access-granted 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 990382c04aeeeb43c67adcd3adc1fc0e4ac6b7ac
+  data.tar.gz: d9970ae5c29e073953f41ec55c3f19b8a0d18225
+SHA512:
+  metadata.gz: 6ddcadc2b5e812ae350e91479047c344d705e6cb7f3011f35e695aab0ca545402a550c1e9f8c45661e64cce0228b0f44334c384615721eb2eca38938d0ea501e
+  data.tar.gz: 9060e6c5d8243a43f33dfe9a4b6274a68edd748d1e32930939c5c7097db0679be03f21a168ae98f031806696da654a4806c3844f866ac2aadc4ccde6f5102b51

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1 @@
+--color

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 1.9.3
+  - 2.0.0

data/Gemfile

@@ -0,0 +1,9 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in access-granted.gemspec
+gemspec
+
+group :test do
+  gem 'simplecov', require: false
+  gem 'rake'
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Piotrek Okoński
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,120 @@
+# AccessGranted [![Build Status](https://travis-ci.org/pokonski/access-granted.png?branch=master)](https://travis-ci.org/pokonski/access-granted) [![Code Climate](https://codeclimate.com/github/pokonski/access-granted.png)](https://codeclimate.com/github/pokonski/access-granted)
+
+Multi-role and whitelist based authorization gem for Rails. And it's lightweight (~300 lines of code)!
+
+# Summary
+
+AccessGranted is meant as replacement for CanCan to solve three major problems:
+
+1. built-in support for roles
+
+  Easy to read acess policy code where permissions are cleanly grouped into roles which may or may not apply to a user.
+  Additionally permissions are forced to be unique in the scope a role greatly simplifying the
+  permission resolving and extremely reducing the code-base.
+
+2. white-list based
+
+  This means that you define what a role **can** do,
+  not overidding permissions with `cannot` in a specific order which results in an ugly and unmaintainable code.
+
+3. Permissions can work on basically any object and AccessGranted is framework-agnostic,
+   (the only Rails-specific methods are `can?`/`cannot?`/`authorize!` helpers injected
+   into the framework only when it's present).
+
+See [Usage](#usage) for an example of a complete AccessPolicy file.
+
+## Compatibility
+
+This gem was created as a replacement for CanCan and therefore it requires minimum work to switch.
+
+1. Both `can?`/`cannot?` and `authorize!` methods work in Rails controllers and views, so
+   **you don't have to adjust your views at all**.
+2. Syntax for defining permissions in AccessPolicy file (Ability in CanCan) is exactly the same,
+   with added roles on top. See [Usage](#usage) below.
+3. **Main difference**: AccessGranted does not extend ActiveRecord in any way, so it does not have the `accessible_by?`
+   method to keep the code as simple as possible.
+   That is because `accessible_by?` was very limited making it useless in most cases (complex permissions with lambdas).
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'access-granted'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install access-granted
+
+## Usage
+
+Roles are defined using blocks (or by passing custom classes to keep things tidy).
+Order of the roles is important, because they are being traversed in the top-to-bottom order. Generally at the top you will have
+an admin or other important role giving the user top permissions, and as you go down you define less-privileged roles.
+
+See full example:
+
+```ruby
+class Policy
+  include AccessGranted::Policy
+
+  def configure(user)
+    # The most important role prohibiting banned
+    # users from doing anything.
+    # (even if they are moderators or admins)
+    role :banned, { is_banned: true } do
+      cannot [:create, :update, :destroy], Post
+
+      # same as above, :manage is just a shortcut for
+      # `[:create, :update, :destroy]`
+      cannot :manage, Comment
+    end
+
+    # Takes precedences over roles placed lower
+    # and explicitly lets admin mamange everything.
+    role :admin, { is_admin: true } do
+      can :manage, Post
+      can :manage, Comment
+    end
+
+    # You can also use Procs to determine
+    # if the role should apply to a given user.
+    role :moderator, proc {|u| u.moderator? } do
+      # overwrites permission that only allows removing own content in :member
+      # and lets moderators edit and delete all posts
+      can [:update, :destroy], Post
+
+      # and a new permission which lets moderators
+      # modify user accounts
+      can :update, User
+    end
+
+    # Applies to everyone logged in.
+    # The basic role.
+    role :member do
+      can :create, Post
+
+      # For more advanced permissions
+      # you must use blocks. Hash
+      # conditions should be used for
+      # simple checks only.
+      can [:update, :destroy], Post do |post|
+        post.user_id == user.id && post.comments.empty?
+      end
+    end
+  end
+end
+```
+
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,7 @@
+require "bundler/gem_tasks"
+
+task :default => [:spec]
+desc 'run Rspec specs'
+task :spec do
+  sh 'rspec spec'
+end

data/access-granted.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'access-granted/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "access-granted"
+  spec.version       = AccessGranted::VERSION
+  spec.authors       = ["Piotrek Okoński"]
+  spec.email         = ["piotrek@okonski.org"]
+  spec.description   = %q{Whitelist and role based authorization gem}
+  spec.summary       = %q{Elegant whitelist and role based authorization with ability to prioritize roles.}
+  spec.homepage      = "https://github.com/pokonski/access-granted"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^spec/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "pry"
+  spec.add_development_dependency "text-table"
+end

data/lib/access-granted.rb

@@ -0,0 +1,16 @@
+require "access-granted/version"
+require "access-granted/exceptions"
+require "access-granted/policy"
+require "access-granted/permission"
+require "access-granted/controller_methods"
+require "access-granted/role"
+
+module AccessGranted
+
+end
+
+if defined? ActionController::Base
+  ActionController::Base.class_eval do
+    include AccessGranted::ControllerMethods
+  end
+end

data/lib/access-granted/controller_methods.rb

@@ -0,0 +1,24 @@
+module AccessGranted
+  module ControllerMethods
+    def current_policy
+      @current_policy ||= ::Policy.new(current_user)
+    end
+
+    def self.included(base)
+      base.helper_method :can?, :cannot?, :current_ability
+    end
+
+    def can?(*args)
+      current_policy.can?(*args)
+    end
+
+    def cannot?(*args)
+      current_policy.cannot?(*args)
+    end
+
+    def authorize!(*args)
+      current_policy.authorize!(*args)
+    end
+  end
+end
+

data/lib/access-granted/exceptions.rb

@@ -0,0 +1,7 @@
+module AccessGranted
+  class Error < StandardError; end
+
+  class DuplicatePermission < Error; end;
+  class DuplicateRole < Error; end;
+  class AccessDenied < Error; end;
+end

data/lib/access-granted/permission.rb

@@ -0,0 +1,47 @@
+module AccessGranted
+  class Permission
+    attr_reader :action, :subject, :granted, :conditions
+
+    def initialize(granted, action, subject, conditions = {}, block = nil)
+      @action     = action
+      @granted    = granted
+      @subject    = subject
+      @conditions = conditions
+      @block      = block
+    end
+
+    def matches_action?(action)
+      @action == action
+    end
+
+    def matches_subject?(subject)
+      @subject == subject || subject.class == @subject
+    end
+
+    def matches_conditions?(subject)
+      if @block
+        @block.call(subject)
+      else
+        matches_hash_conditions?(subject)
+      end
+    end
+
+    def matches_hash_conditions?(subject)
+      @conditions.each_pair do |name, value|
+        return false if subject.send(name) != value
+      end
+      true
+    end
+
+    def eql?(other)
+      other.class == self.class &&
+        @action   == other.action &&
+          @subject  == other.subject &&
+            @granted  == other.granted
+    end
+
+    def ==(other)
+      eql?(other)
+    end
+  end
+end

data/lib/access-granted/policy.rb

@@ -0,0 +1,56 @@
+module AccessGranted
+  module Policy
+    attr_accessor :roles
+
+    def initialize(user)
+      @user          = user
+      @roles         = []
+      @last_priority = 0
+      configure(@user)
+    end
+
+    def configure(user)
+    end
+
+    def role(name, conditions_or_klass = nil, conditions = nil, &block)
+      name = name.to_sym
+      if roles.select {|r| r.name == name }.any?
+        raise DuplicateRole, "Role '#{name}' already defined"
+      end
+      @last_priority += 1
+      r = if conditions_or_klass.is_a?(Class) && conditions_or_klass <= AccessGranted::Role
+        conditions_or_klass.new(name, @last_priority, conditions, @user, block)
+      else
+        Role.new(name, @last_priority, conditions_or_klass, @user, block)
+      end
+      roles << r
+      roles.sort_by! {|r|  r.priority }
+      r
+    end
+
+    def can?(action, subject)
+      match_roles(@user).each do |role|
+        permission = role.find_permission(action, subject)
+        return permission.granted if permission
+      end
+      false
+    end
+
+    def cannot?(*args)
+      !can?(*args)
+    end
+
+    def match_roles(user)
+      roles.select do |role|
+        role.applies_to?(user)
+      end
+    end
+
+    def authorize!(action, subject)
+      if cannot?(action, subject)
+        raise AccessDenied
+      end
+      subject
+    end
+  end
+end

data/lib/access-granted/role.rb

@@ -0,0 +1,91 @@
+module AccessGranted
+  class Role
+    attr_reader :name, :user, :priority, :conditions, :permissions
+
+    def initialize(name, priority, conditions = nil, user = nil, block = nil)
+      @user         = user
+      @name         = name
+      @priority     = priority
+      @conditions   = conditions
+      @block        = block
+      @permissions  = []
+      @permissions_by_action = {}
+      if @block
+        instance_eval(&@block)
+      else
+        configure(@user)
+      end
+    end
+
+    def configure(user)
+    end
+
+    def can(action, subject, conditions = {}, &block)
+      add_permission(true, action, subject, conditions, block)
+    end
+
+    def cannot(action, subject, conditions = {}, &block)
+      add_permission(false, action, subject, conditions, block)
+    end
+
+    def can?(action, subject)
+      permission = find_permission(action, subject)
+      permission ? permission.granted : false
+    end
+
+    def find_permission(action, subject)
+      relevant_permissions(action, subject).detect do |permission|
+        permission.matches_conditions?(subject)
+      end
+    end
+
+    def applies_to?(user)
+      case @conditions
+      when Hash
+        matches_hash(user, @conditions)
+      when Proc
+        @conditions.call(user)
+      else
+        true
+      end
+    end
+
+
+    def relevant_permissions(action, subject)
+      permissions_by_action(action).select do |perm|
+        perm.matches_subject?(subject)
+      end
+    end
+
+    def matches_hash(user, conditions = {})
+      conditions.all? do |name, value|
+        user.send(name) == value
+      end
+    end
+
+    def add_permission(granted, action, subject, conditions, block)
+      prepare_actions(action).each do |a|
+        raise DuplicatePermission if relevant_permissions(a, subject).any?
+        @permissions << Permission.new(granted, a, subject, conditions, block)
+        @permissions_by_action[a] ||= []
+        @permissions_by_action[a]  << @permissions.size - 1
+      end
+    end
+
+    private
+
+    def prepare_actions(action)
+      if action == :manage
+        actions = [:create, :update, :destroy]
+      else
+        actions = [action].flatten
+      end
+    end
+
+    def permissions_by_action(action)
+      (@permissions_by_action[action] || []).map do |index|
+        @permissions[index]
+      end
+    end
+  end
+end

data/lib/access-granted/version.rb

@@ -0,0 +1,3 @@
+module AccessGranted
+  VERSION = "0.0.2"
+end

data/spec/controller_methods_spec.rb

@@ -0,0 +1,42 @@
+require "spec_helper"
+
+describe AccessGranted::ControllerMethods do
+  before(:each) do
+    @current_user = double("User")
+    @controller_class = Class.new
+    @controller = @controller_class.new
+    @controller_class.stub(:helper_method).with(:can?, :cannot?, :current_ability)
+    @controller_class.send(:include, AccessGranted::ControllerMethods)
+    @controller.stub(:current_user).and_return(@current_user)
+  end
+
+  it "should have current_policy method returning Policy instance" do
+    @controller.current_policy.should be_kind_of(AccessGranted::Policy)
+  end
+
+  it "provides can? and cannot? method delegated to current_policy" do
+    @controller.can?(:read, String).should be_false
+    @controller.cannot?(:read, String).should be_true
+  end
+
+  describe "#authorize!" do
+    it "raises exception when authorization fails" do
+      expect { @controller.authorize!(:read, String) }.to raise_error(AccessGranted::AccessDenied)
+    end
+
+    it "returns subject if authorization succeeds" do
+      klass = Class.new do
+        include AccessGranted::Policy
+
+        def configure(user)
+          role :member, 1 do
+            can :read, String
+          end
+        end
+      end
+      policy = klass.new(@current_user)
+      @controller.stub(:current_policy).and_return(policy)
+      @controller.authorize!(:read, String).should == String
+    end
+  end
+end

data/spec/permission_spec.rb

@@ -0,0 +1,56 @@
+require 'spec_helper'
+
+describe AccessGranted::Permission do
+  subject { AccessGranted::Permission }
+
+  describe "#matches_conditions?" do
+    it "matches when no conditions given" do
+      perm = subject.new(true, :read, String)
+      perm.matches_conditions?(String).should be_true
+    end
+
+    it "matches proc conditions" do
+      sub = double("Element", published?: true)
+      perm = subject.new(true, :read, sub.class, {}, proc {|el| el.published? })
+      perm.matches_conditions?(sub).should be_true
+    end
+  end
+
+  describe "#matches_hash_conditions?" do
+    it "matches condition hash is empty" do
+      perm = subject.new(true, :read, String)
+      perm.matches_hash_conditions?(String).should be_true
+    end
+
+    it "matches when conditions given" do
+      sub = double("Element", published: true)
+      perm = subject.new(true, :read, sub, { published: true })
+      perm.matches_hash_conditions?(sub).should be_true
+    end
+
+    it "does not match if one of the conditions mismatches" do
+      sub = double("Element", published: true, readable: false)
+      perm = subject.new(true, :read, sub, { published: true, readable: true })
+      perm.matches_hash_conditions?(sub).should be_false
+    end
+  end
+
+  describe "#matches_action?" do
+    it "matches if actions are identical" do
+      perm = subject.new(true, :read, String)
+      perm.matches_action?(:read).should be_true
+    end
+  end
+
+  describe "#matches_subject?" do
+    it "matches if subjects are identical" do
+      perm = subject.new(true, :read, String)
+      expect(perm.matches_subject? String).to be_true
+    end
+
+    it "matches if class is equal to subject" do
+      perm = subject.new(true, :read, String)
+      expect(perm.matches_subject? "test").to be_true
+    end
+  end
+end

data/spec/policy_spec.rb

@@ -0,0 +1,105 @@
+require 'spec_helper'
+
+describe AccessGranted::Policy do
+  before :each do
+    @policy = Class.new do
+      include AccessGranted::Policy
+    end.new(nil)
+  end
+
+  describe "#configure" do
+    before :each do
+      @member = double("member",        is_moderator: false, is_admin: false, is_banned: false)
+      @mod    = double("moderator",     is_moderator: true,  is_admin: false, is_banned: false)
+      @admin  = double("administrator", is_moderator: false, is_admin: true,  is_banned: false)
+      @banned = double("banned",        is_moderator: false, is_admin: true,  is_banned: true)
+    end
+
+    it "selects permission based on role priority" do
+      klass = Class.new do
+        include AccessGranted::Policy
+
+        def configure(user)
+          role :member do
+            can :read, String
+          end
+
+          role :moderator, { is_moderator: true } do
+            can :edit, String
+          end
+
+          role :administrator, { is_admin: true } do
+            can :destroy, String
+          end
+        end
+      end
+      klass.new(@member).cannot?(:destroy, String).should be_true
+      klass.new(@admin).can?(:destroy, String).should     be_true
+      klass.new(@admin).can?(:read, String).should        be_true
+      klass.new(@mod).cannot?(:destroy, String).should    be_true
+    end
+
+    describe "#cannot" do
+      it "forbids action when used in higher role" do
+        klass = Class.new do
+          include AccessGranted::Policy
+
+          def configure(user)
+            role :banned, { is_banned: true } do
+              cannot :create, String
+            end
+
+            role :member do
+              can :create, String
+            end
+          end
+        end
+        klass.new(@member).can?(:create, String).should be_true
+        klass.new(@banned).can?(:create, String).should be_false
+      end
+    end
+  end
+
+  describe "#role" do
+    it "allows passing role class" do
+      klass_role = Class.new AccessGranted::Role do
+        def configure(user)
+          can :read, String
+        end
+      end
+      @policy.role(:member, klass_role)
+      @policy.roles.first.class.should == klass_role
+    end
+
+    it "allows defining a default role" do
+      @policy.role(:member)
+      @policy.roles.map(&:name).should include(:member)
+    end
+
+    it "does not allow duplicate role names" do
+      @policy.role(:member)
+      expect { @policy.role(:member) }.to raise_error AccessGranted::DuplicateRole
+    end
+
+    it "allows nesting `can` calls inside a block" do
+      role = @policy.role(:member) do
+        can :read, String
+      end
+
+      role.can?(:read, String).should be_true
+    end
+  end
+
+  describe "#match_roles" do
+    it "returns all matching roles in the order of priority" do
+      user = double("User", is_moderator: true, is_admin: true)
+
+      @policy.role(:administrator, { is_admin:     true })
+      @policy.role(:moderator,     { is_moderator: true })
+      @policy.role(:member)
+
+      @policy.match_roles(user).map(&:name).should == [:administrator, :moderator, :member]
+    end
+  end
+
+end

data/spec/role_spec.rb

@@ -0,0 +1,95 @@
+require 'spec_helper'
+
+describe AccessGranted::Role do
+  subject { AccessGranted::Role }
+
+  it "requires a role name" do
+    expect { subject.new }.to raise_error
+  end
+
+  it "requires priority" do
+    expect { subject.new(:member) }.to raise_error
+  end
+
+  it "creates a default role without conditions" do
+    subject.new(:member, 1).conditions.should be_nil
+  end
+
+  describe "#relevant_permissions?" do
+    it "returns only matching permissions" do
+      role = subject.new(:member, 1)
+      role.can :read, String
+      role.can :read, Hash
+      role.relevant_permissions(:read, String).should == [AccessGranted::Permission.new(true, :read, String)]
+    end
+  end
+
+  describe "#applies_to?" do
+    it "matches user when no conditions given" do
+      role = subject.new(:member, 1)
+      user = double("User")
+      role.applies_to?(user).should be_true
+    end
+
+    it "matches user by hash conditions" do
+      role = subject.new(:moderator, 1,  { is_moderator: true })
+      user = double("User", is_moderator: true)
+      role.applies_to?(user).should be_true
+    end
+
+    it "doesn't match user if any of hash conditions is not met" do
+      role = subject.new(:moderator, 1, { is_moderator: true, is_admin: true })
+      user = double("User", is_moderator: true, is_admin: false)
+      role.applies_to?(user).should be_false
+    end
+
+    it "matches user by Proc conditions" do
+      role = subject.new(:moderator, 1, proc {|user| user.is_moderator? })
+      user = double("User", is_moderator?: true)
+      role.applies_to?(user).should be_true
+    end
+  end
+
+  describe "#can" do
+    before :each do
+      @role = AccessGranted::Role.new(:member, 1)
+    end
+
+    it "forbids creating actions with the same name" do
+      @role.can :read, String
+      expect { @role.can :read, String }.to raise_error AccessGranted::DuplicatePermission
+    end
+
+    it "accepts :manage shortcut for CRUD actions" do
+      @role.can :manage, String
+      @role.permissions.map(&:action).should include(:create, :update, :destroy)
+    end
+
+    describe "when action is an Array" do
+      it "creates multiple permissions" do
+        @role.can [:read, :create], String
+        @role.permissions.should have(2).items
+      end
+    end
+
+    describe "when no conditions given" do
+      it "should be able to read a class" do
+        @role.can :read, String
+        @role.can?(:read, String).should be_true
+      end
+
+      it "should be able to read instance of class" do
+        @role.can :read, String
+        @role.can?(:read, "text").should be_true
+      end
+    end
+
+    describe "when conditions given" do
+      it "should be able to read when conditions match" do
+        sub = double("Element", published: true)
+        @role.can :read, sub.class, { published: true }
+        @role.can?(:read, sub).should be_true
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,26 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'simplecov'
+SimpleCov.start
+require 'pry'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  config.order = 'random'
+end
+
+module ActionController
+  class Base
+    def self.helper_method(*args)
+    end
+  end
+end
+require 'access-granted'
+
+class Policy
+  include AccessGranted::Policy
+end
+

metadata

@@ -0,0 +1,141 @@
+--- !ruby/object:Gem::Specification
+name: access-granted
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Piotrek Okoński
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-11-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: text-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Whitelist and role based authorization gem
+email:
+- piotrek@okonski.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- .travis.yml
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- access-granted.gemspec
+- lib/access-granted.rb
+- lib/access-granted/controller_methods.rb
+- lib/access-granted/exceptions.rb
+- lib/access-granted/permission.rb
+- lib/access-granted/policy.rb
+- lib/access-granted/role.rb
+- lib/access-granted/version.rb
+- spec/controller_methods_spec.rb
+- spec/permission_spec.rb
+- spec/policy_spec.rb
+- spec/role_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/pokonski/access-granted
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: Elegant whitelist and role based authorization with ability to prioritize
+  roles.
+test_files:
+- spec/controller_methods_spec.rb
+- spec/permission_spec.rb
+- spec/policy_spec.rb
+- spec/role_spec.rb
+- spec/spec_helper.rb
+has_rdoc: