permit 0.9.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -10,6 +10,14 @@ def allow_person_rule(options = {})
10
10
  allow_rule options
11
11
  end
12
12
 
13
+ def true_conditional
14
+ true
15
+ end
16
+
17
+ def false_conditional
18
+ false
19
+ end
20
+
13
21
  module Permit::Specs
14
22
  describe PermitRule, "initialization" do
15
23
  context "of roles" do
@@ -62,17 +70,17 @@ module Permit::Specs
62
70
 
63
71
  it "should store accept the resource through :of" do
64
72
  r = allow_rule :of => :team
65
- r.target_var.should == :team
73
+ r.target_vars.should == [:team]
66
74
  end
67
75
 
68
76
  it "should accept the resource through :on" do
69
77
  r = allow_rule :on => :project
70
- r.target_var.should == :project
78
+ r.target_vars.should == [:project]
71
79
  end
72
80
 
73
81
  it "should not be modifiable" do
74
82
  r = allow_rule :on => :project
75
- lambda {r.target_var = :other}.should raise_error(NoMethodError)
83
+ lambda {r.target_vars << :other}.should raise_error(TypeError, "can't modify frozen array")
76
84
  end
77
85
  end
78
86
 
@@ -107,7 +115,7 @@ module Permit::Specs
107
115
 
108
116
  it "should accept the resource and method" do
109
117
  r = allow_person_rule :who => :is_member, :of => :team
110
- r.target_var.should == :team
118
+ r.target_vars.should == [:team]
111
119
  r.method.should == :is_member
112
120
  end
113
121
  end
@@ -191,153 +199,344 @@ module Permit::Specs
191
199
  end
192
200
  end
193
201
 
194
- context "using an is_* method" do
195
- before {@rule = allow_person_rule :who => :is_owner, :on => :team}
202
+ context "when the target resource does not exist" do
203
+ it "should raise an error" do
204
+ rule = allow_person_rule :who => :is_owner, :on => :oops
205
+ lambda {
206
+ rule.matches? @person, binding
207
+ }.should raise_error(PermitEvaluationError, "Target resource '@oops' did not exist in the given context.")
208
+ end
209
+ end
210
+
211
+ context "with one resource" do
212
+ context "using an is_* method" do
213
+ before {@rule = allow_person_rule :who => :is_owner, :on => :team}
196
214
 
197
- context "attempting #is_owner" do
198
- it "should call #is_owner on the resource" do
199
- @team.should_receive(:is_owner).with(@person).and_return(true)
200
- @rule.matches?(@person, binding)
215
+ context "attempting #is_owner" do
216
+ it "should call #is_owner on the resource" do
217
+ @team.should_receive(:is_owner).with(@person).and_return(true)
218
+ @rule.matches?(@person, binding)
219
+ end
220
+
221
+ it "should return the result of the resource call" do
222
+ @team.stub!(:is_owner).and_return(true)
223
+ @rule.matches?(@person, binding).should be_true
224
+ @team.stub!(:is_owner).and_return(false)
225
+ @rule.matches?(@person, binding).should be_false
226
+ end
201
227
  end
202
228
 
203
- it "should return the result of the resource call" do
204
- @team.stub!(:is_owner).and_return(true)
205
- @rule.matches?(@person, binding).should be_true
206
- @team.stub!(:is_owner).and_return(false)
207
- @rule.matches?(@person, binding).should be_false
229
+ context "attempting #is_owner?" do
230
+ it "should call #is_owner? on the resource" do
231
+ @team.should_receive(:is_owner?).with(@person).and_return(true)
232
+ @rule.matches?(@person, binding).should be_true
233
+ end
234
+
235
+ it "should return the result of the resource call" do
236
+ @team.stub!(:is_owner?).and_return(true)
237
+ @rule.matches?(@person, binding).should be_true
238
+ @team.stub!(:is_owner?).and_return(false)
239
+ @rule.matches?(@person, binding).should be_false
240
+ end
208
241
  end
209
- end
210
242
 
211
- context "attempting #is_owner?" do
212
- it "should call #is_owner? on the resource" do
213
- @team.should_receive(:is_owner?).with(@person).and_return(true)
214
- @rule.matches?(@person, binding).should be_true
243
+ context "attempting #owner?" do
244
+ it "should call #owner? on the resource" do
245
+ @team.should_receive(:owner?).with(@person).and_return(false)
246
+ @rule.matches?(@person, binding).should be_false
247
+ end
248
+
249
+ it "should return the result of the resource call" do
250
+ @team.stub!(:owner?).and_return(true)
251
+ @rule.matches?(@person, binding).should be_true
252
+ @team.stub!(:owner?).and_return(false)
253
+ @rule.matches?(@person, binding).should be_false
254
+ end
215
255
  end
216
256
 
217
- it "should return the result of the resource call" do
218
- @team.stub!(:is_owner?).and_return(true)
219
- @rule.matches?(@person, binding).should be_true
220
- @team.stub!(:is_owner?).and_return(false)
221
- @rule.matches?(@person, binding).should be_false
257
+ context "attempting #owner" do
258
+ it "should call #owner on the resource" do
259
+ @team.should_receive(:owner).and_return(@person)
260
+ @rule.matches?(@person, binding).should be_true
261
+ end
262
+
263
+ it "should return the result of the comparison of the resource call with the current person" do
264
+ @team.stub!(:owner).and_return(@person)
265
+ @rule.matches?(@person, binding).should be_true
266
+ jim = Person.create :name => 'jim'
267
+ @team.stub!(:owner).and_return(jim)
268
+ @rule.matches?(@person, binding).should be_false
269
+ end
222
270
  end
223
- end
224
271
 
225
- context "attempting #owner?" do
226
- it "should call #owner? on the resource" do
227
- @team.should_receive(:owner?).with(@person).and_return(false)
228
- @rule.matches?(@person, binding).should be_false
272
+ context "attempting #owners.exists?" do
273
+ it "should call #owners.exists? on the resource" do
274
+ owners = mock("owners")
275
+ owners.should_receive(:exists?).with(@person).and_return(true)
276
+ @team.stub!(:owners).and_return(owners)
277
+ @rule.matches?(@person, binding).should be_true
278
+ end
279
+
280
+ it "should return the result of the resource call" do
281
+ owners = mock("owners")
282
+ @team.stub!(:owners).and_return(owners)
283
+ owners.stub!(:exists?).and_return(true)
284
+ @rule.matches?(@person, binding).should be_true
285
+ owners.stub!(:exists?).and_return(false)
286
+ @rule.matches?(@person, binding).should be_false
287
+ end
229
288
  end
230
289
 
231
- it "should return the result of the resource call" do
232
- @team.stub!(:owner?).and_return(true)
233
- @rule.matches?(@person, binding).should be_true
234
- @team.stub!(:owner?).and_return(false)
235
- @rule.matches?(@person, binding).should be_false
290
+ it "should raise an error if none of the attempted calls responded" do
291
+ @team.stub!(:respond_to?).and_return(false)
292
+ lambda {
293
+ @rule.matches?(@person, binding)
294
+ }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: is_owner, is_owner?, owner, owner?, owners")
236
295
  end
237
296
  end
238
297
 
239
- context "attempting #owner" do
240
- it "should call #owner on the resource" do
241
- @team.should_receive(:owner).and_return(@person)
242
- @rule.matches?(@person, binding).should be_true
243
- end
298
+ context "using an is_*? method" do
299
+ before {@rule = allow_person_rule :who => :is_manager?, :on => :team}
300
+
301
+ context "attempting #is_manager?" do
302
+ it "should call #is_manager? on the resource" do
303
+ @team.should_receive(:is_manager?).with(@person).and_return(true)
304
+ @rule.matches?(@person, binding)
305
+ end
306
+
307
+ it "should return the result from the resource call" do
308
+ @team.stub!(:is_manager?).and_return(true)
309
+ @rule.matches?(@person, binding).should be_true
310
+ @team.stub!(:is_manager?).and_return(false)
311
+ @rule.matches?(@person, binding).should be_false
312
+ end
313
+
314
+ it "should not call #manager? if resource responds to #is_manager?" do
315
+ @team.stub!(:is_manager?).and_return(true)
316
+ @team.should_not_receive(:manager?)
317
+ @rule.matches?(@person, binding)
318
+ end
244
319
 
245
- it "should return the result of the comparison of the resource call with the current person" do
246
- @team.stub!(:owner).and_return(@person)
247
- @rule.matches?(@person, binding).should be_true
248
- jim = Person.create :name => 'jim'
249
- @team.stub!(:owner).and_return(jim)
250
- @rule.matches?(@person, binding).should be_false
251
320
  end
252
- end
253
321
 
254
- context "attempting #owners.exists?" do
255
- it "should call #owners.exists? on the resource" do
256
- owners = mock("owners")
257
- owners.should_receive(:exists?).with(@person).and_return(true)
258
- @team.stub!(:owners).and_return(owners)
259
- @rule.matches?(@person, binding).should be_true
322
+ context "attempting #manager?" do
323
+ it "should call #manager? on the resource" do
324
+ @team.should_receive(:manager?).with(@person).and_return(false)
325
+ @rule.matches?(@person, binding).should be_false
326
+ end
327
+
328
+ it "should return the result from the resource call" do
329
+ @team.stub!(:manager?).and_return(true)
330
+ @rule.matches?(@person, binding).should be_true
331
+ @team.stub!(:manager?).and_return(false)
332
+ @rule.matches?(@person, binding).should be_false
333
+ end
260
334
  end
261
335
 
262
- it "should return the result of the resource call" do
263
- owners = mock("owners")
264
- @team.stub!(:owners).and_return(owners)
265
- owners.stub!(:exists?).and_return(true)
266
- @rule.matches?(@person, binding).should be_true
267
- owners.stub!(:exists?).and_return(false)
268
- @rule.matches?(@person, binding).should be_false
336
+ it "should raise an error if none of the attempted calls responded" do
337
+ @team.stub!(:respond_to?).and_return(false)
338
+ lambda {
339
+ @rule.matches?(@person, binding)
340
+ }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: is_manager?, manager?")
269
341
  end
270
342
  end
271
343
 
272
- it "should raise an error if none of the attempted calls responded" do
273
- @team.stub!(:respond_to?).and_return(false)
274
- lambda {
344
+ context "using any other method" do
345
+ before {@rule = allow_person_rule :who => :has_permission, :on => :team}
346
+ it "should call the method on the resource" do
347
+ @team.should_receive(:has_permission).with(@person)
275
348
  @rule.matches?(@person, binding)
276
- }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: is_owner, is_owner?, owner, owner?, owners")
349
+ end
350
+
351
+ it "should raise an error if the attempted call did not respond" do
352
+ @team.stub!(:respond_to?).and_return(false)
353
+ lambda {
354
+ @rule.matches?(@person, binding)
355
+ }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: has_permission")
356
+ end
277
357
  end
278
358
  end
279
359
 
280
- context "using an is_*? method" do
281
- before {@rule = allow_person_rule :who => :is_manager?, :on => :team}
360
+ context "with multiple resources" do
361
+ context "using an is_* method" do
362
+ before do
363
+ @team2 = Team.new
364
+ @team.stub!(:is_owner).and_return(false)
365
+ @rule = allow_person_rule :who => :is_owner, :on => [:team, :team2]
366
+ end
282
367
 
283
- context "attempting #is_manager?" do
284
- it "should call #is_manager? on the resource" do
285
- @team.should_receive(:is_manager?).with(@person).and_return(true)
368
+ it "should attempt to call the first resource first" do
369
+ @team2.should_not_receive(:is_owner)
370
+ @team.should_receive(:is_owner).with(@person).and_return(true)
286
371
  @rule.matches?(@person, binding)
287
372
  end
288
373
 
289
- it "should return the result from the resource call" do
290
- @team.stub!(:is_manager?).and_return(true)
291
- @rule.matches?(@person, binding).should be_true
292
- @team.stub!(:is_manager?).and_return(false)
293
- @rule.matches?(@person, binding).should be_false
374
+ context "attempting #is_owner" do
375
+ it "should call #is_owner on the resource" do
376
+ @team2.should_receive(:is_owner).with(@person).and_return(true)
377
+ @rule.matches?(@person, binding)
378
+ end
379
+
380
+ it "should return the result of the resource call" do
381
+ @team2.stub!(:is_owner).and_return(true)
382
+ @rule.matches?(@person, binding).should be_true
383
+ @team2.stub!(:is_owner).and_return(false)
384
+ @rule.matches?(@person, binding).should be_false
385
+ end
294
386
  end
295
387
 
296
- it "should not call #manager? if resource responds to #is_manager?" do
297
- @team.stub!(:is_manager?).and_return(true)
298
- @team.should_not_receive(:manager?)
299
- @rule.matches?(@person, binding)
388
+ context "attempting #is_owner?" do
389
+ it "should call #is_owner? on the resource" do
390
+ @team2.should_receive(:is_owner?).with(@person).and_return(true)
391
+ @rule.matches?(@person, binding).should be_true
392
+ end
393
+
394
+ it "should return the result of the resource call" do
395
+ @team2.stub!(:is_owner?).and_return(true)
396
+ @rule.matches?(@person, binding).should be_true
397
+ @team2.stub!(:is_owner?).and_return(false)
398
+ @rule.matches?(@person, binding).should be_false
399
+ end
300
400
  end
301
401
 
302
- end
402
+ context "attempting #owner?" do
403
+ it "should call #owner? on the resource" do
404
+ @team2.should_receive(:owner?).with(@person).and_return(false)
405
+ @rule.matches?(@person, binding).should be_false
406
+ end
407
+
408
+ it "should return the result of the resource call" do
409
+ @team2.stub!(:owner?).and_return(true)
410
+ @rule.matches?(@person, binding).should be_true
411
+ @team2.stub!(:owner?).and_return(false)
412
+ @rule.matches?(@person, binding).should be_false
413
+ end
414
+ end
303
415
 
304
- context "attempting #manager?" do
305
- it "should call #manager? on the resource" do
306
- @team.should_receive(:manager?).with(@person).and_return(false)
307
- @rule.matches?(@person, binding).should be_false
416
+ context "attempting #owner" do
417
+ it "should call #owner on the resource" do
418
+ @team2.should_receive(:owner).and_return(@person)
419
+ @rule.matches?(@person, binding).should be_true
420
+ end
421
+
422
+ it "should return the result of the comparison of the resource call with the current person" do
423
+ @team2.stub!(:owner).and_return(@person)
424
+ @rule.matches?(@person, binding).should be_true
425
+ jim = Person.create :name => 'jim'
426
+ @team2.stub!(:owner).and_return(jim)
427
+ @rule.matches?(@person, binding).should be_false
428
+ end
308
429
  end
309
430
 
310
- it "should return the result from the resource call" do
311
- @team.stub!(:manager?).and_return(true)
312
- @rule.matches?(@person, binding).should be_true
313
- @team.stub!(:manager?).and_return(false)
314
- @rule.matches?(@person, binding).should be_false
431
+ context "attempting #owners.exists?" do
432
+ it "should call #owners.exists? on the resource" do
433
+ owners = mock("owners")
434
+ owners.should_receive(:exists?).with(@person).and_return(true)
435
+ @team2.stub!(:owners).and_return(owners)
436
+ @rule.matches?(@person, binding).should be_true
437
+ end
438
+
439
+ it "should return the result of the resource call" do
440
+ owners = mock("owners")
441
+ @team2.stub!(:owners).and_return(owners)
442
+ owners.stub!(:exists?).and_return(true)
443
+ @rule.matches?(@person, binding).should be_true
444
+ owners.stub!(:exists?).and_return(false)
445
+ @rule.matches?(@person, binding).should be_false
446
+ end
447
+ end
448
+
449
+ it "should raise an error if none of the attempted calls responded" do
450
+ @team2.stub!(:respond_to?).and_return(false)
451
+ lambda {
452
+ @rule.matches?(@person, binding)
453
+ }.should raise_error(PermitEvaluationError, "Target object ':team2' evaluated as #{@team2.inspect} did not respond to any of the following: is_owner, is_owner?, owner, owner?, owners")
315
454
  end
316
455
  end
317
456
 
318
- it "should raise an error if none of the attempted calls responded" do
319
- @team.stub!(:respond_to?).and_return(false)
320
- lambda {
457
+ context "using an is_*? method" do
458
+ before do
459
+ @team2 = Team.new
460
+ @team.stub!(:is_manager?).and_return(false)
461
+ @rule = allow_person_rule :who => :is_manager?, :on => [:team, :team2]
462
+ end
463
+
464
+ it "should attempt to call the first resource first" do
465
+ @team2.should_not_receive(:is_manager?)
466
+ @team.should_receive(:is_manager?).with(@person).and_return(true)
321
467
  @rule.matches?(@person, binding)
322
- }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: is_manager?, manager?")
323
- end
324
- end
468
+ end
469
+
470
+ context "attempting #is_manager?" do
471
+ it "should call #is_manager? on the resource" do
472
+ @team2.should_receive(:is_manager?).with(@person).and_return(true)
473
+ @rule.matches?(@person, binding)
474
+ end
475
+
476
+ it "should return the result from the resource call" do
477
+ @team2.stub!(:is_manager?).and_return(true)
478
+ @rule.matches?(@person, binding).should be_true
479
+ @team2.stub!(:is_manager?).and_return(false)
480
+ @rule.matches?(@person, binding).should be_false
481
+ end
482
+
483
+ it "should not call #manager? if resource responds to #is_manager?" do
484
+ @team2.stub!(:is_manager?).and_return(true)
485
+ @team2.should_not_receive(:manager?)
486
+ @rule.matches?(@person, binding)
487
+ end
325
488
 
326
- context "using any other method" do
327
- before {@rule = allow_person_rule :who => :has_permission, :on => :team}
328
- it "should call the method on the resource" do
329
- @team.should_receive(:has_permission).with(@person)
330
- @rule.matches?(@person, binding)
489
+ end
490
+
491
+ context "attempting #manager?" do
492
+ it "should call #manager? on the resource" do
493
+ @team2.should_receive(:manager?).with(@person).and_return(false)
494
+ @rule.matches?(@person, binding).should be_false
495
+ end
496
+
497
+ it "should return the result from the resource call" do
498
+ @team2.stub!(:manager?).and_return(true)
499
+ @rule.matches?(@person, binding).should be_true
500
+ @team2.stub!(:manager?).and_return(false)
501
+ @rule.matches?(@person, binding).should be_false
502
+ end
503
+ end
504
+
505
+ it "should raise an error if none of the attempted calls responded" do
506
+ @team2.stub!(:respond_to?).and_return(false)
507
+ lambda {
508
+ @rule.matches?(@person, binding)
509
+ }.should raise_error(PermitEvaluationError, "Target object ':team2' evaluated as #{@team2.inspect} did not respond to any of the following: is_manager?, manager?")
510
+ end
331
511
  end
332
512
 
333
- it "should raise an error if the attempted call did not respond" do
334
- @team.stub!(:respond_to?).and_return(false)
335
- lambda {
513
+ context "using any other method" do
514
+ before {@rule = allow_person_rule :who => :has_permission, :on => :team}
515
+ before do
516
+ @team2 = Team.new
517
+ @team.stub!(:has_permission).and_return(false)
518
+ @rule = allow_person_rule :who => :has_permission, :on => [:team, :team2]
519
+ end
520
+
521
+ it "should attempt to call the first resource first" do
522
+ @team2.should_not_receive(:has_permission)
523
+ @team.should_receive(:has_permission).with(@person).and_return(true)
336
524
  @rule.matches?(@person, binding)
337
- }.should raise_error(PermitEvaluationError, "Target object ':team' evaluated as #{@team.inspect} did not respond to any of the following: has_permission")
525
+ end
526
+
527
+ it "should call the method on the resource" do
528
+ @team2.should_receive(:has_permission).with(@person)
529
+ @rule.matches?(@person, binding)
530
+ end
531
+
532
+ it "should raise an error if the attempted call did not respond" do
533
+ @team2.stub!(:respond_to?).and_return(false)
534
+ lambda {
535
+ @rule.matches?(@person, binding)
536
+ }.should raise_error(PermitEvaluationError, "Target object ':team2' evaluated as #{@team.inspect} did not respond to any of the following: has_permission")
537
+ end
338
538
  end
339
539
  end
340
-
341
540
  end
342
541
 
343
542
  context "for a named authorization" do
@@ -370,6 +569,15 @@ module Permit::Specs
370
569
  r = allow_rule :roles => :monkey_tech, :of => :maintenance
371
570
  r.matches?(@bob, binding).should be_false
372
571
  end
572
+
573
+ context "that does not exist" do
574
+ it "should raise an error" do
575
+ rule = allow_rule :roles => :site_admin, :of => :oops
576
+ lambda {
577
+ rule.matches? @bob, binding
578
+ }.should raise_error(PermitEvaluationError, "Target resource '@oops' did not exist in the given context.")
579
+ end
580
+ end
373
581
  end
374
582
 
375
583
  context "without a resource" do
@@ -395,6 +603,18 @@ module Permit::Specs
395
603
  r.matches?(@tom, binding).should be_false
396
604
  end
397
605
  end
606
+
607
+ context "with multiple resources" do
608
+ it "should return true if the person is authorized for one of the resources" do
609
+ r = allow_rule :roles => :admin, :of => [:hotness, :maintenance]
610
+ r.matches?(@bob, binding).should be_true
611
+ end
612
+
613
+ it "should return false if the person is not authorized for any of the resources" do
614
+ r = allow_rule :roles => :developer, :of => [:hotness, :maintenance]
615
+ r.matches?(@tom, binding).should be_false
616
+ end
617
+ end
398
618
  end
399
619
 
400
620
  context "for multiple named authorizations" do
@@ -422,6 +642,15 @@ module Permit::Specs
422
642
  r = allow_rule :roles => [:site_admin, :monkey_tech], :of => :maintenance
423
643
  r.matches?(@bob, binding).should be_false
424
644
  end
645
+
646
+ context "that does not exist" do
647
+ it "should raise an error" do
648
+ rule = allow_rule :roles => [:site_admin, :team_lead], :of => :oops
649
+ lambda {
650
+ rule.matches? @bob, binding
651
+ }.should raise_error(PermitEvaluationError, "Target resource '@oops' did not exist in the given context.")
652
+ end
653
+ end
425
654
  end
426
655
 
427
656
  context "without a resource" do
@@ -447,6 +676,90 @@ module Permit::Specs
447
676
  r.matches?(@tom, binding).should be_false
448
677
  end
449
678
  end
679
+
680
+ context "with multiple resources" do
681
+ it "should return true if the person is authorized for one of the resources" do
682
+ r = allow_rule :roles => [:developer, :site_admin], :of => [:hotness, :maintenance]
683
+ r.matches?(@bob, binding).should be_true
684
+ end
685
+
686
+ it "should return false if the person is not authorized for any of the resources" do
687
+ r = allow_rule :roles => [:admin, :site_admin], :of => [nil, :maintenance]
688
+ r.matches?(@tom, binding).should be_false
689
+ end
690
+ end
691
+ end
692
+
693
+ describe ":if condition" do
694
+ before {@guest = Guest.new}
695
+
696
+ context "for a proc" do
697
+ it "should properly call a proc" do
698
+ p = Proc.new {|person, b| return false}
699
+ p.should_receive(:call).with(@guest, instance_of(Binding))
700
+ r = allow_rule :roles => :everyone, :if => p
701
+
702
+ r.matches? @guest, binding
703
+ end
704
+
705
+ it "should not match when the condition is false" do
706
+ r = allow_rule :roles => :everyone, :if => Proc.new {|p,b| false}
707
+ r.matches?(@guest, binding).should be_false
708
+ end
709
+
710
+ it "should match when the condition is true" do
711
+ r = allow_rule :roles => :everyone, :if => Proc.new {|p,b| true}
712
+ r.matches?(@guest, binding).should be_true
713
+ end
714
+ end
715
+
716
+ context "for a method" do
717
+ it "should not match when the condition is false" do
718
+ r = allow_rule :roles => :everyone, :if => :false_conditional
719
+ r.matches?(@guest, binding).should be_false
720
+ end
721
+
722
+ it "should match when the condition is true" do
723
+ r = allow_rule :roles => :everyone, :if => :true_conditional
724
+ r.matches?(@guest, binding).should be_true
725
+ end
726
+ end
727
+ end
728
+
729
+ describe ":unless condition" do
730
+ before {@guest = Guest.new}
731
+
732
+ context "for a proc" do
733
+ it "should properly call a proc" do
734
+ p = Proc.new {|person, b| return false}
735
+ p.should_receive(:call).with(@guest, instance_of(Binding))
736
+ r = allow_rule :roles => :everyone, :unless => p
737
+
738
+ r.matches? @guest, binding
739
+ end
740
+
741
+ it "should not match when the condition is true" do
742
+ r = allow_rule :roles => :everyone, :unless => Proc.new {|p,b| true}
743
+ r.matches?(@guest, binding).should be_false
744
+ end
745
+
746
+ it "should match when the condition is false" do
747
+ r = allow_rule :roles => :everyone, :unless => Proc.new {|p,b| false}
748
+ r.matches?(@guest, binding).should be_true
749
+ end
750
+ end
751
+
752
+ context "for a method" do
753
+ it "should not match when the condition is true" do
754
+ r = allow_rule :roles => :everyone, :unless => :true_conditional
755
+ r.matches?(@guest, binding).should be_false
756
+ end
757
+
758
+ it "should match when the condition is false" do
759
+ r = allow_rule :roles => :everyone, :unless => :false_conditional
760
+ r.matches?(@guest, binding).should be_true
761
+ end
762
+ end
450
763
  end
451
764
  end
452
765
  end