Skip to content

Commit

Permalink
Add regression test for view-level policy_scope
Browse files Browse the repository at this point in the history
See 87d859a and #207.

Effectively `policy_scope` in the view should not make the controller consider itself as scoped.
  • Loading branch information
Burgestrand committed Oct 11, 2024
1 parent 0b9b3a6 commit e3579f6
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 2 deletions.
18 changes: 18 additions & 0 deletions spec/pundit/helper_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# frozen_string_literal: true

require "spec_helper"

RSpec.describe Pundit::Helper do
let(:user) { double }
let(:controller) { Controller.new(user, "update", double) }
let(:view) { Controller::View.new(controller) }

describe "#policy_scope" do
it "doesn't flip pundit_policy_scoped?" do
scoped = view.policy_scope(Post)

expect(scoped).to be(Post.published)
expect(controller).not_to be_pundit_policy_scoped
end
end
end
26 changes: 24 additions & 2 deletions spec/support/lib/controller.rb
Original file line number Diff line number Diff line change
@@ -1,14 +1,36 @@
# frozen_string_literal: true

class Controller
attr_reader :current_user, :action_name, :params

class View
def initialize(controller)
@controller = controller
end

attr_reader :controller
end

class << self
def helper(mod)
View.include(mod)
end

def helper_method(method)
View.class_eval <<-RUBY, __FILE__, __LINE__ + 1
def #{method}(*args, **kwargs, &block)
controller.send(:#{method}, *args, **kwargs, &block)
end
RUBY
end
end

include Pundit::Authorization
# Mark protected methods public so they may be called in test
# rubocop:disable Style/AccessModifierDeclarations
public(*Pundit::Authorization.protected_instance_methods)
# rubocop:enable Style/AccessModifierDeclarations

attr_reader :current_user, :action_name, :params

def initialize(current_user, action_name, params)
@current_user = current_user
@action_name = action_name
Expand Down

0 comments on commit e3579f6

Please sign in to comment.