access-granted 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e569e46f4095287086e980979eb59cb48bb8d671
-  data.tar.gz: 12579f6c1242101c5dfdab73bda111170fd719be
+  metadata.gz: ada45684334e5433ed3504e66d2183464bcf4203
+  data.tar.gz: b0c59ba381cc29461dcb70d13a771dd72c268495
 SHA512:
-  metadata.gz: b3bdef4853790d402a621cc1eae254d4fed2dc12a2273c704379bb84d7dce6f4a03d6c7b071a6b1a74d27bdf319cc98b0372490b164dd8ef3eaaa7edc2af3fe8
-  data.tar.gz: 4baac040d13e99a97aae7c3e160a3dc6e506350195b148e6c2737c8ee5b51c141b45e6e6f1e4b791a07e077abdf7552cfda87eab22c1a9c2b162fd14f7e6a2c2
+  metadata.gz: 2db7e6b39316cffabd20ef32e1b93af44f86812af6e93fc4153a03355326608b4727b99b78ac7843a47d3f8c85b3995cae01dd81335f692900f043feeb396c31
+  data.tar.gz: 0c19dd7e52f3ccf791a00ae436cd983df5e64377bf2cf3a6dd1511805f4e62b8cf429b974a3c20b22eca4cd4b564c2fe7d5af5bad1c88c98f5d0fea0d4ee2054

data/README.md

@@ -1,4 +1,7 @@
-# AccessGranted [![Build Status](https://travis-ci.org/pokonski/access-granted.png?branch=master)](https://travis-ci.org/pokonski/access-granted) [![Code Climate](https://codeclimate.com/github/pokonski/access-granted.png)](https://codeclimate.com/github/pokonski/access-granted)
+# AccessGranted [![Build Status](https://travis-ci.org/chaps-io/access-granted.svg?branch=master)](https://travis-ci.org/chaps-io/access-granted) [![Code Climate](https://codeclimate.com/github/pokonski/access-granted.png)](https://codeclimate.com/github/pokonski/access-granted)
+
+## [![](http://i.imgur.com/ya8Wnyl.png)](https://chaps.io) proudly made by [Chaps](https://chaps.io)
+
 
 Multi-role and whitelist based authorization gem for Rails. And it's lightweight (~300 lines of code)!
 
@@ -8,24 +11,27 @@ Guaranteed to work on MRI 1.9.3/2.0/2.1, Rubinius >= 2.1.1 and JRuby >= 1.7.6.
 
 # Summary
 
-AccessGranted is meant as replacement for CanCan to solve three major problems:
+AccessGranted is meant as a replacement for CanCan to solve three major problems:
 
-1. built-in support for roles
+1. **built-in support for roles**
 
-  Easy to read access policy code where permissions are cleanly grouped into roles which may or may not apply to a user.
-  Additionally permissions are forced to be unique in the scope a role. Thus greatly simplifying the
-  permission resolving and extremely reducing the code-base.
+  Easy to read access policy code where permissions are cleanly grouped into roles.
+  Additionally, permissions are forced to be unique in the scope of a role. This greatly simplifies the resolving
+  permissions while substantially reducing the code-base.
 
-2. white-list based
+2. **white-list based**
 
-  This means that you define what a role **can** do,
-  not overidding permissions with `cannot` in a specific order which results in an ugly and unmaintainable code.
+  This means that you define what a role **can** do, which results in clean, readable policies regardless of complexity.
+  You don't have to worry about juggling `can`s and `cannot`s in a very convoluted way!
 
-  **Note**: `cannot` is still possible, but has a specifc use. See [Usage](#usage) below.
+  _Note_: `cannot` is still available, but has a very specifc use. See [Usage](#usage) below.
 
-3. Permissions can work on basically any object and AccessGranted is framework-agnostic,
-   (the Rails-specific methods are `can?`/`cannot?`/`authorize!` helpers injected
-   into the framework only when it's present).
+3. **framework agnostic**
+
+  Permissions can work on basically any object and AccessGranted is framework-agnostic,
+  But we offer extensions for your favourite frameworks as gems:
+  - Rails: [access-granted-rails](https://github.com/pokonski/access-granted-rails)
+  - ... more to come!
 
 See [Usage](#usage) for an example of a complete AccessPolicy file.
 
@@ -41,11 +47,8 @@ This gem was created as a replacement for CanCan and therefore it requires minim
    I decided to not implement this functionality as it was mostly ignored by CanCan users.
 
 2. Both `can?`/`cannot?` and `authorize!` methods work in Rails controllers and views, just like in CanCan.
-   The only change you have to make is replace all `can? :manage, Class` with precise action.
-   `can :manage` is stil available for **defining** methods and serves as a shortcut for defining `:read`, `:create`, `:update`, `:destroy`
-   in one line.
-
-   Due to introduction of Roles checking for generic `:manage` permission is very complicated and also confusing for developers.
+   The only change you have to make is to replace all `can? :manage, Class` with the exact action to check against.
+   `can :manage` is still available for **defining** methods and serves as a shortcut for defining `:read`, `:create`, `:update`, `:destroy` all in one line.
 
 3. Syntax for defining permissions in AccessPolicy file (Ability in CanCan) is exactly the same,
    with added roles on top. See [Usage](#usage) below.
@@ -53,17 +56,15 @@ This gem was created as a replacement for CanCan and therefore it requires minim
 
 ## Installation
 
-Add this line to your application's Gemfile:
+### Rails
 
-    gem 'access-granted'
-
-And then execute:
+This includes Rails-specific integration (`can?`, `cannot?`, `current_policy` helpers and more):
 
-    $ bundle
+    gem 'access-granted-rails'
 
-Or install it yourself as:
+### Others
 
-    $ gem install access-granted
+    gem 'access-granted'
 
 ## Usage
 
@@ -126,6 +127,44 @@ class Policy
 end
 ```
 
+## Common examples
+
+### Extracting roles to separate files
+
+Let's say your app is getting bigger and more complex. This means your policy file is also getting longer.
+
+Below you can see an extracted `:member` role:
+
+```ruby
+class AccessPolicy
+  include AccessGranted::Policy
+
+  def configure(user)
+    role :administrator, is_admin: true do
+      can :manage, User
+    end
+
+    role :member, MemberRole, lambda { |user| !u.guest? }
+  end
+end
+
+```
+
+And roles should look like this
+
+```ruby
+# app/roles/member_role.rb
+
+class MemberRole < AccessGranted::Role
+  def configure(user)
+    can :create, Post
+    can :destroy, Post do |post|
+      post.author == user
+    end
+  end
+end
+```
+
 
 ## Contributing
 

data/access-granted.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.email         = ["piotrek@okonski.org"]
   spec.description   = %q{Role based authorization gem}
   spec.summary       = %q{Elegant whitelist and role based authorization with ability to prioritize roles.}
-  spec.homepage      = "https://github.com/pokonski/access-granted"
+  spec.homepage      = "https://github.com/chaps-io/access-granted"
   spec.license       = "MIT"
 
   spec.files         = `git ls-files`.split($/)

data/lib/access-granted.rb

@@ -2,15 +2,8 @@ require "access-granted/version"
 require "access-granted/exceptions"
 require "access-granted/policy"
 require "access-granted/permission"
-require "access-granted/controller_methods"
 require "access-granted/role"
 
 module AccessGranted
 
 end
-
-if defined? ActionController::Base
-  ActionController::Base.class_eval do
-    include AccessGranted::ControllerMethods
-  end
-end

data/lib/access-granted/permission.rb

@@ -15,7 +15,7 @@ module AccessGranted
     end
 
     def matches_subject?(subject)
-      @subject == subject || subject.class == @subject
+      subject == @subject || subject.class <= @subject
     end
 
     def matches_conditions?(subject)

data/lib/access-granted/policy.rb

@@ -5,7 +5,6 @@ module AccessGranted
     def initialize(user)
       @user          = user
       @roles         = []
-      @last_priority = 0
       configure(@user)
     end
 
@@ -17,19 +16,17 @@ module AccessGranted
       if roles.select {|r| r.name == name }.any?
         raise DuplicateRole, "Role '#{name}' already defined"
       end
-      @last_priority += 1
       r = if conditions_or_klass.is_a?(Class) && conditions_or_klass <= AccessGranted::Role
-        conditions_or_klass.new(name, @last_priority, conditions, @user, block)
+        conditions_or_klass.new(name, conditions, @user, block)
       else
-        Role.new(name, @last_priority, conditions_or_klass, @user, block)
+        Role.new(name, conditions_or_klass, @user, block)
       end
       roles << r
-      roles.sort_by! {|r|  r.priority }
       r
     end
 
     def can?(action, subject)
-      match_roles(@user).each do |role|
+      matching_roles.each do |role|
         permission = role.find_permission(action, subject)
         return permission.granted if permission
       end
@@ -40,10 +37,8 @@ module AccessGranted
       !can?(*args)
     end
 
-    def match_roles(user)
-      roles.select do |role|
-        role.applies_to?(user)
-      end
+    def matching_roles
+      roles.select { |role| role.applies_to?(@user) }
     end
 
     def authorize!(action, subject)

data/lib/access-granted/role.rb

@@ -1,11 +1,10 @@
 module AccessGranted
   class Role
-    attr_reader :name, :user, :priority, :conditions, :permissions
+    attr_reader :name, :user, :conditions, :permissions
 
-    def initialize(name, priority, conditions = nil, user = nil, block = nil)
+    def initialize(name, conditions = nil, user = nil, block = nil)
       @user         = user
       @name         = name
-      @priority     = priority
       @conditions   = conditions
       @block        = block
       @permissions  = []
@@ -45,7 +44,6 @@ module AccessGranted
       end
     end
 
-
     def relevant_permissions(action, subject)
       permissions_by_action(action).select do |perm|
         perm.matches_subject?(subject)

data/lib/access-granted/version.rb

@@ -1,3 +1,3 @@
 module AccessGranted
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

data/spec/permission_spec.rb

@@ -6,51 +6,66 @@ describe AccessGranted::Permission do
   describe "#matches_conditions?" do
     it "matches when no conditions given" do
       perm = subject.new(true, :read, String)
-      perm.matches_conditions?(String).should be_true
+      expect(perm.matches_conditions?(String)).to eq(true)
     end
 
     it "matches proc conditions" do
       sub = double("Element", published?: true)
       perm = subject.new(true, :read, sub.class, {}, proc {|el| el.published? })
-      perm.matches_conditions?(sub).should be_true
+      expect(perm.matches_conditions?(sub)).to eq(true)
     end
   end
 
   describe "#matches_hash_conditions?" do
     it "matches condition hash is empty" do
       perm = subject.new(true, :read, String)
-      perm.matches_hash_conditions?(String).should be_true
+      expect(perm.matches_hash_conditions?(String)).to eq(true)
     end
 
     it "matches when conditions given" do
       sub = double("Element", published: true)
       perm = subject.new(true, :read, sub, { published: true })
-      perm.matches_hash_conditions?(sub).should be_true
+      expect(perm.matches_hash_conditions?(sub)).to eq(true)
     end
 
     it "does not match if one of the conditions mismatches" do
       sub = double("Element", published: true, readable: false)
       perm = subject.new(true, :read, sub, { published: true, readable: true })
-      perm.matches_hash_conditions?(sub).should be_false
+      expect(perm.matches_hash_conditions?(sub)).to eq(false)
     end
   end
 
   describe "#matches_action?" do
     it "matches if actions are identical" do
       perm = subject.new(true, :read, String)
-      perm.matches_action?(:read).should be_true
+      expect(perm.matches_action?(:read)).to_not be_nil
     end
   end
 
   describe "#matches_subject?" do
     it "matches if subjects are identical" do
       perm = subject.new(true, :read, String)
-      expect(perm.matches_subject? String).to be_true
+      expect(perm.matches_subject? String).to eq(true)
     end
 
     it "matches if class is equal to subject" do
       perm = subject.new(true, :read, String)
-      expect(perm.matches_subject? "test").to be_true
+      expect(perm.matches_subject? "test").to eq(true)
+    end
+
+    it "matches if superclass is equal to subject" do
+      perm = subject.new(true, :read, Object)
+      expect(perm.matches_subject? "test").to eq(true)
+    end
+
+    it "matches if any ancestor is equal to subject" do
+      perm = subject.new(true, :read, BasicObject)
+      expect(perm.matches_subject? "test").to eq(true)
+    end
+
+    it "does not match if any descendant is equal to subject" do
+      perm = subject.new(true, :read, String)
+      expect(perm.matches_subject? Object.new).to eq(false)
     end
   end
 end

data/spec/policy_spec.rb

@@ -1,11 +1,8 @@
 require 'spec_helper'
 
 describe AccessGranted::Policy do
-  before :each do
-    @policy = Class.new do
-      include AccessGranted::Policy
-    end.new(nil)
-  end
+  let(:klass)      { Class.new { include AccessGranted::Policy } }
+  subject(:policy) { klass.new(nil) }
 
   describe "#configure" do
     before :each do
@@ -33,14 +30,14 @@ describe AccessGranted::Policy do
           end
         end
       end
-      klass.new(@admin).can?(:destroy, String).should     be_true
-      klass.new(@admin).can?(:read, String).should        be_true
+      expect(klass.new(@admin).can?(:destroy, String)).to     eq(true)
+      expect(klass.new(@admin).can?(:read, String)).to        eq(true)
 
-      klass.new(@member).cannot?(:destroy, String).should be_true
-      klass.new(@member).can?(:read, String).should       be_true
+      expect(klass.new(@member).cannot?(:destroy, String)).to eq(true)
+      expect(klass.new(@member).can?(:read, String)).to       eq(true)
 
-      klass.new(@mod).can?(:read, String).should          be_true
-      klass.new(@mod).cannot?(:destroy, String).should    be_true
+      expect(klass.new(@mod).can?(:read, String)).to         eq(true)
+      expect(klass.new(@mod).cannot?(:destroy, String)).to   eq(true)
     end
 
     context "when multiple roles define the same permission" do
@@ -62,9 +59,9 @@ describe AccessGranted::Policy do
           end
         end
 
-        klass.new(@admin).can?(:destroy, user_post).should be_true
-        klass.new(@member).can?(:destroy, user_post).should be_true
-        klass.new(@member).cannot?(:destroy, other_post).should be_true
+       expect(klass.new(@admin).can?(:destroy, user_post)).to eq(true)
+       expect(klass.new(@member).can?(:destroy, user_post)).to eq(true)
+       expect(klass.new(@member).cannot?(:destroy, other_post)).to eq(true)
       end
     end
     describe "#cannot" do
@@ -82,8 +79,28 @@ describe AccessGranted::Policy do
             end
           end
         end
-        klass.new(@member).can?(:create, String).should    be_true
-        klass.new(@banned).cannot?(:create, String).should be_true
+        expect(klass.new(@member).can?(:create, String)).to    eq(true)
+        expect(klass.new(@banned).cannot?(:create, String)).to eq(true)
+      end
+    end
+
+    describe "#authorize!" do
+      let(:klass) do
+        Class.new do
+          include AccessGranted::Policy
+
+          def configure(user)
+            role(:member) { can :create, String }
+          end
+        end
+      end
+
+      it "raises AccessDenied if actions is not allowed" do
+        expect { klass.new(@member).authorize!(:create, Integer) }.to raise_error AccessGranted::AccessDenied
+      end
+
+      it "returns the subject if allowed" do
+        expect(klass.new(@member).authorize!(:create, String)).to equal String
       end
     end
   end
@@ -95,39 +112,51 @@ describe AccessGranted::Policy do
           can :read, String
         end
       end
-      @policy.role(:member, klass_role)
-      @policy.roles.first.class.should == klass_role
+      subject.role(:member, klass_role)
+      expect(policy.roles.first.class).to eq(klass_role)
+    end
+
+    it "returns roles in the order of priority" do
+      policy.role(:admin)
+      policy.role(:moderator)
+      policy.role(:user)
+      policy.role(:guest)
+
+      expect(policy.roles.map(&:name)).to eq([:admin, :moderator, :user, :guest])
     end
 
     it "allows defining a default role" do
-      @policy.role(:member)
-      @policy.roles.map(&:name).should include(:member)
+      policy.role(:member)
+      expect(policy.roles.map(&:name)).to include(:member)
     end
 
     it "does not allow duplicate role names" do
-      @policy.role(:member)
-      expect { @policy.role(:member) }.to raise_error AccessGranted::DuplicateRole
+      policy.role(:member)
+      expect { policy.role(:member) }.to raise_error AccessGranted::DuplicateRole
     end
 
     it "allows nesting `can` calls inside a block" do
-      role = @policy.role(:member) do
+      role = policy.role(:member) do
         can :read, String
       end
 
-      role.find_permission(:read, String).granted.should be_true
+      expect(role.find_permission(:read, String).granted).to eq(true)
     end
   end
 
-  describe "#match_roles" do
-    it "returns all matching roles in the order of priority" do
-      user = double("User", is_moderator: true, is_admin: true)
+  describe "#matching_roles" do
+    let(:user) { double("User", is_moderator: true, is_admin: true) }
 
-      @policy.role(:administrator, { is_admin:     true })
-      @policy.role(:moderator,     { is_moderator: true })
-      @policy.role(:member)
+    before do
+      policy.role(:administrator, { is_admin:     true })
+      policy.role(:moderator,     { is_moderator: true })
+      policy.role(:member)
+    end
 
-      @policy.match_roles(user).map(&:name).should == [:administrator, :moderator, :member]
+    shared_examples 'role matcher' do
+      it "returns all matching roles in the order of priority" do
+        expect(subject.map(&:name)).to eq([:administrator, :moderator, :member])
+      end
     end
   end
-
 end

data/spec/role_spec.rb

@@ -7,52 +7,48 @@ describe AccessGranted::Role do
     expect { subject.new }.to raise_error
   end
 
-  it "requires priority" do
-    expect { subject.new(:member) }.to raise_error
-  end
-
   it "creates a default role without conditions" do
-    subject.new(:member, 1).conditions.should be_nil
+    expect(subject.new(:member).conditions).to be_nil
   end
 
   describe "#relevant_permissions?" do
     it "returns only matching permissions" do
-      role = subject.new(:member, 1)
+      role = subject.new(:member)
       role.can :read, String
       role.can :read, Hash
-      role.relevant_permissions(:read, String).should == [AccessGranted::Permission.new(true, :read, String)]
+      expect(role.relevant_permissions(:read, String)).to eq([AccessGranted::Permission.new(true, :read, String)])
     end
   end
 
   describe "#applies_to?" do
     it "matches user when no conditions given" do
-      role = subject.new(:member, 1)
+      role = subject.new(:member)
       user = double("User")
-      role.applies_to?(user).should be_true
+      expect(role.applies_to?(user)).to eq(true)
     end
 
     it "matches user by hash conditions" do
-      role = subject.new(:moderator, 1,  { is_moderator: true })
+      role = subject.new(:moderator,  { is_moderator: true })
       user = double("User", is_moderator: true)
-      role.applies_to?(user).should be_true
+      expect(role.applies_to?(user)).to eq(true)
     end
 
     it "doesn't match user if any of hash conditions is not met" do
-      role = subject.new(:moderator, 1, { is_moderator: true, is_admin: true })
+      role = subject.new(:moderator, { is_moderator: true, is_admin: true })
       user = double("User", is_moderator: true, is_admin: false)
-      role.applies_to?(user).should be_false
+      expect(role.applies_to?(user)).to eq(false)
     end
 
     it "matches user by Proc conditions" do
-      role = subject.new(:moderator, 1, proc {|user| user.is_moderator? })
+      role = subject.new(:moderator, proc {|user| user.is_moderator? })
       user = double("User", is_moderator?: true)
-      role.applies_to?(user).should be_true
+      expect(role.applies_to?(user)).to eq(true)
     end
   end
 
   describe "#can" do
     before :each do
-      @role = AccessGranted::Role.new(:member, 1)
+      @role = AccessGranted::Role.new(:member)
     end
 
     it "forbids creating actions with the same name" do
@@ -62,25 +58,25 @@ describe AccessGranted::Role do
 
     it "accepts :manage shortcut for CRUD actions" do
       @role.can :manage, String
-      @role.permissions.map(&:action).should include(:read, :create, :update, :destroy)
+      expect(@role.permissions.map(&:action)).to include(:read, :create, :update, :destroy)
     end
 
     describe "when action is an Array" do
       it "creates multiple permissions" do
         @role.can [:read, :create], String
-        @role.permissions.should have(2).items
+        expect(@role.permissions.size).to eq(2)
       end
     end
 
     describe "when no conditions given" do
       it "should be able to read a class" do
         @role.can :read, String
-        @role.find_permission(:read, String).should be_true
+        expect(@role.find_permission(:read, String)).to_not be_nil
       end
 
       it "should be able to read instance of class" do
         @role.can :read, String
-        @role.find_permission(:read, "text").should be_true
+        expect(@role.find_permission(:read, "text")).to_not be_nil
       end
     end
 
@@ -88,7 +84,7 @@ describe AccessGranted::Role do
       it "should be able to read when conditions match" do
         sub = double("Element", published: true)
         @role.can :read, sub.class, { published: true }
-        @role.find_permission(:read, sub).should be_true
+        expect(@role.find_permission(:read, sub)).to_not be_nil
       end
     end
   end

data/spec/spec_helper.rb

@@ -7,7 +7,6 @@ end
 require 'pry'
 
 RSpec.configure do |config|
-  config.treat_symbols_as_metadata_keys_with_true_values = true
   config.run_all_when_everything_filtered = true
   config.filter_run :focus
 

metadata

@@ -1,41 +1,41 @@
 --- !ruby/object:Gem::Specification
 name: access-granted
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Piotrek Okoński
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-02-12 00:00:00.000000000 Z
+date: 2015-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: Role based authorization gem
@@ -45,27 +45,25 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - Gemfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - access-granted.gemspec
 - lib/access-granted.rb
-- lib/access-granted/controller_methods.rb
 - lib/access-granted/exceptions.rb
 - lib/access-granted/permission.rb
 - lib/access-granted/policy.rb
 - lib/access-granted/role.rb
 - lib/access-granted/version.rb
-- spec/controller_methods_spec.rb
 - spec/permission_spec.rb
 - spec/policy_spec.rb
 - spec/role_spec.rb
 - spec/spec_helper.rb
-homepage: https://github.com/pokonski/access-granted
+homepage: https://github.com/chaps-io/access-granted
 licenses:
 - MIT
 metadata: {}
@@ -75,23 +73,22 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.1.11
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Elegant whitelist and role based authorization with ability to prioritize
   roles.
 test_files:
-- spec/controller_methods_spec.rb
 - spec/permission_spec.rb
 - spec/policy_spec.rb
 - spec/role_spec.rb

data/lib/access-granted/controller_methods.rb

@@ -1,24 +0,0 @@
-module AccessGranted
-  module ControllerMethods
-    def current_policy
-      @current_policy ||= ::Policy.new(current_user)
-    end
-
-    def self.included(base)
-      base.helper_method :can?, :cannot?, :current_policy
-    end
-
-    def can?(*args)
-      current_policy.can?(*args)
-    end
-
-    def cannot?(*args)
-      current_policy.cannot?(*args)
-    end
-
-    def authorize!(*args)
-      current_policy.authorize!(*args)
-    end
-  end
-end
-

data/spec/controller_methods_spec.rb

@@ -1,42 +0,0 @@
-require "spec_helper"
-
-describe AccessGranted::ControllerMethods do
-  before(:each) do
-    @current_user = double("User")
-    @controller_class = Class.new
-    @controller = @controller_class.new
-    @controller_class.stub(:helper_method).with(:can?, :cannot?, :current_policy)
-    @controller_class.send(:include, AccessGranted::ControllerMethods)
-    @controller.stub(:current_user).and_return(@current_user)
-  end
-
-  it "should have current_policy method returning Policy instance" do
-    @controller.current_policy.should be_kind_of(AccessGranted::Policy)
-  end
-
-  it "provides can? and cannot? method delegated to current_policy" do
-    @controller.can?(:read, String).should be_false
-    @controller.cannot?(:read, String).should be_true
-  end
-
-  describe "#authorize!" do
-    it "raises exception when authorization fails" do
-      expect { @controller.authorize!(:read, String) }.to raise_error(AccessGranted::AccessDenied)
-    end
-
-    it "returns subject if authorization succeeds" do
-      klass = Class.new do
-        include AccessGranted::Policy
-
-        def configure(user)
-          role :member, 1 do
-            can :read, String
-          end
-        end
-      end
-      policy = klass.new(@current_user)
-      @controller.stub(:current_policy).and_return(policy)
-      @controller.authorize!(:read, String).should == String
-    end
-  end
-end