getting all specs passing again
This commit is contained in:
parent
98ed39264e
commit
3a825ed0d1
|
@ -207,7 +207,7 @@ module CanCan
|
||||||
|
|
||||||
def model_adapter(model_class, action)
|
def model_adapter(model_class, action)
|
||||||
adapter_class = ModelAdapters::AbstractAdapter.adapter_class(model_class)
|
adapter_class = ModelAdapters::AbstractAdapter.adapter_class(model_class)
|
||||||
adapter_class.new(model_class, relevant_rules_for_query(action, model_class))
|
adapter_class.new(model_class, relevant_rules_for_query(action, model_class.to_s.underscore.pluralize.to_sym))
|
||||||
end
|
end
|
||||||
|
|
||||||
# See ControllerAdditions#authorize! for documentation.
|
# See ControllerAdditions#authorize! for documentation.
|
||||||
|
@ -249,7 +249,7 @@ module CanCan
|
||||||
private
|
private
|
||||||
|
|
||||||
def unauthorized_message_keys(action, subject)
|
def unauthorized_message_keys(action, subject)
|
||||||
subject = (subject.kind_of?(Symbol) ? subject.to_s : subject.class.to_s.underscore.humanize.downcase.pluralize)
|
subject = (subject.kind_of?(Symbol) ? subject.to_s : subject.class.to_s.underscore.pluralize)
|
||||||
[aliases_for(:subjects, subject.to_sym), :all].flatten.map do |try_subject|
|
[aliases_for(:subjects, subject.to_sym), :all].flatten.map do |try_subject|
|
||||||
[aliases_for(:actions, action.to_sym), :access].flatten.map do |try_action|
|
[aliases_for(:actions, action.to_sym), :access].flatten.map do |try_action|
|
||||||
:"#{try_action}.#{try_subject}"
|
:"#{try_action}.#{try_subject}"
|
||||||
|
|
|
@ -38,7 +38,7 @@ module CanCan
|
||||||
|
|
||||||
def authorize_resource
|
def authorize_resource
|
||||||
unless skip?(:authorize)
|
unless skip?(:authorize)
|
||||||
@controller.authorize!(authorization_action, resource_instance || resource_class_with_parent)
|
@controller.authorize!(authorization_action, resource_instance || subject_name_with_parent)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ module CanCan
|
||||||
end
|
end
|
||||||
|
|
||||||
def load_collection?
|
def load_collection?
|
||||||
resource_base.respond_to?(:accessible_by) && !current_ability.has_block?(authorization_action, resource_class)
|
resource_base.respond_to?(:accessible_by) && !current_ability.has_block?(authorization_action, subject_name)
|
||||||
end
|
end
|
||||||
|
|
||||||
def load_collection
|
def load_collection
|
||||||
|
@ -91,7 +91,7 @@ module CanCan
|
||||||
end
|
end
|
||||||
|
|
||||||
def initial_attributes
|
def initial_attributes
|
||||||
current_ability.attributes_for(@params[:action].to_sym, resource_class).delete_if do |key, value|
|
current_ability.attributes_for(@params[:action].to_sym, subject_name).delete_if do |key, value|
|
||||||
@params[name] && @params[name].include?(key)
|
@params[name] && @params[name].include?(key)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
@ -128,8 +128,12 @@ module CanCan
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def resource_class_with_parent
|
def subject_name
|
||||||
parent_resource ? {parent_resource => resource_class} : resource_class
|
resource_class.to_s.underscore.pluralize.to_sym
|
||||||
|
end
|
||||||
|
|
||||||
|
def subject_name_with_parent
|
||||||
|
parent_resource ? {parent_resource => subject_name} : subject_name
|
||||||
end
|
end
|
||||||
|
|
||||||
def resource_instance=(instance)
|
def resource_instance=(instance)
|
||||||
|
|
|
@ -20,7 +20,9 @@ module CanCan
|
||||||
@model_class.where(:_id => {'$exists' => false, '$type' => 7}) # return no records in Mongoid
|
@model_class.where(:_id => {'$exists' => false, '$type' => 7}) # return no records in Mongoid
|
||||||
else
|
else
|
||||||
@rules.inject(@model_class.all) do |records, rule|
|
@rules.inject(@model_class.all) do |records, rule|
|
||||||
if rule.base_behavior
|
if rule.conditions.empty?
|
||||||
|
records
|
||||||
|
elsif rule.base_behavior
|
||||||
records.or(rule.conditions)
|
records.or(rule.conditions)
|
||||||
else
|
else
|
||||||
records.excludes(rule.conditions)
|
records.excludes(rule.conditions)
|
||||||
|
|
|
@ -139,7 +139,7 @@ module CanCan
|
||||||
end
|
end
|
||||||
|
|
||||||
def subject_name(subject)
|
def subject_name(subject)
|
||||||
subject.class.to_s.underscore.humanize.downcase.pluralize.to_sym
|
subject.class.to_s.underscore.pluralize.to_sym
|
||||||
end
|
end
|
||||||
|
|
||||||
def model_adapter(subject)
|
def model_adapter(subject)
|
||||||
|
|
|
@ -269,7 +269,7 @@ describe CanCan::Ability do
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
# Determining Conditions
|
# Determining Kind of Conditions
|
||||||
|
|
||||||
it "knows when a block is used for conditions" do
|
it "knows when a block is used for conditions" do
|
||||||
@ability.can :read, :books
|
@ability.can :read, :books
|
||||||
|
@ -288,7 +288,6 @@ describe CanCan::Ability do
|
||||||
end
|
end
|
||||||
|
|
||||||
it "determines model adapter class by asking AbstractAdapter" do
|
it "determines model adapter class by asking AbstractAdapter" do
|
||||||
pending
|
|
||||||
model_class = Object.new
|
model_class = Object.new
|
||||||
adapter_class = Object.new
|
adapter_class = Object.new
|
||||||
stub(CanCan::ModelAdapters::AbstractAdapter).adapter_class(model_class) { adapter_class }
|
stub(CanCan::ModelAdapters::AbstractAdapter).adapter_class(model_class) { adapter_class }
|
||||||
|
|
|
@ -52,7 +52,7 @@ describe CanCan::ControllerResource do
|
||||||
|
|
||||||
it "should build a new resource with attributes from current ability" do
|
it "should build a new resource with attributes from current ability" do
|
||||||
@params.merge!(:action => "new")
|
@params.merge!(:action => "new")
|
||||||
@ability.can(:create, Project, :name => "from conditions")
|
@ability.can(:create, :projects, :name => "from conditions")
|
||||||
resource = CanCan::ControllerResource.new(@controller)
|
resource = CanCan::ControllerResource.new(@controller)
|
||||||
resource.load_resource
|
resource.load_resource
|
||||||
@controller.instance_variable_get(:@project).name.should == "from conditions"
|
@controller.instance_variable_get(:@project).name.should == "from conditions"
|
||||||
|
@ -60,7 +60,7 @@ describe CanCan::ControllerResource do
|
||||||
|
|
||||||
it "should override initial attributes with params" do
|
it "should override initial attributes with params" do
|
||||||
@params.merge!(:action => "new", :project => {:name => "from params"})
|
@params.merge!(:action => "new", :project => {:name => "from params"})
|
||||||
@ability.can(:create, Project, :name => "from conditions")
|
@ability.can(:create, :projects, :name => "from conditions")
|
||||||
resource = CanCan::ControllerResource.new(@controller)
|
resource = CanCan::ControllerResource.new(@controller)
|
||||||
resource.load_resource
|
resource.load_resource
|
||||||
@controller.instance_variable_get(:@project).name.should == "from params"
|
@controller.instance_variable_get(:@project).name.should == "from params"
|
||||||
|
@ -86,7 +86,7 @@ describe CanCan::ControllerResource do
|
||||||
it "should not use accessible_by when defining abilities through a block" do
|
it "should not use accessible_by when defining abilities through a block" do
|
||||||
stub(Project).accessible_by(@ability) { :found_projects }
|
stub(Project).accessible_by(@ability) { :found_projects }
|
||||||
@params[:action] = "index"
|
@params[:action] = "index"
|
||||||
@ability.can(:read, Project) { |p| false }
|
@ability.can(:read, :projects) { |p| false }
|
||||||
resource = CanCan::ControllerResource.new(@controller)
|
resource = CanCan::ControllerResource.new(@controller)
|
||||||
resource.load_resource
|
resource.load_resource
|
||||||
@controller.instance_variable_get(:@project).should be_nil
|
@controller.instance_variable_get(:@project).should be_nil
|
||||||
|
@ -96,7 +96,7 @@ describe CanCan::ControllerResource do
|
||||||
it "should not authorize single resource in collection action" do
|
it "should not authorize single resource in collection action" do
|
||||||
@params[:action] = "index"
|
@params[:action] = "index"
|
||||||
@controller.instance_variable_set(:@project, :some_project)
|
@controller.instance_variable_set(:@project, :some_project)
|
||||||
stub(@controller).authorize!(:index, Project) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:index, :projects) { raise CanCan::AccessDenied }
|
||||||
resource = CanCan::ControllerResource.new(@controller)
|
resource = CanCan::ControllerResource.new(@controller)
|
||||||
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
||||||
end
|
end
|
||||||
|
@ -119,7 +119,7 @@ describe CanCan::ControllerResource do
|
||||||
|
|
||||||
it "should perform authorization using controller action and non loaded model" do
|
it "should perform authorization using controller action and non loaded model" do
|
||||||
@params.merge!(:action => "show", :id => 123)
|
@params.merge!(:action => "show", :id => 123)
|
||||||
stub(@controller).authorize!(:show, Project) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:show, :projects) { raise CanCan::AccessDenied }
|
||||||
resource = CanCan::ControllerResource.new(@controller)
|
resource = CanCan::ControllerResource.new(@controller)
|
||||||
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
||||||
end
|
end
|
||||||
|
@ -243,7 +243,7 @@ describe CanCan::ControllerResource do
|
||||||
@params.merge!(:action => "index")
|
@params.merge!(:action => "index")
|
||||||
category = Object.new
|
category = Object.new
|
||||||
@controller.instance_variable_set(:@category, category)
|
@controller.instance_variable_set(:@category, category)
|
||||||
stub(@controller).authorize!(:index, category => Project) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:index, category => :projects) { raise CanCan::AccessDenied }
|
||||||
resource = CanCan::ControllerResource.new(@controller, :through => :category)
|
resource = CanCan::ControllerResource.new(@controller, :through => :category)
|
||||||
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
||||||
end
|
end
|
||||||
|
@ -311,7 +311,7 @@ describe CanCan::ControllerResource do
|
||||||
|
|
||||||
it "should authorize based on resource name if class is false" do
|
it "should authorize based on resource name if class is false" do
|
||||||
@params.merge!(:action => "show", :id => 123)
|
@params.merge!(:action => "show", :id => 123)
|
||||||
stub(@controller).authorize!(:show, :project) { raise CanCan::AccessDenied }
|
stub(@controller).authorize!(:show, :projects) { raise CanCan::AccessDenied }
|
||||||
resource = CanCan::ControllerResource.new(@controller, :class => false)
|
resource = CanCan::ControllerResource.new(@controller, :class => false)
|
||||||
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
lambda { resource.authorize_resource }.should raise_error(CanCan::AccessDenied)
|
||||||
end
|
end
|
||||||
|
|
|
@ -62,21 +62,21 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should fetch all articles when one can read all" do
|
it "should fetch all articles when one can read all" do
|
||||||
@ability.can :read, Article
|
@ability.can :read, :articles
|
||||||
article = Article.create!
|
article = Article.create!
|
||||||
Article.accessible_by(@ability).should == [article]
|
Article.accessible_by(@ability).should == [article]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should fetch only the articles that are published" do
|
it "should fetch only the articles that are published" do
|
||||||
@ability.can :read, Article, :published => true
|
@ability.can :read, :articles, :published => true
|
||||||
article1 = Article.create!(:published => true)
|
article1 = Article.create!(:published => true)
|
||||||
article2 = Article.create!(:published => false)
|
article2 = Article.create!(:published => false)
|
||||||
Article.accessible_by(@ability).should == [article1]
|
Article.accessible_by(@ability).should == [article1]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should fetch any articles which are published or secret" do
|
it "should fetch any articles which are published or secret" do
|
||||||
@ability.can :read, Article, :published => true
|
@ability.can :read, :articles, :published => true
|
||||||
@ability.can :read, Article, :secret => true
|
@ability.can :read, :articles, :secret => true
|
||||||
article1 = Article.create!(:published => true, :secret => false)
|
article1 = Article.create!(:published => true, :secret => false)
|
||||||
article2 = Article.create!(:published => true, :secret => true)
|
article2 = Article.create!(:published => true, :secret => true)
|
||||||
article3 = Article.create!(:published => false, :secret => true)
|
article3 = Article.create!(:published => false, :secret => true)
|
||||||
|
@ -85,8 +85,8 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should fetch only the articles that are published and not secret" do
|
it "should fetch only the articles that are published and not secret" do
|
||||||
@ability.can :read, Article, :published => true
|
@ability.can :read, :articles, :published => true
|
||||||
@ability.cannot :read, Article, :secret => true
|
@ability.cannot :read, :articles, :secret => true
|
||||||
article1 = Article.create!(:published => true, :secret => false)
|
article1 = Article.create!(:published => true, :secret => false)
|
||||||
article2 = Article.create!(:published => true, :secret => true)
|
article2 = Article.create!(:published => true, :secret => true)
|
||||||
article3 = Article.create!(:published => false, :secret => true)
|
article3 = Article.create!(:published => false, :secret => true)
|
||||||
|
@ -95,22 +95,22 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should only read comments for articles which are published" do
|
it "should only read comments for articles which are published" do
|
||||||
@ability.can :read, Comment, :article => { :published => true }
|
@ability.can :read, :comments, :article => { :published => true }
|
||||||
comment1 = Comment.create!(:article => Article.create!(:published => true))
|
comment1 = Comment.create!(:article => Article.create!(:published => true))
|
||||||
comment2 = Comment.create!(:article => Article.create!(:published => false))
|
comment2 = Comment.create!(:article => Article.create!(:published => false))
|
||||||
Comment.accessible_by(@ability).should == [comment1]
|
Comment.accessible_by(@ability).should == [comment1]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should only read comments for visible categories through articles" do
|
it "should only read comments for visible categories through articles" do
|
||||||
@ability.can :read, Comment, :article => { :category => { :visible => true } }
|
@ability.can :read, :comments, :article => { :category => { :visible => true } }
|
||||||
comment1 = Comment.create!(:article => Article.create!(:category => Category.create!(:visible => true)))
|
comment1 = Comment.create!(:article => Article.create!(:category => Category.create!(:visible => true)))
|
||||||
comment2 = Comment.create!(:article => Article.create!(:category => Category.create!(:visible => false)))
|
comment2 = Comment.create!(:article => Article.create!(:category => Category.create!(:visible => false)))
|
||||||
Comment.accessible_by(@ability).should == [comment1]
|
Comment.accessible_by(@ability).should == [comment1]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should allow conditions in SQL and merge with hash conditions" do
|
it "should allow conditions in SQL and merge with hash conditions" do
|
||||||
@ability.can :read, Article, :published => true
|
@ability.can :read, :articles, :published => true
|
||||||
@ability.can :read, Article, ["secret=?", true]
|
@ability.can :read, :articles, ["secret=?", true]
|
||||||
article1 = Article.create!(:published => true, :secret => false)
|
article1 = Article.create!(:published => true, :secret => false)
|
||||||
article2 = Article.create!(:published => true, :secret => true)
|
article2 = Article.create!(:published => true, :secret => true)
|
||||||
article3 = Article.create!(:published => false, :secret => true)
|
article3 = Article.create!(:published => false, :secret => true)
|
||||||
|
@ -119,27 +119,27 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should allow a scope for conditions" do
|
it "should allow a scope for conditions" do
|
||||||
@ability.can :read, Article, Article.where(:secret => true)
|
@ability.can :read, :articles, Article.where(:secret => true)
|
||||||
article1 = Article.create!(:secret => true)
|
article1 = Article.create!(:secret => true)
|
||||||
article2 = Article.create!(:secret => false)
|
article2 = Article.create!(:secret => false)
|
||||||
Article.accessible_by(@ability).should == [article1]
|
Article.accessible_by(@ability).should == [article1]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should raise an exception when trying to merge scope with other conditions" do
|
it "should raise an exception when trying to merge scope with other conditions" do
|
||||||
@ability.can :read, Article, :published => true
|
@ability.can :read, :articles, :published => true
|
||||||
@ability.can :read, Article, Article.where(:secret => true)
|
@ability.can :read, :articles, Article.where(:secret => true)
|
||||||
lambda { Article.accessible_by(@ability) }.should raise_error(CanCan::Error, "Unable to merge an Active Record scope with other conditions. Instead use a hash or SQL for read Article ability.")
|
lambda { Article.accessible_by(@ability) }.should raise_error(CanCan::Error, "Unable to merge an Active Record scope with other conditions. Instead use a hash or SQL for read articles ability.")
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should not allow to fetch records when ability with just block present" do
|
it "should not allow to fetch records when ability with just block present" do
|
||||||
@ability.can :read, Article do
|
@ability.can :read, :articles do
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
lambda { Article.accessible_by(@ability) }.should raise_error(CanCan::Error)
|
lambda { Article.accessible_by(@ability) }.should raise_error(CanCan::Error)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should not allow to check ability on object against SQL conditions without block" do
|
it "should not allow to check ability on object against SQL conditions without block" do
|
||||||
@ability.can :read, Article, ["secret=?", true]
|
@ability.can :read, :articles, ["secret=?", true]
|
||||||
lambda { @ability.can? :read, Article.new }.should raise_error(CanCan::Error)
|
lambda { @ability.can? :read, Article.new }.should raise_error(CanCan::Error)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -148,47 +148,47 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should return false conditions for cannot clause" do
|
it "should return false conditions for cannot clause" do
|
||||||
@ability.cannot :read, Article
|
@ability.cannot :read, :articles
|
||||||
@ability.model_adapter(Article, :read).conditions.should == "'t'='f'"
|
@ability.model_adapter(Article, :read).conditions.should == "'t'='f'"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should return SQL for single `can` definition in front of default `cannot` condition" do
|
it "should return SQL for single `can` definition in front of default `cannot` condition" do
|
||||||
@ability.cannot :read, Article
|
@ability.cannot :read, :articles
|
||||||
@ability.can :read, Article, :published => false, :secret => true
|
@ability.can :read, :articles, :published => false, :secret => true
|
||||||
@ability.model_adapter(Article, :read).conditions.should orderlessly_match(%Q["#{@article_table}"."published" = 'f' AND "#{@article_table}"."secret" = 't'])
|
@ability.model_adapter(Article, :read).conditions.should orderlessly_match(%Q["#{@article_table}"."published" = 'f' AND "#{@article_table}"."secret" = 't'])
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should return true condition for single `can` definition in front of default `can` condition" do
|
it "should return true condition for single `can` definition in front of default `can` condition" do
|
||||||
@ability.can :read, Article
|
@ability.can :read, :articles
|
||||||
@ability.can :read, Article, :published => false, :secret => true
|
@ability.can :read, :articles, :published => false, :secret => true
|
||||||
@ability.model_adapter(Article, :read).conditions.should == "'t'='t'"
|
@ability.model_adapter(Article, :read).conditions.should == "'t'='t'"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should return `false condition` for single `cannot` definition in front of default `cannot` condition" do
|
it "should return `false condition` for single `cannot` definition in front of default `cannot` condition" do
|
||||||
@ability.cannot :read, Article
|
@ability.cannot :read, :articles
|
||||||
@ability.cannot :read, Article, :published => false, :secret => true
|
@ability.cannot :read, :articles, :published => false, :secret => true
|
||||||
@ability.model_adapter(Article, :read).conditions.should == "'t'='f'"
|
@ability.model_adapter(Article, :read).conditions.should == "'t'='f'"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should return `not (sql)` for single `cannot` definition in front of default `can` condition" do
|
it "should return `not (sql)` for single `cannot` definition in front of default `can` condition" do
|
||||||
@ability.can :read, Article
|
@ability.can :read, :articles
|
||||||
@ability.cannot :read, Article, :published => false, :secret => true
|
@ability.cannot :read, :articles, :published => false, :secret => true
|
||||||
@ability.model_adapter(Article, :read).conditions.should orderlessly_match(%Q["not (#{@article_table}"."published" = 'f' AND "#{@article_table}"."secret" = 't')])
|
@ability.model_adapter(Article, :read).conditions.should orderlessly_match(%Q["not (#{@article_table}"."published" = 'f' AND "#{@article_table}"."secret" = 't')])
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should return appropriate sql conditions in complex case" do
|
it "should return appropriate sql conditions in complex case" do
|
||||||
@ability.can :read, Article
|
@ability.can :read, :articles
|
||||||
@ability.can :manage, Article, :id => 1
|
@ability.can :access, :articles, :id => 1
|
||||||
@ability.can :update, Article, :published => true
|
@ability.can :update, :articles, :published => true
|
||||||
@ability.cannot :update, Article, :secret => true
|
@ability.cannot :update, :articles, :secret => true
|
||||||
@ability.model_adapter(Article, :update).conditions.should == %Q[not ("#{@article_table}"."secret" = 't') AND (("#{@article_table}"."published" = 't') OR ("#{@article_table}"."id" = 1))]
|
@ability.model_adapter(Article, :update).conditions.should == %Q[not ("#{@article_table}"."secret" = 't') AND (("#{@article_table}"."published" = 't') OR ("#{@article_table}"."id" = 1))]
|
||||||
@ability.model_adapter(Article, :manage).conditions.should == {:id => 1}
|
@ability.model_adapter(Article, :access).conditions.should == {:id => 1}
|
||||||
@ability.model_adapter(Article, :read).conditions.should == "'t'='t'"
|
@ability.model_adapter(Article, :read).conditions.should == "'t'='t'"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should not forget conditions when calling with SQL string" do
|
it "should not forget conditions when calling with SQL string" do
|
||||||
@ability.can :read, Article, :published => true
|
@ability.can :read, :articles, :published => true
|
||||||
@ability.can :read, Article, ['secret=?', false]
|
@ability.can :read, :articles, ['secret=?', false]
|
||||||
adapter = @ability.model_adapter(Article, :read)
|
adapter = @ability.model_adapter(Article, :read)
|
||||||
2.times do
|
2.times do
|
||||||
adapter.conditions.should == %Q[(secret='f') OR ("#{@article_table}"."published" = 't')]
|
adapter.conditions.should == %Q[(secret='f') OR ("#{@article_table}"."published" = 't')]
|
||||||
|
@ -200,25 +200,25 @@ if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should have nil joins if no nested hashes specified in conditions" do
|
it "should have nil joins if no nested hashes specified in conditions" do
|
||||||
@ability.can :read, Article, :published => false
|
@ability.can :read, :articles, :published => false
|
||||||
@ability.can :read, Article, :secret => true
|
@ability.can :read, :articles, :secret => true
|
||||||
@ability.model_adapter(Article, :read).joins.should be_nil
|
@ability.model_adapter(Article, :read).joins.should be_nil
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should merge separate joins into a single array" do
|
it "should merge separate joins into a single array" do
|
||||||
@ability.can :read, Article, :project => { :blocked => false }
|
@ability.can :read, :articles, :project => { :blocked => false }
|
||||||
@ability.can :read, Article, :company => { :admin => true }
|
@ability.can :read, :articles, :company => { :admin => true }
|
||||||
@ability.model_adapter(Article, :read).joins.inspect.should orderlessly_match([:company, :project].inspect)
|
@ability.model_adapter(Article, :read).joins.inspect.should orderlessly_match([:company, :project].inspect)
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should merge same joins into a single array" do
|
it "should merge same joins into a single array" do
|
||||||
@ability.can :read, Article, :project => { :blocked => false }
|
@ability.can :read, :articles, :project => { :blocked => false }
|
||||||
@ability.can :read, Article, :project => { :admin => true }
|
@ability.can :read, :articles, :project => { :admin => true }
|
||||||
@ability.model_adapter(Article, :read).joins.should == [:project]
|
@ability.model_adapter(Article, :read).joins.should == [:project]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should restrict articles given a MetaWhere condition" do
|
it "should restrict articles given a MetaWhere condition" do
|
||||||
@ability.can :read, Article, :priority.lt => 2
|
@ability.can :read, :articles, :priority.lt => 2
|
||||||
article1 = Article.create!(:priority => 1)
|
article1 = Article.create!(:priority => 1)
|
||||||
article2 = Article.create!(:priority => 3)
|
article2 = Article.create!(:priority => 3)
|
||||||
Article.accessible_by(@ability).should == [article1]
|
Article.accessible_by(@ability).should == [article1]
|
||||||
|
|
|
@ -42,21 +42,21 @@ if ENV["MODEL_ADAPTER"] == "data_mapper"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should fetch all articles when one can read all" do
|
it "should fetch all articles when one can read all" do
|
||||||
@ability.can :read, Article
|
@ability.can :read, :articles
|
||||||
article = Article.create
|
article = Article.create
|
||||||
Article.accessible_by(@ability).should == [article]
|
Article.accessible_by(@ability).should == [article]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should fetch only the articles that are published" do
|
it "should fetch only the articles that are published" do
|
||||||
@ability.can :read, Article, :published => true
|
@ability.can :read, :articles, :published => true
|
||||||
article1 = Article.create(:published => true)
|
article1 = Article.create(:published => true)
|
||||||
article2 = Article.create(:published => false)
|
article2 = Article.create(:published => false)
|
||||||
Article.accessible_by(@ability).should == [article1]
|
Article.accessible_by(@ability).should == [article1]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should fetch any articles which are published or secret" do
|
it "should fetch any articles which are published or secret" do
|
||||||
@ability.can :read, Article, :published => true
|
@ability.can :read, :articles, :published => true
|
||||||
@ability.can :read, Article, :secret => true
|
@ability.can :read, :articles, :secret => true
|
||||||
article1 = Article.create(:published => true, :secret => false)
|
article1 = Article.create(:published => true, :secret => false)
|
||||||
article2 = Article.create(:published => true, :secret => true)
|
article2 = Article.create(:published => true, :secret => true)
|
||||||
article3 = Article.create(:published => false, :secret => true)
|
article3 = Article.create(:published => false, :secret => true)
|
||||||
|
@ -66,8 +66,8 @@ if ENV["MODEL_ADAPTER"] == "data_mapper"
|
||||||
|
|
||||||
it "should fetch only the articles that are published and not secret" do
|
it "should fetch only the articles that are published and not secret" do
|
||||||
pending "the `cannot` may require some custom SQL, maybe abstract out from Active Record adapter"
|
pending "the `cannot` may require some custom SQL, maybe abstract out from Active Record adapter"
|
||||||
@ability.can :read, Article, :published => true
|
@ability.can :read, :articles, :published => true
|
||||||
@ability.cannot :read, Article, :secret => true
|
@ability.cannot :read, :articles, :secret => true
|
||||||
article1 = Article.create(:published => true, :secret => false)
|
article1 = Article.create(:published => true, :secret => false)
|
||||||
article2 = Article.create(:published => true, :secret => true)
|
article2 = Article.create(:published => true, :secret => true)
|
||||||
article3 = Article.create(:published => false, :secret => true)
|
article3 = Article.create(:published => false, :secret => true)
|
||||||
|
@ -76,22 +76,22 @@ if ENV["MODEL_ADAPTER"] == "data_mapper"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should only read comments for articles which are published" do
|
it "should only read comments for articles which are published" do
|
||||||
@ability.can :read, Comment, :article => { :published => true }
|
@ability.can :read, :comments, :article => { :published => true }
|
||||||
comment1 = Comment.create(:article => Article.create!(:published => true))
|
comment1 = Comment.create(:article => Article.create!(:published => true))
|
||||||
comment2 = Comment.create(:article => Article.create!(:published => false))
|
comment2 = Comment.create(:article => Article.create!(:published => false))
|
||||||
Comment.accessible_by(@ability).should == [comment1]
|
Comment.accessible_by(@ability).should == [comment1]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should allow conditions in SQL and merge with hash conditions" do
|
it "should allow conditions in SQL and merge with hash conditions" do
|
||||||
@ability.can :read, Article, :published => true
|
@ability.can :read, :articles, :published => true
|
||||||
@ability.can :read, Article, ["secret=?", true]
|
@ability.can :read, :articles, ["secret=?", true]
|
||||||
article1 = Article.create(:published => true, :secret => false)
|
article1 = Article.create(:published => true, :secret => false)
|
||||||
article4 = Article.create(:published => false, :secret => false)
|
article4 = Article.create(:published => false, :secret => false)
|
||||||
Article.accessible_by(@ability).should == [article1]
|
Article.accessible_by(@ability).should == [article1]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should match gt comparison" do
|
it "should match gt comparison" do
|
||||||
@ability.can :read, Article, :priority.gt => 3
|
@ability.can :read, :articles, :priority.gt => 3
|
||||||
article1 = Article.create(:priority => 4)
|
article1 = Article.create(:priority => 4)
|
||||||
article2 = Article.create(:priority => 3)
|
article2 = Article.create(:priority => 3)
|
||||||
Article.accessible_by(@ability).should == [article1]
|
Article.accessible_by(@ability).should == [article1]
|
||||||
|
@ -100,7 +100,7 @@ if ENV["MODEL_ADAPTER"] == "data_mapper"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should match gte comparison" do
|
it "should match gte comparison" do
|
||||||
@ability.can :read, Article, :priority.gte => 3
|
@ability.can :read, :articles, :priority.gte => 3
|
||||||
article1 = Article.create(:priority => 4)
|
article1 = Article.create(:priority => 4)
|
||||||
article2 = Article.create(:priority => 3)
|
article2 = Article.create(:priority => 3)
|
||||||
article3 = Article.create(:priority => 2)
|
article3 = Article.create(:priority => 2)
|
||||||
|
|
|
@ -38,7 +38,7 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
|
|
||||||
it "should compare properties on mongoid documents with the conditions hash" do
|
it "should compare properties on mongoid documents with the conditions hash" do
|
||||||
model = MongoidProject.new
|
model = MongoidProject.new
|
||||||
@ability.can :read, MongoidProject, :id => model.id
|
@ability.can :read, :mongoid_projects, :id => model.id
|
||||||
@ability.should be_able_to(:read, model)
|
@ability.should be_able_to(:read, model)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -51,7 +51,7 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should return the correct records based on the defined ability" do
|
it "should return the correct records based on the defined ability" do
|
||||||
@ability.can :read, MongoidProject, :title => "Sir"
|
@ability.can :read, :mongoid_projects, :title => "Sir"
|
||||||
sir = MongoidProject.create(:title => 'Sir')
|
sir = MongoidProject.create(:title => 'Sir')
|
||||||
lord = MongoidProject.create(:title => 'Lord')
|
lord = MongoidProject.create(:title => 'Lord')
|
||||||
dude = MongoidProject.create(:title => 'Dude')
|
dude = MongoidProject.create(:title => 'Dude')
|
||||||
|
@ -59,8 +59,8 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
MongoidProject.accessible_by(@ability, :read).entries.should == [sir]
|
MongoidProject.accessible_by(@ability, :read).entries.should == [sir]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should return everything when the defined ability is manage all" do
|
it "should return everything when the defined ability is access all" do
|
||||||
@ability.can :manage, :all
|
@ability.can :access, :all
|
||||||
sir = MongoidProject.create(:title => 'Sir')
|
sir = MongoidProject.create(:title => 'Sir')
|
||||||
lord = MongoidProject.create(:title => 'Lord')
|
lord = MongoidProject.create(:title => 'Lord')
|
||||||
dude = MongoidProject.create(:title => 'Dude')
|
dude = MongoidProject.create(:title => 'Dude')
|
||||||
|
@ -72,7 +72,7 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
describe "Mongoid::Criteria where clause Symbol extensions using MongoDB expressions" do
|
describe "Mongoid::Criteria where clause Symbol extensions using MongoDB expressions" do
|
||||||
it "should handle :field.in" do
|
it "should handle :field.in" do
|
||||||
obj = MongoidProject.create(:title => 'Sir')
|
obj = MongoidProject.create(:title => 'Sir')
|
||||||
@ability.can :read, MongoidProject, :title.in => ["Sir", "Madam"]
|
@ability.can :read, :mongoid_projects, :title.in => ["Sir", "Madam"]
|
||||||
@ability.can?(:read, obj).should == true
|
@ability.can?(:read, obj).should == true
|
||||||
MongoidProject.accessible_by(@ability, :read).should == [obj]
|
MongoidProject.accessible_by(@ability, :read).should == [obj]
|
||||||
|
|
||||||
|
@ -85,20 +85,20 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
obj = MongoidProject.create(:title => 'Bird')
|
obj = MongoidProject.create(:title => 'Bird')
|
||||||
@conditions = {:title.nin => ["Fork", "Spoon"]}
|
@conditions = {:title.nin => ["Fork", "Spoon"]}
|
||||||
|
|
||||||
@ability.can :read, MongoidProject, @conditions
|
@ability.can :read, :mongoid_projects, @conditions
|
||||||
@ability.should be_able_to(:read, obj)
|
@ability.should be_able_to(:read, obj)
|
||||||
end
|
end
|
||||||
it "Calls the base version if there are no mongoid criteria" do
|
it "Calls the base version if there are no mongoid criteria" do
|
||||||
obj = MongoidProject.new(:title => 'Bird')
|
obj = MongoidProject.new(:title => 'Bird')
|
||||||
@conditions = {:id => obj.id}
|
@conditions = {:id => obj.id}
|
||||||
@ability.can :read, MongoidProject, @conditions
|
@ability.can :read, :mongoid_projects, @conditions
|
||||||
@ability.should be_able_to(:read, obj)
|
@ability.should be_able_to(:read, obj)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should handle :field.nin" do
|
it "should handle :field.nin" do
|
||||||
obj = MongoidProject.create(:title => 'Sir')
|
obj = MongoidProject.create(:title => 'Sir')
|
||||||
@ability.can :read, MongoidProject, :title.nin => ["Lord", "Madam"]
|
@ability.can :read, :mongoid_projects, :title.nin => ["Lord", "Madam"]
|
||||||
@ability.can?(:read, obj).should == true
|
@ability.can?(:read, obj).should == true
|
||||||
MongoidProject.accessible_by(@ability, :read).should == [obj]
|
MongoidProject.accessible_by(@ability, :read).should == [obj]
|
||||||
|
|
||||||
|
@ -108,7 +108,7 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
|
|
||||||
it "should handle :field.size" do
|
it "should handle :field.size" do
|
||||||
obj = MongoidProject.create(:titles => ['Palatin', 'Margrave'])
|
obj = MongoidProject.create(:titles => ['Palatin', 'Margrave'])
|
||||||
@ability.can :read, MongoidProject, :titles.size => 2
|
@ability.can :read, :mongoid_projects, :titles.size => 2
|
||||||
@ability.can?(:read, obj).should == true
|
@ability.can?(:read, obj).should == true
|
||||||
MongoidProject.accessible_by(@ability, :read).should == [obj]
|
MongoidProject.accessible_by(@ability, :read).should == [obj]
|
||||||
|
|
||||||
|
@ -118,7 +118,7 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
|
|
||||||
it "should handle :field.exists" do
|
it "should handle :field.exists" do
|
||||||
obj = MongoidProject.create(:titles => ['Palatin', 'Margrave'])
|
obj = MongoidProject.create(:titles => ['Palatin', 'Margrave'])
|
||||||
@ability.can :read, MongoidProject, :titles.exists => true
|
@ability.can :read, :mongoid_projects, :titles.exists => true
|
||||||
@ability.can?(:read, obj).should == true
|
@ability.can?(:read, obj).should == true
|
||||||
MongoidProject.accessible_by(@ability, :read).should == [obj]
|
MongoidProject.accessible_by(@ability, :read).should == [obj]
|
||||||
|
|
||||||
|
@ -128,7 +128,7 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
|
|
||||||
it "should handle :field.gt" do
|
it "should handle :field.gt" do
|
||||||
obj = MongoidProject.create(:age => 50)
|
obj = MongoidProject.create(:age => 50)
|
||||||
@ability.can :read, MongoidProject, :age.gt => 45
|
@ability.can :read, :mongoid_projects, :age.gt => 45
|
||||||
@ability.can?(:read, obj).should == true
|
@ability.can?(:read, obj).should == true
|
||||||
MongoidProject.accessible_by(@ability, :read).should == [obj]
|
MongoidProject.accessible_by(@ability, :read).should == [obj]
|
||||||
|
|
||||||
|
@ -138,7 +138,7 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
|
|
||||||
it "should handle instance not saved to database" do
|
it "should handle instance not saved to database" do
|
||||||
obj = MongoidProject.new(:title => 'Sir')
|
obj = MongoidProject.new(:title => 'Sir')
|
||||||
@ability.can :read, MongoidProject, :title.in => ["Sir", "Madam"]
|
@ability.can :read, :mongoid_projects, :title.in => ["Sir", "Madam"]
|
||||||
@ability.can?(:read, obj).should == true
|
@ability.can?(:read, obj).should == true
|
||||||
|
|
||||||
# accessible_by only returns saved records
|
# accessible_by only returns saved records
|
||||||
|
@ -151,15 +151,15 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
|
|
||||||
it "should call where with matching ability conditions" do
|
it "should call where with matching ability conditions" do
|
||||||
obj = MongoidProject.create(:foo => {:bar => 1})
|
obj = MongoidProject.create(:foo => {:bar => 1})
|
||||||
@ability.can :read, MongoidProject, :foo => {:bar => 1}
|
@ability.can :read, :mongoid_projects, :foo => {:bar => 1}
|
||||||
MongoidProject.accessible_by(@ability, :read).entries.first.should == obj
|
MongoidProject.accessible_by(@ability, :read).entries.first.should == obj
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should exclude from the result if set to cannot" do
|
it "should exclude from the result if set to cannot" do
|
||||||
obj = MongoidProject.create(:bar => 1)
|
obj = MongoidProject.create(:bar => 1)
|
||||||
obj2 = MongoidProject.create(:bar => 2)
|
obj2 = MongoidProject.create(:bar => 2)
|
||||||
@ability.can :read, MongoidProject
|
@ability.can :read, :mongoid_projects
|
||||||
@ability.cannot :read, MongoidProject, :bar => 2
|
@ability.cannot :read, :mongoid_projects, :bar => 2
|
||||||
MongoidProject.accessible_by(@ability, :read).entries.should == [obj]
|
MongoidProject.accessible_by(@ability, :read).entries.should == [obj]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -167,13 +167,13 @@ if ENV["MODEL_ADAPTER"] == "mongoid"
|
||||||
obj = MongoidProject.create(:bar => 1)
|
obj = MongoidProject.create(:bar => 1)
|
||||||
obj2 = MongoidProject.create(:bar => 2)
|
obj2 = MongoidProject.create(:bar => 2)
|
||||||
obj3 = MongoidProject.create(:bar => 3)
|
obj3 = MongoidProject.create(:bar => 3)
|
||||||
@ability.can :read, MongoidProject, :bar => 1
|
@ability.can :read, :mongoid_projects, :bar => 1
|
||||||
@ability.can :read, MongoidProject, :bar => 2
|
@ability.can :read, :mongoid_projects, :bar => 2
|
||||||
MongoidProject.accessible_by(@ability, :read).entries.should =~ [obj, obj2]
|
MongoidProject.accessible_by(@ability, :read).entries.should =~ [obj, obj2]
|
||||||
end
|
end
|
||||||
|
|
||||||
it "should not allow to fetch records when ability with just block present" do
|
it "should not allow to fetch records when ability with just block present" do
|
||||||
@ability.can :read, MongoidProject do
|
@ability.can :read, :mongoid_projects do
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
lambda {
|
lambda {
|
||||||
|
|
Loading…
Reference in New Issue
Block a user