forked from stffn/declarative_authorization
-
Notifications
You must be signed in to change notification settings - Fork 0
/
dsl_reader_test.rb
178 lines (163 loc) · 5.54 KB
/
dsl_reader_test.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
require 'test_helper'
class DSLReaderTest < Test::Unit::TestCase
def test_privileges
reader = Authorization::Reader::DSLReader.new
reader.parse %{
privileges do
privilege :test_priv do
includes :lower_priv
end
end
}
assert_equal 2, reader.privileges_reader.privileges.length
assert_equal [[:lower_priv, nil]],
reader.privileges_reader.privilege_hierarchy[:test_priv]
end
def test_privileges_with_context
reader = Authorization::Reader::DSLReader.new
reader.parse %{
privileges do
privilege :test_priv, :test_context do
includes :lower_priv
end
end
}
assert_equal [[:lower_priv, :test_context]],
reader.privileges_reader.privilege_hierarchy[:test_priv]
end
def test_privileges_one_line
reader = Authorization::Reader::DSLReader.new
reader.parse %{
privileges do
privilege :test_priv, :test_context, :includes => :lower_priv
privilege :test_priv_2, :test_context, :includes => [:lower_priv]
privilege :test_priv_3, :includes => [:lower_priv]
end
}
assert_equal [[:lower_priv, :test_context]],
reader.privileges_reader.privilege_hierarchy[:test_priv]
assert_equal [[:lower_priv, :test_context]],
reader.privileges_reader.privilege_hierarchy[:test_priv_2]
assert_equal [[:lower_priv, nil]],
reader.privileges_reader.privilege_hierarchy[:test_priv_3]
end
def test_auth_role
reader = Authorization::Reader::DSLReader.new
reader.parse %{
authorization do
role :test_role do
includes :lesser_role
has_permission_on :items, :to => :read
end
end
}
assert_equal 1, reader.auth_rules_reader.roles.length
assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role]
assert_equal 1, reader.auth_rules_reader.auth_rules.length
end
def test_auth_role_permit_on
reader = Authorization::Reader::DSLReader.new
reader.parse %|
authorization do
role :test_role do
has_permission_on :test_context do
to :test_perm, :manage
if_attribute :test_attr => is { user.test_attr }
end
end
end
|
assert_equal 1, reader.auth_rules_reader.roles.length
assert_equal 1, reader.auth_rules_reader.auth_rules.length
assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
end
def test_permit_block
reader = Authorization::Reader::DSLReader.new
reader.parse %|
authorization do
role :test_role do
has_permission_on :perms, :to => :test do
if_attribute :test_attr => is { user.test_attr }
if_attribute :test_attr_2 => is_not { user.test_attr }
if_attribute :test_attr_3 => contains { user.test_attr }
if_attribute :test_attr_4 => does_not_contain { user.test_attr }
if_attribute :test_attr_5 => is_in { user.test_attr }
if_attribute :test_attr_5 => is_not_in { user.test_attr }
if_attribute :test_attr_6 => lt { user.test_attr }
if_attribute :test_attr_6 => lte { user.test_attr }
if_attribute :test_attr_6 => gt { user.test_attr }
if_attribute :test_attr_6 => gte { user.test_attr }
end
end
end
|
assert_equal 1, reader.auth_rules_reader.roles.length
assert_equal 1, reader.auth_rules_reader.auth_rules.length
assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
end
def test_has_permission_to_with_context
reader = Authorization::Reader::DSLReader.new
reader.parse %|
authorization do
role :test_role do
has_permission_on :perms, :to => :test
end
end
|
assert_equal 1, reader.auth_rules_reader.roles.length
assert_equal 1, reader.auth_rules_reader.auth_rules.length
assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
end
def test_context
reader = Authorization::Reader::DSLReader.new
reader.parse %{
contexts do
context :high_level_context do
includes :low_level_context_1, :low_level_context_2
end
end
}
end
def test_dsl_error
reader = Authorization::Reader::DSLReader.new
assert_raise(Authorization::Reader::DSLError) do
reader.parse %{
authorization do
includes :lesser_role
end
}
end
end
def test_syntax_error
reader = Authorization::Reader::DSLReader.new
assert_raise(Authorization::Reader::DSLSyntaxError) do
reader.parse %{
authorizations do
end
}
end
end
def test_syntax_error_2
reader = Authorization::Reader::DSLReader.new
assert_raise(Authorization::Reader::DSLSyntaxError) do
reader.parse %{
authorizations
end
}
end
end
def test_factory_returns_self
reader = Authorization::Reader::DSLReader.new
assert_equal(Authorization::Reader::DSLReader.factory(reader).object_id, reader.object_id)
end
def test_factory_loads_file
reader = Authorization::Reader::DSLReader.factory((DA_ROOT + "authorization_rules.dist.rb").to_s)
assert_equal(Authorization::Reader::DSLReader, reader.class)
end
def test_load_file_not_found
assert_raise(Authorization::Reader::DSLFileNotFoundError) do
Authorization::Reader::DSLReader.new.load!("nonexistent_file.rb")
end
end
end