :Context) if defined?(Context)
+class Context < ActiveRecord::Base
+end
+
+# Default association models
+Object.send(:remove_const, :RoleUser) if defined?(RoleUser)
+class RoleUser < ActiveRecord::Base
+  belongs_to :user
+  belongs_to :role
+end
+
+Object.send(:remove_const, :SpecialRoleUser) if defined?(SpecialRoleUser)
+class SpecialRoleUser < ActiveRecord::Base
+  belongs_to :user
+  belongs_to :role
+end
+
+Object.send(:remove_const, :PermissionUser) if defined?(PermissionUser)
+class PermissionUser < ActiveRecord::Base
+  belongs_to :user
+  belongs_to :permission
+end
+
+Object.send(:remove_const, :PermissionRole) if defined?(PermissionRole)
+class PermissionRole < ActiveRecord::Base
+  belongs_to :role
+  belongs_to :permission
+end
+
+# Additional models to test scoping
+Object.send(:remove_const, :Level) if defined?(Level)
+class Level < ActiveRecord::Base
+  attr_accessible :name, :slug, :level, :context_type, :context_id
+end
+
+Object.send(:remove_const, :Ability) if defined?(Ability)
+class Ability < ActiveRecord::Base
+  attr_accessible :name, :slug, :context_type, :context_id
+end
+
+Object.send(:remove_const, :AbilityLevel) if defined?(AbilityLevel)
+class AbilityLevel < ActiveRecord::Base
+  belongs_to :ability
+  belongs_to :level
+end
+
+Object.send(:remove_const, :AbilityUser) if defined?(AbilityUser)
+class AbilityUser < ActiveRecord::Base
+  belongs_to :ability
+  belongs_to :user
+end
+
+Object.send(:remove_const, :LevelUser) if defined?(LevelUser)
+class LevelUser < ActiveRecord::Base
+  belongs_to :level
+  belongs_to :user
+end
+
+
+# Dummy model without any configuration for generic tests
+Object.send(:remove_const, :Dummy) if defined?(Dummy)
+class Dummy < ActiveRecord::Base
+end
+
+# Custom named Subject, Role, Permission and Context models
+Object.send(:remove_const, :Soldier) if defined?(Soldier)
+class Soldier < ActiveRecord::Base
+  attr_accessible :name
+end
+
+Object.send(:remove_const, :Rank) if defined?(Rank)
+class Rank < ActiveRecord::Base
+  attr_accessible :name, :slug, :level, :context_type, :context_id
+end
+
+Object.send(:remove_const, :Skill) if defined?(Skill)
+class Skill < ActiveRecord::Base
+  attr_accessible :name, :slug, :context_type, :context_id
+end
+
+Object.send(:remove_const, :Weapon) if defined?(Weapon)
+class Weapon < ActiveRecord::Base
+end
+
+Object.send(:remove_const, :RankSoldier) if defined?(RankSoldier)
+class RankSoldier < ActiveRecord::Base
+  belongs_to :soldier
+  belongs_to :rank
+end
+
+Object.send(:remove_const, :SkillSoldier) if defined?(SkillSoldier)
+class SkillSoldier < ActiveRecord::Base
+  belongs_to :soldier
+  belongs_to :skill
+end
+
+Object.send(:remove_const, :CustomSkillSoldier) if defined?(CustomSkillSoldier)
+class CustomSkillSoldier < ActiveRecord::Base
+  belongs_to :soldier
+  belongs_to :skill
+end
+
+Object.send(:remove_const, :RankSkill) if defined?(RankSkill)
+class RankSkill < ActiveRecord::Base
+  belongs_to :rank
+  belongs_to :skill
+end
+
+# Namespaced Subject, Role, Permission and Context models
+module ZuulModels
+  def self.table_name_prefix
+    'zuul_models_'
+  end
+
+  send(:remove_const, :User) if defined?(ZuulModels::User)
+  class User < ActiveRecord::Base
+    attr_accessible :name
+  end
+
+  send(:remove_const, :Role) if defined?(ZuulModels::Role)
+  class Role < ActiveRecord::Base
+    attr_accessible :name, :slug, :level, :context_type, :context_id
+  end
+
+  send(:remove_const, :Permission) if defined?(ZuulModels::Permission)
+  class Permission < ActiveRecord::Base
+    attr_accessible :name, :slug, :context_type, :context_id
+  end
+
+  send(:remove_const, :Context) if defined?(ZuulModels::Context)
+  class Context < ActiveRecord::Base
+  end
+
+  send(:remove_const, :RoleUser) if defined?(ZuulModels::RoleUser)
+  class RoleUser < ActiveRecord::Base
+    belongs_to :user
+    belongs_to :role
+  end
+
+  send(:remove_const, :PermissionUser) if defined?(ZuulModels::PermissionUser)
+  class PermissionUser < ActiveRecord::Base
+    belongs_to :user
+    belongs_to :permission
+  end
+
+  send(:remove_const, :PermissionRole) if defined?(ZuulModels::PermissionRole)
+  class PermissionRole < ActiveRecord::Base
+    belongs_to :role
+    belongs_to :permission
+  end
+end

data/spec/zuul/active_record/context_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe "Zuul::ActiveRecord::Context" do
+  before(:each) do
+    User.acts_as_authorization_subject
+    Role.acts_as_authorization_role
+    Permission.acts_as_authorization_permission
+    Context.acts_as_authorization_context
+  end
+
+  describe "allowed?" do
+    it "should require a subject and a role object or slug" do
+      context = Context.create(:name => "Test Context")
+      user = User.create(:name => "Test User")
+      expect { context.allowed? }.to raise_exception
+      expect { context.allowed?(user) }.to raise_exception
+    end
+
+    it "should wrap Subect#has_role?" do
+      context = Context.create(:name => "Test Context")
+      user = User.create(:name => "Test User")
+      role = Role.create(:name => "Admin", :slug => "admin", :level => 100)
+      context.allowed?(user, role).should be_false
+      context.allowed?(user, role).should == user.has_role?(role, context)
+      user.assign_role(role, context)
+      context.allowed?(user, role).should be_true
+      context.allowed?(user, role).should == user.has_role?(role, context)
+    end
+  end
+
+  describe "allowed_to?" do
+    it "should not be available if permissions are disabled" do
+      Weapon.acts_as_authorization_context :with_permissions => false
+      Weapon.new.should_not respond_to(:allowed_to?)
+    end
+
+    it "should require a subject and a permission object or slug" do
+      context = Context.create(:name => "Test Context")
+      user = User.create(:name => "Test User")
+      expect { context.allowed_to? }.to raise_exception
+      expect { context.allowed_to?(user) }.to raise_exception
+    end
+
+    it "should wrap Subect#has_permission?" do
+      context = Context.create(:name => "Test Context")
+      user = User.create(:name => "Test User")
+      permission = Permission.create(:name => "Edit", :slug => "edit")
+      context.allowed_to?(user, permission).should be_false
+      context.allowed_to?(user, permission).should == user.has_permission?(permission, context)
+      user.assign_permission(permission, context)
+      context.allowed_to?(user, permission).should be_true
+      context.allowed_to?(user, permission).should == user.has_permission?(permission, context)
+    end
+  end
+end

data/spec/zuul/active_record/permission_role_spec.rb

@@ -0,0 +1,84 @@
+require 'spec_helper'
+
+describe "Zuul::ActiveRecord::PermissionRole" do
+  before(:each) do
+    Permission.acts_as_authorization_permission
+  end
+
+  describe "accessible attributes" do
+    it "should allow mass assignment of permission class foreign key" do
+      pu = PermissionRole.new(:permission_id => 1)
+      pu.permission_id.should == 1
+    end
+    
+    it "should allow mass assignment of role class foreign key" do
+      pu = PermissionRole.new(:role_id => 1)
+      pu.role_id.should == 1
+    end
+    
+    it "should allow mass assignment of :context" do
+      context = Context.create(:name => "Test Context")
+      pu = PermissionRole.new(:context => context)
+      pu.context_type.should == 'Context'
+      pu.context_id.should == context.id
+    end
+    
+    it "should allow mass assignment of :context_type" do
+      pu = PermissionRole.new(:context_type => 'Context')
+      pu.context_type.should == 'Context'
+    end
+    
+    it "should allow mass assignment of :context_id" do
+      pu = PermissionRole.new(:context_id => 1)
+      pu.context_id.should == 1
+    end
+  end
+
+  context "validations for core permission fields" do
+    it "should validate presence of permission class foreign key" do
+      pu = PermissionRole.new()
+      pu.valid?.should be_false
+      pu.errors.keys.should include(:permission_id)
+    end
+    
+    it "should validate presence of role class foreign key" do
+      pu = PermissionRole.new()
+      pu.valid?.should be_false
+      pu.errors.keys.should include(:role_id)
+    end
+
+    it "should validate uniqueness of permission class foreign key scoped to context_type, context_id and the role class foreign key" do
+      PermissionRole.create(:permission_id => 1, :role_id => 1)
+      pu = PermissionRole.create(:permission_id => 1, :role_id => 1)
+      pu.valid?.should be_false
+      pu.errors.keys.should include(:permission_id)
+      
+      PermissionRole.create(:permission_id => 1, :role_id => 1, :context_type => 'Context').valid?.should be_true
+      pu = PermissionRole.create(:permission_id => 1, :role_id => 1, :context_type => 'Context')
+      pu.valid?.should be_false
+      pu.errors.keys.should include(:permission_id)
+      
+      PermissionRole.create(:permission_id => 1, :role_id => 1, :context_type => 'Context', :context_id => 1).valid?.should be_true
+      pu = PermissionRole.create(:permission_id => 1, :role_id => 1, :context_type => 'Context', :context_id => 1)
+      pu.valid?.should be_false
+      pu.errors.keys.should include(:permission_id)
+    end
+
+    it "should validate numericality of permission class foreign key with integers only" do
+      pu = PermissionRole.new(:permission_id => 'a', :role_id => 1)
+      pu.valid?.should be_false
+      pu.errors.keys.should include(:permission_id)
+      pu.permission_id = 1.3
+      pu.valid?.should be_false
+      pu.errors.keys.should include(:permission_id)
+    end
+  end
+
+  it "should provide the model with belongs_to associations for permissions and roles" do
+    PermissionRole.reflections.keys.should include(:permission)
+    PermissionRole.reflections.keys.should include(:role)
+    pu = PermissionRole.create(:permission_id => 1, :use_id => 1)
+    pu.should respond_to(:permission)
+    pu.should respond_to(:role)
+  end
+end