ae_declarative_authorization 0.10.1 → 0.10.2

data/test/database.yml

@@ -1,3 +0,0 @@
-test:
-  adapter: sqlite3
-  database: ":memory:"

data/test/dsl_reader_test.rb

@@ -1,178 +0,0 @@
-require 'test_helper'
-
-class DSLReaderTest < Test::Unit::TestCase
-  def test_privileges
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      privileges do
-        privilege :test_priv do
-          includes :lower_priv
-        end
-      end
-    }
-    assert_equal 2, reader.privileges_reader.privileges.length
-    assert_equal [[:lower_priv, nil]], 
-      reader.privileges_reader.privilege_hierarchy[:test_priv]
-  end
-  
-  def test_privileges_with_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      privileges do
-        privilege :test_priv, :test_context do
-          includes :lower_priv
-        end
-      end
-    }
-    assert_equal [[:lower_priv, :test_context]], 
-      reader.privileges_reader.privilege_hierarchy[:test_priv]
-  end
-  
-  def test_privileges_one_line
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      privileges do
-        privilege :test_priv, :test_context, :includes => :lower_priv
-        privilege :test_priv_2, :test_context, :includes => [:lower_priv]
-        privilege :test_priv_3, :includes => [:lower_priv]
-      end
-    }
-    assert_equal [[:lower_priv, :test_context]], 
-      reader.privileges_reader.privilege_hierarchy[:test_priv]
-    assert_equal [[:lower_priv, :test_context]], 
-      reader.privileges_reader.privilege_hierarchy[:test_priv_2]
-    assert_equal [[:lower_priv, nil]], 
-      reader.privileges_reader.privilege_hierarchy[:test_priv_3]
-  end
-  
-  def test_auth_role
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          includes :lesser_role
-          has_permission_on :items, :to => :read
-        end
-      end
-    }
-    assert_equal 1, reader.auth_rules_reader.roles.length
-    assert_equal [:lesser_role], reader.auth_rules_reader.role_hierarchy[:test_role]
-    assert_equal 1, reader.auth_rules_reader.auth_rules.length
-  end
-  
-  def test_auth_role_permit_on
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :test_context do
-            to :test_perm, :manage
-            if_attribute :test_attr => is { user.test_attr }
-          end
-        end
-      end
-    |
-    assert_equal 1, reader.auth_rules_reader.roles.length
-    assert_equal 1, reader.auth_rules_reader.auth_rules.length
-    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test_perm], :test_context)
-    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:manage], :test_context)
-  end
-  
-  def test_permit_block
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :perms, :to => :test do
-            if_attribute :test_attr   => is { user.test_attr }
-            if_attribute :test_attr_2 => is_not { user.test_attr }
-            if_attribute :test_attr_3 => contains { user.test_attr }
-            if_attribute :test_attr_4 => does_not_contain { user.test_attr }
-            if_attribute :test_attr_5 => is_in { user.test_attr }
-            if_attribute :test_attr_5 => is_not_in { user.test_attr }
-            if_attribute :test_attr_6 => lt { user.test_attr }
-            if_attribute :test_attr_6 => lte { user.test_attr }
-            if_attribute :test_attr_6 => gt { user.test_attr }
-            if_attribute :test_attr_6 => gte { user.test_attr }
-          end
-        end
-      end
-    |
-    assert_equal 1, reader.auth_rules_reader.roles.length
-    assert_equal 1, reader.auth_rules_reader.auth_rules.length
-    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
-  end
-  
-  def test_has_permission_to_with_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %|
-      authorization do
-        role :test_role do
-          has_permission_on :perms, :to => :test
-        end
-      end
-    |
-    assert_equal 1, reader.auth_rules_reader.roles.length
-    assert_equal 1, reader.auth_rules_reader.auth_rules.length
-    assert reader.auth_rules_reader.auth_rules[0].matches?(:test_role, [:test], :perms)
-  end
-  
-  def test_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      contexts do
-        context :high_level_context do
-          includes :low_level_context_1, :low_level_context_2
-        end
-      end
-    }
-  end
-  
-  def test_dsl_error
-    reader = Authorization::Reader::DSLReader.new
-    assert_raise(Authorization::Reader::DSLError) do
-      reader.parse %{
-        authorization do
-          includes :lesser_role
-        end
-      }
-    end
-  end
-  
-  def test_syntax_error
-    reader = Authorization::Reader::DSLReader.new
-    assert_raise(Authorization::Reader::DSLSyntaxError) do
-      reader.parse %{
-        authorizations do
-        end
-      }
-    end
-  end
-  
-  def test_syntax_error_2
-    reader = Authorization::Reader::DSLReader.new
-    assert_raise(Authorization::Reader::DSLSyntaxError) do
-      reader.parse %{
-        authorizations
-        end
-      }
-    end
-  end
-
-  def test_factory_returns_self
-    reader = Authorization::Reader::DSLReader.new
-    assert_equal(Authorization::Reader::DSLReader.factory(reader).object_id, reader.object_id)
-  end
-
-  def test_factory_loads_file
-    reader = Authorization::Reader::DSLReader.factory((DA_ROOT + "authorization_rules.dist.rb").to_s)
-    assert_equal(Authorization::Reader::DSLReader, reader.class)
-  end
-
-  def test_load_file_not_found
-    assert_raise(Authorization::Reader::DSLFileNotFoundError) do
-      Authorization::Reader::DSLReader.new.load!("nonexistent_file.rb")
-    end
-  end
-end
-

data/test/functional/filter_access_to_with_id_in_scope_test.rb

@@ -1,88 +0,0 @@
-require 'test_helper'
-
-class UsersController < MocksController
-  before_action :initialize_user
-  filter_access_to :all, attribute_check: true
-  define_action_methods :show
-
-  def initialize_user
-    @user = User.find(params[:id])
-  end
-end
-
-class FilterAccessToWithIdInScopeTest < ActionController::TestCase
-  include DeclarativeAuthorization::Test::Helpers
-
-  tests UsersController
-
-  access_tests do
-    params :user do |old_user, new_user|
-      assert_equal :old_user, old_user
-      assert_equal :new_user, new_user
-      { id: User.create! }
-    end
-    
-    role :users do
-      privilege :read do
-        allowed to: :show, with: :user
-      end
-    end
-  end
-
-  AUTHORIZATION_RULES = <<-RULES.freeze
-    authorization do
-      role :users__read do
-        has_permission_on :users, :to => [:show] do
-          if_attribute :id => id_in_scope { User.visible_by(user) }
-        end
-      end
-    end
-  RULES
-
-  setup do
-    @reader = Authorization::Reader::DSLReader.new
-    @reader.parse(AUTHORIZATION_RULES)
-    Authorization::Engine.instance(@reader)
-  end
-
-  def test_id_in_scope__filter_access_to__has_access
-    with_routing do |map|
-      setup_routes(map)
-
-      current_user = User.create!(role_symbols: [:users__read])
-      different_user = User.create!
-
-      request!(current_user, :show, @reader, id: current_user.id)
-      assert @controller.authorized?
-    end
-  end
-
-  def test_id_in_scope__filter_access_to__does_not_have_access
-    with_routing do |map|
-      setup_routes(map)
-
-      current_user = User.create!(role_symbols: [:users__read])
-      different_user = User.create!
-
-      request!(current_user, :show, @reader, id: different_user.id)
-      assert !@controller.authorized?
-    end
-  end
-
-  private
-
-  def setup_routes(map)
-    map.draw do
-      get '/users', controller: 'users', action: :show
-    end
-  end
-
-  def access_test_user(role, privilege)
-    User.new(role_symbols: [ :"#{role}__#{privilege}" ])
-  end
-
-  def access_test_params_for_param_methods
-    [:old_user, :new_user]
-  end
-end
-

data/test/functional/no_filter_access_to_test.rb

@@ -1,79 +0,0 @@
-require 'test_helper'
-
-class NoFilterAccessObject < MockDataObject
-  def self.name
-    "NoFilterAccessObject"
-  end
-end
-
-class NoFilterAccessObjectsController < MocksController
-  filter_access_to :all, attribute_check: true, load_method: :find_no_filter_access_object
-  no_filter_access_to :index
-
-  define_action_methods :index, :show
-
-  private
-
-  def find_no_filter_access_object
-    NoFilterAccessObject.find_or_initialize_by(params.permit(:id, :special_attribute).to_hash)
-  end
-end
-
-class NoFilterAccessToTest < ActionController::TestCase
-  include DeclarativeAuthorization::Test::Helpers
-  tests NoFilterAccessObjectsController
-
-  access_tests_not_required
-
-  AUTHORIZATION_RULES = <<-RULES.freeze
-    authorization do
-      role :allowed_role do
-        has_permission_on :no_filter_access_objects, to: :index do
-          if_attribute special_attribute: is { 'secret' }
-        end
-        has_permission_on :no_filter_access_objects, to: :show do
-          if_attribute id: is { '1' }
-        end
-      end
-    end
-  RULES
-
-  setup do
-    @reader = Authorization::Reader::DSLReader.new
-    @reader.parse(AUTHORIZATION_RULES)
-    Authorization::Engine.instance(@reader)
-  end
-
-  def test_filter_access_to
-    with_routing do |map|
-      map.draw do
-        resources :no_filter_access_objects, only: [:index, :show]
-      end
-
-      disallowed_user = MockUser.new
-      allowed_user = MockUser.new(:allowed_role)
-
-      request!(disallowed_user, :show, @reader, id: '1')
-      assert !@controller.authorized?
-
-      request!(allowed_user, :show, @reader, id: '100', clear: [:@no_filter_access_object])
-      assert !@controller.authorized?
-
-      request!(allowed_user, :show, @reader, id: '1', clear: [:@no_filter_access_object])
-      assert @controller.authorized?
-    end
-  end
-
-  def test_no_filter_access_to
-    with_routing do |map|
-      map.draw do
-        resources :no_filter_access_objects, only: [:index, :show]
-      end
-
-      non_special_user = MockUser.new
-
-      request!(non_special_user, :index, @reader, id: '1', special_attribute: 'wrong')
-      assert @controller.authorized?
-    end
-  end
-end

data/test/functional/params_block_arity_test.rb

@@ -1,39 +0,0 @@
-require 'test_helper'
-
-class ParamsBlockArityTest < ActionController::TestCase
-  include DeclarativeAuthorization::Test::Helpers
-
-  class ParamsBlockArityTestController < ApplicationController
-
-  end
-
-  tests ParamsBlockArityTestController
-
-  access_tests do
-
-    params :less_than_max_arguments do | one |
-      { this: :works }
-    end
-
-    params :too_many_arguments do | one, two, three |
-      { what: :ever }
-    end
-
-  end
-
-  def test_params_arity
-    assert_raises(InvalidParamsBlockArity) do
-      access_test_params(:too_many_arguments)
-    end
-
-    assert_equal({ this: :works }, access_test_params(:less_than_max_arguments))
-  end
-
-  private
-
-  def access_test_params_for_param_methods
-    [:old_user, :new_user]
-  end
-
-end
-

data/test/grape_api_test.rb

@@ -1,508 +0,0 @@
-require 'test_helper'
-
-# TODO: remove this conditional when rails 4 support is removed
-if defined?(Grape)
-  class LoadMockObject < MockDataObject
-    def self.name
-      "LoadMockObject"
-    end
-  end
-
-  ##################
-  class SpecificMocks < MocksAPI
-    filter_access_to 'GET /specific_mocks/test_action', :require => :test, :context => :permissions
-    filter_access_to 'GET /specific_mocks/test_action_2', :require => :test, :context => :permissions_2
-    filter_access_to 'GET /specific_mocks/show'
-    filter_access_to 'GET /specific_mocks/edit', 'POST /specific_mocks/create', :require => :test, :context => :permissions
-    filter_access_to 'GET /specific_mocks/edit2', :require => :test, :context => :permissions,
-      :attribute_check => true, :model => LoadMockObject
-    filter_access_to 'GET /specific_mocks/new', :require => :test, :context => :permissions
-
-    filter_access_to ['GET /specific_mocks/action_group_action_1', 'GET /specific_mocks/action_group_action_2']
-    define_action_methods :test_action, :test_action_2, :show, :edit, :create,
-      :edit_2, :new, :unprotected_action, :action_group_action_1, :action_group_action_2
-  end
-
-  class BasicAPITest < ApiTestCase
-    tests SpecificMocks
-
-    def test_filter_access_to_receiving_an_explicit_array
-      reader = Authorization::Reader::DSLReader.new
-
-      reader.parse %{
-        authorization do
-          role :test_action_group_2 do
-            has_permission_on :specific_mocks, :to => 'GET /specific_mocks/action_group_action_2'
-          end
-        end
-      }
-
-      request!(MockUser.new(:test_action_group_2), "/specific_mocks/action_group_action_2", reader)
-      assert last_endpoint.authorized?
-      request!(MockUser.new(:test_action_group_2), "/specific_mocks/action_group_action_1", reader)
-      assert !last_endpoint.authorized?
-      request!(nil, "/specific_mocks/action_group_action_2", reader)
-      assert !last_endpoint.authorized?
-    end
-
-    def test_filter_access
-      assert SpecificMocks.top_level_setting.namespace_stackable[:befores].any?
-
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :permissions, :to => :test
-            has_permission_on :specific_mocks, :to => 'GET /specific_mocks/show'
-          end
-        end
-      }
-
-      request!(MockUser.new(:test_role), "/specific_mocks/test_action", reader)
-      assert last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role), "/specific_mocks/test_action_2", reader)
-      assert !last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role_2), "/specific_mocks/test_action", reader)
-      assert_equal 403, last_response.status
-      assert !last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role), "/specific_mocks/show", reader)
-      assert last_endpoint.authorized?
-    end
-
-    def test_filter_access_multi_actions
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :permissions, :to => :test
-          end
-        end
-      }
-      request!(MockUser.new(:test_role), "/specific_mocks/create", reader)
-      assert last_endpoint.authorized?
-    end
-
-    def test_filter_access_unprotected_actions
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-          end
-        end
-      }
-      request!(MockUser.new(:test_role), "/specific_mocks/unprotected_action", reader)
-      assert last_endpoint.authorized?
-    end
-
-    def test_filter_access_priv_hierarchy
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        privileges do
-          privilege :read do
-            includes "GET /specific_mocks/list", "GET /specific_mocks/show"
-          end
-        end
-        authorization do
-          role :test_role do
-            has_permission_on :specific_mocks, :to => :read
-          end
-        end
-      }
-      request!(MockUser.new(:test_role), "/specific_mocks/show", reader)
-      assert last_endpoint.authorized?
-    end
-
-    def test_filter_access_skip_attribute_test
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :permissions, :to => :test do
-              if_attribute :id => is { user }
-            end
-          end
-        end
-      }
-      request!(MockUser.new(:test_role), "/specific_mocks/new", reader)
-      assert last_endpoint.authorized?
-    end
-
-    def test_existing_instance_var_remains_unchanged
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :permissions, :to => :test do
-              if_attribute :id => is { 5 }
-            end
-          end
-        end
-      }
-      mock_object = MockDataObject.new(:id => 5)
-
-      request!(MockUser.new(:test_role), "/specific_mocks/edit_2", reader) do |endpoint|
-        endpoint.send(:instance_variable_set, :"@load_mock_object", mock_object)
-      end
-      assert_equal mock_object, last_endpoint.send(:instance_variable_get, :"@load_mock_object")
-      assert last_endpoint.authorized?
-    end
-
-    def test_permitted_to_without_context
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :specific_mocks, :to => :test
-          end
-        end
-      }
-
-      # Make any request so we can get a reference to an endpoint
-      request!(MockUser.new(:test_role), "/specific_mocks/show", reader)
-
-      assert last_endpoint.permitted_to?(:test)
-    end
-  end
-
-  ##################
-  class AllMocks < MocksAPI
-    filter_access_to :all
-    filter_access_to 'GET /all_mocks/view', :require => :test, :context => :permissions
-    define_action_methods :show, :view
-  end
-
-  class AllActionsAPITest < ApiTestCase
-    tests AllMocks
-
-    def test_filter_access_all
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :permissions, :to => :test
-            has_permission_on :all_mocks, :to => 'GET /all_mocks/show'
-          end
-        end
-      }
-
-      request!(MockUser.new(:test_role), "/all_mocks/show", reader)
-      assert last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role), "/all_mocks/view", reader)
-      assert last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role_2), "/all_mocks/show", reader)
-      assert !last_endpoint.authorized?
-    end
-  end
-
-  ##################
-  class LoadMockObjects < MocksAPI
-    filter_access_to 'GET /load_mock_objects/:id', :attribute_check => true, :model => LoadMockObject
-    filter_access_to 'GET /load_mock_objects/:id/edit', :attribute_check => true
-    filter_access_to 'PUT /load_mock_objects/:id', 'DELETE /load_mock_objects/:id', :attribute_check => true,
-                     :load_method => proc {MockDataObject.new(:test => 1)}
-    filter_access_to 'POST /load_mock_objects' do
-      permitted_to! 'GET /load_mock_objects/:id/edit', :load_mock_objects
-    end
-    filter_access_to 'GET /load_mock_objects/view', :attribute_check => true, :load_method => :load_method
-
-    helpers do
-      @load_method_call_count = 0
-
-      def load_method_call_count
-        @load_method_call_count || 0
-      end
-
-      def load_method
-        @load_method_call_count ||= 0
-        @load_method_call_count += 1
-        MockDataObject.new(:test => 2)
-      end
-    end
-
-    resources :load_mock_objects do
-      get :view do
-        @authorized = true
-        'nothing'
-      end
-
-      route_param :id do
-        get do
-          @authorized = true
-          'nothing'
-        end
-
-        get :edit do
-          @authorized = true
-          'nothing'
-        end
-
-        put do
-          @authorized = true
-          'nothing'
-        end
-
-        delete do
-          @authorized = true
-          'nothing'
-        end
-      end
-
-      post do
-        @authorized = true
-        'nothing'
-      end
-    end
-  end
-
-  class LoadObjectAPITest < ApiTestCase
-    tests LoadMockObjects
-
-    def test_filter_access_with_object_load
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :load_mock_objects, :to => [
-              'GET /load_mock_objects/:id',
-              'GET /load_mock_objects/:id/edit'
-            ] do
-              if_attribute :id => 1
-              if_attribute :id => "1"
-            end
-          end
-        end
-      }
-
-      request!(MockUser.new(:test_role), "/load_mock_objects/2", reader)
-      assert !last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role), "/load_mock_objects/1", reader,
-        :clear => [:@load_mock_object])
-      assert last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role), "/load_mock_objects/1/edit", reader,
-        :clear => [:@load_mock_object])
-      assert last_endpoint.authorized?
-      assert last_endpoint.instance_variable_defined?(:@load_mock_object)
-    end
-
-    def test_filter_access_with_object_load_custom
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :load_mock_objects, :to => 'GET /load_mock_objects/view' do
-              if_attribute :test => is {2}
-            end
-            has_permission_on :load_mock_objects, :to => 'PUT /load_mock_objects/:id' do
-              if_attribute :test => is {1}
-            end
-            has_permission_on :load_mock_objects, :to => 'DELETE /load_mock_objects/:id' do
-              if_attribute :test => is {2}
-            end
-          end
-        end
-      }
-
-      request!(MockUser.new(:test_role), "/load_mock_objects/1", reader, :method => :delete)
-      assert !last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role), "/load_mock_objects/view", reader)
-      assert last_endpoint.authorized?
-      assert_equal 1, last_endpoint.load_method_call_count
-
-      request!(MockUser.new(:test_role_2), "/load_mock_objects/view", reader)
-      assert !last_endpoint.authorized?
-      assert_equal 1, last_endpoint.load_method_call_count
-
-      # Test the custom load_object method on the `PUT /load_mock_objects/:id` action
-      request!(MockUser.new(:test_role), "/load_mock_objects/123", reader, :method => :put)
-      assert last_endpoint.authorized?
-    end
-
-    def test_filter_access_custom
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :load_mock_objects, :to => 'GET /load_mock_objects/:id/edit'
-          end
-          role :test_role_2 do
-            has_permission_on :load_mock_objects, :to => 'POST /load_mock_objects'
-          end
-        end
-      }
-
-      request!(MockUser.new(:test_role), "/load_mock_objects", reader, :method => :post)
-      assert last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role_2), "/load_mock_objects", reader, :method => :post)
-      assert !last_endpoint.authorized?
-    end
-  end
-
-  ##################
-  class AccessOverwrites < MocksAPI
-    filter_access_to 'GET /access_overwrites/test_action', 'GET /access_overwrites/test_action_2',
-      :require => :test, :context => :permissions_2
-    filter_access_to 'GET /access_overwrites/test_action', :require => :test, :context => :permissions
-    define_action_methods :test_action, :test_action_2
-  end
-
-  class AccessOverwritesAPITest < ApiTestCase
-    tests AccessOverwrites
-
-    def test_filter_access_overwrite
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :permissions, :to => :test
-          end
-        end
-      }
-      request!(MockUser.new(:test_role), "/access_overwrites/test_action_2", reader)
-      assert !last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role), "/access_overwrites/test_action", reader)
-      assert last_endpoint.authorized?
-    end
-  end
-
-  ##################
-  class People < MocksAPI
-    filter_access_to :all
-    define_action_methods :show
-  end
-
-  class PeopleAPITest < ApiTestCase
-    tests People
-
-    def test_filter_access_people_controller
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :people, :to => 'GET /people/show'
-          end
-        end
-      }
-      request!(MockUser.new(:test_role), "/people/show", reader)
-      assert last_endpoint.authorized?
-    end
-  end
-
-  ##################
-  class CommonAPI < MocksAPI
-    filter_access_to :delete, :context => :common
-    filter_access_to :all
-  end
-  class CommonChild1API < CommonAPI
-    filter_access_to :all, :context => :context_1
-  end
-  class CommonChild2 < CommonAPI
-    filter_access_to :delete
-    define_action_methods :show, :delete
-  end
-
-  class HierachicalAPITest < ApiTestCase
-    tests CommonChild2
-
-    def test_controller_hierarchy
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :test_role do
-            has_permission_on :mocks, :to => ["GET /common_child_2/delete", "GET /common_child_2/show"]
-          end
-        end
-      }
-
-      request!(MockUser.new(:test_role), "/common_child2/show", reader)
-      assert !last_endpoint.authorized?
-
-      request!(MockUser.new(:test_role), "/common_child2/delete", reader)
-      assert !last_endpoint.authorized?
-    end
-  end
-
-  ##################
-  module Name
-    class SpacedThings < MocksAPI
-      filter_access_to 'GET /name/spaced_things/show'
-      filter_access_to 'GET /name/spaced_things/update', :context => :spaced_things
-      define_action_methods :show, :update
-    end
-  end
-
-  class NameSpacedAPITest < ApiTestCase
-    tests Name::SpacedThings
-
-    def test_context
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :permitted_role do
-            has_permission_on :name_spaced_things, :to => "GET /name/spaced_things/show"
-            has_permission_on :spaced_things, :to => "GET /name/spaced_things/update"
-          end
-          role :prohibited_role do
-            has_permission_on :name_spaced_things, :to => "GET /name/spaced_things/update"
-            has_permission_on :spaced_things, :to => "GET /name/spaced_things/show"
-          end
-        end
-      }
-      request!(MockUser.new(:permitted_role), "/name/spaced_things/show", reader)
-      assert last_endpoint.authorized?
-      request!(MockUser.new(:prohibited_role), "/name/spaced_things/show", reader)
-      assert !last_endpoint.authorized?
-      request!(MockUser.new(:permitted_role), "/name/spaced_things/update", reader)
-      assert last_endpoint.authorized?
-      request!(MockUser.new(:prohibited_role), "/name/spaced_things/update", reader)
-      assert !last_endpoint.authorized?
-    end
-  end
-
-  module Deep
-    module NameSpaced
-      class Things < MocksAPI
-        filter_access_to 'GET /deep/name_spaced/things/show'
-        filter_access_to 'GET /deep/name_spaced/things/update', :context => :things
-        define_action_methods :show, :update
-      end
-    end
-  end
-
-  class DeepNameSpacedAPITest < ApiTestCase
-    tests Deep::NameSpaced::Things
-
-    def test_context
-      reader = Authorization::Reader::DSLReader.new
-      reader.parse %{
-        authorization do
-          role :permitted_role do
-            has_permission_on :deep_name_spaced_things, :to => 'GET /deep/name_spaced/things/show'
-            has_permission_on :things, :to => 'GET /deep/name_spaced/things/update'
-          end
-          role :prohibited_role do
-            has_permission_on :deep_name_spaced_things, :to => 'GET /deep/name_spaced/things/update'
-            has_permission_on :things, :to => 'GET /deep/name_spaced/things/show'
-          end
-        end
-      }
-      request!(MockUser.new(:permitted_role), "/deep/name_spaced/things/show", reader)
-      assert last_endpoint.authorized?
-      request!(MockUser.new(:prohibited_role), "/deep/name_spaced/things/show", reader)
-      assert !last_endpoint.authorized?
-      request!(MockUser.new(:permitted_role), "/deep/name_spaced/things/update", reader)
-      assert last_endpoint.authorized?
-      request!(MockUser.new(:prohibited_role), "/deep/name_spaced/things/update", reader)
-      assert !last_endpoint.authorized?
-    end
-  end
-end