Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
new features and testability for controller integration
- Loading branch information
1 parent
3357aa6
commit f5d9f19
Showing
27 changed files
with
224 additions
and
34 deletions.
There are no files selected for viewing
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -1,4 +1,9 @@ | |||
module Aegis | module Aegis | ||
|
|||
class AccessDenied < StandardError | class AccessDenied < StandardError | ||
end | end | ||
|
|||
class UncheckedPermissions < StandardError | |||
end | |||
|
|||
end | end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,86 @@ | |||
module Aegis | |||
module Matchers | |||
|
|||
class CheckPermissions | |||
|
|||
def initialize(expected_resource, expected_options = {}) | |||
@expected_resource = expected_resource | |||
@expected_options = expected_options | |||
end | |||
|
|||
def matches?(controller) | |||
@controller_class = controller.class | |||
@actual_resource = @controller_class.instance_variable_get('@aegis_permissions_resource') | |||
@actual_options = @controller_class.instance_variable_get('@aegis_permissions_options') | |||
@actual_resource == @expected_resource && @actual_options == @expected_options | |||
end | |||
|
|||
def failure_message | |||
if @actual_resource != @expected_resource | |||
"expected #{@controller_class} to check permissions against resource #{@expected_resource.inspect}, but it checked against #{@actual_resource.inspect}" | |||
else | |||
"expected #{@controller_class} to check permissions with options #{@expected_options.inspect}, but options were #{@actual_options.inspect}" | |||
end | |||
end | |||
|
|||
def negative_failure_message | |||
if @actual_resource == @expected_resource | |||
"expected #{@controller_class} to not check permissions against resource #{@expected_resource.inspect}" | |||
else | |||
"expected #{@controller_class} to not check permissions with options #{@expected_options.inspect}" | |||
end | |||
end | |||
|
|||
def description | |||
description = "check permissions against resource #{@expected_resource.inspect}" | |||
description << " with options #{@expected_options.inspect}" if @expected_options.any? | |||
description | |||
end | |||
|
|||
end | |||
|
|||
def check_permissions(*args) | |||
CheckPermissions.new(*args) | |||
end | |||
|
|||
end | |||
end | |||
|
|||
|
|||
ActiveSupport::TestCase.send :include, Aegis::Matchers | |||
|
|||
#Spec::Rails::Example::ControllerExampleGroup.extend Aegis::ControllerSpecMacros | |||
|
|||
|
|||
# def it_should_allow_access_for(*allowed_roles, &block) | |||
# | |||
# denied_roles = Permissions.roles.collect(&:name) - allowed_roles | |||
# | |||
# describe 'permissions' do | |||
# | |||
# before :each do | |||
# sign_out | |||
# end | |||
# | |||
# it "should deny access when no user is signed in" do | |||
# expect { instance_eval(&block) }.to raise_error(Aegis::AccessDenied) | |||
# end | |||
# | |||
# allowed_roles.each do |role| | |||
# it "should allow access for an authenticated #{role}" do | |||
# sign_in User.new(:role_name => role) | |||
# expect { instance_eval(&block) }.to_not raise_error | |||
# response.code.should == '200' | |||
# end | |||
# end | |||
# | |||
# denied_roles.each do |role| | |||
# it "should deny access for an authenticated #{role}" do | |||
# sign_in User.new(:role_name => role) | |||
# expect { instance_eval(&block) }.to raise_error(Aegis::AccessDenied) | |||
# end | |||
# end | |||
# | |||
# end | |||
# | |||
# end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -1,38 +1,73 @@ | |||
module Aegis | module Aegis | ||
module ActionController | module ActionController | ||
|
|
||
def permissions(resource, options = {}) | module ClassMethods | ||
|
|
||
before_filter :check_permissions, options.slice(:except, :only) | private | ||
|
|
||
instance_eval do | def require_permissions(options = {}) | ||
|
before_filter :unchecked_permissions, options | ||
private | end | ||
|
|
||
actions_map = (options[:map] || {}).stringify_keys | def skip_permissions(options = {}) | ||
object_method = options[:object] || :object | skip_before_filter :unchecked_permissions, options | ||
parent_object_method = options[:parent_object] || :parent_object | end | ||
user_method = options[:user] || :current_user |
|
||
permissions = lambda { Aegis::Permissions.app_permissions(options[:permissions]) } | def permissions(resource, options = {}) | ||
|
|
||
define_method :check_permissions do | filter_options = options.slice(:except, :only) | ||
action = permissions.call.guess_action( |
|
||
resource, | skip_before_filter :unchecked_permissions, filter_options | ||
action_name.to_s, |
|
||
actions_map | # Store arguments for testing | ||
) | @aegis_permissions_resource = resource | ||
args = [] | @aegis_permissions_options = options | ||
args << send(user_method) |
|
||
args << send(parent_object_method) if action.takes_parent_object | before_filter :check_permissions, filter_options | ||
args << send(object_method) if action.takes_object |
|
||
action.may!(*args) | instance_eval do | ||
|
|||
private | |||
|
|||
actions_map = (options[:map] || {}).stringify_keys | |||
object_method = options[:object] || :object | |||
parent_object_method = options[:parent_object] || :parent_object | |||
user_method = options[:user] || :current_user | |||
permissions = lambda { Aegis::Permissions.app_permissions(options[:permissions]) } | |||
|
|||
define_method :check_permissions do | |||
action = permissions.call.guess_action( | |||
resource, | |||
action_name.to_s, | |||
actions_map | |||
) | |||
args = [] | |||
args << send(user_method) | |||
args << send(parent_object_method) if action.takes_parent_object | |||
args << send(object_method) if action.takes_object | |||
action.may!(*args) | |||
end | |||
|
|||
end | end | ||
|
|
||
end | end | ||
|
|
||
end | end | ||
|
|
||
module InstanceMethods | |||
|
|||
private | |||
|
|||
def unchecked_permissions | |||
raise Aegis::UncheckedPermissions, "This controller does not check permissions" | |||
end | |||
|
|||
end | |||
|
|||
end | end | ||
end | end | ||
|
|
||
ActionController::Base.extend(Aegis::ActionController) | ActionController::Base.extend Aegis::ActionController::ClassMethods | ||
ActionController::Base.send :include, Aegis::ActionController::InstanceMethods | |||
|
|||
|
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 2 additions & 0 deletions
2
spec/app_root/app/controllers/application_controller.rb
100755 → 100644
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Original file line | Diff line number | Diff line change |
---|---|---|---|
@@ -0,0 +1,8 @@ | |||
class SongsController | |||
|
|||
require_permissions | |||
|
|||
skip_permissions :only => :index | |||
permissions :songs, :only => :new | |||
|
|||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Empty file.