permitter 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/MIT-LICENSE +20 -0
- data/README.rdoc +302 -0
- data/Rakefile +32 -0
- data/lib/generators/permitter/permission/USAGE +5 -0
- data/lib/generators/permitter/permission/permission_generator.rb +16 -0
- data/lib/generators/permitter/permission/templates/permission.rb +22 -0
- data/lib/generators/permitter/permission/templates/permission_spec.rb +17 -0
- data/lib/permitter.rb +4 -0
- data/lib/permitter/controller_additions.rb +43 -0
- data/lib/permitter/exceptions.rb +17 -0
- data/lib/permitter/matchers.rb +11 -0
- data/lib/permitter/model_additions.rb +30 -0
- data/lib/permitter/permission.rb +72 -0
- data/lib/permitter/version.rb +3 -0
- data/spec/README.rdoc +21 -0
- data/spec/controllers/projects_controller_spec.rb +243 -0
- data/spec/controllers/users_controller_spec.rb +77 -0
- data/spec/dummy/Rakefile +6 -0
- data/spec/dummy/app/assets/javascripts/application.js +13 -0
- data/spec/dummy/app/assets/stylesheets/application.css +13 -0
- data/spec/dummy/app/controllers/application_controller.rb +19 -0
- data/spec/dummy/app/controllers/projects_controller.rb +49 -0
- data/spec/dummy/app/controllers/users_controller.rb +17 -0
- data/spec/dummy/app/helpers/application_helper.rb +2 -0
- data/spec/dummy/app/models/permission.rb +26 -0
- data/spec/dummy/app/models/project.rb +3 -0
- data/spec/dummy/app/models/user.rb +3 -0
- data/spec/dummy/app/views/layouts/application.html.erb +14 -0
- data/spec/dummy/app/views/projects/edit.html.erb +0 -0
- data/spec/dummy/app/views/projects/index.html.erb +0 -0
- data/spec/dummy/app/views/projects/new.html.erb +0 -0
- data/spec/dummy/app/views/projects/show.html.erb +0 -0
- data/spec/dummy/app/views/users/index.html.erb +0 -0
- data/spec/dummy/app/views/users/show.html.erb +0 -0
- data/spec/dummy/bin/bundle +3 -0
- data/spec/dummy/bin/rails +4 -0
- data/spec/dummy/bin/rake +4 -0
- data/spec/dummy/config.ru +4 -0
- data/spec/dummy/config/application.rb +23 -0
- data/spec/dummy/config/boot.rb +5 -0
- data/spec/dummy/config/database.yml +25 -0
- data/spec/dummy/config/environment.rb +5 -0
- data/spec/dummy/config/environments/development.rb +29 -0
- data/spec/dummy/config/environments/production.rb +80 -0
- data/spec/dummy/config/environments/test.rb +36 -0
- data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
- data/spec/dummy/config/initializers/inflections.rb +16 -0
- data/spec/dummy/config/initializers/mime_types.rb +5 -0
- data/spec/dummy/config/initializers/secret_token.rb +12 -0
- data/spec/dummy/config/initializers/session_store.rb +3 -0
- data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
- data/spec/dummy/config/locales/en.yml +23 -0
- data/spec/dummy/config/routes.rb +59 -0
- data/spec/dummy/db/development.sqlite3 +0 -0
- data/spec/dummy/db/migrate/20131205175023_create_projects.rb +10 -0
- data/spec/dummy/db/migrate/20131205175100_create_users.rb +10 -0
- data/spec/dummy/db/migrate/20131210152022_add_columns_to_projects.rb +5 -0
- data/spec/dummy/db/schema.rb +31 -0
- data/spec/dummy/db/test.sqlite3 +0 -0
- data/spec/dummy/log/development.log +825 -0
- data/spec/dummy/log/test.log +44662 -0
- data/spec/dummy/public/404.html +58 -0
- data/spec/dummy/public/422.html +58 -0
- data/spec/dummy/public/500.html +57 -0
- data/spec/dummy/public/favicon.ico +0 -0
- data/spec/factories/project.rb +6 -0
- data/spec/factories/user.rb +10 -0
- data/spec/models/permission_spec.rb +72 -0
- data/spec/permitter/controller_additions_spec.rb +44 -0
- data/spec/permitter/exceptions_spec.rb +36 -0
- data/spec/permitter/matchers_spec.rb +9 -0
- data/spec/permitter/model_additions_spec.rb +138 -0
- data/spec/permitter/permission_spec.rb +84 -0
- data/spec/spec_helper.rb +32 -0
- metadata +278 -0
@@ -0,0 +1,58 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>The page you were looking for doesn't exist (404)</title>
|
5
|
+
<style>
|
6
|
+
body {
|
7
|
+
background-color: #EFEFEF;
|
8
|
+
color: #2E2F30;
|
9
|
+
text-align: center;
|
10
|
+
font-family: arial, sans-serif;
|
11
|
+
}
|
12
|
+
|
13
|
+
div.dialog {
|
14
|
+
width: 25em;
|
15
|
+
margin: 4em auto 0 auto;
|
16
|
+
border: 1px solid #CCC;
|
17
|
+
border-right-color: #999;
|
18
|
+
border-left-color: #999;
|
19
|
+
border-bottom-color: #BBB;
|
20
|
+
border-top: #B00100 solid 4px;
|
21
|
+
border-top-left-radius: 9px;
|
22
|
+
border-top-right-radius: 9px;
|
23
|
+
background-color: white;
|
24
|
+
padding: 7px 4em 0 4em;
|
25
|
+
}
|
26
|
+
|
27
|
+
h1 {
|
28
|
+
font-size: 100%;
|
29
|
+
color: #730E15;
|
30
|
+
line-height: 1.5em;
|
31
|
+
}
|
32
|
+
|
33
|
+
body > p {
|
34
|
+
width: 33em;
|
35
|
+
margin: 0 auto 1em;
|
36
|
+
padding: 1em 0;
|
37
|
+
background-color: #F7F7F7;
|
38
|
+
border: 1px solid #CCC;
|
39
|
+
border-right-color: #999;
|
40
|
+
border-bottom-color: #999;
|
41
|
+
border-bottom-left-radius: 4px;
|
42
|
+
border-bottom-right-radius: 4px;
|
43
|
+
border-top-color: #DADADA;
|
44
|
+
color: #666;
|
45
|
+
box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
|
46
|
+
}
|
47
|
+
</style>
|
48
|
+
</head>
|
49
|
+
|
50
|
+
<body>
|
51
|
+
<!-- This file lives in public/404.html -->
|
52
|
+
<div class="dialog">
|
53
|
+
<h1>The page you were looking for doesn't exist.</h1>
|
54
|
+
<p>You may have mistyped the address or the page may have moved.</p>
|
55
|
+
</div>
|
56
|
+
<p>If you are the application owner check the logs for more information.</p>
|
57
|
+
</body>
|
58
|
+
</html>
|
@@ -0,0 +1,58 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>The change you wanted was rejected (422)</title>
|
5
|
+
<style>
|
6
|
+
body {
|
7
|
+
background-color: #EFEFEF;
|
8
|
+
color: #2E2F30;
|
9
|
+
text-align: center;
|
10
|
+
font-family: arial, sans-serif;
|
11
|
+
}
|
12
|
+
|
13
|
+
div.dialog {
|
14
|
+
width: 25em;
|
15
|
+
margin: 4em auto 0 auto;
|
16
|
+
border: 1px solid #CCC;
|
17
|
+
border-right-color: #999;
|
18
|
+
border-left-color: #999;
|
19
|
+
border-bottom-color: #BBB;
|
20
|
+
border-top: #B00100 solid 4px;
|
21
|
+
border-top-left-radius: 9px;
|
22
|
+
border-top-right-radius: 9px;
|
23
|
+
background-color: white;
|
24
|
+
padding: 7px 4em 0 4em;
|
25
|
+
}
|
26
|
+
|
27
|
+
h1 {
|
28
|
+
font-size: 100%;
|
29
|
+
color: #730E15;
|
30
|
+
line-height: 1.5em;
|
31
|
+
}
|
32
|
+
|
33
|
+
body > p {
|
34
|
+
width: 33em;
|
35
|
+
margin: 0 auto 1em;
|
36
|
+
padding: 1em 0;
|
37
|
+
background-color: #F7F7F7;
|
38
|
+
border: 1px solid #CCC;
|
39
|
+
border-right-color: #999;
|
40
|
+
border-bottom-color: #999;
|
41
|
+
border-bottom-left-radius: 4px;
|
42
|
+
border-bottom-right-radius: 4px;
|
43
|
+
border-top-color: #DADADA;
|
44
|
+
color: #666;
|
45
|
+
box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
|
46
|
+
}
|
47
|
+
</style>
|
48
|
+
</head>
|
49
|
+
|
50
|
+
<body>
|
51
|
+
<!-- This file lives in public/422.html -->
|
52
|
+
<div class="dialog">
|
53
|
+
<h1>The change you wanted was rejected.</h1>
|
54
|
+
<p>Maybe you tried to change something you didn't have access to.</p>
|
55
|
+
</div>
|
56
|
+
<p>If you are the application owner check the logs for more information.</p>
|
57
|
+
</body>
|
58
|
+
</html>
|
@@ -0,0 +1,57 @@
|
|
1
|
+
<!DOCTYPE html>
|
2
|
+
<html>
|
3
|
+
<head>
|
4
|
+
<title>We're sorry, but something went wrong (500)</title>
|
5
|
+
<style>
|
6
|
+
body {
|
7
|
+
background-color: #EFEFEF;
|
8
|
+
color: #2E2F30;
|
9
|
+
text-align: center;
|
10
|
+
font-family: arial, sans-serif;
|
11
|
+
}
|
12
|
+
|
13
|
+
div.dialog {
|
14
|
+
width: 25em;
|
15
|
+
margin: 4em auto 0 auto;
|
16
|
+
border: 1px solid #CCC;
|
17
|
+
border-right-color: #999;
|
18
|
+
border-left-color: #999;
|
19
|
+
border-bottom-color: #BBB;
|
20
|
+
border-top: #B00100 solid 4px;
|
21
|
+
border-top-left-radius: 9px;
|
22
|
+
border-top-right-radius: 9px;
|
23
|
+
background-color: white;
|
24
|
+
padding: 7px 4em 0 4em;
|
25
|
+
}
|
26
|
+
|
27
|
+
h1 {
|
28
|
+
font-size: 100%;
|
29
|
+
color: #730E15;
|
30
|
+
line-height: 1.5em;
|
31
|
+
}
|
32
|
+
|
33
|
+
body > p {
|
34
|
+
width: 33em;
|
35
|
+
margin: 0 auto 1em;
|
36
|
+
padding: 1em 0;
|
37
|
+
background-color: #F7F7F7;
|
38
|
+
border: 1px solid #CCC;
|
39
|
+
border-right-color: #999;
|
40
|
+
border-bottom-color: #999;
|
41
|
+
border-bottom-left-radius: 4px;
|
42
|
+
border-bottom-right-radius: 4px;
|
43
|
+
border-top-color: #DADADA;
|
44
|
+
color: #666;
|
45
|
+
box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
|
46
|
+
}
|
47
|
+
</style>
|
48
|
+
</head>
|
49
|
+
|
50
|
+
<body>
|
51
|
+
<!-- This file lives in public/500.html -->
|
52
|
+
<div class="dialog">
|
53
|
+
<h1>We're sorry, but something went wrong.</h1>
|
54
|
+
</div>
|
55
|
+
<p>If you are the application owner check the logs for more information.</p>
|
56
|
+
</body>
|
57
|
+
</html>
|
File without changes
|
@@ -0,0 +1,72 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe Permission do
|
4
|
+
let(:admin) { build(:admin) }
|
5
|
+
let(:user1) { create(:user) }
|
6
|
+
let(:user2) { create(:user) }
|
7
|
+
let(:project1) { build(:project, user: user1) }
|
8
|
+
let(:project2) { build(:project, user: user2) }
|
9
|
+
|
10
|
+
|
11
|
+
describe "as admin" do
|
12
|
+
subject { Permission.new(admin) }
|
13
|
+
|
14
|
+
it "allows anything" do
|
15
|
+
should allow_action(:anything, :here)
|
16
|
+
should allow_param(:anything, :here)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
|
21
|
+
describe "for user" do
|
22
|
+
subject { Permission.new(user1) }
|
23
|
+
|
24
|
+
it "projects" do
|
25
|
+
should allow_action(:projects, :index)
|
26
|
+
should allow_action(:projects, :new)
|
27
|
+
should allow_action(:projects, :create)
|
28
|
+
should allow_action(:projects, :show)
|
29
|
+
should_not allow_action(:projects, :edit)
|
30
|
+
should_not allow_action(:projects, :update)
|
31
|
+
should_not allow_action(:projects, :edit, project2)
|
32
|
+
should_not allow_action(:projects, :update, project2)
|
33
|
+
should allow_action(:projects, :edit, project1)
|
34
|
+
should allow_action(:projects, :update, project1)
|
35
|
+
should_not allow_action(:projects, :destroy)
|
36
|
+
should_not allow_action(:projects, :destroy, project1)
|
37
|
+
should_not allow_action(:projects, :destroy, project2)
|
38
|
+
should allow_param(:project, :title)
|
39
|
+
should_not allow_param(:project, :sticky)
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'users' do
|
43
|
+
should allow_action(:users, :index)
|
44
|
+
should_not allow_action(:users, :show)
|
45
|
+
should_not allow_action(:users, :show, user2)
|
46
|
+
should allow_action(:users, :show, user1)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
|
51
|
+
describe "for visitor" do
|
52
|
+
subject { Permission.new(nil) }
|
53
|
+
|
54
|
+
it "projects" do
|
55
|
+
should allow_action(:projects, :index)
|
56
|
+
should_not allow_action(:projects, :new)
|
57
|
+
should_not allow_action(:projects, :create)
|
58
|
+
should_not allow_action(:projects, :show)
|
59
|
+
should_not allow_action(:projects, :edit)
|
60
|
+
should_not allow_action(:projects, :update)
|
61
|
+
should_not allow_action(:projects, :destroy)
|
62
|
+
should_not allow_action(:projects, :show, project1)
|
63
|
+
should_not allow_action(:projects, :edit, project1)
|
64
|
+
should_not allow_action(:projects, :update, project1)
|
65
|
+
should_not allow_action(:projects, :destroy, project1)
|
66
|
+
should_not allow_action(:projects, :show, project2)
|
67
|
+
should_not allow_action(:projects, :edit, project2)
|
68
|
+
should_not allow_action(:projects, :update, project2)
|
69
|
+
should_not allow_action(:projects, :destroy, project2)
|
70
|
+
end
|
71
|
+
end
|
72
|
+
end
|
@@ -0,0 +1,44 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
class StubbedPermission
|
4
|
+
include Permitter::Permission
|
5
|
+
|
6
|
+
def initialize(user)
|
7
|
+
allow_action :foo, :bar
|
8
|
+
end
|
9
|
+
|
10
|
+
end
|
11
|
+
|
12
|
+
|
13
|
+
describe Permitter::ControllerAdditions do
|
14
|
+
before(:each) do
|
15
|
+
@params = HashWithIndifferentAccess.new
|
16
|
+
@current_user = nil
|
17
|
+
|
18
|
+
@controller_class = Class.new
|
19
|
+
@controller = @controller_class.new
|
20
|
+
|
21
|
+
@controller.stub(:params) { @params }
|
22
|
+
@controller_class.stub(:helper_method) { :helper_method }
|
23
|
+
@controller.stub(:current_permissions) { StubbedPermission.new(@current_user) }
|
24
|
+
|
25
|
+
@controller_class.send(:include, Permitter::ControllerAdditions)
|
26
|
+
end
|
27
|
+
|
28
|
+
it "provides an allowed_action? method which goes through the current permissions" do
|
29
|
+
expect(@controller.allowed_action?(:foo, :bar)).to be true
|
30
|
+
expect(@controller.allowed_action?(:foo, :baz)).to be false
|
31
|
+
end
|
32
|
+
|
33
|
+
it "authorize_user! should raise Unauthorized when user not authoried" do
|
34
|
+
authorization = ->(action) do
|
35
|
+
@params.merge!(controller: "foo", action: action)
|
36
|
+
@controller.instance_eval{ authorize_user! }
|
37
|
+
end
|
38
|
+
|
39
|
+
expect(-> {authorization.call('bar')}).to_not raise_error
|
40
|
+
expect(-> {authorization.call('baz')}).to raise_error Permitter::Unauthorized
|
41
|
+
end
|
42
|
+
|
43
|
+
|
44
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
describe Permitter::Unauthorized do
|
4
|
+
describe "with action and subject" do
|
5
|
+
before(:each) do
|
6
|
+
@exception = Permitter::Unauthorized.new(nil, :some_action, :some_subject)
|
7
|
+
end
|
8
|
+
|
9
|
+
it "has action and subject accessors" do
|
10
|
+
expect(@exception.action).to eq :some_action
|
11
|
+
expect(@exception.subject).to eq :some_subject
|
12
|
+
end
|
13
|
+
|
14
|
+
it "has a changable default message" do
|
15
|
+
expect(@exception.message).to eq "You are not authorized to access this page."
|
16
|
+
@exception.default_message = "Unauthorized!"
|
17
|
+
expect(@exception.message).to eq "Unauthorized!"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
describe "with only a message" do
|
22
|
+
before(:each) do
|
23
|
+
@exception = Permitter::Unauthorized.new("Access denied!")
|
24
|
+
end
|
25
|
+
|
26
|
+
it "has nil action and subject" do
|
27
|
+
expect(@exception.action).to be nil
|
28
|
+
expect(@exception.subject).to be nil
|
29
|
+
end
|
30
|
+
|
31
|
+
it "has passed message" do
|
32
|
+
expect(@exception.message).to eq "Access denied!"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
end
|
@@ -0,0 +1,138 @@
|
|
1
|
+
require "spec_helper"
|
2
|
+
|
3
|
+
class Category < ActiveRecord::Base
|
4
|
+
unless connection.tables.include?(table_name)
|
5
|
+
connection.create_table(table_name) do |t|
|
6
|
+
t.boolean :visible
|
7
|
+
end
|
8
|
+
end
|
9
|
+
has_many :articles
|
10
|
+
end
|
11
|
+
|
12
|
+
class Article < ActiveRecord::Base
|
13
|
+
unless connection.tables.include?(table_name)
|
14
|
+
connection.create_table(table_name) do |t|
|
15
|
+
t.integer :category_id
|
16
|
+
t.string :name
|
17
|
+
t.boolean :published
|
18
|
+
t.boolean :secret
|
19
|
+
t.integer :priority
|
20
|
+
end
|
21
|
+
end
|
22
|
+
belongs_to :category
|
23
|
+
has_many :comments
|
24
|
+
end
|
25
|
+
|
26
|
+
class Comment < ActiveRecord::Base
|
27
|
+
unless connection.tables.include?(table_name)
|
28
|
+
connection.create_table(table_name) do |t|
|
29
|
+
t.integer :article_id
|
30
|
+
t.boolean :spam
|
31
|
+
end
|
32
|
+
end
|
33
|
+
belongs_to :article
|
34
|
+
end
|
35
|
+
|
36
|
+
describe Permitter::ModelAdditions do
|
37
|
+
before do
|
38
|
+
Article.delete_all
|
39
|
+
Comment.delete_all
|
40
|
+
|
41
|
+
@permissions = Object.new
|
42
|
+
@permissions.extend(Permitter::Permission)
|
43
|
+
|
44
|
+
@article_table = Article.table_name
|
45
|
+
@comment_table = Comment.table_name
|
46
|
+
end
|
47
|
+
|
48
|
+
it "does not fetch any records when no permissions are defined" do
|
49
|
+
Article.create!
|
50
|
+
|
51
|
+
expect(Article.permitted_by(@permissions)).to be_empty
|
52
|
+
end
|
53
|
+
|
54
|
+
it "fetches all articles when one can read all" do
|
55
|
+
@permissions.allow_action(:articles, :show)
|
56
|
+
|
57
|
+
article1 = Article.create!
|
58
|
+
article2 = Article.create!
|
59
|
+
|
60
|
+
expect(@permissions).to allow_action(:articles, :show)
|
61
|
+
expect(Article.permitted_by(@permissions)).to eq([article1, article2])
|
62
|
+
end
|
63
|
+
|
64
|
+
it "fetches only the articles that are published" do
|
65
|
+
block = Proc.new { |article| article.published == true }
|
66
|
+
|
67
|
+
@permissions.allow_action(:articles, :show, &block)
|
68
|
+
|
69
|
+
article1 = Article.create!(published: true)
|
70
|
+
article2 = Article.create!(published: false)
|
71
|
+
|
72
|
+
expect(@permissions).to allow_action(:articles, :show, article1)
|
73
|
+
expect(@permissions).to_not allow_action(:articles, :show, article2)
|
74
|
+
expect(Article.permitted_by(@permissions)).to eq([article1])
|
75
|
+
end
|
76
|
+
|
77
|
+
it "fetches any articles which are published or secret" do
|
78
|
+
block = Proc.new { |article| (article.published == true) | (article.secret == true) }
|
79
|
+
|
80
|
+
@permissions.allow_action(:articles, :show, &block)
|
81
|
+
|
82
|
+
article1 = Article.create!(published: true, secret: false)
|
83
|
+
article2 = Article.create!(published: true, secret: true)
|
84
|
+
article3 = Article.create!(published: false, secret: true)
|
85
|
+
article4 = Article.create!(published: false, secret: false)
|
86
|
+
|
87
|
+
expect(@permissions).to allow_action(:articles, :show, article1)
|
88
|
+
expect(@permissions).to allow_action(:articles, :show, article2)
|
89
|
+
expect(@permissions).to allow_action(:articles, :show, article3)
|
90
|
+
expect(@permissions).to_not allow_action(:articles, :show, article4)
|
91
|
+
expect(Article.permitted_by(@permissions)).to eq([article1, article2, article3])
|
92
|
+
end
|
93
|
+
|
94
|
+
it "fetches only the articles that are published and not secret" do
|
95
|
+
block = Proc.new { |article| (article.published == true) & (article.secret == false) }
|
96
|
+
|
97
|
+
@permissions.allow_action(:articles, :show, &block)
|
98
|
+
|
99
|
+
article1 = Article.create!(published: true, secret: false)
|
100
|
+
article2 = Article.create!(published: true, secret: true)
|
101
|
+
article3 = Article.create!(published: false, secret: true)
|
102
|
+
article4 = Article.create!(published: false, secret: false)
|
103
|
+
|
104
|
+
expect(@permissions).to allow_action(:articles, :show, article1)
|
105
|
+
expect(@permissions).to_not allow_action(:articles, :show, article2)
|
106
|
+
expect(@permissions).to_not allow_action(:articles, :show, article3)
|
107
|
+
expect(@permissions).to_not allow_action(:articles, :show, article4)
|
108
|
+
expect(Article.permitted_by(@permissions)).to eq([article1])
|
109
|
+
end
|
110
|
+
|
111
|
+
it "only reads comments for articles which are published" do
|
112
|
+
block = Proc.new { article.published == true }
|
113
|
+
|
114
|
+
@permissions.allow_action(:comments, :permitted, &block)
|
115
|
+
|
116
|
+
comment1 = Comment.create!(article: Article.create!(published: true))
|
117
|
+
comment2 = Comment.create!(article: Article.create!(published: false))
|
118
|
+
|
119
|
+
@comments = Comment.joins(:article).permitted_by(@permissions, :permitted)
|
120
|
+
expect(@comments).to eq([comment1])
|
121
|
+
|
122
|
+
@comments = Comment.joins{article}.permitted_by(@permissions, :permitted)
|
123
|
+
expect(@comments).to eq([comment1])
|
124
|
+
end
|
125
|
+
|
126
|
+
it "only reads comments for visible categories through articles" do
|
127
|
+
block = Proc.new { article.category.visible == true }
|
128
|
+
|
129
|
+
@permissions.allow_action(:comments, :permitted, &block)
|
130
|
+
|
131
|
+
comment1 = Comment.create!(article: Article.create!(category: Category.create!(visible: true)))
|
132
|
+
comment2 = Comment.create!(article: Article.create!(category: Category.create!(visible: false)))
|
133
|
+
|
134
|
+
@comments = Comment.joins{article.category}.permitted_by(@permissions, :permitted)
|
135
|
+
expect(@comments).to eq([comment1])
|
136
|
+
end
|
137
|
+
|
138
|
+
end
|