The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
SARTAK / Jifty-1.10518 / t / 07-limit-actions.t 
#!/usr/bin/env perl

use warnings;
use strict;

=head1 DESCRIPTION

Tests that Jifty->api->(allow|deny) work; this is to
limit what users can do with temporary credentials (LetMes, etc)

=cut

use Jifty::Test tests => 21;

use_ok('Jifty::API');

my $api = Jifty::API->new();

ok($api->is_allowed("Jifty::Action::Autocomplete"), "Some Jifty actions are allowed");
ok(!$api->is_allowed("Jifty::Action::Record::Update"), "Most are not");
ok($api->is_allowed("Foo"), "Unqualified tasks default to positive limit");
ok($api->is_allowed("JiftyApp::Action::Foo"), "Qualified tasks default to positive limit");

eval { $api->allow ( qr'.*' ); };
like($@, qr/security reasons/, "Can't allow all actions");

$api->allow ( qr'Foo' );
ok($api->is_allowed("Foo"), "Positive limit doesn't cause negative limit");

$api->deny ( qr'Foo' );
ok(!$api->is_allowed("Foo"), "Later negative limit overrides");
 
$api->allow ( qr'Foo' );
ok($api->is_allowed("Foo"), "Even later positive limit overrides again");

$api->deny  ( qr'Foo' );
ok(!$api->is_allowed("Foo"), "Regex negative limit");
ok(!$api->is_allowed("JiftyApp::Action::Foo"), "Regex negative limit, qualified");
ok(!$api->is_allowed("FooBar"), "Matches anywhere");
ok(!$api->is_allowed("ILikeFood"), "Matches anywhere");
ok($api->is_allowed("Bar"), "Doesn't impact other positive");
ok($api->is_allowed("JiftyApp::Action::Bar"), "Doesn't impact other positive, qualified");

$api->allow  ( 'ILikeFood' );
ok($api->is_allowed("ILikeFood"), "Positive string exact match, unqualified on unqualified");
ok($api->is_allowed("JiftyApp::Action::ILikeFood"), "Positive string exact match, unqualified on qualified");
ok(!$api->is_allowed("ILikeFood::More"), "Positive string subclass match, unqualified on unqualified");

$api->allow  ( 'JiftyApp::Action::ILikeFood' );
ok($api->is_allowed("ILikeFood"), "Positive string exact match, qualified on unqualified");
ok($api->is_allowed("JiftyApp::Action::ILikeFood"), "Positive string exact match, qualified on qualified");
ok(!$api->is_allowed("ILikeFood::More"), "Positive string subclass match, qualified on unqualified");

1;