proctoru / policy-assertions Goto Github PK

This is a really great gem I stumbled across today while reading about how to test Pundit with Minitest as I'm new to Pundit and new-ish to Minitest.

As I'm reading your instructions and testing things out, one thing jumped out at me.

In a permissions model where a particular show page is accessible to one user, but not another based on whatever criteria, it does not appear you can specifically test that using this gem. Would it be a good idea to have a test like:

def test_show(user(:first_user))
  assert_permit user(:first_user), User
  refute_permit nil, User
  refute_permit user(:other_user), User
end

Basically so I'm testing a specific "show" page rather than any show page?

Hi there

thank you for this gem.

Here is a sample out put:

Expected ProjectPolicy to grant update? on #<Project:0x00007f7d04514ef0> for #<User:0x00007f7d045001a8> but it didn't

The msg prints the user object. Is it possible to monkey patch it so that the msg is more meaningful?

Looks like it is coming from this line:

Or should I simply monkey patch user.to_s? but woulld you know how to do that only within the context of the PolicyAssertions::Test class? Pointers would be appreciated.

regards

Ben

Hi,

thanks for this usefull gem. I'm trying to test the permitted attributes defined in my policy, but I don't get your example :

assert_strong_parameters(users(:staff), Article, article_attributes, params)

What is "article_attributes" ? It should return a hash, I guess, but in my project, I don't have any "model_attributes" helper ... where does it come from ?

thanks.

It's not really an issue - more of a question:

I want to override assert_permit and refute_permit to make a slight tweak to the error message:

"Expected #{policy.class.name} to grant #{permission} "\
"on #{record} for #{user} but it didn't"

due to a slight difference in my Pundit set-up the user I authorize is a role with an associated user so I get:

Expected AreaPolicy to grant new? on Area for #<Enrollment:0x007fe58dc01de8> but it didn't
test/policies/area_policy_test.rb:20:in `test_new_and_create'

I just want to change #{user} to #{user.user}. I know I could fork this etc. but it seems way easier to just override the methods. Can I do this?

We are using a pundit_user method in our application controller and a UserContext object with can either have a user or an Ahoy::Visit - it is initialized: UserContext.new(user: current_user, visit: current_visit)

Any idea how I could test this for the Ahoy::Visit? Visits can have associated resources, so passing in nil as the user won't work.

I'm working on a project that requires keeping policy classes in modules and this line is giving me a problem since it is trimming my module names.

Could you give me an explanation why do we need to demodulize Policy class names here? I don't believe that this reflects Pundit functionality for obtaining Policy class names. Be aware of Manually specifying policy classes.

Thanks!

It would be good if this gem provided a module that you can just include in your test class instead of a class you have to inherit from. For example:

https://github.com/thoughtbot/factory_girl/blob/master/GETTING_STARTED.md#testunit

or (my own gem):

https://github.com/pupeno/assert_difference

You can still provide the class for people that want to use it and backward compatibility. If this is a change you'd be happy to adopt, I can provide the PR.

Hi - I understand this gem is probably not maintained - but is there currently a recommended pattern for testing that the scope returned by the policy matches the expectations?

Should I just do something like this? Is there a shorter / cleaner way?

expected = 10
actual = described_class::Scope.new(user, record).resolve.count
assert_equal expected, actual

I am following the docs on this but in my case I have an added scope to my policies - an enrollment which associates uses with a given tenant in my multi-tenant app. So for example my tests look like this:

test 'guests can not comment' do
  refute_permit users(:guest).enrollment, AssetCategory, 'comment?'
end

When a test fails I get something like this:

Expected AssetCategoryPolicy not to grant new? on AssetCategory for #<Enrollment:0x00007fb0890d8e00> but it did

I tried to monkey patch like this:

module PatchEnrollment
  refine Enrollment do
    def to_s
      user.name_last
    end
  end
end

In my fixtures I created a user for each type of role they are assigned and made the last name the same for situations like this. My hope was to have an output like this:

Expected AssetCategoryPolicy not to grant new? on AssetCategory for Guest but it did

My patch does not seem to be applied and throws no error (I do have using PatchEnrollment applied in my test_helper BTW).

Any ideas here? Can anyone confirm that the documented monkey patch works?