| Module | Access::TestHelpers |
| In: |
lib/access_test_helpers.rb
|
# File lib/access_test_helpers.rb, line 389
389: def assert_diversion_done
390: assert_nil session[:diverted_controller]
391: assert_nil session[:diverted_action]
392: end
# File lib/access_test_helpers.rb, line 384
384: def assert_diverted_from( controller_name, action_name )
385: assert_equal controller_name, session[:diverted_controller]
386: assert_equal action_name, session[:diverted_action]
387: end
The opposite of assert_requires; demands that the code throw a PermissionFailure even if the perm_or_perms are all in place.
# File lib/access_test_helpers.rb, line 226
226: def assert_fails_even_with( perm_or_perms )
227:
228: with_permission( perm_or_perms ) do
229:
230: assert_raises( PermissionFailure ) { yield }
231:
232: end
233:
234: end
Tests that a role with the all the given permissions correctly grants permission to perform the code in the block.
The priv_or_privs argument may be a single Permission which must grant required access all by itself.
Multiple Permissions may also be given. In this case, we check that no individual permission is enough to grant the required access, but that collectively, they all do.
Argument Permissions are cloned; the originals are unaltered on return.
# File lib/access_test_helpers.rb, line 156
156: def assert_requires( *priv_or_privs )
157:
158: with_test_role_for_unprivileged_guy( :no_grants ) do |user, role|
159:
160: # With no privileges in our empty role, we should blow up
161:
162: assert_equal 1, user.roles.count
163: assert_equal 0, user.permissions.size
164:
165: assert_raises( PermissionFailure ) { yield }
166:
167: # If array of one privilege supplied, treat as single privilege
168:
169: if priv_or_privs.size == 1
170:
171: # Single privilege supplied; assign it to our role, and
172: # check that it works.
173:
174: User.as( users(:universal_grant_guy) ) do
175: priv = priv_or_privs.first.clone
176: priv.role = role
177: priv.save!
178: user.permissions :force_reload
179: end
180:
181: assert_nothing_raised { yield }
182:
183: else
184:
185: # Multiple privileges. Make sure each individually doesn't
186: # grant access...
187:
188: privs = priv_or_privs.collect &:clone
189: privs.each do |priv|
190:
191: User.as( users(:universal_grant_guy) ) do
192: priv.role = role
193: priv.save!
194: end
195:
196: user.permissions :force_reload
197: assert_raises( PermissionFailure ) { yield }
198:
199: User.as( users(:universal_grant_guy) ) do
200: priv.update_attribute :role, roles(:ricardo_twiddler) # displace...
201: end
202:
203: end
204:
205: # ... but that they collectively do:
206:
207: User.as( users(:universal_grant_guy) ) do
208: privs.each { |priv| priv.update_attribute :role, role }
209: end
210:
211: user.permissions :force_reload
212: assert_nothing_raised { yield }
213:
214: end
215: end
216:
217: end
Quickie line-saver: generate a Permission to :post to Blog, with extra attributes as supplied in the arguments.
# File lib/access_test_helpers.rb, line 269
269: def blog_post_permission( args = {} )
270: Permission.new( args.reverse_merge( :privilege => :post,
271: :class_name => 'Blog',
272: :is_grant => false,
273: :has_grant_option => false,
274: :target_owned_by_self => false
275: ))
276: end
Log in as a particular user. Useful for setup methods in controller tests, in which most tests will want to be logged in as the same user. The optional :acting_as argument is as for User.as
# File lib/access_test_helpers.rb, line 370
370: def log_in_as( user, options = {} )
371: @request.session[:current_user_id] =
372: options.has_key?( :acting_as ) ? options[:acting_as].id : user.id
373: @request.session[:user_of_record_id] = user.id
374: end
Helper for controller tests: fake being logged in as a particular user in the session. The :acting_as argument is as for User.as
# File lib/access_test_helpers.rb, line 352
352: def logged_in_as( user, options = {} )
353: old_current = @request.session[:current_user_id]
354: old_of_rec = @request.session[:user_of_record_id]
355: log_in_as user, options
356: yield
357: ensure
358: @request.session[:current_user_id] = old_current
359: @request.session[:user_of_record_id] = old_of_rec
360: end
Returns a Permission granting ‘privilege’ on one ojbect, ‘obj‘
# File lib/access_test_helpers.rb, line 280
280: def one_object_perm privilege, obj
281: Permission.new( :privilege => privilege,
282: :class_name => obj.class.name,
283: :is_grant => false,
284: :has_grant_option => false,
285: :target_owned_by_self => false,
286: :target => obj
287: )
288:
289: end
Returns a Permission granting ‘privilege’ on any object of class ‘klass’ whose owner_firm is set to ‘firm’.
# File lib/access_test_helpers.rb, line 308
308: def owner_firm_perm privilege, klass, firm
309: Permission.new( :privilege => privilege,
310: :class_name => klass.name,
311: :is_grant => false,
312: :has_grant_option => false,
313: :target_owned_by_self => false,
314: :target_owner_firm => firm
315: )
316:
317: end
Returns a Permission granting ‘privilege’ on any object of class ‘klass’ owned by ‘owner’.
# File lib/access_test_helpers.rb, line 294
294: def owner_perm privilege, klass, owner
295: Permission.new( :privilege => privilege,
296: :class_name => klass.name,
297: :is_grant => false,
298: :has_grant_option => false,
299: :target_owned_by_self => false,
300: :target_owner => owner
301: )
302:
303: end
For tests of things that want to take advantage of the "diverted request" machinery in applicationhelper.rb
# File lib/access_test_helpers.rb, line 379
379: def remember_diversion( controller_name, action_name )
380: @request.session[:diverted_controller] = controller_name
381: @request.session[:diverted_action] = action_name
382: end
Returns a Permission granting ‘privilege’ on any object of class ‘klass’ which is "owned by self".
# File lib/access_test_helpers.rb, line 322
322: def self_owner_perm privilege, klass
323: Permission.new( :privilege => privilege,
324: :class_name => klass.name,
325: :is_grant => false,
326: :has_grant_option => false,
327: :target_owned_by_self => true
328: )
329: end
Tests that the record isn‘t valid if the attribute is unset, and becomes valid if it gets set to the given value.
# File lib/access_test_helpers.rb, line 52
52: def test_required_associate(rec, attr, value)
53: test_validation rec, attr, :invalid => [nil], :valid => [value]
54: end
Assigns all of the invalid and valid values to record.foo. Verifies that all of the valid values pass validation, and that the invalid values all flunk. Leaves the attribute in the last valid state.
# File lib/access_test_helpers.rb, line 33
33: def test_validation(rec, field, opts)
34: assign = "#{field}="
35: opts[:invalid].each do |val|
36: rec.send assign, val
37: assert !rec.valid?, "#{rec.class} with #{field}=#{val} should be invalid"
38: assert rec.errors.invalid?(field),
39: "#{val} shouldn't be valid for #{rec.class}.#{field}"
40: end
41: opts[:valid].each do |val|
42: rec.send assign, val
43: rec.valid?
44: assert !rec.errors.invalid?(field),
45: "#{val} should be valid for #{rec.class}.#{field}"
46: end
47: end
Returns a Permission granting ‘privilege’ on any object of class ‘klass’, at all.
# File lib/access_test_helpers.rb, line 334
334: def wildcard_perm privilege, klass
335: Permission.new( :privilege => privilege,
336: :class_name => klass.name,
337: :is_grant => false,
338: :has_grant_option => false,
339: :target_owned_by_self => false
340: )
341: end
Run the code in an environment with User.current set to a user with the given permissions, and no others. Permissions are unaffected; they are internally cloned and destroyed.
# File lib/access_test_helpers.rb, line 123
123: def with_permission( *perms )
124:
125: with_test_role_for_unprivileged_guy( :no_grants ) do |user, role|
126:
127: User.as( users(:universal_grant_guy) ) do
128: perms.each do |perm|
129: perm = perm.clone
130: perm.role = role
131: perm.save!
132: end
133: end
134:
135: yield
136:
137: end
138: end
Runs the code in an environment with a user that has only the given permissions…
# File lib/access_test_helpers.rb, line 242
242: def with_permission( perm_or_perms )
243:
244: perms = perm_or_perms.is_a?( Permission ) ? [perm_or_perms] : perm_or_perms
245: perms = perms.collect &:clone
246:
247: with_test_role_for_unprivileged_guy(:no_grants) do |user, role|
248:
249: User.as( users( :universal_grant_guy )) do
250: perms.each do |perm|
251: perm.role = role
252: perm.save!
253: end
254: end
255:
256: user.permissions :force_reload
257: yield
258:
259: end
260:
261: end
Helper for auth tests — runs its block in a dynamic environment in which:
*) User.current is an otherwise unprivileged user *) The user is assigned one role with no privileges. The user
is also ordinarily assigned the :universal_grant role, so tests can manipulate its privileges easily. The :no_grants argument suppresses even that, and gives a truly unprivileged user; this is used so that 'assert_requires' can tests privileges of roles.
We yield to the block with two arguments: the user, and its role. A ‘ensure’ clause undoes any changes.
# File lib/access_test_helpers.rb, line 73
73: def with_test_role_for_unprivileged_guy( no_grants = nil )
74:
75: assert( no_grants.nil? || no_grants == :no_grants )
76:
77: user = users(:unprivileged_guy)
78: role = nil # create var in outer scope
79:
80: User.as( users(:universal_grant_guy) ) do
81:
82: assert_equal 0, user.role_assignments.count
83:
84: role = Role.create :name => 'test role',
85: :owner_firm => firms(:dubuque), :owner => user
86:
87: RoleAssignment.create :user => user, :role => role
88:
89: if !no_grants
90: RoleAssignment.create :user => user, :role => roles(:universal_grant)
91: end
92:
93: end
94:
95: user.role_assignments :force_reload
96: user.permissions :force_reload
97:
98: User.as( users(:unprivileged_guy )) do
99: yield( user, role )
100: end
101:
102:
103: User.as( users(:universal_grant_guy) ) do
104: role.destroy
105: user.role_assignments.reload
106: user.role_assignments.each { |ra| ra.destroy }
107: end
108:
109: user.role_assignments :force_reload
110: assert_equal 0, user.role_assignments.count
111:
112: user.permissions :force_reload
113:
114: end