Changesets can be listed by changeset number.
The Git repository is here.
- Revision:
- 373
- Log:
Initial import of Radiant 0.9.1, which is now packaged as a gem. This is an
import of the tagged 0.9.1 source checked out from GitHub, which isn't quite
the same as the gem distribution - but it doesn't seem to be available in an
archived form and the installed gem already has modifications, so this is
the closest I can get.
- Author:
- rool
- Date:
- Mon Mar 21 13:40:05 +0000 2011
- Size:
- 5615 Bytes
1 | require File.dirname(__FILE__) + "/../spec_helper" |
2 | |
3 | class StubController < ActionController::Base |
4 | include LoginSystem |
5 | |
6 | def rescue_action(e); raise e; end |
7 | def index; render :text => 'just a test'; end |
8 | end |
9 | |
10 | class NoLoginRequiredController < StubController; no_login_required; end |
11 | class LoginRequiredController < StubController; end |
12 | class NoLoginRequiredChildController < NoLoginRequiredController; end |
13 | class LoginRequiredGrandChildController < NoLoginRequiredChildController; login_required; end |
14 | class PrivilegedUsersOnlyController < LoginRequiredController |
15 | only_allow_access_to :edit, :new, |
16 | :when => [:admin, :designer], |
17 | :denied_url => '/login_required', |
18 | :denied_message => 'Fun.' |
19 | def edit; render :text => 'just a test'; end |
20 | def new; render :text => 'just a test'; end |
21 | end |
22 | class AdminOnlyController < LoginRequiredController |
23 | only_allow_access_to :edit, |
24 | :when => :admin, |
25 | :denied_url => '/login_required', |
26 | :denied_message => 'Fun.' |
27 | def edit; render :text => 'just a test'; end |
28 | end |
29 | class ConditionalAccessController < LoginRequiredController |
30 | attr_writer :condition |
31 | only_allow_access_to :edit, :if => :condition?, |
32 | :denied_url => '/login_required', |
33 | :denied_message => 'Fun.' |
34 | |
35 | def edit; render :text => 'just a test'; end |
36 | def condition? |
37 | @condition ||= false |
38 | end |
39 | end |
40 | |
41 | describe 'Login System:', :type => :controller do |
42 | dataset :users |
43 | |
44 | before do |
45 | map = ActionController::Routing::RouteSet::Mapper.new(ActionController::Routing::Routes) |
46 | map.connect ':controller/:action/:id' |
47 | ActionController::Routing::Routes.named_routes.install |
48 | end |
49 | |
50 | after do |
51 | ActionController::Routing::Routes.reload |
52 | end |
53 | |
54 | describe NoLoginRequiredController do |
55 | it "should not require authentication" do |
56 | get :index |
57 | response.should be_success |
58 | end |
59 | end |
60 | |
61 | describe LoginRequiredController do |
62 | it "should authenticate with user in session" do |
63 | login_as :existing |
64 | get :index |
65 | response.should be_success |
66 | end |
67 | |
68 | it "should not authenticate without user in session" do |
69 | logout |
70 | get :index |
71 | response.should redirect_to(login_url) |
72 | end |
73 | |
74 | it "should store location" do |
75 | logout |
76 | session[:return_to] = nil |
77 | get 'protected_action' |
78 | session[:return_to].should match(%r{protected_action}) |
79 | end |
80 | end |
81 | |
82 | describe StubController do |
83 | |
84 | describe ".authenticate" do |
85 | it "should attempt to login from cookie" do |
86 | controller.should_receive(:login_from_cookie) |
87 | get :index |
88 | end |
89 | end |
90 | |
91 | describe ".login_from_cookie" do |
92 | before do |
93 | Time.zone = 'UTC' |
94 | Radiant::Config.stub!(:[]).with('session_timeout').and_return(2.weeks) |
95 | end |
96 | |
97 | it "should not login user if no cookie found" do |
98 | controller.should_not_receive(:current_user=) |
99 | get :index |
100 | end |
101 | |
102 | describe "with session_token" do |
103 | before do |
104 | @user = users(:admin) |
105 | User.should_receive(:find_by_session_token).and_return(@user) |
106 | @cookies = { :session_token => 12345 } |
107 | controller.stub!(:cookies).and_return(@cookies) |
108 | end |
109 | |
110 | after do |
111 | controller.send(:login_from_cookie).should == @user |
112 | end |
113 | |
114 | it "should remember user" do |
115 | @user.should_receive(:remember_me) |
116 | end |
117 | |
118 | it "should update cookie" do |
119 | @cookies.should_receive(:[]=) do |name,content| |
120 | name.should eql(:session_token) |
121 | content[:value].should eql(@user.session_token) |
122 | content[:expires].should be_close((Time.zone.now + 2.weeks).utc, 1.minute) # sometimes specs are slow |
123 | end |
124 | end |
125 | |
126 | end |
127 | end |
128 | end |
129 | |
130 | describe NoLoginRequiredChildController do |
131 | it "should inherit no_login_required" do |
132 | controller.class.should_not be_login_required |
133 | end |
134 | end |
135 | |
136 | describe LoginRequiredGrandChildController do |
137 | it "should override parent with login_required" do |
138 | controller.class.should be_login_required |
139 | end |
140 | end |
141 | |
142 | describe LoginRequiredGreatGrandChildController = Class.new(LoginRequiredGrandChildController) { } do |
143 | it "should inherit login_required" do |
144 | controller.class.should be_login_required |
145 | end |
146 | end |
147 | |
148 | describe PrivilegedUsersOnlyController do |
149 | it "should only allow access when user in allowed roles" do |
150 | login_as :admin |
151 | get :edit |
152 | response.should be_success |
153 | end |
154 | |
155 | it "should deny access when user not in allowed roles" do |
156 | login_as :non_admin |
157 | get :edit |
158 | response.should redirect_to('/login_required') |
159 | flash[:error].should eql('Fun.') |
160 | end |
161 | |
162 | it "should allow access to unrestricted actions when users not in roles" do |
163 | login_as :non_admin |
164 | get :index |
165 | response.should be_success |
166 | end |
167 | end |
168 | |
169 | describe AdminOnlyController do |
170 | it "should not allow access when user not in default roles" do |
171 | login_as :non_admin |
172 | get :edit |
173 | response.should redirect_to('/login_required') |
174 | flash[:error].should eql('Fun.') |
175 | end |
176 | end |
177 | |
178 | describe ConditionalAccessController do |
179 | |
180 | it "should allow access if condition is true" do |
181 | controller.condition = true |
182 | login_as :existing |
183 | get :edit |
184 | response.should be_success |
185 | end |
186 | |
187 | it "should not allow access if condition is false" do |
188 | controller.condition = false |
189 | login_as :existing |
190 | get :edit |
191 | response.should redirect_to('/login_required') |
192 | end |
193 | end |
194 | |
195 | end |