spec/guard_spec.rb in cuba-api-0.6.1 vs spec/guard_spec.rb in cuba-api-0.6.2
- old
+ new
@@ -1,7 +1,8 @@
require File.expand_path( File.join( File.dirname( __FILE__ ),
'spec_helper.rb' ) )
+require 'cuba_api/loggers'
require 'cuba_api/config'
require 'cuba_api/utils'
require 'cuba_api/guard'
require 'ixtlan/user_management/group_model'
@@ -10,10 +11,11 @@
let( :root ) { Ixtlan::UserManagement::Group.new( :name => 'root' ) }
before do
Cuba.reset!
Cuba.plugin CubaApi::Config
+ Cuba.plugin CubaApi::Loggers
Cuba.plugin CubaApi::Utils
Cuba.plugin CubaApi::Guard
Cuba.define do
def current_groups
@@ -49,11 +51,11 @@
on_guard :post do
res.write "post"
end
on_guard :get do
- res.write "get#{allowed_associations ? allowed_associations.inspect : nil}"
+ res.write "get#{allowed_associations.inspect.gsub( /nil/, '' )}"
end
on_guard :put do
res.write "put"
end
on_guard :delete do
@@ -81,14 +83,14 @@
it 'should raise error' do
env = { 'PATH_INFO' => '/users/accounts',
'SCRIPT_NAME' => '/users/accounts' }
- user = guard.permission( 'users' ) do |u|
+ user = guard.permission_for( 'users' ) do |u|
u.allow_all
end
- guard.permission( 'admins' ) do |a|
+ guard.permission_for( 'admins' ) do |a|
a.parent = user
a.allow_all
end
env[ 'REQUEST_METHOD' ] = 'GET'
@@ -96,14 +98,14 @@
end
it 'allow all' do
env = { 'PATH_INFO' => '/users/accounts',
'SCRIPT_NAME' => '/users/accounts' }
- user = guard.permission( 'users' ) do |u|
+ user = guard.permission_for( 'users' ) do |u|
u.allow_all
end
- guard.permission( 'accounts' ) do |a|
+ guard.permission_for( 'accounts' ) do |a|
a.parent = user
a.allow_all
end
env[ 'REQUEST_METHOD' ] = 'GET'
@@ -127,23 +129,23 @@
'SCRIPT_NAME' => '/users/42',
}
end
it 'denies all requests without associated id' do
- guard.permission( 'users' ) do |u|
- u.allow_all
+ guard.permission_for( 'users' ) do |u|
+ u.allow_all( 42 )
end
['GET', 'POST','PUT', 'DELETE' ].each do |m|
env[ 'REQUEST_METHOD' ] = m
_, _, resp = Cuba.call( env )
resp.join.must.eq m.downcase + '42'
end
end
it 'denies all requests with wrong associated id' do
- guard.permission( 'users', 13 ) do |u|
+ guard.permission_for( 'users', 13 ) do |u|
u.allow_all
end
['GET', 'POST','PUT', 'DELETE' ].each do |m|
env[ 'REQUEST_METHOD' ] = m
@@ -157,11 +159,11 @@
_, _, resp = Cuba.call( env )
resp.join.must.eq 'get["13"]'
end
it 'allows all requests with associated id' do
- guard.permission( 'users', 42 ) do |u|
+ guard.permission_for( 'users', 42 ) do |u|
u.allow_all
end
['GET', 'POST','PUT', 'DELETE' ].each do |m|
env[ 'REQUEST_METHOD' ] = m
@@ -186,11 +188,11 @@
resp.join.must.eq 'Forbidden'
end
end
it 'allows all request' do
- guard.permission( 'users' ) do |u|
+ guard.permission_for( 'users' ) do |u|
u.allow_all
end
['GET', 'POST','PUT', 'DELETE' ].each do |m|
env[ 'REQUEST_METHOD' ] = m
@@ -198,11 +200,11 @@
resp.join.must.eq m.downcase
end
end
it 'allows retrieve' do
- guard.permission( 'users' ) do |u|
+ guard.permission_for( 'users' ) do |u|
u.allow_retrieve
end
m = 'GET'
env[ 'REQUEST_METHOD' ] = m
@@ -215,11 +217,11 @@
resp.join.must.eq 'Forbidden'
end
end
it 'allows retrieve and create' do
- guard.permission( 'users' ) do |u|
+ guard.permission_for( 'users' ) do |u|
u.allow_retrieve
u.allow_create
end
['GET','POST' ].each do |m|
env[ 'REQUEST_METHOD' ] = m
@@ -232,11 +234,11 @@
resp.join.must.eq 'Forbidden'
end
end
it 'allows retrieve and create and update' do
- guard.permission( 'users' ) do |u|
+ guard.permission_for( 'users' ) do |u|
u.allow_mutate
end
['GET', 'POST','PUT' ].each do |m|
env[ 'REQUEST_METHOD' ] = m
_, _, resp = Cuba.call( env )
@@ -246,10 +248,10 @@
_, _, resp = Cuba.call( env )
resp.join.must.eq 'Forbidden'
end
it 'allows retrieve and create and update and delete' do
- guard.permission( 'users' ) do |u|
+ guard.permission_for( 'users' ) do |u|
u.allow_mutate
u.allow_delete
end
['GET', 'POST','PUT', 'DELETE' ].each do |m|
env[ 'REQUEST_METHOD' ] = m