Created
December 12, 2011 04:02
-
-
Save steveklabnik/1464751 to your computer and use it in GitHub Desktop.
A spec for a filter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| class PrivacyFilter | |
| def self.filter(controller) | |
| [:first_article?, | |
| :authenticate_administrator!, | |
| :authenticate_user! | |
| ].find do |m| | |
| controller.send(m) | |
| end | |
| end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require "app/models/privacy_filter" | |
| describe PrivacyFilter do | |
| let(:controller) do | |
| double(:first_article? => false, | |
| :authenticate_administrator! => false, | |
| :authenticate_user! => false) | |
| end | |
| it "allows access to the root article" do | |
| controller.should_receive(:first_article?).and_return(true) | |
| PrivacyFilter.filter(controller).should be_true | |
| end | |
| it "allows access for administrators" do | |
| controller.should_receive(:authenticate_administrator!).and_return(true) | |
| PrivacyFilter.filter(controller).should be_true | |
| end | |
| it "allows access to users" do | |
| controller.should_receive(:authenticate_user!).and_return(true) | |
| PrivacyFilter.filter(controller).should be_true | |
| end | |
| it "denies all others" do | |
| PrivacyFilter.filter(controller).should be_false | |
| end | |
| end |
Yeah, that seems like the right API. Rails makes it awkward.
For the app, I just ended up using cancan, which is the Right Way anywaay...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Late to the party, but I really want this to be AccessPolicy.has_access?(user, article). (Raptor will let you write exactly this and specify it directly in a route... some day. garybernhardt/raptor@3e1b48e ;)