Module: Authorization::TestHelper

Includes:
Maintenance
Defined in:
lib/declarative_authorization/maintenance.rb

Overview

TestHelper provides assert methods and controller request methods which take authorization into account and set the current user to a specific one.

Defines get_with, post_with, get_by_xhr_with etc. for methods get, post, put, delete each with the signature

get_with(user, action, params = {}, session = {}, flash = {})

Use it by including it in your TestHelper:

require File.expand_path(File.dirname(__FILE__) +
  "/../vendor/plugins/declarative_authorization/lib/maintenance")
class Test::Unit::TestCase
  include Authorization::TestHelper
  ...

  def admin
    # create admin user
  end
end

class SomeControllerTest < ActionController::TestCase
  def test_should_get_index
    ...
    get_with admin, :index, :param_1 => "param value"
    ...
  end
end

Note: get_with etc. do two things to set the user for the request: Authorization.current_user is set and session, session are set appropriately. If you determine the current user in a different way, these methods might not work for you.

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Maintenance

#with_user, with_user, #without_access_control, without_access_control

Class Method Details

.included(base) ⇒ Object



201
202
203
204
205
206
207
208
209
210
211
212
213
# File 'lib/declarative_authorization/maintenance.rb', line 201

def self.included(base)
  [:get, :post, :put, :delete].each do |method|
    base.class_eval <<-EOV, __FILE__, __LINE__
      def #{method}_with(user, *args)
        request_with(user, #{method.inspect}, false, *args)
      end

      def #{method}_by_xhr_with(user, *args)
        request_with(user, #{method.inspect}, true, *args)
      end
    EOV
  end
end

Instance Method Details

#assert_raise_with_user(user, *args) ⇒ Object

Analogue to the Ruby’s assert_raise method, only executing the block in the context of the given user.



146
147
148
149
150
151
152
# File 'lib/declarative_authorization/maintenance.rb', line 146

def assert_raise_with_user(user, *args)
  assert_raise(*args) do
    with_user(user) do
      yield if block_given?
    end
  end
end

#request_with(user, method, xhr, action, params = {}, session = {}, flash = {}) ⇒ Object



189
190
191
192
193
194
195
196
197
198
199
# File 'lib/declarative_authorization/maintenance.rb', line 189

def request_with(user, method, xhr, action, params = {},
    session = {}, flash = {})
  session = session.merge({:user => user, :user_id => user && user.id})
  with_user(user) do
    if xhr
      xhr method, action, params, session, flash
    else
      send method, action, params, session, flash
    end
  end
end

#should_be_allowed_to(privilege, *args) ⇒ Object

Test helper to test authorization rules.

with_user a_normal_user do
  should_not_be_allowed_to :update, :conferences
  should_not_be_allowed_to :read, an_unpublished_conference
  should_be_allowed_to :read, a_published_conference
end

If the objects class name does not match the controller name, you can set the object and context manually

should_be_allowed_to :create, :object => car, :context => :vehicles

If you use specify the object and context manually, you can also specify the user manually, skipping the with_user block:

should_be_allowed_to :create, :object => car, :context => :vehicles, :user => a_normal_user


166
167
168
169
170
171
172
173
174
175
176
# File 'lib/declarative_authorization/maintenance.rb', line 166

def should_be_allowed_to(privilege, *args)
  options = {}
  if(args.first.class == Hash)
    options = args.extract_options!
  else
    options[args[0].is_a?(Symbol) ? :context : :object] = args[0]
  end
  assert_nothing_raised do
    Authorization::Engine.instance.permit!(privilege, options)
  end
end

#should_not_be_allowed_to(privilege, *args) ⇒ Object

See should_be_allowed_to



179
180
181
182
183
184
185
186
187
# File 'lib/declarative_authorization/maintenance.rb', line 179

def should_not_be_allowed_to(privilege, *args)
  options = {}
  if(args.first.class == Hash)
    options = args.extract_options!
  else
    options[args[0].is_a?(Symbol) ? :context : :object] = args[0]
  end
  assert !Authorization::Engine.instance.permit?(privilege, options)
end