RubyGems - ae_declarative_authorization - Versions diffs - 0.10.1 → 0.10.2 - Mend

ae_declarative_authorization 0.10.1 → 0.10.2

Files changed (56) hide show

checksums.yaml +4 -4
data/.circleci/config.yml +37 -0
data/.gitignore +32 -0
data/.ruby-version +1 -0
data/declarative_authorization.gemspec +1 -1
data/lib/declarative_authorization/version.rb +1 -1
metadata +6 -70
data/Gemfile.lock +0 -138
data/gemfiles/ruby_2.3.3_rails507.gemfile +0 -12
data/gemfiles/ruby_2.3.3_rails507.gemfile.lock +0 -164
data/gemfiles/ruby_2.3.3_rails516.gemfile +0 -12
data/gemfiles/ruby_2.3.3_rails516.gemfile.lock +0 -164
data/gemfiles/ruby_2.3.3_rails521.gemfile +0 -12
data/gemfiles/ruby_2.3.3_rails521.gemfile.lock +0 -172
data/gemfiles/ruby_2.3.3_rails522.gemfile +0 -12
data/gemfiles/ruby_2.3.3_rails522.gemfile.lock +0 -172
data/gemfiles/ruby_2.5.3_rails507.gemfile +0 -12
data/gemfiles/ruby_2.5.3_rails507.gemfile.lock +0 -164
data/gemfiles/ruby_2.5.3_rails516.gemfile +0 -12
data/gemfiles/ruby_2.5.3_rails516.gemfile.lock +0 -164
data/gemfiles/ruby_2.5.3_rails521.gemfile +0 -12
data/gemfiles/ruby_2.5.3_rails521.gemfile.lock +0 -172
data/gemfiles/ruby_2.5.3_rails522.gemfile +0 -12
data/gemfiles/ruby_2.5.3_rails522.gemfile.lock +0 -172
data/gemfiles/ruby_2.6.2_rails507.gemfile +0 -12
data/gemfiles/ruby_2.6.2_rails507.gemfile.lock +0 -164
data/gemfiles/ruby_2.6.2_rails516.gemfile +0 -12
data/gemfiles/ruby_2.6.2_rails516.gemfile.lock +0 -164
data/gemfiles/ruby_2.6.2_rails521.gemfile +0 -12
data/gemfiles/ruby_2.6.2_rails521.gemfile.lock +0 -172
data/gemfiles/ruby_2.6.2_rails522.gemfile +0 -12
data/gemfiles/ruby_2.6.2_rails522.gemfile.lock +0 -172
data/log/test.log +0 -89694
data/pkg/ae_declarative_authorization-0.10.0.gem +0 -0
data/pkg/ae_declarative_authorization-0.9.0.gem +0 -0
data/pkg/ae_declarative_authorization-0.9.0.tim1.gem +0 -0
data/pkg/ae_declarative_authorization-0.9.1.gem +0 -0
data/pkg/ae_declarative_authorization-0.9.2.gem +0 -0
data/test/authorization_test.rb +0 -1189
data/test/controller_filter_resource_access_test.rb +0 -573
data/test/database.yml +0 -3
data/test/dsl_reader_test.rb +0 -178
data/test/functional/filter_access_to_with_id_in_scope_test.rb +0 -88
data/test/functional/no_filter_access_to_test.rb +0 -79
data/test/functional/params_block_arity_test.rb +0 -39
data/test/grape_api_test.rb +0 -508
data/test/helper_test.rb +0 -248
data/test/maintenance_test.rb +0 -46
data/test/model_test.rb +0 -1840
data/test/profiles/access_checking +0 -100
data/test/rails_controller_test.rb +0 -478
data/test/schema.sql +0 -60
data/test/test_helper.rb +0 -117
data/test/test_support/grape.rb +0 -93
data/test/test_support/minitest_compatibility.rb +0 -27
data/test/test_support/rails.rb +0 -69

data/test/helper_test.rb DELETED Viewed

@@ -1,248 +0,0 @@
-require 'test_helper'
-require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization helper})
-class HelperMocksController < MocksController
-  filter_access_to :action, :require => :show, :context => :mocks
-  define_action_methods :action
-end
-class HelperTest < ActionController::TestCase
-  tests HelperMocksController
-  include Authorization::AuthorizationHelper
-  attr_reader :controller
-  def test_permit
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-        role :test_role_2 do
-          has_permission_on :mocks, :to => :update
-        end
-      end
-    }
-    user = MockUser.new(:test_role)
-    request!(user, :action, reader)
-    assert permitted_to?(:show, :mocks)
-    assert !permitted_to?(:update, :mocks)
-    block_evaled = false
-    permitted_to?(:show, :mocks) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    permitted_to?(:update, :mocks) do
-      block_evaled = true
-    end
-    assert !block_evaled
-  end
-  def test_permit_with_object
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks do
-            to :show
-            if_attribute :test_attr => is {user.test_attr}
-          end
-        end
-      end
-    }
-    user = MockUser.new(:test_role, :test_attr => 1)
-    mock = MockDataObject.new(:test_attr => 1)
-    mock_2 = MockDataObject.new(:test_attr => 2)
-    request!(user, :action, reader)
-    assert permitted_to?(:show, mock)
-    assert permitted_to?(:show, :mocks)
-    assert !permitted_to?(:show, mock_2)
-  end
-  def test_permit_with_object_and_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :other_mocks do
-            to :show
-            if_attribute :test_attr => is {user.test_attr}
-          end
-        end
-      end
-    }
-    user = MockUser.new(:test_role, :test_attr => 1)
-    mock = MockDataObject.new(:test_attr => 1)
-    mock_2 = MockDataObject.new(:test_attr => 2)
-    request!(user, :action, reader)
-    assert permitted_to?(:show, mock, :context => :other_mocks)
-    assert !permitted_to?(:show, mock_2, :context => :other_mocks)
-  end
-  def test_has_role
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-      end
-    }
-    user = MockUser.new(:test_role)
-    request!(user, :action, reader)
-    assert has_role?(:test_role)
-    assert !has_role?(:test_role2)
-    assert !has_role?(:test_role, :test_role2)
-    block_evaled = false
-    has_role?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_role?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-  end
-  def test_has_any_role
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-      end
-    }
-    user = MockUser.new(:test_role)
-    request!(user, :action, reader)
-    assert has_any_role?(:test_role)
-    assert !has_any_role?(:test_role2)
-    assert has_any_role?(:test_role, :test_role2)
-    block_evaled = false
-    has_any_role?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_any_role?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-    block_evaled = false
-    has_any_role?(:test_role,:test_role2) do
-      block_evaled = true
-    end
-    assert block_evaled
-  end
-  def test_has_role_with_guest_user
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-      end
-    }
-    request!(nil, :action, reader)
-    Authorization.stub :current_user, MockUser.new do
-      assert !has_role?(:test_role)
-      block_evaled = false
-      has_role?(:test_role) do
-        block_evaled = true
-      end
-      assert !block_evaled
-    end
-  end
-  def test_has_role_with_hierarchy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-        role :other_role do
-          has_permission_on :another_mocks, :to => :show
-        end
-        role :root do
-          includes :test_role
-        end
-      end
-    }
-    user = MockUser.new(:root)
-    request!(user, :action, reader)
-    assert has_role_with_hierarchy?(:test_role)
-    assert !has_role_with_hierarchy?(:other_role)
-    block_evaled = false
-    has_role_with_hierarchy?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_role_with_hierarchy?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-  end
-  def test_has_any_role_with_hierarchy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :mocks, :to => :show
-        end
-        role :other_role do
-          has_permission_on :another_mocks, :to => :show
-        end
-        role :root do
-          includes :test_role
-        end
-      end
-    }
-    user = MockUser.new(:root)
-    request!(user, :action, reader)
-    assert has_any_role_with_hierarchy?(:test_role)
-    assert !has_any_role_with_hierarchy?(:other_role)
-    assert has_any_role_with_hierarchy?(:test_role,:other_role)
-    block_evaled = false
-    has_any_role_with_hierarchy?(:test_role) do
-      block_evaled = true
-    end
-    assert block_evaled
-    block_evaled = false
-    has_any_role_with_hierarchy?(:test_role2) do
-      block_evaled = true
-    end
-    assert !block_evaled
-    block_evaled = false
-    has_any_role_with_hierarchy?(:test_role,:test_role2) do
-      block_evaled = true
-    end
-    assert block_evaled
-  end
-end

data/test/maintenance_test.rb DELETED Viewed

@@ -1,46 +0,0 @@
-require 'test_helper'
-require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization maintenance})
-class MaintenanceTest < Test::Unit::TestCase
-  include Authorization::TestHelper
-  def test_usages_by_controllers
-    usage_test_controller = Class.new(ActionController::Base)
-    usage_test_controller.send(:define_method, :an_action) {}
-    usage_test_controller.filter_access_to :an_action
-    assert Authorization::Maintenance::Usage::usages_by_controller.
-              include?(usage_test_controller)
-  end
-  def test_without_access_control
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :permissions, :to => :test
-        end
-      end
-    }
-    engine = Authorization::Engine.new(reader)
-    assert !engine.permit?(:test_2, :context => :permissions,
-        :user => MockUser.new(:test_role))
-    Authorization::Maintenance::without_access_control do
-      assert engine.permit!(:test_2, :context => :permissions,
-          :user => MockUser.new(:test_role))
-    end
-    without_access_control do
-      assert engine.permit?(:test_2, :context => :permissions,
-          :user => MockUser.new(:test_role))
-    end
-    Authorization::Maintenance::without_access_control do
-      Authorization::Maintenance::without_access_control do
-        assert engine.permit?(:test_2, :context => :permissions,
-            :user => MockUser.new(:test_role))
-      end
-      assert engine.permit?(:test_2, :context => :permissions,
-          :user => MockUser.new(:test_role))
-    end
-  end
-end

data/test/model_test.rb DELETED Viewed

@@ -1,1840 +0,0 @@
-require 'test_helper'
-require File.expand_path(File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization in_model}))
-ActiveRecord::Base.send :include, Authorization::AuthorizationInModel
-#ActiveRecord::Base.logger = Logger.new(STDOUT)
-options = {:adapter => 'sqlite3', :timeout => 500, :database => ':memory:'}
-ActiveRecord::Base.establish_connection(options)
-ActiveRecord::Base.configurations = { 'sqlite3_ar_integration' => options }
-ActiveRecord::Base.connection
-File.read(File.dirname(__FILE__) + "/schema.sql").split(';').each do |sql|
-  ActiveRecord::Base.connection.execute(sql) unless sql.blank?
-end
-class TestModel < ActiveRecord::Base
-  has_many :test_attrs
-  has_many :test_another_attrs, :class_name => "TestAttr", :foreign_key => :test_another_model_id
-  has_many :test_attr_throughs, :through => :test_attrs
-  has_one :test_attr_has_one, :class_name => "TestAttr"
-  has_many :branches
-  has_many :test_attrs_with_attr,
-           lambda { where(:attr => 1) },
-           :class_name => "TestAttr"
-  has_many :test_attr_throughs_with_attr,
-           lambda { where("test_attrs.attr = 1") },
-           :through    => :test_attrs,
-           :class_name => "TestAttrThrough", :source => :test_attr_throughs
-  has_one :test_attr_throughs_with_attr_and_has_one,
-          lambda { where("test_attrs.attr = 1") },
-          :through    => :test_attrs,
-          :class_name => "TestAttrThrough",
-          :source     => :test_attr_throughs
-  scope :with_content, lambda { where("test_models.content IS NOT NULL") }
-  # Primary key test
-  has_many :test_attrs_with_primary_id,
-           :class_name  => "TestAttr",
-           :primary_key => :test_attr_through_id,
-           :foreign_key => :test_attr_through_id
-  has_many :test_attr_throughs_with_primary_id,
-           :through    => :test_attrs_with_primary_id,
-           :class_name => "TestAttrThrough",
-           :source     => :n_way_join_item
-  # for checking for unnecessary queries
-  mattr_accessor :query_count
-  def self.find(*args)
-    self.query_count ||= 0
-    self.query_count += 1
-    super(*args)
-  end
-end
-class NWayJoinItem < ActiveRecord::Base
-  has_many :test_attrs
-  has_many :others, :through => :test_attrs, :source => :n_way_join_item
-end
-class TestAttr < ActiveRecord::Base
-  belongs_to :test_model
-  belongs_to :test_another_model, :class_name => "TestModel", :foreign_key => :test_another_model_id
-  belongs_to :test_a_third_model, :class_name => "TestModel", :foreign_key => :test_a_third_model_id
-  belongs_to :n_way_join_item
-  belongs_to :test_attr
-  belongs_to :branch
-  belongs_to :company
-  has_many :test_attr_throughs
-  has_many :test_model_security_model_with_finds
-  attr_reader :role_symbols
-  def initialize(*args)
-    @role_symbols = []
-    super(*args)
-  end
-end
-class TestAttrThrough < ActiveRecord::Base
-  belongs_to :test_attr
-end
-class TestModelSecurityModel < ActiveRecord::Base
-  has_many :test_attrs
-  using_access_control
-end
-class TestModelSecurityModelWithFind < ActiveRecord::Base
-  self.table_name = 'test_model_security_models'
-  has_many :test_attrs
-  belongs_to :test_attr
-  using_access_control :include_read => true,
-                       :context      => :test_model_security_models
-end
-class Branch < ActiveRecord::Base
-  has_many :test_attrs
-  belongs_to :company
-  belongs_to :test_model
-end
-class Company < ActiveRecord::Base
-  has_many :test_attrs
-  has_many :branches
-  belongs_to :country
-end
-class SmallCompany < Company
-  def self.decl_auth_context
-    :companies
-  end
-end
-class Country < ActiveRecord::Base
-  has_many :test_models
-  has_many :companies
-end
-class NamedScopeModelTest < Test::Unit::TestCase
-  def test_multiple_deep_ored_belongs_to
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_model => {:test_attrs => contains {user}}
-            if_attribute :test_another_model => {:test_attrs => contains {user}}
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_2 = TestModel.create!
-    test_attr_1 = TestAttr.create! :test_model_id => test_model_1.id,
-                      :test_another_model_id => test_model_2.id
-    user = MockUser.new(:test_role, :id => test_attr_1)
-    assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).references(:test_attrs, :test_attrs_test_models, :test_attrs_test_models_2).length
-    TestAttr.delete_all
-    TestModel.delete_all
-  end
-  def test_with_belongs_to_and_has_many_with_contains
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_model => { :test_attrs => contains { user.test_attr_value } }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_attr_1 = TestAttr.create!
-    test_model_1 = TestModel.create!
-    test_model_1.test_attrs.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.test_attrs.first.id )
-    assert_equal 1, TestAttr.with_permissions_to( :read, :context => :test_attrs, :user => user ).length
-    assert_equal 1, TestAttr.with_permissions_to( :read, :user => user ).length
-    assert_raise Authorization::NotAuthorized do
-      TestAttr.with_permissions_to( :update_test_attrs, :user => user )
-    end
-    TestAttr.delete_all
-    TestModel.delete_all
-  end
-  def test_with_nested_has_many
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :companies, :to => :read do
-            if_attribute :branches => { :test_attrs => { :attr => is { user.test_attr_value } } }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    allowed_company = Company.create!
-    allowed_company.branches.create!.test_attrs.create!(:attr => 1)
-    allowed_company.branches.create!.test_attrs.create!(:attr => 2)
-    prohibited_company = Company.create!
-    prohibited_company.branches.create!.test_attrs.create!(:attr => 3)
-    user = MockUser.new(:test_role, :test_attr_value => 1)
-    prohibited_user = MockUser.new(:test_role, :test_attr_value => 4)
-    assert_equal 1, Company.with_permissions_to(:read, :user => user).length
-    assert_equal 0, Company.with_permissions_to(:read, :user => prohibited_user).length
-    Company.delete_all
-    Branch.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_nested_has_many_through
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attr_throughs => { :test_attr => { :attr => is { user.test_attr_value } } }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    TestModel.delete_all
-    TestAttrThrough.delete_all
-    TestAttr.delete_all
-    allowed_model = TestModel.create!
-    allowed_model.test_attrs.create!(:attr => 1).test_attr_throughs.create!
-    allowed_model.test_attrs.create!(:attr => 2).test_attr_throughs.create!
-    prohibited_model = TestModel.create!
-    prohibited_model.test_attrs.create!(:attr => 3).test_attr_throughs.create!
-    user = MockUser.new(:test_role, :test_attr_value => 1)
-    prohibited_user = MockUser.new(:test_role, :test_attr_value => 4)
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    assert_equal 0, TestModel.with_permissions_to(:read, :user => prohibited_user).length
-    TestModel.delete_all
-    TestAttrThrough.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_is
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => is { user.test_attr_value }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    TestModel.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.id)
-    assert_equal 1, TestModel.with_permissions_to(:read,
-      :context => :test_models, :user => user).length
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    assert_raise Authorization::NotAuthorized do
-      TestModel.with_permissions_to(:update_test_models, :user => user)
-    end
-    TestModel.delete_all
-  end
-  def test_named_scope_on_proxy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :id => is { user.test_attr_value }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_attr_1 = test_model_1.test_attrs.create!
-    test_model_1.test_attrs.create!
-    TestAttr.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_attr_1.id)
-    assert_equal 1, test_model_1.test_attrs.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_named_scope_on_named_scope
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attr_through_id => 1
-          end
-          has_permission_on :test_attrs, :to => :read do
-            if_permitted_to :read, :test_model
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    country = Country.create!
-    model_1 = TestModel.create!(:test_attr_through_id => 1, :content => "Content")
-    country.test_models << model_1
-    TestModel.create!(:test_attr_through_id => 1)
-    TestModel.create!(:test_attr_through_id => 2, :content => "Content")
-    user = MockUser.new(:test_role)
-    TestModel.query_count = 0
-    assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
-    TestModel.query_count = 0
-    assert_equal 1, TestModel.with_content.with_permissions_to(:read, :user => user).length
-    TestModel.query_count = 0
-    assert_equal 1, country.test_models.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-    Country.delete_all
-  end
-  def test_with_modified_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :companies, :to => :read do
-            if_attribute :id => is { user.test_company_id }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_company = SmallCompany.create!
-    user = MockUser.new(:test_role, :test_company_id => test_company.id)
-    assert_equal 1, SmallCompany.with_permissions_to(:read,
-      :user => user).length
-    SmallCompany.delete_all
-  end
-  def test_with_is_nil
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :content => nil
-          end
-        end
-        role :test_role_not_nil do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :content => is_not { nil }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_2 = TestModel.create! :content => "Content"
-    assert_equal test_model_1, TestModel.with_permissions_to(:read,
-      :context => :test_models, :user => MockUser.new(:test_role)).first
-    assert_equal test_model_2, TestModel.with_permissions_to(:read,
-      :context => :test_models, :user => MockUser.new(:test_role_not_nil)).first
-    TestModel.delete_all
-  end
-  def test_with_not_is
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => is_not { user.test_attr_value }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    TestModel.delete_all
-    test_model_1 = TestModel.create!
-    TestModel.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.id)
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-  end
-  def test_with_lt
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => lt { user.test_attr_value }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    TestModel.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.id + 1)
-    assert_equal 1, TestModel.with_permissions_to(:read,
-      :context => :test_models, :user => user).length
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    assert_raise Authorization::NotAuthorized do
-      TestModel.with_permissions_to(:update_test_models, :user => user)
-    end
-    TestModel.delete_all
-  end
-  def test_with_lte
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => lte { user.test_attr_value }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    2.times { TestModel.create! }
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.id + 1)
-    assert_equal 2, TestModel.with_permissions_to(:read,
-      :context => :test_models, :user => user).length
-    assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
-    assert_raise Authorization::NotAuthorized do
-      TestModel.with_permissions_to(:update_test_models, :user => user)
-    end
-    TestModel.delete_all
-  end
-  def test_with_gt
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => gt { user.test_attr_value }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    TestModel.create!
-    test_model_1 = TestModel.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.id - 1)
-    assert_equal 1, TestModel.with_permissions_to(:read,
-      :context => :test_models, :user => user).length
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    assert_raise Authorization::NotAuthorized do
-      TestModel.with_permissions_to(:update_test_models, :user => user)
-    end
-    TestModel.delete_all
-  end
-  def test_with_gte
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => gte { user.test_attr_value }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    2.times { TestModel.create! }
-    test_model_1 = TestModel.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.id - 1)
-    assert_equal 2, TestModel.with_permissions_to(:read,
-      :context => :test_models, :user => user).length
-    assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
-    assert_raise Authorization::NotAuthorized do
-      TestModel.with_permissions_to(:update_test_models, :user => user)
-    end
-    TestModel.delete_all
-  end
-  def test_with_empty_obligations
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    TestModel.create!
-    user = MockUser.new(:test_role)
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    assert_raise Authorization::NotAuthorized do
-      TestModel.with_permissions_to(:update, :user => user)
-    end
-    TestModel.delete_all
-  end
-  def test_multiple_obligations
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => is { user.test_attr_value }
-          end
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => is { user.test_attr_value_2 }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_2 = TestModel.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.id,
-                        :test_attr_value_2 => test_model_2.id)
-    assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-  end
-  def test_multiple_roles
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :attr => [1,2]
-          end
-        end
-        role :test_role_2 do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :attr => [2,3]
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    TestAttr.create! :attr => 1
-    TestAttr.create! :attr => 2
-    TestAttr.create! :attr => 3
-    user = MockUser.new(:test_role)
-    assert_equal 2, TestAttr.with_permissions_to(:read, :user => user).length
-    TestAttr.delete_all
-  end
-  def test_multiple_and_empty_obligations
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => is { user.test_attr_value }
-          end
-          has_permission_on :test_models, :to => :read
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    TestModel.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.id)
-    assert_equal 2, TestModel.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-  end
-  def test_multiple_attributes
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => is { user.test_attr_value }, :content => "bla"
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create! :content => 'bla'
-    TestModel.create! :content => 'bla'
-    TestModel.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.id)
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-  end
-  def test_multiple_belongs_to
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_model => is {user}
-            if_attribute :test_another_model => is {user}
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_attr_1 = TestAttr.create! :test_model_id => 1, :test_another_model_id => 2
-    user = MockUser.new(:test_role, :id => 1)
-    assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
-    TestAttr.delete_all
-  end
-  def test_with_is_and_priv_hierarchy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      privileges do
-        privilege :read do
-          includes :list, :show
-        end
-      end
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :id => is { user.test_attr_value }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    TestModel.create!
-    user = MockUser.new(:test_role, :test_attr_value => test_model_1.id)
-    assert_equal 1, TestModel.with_permissions_to(:list,
-      :context => :test_models, :user => user).length
-    assert_equal 1, TestModel.with_permissions_to(:list, :user => user).length
-    TestModel.delete_all
-  end
-  def test_with_is_and_belongs_to
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_model => is { user.test_model }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_1.test_attrs.create!
-    TestModel.create!.test_attrs.create!
-    user = MockUser.new(:test_role, :test_model => test_model_1)
-    assert_equal 1, TestAttr.with_permissions_to(:read,
-      :context => :test_attrs, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_deep_attribute
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_model => {:id => is { user.test_model_id } }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_1.test_attrs.create!
-    TestModel.create!.test_attrs.create!
-    user = MockUser.new(:test_role, :test_model_id => test_model_1.id)
-    assert_equal 1, TestAttr.with_permissions_to(:read,
-      :context => :test_attrs, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_multiple_conditions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_model => {:content => is { "pickle" } }
-            if_attribute :test_model => {:content => is { "hotdog" } }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!(content: "pickle")
-    test_model_1.test_attrs.create!
-    TestModel.create!.test_attrs.create!
-    user = MockUser.new(:test_role, :test_model_id => test_model_1.id)
-    assert_equal 1, TestAttr.with_permissions_to(:read,
-      :context => :test_attrs, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_anded_rules
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read, :join_by => :and do
-            if_attribute :test_model => is { user.test_model }
-            if_attribute :attr => 1
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_1.test_attrs.create!(:attr => 1)
-    TestModel.create!.test_attrs.create!(:attr => 1)
-    TestModel.create!.test_attrs.create!
-    user = MockUser.new(:test_role, :test_model => test_model_1)
-    assert_equal 1, TestAttr.with_permissions_to(:read,
-      :context => :test_attrs, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_contains
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attrs => contains { user }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_2 = TestModel.create!
-    test_model_1.test_attrs.create!
-    test_model_1.test_attrs.create!
-    test_model_2.test_attrs.create!
-    user = MockUser.new(:test_role,
-                        :id => test_model_1.test_attrs.first.id)
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).where(:id => test_model_1.id).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_does_not_contain
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attrs => does_not_contain { user }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_2 = TestModel.create!
-    test_model_1.test_attrs.create!
-    test_model_2.test_attrs.create!
-    user = MockUser.new(:test_role,
-                        :id => test_model_1.test_attrs.first.id)
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_contains_conditions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attrs_with_attr => contains { user }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_2 = TestModel.create!
-    test_model_1.test_attrs_with_attr.create!
-    test_model_1.test_attrs.create!(:attr => 2)
-    test_model_2.test_attrs_with_attr.create!
-    test_model_2.test_attrs.create!(:attr => 2)
-    #assert_equal 1, test_model_1.test_attrs_with_attr.length
-    user = MockUser.new(:test_role,
-                        :id => test_model_1.test_attrs.first.id)
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    user = MockUser.new(:test_role,
-                        :id => test_model_1.test_attrs.last.id)
-    assert_equal 0, TestModel.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_contains_through_primary_key
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attr_throughs_with_primary_id => contains { user }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    TestModel.delete_all
-    TestAttrThrough.delete_all
-    TestAttr.delete_all
-    test_attr_through_1 = TestAttrThrough.create!
-    test_item = NWayJoinItem.create!
-    test_model_1 = TestModel.create!(:test_attr_through_id => test_attr_through_1.id)
-    test_attr_1 = TestAttr.create!(:test_attr_through_id => test_attr_through_1.id,
-        :n_way_join_item_id => test_item.id)
-    user = MockUser.new(:test_role,
-                        :id => test_attr_through_1.id)
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-    TestAttrThrough.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_intersects_with
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attrs => intersects_with { user.test_attrs }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_2 = TestModel.create!
-    test_model_1.test_attrs.create!
-    test_model_1.test_attrs.create!
-    test_model_1.test_attrs.create!
-    test_model_2.test_attrs.create!
-    user = MockUser.new(:test_role,
-                        :test_attrs => [test_model_1.test_attrs.first, TestAttr.create!])
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    user = MockUser.new(:test_role,
-                        :test_attrs => [TestAttr.create!])
-    assert_equal 0, TestModel.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_is_and_has_one
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do :test_attr_has_one
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attr_has_one => is { user.test_attr }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_attr_1 = test_model_1.test_attrs.create!
-    TestModel.create!.test_attrs.create!
-    user = MockUser.new(:test_role, :test_attr => test_attr_1)
-    assert_equal 1, TestModel.with_permissions_to(:read,
-      :context => :test_models, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_is_in
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_model => is_in { [user.test_model, user.test_model_2] }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_model_2 = TestModel.create!
-    test_model_1.test_attrs.create!
-    TestModel.create!.test_attrs.create!
-    user = MockUser.new(:test_role, :test_model => test_model_1,
-      :test_model_2 => test_model_2)
-    assert_equal 1, TestAttr.with_permissions_to(:read,
-      :context => :test_attrs, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_not_is_in
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_model => is_not_in { [user.test_model, user.test_model_2] }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    TestModel.delete_all
-    TestAttr.delete_all
-    test_model_1 = TestModel.create!
-    test_model_2 = TestModel.create!
-    test_model_1.test_attrs.create!
-    TestModel.create!.test_attrs.create!
-    user = MockUser.new(:test_role, :test_model => test_model_1,
-      :test_model_2 => test_model_2)
-    assert_equal 1, TestAttr.with_permissions_to(:read,
-      :context => :test_attrs, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_if_permitted_to
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attrs => contains { user }
-          end
-          has_permission_on :test_attrs, :to => :read do
-            if_permitted_to :read, :test_model
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_attr_1 = test_model_1.test_attrs.create!
-    user = MockUser.new(:test_role, :id => test_attr_1.id)
-    assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_anded_if_permitted_to
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :base_role do
-          has_permission_on :test_attrs, :to => :read, :join_by => :and do
-            if_permitted_to :read, :test_model
-            if_attribute :attr => 1
-          end
-        end
-        role :first_role do
-          includes :base_role
-          has_permission_on :test_models, :to => :read do
-            if_attribute :content => "first test"
-          end
-        end
-        role :second_role do
-          includes :base_role
-          has_permission_on :test_models, :to => :read do
-            if_attribute :country_id => 2
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!(:content => "first test")
-    test_model_1.test_attrs.create!(:attr => 1)
-    test_model_for_second_role = TestModel.create!(:country_id => 2)
-    test_model_for_second_role.test_attrs.create!(:attr => 1)
-    test_model_for_second_role.test_attrs.create!(:attr => 2)
-    user = MockUser.new(:first_role)
-    assert Authorization::Engine.instance.permit?(:read, :object => test_model_1.test_attrs.first, :user => user)
-    assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
-    user_with_both_roles = MockUser.new(:first_role, :second_role)
-    assert Authorization::Engine.instance.permit?(:read, :object => test_model_1.test_attrs.first, :user => user_with_both_roles)
-    assert Authorization::Engine.instance.permit?(:read, :object => test_model_for_second_role.test_attrs.first, :user => user_with_both_roles)
-    assert_equal 2, TestAttr.with_permissions_to(:read, :user => user_with_both_roles).references(:test_attrs, :test_models).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_if_permitted_to_with_no_child_permissions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :another_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attrs => contains { user }
-          end
-        end
-        role :additional_if_attribute do
-          has_permission_on :test_attrs, :to => :read do
-            if_permitted_to :read, :test_model
-            if_attribute :test_model => {:test_attrs => contains { user }}
-          end
-        end
-        role :only_permitted_to do
-          has_permission_on :test_attrs, :to => :read do
-            if_permitted_to :read, :test_model
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_attr_1 = test_model_1.test_attrs.create!
-    user = MockUser.new(:only_permitted_to, :another_role, :id => test_attr_1.id)
-    also_allowed_user = MockUser.new(:additional_if_attribute, :id => test_attr_1.id)
-    non_allowed_user = MockUser.new(:only_permitted_to, :id => test_attr_1.id)
-    assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
-    assert_equal 1, TestAttr.with_permissions_to(:read, :user => also_allowed_user).length
-    assert_raise Authorization::NotAuthorized do
-      TestAttr.with_permissions_to(:read, :user => non_allowed_user).find(:all)
-    end
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_if_permitted_to_with_context_from_model
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_another_attrs => contains { user }
-          end
-          has_permission_on :test_attrs, :to => :read do
-            if_permitted_to :read, :test_another_model
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_attr_1 = test_model_1.test_another_attrs.create!
-    user = MockUser.new(:test_role, :id => test_attr_1.id)
-    non_allowed_user = MockUser.new(:test_role, :id => 111)
-    assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
-    assert_equal 0, TestAttr.with_permissions_to(:read, :user => non_allowed_user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_has_many_if_permitted_to
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_permitted_to :read, :test_attrs
-          end
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :attr => is { user.id }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_attr_1 = test_model_1.test_attrs.create!(:attr => 111)
-    user = MockUser.new(:test_role, :id => test_attr_1.attr)
-    non_allowed_user = MockUser.new(:test_role, :id => 333)
-    assert_equal 1, TestModel.with_permissions_to(:read, :user => user).length
-    assert_equal 0, TestModel.with_permissions_to(:read, :user => non_allowed_user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_deep_has_many_if_permitted_to
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :branches, :to => :read do
-            if_attribute :name => "A Branch"
-          end
-          has_permission_on :companies, :to => :read do
-            if_permitted_to :read, :test_attrs => :branch
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    readable_company = Company.create!
-    readable_company.test_attrs.create!(:branch => Branch.create!(:name => "A Branch"))
-    forbidden_company = Company.create!
-    forbidden_company.test_attrs.create!(:branch => Branch.create!(:name => "Different Branch"))
-    user = MockUser.new(:test_role)
-    assert_equal 1, Company.with_permissions_to(:read, :user => user).length
-    Company.delete_all
-    Branch.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_if_permitted_to_and_empty_obligations
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read
-          has_permission_on :test_attrs, :to => :read do
-            if_permitted_to :read, :test_model
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_attr_1 = test_model_1.test_attrs.create!
-    user = MockUser.new(:test_role)
-    assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_if_permitted_to_nil
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attrs => contains { user }
-          end
-          has_permission_on :test_attrs, :to => :read do
-            if_permitted_to :read, :test_model
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_attr_1 = TestAttr.create!
-    user = MockUser.new(:test_role, :id => test_attr_1.id)
-    assert_equal 0, TestAttr.with_permissions_to(:read, :user => user).length
-    TestAttr.delete_all
-  end
-  def test_with_if_permitted_to_self
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attrs => contains { user }
-          end
-          has_permission_on :test_models, :to => :update do
-            if_permitted_to :read
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_model_1 = TestModel.create!
-    test_attr_1 = test_model_1.test_attrs.create!
-    test_attr_2 = TestAttr.create!
-    user = MockUser.new(:test_role, :id => test_attr_1.id)
-    assert_equal 1, TestModel.with_permissions_to(:update, :user => user).length
-    TestAttr.delete_all
-    TestModel.delete_all
-  end
-  def test_with_has_many_and_reoccuring_tables
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_another_model => { :content => 'test_1_2' },
-                :test_model => { :content => 'test_1_1' }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_attr_1 = TestAttr.create!(
-        :test_model => TestModel.create!(:content => 'test_1_1'),
-        :test_another_model => TestModel.create!(:content => 'test_1_2')
-      )
-    test_attr_2 = TestAttr.create!(
-        :test_model => TestModel.create!(:content => 'test_2_1'),
-        :test_another_model => TestModel.create!(:content => 'test_2_2')
-      )
-    user = MockUser.new(:test_role)
-    assert_equal 1, TestAttr.with_permissions_to(:read, :user => user).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_ored_rules_and_reoccuring_tables
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_another_model => { :content => 'test_1_2' },
-                :test_model => { :content => 'test_1_1' }
-          end
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_another_model => { :content => 'test_2_2' },
-                :test_model => { :test_attrs => contains {user.test_attr} }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_attr_1 = TestAttr.create!(
-        :test_model => TestModel.create!(:content => 'test_1_1'),
-        :test_another_model => TestModel.create!(:content => 'test_1_2')
-      )
-    test_attr_2 = TestAttr.create!(
-        :test_model => TestModel.create!(:content => 'test_2_1'),
-        :test_another_model => TestModel.create!(:content => 'test_2_2')
-      )
-    test_attr_2.test_model.test_attrs.create!
-    user = MockUser.new(:test_role, :test_attr => test_attr_2.test_model.test_attrs.last)
-    assert_equal 2, TestAttr.with_permissions_to(:read, :user => user).references(:test_attrs, :test_models, :test_models_test_attrs, :test_attrs_test_models).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_with_many_ored_rules_and_reoccuring_tables
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :branch => { :company => { :country => {
-                :test_models => contains { user.test_model }
-              }} }
-            if_attribute :company => { :country => {
-                :test_models => contains { user.test_model }
-              }}
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    country = Country.create!(:name => 'country_1')
-    country.test_models.create!
-    test_attr_1 = TestAttr.create!(
-        :branch => Branch.create!(:name => 'branch_1',
-            :company => Company.create!(:name => 'company_1',
-                :country => country))
-      )
-    test_attr_2 = TestAttr.create!(
-        :company => Company.create!(:name => 'company_2',
-            :country => country)
-      )
-    user = MockUser.new(:test_role, :test_model => country.test_models.first)
-    assert_equal 2, TestAttr.with_permissions_to(:read, :user => user).references(:test_attrs, :test_models, :test_models_countries).length
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-end
-class ModelTest < Test::Unit::TestCase
-  def test_permit_with_has_one_raises_no_name_error
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do :test_attr_has_one
-        role :test_role do
-          has_permission_on :test_attrs, :to => :update do
-            if_attribute :id => is { user.test_attr.id }
-          end
-        end
-      end
-    }
-    instance = Authorization::Engine.instance(reader)
-    test_model = TestModel.create!
-    test_attr = test_model.create_test_attr_has_one
-    assert !test_attr.new_record?
-    user = MockUser.new(:test_role, :test_attr => test_attr)
-    assert_nothing_raised do
-      assert instance.permit?(:update, :user => user, :object => test_model.test_attr_has_one)
-    end
-    TestModel.delete_all
-    TestAttr.delete_all
-  end
-  def test_model_security_write_allowed
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-            if_attribute :attr => is { 1 }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    Authorization.stub :current_user, MockUser.new(:test_role) do
-      assert(object = TestModelSecurityModel.create)
-      assert_nothing_raised { object.update_attributes(:attr_2 => 2) }
-      object.reload
-      assert_equal 2, object.attr_2
-      object.destroy
-      assert_raise ActiveRecord::RecordNotFound do
-        TestModelSecurityModel.find(object.id)
-      end
-    end
-  end
-  def test_model_security_write_not_allowed_no_privilege
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-            if_attribute :attr => is { 1 }
-          end
-        end
-        role :test_role_restricted do
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    Authorization.current_user = MockUser.new(:test_role)
-    assert(object = TestModelSecurityModel.create)
-    Authorization.current_user = MockUser.new(:test_role_restricted)
-    assert_raise Authorization::NotAuthorized do
-      object.update_attributes(:attr_2 => 2)
-    end
-  end
-  def test_model_security_write_not_allowed_wrong_attribute_value
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role_unrestricted do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-          end
-        end
-        role :test_role do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-            if_attribute :attr => is { 1 }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    Authorization.stub :current_user, MockUser.new(:test_role) do
-      assert(object = TestModelSecurityModel.create)
-      assert_raise Authorization::AttributeAuthorizationError do
-        TestModelSecurityModel.create :attr => 2
-      end
-      object = TestModelSecurityModel.create
-      assert_raise Authorization::AttributeAuthorizationError do
-        object.update_attributes(:attr => 2)
-      end
-      object.reload
-      assert_nothing_raised do
-        object.update_attributes(:attr_2 => 1)
-      end
-      assert_raise Authorization::AttributeAuthorizationError do
-        object.update_attributes(:attr => 2)
-      end
-    end
-  end
-  def test_model_security_with_and_without_find_restrictions
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role_unrestricted do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-          end
-        end
-        role :test_role do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-            if_attribute :attr => is { 1 }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    Authorization.current_user = MockUser.new(:test_role_unrestricted)
-    object = TestModelSecurityModel.create :attr => 2
-    object_with_find = TestModelSecurityModelWithFind.create :attr => 2
-    Authorization.current_user = MockUser.new(:test_role)
-    assert_nothing_raised do
-      object.class.find(object.id)
-    end
-    assert_raise Authorization::AttributeAuthorizationError do
-      object_with_find.class.find(object_with_find.id)
-    end
-  end
-  def test_model_security_with_read_restrictions_and_exists
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-            if_attribute :test_attr => is { user.test_attr }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_attr = TestAttr.create
-    Authorization.stub :current_user, MockUser.new(:test_role, :test_attr => test_attr) do
-      object_with_find = TestModelSecurityModelWithFind.create :test_attr => test_attr
-      assert_nothing_raised do
-        object_with_find.class.find(object_with_find.id)
-      end
-      assert_equal 1, test_attr.test_model_security_model_with_finds.length
-    end
-  end
-  def test_model_security_delete_unallowed
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role_unrestricted do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-          end
-        end
-        role :test_role do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-            if_attribute :attr => is { 1 }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    Authorization.current_user = MockUser.new(:test_role_unrestricted)
-    object = TestModelSecurityModel.create :attr => 2
-    Authorization.current_user = MockUser.new(:test_role)
-    assert_raise Authorization::AttributeAuthorizationError do
-      object.destroy
-    end
-  end
-  def test_model_security_changing_critical_attribute_unallowed
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role_unrestricted do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-          end
-        end
-        role :test_role do
-          has_permission_on :test_model_security_models do
-            to :read, :create, :update, :delete
-            if_attribute :attr => is { 1 }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    Authorization.stub :current_user, MockUser.new(:test_role_unrestricted) do
-      object = TestModelSecurityModel.create :attr => 2
-    end
-  end
-  def test_model_security_no_role_unallowed
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-      end
-    }
-    Authorization::Engine.instance(reader)
-    Authorization.stub :current_user, MockUser.new(:test_role_2) do
-      assert_raise Authorization::NotAuthorized do
-        TestModelSecurityModel.create
-      end
-    end
-  end
-  def test_model_security_with_assoc
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_model_security_models do
-            to :create, :update, :delete
-            if_attribute :test_attrs => contains { user }
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    test_attr = TestAttr.create
-    test_attr.role_symbols << :test_role
-    Authorization.stub :current_user, test_attr do
-      assert(object = TestModelSecurityModel.create(:test_attrs => [test_attr]))
-      assert_nothing_raised do
-        object.update_attributes(:attr_2 => 2)
-      end
-      without_access_control do
-        object.reload
-      end
-      assert_equal 2, object.attr_2
-      object.destroy
-      assert_raise ActiveRecord::RecordNotFound do
-        TestModelSecurityModel.find(object.id)
-      end
-    end
-  end
-  def test_model_security_with_update_attrbributes
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_model_security_models, :to => :update do
-            if_attribute :test_attrs => { :branch => is { user.branch }}
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    params = {
-      :model_data => { :attr => 11 }
-    }
-    test_attr = TestAttr.create!(:branch => Branch.create!)
-    test_model = without_access_control do
-      TestModelSecurityModel.create!(:test_attrs => [test_attr])
-    end
-    with_user MockUser.new(:test_role, :branch => test_attr.branch) do
-      assert_nothing_raised do
-        test_model.update_attributes(params[:model_data])
-      end
-    end
-    without_access_control do
-      assert_equal params[:model_data][:attr], test_model.reload.attr
-    end
-    TestAttr.delete_all
-    TestModelSecurityModel.delete_all
-    Branch.delete_all
-  end
-  def test_using_access_control
-    assert !TestModel.using_access_control?
-    assert TestModelSecurityModel.using_access_control?
-  end
-  def test_authorization_permit_association_proxy
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :test_attrs, :to => :read do
-            if_attribute :test_model => {:content => "content" }
-          end
-        end
-      end
-    }
-    engine = Authorization::Engine.instance(reader)
-    test_model = TestModel.create(:content => "content")
-    assert engine.permit?(:read, :object => test_model.test_attrs,
-                          :user => MockUser.new(:test_role))
-    assert !engine.permit?(:read, :object => TestAttr.new,
-                          :user => MockUser.new(:test_role))
-    TestModel.delete_all
-  end
-  def test_authorization_permit_nested_association_proxy
-   reader = Authorization::Reader::DSLReader.new
-   reader.parse %{
-     authorization do
-       role :test_role do
-         has_permission_on :branches, :to => :read do
-           if_attribute :test_model => { :test_attrs => {:attr => 1 } }
-         end
-       end
-     end
-   }
-   engine = Authorization::Engine.instance(reader)
-   test_model = TestModel.create!
-   test_model.test_attrs.create!(:attr => 0)
-   test_attr = test_model.test_attrs.create!(:attr => 1)
-   test_model.test_attrs.create!(:attr => 3)
-   test_branch = Branch.create!(:test_model => test_model)
-   test_model_2 = TestModel.create!
-   test_attr_2 = test_model_2.test_attrs.create!(:attr => 2)
-   test_branch_2 = Branch.create!(:test_model => test_model_2)
-   test_model_3 = TestModel.create!
-   test_branch_3 = Branch.create!(:test_model => test_model_3)
-   assert engine.permit?(:read, :object => test_branch,
-                         :user => MockUser.new(:test_role))
-   assert !engine.permit?(:read, :object => test_branch_2,
-                         :user => MockUser.new(:test_role))
-   assert !engine.permit?(:read, :object => test_branch_3,
-                         :user => MockUser.new(:test_role))
-   TestModel.delete_all
-   Branch.delete_all
-   TestAttr.delete_all
-  end
-  def test_multiple_roles_with_has_many_through
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role_1 do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attr_throughs => contains {user.test_attr_through_id},
-                :content => 'test_1'
-          end
-        end
-        role :test_role_2 do
-          has_permission_on :test_models, :to => :read do
-            if_attribute :test_attr_throughs_2 => contains {user.test_attr_through_2_id},
-                :content => 'test_2'
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    TestModel.delete_all
-    TestAttr.delete_all
-    TestAttrThrough.delete_all
-    test_model_1 = TestModel.create! :content => 'test_1'
-    test_model_2 = TestModel.create! :content => 'test_2'
-    test_model_1.test_attrs.create!.test_attr_throughs.create!
-    test_model_2.test_attrs.create!.test_attr_throughs.create!
-    user = MockUser.new(:test_role_1, :test_role_2,
-        :test_attr_through_id => test_model_1.test_attr_throughs.first.id,
-        :test_attr_through_2_id => test_model_2.test_attr_throughs.first.id)
-    assert_equal 2, TestModel.with_permissions_to(:read, :user => user).references(:test_models, :test_attr_throughs).length
-    TestModel.delete_all
-    TestAttr.delete_all
-    TestAttrThrough.delete_all
-  end
-  def test_model_permitted_to
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :companies, :to => :read do
-            if_attribute :name => "company_1"
-          end
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    user = MockUser.new(:test_role)
-    allowed_read_company = Company.new(:name => 'company_1')
-    prohibited_company = Company.new(:name => 'company_2')
-    assert allowed_read_company.permitted_to?(:read, :user => user)
-    assert !allowed_read_company.permitted_to?(:update, :user => user)
-    assert !prohibited_company.permitted_to?(:read, :user => user)
-    executed_block = false
-    allowed_read_company.permitted_to?(:read, :user => user) do
-      executed_block = true
-    end
-    assert executed_block
-    executed_block = false
-    prohibited_company.permitted_to?(:read, :user => user) do
-      executed_block = true
-    end
-    assert !executed_block
-    assert_nothing_raised do
-      allowed_read_company.permitted_to!(:read, :user => user)
-    end
-    assert_raise Authorization::NotAuthorized do
-      prohibited_company.permitted_to!(:update, :user => user)
-    end
-    assert_raise Authorization::AttributeAuthorizationError do
-      prohibited_company.permitted_to!(:read, :user => user)
-    end
-  end
-  def test_model_permitted_to_with_modified_context
-    reader = Authorization::Reader::DSLReader.new
-    reader.parse %{
-      authorization do
-        role :test_role do
-          has_permission_on :companies, :to => :read
-        end
-      end
-    }
-    Authorization::Engine.instance(reader)
-    user = MockUser.new(:test_role)
-    allowed_read_company = SmallCompany.new(:name => 'small_company_1')
-    assert allowed_read_company.permitted_to?(:read, :user => user)
-    assert !allowed_read_company.permitted_to?(:update, :user => user)
-  end
-end