access_control_test.rb in be9-acl9-0.11.0

- old
+ new

@@ -20,38 +20,48 @@
   def has_role?(role, obj)
     role == 'bartender' && obj == ACLIvars::VenerableBar
   end
 end
 
-class TheOnlyUser 
+class TheOnlyUser
   include Singleton
 
   def has_role?(role, subj)
     role == "the_only_one"
   end
 end
 
+class Beholder
+  def initialize(role)
+    @role = role.to_s
+  end
+
+  def has_role?(role, obj)
+    role.to_s == @role
+  end
+end
+
 #######################################################################
 
 module BaseTests
   # permit anonymous to index and show and admin everywhere else
   def self.included(klass)
     klass.class_eval do
       [:index, :show].each do |act|
         it "should permit anonymous to #{act}" do
-          get act 
+          get act
           @response.body.should == 'OK'
         end
       end
 
       [:new, :edit, :update, :delete, :destroy].each do |act|
         it "should forbid anonymous to #{act}" do
-          get act 
+          get act
           @response.body.should == 'AccessDenied'
         end
       end
-      
+
       [:index, :show, :new, :edit, :update, :delete, :destroy].each do |act|
         it "should permit admin to #{act}" do
           get act, :user => Admin.new
           @response.body.should == 'OK'
         end
@@ -64,10 +74,14 @@
   def self.included(klass)
     klass.class_eval do
       it "should add :acl as a method" do
         @controller.should respond_to(:acl)
       end
+
+      it "should_not add :acl? as a method" do
+        @controller.should_not respond_to(:acl?)
+      end
     end
   end
 end
 
 #######################################################################
@@ -104,16 +118,16 @@
   include BaseTests
 end
 
 class ACLIvarsTest < ActionController::TestCase
   tests ACLIvars
-  
+
   it "should allow owner of foo to destroy" do
     delete :destroy, :user => OwnerOfFoo.new
     @response.body.should == 'OK'
   end
-  
+
   it "should allow bartender to destroy" do
     delete :destroy, :user => Bartender.new
     @response.body.should == 'OK'
   end
 end
@@ -123,11 +137,11 @@
 
   it "should allow the only user to index" do
     get :index, :user => TheOnlyUser.instance
     @response.body.should == 'OK'
   end
-  
+
   it "should deny anonymous to index" do
     get :index
     @response.body.should == 'AccessDenied'
   end
 end
@@ -137,73 +151,188 @@
 
   it "should consider objects hash and prefer it to @ivar" do
     get :allow, :user => OwnerOfFoo.new
     @response.body.should == 'OK'
   end
-  
+
   it "should return AccessDenied when not logged in" do
     get :allow
     @response.body.should == 'AccessDenied'
   end
 end
 
+class ACLActionOverrideTest < ActionController::TestCase
+  tests ACLActionOverride
+
+  it "should allow index action to anonymous" do
+    get :check_allow, :_action => :index
+    @response.body.should == 'OK'
+  end
+
+  it "should deny show action to anonymous" do
+    get :check_allow, :_action => :show
+    @response.body.should == 'AccessDenied'
+  end
+
+  it "should deny edit action to regular user" do
+    get :check_allow_with_foo, :_action => :edit, :user => TheOnlyUser.instance
+
+    @response.body.should == 'AccessDenied'
+  end
+
+  it "should allow edit action to owner of foo" do
+    get :check_allow_with_foo, :_action => :edit, :user => OwnerOfFoo.new
+
+    @response.body.should == 'OK'
+  end
+end
+
 class ACLHelperMethodTest < ActionController::TestCase
   tests ACLHelperMethod
 
   it "should return OK checking helper method" do
     get :allow, :user => OwnerOfFoo.new
     @response.body.should == 'OK'
   end
-  
+
   it "should return AccessDenied when not logged in" do
     get :allow
     @response.body.should == 'AccessDenied'
   end
 end
 
+#######################################################################
+
+module ACLQueryMixin
+  def self.included(base)
+    base.class_eval do
+      describe "#acl_question_mark" do      # describe "#acl?" doesn't work
+        before do
+          @editor = Beholder.new(:editor)
+          @viewer = Beholder.new(:viewer)
+          @owneroffoo = OwnerOfFoo.new
+        end
+
+        [:edit, :update, :destroy].each do |meth|
+          it "should return true for editor/#{meth}" do
+            @controller.current_user = @editor
+            @controller.acl?(meth).should == true
+            @controller.acl?(meth.to_s).should == true
+          end
+
+          it "should return false for viewer/#{meth}" do
+            @controller.current_user = @viewer
+            @controller.acl?(meth).should == false
+            @controller.acl?(meth.to_s).should == false
+          end
+        end
+
+        [:index, :show].each do |meth|
+          it "should return false for editor/#{meth}" do
+            @controller.current_user = @editor
+            @controller.acl?(meth).should == false
+            @controller.acl?(meth.to_s).should == false
+          end
+
+          it "should return true for viewer/#{meth}" do
+            @controller.current_user = @viewer
+            @controller.acl?(meth).should == true
+            @controller.acl?(meth.to_s).should == true
+          end
+        end
+
+        it "should return false for editor/fooize" do
+          @controller.current_user = @editor
+          @controller.acl?(:fooize).should == false
+        end
+
+        it "should return true for foo owner" do
+          @controller.current_user = @owneroffoo
+          @controller.acl?(:fooize, :foo => MyDearFoo.instance).should == true
+        end
+      end
+    end
+  end
+end
+
+class ACLQueryMethodTest < ActionController::TestCase
+  tests ACLQueryMethod
+
+  it "should respond to :acl?" do
+    @controller.should respond_to(:acl?)
+  end
+
+  include ACLQueryMixin
+end
+
+class ACLQueryMethodWithLambdaTest < ActionController::TestCase
+  tests ACLQueryMethodWithLambda
+
+  it "should respond to :acl?" do
+    @controller.should respond_to(:acl?)
+  end
+
+  include ACLQueryMixin
+end
+
+#######################################################################
+
+class ACLNamedQueryMethodTest < ActionController::TestCase
+  tests ACLNamedQueryMethod
+
+  it "should respond to :allow_ay" do
+    @controller.should respond_to(:allow_ay)
+  end
+
+  include ACLQueryMixin
+end
+
+#######################################################################
+
 class ArgumentsCheckingTest < ActiveSupport::TestCase
   def arg_err(&block)
     lambda do
       block.call
     end.should raise_error(ArgumentError)
   end
-  
+
   it "should raise ArgumentError without a block" do
     arg_err do
       class FailureController < ApplicationController
-        access_control 
+        access_control
       end
     end
   end
-  
+
   it "should raise ArgumentError with 1st argument which is not a symbol" do
     arg_err do
       class FailureController < ApplicationController
         access_control 123 do end
       end
     end
   end
-  
+
   it "should raise ArgumentError with more than 1 positional argument" do
     arg_err do
       class FailureController < ApplicationController
         access_control :foo, :bar do end
       end
     end
   end
-  
+
   it "should raise ArgumentError with :helper => true and no method name" do
     arg_err do
       class FailureController < ApplicationController
         access_control :helper => true do end
       end
     end
   end
-  
+
   it "should raise ArgumentError with :helper => :method and a method name" do
     arg_err do
       class FailureController < ApplicationController
         access_control :meth, :helper => :another_meth do end
       end
     end
   end
 end
+