spec/controller/authorization_spec.rb in rad_kit-0.0.8 vs spec/controller/authorization_spec.rb in rad_kit-0.0.9
- old
+ new
@@ -1,149 +1,149 @@
require 'spec_helper'
-describe "Authorizations" do
+describe "Authorizations" do
with_controllers
-
+
isolate :config
-
- before :all do
+
+ before :all do
@permissions = {
'call_controller_level' => [],
'call_business_logic_level' => [],
'call_with_owner' => []
}
-
+
class ::AuthorizationController
inherit Rad::Controller::Http
-
+
inherit Rad::Controller::Authorized
-
+
require_permission :call_controller_level, only: :controller_level
-
+
def unprotected
render_ok
end
-
+
def controller_level
render_ok
end
-
+
def business_logic_level
require_permission :call_business_logic_level
render_ok
end
-
+
def with_owner
require_permission :call_with_owner, owned_object
render_ok
end
-
+
def with_owner_controller_level
render_ok
end
require_permission :call_with_owner, only: :with_owner_controller_level do
owned_object
end
-
- protected
+
+ protected
def owned_object
@@owned_object
end
-
+
def self.owned_object= o
@@owned_object = o
end
end
-
+
rad.router.configure do |c|
- c.resource :authorization_controllers, class_name: 'AuthorizationController'
+ c.resource :authorization_controllers, class_name: 'AuthorizationController'
end
-
+
I18n.locale = :en
- end
-
+ end
+
after :all do
remove_constants %w(AuthorizationController)
end
-
+
before do
AuthorizationController.owned_object = nil
-
+
rad.config.permissions = @permissions
-
+
@user = Models::User.new
rad.user = @user
end
-
+
def raise_authorization_error
raise_error(UserError, /Access Denied/)
end
-
+
it "should allow to call unprotected methods" do
call('/authorization_controllers/unprotected')
response.body.should == "ok"
end
-
- it "should allow declarative authorization at controller level" do
+
+ it "should allow declarative authorization at controller level" do
@user.stub!(:can?).and_return(false)
lambda{
call '/authorization_controllers/controller_level'
}.should raise_authorization_error
# response.should be_redirect
-
+
@user.stub!(:can?).and_return(true)
call '/authorization_controllers/controller_level'
response.body.should == "ok"
end
-
- it "should allow declarative authorization at business logic level" do
+
+ it "should allow declarative authorization at business logic level" do
@user.stub!(:can?).and_return(false)
lambda{
call '/authorization_controllers/business_logic_level'
}.should raise_authorization_error
# response.should be_redirect
-
+
@user.stub!(:can?).and_return(true)
call '/authorization_controllers/business_logic_level'
response.body.should == "ok"
end
-
+
it "should use owner if provided" do
@user.stub!(:can?){false}
lambda{
call '/authorization_controllers/with_owner'
}.should raise_authorization_error
# response.should be_redirect
-
-
+
+
o = Object.new
o.stub!(:owner_name){@user.name}
- AuthorizationController.owned_object = o
-
- @user.stub!(:can?) do |operation, object|
+ AuthorizationController.owned_object = o
+
+ @user.stub!(:can?) do |operation, object|
object and object.owner_name == @user.name
end
-
+
call '/authorization_controllers/with_owner'
response.body.should == "ok"
end
-
- it "should use owner if provided (action level)" do
+
+ it "should use owner if provided (action level)" do
@user.stub!(:can?){false}
lambda{
call '/authorization_controllers/with_owner_controller_level'
}.should raise_authorization_error
# response.should be_redirect
-
-
+
+
o = Object.new
o.stub!(:owner_name){@user.name}
AuthorizationController.owned_object = o
-
- @user.stub!(:can?) do |operation, object|
+
+ @user.stub!(:can?) do |operation, object|
object and object.owner_name == @user.name
end
-
+
call '/authorization_controllers/with_owner_controller_level'
response.body.should == "ok"
end
end
\ No newline at end of file