Module: Authorization::TestHelper

Includes:
Maintenance
Defined in:
lib/declarative_authorization/maintenance.rb

Overview

TestHelper provides assert methods and controller request methods which take authorization into account and set the current user to a specific one.

Defines get_with, post_with, get_by_xhr_with etc. for methods get, post, put, delete each with the signature

get_with(user, action, params = {}, session = {}, flash = {})

Use it by including it in your TestHelper:

require File.expand_path(File.dirname(__FILE__) + 
  "/../vendor/plugins/declarative_authorization/lib/maintenance")
class Test::Unit::TestCase 
  include Authorization::TestHelper
  ...

  def admin
    # create admin user
  end
end

class SomeControllerTest < ActionController::TestCase
  def test_should_get_index
    ...
    get_with admin, :index, :param_1 => "param value"
    ...
  end
end

Note: get_with etc. do two things to set the user for the request: Authorization.current_user is set and session, session are set appropriately. If you determine the current user in a different way, these methods might not work for you.

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Maintenance

#with_user, with_user, without_access_control, #without_access_control

Class Method Details

.included(base) ⇒ Object



184
185
186
187
188
189
190
191
192
193
194
195
196
# File 'lib/declarative_authorization/maintenance.rb', line 184

def self.included (base)
  [:get, :post, :put, :delete].each do |method|
    base.class_eval <<-EOV, __FILE__, __LINE__
      def #{method}_with (user, *args)
        request_with(user, #{method.inspect}, false, *args)
      end

      def #{method}_by_xhr_with (user, *args)
        request_with(user, #{method.inspect}, true, *args)
      end
    EOV
  end
end

Instance Method Details

#assert_raise_with_user(user, *args, &block) ⇒ Object

Analogue to the Ruby’s assert_raise method, only executing the block in the context of the given user.



145
146
147
148
149
# File 'lib/declarative_authorization/maintenance.rb', line 145

def assert_raise_with_user (user, *args, &block)
  assert_raise(*args) do
    with_user(user, &block)
  end
end

#request_with(user, method, xhr, action, params = {}, session = {}, flash = {}) ⇒ Object



172
173
174
175
176
177
178
179
180
181
182
# File 'lib/declarative_authorization/maintenance.rb', line 172

def request_with (user, method, xhr, action, params = {}, 
    session = {}, flash = {})
  session = session.merge({:user => user, :user_id => user.id})
  with_user(user) do
    if xhr
      xhr method, action, params, session, flash
    else
      send method, action, params, session, flash
    end
  end
end

#should_be_allowed_to(privilege, object_or_context) ⇒ Object

Test helper to test authorization rules. E.g.

with_user a_normal_user do
  should_not_be_allowed_to :update, :conferences
  should_not_be_allowed_to :read, an_unpublished_conference
  should_be_allowed_to :read, a_published_conference
end


157
158
159
160
161
162
163
# File 'lib/declarative_authorization/maintenance.rb', line 157

def should_be_allowed_to (privilege, object_or_context)
  options = {}
  options[object_or_context.is_a?(Symbol) ? :context : :object] = object_or_context
  assert_nothing_raised do
    Authorization::Engine.instance.permit!(privilege, options)
  end
end

#should_not_be_allowed_to(privilege, object_or_context) ⇒ Object

See should_be_allowed_to



166
167
168
169
170
# File 'lib/declarative_authorization/maintenance.rb', line 166

def should_not_be_allowed_to (privilege, object_or_context)
  options = {}
  options[object_or_context.is_a?(Symbol) ? :context : :object] = object_or_context
  assert !Authorization::Engine.instance.permit?(privilege, options)
end