trust 0.8.3 → 1.4.2

data/test/unit/trust/controller/resource_test.rb

@@ -140,20 +140,20 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
       end
       context 'when found' do
         should 'return object for namespaced resource' do
-          @request.stubs(:symbolized_path_parameters).returns({:name_spaced_resource_person_id => 2 })
+          @request.stubs(:path_parameters).returns({:name_spaced_resource_person_id => 2 })
           NameSpacedResource::Person.expects(:find).with(2).returns(@object = NameSpacedResource::Person.new)
           @res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
           assert_equal @object, @res.object
         end
         should 'return object for regular resource' do
-          @request.stubs(:symbolized_path_parameters).returns({:child_id => 2 })
+          @request.stubs(:path_parameters).returns({:child_id => 2 })
           Child.expects(:find).with(2).returns(@object = Child.new)
           @res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
           assert_equal @object, @res.object
         end
         context 'the attributes' do
           setup do
-            @request.stubs(:symbolized_path_parameters).returns({:child_id => 2 })
+            @request.stubs(:path_parameters).returns({:child_id => 2 })
             Child.expects(:find).with(2).returns(@object = Child.new)
             @res = Trust::Controller::Resource::ParentInfo.new(@resources, {:child => 'tie'}, @request)
           end
@@ -173,20 +173,20 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
         end
       end
       should 'return nil for object if not found' do
-        @request.stubs(:symbolized_path_parameters).returns({:child_id => 2 })
+        @request.stubs(:path_parameters).returns({:child_id => 2 })
         Child.expects(:find).with(2).returns(nil)
         @res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
         assert_nil @res.object
         assert !@res.object?
       end
       should 'return nil for object if not specified' do
-        @request.stubs(:symbolized_path_parameters).returns({})
+        @request.stubs(:path_parameters).returns({})
         @res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
         assert_nil @res.object
         assert !@res.object?
       end
       should 'return nil for klass when not found' do
-        @request.stubs(:symbolized_path_parameters).returns({})
+        @request.stubs(:path_parameters).returns({})
         @res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
         assert_nil @res.klass
       end
@@ -196,7 +196,7 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
       setup do
         @request = Object.new
         @resources = [:parent]
-        @request.stubs(:symbolized_path_parameters).returns({:child_id => 2 })
+        @request.stubs(:path_parameters).returns({:child_id => 2 })
         Parent.expects(:find).with(2).returns(@object = Child.new)
         @res = Trust::Controller::Resource::ParentInfo.new(@resources, {}, @request)
       end
@@ -252,6 +252,14 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
         @resource.expects(:instance).returns(2)
         assert_equal 2, @resource.instantiated
       end
+      should 'provide access to nested' do
+        @resource.expects(:parent).twice.returns(:parent)
+        @resource.expects(:instance).returns(:instance)
+        assert_equal [:parent, :instance], @resource.nested
+        @resource.expects(:parent).returns(nil)
+        @resource.expects(:instance).returns(:instance)
+        assert_equal :instance, *@resource.nested
+      end
       should 'provide collection' do
         @resource_info.expects(:collection).with(@parent_info, nil).returns(1)
         assert_equal 1, @resource.collection
@@ -268,12 +276,12 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
         assert @resource.instance.is_a?(Child)
       end
     end
-    context 'Member actions' do
+    context 'Actions' do
       setup do
         Trust::Controller::Resource.any_instance.expects(:extract_resource_info).with('child', { :id => 1 }).returns(@resource_info)
         Trust::Controller::Resource.any_instance.expects(:extract_parent_info).with({:parent => nil}, { :id => 1 }, @request).returns(@parent_info)
       end
-      should 'load as expected' do
+      should 'load member as expected' do
         @resource = Trust::Controller::Resource.new(@controller, @properties, 'member',{ :id => 1 }, @request)
         @properties.actions :member => [:member]
         @resource_info.stubs(:params).returns({})
@@ -285,6 +293,18 @@ class Trust::Controller::ResourceTest < ActiveSupport::TestCase
         assert @controller.instance_variable_get(:@child).is_a?(Child)
         assert @resource.instance.is_a?(Child)
       end
+      should 'discovered collection_action? as a method' do
+        @resource = Trust::Controller::Resource.new(@controller, @properties, 'index',{ :id => 1 }, @request)
+        assert @resource.collection_action?
+      end
+      should 'discovered member_action? as a method' do
+        @resource = Trust::Controller::Resource.new(@controller, @properties, 'show',{ :id => 1 }, @request)
+        assert @resource.member_action?
+      end
+      should 'discovered new_action? as a method' do
+        @resource = Trust::Controller::Resource.new(@controller, @properties, 'new',{ :id => 1 }, @request)
+        assert @resource.new_action?
+      end
     end
     context 'Nested resources' do
       setup do

data/test/unit/trust/controller_test.rb

@@ -25,22 +25,25 @@
 require 'test_helper'
 
 class Trust::ControllerTest < ActiveSupport::TestCase
+  class Controller < ActionController::Base
+    trustee
+  end
+  class DerivedController < Controller
+  end
+  
   setup do
-    class Controller < ActionController::Base
-      trustee
-    end
-    class DerivedController < Controller
-    end
+    @filter_keyword = Trust.rails_generation < 4 ? :before_filter : :before_action
   end
+  
   context 'class method' do
     should 'instantiate properties' do
       assert_kind_of Trust::Controller::Properties, Controller.properties
     end
     should 'trustee set filers' do
       options = {:hello => :there}
-      Controller.expects(:before_filter).with(:set_user, options)
-      Controller.expects(:before_filter).with(:load_resource, options)
-      Controller.expects(:before_filter).with(:access_control, options)
+      Controller.expects(@filter_keyword).with(:set_user, options)
+      Controller.expects(@filter_keyword).with(:load_resource, options)
+      Controller.expects(@filter_keyword).with(:access_control, options)
       Controller.trustee options
     end
     should 'delegate to resource' do
@@ -64,29 +67,29 @@ class Trust::ControllerTest < ActiveSupport::TestCase
     
     context '_filter_setting' do
       should 'setup correct instance method callback' do
-        Controller.expects(:skip_before_filter).with(:access_control).times(3)
-        Controller.expects(:before_filter).with(:access_control,{})
+        Controller.expects(:"skip_#{@filter_keyword}").with(:access_control).times(3)
+        Controller.expects(@filter_keyword).with(:access_control,{})
         Controller.access_control
-        Controller.expects(:before_filter).with(:access_control,{:only => :index})
+        Controller.expects(@filter_keyword).with(:access_control,{:only => :index})
         Controller.access_control :only => :index
-        Controller.expects(:before_filter).never
+        Controller.expects(@filter_keyword).never
         Controller.access_control :off
       end
       should 'only set filters that are not off' do
         options = {:hello => :there, :set_user => :off}
-        Controller.expects(:before_filter).with(:set_user).never
-        Controller.expects(:before_filter).with(:load_resource, options)
-        Controller.expects(:before_filter).with(:access_control, options)
+        Controller.expects(@filter_keyword).with(:set_user).never
+        Controller.expects(@filter_keyword).with(:load_resource, options)
+        Controller.expects(@filter_keyword).with(:access_control, options)
         Controller.trustee options
         options = {:hello => :there, :load_resource => :off}
-        Controller.expects(:before_filter).with(:set_user, options)
-        Controller.expects(:before_filter).with(:load_resource).never
-        Controller.expects(:before_filter).with(:access_control, options)
+        Controller.expects(@filter_keyword).with(:set_user, options)
+        Controller.expects(@filter_keyword).with(:load_resource).never
+        Controller.expects(@filter_keyword).with(:access_control, options)
         Controller.trustee options
         options = {:hello => :there, :access_control => :off}
-        Controller.expects(:before_filter).with(:set_user, options)
-        Controller.expects(:before_filter).with(:load_resource, options)
-        Controller.expects(:before_filter).with(:access_control).never
+        Controller.expects(@filter_keyword).with(:set_user, options)
+        Controller.expects(@filter_keyword).with(:load_resource, options)
+        Controller.expects(@filter_keyword).with(:access_control).never
         Controller.trustee options
       end
     end
@@ -102,30 +105,40 @@ class Trust::ControllerTest < ActiveSupport::TestCase
       Trust::Authorization.expects(:user=).with(user)
       @controller.set_user
     end
-    should 'load resource' do
-      @controller.expects(:resource).returns(stub(:load => true))
-      @controller.load_resource
+    context 'load_resource' do
+      setup do
+        @authorization = stub('authorization')
+        @controller.stubs(:authorization).returns(@authorization)
+        @controller.stubs(:params).returns({})
+        @controller.stubs(:request).returns(stub('request', params: {}))
+      end
+      should 'preload authorizations upon new actions' do
+        @controller.expects(:action_name).returns('new')
+        @authorization.expects(:preload)
+        @controller.resource.expects(:load).returns(:the_instance)
+        @authorization.expects(:instance_loaded).with(:the_instance)
+        @controller.load_resource
+      end
+      should 'just load existing resources' do
+        @controller.expects(:action_name).returns('index')
+        @controller.resource.expects(:load).returns(:the_instance)
+        @controller.load_resource
+      end
     end
     should 'expose resource as helper' do
       assert @controller.class._helper_methods.include?(:resource)
     end
+    should 'initialize authorization object properly' do
+      @controller.instance_variable_set :@authorization, nil
+      @controller.expects(:resource).returns(:the_resource)
+      @controller.expects(:action_name).returns('index')
+      Trust::Authorization.expects(:new).with('index', :the_resource).returns(:an_authorization)
+      assert_equal :an_authorization, @controller.authorization
+      assert_equal :an_authorization, @controller.instance_variable_get( :@authorization)
+    end
     should 'provide access control' do
-      resource = stub('resource')
-      instance = stub('resource instance')
-      klass    = stub('resource klass')
-      parent   = stub('resource parent')
-
-      resource.expects(:instance).returns(instance)
-      resource.expects(:parent).returns(parent)
-      @controller.expects(:resource).returns(resource).twice
-      Trust::Authorization.expects(:authorize!).with(nil,instance,parent)
-      @controller.access_control
-
-      resource.expects(:instance).returns(nil)
-      resource.expects(:parent).returns(parent)
-      resource.expects(:klass).returns(klass)
-      @controller.expects(:resource).returns(resource).times(3)
-      Trust::Authorization.expects(:authorize!).with(nil,klass,parent)
+      @controller.stubs(:authorization).returns(stub('authorization'))
+      @controller.authorization.expects(:authorize!)
       @controller.access_control
     end
     context 'can?' do

data/test/unit/trust/permissions_test.rb

@@ -25,23 +25,40 @@
 require 'test_helper'
 
 class Trust::PermissionsTest < ActiveSupport::TestCase
+
+  class Fund < Trust::Permissions
+  end  
+  
   setup do
-    class Fund < Trust::Permissions
-    end
     @base = Fund
+    @action_aliases = Trust::Permissions.action_aliases
+    Trust::Permissions.action_aliases[:update] = [:update, :edit]
+  end
+  teardown do
+    Trust::Permissions.action_aliases = @action_aliases
   end
   context 'class_attributes' do
     should 'have default values' do
       assert_equal @base.permissions, {}
+      assert_equal @base.member_permissions, {}
       assert_equal @base.action_aliases, {
-        read: [:index, :show],
-        create: [:create, :new],
+        # read: [:index, :show],
+        # create: [:create, :new],
         update: [:update, :edit],
-        manage: [:index, :show, :create, :new, :update, :edit, :destroy]
+        # manage: [:index, :show, :create, :new, :update, :edit, :destroy]
         }
     end
   end
 
+  class TestAuth < Trust::Permissions
+  end
+
+  class TestMemberAuth < Trust::Permissions
+  end
+  
+  class TestRoleCan < Trust::Permissions
+  end
+
   context 'class method' do
     context 'can' do
       should 'work without using block' do
@@ -52,10 +69,6 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
       end
     end
     context 'can with role block' do
-      setup do
-        class TestAuth < Trust::Permissions
-        end
-      end
       should 'set permissions correctly' do
         TestAuth.role :tester do
           TestAuth.can :hi
@@ -68,24 +81,31 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
         # Verify that parent class is not affected
         assert_equal expected, @base.permissions, "#{@base.name} was modified"
         # Verify that aliases are expanded
-        expected = {:tester => [[:hi, {}],[:wink, {}],[:create, {}],[:new, {}]]}
+        expected = {:tester=>[[:hi, {}], [:wink, {}], [:create, {}]]}
         TestAuth.role :tester do
           TestAuth.can :create
         end
         assert_equal expected, TestAuth.permissions
         # Verify support for multiple roles
-        expected = {:tester => [[:hi, {}],[:wink, {}],[:create, {}],[:new, {}]], :manager => [[:hi, {}]]}
+        expected = {:tester => [[:hi, {}],[:wink, {}],[:create, {}]], :manager => [[:hi, {}]]}
         TestAuth.role :manager do
           TestAuth.can :hi
         end
         assert_equal expected, TestAuth.permissions
       end
     end
-    context 'can assigning role wihtout block' do
-      setup do
-        class TestRoleCan < Trust::Permissions
+    context 'can with member_role block' do
+      should 'set permissions correctly' do
+        TestMemberAuth.member_role :tester do
+          TestMemberAuth.can :hi
+          TestMemberAuth.can :wink
         end
+        # verfy that permissions are structured correctly
+        expected = {:tester => [[:hi, {}],[:wink, {}]]}
+        assert_equal expected, TestMemberAuth.member_permissions
       end
+    end
+    context 'can assigning role wihtout block' do
       should 'set permissions correctly' do
         TestRoleCan.role :tester, :manager, TestRoleCan.can(:hi, :wink, :if => true)
         expected = {:tester => [[:hi, {:if => true}],[:wink, {:if => true}]], :manager => [[:hi, {:if => true}],[:wink, {:if => true}]]}
@@ -100,7 +120,7 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
         assert_equal [:update, :edit], @base.send(:expand_aliases, :update)
       end
       should 'expand multiple aliases' do
-        assert_equal [:update, :edit, :create, :new], @base.send(:expand_aliases, [:update, :create])
+        assert_equal [:update, :edit, :create], @base.send(:expand_aliases, [:update, :create])
       end
       should 'return action if there are no aliases' do
         assert_equal [:hi], @base.send(:expand_aliases, :hi)
@@ -125,7 +145,7 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
   
   context 'instance method' do
     setup do
-      @subject = @base.new(:user, :wink, :klass, :subject, :parent)
+      @subject = @base.new(:user, :wink, @base, :subject, :parent)
     end
     context 'authorized?' do
       setup do
@@ -133,6 +153,12 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
           @subject.send(:authorized?)
         end
       end
+      should 'return params_handler' do
+        @user = stub(:role_symbols => [:manager])
+        @base.expects(:permissions).returns({:manager => [ [:wink, {permit: [:a, :b]}] ]})
+        @subject.stubs(:user).returns(@user)
+        assert_equal ({require: :trust_permissions_test_fund, permit: [:a, :b]}), authorized?
+      end
       should 'by default be false' do
         @user = stub(:role_symbols => [])
         @subject.stubs(:user).returns(@user)
@@ -154,9 +180,20 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
         @base.stubs(:permissions).
           returns({:tester => [[:hi, {}],[:wink, {}]]}).then.
           returns({:manager => [[:hi, {}],[:wink, {}]]})
-        assert authorized?        
         assert authorized?
       end
+      should 'delegate to members_role if required' do
+        @user = stub(:role_symbols => [:gurba])
+        @subject.stubs(:user).returns(@user)
+        @base.stubs(:permissions).returns({})
+        assert !authorized?        
+        @base.stubs(:member_permissions).returns({:manager => [[:hi, {}],[:wink, {}]]})
+        assert !authorized?
+        @base.any_instance.stubs(:members_role).returns(:manager)
+        assert authorized?
+        @base.stubs(:member_permissions).returns({})
+        assert !authorized?
+      end      
     end
     context 'eval_expr' do
       setup do
@@ -173,7 +210,7 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
         assert !eval_expr(:if => true, :unless => true)
         assert !eval_expr(:if => false, :unless => true)
         assert !eval_expr(:if => true, :unless => true)
-        assert eval_expr(:if => true, :unless => false)
+        assert_equal ({}), eval_expr(:if => true, :unless => false)
       end
       should 'support the following conditions' do
         assert eval_expr(:if => true)
@@ -181,33 +218,62 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
       end
       should 'support symbol expression' do
         @subject.expects(:hello).returns(true)
-        assert eval_expr(:if => :hello)
+        assert_equal ({}), eval_expr(:if => :hello)
       end
       should 'support proc expression' do
-        assert eval_expr(:if => Proc.new { true })
-        assert eval_expr(:if => lambda { true })
-        assert eval_expr(:unless => lambda { false })
+        assert_equal ({}), eval_expr(:if => Proc.new { true })
+        assert_equal ({}), eval_expr(:if => lambda { true })
+        assert_equal ({}), eval_expr(:unless => lambda { false })
+      end
+      context 'preloaded' do
+        should 'parse well known expressions' do
+          assert_equal ({require: :x, permit: [:name, :address]}), eval_expr(require: :x, permit: [:name, :address])
+        end
+        should 'support preload? method' do
+          @subject.instance_variable_set(:@preload, true)
+          assert !eval_expr(require: :x, permit: [:name, :address], unless: :preload?)
+          assert ({require: :x, permit: [:name, :address]}), eval_expr(require: :x, permit: [:name, :address], if: :preload?)
+        end
+      end
+    end
+    context 'preloading' do
+      should 'set preload attribute' do
+        @var = nil
+        @subject.expects(:authorized?).with() {  @var = @subject.preload?  }
+        assert !@var
+        @subject.preload
+        assert @var
+      end
+      should 'allow instance writer to subject' do
+        @subject.subject = :new_subject
+        assert_equal :new_subject, @subject.subject
+      end
+    end
+    context 'route key' do
+      should 'convert class to names appropriately' do
+        assert_equal :trust_permissions_test_account, @subject.send(:route_key, Account)
       end
     end
   end
   
+  class Account < Trust::Permissions
+    role :tester do
+      can :test_user,  :if => Proc.new { user.name == 'mcgormic' }
+      can :test_action,  :if => lambda { action == :test_action }
+      can :test_klass,   :if => lambda { klass == Account }
+      can :test_subject, :if => lambda { subject == :subject }
+      can :test_parent,  :if => lambda { parent == :parent }
+      can :test_failure, :if => lambda { failure == :failure }
+    end
+  end
+  
   context 'accessing accessors in Permission instance' do
     setup do
-      class Account < Trust::Permissions
-        role :tester do
-          can :test_user,  :if => Proc.new { user.name == 'mcgormic' }
-          can :test_action,  :if => lambda { action == :test_action }
-          can :test_klass,   :if => lambda { klass == :klass }
-          can :test_subject, :if => lambda { subject == :subject }
-          can :test_parent,  :if => lambda { parent == :parent }
-          can :test_failure, :if => lambda { failure == :failure }
-        end
-      end
       @user = stub(:name => 'mcgormic', :role_symbols => [:tester])
     end
     should 'expose accessors' do
       %w(user action klass subject parent).each do |attr|
-        @perm = Account.new(@user, :"test_#{attr}", :klass, :subject, :parent)
+        @perm = Account.new(@user, :"test_#{attr}", Account, :subject, :parent)
         assert @perm.authorized?, "test_#{attr} failed"
       end
       assert_raises NameError do
@@ -215,20 +281,50 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
         assert @perm.authorized?
       end
     end
-    
+  end
+
+
+  class TestBaseAuth < Trust::Permissions
+  end
+  class TestBaseAuth2 < Trust::Permissions
+  end
+  class TestInheritedAuth < TestBaseAuth
+  end
+  class TestOverride < TestBaseAuth2
+  end
+  class TestCannnotArgumentError < Trust::Permissions
+  end
+  class TestBaseAuth3 < Trust::Permissions
+    role :tester, :friend do
+      can :hi, :if => :ho
+      can :wink
+    end
+  end
+  class TestCannot < TestBaseAuth3
+    role :tester, cannot(:wink)
+    role :friend do
+      cannot :hi
+    end
+  end
+  class TestBaseAuth4 < Trust::Permissions
+    role :tester, :friend do
+      can :hi, :if => :ho
+      can :wink
+    end
+  end
+  class TestEnforce < TestBaseAuth4
+    role :tester, can(:wink, :enforce => true, :if => :yo)
+    role :friend do
+      can :hi, :enforce => true, :if => :sure
+    end
   end
 
   context 'inheritance' do
     should 'clone deeply' do
-      class TestBaseAuth < Trust::Permissions
-      end
       TestBaseAuth.role :tester do
         TestBaseAuth.can :hi, :if => :ho
         TestBaseAuth.can :wink
       end
-
-      class TestInheritedAuth < TestBaseAuth
-      end
       TestInheritedAuth.role :tester do
         TestInheritedAuth.can :foo, :if => :foobar
         TestInheritedAuth.can :bar
@@ -239,15 +335,11 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
       assert_equal expect, TestInheritedAuth.permissions
     end
     should 'accumulate inherited permissions' do
-      class TestBaseAuth2 < Trust::Permissions
-      end
       TestBaseAuth2.role :tester do
         TestBaseAuth2.can :hi, :if => :ho
         TestBaseAuth2.can :wink
       end
 
-      class TestOverride < TestBaseAuth2
-      end
       TestOverride.role :tester do
         TestOverride.can :hi, :if => :ha
       end
@@ -257,47 +349,21 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
     
     context 'with cannot' do
       should  'not accept options' do
-        class TestCannnotArgumentError < Trust::Permissions
-        end
         assert_raises ArgumentError do
           TestCannnotArgumentError.cannot :do, :options => true
         end
       end
       should 'revoke permissions' do
-        class TestBaseAuth3 < Trust::Permissions
-          role :tester, :friend do
-            can :hi, :if => :ho
-            can :wink
-          end
-        end
         expect = {:tester => [[:hi, {:if => :ho}],[:wink, {}]], :friend => [[:hi, {:if => :ho}],[:wink, {}]]}
         assert_equal expect, TestBaseAuth3.permissions
-        class TestCannot < TestBaseAuth3
-          role :tester, cannot(:wink)
-          role :friend do
-            cannot :hi
-          end
-        end
         expect = {:tester => [[:hi, {:if => :ho}]], :friend => [[:wink, {}]]}
         assert_equal expect, TestCannot.permissions
       end
     end
     context 'with enforce' do
       should 'override previous cans' do
-        class TestBaseAuth4 < Trust::Permissions
-          role :tester, :friend do
-            can :hi, :if => :ho
-            can :wink
-          end
-        end
         expect = {:tester => [[:hi, {:if => :ho}],[:wink, {}]], :friend => [[:hi, {:if => :ho}],[:wink, {}]]}
         assert_equal expect, TestBaseAuth4.permissions
-        class TestEnforce < TestBaseAuth4
-          role :tester, can(:wink, :enforce => true, :if => :yo)
-          role :friend do
-            can :hi, :enforce => true, :if => :sure
-          end
-        end
         expect = {:tester => [[:hi, {:if => :ho}],[:wink, {:if => :yo}]], :friend => [[:wink, {}],[:hi, {:if => :sure}]]}
         assert_equal expect, TestEnforce.permissions
         # Parent permissions should not be affected
@@ -306,4 +372,65 @@ class Trust::PermissionsTest < ActiveSupport::TestCase
       end
     end
   end
+  
+  
+  class TestPermit < Trust::Permissions
+    require :entity
+    permit :aha, :joho
+    role :tester do
+      can :wink, require: :special, permit: [:no, :way]
+      can :blink, require: :somewhat_special
+      can :wave, permit: [:hands]
+    end
+  end
+  
+  class TestInheritedPermit < TestPermit
+  end
+  
+  context 'params handler storage' do
+    setup do
+      @ta = TestPermit.new(:user, :wink, TestPermit, :subject, :parent)
+      @user = stub(:role_symbols => [:tester])
+    end
+    context 'of require' do
+      should 'default unless specified' do
+        TestPermit.entity_required = nil
+        ph = @ta.send(:params_handler_default, {})
+        assert_equal :trust_permissions_test_test_permit, ph[:require]
+        TestPermit.entity_required = :entity
+      end
+      should 'store default' do
+        assert_equal :entity, @ta.entity_required
+      end
+      should 'inherit default' do
+        ta = TestInheritedPermit.new(:user, :wink, TestInheritedPermit, :subject, :parent)
+        assert_equal :entity, ta.entity_required
+      end
+      should 'override on action' do
+        ta = TestInheritedPermit.new(@user, :wave, TestInheritedPermit, :subject, :parent)
+        expected = {require: :entity, permit: [:hands]}
+        assert_equal expected, ta.authorized?
+      end
+    end
+    context 'of permit' do
+      should 'store default' do
+        assert_equal [:aha, :joho], @ta.entity_attributes
+      end
+      should 'inherit default' do
+        ta = TestInheritedPermit.new(:user, :wink, TestInheritedPermit, :subject, :parent)
+        assert_equal [:aha, :joho], ta.entity_attributes
+      end
+      should 'override on action' do
+        ta = TestInheritedPermit.new(@user, :blink, TestInheritedPermit, :subject, :parent)
+        expected = {require: :somewhat_special, permit: [:aha, :joho]}
+        assert_equal expected, ta.authorized?
+      end
+    end
+    should 'override on action' do
+      ta = TestInheritedPermit.new(@user, :wink, TestInheritedPermit, :subject, :parent)
+      expected = {require: :special, permit: [:no, :way]}
+      assert_equal expected, ta.authorized?
+    end
+  end
+  
 end