Module: Authorization::TestHelper
- Includes:
- Maintenance
- Defined in:
- lib/declarative_authorization/maintenance.rb
Overview
TestHelper provides assert methods and controller request methods which take authorization into account and set the current user to a specific one.
Defines get_with, post_with, get_by_xhr_with etc. for methods get, post, put, delete each with the signature
get_with(user, action, params = {}, session = {}, flash = {})
Use it by including it in your TestHelper:
require File.expand_path(File.dirname(__FILE__) +
"/../vendor/plugins/declarative_authorization/lib/maintenance")
class Test::Unit::TestCase
include Authorization::TestHelper
...
def admin
# create admin user
end
end
class SomeControllerTest < ActionController::TestCase
def test_should_get_index
...
get_with admin, :index, :param_1 => "param value"
...
end
end
Note: get_with etc. do two things to set the user for the request: Authorization.current_user is set and session, session are set appropriately. If you determine the current user in a different way, these methods might not work for you.
Class Method Summary collapse
Instance Method Summary collapse
-
#assert_raise_with_user(user, *args, &block) ⇒ Object
Analogue to the Ruby’s assert_raise method, only executing the block in the context of the given user.
- #request_with(user, method, xhr, action, params = {}, session = {}, flash = {}) ⇒ Object
-
#should_be_allowed_to(privilege, object_or_context) ⇒ Object
Test helper to test authorization rules.
-
#should_not_be_allowed_to(privilege, object_or_context) ⇒ Object
See should_be_allowed_to.
Methods included from Maintenance
#with_user, with_user, without_access_control, #without_access_control
Class Method Details
.included(base) ⇒ Object
184 185 186 187 188 189 190 191 192 193 194 195 196 |
# File 'lib/declarative_authorization/maintenance.rb', line 184 def self.included (base) [:get, :post, :put, :delete].each do |method| base.class_eval <<-EOV, __FILE__, __LINE__ def #{method}_with (user, *args) request_with(user, #{method.inspect}, false, *args) end def #{method}_by_xhr_with (user, *args) request_with(user, #{method.inspect}, true, *args) end EOV end end |
Instance Method Details
#assert_raise_with_user(user, *args, &block) ⇒ Object
Analogue to the Ruby’s assert_raise method, only executing the block in the context of the given user.
145 146 147 148 149 |
# File 'lib/declarative_authorization/maintenance.rb', line 145 def assert_raise_with_user (user, *args, &block) assert_raise(*args) do with_user(user, &block) end end |
#request_with(user, method, xhr, action, params = {}, session = {}, flash = {}) ⇒ Object
172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/declarative_authorization/maintenance.rb', line 172 def request_with (user, method, xhr, action, params = {}, session = {}, flash = {}) session = session.merge({:user => user, :user_id => user && user.id}) with_user(user) do if xhr xhr method, action, params, session, flash else send method, action, params, session, flash end end end |
#should_be_allowed_to(privilege, object_or_context) ⇒ Object
Test helper to test authorization rules. E.g.
with_user a_normal_user do
should_not_be_allowed_to :update, :conferences
should_not_be_allowed_to :read, an_unpublished_conference
should_be_allowed_to :read, a_published_conference
end
157 158 159 160 161 162 163 |
# File 'lib/declarative_authorization/maintenance.rb', line 157 def should_be_allowed_to (privilege, object_or_context) = {} [object_or_context.is_a?(Symbol) ? :context : :object] = object_or_context assert_nothing_raised do Authorization::Engine.instance.permit!(privilege, ) end end |
#should_not_be_allowed_to(privilege, object_or_context) ⇒ Object
See should_be_allowed_to
166 167 168 169 170 |
# File 'lib/declarative_authorization/maintenance.rb', line 166 def should_not_be_allowed_to (privilege, object_or_context) = {} [object_or_context.is_a?(Symbol) ? :context : :object] = object_or_context assert !Authorization::Engine.instance.permit?(privilege, ) end |