diff --git a/lib/declarative_authorization/controller/runtime.rb b/lib/declarative_authorization/controller/runtime.rb index 1f0868e..adf0bf3 100644 --- a/lib/declarative_authorization/controller/runtime.rb +++ b/lib/declarative_authorization/controller/runtime.rb @@ -14,6 +14,7 @@ module Runtime def self.failed_auto_loading_is_not_found? @@failed_auto_loading_is_not_found end + def self.failed_auto_loading_is_not_found=(new_value) @@failed_auto_loading_is_not_found = new_value end @@ -28,11 +29,27 @@ def authorization_engine # in the authorization rules are only evaluated if an object is given # for context. # - # See examples for Authorization::AuthorizationHelper #permitted_to? - # # If no object or context is specified, the controller_name is used as # context. # + # Examples: + # <% permitted_to? :create, :users do %> + # <%= link_to 'New', new_user_path %> + # <% end %> + # ... + # <% if permitted_to? :create, :users %> + # <%= link_to 'New', new_user_path %> + # <% else %> + # You are not allowed to create new users! + # <% end %> + # ... + # <% for user in @users %> + # <%= link_to 'Edit', edit_user_path(user) if permitted_to? :update, user %> + # <% end %> + # + # To pass in an object and override the context, you can use the optional + # options: + # permitted_to? :update, user, :context => :account def permitted_to?(privilege, object_or_sym = nil, options = {}) if authorization_engine.permit!(privilege, options_for_permit(object_or_sym, options, false)) yield if block_given? @@ -48,16 +65,27 @@ def permitted_to!(privilege, object_or_sym = nil, options = {}) authorization_engine.permit!(privilege, options_for_permit(object_or_sym, options, true)) end - # While permitted_to? is used for authorization, in some cases + # While permitted_to? is used for authorization in views, in some cases # content should only be shown to some users without being concerned # with authorization. E.g. to only show the most relevant menu options # to a certain group of users. That is what has_role? should be used for. + # + # Examples: + # <% has_role?(:sales) do %> + # <%= link_to 'All contacts', contacts_path %> + # <% end %> + # ... + # <% if has_role?(:sales) %> + # <%= link_to 'Customer contacts', contacts_path %> + # <% else %> + # ... + # <% end %> def has_role?(*roles) user_roles = authorization_engine.roles_for(current_user) result = roles.all? do |role| user_roles.include?(role) end - yield if result and block_given? + yield if result && block_given? result end @@ -68,7 +96,7 @@ def has_any_role?(*roles) result = roles.any? do |role| user_roles.include?(role) end - yield if result and block_given? + yield if result && block_given? result end @@ -78,7 +106,7 @@ def has_role_with_hierarchy?(*roles) result = roles.all? do |role| user_roles.include?(role) end - yield if result and block_given? + yield if result && block_given? result end @@ -88,7 +116,7 @@ def has_any_role_with_hierarchy?(*roles) result = roles.any? do |role| user_roles.include?(role) end - yield if result and block_given? + yield if result && block_given? result end @@ -96,16 +124,18 @@ def options_for_permit(object_or_sym = nil, options = {}, bang = true) context = object = nil if object_or_sym.nil? context = decl_auth_context - elsif !Authorization.is_a_association_proxy?(object_or_sym) and object_or_sym.is_a?(Symbol) + elsif !Authorization.is_a_association_proxy?(object_or_sym) && object_or_sym.is_a?(Symbol) context = object_or_sym else object = object_or_sym end - result = {:object => object, - :context => context, - :skip_attribute_test => object.nil?, - :bang => bang}.merge(options) + result = { + object: object, + context: context, + skip_attribute_test: object.nil?, + bang: bang + }.merge(options) result[:user] = current_user unless result.key?(:user) result end @@ -120,12 +150,12 @@ def allowed?(action_name) begin allowed = if matching_permissions.any? - matching_permissions.all? { |p| p.permit!(self, action_name) } - elsif all_permissions.any? - all_permissions.all? { |p| p.permit!(self, action_name) } - else - !DEFAULT_DENY - end + matching_permissions.all? { |p| p.permit!(self, action_name) } + elsif all_permissions.any? + all_permissions.all? { |p| p.permit!(self, action_name) } + else + !DEFAULT_DENY + end rescue ::Authorization::NotAuthorized => e auth_exception = e end diff --git a/lib/declarative_authorization/helper.rb b/lib/declarative_authorization/helper.rb index bcb6162..4c04e9d 100644 --- a/lib/declarative_authorization/helper.rb +++ b/lib/declarative_authorization/helper.rb @@ -1,78 +1,12 @@ # Authorization::AuthorizationHelper -require File.dirname(__FILE__) + '/authorization.rb' +require "#{File.dirname(__FILE__)}/authorization.rb" module Authorization + # Include this module in your views module AuthorizationHelper - - # If the current user meets the given privilege, permitted_to? returns true - # and yields to the optional block. The attribute checks that are defined - # in the authorization rules are only evaluated if an object is given - # for context. - # - # Examples: - # <% permitted_to? :create, :users do %> - # <%= link_to 'New', new_user_path %> - # <% end %> - # ... - # <% if permitted_to? :create, :users %> - # <%= link_to 'New', new_user_path %> - # <% else %> - # You are not allowed to create new users! - # <% end %> - # ... - # <% for user in @users %> - # <%= link_to 'Edit', edit_user_path(user) if permitted_to? :update, user %> - # <% end %> - # - # To pass in an object and override the context, you can use the optional - # options: - # permitted_to? :update, user, :context => :account - # - def permitted_to?(privilege, object_or_sym = nil, options = {}) - controller.permitted_to?(privilege, object_or_sym, options) do - yield if block_given? - end - end - - # While permitted_to? is used for authorization in views, in some cases - # content should only be shown to some users without being concerned - # with authorization. E.g. to only show the most relevant menu options - # to a certain group of users. That is what has_role? should be used for. - # - # Examples: - # <% has_role?(:sales) do %> - # <%= link_to 'All contacts', contacts_path %> - # <% end %> - # ... - # <% if has_role?(:sales) %> - # <%= link_to 'Customer contacts', contacts_path %> - # <% else %> - # ... - # <% end %> - # - def has_role?(*roles) - controller.has_role?(*roles) do - yield if block_given? - end - end - - # As has_role? except checks all roles included in the role hierarchy - def has_role_with_hierarchy?(*roles) - controller.has_role_with_hierarchy?(*roles) do - yield if block_given? - end - end - - def has_any_role?(*roles) - controller.has_any_role?(*roles) do - yield if block_given? - end - end - - def has_any_role_with_hierarchy?(*roles) - controller.has_any_role_with_hierarchy?(*roles) do - yield if block_given? - end - end + delegate :has_role?, :has_role_with_hierarchy?, + :has_any_role?, :has_any_role_with_hierarchy?, + :permitted_to?, + to: :controller end end diff --git a/test/authorization_test.rb b/test/authorization_test.rb index a861a62..1c7296b 100644 --- a/test/authorization_test.rb +++ b/test/authorization_test.rb @@ -1,78 +1,77 @@ require 'test_helper' class AuthorizationTest < Test::Unit::TestCase - def test_permit reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_role_2)) - assert !engine.permit?(:test_2, :context => :permissions_2, - :user => MockUser.new(:test_role)) - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role_2)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, :test_role_2)) + assert !engine.permit?(:test_2, context: :permissions_2, + user: MockUser.new(:test_role)) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role_2)) end def test_permit_context_people reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :people, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :people, - :user => MockUser.new(:test_role)) + assert engine.permit?(:test, context: :people, + user: MockUser.new(:test_role)) end def test_permit_with_has_omnipotence reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :admin do has_omnipotence end end - } + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :people, - :user => MockUser.new(:admin)) + assert engine.permit?(:test, context: :people, + user: MockUser.new(:admin)) end def test_permit_multiple_contexts reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on [:permissions, :permissions_2], :to => :test has_permission_on :permissions_4, :permissions_5, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role)) - assert engine.permit?(:test, :context => :permissions_2, - :user => MockUser.new(:test_role)) - assert !engine.permit?(:test, :context => :permissions_3, - :user => MockUser.new(:test_role)) - - assert engine.permit?(:test, :context => :permissions_4, :user => MockUser.new(:test_role)) - assert engine.permit?(:test, :context => :permissions_5, :user => MockUser.new(:test_role)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role)) + assert engine.permit?(:test, context: :permissions_2, + user: MockUser.new(:test_role)) + assert !engine.permit?(:test, context: :permissions_3, + user: MockUser.new(:test_role)) + + assert engine.permit?(:test, context: :permissions_4, user: MockUser.new(:test_role)) + assert engine.permit?(:test, context: :permissions_5, user: MockUser.new(:test_role)) end def test_permit_with_frozen_roles reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :other_role do includes :test_role @@ -81,30 +80,30 @@ def test_permit_with_frozen_roles has_permission_on :permissions, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) roles = [:other_role].freeze - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:role_symbols => roles)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(role_symbols: roles)) end def test_obligations_without_conditions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) - assert_equal [{}], engine.obligations(:test, :context => :permissions, - :user => MockUser.new(:test_role)) + assert_equal [{}], engine.obligations(:test, context: :permissions, + user: MockUser.new(:test_role)) end def test_obligations_with_conditions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -112,16 +111,16 @@ def test_obligations_with_conditions end end end - } + ) engine = Authorization::Engine.new(reader) - assert_equal [{:attr => [:is, 1]}], - engine.obligations(:test, :context => :permissions, - :user => MockUser.new(:test_role, :attr => 1)) + assert_equal [{ attr: [:is, 1] }], + engine.obligations(:test, context: :permissions, + user: MockUser.new(:test_role, attr: 1)) end def test_obligations_with_omnipotence reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :admin do has_omnipotence @@ -132,16 +131,16 @@ def test_obligations_with_omnipotence end end end - } + ) engine = Authorization::Engine.new(reader) assert_equal [], - engine.obligations(:test, :context => :permissions, - :user => MockUser.new(:test_role, :admin, :attr => 1)) + engine.obligations(:test, context: :permissions, + user: MockUser.new(:test_role, :admin, attr: 1)) end def test_obligations_with_anded_conditions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test, :join_by => :and do @@ -150,16 +149,16 @@ def test_obligations_with_anded_conditions end end end - } + ) engine = Authorization::Engine.new(reader) - assert_equal [{:attr => [:is, 1], :attr_2 => [:is, 2]}], - engine.obligations(:test, :context => :permissions, - :user => MockUser.new(:test_role, :attr => 1, :attr_2 => 2)) + assert_equal [{ attr: [:is, 1], attr_2: [:is, 2] }], + engine.obligations(:test, context: :permissions, + user: MockUser.new(:test_role, attr: 1, attr_2: 2)) end def test_obligations_with_deep_anded_conditions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test, :join_by => :and do @@ -168,16 +167,16 @@ def test_obligations_with_deep_anded_conditions end end end - } + ) engine = Authorization::Engine.new(reader) - assert_equal [{:attr => { :deeper_attr => [:is, 1], :deeper_attr_2 => [:is, 2] } }], - engine.obligations(:test, :context => :permissions, - :user => MockUser.new(:test_role, :deeper_attr => 1, :deeper_attr_2 => 2)) + assert_equal [{ attr: { deeper_attr: [:is, 1], deeper_attr_2: [:is, 2] } }], + engine.obligations(:test, context: :permissions, + user: MockUser.new(:test_role, deeper_attr: 1, deeper_attr_2: 2)) end def test_obligations_with_has_many reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -185,16 +184,16 @@ def test_obligations_with_has_many end end end - } + ) engine = Authorization::Engine.new(reader) - assert_equal [{:attrs => {:deeper_attr => [:is, 1]}}], - engine.obligations(:test, :context => :permissions, - :user => MockUser.new(:test_role, :deeper_attr => 1)) + assert_equal [{ attrs: { deeper_attr: [:is, 1] } }], + engine.obligations(:test, context: :permissions, + user: MockUser.new(:test_role, deeper_attr: 1)) end def test_obligations_with_conditions_and_empty reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test @@ -203,16 +202,16 @@ def test_obligations_with_conditions_and_empty end end end - } + ) engine = Authorization::Engine.new(reader) - assert_equal [{}, {:attr => [:is, 1]}], - engine.obligations(:test, :context => :permissions, - :user => MockUser.new(:test_role, :attr => 1)) + assert_equal [{}, { attr: [:is, 1] }], + engine.obligations(:test, context: :permissions, + user: MockUser.new(:test_role, attr: 1)) end def test_obligations_with_permissions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -230,22 +229,22 @@ def test_obligations_with_permissions end end end - } + ) engine = Authorization::Engine.new(reader) - assert_equal [{:permission => {:attr => [:is, 1]}}], - engine.obligations(:test, :context => :permission_children, - :user => MockUser.new(:test_role, :attr => 1)) - assert_equal [{:permission => {:attr => [:is, 1]}}], - engine.obligations(:test, :context => :permission_children_2, - :user => MockUser.new(:test_role, :attr => 1)) - assert_equal [{:permission_child => {:permission => {:attr => [:is, 1]}}}], - engine.obligations(:test, :context => :permission_children_children, - :user => MockUser.new(:test_role, :attr => 1)) + assert_equal [{ permission: { attr: [:is, 1] } }], + engine.obligations(:test, context: :permission_children, + user: MockUser.new(:test_role, attr: 1)) + assert_equal [{ permission: { attr: [:is, 1] } }], + engine.obligations(:test, context: :permission_children_2, + user: MockUser.new(:test_role, attr: 1)) + assert_equal [{ permission_child: { permission: { attr: [:is, 1] } } }], + engine.obligations(:test, context: :permission_children_children, + user: MockUser.new(:test_role, attr: 1)) end def test_obligations_with_has_many_permissions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -263,22 +262,22 @@ def test_obligations_with_has_many_permissions end end end - } + ) engine = Authorization::Engine.new(reader) - assert_equal [{:permissions => {:attr => [:is, 1]}}], - engine.obligations(:test, :context => :permission_children, - :user => MockUser.new(:test_role, :attr => 1)) - assert_equal [{:permissions => {:attr => [:is, 1]}}], - engine.obligations(:test, :context => :permission_children_2, - :user => MockUser.new(:test_role, :attr => 1)) - assert_equal [{:permission_child => {:permissions => {:attr => [:is, 1]}}}], - engine.obligations(:test, :context => :permission_children_children, - :user => MockUser.new(:test_role, :attr => 1)) + assert_equal [{ permissions: { attr: [:is, 1] } }], + engine.obligations(:test, context: :permission_children, + user: MockUser.new(:test_role, attr: 1)) + assert_equal [{ permissions: { attr: [:is, 1] } }], + engine.obligations(:test, context: :permission_children_2, + user: MockUser.new(:test_role, attr: 1)) + assert_equal [{ permission_child: { permissions: { attr: [:is, 1] } } }], + engine.obligations(:test, context: :permission_children_children, + user: MockUser.new(:test_role, attr: 1)) end def test_obligations_with_permissions_multiple reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -290,17 +289,17 @@ def test_obligations_with_permissions_multiple end end end - } + ) engine = Authorization::Engine.new(reader) - assert_equal [{:permission_child => {:permission => {:attr => [:is, 1]}}}, - {:permission_child => {:permission => {:attr => [:is, 2]}}}], - engine.obligations(:test, :context => :permission_children_children, - :user => MockUser.new(:test_role)) + assert_equal [{ permission_child: { permission: { attr: [:is, 1] } } }, + { permission_child: { permission: { attr: [:is, 2] } } }], + engine.obligations(:test, context: :permission_children_children, + user: MockUser.new(:test_role)) end def test_obligations_with_permissions_and_anded_conditions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permission_children, :to => :test, :join_by => :and do @@ -312,70 +311,70 @@ def test_obligations_with_permissions_and_anded_conditions end end end - } + ) engine = Authorization::Engine.new(reader) - assert_equal [{:test_attr => [:is, 1], :permission => {:test_attr => [:is, 1]}}], - engine.obligations(:test, :context => :permission_children, - :user => MockUser.new(:test_role)) + assert_equal [{ test_attr: [:is, 1], permission: { test_attr: [:is, 1] } }], + engine.obligations(:test, context: :permission_children, + user: MockUser.new(:test_role)) end def test_guest_user reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :guest do has_permission_on :permissions, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) Authorization.stub :current_user, MockUser.new do - assert engine.permit?(:test, :context => :permissions) - assert !engine.permit?(:test, :context => :permissions_2) + assert engine.permit?(:test, context: :permissions) + assert !engine.permit?(:test, context: :permissions_2) end end def test_default_role reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :anonymous do has_permission_on :permissions, :to => :test end end - } + ) Authorization.stub :default_role, :anonymous do engine = Authorization::Engine.new(reader) Authorization.stub :current_user, MockUser.new do - assert engine.permit?(:test, :context => :permissions) + assert engine.permit?(:test, context: :permissions) end - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:guest)) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:guest)) end end def test_invalid_user_model reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :guest do has_permission_on :permissions, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) assert_raise(Authorization::AuthorizationUsageError) do - engine.permit?(:test, :context => :permissions, :user => MockUser.new(1, 2)) + engine.permit?(:test, context: :permissions, user: MockUser.new(1, 2)) end assert_raise(Authorization::AuthorizationUsageError) do - engine.permit?(:test, :context => :permissions, :user => MockDataObject.new) + engine.permit?(:test, context: :permissions, user: MockDataObject.new) end end def test_role_hierarchy reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do includes :lower_role @@ -385,7 +384,7 @@ def test_role_hierarchy has_permission_on :permissions, :to => :lower end end - } + ) engine = Authorization::Engine.new(reader) assert engine.permit?(:test, context: :permissions, user: MockUser.new(:test_role)) assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role)) @@ -393,7 +392,7 @@ def test_role_hierarchy def test_role_hierarchy__recursive reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do includes :lower_role @@ -407,7 +406,7 @@ def test_role_hierarchy__recursive has_permission_on :permissions, :to => :lowest end end - } + ) engine = Authorization::Engine.new(reader) assert engine.permit?(:test, context: :permissions, user: MockUser.new(:test_role)) assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role)) @@ -416,7 +415,7 @@ def test_role_hierarchy__recursive def test_role_hierarchy__circular reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do includes :lower_role @@ -427,7 +426,7 @@ def test_role_hierarchy__circular has_permission_on :permissions, :to => :lower end end - } + ) engine = Authorization::Engine.new(reader) assert engine.permit?(:test, context: :permissions, user: MockUser.new(:test_role)) assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role)) @@ -435,7 +434,7 @@ def test_role_hierarchy__circular def test_role_hierarchy__recursive__circular reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do includes :lower_role @@ -450,7 +449,7 @@ def test_role_hierarchy__recursive__circular has_permission_on :permissions, :to => :lowest end end - } + ) engine = Authorization::Engine.new(reader) assert engine.permit?(:test, context: :permissions, user: MockUser.new(:test_role)) assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role)) @@ -459,7 +458,7 @@ def test_role_hierarchy__recursive__circular def test_privilege_hierarchy reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( privileges do privilege :test, :permissions do includes :lower @@ -470,14 +469,14 @@ def test_privilege_hierarchy has_permission_on :permissions, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role)) end def test_privilege_hierarchy__recursive reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( privileges do privilege :test, :permissions do includes :lower @@ -491,7 +490,7 @@ def test_privilege_hierarchy__recursive has_permission_on :permissions, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) assert engine.permit?(:lower, context: :permissions, user: MockUser.new(:test_role)) assert engine.permit?(:lowest, context: :permissions, user: MockUser.new(:test_role)) @@ -499,7 +498,7 @@ def test_privilege_hierarchy__recursive def test_privilege_hierarchy_without_context reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( privileges do privilege :read do includes :list, :show @@ -510,15 +509,15 @@ def test_privilege_hierarchy_without_context has_permission_on :permissions, :to => :read end end - } + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:list, :context => :permissions, - :user => MockUser.new(:test_role)) + assert engine.permit?(:list, context: :permissions, + user: MockUser.new(:test_role)) end def test_attribute_is reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -527,22 +526,22 @@ def test_attribute_is end end end - | + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 1), - :object => MockDataObject.new(:test_attr => 1)) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 2), - :object => MockDataObject.new(:test_attr => 3)) - assert((not(engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 2), - :object => MockDataObject.new(:test_attr => 1))))) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 1), + object: MockDataObject.new(test_attr: 1)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 2), + object: MockDataObject.new(test_attr: 3)) + assert(!engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 2), + object: MockDataObject.new(test_attr: 1))) end def test_attribute_is_not reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -550,19 +549,19 @@ def test_attribute_is_not end end end - | + ) engine = Authorization::Engine.new(reader) - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 1), - :object => MockDataObject.new(:test_attr => 1)) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 2), - :object => MockDataObject.new(:test_attr => 1)) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 1), + object: MockDataObject.new(test_attr: 1)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 2), + object: MockDataObject.new(test_attr: 1)) end def test_attribute_contains reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -570,19 +569,19 @@ def test_attribute_contains end end end - | + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 1), - :object => MockDataObject.new(:test_attr => [1,2])) - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 3), - :object => MockDataObject.new(:test_attr => [1,2])) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 1), + object: MockDataObject.new(test_attr: [1, 2])) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 3), + object: MockDataObject.new(test_attr: [1, 2])) end def test_attribute_does_not_contain reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -590,19 +589,19 @@ def test_attribute_does_not_contain end end end - | + ) engine = Authorization::Engine.new(reader) - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 1), - :object => MockDataObject.new(:test_attr => [1,2])) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 3), - :object => MockDataObject.new(:test_attr => [1,2])) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 1), + object: MockDataObject.new(test_attr: [1, 2])) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 3), + object: MockDataObject.new(test_attr: [1, 2])) end def test_attribute_in_array reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -611,22 +610,22 @@ def test_attribute_in_array end end end - | + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 1)) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 3)) - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 4)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 1)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 3)) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 4)) end def test_attribute_not_in_array reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -634,19 +633,19 @@ def test_attribute_not_in_array end end end - | + ) engine = Authorization::Engine.new(reader) - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 1)) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 4)) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 1)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 4)) end def test_attribute_intersects_with reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -659,30 +658,30 @@ def test_attribute_intersects_with end end end - } + ) engine = Authorization::Engine.new(reader) assert_raise Authorization::AuthorizationUsageError do - engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attrs => 1 )) + engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attrs: 1)) end assert_raise Authorization::AuthorizationUsageError do - engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role_2), - :object => MockDataObject.new(:test_attrs => [1, 2] )) + engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role_2), + object: MockDataObject.new(test_attrs: [1, 2])) end - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attrs => [1,3] )) - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attrs => [3,4] )) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attrs: [1, 3])) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attrs: [3, 4])) end def test_attribute_lte reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -691,29 +690,29 @@ def test_attribute_lte end end end - | + ) engine = Authorization::Engine.new(reader) # object < user -> pass - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 2), - :object => MockDataObject.new(:test_attr => 1)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 2), + object: MockDataObject.new(test_attr: 1)) # object > user && object = control -> pass - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 2), - :object => MockDataObject.new(:test_attr => 3)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 2), + object: MockDataObject.new(test_attr: 3)) # object = user -> pass - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 1), - :object => MockDataObject.new(:test_attr => 1)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 1), + object: MockDataObject.new(test_attr: 1)) # object > user -> fail - assert((not(engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 1), - :object => MockDataObject.new(:test_attr => 2))))) + assert(!engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 1), + object: MockDataObject.new(test_attr: 2))) end def test_attribute_gt reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -722,29 +721,29 @@ def test_attribute_gt end end end - | + ) engine = Authorization::Engine.new(reader) # object > user -> pass - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 1), - :object => MockDataObject.new(:test_attr => 2)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 1), + object: MockDataObject.new(test_attr: 2)) # object < user && object = control -> pass - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 4), - :object => MockDataObject.new(:test_attr => 3)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 4), + object: MockDataObject.new(test_attr: 3)) # object = user -> fail - assert((not(engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 1), - :object => MockDataObject.new(:test_attr => 1))))) + assert(!engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 1), + object: MockDataObject.new(test_attr: 1))) # object < user -> fail - assert((not(engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 2), - :object => MockDataObject.new(:test_attr => 1))))) + assert(!engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 2), + object: MockDataObject.new(test_attr: 1))) end def test_attribute_gte reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -753,29 +752,29 @@ def test_attribute_gte end end end - | + ) engine = Authorization::Engine.new(reader) # object > user -> pass - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 1), - :object => MockDataObject.new(:test_attr => 2)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 1), + object: MockDataObject.new(test_attr: 2)) # object < user && object = control -> pass - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 4), - :object => MockDataObject.new(:test_attr => 3)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 4), + object: MockDataObject.new(test_attr: 3)) # object = user -> pass - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 1), - :object => MockDataObject.new(:test_attr => 1)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 1), + object: MockDataObject.new(test_attr: 1)) # object < user -> fail - assert((not(engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role, :test_attr => 2), - :object => MockDataObject.new(:test_attr => 1))))) + assert(!engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role, test_attr: 2), + object: MockDataObject.new(test_attr: 1))) end def test_attribute_deep reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -783,24 +782,22 @@ def test_attribute_deep end end end - | + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr_1 => - MockDataObject.new(:test_attr_2 => [1,2]))) - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr_1 => - MockDataObject.new(:test_attr_2 => [3,4]))) - assert_equal [{:test_attr_1 => {:test_attr_2 => [:contains, 1]}}], - engine.obligations(:test, :context => :permissions, - :user => MockUser.new(:test_role)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr_1: MockDataObject.new(test_attr_2: [1, 2]))) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr_1: MockDataObject.new(test_attr_2: [3, 4]))) + assert_equal [{ test_attr_1: { test_attr_2: [:contains, 1] } }], + engine.obligations(:test, context: :permissions, + user: MockUser.new(:test_role)) end def test_attribute_has_many reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :companies, :to => :read do @@ -808,24 +805,24 @@ def test_attribute_has_many end end end - | + ) engine = Authorization::Engine.new(reader) - company = MockDataObject.new(:branches => [ - MockDataObject.new(:city => 'Barcelona'), - MockDataObject.new(:city => 'Paris') - ]) - assert engine.permit!(:read, :context => :companies, - :user => MockUser.new(:test_role, :city => 'Paris'), - :object => company) - assert !engine.permit?(:read, :context => :companies, - :user => MockUser.new(:test_role, :city => 'London'), - :object => company) + company = MockDataObject.new(branches: [ + MockDataObject.new(city: 'Barcelona'), + MockDataObject.new(city: 'Paris') + ]) + assert engine.permit!(:read, context: :companies, + user: MockUser.new(:test_role, city: 'Paris'), + object: company) + assert !engine.permit?(:read, context: :companies, + user: MockUser.new(:test_role, city: 'London'), + object: company) end def test_attribute_non_block reader = Authorization::Reader::DSLReader.new - reader.parse %| + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -833,19 +830,19 @@ def test_attribute_non_block end end end - | + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 1)) - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 2)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 1)) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 2)) end def test_attribute_multiple reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -854,24 +851,25 @@ def test_attribute_multiple end end end - } + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 1)) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 2)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 1)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 2)) end class PermissionMock < MockDataObject def self.name - "Permission" + 'Permission' end end + def test_attribute_with_permissions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -882,22 +880,22 @@ def test_attribute_with_permissions end end end - } + ) engine = Authorization::Engine.new(reader) - perm_data_attr_1 = PermissionMock.new({:test_attr => 1}) - perm_data_attr_2 = PermissionMock.new({:test_attr => 2}) - assert engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:permission => perm_data_attr_1)) - assert !engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:permission => perm_data_attr_2)) + perm_data_attr_1 = PermissionMock.new({ test_attr: 1 }) + perm_data_attr_2 = PermissionMock.new({ test_attr: 2 }) + assert engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(permission: perm_data_attr_1)) + assert !engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(permission: perm_data_attr_2)) end def test_attribute_with_has_many_permissions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -908,22 +906,22 @@ def test_attribute_with_has_many_permissions end end end - } + ) engine = Authorization::Engine.new(reader) - perm_data_attr_1 = PermissionMock.new({:test_attr => 1}) - perm_data_attr_2 = PermissionMock.new({:test_attr => 2}) - assert engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:permissions => [perm_data_attr_1])) - assert !engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:permissions => [perm_data_attr_2])) + perm_data_attr_1 = PermissionMock.new({ test_attr: 1 }) + perm_data_attr_2 = PermissionMock.new({ test_attr: 2 }) + assert engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(permissions: [perm_data_attr_1])) + assert !engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(permissions: [perm_data_attr_2])) end def test_attribute_with_deep_permissions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -934,24 +932,22 @@ def test_attribute_with_deep_permissions end end end - } + ) engine = Authorization::Engine.new(reader) - perm_data_attr_1 = PermissionMock.new({:test_attr => 1}) - perm_data_attr_2 = PermissionMock.new({:test_attr => 2}) - assert engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:shallow_permission => - MockDataObject.new(:permission => perm_data_attr_1))) - assert !engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:shallow_permission => - MockDataObject.new(:permission => perm_data_attr_2))) + perm_data_attr_1 = PermissionMock.new({ test_attr: 1 }) + perm_data_attr_2 = PermissionMock.new({ test_attr: 2 }) + assert engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(shallow_permission: MockDataObject.new(permission: perm_data_attr_1))) + assert !engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(shallow_permission: MockDataObject.new(permission: perm_data_attr_2))) end def test_attribute_with_deep_has_many_permissions reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -962,24 +958,22 @@ def test_attribute_with_deep_has_many_permissions end end end - } + ) engine = Authorization::Engine.new(reader) - perm_data_attr_1 = PermissionMock.new({:test_attr => 1}) - perm_data_attr_2 = PermissionMock.new({:test_attr => 2}) - assert engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:shallow_permissions => - [MockDataObject.new(:permission => perm_data_attr_1)])) - assert !engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:shallow_permissions => - [MockDataObject.new(:permission => perm_data_attr_2)])) + perm_data_attr_1 = PermissionMock.new({ test_attr: 1 }) + perm_data_attr_2 = PermissionMock.new({ test_attr: 2 }) + assert engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(shallow_permissions: [MockDataObject.new(permission: perm_data_attr_1)])) + assert !engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(shallow_permissions: [MockDataObject.new(permission: perm_data_attr_2)])) end def test_attribute_with_permissions_nil reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -990,21 +984,21 @@ def test_attribute_with_permissions_nil end end end - } + ) engine = Authorization::Engine.new(reader) - engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:permission => nil)) + engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(permission: nil)) - assert !engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:permission => nil)) + assert !engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(permission: nil)) end def test_attribute_with_permissions_on_self reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -1015,22 +1009,22 @@ def test_attribute_with_permissions_on_self end end end - } + ) engine = Authorization::Engine.new(reader) - perm_data_attr_1 = PermissionMock.new({:test_attr => 1}) - perm_data_attr_2 = PermissionMock.new({:test_attr => 2}) - assert engine.permit?(:another_test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => perm_data_attr_1) - assert !engine.permit?(:another_test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => perm_data_attr_2) + perm_data_attr_1 = PermissionMock.new({ test_attr: 1 }) + perm_data_attr_2 = PermissionMock.new({ test_attr: 2 }) + assert engine.permit?(:another_test, context: :permissions, + user: MockUser.new(:test_role), + object: perm_data_attr_1) + assert !engine.permit?(:another_test, context: :permissions, + user: MockUser.new(:test_role), + object: perm_data_attr_2) end def test_attribute_with_permissions_on_self_with_context reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -1041,22 +1035,22 @@ def test_attribute_with_permissions_on_self_with_context end end end - } + ) engine = Authorization::Engine.new(reader) - perm_data_attr_1 = PermissionMock.new({:test_attr => 1}) - perm_data_attr_2 = PermissionMock.new({:test_attr => 2}) - assert engine.permit?(:another_test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => perm_data_attr_1) - assert !engine.permit?(:another_test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => perm_data_attr_2) + perm_data_attr_1 = PermissionMock.new({ test_attr: 1 }) + perm_data_attr_2 = PermissionMock.new({ test_attr: 2 }) + assert engine.permit?(:another_test, context: :permissions, + user: MockUser.new(:test_role), + object: perm_data_attr_1) + assert !engine.permit?(:another_test, context: :permissions, + user: MockUser.new(:test_role), + object: perm_data_attr_2) end def test_attribute_with_permissions_and_anded_rules reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -1068,25 +1062,25 @@ def test_attribute_with_permissions_and_anded_rules end end end - } + ) engine = Authorization::Engine.new(reader) - perm_data_attr_1 = PermissionMock.new({:test_attr => 1}) - perm_data_attr_2 = PermissionMock.new({:test_attr => 2}) - assert engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:permission => perm_data_attr_1, :test_attr => 1)) - assert !engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:permission => perm_data_attr_2, :test_attr => 1)) - assert !engine.permit?(:test, :context => :permission_children, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:permission => perm_data_attr_1, :test_attr => 2)) + perm_data_attr_1 = PermissionMock.new({ test_attr: 1 }) + perm_data_attr_2 = PermissionMock.new({ test_attr: 2 }) + assert engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(permission: perm_data_attr_1, test_attr: 1)) + assert !engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(permission: perm_data_attr_2, test_attr: 1)) + assert !engine.permit?(:test, context: :permission_children, + user: MockUser.new(:test_role), + object: MockDataObject.new(permission: perm_data_attr_1, test_attr: 2)) end def test_attribute_with_anded_rules reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test, :join_by => :and do @@ -1095,20 +1089,20 @@ def test_attribute_with_anded_rules end end end - } + ) engine = Authorization::Engine.new(reader) - assert engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 1, :test_attr_2 => 2)) - assert !engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attr => 1, :test_attr_2 => 3)) + assert engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 1, test_attr_2: 2)) + assert !engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attr: 1, test_attr_2: 3)) end def test_raise_on_if_attribute_hash_on_collection reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -1116,58 +1110,58 @@ def test_raise_on_if_attribute_hash_on_collection end end end - } + ) engine = Authorization::Engine.new(reader) assert_raise Authorization::AuthorizationUsageError do - engine.permit?(:test, :context => :permissions, - :user => MockUser.new(:test_role), - :object => MockDataObject.new(:test_attrs => [1, 2, 3])) + engine.permit?(:test, context: :permissions, + user: MockUser.new(:test_role), + object: MockDataObject.new(test_attrs: [1, 2, 3])) end end def test_role_title_description reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role, :title => 'Test Role' do description "Test Role Description" end end - } + ) engine = Authorization::Engine.new(reader) assert engine.roles.include?(:test_role) - assert_equal "Test Role", engine.role_titles[:test_role] - assert_equal "Test Role", engine.title_for(:test_role) + assert_equal 'Test Role', engine.role_titles[:test_role] + assert_equal 'Test Role', engine.title_for(:test_role) assert_nil engine.title_for(:test_role_2) - assert_equal "Test Role Description", engine.role_descriptions[:test_role] - assert_equal "Test Role Description", engine.description_for(:test_role) + assert_equal 'Test Role Description', engine.role_descriptions[:test_role] + assert_equal 'Test Role Description', engine.description_for(:test_role) assert_nil engine.description_for(:test_role_2) end def test_multithread reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) Authorization.stub :current_user, MockUser.new(:test_role) do - assert engine.permit?(:test, :context => :permissions) + assert engine.permit?(:test, context: :permissions) Thread.new do Authorization.current_user = MockUser.new(:test_role2) - assert !engine.permit?(:test, :context => :permissions) + assert !engine.permit?(:test, context: :permissions) end - assert engine.permit?(:test, :context => :permissions) + assert engine.permit?(:test, context: :permissions) end end def test_clone reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test do @@ -1177,13 +1171,32 @@ def test_clone end end end - } + ) engine = Authorization::Engine.new(reader) cloned_engine = engine.clone assert_not_equal engine.auth_rules.first.contexts.object_id, - cloned_engine.auth_rules.first.contexts.object_id + cloned_engine.auth_rules.first.contexts.object_id assert_not_equal engine.auth_rules.first.attributes.first.send(:instance_variable_get, :@conditions_hash)[:attr].object_id, - cloned_engine.auth_rules.first.attributes.first.send(:instance_variable_get, :@conditions_hash)[:attr].object_id + cloned_engine.auth_rules.first.attributes.first.send(:instance_variable_get, + :@conditions_hash)[:attr].object_id + end + + def test_rev_role_hierarchy + reader = Authorization::Reader::DSLReader.new + reader.parse %( + authorization do + role :lower_role do + has_permission_on :permissions, :to => :lower + end + role :test_role do + includes :lower_role + has_permission_on :permissions, :to => :test + end + end + ) + engine = Authorization::Engine.new(reader) + assert_equal({ lower_role: [:test_role] }, engine.rev_role_hierarchy) + engine.rev_role_hierarchy # coverage end end diff --git a/test/maintenance_test.rb b/test/maintenance_test.rb index 274adfd..7326272 100644 --- a/test/maintenance_test.rb +++ b/test/maintenance_test.rb @@ -1,5 +1,5 @@ require 'test_helper' -require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization maintenance}) +require File.join(File.dirname(__FILE__), %w[.. lib declarative_authorization maintenance]) class MaintenanceTest < Test::Unit::TestCase include Authorization::TestHelper @@ -9,38 +9,50 @@ def test_usages_by_controllers usage_test_controller.send(:define_method, :an_action) {} usage_test_controller.filter_access_to :an_action - assert Authorization::Maintenance::Usage::usages_by_controller. - include?(usage_test_controller) + assert Authorization::Maintenance::Usage.usages_by_controller + .include?(usage_test_controller) end def test_without_access_control reader = Authorization::Reader::DSLReader.new - reader.parse %{ + reader.parse %( authorization do role :test_role do has_permission_on :permissions, :to => :test end end - } + ) engine = Authorization::Engine.new(reader) - assert !engine.permit?(:test_2, :context => :permissions, - :user => MockUser.new(:test_role)) - Authorization::Maintenance::without_access_control do - assert engine.permit!(:test_2, :context => :permissions, - :user => MockUser.new(:test_role)) + assert !engine.permit?(:test_2, context: :permissions, + user: MockUser.new(:test_role)) + Authorization::Maintenance.without_access_control do + assert engine.permit!(:test_2, context: :permissions, + user: MockUser.new(:test_role)) end without_access_control do - assert engine.permit?(:test_2, :context => :permissions, - :user => MockUser.new(:test_role)) + assert engine.permit?(:test_2, context: :permissions, + user: MockUser.new(:test_role)) end - Authorization::Maintenance::without_access_control do - Authorization::Maintenance::without_access_control do - assert engine.permit?(:test_2, :context => :permissions, - :user => MockUser.new(:test_role)) + Authorization::Maintenance.without_access_control do + Authorization::Maintenance.without_access_control do + assert engine.permit?(:test_2, context: :permissions, + user: MockUser.new(:test_role)) end - assert engine.permit?(:test_2, :context => :permissions, - :user => MockUser.new(:test_role)) + assert engine.permit?(:test_2, context: :permissions, + user: MockUser.new(:test_role)) end + + without_access_control # coverage end + def test_with_user + original_user = Authorization.current_user + user = MockUser.new(:test_role) + Authorization::Maintenance.with_user(user) do + assert_equal user, Authorization.current_user + end + assert_equal original_user, Authorization.current_user + + with_user(user) # coverage + end end