Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds tests to cover policy overrides and when authorize is called in other namespaces #772

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Adds tests to cover policy overrides and when authorize is called in other namespaces #772

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
012abc3
add tests to cover overriding policies
TheDevJoao May 23, 2023
13eee12
feat: adds relevant lines to the changelog
TheDevJoao May 23, 2023
733e7b6
refactor: tests now properly call authorize
TheDevJoao May 26, 2023
545a2e6
fix: removes trailing whitespace with rubocop
TheDevJoao May 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Pundit

### Added

- Adds tests to cover policy overrides and when authorize is called in other namespaces (#772)

## Unreleased

### Fixed
Expand Down
41 changes: 41 additions & 0 deletions spec/authorization_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
let(:post) { Post.new(user) }
let(:customer_post) { Customer::Post.new(user) }
let(:comment) { Comment.new }
let(:admin_comment) { Project::Admin::CommentPolicy.new(user, comment) }
let(:article) { Article.new }
let(:article_tag) { ArticleTag.new }
let(:wiki) { Wiki.new }
Expand Down Expand Up @@ -116,6 +117,14 @@
it "raises an error with a invalid policy constructor" do
expect { controller.authorize(wiki, :destroy?) }.to raise_error(Pundit::InvalidConstructorError)
end

context "when called in a controller" do
it "uses the Admin namespace for policy calls" do
policy = Project::Admin::CommentPolicy.new(user, comment)

expect(controller.authorize(admin_comment, :update?)).to eq(policy)
end
end
end

describe "#skip_authorization" do
Expand Down Expand Up @@ -159,6 +168,38 @@

expect(controller.policy(post)).to eq new_policy
end

it "uses the Admin namespace for policy calls" do
policy = Project::Admin::CommentPolicy.new(user, comment)

expect(policy.update?).to eq(true)
end

context "when the policy is overriden" do
it "returns the correct overriden policy for a Post record" do
post = Post.new(user)

policy = controller.policy(post)
expect(policy).to be_instance_of(PostPolicy)
expect(policy.user).to eq(user)
expect(policy.post).to eq(post)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This context says "when the policy is overridden", but it doesn't look like anything is being overriden? What's the "policy" which is being overridden (do you mean the policy method, or the Policy class?), and where is it overridden?

I see there are some new things added in the spec_helper but none of those override policy_class, authorize, policy, Post or PostPolicy, so this spec looks like it just tests that ::PostPolicy works - nothing to do with any overriding?

What am I missing?

If I understand it correctly, the "overriding" which the original issue was talking about defining policy or authorize in a specific controller - eg. in an admin controller you might want to do something like this:

  def authorize(record, query = nil)
    super([:admin, record], query)
  end

  def policy(record)
    super([:admin, record])
  end

...to make sure that calls to authorize(Post) and policy(Post) in that controller end using the Admin::PostPolicy instead of ::PostPolicy.

I'm actually using this exact override of authorize in my current project.

end

it "returns the correct overriden policy for a Blog record" do
blog = Blog.new

policy = controller.policy(blog)
expect(policy).to be_instance_of(BlogPolicy)
expect(policy.user).to eq(user)
expect(policy.blog).to eq(blog)
end

it "raises an error if the given policy can't be found" do
record = Article.new

expect { controller.policy(record) }.to raise_error(Pundit::NotDefinedError)
end
end
end

describe "#policy_scope" do
Expand Down
14 changes: 14 additions & 0 deletions spec/spec_helper.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,10 @@ def resolve

module Admin
class CommentPolicy < Struct.new(:user, :comment)
def self.policy_class
CommentPolicy
end

def update?
true
end
Expand All @@ -191,6 +195,16 @@ def destroy?
false
end
end

class Post < Post
def model_name
OpenStruct.new(param_key: "admin_post")
end

def self.policy_class
PostPolicy
end
end
end
end

Expand Down