hobo 1.3.0.pre19 → 1.3.0.pre20

data/test/permissions/test_permissions.rb

@@ -1,13 +1,13 @@
-# Notes: 
-# 
+# Notes:
+#
 # create/update/delete by guest
 # create/update/delete by non-permitted user
 # create/update/delete by permitted user
-# 
+#
 # All of the above for has-many related records
 # All of the above for has-many through related records
 # All of the above for belongs-to related records
-# 
+#
 # a permitted user can't create/update/delete any of the above related records without :accessible
 
 
@@ -20,13 +20,13 @@ require 'shoulda'
 Models.init
 
 class PermissionsTest < Test::Unit::TestCase
-  
+
   def assert_create_prevented(*models)
     counts = models.*.count
     assert_raises(Hobo::PermissionDeniedError) { yield }
     assert_equal(counts, models.*.count)
   end
-  
+
   def assert_created(*args)
     expectations = {}
     args.in_groups_of(2) {|model, expected| expectations[model] = [model.count, expected]}
@@ -37,58 +37,58 @@ class PermissionsTest < Test::Unit::TestCase
       assert_equal(nums.last, delta, "Expected #{nums.last} #{model.name.pluralize} to be created, but #{delta} were")
     end
   end
-  
+
   def assert_change_prevented(record, field)
     was = record.send(field)
     assert_raises(Hobo::PermissionDeniedError) { yield }
     record.reload
     assert_equal was, record.send(field)
   end
-  
+
   def assert_deleted(record)
     assert_raises(ActiveRecord::RecordNotFound) { record.class.find(record.id) }
   end
-  
-  def assert_destroy_prevented(*records) 
+
+  def assert_destroy_prevented(*records)
     assert_raises(Hobo::PermissionDeniedError) { yield }
     records.each { |record| assert record.class.find(record.id) }
   end
-  
-  
+
+
   def existing_recipe(user=nil)
     user ||= User.new :name => "existing recipe owner"
     Recipe.create :name => "existing recipe", :user => user
   end
-  
+
 
   context "The permission system" do
-    
+
     context "with a guest user acting" do
       setup { @guest = Hobo::Model::Guest.new }
-      
+
       should "prevent creation of a recipe" do
         assert_create_prevented(Recipe) { Recipe.user_create! @guest, :name => "test recipe" }
       end
-      
+
       should "prevent update of an exiting recipe" do
         r = existing_recipe
         assert_change_prevented(r, :name) { r.user_update_attributes!(@guest, :name => "pwned!") }
       end
-      
+
       should "prevent deletion of an existing recipe" do
         r = existing_recipe
         assert_destroy_prevented(r) { r.user_destroy(@guest) }
       end
-      
+
     end
-    
+
     context "with a regular user acting" do
-      
-      setup { @user = User.create! :name => "regular" } 
-      
-      
+
+      setup { @user = User.create! :name => "regular" }
+
+
       # --- Permitted basic actions --- #
-      
+
       should "allow creation of a recipe" do
         assert_created Recipe, 1 do
            @recipe = Recipe.user_create! @user, :name => "test recipe"
@@ -102,7 +102,7 @@ class PermissionsTest < Test::Unit::TestCase
         r.reload
         assert_equal("new name", r.name)
       end
-      
+
       should "allow deletion of a recipe (owned by the acting user)" do
         r = existing_recipe(@user)
         r.user_destroy(@user)
@@ -115,28 +115,28 @@ class PermissionsTest < Test::Unit::TestCase
       should "prevent creation of a recipe owned by another user" do
         assert_create_prevented(Recipe) { Recipe.user_create! @user, :name => "test recipe", :user => User.new }
       end
-      
+
       context "on a recipe owned by another user" do
         setup { @r = existing_recipe(User.create!(:name => "a n other")) }
-    
+
         should "prevent update" do
           assert_change_prevented(@r, :name) { @r.user_update_attributes!(@user, :name => "pwned!") }
         end
-      
+
         should "prevent deletion" do
           assert_destroy_prevented(@r) { @r.user_destroy(@user) }
         end
-        
+
       end
-      
-      
+
+
       # --- Prevented actions on has_many related records --- #
-    
+
       # (sanity check)
       should "prevent creation of images without a recipe" do
         assert_create_prevented(Image) { Image.user_create! @user, :name => "test image" }
       end
-    
+
       should "prevent creation of images along with a recipe" do # Only paid up users can
         assert_create_prevented(Recipe, Image) do
           Recipe.user_create! @user, :name => "test recipe",
@@ -144,7 +144,7 @@ class PermissionsTest < Test::Unit::TestCase
                                                   '1' => { :name => "image 2" } }
         end
       end
-      
+
       context "on an another's recipe with images" do
         setup do
           user = User.create :name => "a n other"
@@ -152,71 +152,71 @@ class PermissionsTest < Test::Unit::TestCase
           @i1 = @r.images.create(:name => "image 1")
           @i2 = @r.images.create(:name => "image 2")
         end
-          
+
         should "prevent update of those images" do
           assert_change_prevented(@i1, :name) do
             @r.user_update_attributes!(@user, :images => { '0' => { :id => @i1.id, :name => "pwned!" } })
           end
         end
-      
+
         should "prevent deletion of those images" do
           assert_destroy_prevented(@i1, @i2) { @r.user_update_attributes!(@user, :images => { }) }
         end
       end
-      
+
       # Note: permitted actions on has-many associated records are in the paid-up user section
       # Tis the tyranny of the dominant hiearchy : )
-      
+
 
       # --- Permitted actions on has_many :through relationships --- #
-      
+
       context "" do
         setup do
           @c1 = User.create :name => "Collaborator 1"
           @c2 = User.create :name => "Collaborator 2"
         end
-      
+
         should "allow adding collaborators when creating a recipe" do
-          @r = Recipe.user_create! @user, :name => "my recipe", 
+          @r = Recipe.user_create! @user, :name => "my recipe",
                                           :collaborators => { '0' => "@#{@c1.id}", '1' => "@#{@c2.id}" }
           assert_equal(@r.collaborators, [@c1, @c2])
         end
-      
+
         should "allow adding collaborators to a recipe" do
           @r = existing_recipe(@user)
-        
+
           @r.user_update_attributes! @user, :collaborators => { '0' => "@#{@c1.id}", '1' => "@#{@c2.id}" }
           assert_equal(@r.collaborators, [@c1, @c2])
         end
-      
+
         should "allow removing collaborators from a recipe" do
           @r = existing_recipe(@user)
           @r.collaborators << @c1
-          @r.collaborators << @c2          
+          @r.collaborators << @c2
           join1, join2 = @r.collaboratorships
-          
+
           # sanity check
           @r.reload
           assert_equal(@r.collaborators.length, 2)
 
           @r.user_update_attributes! @user, :collaborators => {}
           assert_equal(@r.collaborators.length, 0)
-          
+
           assert_deleted(join1)
           assert_deleted(join2)
         end
-      
-      
+
+
         # --- Prevented actions on has_many :through relationships --- #
-      
+
         context "on another's recipe" do
           setup do
             other_user = User.create :name => "a n other"
             @r = existing_recipe(other_user)
           end
-      
+
           should "prevent adding collaborators" do
-            assert_create_prevented(Collaboratorship) do 
+            assert_create_prevented(Collaboratorship) do
               @r.user_update_attributes! @user, :collaborators => { '0' => "@#{@c1.id}", '1' => "@#{@c2.id}" }
             end
           end
@@ -233,45 +233,45 @@ class PermissionsTest < Test::Unit::TestCase
             end
           end
         end
-      
+
       end
-      
+
       # --- Permitted actions on a belongs_to related record --- #
-      
+
       should "allow creation of a code-example along with a recipe" do
         assert_created(Recipe, 1, CodeExample, 1) do
-          @r = Recipe.user_create! @user, :name => "recipe with code example", 
+          @r = Recipe.user_create! @user, :name => "recipe with code example",
                                          :code_example => { :filename => "code.zip" }
         end
         assert_equal("code.zip", @r.code_example.filename)
       end
-      
+
       should "allow creation of a code-example for an existing recipe" do
         @r = existing_recipe(@user)
         assert_created(CodeExample, 1) do
           @r.user_update_attributes! @user, :code_example => { :filename => "code.zip" }
         end
-        assert_equal("code.zip", @r.code_example.filename)        
+        assert_equal("code.zip", @r.code_example.filename)
       end
-      
+
       should "allow the code example related to a recipe to be changed" do
         r = existing_recipe @user
         c1 = CodeExample.create! :filename => "exmaple1.zip"
         c2 = CodeExample.create! :filename => "exmaple2.zip"
         r.code_example = c1
         r.save
-        
+
         r.user_update_attributes! @user, :code_example => "@#{c2.id}"
-        
+
         assert_equal(c2, r.code_example)
       end
-      
-      context "on an existing recipe with a code example" do 
+
+      context "on an existing recipe with a code example" do
         setup do
           @ce = CodeExample.create! :filename => "exmaple.zip"
           @r = Recipe.create :name => "existing recipe", :user => @user, :code_example => @ce
         end
-      
+
         should "allow update of the code-example" do
           # To update the exsting target of a belongs_to association, the id must be included in the hash
           # It is an error to provide any id other than that of the existing target
@@ -286,12 +286,12 @@ class PermissionsTest < Test::Unit::TestCase
           assert_nil @r.code_example
           # Note - the code-example is not deleted from the database
         end
-        
+
       end
-      
-      
+
+
       # --- Prevented actions on a belongs_to related record --- #
-      
+
       context "on another's recipe" do
         setup { @r = existing_recipe }
 
@@ -300,13 +300,13 @@ class PermissionsTest < Test::Unit::TestCase
             @r.user_update_attributes! @user, :code_example => { :filename => "code.zip" }
           end
         end
-        
+
         context "with a code example" do
           setup do
             @ce = @r.code_example = CodeExample.create!(:filename => "exmaple.zip")
             @r.save
           end
-      
+
           should "prevent update of the code-example" do
             assert_change_prevented(@ce, :filename) do
               @r.user_update_attributes! @user, :code_example => { :filename => "changed.zip" }
@@ -317,23 +317,23 @@ class PermissionsTest < Test::Unit::TestCase
             assert_change_prevented(@r, :code_example_id) do
               @r.user_update_attributes! @user, :code_example => {}
             end
-            
+
           end
         end
-      end      
-      
+      end
+
       # --- Actions on non-accesible has_many associations --- #
-      
-      # When associations are not declared :accesssible => true, attemting to update them 
+
+      # When associations are not declared :accesssible => true, attemting to update them
       # causes a type-mismatch
-      
+
       should "prevent creation of comments via a recipe" do
         r = existing_recipe
         assert_raises(ActiveRecord::AssociationTypeMismatch) do
           r.user_update_attributes! @user, :comments => { '0' => { :body => "dodgy comment"} }
         end
       end
-      
+
       should "prevent update of comments via their recipe" do
         r = existing_recipe
         c = r.comments.create :body => "My nice comment"
@@ -341,26 +341,26 @@ class PermissionsTest < Test::Unit::TestCase
           r.user_update_attributes! @user, :comments => { '0' => { :id => c.id, :body => "dodgy comment"} }
         end
       end
-      
+
       should "prevent deletion of comments via their recipe" do
         r = existing_recipe
         c = r.comments.create :body => "My nice comment"
         assert_destroy_prevented(c) do
           r.user_update_attributes! @user, :comments => { }
-        end        
+        end
       end
-      
-      
+
+
       # --- Actions on non-accessible belongs_to associations --- #
-      
+
       should "prevent creation of a recipe when creating a comment" do
         count = Recipe.count
-        assert_raises(ActiveRecord::AssociationTypeMismatch) do 
+        assert_raises(ActiveRecord::AssociationTypeMismatch) do
           Comment.user_create! @user, :body => "my comment", :recipe => { :name => "I created a recipe!" }
         end
         assert_equal(count, Recipe.count)
       end
-      
+
       should "prevent update of a recipe via one of its comments" do
         r = existing_recipe
         c = r.comments.create :body => "My comment"
@@ -369,7 +369,7 @@ class PermissionsTest < Test::Unit::TestCase
         end
         assert_equal("existing recipe", r.name)
       end
-      
+
       should "prevent deletion of a recipe via one of its comments" do
         r = existing_recipe
         c = r.comments.create :body => "My comment"
@@ -378,20 +378,20 @@ class PermissionsTest < Test::Unit::TestCase
         end
         assert Recipe.find(r.id)
       end
-      
+
     end
-        
+
     context "with a paid up user acting" do
       setup { @user = User.create! :name => "paid up user", :paid_up => true }
-    
+
       should "prevent direct creation of images" do # images must belong to a recipe
         assert_create_prevented(Image) { Image.user_create! @user, :name => "test image" }
       end
-      
+
       # --- Permitted actions on has_many related records --- #
-    
+
       should "allow creation of images along with a recipe" do
-        
+
         assert_created Recipe, 1, Image, 2 do
           @recipe = Recipe.user_create! @user, :images => { '0' => { :name => "image 1" },
                                                             '1' => { :name => "image 2" } }
@@ -406,14 +406,14 @@ class PermissionsTest < Test::Unit::TestCase
         end
 
       end
-      
+
       context "on an existing recipe with images" do
         setup do
           @recipe = Recipe.create! :name => "recipe with images", :user => @user
           @i1 = @recipe.images.create! :name => "image 1"
           @i2 = @recipe.images.create! :name => "image 2"
-        end      
-      
+        end
+
         should "allow creation of images when updating a recipe" do
           @recipe.user_update_attributes! @user, :images => { '0' => { :id => @i1.id },
                                                               '1' => { :id => @i2.id },
@@ -424,7 +424,7 @@ class PermissionsTest < Test::Unit::TestCase
           assert_equal("image 2", Image.find(@i2.id).name)
           assert_equal("new image", @recipe.images[2].name)
         end
-      
+
         should "allow updates to images when updating a recipe" do
           @recipe.user_update_attributes! @user, :images => { '0' => { :id => @i1.id, :name => "new name" },
                                                               '1' => { :id => @i2.id } }
@@ -433,19 +433,19 @@ class PermissionsTest < Test::Unit::TestCase
           assert_equal("new name", Image.find(@i1.id).name)
           assert_equal("new name", @recipe.images[0].name)
         end
-      
+
         should "allow deletion of images when updating a recipe" do
           @recipe.user_update_attributes! @user, :images => { '0' => { :id => @i1.id } }
           @recipe.reload
           assert_equal(1, @recipe.images.length)
           assert_deleted(@i2)
         end
-      
+
       end
-        
-    
+
+
     end
-    
-  end  
-  
-end  
+
+  end
+
+end