1#!/bin/env rspec 2 3require 'spec_helper' 4require File.join(File.dirname(__FILE__), '../../', 'util', 'actionpolicy.rb') 5 6module MCollective 7 module Util 8 describe ActionPolicy do 9 let(:request) { stub(:agent => 'rspec_agent', :caller => 'rspec_caller', :action => 'rspec_action') } 10 let(:config) { stub(:configdir => '/rspecdir', :pluginconf => {}) } 11 let(:fixtures_dir) { File.join(File.dirname(__FILE__), 'fixtures') } 12 let(:actionpolicy) { ActionPolicy.new(request) } 13 14 before do 15 Config.stubs(:instance).returns(config) 16 end 17 18 describe "#action_in_actions?" do 19 it 'should correctly determine if the action is in the actions' do 20 expect(actionpolicy.action_in_actions?('one two three')).to be(false) 21 expect(actionpolicy.action_in_actions?('rspec_action another_action')).to be(true) 22 expect(actionpolicy.action_in_actions?('another_action rspec_action')).to be(true) 23 end 24 end 25 26 describe '#caller_in_groups?' do 27 before(:each) do 28 Log.stubs(:debug) 29 actionpolicy.parse_group_file(File.join(fixtures_dir, "groups")) 30 end 31 32 it 'should return false for nil groups' do 33 expect(actionpolicy.caller_in_groups?(nil)).to be(false) 34 end 35 36 it 'should find the caller in the groups' do 37 expect(actionpolicy.caller_in_groups?("sysadmin")).to be(true) 38 expect(actionpolicy.caller_in_groups?("app_admin")).to be(false) 39 expect(actionpolicy.caller_in_groups?("single_group")).to be(true) 40 expect(actionpolicy.caller_in_groups?("foo")).to be(false) 41 end 42 end 43 44 describe '#caller_in_callerids?' do 45 it 'should correctly determine if the caller is in the ids' do 46 expect(actionpolicy.caller_in_callerids?('one two three')).to be(false) 47 expect(actionpolicy.caller_in_callerids?('rspec_caller another_caller')).to be(true) 48 expect(actionpolicy.caller_in_callerids?('another_caller rspec_caller')).to be(true) 49 end 50 end 51 52 describe '#parse_group_file' do 53 before(:each) do 54 Log.stubs(:debug) 55 Log.stubs(:warn) 56 end 57 58 it 'should do nothing for nil groups files' do 59 expect(actionpolicy.parse_group_file(nil)).to be_nil 60 end 61 62 it 'should do nothing for non existing group files' do 63 File.expects(:exist?).with('/nonexisting/g_file').returns(false) 64 expect(actionpolicy.parse_group_file('/nonexisting/g_file')).to be_nil 65 end 66 67 it 'should do nothing for unreadable group files' do 68 File.expects(:exist?).with('/nonexisting/g_file').returns(true) 69 File.expects(:readable?).with('/nonexisting/g_file').returns(false) 70 expect(actionpolicy.parse_group_file('/nonexisting/g_file')).to be_nil 71 end 72 73 it 'should parse the groups correctly' do 74 groups = actionpolicy.parse_group_file(File.join(fixtures_dir, 'groups')) 75 76 # specifically verifies that only valid groups are in the list 77 expect(groups).to eq( 78 'sysadmin' => ['cert=sa1', 'cert=sa2', 'rspec_caller'], 79 'app_admin' => ['cert=aa1', 'cert=aa2'], 80 'single_group' => ['rspec_caller'], 81 ) 82 end 83 end 84 85 describe '#authorize' do 86 it 'should create a new ActionPolicy object and call #authorize_request' do 87 actionpolicy.expects(:authorize_request) 88 ActionPolicy.expects(:new).returns(actionpolicy) 89 ActionPolicy.authorize(request) 90 end 91 end 92 93 describe '#initialize' do 94 it 'should set the default values' do 95 expect(actionpolicy.config).to be(config) 96 expect(actionpolicy.agent).to eq('rspec_agent') 97 expect(actionpolicy.caller_id).to eq('rspec_caller') 98 expect(actionpolicy.action).to eq('rspec_action') 99 expect(actionpolicy.allow_unconfigured).to be(false) 100 expect(actionpolicy.configdir).to eq('/rspecdir') 101 expect(actionpolicy.groups).to eq({}) 102 expect(actionpolicy.enable_default).to be(false) 103 expect(actionpolicy.default_name).to eq('default') 104 end 105 106 it 'should set allow_unconfigured if set in config file' do 107 config.stubs(:pluginconf).returns({'actionpolicy.allow_unconfigured' => '1'}) 108 result = ActionPolicy.new(request) 109 expect(result.allow_unconfigured).to be(true) 110 end 111 end 112 113 describe '#authorize_request' do 114 before do 115 Log.stubs(:debug) 116 end 117 118 it 'should deny the request if policy file does not exist and allow_unconfigured is false' do 119 actionpolicy.expects(:lookup_policy_file).returns(nil) 120 121 expect{ 122 actionpolicy.authorize_request 123 }.to raise_error RPCAborted 124 end 125 126 it 'should return true if policy file does not exist but allow_unconfigured is true' do 127 actionpolicy.expects(:lookup_policy_file).returns(nil) 128 actionpolicy.allow_unconfigured = true 129 130 expect(actionpolicy.authorize_request).to be(true) 131 end 132 133 it 'should parse the policy file if it exists' do 134 actionpolicy.expects(:lookup_policy_file).returns('/rspecdir/policyfile') 135 actionpolicy.expects(:parse_policy_file).with('/rspecdir/policyfile') 136 actionpolicy.authorize_request 137 end 138 139 it 'should enforce precedence of enable_default over allow_unconfigured' do 140 actionpolicy.allow_unconfigured = true 141 actionpolicy.enable_default = true 142 actionpolicy.expects(:lookup_policy_file).returns('/rspec/default') 143 actionpolicy.expects(:parse_policy_file).with('/rspec/default') 144 actionpolicy.authorize_request 145 146 end 147 end 148 149 describe '#parse_policy_file' do 150 151 before do 152 Log.stubs(:debug) 153 end 154 155 it 'should deny the request if allow_unconfigured is false and no lines match' do 156 File.expects(:read).with('policyfile').returns('') 157 158 expect{ 159 actionpolicy.parse_policy_file('policyfile') 160 }.to raise_error RPCAborted 161 end 162 163 it 'should skip comment lines' do 164 File.expects(:read).with('policyfile').returns('#') 165 166 expect{ 167 actionpolicy.parse_policy_file('policyfile') 168 }.to raise_error RPCAborted 169 end 170 171 # Fixtures 172 173 it 'should parse the default alllow policy' do 174 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'default_allow'))).to be(true) 175 end 176 177 it 'should parse the default deny policy' do 178 expect{ 179 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'default_deny')) 180 }.to raise_error RPCAborted 181 end 182 183 # Example fixtures 184 185 it 'should parse example1 correctly' do 186 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example1'))).to be(true) 187 end 188 189 it 'should parse example2 correctly' do 190 request.stubs(:caller).returns('uid=500') 191 actionpolicy = ActionPolicy.new(request) 192 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example2'))).to be(true) 193 194 request.stubs(:caller).returns('uid=501') 195 actionpolicy = ActionPolicy.new(request) 196 expect{ 197 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example2')) 198 }.to raise_error RPCAborted 199 200 end 201 202 it 'should parse example3 correctly' do 203 request.stubs(:action).returns('rspec') 204 actionpolicy = ActionPolicy.new(request) 205 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example3'))).to be(true) 206 207 request.stubs(:action).returns('notrspec') 208 actionpolicy = ActionPolicy.new(request) 209 expect{ 210 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example3')) 211 }.to raise_error RPCAborted 212 213 end 214 215 it 'should parse example4 correctly' do 216 Util.stubs(:get_fact).with('foo').returns('bar') 217 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example4'))).to be(true) 218 219 Util.stubs(:get_fact).with('foo').returns('notbar') 220 expect{ 221 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example4')) 222 }.to raise_error RPCAborted 223 224 end 225 226 it 'should parse example5 correctly' do 227 Util.stubs(:has_cf_class?).with('rspec').returns(true) 228 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example5'))).to be(true) 229 230 Util.stubs(:has_cf_class?).with('rspec').returns(false) 231 expect{ 232 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example5')) 233 }.to raise_error RPCAborted 234 235 end 236 237 it 'should parse example6 correctly' do 238 request.stubs(:caller).returns('uid=500') 239 request.stubs(:action).returns('rspec') 240 actionpolicy = ActionPolicy.new(request) 241 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example6'))).to be(true) 242 243 request.stubs(:caller).returns('uid=501') 244 request.stubs(:action).returns('notrspec') 245 actionpolicy = ActionPolicy.new(request) 246 expect{ 247 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example6')) 248 }.to raise_error RPCAborted 249 250 end 251 252 it 'should parse example7 correctly' do 253 request.stubs(:caller).returns('uid=500') 254 Util.stubs(:get_fact).with('foo').returns('bar') 255 actionpolicy = ActionPolicy.new(request) 256 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example7'))).to be(true) 257 258 request.stubs(:caller).returns('uid=501') 259 Util.stubs(:get_fact).with('foo').returns('notbar') 260 actionpolicy = ActionPolicy.new(request) 261 expect{ 262 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example7')) 263 }.to raise_error RPCAborted 264 265 end 266 267 it 'should parse example8 correctly' do 268 request.stubs(:caller).returns('uid=500') 269 Util.stubs(:has_cf_class?).with('rspec').returns(true) 270 actionpolicy = ActionPolicy.new(request) 271 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example8'))).to be(true) 272 273 Util.stubs(:has_cf_class?).with('rspec').returns(false) 274 actionpolicy = ActionPolicy.new(request) 275 expect{ 276 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example8')) 277 }.to raise_error RPCAborted 278 279 end 280 281 it 'should parse example9 correctly' do 282 request.stubs(:caller).returns('uid=500') 283 request.stubs(:action).returns('rspec') 284 Util.stubs(:get_fact).with('foo').returns('bar') 285 actionpolicy = ActionPolicy.new(request) 286 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example9'))).to be(true) 287 288 request.stubs(:caller).returns('uid=501') 289 request.stubs(:action).returns('notrspec') 290 Util.stubs(:get_fact).with('foo').returns('notbar') 291 actionpolicy = ActionPolicy.new(request) 292 expect{ 293 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example9')) 294 }.to raise_error RPCAborted 295 296 end 297 298 it 'should parse example10 correctly' do 299 request.stubs(:caller).returns('uid=500') 300 request.stubs(:action).returns('rspec') 301 Util.stubs(:has_cf_class?).with('rspec').returns(true) 302 actionpolicy = ActionPolicy.new(request) 303 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example10'))).to be(true) 304 305 request.stubs(:caller).returns('uid=501') 306 request.stubs(:action).returns('notrspec') 307 Util.stubs(:has_cf_class?).with('rspec').returns(false) 308 actionpolicy = ActionPolicy.new(request) 309 expect{ 310 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example10')) 311 }.to raise_error RPCAborted 312 313 314 315 end 316 317 it 'should parse example11 correctly' do 318 request.stubs(:caller).returns('uid=500') 319 request.stubs(:action).returns('rspec') 320 Util.stubs(:has_cf_class?).with('rspec').returns(true) 321 Util.stubs(:get_fact).with('foo').returns('bar') 322 actionpolicy = ActionPolicy.new(request) 323 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example10'))).to be(true) 324 325 request.stubs(:caller).returns('uid=501') 326 request.stubs(:action).returns('notrspec') 327 Util.stubs(:has_cf_class?).with('rspec').returns(false) 328 Util.stubs(:get_fact).with('foo').returns('notbar') 329 actionpolicy = ActionPolicy.new(request) 330 expect{ 331 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example10')) 332 }.to raise_error RPCAborted 333 end 334 335 it 'should parse example12 correctly' do 336 request.stubs(:caller).returns('uid=500') 337 request.stubs(:action).returns('rspec') 338 Util.stubs(:has_cf_class?).with('rspec').returns(true) 339 Util.stubs(:get_fact).with('foo').returns('bar') 340 Util.stubs(:get_fact).with('bar').returns('foo') 341 actionpolicy = ActionPolicy.new(request) 342 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example12'))).to be(true) 343 end 344 345 it 'should parse example13 correctly' do 346 request.stubs(:caller).returns('uid=500') 347 request.stubs(:action).returns('rspec') 348 Util.stubs(:has_cf_class?).with('one').returns(true) 349 Util.stubs(:has_cf_class?).with('two').returns(true) 350 Util.stubs(:has_cf_class?).with('three').returns(false) 351 Util.stubs(:get_fact).with('foo').returns('bar') 352 actionpolicy = ActionPolicy.new(request) 353 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example13'))).to be(true) 354 end 355 356 it 'should parse example14 correctly' do 357 request.stubs(:caller).returns('uid=500') 358 request.stubs(:action).returns('rspec') 359 Util.stubs(:has_cf_class?).with('one').returns(true) 360 Util.stubs(:has_cf_class?).with('two').returns(false) 361 Util.stubs(:get_fact).with('foo').returns('bar') 362 actionpolicy = ActionPolicy.new(request) 363 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example14'))).to be(true) 364 end 365 366 it 'should parse example15 correctly' do 367 # first field 368 request.stubs(:caller).returns('uid=500') 369 actionpolicy = ActionPolicy.new(request) 370 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example15'))).to be(true) 371 372 # second field 373 request.stubs(:caller).returns('uid=600') 374 Util.stubs(:get_fact).with('customer').returns('acme') 375 Util.stubs(:has_cf_class?).with('acme::devserver').returns(true) 376 actionpolicy = ActionPolicy.new(request) 377 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example15'))).to be(true) 378 379 # third field 380 request.stubs(:caller).returns('uid=600') 381 request.stubs(:action).returns('status') 382 Util.stubs(:get_fact).with('customer').returns('acme') 383 actionpolicy = ActionPolicy.new(request) 384 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example15'))).to be(true) 385 386 # forth field 387 request.stubs(:caller).returns('uid=600') 388 request.stubs(:action).returns('status') 389 Util.stubs(:get_fact).with('customer').returns('acme') 390 actionpolicy = ActionPolicy.new(request) 391 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example15'))).to be(true) 392 393 # fith field 394 request.stubs(:caller).returns('uid=700') 395 request.stubs(:action).returns('restart') 396 Util.stubs(:get_fact).with('environment').returns('development') 397 Matcher.stubs(:eval_compound_fstatement).with('value' => 'enabled', 'name' => 'puppet', 'operator' => '==', 'params' => nil, 'r_compare' => 'false').returns(true) 398 actionpolicy = ActionPolicy.new(request) 399 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example15'))).to be(true) 400 end 401 402 it 'should parse example16 correctly' do 403 # match uid in the list 404 request.stubs(:caller).returns('uid=600') 405 actionpolicy = ActionPolicy.new(request) 406 expect(actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example16'))).to be(true) 407 408 # match uid not in the list 409 request.stubs(:caller).returns('uid=800') 410 actionpolicy = ActionPolicy.new(request) 411 expect{ 412 actionpolicy.parse_policy_file(File.join(fixtures_dir, 'example16')) 413 }.to raise_error RPCAborted 414 end 415 end 416 417 describe '#check_policy' do 418 before(:each) do 419 Log.stubs(:debug) 420 actionpolicy.parse_group_file(File.join(fixtures_dir, "groups")) 421 end 422 423 it 'should return false if the policy line does not include the caller' do 424 expect(actionpolicy.check_policy('caller', nil, nil, nil)).to be(false) 425 expect(actionpolicy.check_policy('app_admin', nil, nil, nil)).to be(false) 426 end 427 428 it 'should return false if the policy line does not include the action' do 429 expect(actionpolicy.check_policy(nil, 'action', nil, nil)).to be(false) 430 end 431 432 it 'should parse both facts and classes if callers and actions match' do 433 actionpolicy.expects(:parse_facts).with('*').returns(true).twice 434 actionpolicy.expects(:parse_classes).with('*').returns(true).twice 435 expect(actionpolicy.check_policy('rspec_caller', 'rspec_action', '*', '*')).to be(true) 436 expect(actionpolicy.check_policy('sysadmin', 'rspec_action', '*', '*')).to be(true) 437 end 438 439 it 'should parse a compound statement if callers and actions match but classes are excluded' do 440 actionpolicy.expects(:parse_compound).with('*').returns(true) 441 expect(actionpolicy.check_policy('rspec_caller', 'rspec_action', '*', nil)).to be(true) 442 end 443 end 444 445 describe '#parse_facts' do 446 it 'should return true if facts is a wildcard' do 447 expect(actionpolicy.parse_facts('*')).to be(true) 448 end 449 450 it 'should parse compound fact statements' do 451 actionpolicy.stubs(:is_compound?).returns(true) 452 actionpolicy.expects(:parse_compound).with('foo=bar and bar=foo').returns(true) 453 expect(actionpolicy.parse_facts('foo=bar and bar=foo')).to be(true) 454 end 455 456 it 'should parse all facts' do 457 actionpolicy.stubs(:is_compound?).returns(false) 458 actionpolicy.expects(:lookup_fact).twice.returns(true) 459 expect(actionpolicy.parse_facts('foo=bar bar=foo')).to be(true) 460 end 461 end 462 463 describe '#parse_classes' do 464 it 'should return true if classes is a wildcard' do 465 expect(actionpolicy.parse_classes('*')).to be(true) 466 end 467 468 it 'should parse compound class statements' do 469 actionpolicy.stubs(:is_compound?).returns(true) 470 actionpolicy.expects(:parse_compound).with('foo=bar and bar=foo').returns(true) 471 expect(actionpolicy.parse_facts('foo=bar and bar=foo')).to be(true) 472 end 473 474 it 'should parse all classes' do 475 actionpolicy.stubs(:is_compound?).returns(false) 476 actionpolicy.expects(:lookup_fact).times(3).returns(true) 477 expect(actionpolicy.parse_facts('foo bar baz')).to be(true) 478 end 479 end 480 481 describe '#lookup_fact' do 482 it 'should return false if a class is found in the fact field' do 483 Log.expects(:warn).with('Class found where fact was expected') 484 expect(actionpolicy.lookup_fact('rspec')).to be(false) 485 end 486 487 it 'should lookup a fact value and return its true value' do 488 Util.expects(:get_fact).with('foo').returns('bar') 489 expect(actionpolicy.lookup_fact('foo=bar')).to be(true) 490 end 491 end 492 493 describe '#lookup_class' do 494 it 'should return false if a fact is found in the class field' do 495 Log.expects(:warn).with('Fact found where class was expected') 496 expect(actionpolicy.lookup_class('foo=bar')).to be(false) 497 end 498 499 it 'should lookup a fact value and return its true value' do 500 Util.expects(:has_cf_class?).with('rspec').returns(true) 501 expect(actionpolicy.lookup_class('rspec')).to be(true) 502 end 503 end 504 505 describe '#lookup' do 506 it 'should call #lookup_fact if a fact was passed' do 507 actionpolicy.expects(:lookup_fact).with('foo=bar').returns(true) 508 expect(actionpolicy.lookup('foo=bar')).to be(true) 509 end 510 511 it 'should call #lookup_class if a class was passed' do 512 actionpolicy.expects(:lookup_class).with('/rspec/').returns(true) 513 expect(actionpolicy.lookup('/rspec/')).to be(true) 514 end 515 end 516 517 describe '#lookup_policy_file' do 518 before do 519 Log.stubs(:debug) 520 end 521 522 it 'should return the path of the policyfile is present' do 523 File.expects(:exist?).with('/rspecdir/policies/rspec_agent.policy').returns(true) 524 expect(actionpolicy.lookup_policy_file).to eq('/rspecdir/policies/rspec_agent.policy') 525 end 526 527 it 'should return the default file path if one is specified' do 528 config.stubs(:pluginconf).returns({'actionpolicy.enable_default' => '1'}) 529 File.expects(:exist?).with('/rspecdir/policies/rspec_agent.policy').returns(false) 530 File.expects(:exist?).with('/rspecdir/policies/default.policy').returns(true) 531 expect(actionpolicy.lookup_policy_file).to eq('/rspecdir/policies/default.policy') 532 end 533 534 it 'should return a custom default file path if one is specified' do 535 config.stubs(:pluginconf).returns({'actionpolicy.enable_default' => '1', 536 'actionpolicy.default_name' => 'rspec'}) 537 File.expects(:exist?).with('/rspecdir/policies/rspec_agent.policy').returns(false) 538 File.expects(:exist?).with('/rspecdir/policies/rspec.policy').returns(true) 539 expect(actionpolicy.lookup_policy_file).to eq('/rspecdir/policies/rspec.policy') 540 end 541 542 it 'should return false if no policy file exists' do 543 File.expects(:exist?).with('/rspecdir/policies/rspec_agent.policy').returns(false) 544 expect(actionpolicy.lookup_policy_file).to be(false) 545 end 546 end 547 548 describe '#eval_statement' do 549 it 'should return the logical string if param is not an statement or fstatement' do 550 expect(actionpolicy.eval_statement({'and' => 'and'})).to eq('and') 551 end 552 553 it 'should lookup the value of a statement if param is a statement' do 554 actionpolicy.expects(:lookup).with('foo=bar').returns(true) 555 expect(actionpolicy.eval_statement({'statement' => 'foo=bar'})).to be(true) 556 end 557 558 it 'should lookup the value of a data function if param is a fstatement' do 559 Matcher.expects(:eval_compound_fstatement).with("rspec('data').value=result").returns(true) 560 expect(actionpolicy.eval_statement({'fstatement' => "rspec('data').value=result"})).to be(true) 561 end 562 563 it 'should log a failure message and return false if the fstatement cannot be parsed' do 564 Matcher.expects(:eval_compound_fstatement).with("rspec('data').value=result").raises('error') 565 Log.expects(:warn).with('Could not call Data function in policy file: error') 566 expect(actionpolicy.eval_statement({'fstatement' => "rspec('data').value=result"})).to be(false) 567 end 568 end 569 570 describe '#is_compound?' do 571 it 'should return false if a compound statement was not identified' do 572 expect(actionpolicy.is_compound?('not')).to be(true) 573 expect(actionpolicy.is_compound?('!rspec')).to be(true) 574 expect(actionpolicy.is_compound?('and')).to be(true) 575 expect(actionpolicy.is_compound?('or')).to be(true) 576 expect(actionpolicy.is_compound?("data('field').value=othervalue")).to be(true) 577 end 578 579 it 'should return true if a compound statement was identified' do 580 expect(actionpolicy.is_compound?('f1=v1 f1=v2')).to be(false) 581 expect(actionpolicy.is_compound?('class1 class2 /class*/')).to be(false) 582 end 583 end 584 585 describe '#deny' do 586 it 'should log the failure and raise an RPCAborted error' do 587 Log.expects(:debug).with('fail') 588 expect{ 589 actionpolicy.deny('fail') 590 }.to raise_error RPCAborted 591 end 592 end 593 end 594 end 595end 596