Adman65-AccessControl 0.2.1

data/AccessControl.gemspec

@@ -0,0 +1,68 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{AccessControl}
+  s.version = "0.2.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Adam Hawkins"]
+  s.date = %q{2009-07-11}
+  s.description = %q{Simple role based authorization for rails}
+  s.email = %q{Adman1965@gmail.com}
+  s.extra_rdoc_files = [
+    "README.markdown"
+  ]
+  s.files = [
+    "AccessControl.gemspec",
+     "MIT-LICENSE",
+     "README.markdown",
+     "Rakefile",
+     "VERSION",
+     "generators/access_control/USAGE",
+     "generators/access_control/access_control_generator.rb",
+     "generators/access_control/templates/migrate/create_access_control_models.rb",
+     "init.rb",
+     "install.rb",
+     "lib/access_control.rb",
+     "lib/access_control/common_methods.rb",
+     "lib/access_control/controller_helper.rb",
+     "lib/access_control/language.rb",
+     "lib/access_control/role_extension.rb",
+     "lib/access_control/user_extension.rb",
+     "lib/app/models/permission.rb",
+     "lib/app/models/role.rb",
+     "spec/access_controlled_user_spec.rb",
+     "spec/models/permission_spec.rb",
+     "spec/models/role_spec.rb",
+     "spec/spec_helper.rb",
+     "spec/support/access_control_user.rb",
+     "spec/support/authorizable.rb",
+     "spec/support/schema.rb",
+     "tasks/access_control_tasks.rake",
+     "uninstall.rb"
+  ]
+  s.homepage = %q{http://github.com/Adman65/AccessControl}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.4}
+  s.summary = %q{Simple role based authorization for rails}
+  s.test_files = [
+    "spec/access_controlled_user_spec.rb",
+     "spec/models/permission_spec.rb",
+     "spec/models/role_spec.rb",
+     "spec/spec_helper.rb",
+     "spec/support/access_control_user.rb",
+     "spec/support/authorizable.rb",
+     "spec/support/schema.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 [name of plugin creator]
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,111 @@
+AccessControl
+=============
+**Warning: this is a beta plugin!**
+
+AccessControl is a user authorization plugin. It gives you a role based permission system without having to do any work. There are users and roles, each have permission.
+A user can play any role and inherit permissions through that role. A user may also have individual permissions. For example, you can create a role to update
+the news section on your site and give a user that role. You may also give him permission to update contact information. Combining these two functionalities gives you 
+a rich permission system inside your application.
+
+Features
+---------
+* Role Based
+* Easy to query permission (example: @current_user.can_manage_news?)
+* God permission
+* Easy to use
+
+
+Up and Running
+================
+
+Install
+-------
+
+First, prepare your application. AccessControl does not create user logins, it soley is a permission system. I'm assuming you have model named user. AccessControl
+also uses two other models: Permission & Role. Once your users can login and log out, you are ready to use AccessControl.
+
+1. Install
+		./script/plugin install git://github.com/Adman65/AccessControl.git
+
+2. Prepare the database
+		./script/generate access_control models
+		rake db:migrate
+
+Step 2 creates a migration that creates one join table, role, and permission table. Migrate your database and you are ready to start working with permissions.
+
+
+Working with Permissions
+-------
+
+Each permission you need in your application is a column in the permission model. Once again, we use a migration to create our permission. 
+		./script/generate access_control permission NameOfYourPermission
+		./script/generate access_control permission YourFirstPermission YourSecondPermission YourThirdPermission
+		
+The first creates a named migration. As you can see from the second example you can also create multiple permissions at once. Now, install your permissions:
+		rake db:migrate
+		
+You're permissions are now ready. They can be attached to a user or a role. Now, you need to tell your user model that is has access controls:
+		class User < ActiveRecord::Base
+			has_access_controls
+			# some more code
+		end
+
+And that's it! You are now ready to start granting and creating your authorization structure. First, lets focus on our users. 
+Let us assume that there is a permission named PostNews. In your application, permissions are passed in underscore notation so post_news is correct.
+Let's give a user this permission:
+		user = User.find_by_name "Adam", "Hawkins"
+		user.can_post_news? 
+		user.grant :post_news
+		user.can_post_news?
+
+Voilla, Adam can now post_news. But that's no good by itself. So now check aganist for the permission in the controller:
+		class NewsController < ActionController::Base
+			before_filter permission_required(@current_user, :post_news)
+		end
+		
+Your controllers are protected from people who can't post news. Now lets expand our permissions by adding a role:
+		editors = Role.create :name => "Editors", :description => "Manage content around the site."
+		# assuming we have these permissions in the system
+		editors.grant :manage_news
+		editors.grant :manage_categories
+		editors.grant :manage_comments
+		editors.grant :ban_users
+		# now we need adam to be an editor
+		user.plays :editor
+		user.can_manage_news? (true)
+		user.can_manage_categories? (true)
+		user.can_manage_comments (true)
+		user.can_ban_users? (true)
+		
+Man, Adam sure got a lot of responsibilities, hopefully you trust him :)
+
+
+Using the language
+==============
+
+Its nice to be able to express concepts in code that when you read the code, you understand what is going on. AccessControl gives you expressive method names
+express authorization inside your code. The methods below can be user on a User or Role.
+		@user.can_manage_news?
+		@user.can? :manage_news
+		@user.can? "manage_news"
+		@user.has_permission :manage_news
+		@user.cannot? :manage_news
+		@user.grant :permission
+		@user.authorize :permission
+		@user.deauthorize :permission
+		@user.permissions (returns an array of all the permissions a user/role has)
+		
+These methods only work on users
+		@user.plays :role_name
+		@user.plays? :role_name
+		@user.is_a_editor?
+
+
+Utilties
+===========
+Sometimes you want to see all the permissions in your application:
+			rake access_control:permissions
+
+
+
+Copyright (c) 2009 Adam Hawkins, released under the MIT license

data/Rakefile

@@ -0,0 +1,47 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the access_control plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the access_control plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'AccessControl'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+begin
+  require 'jeweler'
+  
+  PKG_FILES = FileList[
+    '[a-zA-Z]*',
+    'generators/**/*',
+    'lib/**/*',    
+    'tasks/**/*',
+    'spec/**/*'
+  ]
+  
+  Jeweler::Tasks.new do |s|
+    s.name = "AccessControl"
+    s.summary = "Simple role based authorization for rails"
+    s.email = "Adman1965@gmail.com"
+    s.homepage = "http://github.com/Adman65/AccessControl"
+    s.description = "Simple role based authorization for rails"
+    s.authors = ["Adam Hawkins"]
+    s.files = PKG_FILES.to_a 
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end

data/VERSION

@@ -0,0 +1 @@
+0.2.1

data/generators/access_control/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Explain the generator
+
+Example:
+    ./script/generate access_control Thing
+
+    This will create:
+        what/will/it/create

data/generators/access_control/access_control_generator.rb

@@ -0,0 +1,48 @@
+class AccessControlGenerator < Rails::Generator::NamedBase
+  attr_reader :mode, :args
+  
+  def initialize(args,runtime_options = {})
+    super
+    
+    mode = args.first.downcase if args.is_a? Array
+    case mode
+    when 'models'
+      @mode = :models
+    when 'permission'
+      @mode = :permission
+    else
+      raise 'You must specify what to generate: models or permission'
+    end  
+    
+    @permission_names = args[1..args.size].map { |name| name.underscore.downcase} if args.is_a? Array
+    @permission_name = args.second.underscore.downcase if args.is_a? Array and args.size.eql?(2)
+    
+    @args = args
+  end
+
+  def manifest
+    record do |m|            
+      case mode
+      when :models
+        # m.directory "lib"
+        # m.template 'README', "README"
+
+        m.migration_template File.join("migrate","create_access_control_models.rb"), File.join("db","migrate"), :migration_file_name => "GenerateAccessControlModels".underscore
+      when :permission
+        file_name = "create_multiple_permissions" if args.size > 2
+        file_name = "create_permission_#{@permission_name}" if args.size.eql? 2        
+        m.migration_template "migration:migration.rb", File.join("db","migrate"), :assigns => migration_options, :migration_file_name => file_name        
+      end
+    end    
+  end
+  
+  private
+  def migration_options
+    assigns = {}
+    assigns[:migration_action] = "add"
+    assigns[:class_name] = "create_permission_#{@permission_name}"
+    assigns[:table_name] = "permissions"
+    assigns[:attributes] = @permission_names.map {|name| Rails::Generator::GeneratedAttribute.new(name, "boolean")}
+    assigns
+  end
+end

data/generators/access_control/templates/migrate/create_access_control_models.rb

@@ -0,0 +1,28 @@
+class GenerateAccessControlModels < ActiveRecord::Migration
+  def self.up
+    create_table "permissions" do |t|
+       t.integer  "authorizable_id"
+       t.string   "authorizable_type"
+       t.datetime "created_at"
+       t.datetime "updated_at"
+    end
+    
+    create_table "roles" do |t|
+      t.string   "name"
+      t.string   "description"
+      t.datetime "created_at"
+      t.datetime "updated_at"
+    end
+    
+    create_table "user_roles", :id => false  do |t|
+      t.integer "user_id"
+      t.integer "role_id"
+    end
+  end
+  
+  def self.down
+    drop_table :permisisons
+    drop_table :roles
+    drop_table :user_roles
+  end
+end

data/init.rb

@@ -0,0 +1,9 @@
+# Include hook code here
+%w{ models controllers helpers }.each do |dir|
+  path = File.join(directory, 'lib', dir)
+  $: << path
+  ActiveSupport::Dependencies.load_paths << path
+  ActiveSupport::Dependencies.load_once_paths.delete(path)
+end
+
+require 'access_control.rb'

data/install.rb

@@ -0,0 +1 @@
+# Install hook code here

data/lib/access_control/common_methods.rb

@@ -0,0 +1,46 @@
+module AccessControl
+  module CommonMethods      
+
+    def self.included(klass)
+      klass.class_eval do
+        alias_method :authorize, :grant
+      end
+    end
+
+    def grant(perm)
+      self.permission = Permission.create if self.permission.nil?
+      perm = perm.to_s if perm.is_a? Symbol
+      raise "Permission (#{perm}) does not exist" unless self.permission.respond_to? perm.to_sym
+      self.permission.update_attribute(perm,true)
+    end
+
+    def deauthorize perm
+      self.permission = Permission.create if self.permission.nil?
+      perm = perm.to_s if perm.is_a? Symbol
+      raise "Permission (#{perm}) does not exist" unless self.permission.respond_to? perm.to_sym
+      self.permission.update_attribute(perm,false)
+    end
+
+    def cannot? perm
+      !has_permission? perm
+    end
+
+    def god?
+      has_permission? :god
+    end
+
+    def has_local_permission? perm  	    
+      perm = perm.to_s if perm.is_a? Symbol
+      raise "Permission (#{perm}) does not exist" unless Permission.new.respond_to? perm.to_sym
+      return false if self.permission.nil?
+      return true if self.permission.god
+      self.permission.send(perm)  
+    end
+
+    private
+    def create_new_permission
+      self.permission = Permission.create
+    end
+
+  end
+end

data/lib/access_control/controller_helper.rb

@@ -0,0 +1,10 @@
+module AccessControl
+  module ControllerHelper
+    def permission_required user, perm
+      unless user.has? perm
+        flash[:error] = "You do not have permissions in this area."
+        redirect_back_or_default
+      end
+    end
+  end
+end

data/lib/access_control/language.rb

@@ -0,0 +1,15 @@
+module AccessControl
+  module Language
+  
+    def method_missing(method_id, *attrs)	     
+      if /can_not_(.+)\?/.match(method_id.to_s)
+        return !has_permission?($~[1])
+      elsif /can_(.+)\?/.match(method_id.to_s)
+        return has_permission?($~[1])                  
+      else
+        super		      
+      end
+    end    
+
+  end
+end

data/lib/access_control/role_extension.rb

@@ -0,0 +1,27 @@
+module AccessControl
+  module RoleExtension
+    
+    def self.included(klass)
+      klass.class_eval do
+        include AccessControl::CommonMethods
+        include AccessControl::Language
+
+        has_and_belongs_to_many :users, :join_table => :user_roles#, :foreign_key => :access_control_user_id
+        has_one :permission, :as => :authorizable, :dependent => :destroy
+
+        alias :has_permission? :has_local_permission?
+        alias :can? :has_local_permission?
+
+        accepts_nested_attributes_for :permission
+      end
+    end
+
+    def permissions
+      set = self.permission.set_permissions
+      return nil if set.nil?
+      return set.first if set.size.eql? 0
+      set
+    end
+
+  end
+end

data/lib/access_control/user_extension.rb

@@ -0,0 +1,77 @@
+module AccessControl
+  module UserExtension
+    def self.included(klass)
+      klass.class_eval do
+          include AccessControl::CommonMethods
+          include AccessControl::Language
+        
+          has_one :permission, :as => :authorizable, :dependent => :destroy						
+          has_and_belongs_to_many :roles, :join_table => :user_roles
+
+          alias_method :can?, :has_permission?
+
+          accepts_nested_attributes_for :permission
+        end
+    end    
+    
+    def plays role
+      role = role.to_s if role.is_a? Symbol
+      r = Role.find_by_name role.downcase
+      raise "#{role} does not exist." if r.nil?
+      roles << r
+      true
+    end
+
+    def plays? role
+      role = role.to_s if role.is_a? Symbol
+      actual_role = Role.find_by_name(role.downcase)
+      raise "#{role} does not exist" if actual_role.nil?
+      roles.include? actual_role
+    end
+
+    def does_not_play? role
+      !plays? role
+    end
+
+    def has_permission? perm
+      return true if has_local_permission? perm
+      roles.each do |role|
+        return true if role.has_local_permission? perm
+      end
+      false            
+    end
+
+    def permissions        
+      set = self.permission.set_permissions unless self.permission.nil?
+      set = [] if set.nil?
+      set = [set] if set.is_a? String        
+
+      role_permissions = []
+      roles.each do |role|
+        role_perms = role.permission.set_permissions
+        role_permissions << role_perms if role_perms.is_a? String
+        role_permissions = role_permissions + role_perms if role_perms.is_a? Array
+      end
+
+      total = set + role_permissions
+      total.uniq
+    end
+
+    def has_any_permissions?
+      !self.permissions.empty?
+    end      
+
+    def roles_attributes=(attributes)        
+      if attributes.size == 1
+        self.roles.clear
+      else
+        keys = []
+        attributes.each_key do |id|
+          keys << id unless id.to_i.eql? 0
+        end
+        self.role_ids = keys    
+      end
+    end
+    
+  end  
+end

data/lib/access_control.rb

@@ -0,0 +1,33 @@
+# AccessControl
+
+require File.join(File.dirname(__FILE__), 'access_control', 'user_extension')
+require File.join(File.dirname(__FILE__), 'access_control', 'controller_helper')
+require File.join(File.dirname(__FILE__), 'access_control', 'common_methods')
+require File.join(File.dirname(__FILE__), 'access_control', 'language')
+require File.join(File.dirname(__FILE__), 'access_control', 'role_extension')
+
+%w{ models }.each do |dir|
+  path = File.join(File.dirname(__FILE__), 'app', dir)
+  $LOAD_PATH << path
+  ActiveSupport::Dependencies.load_paths << path
+  ActiveSupport::Dependencies.load_once_paths.delete(path)
+end
+
+module AccessControl
+  module MacroMethods
+    def self.included base
+      base.extend ClassMethods
+    end
+
+
+    module ClassMethods
+      def has_access_controls
+        include AccessControl::UserExtension  
+      end
+    end
+  end
+end
+
+
+ActiveRecord::Base.send :include, AccessControl::MacroMethods
+ActionController::Base.send :include, AccessControl::ControllerHelper

data/lib/app/models/permission.rb

@@ -0,0 +1,20 @@
+class Permission < ActiveRecord::Base	
+	belongs_to :authorizable, :polymorphic => true
+	
+	def self.names	  
+	  boolean_columns = columns.select { |column| column.type == :boolean}
+	  boolean_columns.map { |column| column.name }
+  end
+  
+  def empty?
+    set_permissions.empty?
+  end
+  
+  def set_permissions
+    Permission.names.select {|name| self.send(name.to_sym).eql?(true)}  
+  end
+  
+  def clear
+    Permission.names.select {|name| self.update_attribute(name.to_sym,false)}
+  end    
+end

data/lib/app/models/role.rb

@@ -0,0 +1,14 @@
+#require '../access_control'
+
+class Role < ActiveRecord::Base
+	include AccessControl::RoleExtension
+	
+	validates_presence_of :name
+	validates_uniqueness_of :name
+	
+	validates_length_of :description, :maximum => 100, :allow_nil => true
+  
+  def before_validation
+    self.name = self.name.downcase unless self.name.nil?
+  end
+end

data/spec/access_controlled_user_spec.rb

@@ -0,0 +1,91 @@
+require 'spec_helper'
+require 'support/access_control_user'
+
+describe "User with access controls" do
+  before(:each) do
+    @authorizable = User.new
+    @user = @authorizable
+    @admin_role = Role.create!(:name => "admin")
+  end
+  
+  after(:each) do
+    @admin_role.destroy
+  end
+  
+  it_should_behave_like "Authorizable"
+  
+  describe "Working with Roles" do
+    it "should be a role after granting a role" do
+      lambda {@user.plays?(:rspec)}.should raise_error
+      r = Role.create! :name => "Rspec", :description => "runs rspec tests"
+      @user.plays("Rspec").should be_true
+      @user.plays?(:rspec).should be_true
+    end
+
+    it "should raise an error when setting a role that doesn't exsist" do
+      lambda {@user.plays(:fake_role)}.should raise_error
+    end
+    
+    it "should raise an error when asking if a user plays a role that doesn't exist" do
+      lambda {@user.plays?(:fake_role)}.should raise_error
+    end
+  end
+
+  describe "Checking Authorization" do
+    it "should authorize god users on any permission" do  
+      @user.can?(:manage_news).should be_false
+      @user.grant(:god).should be_true        
+      Permission.names.each {|name| @user.can?(name).should be_true}
+    end
+
+    it "should authorize if the user the permission through a role" do
+      @user.can_manage_news?.should be_false
+      @admin_role.can_manage_news?.should be_false
+      @user.plays(:admin).should be_true
+      @admin_role.grant(:manage_news).should be_true
+      @user.can_manage_news?.should be_true
+
+      @user.roles.clear
+      @user.can_manage_news?.should be_false        
+    end
+
+    it "should authorize if the user has permission through his permissions" do
+      @user.can_manage_schedule?.should be_false
+      @user.grant(:manage_schedule).should be_true
+      @user.can_manage_schedule?.should be_true        
+    end
+
+    it "should be able to check access denied" do
+      @user.permission = nil
+      @user.roles.clear
+      @user.can_not_manage_schedule?.should be_true
+    end
+  end   
+  
+  describe "Counting total permissions" do
+    it "should have permissions if they belong to the user" do
+      @user.has_any_permissions?.should be_false
+      @user.permissions.empty?.should be_true
+      @user.grant :manage_news
+      @user.permissions.should_not be_nil
+      @user.permissions.should eql(['manage_news'])
+      @user.has_any_permissions?.should be_true
+    end
+
+    it "should have permissions through roles" do
+      @user.has_any_permissions?.should be_false
+      @user.grant :manage_news
+      @admin_role.grant :manage_schedule
+      @user.plays :admin
+      @user.permissions.should be_a(Array)
+      @user.permissions.size.should eql(2)
+      @user.permissions.include?('manage_schedule').should be_true
+      @user.permissions.include?('manage_news').should be_true
+      @user.has_any_permissions?.should be_true
+      
+      @user.permission.clear
+      @user.permissions.should be_a(Array)
+      @user.permissions.should eql(['manage_schedule'])
+    end
+  end
+end

data/spec/models/permission_spec.rb

@@ -0,0 +1,40 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe "Permission" do
+  it "should be able to clear permissions" do 
+    permission = Permission.new
+    permission.run_tests = true
+    permission.god = true
+    permission.post_news = true  
+    permission.clear
+    permission.run_tests.should be_false
+    permission.god.should be_false
+    permission.post_news.should be_false
+    
+  end
+  
+  describe "Counting Permissions" do
+    it "should be empty if no permissions are set" do
+      permission = Permission.new
+      permission.empty?.should be_true
+    end
+    
+    describe "Set Permissions" do
+      it "should return an empty array if none are set" do       
+        permission = Permission.new
+        permission.set_permissions.should be_a(Array)
+        permission.set_permissions.empty?.should be_true 
+      end
+      
+      it "should return an array of set permissions" do
+        permission = Permission.new
+        permission.run_tests = true
+        permission.god = true
+        permission.set_permissions.should be_a(Array)
+        permission.set_permissions.size.should eql(2)
+        permission.set_permissions.include?('run_tests').should be_true
+        permission.set_permissions.include?('god').should be_true
+      end
+    end
+  end
+end

data/spec/models/role_spec.rb

@@ -0,0 +1,61 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe "Role" do
+  before(:each) do
+    @valid_attributes = {
+      :name => "Role name",
+      :description => "Role Description",   
+    }
+  end
+
+  it "should require a name" do
+    role = Role.create(@valid_attributes.except(:name))
+    role.should_not be_valid
+    role.errors.size.should eql(1)
+    role.errors.on(:name).should_not be_nil
+  end
+  
+  it "should require a unique name" do
+    Role.create(@valid_attributes)
+    
+    r = Role.create(@valid_attributes)
+    r.should_not be_valid
+    r.errors.size.should eql(1)
+    r.errors.on(:name).should_not be_nil
+  end
+
+  
+  it "should only allow descriptions up to 100 characters" do
+    @valid_attributes[:description] = "2" * 101
+    r = Role.create @valid_attributes
+    r.should_not be_valid    
+    r.errors.on(:description).should match(/is too long/)
+  end    
+
+  it "should create a new instance given valid attributes" do
+    Role.destroy_all
+    Role.create!(@valid_attributes)
+    Role.destroy_all    
+  end
+  
+  it "should always downcase named" do
+    r = Role.create(@valid_attributes)
+    r.name.should eql(@valid_attributes[:name].downcase)
+  end
+  
+
+  describe "Permission System" do
+    before(:each) do      
+      @role = Role.create! @valid_attributes
+      @authorizable = @role
+    end
+
+    after(:each) do
+      @role.destroy
+    end
+    
+    it_should_behave_like "Authorizable"   
+  end
+
+end
+ 

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+ENV['RAILS_ENV'] = 'test'
+ENV['RAILS_ROOT'] ||= File.dirname(__FILE__) + '/../../../..'
+require File.expand_path(File.join(ENV['RAILS_ROOT'], 'config/environment.rb'))
+
+require File.join(File.dirname(__FILE__), '..', 'lib', 'access_control')
+
+require File.join(File.dirname(__FILE__), 'support', 'authorizable')
+
+ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :database => "access_control.sqlite3")
+
+load File.join(File.dirname(__FILE__), 'support', 'schema.rb')

data/spec/support/access_control_user.rb

@@ -0,0 +1,5 @@
+require '../lib/access_control'
+
+class User < ActiveRecord::Base
+  has_access_controls
+end

data/spec/support/authorizable.rb

@@ -0,0 +1,61 @@
+shared_examples_for "Authorizable" do
+  describe "DSL" do
+    it "should have method in the format of can_permission_name? to ask permission" do      
+      Permission.names.each do |permission|
+        method_name = ("can_" + permission.downcase + "?").to_sym
+        @authorizable.send(method_name)
+      end
+    end
+
+    it "should have a method formatted like can_not_permission? to see if denied" do
+      Permission.names.each do |permission|
+        method_name = ("can_not_" + permission.downcase + "?").to_sym
+        @authorizable.send(method_name)
+      end
+    end
+
+    it "should raise an error when asking can_permission_that_deoesnt_exist" do
+      lambda{ @authorizable.can_permission_that_has_no_chance_of_existing?}.should raise_error
+    end
+
+    it "should also raise an error when asking can_not?" do
+      lambda{ @authorizable.can_not_permission_that_has_no_chance_of_existing?}.should raise_error
+    end
+  end
+
+  describe "Granting a permission" do
+    it "should have a method to grant a permission" do
+      @authorizable.respond_to?(:grant).should be_true
+    end
+
+    it "should take a symbol as a permission name" do        
+      lambda {@authorizable.grant(:manage_users)}.should_not raise_error
+    end
+
+    it "should take a string as a permission name" do
+      lambda { @authorizable.grant("manage_users")}.should_not raise_error
+    end
+
+    it "should raise an error if the permission is not a string or symbol" do
+      lambda { @authorizable.grant([:permission, :permission])}.should raise_error
+    end
+
+    it "should only grant permissions that exist" do
+      @authorizable.grant(:manage_news).should be_true
+    end
+
+    it "should raise an error when permissions don't exist" do
+      lambda { @authorizable.grant(:adsfjk238748723478)}.should raise_error
+    end
+
+    it "should be able to authorize after granting" do
+      @authorizable.can?(:manage_news).should be_false
+      @authorizable.grant(:manage_news).should be_true
+      @authorizable.can?(:manage_news).should be_true
+    end
+
+    it "should have a method to check to see if it is god" do
+      @authorizable.respond_to?(:god?).should be_true
+    end      
+  end
+end

data/spec/support/schema.rb

@@ -0,0 +1,39 @@
+ActiveRecord::Schema.define do
+  create_table "permissions", :force => true do |t|
+    t.integer  "authorizable_id"
+    t.string   "authorizable_type"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+    t.boolean  "run_tests",           :default => false
+    t.boolean  "post_news", :default => false
+    t.boolean   "manage_news", :default => false
+    t.boolean "manage_users", :default => false
+    t.boolean  "god",                   :default => false
+    t.boolean  "manage_events",         :default => false
+    t.boolean "manage_schedule", :default => false
+  end
+  
+  create_table "role_permissions", :id => false, :force => true do |t|
+    t.integer "role_id"
+    t.integer "permission_id"
+  end
+
+  create_table "roles", :force => true do |t|
+    t.string   "name"
+    t.string   "description"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+  
+  create_table "user_roles", :id => false, :force => true do |t|
+    t.integer "user_id"
+    t.integer "role_id"
+  end
+  
+  create_table "users", :force => true do |t|
+    t.string "name"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+  
+end

data/tasks/access_control_tasks.rake

@@ -0,0 +1,6 @@
+namespace :access_control do
+  task :permissions => :environment do
+    desc "Lists all available permissions"
+    Permission.names.each {|name| puts name}
+  end
+end

data/uninstall.rb

@@ -0,0 +1 @@
+# Uninstall hook code here

metadata

@@ -0,0 +1,85 @@
+--- !ruby/object:Gem::Specification 
+name: Adman65-AccessControl
+version: !ruby/object:Gem::Version 
+  version: 0.2.1
+platform: ruby
+authors: 
+- Adam Hawkins
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-07-11 00:00:00 -07:00
+default_executable: 
+dependencies: []
+
+description: Simple role based authorization for rails
+email: Adman1965@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.markdown
+files: 
+- AccessControl.gemspec
+- MIT-LICENSE
+- README.markdown
+- Rakefile
+- VERSION
+- generators/access_control/USAGE
+- generators/access_control/access_control_generator.rb
+- generators/access_control/templates/migrate/create_access_control_models.rb
+- init.rb
+- install.rb
+- lib/access_control.rb
+- lib/access_control/common_methods.rb
+- lib/access_control/controller_helper.rb
+- lib/access_control/language.rb
+- lib/access_control/role_extension.rb
+- lib/access_control/user_extension.rb
+- lib/app/models/permission.rb
+- lib/app/models/role.rb
+- spec/access_controlled_user_spec.rb
+- spec/models/permission_spec.rb
+- spec/models/role_spec.rb
+- spec/spec_helper.rb
+- spec/support/access_control_user.rb
+- spec/support/authorizable.rb
+- spec/support/schema.rb
+- tasks/access_control_tasks.rake
+- uninstall.rb
+has_rdoc: false
+homepage: http://github.com/Adman65/AccessControl
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.2.0
+signing_key: 
+specification_version: 3
+summary: Simple role based authorization for rails
+test_files: 
+- spec/access_controlled_user_spec.rb
+- spec/models/permission_spec.rb
+- spec/models/role_spec.rb
+- spec/spec_helper.rb
+- spec/support/access_control_user.rb
+- spec/support/authorizable.rb
+- spec/support/schema.rb