RubyGems - AccessControl - Versions diffs - 0.2.6 - Mend

AccessControl 0.2.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (26) hide show

data/.gitignore +4 -0
data/README.markdown +105 -0
data/Rakefile +39 -0
data/VERSION +1 -0
data/generators/access_control/USAGE +8 -0
data/generators/access_control/access_control_generator.rb +49 -0
data/generators/access_control/templates/migrate/create_access_control_models.rb +29 -0
data/init.rb +9 -0
data/install.rb +1 -0
data/lib/access_control.rb +33 -0
data/lib/access_control/common_methods.rb +41 -0
data/lib/access_control/controller_helper.rb +10 -0
data/lib/access_control/language.rb +15 -0
data/lib/access_control/role_extension.rb +24 -0
data/lib/access_control/user_extension.rb +84 -0
data/lib/app/models/permission.rb +20 -0
data/lib/app/models/role.rb +14 -0
data/spec/access_controlled_user_spec.rb +91 -0
data/spec/models/permission_spec.rb +40 -0
data/spec/models/role_spec.rb +61 -0
data/spec/spec_helper.rb +11 -0
data/spec/support/access_control_user.rb +5 -0
data/spec/support/authorizable.rb +61 -0
data/spec/support/schema.rb +39 -0
data/tasks/access_control_tasks.rake +6 -0
metadata +85 -0

data/.gitignore ADDED

@@ -0,0 +1,4 @@
+*.gem
+*.gemspec
+pkg/*
+._*

data/README.markdown ADDED

@@ -0,0 +1,105 @@
+AccessControl
+=============
+AccessControl is a user authorization plugin. It gives you a role based permission system without having to do any work. There are users and roles, each have permission.
+A user can play any role and inherit permissions through that role. A user may also have individual permissions. For example, you can create a role to update
+the news section on your site and give a user that role. You may also give him permission to update contact information. Combining these two functionalities gives you
+a rich permission system inside your application.
+Features
+---------
+* Role Based
+* Easy to query permission (example: @current_user.can_manage_news?)
+* God permission
+* Easy to use
+Up and Running
+================
+Install
+-------
+First, prepare your application. AccessControl does not create user logins, it soley is a permission system. Your user model must be named User. AccessControl
+also uses two other models: Permission & Role. Once your users can login and log out, you are ready to use AccessControl.
+1. Install
+		sudo gem install AccessControl
+		config.gem 'AccessControl'
+2. Prepare the database
+		./script/generate access_control models
+		rake db:migrate
+Step 2 creates a migration that creates one join table, role, and permission table. Migrate your database and you are ready to start working with permissions.
+Working with Permissions
+-------
+Each permission you need in your application is a column in the permission model. Once again, we use a migration to create our permission.
+		./script/generate access_control permission NameOfYourPermission
+		./script/generate access_control permission YourFirstPermission YourSecondPermission YourThirdPermission
+The first creates a named migration. As you can see from the second example you can also create multiple permissions at once. Now, install your permissions:
+		rake db:migrate
+You're permissions are now ready. They can be attached to a user or a role. Now, you need to tell your user model that is has access controls:
+		class User < ActiveRecord::Base
+			has_access_controls
+			# some more code
+		end
+And that's it! You are now ready to start granting and creating your authorization structure. First, lets focus on our users.
+Let us assume that there is a permission named PostNews. In your application, permissions are passed in underscore notation so post_news is correct.
+Let's give a user this permission:
+		user = User.find_by_name "Adam", "Hawkins"
+		user.can_post_news?
+		user.grant :post_news
+		user.can_post_news?
+Voilla, Adam can now post_news. But that's no good by itself. So now check aganist for the permission in the controller:
+		class NewsController < ActionController::Base
+			before_filter permission_required(@current_user, :post_news)
+		end
+Your controllers are protected from people who can't post news. Now lets expand our permissions by adding a role:
+		editors = Role.create :name => "Editors", :description => "Manage content around the site." # Description is optional
+		# assuming we have these permissions in the system
+		editors.grant :manage_news
+		editors.grant :manage_categories
+		editors.grant :manage_comments
+		editors.grant :ban_users
+		# now we need adam to be an editor
+		user.plays :editor
+		user.can_manage_news? (true)
+		user.can_manage_categories? (true)
+		user.can_manage_comments (true)
+		user.can_ban_users? (true)
+Man, Adam sure got a lot of responsibilities, hopefully you trust him :)
+Using the language
+==============
+Here are the methods available on User & Role objects:
+	Authorizable#authorize(permission)
+	Authorizable#grant(permission)
+	Authorizable#deauthorize(permission)
+	Authorizable#cannot?(permission)
+	Authorizable#god?
+	Authorizable#can_permission_name?
+	Authorizable#can_not_permission_name?
+	Authorizable#permissions
+	Authorizable#has_permission?(permission)
+	Authorizable#can?(permission)
+User Methods:
+	User#plays?(role)
+	User#plays(role)
+	User#does_not_play?(role)
+	User#does_not_play(role)
+	User#roles (and all other has_and_belongs_to_many methods)
+	User#has_any_permissions? (useful to see if you should allow someone into an admin area)
+Copyright (c) 2009 Adam Hawkins, released under the MIT license

data/Rakefile ADDED

@@ -0,0 +1,39 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+desc 'Default: run unit tests.'
+task :default => :test
+desc 'Test the access_control plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+desc 'Generate documentation for the access_control plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'AccessControl'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |s|
+    s.name = "AccessControl"
+    s.summary = "Simple role based authorization for rails"
+    s.email = "Adman1965@gmail.com"
+    s.homepage = "http://github.com/Adman65/AccessControl"
+    s.description = "Simple role based authorization for rails"
+    s.authors = ["Adam Hawkins"]
+    Jeweler::GemcutterTasks.new
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end

data/VERSION ADDED

	@@ -0,0 +1 @@
1	+ 0.2.6

data/generators/access_control/USAGE ADDED

@@ -0,0 +1,8 @@
+Description:
+    Explain the generator
+Example:
+    ./script/generate access_control Thing
+    This will create:
+        what/will/it/create

data/generators/access_control/access_control_generator.rb ADDED

@@ -0,0 +1,49 @@
+class AccessControlGenerator < Rails::Generator::NamedBase
+  attr_reader :mode, :args
+  def initialize(args,runtime_options = {})
+    super
+    mode = args.first.downcase if args.is_a? Array
+    case mode
+    when 'models'
+      @mode = :models
+    when 'permission'
+      @mode = :permission
+    else
+      raise 'You must specify what to generate: models or permission'
+    end
+    @permission_names = args[1..args.size].map { |name| name.underscore.downcase} if args.is_a? Array
+    @permission_name = args.second.underscore.downcase if args.is_a? Array and args.size.eql?(2)
+    @args = args
+  end
+  def manifest
+    record do |m|
+      case mode
+      when :models
+        # m.directory "lib"
+        # m.template 'README', "README"
+        m.migration_template File.join("migrate","create_access_control_models.rb"), File.join("db","migrate"), :migration_file_name => "GenerateAccessControlModels".underscore
+      when :permission
+        file_name = "create_multiple_permissions_#{@permission_names.join('_').underscore}" if args.size > 2
+        file_name = "create_permission_#{@permission_name}" if args.size.eql? 2
+        m.migration_template "migration:migration.rb", File.join("db","migrate"), :assigns => migration_options, :migration_file_name => file_name
+      end
+    end
+  end
+  private
+  def migration_options
+    assigns = {}
+    assigns[:migration_action] = "add"
+    assigns[:class_name] = "create_multiple_permissions_#{@permission_names.join('_').underscore}".camelize if @permission_names
+    assigns[:class_name] = "create_permission_#{@permission_name}" if @permission_name
+    assigns[:table_name] = "permissions"
+    assigns[:attributes] = @permission_names.map {|name| Rails::Generator::GeneratedAttribute.new(name, "boolean")}
+    assigns
+  end
+end

data/generators/access_control/templates/migrate/create_access_control_models.rb ADDED

@@ -0,0 +1,29 @@
+class GenerateAccessControlModels < ActiveRecord::Migration
+  def self.up
+    create_table "permissions" do |t|
+       t.integer  "authorizable_id"
+       t.string   "authorizable_type"
+       t.datetime "created_at"
+       t.datetime "updated_at"
+       t.boolean "god", :default => false
+    end
+    create_table "roles" do |t|
+      t.string   "name"
+      t.string   "description"
+      t.datetime "created_at"
+      t.datetime "updated_at"
+    end
+    create_table "user_roles", :id => false  do |t|
+      t.integer "user_id"
+      t.integer "role_id"
+    end
+  end
+  def self.down
+    drop_table :permisisons
+    drop_table :roles
+    drop_table :user_roles
+  end
+end

data/init.rb ADDED

@@ -0,0 +1,9 @@
+# Include hook code here
+%w{ models controllers helpers }.each do |dir|
+  path = File.join(directory, 'lib', dir)
+  $: << path
+  ActiveSupport::Dependencies.load_paths << path
+  ActiveSupport::Dependencies.load_once_paths.delete(path)
+end
+require 'access_control.rb'

data/install.rb ADDED

	@@ -0,0 +1 @@
1	+ # Install hook code here

data/lib/access_control.rb ADDED

@@ -0,0 +1,33 @@
+# AccessControl
+require File.join(File.dirname(__FILE__), 'access_control', 'user_extension')
+require File.join(File.dirname(__FILE__), 'access_control', 'controller_helper')
+require File.join(File.dirname(__FILE__), 'access_control', 'common_methods')
+require File.join(File.dirname(__FILE__), 'access_control', 'language')
+require File.join(File.dirname(__FILE__), 'access_control', 'role_extension')
+%w{ models }.each do |dir|
+  path = File.join(File.dirname(__FILE__), 'app', dir)
+  $LOAD_PATH << path
+  ActiveSupport::Dependencies.load_paths << path
+  ActiveSupport::Dependencies.load_once_paths.delete(path)
+end
+module AccessControl
+  module MacroMethods
+    def self.included base
+      base.extend ClassMethods
+    end
+    module ClassMethods
+      def has_access_controls
+        include AccessControl::UserExtension
+      end
+    end
+  end
+end
+ActiveRecord::Base.send :include, AccessControl::MacroMethods
+ActionController::Base.send :include, AccessControl::ControllerHelper

data/lib/access_control/common_methods.rb ADDED

@@ -0,0 +1,41 @@
+module AccessControl
+  module CommonMethods
+    def self.included(klass)
+      klass.class_eval do
+        alias_method :authorize, :grant
+      end
+    end
+    def grant(perm)
+      self.permission = Permission.create if self.permission.nil?
+      perm = perm.to_s if perm.is_a? Symbol
+      raise "Permission (#{perm}) does not exist" unless self.permission.respond_to? perm.to_sym
+      self.permission.update_attribute(perm,true)
+    end
+    def deauthorize perm
+      self.permission = Permission.create if self.permission.nil?
+      perm = perm.to_s if perm.is_a? Symbol
+      raise "Permission (#{perm}) does not exist" unless self.permission.respond_to? perm.to_sym
+      self.permission.update_attribute(perm,false)
+    end
+    def cannot? perm
+      !has_permission? perm
+    end
+    def god?
+      has_permission? :god
+    end
+    def has_local_permission? perm
+      perm = perm.to_s if perm.is_a? Symbol
+      raise "Permission (#{perm}) does not exist" unless Permission.new.respond_to? perm.to_sym
+      return false if self.permission.nil?
+      return true if self.permission.god
+      self.permission.send(perm)
+    end
+  end
+end

data/lib/access_control/controller_helper.rb ADDED

@@ -0,0 +1,10 @@
+module AccessControl
+  module ControllerHelper
+    def permission_required user, perm
+      unless user.has? perm
+        flash[:error] = "You do not have permissions in this area."
+        redirect_back_or_default
+      end
+    end
+  end
+end

data/lib/access_control/language.rb ADDED

@@ -0,0 +1,15 @@
+module AccessControl
+  module Language
+    def method_missing(method_id, *attrs)
+      if /can_not_(.+)\?/.match(method_id.to_s)
+        return !has_permission?($~[1])
+      elsif /can_(.+)\?/.match(method_id.to_s)
+        return has_permission?($~[1])
+      else
+        super
+      end
+    end
+  end
+end

data/lib/access_control/role_extension.rb ADDED

@@ -0,0 +1,24 @@
+module AccessControl
+  module RoleExtension
+    def self.included(klass)
+      klass.class_eval do
+        include AccessControl::CommonMethods
+        include AccessControl::Language
+        has_and_belongs_to_many :users, :join_table => :user_roles
+        has_one :permission, :as => :authorizable, :dependent => :destroy
+        alias :has_permission? :has_local_permission?
+        alias :can? :has_local_permission?
+        accepts_nested_attributes_for :permission
+      end
+    end
+    def permissions
+      self.permission.set_permissions
+    end
+  end
+end

data/lib/access_control/user_extension.rb ADDED

@@ -0,0 +1,84 @@
+module AccessControl
+  module UserExtension
+    def self.included(klass)
+      klass.class_eval do
+          include AccessControl::CommonMethods
+          include AccessControl::Language
+          has_one :permission, :as => :authorizable, :dependent => :destroy
+          has_and_belongs_to_many :roles, :join_table => :user_roles
+          alias_method :can?, :has_permission?
+          accepts_nested_attributes_for :permission
+        end
+    end
+    def plays role
+      role = role.to_s if role.is_a? Symbol
+      r = Role.find_by_name role.downcase
+      raise "#{role} does not exist." if r.nil?
+      roles << r
+      true
+    end
+    def plays? role
+      role = role.to_s if role.is_a? Symbol
+      actual_role = Role.find_by_name(role.downcase)
+      raise "#{role} does not exist" if actual_role.nil?
+      roles.include? actual_role
+    end
+    def does_not_play? role
+      !plays? role
+    end
+    def does_not_play role
+      role = role.to_s if role.is_a? Symbol
+      actual_role = Role.find_by_name(role.downcase)
+      raise "#{role} does not exist" if actual_role.nil?
+      roles.delete actual_role
+    end
+    def has_permission? perm
+      return true if has_local_permission? perm
+      roles.each do |role|
+        return true if role.has_local_permission? perm
+      end
+      false
+    end
+    def permissions
+      set = self.permission.set_permissions unless self.permission.nil?
+      set = [] if set.nil?
+      set = [set] if set.is_a? String
+      role_permissions = []
+      roles.each do |role|
+        role_perms = role.permission.set_permissions
+        role_permissions << role_perms if role_perms.is_a? String
+        role_permissions = role_permissions + role_perms if role_perms.is_a? Array
+      end
+      total = set + role_permissions
+      total.uniq
+    end
+    def has_any_permissions?
+      !self.permissions.empty?
+    end
+    def roles_attributes=(attributes)
+      if attributes.size == 1
+        self.roles.clear
+      else
+        keys = []
+        attributes.each_key do |id|
+          keys << id unless id.to_i.eql? 0
+        end
+        self.role_ids = keys
+      end
+    end
+  end
+end

data/lib/app/models/permission.rb ADDED

@@ -0,0 +1,20 @@
+class Permission < ActiveRecord::Base
+	belongs_to :authorizable, :polymorphic => true
+	def self.names
+	  boolean_columns = columns.select { |column| column.type == :boolean}
+	  boolean_columns.map { |column| column.name }
+  end
+  def empty?
+    set_permissions.empty?
+  end
+  def set_permissions
+    Permission.names.select {|name| self.send(name.to_sym).eql?(true)}
+  end
+  def clear
+    Permission.names.select {|name| self.update_attribute(name.to_sym,false)}
+  end
+end

data/lib/app/models/role.rb ADDED

@@ -0,0 +1,14 @@
+#require '../access_control'
+class Role < ActiveRecord::Base
+	include AccessControl::RoleExtension
+	validates_presence_of :name
+	validates_uniqueness_of :name
+	validates_length_of :description, :maximum => 100, :allow_nil => true
+  def before_validation
+    self.name = self.name.downcase unless self.name.nil?
+  end
+end

data/spec/access_controlled_user_spec.rb ADDED

@@ -0,0 +1,91 @@
+require 'spec_helper'
+require 'support/access_control_user'
+describe "User with access controls" do
+  before(:each) do
+    @authorizable = User.new
+    @user = @authorizable
+    @admin_role = Role.create!(:name => "admin")
+  end
+  after(:each) do
+    @admin_role.destroy
+  end
+  it_should_behave_like "Authorizable"
+  describe "Working with Roles" do
+    it "should be a role after granting a role" do
+      lambda {@user.plays?(:rspec)}.should raise_error
+      r = Role.create! :name => "Rspec", :description => "runs rspec tests"
+      @user.plays("Rspec").should be_true
+      @user.plays?(:rspec).should be_true
+    end
+    it "should raise an error when setting a role that doesn't exsist" do
+      lambda {@user.plays(:fake_role)}.should raise_error
+    end
+    it "should raise an error when asking if a user plays a role that doesn't exist" do
+      lambda {@user.plays?(:fake_role)}.should raise_error
+    end
+  end
+  describe "Checking Authorization" do
+    it "should authorize god users on any permission" do
+      @user.can?(:manage_news).should be_false
+      @user.grant(:god).should be_true
+      Permission.names.each {|name| @user.can?(name).should be_true}
+    end
+    it "should authorize if the user the permission through a role" do
+      @user.can_manage_news?.should be_false
+      @admin_role.can_manage_news?.should be_false
+      @user.plays(:admin).should be_true
+      @admin_role.grant(:manage_news).should be_true
+      @user.can_manage_news?.should be_true
+      @user.roles.clear
+      @user.can_manage_news?.should be_false
+    end
+    it "should authorize if the user has permission through his permissions" do
+      @user.can_manage_schedule?.should be_false
+      @user.grant(:manage_schedule).should be_true
+      @user.can_manage_schedule?.should be_true
+    end
+    it "should be able to check access denied" do
+      @user.permission = nil
+      @user.roles.clear
+      @user.can_not_manage_schedule?.should be_true
+    end
+  end
+  describe "Counting total permissions" do
+    it "should have permissions if they belong to the user" do
+      @user.has_any_permissions?.should be_false
+      @user.permissions.empty?.should be_true
+      @user.grant :manage_news
+      @user.permissions.should_not be_nil
+      @user.permissions.should eql(['manage_news'])
+      @user.has_any_permissions?.should be_true
+    end
+    it "should have permissions through roles" do
+      @user.has_any_permissions?.should be_false
+      @user.grant :manage_news
+      @admin_role.grant :manage_schedule
+      @user.plays :admin
+      @user.permissions.should be_a(Array)
+      @user.permissions.size.should eql(2)
+      @user.permissions.include?('manage_schedule').should be_true
+      @user.permissions.include?('manage_news').should be_true
+      @user.has_any_permissions?.should be_true
+      @user.permission.clear
+      @user.permissions.should be_a(Array)
+      @user.permissions.should eql(['manage_schedule'])
+    end
+  end
+end

data/spec/models/permission_spec.rb ADDED

@@ -0,0 +1,40 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+describe "Permission" do
+  it "should be able to clear permissions" do
+    permission = Permission.new
+    permission.run_tests = true
+    permission.god = true
+    permission.post_news = true
+    permission.clear
+    permission.run_tests.should be_false
+    permission.god.should be_false
+    permission.post_news.should be_false
+  end
+  describe "Counting Permissions" do
+    it "should be empty if no permissions are set" do
+      permission = Permission.new
+      permission.empty?.should be_true
+    end
+    describe "Set Permissions" do
+      it "should return an empty array if none are set" do
+        permission = Permission.new
+        permission.set_permissions.should be_a(Array)
+        permission.set_permissions.empty?.should be_true
+      end
+      it "should return an array of set permissions" do
+        permission = Permission.new
+        permission.run_tests = true
+        permission.god = true
+        permission.set_permissions.should be_a(Array)
+        permission.set_permissions.size.should eql(2)
+        permission.set_permissions.include?('run_tests').should be_true
+        permission.set_permissions.include?('god').should be_true
+      end
+    end
+  end
+end

data/spec/models/role_spec.rb ADDED

@@ -0,0 +1,61 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+describe "Role" do
+  before(:each) do
+    @valid_attributes = {
+      :name => "Role name",
+      :description => "Role Description",
+    }
+  end
+  it "should require a name" do
+    role = Role.create(@valid_attributes.except(:name))
+    role.should_not be_valid
+    role.errors.size.should eql(1)
+    role.errors.on(:name).should_not be_nil
+  end
+  it "should require a unique name" do
+    Role.create(@valid_attributes)
+    r = Role.create(@valid_attributes)
+    r.should_not be_valid
+    r.errors.size.should eql(1)
+    r.errors.on(:name).should_not be_nil
+  end
+  it "should only allow descriptions up to 100 characters" do
+    @valid_attributes[:description] = "2" * 101
+    r = Role.create @valid_attributes
+    r.should_not be_valid
+    r.errors.on(:description).should match(/is too long/)
+  end
+  it "should create a new instance given valid attributes" do
+    Role.destroy_all
+    Role.create!(@valid_attributes)
+    Role.destroy_all
+  end
+  it "should always downcase named" do
+    r = Role.create(@valid_attributes)
+    r.name.should eql(@valid_attributes[:name].downcase)
+  end
+  describe "Permission System" do
+    before(:each) do
+      @role = Role.create! @valid_attributes
+      @authorizable = @role
+    end
+    after(:each) do
+      @role.destroy
+    end
+    it_should_behave_like "Authorizable"
+  end
+end

data/spec/spec_helper.rb ADDED

@@ -0,0 +1,11 @@
+ENV['RAILS_ENV'] = 'test'
+ENV['RAILS_ROOT'] ||= File.dirname(__FILE__) + '/../../../..'
+require File.expand_path(File.join(ENV['RAILS_ROOT'], 'config/environment.rb'))
+require File.join(File.dirname(__FILE__), '..', 'lib', 'access_control')
+require File.join(File.dirname(__FILE__), 'support', 'authorizable')
+ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :database => "access_control.sqlite3")
+load File.join(File.dirname(__FILE__), 'support', 'schema.rb')

data/spec/support/access_control_user.rb ADDED

@@ -0,0 +1,5 @@
+require '../lib/access_control'
+class User < ActiveRecord::Base
+  has_access_controls
+end

data/spec/support/authorizable.rb ADDED

@@ -0,0 +1,61 @@
+shared_examples_for "Authorizable" do
+  describe "DSL" do
+    it "should have method in the format of can_permission_name? to ask permission" do
+      Permission.names.each do |permission|
+        method_name = ("can_" + permission.downcase + "?").to_sym
+        @authorizable.send(method_name)
+      end
+    end
+    it "should have a method formatted like can_not_permission? to see if denied" do
+      Permission.names.each do |permission|
+        method_name = ("can_not_" + permission.downcase + "?").to_sym
+        @authorizable.send(method_name)
+      end
+    end
+    it "should raise an error when asking can_permission_that_deoesnt_exist" do
+      lambda{ @authorizable.can_permission_that_has_no_chance_of_existing?}.should raise_error
+    end
+    it "should also raise an error when asking can_not?" do
+      lambda{ @authorizable.can_not_permission_that_has_no_chance_of_existing?}.should raise_error
+    end
+  end
+  describe "Granting a permission" do
+    it "should have a method to grant a permission" do
+      @authorizable.respond_to?(:grant).should be_true
+    end
+    it "should take a symbol as a permission name" do
+      lambda {@authorizable.grant(:manage_users)}.should_not raise_error
+    end
+    it "should take a string as a permission name" do
+      lambda { @authorizable.grant("manage_users")}.should_not raise_error
+    end
+    it "should raise an error if the permission is not a string or symbol" do
+      lambda { @authorizable.grant([:permission, :permission])}.should raise_error
+    end
+    it "should only grant permissions that exist" do
+      @authorizable.grant(:manage_news).should be_true
+    end
+    it "should raise an error when permissions don't exist" do
+      lambda { @authorizable.grant(:adsfjk238748723478)}.should raise_error
+    end
+    it "should be able to authorize after granting" do
+      @authorizable.can?(:manage_news).should be_false
+      @authorizable.grant(:manage_news).should be_true
+      @authorizable.can?(:manage_news).should be_true
+    end
+    it "should have a method to check to see if it is god" do
+      @authorizable.respond_to?(:god?).should be_true
+    end
+  end
+end

data/spec/support/schema.rb ADDED

@@ -0,0 +1,39 @@
+ActiveRecord::Schema.define do
+  create_table "permissions", :force => true do |t|
+    t.integer  "authorizable_id"
+    t.string   "authorizable_type"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+    t.boolean  "run_tests",           :default => false
+    t.boolean  "post_news", :default => false
+    t.boolean   "manage_news", :default => false
+    t.boolean "manage_users", :default => false
+    t.boolean  "god",                   :default => false
+    t.boolean  "manage_events",         :default => false
+    t.boolean "manage_schedule", :default => false
+  end
+  create_table "role_permissions", :id => false, :force => true do |t|
+    t.integer "role_id"
+    t.integer "permission_id"
+  end
+  create_table "roles", :force => true do |t|
+    t.string   "name"
+    t.string   "description"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+  create_table "user_roles", :id => false, :force => true do |t|
+    t.integer "user_id"
+    t.integer "role_id"
+  end
+  create_table "users", :force => true do |t|
+    t.string "name"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+end

data/tasks/access_control_tasks.rake ADDED

@@ -0,0 +1,6 @@
+namespace :access_control do
+  task :permissions => :environment do
+    desc "Lists all available permissions"
+    Permission.names.each {|name| puts name}
+  end
+end

metadata ADDED

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification
+name: AccessControl
+version: !ruby/object:Gem::Version
+  version: 0.2.6
+platform: ruby
+authors:
+- Adam Hawkins
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2009-11-20 00:00:00 -08:00
+default_executable:
+dependencies: []
+description: Simple role based authorization for rails
+email: Adman1965@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.markdown
+files:
+- .gitignore
+- README.markdown
+- Rakefile
+- VERSION
+- generators/access_control/USAGE
+- generators/access_control/access_control_generator.rb
+- generators/access_control/templates/migrate/create_access_control_models.rb
+- init.rb
+- install.rb
+- lib/access_control.rb
+- lib/access_control/common_methods.rb
+- lib/access_control/controller_helper.rb
+- lib/access_control/language.rb
+- lib/access_control/role_extension.rb
+- lib/access_control/user_extension.rb
+- lib/app/models/permission.rb
+- lib/app/models/role.rb
+- spec/access_controlled_user_spec.rb
+- spec/models/permission_spec.rb
+- spec/models/role_spec.rb
+- spec/spec_helper.rb
+- spec/support/access_control_user.rb
+- spec/support/authorizable.rb
+- spec/support/schema.rb
+- tasks/access_control_tasks.rake
+has_rdoc: true
+homepage: http://github.com/Adman65/AccessControl
+licenses: []
+post_install_message:
+rdoc_options:
+- --charset=UTF-8
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+requirements: []
+rubyforge_project:
+rubygems_version: 1.3.5
+signing_key:
+specification_version: 3
+summary: Simple role based authorization for rails
+test_files:
+- spec/access_controlled_user_spec.rb
+- spec/models/permission_spec.rb
+- spec/models/role_spec.rb
+- spec/spec_helper.rb
+- spec/support/access_control_user.rb
+- spec/support/authorizable.rb
+- spec/support/schema.rb