cancancan 1.13.1 → 3.1.0

data/spec/cancan/exceptions_spec.rb

@@ -1,58 +0,0 @@
-require "spec_helper"
-
-describe CanCan::AccessDenied do
-  describe "with action and subject" do
-    before(:each) do
-      @exception = CanCan::AccessDenied.new(nil, :some_action, :some_subject)
-    end
-
-    it "has action and subject accessors" do
-      expect(@exception.action).to eq(:some_action)
-      expect(@exception.subject).to eq(:some_subject)
-    end
-
-    it "has a changable default message" do
-      expect(@exception.message).to eq("You are not authorized to access this page.")
-      @exception.default_message = "Unauthorized!"
-      expect(@exception.message).to eq("Unauthorized!")
-    end
-  end
-
-  describe "with only a message" do
-    before(:each) do
-      @exception = CanCan::AccessDenied.new("Access denied!")
-    end
-
-    it "has nil action and subject" do
-      expect(@exception.action).to be_nil
-      expect(@exception.subject).to be_nil
-    end
-
-    it "has passed message" do
-      expect(@exception.message).to eq("Access denied!")
-    end
-  end
-
-  describe "i18n in the default message" do
-    after(:each) do
-      I18n.backend = nil
-    end
-
-    it "uses i18n for the default message" do
-      I18n.backend.store_translations :en, :unauthorized => {:default => "This is a different message"}
-      @exception = CanCan::AccessDenied.new
-      expect(@exception.message).to eq("This is a different message")
-    end
-
-    it "defaults to a nice message" do
-      @exception = CanCan::AccessDenied.new
-      expect(@exception.message).to eq("You are not authorized to access this page.")
-    end
-
-    it "does not use translation if a message is given" do
-      @exception = CanCan::AccessDenied.new("Hey! You're not welcome here")
-      expect(@exception.message).to eq("Hey! You're not welcome here")
-      expect(@exception.message).to_not eq("You are not authorized to access this page.")
-    end
-  end
-end

data/spec/cancan/inherited_resource_spec.rb

@@ -1,71 +0,0 @@
-require "spec_helper"
-
-describe CanCan::InheritedResource do
-  let(:ability) { Ability.new(nil) }
-  let(:params) { HashWithIndifferentAccess.new(:controller => "models") }
-  let(:controller_class) { Class.new }
-  let(:controller) { controller_class.new }
-
-  before(:each) do
-    class Model
-      attr_accessor :name
-
-      def initialize(attributes={})
-        attributes.each do |attribute, value|
-          send("#{attribute}=", value)
-        end
-      end
-    end
-
-    allow(controller).to receive(:params) { params }
-    allow(controller).to receive(:current_ability) { ability }
-    allow(controller_class).to receive(:cancan_skipper) { {:authorize => {}, :load => {}} }
-  end
-
-  it "show loads resource through controller.resource" do
-    params.merge!(:action => "show", :id => 123)
-    allow(controller).to receive(:resource) { :model_resource }
-    CanCan::InheritedResource.new(controller).load_resource
-    expect(controller.instance_variable_get(:@model)).to eq(:model_resource)
-  end
-
-  it "new loads through controller.build_resource" do
-    params[:action] = "new"
-    allow(controller).to receive(:build_resource) { :model_resource }
-    CanCan::InheritedResource.new(controller).load_resource
-    expect(controller.instance_variable_get(:@model)).to eq(:model_resource)
-  end
-
-  it "index loads through controller.association_chain when parent" do
-    params[:action] = "index"
-    allow(controller).to receive(:association_chain) { controller.instance_variable_set(:@model, :model_resource) }
-    CanCan::InheritedResource.new(controller, :parent => true).load_resource
-    expect(controller.instance_variable_get(:@model)).to eq(:model_resource)
-  end
-
-  it "index loads through controller.end_of_association_chain" do
-    params[:action] = "index"
-    allow(Model).to receive(:accessible_by).with(ability, :index) { :projects }
-    allow(controller).to receive(:end_of_association_chain) { Model }
-    CanCan::InheritedResource.new(controller).load_resource
-    expect(controller.instance_variable_get(:@models)).to eq(:projects)
-  end
-
-  it "builds a new resource with attributes from current ability" do
-    params[:action] = "new"
-    ability.can(:create, Model, :name => "from conditions")
-    allow(controller).to receive(:build_resource) { Struct.new(:name).new }
-    resource = CanCan::InheritedResource.new(controller)
-    resource.load_resource
-    expect(controller.instance_variable_get(:@model).name).to eq("from conditions")
-  end
-
-  it "overrides initial attributes with params" do
-    params.merge!(:action => "new", :model => {:name => "from params"})
-    ability.can(:create, Model, :name => "from conditions")
-    allow(controller).to receive(:build_resource) { Struct.new(:name).new }
-    resource = CanCan::ControllerResource.new(controller)
-    resource.load_resource
-    expect(controller.instance_variable_get(:@model).name).to eq("from params")
-  end
-end

data/spec/cancan/matchers_spec.rb

@@ -1,29 +0,0 @@
-require "spec_helper"
-
-describe "be_able_to" do
-  it "delegates to can?" do
-    expect(object = double).to receive(:can?).with(:read, 123) { true }
-    expect(object).to be_able_to(:read, 123)
-  end
-
-  it "reports a nice failure message for should" do
-    expect(object = double).to receive(:can?).with(:read, 123) { false }
-    expect {
-      expect(object).to be_able_to(:read, 123)
-    }.to raise_error('expected to be able to :read 123')
-  end
-
-  it "reports a nice failure message for should not" do
-    expect(object = double).to receive(:can?).with(:read, 123) { true }
-    expect {
-      expect(object).to_not be_able_to(:read, 123)
-    }.to raise_error('expected not to be able to :read 123')
-  end
-
-  it "delegates additional arguments to can? and reports in failure message" do
-    expect(object = double).to receive(:can?).with(:read, 123, 456) { false }
-    expect {
-      expect(object).to be_able_to(:read, 123, 456)
-    }.to raise_error('expected to be able to :read 123 456')
-  end
-end

data/spec/cancan/model_adapters/active_record_4_adapter_spec.rb

@@ -1,85 +0,0 @@
-require "spec_helper"
-
-if defined? CanCan::ModelAdapters::ActiveRecord4Adapter
-  describe CanCan::ModelAdapters::ActiveRecord4Adapter do
-    context 'with sqlite3' do
-      before :each do
-        ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
-        ActiveRecord::Migration.verbose = false
-        ActiveRecord::Schema.define do
-          create_table(:parents) do |t|
-            t.timestamps :null => false
-          end
-
-          create_table(:children) do |t|
-            t.timestamps :null => false
-            t.integer :parent_id
-          end
-        end
-
-        class Parent < ActiveRecord::Base
-          has_many :children, lambda { order(:id => :desc) }
-        end
-
-        class Child < ActiveRecord::Base
-          belongs_to :parent
-        end
-
-        (@ability = double).extend(CanCan::Ability)
-      end
-
-      it "respects scope on included associations" do
-        @ability.can :read, [Parent, Child]
-
-        parent = Parent.create!
-        child1 = Child.create!(:parent => parent, :created_at => 1.hours.ago)
-        child2 = Child.create!(:parent => parent, :created_at => 2.hours.ago)
-
-        expect(Parent.accessible_by(@ability).order(:created_at => :asc).includes(:children).first.children).to eq [child2, child1]
-      end
-    end
-
-    if Gem::Specification.find_all_by_name('pg').any?
-      context 'with postgresql' do
-        before :each do
-          ActiveRecord::Base.establish_connection(:adapter => "postgresql", :database => "postgres", :schema_search_path => 'public')
-          ActiveRecord::Base.connection.drop_database('cancan_postgresql_spec')
-          ActiveRecord::Base.connection.create_database 'cancan_postgresql_spec', 'encoding' => 'utf-8', 'adapter' => 'postgresql'
-          ActiveRecord::Base.establish_connection(:adapter => "postgresql", :database => "cancan_postgresql_spec")
-          ActiveRecord::Migration.verbose = false
-          ActiveRecord::Schema.define do
-            create_table(:parents) do |t|
-              t.timestamps :null => false
-            end
-
-            create_table(:children) do |t|
-              t.timestamps :null => false
-              t.integer :parent_id
-            end
-          end
-
-          class Parent < ActiveRecord::Base
-            has_many :children, lambda { order(:id => :desc) }
-          end
-
-          class Child < ActiveRecord::Base
-            belongs_to :parent
-          end
-
-          (@ability = double).extend(CanCan::Ability)
-        end
-
-        it "allows overlapping conditions in SQL and merge with hash conditions" do
-          @ability.can :read, Parent, :children => {:parent_id => 1}
-          @ability.can :read, Parent, :children => {:parent_id => 1}
-
-          parent = Parent.create!
-          child1 = Child.create!(:parent => parent, :created_at => 1.hours.ago)
-          child2 = Child.create!(:parent => parent, :created_at => 2.hours.ago)
-
-          expect(Parent.accessible_by(@ability)).to eq([parent])
-        end
-      end
-    end
-  end
-end

data/spec/cancan/model_adapters/active_record_adapter_spec.rb

@@ -1,384 +0,0 @@
-require "spec_helper"
-
-if defined? CanCan::ModelAdapters::ActiveRecordAdapter
-
-  describe CanCan::ModelAdapters::ActiveRecordAdapter do
-
-    before :each do
-      ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
-      ActiveRecord::Migration.verbose = false
-      ActiveRecord::Schema.define do
-        create_table(:categories) do |t|
-          t.string :name
-          t.boolean :visible
-          t.timestamps :null => false
-        end
-
-        create_table(:projects) do |t|
-          t.string :name
-          t.timestamps :null => false
-        end
-
-        create_table(:articles) do |t|
-          t.string :name
-          t.timestamps :null => false
-          t.boolean :published
-          t.boolean :secret
-          t.integer :priority
-          t.integer :category_id
-          t.integer :user_id
-        end
-
-        create_table(:comments) do |t|
-          t.boolean :spam
-          t.integer :article_id
-          t.timestamps :null => false
-        end
-
-        create_table(:legacy_mentions) do |t|
-          t.integer :user_id
-          t.integer :article_id
-          t.timestamps :null => false
-        end
-
-        create_table(:users) do |t|
-          t.timestamps :null => false
-        end
-      end
-
-      class Project < ActiveRecord::Base
-      end
-
-      class Category < ActiveRecord::Base
-        has_many :articles
-      end
-
-      class Article < ActiveRecord::Base
-        belongs_to :category
-        has_many :comments
-        has_many :mentions
-        has_many :mentioned_users, :through => :mentions, :source => :user
-        belongs_to :user
-      end
-
-      class Mention < ActiveRecord::Base
-        self.table_name = 'legacy_mentions'
-        belongs_to :user
-        belongs_to :article
-      end
-
-      class Comment < ActiveRecord::Base
-        belongs_to :article
-      end
-
-      class User < ActiveRecord::Base
-        has_many :articles
-      end
-
-      (@ability = double).extend(CanCan::Ability)
-      @article_table = Article.table_name
-      @comment_table = Comment.table_name
-    end
-
-    it "is for only active record classes" do
-      if ActiveRecord.respond_to?(:version) &&
-          ActiveRecord.version > Gem::Version.new("4")
-        expect(CanCan::ModelAdapters::ActiveRecord4Adapter).to_not be_for_class(Object)
-        expect(CanCan::ModelAdapters::ActiveRecord4Adapter).to be_for_class(Article)
-        expect(CanCan::ModelAdapters::AbstractAdapter.adapter_class(Article)).to eq(CanCan::ModelAdapters::ActiveRecord4Adapter)
-      else
-        expect(CanCan::ModelAdapters::ActiveRecord3Adapter).to_not be_for_class(Object)
-        expect(CanCan::ModelAdapters::ActiveRecord3Adapter).to be_for_class(Article)
-        expect(CanCan::ModelAdapters::AbstractAdapter.adapter_class(Article)).to eq(CanCan::ModelAdapters::ActiveRecord3Adapter)
-      end
-    end
-
-    it "finds record" do
-      article = Article.create!
-      adapter = CanCan::ModelAdapters::AbstractAdapter.adapter_class(Article)
-      expect(adapter.find(Article, article.id)).to eq(article)
-    end
-
-    it "does not fetch any records when no abilities are defined" do
-      Article.create!
-      expect(Article.accessible_by(@ability)).to be_empty
-    end
-
-    it "fetches all articles when one can read all" do
-      @ability.can :read, Article
-      article = Article.create!
-      expect(Article.accessible_by(@ability)).to eq([article])
-    end
-
-    it "fetches only the articles that are published" do
-      @ability.can :read, Article, :published => true
-      article1 = Article.create!(:published => true)
-      article2 = Article.create!(:published => false)
-      expect(Article.accessible_by(@ability)).to eq([article1])
-    end
-
-    it "fetches any articles which are published or secret" do
-      @ability.can :read, Article, :published => true
-      @ability.can :read, Article, :secret => true
-      article1 = Article.create!(:published => true, :secret => false)
-      article2 = Article.create!(:published => true, :secret => true)
-      article3 = Article.create!(:published => false, :secret => true)
-      article4 = Article.create!(:published => false, :secret => false)
-      expect(Article.accessible_by(@ability)).to eq([article1, article2, article3])
-    end
-
-    it "fetches any articles which we are cited in" do
-      user = User.create!
-      cited = Article.create!
-      not_cited = Article.create!
-      cited.mentioned_users << user
-      @ability.can :read, Article, { :mentioned_users => { :id => user.id } }
-      @ability.can :read, Article, { :mentions => { :user_id => user.id } }
-      expect(Article.accessible_by(@ability)).to eq([cited])
-    end
-
-    it "fetches only the articles that are published and not secret" do
-      @ability.can :read, Article, :published => true
-      @ability.cannot :read, Article, :secret => true
-      article1 = Article.create!(:published => true, :secret => false)
-      article2 = Article.create!(:published => true, :secret => true)
-      article3 = Article.create!(:published => false, :secret => true)
-      article4 = Article.create!(:published => false, :secret => false)
-      expect(Article.accessible_by(@ability)).to eq([article1])
-    end
-
-    it "only reads comments for articles which are published" do
-      @ability.can :read, Comment, :article => { :published => true }
-      comment1 = Comment.create!(:article => Article.create!(:published => true))
-      comment2 = Comment.create!(:article => Article.create!(:published => false))
-      expect(Comment.accessible_by(@ability)).to eq([comment1])
-    end
-
-    it "should only read articles which are published or in visible categories" do
-      @ability.can :read, Article, :category => { :visible => true }
-      @ability.can :read, Article, :published => true
-      article1 = Article.create!(:published => true)
-      article2 = Article.create!(:published => false)
-      article3 = Article.create!(:published => false, :category => Category.create!(:visible => true))
-      expect(Article.accessible_by(@ability)).to eq([article1, article3])
-    end
-
-    it "should only read categories once even if they have multiple articles" do
-      @ability.can :read, Category, :articles => { :published => true }
-      @ability.can :read, Article, :published => true
-      category = Category.create!
-      Article.create!(:published => true, :category => category)
-      Article.create!(:published => true, :category => category)
-      expect(Category.accessible_by(@ability)).to eq([category])
-    end
-
-    it "only reads comments for visible categories through articles" do
-      @ability.can :read, Comment, :article => { :category => { :visible => true } }
-      comment1 = Comment.create!(:article => Article.create!(:category => Category.create!(:visible => true)))
-      comment2 = Comment.create!(:article => Article.create!(:category => Category.create!(:visible => false)))
-      expect(Comment.accessible_by(@ability)).to eq([comment1])
-    end
-
-    it "allows conditions in SQL and merge with hash conditions" do
-      @ability.can :read, Article, :published => true
-      @ability.can :read, Article, ["secret=?", true]
-      article1 = Article.create!(:published => true, :secret => false)
-      article2 = Article.create!(:published => true, :secret => true)
-      article3 = Article.create!(:published => false, :secret => true)
-      article4 = Article.create!(:published => false, :secret => false)
-      expect(Article.accessible_by(@ability)).to eq([article1, article2, article3])
-    end
-
-    it "allows a scope for conditions" do
-      @ability.can :read, Article, Article.where(:secret => true)
-      article1 = Article.create!(:secret => true)
-      article2 = Article.create!(:secret => false)
-      expect(Article.accessible_by(@ability)).to eq([article1])
-    end
-
-    it "fetches only associated records when using with a scope for conditions" do
-      @ability.can :read, Article, Article.where(:secret => true)
-      category1 = Category.create!(:visible => false)
-      category2 = Category.create!(:visible => true)
-      article1 = Article.create!(:secret => true, :category => category1)
-      article2 = Article.create!(:secret => true, :category => category2)
-      expect(category1.articles.accessible_by(@ability)).to eq([article1])
-    end
-
-    it "raises an exception when trying to merge scope with other conditions" do
-      @ability.can :read, Article, :published => true
-      @ability.can :read, Article, Article.where(:secret => true)
-      expect(lambda { Article.accessible_by(@ability) }).to raise_error(CanCan::Error, "Unable to merge an Active Record scope with other conditions. Instead use a hash or SQL for read Article ability.")
-    end
-
-    it "does not allow to fetch records when ability with just block present" do
-      @ability.can :read, Article do
-        false
-      end
-      expect(lambda { Article.accessible_by(@ability) }).to raise_error(CanCan::Error)
-    end
-
-    it "should support more than one deeply nested conditions" do
-      @ability.can :read, Comment, :article => {
-        :category => {
-          :name => 'foo', :visible => true
-        }
-      }
-      expect { Comment.accessible_by(@ability) }.to_not raise_error
-    end
-
-    it "does not allow to check ability on object against SQL conditions without block" do
-      @ability.can :read, Article, ["secret=?", true]
-      expect(lambda { @ability.can? :read, Article.new }).to raise_error(CanCan::Error)
-    end
-
-    it "has false conditions if no abilities match" do
-      expect(@ability.model_adapter(Article, :read).conditions).to eq("'t'='f'")
-    end
-
-    it "returns false conditions for cannot clause" do
-      @ability.cannot :read, Article
-      expect(@ability.model_adapter(Article, :read).conditions).to eq("'t'='f'")
-    end
-
-    it "returns SQL for single `can` definition in front of default `cannot` condition" do
-      @ability.cannot :read, Article
-      @ability.can :read, Article, :published => false, :secret => true
-      expect(@ability.model_adapter(Article, :read).conditions).to orderlessly_match(%Q["#{@article_table}"."published" = 'f' AND "#{@article_table}"."secret" = 't'])
-    end
-
-    it "returns true condition for single `can` definition in front of default `can` condition" do
-      @ability.can :read, Article
-      @ability.can :read, Article, :published => false, :secret => true
-      expect(@ability.model_adapter(Article, :read).conditions).to eq("'t'='t'")
-    end
-
-    it "returns `false condition` for single `cannot` definition in front of default `cannot` condition" do
-      @ability.cannot :read, Article
-      @ability.cannot :read, Article, :published => false, :secret => true
-      expect(@ability.model_adapter(Article, :read).conditions).to eq("'t'='f'")
-    end
-
-    it "returns `not (sql)` for single `cannot` definition in front of default `can` condition" do
-      @ability.can :read, Article
-      @ability.cannot :read, Article, :published => false, :secret => true
-      expect(@ability.model_adapter(Article, :read).conditions).to orderlessly_match(%Q["not (#{@article_table}"."published" = 'f' AND "#{@article_table}"."secret" = 't')])
-    end
-
-    it "returns appropriate sql conditions in complex case" do
-      @ability.can :read, Article
-      @ability.can :manage, Article, :id => 1
-      @ability.can :update, Article, :published => true
-      @ability.cannot :update, Article, :secret => true
-      expect(@ability.model_adapter(Article, :update).conditions).to eq(%Q[not ("#{@article_table}"."secret" = 't') AND (("#{@article_table}"."published" = 't') OR ("#{@article_table}"."id" = 1))])
-      expect(@ability.model_adapter(Article, :manage).conditions).to eq({:id => 1})
-      expect(@ability.model_adapter(Article, :read).conditions).to eq("'t'='t'")
-    end
-
-    it "returns appropriate sql conditions in complex case with nested joins" do
-      @ability.can :read, Comment, :article => { :category => { :visible => true } }
-      expect(@ability.model_adapter(Comment, :read).conditions).to eq({ Category.table_name.to_sym => { :visible => true } })
-    end
-
-    it "returns appropriate sql conditions in complex case with nested joins of different depth" do
-      @ability.can :read, Comment, :article => { :published => true, :category => { :visible => true } }
-      expect(@ability.model_adapter(Comment, :read).conditions).to eq({ Article.table_name.to_sym => { :published => true }, Category.table_name.to_sym => { :visible => true } })
-    end
-
-    it "does not forget conditions when calling with SQL string" do
-      @ability.can :read, Article, :published => true
-      @ability.can :read, Article, ['secret=?', false]
-      adapter = @ability.model_adapter(Article, :read)
-      2.times do
-        expect(adapter.conditions).to eq(%Q[(secret='f') OR ("#{@article_table}"."published" = 't')])
-      end
-    end
-
-    it "has nil joins if no rules" do
-      expect(@ability.model_adapter(Article, :read).joins).to be_nil
-    end
-
-    it "has nil joins if no nested hashes specified in conditions" do
-      @ability.can :read, Article, :published => false
-      @ability.can :read, Article, :secret => true
-      expect(@ability.model_adapter(Article, :read).joins).to be_nil
-    end
-
-    it "merges separate joins into a single array" do
-      @ability.can :read, Article, :project => { :blocked => false }
-      @ability.can :read, Article, :company => { :admin => true }
-      expect(@ability.model_adapter(Article, :read).joins.inspect).to orderlessly_match([:company, :project].inspect)
-    end
-
-    it "merges same joins into a single array" do
-      @ability.can :read, Article, :project => { :blocked => false }
-      @ability.can :read, Article, :project => { :admin => true }
-      expect(@ability.model_adapter(Article, :read).joins).to eq([:project])
-    end
-
-    it "merges nested and non-nested joins" do
-      @ability.can :read, Article, :project => { :blocked => false }
-      @ability.can :read, Article, :project => { :comments => { :spam => true } }
-      expect(@ability.model_adapter(Article, :read).joins).to eq([{:project=>[:comments]}])
-    end
-
-    it "merges :all conditions with other conditions" do
-      user = User.create!
-      article = Article.create!(:user => user)
-      ability = Ability.new(user)
-      ability.can :manage, :all
-      ability.can :manage, Article, :user_id => user.id
-      expect(Article.accessible_by(ability)).to eq([article])
-    end
-
-    it 'should not execute a scope when checking ability on the class' do
-      relation = Article.where(:secret => true)
-      @ability.can :read, Article, relation do |article|
-        article.secret == true
-      end
-
-      allow(relation).to receive(:count).and_raise('Unexpected scope execution.')
-
-      expect { @ability.can? :read, Article }.not_to raise_error
-    end
-
-    context "with namespaced models" do
-      before :each do
-        ActiveRecord::Schema.define do
-          create_table( :table_xes ) do |t|
-            t.timestamps :null => false
-          end
-
-          create_table( :table_zs ) do |t|
-            t.integer :table_x_id
-            t.integer :user_id
-            t.timestamps :null => false
-          end
-        end
-
-        module Namespace
-        end
-
-        class Namespace::TableX < ActiveRecord::Base
-          has_many :table_zs
-        end
-
-        class Namespace::TableZ < ActiveRecord::Base
-          belongs_to :table_x
-          belongs_to :user
-        end
-      end
-
-      it "fetches all namespace::table_x when one is related by table_y" do
-        user = User.create!
-
-        ability = Ability.new(user)
-        ability.can :read, Namespace::TableX, :table_zs => { :user_id => user.id }
-
-        table_x = Namespace::TableX.create!
-        table_z = table_x.table_zs.create( :user => user )
-        expect(Namespace::TableX.accessible_by(ability)).to eq([table_x])
-      end
-    end
-  end
-end