| Module | Authorization::TestHelper |
| In: |
lib/declarative_authorization/maintenance.rb
|
TestHelper provides assert methods and controller request methods which take authorization into account and set the current user to a specific one.
Defines get_with, post_with, get_by_xhr_with etc. for methods get, post, put, delete each with the signature
get_with(user, action, params = {}, session = {}, flash = {})
Use it by including it in your TestHelper:
require File.expand_path(File.dirname(__FILE__) +
"/../vendor/plugins/declarative_authorization/lib/maintenance")
class Test::Unit::TestCase
include Authorization::TestHelper
...
def admin
# create admin user
end
end
class SomeControllerTest < ActionController::TestCase
def test_should_get_index
...
get_with admin, :index, :param_1 => "param value"
...
end
end
Note: get_with etc. do two things to set the user for the request: Authorization.current_user is set and session[:user], session[:user_id] are set appropriately. If you determine the current user in a different way, these methods might not work for you.
# File lib/declarative_authorization/maintenance.rb, line 195
195: def self.included (base)
196: [:get, :post, :put, :delete].each do |method|
197: base.class_eval "def \#{method}_with (user, *args)\nrequest_with(user, \#{method.inspect}, false, *args)\nend\n\ndef \#{method}_by_xhr_with (user, *args)\nrequest_with(user, \#{method.inspect}, true, *args)\nend\n", __FILE__, __LINE__
198: end
199: end
Analogue to the Ruby‘s assert_raise method, only executing the block in the context of the given user.
# File lib/declarative_authorization/maintenance.rb, line 142
142: def assert_raise_with_user (user, *args, &block)
143: assert_raise(*args) do
144: with_user(user, &block)
145: end
146: end
# File lib/declarative_authorization/maintenance.rb, line 183
183: def request_with (user, method, xhr, action, params = {},
184: session = {}, flash = {})
185: session = session.merge({:user => user, :user_id => user && user.id})
186: with_user(user) do
187: if xhr
188: xhr method, action, params, session, flash
189: else
190: send method, action, params, session, flash
191: end
192: end
193: end
Test helper to test authorization rules.
with_user a_normal_user do
should_not_be_allowed_to :update, :conferences
should_not_be_allowed_to :read, an_unpublished_conference
should_be_allowed_to :read, a_published_conference
end
If the objects class name does not match the controller name, you can set the object and context manually
should_be_allowed_to :create, :object => car, :context => :vehicles
If you use specify the object and context manually, you can also specify the user manually, skipping the with_user block:
should_be_allowed_to :create, :object => car, :context => :vehicles, :user => a_normal_user
# File lib/declarative_authorization/maintenance.rb, line 160
160: def should_be_allowed_to (privilege, *args)
161: options = {}
162: if(args.first.class == Hash)
163: options = args.extract_options!
164: else
165: options[args[0].is_a?(Symbol) ? :context : :object] = args[0]
166: end
167: assert_nothing_raised do
168: Authorization::Engine.instance.permit!(privilege, options)
169: end
170: end
# File lib/declarative_authorization/maintenance.rb, line 173
173: def should_not_be_allowed_to (privilege, *args)
174: options = {}
175: if(args.first.class == Hash)
176: options = args.extract_options!
177: else
178: options[args[0].is_a?(Symbol) ? :context : :object] = args[0]
179: end
180: assert !Authorization::Engine.instance.permit?(privilege, options)
181: end