Replies: 2 comments 6 replies
-
|
Yes, that would be a good addition (actually, it's on my private TODO list for Action Policy). In one project, I used the following API: it "is allowed" do
stub_policy(PlaygroundPolicy).to allow_rule(:manage_api?).for(playground)
expect(subject).to eq playground
end
it "is not allowed" do
stub_policy(PlaygroundPolicy).to deny_rule(:manage_api?).for(playground)
expect { subject }.to raise_error(PermissionError)
endAnd this is the implementation: # frozen_string_literal: true
module PolicyHelpers
class Stub
attr_reader :policy, :example
def initialize(policy, example)
@policy = policy
@example = example
end
def to(matcher)
# Pass policy as local var to the block
policy = self.policy
example.instance_exec do
allow_any_instance_of(policy).to receive(matcher.rule) do |instance|
expect(instance).to matcher
matcher.value
end
end
end
end
class Matcher < RSpec::Matchers::BuiltIn::HaveAttributes
attr_reader :rule, :value
def initialize(rule, value)
@rule = rule
@value = value
super({})
end
def for(record)
@expected[:record] = record
self
end
end
def stub_policy(policy_class)
Stub.new(policy_class, self)
end
def allow_rule(rule)
Matcher.new(rule, true)
end
def deny_rule(rule)
Matcher.new(rule, false)
end
end
RSpec.configure do |config|
config.include PolicyHelpers
endThe reason why it has never been upstreamed is that I had to use I hadn't had time to find a better way of handling this though. |
Beta Was this translation helpful? Give feedback.
-
|
I've had a go at an implementation that does not use API Exampledescribe CollectionPolicy, type: :policy do
let(:user) { create(:user) }
let(:collection) { create(:collection) }
let(:other_collection) { create(:collection) }
it 'can be stubbed true for a single record' do
stub_policy(CollectionPolicy).to allow_rule(:create?).for(collection)
expect(CollectionPolicy.new(collection, user: user).create?).to be(true)
expect(CollectionPolicy.new(other_collection, user: user).create?).to be(false)
end
it 'can be stubbed false for a single record' do
stub_policy(CollectionPolicy).to deny_rule(:create?).for(collection)
expect(CollectionPolicy.new(collection, user: user).create?).to be(false)
expect(CollectionPolicy.new(other_collection, user: user).create?).to be(false)
end
it 'can stub for all calls to a rule' do
stub_policy(CollectionPolicy).to allow_rule(:create?)
expect(CollectionPolicy.new(collection, user: user).create?).to be(true)
expect(CollectionPolicy.new(other_collection, user: user).create?).to be(true)
end
it 'can stub different rules with different results for a single record' do
stub_policy(CollectionPolicy).to [
allow_rule(:create?).for(collection),
allow_rule(:update?).for(collection),
deny_rule(:destroy?).for(collection)
]
expect(CollectionPolicy.new(collection, user: user).create?).to be(true)
expect(CollectionPolicy.new(collection, user: user).update?).to be(true)
expect(CollectionPolicy.new(collection, user: user).destroy?).to be(false)
end
it 'can stub different rules a single record as well as global rules' do
stub_policy(CollectionPolicy).to [
allow_rule(:create?),
allow_rule(:update?).for(collection)
]
expect(CollectionPolicy.new(collection, user: user).create?).to be(true)
expect(CollectionPolicy.new(other_collection, user: user).create?).to be(true)
expect(CollectionPolicy.new(collection, user: user).update?).to be(true)
expect(CollectionPolicy.new(other_collection, user: user).update?).to be(false)
end
endImplementationmodule Policy
class Stub
attr_reader :policy, :example
def initialize(policy, example)
@policy = policy
@example = example
end
def to(matchers)
matchers = [matchers] unless matchers.is_a? Enumerable
# Pass policy as local var to the block
policy = self.policy
example.instance_exec do
allow(policy).to receive(:new).and_wrap_original do |m, *args|
instance = m.call(*args)
record = args.first
global_matchers = matchers.reject(&:record)
global_rules = global_matchers.map(&:rule)
specific_matchers = matchers.select(&:record).reject { |matcher| global_rules.include? matcher.rule }
specific_matchers_by_rule = specific_matchers.inject({}) do |h, matcher|
(h[matcher.rule] ||= [])
h[matcher.rule] << matcher
h
end
global_matchers.each do |matcher|
expect(instance).to matcher
allow(instance).to receive(matcher.rule).and_return matcher.value
end
specific_matchers_by_rule.each do |rule, rule_matchers|
matcher_for_record = rule_matchers.find { |matcher| matcher.record == instance.record }
if matcher_for_record
expect(instance).to matcher_for_record
allow(instance).to receive(rule).and_return matcher_for_record.value
allow(instance).to receive(:allowed_to?).with(rule, record, any_args).and_return matcher_for_record.value
else
allow(instance).to receive(rule).and_call_original
allow(instance).to receive(:allowed_to?).and_call_original
end
end
instance
end
end
end
end
class Matcher < RSpec::Matchers::BuiltIn::RespondTo
attr_reader :rule, :value, :record
def initialize(rule, value)
@rule = rule
@value = value
super(rule)
end
def for(record)
@record = record
self
end
end
def stub_policy(policy_class)
Stub.new(policy_class, self)
end
def allow_rule(rule)
Matcher.new(rule, true)
end
def deny_rule(rule)
Matcher.new(rule, false)
end
end |
Beta Was this translation helpful? Give feedback.
-
|
What about chaining? stub_policy(CollectionPolicy).to allow_rule(:create?)
.and allow_rule(:update?).for(collection) |
Beta Was this translation helpful? Give feedback.
-
|
Regarding the implementation, I have only one concern: how easy it will be to do the same for Minitest? I was thinking about using our existing caching tools for this: memoized behaviour and cached apply for policies. |
Beta Was this translation helpful? Give feedback.
-
Chaining could work, if One way I could think of adding class MatcherArray < Array
def and(matcher)
unless matcher.is_a? Enumerable
self << matcher
else
self + matcher
end
end
end
class Matcher < RSpec::Matchers::BuiltIn::RespondTo
attr_reader :rule, :value, :record
def initialize(rule, value)
@rule = rule
@value = value
super(rule)
end
def for(record)
@record = record
self
end
def and(matcher)
arr = MatcherArray.new()
arr.and(self).and(matcher)
end
end |
Beta Was this translation helpful? Give feedback.
-
I am unfamiliar with minitest, to be honest.
I think having a predefined policy instance would be a vast improvement on my implementation. My implementation will re-run the stubbing code on every instantiation of that policy, whereas having a single instance with cached results for |
Beta Was this translation helpful? Give feedback.
-
|
@palkan Hi! Useful thread. I'm also looking at stubbing |
Beta Was this translation helpful? Give feedback.
-
|
Thanks! Yes, in the meantime, I still stick to this half-baked approach. Haven't had time to come back to this and incorporated into the library :( |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I've been using
action_policyin a number of projects at work, and have struggled with how best to set up tests where a user's authorization is mocked out.A specific issue: I have used
allowed_to?to define what parts of a page are rendered (e.g. links to #new paths). When writing rspec examples I don't want to go through setting up a user with the correct granular abilities for each system test. Instead, I would like to use a helper function that mocks out policies/actions:Is this a feature that could be added to
action_policy? If not, would I be able to get advice on which functions to mock out to achieve this? I have some working code at the moment, but it feels brittle as heck!Beta Was this translation helpful? Give feedback.
All reactions