This repository has been archived by the owner on Nov 19, 2019. It is now read-only.
/
authority_spec.rb
99 lines (71 loc) · 2.97 KB
/
authority_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
require 'spec_helper'
require 'support/example_classes'
describe Authority do
it "has a default list of abilities" do
expect(Authority.abilities).to be_a(Hash)
end
it "does not allow modification of the Authority.abilities hash directly" do
expect { Authority.abilities[:exchange] = 'fungible' }.to raise_error(
StandardError, /modify frozen/
) # can't modify frozen hash - exact error type and message depends on Ruby version
end
it "has a convenience accessor for the ability verbs" do
expect(Authority.verbs.map(&:to_s).sort).to eq(%w[create delete read update])
end
it "has a convenience accessor for the ability adjectives" do
expect(Authority.adjectives.sort).to eq(%w[creatable deletable readable updatable])
end
describe "configuring Authority" do
it "has a configuration accessor" do
expect(Authority).to respond_to(:configuration)
end
it "has a `configure` method" do
expect(Authority).to respond_to(:configure)
end
it "requires the remainder of library internals after configuration" do
Authority.should_receive(:require_authority_internals!)
Authority.configure
end
end
describe "enforcement" do
let(:user) { ExampleUser.new }
let(:resource_class) { ExampleResource }
describe "when given options" do
it "checks the user's authorization, passing along the options" do
options = { :for => 'context' }
user.should_receive(:can_delete?).with(resource_class, options).and_return(true)
Authority.enforce(:delete, resource_class, user, options)
end
end
describe "when not given options" do
it "checks the user's authorization, passing no options" do
user.should_receive(:can_delete?).with(resource_class).and_return(true)
Authority.enforce(:delete, resource_class, user)
end
end
it "raises a SecurityViolation if the action is unauthorized" do
expect { Authority.enforce(:update, resource_class, user) }.to raise_error(Authority::SecurityViolation)
end
it "doesn't raise a SecurityViolation if the action is authorized" do
expect { Authority.enforce(:read, resource_class, user) }.not_to raise_error(Authority::SecurityViolation)
end
end
describe Authority::SecurityViolation do
let(:user) { :"Cap'n Ned" }
let(:action) { :keelhaul }
let(:resource) { :houseplant }
let(:security_violation) { Authority::SecurityViolation.new(user, action, resource) }
it "has a reader for the user" do
expect(security_violation.user).to eq(user)
end
it "has a reader for the action" do
expect(security_violation.action).to eq(action)
end
it "has a reader for the resource" do
expect(security_violation.resource).to eq(resource)
end
it "uses them all in its message" do
expect(security_violation.message).to eq("#{user} is not authorized to #{action} this resource: #{resource}")
end
end
end