spec/guard_export_spec.rb in ixtlan-guard-0.7.2 vs spec/guard_export_spec.rb in ixtlan-guard-0.8.0
- old
+ new
@@ -1,23 +1,40 @@
require 'spec_helper'
-require 'ixtlan/guard/guard_ng'
+require 'ixtlan/guard/guard'
require 'logger'
-describe Ixtlan::Guard::GuardNG do
+describe Ixtlan::Guard::Guard do
+ def assert(expected, perms)
+ map = {}
+ expected.each do |e|
+ map[e[:permission][:resource]] = e
+ if e[:permission][:actions]
+ e[:permission][:actions].sort!{ |n,m| n[:action][:name] <=> m[:action][:name] }
+ end
+ end
+ perms.each do |perm|
+ if perm[:actions]
+ perm[:actions].sort!{ |n,m| n.content[:name] <=> m.content[:name] }
+ end
+ map[perm[:resource].to_s].should == perm
+ end
+ end
+
subject do
logger = Logger.new(STDOUT)
def logger.debug(&block)
# info("\n\t[debug] " + block.call)
end
- Ixtlan::Guard::GuardNG.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"), :logger => logger )
+ Ixtlan::Guard::Guard.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"), :logger => logger )
end
context '#permissions' do
it 'should deny all without defaults but wildcard "*" actions' do
- subject.permissions(['unknown_group']).sort { |n,m| n[:resource] <=> m[:resource] }.should == [
+ perm = subject.permissions(['unknown_group'])
+ expected = [
#allow nothing
{:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}},
# allow anything but index
{:permission=>{:resource=>"allow_all_defaults", :actions=>[{:action=>{:name=>"index"}}], :deny=>true}},
{:permission=>
@@ -39,13 +56,16 @@
{:permission=>{:resource=>"person", :actions=>[], :deny=>false}},
#allow nothing
{:permission=>{:resource=>"regions", :actions=>[], :deny=>false}},
#allow nothing
{:permission=>{:resource=>"users", :actions=>[], :deny=>false}}]
+
+ assert(expected, perm)
end
it 'should deny some without defaults but wildcard "*" actions' do
- subject.permissions(['no_admin']).sort { |n,m| n[:resource] <=> m[:resource] }.should == [
+ perm = subject.permissions(['no_admin'])
+ expected = [
#allow nothing
{:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}},
# allow anything but index
{:permission=>{:resource=>"allow_all_defaults", :actions=>[{:action=>{:name=>"index"}}], :deny=>true}},
{:permission=>
@@ -70,24 +90,31 @@
{:permission=>{:resource=>"person", :actions=>[], :deny=>false}},
#allow nothing
{:permission=>{:resource=>"regions", :actions=>[], :deny=>false}},
#allow nothing
{:permission=>{:resource=>"users", :actions=>[], :deny=>false}}]
+
+ assert(expected, perm)
end
it 'should allow "root"' do
- subject.permissions(['root']).sort { |n,m| n[:resource] <=> m[:resource] }.should == [
+ perm = subject.permissions(['root'])
+ expected = [
{:permission=>{:resource=>"accounts", :actions=>[], :deny=>true}},
{:permission=>{:resource=>"allow_all_defaults", :actions=>[], :deny=>true}},
{:permission=>{:resource=>"defaults", :actions=>[], :deny=>true}},
{:permission=>{:resource=>"no_defaults", :actions=>[], :deny=>true}},
{:permission=>{:resource=>"only_defaults", :actions=>[], :deny=>true}},
{:permission=>{:resource=>"person", :actions=>[], :deny=>true}},
{:permission=>{:resource=>"regions", :actions=>[], :deny=>true}},
{:permission=>{:resource=>"users", :actions=>[], :deny=>true}}]
- end
+
+ assert(expected, perm)
+ end
+
it 'should allow with default group' do
- subject.permissions(['_master']).sort { |n,m| n[:resource] <=> m[:resource] }.should == [
+ perm = subject.permissions(['_master'])
+ expected = [
#allow nothing
{:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}},
# allow anything but index
{:permission=>{:resource=>"allow_all_defaults", :actions=>[{:action=>{:name=>"index"}}], :deny=>true}},
{:permission=>
@@ -110,14 +137,17 @@
{:permission=>{:resource=>"person", :actions=>[], :deny=>false}},
#allow nothing
{:permission=>{:resource=>"regions", :actions=>[], :deny=>false}},
#allow nothing
{:permission=>{:resource=>"users", :actions=>[], :deny=>false}}]
+
+ assert(expected, perm)
end
it 'should allow with non-default group' do
- subject.permissions(['_admin']).sort { |n,m| n[:resource] <=> m[:resource] }.should == [
+ perm = subject.permissions(['_admin'])
+ expected = [
#allow nothing
{:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}},
# allow anything but index
{:permission=>{:resource=>"allow_all_defaults", :actions=>[], :deny=>true}},
{:permission=>
@@ -141,29 +171,25 @@
{:permission=>{:resource=>"person", :actions=>[], :deny=>false}},
#allow nothing
{:permission=>{:resource=>"regions", :actions=>[], :deny=>false}},
#allow nothing
{:permission=>{:resource=>"users", :actions=>[], :deny=>false}}]
+
+ assert(expected, perm)
end
it 'should allow with association' do
group = Object.new
def group.name
"region"
end
- subject.permissions([group])do |resource, action, groups|
+ perm = subject.permissions([group])do |resource, groups|
if resource == 'regions'
- case action
- when 'show'
- {:associations => [:europe, :asia]}
- else
- {}
- end
- else
- {}
+ [:europe, :asia]
end
- end.sort { |n,m| n[:resource] <=> m[:resource] }.should == [
+ end
+ expected = [
#allow nothing
{:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}},
# allow anything but index
{:permission=>
{
@@ -192,12 +218,14 @@
{:permission=>
{:resource=>"regions",
:actions=>
[{:action=>{:name=>"show", :associations=>[:europe, :asia]}},
- {:action=>{:name=>"create"}}],
+ {:action=>{:name=>"create", :associations=>[:europe, :asia]}}],
:deny=>false}},
#allow nothing
{:permission=>{:resource=>"users", :actions=>[], :deny=>false}}]
+
+ assert(expected, perm)
end
end
end