Module | Authorization::TestHelper |
In: |
lib/declarative_authorization/maintenance.rb
|
TestHelper provides assert methods and controller request methods which take authorization into account and set the current user to a specific one.
Defines get_with, post_with, get_by_xhr_with etc. for methods get, post, put, delete each with the signature
get_with(user, action, params = {}, session = {}, flash = {})
Use it by including it in your TestHelper:
require File.expand_path(File.dirname(__FILE__) + "/../vendor/plugins/declarative_authorization/lib/maintenance") class Test::Unit::TestCase include Authorization::TestHelper ... def admin # create admin user end end class SomeControllerTest < ActionController::TestCase def test_should_get_index ... get_with admin, :index, :param_1 => "param value" ... end end
Note: get_with etc. do two things to set the user for the request: Authorization.current_user is set and session[:user], session[:user_id] are set appropriately. If you determine the current user in a different way, these methods might not work for you.
Analogue to the Ruby‘s assert_raise method, only executing the block in the context of the given user.
Test helper to test authorization rules.
with_user a_normal_user do should_not_be_allowed_to :update, :conferences should_not_be_allowed_to :read, an_unpublished_conference should_be_allowed_to :read, a_published_conference end
If the objects class name does not match the controller name, you can set the object and context manually
should_be_allowed_to :create, :object => car, :context => :vehicles
If you use specify the object and context manually, you can also specify the user manually, skipping the with_user block:
should_be_allowed_to :create, :object => car, :context => :vehicles, :user => a_normal_user