culturecode-cancan 2.0.0.alpha

data/spec/cancan/exceptions_spec.rb

@@ -0,0 +1,58 @@
+require "spec_helper"
+
+describe CanCan::Unauthorized do
+  describe "with action and subject" do
+    before(:each) do
+      @exception = CanCan::Unauthorized.new(nil, :some_action, :some_subject)
+    end
+
+    it "has action and subject accessors" do
+      @exception.action.should == :some_action
+      @exception.subject.should == :some_subject
+    end
+
+    it "has a changable default message" do
+      @exception.message.should == "You are not authorized to access this page."
+      @exception.default_message = "Unauthorized!"
+      @exception.message.should == "Unauthorized!"
+    end
+  end
+
+  describe "with only a message" do
+    before(:each) do
+      @exception = CanCan::Unauthorized.new("Access denied!")
+    end
+
+    it "has nil action and subject" do
+      @exception.action.should be_nil
+      @exception.subject.should be_nil
+    end
+
+    it "has passed message" do
+      @exception.message.should == "Access denied!"
+    end
+  end
+
+  describe "i18n in the default message" do
+    after(:each) do
+      I18n.backend = nil
+    end
+
+    it "uses i18n for the default message" do
+      I18n.backend.store_translations :en, :unauthorized => {:default => "This is a different message"}
+      @exception = CanCan::Unauthorized.new
+      @exception.message.should == "This is a different message"
+    end
+
+    it "defaults to a nice message" do
+      @exception = CanCan::Unauthorized.new
+      @exception.message.should == "You are not authorized to access this page."
+    end
+
+    it "does not use translation if a message is given" do
+      @exception = CanCan::Unauthorized.new("Hey! You're not welcome here")
+      @exception.message.should == "Hey! You're not welcome here"
+      @exception.message.should_not == "You are not authorized to access this page."
+    end
+  end
+end

data/spec/cancan/inherited_resource_spec.rb

@@ -0,0 +1,58 @@
+require "spec_helper"
+
+describe CanCan::InheritedResource do
+  before(:each) do
+    @params = HashWithIndifferentAccess.new(:controller => "projects")
+    @controller_class = Class.new
+    @controller = @controller_class.new
+    @ability = Ability.new(nil)
+    @controller.stub(:params) { @params }
+    @controller.stub(:current_ability) { @ability }
+    # @controller_class.stub(:cancan_skipper) { {:authorize => {}, :load => {}} }
+  end
+
+  it "show should load resource through @controller.resource" do
+    @params.merge!(:action => "show", :id => 123)
+    @controller.stub(:resource) { :project_resource }
+    CanCan::InheritedResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should == :project_resource
+  end
+
+  it "new should load through @controller.build_resource" do
+    @params[:action] = "new"
+    @controller.stub(:build_resource) { :project_resource }
+    CanCan::InheritedResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should == :project_resource
+  end
+
+  it "index should load through @controller.association_chain when parent" do
+    @params[:action] = "index"
+    @controller.stub(:association_chain) { @controller.instance_variable_set(:@project, :project_resource) }
+    CanCan::InheritedResource.new(@controller, :load => true, :parent => true).process
+    @controller.instance_variable_get(:@project).should == :project_resource
+  end
+
+  it "index should load through @controller.end_of_association_chain" do
+    @params[:action] = "index"
+    Project.stub(:accessible_by).with(@ability, :index) { :projects }
+    @controller.stub(:end_of_association_chain) { Project }
+    CanCan::InheritedResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@projects).should == :projects
+  end
+
+  it "should build a new resource with attributes from current ability" do
+    @params[:action] = "new"
+    @ability.can(:create, :projects, :name => "from conditions")
+    @controller.stub(:build_resource) { Struct.new(:name).new }
+    CanCan::InheritedResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).name.should == "from conditions"
+  end
+
+  it "should override initial attributes with params" do
+    @params.merge!(:action => "new", :project => {:name => "from params"})
+    @ability.can(:create, :projects, :name => "from conditions")
+    @controller.stub(:build_resource) { Struct.new(:name).new }
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).name.should == "from params"
+  end
+end

data/spec/cancan/matchers_spec.rb

@@ -0,0 +1,33 @@
+require "spec_helper"
+
+describe "be_able_to" do
+  it "delegates to can?" do
+    object = Object.new
+    object.should_receive(:can?).with(:read, 123) { true }
+    object.should be_able_to(:read, 123)
+  end
+
+  it "reports a nice failure message for should" do
+    object = Object.new
+    object.should_receive(:can?).with(:read, 123) { false }
+    expect do
+      object.should be_able_to(:read, 123)
+    end.should raise_error('expected to be able to :read 123')
+  end
+
+  it "reports a nice failure message for should not" do
+    object = Object.new
+    object.should_receive(:can?).with(:read, 123) { true }
+    expect do
+      object.should_not be_able_to(:read, 123)
+    end.should raise_error('expected not to be able to :read 123')
+  end
+
+  it "delegates additional arguments to can? and reports in failure message" do
+    object = Object.new
+    object.should_receive(:can?).with(:read, 123, 456) { false }
+    expect do
+      object.should be_able_to(:read, 123, 456)
+    end.should raise_error('expected to be able to :read 123 456')
+  end
+end

data/spec/cancan/model_adapters/active_record_adapter_spec.rb

@@ -0,0 +1,278 @@
+if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
+  require "spec_helper"
+
+  class Category
+    has_many :articles
+  end
+
+  class Article < ActiveRecord::Base
+    connection.create_table(table_name) do |t|
+      t.integer :category_id
+      t.string :name
+      t.boolean :published
+      t.boolean :secret
+      t.integer :priority
+    end
+    belongs_to :category
+    has_many :comments
+  end
+
+  class Comment < ActiveRecord::Base
+    connection.create_table(table_name) do |t|
+      t.integer :article_id
+      t.boolean :spam
+    end
+    belongs_to :article
+  end
+
+  describe CanCan::ModelAdapters::ActiveRecordAdapter do
+    before(:each) do
+      Article.delete_all
+      Comment.delete_all
+      @ability = Object.new
+      @ability.extend(CanCan::Ability)
+      @article_table = Article.table_name
+      @comment_table = Comment.table_name
+    end
+
+    it "is for only active record classes" do
+      CanCan::ModelAdapters::ActiveRecordAdapter.should_not be_for_class(Object)
+      CanCan::ModelAdapters::ActiveRecordAdapter.should be_for_class(Article)
+      CanCan::ModelAdapters::AbstractAdapter.adapter_class(Article).should == CanCan::ModelAdapters::ActiveRecordAdapter
+    end
+
+    it "finds record" do
+      article = Article.create!
+      CanCan::ModelAdapters::ActiveRecordAdapter.find(Article, article.id).should == article
+    end
+
+    it "does not fetch any records when no abilities are defined" do
+      Article.create!
+      Article.accessible_by(@ability).should be_empty
+    end
+
+    it "fetches all articles when one can read all" do
+      @ability.can :read, :articles
+      article = Article.create!
+      Article.accessible_by(@ability).should == [article]
+    end
+
+    it "fetches only the articles that are published" do
+      @ability.can :read, :articles, :published => true
+      article1 = Article.create!(:published => true)
+      article2 = Article.create!(:published => false)
+      Article.accessible_by(@ability).should == [article1]
+    end
+
+    it "fetches any articles which are published or secret" do
+      @ability.can :read, :articles, :published => true
+      @ability.can :read, :articles, :secret => true
+      article1 = Article.create!(:published => true, :secret => false)
+      article2 = Article.create!(:published => true, :secret => true)
+      article3 = Article.create!(:published => false, :secret => true)
+      article4 = Article.create!(:published => false, :secret => false)
+      Article.accessible_by(@ability).should == [article1, article2, article3]
+    end
+
+    it "fetches only the articles that are published and not secret" do
+      @ability.can :read, :articles, :published => true
+      @ability.cannot :read, :articles, :secret => true
+      article1 = Article.create!(:published => true, :secret => false)
+      article2 = Article.create!(:published => true, :secret => true)
+      article3 = Article.create!(:published => false, :secret => true)
+      article4 = Article.create!(:published => false, :secret => false)
+      Article.accessible_by(@ability).should == [article1]
+    end
+
+    it "only reads comments for articles which are published" do
+      @ability.can :read, :comments, :article => { :published => true }
+      comment1 = Comment.create!(:article => Article.create!(:published => true))
+      comment2 = Comment.create!(:article => Article.create!(:published => false))
+      Comment.accessible_by(@ability).should == [comment1]
+    end
+
+    it "only reads comments for visible categories through articles" do
+      pending "does ActiveRecord no longer support a deep nested hash of conditions?"
+      @ability.can :read, :comments, :article => { :category => { :visible => true } }
+      comment1 = Comment.create!(:article => Article.create!(:category => Category.create!(:visible => true)))
+      comment2 = Comment.create!(:article => Article.create!(:category => Category.create!(:visible => false)))
+      Comment.accessible_by(@ability).should == [comment1]
+    end
+
+    it "allows conditions in SQL and merge with hash conditions" do
+      @ability.can :read, :articles, :published => true
+      @ability.can :read, :articles, ["secret=?", true]
+      article1 = Article.create!(:published => true, :secret => false)
+      article2 = Article.create!(:published => true, :secret => true)
+      article3 = Article.create!(:published => false, :secret => true)
+      article4 = Article.create!(:published => false, :secret => false)
+      Article.accessible_by(@ability).should == [article1, article2, article3]
+    end
+
+    it "allows a scope for conditions" do
+      @ability.can :read, :articles, Article.where(:secret => true)
+      article1 = Article.create!(:secret => true)
+      article2 = Article.create!(:secret => false)
+      Article.accessible_by(@ability).should == [article1]
+    end
+
+    it "fetches only associated records when using with a scope for conditions" do
+      @ability.can :read, :articles, Article.where(:secret => true)
+      category1 = Category.create!(:visible => false)
+      category2 = Category.create!(:visible => true)
+      article1 = Article.create!(:secret => true, :category => category1)
+      article2 = Article.create!(:secret => true, :category => category2)
+      # for some reason the objects aren't comparing equally here so it's necessary to compare by id
+      category1.articles.accessible_by(@ability).map(&:id).should == [article1.id]
+    end
+
+    it "raises an exception when trying to merge scope with other conditions" do
+      @ability.can :read, :articles, :published => true
+      @ability.can :read, :articles, Article.where(:secret => true)
+      lambda { Article.accessible_by(@ability) }.should raise_error(CanCan::Error, "Unable to merge an Active Record scope with other conditions. Instead use a hash or SQL for read articles ability.")
+    end
+
+    it "does not allow to fetch records when ability with just block present" do
+      @ability.can :read, :articles do
+        false
+      end
+      lambda { Article.accessible_by(@ability) }.should raise_error(CanCan::Error)
+    end
+
+    it "does not allow to check ability on object against SQL conditions without block" do
+      @ability.can :read, :articles, ["secret=?", true]
+      lambda { @ability.can? :read, Article.new }.should raise_error(CanCan::Error)
+    end
+
+    it "has false conditions if no abilities match" do
+      @ability.model_adapter(Article, :read).conditions.should == "'t'='f'"
+    end
+
+    it "returns false conditions for cannot clause" do
+      @ability.cannot :read, :articles
+      @ability.model_adapter(Article, :read).conditions.should == "'t'='f'"
+    end
+
+    it "returns SQL for single `can` definition in front of default `cannot` condition" do
+      @ability.cannot :read, :articles
+      @ability.can :read, :articles, :published => false, :secret => true
+      @ability.model_adapter(Article, :read).conditions.should orderlessly_match(%Q["#{@article_table}"."published" = 'f' AND "#{@article_table}"."secret" = 't'])
+    end
+
+    it "returns true condition for single `can` definition in front of default `can` condition" do
+      @ability.can :read, :articles
+      @ability.can :read, :articles, :published => false, :secret => true
+      @ability.model_adapter(Article, :read).conditions.should eq(:secret => true, :published => false)
+    end
+
+    it "returns `false condition` for single `cannot` definition in front of default `cannot` condition" do
+      @ability.cannot :read, :articles
+      @ability.cannot :read, :articles, :published => false, :secret => true
+      @ability.model_adapter(Article, :read).conditions.should  == "'t'='f'"
+    end
+
+    it "returns `not (sql)` for single `cannot` definition in front of default `can` condition" do
+      @ability.can :read, :articles
+      @ability.cannot :read, :articles, :published => false, :secret => true
+      @ability.model_adapter(Article, :read).conditions.should orderlessly_match(%Q["not (#{@article_table}"."published" = 'f' AND "#{@article_table}"."secret" = 't')])
+    end
+
+    it "returns appropriate sql conditions in complex case" do
+      @ability.can :read, :articles
+      @ability.can :access, :articles, :id => 1
+      @ability.can :update, :articles, :published => true
+      @ability.cannot :update, :articles, :secret => true
+      @ability.model_adapter(Article, :update).conditions.should == %Q[not ("#{@article_table}"."secret" = 't') AND (("#{@article_table}"."published" = 't') OR ("#{@article_table}"."id" = 1))]
+      @ability.model_adapter(Article, :access).conditions.should == {:id => 1}
+      @ability.model_adapter(Article, :read).conditions.should == {:id => 1} # used to be "t=t" but changed with new specificity rule (issue #321)
+    end
+
+    it "does not forget conditions when calling with SQL string" do
+      @ability.can :read, :articles, :published => true
+      @ability.can :read, :articles, ['secret=?', false]
+      adapter = @ability.model_adapter(Article, :read)
+      2.times do
+        adapter.conditions.should == %Q[(secret='f') OR ("#{@article_table}"."published" = 't')]
+      end
+    end
+
+    it "has nil joins if no rules" do
+      @ability.model_adapter(Article, :read).joins.should be_nil
+    end
+
+    it "has nil joins if no nested hashes specified in conditions" do
+      @ability.can :read, :articles, :published => false
+      @ability.can :read, :articles, :secret => true
+      @ability.model_adapter(Article, :read).joins.should be_nil
+    end
+
+    it "merges separate joins into a single array" do
+      @ability.can :read, :articles, :project => { :blocked => false }
+      @ability.can :read, :articles, :company => { :admin => true }
+      @ability.model_adapter(Article, :read).joins.inspect.should orderlessly_match([:company, :project].inspect)
+    end
+
+    it "merges same joins into a single array" do
+      @ability.can :read, :articles, :project => { :blocked => false }
+      @ability.can :read, :articles, :project => { :admin => true }
+      @ability.model_adapter(Article, :read).joins.should == [:project]
+    end
+
+    it "restricts articles given a MetaWhere condition" do
+      pending
+      @ability.can :read, :articles, :priority.lt => 2
+      article1 = Article.create!(:priority => 1)
+      article2 = Article.create!(:priority => 3)
+      Article.accessible_by(@ability).should == [article1]
+      @ability.should be_able_to(:read, article1)
+      @ability.should_not be_able_to(:read, article2)
+    end
+
+    it "should merge MetaWhere and non-MetaWhere conditions" do
+      pending
+      @ability.can :read, Article, :priority.lt => 2
+      @ability.can :read, Article, :priority => 1
+      article1 = Article.create!(:priority => 1)
+      article2 = Article.create!(:priority => 3)
+      Article.accessible_by(@ability).should == [article1]
+      @ability.should be_able_to(:read, article1)
+      @ability.should_not be_able_to(:read, article2)
+    end
+
+    it "matches any MetaWhere condition" do
+      pending
+      adapter = CanCan::ModelAdapters::ActiveRecordAdapter
+      article1 = Article.new(:priority => 1, :name => "Hello World")
+      adapter.matches_condition?(article1, :priority.eq, 1).should be_true
+      adapter.matches_condition?(article1, :priority.eq, 2).should be_false
+      adapter.matches_condition?(article1, :priority.eq_any, [1, 2]).should be_true
+      adapter.matches_condition?(article1, :priority.eq_any, [2, 3]).should be_false
+      adapter.matches_condition?(article1, :priority.eq_all, [1, 1]).should be_true
+      adapter.matches_condition?(article1, :priority.eq_all, [1, 2]).should be_false
+      adapter.matches_condition?(article1, :priority.ne, 2).should be_true
+      adapter.matches_condition?(article1, :priority.ne, 1).should be_false
+      adapter.matches_condition?(article1, :priority.in, [1, 2]).should be_true
+      adapter.matches_condition?(article1, :priority.in, [2, 3]).should be_false
+      adapter.matches_condition?(article1, :priority.nin, [2, 3]).should be_true
+      adapter.matches_condition?(article1, :priority.nin, [1, 2]).should be_false
+      adapter.matches_condition?(article1, :priority.lt, 2).should be_true
+      adapter.matches_condition?(article1, :priority.lt, 1).should be_false
+      adapter.matches_condition?(article1, :priority.lteq, 1).should be_true
+      adapter.matches_condition?(article1, :priority.lteq, 0).should be_false
+      adapter.matches_condition?(article1, :priority.gt, 0).should be_true
+      adapter.matches_condition?(article1, :priority.gt, 1).should be_false
+      adapter.matches_condition?(article1, :priority.gteq, 1).should be_true
+      adapter.matches_condition?(article1, :priority.gteq, 2).should be_false
+      adapter.matches_condition?(article1, :name.like, "%ello worl%").should be_true
+      adapter.matches_condition?(article1, :name.like, "hello world").should be_true
+      adapter.matches_condition?(article1, :name.like, "hello%").should be_true
+      adapter.matches_condition?(article1, :name.like, "h%d").should be_true
+      adapter.matches_condition?(article1, :name.like, "%helo%").should be_false
+      adapter.matches_condition?(article1, :name.like, "hello").should be_false
+      adapter.matches_condition?(article1, :name.like, "hello.world").should be_false
+      # For some reason this is reporting "The not_matches MetaWhere condition is not supported."
+      # adapter.matches_condition?(article1, :name.nlike, "%helo%").should be_true
+      # adapter.matches_condition?(article1, :name.nlike, "%ello worl%").should be_false
+    end
+  end
+end

data/spec/cancan/model_adapters/data_mapper_adapter_spec.rb

@@ -0,0 +1,120 @@
+if ENV["MODEL_ADAPTER"] == "data_mapper"
+  require "spec_helper"
+
+  DataMapper.setup(:default, 'sqlite::memory:')
+
+  class DataMapperArticle
+    include DataMapper::Resource
+    property :id, Serial
+    property :published, Boolean, :default => false
+    property :secret, Boolean, :default => false
+    property :priority, Integer
+    has n, :data_mapper_comments
+  end
+
+  class DataMapperComment
+    include DataMapper::Resource
+    property :id, Serial
+    property :spam, Boolean, :default => false
+    belongs_to :data_mapper_article
+  end
+
+  DataMapper.finalize
+  DataMapper.auto_migrate!
+
+  describe CanCan::ModelAdapters::DataMapperAdapter do
+    before(:each) do
+      DataMapperArticle.destroy
+      DataMapperComment.destroy
+      @ability = Object.new
+      @ability.extend(CanCan::Ability)
+    end
+
+    it "is for only data mapper classes" do
+      CanCan::ModelAdapters::DataMapperAdapter.should_not be_for_class(Object)
+      CanCan::ModelAdapters::DataMapperAdapter.should be_for_class(DataMapperArticle)
+      CanCan::ModelAdapters::AbstractAdapter.adapter_class(DataMapperArticle).should == CanCan::ModelAdapters::DataMapperAdapter
+    end
+
+    it "finds record" do
+      article = DataMapperArticle.create
+      CanCan::ModelAdapters::DataMapperAdapter.find(DataMapperArticle, article.id).should == article
+    end
+
+    it "does not fetch any records when no abilities are defined" do
+      DataMapperArticle.create
+      DataMapperArticle.accessible_by(@ability).should be_empty
+    end
+
+    it "fetches all articles when one can read all" do
+      @ability.can :read, :data_mapper_articles
+      article = DataMapperArticle.create
+      DataMapperArticle.accessible_by(@ability).should == [article]
+    end
+
+    it "fetches only the articles that are published" do
+      @ability.can :read, :data_mapper_articles, :published => true
+      article1 = DataMapperArticle.create(:published => true)
+      article2 = DataMapperArticle.create(:published => false)
+      DataMapperArticle.accessible_by(@ability).should == [article1]
+    end
+
+    it "fetches any articles which are published or secret" do
+      @ability.can :read, :data_mapper_articles, :published => true
+      @ability.can :read, :data_mapper_articles, :secret => true
+      article1 = DataMapperArticle.create(:published => true, :secret => false)
+      article2 = DataMapperArticle.create(:published => true, :secret => true)
+      article3 = DataMapperArticle.create(:published => false, :secret => true)
+      article4 = DataMapperArticle.create(:published => false, :secret => false)
+      DataMapperArticle.accessible_by(@ability).should == [article1, article2, article3]
+    end
+
+    it "fetches only the articles that are published and not secret" do
+      pending "the `cannot` may require some custom SQL, maybe abstract out from Active Record adapter"
+      @ability.can :read, :data_mapper_articles, :published => true
+      @ability.cannot :read, :data_mapper_articles, :secret => true
+      article1 = DataMapperArticle.create(:published => true, :secret => false)
+      article2 = DataMapperArticle.create(:published => true, :secret => true)
+      article3 = DataMapperArticle.create(:published => false, :secret => true)
+      article4 = DataMapperArticle.create(:published => false, :secret => false)
+      DataMapperArticle.accessible_by(@ability).should == [article1]
+    end
+
+    it "only reads comments for articles which are published" do
+      @ability.can :read, :data_mapper_comments, :data_mapper_article => { :published => true }
+      comment1 = DataMapperComment.create(:data_mapper_article => DataMapperArticle.create!(:published => true))
+      comment2 = DataMapperComment.create(:data_mapper_article => DataMapperArticle.create!(:published => false))
+      DataMapperComment.accessible_by(@ability).should == [comment1]
+    end
+
+    it "allows conditions in SQL and merge with hash conditions" do
+      @ability.can :read, :data_mapper_articles, :published => true
+      @ability.can :read, :data_mapper_articles, ["secret=?", true]
+      article1 = DataMapperArticle.create(:published => true, :secret => false)
+      article4 = DataMapperArticle.create(:published => false, :secret => false)
+      DataMapperArticle.accessible_by(@ability).should == [article1]
+    end
+
+    it "matches gt comparison" do
+      @ability.can :read, :data_mapper_articles, :priority.gt => 3
+      article1 = DataMapperArticle.create(:priority => 4)
+      article2 = DataMapperArticle.create(:priority => 3)
+      DataMapperArticle.accessible_by(@ability).should == [article1]
+      @ability.should be_able_to(:read, article1)
+      @ability.should_not be_able_to(:read, article2)
+    end
+
+    it "matches gte comparison" do
+      @ability.can :read, :data_mapper_articles, :priority.gte => 3
+      article1 = DataMapperArticle.create(:priority => 4)
+      article2 = DataMapperArticle.create(:priority => 3)
+      article3 = DataMapperArticle.create(:priority => 2)
+      DataMapperArticle.accessible_by(@ability).should == [article1, article2]
+      @ability.should be_able_to(:read, article1)
+      @ability.should be_able_to(:read, article2)
+      @ability.should_not be_able_to(:read, article3)
+    end
+
+    # TODO: add more comparison specs
+  end
+end