Module: Authorization::TestHelper

Includes:: Maintenance

Defined in:: lib/declarative_authorization/maintenance.rb

Overview

TestHelper provides assert methods and controller request methods which take authorization into account and set the current user to a specific one.

Defines get_with, post_with, get_by_xhr_with etc. for methods get, post, put, delete each with the signature

get_with(user, action, params = {}, session = {}, flash = {})

Use it by including it in your TestHelper:

require File.expand_path(File.dirname(__FILE__) + 
  "/../vendor/plugins/declarative_authorization/lib/maintenance")
class Test::Unit::TestCase 
  include Authorization::TestHelper
  ...

  def admin
    # create admin user
  end
end

class SomeControllerTest < ActionController::TestCase
  def test_should_get_index
    ...
    get_with admin, :index, :param_1 => "param value"
    ...
  end
end

Class Method Summary collapse

.included(base) ⇒ Object

Instance Method Summary collapse

#assert_raise_with_user(user, *args, &block) ⇒ Object

Analogue to the Ruby’s assert_raise method, only executing the block in the context of the given user.
#request_with(user, method, xhr, action, params = {}, session = {}, flash = {}) ⇒ Object
#should_be_allowed_to(privilege, object_or_context) ⇒ Object
#should_not_be_allowed_to(privilege, object_or_context) ⇒ Object

Methods included from Maintenance

#with_user, without_access_control, #without_access_control

Class Method Details

.included(base) ⇒ `Object`

# File 'lib/declarative_authorization/maintenance.rb', line 168

def self.included (base)
  [:get, :post, :put, :delete].each do |method|
    base.class_eval <<-EOV, __FILE__, __LINE__
      def #{method}_with (user, *args)
        request_with(user, #{method.inspect}, false, *args)
      end

      def #{method}_by_xhr_with (user, *args)
        request_with(user, #{method.inspect}, true, *args)
      end
    EOV
  end
end

Instance Method Details

#assert_raise_with_user(user, *args, &block) ⇒ `Object`

Analogue to the Ruby’s assert_raise method, only executing the block in the context of the given user.

# File 'lib/declarative_authorization/maintenance.rb', line 136

def assert_raise_with_user (user, *args, &block)
  assert_raise(*args) do
    with_user(user, &block)
  end
end

#request_with(user, method, xhr, action, params = {}, session = {}, flash = {}) ⇒ `Object`

# File 'lib/declarative_authorization/maintenance.rb', line 156

def request_with (user, method, xhr, action, params = {}, 
    session = {}, flash = {})
  session = session.merge({:user => user, :user_id => user.id})
  with_user(user) do
    if xhr
      xhr method, action, params, session, flash
    else
      send method, action, params, session, flash
    end
  end
end

#should_be_allowed_to(privilege, object_or_context) ⇒ `Object`

# File 'lib/declarative_authorization/maintenance.rb', line 142

def should_be_allowed_to (privilege, object_or_context)
  options = {}
  options[object_or_context.is_a?(Symbol) ? :context : :object] = object_or_context
  assert_nothing_raised do
    Authorization::Engine.instance.permit!(privilege, options)
  end
end

#should_not_be_allowed_to(privilege, object_or_context) ⇒ `Object`

# File 'lib/declarative_authorization/maintenance.rb', line 150

def should_not_be_allowed_to (privilege, object_or_context)
  options = {}
  options[object_or_context.is_a?(Symbol) ? :context : :object] = object_or_context
  assert !Authorization::Engine.instance.permit?(privilege, options)
end