pundit 2.5.0 → 2.5.1

data/spec/authorization_spec.rb

@@ -1,331 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-require "action_controller/metal/strong_parameters"
-
-describe Pundit::Authorization do
-  def to_params(*args, **kwargs, &block)
-    ActionController::Parameters.new(*args, **kwargs, &block)
-  end
-
-  let(:controller) { Controller.new(user, "update", to_params({})) }
-  let(:user) { double("user") }
-  let(:post) { Post.new(user) }
-  let(:comment) { Comment.new }
-  let(:article) { Article.new }
-  let(:article_tag) { ArticleTag.new }
-  let(:wiki) { Wiki.new }
-
-  describe "#verify_authorized" do
-    it "does nothing when authorized" do
-      controller.authorize(post)
-      controller.verify_authorized
-    end
-
-    it "raises an exception when not authorized" do
-      expect { controller.verify_authorized }.to raise_error(Pundit::AuthorizationNotPerformedError)
-    end
-  end
-
-  describe "#verify_policy_scoped" do
-    it "does nothing when policy_scope is used" do
-      controller.policy_scope(Post)
-      controller.verify_policy_scoped
-    end
-
-    it "raises an exception when policy_scope is not used" do
-      expect { controller.verify_policy_scoped }.to raise_error(Pundit::PolicyScopingNotPerformedError)
-    end
-  end
-
-  describe "#pundit_policy_authorized?" do
-    it "is true when authorized" do
-      controller.authorize(post)
-      expect(controller.pundit_policy_authorized?).to be true
-    end
-
-    it "is false when not authorized" do
-      expect(controller.pundit_policy_authorized?).to be false
-    end
-  end
-
-  describe "#pundit_policy_scoped?" do
-    it "is true when policy_scope is used" do
-      controller.policy_scope(Post)
-      expect(controller.pundit_policy_scoped?).to be true
-    end
-
-    it "is false when policy scope is not used" do
-      expect(controller.pundit_policy_scoped?).to be false
-    end
-  end
-
-  describe "#authorize" do
-    it "infers the policy name and authorizes based on it" do
-      expect(controller.authorize(post)).to be_truthy
-    end
-
-    it "returns the record on successful authorization" do
-      expect(controller.authorize(post)).to eq(post)
-    end
-
-    it "returns the record when passed record with namespace " do
-      expect(controller.authorize([:project, comment], :update?)).to eq(comment)
-    end
-
-    it "returns the record when passed record with nested namespace " do
-      expect(controller.authorize([:project, :admin, comment], :update?)).to eq(comment)
-    end
-
-    it "returns the policy name symbol when passed record with headless policy" do
-      expect(controller.authorize(:publication, :create?)).to eq(:publication)
-    end
-
-    it "returns the class when passed record not a particular instance" do
-      expect(controller.authorize(Post, :show?)).to eq(Post)
-    end
-
-    it "can be given a different permission to check" do
-      expect(controller.authorize(post, :show?)).to be_truthy
-      expect { controller.authorize(post, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
-    end
-
-    it "can be given a different policy class" do
-      expect(controller.authorize(post, :create?, policy_class: PublicationPolicy)).to be_truthy
-    end
-
-    it "works with anonymous class policies" do
-      expect(controller.authorize(article_tag, :show?)).to be_truthy
-      expect { controller.authorize(article_tag, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
-    end
-
-    it "throws an exception when the permission check fails" do
-      expect { controller.authorize(Post.new) }.to raise_error(Pundit::NotAuthorizedError)
-    end
-
-    it "throws an exception when a policy cannot be found" do
-      expect { controller.authorize(Article) }.to raise_error(Pundit::NotDefinedError)
-    end
-
-    it "caches the policy" do
-      expect(controller.policies[post]).to be_nil
-      controller.authorize(post)
-      expect(controller.policies[post]).not_to be_nil
-    end
-
-    it "raises an error when the given record is nil" do
-      expect { controller.authorize(nil, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
-    end
-
-    it "raises an error with a invalid policy constructor" do
-      expect { controller.authorize(wiki, :destroy?) }.to raise_error(Pundit::InvalidConstructorError)
-    end
-  end
-
-  describe "#skip_authorization" do
-    it "disables authorization verification" do
-      controller.skip_authorization
-      expect { controller.verify_authorized }.not_to raise_error
-    end
-  end
-
-  describe "#skip_policy_scope" do
-    it "disables policy scope verification" do
-      controller.skip_policy_scope
-      expect { controller.verify_policy_scoped }.not_to raise_error
-    end
-  end
-
-  describe "#pundit_user" do
-    it "returns the same thing as current_user" do
-      expect(controller.pundit_user).to eq controller.current_user
-    end
-  end
-
-  describe "#policy" do
-    it "returns an instantiated policy" do
-      policy = controller.policy(post)
-      expect(policy.user).to eq user
-      expect(policy.post).to eq post
-    end
-
-    it "throws an exception if the given policy can't be found" do
-      expect { controller.policy(article) }.to raise_error(Pundit::NotDefinedError)
-    end
-
-    it "raises an error with a invalid policy constructor" do
-      expect { controller.policy(wiki) }.to raise_error(Pundit::InvalidConstructorError)
-    end
-
-    it "allows policy to be injected" do
-      new_policy = double
-      controller.policies[post] = new_policy
-
-      expect(controller.policy(post)).to eq new_policy
-    end
-  end
-
-  describe "#policy_scope" do
-    it "returns an instantiated policy scope" do
-      expect(controller.policy_scope(Post)).to eq :published
-    end
-
-    it "allows policy scope class to be overridden" do
-      expect(controller.policy_scope(Post, policy_scope_class: PublicationPolicy::Scope)).to eq :published
-    end
-
-    it "throws an exception if the given policy can't be found" do
-      expect { controller.policy_scope(Article) }.to raise_error(Pundit::NotDefinedError)
-    end
-
-    it "raises an error with a invalid policy scope constructor" do
-      expect { controller.policy_scope(Wiki) }.to raise_error(Pundit::InvalidConstructorError)
-    end
-
-    it "allows policy_scope to be injected" do
-      new_scope = double
-      controller.policy_scopes[Post] = new_scope
-
-      expect(controller.policy_scope(Post)).to eq new_scope
-    end
-  end
-
-  describe "#permitted_attributes" do
-    it "checks policy for permitted attributes" do
-      params = to_params(
-        post: {
-          title: "Hello",
-          votes: 5,
-          admin: true
-        }
-      )
-
-      action = "update"
-
-      expect(Controller.new(user, action, params).permitted_attributes(post).to_h).to eq(
-        "title" => "Hello",
-        "votes" => 5
-      )
-      expect(Controller.new(double, action, params).permitted_attributes(post).to_h).to eq("votes" => 5)
-    end
-
-    it "checks policy for permitted attributes for record of a ActiveModel type" do
-      customer_post = Customer::Post.new(user)
-      params = to_params(
-        customer_post: {
-          title: "Hello",
-          votes: 5,
-          admin: true
-        }
-      )
-
-      action = "update"
-
-      expect(Controller.new(user, action, params).permitted_attributes(customer_post).to_h).to eq(
-        "title" => "Hello",
-        "votes" => 5
-      )
-      expect(Controller.new(double, action, params).permitted_attributes(customer_post).to_h).to eq(
-        "votes" => 5
-      )
-    end
-
-    it "goes through the policy cache" do
-      params = to_params(post: { title: "Hello" })
-      user = double
-      post = Post.new(user)
-      controller = Controller.new(user, "update", params)
-
-      expect do
-        expect(controller.permitted_attributes(post)).to be_truthy
-        expect(controller.permitted_attributes(post)).to be_truthy
-      end.to change { PostPolicy.instances }.by(1)
-    end
-  end
-
-  describe "#permitted_attributes_for_action" do
-    it "is checked if it is defined in the policy" do
-      params = to_params(
-        post: {
-          title: "Hello",
-          body: "blah",
-          votes: 5,
-          admin: true
-        }
-      )
-
-      action = "revise"
-      expect(Controller.new(user, action, params).permitted_attributes(post).to_h).to eq("body" => "blah")
-    end
-
-    it "can be explicitly set" do
-      params = to_params(
-        post: {
-          title: "Hello",
-          body: "blah",
-          votes: 5,
-          admin: true
-        }
-      )
-
-      action = "update"
-      expect(Controller.new(user, action, params).permitted_attributes(post, :revise).to_h).to eq("body" => "blah")
-    end
-  end
-
-  describe "#pundit_reset!" do
-    it "allows authorize to react to a user change" do
-      expect(controller.authorize(post)).to be_truthy
-
-      controller.current_user = double
-      controller.pundit_reset!
-      expect { controller.authorize(post) }.to raise_error(Pundit::NotAuthorizedError)
-    end
-
-    it "allows policy to react to a user change" do
-      expect(controller.policy(DummyCurrentUser).user).to be user
-
-      new_user = double("new user")
-      controller.current_user = new_user
-      controller.pundit_reset!
-      expect(controller.policy(DummyCurrentUser).user).to be new_user
-    end
-
-    it "allows policy scope to react to a user change" do
-      expect(controller.policy_scope(DummyCurrentUser)).to be user
-
-      new_user = double("new user")
-      controller.current_user = new_user
-      controller.pundit_reset!
-      expect(controller.policy_scope(DummyCurrentUser)).to be new_user
-    end
-
-    it "resets the pundit context" do
-      expect(controller.pundit.user).to be(user)
-
-      new_user = double
-      controller.current_user = new_user
-      expect { controller.pundit_reset! }.to change { controller.pundit.user }.from(user).to(new_user)
-    end
-
-    it "clears pundit_policy_authorized? flag" do
-      expect(controller.pundit_policy_authorized?).to be false
-
-      controller.skip_authorization
-      expect(controller.pundit_policy_authorized?).to be true
-
-      controller.pundit_reset!
-      expect(controller.pundit_policy_authorized?).to be false
-    end
-
-    it "clears pundit_policy_scoped? flag" do
-      expect(controller.pundit_policy_scoped?).to be false
-
-      controller.skip_policy_scope
-      expect(controller.pundit_policy_scoped?).to be true
-
-      controller.pundit_reset!
-      expect(controller.pundit_policy_scoped?).to be false
-    end
-  end
-end

data/spec/generators_spec.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-require "tmpdir"
-
-require "rails/generators"
-require "generators/pundit/install/install_generator"
-require "generators/pundit/policy/policy_generator"
-
-RSpec.describe "generators" do
-  before(:all) do
-    @tmpdir = Dir.mktmpdir
-
-    Dir.chdir(@tmpdir) do
-      Pundit::Generators::InstallGenerator.new([], { quiet: true }).invoke_all
-      Pundit::Generators::PolicyGenerator.new(%w[Widget], { quiet: true }).invoke_all
-
-      require "./app/policies/application_policy"
-      require "./app/policies/widget_policy"
-    end
-  end
-
-  after(:all) do
-    FileUtils.remove_entry(@tmpdir)
-  end
-
-  describe "WidgetPolicy", type: :policy do
-    permissions :index?, :show?, :create?, :new?, :update?, :edit?, :destroy? do
-      it "has safe defaults" do
-        expect(WidgetPolicy).not_to permit(double("User"), double("Widget"))
-      end
-    end
-
-    describe "WidgetPolicy::Scope" do
-      describe "#resolve" do
-        it "raises a descriptive error" do
-          scope = WidgetPolicy::Scope.new(double("User"), double("User.all"))
-          expect { scope.resolve }.to raise_error(NoMethodError, /WidgetPolicy::Scope/)
-        end
-      end
-    end
-  end
-end

data/spec/policies/post_policy_spec.rb

@@ -1,49 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe PostPolicy do
-  let(:user) { double }
-  let(:own_post) { double(user: user) }
-  let(:other_post) { double(user: double) }
-  subject { described_class }
-
-  permissions :update?, :show? do
-    it "is successful when all permissions match" do
-      should permit(user, own_post)
-    end
-
-    it "fails when any permissions do not match" do
-      expect do
-        should permit(user, other_post)
-      end.to raise_error(RSpec::Expectations::ExpectationNotMetError)
-    end
-
-    it "uses the default description if not overridden" do
-      expect(permit(user, own_post).description).to eq("permit #{user.inspect} and #{own_post.inspect}")
-    end
-
-    context "when the matcher description is overridden" do
-      after do
-        Pundit::RSpec::Matchers.description = nil
-      end
-
-      it "sets a custom matcher description with a Proc" do
-        allow(user).to receive(:role).and_return("default_role")
-        allow(own_post).to receive(:id).and_return(1)
-
-        Pundit::RSpec::Matchers.description = lambda { |user, record|
-          "permit user with role #{user.role} to access record with ID #{record.id}"
-        }
-
-        description = permit(user, own_post).description
-        expect(description).to eq("permit user with role default_role to access record with ID 1")
-      end
-
-      it "sets a custom matcher description with a string" do
-        Pundit::RSpec::Matchers.description = "permit user"
-        expect(permit(user, own_post).description).to eq("permit user")
-      end
-    end
-  end
-end

data/spec/policy_finder_spec.rb

@@ -1,191 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe Pundit::PolicyFinder do
-  let(:user) { double }
-  let(:post) { Post.new(user) }
-  let(:comment) { CommentFourFiveSix.new }
-  let(:article) { Article.new }
-
-  describe "SUFFIX" do
-    specify { expect(described_class::SUFFIX).to eq "Policy" }
-    specify { expect(Pundit::SUFFIX).to eq(described_class::SUFFIX) }
-  end
-
-  describe "#scope" do
-    subject { described_class.new(post) }
-
-    it "returns a policy scope" do
-      expect(subject.scope).to eq PostPolicy::Scope
-    end
-
-    context "policy is nil" do
-      it "returns nil" do
-        allow(subject).to receive(:policy).and_return nil
-        expect(subject.scope).to eq nil
-      end
-    end
-  end
-
-  describe "#policy" do
-    context "with an instance" do
-      it "returns the associated policy" do
-        object = described_class.new(post)
-
-        expect(object.policy).to eq PostPolicy
-      end
-    end
-
-    context "with an array of symbols" do
-      it "returns the associated namespaced policy" do
-        object = described_class.new(%i[project post])
-
-        expect(object.policy).to eq Project::PostPolicy
-      end
-    end
-
-    context "with an array of a symbol and an instance" do
-      it "returns the associated namespaced policy" do
-        object = described_class.new([:project, post])
-
-        expect(object.policy).to eq Project::PostPolicy
-      end
-    end
-
-    context "with an array of a symbol and a class with a specified policy class" do
-      it "returns the associated namespaced policy" do
-        object = described_class.new([:project, Customer::Post])
-
-        expect(object.policy).to eq Project::PostPolicy
-      end
-    end
-
-    context "with an array of a symbol and a class with a specified model name" do
-      it "returns the associated namespaced policy" do
-        object = described_class.new([:project, CommentsRelation])
-
-        expect(object.policy).to eq Project::CommentPolicy
-      end
-    end
-
-    context "with a class" do
-      it "returns the associated policy" do
-        object = described_class.new(Post)
-
-        expect(object.policy).to eq PostPolicy
-      end
-    end
-
-    context "with a class which has a specified policy class" do
-      it "returns the associated policy" do
-        object = described_class.new(Customer::Post)
-
-        expect(object.policy).to eq PostPolicy
-      end
-    end
-
-    context "with an instance which has a specified policy class" do
-      it "returns the associated policy" do
-        object = described_class.new(Customer::Post.new(user))
-
-        expect(object.policy).to eq PostPolicy
-      end
-    end
-
-    context "with a class which has a specified model name" do
-      it "returns the associated policy" do
-        object = described_class.new(CommentsRelation)
-
-        expect(object.policy).to eq CommentPolicy
-      end
-    end
-
-    context "with an instance which has a specified policy class" do
-      it "returns the associated policy" do
-        object = described_class.new(CommentsRelation.new)
-
-        expect(object.policy).to eq CommentPolicy
-      end
-    end
-
-    context "with nil" do
-      it "returns a NilClassPolicy" do
-        object = described_class.new(nil)
-
-        expect(object.policy).to eq NilClassPolicy
-      end
-    end
-
-    context "with a class that doesn't have an associated policy" do
-      it "returns nil" do
-        object = described_class.new(Foo)
-
-        expect(object.policy).to eq nil
-      end
-    end
-  end
-
-  describe "#scope!" do
-    context "@object is nil" do
-      subject { described_class.new(nil) }
-
-      it "returns the NilClass policy's scope class" do
-        expect(subject.scope!).to eq NilClassPolicy::Scope
-      end
-    end
-
-    context "@object is defined" do
-      subject { described_class.new(post) }
-
-      it "returns the scope" do
-        expect(subject.scope!).to eq PostPolicy::Scope
-      end
-    end
-  end
-
-  describe "#param_key" do
-    context "object responds to model_name" do
-      subject { described_class.new(comment) }
-
-      it "returns the param_key" do
-        expect(subject.object).to respond_to(:model_name)
-        expect(subject.param_key).to eq "comment_four_five_six"
-      end
-    end
-
-    context "object is a class" do
-      subject { described_class.new(Article) }
-
-      it "returns the param_key" do
-        expect(subject.object).not_to respond_to(:model_name)
-        expect(subject.object).to be_a Class
-        expect(subject.param_key).to eq "article"
-      end
-    end
-
-    context "object is an instance of a class" do
-      subject { described_class.new(article) }
-
-      it "returns the param_key" do
-        expect(subject.object).not_to respond_to(:model_name)
-        expect(subject.object).not_to be_a Class
-        expect(subject.object).to be_an_instance_of Article
-
-        expect(subject.param_key).to eq "article"
-      end
-    end
-
-    context "object is an array" do
-      subject { described_class.new([:project, article]) }
-
-      it "returns the param_key for the last element of the array" do
-        expect(subject.object).not_to respond_to(:model_name)
-        expect(subject.object).not_to be_a Class
-        expect(subject.object).to be_an_instance_of Array
-
-        expect(subject.param_key).to eq "article"
-      end
-    end
-  end
-end

data/spec/pundit/helper_spec.rb

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-require "spec_helper"
-
-RSpec.describe Pundit::Helper do
-  let(:user) { double }
-  let(:controller) { Controller.new(user, "update", double) }
-  let(:view) { Controller::View.new(controller) }
-
-  describe "#policy_scope" do
-    it "doesn't flip pundit_policy_scoped?" do
-      scoped = view.policy_scope(Post)
-
-      expect(scoped).to be(Post.published)
-      expect(controller).not_to be_pundit_policy_scoped
-    end
-  end
-end