require "spec_helper"

module Tuersteher

  describe PathAccessRule do

    context "grant" do
      before(:all) do
        @rule = PathAccessRule.new('/admin').grant.method(:get).role(:sysadmin).role(:admin)
      end


      context "for User with role :admin" do
        before do
          @user = stub('user')
          @user.stub(:has_role?){|role| role==:admin}
        end

        it "should be fired for path='/admin/xyz' and method :get" do
          @rule.fired?("/admin/xyz", :get, @user).should be_true
        end

        it "should not be fired for other path" do
          @rule.fired?('/todos/admin', :get, @user).should_not be_true
        end

        it "should not be fired for other method as :get" do
          @rule.fired?("/admin/xyz", :post, @user).should_not be_true
        end
      end


      context "for User without role :admin" do
        before do
          @user = stub('user')
          @user.stub(:has_role?).and_return(false)
        end

        it "should not be fired for correct path and method" do
          @rule.fired?("/admin/xyz", :get, @user).should_not be_true
        end
      end


      context "Rule with :all as Path-Matcher" do
        before(:all) do
          @rule = PathAccessRule.new(:all).method(:get).role(:sysadmin).role(:admin)
          @user = stub('user')
          @user.stub(:has_role?).and_return(true)
        end

        it "should fired for several paths" do
          @rule.fired?("/admin/xyz", :get, @user).should be_true
          @rule.fired?("/xyz", :get, @user).should be_true
          @rule.fired?("/", :get, @user).should be_true
        end

        it "should not be fired with other method" do
          @rule.fired?("/admin/xyz", :post, @user).should_not be_true
        end
      end


      context "Rule with no Methode spezifed => all methods allowed" do
        before(:all) do
          @rule = PathAccessRule.new('/admin').role(:sysadmin).role(:admin)
          @user = stub('user')
          @user.stub(:has_role?).and_return(true)
        end

        it "should fired for several methods" do
          @rule.fired?("/admin/xyz", :get, @user).should be_true
          @rule.fired?("/admin/xyz", :post, @user).should be_true
          @rule.fired?("/admin/xyz", :put, @user).should be_true
          @rule.fired?("/admin/xyz", :delete, @user).should be_true
        end

        it "should not be fired with other path" do
          @rule.fired?("/xyz", :post, @user).should_not be_true
        end
      end


      context "Rule with no role spezifed => now role needed" do
        before(:all) do
          @rule = PathAccessRule.new('/admin').method(:get)
          @user = stub('user')
          @user.stub(:has_role?).and_return(false)
        end

        it "should fired for user with no roles" do
          @rule.fired?("/admin/xyz", :get, @user).should be_true
        end

        it "should not be fired with other path" do
          @rule.fired?("/xyz", :get, @user).should_not be_true
        end
      end


      context "Rule with extension" do
        before(:all) do
          @rule = PathAccessRule.new('/admin').method(:get).extension(:modul_function?, :testvalue)
          @rule2 = PathAccessRule.new('/admin').method(:get).extension(:modul_function2?)
          @user = stub('user')
          @user.stub(:has_role?).and_return(false)
        end

        it "should not be fired with user have not the check_extension" do
          @rule.fired?("/admin", :get, @user).should_not be_true
        end

        it "should fired for user with true for check-extension" do
          @user.should_receive(:modul_function?).with(:testvalue).and_return(true)
          @rule.fired?("/admin/xyz", :get, @user).should be_true
        end

        it "should not be fired for user with false for check-extension" do
          @user.should_receive(:modul_function?).with(:testvalue).and_return(false)
          @rule.fired?("/admin/xyz", :get, @user).should_not be_true
        end

        it "should fired for rule2 and user with true for check-extension" do
          @user.should_receive(:modul_function2?).and_return(true)
          @rule2.fired?("/admin/xyz", :get, @user).should be_true
        end
      end
    end # of context "grant" do


    context "deny" do
      before(:all) do
        @rule = PathAccessRule.new('/admin').deny.role(:user)
        @user = stub('user')
      end

      it "should fired for user with role :user" do
        @user.stub(:has_role?){|role| role==:user}
        @rule.fired?("/admin", :get, @user).should be_true
      end

      it "should not fired for user with role :admin" do
        @user.stub(:has_role?){|role| role==:admin}
        @rule.fired?("/admin", :get, @user).should_not be_true
      end
    end # of context "deny" do


    context "with not as role prefix" do
      before(:all) do
        @rule = PathAccessRule.new('/admin').deny.not.role(:admin)
        @user = stub('user')
      end

      it "should not fired for user with role :admin" do
        @user.stub(:has_role?){|role| role==:admin}
        @rule.fired?("/admin", :get, @user).should_not be_true
      end

      it "should fired for user with role :user" do
        @user.stub(:has_role?){|role| role==:user}
        @rule.fired?("/admin", :get, @user).should be_true
      end
    end # of context "not" do


    context "add multiple roles" do
      before(:all) do
        @rule = PathAccessRule.new('/admin').roles(:admin1, :admin2).roles([:s1, :s2])
        @user = stub('user')
      end

      it "should fired for user with role which specified in the rule" do
        [:admin1, :admin2, :s1, :s2].each do |role_name|
          @user.stub(:has_role?){|role| role==role_name}
          @rule.fired?("/admin", :get, @user).should be_true
        end
      end

      it "should not fired for user with role :user" do
        @user.stub(:has_role?){|role| role==:user}
        @rule.fired?("/admin", :get, @user).should_not be_true
      end
    end
  end
end