codeprimate-cancan 1.6.5

data/spec/cancan/controller_additions_spec.rb

@@ -0,0 +1,137 @@
+require "spec_helper"
+
+describe CanCan::ControllerAdditions do
+  before(:each) do
+    @controller_class = Class.new
+    @controller = @controller_class.new
+    stub(@controller).params { {} }
+    stub(@controller).current_user { :current_user }
+    mock(@controller_class).helper_method(:can?, :cannot?, :current_ability)
+    @controller_class.send(:include, CanCan::ControllerAdditions)
+  end
+
+  it "should raise ImplementationRemoved when attempting to call 'unauthorized!' on a controller" do
+    lambda { @controller.unauthorized! }.should raise_error(CanCan::ImplementationRemoved)
+  end
+
+  it "authorize! should assign @_authorized instance variable and pass args to current ability" do
+    mock(@controller.current_ability).authorize!(:foo, :bar)
+    @controller.authorize!(:foo, :bar)
+    @controller.instance_variable_get(:@_authorized).should be_true
+  end
+
+  it "should have a current_ability method which generates an ability for the current user" do
+    @controller.current_ability.should be_kind_of(Ability)
+  end
+
+  it "should provide a can? and cannot? methods which go through the current ability" do
+    @controller.current_ability.should be_kind_of(Ability)
+    @controller.can?(:foo, :bar).should be_false
+    @controller.cannot?(:foo, :bar).should be_true
+  end
+
+  it "load_and_authorize_resource should setup a before filter which passes call to ControllerResource" do
+    stub(CanCan::ControllerResource).new(@controller, nil, :foo => :bar).mock!.load_and_authorize_resource
+    mock(@controller_class).before_filter({}) { |options, block| block.call(@controller) }
+    @controller_class.load_and_authorize_resource :foo => :bar
+  end
+
+  it "load_and_authorize_resource should properly pass first argument as the resource name" do
+    stub(CanCan::ControllerResource).new(@controller, :project, :foo => :bar).mock!.load_and_authorize_resource
+    mock(@controller_class).before_filter({}) { |options, block| block.call(@controller) }
+    @controller_class.load_and_authorize_resource :project, :foo => :bar
+  end
+
+  it "load_and_authorize_resource with :prepend should prepend the before filter" do
+    mock(@controller_class).prepend_before_filter({})
+    @controller_class.load_and_authorize_resource :foo => :bar, :prepend => true
+  end
+
+  it "authorize_resource should setup a before filter which passes call to ControllerResource" do
+    stub(CanCan::ControllerResource).new(@controller, nil, :foo => :bar).mock!.authorize_resource
+    mock(@controller_class).before_filter(:except => :show) { |options, block| block.call(@controller) }
+    @controller_class.authorize_resource :foo => :bar, :except => :show
+  end
+
+  it "load_resource should setup a before filter which passes call to ControllerResource" do
+    stub(CanCan::ControllerResource).new(@controller, nil, :foo => :bar).mock!.load_resource
+    mock(@controller_class).before_filter(:only => [:show, :index]) { |options, block| block.call(@controller) }
+    @controller_class.load_resource :foo => :bar, :only => [:show, :index]
+  end
+
+  it "skip_authorization_check should set up a before filter which sets @_authorized to true" do
+    mock(@controller_class).before_filter(:filter_options) { |options, block| block.call(@controller) }
+    @controller_class.skip_authorization_check(:filter_options)
+    @controller.instance_variable_get(:@_authorized).should be_true
+  end
+
+  it "check_authorization should trigger AuthorizationNotPerformed in after filter" do
+    mock(@controller_class).after_filter(:only => [:test]) { |options, block| block.call(@controller) }
+    lambda {
+      @controller_class.check_authorization(:only => [:test])
+    }.should raise_error(CanCan::AuthorizationNotPerformed)
+  end
+
+  it "check_authorization should not trigger AuthorizationNotPerformed when :if is false" do
+    stub(@controller).check_auth? { false }
+    mock(@controller_class).after_filter({}) { |options, block| block.call(@controller) }
+    lambda {
+      @controller_class.check_authorization(:if => :check_auth?)
+    }.should_not raise_error(CanCan::AuthorizationNotPerformed)
+  end
+
+  it "check_authorization should not trigger AuthorizationNotPerformed when :unless is true" do
+    stub(@controller).engine_controller? { true }
+    mock(@controller_class).after_filter({}) { |options, block| block.call(@controller) }
+    lambda {
+      @controller_class.check_authorization(:unless => :engine_controller?)
+    }.should_not raise_error(CanCan::AuthorizationNotPerformed)
+  end
+
+  it "check_authorization should not raise error when @_authorized is set" do
+    @controller.instance_variable_set(:@_authorized, true)
+    mock(@controller_class).after_filter(:only => [:test]) { |options, block| block.call(@controller) }
+    lambda {
+      @controller_class.check_authorization(:only => [:test])
+    }.should_not raise_error(CanCan::AuthorizationNotPerformed)
+  end
+
+  it "cancan_resource_class should be ControllerResource by default" do
+    @controller.class.cancan_resource_class.should == CanCan::ControllerResource
+  end
+
+  it "cancan_resource_class should be InheritedResource when class includes InheritedResources::Actions" do
+    stub(@controller.class).ancestors { ["InheritedResources::Actions"] }
+    @controller.class.cancan_resource_class.should == CanCan::InheritedResource
+  end
+
+  it "cancan_skipper should be an empty hash with :authorize and :load options and remember changes" do
+    @controller_class.cancan_skipper.should == {:authorize => {}, :load => {}}
+    @controller_class.cancan_skipper[:load] = true
+    @controller_class.cancan_skipper[:load].should == true
+  end
+
+  it "skip_authorize_resource should add itself to the cancan skipper with given model name and options" do
+    @controller_class.skip_authorize_resource(:project, :only => [:index, :show])
+    @controller_class.cancan_skipper[:authorize][:project].should == {:only => [:index, :show]}
+    @controller_class.skip_authorize_resource(:only => [:index, :show])
+    @controller_class.cancan_skipper[:authorize][nil].should == {:only => [:index, :show]}
+    @controller_class.skip_authorize_resource(:article)
+    @controller_class.cancan_skipper[:authorize][:article].should == {}
+  end
+
+  it "skip_load_resource should add itself to the cancan skipper with given model name and options" do
+    @controller_class.skip_load_resource(:project, :only => [:index, :show])
+    @controller_class.cancan_skipper[:load][:project].should == {:only => [:index, :show]}
+    @controller_class.skip_load_resource(:only => [:index, :show])
+    @controller_class.cancan_skipper[:load][nil].should == {:only => [:index, :show]}
+    @controller_class.skip_load_resource(:article)
+    @controller_class.cancan_skipper[:load][:article].should == {}
+  end
+
+  it "skip_load_and_authore_resource should add itself to the cancan skipper with given model name and options" do
+    @controller_class.skip_load_and_authorize_resource(:project, :only => [:index, :show])
+    @controller_class.cancan_skipper[:load][:project].should == {:only => [:index, :show]}
+    @controller_class.cancan_skipper[:authorize][:project].should == {:only => [:index, :show]}
+  end
+end

data/spec/cancan/controller_resource_spec.rb

@@ -0,0 +1,412 @@
+require "spec_helper"
+
+describe CanCan::ControllerResource do
+  before(:each) do
+    @params = HashWithIndifferentAccess.new(:controller => "projects")
+    @controller_class = Class.new
+    @controller = @controller_class.new
+    @ability = Ability.new(nil)
+    stub(@controller).params { @params }
+    stub(@controller).current_ability { @ability }
+    stub(@controller_class).cancan_skipper { {:authorize => {}, :load => {}} }
+  end
+
+  it "should load the resource into an instance variable if params[:id] is specified" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "should not load resource into an instance variable if already set" do
+    @params.merge!(:action => "show", :id => 123)
+    @controller.instance_variable_set(:@project, :some_project)
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "should properly load resource for namespaced controller" do
+    project = Project.create!
+    @params.merge!(:controller => "admin/projects", :action => "show", :id => project.id)
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "should properly load resource for namespaced controller when using '::' for namespace" do
+    project = Project.create!
+    @params.merge!(:controller => "Admin::ProjectsController", :action => "show", :id => project.id)
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "should build a new resource with hash if params[:id] is not specified" do
+    @params.merge!(:action => "create", :project => {:name => "foobar"})
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+  end
+
+  it "should build a new resource with attributes from current ability" do
+    @params.merge!(:action => "new")
+    @ability.can(:create, Project, :name => "from conditions")
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).name.should == "from conditions"
+  end
+
+  it "should override initial attributes with params" do
+    @params.merge!(:action => "new", :project => {:name => "from params"})
+    @ability.can(:create, Project, :name => "from conditions")
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).name.should == "from params"
+  end
+
+  it "should build a collection when on index action when class responds to accessible_by" do
+    stub(Project).accessible_by(@ability, :index) { :found_projects }
+    @params[:action] = "index"
+    resource = CanCan::ControllerResource.new(@controller, :project)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should be_nil
+    @controller.instance_variable_get(:@projects).should == :found_projects
+  end
+
+  it "should not build a collection when on index action when class does not respond to accessible_by" do
+    @params[:action] = "index"
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should be_nil
+    @controller.instance_variable_defined?(:@projects).should be_false
+  end
+
+  it "should not use accessible_by when defining abilities through a block" do
+    stub(Project).accessible_by(@ability) { :found_projects }
+    @params[:action] = "index"
+    @ability.can(:read, Project) { |p| false }
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should be_nil
+    @controller.instance_variable_defined?(:@projects).should be_false
+  end
+
+  it "should not authorize single resource in collection action" do
+    @params[:action] = "index"
+    @controller.instance_variable_set(:@project, :some_project)
+    stub(@controller).authorize!(:index, Project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller)
+    lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
+  end
+
+  it "should authorize parent resource in collection action" do
+    @params[:action] = "index"
+    @controller.instance_variable_set(:@category, :some_category)
+    stub(@controller).authorize!(:show, :some_category) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller, :category, :parent => true)
+    lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
+  end
+
+  it "should perform authorization using controller action and loaded model" do
+    @params.merge!(:action => "show", :id => 123)
+    @controller.instance_variable_set(:@project, :some_project)
+    stub(@controller).authorize!(:show, :some_project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller)
+    lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
+  end
+
+  it "should perform authorization using controller action and non loaded model" do
+    @params.merge!(:action => "show", :id => 123)
+    stub(@controller).authorize!(:show, Project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller)
+    lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
+  end
+
+  it "should call load_resource and authorize_resource for load_and_authorize_resource" do
+    @params.merge!(:action => "show", :id => 123)
+    resource = CanCan::ControllerResource.new(@controller)
+    mock(resource).load_resource
+    mock(resource).authorize_resource
+    resource.load_and_authorize_resource
+  end
+
+  it "should not build a single resource when on custom collection action even with id" do
+    @params.merge!(:action => "sort", :id => 123)
+    resource = CanCan::ControllerResource.new(@controller, :collection => [:sort, :list])
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should be_nil
+  end
+
+  it "should load a collection resource when on custom action with no id param" do
+    stub(Project).accessible_by(@ability, :sort) { :found_projects }
+    @params[:action] = "sort"
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should be_nil
+    @controller.instance_variable_get(:@projects).should == :found_projects
+  end
+
+  it "should build a resource when on custom new action even when params[:id] exists" do
+    @params.merge!(:action => "build", :id => 123)
+    stub(Project).new { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :new => :build)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "should not try to load resource for other action if params[:id] is undefined" do
+    @params[:action] = "list"
+    resource = CanCan::ControllerResource.new(@controller)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should be_nil
+  end
+
+  it "should be a parent resource when name is provided which doesn't match controller" do
+    resource = CanCan::ControllerResource.new(@controller, :category)
+    resource.should be_parent
+  end
+
+  it "should not be a parent resource when name is provided which matches controller" do
+    resource = CanCan::ControllerResource.new(@controller, :project)
+    resource.should_not be_parent
+  end
+
+  it "should be parent if specified in options" do
+    resource = CanCan::ControllerResource.new(@controller, :project, {:parent => true})
+    resource.should be_parent
+  end
+
+  it "should not be parent if specified in options" do
+    resource = CanCan::ControllerResource.new(@controller, :category, {:parent => false})
+    resource.should_not be_parent
+  end
+
+  it "should load parent resource through proper id parameter" do
+    project = Project.create!
+    @params.merge!(:action => "index", :project_id => project.id)
+    resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "should load resource through the association of another parent resource using instance variable" do
+    @params.merge!(:action => "show", :id => 123)
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    stub(category).projects.stub!.find(123) { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :through => :category)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "should load resource through the custom association name" do
+    @params.merge!(:action => "show", :id => 123)
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    stub(category).custom_projects.stub!.find(123) { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :through => :category, :through_association => :custom_projects)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "should load resource through the association of another parent resource using method" do
+    @params.merge!(:action => "show", :id => 123)
+    category = Object.new
+    stub(@controller).category { category }
+    stub(category).projects.stub!.find(123) { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :through => :category)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "should not load through parent resource if instance isn't loaded when shallow" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    resource = CanCan::ControllerResource.new(@controller, :through => :category, :shallow => true)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "should raise AccessDenied when attempting to load resource through nil" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    resource = CanCan::ControllerResource.new(@controller, :through => :category)
+    lambda {
+      resource.load_resource
+    }.should raise_error(CanCan::AccessDenied) { |exception|
+      exception.action.should == :show
+      exception.subject.should == Project
+    }
+    @controller.instance_variable_get(:@project).should be_nil
+  end
+
+  it "should authorize nested resource through parent association on index action" do
+    @params.merge!(:action => "index")
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    stub(@controller).authorize!(:index, category => Project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller, :through => :category)
+    lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
+  end
+
+  it "should load through first matching if multiple are given" do
+    @params.merge!(:action => "show", :id => 123)
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    stub(category).projects.stub!.find(123) { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :through => [:category, :user])
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "should find record through has_one association with :singleton option without id param" do
+    @params.merge!(:action => "show", :id => nil)
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    stub(category).project { :some_project }
+    resource = CanCan::ControllerResource.new(@controller, :through => :category, :singleton => true)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "should not build record through has_one association with :singleton option because it can cause it to delete it in the database" do
+    @params.merge!(:action => "create", :project => {:name => "foobar"})
+    category = Category.new
+    @controller.instance_variable_set(:@category, category)
+    resource = CanCan::ControllerResource.new(@controller, :through => :category, :singleton => true)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+    @controller.instance_variable_get(:@project).category.should == category
+  end
+
+  it "should find record through has_one association with :singleton and :shallow options" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    resource = CanCan::ControllerResource.new(@controller, :through => :category, :singleton => true, :shallow => true)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "should build record through has_one association with :singleton and :shallow options" do
+    @params.merge!(:action => "create", :project => {:name => "foobar"})
+    resource = CanCan::ControllerResource.new(@controller, :through => :category, :singleton => true, :shallow => true)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+  end
+
+  it "should only authorize :show action on parent resource" do
+    project = Project.create!
+    @params.merge!(:action => "new", :project_id => project.id)
+    stub(@controller).authorize!(:show, project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller, :project, :parent => true)
+    lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
+  end
+
+  it "should load the model using a custom class" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    resource = CanCan::ControllerResource.new(@controller, :class => Project)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "should authorize based on resource name if class is false" do
+    @params.merge!(:action => "show", :id => 123)
+    stub(@controller).authorize!(:show, :project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller, :class => false)
+    lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
+  end
+
+  it "should load and authorize using custom instance name" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    stub(@controller).authorize!(:show, project) { raise CanCan::AccessDenied }
+    resource = CanCan::ControllerResource.new(@controller, :instance_name => :custom_project)
+    lambda { resource.load_and_authorize_resource }.should raise_error(CanCan::AccessDenied)
+    @controller.instance_variable_get(:@custom_project).should == project
+  end
+
+  it "should load resource using custom find_by attribute" do
+    project = Project.create!(:name => "foo")
+    @params.merge!(:action => "show", :id => "foo")
+    resource = CanCan::ControllerResource.new(@controller, :find_by => :name)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "should allow full find method to be passed into find_by option" do
+    project = Project.create!(:name => "foo")
+    @params.merge!(:action => "show", :id => "foo")
+    resource = CanCan::ControllerResource.new(@controller, :find_by => :find_by_name)
+    resource.load_resource
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "should raise ImplementationRemoved when adding :name option" do
+    lambda {
+      CanCan::ControllerResource.new(@controller, :name => :foo)
+    }.should raise_error(CanCan::ImplementationRemoved)
+  end
+
+  it "should raise ImplementationRemoved exception when specifying :resource option since it is no longer used" do
+    lambda {
+      CanCan::ControllerResource.new(@controller, :resource => Project)
+    }.should raise_error(CanCan::ImplementationRemoved)
+  end
+
+  it "should raise ImplementationRemoved exception when passing :nested option" do
+    lambda {
+      CanCan::ControllerResource.new(@controller, :nested => :project)
+    }.should raise_error(CanCan::ImplementationRemoved)
+  end
+
+  it "should skip resource behavior for :only actions in array" do
+    stub(@controller_class).cancan_skipper { {:load => {nil => {:only => [:index, :show]}}} }
+    @params.merge!(:action => "index")
+    CanCan::ControllerResource.new(@controller).skip?(:load).should be_true
+    CanCan::ControllerResource.new(@controller, :some_resource).skip?(:load).should be_false
+    @params.merge!(:action => "show")
+    CanCan::ControllerResource.new(@controller).skip?(:load).should be_true
+    @params.merge!(:action => "other_action")
+    CanCan::ControllerResource.new(@controller).skip?(:load).should be_false
+  end
+
+  it "should skip resource behavior for :only one action on resource" do
+    stub(@controller_class).cancan_skipper { {:authorize => {:project => {:only => :index}}} }
+    @params.merge!(:action => "index")
+    CanCan::ControllerResource.new(@controller).skip?(:authorize).should be_false
+    CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_true
+    @params.merge!(:action => "other_action")
+    CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_false
+  end
+
+  it "should skip resource behavior :except actions in array" do
+    stub(@controller_class).cancan_skipper { {:load => {nil => {:except => [:index, :show]}}} }
+    @params.merge!(:action => "index")
+    CanCan::ControllerResource.new(@controller).skip?(:load).should be_false
+    @params.merge!(:action => "show")
+    CanCan::ControllerResource.new(@controller).skip?(:load).should be_false
+    @params.merge!(:action => "other_action")
+    CanCan::ControllerResource.new(@controller).skip?(:load).should be_true
+    CanCan::ControllerResource.new(@controller, :some_resource).skip?(:load).should be_false
+  end
+
+  it "should skip resource behavior :except one action on resource" do
+    stub(@controller_class).cancan_skipper { {:authorize => {:project => {:except => :index}}} }
+    @params.merge!(:action => "index")
+    CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_false
+    @params.merge!(:action => "other_action")
+    CanCan::ControllerResource.new(@controller).skip?(:authorize).should be_false
+    CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_true
+  end
+
+  it "should skip loading and authorization" do
+    stub(@controller_class).cancan_skipper { {:authorize => {nil => {}}, :load => {nil => {}}} }
+    @params.merge!(:action => "new")
+    resource = CanCan::ControllerResource.new(@controller)
+    lambda { resource.load_and_authorize_resource }.should_not raise_error
+    @controller.instance_variable_get(:@project).should be_nil
+  end
+end