RubyGems - AccessControl - Versions diffs - 0.2.6 - Mend

AccessControl 0.2.6

Files changed (26) hide show

data/.gitignore +4 -0
data/README.markdown +105 -0
data/Rakefile +39 -0
data/VERSION +1 -0
data/generators/access_control/USAGE +8 -0
data/generators/access_control/access_control_generator.rb +49 -0
data/generators/access_control/templates/migrate/create_access_control_models.rb +29 -0
data/init.rb +9 -0
data/install.rb +1 -0
data/lib/access_control.rb +33 -0
data/lib/access_control/common_methods.rb +41 -0
data/lib/access_control/controller_helper.rb +10 -0
data/lib/access_control/language.rb +15 -0
data/lib/access_control/role_extension.rb +24 -0
data/lib/access_control/user_extension.rb +84 -0
data/lib/app/models/permission.rb +20 -0
data/lib/app/models/role.rb +14 -0
data/spec/access_controlled_user_spec.rb +91 -0
data/spec/models/permission_spec.rb +40 -0
data/spec/models/role_spec.rb +61 -0
data/spec/spec_helper.rb +11 -0
data/spec/support/access_control_user.rb +5 -0
data/spec/support/authorizable.rb +61 -0
data/spec/support/schema.rb +39 -0
data/tasks/access_control_tasks.rake +6 -0
metadata +85 -0

data/.gitignore ADDED

@@ -0,0 +1,4 @@
+*.gem
+*.gemspec
+pkg/*
+._*

data/README.markdown ADDED

@@ -0,0 +1,105 @@
+AccessControl
+=============
+AccessControl is a user authorization plugin. It gives you a role based permission system without having to do any work. There are users and roles, each have permission.
+A user can play any role and inherit permissions through that role. A user may also have individual permissions. For example, you can create a role to update
+the news section on your site and give a user that role. You may also give him permission to update contact information. Combining these two functionalities gives you
+a rich permission system inside your application.
+Features
+---------
+* Role Based
+* Easy to query permission (example: @current_user.can_manage_news?)
+* God permission
+* Easy to use
+Up and Running
+================
+Install
+-------
+First, prepare your application. AccessControl does not create user logins, it soley is a permission system. Your user model must be named User. AccessControl
+also uses two other models: Permission & Role. Once your users can login and log out, you are ready to use AccessControl.
+1. Install
+		sudo gem install AccessControl
+		config.gem 'AccessControl'
+2. Prepare the database
+		./script/generate access_control models
+		rake db:migrate
+Step 2 creates a migration that creates one join table, role, and permission table. Migrate your database and you are ready to start working with permissions.
+Working with Permissions
+-------
+Each permission you need in your application is a column in the permission model. Once again, we use a migration to create our permission.
+		./script/generate access_control permission NameOfYourPermission
+		./script/generate access_control permission YourFirstPermission YourSecondPermission YourThirdPermission
+The first creates a named migration. As you can see from the second example you can also create multiple permissions at once. Now, install your permissions:
+		rake db:migrate
+You're permissions are now ready. They can be attached to a user or a role. Now, you need to tell your user model that is has access controls:
+		class User < ActiveRecord::Base
+			has_access_controls
+			# some more code
+		end
+And that's it! You are now ready to start granting and creating your authorization structure. First, lets focus on our users.
+Let us assume that there is a permission named PostNews. In your application, permissions are passed in underscore notation so post_news is correct.
+Let's give a user this permission:
+		user = User.find_by_name "Adam", "Hawkins"
+		user.can_post_news?
+		user.grant :post_news
+		user.can_post_news?
+Voilla, Adam can now post_news. But that's no good by itself. So now check aganist for the permission in the controller:
+		class NewsController < ActionController::Base
+			before_filter permission_required(@current_user, :post_news)
+		end
+Your controllers are protected from people who can't post news. Now lets expand our permissions by adding a role:
+		editors = Role.create :name => "Editors", :description => "Manage content around the site." # Description is optional
+		# assuming we have these permissions in the system
+		editors.grant :manage_news
+		editors.grant :manage_categories
+		editors.grant :manage_comments
+		editors.grant :ban_users
+		# now we need adam to be an editor
+		user.plays :editor
+		user.can_manage_news? (true)
+		user.can_manage_categories? (true)
+		user.can_manage_comments (true)
+		user.can_ban_users? (true)
+Man, Adam sure got a lot of responsibilities, hopefully you trust him :)
+Using the language
+==============
+Here are the methods available on User & Role objects:
+	Authorizable#authorize(permission)
+	Authorizable#grant(permission)
+	Authorizable#deauthorize(permission)
+	Authorizable#cannot?(permission)
+	Authorizable#god?
+	Authorizable#can_permission_name?
+	Authorizable#can_not_permission_name?
+	Authorizable#permissions
+	Authorizable#has_permission?(permission)
+	Authorizable#can?(permission)
+User Methods:
+	User#plays?(role)
+	User#plays(role)
+	User#does_not_play?(role)
+	User#does_not_play(role)
+	User#roles (and all other has_and_belongs_to_many methods)
+	User#has_any_permissions? (useful to see if you should allow someone into an admin area)
+Copyright (c) 2009 Adam Hawkins, released under the MIT license

data/Rakefile ADDED

@@ -0,0 +1,39 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+desc 'Default: run unit tests.'
+task :default => :test
+desc 'Test the access_control plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+desc 'Generate documentation for the access_control plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'AccessControl'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |s|
+    s.name = "AccessControl"
+    s.summary = "Simple role based authorization for rails"
+    s.email = "Adman1965@gmail.com"
+    s.homepage = "http://github.com/Adman65/AccessControl"
+    s.description = "Simple role based authorization for rails"
+    s.authors = ["Adam Hawkins"]
+    Jeweler::GemcutterTasks.new
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end

data/VERSION ADDED

	@@ -0,0 +1 @@
1	+ 0.2.6

data/generators/access_control/USAGE ADDED

@@ -0,0 +1,8 @@
+Description:
+    Explain the generator
+Example:
+    ./script/generate access_control Thing
+    This will create:
+        what/will/it/create

data/generators/access_control/access_control_generator.rb ADDED

@@ -0,0 +1,49 @@
+class AccessControlGenerator < Rails::Generator::NamedBase
+  attr_reader :mode, :args
+  def initialize(args,runtime_options = {})
+    super
+    mode = args.first.downcase if args.is_a? Array
+    case mode
+    when 'models'
+      @mode = :models
+    when 'permission'
+      @mode = :permission
+    else
+      raise 'You must specify what to generate: models or permission'
+    end
+    @permission_names = args[1..args.size].map { |name| name.underscore.downcase} if args.is_a? Array
+    @permission_name = args.second.underscore.downcase if args.is_a? Array and args.size.eql?(2)
+    @args = args
+  end
+  def manifest
+    record do |m|
+      case mode
+      when :models
+        # m.directory "lib"
+        # m.template 'README', "README"
+        m.migration_template File.join("migrate","create_access_control_models.rb"), File.join("db","migrate"), :migration_file_name => "GenerateAccessControlModels".underscore
+      when :permission
+        file_name = "create_multiple_permissions_#{@permission_names.join('_').underscore}" if args.size > 2
+        file_name = "create_permission_#{@permission_name}" if args.size.eql? 2
+        m.migration_template "migration:migration.rb", File.join("db","migrate"), :assigns => migration_options, :migration_file_name => file_name
+      end
+    end
+  end
+  private
+  def migration_options
+    assigns = {}
+    assigns[:migration_action] = "add"
+    assigns[:class_name] = "create_multiple_permissions_#{@permission_names.join('_').underscore}".camelize if @permission_names
+    assigns[:class_name] = "create_permission_#{@permission_name}" if @permission_name
+    assigns[:table_name] = "permissions"
+    assigns[:attributes] = @permission_names.map {|name| Rails::Generator::GeneratedAttribute.new(name, "boolean")}
+    assigns
+  end
+end

data/generators/access_control/templates/migrate/create_access_control_models.rb ADDED

@@ -0,0 +1,29 @@
+class GenerateAccessControlModels < ActiveRecord::Migration
+  def self.up
+    create_table "permissions" do |t|
+       t.integer  "authorizable_id"
+       t.string   "authorizable_type"
+       t.datetime "created_at"
+       t.datetime "updated_at"
+       t.boolean "god", :default => false
+    end
+    create_table "roles" do |t|
+      t.string   "name"
+      t.string   "description"
+      t.datetime "created_at"
+      t.datetime "updated_at"
+    end
+    create_table "user_roles", :id => false  do |t|
+      t.integer "user_id"
+      t.integer "role_id"
+    end
+  end
+  def self.down
+    drop_table :permisisons
+    drop_table :roles
+    drop_table :user_roles
+  end
+end

data/init.rb ADDED

@@ -0,0 +1,9 @@
+# Include hook code here
+%w{ models controllers helpers }.each do |dir|
+  path = File.join(directory, 'lib', dir)
+  $: << path
+  ActiveSupport::Dependencies.load_paths << path
+  ActiveSupport::Dependencies.load_once_paths.delete(path)
+end
+require 'access_control.rb'

data/install.rb ADDED

	@@ -0,0 +1 @@
1	+ # Install hook code here

data/lib/access_control.rb ADDED

@@ -0,0 +1,33 @@
+# AccessControl
+require File.join(File.dirname(__FILE__), 'access_control', 'user_extension')
+require File.join(File.dirname(__FILE__), 'access_control', 'controller_helper')
+require File.join(File.dirname(__FILE__), 'access_control', 'common_methods')
+require File.join(File.dirname(__FILE__), 'access_control', 'language')
+require File.join(File.dirname(__FILE__), 'access_control', 'role_extension')
+%w{ models }.each do |dir|
+  path = File.join(File.dirname(__FILE__), 'app', dir)
+  $LOAD_PATH << path
+  ActiveSupport::Dependencies.load_paths << path
+  ActiveSupport::Dependencies.load_once_paths.delete(path)
+end
+module AccessControl
+  module MacroMethods
+    def self.included base
+      base.extend ClassMethods
+    end
+    module ClassMethods
+      def has_access_controls
+        include AccessControl::UserExtension
+      end
+    end
+  end
+end
+ActiveRecord::Base.send :include, AccessControl::MacroMethods
+ActionController::Base.send :include, AccessControl::ControllerHelper

data/lib/access_control/common_methods.rb ADDED

@@ -0,0 +1,41 @@
+module AccessControl
+  module CommonMethods
+    def self.included(klass)
+      klass.class_eval do
+        alias_method :authorize, :grant
+      end
+    end
+    def grant(perm)
+      self.permission = Permission.create if self.permission.nil?
+      perm = perm.to_s if perm.is_a? Symbol
+      raise "Permission (#{perm}) does not exist" unless self.permission.respond_to? perm.to_sym
+      self.permission.update_attribute(perm,true)
+    end
+    def deauthorize perm
+      self.permission = Permission.create if self.permission.nil?
+      perm = perm.to_s if perm.is_a? Symbol
+      raise "Permission (#{perm}) does not exist" unless self.permission.respond_to? perm.to_sym
+      self.permission.update_attribute(perm,false)
+    end
+    def cannot? perm
+      !has_permission? perm
+    end
+    def god?
+      has_permission? :god
+    end
+    def has_local_permission? perm
+      perm = perm.to_s if perm.is_a? Symbol
+      raise "Permission (#{perm}) does not exist" unless Permission.new.respond_to? perm.to_sym
+      return false if self.permission.nil?
+      return true if self.permission.god
+      self.permission.send(perm)
+    end
+  end
+end

data/lib/access_control/controller_helper.rb ADDED

@@ -0,0 +1,10 @@
+module AccessControl
+  module ControllerHelper
+    def permission_required user, perm
+      unless user.has? perm
+        flash[:error] = "You do not have permissions in this area."
+        redirect_back_or_default
+      end
+    end
+  end
+end

data/lib/access_control/language.rb ADDED

@@ -0,0 +1,15 @@
+module AccessControl
+  module Language
+    def method_missing(method_id, *attrs)
+      if /can_not_(.+)\?/.match(method_id.to_s)
+        return !has_permission?($~[1])
+      elsif /can_(.+)\?/.match(method_id.to_s)
+        return has_permission?($~[1])
+      else
+        super
+      end
+    end
+  end
+end

data/lib/access_control/role_extension.rb ADDED

@@ -0,0 +1,24 @@
+module AccessControl
+  module RoleExtension
+    def self.included(klass)
+      klass.class_eval do
+        include AccessControl::CommonMethods
+        include AccessControl::Language
+        has_and_belongs_to_many :users, :join_table => :user_roles
+        has_one :permission, :as => :authorizable, :dependent => :destroy
+        alias :has_permission? :has_local_permission?
+        alias :can? :has_local_permission?
+        accepts_nested_attributes_for :permission
+      end
+    end
+    def permissions
+      self.permission.set_permissions
+    end
+  end
+end

data/lib/access_control/user_extension.rb ADDED

@@ -0,0 +1,84 @@
+module AccessControl
+  module UserExtension
+    def self.included(klass)
+      klass.class_eval do
+          include AccessControl::CommonMethods
+          include AccessControl::Language
+          has_one :permission, :as => :authorizable, :dependent => :destroy
+          has_and_belongs_to_many :roles, :join_table => :user_roles
+          alias_method :can?, :has_permission?
+          accepts_nested_attributes_for :permission
+        end
+    end
+    def plays role
+      role = role.to_s if role.is_a? Symbol
+      r = Role.find_by_name role.downcase
+      raise "#{role} does not exist." if r.nil?
+      roles << r
+      true
+    end
+    def plays? role
+      role = role.to_s if role.is_a? Symbol
+      actual_role = Role.find_by_name(role.downcase)
+      raise "#{role} does not exist" if actual_role.nil?
+      roles.include? actual_role
+    end
+    def does_not_play? role
+      !plays? role
+    end
+    def does_not_play role
+      role = role.to_s if role.is_a? Symbol
+      actual_role = Role.find_by_name(role.downcase)
+      raise "#{role} does not exist" if actual_role.nil?
+      roles.delete actual_role
+    end
+    def has_permission? perm
+      return true if has_local_permission? perm
+      roles.each do |role|
+        return true if role.has_local_permission? perm
+      end
+      false
+    end
+    def permissions
+      set = self.permission.set_permissions unless self.permission.nil?
+      set = [] if set.nil?
+      set = [set] if set.is_a? String
+      role_permissions = []
+      roles.each do |role|
+        role_perms = role.permission.set_permissions
+        role_permissions << role_perms if role_perms.is_a? String
+        role_permissions = role_permissions + role_perms if role_perms.is_a? Array
+      end
+      total = set + role_permissions
+      total.uniq
+    end
+    def has_any_permissions?
+      !self.permissions.empty?
+    end
+    def roles_attributes=(attributes)
+      if attributes.size == 1
+        self.roles.clear
+      else
+        keys = []
+        attributes.each_key do |id|
+          keys << id unless id.to_i.eql? 0
+        end
+        self.role_ids = keys
+      end
+    end
+  end
+end

data/lib/app/models/permission.rb ADDED

@@ -0,0 +1,20 @@
+class Permission < ActiveRecord::Base
+	belongs_to :authorizable, :polymorphic => true
+	def self.names
+	  boolean_columns = columns.select { |column| column.type == :boolean}
+	  boolean_columns.map { |column| column.name }
+  end
+  def empty?
+    set_permissions.empty?
+  end
+  def set_permissions
+    Permission.names.select {|name| self.send(name.to_sym).eql?(true)}
+  end
+  def clear
+    Permission.names.select {|name| self.update_attribute(name.to_sym,false)}
+  end
+end

data/lib/app/models/role.rb ADDED

@@ -0,0 +1,14 @@
+#require '../access_control'
+class Role < ActiveRecord::Base
+	include AccessControl::RoleExtension
+	validates_presence_of :name
+	validates_uniqueness_of :name
+	validates_length_of :description, :maximum => 100, :allow_nil => true
+  def before_validation
+    self.name = self.name.downcase unless self.name.nil?
+  end
+end

data/spec/access_controlled_user_spec.rb ADDED

@@ -0,0 +1,91 @@
+require 'spec_helper'
+require 'support/access_control_user'
+describe "User with access controls" do
+  before(:each) do
+    @authorizable = User.new
+    @user = @authorizable
+    @admin_role = Role.create!(:name => "admin")
+  end
+  after(:each) do
+    @admin_role.destroy
+  end
+  it_should_behave_like "Authorizable"
+  describe "Working with Roles" do
+    it "should be a role after granting a role" do
+      lambda {@user.plays?(:rspec)}.should raise_error
+      r = Role.create! :name => "Rspec", :description => "runs rspec tests"
+      @user.plays("Rspec").should be_true
+      @user.plays?(:rspec).should be_true
+    end
+    it "should raise an error when setting a role that doesn't exsist" do
+      lambda {@user.plays(:fake_role)}.should raise_error
+    end
+    it "should raise an error when asking if a user plays a role that doesn't exist" do
+      lambda {@user.plays?(:fake_role)}.should raise_error
+    end
+  end
+  describe "Checking Authorization" do
+    it "should authorize god users on any permission" do
+      @user.can?(:manage_news).should be_false
+      @user.grant(:god).should be_true
+      Permission.names.each {|name| @user.can?(name).should be_true}
+    end
+    it "should authorize if the user the permission through a role" do
+      @user.can_manage_news?.should be_false
+      @admin_role.can_manage_news?.should be_false
+      @user.plays(:admin).should be_true
+      @admin_role.grant(:manage_news).should be_true
+      @user.can_manage_news?.should be_true
+      @user.roles.clear
+      @user.can_manage_news?.should be_false
+    end
+    it "should authorize if the user has permission through his permissions" do
+      @user.can_manage_schedule?.should be_false
+      @user.grant(:manage_schedule).should be_true
+      @user.can_manage_schedule?.should be_true
+    end
+    it "should be able to check access denied" do
+      @user.permission = nil
+      @user.roles.clear
+      @user.can_not_manage_schedule?.should be_true
+    end
+  end
+  describe "Counting total permissions" do
+    it "should have permissions if they belong to the user" do
+      @user.has_any_permissions?.should be_false
+      @user.permissions.empty?.should be_true
+      @user.grant :manage_news
+      @user.permissions.should_not be_nil
+      @user.permissions.should eql(['manage_news'])
+      @user.has_any_permissions?.should be_true
+    end
+    it "should have permissions through roles" do
+      @user.has_any_permissions?.should be_false
+      @user.grant :manage_news
+      @admin_role.grant :manage_schedule
+      @user.plays :admin
+      @user.permissions.should be_a(Array)
+      @user.permissions.size.should eql(2)
+      @user.permissions.include?('manage_schedule').should be_true
+      @user.permissions.include?('manage_news').should be_true
+      @user.has_any_permissions?.should be_true
+      @user.permission.clear
+      @user.permissions.should be_a(Array)
+      @user.permissions.should eql(['manage_schedule'])
+    end
+  end
+end

data/spec/models/permission_spec.rb ADDED

@@ -0,0 +1,40 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+describe "Permission" do
+  it "should be able to clear permissions" do
+    permission = Permission.new
+    permission.run_tests = true
+    permission.god = true
+    permission.post_news = true
+    permission.clear
+    permission.run_tests.should be_false
+    permission.god.should be_false
+    permission.post_news.should be_false
+  end
+  describe "Counting Permissions" do
+    it "should be empty if no permissions are set" do
+      permission = Permission.new
+      permission.empty?.should be_true
+    end
+    describe "Set Permissions" do
+      it "should return an empty array if none are set" do
+        permission = Permission.new
+        permission.set_permissions.should be_a(Array)
+        permission.set_permissions.empty?.should be_true
+      end
+      it "should return an array of set permissions" do
+        permission = Permission.new
+        permission.run_tests = true
+        permission.god = true
+        permission.set_permissions.should be_a(Array)
+        permission.set_permissions.size.should eql(2)
+        permission.set_permissions.include?('run_tests').should be_true
+        permission.set_permissions.include?('god').should be_true
+      end
+    end
+  end
+end

data/spec/models/role_spec.rb ADDED

@@ -0,0 +1,61 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+describe "Role" do
+  before(:each) do
+    @valid_attributes = {
+      :name => "Role name",
+      :description => "Role Description",
+    }
+  end
+  it "should require a name" do
+    role = Role.create(@valid_attributes.except(:name))
+    role.should_not be_valid
+    role.errors.size.should eql(1)
+    role.errors.on(:name).should_not be_nil
+  end
+  it "should require a unique name" do
+    Role.create(@valid_attributes)
+    r = Role.create(@valid_attributes)
+    r.should_not be_valid
+    r.errors.size.should eql(1)
+    r.errors.on(:name).should_not be_nil
+  end
+  it "should only allow descriptions up to 100 characters" do
+    @valid_attributes[:description] = "2" * 101
+    r = Role.create @valid_attributes
+    r.should_not be_valid
+    r.errors.on(:description).should match(/is too long/)
+  end
+  it "should create a new instance given valid attributes" do
+    Role.destroy_all
+    Role.create!(@valid_attributes)
+    Role.destroy_all
+  end
+  it "should always downcase named" do
+    r = Role.create(@valid_attributes)
+    r.name.should eql(@valid_attributes[:name].downcase)
+  end
+  describe "Permission System" do
+    before(:each) do
+      @role = Role.create! @valid_attributes
+      @authorizable = @role
+    end
+    after(:each) do
+      @role.destroy
+    end
+    it_should_behave_like "Authorizable"
+  end
+end

data/spec/spec_helper.rb ADDED

@@ -0,0 +1,11 @@
+ENV['RAILS_ENV'] = 'test'
+ENV['RAILS_ROOT'] ||= File.dirname(__FILE__) + '/../../../..'
+require File.expand_path(File.join(ENV['RAILS_ROOT'], 'config/environment.rb'))
+require File.join(File.dirname(__FILE__), '..', 'lib', 'access_control')
+require File.join(File.dirname(__FILE__), 'support', 'authorizable')
+ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :database => "access_control.sqlite3")
+load File.join(File.dirname(__FILE__), 'support', 'schema.rb')

data/spec/support/access_control_user.rb ADDED

@@ -0,0 +1,5 @@
+require '../lib/access_control'
+class User < ActiveRecord::Base
+  has_access_controls
+end

data/spec/support/authorizable.rb ADDED

@@ -0,0 +1,61 @@
+shared_examples_for "Authorizable" do
+  describe "DSL" do
+    it "should have method in the format of can_permission_name? to ask permission" do
+      Permission.names.each do |permission|
+        method_name = ("can_" + permission.downcase + "?").to_sym
+        @authorizable.send(method_name)
+      end
+    end
+    it "should have a method formatted like can_not_permission? to see if denied" do
+      Permission.names.each do |permission|
+        method_name = ("can_not_" + permission.downcase + "?").to_sym
+        @authorizable.send(method_name)
+      end
+    end
+    it "should raise an error when asking can_permission_that_deoesnt_exist" do
+      lambda{ @authorizable.can_permission_that_has_no_chance_of_existing?}.should raise_error
+    end
+    it "should also raise an error when asking can_not?" do
+      lambda{ @authorizable.can_not_permission_that_has_no_chance_of_existing?}.should raise_error
+    end
+  end
+  describe "Granting a permission" do
+    it "should have a method to grant a permission" do
+      @authorizable.respond_to?(:grant).should be_true
+    end
+    it "should take a symbol as a permission name" do
+      lambda {@authorizable.grant(:manage_users)}.should_not raise_error
+    end
+    it "should take a string as a permission name" do
+      lambda { @authorizable.grant("manage_users")}.should_not raise_error
+    end
+    it "should raise an error if the permission is not a string or symbol" do
+      lambda { @authorizable.grant([:permission, :permission])}.should raise_error
+    end
+    it "should only grant permissions that exist" do
+      @authorizable.grant(:manage_news).should be_true
+    end
+    it "should raise an error when permissions don't exist" do
+      lambda { @authorizable.grant(:adsfjk238748723478)}.should raise_error
+    end
+    it "should be able to authorize after granting" do
+      @authorizable.can?(:manage_news).should be_false
+      @authorizable.grant(:manage_news).should be_true
+      @authorizable.can?(:manage_news).should be_true
+    end
+    it "should have a method to check to see if it is god" do
+      @authorizable.respond_to?(:god?).should be_true
+    end
+  end
+end

data/spec/support/schema.rb ADDED

@@ -0,0 +1,39 @@
+ActiveRecord::Schema.define do
+  create_table "permissions", :force => true do |t|
+    t.integer  "authorizable_id"
+    t.string   "authorizable_type"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+    t.boolean  "run_tests",           :default => false
+    t.boolean  "post_news", :default => false
+    t.boolean   "manage_news", :default => false
+    t.boolean "manage_users", :default => false
+    t.boolean  "god",                   :default => false
+    t.boolean  "manage_events",         :default => false
+    t.boolean "manage_schedule", :default => false
+  end
+  create_table "role_permissions", :id => false, :force => true do |t|
+    t.integer "role_id"
+    t.integer "permission_id"
+  end
+  create_table "roles", :force => true do |t|
+    t.string   "name"
+    t.string   "description"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+  create_table "user_roles", :id => false, :force => true do |t|
+    t.integer "user_id"
+    t.integer "role_id"
+  end
+  create_table "users", :force => true do |t|
+    t.string "name"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+end

data/tasks/access_control_tasks.rake ADDED

@@ -0,0 +1,6 @@
+namespace :access_control do
+  task :permissions => :environment do
+    desc "Lists all available permissions"
+    Permission.names.each {|name| puts name}
+  end
+end

metadata ADDED

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification
+name: AccessControl
+version: !ruby/object:Gem::Version
+  version: 0.2.6
+platform: ruby
+authors:
+- Adam Hawkins
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2009-11-20 00:00:00 -08:00
+default_executable:
+dependencies: []
+description: Simple role based authorization for rails
+email: Adman1965@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.markdown
+files:
+- .gitignore
+- README.markdown
+- Rakefile
+- VERSION
+- generators/access_control/USAGE
+- generators/access_control/access_control_generator.rb
+- generators/access_control/templates/migrate/create_access_control_models.rb
+- init.rb
+- install.rb
+- lib/access_control.rb
+- lib/access_control/common_methods.rb
+- lib/access_control/controller_helper.rb
+- lib/access_control/language.rb
+- lib/access_control/role_extension.rb
+- lib/access_control/user_extension.rb
+- lib/app/models/permission.rb
+- lib/app/models/role.rb
+- spec/access_controlled_user_spec.rb
+- spec/models/permission_spec.rb
+- spec/models/role_spec.rb
+- spec/spec_helper.rb
+- spec/support/access_control_user.rb
+- spec/support/authorizable.rb
+- spec/support/schema.rb
+- tasks/access_control_tasks.rake
+has_rdoc: true
+homepage: http://github.com/Adman65/AccessControl
+licenses: []
+post_install_message:
+rdoc_options:
+- --charset=UTF-8
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+requirements: []
+rubyforge_project:
+rubygems_version: 1.3.5
+signing_key:
+specification_version: 3
+summary: Simple role based authorization for rails
+test_files:
+- spec/access_controlled_user_spec.rb
+- spec/models/permission_spec.rb
+- spec/models/role_spec.rb
+- spec/spec_helper.rb
+- spec/support/access_control_user.rb
+- spec/support/authorizable.rb
+- spec/support/schema.rb