1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
|
# frozen_string_literal: true
require 'fast_spec_helper'
require 'declarative_policy'
require 'request_store'
require 'tempfile'
require 'gitlab/safe_request_store'
require_relative '../../app/models/ability'
require_relative '../support/ability_check'
RSpec.describe Support::AbilityCheck, feature_category: :system_access do # rubocop:disable RSpec/SpecFilePathFormat
let(:user) { :user }
let(:child) { Testing::Child.new }
let(:parent) { Testing::Parent.new(child) }
before do
# Usually done in spec/spec_helper.
described_class.inject(Ability.singleton_class)
stub_const('Testing::BasePolicy', Class.new(DeclarativePolicy::Base))
stub_const('Testing::Parent', Struct.new(:parent_of))
stub_const('Testing::ParentPolicy', Class.new(Testing::BasePolicy) do
delegate { @subject.parent_of }
condition(:is_adult) { @subject.is_a?(Testing::Parent) }
rule { is_adult }.enable :drink_coffee
end)
stub_const('Testing::Child', Class.new)
stub_const('Testing::ChildPolicy', Class.new(Testing::BasePolicy) do
condition(:always) { true }
rule { always }.enable :eat_ice
end)
end
def expect_no_deprecation_warning(&block)
expect(&block).not_to output.to_stderr
end
def expect_deprecation_warning(policy_class, ability, &block)
expect(&block)
.to output(/DEPRECATION WARNING: Ability :#{ability} in #{policy_class} not found./)
.to_stderr
end
def expect_allowed(user, ability, subject)
expect(Ability.allowed?(user, ability, subject))
end
shared_examples 'ability found' do
it 'policy ability is found' do
expect_no_deprecation_warning do
expect_allowed(user, ability, subject).to eq(true)
end
end
end
shared_examples 'ability not found' do |warning:|
description = 'policy ability is not found'
description += warning ? ' and emits a warning' : ' without warning'
it description do
check = -> { expect_allowed(user, ability, subject).to eq(false) }
if warning
expect_deprecation_warning(warning, ability, &check)
else
expect_no_deprecation_warning(&check)
end
end
end
shared_context 'with custom TODO YAML' do
let(:yaml_file) { Tempfile.new }
before do
yaml_file.write(yaml_content)
yaml_file.rewind
stub_const("#{described_class}::Checker::TODO_YAML", yaml_file.path)
described_class::Checker.clear_memoization(:todo_list)
end
after do
described_class::Checker.clear_memoization(:todo_list)
yaml_file.unlink
end
end
describe 'checking ability' do
context 'with valid direct ability' do
let(:subject) { parent }
let(:ability) { :drink_coffee }
include_examples 'ability found'
context 'with empty TODO yaml' do
let(:yaml_content) { nil }
include_context 'with custom TODO YAML'
include_examples 'ability found'
end
context 'with non-Hash TODO yaml' do
let(:yaml_content) { '[]' }
include_context 'with custom TODO YAML'
include_examples 'ability found'
end
end
context 'with unreachable ability' do
let(:subject) { child }
let(:ability) { :drink_coffee }
include_examples 'ability not found', warning: 'Testing::ChildPolicy'
context 'when ignored in TODO YAML' do
let(:yaml_content) do
<<~YAML
Testing::ChildPolicy:
- #{ability}
YAML
end
include_context 'with custom TODO YAML'
include_examples 'ability not found', warning: false
end
end
context 'with unknown ability' do
let(:subject) { parent }
let(:ability) { :unknown }
include_examples 'ability not found', warning: 'Testing::ParentPolicy'
end
context 'with delegated ability' do
let(:subject) { parent }
let(:ability) { :eat_ice }
include_examples 'ability found'
end
end
end
|
