controller_spec.rb in authority-2.8.0

- old
+ new

@@ -47,19 +47,19 @@
         # Here be dragons!
         fake_exception      = Exception.new
         controller_instance = controller_class.new
         # If a callback is passed to a controller's `rescue_from` method as the value for
         # the `with` option (like `SomeController.rescue_from FooException, :with => some_callback`),
-        # Rails will use ActiveSupport's `Proc#bind` to ensure that when the proc refers to
+        # Rails will use `instance_exec` to ensure that when the proc refers to
         # `self`, it will be the controller, not the proc itself.
         # I need this callback's `self` to be the controller for the purposes of
         # this test, so I'm stealing that behavior.
-        callback = Authority::Controller.security_violation_callback.bind(controller_instance)
 
         Authority.configuration.security_violation_handler = :fire_ze_missiles
         controller_instance.should_receive(:fire_ze_missiles).with(fake_exception)
-        callback.call(fake_exception)
+        controller_instance.instance_exec(fake_exception, &Authority::Controller.security_violation_callback)
+
       end
     end
 
     describe "the authority controller action map" do
 
@@ -153,10 +153,65 @@
           expect(controller_class.authority_action_map[:smite]).to eq(nil)
         end
 
       end
 
+      describe "ensure_authorization_performed" do
+
+        let(:controller_instance) { controller_class.new }
+
+        before(:each) do
+          controller_instance.stub(:class).and_return("FooController")
+          controller_instance.stub(:action_name).and_return(:bar)
+        end
+
+        it "sets up an after_filter, passing the options it was given" do
+          filter_options = {:only => [:show, :edit, :update]}
+          controller_class.should_receive(:after_filter).with(filter_options)
+          controller_class.ensure_authorization_performed(filter_options)
+        end
+
+        it "triggers AuthorizationNotPerformed in after filter" do
+          controller_class.stub(:after_filter).and_yield(controller_instance)
+          lambda {
+            controller_class.ensure_authorization_performed
+          }.should raise_error(Authority::Controller::AuthorizationNotPerformed)
+        end
+
+        it "AuthorizationNotPerformed error has meaningful message" do
+          controller_class.stub(:after_filter).and_yield(controller_instance)
+          lambda {
+            controller_class.ensure_authorization_performed
+          }.should raise_error("No authorization was performed for FooController#bar")
+        end
+
+        it "does not trigger AuthorizationNotPerformed when :if is false" do
+          controller_instance.stub(:authorize?) { false }
+          controller_class.stub(:after_filter).with({}).and_yield(controller_instance)
+          lambda {
+            controller_class.ensure_authorization_performed(:if => :authorize?)
+          }.should_not raise_error()
+        end
+
+        it "does not trigger AuthorizationNotPerformed when :unless is true" do
+          controller_instance.stub(:skip_authorization?) { true }
+          controller_class.stub(:after_filter).with({}).and_yield(controller_instance)
+          lambda {
+            controller_class.ensure_authorization_performed(:unless => :skip_authorization?)
+          }.should_not raise_error()
+        end
+
+        it "does not raise error when #authorization_performed is true" do
+          controller_instance.authorization_performed = true
+          controller_class.stub(:after_filter).with({}).and_yield(controller_instance)
+          lambda {
+            controller_class.ensure_authorization_performed
+          }.should_not raise_error()
+        end
+
+      end
+
     end
 
     describe "instance methods" do
 
       let(:controller_class) do
@@ -242,10 +297,16 @@
           options = {:for => 'insolence'}
           Authority.should_receive(:enforce).with('delete', resource_class, user, options)
           controller_instance.send(:authorize_action_for, resource_class, options)
         end
 
+        it "sets correct authorization flag" do
+          Authority.stub(:enforce)
+          controller_instance.send(:authorize_action_for, resource_class)
+          controller_instance.authorization_performed?.should be_true
+        end
+
       end
 
       describe "authority_user" do
 
         it "gets the user for the current request from the configured user_method" do
@@ -255,10 +316,10 @@
 
       end
 
       describe "authority_forbidden action" do
 
-        let(:mock_error) { mock(:message => 'oh noes! an error!') }
+        let(:mock_error) { double(:message => 'oh noes! an error!') }
 
         it "logs an error" do
           Authority.logger.should_receive(:warn)
           controller_instance.stub(:render)
           controller_instance.send(:authority_forbidden, mock_error)