2014-04-23 22:58:38 -04:00
|
|
|
require "spec_helper"
|
2012-11-30 10:21:46 -05:00
|
|
|
|
2012-11-19 07:02:42 -05:00
|
|
|
describe Pundit do
|
2013-08-26 04:04:15 -04:00
|
|
|
let(:user) { double }
|
2012-11-19 07:02:42 -05:00
|
|
|
let(:post) { Post.new(user) }
|
|
|
|
let(:comment) { Comment.new }
|
|
|
|
let(:article) { Article.new }
|
2014-05-21 22:09:17 -04:00
|
|
|
let(:controller) { Controller.new(user, { :action => 'update' }) }
|
2012-11-30 10:21:46 -05:00
|
|
|
let(:artificial_blog) { ArtificialBlog.new }
|
2012-12-13 18:20:12 -05:00
|
|
|
let(:article_tag) { ArticleTag.new }
|
2015-03-27 13:09:26 -04:00
|
|
|
let(:comments_relation) { CommentsRelation.new }
|
|
|
|
let(:empty_comments_relation) { CommentsRelation.new(true) }
|
2012-11-19 07:02:42 -05:00
|
|
|
|
2015-03-26 05:32:20 -04:00
|
|
|
describe ".authorize" do
|
|
|
|
it "infers the policy and authorizes based on it" do
|
|
|
|
expect(Pundit.authorize(user, post, :update?)).to be_truthy
|
|
|
|
end
|
|
|
|
|
|
|
|
it "works with anonymous class policies" do
|
|
|
|
expect(Pundit.authorize(user, article_tag, :show?)).to be_truthy
|
|
|
|
expect { Pundit.authorize(user, article_tag, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an error with a query and action" do
|
2015-03-27 05:22:30 -04:00
|
|
|
expect { Pundit.authorize(user, post, :destroy?) }.to raise_error(Pundit::NotAuthorizedError, "not allowed to destroy? this #<Post>") do |error|
|
2015-03-26 05:32:20 -04:00
|
|
|
expect(error.query).to eq :destroy?
|
|
|
|
expect(error.record).to eq post
|
|
|
|
expect(error.policy).to eq Pundit.policy(user, post)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-11-19 07:02:42 -05:00
|
|
|
describe ".policy_scope" do
|
|
|
|
it "returns an instantiated policy scope given a plain model class" do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(Pundit.policy_scope(user, Post)).to eq :published
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy scope given an active model class" do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(Pundit.policy_scope(user, Comment)).to eq Comment
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
2015-03-27 13:09:26 -04:00
|
|
|
it "returns an instantiated policy scope given an active record relation", focus: true do
|
|
|
|
expect(Pundit.policy_scope(user, comments_relation)).to eq comments_relation
|
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy scope given an empty active record relation" do
|
|
|
|
expect(Pundit.policy_scope(user, empty_comments_relation)).to eq empty_comments_relation
|
|
|
|
end
|
|
|
|
|
2012-11-19 07:02:42 -05:00
|
|
|
it "returns nil if the given policy scope can't be found" do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(Pundit.policy_scope(user, Article)).to be_nil
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
2015-03-26 05:25:21 -04:00
|
|
|
|
|
|
|
it "returns nil if blank object given" do
|
|
|
|
expect(Pundit.policy_scope(user, nil)).to be_nil
|
|
|
|
end
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
describe ".policy_scope!" do
|
|
|
|
it "returns an instantiated policy scope given a plain model class" do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(Pundit.policy_scope!(user, Post)).to eq :published
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy scope given an active model class" do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(Pundit.policy_scope!(user, Comment)).to eq Comment
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "throws an exception if the given policy scope can't be found" do
|
|
|
|
expect { Pundit.policy_scope!(user, Article) }.to raise_error(Pundit::NotDefinedError)
|
|
|
|
end
|
2012-12-13 18:20:12 -05:00
|
|
|
|
|
|
|
it "throws an exception if the given policy scope can't be found" do
|
|
|
|
expect { Pundit.policy_scope!(user, ArticleTag) }.to raise_error(Pundit::NotDefinedError)
|
|
|
|
end
|
2015-03-26 05:25:21 -04:00
|
|
|
|
|
|
|
it "throws an exception if the given policy scope is nil" do
|
2015-03-27 04:31:10 -04:00
|
|
|
expect { Pundit.policy_scope!(user, nil) }.to raise_error(Pundit::NotDefinedError, "unable to find policy scope of nil")
|
2015-03-26 05:25:21 -04:00
|
|
|
end
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
describe ".policy" do
|
|
|
|
it "returns an instantiated policy given a plain model instance" do
|
|
|
|
policy = Pundit.policy(user, post)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.post).to eq post
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy given an active model instance" do
|
|
|
|
policy = Pundit.policy(user, comment)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.comment).to eq comment
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy given a plain model class" do
|
|
|
|
policy = Pundit.policy(user, Post)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.post).to eq Post
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy given an active model class" do
|
|
|
|
policy = Pundit.policy(user, Comment)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.comment).to eq Comment
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns nil if the given policy can't be found" do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(Pundit.policy(user, article)).to be_nil
|
|
|
|
expect(Pundit.policy(user, Article)).to be_nil
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
2012-12-13 18:20:12 -05:00
|
|
|
|
2015-03-26 05:25:21 -04:00
|
|
|
it "returns nil if the given policy is nil" do
|
|
|
|
expect(Pundit.policy(user, nil)).to be_nil
|
|
|
|
end
|
|
|
|
|
2012-12-13 18:20:12 -05:00
|
|
|
describe "with .policy_class set on the model" do
|
|
|
|
it "returns an instantiated policy given a plain model instance" do
|
|
|
|
policy = Pundit.policy(user, artificial_blog)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.blog).to eq artificial_blog
|
2012-12-13 18:20:12 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy given a plain model class" do
|
|
|
|
policy = Pundit.policy(user, ArtificialBlog)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.blog).to eq ArtificialBlog
|
2012-12-13 18:20:12 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy given a plain model instance providing an anonymous class" do
|
|
|
|
policy = Pundit.policy(user, article_tag)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.tag).to eq article_tag
|
2012-12-13 18:20:12 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy given a plain model class providing an anonymous class" do
|
|
|
|
policy = Pundit.policy(user, ArticleTag)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.tag).to eq ArticleTag
|
2012-12-13 18:20:12 -05:00
|
|
|
end
|
2014-07-13 06:34:09 -04:00
|
|
|
|
|
|
|
it "returns an instantiated policy given a symbol" do
|
|
|
|
policy = Pundit.policy(user, :dashboard)
|
|
|
|
expect(policy.class).to eq DashboardPolicy
|
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.dashboard).to eq :dashboard
|
|
|
|
end
|
2014-10-11 09:01:45 -04:00
|
|
|
|
|
|
|
it "returns an instantiated policy given an array" do
|
|
|
|
policy = Pundit.policy(user, [:project, :dashboard])
|
|
|
|
expect(policy.class).to eq Project::DashboardPolicy
|
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.dashboard).to eq [:project, :dashboard]
|
|
|
|
end
|
2012-12-13 18:20:12 -05:00
|
|
|
end
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
describe ".policy!" do
|
|
|
|
it "returns an instantiated policy given a plain model instance" do
|
|
|
|
policy = Pundit.policy!(user, post)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.post).to eq post
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy given an active model instance" do
|
|
|
|
policy = Pundit.policy!(user, comment)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.comment).to eq comment
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy given a plain model class" do
|
|
|
|
policy = Pundit.policy!(user, Post)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.post).to eq Post
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "returns an instantiated policy given an active model class" do
|
|
|
|
policy = Pundit.policy!(user, Comment)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.comment).to eq Comment
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
2014-07-13 06:34:09 -04:00
|
|
|
it "returns an instantiated policy given a symbol" do
|
|
|
|
policy = Pundit.policy!(user, :dashboard)
|
|
|
|
expect(policy.class).to eq DashboardPolicy
|
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.dashboard).to eq :dashboard
|
|
|
|
end
|
|
|
|
|
2014-10-11 09:01:45 -04:00
|
|
|
it "returns an instantiated policy given an array" do
|
|
|
|
policy = Pundit.policy!(user, [:project, :dashboard])
|
|
|
|
expect(policy.class).to eq Project::DashboardPolicy
|
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.dashboard).to eq [:project, :dashboard]
|
|
|
|
end
|
|
|
|
|
2012-11-19 07:02:42 -05:00
|
|
|
it "throws an exception if the given policy can't be found" do
|
|
|
|
expect { Pundit.policy!(user, article) }.to raise_error(Pundit::NotDefinedError)
|
|
|
|
expect { Pundit.policy!(user, Article) }.to raise_error(Pundit::NotDefinedError)
|
|
|
|
end
|
2015-03-26 05:25:21 -04:00
|
|
|
|
|
|
|
it "throws an exception if the given policy is nil" do
|
2015-03-27 04:31:10 -04:00
|
|
|
expect { Pundit.policy!(user, nil) }.to raise_error(Pundit::NotDefinedError, "unable to find policy of nil")
|
2015-03-26 05:25:21 -04:00
|
|
|
end
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
describe "#verify_authorized" do
|
|
|
|
it "does nothing when authorized" do
|
|
|
|
controller.authorize(post)
|
|
|
|
controller.verify_authorized
|
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an exception when not authorized" do
|
2014-02-14 07:57:13 -05:00
|
|
|
expect { controller.verify_authorized }.to raise_error(Pundit::AuthorizationNotPerformedError)
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-04-18 01:05:24 -04:00
|
|
|
describe "#verify_policy_scoped" do
|
|
|
|
it "does nothing when policy_scope is used" do
|
|
|
|
controller.policy_scope(Post)
|
|
|
|
controller.verify_policy_scoped
|
|
|
|
end
|
|
|
|
|
|
|
|
it "raises an exception when policy_scope is not used" do
|
2014-07-07 21:50:22 -04:00
|
|
|
expect { controller.verify_policy_scoped }.to raise_error(Pundit::PolicyScopingNotPerformedError)
|
2013-04-18 01:05:24 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-11-19 07:02:42 -05:00
|
|
|
describe "#authorize" do
|
2015-03-26 05:32:20 -04:00
|
|
|
it "infers the policy name and authorizes based on it" do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(controller.authorize(post)).to be_truthy
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "can be given a different permission to check" do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(controller.authorize(post, :show?)).to be_truthy
|
2012-11-19 07:02:42 -05:00
|
|
|
expect { controller.authorize(post, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
|
|
|
|
end
|
|
|
|
|
2012-12-13 18:20:12 -05:00
|
|
|
it "works with anonymous class policies" do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(controller.authorize(article_tag, :show?)).to be_truthy
|
2012-12-13 18:20:12 -05:00
|
|
|
expect { controller.authorize(article_tag, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
|
|
|
|
end
|
|
|
|
|
2015-03-26 05:32:20 -04:00
|
|
|
it "throws an exception when the permission check fails" do
|
2012-11-19 07:02:42 -05:00
|
|
|
expect { controller.authorize(Post.new) }.to raise_error(Pundit::NotAuthorizedError)
|
|
|
|
end
|
2014-02-25 21:54:22 -05:00
|
|
|
|
2015-03-26 05:32:20 -04:00
|
|
|
it "throws an exception when a policy cannot be found" do
|
|
|
|
expect { controller.authorize(Article) }.to raise_error(Pundit::NotDefinedError)
|
|
|
|
end
|
|
|
|
|
|
|
|
it "caches the policy" do
|
|
|
|
expect(controller.policies[post]).to be_nil
|
|
|
|
controller.authorize(post)
|
|
|
|
expect(controller.policies[post]).not_to be_nil
|
2014-02-25 21:54:22 -05:00
|
|
|
end
|
2015-02-25 14:30:08 -05:00
|
|
|
|
2015-03-26 05:25:21 -04:00
|
|
|
it "raises an error when the given record is nil" do
|
|
|
|
expect { controller.authorize(nil, :destroy?) }.to raise_error(Pundit::NotDefinedError)
|
2015-02-25 14:30:08 -05:00
|
|
|
end
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
2015-02-20 14:38:08 -05:00
|
|
|
describe "#skip_authorization" do
|
|
|
|
it "disables authorization verification" do
|
|
|
|
controller.skip_authorization
|
|
|
|
expect { controller.verify_authorized }.not_to raise_error
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-07-12 23:42:34 -04:00
|
|
|
describe "#pundit_user" do
|
|
|
|
it 'returns the same thing as current_user' do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(controller.pundit_user).to eq controller.current_user
|
2013-07-12 23:42:34 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-11-19 07:02:42 -05:00
|
|
|
describe ".policy" do
|
|
|
|
it "returns an instantiated policy" do
|
|
|
|
policy = controller.policy(post)
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(policy.user).to eq user
|
|
|
|
expect(policy.post).to eq post
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "throws an exception if the given policy can't be found" do
|
|
|
|
expect { controller.policy(article) }.to raise_error(Pundit::NotDefinedError)
|
|
|
|
end
|
2013-08-11 20:38:50 -04:00
|
|
|
|
|
|
|
it "allows policy to be injected" do
|
|
|
|
new_policy = OpenStruct.new
|
2014-08-22 07:20:32 -04:00
|
|
|
controller.policies[post] = new_policy
|
2013-08-11 20:38:50 -04:00
|
|
|
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(controller.policy(post)).to eq new_policy
|
2013-08-11 20:38:50 -04:00
|
|
|
end
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
describe ".policy_scope" do
|
|
|
|
it "returns an instantiated policy scope" do
|
2014-02-08 07:19:24 -05:00
|
|
|
expect(controller.policy_scope(Post)).to eq :published
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
|
|
|
|
it "throws an exception if the given policy can't be found" do
|
|
|
|
expect { controller.policy_scope(Article) }.to raise_error(Pundit::NotDefinedError)
|
|
|
|
end
|
2013-08-11 20:38:50 -04:00
|
|
|
|
|
|
|
it "allows policy_scope to be injected" do
|
|
|
|
new_scope = OpenStruct.new
|
2014-08-22 07:20:32 -04:00
|
|
|
controller.policy_scopes[Post] = new_scope
|
2013-08-11 20:38:50 -04:00
|
|
|
|
2014-08-22 07:20:32 -04:00
|
|
|
expect(controller.policy_scope(Post)).to eq new_scope
|
2013-08-11 20:38:50 -04:00
|
|
|
end
|
2012-11-19 07:02:42 -05:00
|
|
|
end
|
|
|
|
end
|