class Object

We add a method to any object to quickly tell which method should not have any authorization check perform

Public Class Methods

authorizations() click to toggle source
# File lib/strongbolt/rspec/user.rb, line 10
def authorizations
  @authorizations ||= {}
end
authorized?(user, *args) click to toggle source
# File lib/strongbolt/rspec/user.rb, line 25
def authorized?(user, *args)
  # Cannot do if user not saved
  return false if user.new_record?
  key = key_for(*args)
  if self.authorizations[user.id].present? && self.authorizations[user.id][key].present?
    return self.authorizations[user.id][key]
  else
    user._can?(*args)
  end
end
clear_authorizations() click to toggle source
# File lib/strongbolt/rspec/user.rb, line 21
def clear_authorizations
  @authorizations = {}
end
key_for(*args) click to toggle source
# File lib/strongbolt/rspec/user.rb, line 36
def key_for(*args)
  action = args[0]
  instance = args[1]
  attrs = args[2] || :any
  all_instances = args[3] || false ? 'all' : 'tenanted'
  if instance.is_a?(ActiveRecord::Base)
    model = instance.class.name
    if instance.new_record?
      "#{action}-#{model}-#{attrs}-#{all_instances}"
    else
      "#{action}-#{model}-#{attrs}-#{instance.id}"
    end
  else
    model = instance.class.name
    "#{action}-#{model}-#{attrs}-#{all_instances}"
  end
end
perform_without_authorization(*method_names) click to toggle source
# File lib/strongbolt.rb, line 205
def self.perform_without_authorization(*method_names)
  method_names.each { |name| setup_without_authorization name }
end
set_authorization_for(user, authorized, *args) click to toggle source
# File lib/strongbolt/rspec/user.rb, line 14
def set_authorization_for(user, authorized, *args)
  return if user.new_record?

  self.authorizations[user.id] ||= {}
  self.authorizations[user.id][key_for(*args)] = authorized
end

Private Class Methods

setup_without_authorization(method_name) click to toggle source
# File lib/strongbolt.rb, line 209
def self.setup_without_authorization(method_name)
  aliased_name = "_with_autorization_#{method_name}"
  alias_method aliased_name, method_name
  define_method method_name do |*args, &block|
    Strongbolt.without_authorization do
      send aliased_name, *args, &block
    end
  end
end

Public Instance Methods

can!(*args) click to toggle source
# File lib/strongbolt/rspec/user.rb, line 81
def can!(*args)
  setup_stub true, args
end
can?(*args) click to toggle source
# File lib/strongbolt/rspec/user.rb, line 77
def can?(*args)
  self.class.authorized? self, *args
end
cannot!(*args) click to toggle source
# File lib/strongbolt/rspec/user.rb, line 85
def cannot!(*args)
  setup_stub false, args
end
init() click to toggle source

2 methods to setup mocking and stubs

# File lib/strongbolt/rspec/user.rb, line 58
def init
  if RSpec::Mocks::Version::STRING >= '3.0'
    require 'rspec/mocks/standalone'
  else
    RSpec::Mocks.setup(self) unless self.respond_to? :allow
  end
end
setup_stub(authorized, arguments) click to toggle source
# File lib/strongbolt/rspec/user.rb, line 66
def setup_stub(authorized, arguments)
  init
  # Set the authorizations on a class level
  self.class.set_authorization_for self, authorized, *arguments
end