Modified: branches/authorization_new/test/functional/authorization_test.rb (2063 => 2064)
--- branches/authorization_new/test/functional/authorization_test.rb 2009-01-19 12:46:58 UTC (rev 2063)
+++ branches/authorization_new/test/functional/authorization_test.rb 2009-01-19 12:51:16 UTC (rev 2064)
@@ -5,7 +5,6 @@
require File.dirname(__FILE__) + '/../test_helper'
require 'workflows_controller'
-include IsAuthorized
# Re-raise errors caught by the controller.
class WorkflowsController; def rescue_action(e) raise e end; end
@@ -18,136 +17,155 @@
end
def test_is_owner
- assert is_owner?(workflows(:workflow_dilbert).id, 'Workflow', users(:john).id)
+ assert Authorization.is_owner?(users(:john).id, workflows(:workflow_dilbert).contribution)
end
def test_is_not_owner
- assert !is_owner?(workflows(:workflow_dilbert).id, 'Workflow', users(:jane).id)
+ assert !Authorization.is_owner?(users(:jane).id, workflows(:workflow_dilbert).contribution)
end
def test_is_friend
- assert is_friend?(users(:john).id, users(:jane).id)
+ assert Authorization.is_friend?(users(:john).id, users(:jane).id)
end
def test_is_not_friend
- assert !is_friend?(users(:john).id, users(:admin).id)
+ assert !Authorization.is_friend?(users(:john).id, users(:admin).id)
end
def test_is_member_of_group
- assert is_member_of_group?(users(:john).id, networks(:dilbert_appreciation_network).id)
- assert is_member_of_group?(users(:jane).id, networks(:dilbert_appreciation_network).id)
+ assert Authorization.is_network_member?(users(:john).id, networks(:another_network).id)
+ assert Authorization.is_network_member?(users(:jane).id, networks(:dilbert_appreciation_network).id)
end
def test_is_not_member_of_group
- assert !is_member_of_group?(users(:admin).id, networks(:dilbert_appreciation_network).id)
+ assert !Authorization.is_network_member?(users(:admin).id, networks(:dilbert_appreciation_network).id)
end
def test_is_owner_authorized_to_view
- assert is_authorized_to_view?(blobs(:for_true_policy).id, 'Blob', users(:john))
- assert is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', users(:john))
- assert is_authorized_to_view?(blobs(:for_protected_policy).id, 'Blob', users(:john))
- assert is_authorized_to_view?(blobs(:for_public_policy).id, 'Blob', users(:john))
+ # "thing" referenced by ID and Type; only user_id, not instance supplied
+ assert Authorization.is_authorized?("view", "Blob", blobs(:for_true_policy).id, users(:john).id)
+
+ # "thing" referenced by ID and Type; user instance supplied
+ assert Authorization.is_authorized?("view", "Blob", blobs(:for_false_policy).id, users(:john))
+
+ # "thing" supplied as instance; user instance supplied
+ assert Authorization.is_authorized?("view", nil, blobs(:for_protected_policy), users(:john))
+
+ # "thing" supplied as instance; only user_id, not instance supplied
+ assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy), users(:john).id)
end
def test_is_owner_authorized_to_edit
- assert is_authorized_to_edit?(blobs(:for_true_policy).id, 'Blob', users(:john))
- assert is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob', users(:john))
- assert is_authorized_to_edit?(blobs(:for_protected_policy).id, 'Blob', users(:john))
- assert is_authorized_to_edit?(blobs(:for_public_policy).id, 'Blob', users(:john))
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_true_policy), users(:john))
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), users(:john))
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_protected_policy), users(:john))
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_public_policy), users(:john))
end
def test_is_owner_authorized_to_download
- assert is_authorized_to_download?(blobs(:for_true_policy).id, 'Blob', users(:john))
- assert is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob', users(:john))
- assert is_authorized_to_download?(blobs(:for_protected_policy).id, 'Blob', users(:john))
- assert is_authorized_to_download?(blobs(:for_public_policy).id, 'Blob', users(:john))
+ assert Authorization.is_authorized?("download", nil, blobs(:for_true_policy), users(:john))
+ assert Authorization.is_authorized?("download", nil, blobs(:for_false_policy), users(:john))
+ assert Authorization.is_authorized?("download", nil, blobs(:for_protected_policy), users(:john))
+ assert Authorization.is_authorized?("download", nil, blobs(:for_public_policy), users(:john))
end
def test_is_anonymous_authorized_to_view
- assert is_authorized_to_view?(blobs(:for_true_policy).id, 'Blob')
- assert !is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob')
- assert !is_authorized_to_view?(blobs(:for_protected_policy).id, 'Blob')
- assert is_authorized_to_view?(blobs(:for_public_policy).id, 'Blob')
-
- assert is_authorized_to_view?(blobs(:for_true_policy).id, 'Blob', nil)
- assert !is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', nil)
- assert !is_authorized_to_view?(blobs(:for_protected_policy).id, 'Blob', nil)
- assert is_authorized_to_view?(blobs(:for_public_policy).id, 'Blob', nil)
+ # "anonymous" indicated as a default parameter (not even supplied)
+ assert Authorization.is_authorized?("view", nil, blobs(:for_true_policy))
+ assert !Authorization.is_authorized?("view", nil, blobs(:for_false_policy))
+ assert !Authorization.is_authorized?("view", nil, blobs(:for_protected_policy))
+ assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy))
+
+ # "anonymous" indicated as NIL
+ assert Authorization.is_authorized?("view", nil, blobs(:for_true_policy), nil)
+ assert !Authorization.is_authorized?("view", nil, blobs(:for_false_policy), nil)
+ assert !Authorization.is_authorized?("view", nil, blobs(:for_protected_policy), nil)
+ assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy), nil)
+
+ # "anonymous" indicated as "0" - the same way as AuthenticadSystem module will
+ # do for not logged in users
+ assert Authorization.is_authorized?("view", nil, blobs(:for_true_policy), 0)
+ assert !Authorization.is_authorized?("view", nil, blobs(:for_false_policy), 0)
+ assert !Authorization.is_authorized?("view", nil, blobs(:for_protected_policy), 0)
+ assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy), 0)
end
def test_is_anonymous_authorized_to_edit
- assert is_authorized_to_edit?(blobs(:for_true_policy).id, 'Blob')
- assert !is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob')
- assert !is_authorized_to_edit?(blobs(:for_protected_policy).id, 'Blob')
- assert is_authorized_to_edit?(blobs(:for_public_policy).id, 'Blob')
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_true_policy), 0)
+ assert !Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), 0)
+ assert !Authorization.is_authorized?("edit", nil, blobs(:for_protected_policy), 0)
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_public_policy), 0)
end
def test_is_anonymous_authorized_to_download
- assert is_authorized_to_download?(blobs(:for_true_policy).id, 'Blob')
- assert !is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob')
- assert !is_authorized_to_download?(blobs(:for_protected_policy).id, 'Blob')
- assert is_authorized_to_download?(blobs(:for_public_policy).id, 'Blob')
+ assert Authorization.is_authorized?("download", nil, blobs(:for_true_policy), nil)
+ assert !Authorization.is_authorized?("download", nil, blobs(:for_false_policy), nil)
+ assert !Authorization.is_authorized?("download", nil, blobs(:for_protected_policy), nil)
+ assert Authorization.is_authorized?("download", nil, blobs(:for_public_policy), nil)
end
def test_is_friend_authorized_to_view
- assert is_authorized_to_view?(blobs(:for_true_policy).id, 'Blob', users(:johns_friend))
- assert !is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', users(:johns_friend))
- assert is_authorized_to_view?(blobs(:for_protected_policy).id, 'Blob', users(:johns_friend))
- assert is_authorized_to_view?(blobs(:for_public_policy).id, 'Blob', users(:johns_friend))
+ assert Authorization.is_authorized?("view", nil, blobs(:for_true_policy), users(:johns_friend))
+ assert !Authorization.is_authorized?("view", nil, blobs(:for_false_policy), users(:johns_friend))
+ assert Authorization.is_authorized?("view", nil, blobs(:for_protected_policy), users(:johns_friend))
+ assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy), users(:johns_friend))
end
def test_is_friend_authorized_to_edit
- assert is_authorized_to_edit?(blobs(:for_true_policy).id, 'Blob', users(:johns_friend))
- assert !is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob', users(:johns_friend))
- assert is_authorized_to_edit?(blobs(:for_protected_policy).id, 'Blob', users(:johns_friend))
- assert is_authorized_to_edit?(blobs(:for_public_policy).id, 'Blob', users(:johns_friend))
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_true_policy), users(:johns_friend))
+ assert !Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), users(:johns_friend))
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_protected_policy), users(:johns_friend))
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_public_policy), users(:johns_friend))
end
def test_is_friend_authorized_to_download
- assert is_authorized_to_download?(blobs(:for_true_policy).id, 'Blob', users(:johns_friend))
- assert !is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob', users(:johns_friend))
- assert is_authorized_to_download?(blobs(:for_protected_policy).id, 'Blob', users(:johns_friend))
- assert is_authorized_to_download?(blobs(:for_public_policy).id, 'Blob', users(:johns_friend))
+ assert Authorization.is_authorized?("download", nil, blobs(:for_true_policy), users(:johns_friend))
+ assert !Authorization.is_authorized?("download", nil, blobs(:for_false_policy), users(:johns_friend))
+ assert Authorization.is_authorized?("download", nil, blobs(:for_protected_policy), users(:johns_friend))
+ assert Authorization.is_authorized?("download", nil, blobs(:for_public_policy), users(:johns_friend))
end
def test_is_group_authorized_to_view
- assert is_authorized_to_view?(blobs(:for_true_policy).id, 'Blob', users(:spare_user))
- assert !is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', users(:spare_user))
- assert !is_authorized_to_view?(blobs(:for_protected_policy).id, 'Blob', users(:spare_user))
- assert is_authorized_to_view?(blobs(:for_public_policy).id, 'Blob', users(:spare_user))
+ assert Authorization.is_authorized?("view", nil, blobs(:for_true_policy), users(:spare_user))
+ assert !Authorization.is_authorized?("view", nil, blobs(:for_false_policy), users(:spare_user))
+ assert !Authorization.is_authorized?("view", nil, blobs(:for_protected_policy), users(:spare_user))
+ assert Authorization.is_authorized?("view", nil, blobs(:for_public_policy), users(:spare_user))
end
def test_is_group_authorized_to_edit
- assert is_authorized_to_edit?(blobs(:for_true_policy).id, 'Blob', users(:spare_user))
- assert !is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob', users(:spare_user))
- assert !is_authorized_to_edit?(blobs(:for_protected_policy).id, 'Blob', users(:spare_user))
- assert is_authorized_to_edit?(blobs(:for_public_policy).id, 'Blob', users(:spare_user))
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_true_policy), users(:spare_user))
+ assert !Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), users(:spare_user))
+ assert !Authorization.is_authorized?("edit", nil, blobs(:for_protected_policy), users(:spare_user))
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_public_policy), users(:spare_user))
end
def test_is_group_authorized_to_download
- assert is_authorized_to_download?(blobs(:for_true_policy).id, 'Blob', users(:spare_user))
- assert !is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob', users(:spare_user))
- assert !is_authorized_to_download?(blobs(:for_protected_policy).id, 'Blob', users(:spare_user))
- assert is_authorized_to_download?(blobs(:for_public_policy).id, 'Blob', users(:spare_user))
+ assert Authorization.is_authorized?("download", nil, blobs(:for_true_policy), users(:spare_user))
+ assert !Authorization.is_authorized?("download", nil, blobs(:for_false_policy), users(:spare_user))
+ assert !Authorization.is_authorized?("download", nil, blobs(:for_protected_policy), users(:spare_user))
+ assert Authorization.is_authorized?("download", nil, blobs(:for_public_policy), users(:spare_user))
end
def test_user_permissions
- assert is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', users(:admin))
- assert !is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob', users(:admin))
- assert is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob', users(:admin))
+ assert Authorization.is_authorized?("view", nil, blobs(:for_false_policy), users(:admin))
+ assert !Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), users(:admin))
+ assert Authorization.is_authorized?("download", nil, blobs(:for_false_policy), users(:admin))
end
def test_group_permissions
- assert is_authorized_to_view?(blobs(:for_false_policy).id, 'Blob', users(:jane))
- assert is_authorized_to_edit?(blobs(:for_false_policy).id, 'Blob', users(:jane))
- assert !is_authorized_to_download?(blobs(:for_false_policy).id, 'Blob', users(:jane))
+ assert Authorization.is_authorized?("view", nil, blobs(:for_false_policy), users(:jane))
+ assert Authorization.is_authorized?("edit", nil, blobs(:for_false_policy), users(:jane))
+
+ # in the fixture "view"/"edit" flags are set to TRUE, but "download" is set to FALSE;
+ # cascading permissions should provide permission to download in this case
+ assert Authorization.is_authorized?("download", nil, blobs(:for_false_policy), users(:jane))
end
def test_is_authorized_to_destroy
- assert is_authorized_to_destroy?(blobs(:for_true_policy).id, 'Blob', users(:john))
- assert !is_authorized_to_destroy?(blobs(:for_true_policy).id, 'Blob', users(:jane))
- assert !is_authorized_to_destroy?(blobs(:for_true_policy).id, 'Blob', users(:admin))
- assert !is_authorized_to_destroy?(blobs(:for_true_policy).id, 'Blob', users(:johns_friend))
- assert !is_authorized_to_destroy?(blobs(:for_true_policy).id, 'Blob', users(:spare_user))
+ assert Authorization.is_authorized?("destroy", nil, blobs(:for_true_policy), users(:john))
+ assert !Authorization.is_authorized?("destroy", nil, blobs(:for_true_policy), users(:jane))
+ assert !Authorization.is_authorized?("destroy", nil, blobs(:for_true_policy), users(:admin))
+ assert !Authorization.is_authorized?("destroy", nil, blobs(:for_true_policy), users(:johns_friend))
+ assert !Authorization.is_authorized?("destroy", nil, blobs(:for_true_policy), users(:spare_user))
end
end