Module: Authorization::TestHelper

Includes:: Maintenance

Defined in:: lib/declarative_authorization/maintenance.rb

Overview

TestHelper provides assert methods and controller request methods which take authorization into account and set the current user to a specific one.

Defines get_with, post_with, get_by_xhr_with etc. for methods get, post, put, delete each with the signature

get_with(user, action, params = {}, session = {}, flash = {})

Use it by including it in your TestHelper:

require File.expand_path(File.dirname(__FILE__) + 
  "/../vendor/plugins/declarative_authorization/lib/maintenance")
class Test::Unit::TestCase 
  include Authorization::TestHelper
  ...

  def admin
    # create admin user
  end
end

class SomeControllerTest < ActionController::TestCase
  def test_should_get_index
    ...
    get_with admin, :index, :param_1 => "param value"
    ...
  end
end

Note: get_with etc. do two things to set the user for the request: Authorization.current_user is set and session, session are set appropriately. If you determine the current user in a different way, these methods might not work for you.

Class Method Summary collapse

.included(base) ⇒ Object

Instance Method Summary collapse

#assert_raise_with_user(user, *args, &block) ⇒ Object

Analogue to the Ruby’s assert_raise method, only executing the block in the context of the given user.
#request_with(user, method, xhr, action, params = {}, session = {}, flash = {}) ⇒ Object
#should_be_allowed_to(privilege, *args) ⇒ Object

Test helper to test authorization rules.
#should_not_be_allowed_to(privilege, *args) ⇒ Object

See should_be_allowed_to.

Methods included from Maintenance

#with_user, with_user, without_access_control, #without_access_control

Class Method Details

.included(base) ⇒ `Object`

# File 'lib/declarative_authorization/maintenance.rb', line 198

def self.included (base)
  [:get, :post, :put, :delete].each do |method|
    base.class_eval <<-EOV, __FILE__, __LINE__
      def #{method}_with (user, *args)
        request_with(user, #{method.inspect}, false, *args)
      end

      def #{method}_by_xhr_with (user, *args)
        request_with(user, #{method.inspect}, true, *args)
      end
    EOV
  end
end

Instance Method Details

#assert_raise_with_user(user, *args, &block) ⇒ `Object`

Analogue to the Ruby’s assert_raise method, only executing the block in the context of the given user.

# File 'lib/declarative_authorization/maintenance.rb', line 145

def assert_raise_with_user (user, *args, &block)
  assert_raise(*args) do
    with_user(user, &block)
  end
end

#request_with(user, method, xhr, action, params = {}, session = {}, flash = {}) ⇒ `Object`

# File 'lib/declarative_authorization/maintenance.rb', line 186

def request_with (user, method, xhr, action, params = {}, 
    session = {}, flash = {})
  session = session.merge({:user => user, :user_id => user && user.id})
  with_user(user) do
    if xhr
      xhr method, action, params, session, flash
    else
      send method, action, params, session, flash
    end
  end
end

#should_be_allowed_to(privilege, *args) ⇒ `Object`

Test helper to test authorization rules.

with_user a_normal_user do
  should_not_be_allowed_to :update, :conferences
  should_not_be_allowed_to :read, an_unpublished_conference
  should_be_allowed_to :read, a_published_conference
end

If the objects class name does not match the controller name, you can set the object and context manually

should_be_allowed_to :create, :object => car, :context => :vehicles

If you use specify the object and context manually, you can also specify the user manually, skipping the with_user block:

should_be_allowed_to :create, :object => car, :context => :vehicles, :user => a_normal_user

# File 'lib/declarative_authorization/maintenance.rb', line 163

def should_be_allowed_to (privilege, *args)
  options = {}
  if(args.first.class == Hash)
    options = args.extract_options!
  else
    options[args[0].is_a?(Symbol) ? :context : :object] = args[0]
  end
  assert_nothing_raised do
    Authorization::Engine.instance.permit!(privilege, options)
  end
end

#should_not_be_allowed_to(privilege, *args) ⇒ `Object`

See should_be_allowed_to

# File 'lib/declarative_authorization/maintenance.rb', line 176

def should_not_be_allowed_to (privilege, *args)
  options = {}
  if(args.first.class == Hash)
    options = args.extract_options!
  else
    options[args[0].is_a?(Symbol) ? :context : :object] = args[0]
  end
  assert !Authorization::Engine.instance.permit?(privilege, options)
end