Class: PolicyAssertions::Test

Inherits:

ActiveSupport::TestCase

• Object
• ActiveSupport::TestCase
• PolicyAssertions::Test

Defined in:

lib/policy_assertions.rb

Instance Method Summary

• #assert_permit(user, record, *permissions) ⇒ Object
• #assert_strong_parameters(user, record, params_hash, allowed_params) ⇒ Object
• #refute_permit(user, record, *permissions) ⇒ Object (also: #assert_not_permitted)

Instance Method Details

#assert_permit(user, record, *permissions) ⇒ Object

# File 'lib/policy_assertions.rb', line 18

def assert_permit(user, record, *permissions)
  get_permissions(permissions.flatten).each do |permission|
    policy = find_policy!(user, record)
    assert policy.public_send(permission),
           "Expected #{policy.class.name} to grant #{permission} "\
           "on #{record} for #{user} but it didn't"
  end
end

#assert_strong_parameters(user, record, params_hash, allowed_params) ⇒ Object

# File 'lib/policy_assertions.rb', line 37

def assert_strong_parameters(user, record, params_hash, allowed_params)
  policy = find_policy!(user, record)

  param_key = find_param_key(record)

  params = ActionController::Parameters.new(param_key => params_hash)

  strong_params = params.require(param_key)
                  .permit(*policy.permitted_attributes).keys

  strong_params.each do |param|
    assert_includes allowed_params, param.to_sym,
                    "User #{user} should not be permitted to "\
                    "update parameter [#{param}]"
  end
end

#refute_permit(user, record, *permissions) ⇒ Object Also known as: assert_not_permitted

# File 'lib/policy_assertions.rb', line 27

def refute_permit(user, record, *permissions)
  get_permissions(permissions.flatten).each do |permission|
    policy = find_policy!(user, record)
    refute policy.public_send(permission),
           "Expected #{policy.class.name} not to grant #{permission} "\
           "on #{record} for #{user} but it did"
  end
end