attribute_ext 1.2.4 → 1.3.0

data/README.md

@@ -150,34 +150,26 @@ apply when calling serializable_hash.
 By default rules *do not* apply when serializing to hash.
 
 
-Changelog
----------
+Using SafeAttributes with RSpec
+-------------------------------
 
-Sep 24, 2011
+AttributeExt provides a RSpec matcher that can be used to test own safe attributes rules.
 
-SafeAttributes provides methods to change default role and to map roles to 
-specific values before processing rules. Also added full documentation to 
-all public methods and methods that are usefull for testing own rules.
-
-Sep 22, 2011
-
-Nearly all features are successfully tested using a fake environment now.
-SafeAttributes provides a new quick role validation using the :as parameters and
-HiddenAttributes can apply rules only to specific formats via :only and :except 
-parameters.
-
-Sep 1, 2011
-
-HiddenAttributes works on included model when serializing to json by hooking 
-into serializable_hash now. Therefore it is possible to hide attributes when
-serializing to hash via serializable_hash method too. 
-But by default rules will not be checked on serializable_hash, you have to 
-add `:on_hash => true` to hide_attributes to enabled it for this rule.
+Add
+	
+	require 'attribute_ext/rspec'
+	
+to your `spec_helper.rb` and use it like this:
 
-Update: SafeAttributes works now with Rails 3.1 mass_assignment_authorizer that 
-provides a role and pass this role to if and unless blocks as second
-parameter. Not tested but should also work with old mass_assignment_authorizer.
+	model.should have_no_safe_attributes.as(:guest, 'Guest').and_as(:blocked_user, 'Blocked User')
+	model.should have_safe_attributes(:name, :message)
+	model.should have_safe_attributes(:attribute).as(:admin, 'Admin')
+	
+The matcher will generate well formatted descriptions when running RSpec with `-fd`:
 
+	should have no safe attributes as Guest and as Blocked User
+	should have safe attributes name, message as default
+	should have safe attributes attribute as Admin
 
 License
 -------

data/attribute_ext.gemspec

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "attribute_ext"
-  s.version     = "1.2.4"
+  s.version     = "1.3.0"
   s.authors     = ["Jan Graichen"]
   s.email       = ["jan.graichen@altimos.de"]
   s.homepage    = "https://github.com/jgraichen/attribute_ext"

data/lib/attribute_ext/rspec.rb

@@ -0,0 +1,87 @@
+
+if defined?(ActiveModel)
+  # Checks if a model has certain safe attributes.
+  #
+  # :call-seq:
+  # model.should have_safe_attributes(attribute1, attribute2 ...).as(role, name).and_as(role2, name2)
+  #
+  # model should be an instance of ActiveRecord::Base
+  # attribute should be the model attribute name as string or symbol
+  # role may be a role identifier
+  # name may be a name for role used for description
+  #
+  # Examples
+  #
+  #   user.should have_no_safe_attributes()
+  #   user.should have_safe_attributes(:email).as(:self, 'himself')
+  #   user.should have_safe_attributes(:login, :email).as(:admin, 'Admin).and_as(:system, 'System')
+  #
+  # #as and #and_as can be used equally. #have_no_safe_attributes is 
+  # an alias for #have_safe_attributes with no parameters.
+  #
+  # have_safe_attributes should not be used with should_not.
+  #
+  def have_safe_attributes(*attributes)
+    SafeAttributesMatcher.new(attributes)
+  end
+  
+  def have_no_safe_attributes # :nodoc:
+    have_safe_attributes
+  end
+end
+
+class SafeAttributesMatcher # :nodoc:
+  def initialize(attributes)
+    @attributes = attributes.map(&:to_s)
+    @roles = []
+    @safe  = []
+  end
+  
+  def as(role, name = nil)
+    @roles << [role, name]
+    self
+  end
+  alias_method :and_as, :as
+
+  def matches?(model)
+    (@roles || [nil, nil]).each do |role, name|
+      @role = role
+      @name = name
+      @safe = model.safe_attribute_names(role)
+      
+      @missing = (@attributes-@safe)
+      @extra   = (@safe-@attributes)
+      
+      return false if @missing.any? or @extra.any?
+    end
+    true
+  end
+
+  def does_not_match?(model)
+    !matches?(model)
+  end
+
+  def failure_message_for_should
+    output  = "expected safe attributes: #{@attributes.inspect}\n" +
+              "but has safe attributes:  #{@safe.inspect}\n"
+             
+    output += "missing elements are:     #{@missing.inspect}\n" if @missing.any?
+    output += "extra elements are:       #{@extra.inspect}\n"   if @extra.any?
+    output += "as #{@name || @role.to_s}" unless @role.nil?
+    
+    output
+  end
+
+  def failure_message_for_should_not
+    "WARNING: have_safe_attributes should not be used with should_not."
+  end
+
+  def description
+    roles = @roles.any? ? (@roles || []).map { |r,n| n||r.to_s }.join(' and as ') : 'default'
+    if @attributes.any?
+      "have safe attributes #{@attributes.join(', ')} as #{roles}" 
+    else
+      "have no safe attributes as #{roles}" 
+    end
+  end
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: attribute_ext
 version: !ruby/object:Gem::Version 
-  hash: 23
+  hash: 27
   prerelease: 
   segments: 
   - 1
-  - 2
-  - 4
-  version: 1.2.4
+  - 3
+  - 0
+  version: 1.3.0
 platform: ruby
 authors: 
 - Jan Graichen
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-09-24 00:00:00 Z
+date: 2011-10-02 00:00:00 Z
 dependencies: []
 
 description: AttributeExt provides additional access control for rails model attributes.
@@ -37,6 +37,7 @@ files:
 - lib/attribute_ext.rb
 - lib/attribute_ext/hidden_attributes.rb
 - lib/attribute_ext/railtie.rb
+- lib/attribute_ext/rspec.rb
 - lib/attribute_ext/safe_attributes.rb
 - spec/hidden_attributes_spec.rb
 - spec/safe_attributes_spec.rb