module Authorization::TestHelper

TestHelper provides assert methods and controller request methods which take authorization into account and set the current user to a specific one.

Defines get_with, post_with, get_by_xhr_with etc. for methods get, post, put, delete each with the signature

get_with(user, action, params = {}, session = {}, flash = {})

Use it by including it in your TestHelper:

require File.expand_path(File.dirname(__FILE__) + 
  "/../vendor/plugins/declarative_authorization/lib/maintenance")
class Test::Unit::TestCase 
  include Authorization::TestHelper
  ...

  def admin
    # create admin user
  end
end

class SomeControllerTest < ActionController::TestCase
  def test_should_get_index
    ...
    get_with admin, :index, :param_1 => "param value"
    ...
  end
end

Note: get_with etc. do two things to set the user for the request: Authorization.current_user is set and session, session are set appropriately. If you determine the current user in a different way, these methods might not work for you.

Public Class Methods

included(base) click to toggle source
# File lib/declarative_authorization/maintenance.rb, line 196
    def self.included (base)
      [:get, :post, :put, :delete].each do |method|
        base.class_eval <<-EOV, __FILE__, __LINE__
          def #{method}_with (user, *args)
            request_with(user, #{method.inspect}, false, *args)
          end

          def #{method}_by_xhr_with (user, *args)
            request_with(user, #{method.inspect}, true, *args)
          end
        EOV
      end
    end

Public Instance Methods

assert_raise_with_user(user, *args, &block) click to toggle source

Analogue to the Ruby's assert_raise method, only executing the block in the context of the given user.

# File lib/declarative_authorization/maintenance.rb, line 143
def assert_raise_with_user (user, *args, &block)
  assert_raise(*args) do
    with_user(user, &block)
  end
end
request_with(user, method, xhr, action, params = {}, session = {}, flash = {}) click to toggle source
# File lib/declarative_authorization/maintenance.rb, line 184
def request_with (user, method, xhr, action, params = {}, 
    session = {}, flash = {})
  session = session.merge({:user => user, :user_id => user && user.id})
  with_user(user) do
    if xhr
      xhr method, action, params, session, flash
    else
      send method, action, params, session, flash
    end
  end
end
should_be_allowed_to(privilege, *args) click to toggle source

Test helper to test authorization rules.

with_user a_normal_user do
  should_not_be_allowed_to :update, :conferences
  should_not_be_allowed_to :read, an_unpublished_conference
  should_be_allowed_to :read, a_published_conference
end

If the objects class name does not match the controller name, you can set the object and context manually

should_be_allowed_to :create, :object => car, :context => :vehicles

If you use specify the object and context manually, you can also specify the user manually, skipping the with_user block:

should_be_allowed_to :create, :object => car, :context => :vehicles, :user => a_normal_user
# File lib/declarative_authorization/maintenance.rb, line 161
def should_be_allowed_to (privilege, *args)
  options = {}
  if(args.first.class == Hash)
    options = args.extract_options!
  else
    options[args[0].is_a?(Symbol) ? :context : :object] = args[0]
  end
  assert_nothing_raised do
    Authorization::Engine.instance.permit!(privilege, options)
  end
end
should_not_be_allowed_to(privilege, *args) click to toggle source

See should_be_allowed_to

# File lib/declarative_authorization/maintenance.rb, line 174
def should_not_be_allowed_to (privilege, *args)
  options = {}
  if(args.first.class == Hash)
    options = args.extract_options!
  else
    options[args[0].is_a?(Symbol) ? :context : :object] = args[0]
  end
  assert !Authorization::Engine.instance.permit?(privilege, options)
end