RSpec::Authorization

RSpec matcher for declarative_authorization. A neat way of asserting declarative_authorization's rules inside controller using RSpec matcher.

Add this line to your application's Gemfile:

gem 'rspec-authorization', group: :test, require: false

Add this to spec_helper.rb:

require 'rspec/authorization'

And then execute:

bundle

Or install it yourself as:

gem install rspec-authorization

Current development focus is as follows, future development may support other dependencies, following are requirements for this gem:

• declarative_authorization 1.0.0.pre
• rails 4.x
• rspec-rails 3.1.x

In your controller spec:

describe ArticlesController do
  it { is_expected.to have_permission_for(:a_role).to(:restful_action_name) }

  it { is_expected.to have_permission_for(:writer).to(:index) }
  it { is_expected.to have_permission_for(:writer).to(:show) }
  it { is_expected.to have_permission_for(:writer).to(:new) }
  it { is_expected.to have_permission_for(:writer).to(:create) }
  it { is_expected.not_to have_permission_for(:writer).to(:edit) }
  it { is_expected.not_to have_permission_for(:writer).to(:update) }
  it { is_expected.not_to have_permission_for(:writer).to(:destroy) }
end

You can also use convenience restful helper methods:

describe ArticlesController do
  it { is_expected.to have_permission_for(:user).to_read }
  it { is_expected.not_to have_permission_for(:user).to_create }
  it { is_expected.not_to have_permission_for(:user).to_update }
  it { is_expected.not_to have_permission_for(:user).to_delete }

  it { is_expected.to have_permission_for(:writer).to_read }
  it { is_expected.to have_permission_for(:writer).to_create }
  it { is_expected.to have_permission_for(:writer).to_update }
  it { is_expected.not_to have_permission_for(:writer).to_delete }

  it { is_expected.to have_permission_for(:editor).to_manage }
end

Or you can also use the focused restful helper method as follows:

describe ArticlesController do
  it { is_expected.to have_permision_for(:user).only_to_read }
  it { is_expected.to have_permision_for(:writer).except_to_delete }
end

See {file:HISTORY.md} for history of changes.

rspec-authorization © 2014 by Hendra Uzia. rspec-authorization is licensed under the MIT license except for some files which come from the RDoc/Ruby distributions. Please see the {file:LICENSE.txt} documents for more information.

1. Fork it ( https://github.com/hendrauzia/rspec-authorization/fork )
2. Create your feature branch (git checkout -b my-new-feature)
3. Setup rails test app (bundle exec rake setup)
4. Test your changes (bundle exec rake spec)
5. Commit your changes (git commit -am 'Add some feature')
6. Push to the branch (git push origin my-new-feature)
7. Create a new Pull Request

1. Add changelog to history. (git changelog -l >> HISTORY.md)
2. Increase version number in lib/rspec/authorization/version.rb.
3. bundle exec appraisal update.
4. git commit -am "Prepare for release x.y.z".

1. bundle exec appraisal rake spec
2. git push origin master (wait for travis build to pass)
3. bundle exec rake release