#!/usr/bin/env perl
use warnings;
use strict;
=head1 DESCRIPTION
Tests that Jifty->api->(allow|deny) work; this is to
limit what users can do with temporary credentials (LetMes, etc)
=cut
use Jifty::Test tests => 21;
use_ok('Jifty::API');
my $api = Jifty::API->new();
ok($api->is_allowed("Jifty::Action::Autocomplete"), "Some Jifty actions are allowed");
ok(!$api->is_allowed("Jifty::Action::Record::Update"), "Most are not");
ok($api->is_allowed("Foo"), "Unqualified tasks default to positive limit");
ok($api->is_allowed("JiftyApp::Action::Foo"), "Qualified tasks default to positive limit");
eval { $api->allow ( qr'.*' ); };
like($@, qr/security reasons/, "Can't allow all actions");
$api->allow ( qr'Foo' );
ok($api->is_allowed("Foo"), "Positive limit doesn't cause negative limit");
$api->deny ( qr'Foo' );
ok(!$api->is_allowed("Foo"), "Later negative limit overrides");
$api->allow ( qr'Foo' );
ok($api->is_allowed("Foo"), "Even later positive limit overrides again");
$api->deny ( qr'Foo' );
ok(!$api->is_allowed("Foo"), "Regex negative limit");
ok(!$api->is_allowed("JiftyApp::Action::Foo"), "Regex negative limit, qualified");
ok(!$api->is_allowed("FooBar"), "Matches anywhere");
ok(!$api->is_allowed("ILikeFood"), "Matches anywhere");
ok($api->is_allowed("Bar"), "Doesn't impact other positive");
ok($api->is_allowed("JiftyApp::Action::Bar"), "Doesn't impact other positive, qualified");
$api->allow ( 'ILikeFood' );
ok($api->is_allowed("ILikeFood"), "Positive string exact match, unqualified on unqualified");
ok($api->is_allowed("JiftyApp::Action::ILikeFood"), "Positive string exact match, unqualified on qualified");
ok(!$api->is_allowed("ILikeFood::More"), "Positive string subclass match, unqualified on unqualified");
$api->allow ( 'JiftyApp::Action::ILikeFood' );
ok($api->is_allowed("ILikeFood"), "Positive string exact match, qualified on unqualified");
ok($api->is_allowed("JiftyApp::Action::ILikeFood"), "Positive string exact match, qualified on qualified");
ok(!$api->is_allowed("ILikeFood::More"), "Positive string subclass match, qualified on unqualified");
1;