permit 0.9.0 → 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -10,6 +10,14 @@ def allow_person_rule(options = {})
10
10
  allow_rule options
11
11
  end
12
12
 
13
+ def true_conditional
14
+ true
15
+ end
16
+
17
+ def false_conditional
18
+ false
19
+ end
20
+
13
21
  module Permit::Specs
14
22
  describe PermitRule, "initialization" do
15
23
  context "of roles" do
@@ -62,17 +70,17 @@ module Permit::Specs
62
70
 
63
71
  it "should store accept the resource through :of" do
64
72
  r = allow_rule :of => :team
65
- r.target_var.should == :team
73
+ r.target_vars.should == [:team]
66
74
  end
67
75
 
68
76
  it "should accept the resource through :on" do
69
77
  r = allow_rule :on => :project
70
- r.target_var.should == :project
78
+ r.target_vars.should == [:project]
71
79
  end
72
80
 
73
81
  it "should not be modifiable" do
74
82
  r = allow_rule :on => :project
75
- lambda {r.target_var = :other}.should raise_error(NoMethodError)
83
+ lambda {r.target_vars << :other}.should raise_error(TypeError, "can't modify frozen array")
76
84
  end
77
85
  end
78
86
 
@@ -107,7 +115,7 @@ module Permit::Specs
107
115
 
108
116
  it "should accept the resource and method" do
109
117
  r = allow_person_rule :who => :is_member, :of => :team
110
- r.target_var.should == :team
118
+ r.target_vars.should == [:team]
111
119
  r.method.should == :is_member
112
120
  end
113
121
  end
@@ -191,153 +199,344 @@ module Permit::Specs
191
199
  end
192
200
  end
193
201
 
194
- context "using an is_* method" do
195
- before {@rule = allow_person_rule :who => :is_owner, :on => :team}
202
+ context "when the target resource does not exist" do
203
+ it "should raise an error" do
204
+ rule = allow_person_rule :who => :is_owner, :on => :oops
205
+ lambda {
206
+ rule.matches? @person, binding
207
+ }.should raise_error(PermitEvaluationError, "Target resource '@oops' did not exist in the given context.")
208
+ end
209
+ end
210
+
211
+ context "with one resource" do
212
+ context "using an is_* method" do
213
+ before {@rule = allow_person_rule :who => :is_owner, :on => :team}
196
214
 
197
- context "attempting #is_owner" do
198
- it "should call #is_owner on the resource" do
199
- @team.should_receive(:is_owner).with(@person).and_return(true)
200
- @rule.matches?(@person, binding)
215
+ context "attempting #is_owner" do
216
+ it "should call #is_owner on the resource" do
217
+ @team.should_receive(:is_owner).with(@person).and_return(true)
218
+ @rule.matches?(@person, binding)
219
+ end
220
+
221
+ it "should return the result of the resource call" do
222
+ @team.stub!(:is_owner).and_return(true)
223
+ @rule.matches?(@person, binding).should be_true
224
+ @team.stub!(:is_owner).and_return(false)
225
+ @rule.matches?(@person, binding).should be_false
226
+ end
201
227
  end
202
228
 
203
- it "should return the result of the resource call" do
204
- @team.stub!(:is_owner).and_return(true)
205
- @rule.matches?(@person, binding).should be_true
206
- @team.stub!(:is_owner).and_return(false)
207
- @rule.matches?(@person, binding).should be_false
229
+ context "attempting #is_owner?" do
230
+ it "should call #is_owner? on the resource" do
231
+ @team.should_receive(:is_owner?).with(@person).and_return(true)
232
+ @rule.matches?(@person, binding).should be_true
233
+ end
234
+
235
+ it "should return the result of the resource call" do
236
+ @team.stub!(:is_owner?).and_return(true)
237
+ @rule.matches?(@person, binding).should be_true
238
+ @team.stub!(:is_owner?).and_return(false)
239
+ @rule.matches?(@person, binding).should be_false
240
+ end
208
241
  end
209
- end
210
242
 
211
- context "attempting #is_owner?" do
212
- it "should call #is_owner? on the resource" do
213
- @team.should_receive(:is_owner?).with(@person).and_return(true)
214
- @rule.matches?(@person, binding).should be_true
243
+ context "attempting #owner?" do
244
+ it "should call #owner? on the resource" do
245
+ @team.should_receive(:owner?).with(@person).and_return(false)
246
+ @rule.matches?(@person, binding).should be_false
247
+ end
248
+
249
+ it "should return the result of the resource call" do
250
+ @team.stub!(:owner?).and_return(true)
251
+ @rule.matches?(@person, binding).should be_true
252
+ @team.stub!(:owner?).and_return(false)
253
+ @rule.matches?(@person, binding).should be_false
254
+ end
215
255
  end
216
256
 
217
- it "should return the result of the resource call" do
218
- @team.stub!(:is_owner?).and_return(true)
219
- @rule.matches?(@person, binding).should be_true
220
- @team.stub!(:is_owner?).and_return(false)
221
- @rule.matches?(@person, binding).should be_false
257
+ context "attempting #owner" do
258
+ it "should call #owner on the resource" do
259
+ @team.should_receive(:owner).and_return(@person)
260
+ @rule.matches?(@person, binding).should be_true
261
+ end
262
+
263
+ it "should return the result of the comparison of the resource call with the current person" do
264
+ @team.stub!(:owner).and_return(@person)
265
+ @rule.matches?(@person, binding).should be_true
266
+ jim = Person.create :name => 'jim'
267
+ @team.stub!(:owner).and_return(jim)
268
+ @rule.matches?(@person, binding).should be_false
269
+ end
222
270
  end
223
- end
224
271
 
225
- context "attempting #owner?" do
226
- it "should call #owner? on the resource" do
227
- @team.should_receive(:owner?).with(@person).and_return(false)
228
- @rule.matches?(@person, binding).should be_false
272
+ context "attempting #owners.exists?" do
273
+ it "should call #owners.exists? on the resource" do
274
+ owners = mock("owners")
275
+ owners.should_receive(:exists?).with(@person).and_return(true)
276
+ @team.stub!(:owners).and_return(owners)
277
+ @rule.matches?(@person, binding).should be_true
278
+ end
279
+
280
+ it "should return the result of the resource call" do
281
+ owners = mock("owners")
282
+ @team.stub!(:owners).and_return(owners)
283
+ owners.stub!(:exists?).and_return(true)
284
+ @rule.matches?(@person, binding).should be_true
285
+ owners.stub!(:exists?).and_return(false)
286
+ @rule.matches?(@person, binding).should be_false
287
+ end
229
288
  end
230
289
 
231
- it "should return the result of the resource call" do
232
- @team.stub!(:owner?).and_return(true)
233
- @rule.matches?(@person, binding).should be_true
234
- @team.stub!(:owner?).and_return(false)
235
- @rule.matches?(@person, binding).should be_false
290
+ it "should raise an error if none of the attempted calls responded" do
291
+ @team.stub!(:respond_to?).and_return(false)
292
+ lambda {
293
+ @rule.matches?(@person, binding)
294
+ }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: is_owner, is_owner?, owner, owner?, owners")
236
295
  end
237
296
  end
238
297
 
239
- context "attempting #owner" do
240
- it "should call #owner on the resource" do
241
- @team.should_receive(:owner).and_return(@person)
242
- @rule.matches?(@person, binding).should be_true
243
- end
298
+ context "using an is_*? method" do
299
+ before {@rule = allow_person_rule :who => :is_manager?, :on => :team}
300
+
301
+ context "attempting #is_manager?" do
302
+ it "should call #is_manager? on the resource" do
303
+ @team.should_receive(:is_manager?).with(@person).and_return(true)
304
+ @rule.matches?(@person, binding)
305
+ end
306
+
307
+ it "should return the result from the resource call" do
308
+ @team.stub!(:is_manager?).and_return(true)
309
+ @rule.matches?(@person, binding).should be_true
310
+ @team.stub!(:is_manager?).and_return(false)
311
+ @rule.matches?(@person, binding).should be_false
312
+ end
313
+
314
+ it "should not call #manager? if resource responds to #is_manager?" do
315
+ @team.stub!(:is_manager?).and_return(true)
316
+ @team.should_not_receive(:manager?)
317
+ @rule.matches?(@person, binding)
318
+ end
244
319
 
245
- it "should return the result of the comparison of the resource call with the current person" do
246
- @team.stub!(:owner).and_return(@person)
247
- @rule.matches?(@person, binding).should be_true
248
- jim = Person.create :name => 'jim'
249
- @team.stub!(:owner).and_return(jim)
250
- @rule.matches?(@person, binding).should be_false
251
320
  end
252
- end
253
321
 
254
- context "attempting #owners.exists?" do
255
- it "should call #owners.exists? on the resource" do
256
- owners = mock("owners")
257
- owners.should_receive(:exists?).with(@person).and_return(true)
258
- @team.stub!(:owners).and_return(owners)
259
- @rule.matches?(@person, binding).should be_true
322
+ context "attempting #manager?" do
323
+ it "should call #manager? on the resource" do
324
+ @team.should_receive(:manager?).with(@person).and_return(false)
325
+ @rule.matches?(@person, binding).should be_false
326
+ end
327
+
328
+ it "should return the result from the resource call" do
329
+ @team.stub!(:manager?).and_return(true)
330
+ @rule.matches?(@person, binding).should be_true
331
+ @team.stub!(:manager?).and_return(false)
332
+ @rule.matches?(@person, binding).should be_false
333
+ end
260
334
  end
261
335
 
262
- it "should return the result of the resource call" do
263
- owners = mock("owners")
264
- @team.stub!(:owners).and_return(owners)
265
- owners.stub!(:exists?).and_return(true)
266
- @rule.matches?(@person, binding).should be_true
267
- owners.stub!(:exists?).and_return(false)
268
- @rule.matches?(@person, binding).should be_false
336
+ it "should raise an error if none of the attempted calls responded" do
337
+ @team.stub!(:respond_to?).and_return(false)
338
+ lambda {
339
+ @rule.matches?(@person, binding)
340
+ }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: is_manager?, manager?")
269
341
  end
270
342
  end
271
343
 
272
- it "should raise an error if none of the attempted calls responded" do
273
- @team.stub!(:respond_to?).and_return(false)
274
- lambda {
344
+ context "using any other method" do
345
+ before {@rule = allow_person_rule :who => :has_permission, :on => :team}
346
+ it "should call the method on the resource" do
347
+ @team.should_receive(:has_permission).with(@person)
275
348
  @rule.matches?(@person, binding)
276
- }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: is_owner, is_owner?, owner, owner?, owners")
349
+ end
350
+
351
+ it "should raise an error if the attempted call did not respond" do
352
+ @team.stub!(:respond_to?).and_return(false)
353
+ lambda {
354
+ @rule.matches?(@person, binding)
355
+ }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: has_permission")
356
+ end
277
357
  end
278
358
  end
279
359
 
280
- context "using an is_*? method" do
281
- before {@rule = allow_person_rule :who => :is_manager?, :on => :team}
360
+ context "with multiple resources" do
361
+ context "using an is_* method" do
362
+ before do
363
+ @team2 = Team.new
364
+ @team.stub!(:is_owner).and_return(false)
365
+ @rule = allow_person_rule :who => :is_owner, :on => [:team, :team2]
366
+ end
282
367
 
283
- context "attempting #is_manager?" do
284
- it "should call #is_manager? on the resource" do
285
- @team.should_receive(:is_manager?).with(@person).and_return(true)
368
+ it "should attempt to call the first resource first" do
369
+ @team2.should_not_receive(:is_owner)
370
+ @team.should_receive(:is_owner).with(@person).and_return(true)
286
371
  @rule.matches?(@person, binding)
287
372
  end
288
373
 
289
- it "should return the result from the resource call" do
290
- @team.stub!(:is_manager?).and_return(true)
291
- @rule.matches?(@person, binding).should be_true
292
- @team.stub!(:is_manager?).and_return(false)
293
- @rule.matches?(@person, binding).should be_false
374
+ context "attempting #is_owner" do
375
+ it "should call #is_owner on the resource" do
376
+ @team2.should_receive(:is_owner).with(@person).and_return(true)
377
+ @rule.matches?(@person, binding)
378
+ end
379
+
380
+ it "should return the result of the resource call" do
381
+ @team2.stub!(:is_owner).and_return(true)
382
+ @rule.matches?(@person, binding).should be_true
383
+ @team2.stub!(:is_owner).and_return(false)
384
+ @rule.matches?(@person, binding).should be_false
385
+ end
294
386
  end
295
387
 
296
- it "should not call #manager? if resource responds to #is_manager?" do
297
- @team.stub!(:is_manager?).and_return(true)
298
- @team.should_not_receive(:manager?)
299
- @rule.matches?(@person, binding)
388
+ context "attempting #is_owner?" do
389
+ it "should call #is_owner? on the resource" do
390
+ @team2.should_receive(:is_owner?).with(@person).and_return(true)
391
+ @rule.matches?(@person, binding).should be_true
392
+ end
393
+
394
+ it "should return the result of the resource call" do
395
+ @team2.stub!(:is_owner?).and_return(true)
396
+ @rule.matches?(@person, binding).should be_true
397
+ @team2.stub!(:is_owner?).and_return(false)
398
+ @rule.matches?(@person, binding).should be_false
399
+ end
300
400
  end
301
401
 
302
- end
402
+ context "attempting #owner?" do
403
+ it "should call #owner? on the resource" do
404
+ @team2.should_receive(:owner?).with(@person).and_return(false)
405
+ @rule.matches?(@person, binding).should be_false
406
+ end
407
+
408
+ it "should return the result of the resource call" do
409
+ @team2.stub!(:owner?).and_return(true)
410
+ @rule.matches?(@person, binding).should be_true
411
+ @team2.stub!(:owner?).and_return(false)
412
+ @rule.matches?(@person, binding).should be_false
413
+ end
414
+ end
303
415
 
304
- context "attempting #manager?" do
305
- it "should call #manager? on the resource" do
306
- @team.should_receive(:manager?).with(@person).and_return(false)
307
- @rule.matches?(@person, binding).should be_false
416
+ context "attempting #owner" do
417
+ it "should call #owner on the resource" do
418
+ @team2.should_receive(:owner).and_return(@person)
419
+ @rule.matches?(@person, binding).should be_true
420
+ end
421
+
422
+ it "should return the result of the comparison of the resource call with the current person" do
423
+ @team2.stub!(:owner).and_return(@person)
424
+ @rule.matches?(@person, binding).should be_true
425
+ jim = Person.create :name => 'jim'
426
+ @team2.stub!(:owner).and_return(jim)
427
+ @rule.matches?(@person, binding).should be_false
428
+ end
308
429
  end
309
430
 
310
- it "should return the result from the resource call" do
311
- @team.stub!(:manager?).and_return(true)
312
- @rule.matches?(@person, binding).should be_true
313
- @team.stub!(:manager?).and_return(false)
314
- @rule.matches?(@person, binding).should be_false
431
+ context "attempting #owners.exists?" do
432
+ it "should call #owners.exists? on the resource" do
433
+ owners = mock("owners")
434
+ owners.should_receive(:exists?).with(@person).and_return(true)
435
+ @team2.stub!(:owners).and_return(owners)
436
+ @rule.matches?(@person, binding).should be_true
437
+ end
438
+
439
+ it "should return the result of the resource call" do
440
+ owners = mock("owners")
441
+ @team2.stub!(:owners).and_return(owners)
442
+ owners.stub!(:exists?).and_return(true)
443
+ @rule.matches?(@person, binding).should be_true
444
+ owners.stub!(:exists?).and_return(false)
445
+ @rule.matches?(@person, binding).should be_false
446
+ end
447
+ end
448
+
449
+ it "should raise an error if none of the attempted calls responded" do
450
+ @team2.stub!(:respond_to?).and_return(false)
451
+ lambda {
452
+ @rule.matches?(@person, binding)
453
+ }.should raise_error(PermitEvaluationError, "Target object ':team2' evaluated as #{@team2.inspect} did not respond to any of the following: is_owner, is_owner?, owner, owner?, owners")
315
454
  end
316
455
  end
317
456
 
318
- it "should raise an error if none of the attempted calls responded" do
319
- @team.stub!(:respond_to?).and_return(false)
320
- lambda {
457
+ context "using an is_*? method" do
458
+ before do
459
+ @team2 = Team.new
460
+ @team.stub!(:is_manager?).and_return(false)
461
+ @rule = allow_person_rule :who => :is_manager?, :on => [:team, :team2]
462
+ end
463
+
464
+ it "should attempt to call the first resource first" do
465
+ @team2.should_not_receive(:is_manager?)
466
+ @team.should_receive(:is_manager?).with(@person).and_return(true)
321
467
  @rule.matches?(@person, binding)
322
- }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: is_manager?, manager?")
323
- end
324
- end
468
+ end
469
+
470
+ context "attempting #is_manager?" do
471
+ it "should call #is_manager? on the resource" do
472
+ @team2.should_receive(:is_manager?).with(@person).and_return(true)
473
+ @rule.matches?(@person, binding)
474
+ end
475
+
476
+ it "should return the result from the resource call" do
477
+ @team2.stub!(:is_manager?).and_return(true)
478
+ @rule.matches?(@person, binding).should be_true
479
+ @team2.stub!(:is_manager?).and_return(false)
480
+ @rule.matches?(@person, binding).should be_false
481
+ end
482
+
483
+ it "should not call #manager? if resource responds to #is_manager?" do
484
+ @team2.stub!(:is_manager?).and_return(true)
485
+ @team2.should_not_receive(:manager?)
486
+ @rule.matches?(@person, binding)
487
+ end
325
488
 
326
- context "using any other method" do
327
- before {@rule = allow_person_rule :who => :has_permission, :on => :team}
328
- it "should call the method on the resource" do
329
- @team.should_receive(:has_permission).with(@person)
330
- @rule.matches?(@person, binding)
489
+ end
490
+
491
+ context "attempting #manager?" do
492
+ it "should call #manager? on the resource" do
493
+ @team2.should_receive(:manager?).with(@person).and_return(false)
494
+ @rule.matches?(@person, binding).should be_false
495
+ end
496
+
497
+ it "should return the result from the resource call" do
498
+ @team2.stub!(:manager?).and_return(true)
499
+ @rule.matches?(@person, binding).should be_true
500
+ @team2.stub!(:manager?).and_return(false)
501
+ @rule.matches?(@person, binding).should be_false
502
+ end
503
+ end
504
+
505
+ it "should raise an error if none of the attempted calls responded" do
506
+ @team2.stub!(:respond_to?).and_return(false)
507
+ lambda {
508
+ @rule.matches?(@person, binding)
509
+ }.should raise_error(PermitEvaluationError, "Target object ':team2' evaluated as #{@team2.inspect} did not respond to any of the following: is_manager?, manager?")
510
+ end
331
511
  end
332
512
 
333
- it "should raise an error if the attempted call did not respond" do
334
- @team.stub!(:respond_to?).and_return(false)
335
- lambda {
513
+ context "using any other method" do
514
+ before {@rule = allow_person_rule :who => :has_permission, :on => :team}
515
+ before do
516
+ @team2 = Team.new
517
+ @team.stub!(:has_permission).and_return(false)
518
+ @rule = allow_person_rule :who => :has_permission, :on => [:team, :team2]
519
+ end
520
+
521
+ it "should attempt to call the first resource first" do
522
+ @team2.should_not_receive(:has_permission)
523
+ @team.should_receive(:has_permission).with(@person).and_return(true)
336
524
  @rule.matches?(@person, binding)
337
- }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: has_permission")
525
+ end
526
+
527
+ it "should call the method on the resource" do
528
+ @team2.should_receive(:has_permission).with(@person)
529
+ @rule.matches?(@person, binding)
530
+ end
531
+
532
+ it "should raise an error if the attempted call did not respond" do
533
+ @team2.stub!(:respond_to?).and_return(false)
534
+ lambda {
535
+ @rule.matches?(@person, binding)
536
+ }.should raise_error(PermitEvaluationError, "Target object ':team2' evaluated as #{@team.inspect} did not respond to any of the following: has_permission")
537
+ end
338
538
  end
339
539
  end
340
-
341
540
  end
342
541
 
343
542
  context "for a named authorization" do
@@ -370,6 +569,15 @@ module Permit::Specs
370
569
  r = allow_rule :roles => :monkey_tech, :of => :maintenance
371
570
  r.matches?(@bob, binding).should be_false
372
571
  end
572
+
573
+ context "that does not exist" do
574
+ it "should raise an error" do
575
+ rule = allow_rule :roles => :site_admin, :of => :oops
576
+ lambda {
577
+ rule.matches? @bob, binding
578
+ }.should raise_error(PermitEvaluationError, "Target resource '@oops' did not exist in the given context.")
579
+ end
580
+ end
373
581
  end
374
582
 
375
583
  context "without a resource" do
@@ -395,6 +603,18 @@ module Permit::Specs
395
603
  r.matches?(@tom, binding).should be_false
396
604
  end
397
605
  end
606
+
607
+ context "with multiple resources" do
608
+ it "should return true if the person is authorized for one of the resources" do
609
+ r = allow_rule :roles => :admin, :of => [:hotness, :maintenance]
610
+ r.matches?(@bob, binding).should be_true
611
+ end
612
+
613
+ it "should return false if the person is not authorized for any of the resources" do
614
+ r = allow_rule :roles => :developer, :of => [:hotness, :maintenance]
615
+ r.matches?(@tom, binding).should be_false
616
+ end
617
+ end
398
618
  end
399
619
 
400
620
  context "for multiple named authorizations" do
@@ -422,6 +642,15 @@ module Permit::Specs
422
642
  r = allow_rule :roles => [:site_admin, :monkey_tech], :of => :maintenance
423
643
  r.matches?(@bob, binding).should be_false
424
644
  end
645
+
646
+ context "that does not exist" do
647
+ it "should raise an error" do
648
+ rule = allow_rule :roles => [:site_admin, :team_lead], :of => :oops
649
+ lambda {
650
+ rule.matches? @bob, binding
651
+ }.should raise_error(PermitEvaluationError, "Target resource '@oops' did not exist in the given context.")
652
+ end
653
+ end
425
654
  end
426
655
 
427
656
  context "without a resource" do
@@ -447,6 +676,90 @@ module Permit::Specs
447
676
  r.matches?(@tom, binding).should be_false
448
677
  end
449
678
  end
679
+
680
+ context "with multiple resources" do
681
+ it "should return true if the person is authorized for one of the resources" do
682
+ r = allow_rule :roles => [:developer, :site_admin], :of => [:hotness, :maintenance]
683
+ r.matches?(@bob, binding).should be_true
684
+ end
685
+
686
+ it "should return false if the person is not authorized for any of the resources" do
687
+ r = allow_rule :roles => [:admin, :site_admin], :of => [nil, :maintenance]
688
+ r.matches?(@tom, binding).should be_false
689
+ end
690
+ end
691
+ end
692
+
693
+ describe ":if condition" do
694
+ before {@guest = Guest.new}
695
+
696
+ context "for a proc" do
697
+ it "should properly call a proc" do
698
+ p = Proc.new {|person, b| return false}
699
+ p.should_receive(:call).with(@guest, instance_of(Binding))
700
+ r = allow_rule :roles => :everyone, :if => p
701
+
702
+ r.matches? @guest, binding
703
+ end
704
+
705
+ it "should not match when the condition is false" do
706
+ r = allow_rule :roles => :everyone, :if => Proc.new {|p,b| false}
707
+ r.matches?(@guest, binding).should be_false
708
+ end
709
+
710
+ it "should match when the condition is true" do
711
+ r = allow_rule :roles => :everyone, :if => Proc.new {|p,b| true}
712
+ r.matches?(@guest, binding).should be_true
713
+ end
714
+ end
715
+
716
+ context "for a method" do
717
+ it "should not match when the condition is false" do
718
+ r = allow_rule :roles => :everyone, :if => :false_conditional
719
+ r.matches?(@guest, binding).should be_false
720
+ end
721
+
722
+ it "should match when the condition is true" do
723
+ r = allow_rule :roles => :everyone, :if => :true_conditional
724
+ r.matches?(@guest, binding).should be_true
725
+ end
726
+ end
727
+ end
728
+
729
+ describe ":unless condition" do
730
+ before {@guest = Guest.new}
731
+
732
+ context "for a proc" do
733
+ it "should properly call a proc" do
734
+ p = Proc.new {|person, b| return false}
735
+ p.should_receive(:call).with(@guest, instance_of(Binding))
736
+ r = allow_rule :roles => :everyone, :unless => p
737
+
738
+ r.matches? @guest, binding
739
+ end
740
+
741
+ it "should not match when the condition is true" do
742
+ r = allow_rule :roles => :everyone, :unless => Proc.new {|p,b| true}
743
+ r.matches?(@guest, binding).should be_false
744
+ end
745
+
746
+ it "should match when the condition is false" do
747
+ r = allow_rule :roles => :everyone, :unless => Proc.new {|p,b| false}
748
+ r.matches?(@guest, binding).should be_true
749
+ end
750
+ end
751
+
752
+ context "for a method" do
753
+ it "should not match when the condition is true" do
754
+ r = allow_rule :roles => :everyone, :unless => :true_conditional
755
+ r.matches?(@guest, binding).should be_false
756
+ end
757
+
758
+ it "should match when the condition is false" do
759
+ r = allow_rule :roles => :everyone, :unless => :false_conditional
760
+ r.matches?(@guest, binding).should be_true
761
+ end
762
+ end
450
763
  end
451
764
  end
452
765
  end