RubyGems - acl9 - Versions diffs - 0.12.0 → 2.1.2 - Mend

acl9 0.12.0 → 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (141) hide show

checksums.yaml +7 -0
data/.gitignore +21 -0
data/.ruby-version +1 -0
data/.travis.yml +22 -0
data/Appraisals +11 -0
data/CHANGELOG.md +114 -0
data/CONTRIBUTING.md +62 -0
data/Gemfile +9 -0
data/Gemfile.lock +141 -0
data/LICENSE +9 -0
data/README.md +308 -0
data/Rakefile +9 -27
data/acl9.gemspec +29 -0
data/bin/appraisal +16 -0
data/bin/bundler +16 -0
data/bin/cc-tddium-post-worker +16 -0
data/bin/erubis +16 -0
data/bin/rackup +16 -0
data/bin/rails +16 -0
data/bin/rake +16 -0
data/bin/sprockets +16 -0
data/bin/tapout +16 -0
data/bin/thor +16 -0
data/bin/tilt +16 -0
data/bin/yard +16 -0
data/bin/yardoc +16 -0
data/bin/yri +16 -0
data/gemfiles/rails_4.0.gemfile +10 -0
data/gemfiles/rails_4.1.gemfile +10 -0
data/gemfiles/rails_4.2.gemfile +10 -0
data/lib/acl9/controller_extensions/dsl_base.rb +36 -55
data/lib/acl9/controller_extensions/generators.rb +1 -1
data/lib/acl9/controller_extensions.rb +1 -1
data/lib/acl9/helpers.rb +12 -5
data/lib/acl9/model_extensions/for_object.rb +20 -5
data/lib/acl9/model_extensions/for_subject.rb +48 -21
data/lib/acl9/model_extensions.rb +22 -25
data/lib/acl9/prepositions.rb +18 -0
data/lib/acl9/version.rb +3 -0
data/lib/acl9.rb +36 -10
data/lib/generators/acl9/setup/USAGE +35 -0
data/lib/generators/acl9/setup/setup_generator.rb +115 -0
data/lib/generators/acl9/setup/templates/create_role_tables.rb +22 -0
data/lib/generators/acl9/setup/templates/role.rb +3 -0
data/test/config_test.rb +55 -0
data/test/controller_extensions/actions_test.rb +199 -0
data/test/controller_extensions/anon_test.rb +39 -0
data/test/controller_extensions/base.rb +96 -0
data/test/controller_extensions/basics_test.rb +44 -0
data/test/controller_extensions/conditions_test.rb +48 -0
data/test/controller_extensions/method_test.rb +70 -0
data/test/controller_extensions/multi_match_test.rb +142 -0
data/test/controller_extensions/multiple_role_arguments_test.rb +135 -0
data/test/controller_extensions/prepositions_test.rb +108 -0
data/test/controller_extensions/pseudo_role_test.rb +26 -0
data/test/controller_extensions/role_test.rb +75 -0
data/test/controllers/acl_action_override_test.rb +24 -0
data/test/controllers/acl_arguments_test.rb +5 -0
data/test/controllers/acl_block_test.rb +5 -0
data/test/controllers/acl_boolean_method_test.rb +5 -0
data/test/controllers/acl_helper_method_test.rb +26 -0
data/test/controllers/acl_ivars_test.rb +15 -0
data/test/controllers/acl_method2_test.rb +6 -0
data/test/controllers/acl_method_test.rb +6 -0
data/test/controllers/acl_object_hash_test.rb +18 -0
data/test/controllers/acl_query_method_named_test.rb +9 -0
data/test/controllers/acl_query_method_test.rb +9 -0
data/test/controllers/acl_query_method_with_lambda_test.rb +9 -0
data/test/controllers/acl_query_mixin.rb +51 -0
data/test/controllers/acl_subject_method_test.rb +15 -0
data/test/controllers/arguments_checking_test.rb +43 -0
data/test/dummy/app/controllers/acl_action_override.rb +15 -0
data/test/dummy/app/controllers/acl_arguments.rb +10 -0
data/test/dummy/app/controllers/acl_block.rb +6 -0
data/test/dummy/app/controllers/acl_boolean_method.rb +23 -0
data/test/dummy/app/controllers/acl_helper_method.rb +11 -0
data/test/dummy/app/controllers/acl_ivars.rb +17 -0
data/test/dummy/app/controllers/acl_method.rb +6 -0
data/test/dummy/app/controllers/acl_method2.rb +6 -0
data/test/dummy/app/controllers/acl_objects_hash.rb +10 -0
data/test/dummy/app/controllers/acl_query_method.rb +9 -0
data/test/dummy/app/controllers/acl_query_method_named.rb +13 -0
data/test/dummy/app/controllers/acl_query_method_with_lambda.rb +9 -0
data/test/dummy/app/controllers/acl_subject_method.rb +16 -0
data/test/dummy/app/controllers/application_controller.rb +7 -0
data/test/dummy/app/controllers/empty_controller.rb +5 -0
data/test/dummy/app/helpers/application_helper.rb +2 -0
data/test/dummy/app/helpers/some_helper.rb +8 -0
data/test/dummy/app/models/.keep +0 -0
data/test/dummy/app/models/access.rb +3 -0
data/test/dummy/app/models/account.rb +3 -0
data/test/dummy/app/models/bar.rb +3 -0
data/test/dummy/app/models/concerns/.keep +0 -0
data/test/dummy/app/models/foo.rb +3 -0
data/test/dummy/app/models/foo_bar.rb +3 -0
data/test/dummy/app/models/other/foo.rb +5 -0
data/test/dummy/app/models/other/role.rb +5 -0
data/test/dummy/app/models/other/user.rb +5 -0
data/test/dummy/app/models/role.rb +3 -0
data/test/dummy/app/models/user.rb +3 -0
data/test/dummy/app/models/uuid.rb +4 -0
data/test/dummy/config/application.rb +23 -0
data/test/dummy/config/boot.rb +4 -0
data/test/dummy/config/database.yml +25 -0
data/test/dummy/config/environment.rb +5 -0
data/test/dummy/config/environments/development.rb +37 -0
data/test/dummy/config/environments/production.rb +78 -0
data/test/dummy/config/environments/test.rb +40 -0
data/test/dummy/config/initializers/assets.rb +8 -0
data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/test/dummy/config/initializers/inflections.rb +16 -0
data/test/dummy/config/initializers/mime_types.rb +4 -0
data/test/dummy/config/initializers/secrets.rb +1 -0
data/test/dummy/config/initializers/session_store.rb +3 -0
data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
data/test/dummy/config/locales/en.yml +23 -0
data/test/dummy/config/routes.rb +3 -0
data/test/dummy/config.ru +4 -0
data/test/dummy/db/migrate/20141117132218_create_tables.rb +99 -0
data/test/helpers/helper_test.rb +89 -0
data/test/models/roles_test.rb +357 -0
data/test/models/roles_with_custom_association_names_test.rb +28 -0
data/test/models/roles_with_custom_class_names_test.rb +28 -0
data/test/models/system_roles_test.rb +22 -0
data/test/models/users_roles_and_subjects_with_namespaced_class_names_test.rb +30 -0
data/test/test_helper.rb +80 -20
data/test/version_test.rb +7 -0
metadata +290 -71
data/CHANGELOG.textile +0 -46
data/README.textile +0 -903
data/VERSION.yml +0 -5
data/lib/acl9/config.rb +0 -11
data/test/access_control_test.rb +0 -338
data/test/dsl_base_test.rb +0 -795
data/test/helpers_test.rb +0 -134
data/test/roles_test.rb +0 -355
data/test/support/controllers.rb +0 -207
data/test/support/models.rb +0 -59
data/test/support/schema.rb +0 -92

data/lib/generators/acl9/setup/setup_generator.rb ADDED Viewed

@@ -0,0 +1,115 @@
+require "rails/generators/active_record"
+module Acl9
+  class SetupGenerator < Rails::Generators::Base
+    include ActiveRecord::Generators::Migration
+    source_root File.expand_path('../templates', __FILE__)
+    argument :arg_subject, type: :string, default: 'user', banner: "subject"
+    argument :arg_role, type: :string, default: 'role', banner: "role"
+    argument :arg_objects, type: :array, default: [], banner: "objects..."
+    def create_migration
+      next_migration_number = self.class.next_migration_number( File.expand_path( '../db/migrate', __FILE__))
+      template "create_role_tables.rb", "db/migrate/#{next_migration_number}_create_#{role_name}_tables.rb"
+    end
+    def create_models
+      template "role.rb", "app/models/#{role_name}.rb"
+      objects.each do |object|
+        my_inject "app/models/#{object}.rb", object.classify, "  #{object_helper}\n"
+      end
+      my_inject "app/models/#{subject_name}.rb", subject_class_name, "  #{subject_helper}\n"
+    end
+    def create_initializer
+      initializer "acl9.rb" do
+        <<-RUBY.strip_heredoc
+        # See https://github.com/be9/acl9#configuration for details
+        #
+        # Acl9.configure do |c|
+        #   c.default_role_class_name = 'Role'
+        #   c.default_subject_class_name = 'User'
+        #   c.default_subject_method     = :current_user
+        #   c.default_association_name   = :role_objects
+        #   c.default_join_table_name    = nil
+        #   c.protect_global_roles       = true
+        #   c.normalize_role_names       = true
+        # end
+        RUBY
+      end
+    end
+    private
+    def role_name
+      arg_role.underscore.singularize
+    end
+    def role_table_name
+      role_name.tableize
+    end
+    def role_class_name
+      role_name.classify
+    end
+    def habtm_table
+      Acl9.config.default_join_table_name || [ subject_name, role_name ].map(&:pluralize).sort.join('_')
+    end
+    def subject_helper
+      "acts_as_authorization_subject" + ( subject_options ? " #{subject_options}" : '' )
+    end
+    def object_helper
+      "acts_as_authorization_object" + ( object_options ? " #{object_options}" : '' )
+    end
+    def role_helper
+      "acts_as_authorization_role" + ( role_options ? " #{role_options}" : '' )
+    end
+    def my_inject file_name, class_name, string
+      inject_into_class file_name, class_name, string
+    rescue Errno::ENOENT
+      create_file file_name do
+        <<-RUBY.strip_heredoc
+        class #{class_name} < ActiveRecord::Base
+        #{string}
+        end
+        RUBY
+      end
+    end
+    def role_options
+      if defined?(Acl9::config) && Acl9::config[:default_subject_class_name].to_s.classify != subject_class_name
+        "subject_class_name: #{subject_class_name}"
+      end
+    end
+    def subject_options
+      if defined?(Acl9::config) && Acl9::config[:default_role_class_name].to_s.classify != role_class_name
+        "role_class_name: #{role_class_name}"
+      end
+    end
+    def object_options
+      [ role_options, subject_options ].compact.join ', '
+    end
+    def subject_name
+      @subject_name ||= arg_subject.underscore.singularize
+    end
+    def objects
+      @objects ||= arg_objects.map{|o|o.underscore.singularize}
+    end
+    def subject_class_name
+      subject_name.classify
+    end
+  end
+end

data/lib/generators/acl9/setup/templates/create_role_tables.rb ADDED Viewed

@@ -0,0 +1,22 @@
+class Create<%= role_class_name %>Tables < ActiveRecord::Migration
+  def change
+    create_table :<%= role_table_name %> do |t|
+      t.string   :name,                   null: false
+      t.string   :authorizable_type,      null: true
+      t.integer  :authorizable_id,        null: true
+      t.boolean  :system, default: false, null: false
+      t.timestamps                        null: false
+    end
+    add_index :<%= role_table_name %>, :name
+    add_index :<%= role_table_name %>, [:authorizable_type, :authorizable_id]
+    create_table :<%= habtm_table %>, id: false do |t|
+      t.references  :<%= subject_name %>, null: false
+      t.references  :<%= role_name %>, null: false
+    end
+    add_index :<%= habtm_table %>, :<%= subject_name %>_id
+    add_index :<%= habtm_table %>, :<%= role_name %>_id
+  end
+end

data/lib/generators/acl9/setup/templates/role.rb ADDED Viewed

@@ -0,0 +1,3 @@
+class <%= role_class_name %> < ActiveRecord::Base
+  <%= role_helper %>
+end

data/test/config_test.rb ADDED Viewed

@@ -0,0 +1,55 @@
+require 'test_helper'
+class ConfigTest < ActiveSupport::TestCase
+  teardown do
+    Acl9.config.reset!
+  end
+  test "configure block API" do
+    assert new_method = :fruitcake
+    Acl9.configure do |c|
+      assert c.default_subject_method = new_method
+    end
+    assert_equal new_method, Acl9.config.default_subject_method
+    assert_equal new_method, Acl9.config[:default_subject_method]
+    assert_equal new_method, Acl9::config[:default_subject_method]
+  end
+  test "method API" do
+    assert new_method = :seesaw
+    Acl9.config.default_subject_method = new_method
+    assert_equal new_method, Acl9.config.default_subject_method
+    assert_equal new_method, Acl9.config[:default_subject_method]
+    assert_equal new_method, Acl9::config[:default_subject_method]
+  end
+  test "hash API" do
+    assert new_method = :sandcastle
+    assert Acl9.config[:default_subject_method] = new_method
+    assert_equal new_method, Acl9.config.default_subject_method
+    assert_equal new_method, Acl9.config[:default_subject_method]
+    assert_equal new_method, Acl9::config[:default_subject_method]
+  end
+  test "reset!" do
+    assert new_method = :bluesky
+    assert Acl9.config.default_subject_method = new_method
+    assert Acl9.config.reset!
+    refute_equal new_method, Acl9.config.default_subject_method
+  end
+  test "errors when missing option" do
+    assert_raises NoMethodError do
+      Acl9.config[:does_not_exist] = :foo
+    end
+    assert_raises NoMethodError do
+      Acl9.config[:does_not_exist]
+    end
+  end
+end

data/test/controller_extensions/actions_test.rb ADDED Viewed

@@ -0,0 +1,199 @@
+require_relative 'base'
+module ControllerExtensions
+  class ActionTest < Base
+    test "should raise an ArgumentError when actions has no block" do
+      assert_raise ArgumentError do
+        @tester.acl_block! { actions :foo, :bar }
+      end
+    end
+    test "should raise an ArgumentError when actions has no arguments" do
+      assert_raise ArgumentError do
+        @tester.acl_block! { actions do end }
+      end
+    end
+    test "should raise an ArgumentError when actions is called inside actions block" do
+      assert_raise ArgumentError do
+        @tester.acl_block! do
+          actions :foo, :bar do
+            actions :foo, :bar do
+            end
+          end
+        end
+      end
+    end
+    test "should raise an ArgumentError when default is called inside actions block" do
+      assert_raise ArgumentError do
+        @tester.acl_block! do
+          actions :foo, :bar do
+            default :allow
+          end
+        end
+      end
+    end
+    [:to, :only, :except].each do |opt|
+      test "should raise an ArgumentError when allow is called with #{opt} option" do
+        assert_raise ArgumentError do
+          @tester.acl_block! do
+            actions :foo do
+              allow all, opt => :bar
+            end
+          end
+        end
+      end
+      test "should raise an ArgumentError when deny is called with #{opt} option" do
+        assert_raise ArgumentError do
+          @tester.acl_block! do
+            actions :foo do
+              deny all, opt => :bar
+            end
+          end
+        end
+      end
+    end
+    test "empty actions block should do nothing" do
+      @tester.acl_block! do
+        actions :foo do
+        end
+        allow all
+      end
+      assert_permitted nil
+      assert_permitted nil, :foo
+    end
+    test "#allow should limit its scope to specified actions" do
+      assert ( bee = User.create ).has_role! :bee
+      @tester.acl_block! do
+        actions :edit do
+          allow :bee
+        end
+      end
+      assert_permitted bee, :edit
+      assert_forbidden bee, :update
+    end
+    test "#deny should limit its scope to specified actions" do
+      assert ( bee = User.create ).has_role! :bee
+      @tester.acl_block! do
+        default :allow
+        actions :edit do
+          deny :bee
+        end
+      end
+      assert_forbidden bee, :edit
+      assert_permitted bee, :update
+    end
+    test "#allow and #deny should work together inside actions block" do
+      assert foo = Foo.create
+      assert ( owner = User.create ).has_role! :owner, foo
+      assert ( hacker = User.create ).has_role! :hacker
+      assert hacker.has_role! :the_destroyer
+      assert ( another_owner = User.create ).has_role! :owner, foo
+      assert another_owner.has_role! :hacker
+      @tester.acl_block! do
+        actions :show, :index do
+          allow all
+        end
+        actions :edit, :new, :create, :update do
+          allow :owner, :of => :foo
+          deny :hacker
+        end
+        actions :destroy do
+          allow :owner, :of => :foo
+          allow :the_destroyer
+        end
+      end
+      assert set_all_actions
+      permit_some owner,  @all_actions, :foo => foo
+      permit_some hacker, %w(show index destroy)
+      permit_some another_owner, %w(show index destroy), :foo => foo
+    end
+    def set_all_actions
+      @all_actions = %w(index show new edit create update destroy)
+    end
+    test "should work with anonymous" do
+      assert ( superadmin = User.create ).has_role! :superadmin
+      @tester.acl_block! do
+        allow :superadmin
+        action :index, :show do
+          allow anonymous
+        end
+      end
+      assert set_all_actions
+      permit_some superadmin, @all_actions
+      permit_some nil, %w(index show)
+    end
+    test "should work with anonymous and other role inside" do
+      assert ( superadmin = User.create ).has_role! :superadmin
+      assert ( member = User.create ).has_role! :member
+      @tester.acl_block! do
+        allow :superadmin
+        action :index, :show do
+          allow anonymous
+          allow :member
+        end
+      end
+      assert set_all_actions
+      permit_some superadmin, @all_actions
+      permit_some member, %w(index show)
+      permit_some nil, %w(index show)
+    end
+    test "multiple allows in an action" do
+      assert ( special = User.create ).has_role! :special
+      assert ( viewer = User.create ).has_role! :viewer
+      @tester.acl_block! do
+        action :show do
+          allow all
+          allow :viewer
+        end
+      end
+      assert set_all_actions
+      permit_some special, %w(show)
+      permit_some viewer, %w(show)
+    end
+    test "multiple allows with logged_in" do
+      assert ( normal = User.create )
+      assert ( viewer = User.create ).has_role! :viewer
+      @tester.acl_block! do
+        action :index do
+          allow logged_in
+          allow :viewer
+        end
+      end
+      assert set_all_actions
+      permit_some normal, %w(index)
+      permit_some viewer, %w(index)
+    end
+  end
+end

data/test/controller_extensions/anon_test.rb ADDED Viewed

@@ -0,0 +1,39 @@
+require_relative 'base'
+module ControllerExtensions
+  class AnonTest < Base
+    test "allow nil permits only nil" do
+      @tester.acl_block! { allow nil }
+      assert_permitted nil
+      assert_user_types_forbidden
+    end
+    test "allow anon permits only nil" do
+      @tester.acl_block! { allow anonymous }
+      assert_permitted nil
+      assert_user_types_forbidden
+    end
+    test "default allowed, nil denied" do
+      @tester.acl_block! do
+        default :allow
+        deny nil
+      end
+      assert_forbidden nil
+      assert_user_types_permitted
+    end
+    test "default allowed, anon denied" do
+      @tester.acl_block! do
+        default :allow
+        deny anonymous
+      end
+      assert_forbidden nil
+      assert_user_types_permitted
+    end
+  end
+end

data/test/controller_extensions/base.rb ADDED Viewed

@@ -0,0 +1,96 @@
+require 'test_helper'
+module ControllerExtensions
+  class Base < ActiveSupport::TestCase
+    setup do
+      # TODO - clean this up so we don't need to create such a complex object just for a test
+      @tester = Class.new(Acl9::Dsl::Base) do
+        def check_allowance(subject, *args)
+          @_subject = subject
+          @_current_action = (args[0] || 'index').to_s
+          @_objects = args.last.is_a?(Hash) ? args.last : {}
+          @_callable = @_objects.delete(:call)
+          instance_eval(allowance_expression)
+        end
+        def _subject_ref
+          "@_subject"
+        end
+        def _object_ref(object)
+          "@_objects[:#{object}]"
+        end
+        def _action_ref
+          "@_current_action"
+        end
+        def _method_ref(method)
+          "@_callable.send(:#{method})"
+        end
+      end.new
+    end
+    def permit_some(user, actions, vars = {})
+      actions.each                  { |act| assert_permitted(user, act, vars) }
+      (@all_actions - actions).each { |act| assert_forbidden(user, act, vars) }
+    end
+    def assert_permitted *args
+      assert @tester.check_allowance *args
+    end
+    def assert_forbidden *args
+      refute @tester.check_allowance *args
+    end
+    def assert_all_forbidden
+      assert_forbidden nil
+      assert_user_types_forbidden
+    end
+    def assert_all_permitted
+      assert_permitted nil
+      assert_user_types_permitted
+    end
+    def assert_user_types_forbidden
+      assert @user = User.create
+      assert_forbidden @user
+      assert_admins_forbidden
+    end
+    def assert_admins_forbidden
+      assert @user = User.first_or_create
+      assert @user.has_role! :admin
+      assert_forbidden @user
+      assert @user.has_role! :admin, Foo
+      assert_forbidden @user
+      assert @user.has_role! :admin, Foo.first_or_create
+      assert_forbidden @user
+    end
+    def assert_user_types_permitted
+      assert @user = User.first_or_create
+      assert_permitted @user
+      assert_admins_permitted
+    end
+    def assert_admins_permitted
+      assert @user = User.first_or_create
+      assert @user.has_role! :admin
+      assert_permitted @user
+      assert @user.has_role! :admin, Foo
+      assert_permitted @user
+      assert @user.has_role! :admin, Foo.first_or_create
+      assert_permitted @user
+    end
+  end
+end

data/test/controller_extensions/basics_test.rb ADDED Viewed

@@ -0,0 +1,44 @@
+require_relative 'base'
+module ControllerExtensions
+  class BasicsTest < Base
+    test "empty default denies" do
+      @tester.acl_block! { }
+      assert_equal :deny, @tester.default_action
+      assert_all_forbidden
+    end
+    test "deny default denies" do
+      @tester.acl_block! { default :deny }
+      assert_equal :deny, @tester.default_action
+      assert_all_forbidden
+    end
+    test "allow default allows" do
+      @tester.acl_block! { default :allow }
+      assert_equal :allow, @tester.default_action
+      assert_all_permitted
+    end
+    test "error with bad args" do
+      assert_raise ArgumentError do
+        @tester.acl_block! { default 123 }
+      end
+      assert_raise ArgumentError do
+        @tester.acl_block! do
+          default :deny
+          default :deny
+        end
+      end
+      assert_raise ArgumentError do
+        @tester.acl_block! { allow }
+      end
+      assert_raise ArgumentError do
+        @tester.acl_block! { deny }
+      end
+    end
+  end
+end

data/test/controller_extensions/conditions_test.rb ADDED Viewed

@@ -0,0 +1,48 @@
+require_relative 'base'
+module ControllerExtensions
+  class ConditionsTest < Base
+    [:if, :unless].each do |cond|
+      test "should raise ArgumentError when #{cond} is not a Symbol" do
+         assert_raise ArgumentError do
+          @tester.acl_block! { allow nil, cond => 123 }
+        end
+      end
+    end
+    test "allow ... :if" do
+      @tester.acl_block! do
+        allow nil, :if => :meth
+      end
+      assert_permitted nil, :call => OpenStruct.new(:meth => true)
+      assert_forbidden nil, :call => OpenStruct.new(:meth => false)
+    end
+    test "allow ... :unless" do
+      @tester.acl_block! do
+        allow nil, :unless => :meth
+      end
+      assert_permitted nil, :call => OpenStruct.new(:meth => false)
+      assert_forbidden nil, :call => OpenStruct.new(:meth => true)
+    end
+    test "deny ... :if" do
+      @tester.acl_block! do
+        default :allow
+        deny nil, :if => :meth
+      end
+      assert_permitted nil, :call => OpenStruct.new(:meth => false)
+      assert_forbidden nil, :call => OpenStruct.new(:meth => true)
+    end
+    test "deny ... :unless" do
+      @tester.acl_block! do
+        default :allow
+        deny nil, :unless => :meth
+      end
+      assert_permitted nil, :call => OpenStruct.new(:meth => true)
+      assert_forbidden nil, :call => OpenStruct.new(:meth => false)
+    end
+  end
+end

data/test/controller_extensions/method_test.rb ADDED Viewed

@@ -0,0 +1,70 @@
+require_relative 'base'
+module ControllerExtensions
+  class MethodTest < Base
+    def run_tests
+      %w(index show).each                 { |act| assert_permitted nil, act }
+      %w(edit update delete destroy).each { |act| assert_forbidden nil, act }
+      %w(index show edit update).each { |act| assert_permitted @manager, act }
+      %w(delete destroy).each         { |act| assert_forbidden @manager, act }
+      %w(index show edit update delete destroy).each { |act| assert_permitted @trusted, act }
+    end
+    test "should raise an ArgumentError when either :to or :only and :except are specified" do
+      %i[to only].each do |only|
+        assert_raise ArgumentError do
+          @tester.acl_block! { allow all, only => :index, :except => ['show', 'edit'] }
+        end
+      end
+    end
+    test ":to and :only should combine in union" do
+      assert ( @manager = User.create ).has_role! :manager
+      assert ( @trusted = User.create ).has_role! :trusted
+      @tester.acl_block! do
+        allow all,      :only => :index, :to => :show
+        allow 'manager', :only => :edit, :to => 'edit'
+        allow 'manager', :to => 'update', :only => :update
+        allow 'trusted', :only => %w(edit update destroy), :to => %w(edit delete)
+      end
+      run_tests
+    end
+    test ":to and :only should limit rule scope to specified actions" do
+      assert ( @manager = User.create ).has_role! :manager
+      assert ( @trusted = User.create ).has_role! :trusted
+      %i[to only].each do |only|
+        @tester.acl_block! do
+          allow all,       only => [:index, :show]
+          allow 'manager', only => :edit
+          allow 'manager', only => 'update'
+          allow 'trusted', only => %w(edit update delete destroy)
+        end
+        run_tests
+      end
+    end
+    test ":except should limit rule scope to all actions except specified" do
+      assert ( @manager = User.create ).has_role! :manager
+      assert ( @trusted = User.create ).has_role! :trusted
+      @tester.acl_block! do
+        allow all,       :except => %w(edit update delete destroy)
+        allow 'manager', :except => %w(delete destroy)
+        allow 'trusted'
+      end
+      run_tests
+    end
+  end
+end