Added authentication framework to protect actions behind a condition and redirect on failure. See ActionController::Authentication for more.

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@351 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

2 files changed, 94 insertions, 0 deletions

diff --git a/actionpack/test/controller/authentication_test.rb b/actionpack/test/controller/authentication_test.rb
new file mode 100644
index 0000000000..abf0409d08
--- /dev/null
+++ b/actionpack/test/controller/authentication_test.rb
@@ -0,0 +1,89 @@
+require File.dirname(__FILE__) + '/../abstract_unit'
+
+class AuthenticationTest < Test::Unit::TestCase
+  class ApplicationController < ActionController::Base
+    authentication :by => '@session[:authenticated]', :failure => { :controller => "login" }
+  end
+
+  class WeblogController < ApplicationController
+    def show()   render_text "I showed something"  end
+    def index()  render_text "I indexed something" end
+    def edit()   render_text "I edited something"  end
+    def update() render_text "I updated something" end
+    def login()  @session[:authenticated] = true; render_nothing end
+  end
+
+  class AuthenticatesWeblogController < WeblogController
+    authenticates :edit, :update
+  end
+
+  class AuthenticatesAllWeblogController < WeblogController
+    authenticates_all
+  end
+
+  class AuthenticatesAllExceptWeblogController < WeblogController
+    authenticates_all_except :show, :index, :login
+  end
+
+  class AuthenticatesSomeController < AuthenticatesAllWeblogController
+    authenticates_all_except :show
+  end
+
+  def setup
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+
+  def test_access_on_authenticates
+    @controller = AuthenticatesWeblogController.new
+
+    get :show
+    assert_success
+
+    get :edit
+    assert_redirected_to :controller => "login"
+  end
+
+  def test_access_on_authenticates_all
+    @controller = AuthenticatesAllWeblogController.new
+
+    get :show
+    assert_redirected_to :controller => "login"
+
+    get :edit
+    assert_redirected_to :controller => "login"
+  end
+
+  def test_access_on_authenticates_all_except
+    @controller = AuthenticatesAllExceptWeblogController.new
+
+    get :show
+    assert_success
+
+    get :edit
+    assert_redirected_to :controller => "login"
+  end
+  
+  def test_access_on_authenticates_some
+    @controller = AuthenticatesSomeController.new
+
+    get :show
+    assert_success
+
+    get :edit
+    assert_redirected_to :controller => "login"
+  end
+  
+  def test_authenticated_access_on_authenticates
+    @controller = AuthenticatesWeblogController.new
+
+    get :login
+    assert_success
+
+    get :show
+    assert_success
+
+    get :edit
+    assert_success
+  end
+end
\ No newline at end of file
diff --git a/actionpack/test/controller/render_test.rb b/actionpack/test/controller/render_test.rb
index ce778e1d7d..f983960e2e 100644
--- a/actionpack/test/controller/render_test.rb
+++ b/actionpack/test/controller/render_test.rb
@@ -126,6 +126,11 @@ class RenderTest < Test::Unit::TestCase
     assert_raises(ActionController::UnknownAction, "No action responded to [clone]") { process_request }
   end
 
+  def test_private_methods
+    @request.action = "determine_layout"
+    assert_raises(ActionController::UnknownAction, "No action responded to [determine_layout]") { process_request }
+  end
+
   def test_access_to_request_in_view
     ActionController::Base.view_controller_internals = false