spec/authority/controller_spec.rb in authority-3.0.0 vs spec/authority/controller_spec.rb in authority-3.1.0
- old
+ new
@@ -14,19 +14,19 @@
let(:controller_class) { Class.new(ExampleController) }
context "when including" do
before :each do
- Authority::Controller.stub(:security_violation_callback).and_return(Proc.new {|exception| })
+ allow(Authority::Controller).to receive(:security_violation_callback).and_return(Proc.new {|exception| })
end
after :each do
controller_class.send(:include, Authority::Controller)
end
it "specifies rescuing security violations with a standard callback" do
- controller_class.should_receive(:rescue_from).with(
+ expect(controller_class).to receive(:rescue_from).with(
Authority::SecurityViolation, :with => Authority::Controller.security_violation_callback
)
end
end
@@ -53,11 +53,11 @@
# `self`, it will be the controller, not the proc itself.
# I need this callback's `self` to be the controller for the purposes of
# this test, so I'm stealing that behavior.
Authority.configuration.security_violation_handler = :fire_ze_missiles
- controller_instance.should_receive(:fire_ze_missiles).with(fake_exception)
+ expect(controller_instance).to receive(:fire_ze_missiles).with(fake_exception)
controller_instance.instance_exec(fake_exception, &Authority::Controller.security_violation_callback)
end
end
@@ -99,24 +99,24 @@
expect(controller_class.authority_resource).to eq(:finder_method)
end
it "sets up a before_filter, passing the options it was given" do
filter_options = {:only => [:show, :edit, :update]}
- controller_class.should_receive(:before_filter).with(:run_authorization_check, filter_options)
+ expect(controller_class).to receive(:before_filter).with(:run_authorization_check, filter_options)
controller_class.authorize_actions_for(resource_class, filter_options)
end
it "if :all_actions option is given, it overrides the action hash to use the action given" do
overridden_action_map = controller_class.authority_action_map
overridden_action_map.update(overridden_action_map) {|k,v| v = :annihilate}
child_controller.authorize_actions_for(resource_class, :all_actions => :annihilate)
- child_controller.authority_action_map.should eq(overridden_action_map)
+ expect(child_controller.authority_action_map).to eq(overridden_action_map)
end
it "passes the action hash to the `add_actions` method" do
new_actions = {:synthesize => :create, :annihilate => 'delete'}
- child_controller.should_receive(:add_actions).with(new_actions)
+ expect(child_controller).to receive(:add_actions).with(new_actions)
child_controller.authorize_actions_for(resource_class, :actions => new_actions)
end
it "updates the action map if :actions option is given" do
updated_map = child_controller.authority_action_map
@@ -188,56 +188,56 @@
describe "ensure_authorization_performed" do
let(:controller_instance) { controller_class.new }
before(:each) do
- controller_instance.stub(:class).and_return("FooController")
- controller_instance.stub(:action_name).and_return(:bar)
+ allow(controller_instance).to receive(:class).and_return("FooController")
+ allow(controller_instance).to receive(:action_name).and_return(:bar)
end
it "sets up an after_filter, passing the options it was given" do
filter_options = {:only => [:show, :edit, :update]}
- controller_class.should_receive(:after_filter).with(filter_options)
+ expect(controller_class).to receive(:after_filter).with(filter_options)
controller_class.ensure_authorization_performed(filter_options)
end
it "triggers AuthorizationNotPerformed in after filter" do
- controller_class.stub(:after_filter).and_yield(controller_instance)
- lambda {
+ allow(controller_class).to receive(:after_filter).and_yield(controller_instance)
+ expect {
controller_class.ensure_authorization_performed
- }.should raise_error(Authority::Controller::AuthorizationNotPerformed)
+ }.to raise_error(Authority::Controller::AuthorizationNotPerformed)
end
it "AuthorizationNotPerformed error has meaningful message" do
- controller_class.stub(:after_filter).and_yield(controller_instance)
- lambda {
+ allow(controller_class).to receive(:after_filter).and_yield(controller_instance)
+ expect {
controller_class.ensure_authorization_performed
- }.should raise_error("No authorization was performed for FooController#bar")
+ }.to raise_error("No authorization was performed for FooController#bar")
end
it "does not trigger AuthorizationNotPerformed when :if is false" do
- controller_instance.stub(:authorize?) { false }
- controller_class.stub(:after_filter).with({}).and_yield(controller_instance)
- lambda {
+ allow(controller_instance).to receive(:authorize?) { false }
+ allow(controller_class).to receive(:after_filter).with({}).and_yield(controller_instance)
+ expect {
controller_class.ensure_authorization_performed(:if => :authorize?)
- }.should_not raise_error()
+ }.not_to raise_error()
end
it "does not trigger AuthorizationNotPerformed when :unless is true" do
- controller_instance.stub(:skip_authorization?) { true }
- controller_class.stub(:after_filter).with({}).and_yield(controller_instance)
- lambda {
+ allow(controller_instance).to receive(:skip_authorization?) { true }
+ allow(controller_class).to receive(:after_filter).with({}).and_yield(controller_instance)
+ expect {
controller_class.ensure_authorization_performed(:unless => :skip_authorization?)
- }.should_not raise_error()
+ }.not_to raise_error()
end
it "does not raise error when #authorization_performed is true" do
controller_instance.authorization_performed = true
- controller_class.stub(:after_filter).with({}).and_yield(controller_instance)
- lambda {
+ allow(controller_class).to receive(:after_filter).with({}).and_yield(controller_instance)
+ expect {
controller_class.ensure_authorization_performed
- }.should_not raise_error()
+ }.not_to raise_error()
end
end
end
@@ -251,22 +251,22 @@
end
end
let(:controller_instance) do
controller_class.new.tap do |cc|
- cc.stub(Authority.configuration.user_method).and_return(user)
+ allow(cc).to receive(Authority.configuration.user_method).and_return(user)
end
end
let(:user) { ExampleUser.new }
describe "run_authorization_check (used as a before_filter)" do
context "if a resource class was specified" do
it "checks authorization on the model specified" do
- controller_instance.should_receive(:authorize_action_for).with(resource_class)
+ expect(controller_instance).to receive(:authorize_action_for).with(resource_class)
controller_instance.send(:run_authorization_check)
end
end
@@ -282,28 +282,35 @@
context "if the controller has such an instance method" do
context "and the method returns a class" do
before :each do
- controller_instance.stub(:method_to_find_class).and_return(resource_class)
+ allow(controller_instance).to receive(:method_to_find_class).and_return(resource_class)
end
it "checks authorization on that class" do
- controller_instance.should_receive(:authorize_action_for).with(resource_class)
+ expect(controller_instance).to receive(:authorize_action_for).with(resource_class)
controller_instance.send(:run_authorization_check)
end
+
+ it "does not call to_a on that class" do
+ expect(controller_instance).to receive(:authorize_action_for).with(resource_class)
+ # *resource is syntactic sugar for resource.to_a
+ expect(resource_class).not_to receive(:to_a)
+ controller_instance.send(:run_authorization_check)
+ end
end
context "and the method returns an array containing a class and some options" do
let(:some_options) { { :a => 1, :b => 2 } }
before :each do
- controller_instance.stub(:method_to_find_class).and_return([resource_class, some_options])
+ allow(controller_instance).to receive(:method_to_find_class).and_return([resource_class, some_options])
end
it "checks authorization on that class and passes the options" do
- controller_instance.should_receive(:authorize_action_for).with(resource_class, some_options)
+ expect(controller_instance).to receive(:authorize_action_for).with(resource_class, some_options)
controller_instance.send(:run_authorization_check)
end
end
end
@@ -319,63 +326,63 @@
end
end
it "raises a MissingAction if there is no corresponding action for the controller" do
- controller_instance.stub(:action_name).and_return('sculpt')
+ allow(controller_instance).to receive(:action_name).and_return('sculpt')
expect { controller_instance.send(:run_authorization_check) }.to raise_error(
Authority::Controller::MissingAction
)
end
end
describe "authorize_action_for" do
- before(:each) { controller_instance.stub(:action_name).and_return(:destroy) }
+ before(:each) { allow(controller_instance).to receive(:action_name).and_return(:destroy) }
it "calls Authority.enforce to authorize the action" do
- Authority.should_receive(:enforce)
+ expect(Authority).to receive(:enforce)
controller_instance.send(:authorize_action_for, resource_class)
end
it "passes along any options it was given" do
options = {:for => 'insolence'}
- Authority.should_receive(:enforce).with('delete', resource_class, user, options)
+ expect(Authority).to receive(:enforce).with('delete', resource_class, user, options)
controller_instance.send(:authorize_action_for, resource_class, options)
end
it "sets correct authorization flag" do
- Authority.stub(:enforce)
+ allow(Authority).to receive(:enforce)
controller_instance.send(:authorize_action_for, resource_class)
- controller_instance.authorization_performed?.should be_true
+ expect(controller_instance.authorization_performed?).to eq(true)
end
end
describe "authority_user" do
it "gets the user for the current request from the configured user_method" do
- controller_instance.should_receive(Authority.configuration.user_method)
+ expect(controller_instance).to receive(Authority.configuration.user_method)
controller_instance.send(:authority_user)
end
end
describe "authority_forbidden action" do
let(:mock_error) { double(:message => 'oh noes! an error!') }
it "logs an error" do
- Authority.logger.should_receive(:warn)
- controller_instance.stub(:render)
+ expect(Authority.logger).to receive(:warn)
+ allow(controller_instance).to receive(:render)
controller_instance.send(:authority_forbidden, mock_error)
end
it "renders the public/403.html file" do
forbidden_page = Rails.root.join('public/403.html')
- Authority.logger.stub(:warn)
- controller_instance.should_receive(:render).with(:file => forbidden_page, :status => 403, :layout => false)
+ allow(Authority.logger).to receive(:warn)
+ expect(controller_instance).to receive(:render).with(:file => forbidden_page, :status => 403, :layout => false)
controller_instance.send(:authority_forbidden, mock_error)
end
end