Module Authorization::TestHelper
In: lib/declarative_authorization/maintenance.rb

TestHelper provides assert methods and controller request methods which take authorization into account and set the current user to a specific one.

Defines get_with, post_with, get_by_xhr_with etc. for methods get, post, put, delete each with the signature

  get_with(user, action, params = {}, session = {}, flash = {})

Use it by including it in your TestHelper:

 require File.expand_path(File.dirname(__FILE__) +
   "/../vendor/plugins/declarative_authorization/lib/maintenance")
 class Test::Unit::TestCase
   include Authorization::TestHelper
   ...

   def admin
     # create admin user
   end
 end

 class SomeControllerTest < ActionController::TestCase
   def test_should_get_index
     ...
     get_with admin, :index, :param_1 => "param value"
     ...
   end
 end

Note: get_with etc. do two things to set the user for the request: Authorization.current_user is set and session[:user], session[:user_id] are set appropriately. If you determine the current user in a different way, these methods might not work for you.

Methods

Included Modules

Authorization::Maintenance

Public Class methods

[Source]

     # File lib/declarative_authorization/maintenance.rb, line 196
196:     def self.included (base)
197:       [:get, :post, :put, :delete].each do |method|
198:         base.class_eval "def \#{method}_with (user, *args)\nrequest_with(user, \#{method.inspect}, false, *args)\nend\n\ndef \#{method}_by_xhr_with (user, *args)\nrequest_with(user, \#{method.inspect}, true, *args)\nend\n", __FILE__, __LINE__
199:       end
200:     end

Public Instance methods

Analogue to the Ruby‘s assert_raise method, only executing the block in the context of the given user.

[Source]

     # File lib/declarative_authorization/maintenance.rb, line 143
143:     def assert_raise_with_user (user, *args, &block)
144:       assert_raise(*args) do
145:         with_user(user, &block)
146:       end
147:     end

[Source]

     # File lib/declarative_authorization/maintenance.rb, line 184
184:     def request_with (user, method, xhr, action, params = {}, 
185:         session = {}, flash = {})
186:       session = session.merge({:user => user, :user_id => user && user.id})
187:       with_user(user) do
188:         if xhr
189:           xhr method, action, params, session, flash
190:         else
191:           send method, action, params, session, flash
192:         end
193:       end
194:     end

Test helper to test authorization rules.

  with_user a_normal_user do
    should_not_be_allowed_to :update, :conferences
    should_not_be_allowed_to :read, an_unpublished_conference
    should_be_allowed_to :read, a_published_conference
  end

If the objects class name does not match the controller name, you can set the object and context manually

  should_be_allowed_to :create, :object => car, :context => :vehicles

If you use specify the object and context manually, you can also specify the user manually, skipping the with_user block:

  should_be_allowed_to :create, :object => car, :context => :vehicles, :user => a_normal_user

[Source]

     # File lib/declarative_authorization/maintenance.rb, line 161
161:     def should_be_allowed_to (privilege, *args)
162:       options = {}
163:       if(args.first.class == Hash)
164:         options = args.extract_options!
165:       else
166:         options[args[0].is_a?(Symbol) ? :context : :object] = args[0]
167:       end
168:       assert_nothing_raised do
169:         Authorization::Engine.instance.permit!(privilege, options)
170:       end
171:     end

See should_be_allowed_to

[Source]

     # File lib/declarative_authorization/maintenance.rb, line 174
174:     def should_not_be_allowed_to (privilege, *args)
175:       options = {}
176:       if(args.first.class == Hash)
177:         options = args.extract_options!
178:       else
179:         options[args[0].is_a?(Symbol) ? :context : :object] = args[0]
180:       end
181:       assert !Authorization::Engine.instance.permit?(privilege, options)
182:     end

[Validate]