spec/access_control_spec.rb in be9-acl9-0.9.1 vs spec/access_control_spec.rb in be9-acl9-0.9.2

@@ -24,32 +24,39 @@
   end
 end
 
 # all these controllers behave the same way
 
-class AccessControllingController1 < EmptyController
+class ACLBlock < EmptyController
   access_control do
     allow all, :to => [:index, :show]
     allow :admin
   end
 end
 
-class AccessControllingController2 < EmptyController
+class ACLMethod < EmptyController
   access_control :as_method => :acl do
     allow all, :to => [:index, :show]
     allow :admin, :except => [:index, :show]
   end
 end
 
-class AccessControllingController3 < EmptyController
+class ACLMethod2 < EmptyController
+  access_control :acl do
+    allow all, :to => [:index, :show]
+    allow :admin, :except => [:index, :show]
+  end
+end
+
+class ACLArguments < EmptyController
   access_control :except => [:index, :show] do
     allow :admin
   end
 end
 
-class AccessControllingController4 < EmptyController
-  access_control :as_method => :acl, :filter => false do
+class ACLBooleanMethod < EmptyController
+  access_control :acl, :filter => false do
     allow all, :to => [:index, :show]
     allow :admin
   end
 
   before_filter :check_acl
@@ -83,37 +90,45 @@
       get act, :user => Admin.new
     end
   end
 end
 
-describe AccessControllingController1, :type => :controller do
+describe ACLBlock, :type => :controller do
   it_should_behave_like "permit anonymous to index and show and admin everywhere else"
 end
 
-describe AccessControllingController2, :type => :controller do
+describe ACLMethod, :type => :controller do
   it "should add :acl as a method" do
     controller.should respond_to(:acl)
   end
 
   it_should_behave_like "permit anonymous to index and show and admin everywhere else"
 end
 
-describe AccessControllingController3, :type => :controller do
+describe ACLMethod2, :type => :controller do
+  it "should add :acl as a method" do
+    controller.should respond_to(:acl)
+  end
+
   it_should_behave_like "permit anonymous to index and show and admin everywhere else"
 end
 
-describe AccessControllingController4, :type => :controller do
+describe ACLArguments, :type => :controller do
   it_should_behave_like "permit anonymous to index and show and admin everywhere else"
 end
 
+describe ACLBooleanMethod, :type => :controller do
+  it_should_behave_like "permit anonymous to index and show and admin everywhere else"
+end
+
 class MyDearFoo
   include Singleton
 end
 
 class VenerableBar; end
 
-class AccessControllingController5 < EmptyController
+class ACLIvars < EmptyController
   before_filter :set_ivars
 
   access_control do
     action :destroy do
       allow :owner, :of => :foo
@@ -126,11 +141,11 @@
   def set_ivars
     @foo = MyDearFoo.instance
   end
 end
 
-describe AccessControllingController5, :type => :controller do
+describe ACLIvars, :type => :controller do
   class OwnerOfFoo
     def has_role?(role, obj)
       role == 'owner' && obj == MyDearFoo.instance
     end
   end
@@ -156,11 +171,11 @@
   def has_role?(role, subj)
     role == "the_only_one"
   end
 end
 
-class AccessControllingController6 < ActionController::Base
+class ACLSubjectMethod < ActionController::Base
   access_control :subject_method => :the_only_user do
     allow :the_only_one
   end
 
   def index; end
@@ -170,16 +185,75 @@
   def the_only_user
     params[:user]
   end
 end
 
-describe AccessControllingController6, :type => :controller do
+describe ACLSubjectMethod, :type => :controller do
   it "should allow the only user to index" do
     get :index, :user => TheOnlyUser.instance
   end
   
   it "should deny anonymous to index" do
     lambda do
       get :index
     end.should raise_error(Acl9::AccessDenied)
+  end
+end
+
+class ACLObjectsHash < ActionController::Base
+  access_control :allowed?, :filter => false do
+    allow :owner, :of => :foo
+  end
+
+  def allow
+    @foo = nil
+    raise unless allowed?(:foo => MyDearFoo.instance)
+  end
+  
+  def current_user
+    params[:user]
+  end
+end
+
+describe ACLObjectsHash, :type => :controller do
+  class FooOwner
+    def has_role?(role_name, obj)
+      role_name == 'owner' && obj == MyDearFoo.instance
+    end
+  end
+
+  it "should consider objects hash and prefer it to @ivar" do
+    get :allow, :user => FooOwner.new
+  end
+end
+
+describe "Argument checking" do
+  def arg_err(&block)
+    lambda do
+      block.call
+    end.should raise_error(ArgumentError)
+  end
+
+  it "should raise ArgumentError without a block" do
+    arg_err do
+      class FailureController < ActionController::Base
+        access_control 
+      end
+    end
+  end
+  
+  it "should raise ArgumentError with 1st argument which is not a symbol" do
+    arg_err do
+      class FailureController < ActionController::Base
+        access_control 123 do end
+      end
+    end
+  end
+  
+  it "should raise ArgumentError with more than 1 positional argument" do
+    arg_err do
+      class FailureController < ActionController::Base
+        access_control :foo, :bar do end
+      end
+    end
   end
 end