authorizy 0.4.1 → 0.6.0

data/spec/authorizy/config/redirect_url_spec.rb

@@ -1,31 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.describe Authorizy::Config, '#redirect_url' do
-  let!(:config) { described_class.new }
-
-  context 'when uses default value' do
-    context 'when context responds to root_url' do
-      let!(:context) { OpenStruct.new(root_url: '/root') }
-
-      it 'is called' do
-        expect(config.redirect_url.call(context)).to eq('/root')
-      end
-    end
-
-    context 'when context does not respond to root_url' do
-      let!(:context) { 'context' }
-
-      it 'returns just a slash' do
-        expect(config.redirect_url.call(context)).to eq('/')
-      end
-    end
-  end
-
-  context 'when uses custom value' do
-    it 'executes what you want' do
-      config.redirect_url = ->(context) { context[:key] }
-
-      expect(config.redirect_url.call({ key: :value })).to eq(:value)
-    end
-  end
-end

data/spec/authorizy/cop/controller_spec.rb

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-
-require 'support/models/authorizy_cop'
-require 'support/models/empty_cop'
-require 'support/controllers/dummy_controller'
-
-RSpec.describe DummyController, '#authorizy', type: :controller do
-  let!(:user) { User.new }
-
-  context 'when cop responds to the controller name' do
-    context 'when method resturns false' do
-      it 'denies the access' do
-        config_mock(cop: AuthorizyCop, current_user: user) do
-          get :action, params: { access: false }
-        end
-
-        expect(response).to redirect_to('/')
-      end
-    end
-
-    context 'when method resturns true' do
-      it 'denies the access' do
-        config_mock(cop: AuthorizyCop, current_user: user) do
-          get :action, params: { access: true }
-        end
-
-        expect(response.body).to eq('{"message":"authorized"}')
-      end
-    end
-  end
-
-  context 'when cop does not respond to the controller name' do
-    it 'denies the access' do
-      config_mock(cop: EmptyCop, current_user: user) do
-        get :action
-      end
-
-      expect(response).to redirect_to('/')
-    end
-  end
-end

data/spec/authorizy/cop/model_spec.rb

@@ -1,16 +0,0 @@
-# frozen_string_literal: true
-
-require 'support/models/authorizy_cop'
-
-RSpec.describe AuthorizyCop do
-  let!(:params) { { controller: 'controller', action: 'action' } }
-  let(:cop) { described_class.new('current_user', params, 'session') }
-
-  it 'adds private attributes readers' do
-    expect(cop.fetch_action).to       eq('action')
-    expect(cop.fetch_controller).to   eq('controller')
-    expect(cop.fetch_current_user).to eq('current_user')
-    expect(cop.fetch_params).to       eq(controller: 'controller', action: 'action')
-    expect(cop.fetch_session).to      eq('session')
-  end
-end

data/spec/authorizy/cop/namespaced_controller_spec.rb

@@ -1,41 +0,0 @@
-# frozen_string_literal: true
-
-require 'support/models/authorizy_cop'
-require 'support/models/empty_cop'
-require 'support/controllers/admin/dummy_controller'
-
-RSpec.describe Admin::DummyController, '#authorizy', type: :controller do
-  let!(:user) { User.new }
-
-  context 'when cop responds to the controller name' do
-    context 'when method resturns false' do
-      it 'denies the access' do
-        config_mock(cop: AuthorizyCop, current_user: user) do
-          get :action, params: { admin: false }
-        end
-
-        expect(response).to redirect_to('/')
-      end
-    end
-
-    context 'when method resturns true' do
-      it 'denies the access' do
-        config_mock(cop: AuthorizyCop, current_user: user) do
-          get :action, params: { admin: true }
-        end
-
-        expect(response.body).to eq('{"message":"authorized"}')
-      end
-    end
-  end
-
-  context 'when cop does not respond to the controller name' do
-    it 'denies the access' do
-      config_mock(cop: EmptyCop, current_user: user) do
-        get :action
-      end
-
-      expect(response).to redirect_to('/')
-    end
-  end
-end

data/spec/authorizy/core/access_spec.rb

@@ -1,181 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.describe Authorizy::Core, '#access?' do
-  context 'when cop#access? returns true' do
-    let!(:cop) { OpenStruct.new(access?: true) }
-    let!(:current_user) { User.new }
-    let!(:params) { { action: 'any', controller: 'any' } }
-    let!(:session) { {} }
-
-    it 'is authorized based in the cop response' do
-      expect(described_class.new(current_user, params, session, cop: cop).access?).to be(true)
-    end
-  end
-
-  context 'when permissions is in the current user' do
-    let!(:cop) { OpenStruct.new(access?: false) }
-    let!(:current_user) { User.new(authorizy: { permissions: [%w[controller create]] }) }
-    let!(:params) { { controller: 'controller', action: 'create' } }
-    let!(:session) { {} }
-
-    it 'is authorized based on the user permissions' do
-      expect(described_class.new(current_user, params, session, cop: cop).access?).to be(true)
-    end
-  end
-
-  context 'when session has no permission nor the user' do
-    let!(:cop) { OpenStruct.new(access?: false) }
-    let!(:current_user) { User.new }
-    let!(:params) { { controller: 'match', action: 'create' } }
-    let!(:session) { {} }
-
-    it 'does not authorize' do
-      expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
-    end
-  end
-
-  context 'when cop does not respond to controller' do
-    let!(:cop) { instance_double('Authorizy::BaseCop', access?: false) }
-    let!(:current_user) { User.new }
-    let!(:params) { { action: 'create', controller: 'missing' } }
-    let!(:session) { {} }
-
-    it 'does not authorize via cop' do
-      expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
-    end
-  end
-
-  context 'when cop responds to controller' do
-    let!(:current_user) { User.new }
-    let!(:params) { { controller: 'admin/controller', action: 'create' } }
-    let!(:session) { {} }
-
-    context 'when cop does not release the access' do
-      let!(:cop) do
-        Class.new(Authorizy::BaseCop) do
-          def access?
-            false
-          end
-
-          def admin__controller
-            false
-          end
-        end.new(current_user, params, session)
-      end
-
-      it 'is not authorized by cop' do
-        expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
-      end
-    end
-
-    context 'when cop releases the access' do
-      let!(:cop) do
-        Class.new(Authorizy::BaseCop) do
-          def access?
-            false
-          end
-
-          def admin__controller
-            true
-          end
-        end.new(current_user, params, session)
-      end
-
-      it 'is authorized by the cop' do
-        expect(described_class.new(current_user, params, session, cop: cop).access?).to be(true)
-      end
-    end
-
-    context 'when cop return nil' do
-      let!(:cop) do
-        Class.new(Authorizy::BaseCop) do
-          def access?
-            false
-          end
-
-          def admin__controller
-            nil
-          end
-        end.new(current_user, params, session)
-      end
-
-      it 'is converted to false' do
-        expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
-      end
-    end
-
-    context 'when cop return empty' do
-      let!(:cop) do
-        Class.new(Authorizy::BaseCop) do
-          def access?
-            false
-          end
-
-          def admin__controller
-            ''
-          end
-        end.new(current_user, params, session)
-      end
-
-      it 'is converted to false' do
-        expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
-      end
-    end
-
-    context 'when cop return nothing' do
-      let!(:cop) do
-        Class.new(Authorizy::BaseCop) do
-          def access?
-            false
-          end
-
-          def admin__controller; end
-        end.new(current_user, params, session)
-      end
-
-      it 'is converted to false' do
-        expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
-      end
-    end
-
-    context 'when cop return true as string' do
-      let!(:cop) do
-        Class.new(Authorizy::BaseCop) do
-          def access?
-            false
-          end
-
-          def admin__controller
-            'true'
-          end
-        end.new(current_user, params, session)
-      end
-
-      it 'is converted to false' do
-        expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
-      end
-    end
-  end
-
-  context 'when user has the controller permission but not action' do
-    let!(:cop) { instance_double('Authorizy::BaseCop', access?: false) }
-    let!(:current_user) { User.new }
-    let!(:params) { { controller: 'controller', action: 'action' } }
-    let!(:session) { { permissions: [%w[controller miss]] } }
-
-    it 'is not authorized' do
-      expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
-    end
-  end
-
-  context 'when user has the action permission but not controller' do
-    let!(:cop) { instance_double('Authorizy::BaseCop', access?: false) }
-    let!(:current_user) { User.new }
-    let!(:params) { { controller: 'controller', action: 'action' } }
-    let!(:session) { { permissions: [%w[miss action]] } }
-
-    it 'is not authorized' do
-      expect(described_class.new(current_user, params, session, cop: cop).access?).to be(false)
-    end
-  end
-end

data/spec/authorizy/expander/expand_spec.rb

@@ -1,139 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.describe Authorizy::Expander, '#expand' do
-  subject(:expander) { described_class.new }
-
-  context 'when permissions is blank' do
-    let(:permissions) { [] }
-
-    it 'returns an empty permissions' do
-      expect(expander.expand(permissions)).to eq []
-    end
-  end
-
-  context 'when permissions is given' do
-    context 'when data is symbol' do
-      let(:permissions) do
-        [
-          %i[controller create],
-          %i[controller update],
-        ]
-      end
-
-      it 'maps the default actions aliases' do
-        expect(expander.expand(permissions)).to match_array [
-          %w[controller create],
-          %w[controller edit],
-          %w[controller new],
-          %w[controller update],
-        ]
-      end
-    end
-
-    context 'when data is string' do
-      let(:permissions) do
-        [
-          %w[controller create],
-          %w[controller update],
-        ]
-      end
-
-      it 'maps the default actions aliases' do
-        expect(expander.expand(permissions)).to match_array [
-          %w[controller create],
-          %w[controller edit],
-          %w[controller new],
-          %w[controller update],
-        ]
-      end
-    end
-  end
-
-  context 'when a dependencies is given' do
-    context 'when keys and values are strings' do
-      let(:dependencies) { { 'controller' => { 'action' => [%w[controller_2 action_2]] } } }
-      let!(:permissions) { [%w[controller action]] }
-
-      it 'addes the dependencies permissions' do
-        config_mock(dependencies: dependencies) do
-          expect(expander.expand(permissions)).to match_array [
-            %w[controller action],
-            %w[controller_2 action_2],
-          ]
-        end
-      end
-    end
-
-    context 'when keys and values are symbol' do
-      let(:dependencies) { { controller: { action: [%i[controller_2 action_2]] } } }
-      let!(:permissions) { [%w[controller action]] }
-
-      it 'addes the dependencies permissions' do
-        config_mock(dependencies: dependencies) do
-          expect(expander.expand(permissions)).to match_array [
-            %w[controller action],
-            %w[controller_2 action_2],
-          ]
-        end
-      end
-    end
-  end
-
-  context 'when aliases is given' do
-    let!(:permissions) { [%w[controller action]] }
-
-    context 'when key and values are strings' do
-      let(:aliases) { { 'action' => 'action_2' } }
-
-      it 'maps the action with the current controller' do
-        config_mock(aliases: aliases) do
-          expect(expander.expand(permissions)).to match_array [
-            %w[controller action],
-            %w[controller action_2],
-          ]
-        end
-      end
-    end
-
-    context 'when key and values are symbols' do
-      let(:aliases) { { action: :action_2 } }
-
-      it 'maps the action with the current controller' do
-        config_mock(aliases: aliases) do
-          expect(expander.expand(permissions)).to match_array [
-            %w[controller action],
-            %w[controller action_2],
-          ]
-        end
-      end
-    end
-
-    context 'when key and values are array of strings' do
-      let(:aliases) { { action: %w[action_2 action_3] } }
-
-      it 'maps the actions with the current controller' do
-        config_mock(aliases: aliases) do
-          expect(expander.expand(permissions)).to match_array [
-            %w[controller action],
-            %w[controller action_2],
-            %w[controller action_3],
-          ]
-        end
-      end
-    end
-
-    context 'when key and values are array of symbols' do
-      let(:aliases) { { action: %i[action_2 action_3] } }
-
-      it 'maps the actions with the current controller' do
-        config_mock(aliases: aliases) do
-          expect(expander.expand(permissions)).to match_array [
-            %w[controller action],
-            %w[controller action_2],
-            %w[controller action_3],
-          ]
-        end
-      end
-    end
-  end
-end

data/spec/authorizy/extension/authorizy_question_spec.rb

@@ -1,50 +0,0 @@
-# frozen_string_literal: true
-
-require 'support/controllers/dummy_controller'
-
-RSpec.describe DummyController, '#authorizy?', type: :controller do
-  context 'when config returns no current user' do
-    it 'returns false' do
-      config_mock(current_user: nil) do
-        expect(controller.helpers.authorizy?('controller', 'action')).to be(false)
-      end
-    end
-  end
-
-  context 'when config returns current user' do
-    let!(:config) { Authorizy.config }
-    let!(:user) { User.new }
-
-    before { allow(Authorizy).to receive(:config).and_return(config) }
-
-    context 'when authorizy returns false' do
-      let!(:core) { instance_double('Authorizy::Core', access?: false) }
-      let!(:parameters) { ActionController::Parameters.new(controller: 'controller', action: 'action') }
-
-      it 'returns false' do
-        allow(Authorizy::Core).to receive(:new)
-          .with(user, parameters, session, cop: config.cop)
-          .and_return(core)
-
-        config_mock(current_user: user) do
-          expect(controller.helpers.authorizy?('controller', 'action')).to be(false)
-        end
-      end
-    end
-
-    context 'when authorizy returns true' do
-      let!(:core) { instance_double('Authorizy::Core', access?: true) }
-      let!(:parameters) { ActionController::Parameters.new(controller: 'controller', action: 'action') }
-
-      it 'returns true' do
-        allow(Authorizy::Core).to receive(:new)
-          .with(user, parameters, session, cop: config.cop)
-          .and_return(core)
-
-        config_mock(current_user: user) do
-          expect(controller.helpers.authorizy?('controller', 'action')).to be(true)
-        end
-      end
-    end
-  end
-end

data/spec/authorizy/extension/authorizy_spec.rb

@@ -1,54 +0,0 @@
-# frozen_string_literal: true
-
-require 'support/controllers/dummy_controller'
-
-RSpec.describe DummyController, '#authorizy', type: :controller do
-  let!(:parameters) { ActionController::Parameters.new(key: 'value', controller: 'dummy', action: 'action') }
-  let!(:user) { nil }
-
-  context 'when user has access' do
-    let!(:authorizy_core) { instance_double('Authorizy::Core', access?: true) }
-
-    before do
-      allow(Authorizy::Core).to receive(:new)
-        .with(user, parameters, session, cop: Authorizy.config.cop)
-        .and_return(authorizy_core)
-    end
-
-    context 'when is a xhr request' do
-      it 'receives the default values and do not denied the access' do
-        get :action, xhr: true, params: { key: 'value' }
-
-        expect(response.body).to   eq('{"message":"authorized"}')
-        expect(response.status).to be(200)
-      end
-    end
-
-    context 'when is a html request' do
-      it 'receives the default values and do not denied the access' do
-        get :action, params: { key: 'value' }
-
-        expect(response.body).to   eq('{"message":"authorized"}')
-        expect(response.status).to be(200)
-      end
-    end
-  end
-
-  context 'when user has no access' do
-    let!(:authorizy_core) { instance_double('Authorizy::Core', access?: false) }
-
-    before do
-      allow(Authorizy::Core).to receive(:new)
-        .with(user, parameters, session, cop: Authorizy.config.cop)
-        .and_return(authorizy_core)
-    end
-
-    it 'calls denied callback' do
-      allow(Authorizy.config.denied).to receive(:call)
-
-      get :action, xhr: true, params: { key: 'value' }
-
-      expect(Authorizy.config.denied).to have_received(:call).with(subject)
-    end
-  end
-end

data/spec/authorizy/rspec_spec.rb

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-RSpec.describe RSpec::Matchers, '#be_authorized' do
-  it 'pending' do
-    matcher = be_authorized('controller', 'action', params: { params: true }, session: { session: true })
-
-    expect(matcher.description).to eq %(
-      be authorized "controller", "action", and {:params=>{:params=>true}, :session=>{:session=>true}}
-    ).squish
-  end
-end

data/spec/common_helper.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-ENV['RAILS_ENV'] ||= 'test'
-
-require 'support/coverage'
-
-require 'support/application'
-require 'support/common'
-require 'support/i18n'
-require 'support/routes'
-require 'support/schema'
-require 'authorizy'
-require 'pry-byebug'

data/spec/spec_helper.rb

@@ -1,29 +0,0 @@
-# frozen_string_literal: true
-
-def config_mock(aliases: nil, cop: nil, current_user: nil, dependencies: nil, redirect_url: nil)
-  backup = {
-    aliases:      Authorizy.config.aliases,
-    cop:          Authorizy.config.cop,
-    current_user: Authorizy.config.current_user,
-    dependencies: Authorizy.config.dependencies,
-    redirect_url: Authorizy.config.redirect_url,
-  }
-
-  Authorizy.configure do |config|
-    config.aliases      = aliases                        if aliases
-    config.cop          = cop                            if cop
-    config.current_user = ->(_context) { current_user } if current_user
-    config.dependencies = dependencies if dependencies
-    config.redirect_url = ->(_context) { redirect_url } if redirect_url
-  end
-
-  yield
-ensure
-  Authorizy.configure do |config|
-    config.aliases      = backup[:aliases]
-    config.cop          = backup[:cop]
-    config.current_user = backup[:current_user]
-    config.dependencies = backup[:dependencies]
-    config.redirect_url = backup[:redirect_url]
-  end
-end

data/spec/support/application.rb

@@ -1,8 +0,0 @@
-# frozen_string_literal: true
-
-require 'active_record/railtie'
-
-module Authorizy
-  class Application < Rails::Application
-  end
-end

data/spec/support/common.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-require 'rspec/rails'
-
-RSpec.configure do |config|
-  config.disable_monkey_patching!
-
-  config.mock_with(:rspec) do |mocks|
-    mocks.verify_partial_doubles = true
-  end
-
-  config.order = :random
-end

data/spec/support/controllers/admin/dummy_controller.rb

@@ -1,13 +0,0 @@
-# frozen_string_literal: true
-
-module Admin
-  class DummyController < ActionController::Base
-    include Authorizy::Extension
-
-    before_action :authorizy
-
-    def action
-      render json: { message: 'authorized' }
-    end
-  end
-end

data/spec/support/controllers/dummy_controller.rb

@@ -1,11 +0,0 @@
-# frozen_string_literal: true
-
-class DummyController < ActionController::Base
-  include Authorizy::Extension
-
-  before_action :authorizy
-
-  def action
-    render json: { message: 'authorized' }
-  end
-end

data/spec/support/coverage.rb

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-if ENV['COVERAGE'] == 'true'
-  require 'simplecov'
-  require 'codecov'
-
-  SimpleCov.formatter = SimpleCov::Formatter::Codecov
-
-  SimpleCov.minimum_coverage(ENV.fetch('MINIMUM_COVERAGE', 80).to_i)
-
-  SimpleCov.start('rails') do
-    add_filter [
-      '/lib/generators',
-      '/vendor',
-      '/lib/authorizy/version.rb',
-    ]
-  end
-end

data/spec/support/i18n.rb

@@ -1,3 +0,0 @@
-# frozen_string_literal: true
-
-I18n.load_path << Rails.root.join('spec/support/locales/en.yml')