kotovalexarian-likes-github/varvet--pundit
1
0
Fork 0
mirror of https://github.com/varvet/pundit.git synced 2022-11-09 12:30:11 -05:00
Code Releases Activity
varvet--pundit/spec/pundit_spec.rb

238 lines
7.8 KiB
Ruby
Raw Normal View History

moved class definitions from pundit_spec.rb to spec_helper.rb
2014-04-23 22:58:38 -04:00
require "spec_helper"
Adds support for `policy_class` model instance/class for custom Policy
2012-11-30 10:21:46 -05:00
Add specs and dependencies
2012-11-19 07:02:42 -05:00
describe Pundit do
Use RSpec double syntax over stub to fix deprecation warning
2013-08-26 04:04:15 -04:00
let(:user) { double }
Add specs and dependencies
2012-11-19 07:02:42 -05:00
let(:post) { Post.new(user) }
let(:comment) { Comment.new }
let(:article) { Article.new }
Lookup policies in the current namespace Addresses #12. If the policy is not defined in `namespace`, `const_get` will search through the inheritance change of `namespace` to find the policy.
2014-05-21 22:09:17 -04:00
let(:controller) { Controller.new(user, { :action => 'update' }) }
Adds support for `policy_class` model instance/class for custom Policy
2012-11-30 10:21:46 -05:00
let(:artificial_blog) { ArtificialBlog.new }
Improvements on `.policy_class` support The `BlogPolicy -> "BlogPolicy" -> "Blog" -> "BlogPolicy" -> BlogPolicy` issue @jnicklas pointed out has been resolved. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class BlogPolicy end end ``` The above string manipulation/casting is prevented; the `BlogPolicy` class will be immediately returned to `policy` and on to be evaluated. Anonymous classes are now supported too. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class Struct.new(:user, :blog) do def create? true end end end end ``` The `Struct` will be returned and evaluated as any other policy.
2012-12-13 18:20:12 -05:00
let(:article_tag) { ArticleTag.new }
Add specs and dependencies
2012-11-19 07:02:42 -05:00
describe ".policy_scope" do
it "returns an instantiated policy scope given a plain model class" do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(Pundit.policy_scope(user, Post)).to eq :published
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "returns an instantiated policy scope given an active model class" do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(Pundit.policy_scope(user, Comment)).to eq Comment
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "returns nil if the given policy scope can't be found" do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(Pundit.policy_scope(user, Article)).to be_nil
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
end
describe ".policy_scope!" do
it "returns an instantiated policy scope given a plain model class" do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(Pundit.policy_scope!(user, Post)).to eq :published
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "returns an instantiated policy scope given an active model class" do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(Pundit.policy_scope!(user, Comment)).to eq Comment
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "throws an exception if the given policy scope can't be found" do
expect { Pundit.policy_scope!(user, Article) }.to raise_error(Pundit::NotDefinedError)
end
Improvements on `.policy_class` support The `BlogPolicy -> "BlogPolicy" -> "Blog" -> "BlogPolicy" -> BlogPolicy` issue @jnicklas pointed out has been resolved. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class BlogPolicy end end ``` The above string manipulation/casting is prevented; the `BlogPolicy` class will be immediately returned to `policy` and on to be evaluated. Anonymous classes are now supported too. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class Struct.new(:user, :blog) do def create? true end end end end ``` The `Struct` will be returned and evaluated as any other policy.
2012-12-13 18:20:12 -05:00
it "throws an exception if the given policy scope can't be found" do
expect { Pundit.policy_scope!(user, ArticleTag) }.to raise_error(Pundit::NotDefinedError)
end
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
describe ".policy" do
it "returns an instantiated policy given a plain model instance" do
policy = Pundit.policy(user, post)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.post).to eq post
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "returns an instantiated policy given an active model instance" do
policy = Pundit.policy(user, comment)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.comment).to eq comment
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "returns an instantiated policy given a plain model class" do
policy = Pundit.policy(user, Post)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.post).to eq Post
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "returns an instantiated policy given an active model class" do
policy = Pundit.policy(user, Comment)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.comment).to eq Comment
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "returns nil if the given policy can't be found" do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(Pundit.policy(user, article)).to be_nil
expect(Pundit.policy(user, Article)).to be_nil
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
Improvements on `.policy_class` support The `BlogPolicy -> "BlogPolicy" -> "Blog" -> "BlogPolicy" -> BlogPolicy` issue @jnicklas pointed out has been resolved. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class BlogPolicy end end ``` The above string manipulation/casting is prevented; the `BlogPolicy` class will be immediately returned to `policy` and on to be evaluated. Anonymous classes are now supported too. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class Struct.new(:user, :blog) do def create? true end end end end ``` The `Struct` will be returned and evaluated as any other policy.
2012-12-13 18:20:12 -05:00
describe "with .policy_class set on the model" do
it "returns an instantiated policy given a plain model instance" do
policy = Pundit.policy(user, artificial_blog)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.blog).to eq artificial_blog
Improvements on `.policy_class` support The `BlogPolicy -> "BlogPolicy" -> "Blog" -> "BlogPolicy" -> BlogPolicy` issue @jnicklas pointed out has been resolved. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class BlogPolicy end end ``` The above string manipulation/casting is prevented; the `BlogPolicy` class will be immediately returned to `policy` and on to be evaluated. Anonymous classes are now supported too. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class Struct.new(:user, :blog) do def create? true end end end end ``` The `Struct` will be returned and evaluated as any other policy.
2012-12-13 18:20:12 -05:00
end
it "returns an instantiated policy given a plain model class" do
policy = Pundit.policy(user, ArtificialBlog)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.blog).to eq ArtificialBlog
Improvements on `.policy_class` support The `BlogPolicy -> "BlogPolicy" -> "Blog" -> "BlogPolicy" -> BlogPolicy` issue @jnicklas pointed out has been resolved. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class BlogPolicy end end ``` The above string manipulation/casting is prevented; the `BlogPolicy` class will be immediately returned to `policy` and on to be evaluated. Anonymous classes are now supported too. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class Struct.new(:user, :blog) do def create? true end end end end ``` The `Struct` will be returned and evaluated as any other policy.
2012-12-13 18:20:12 -05:00
end
it "returns an instantiated policy given a plain model instance providing an anonymous class" do
policy = Pundit.policy(user, article_tag)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.tag).to eq article_tag
Improvements on `.policy_class` support The `BlogPolicy -> "BlogPolicy" -> "Blog" -> "BlogPolicy" -> BlogPolicy` issue @jnicklas pointed out has been resolved. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class BlogPolicy end end ``` The above string manipulation/casting is prevented; the `BlogPolicy` class will be immediately returned to `policy` and on to be evaluated. Anonymous classes are now supported too. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class Struct.new(:user, :blog) do def create? true end end end end ``` The `Struct` will be returned and evaluated as any other policy.
2012-12-13 18:20:12 -05:00
end
it "returns an instantiated policy given a plain model class providing an anonymous class" do
policy = Pundit.policy(user, ArticleTag)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.tag).to eq ArticleTag
Improvements on `.policy_class` support The `BlogPolicy -> "BlogPolicy" -> "Blog" -> "BlogPolicy" -> BlogPolicy` issue @jnicklas pointed out has been resolved. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class BlogPolicy end end ``` The above string manipulation/casting is prevented; the `BlogPolicy` class will be immediately returned to `policy` and on to be evaluated. Anonymous classes are now supported too. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class Struct.new(:user, :blog) do def create? true end end end end ``` The `Struct` will be returned and evaluated as any other policy.
2012-12-13 18:20:12 -05:00
end
Enable headless policies Enables `policy(:dashboard) # => DashboardPolicy`. Policies without a matching model can come in handy when a controller isn't modeled alongside a resource, e.g. a `DashboardsController`. The policy lookup by symbol also helps with strong parameters, since I prefer `policy(:post)` or `policy(@post || :post)` over `policy(@post || Post)`.
2014-07-13 06:34:09 -04:00
it "returns an instantiated policy given a symbol" do
policy = Pundit.policy(user, :dashboard)
expect(policy.class).to eq DashboardPolicy
expect(policy.user).to eq user
expect(policy.dashboard).to eq :dashboard
end
Improvements on `.policy_class` support The `BlogPolicy -> "BlogPolicy" -> "Blog" -> "BlogPolicy" -> BlogPolicy` issue @jnicklas pointed out has been resolved. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class BlogPolicy end end ``` The above string manipulation/casting is prevented; the `BlogPolicy` class will be immediately returned to `policy` and on to be evaluated. Anonymous classes are now supported too. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class Struct.new(:user, :blog) do def create? true end end end end ``` The `Struct` will be returned and evaluated as any other policy.
2012-12-13 18:20:12 -05:00
end
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
describe ".policy!" do
it "returns an instantiated policy given a plain model instance" do
policy = Pundit.policy!(user, post)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.post).to eq post
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "returns an instantiated policy given an active model instance" do
policy = Pundit.policy!(user, comment)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.comment).to eq comment
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "returns an instantiated policy given a plain model class" do
policy = Pundit.policy!(user, Post)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.post).to eq Post
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "returns an instantiated policy given an active model class" do
policy = Pundit.policy!(user, Comment)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.comment).to eq Comment
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
Enable headless policies Enables `policy(:dashboard) # => DashboardPolicy`. Policies without a matching model can come in handy when a controller isn't modeled alongside a resource, e.g. a `DashboardsController`. The policy lookup by symbol also helps with strong parameters, since I prefer `policy(:post)` or `policy(@post || :post)` over `policy(@post || Post)`.
2014-07-13 06:34:09 -04:00
it "returns an instantiated policy given a symbol" do
policy = Pundit.policy!(user, :dashboard)
expect(policy.class).to eq DashboardPolicy
expect(policy.user).to eq user
expect(policy.dashboard).to eq :dashboard
end
Add specs and dependencies
2012-11-19 07:02:42 -05:00
it "throws an exception if the given policy can't be found" do
expect { Pundit.policy!(user, article) }.to raise_error(Pundit::NotDefinedError)
expect { Pundit.policy!(user, Article) }.to raise_error(Pundit::NotDefinedError)
end
end
describe "#verify_authorized" do
it "does nothing when authorized" do
controller.authorize(post)
controller.verify_authorized
end
it "raises an exception when not authorized" do
Raise a different error when authorization is not performed closes #108
2014-02-14 07:57:13 -05:00
expect { controller.verify_authorized }.to raise_error(Pundit::AuthorizationNotPerformedError)
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
end
Add #verify_policy_scoped for controller usage. See the readme changes for an example. In short, this behaves like verify_authorized but is useful for actions that find a collection (like index) and don't authorize instances.
2013-04-18 01:05:24 -04:00
describe "#verify_policy_scoped" do
it "does nothing when policy_scope is used" do
controller.policy_scope(Post)
controller.verify_policy_scoped
end
it "raises an exception when policy_scope is not used" do
Raise more description exception for verify_policy_scoped * The AuthorizationNotPerformedError is very descriptive of the situation when authorization is forgotten. In the case of no scoping, it can be a head scratcher. * This new error type is implemented as a subclass of the current error type to prevent regressions in existing code. While this is not ideal, it is the simplest solution I could come up with for compatibility.
2014-07-07 21:50:22 -04:00
expect { controller.verify_policy_scoped }.to raise_error(Pundit::PolicyScopingNotPerformedError)
Add #verify_policy_scoped for controller usage. See the readme changes for an example. In short, this behaves like verify_authorized but is useful for actions that find a collection (like index) and don't authorize instances.
2013-04-18 01:05:24 -04:00
end
end
Add specs and dependencies
2012-11-19 07:02:42 -05:00
describe "#authorize" do
it "infers the policy name and authorized based on it" do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(controller.authorize(post)).to be_truthy
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "can be given a different permission to check" do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(controller.authorize(post, :show?)).to be_truthy
Add specs and dependencies
2012-11-19 07:02:42 -05:00
expect { controller.authorize(post, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
end
Improvements on `.policy_class` support The `BlogPolicy -> "BlogPolicy" -> "Blog" -> "BlogPolicy" -> BlogPolicy` issue @jnicklas pointed out has been resolved. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class BlogPolicy end end ``` The above string manipulation/casting is prevented; the `BlogPolicy` class will be immediately returned to `policy` and on to be evaluated. Anonymous classes are now supported too. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class Struct.new(:user, :blog) do def create? true end end end end ``` The `Struct` will be returned and evaluated as any other policy.
2012-12-13 18:20:12 -05:00
it "works with anonymous class policies" do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(controller.authorize(article_tag, :show?)).to be_truthy
Improvements on `.policy_class` support The `BlogPolicy -> "BlogPolicy" -> "Blog" -> "BlogPolicy" -> BlogPolicy` issue @jnicklas pointed out has been resolved. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class BlogPolicy end end ``` The above string manipulation/casting is prevented; the `BlogPolicy` class will be immediately returned to `policy` and on to be evaluated. Anonymous classes are now supported too. For example, given ```ruby class BlogPolicy < Struct.new(:user, :blog); end class Blog; end class ArtificialBlog < Blog def self.policy_class Struct.new(:user, :blog) do def create? true end end end end ``` The `Struct` will be returned and evaluated as any other policy.
2012-12-13 18:20:12 -05:00
expect { controller.authorize(article_tag, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
end
Add specs and dependencies
2012-11-19 07:02:42 -05:00
it "raises an error when the permission check fails" do
expect { controller.authorize(Post.new) }.to raise_error(Pundit::NotAuthorizedError)
end
Add #query, #record, and #policy properties to Pundit::NotAuthorizedError. Exceptions raised by #authorize now provide the query (e.g. 'create?') and record (e.g. an instance of 'Post') that caused the exception to be raised, as well as the relevant policy (e.g. an instance of 'PostPolicy'). NotAuthorizedError is modified to continue to inherit from StandardError, but now also has attr_accessor values for :query, :record, and :policy.
2014-02-25 21:54:22 -05:00
it "raises an error with a query and action" do
expect { controller.authorize(post, :destroy?) }.to raise_error do |error|
expect(error.query).to eq :destroy?
expect(error.record).to eq post
expect(error.policy).to eq controller.policy(post)
end
end
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
Custom pundit user
2013-07-12 23:42:34 -04:00
describe "#pundit_user" do
it 'returns the same thing as current_user' do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(controller.pundit_user).to eq controller.current_user
Custom pundit user
2013-07-12 23:42:34 -04:00
end
end
Add specs and dependencies
2012-11-19 07:02:42 -05:00
describe ".policy" do
it "returns an instantiated policy" do
policy = controller.policy(post)
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(policy.user).to eq user
expect(policy.post).to eq post
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "throws an exception if the given policy can't be found" do
expect { controller.policy(article) }.to raise_error(Pundit::NotDefinedError)
end
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post ||= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests.
2013-08-11 20:38:50 -04:00
it "allows policy to be injected" do
new_policy = OpenStruct.new
controller.policy = new_policy
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(controller.policy(post)).to eq new_policy
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post ||= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests.
2013-08-11 20:38:50 -04:00
end
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
describe ".policy_scope" do
it "returns an instantiated policy scope" do
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(controller.policy_scope(Post)).to eq :published
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
it "throws an exception if the given policy can't be found" do
expect { controller.policy_scope(Article) }.to raise_error(Pundit::NotDefinedError)
end
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post ||= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests.
2013-08-11 20:38:50 -04:00
it "allows policy_scope to be injected" do
new_scope = OpenStruct.new
controller.policy_scope = new_scope
- Updated gemspec to use RSpec 3 - Updated tests to match new expect syntax
2014-02-08 07:19:24 -05:00
expect(controller.policy_scope(post)).to eq new_scope
Allow policies and scopes to be injected into controllers. In controller specs instead of relying on Pundit to instantiate the correct policy object allow it to be injected into the controller. More often than not a double is used in controller specs which means the policy cannot be inferred. This also allows us to double the policy to ensure that on a unit level the rights methods are being called on callaborators. class PostsController < ApplicationController attr_writer :post helper_method :post def create authorize post post.save respond_with post end private def post @post ||= Post.new post_attributes end end describe PagesController do let(:policy) { double 'SomePolicy', create?: true } before do controller.policy = policy end it 'delegates authorization to policy' do expect(policy).to have_received(:create?) end end Add spec for injecting policy. Use `or` instead of ternary operator. Allow policy_scope to be injected for controller tests.
2013-08-11 20:38:50 -04:00
end
Add specs and dependencies
2012-11-19 07:02:42 -05:00
end
end
Copy permalink