myexperiment-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[myexperiment-hackers] [2064] branches/authorization_new/test/functional

From: noreply
Subject: [myexperiment-hackers] [2064] branches/authorization_new/test/functional/authorization_test.rb: Auth module.
Date: Mon, 19 Jan 2009 07:51:16 -0500 (EST)
Revision
2064
Author
alekses6
Date
2009-01-19 07:51:16 -0500 (Mon, 19 Jan 2009)

Log Message

Auth module. Fixed tests:

- refactored test method code to make use of the new Authorization module methods and their interfaces;
- fixed semantical error in one of the test methods (to do with cascading permissions in the "permission" object handling);

However,
- test coverage not extended (and the existing tests don't fully cover the whole of Authorization module);
- didn't check semantical meaning of all tests and fixtures (they all run with no failures, though).

Modified Paths

Diff

Modified: branches/authorization_new/test/functional/authorization_test.rb (2063 => 2064)


--- branches/authorization_new/test/functional/authorization_test.rb	2009-01-19 12:46:58 UTC (rev 2063)
+++ branches/authorization_new/test/functional/authorization_test.rb	2009-01-19 12:51:16 UTC (rev 2064)
@@ -5,7 +5,6 @@
 
 require File.dirname(__FILE__) + '/../test_helper'
 require 'workflows_controller'
-include IsAuthorized
 
 # Re-raise errors caught by the controller.
 class WorkflowsController; def rescue_action(e) raise e end; end
@@ -18,136 +17,155 @@
   end
 
   def test_is_owner
-    assert is_owner?(workflows(:workflow_dilbert).id, 'Workflow', users(:john).id)
+    assert Authorization.is_owner?(users(:john).id, workflows(:workflow_dilbert).contribution)
   end
 
   def test_is_not_owner
-    assert !is_owner?(workflows(:workflow_dilbert).id, 'Workflow', users(:jane).id)
+    assert !Authorization.is_owner?(users(:jane).id, workflows(:workflow_dilbert).contribution)
   end
 
   def test_is_friend
-    assert is_friend?(users(:john).id, users(:jane).id)
+    assert Authorization.is_friend?(users(:john).id, users(:jane).id)
   end
 
   def test_is_not_friend
-    assert !is_friend?(users(:john).id, users(:admin).id)
+    assert !Authorization.is_friend?(users(:john).id, users(:admin).id)
   end
 
   def test_is_member_of_group
-    assert is_member_of_group?(users(:john).id, networks(:dilbert_appreciation_network).id)
-    assert is_member_of_group?(users(:jane).id, networks(:dilbert_appreciation_network).id)
+    assert Authorization.is_network_member?(users(:john).id, networks(:another_network).id)
+    assert Authorization.is_network_member?(users(:jane).id, networks(:dilbert_appreciation_network).id)
   end
 
   def test_is_not_member_of_group
-    assert !is_member_of_group?(users(:admin).id, networks(:dilbert_appreciation_network).id)
+    assert !Authorization.is_network_member?(users(:admin).id, networks(:dilbert_appreciation_network).id)
   end
 
   def test_is_owner_authorized_to_view
-    assert is_authorized_to_view?(blobs(:for_true_policy).id, 'Blob', users(:john))
-    assert is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', users(:john))
-    assert is_authorized_to_view?(blobs(:for_protected_policy).id, 'Blob', users(:john))
-    assert is_authorized_to_view?(blobs(:for_public_policy).id, 'Blob', users(:john))
+    # "thing" referenced by ID and Type; only user_id, not instance supplied
+    assert Authorization.is_authorized?("view", "Blob", blobs(:for_true_policy).id, users(:john).id)
+    
+    # "thing" referenced by ID and Type; user instance supplied
+    assert Authorization.is_authorized?("view", "Blob", blobs(:for_false_policy).id, users(:john))
+    
+    # "thing" supplied as instance; user instance supplied
+    assert Authorization.is_authorized?("view", nil, blobs(:for_protected_policy), users(:john))
+    
+    # "thing" supplied as instance; only user_id, not instance supplied
+    assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy), users(:john).id)
   end
 
   def test_is_owner_authorized_to_edit
-    assert is_authorized_to_edit?(blobs(:for_true_policy).id, 'Blob', users(:john))
-    assert is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob', users(:john))
-    assert is_authorized_to_edit?(blobs(:for_protected_policy).id, 'Blob', users(:john))
-    assert is_authorized_to_edit?(blobs(:for_public_policy).id, 'Blob', users(:john))
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_true_policy), users(:john))
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), users(:john))
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_protected_policy), users(:john))
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_public_policy), users(:john))
   end
 
   def test_is_owner_authorized_to_download
-    assert is_authorized_to_download?(blobs(:for_true_policy).id, 'Blob', users(:john))
-    assert is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob', users(:john))
-    assert is_authorized_to_download?(blobs(:for_protected_policy).id, 'Blob', users(:john))
-    assert is_authorized_to_download?(blobs(:for_public_policy).id, 'Blob', users(:john))
+    assert Authorization.is_authorized?("download", nil, blobs(:for_true_policy), users(:john))
+    assert Authorization.is_authorized?("download", nil, blobs(:for_false_policy), users(:john))
+    assert Authorization.is_authorized?("download", nil, blobs(:for_protected_policy), users(:john))
+    assert Authorization.is_authorized?("download", nil, blobs(:for_public_policy), users(:john))
   end
 
   def test_is_anonymous_authorized_to_view
-    assert is_authorized_to_view?(blobs(:for_true_policy).id, 'Blob')
-    assert !is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob')
-    assert !is_authorized_to_view?(blobs(:for_protected_policy).id, 'Blob')
-    assert is_authorized_to_view?(blobs(:for_public_policy).id, 'Blob')
-
-    assert is_authorized_to_view?(blobs(:for_true_policy).id, 'Blob', nil)
-    assert !is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', nil)
-    assert !is_authorized_to_view?(blobs(:for_protected_policy).id, 'Blob', nil)
-    assert is_authorized_to_view?(blobs(:for_public_policy).id, 'Blob', nil)
+    # "anonymous" indicated as a default parameter (not even supplied)
+    assert Authorization.is_authorized?("view", nil, blobs(:for_true_policy))
+    assert !Authorization.is_authorized?("view", nil, blobs(:for_false_policy))
+    assert !Authorization.is_authorized?("view", nil, blobs(:for_protected_policy))
+    assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy))
+    
+    # "anonymous" indicated as NIL
+    assert Authorization.is_authorized?("view", nil, blobs(:for_true_policy), nil)
+    assert !Authorization.is_authorized?("view", nil, blobs(:for_false_policy), nil)
+    assert !Authorization.is_authorized?("view", nil, blobs(:for_protected_policy), nil)
+    assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy), nil)
+    
+    # "anonymous" indicated as "0" - the same way as AuthenticadSystem module will
+    # do for not logged in users
+    assert Authorization.is_authorized?("view", nil, blobs(:for_true_policy), 0)
+    assert !Authorization.is_authorized?("view", nil, blobs(:for_false_policy), 0)
+    assert !Authorization.is_authorized?("view", nil, blobs(:for_protected_policy), 0)
+    assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy), 0)
   end
 
   def test_is_anonymous_authorized_to_edit
-    assert is_authorized_to_edit?(blobs(:for_true_policy).id, 'Blob')
-    assert !is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob')
-    assert !is_authorized_to_edit?(blobs(:for_protected_policy).id, 'Blob')
-    assert is_authorized_to_edit?(blobs(:for_public_policy).id, 'Blob')
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_true_policy), 0)
+    assert !Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), 0)
+    assert !Authorization.is_authorized?("edit", nil, blobs(:for_protected_policy), 0)
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_public_policy), 0)
   end
 
   def test_is_anonymous_authorized_to_download
-    assert is_authorized_to_download?(blobs(:for_true_policy).id, 'Blob')
-    assert !is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob')
-    assert !is_authorized_to_download?(blobs(:for_protected_policy).id, 'Blob')
-    assert is_authorized_to_download?(blobs(:for_public_policy).id, 'Blob')
+    assert Authorization.is_authorized?("download", nil, blobs(:for_true_policy), nil)
+    assert !Authorization.is_authorized?("download", nil, blobs(:for_false_policy), nil)
+    assert !Authorization.is_authorized?("download", nil, blobs(:for_protected_policy), nil)
+    assert Authorization.is_authorized?("download", nil, blobs(:for_public_policy), nil)
   end
 
   def test_is_friend_authorized_to_view
-    assert is_authorized_to_view?(blobs(:for_true_policy).id, 'Blob', users(:johns_friend))
-    assert !is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', users(:johns_friend))
-    assert is_authorized_to_view?(blobs(:for_protected_policy).id, 'Blob', users(:johns_friend))
-    assert is_authorized_to_view?(blobs(:for_public_policy).id, 'Blob', users(:johns_friend))
+    assert Authorization.is_authorized?("view", nil, blobs(:for_true_policy), users(:johns_friend))
+    assert !Authorization.is_authorized?("view", nil, blobs(:for_false_policy), users(:johns_friend))
+    assert Authorization.is_authorized?("view", nil, blobs(:for_protected_policy), users(:johns_friend))
+    assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy), users(:johns_friend))
   end
 
   def test_is_friend_authorized_to_edit
-    assert is_authorized_to_edit?(blobs(:for_true_policy).id, 'Blob', users(:johns_friend))
-    assert !is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob', users(:johns_friend))
-    assert is_authorized_to_edit?(blobs(:for_protected_policy).id, 'Blob', users(:johns_friend))
-    assert is_authorized_to_edit?(blobs(:for_public_policy).id, 'Blob', users(:johns_friend))
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_true_policy), users(:johns_friend))
+    assert !Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), users(:johns_friend))
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_protected_policy), users(:johns_friend))
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_public_policy), users(:johns_friend))
   end
 
   def test_is_friend_authorized_to_download
-    assert is_authorized_to_download?(blobs(:for_true_policy).id, 'Blob', users(:johns_friend))
-    assert !is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob', users(:johns_friend))
-    assert is_authorized_to_download?(blobs(:for_protected_policy).id, 'Blob', users(:johns_friend))
-    assert is_authorized_to_download?(blobs(:for_public_policy).id, 'Blob', users(:johns_friend))
+    assert Authorization.is_authorized?("download", nil, blobs(:for_true_policy), users(:johns_friend))
+    assert !Authorization.is_authorized?("download", nil, blobs(:for_false_policy), users(:johns_friend))
+    assert Authorization.is_authorized?("download", nil, blobs(:for_protected_policy), users(:johns_friend))
+    assert Authorization.is_authorized?("download", nil, blobs(:for_public_policy), users(:johns_friend))
   end
 
   def test_is_group_authorized_to_view
-    assert is_authorized_to_view?(blobs(:for_true_policy).id, 'Blob', users(:spare_user))
-    assert !is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', users(:spare_user))
-    assert !is_authorized_to_view?(blobs(:for_protected_policy).id, 'Blob', users(:spare_user))
-    assert is_authorized_to_view?(blobs(:for_public_policy).id, 'Blob', users(:spare_user))
+    assert Authorization.is_authorized?("view", nil, blobs(:for_true_policy), users(:spare_user))
+    assert !Authorization.is_authorized?("view", nil, blobs(:for_false_policy), users(:spare_user))
+    assert !Authorization.is_authorized?("view", nil, blobs(:for_protected_policy), users(:spare_user))
+    assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy), users(:spare_user))
   end
 
   def test_is_group_authorized_to_edit
-    assert is_authorized_to_edit?(blobs(:for_true_policy).id, 'Blob', users(:spare_user))
-    assert !is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob', users(:spare_user))
-    assert !is_authorized_to_edit?(blobs(:for_protected_policy).id, 'Blob', users(:spare_user))
-    assert is_authorized_to_edit?(blobs(:for_public_policy).id, 'Blob', users(:spare_user))
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_true_policy), users(:spare_user))
+    assert !Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), users(:spare_user))
+    assert !Authorization.is_authorized?("edit", nil, blobs(:for_protected_policy), users(:spare_user))
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_public_policy), users(:spare_user))
   end
 
   def test_is_group_authorized_to_download
-    assert is_authorized_to_download?(blobs(:for_true_policy).id, 'Blob', users(:spare_user))
-    assert !is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob', users(:spare_user))
-    assert !is_authorized_to_download?(blobs(:for_protected_policy).id, 'Blob', users(:spare_user))
-    assert is_authorized_to_download?(blobs(:for_public_policy).id, 'Blob', users(:spare_user))
+    assert Authorization.is_authorized?("download", nil, blobs(:for_true_policy), users(:spare_user))
+    assert !Authorization.is_authorized?("download", nil, blobs(:for_false_policy), users(:spare_user))
+    assert !Authorization.is_authorized?("download", nil, blobs(:for_protected_policy), users(:spare_user))
+    assert Authorization.is_authorized?("download", nil, blobs(:for_public_policy), users(:spare_user))
   end
 
   def test_user_permissions
-    assert is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', users(:admin))
-    assert !is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob', users(:admin))
-    assert is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob', users(:admin))
+    assert Authorization.is_authorized?("view", nil, blobs(:for_false_policy), users(:admin))
+    assert !Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), users(:admin))
+    assert Authorization.is_authorized?("download", nil, blobs(:for_false_policy), users(:admin))
   end
 
   def test_group_permissions
-    assert is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', users(:jane))
-    assert is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob', users(:jane))
-    assert !is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob', users(:jane))
+    assert Authorization.is_authorized?("view", nil, blobs(:for_false_policy), users(:jane))
+    assert Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), users(:jane))
+    
+    # in the fixture "view"/"edit" flags are set to TRUE, but "download" is set to FALSE;
+    # cascading permissions should provide permission to download in this case
+    assert Authorization.is_authorized?("download", nil, blobs(:for_false_policy), users(:jane))
   end
 
   def test_is_authorized_to_destroy
-    assert is_authorized_to_destroy?(blobs(:for_true_policy).id, 'Blob', users(:john))
-    assert !is_authorized_to_destroy?(blobs(:for_true_policy).id, 'Blob', users(:jane))
-    assert !is_authorized_to_destroy?(blobs(:for_true_policy).id, 'Blob', users(:admin))
-    assert !is_authorized_to_destroy?(blobs(:for_true_policy).id, 'Blob', users(:johns_friend))
-    assert !is_authorized_to_destroy?(blobs(:for_true_policy).id, 'Blob', users(:spare_user))
+    assert Authorization.is_authorized?("destroy", nil, blobs(:for_true_policy), users(:john))
+    assert !Authorization.is_authorized?("destroy", nil, blobs(:for_true_policy), users(:jane))
+    assert !Authorization.is_authorized?("destroy", nil, blobs(:for_true_policy), users(:admin))
+    assert !Authorization.is_authorized?("destroy", nil, blobs(:for_true_policy), users(:johns_friend))
+    assert !Authorization.is_authorized?("destroy", nil, blobs(:for_true_policy), users(:spare_user))
   end
 end
reply via email to
[Prev in Thread] Current Thread [Next in Thread]