action-guard 0.1.0 → 1.1.0

data/.rspec

@@ -1 +1,2 @@
 --color
+--format documentation

data/VERSION

@@ -1 +1 @@
-0.1.0
+1.1.0

data/action-guard.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "action-guard"
-  s.version = "0.1.0"
+  s.version = "1.1.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Rob Westgeest"]
-  s.date = "2012-03-01"
+  s.date = "2012-06-06"
   s.description = "authorisation module of actions based on url-paths for usage in Rails and possibly other ruby based web frameworks"
   s.email = "rob.westgeest@qwan.it"
   s.extra_rdoc_files = [
@@ -42,8 +42,8 @@ Gem::Specification.new do |s|
   s.licenses = ["MIT"]
   s.rdoc_options = ["--charset=UTF-8"]
   s.require_paths = ["lib"]
-  s.rubygems_version = "1.8.10"
-  s.summary = "Action guard-0.1.0"
+  s.rubygems_version = "1.8.24"
+  s.summary = "Action guard-1.1.0"
 
   if s.respond_to? :specification_version then
     s.specification_version = 3

data/lib/action-guard/base.rb

@@ -45,10 +45,11 @@ module ActionGuard
       rules[path_matcher] = ExactRoleRule.new(role_value)
     end
 
-    def authorized?(person, path)
+    def authorized?(person, request_params)
       raise Error.new("no configuration loaded") if rules.empty?
+      path = "#{request_params['controller']}##{request_params['action']}"
       rule_key = rules.keys.sort{|x,y| y <=> x }.select {|k| path =~ /^#{k}/}.first
-      rules[rule_key].allows?(person)
+      rules[rule_key].allows?(person,request_params)
     end
 
     private

data/lib/action-guard/rules.rb

@@ -3,7 +3,7 @@ module ActionGuard
     def initialize(role)
       @allowed_role = role.to_s
     end
-    def allows?(person)
+    def allows?(person, request_params)
       return false unless person
       return person.role.to_s == @allowed_role
     end
@@ -17,23 +17,23 @@ module ActionGuard
       @additional_rule = proc
     end
 
-    def allows?(person)
+    def allows?(person, request_params)
       return false unless person
       return false unless @role_leveler.role(person.role) >= @role_leveler.role(@allowed_level)
       return false if @to_allowed_level && @role_leveler.role(@to_allowed_level) < @role_leveler.role(person.role)
       return true unless @additional_rule
-      return @additional_rule.call(person)
+      return @additional_rule.call(person, request_params)
     end
   end
 
   class AllowRule
-    def allows?(person)
+    def allows?(person, request_params)
       true
     end
   end
 
   class DisallowRule
-    def allows?(person)
+    def allows?(person, request_params)
       false
     end
   end

data/spec/action-guard_spec.rb

@@ -1,11 +1,11 @@
 require 'spec_helper'
 
 RSpec::Matchers.define :authorize do |account| 
-  chain :to_perform_action do |action|
-    @action = action
+  chain :to_perform_action do |request|
+    @request = a_request_for(request)
   end
   match do |actual_guard| 
-    actual_guard.authorized?(account, @action)
+    actual_guard.authorized?(account, @request)
   end
 end
 
@@ -13,8 +13,21 @@ describe ActionGuard do
   let (:guard) { ActionGuard::Guard.new }
 
 
+  def a_request_for(path)
+    request_params_for(path)
+  end
+
+  def request_params_for(path)
+    path, parameters = path.split("?")
+    controller, action = path.split('#')
+    parameters_hash = Hash[ parameters &&  parameters.split("&").map {|key_value| key_value.split('=').map{|e| e.strip }} || [] ]
+    parameters_hash['controller'] = controller
+    parameters_hash['action'] = action || 'index'
+    parameters_hash
+  end
+
   def account_with_role(role)
-      return stub(:account,:role => role)
+      return stub(:account,:role => role.to_s)
   end
 
   describe "valid_role" do
@@ -69,21 +82,21 @@ describe ActionGuard do
   describe "defining a rule" do
     it "fails when role not defined" do
       lambda {
-        guard.leveled_rule '/some_controller/some_action', :biker
+        guard.leveled_rule 'some_controller#some_action', :biker
       }.should raise_error ActionGuard::Error
     end
 
     it "fails when role not defined" do
       guard.define_role(:god, 0)
       lambda {
-        guard.leveled_rule '/some_controller/some_action', :god, :biker
+        guard.leveled_rule 'some_controller/some_action', :god, :biker
       }.should raise_error ActionGuard::Error
     end
 
     it "passes when role defined" do
       lambda {
         guard.define_role :biker, 0
-        guard.leveled_rule '/some_controller/some_action', :biker
+        guard.leveled_rule 'some_controller#some_action', :biker
       }.should_not raise_error ActionGuard::Error
     end
   end
@@ -91,7 +104,7 @@ describe ActionGuard do
   describe "authorization when no rules defined" do
     it "raises error on trying to authorize" do
       lambda {
-        guard.authorized?(account_with_role(:admin), '/some_controller/some_action')
+        guard.authorized?(account_with_role(:admin), 'some_controller#some_action')
       }.should raise_error ActionGuard::Error
     end
   end
@@ -106,61 +119,61 @@ describe ActionGuard do
 
     describe "on an allowance rule" do
       before do
-        guard.allow_rule '/'
+        guard.allow_rule 'home'
       end
       it "allows" do
-        guard.should authorize(account_with_role(:worker)).to_perform_action('/')
+        guard.should authorize(account_with_role(:worker)).to_perform_action('home')
       end
       it "allows regardless of account" do
-        guard.should authorize(nil).to_perform_action( '/')
+        guard.should authorize(nil).to_perform_action('home')
       end
     end
 
     describe "on an exact rule" do
       before do
-        guard.exact_role_rule '/', :admin
+        guard.exact_role_rule 'home', :admin
       end
       it "allows if role matches" do
-        guard.should authorize(account_with_role(:admin)).to_perform_action( '/')
+        guard.should authorize(account_with_role(:admin)).to_perform_action( 'home')
       end
       it "allows if role is a string" do
-        guard.should authorize(account_with_role('admin')).to_perform_action('/')
+        guard.should authorize(account_with_role('admin')).to_perform_action('home')
       end
       it "does not allow action if role does not match" do
-        guard.should_not authorize(account_with_role(:worker)).to_perform_action('/')
-        guard.should_not authorize(account_with_role(:god)).to_perform_action('/')
+        guard.should_not authorize(account_with_role(:worker)).to_perform_action('home')
+        guard.should_not authorize(account_with_role(:god)).to_perform_action('home')
       end
       it "does not allow action if person not passed" do
-        guard.should_not authorize(nil).to_perform_action('/')
+        guard.should_not authorize(nil).to_perform_action('home')
       end
     end
 
     describe "on a leveled action rule" do
       before do
-        guard.leveled_rule '/some_controller/some_action', :admin
-        guard.leveled_rule '/some_controller/some_other_action', :admin, :king
+        guard.leveled_rule 'some_controller#some_action', :admin
+        guard.leveled_rule 'some_controller#some_other_action', :admin, :king
       end
 
       it "disallows action when no account available" do
-        guard.should_not authorize(nil).to_perform_action('/some_controller/some_action')
-        guard.should_not authorize(nil).to_perform_action('/some_controller/some_other')
+        guard.should_not authorize(nil).to_perform_action('some_controller#some_action')
+        guard.should_not authorize(nil).to_perform_action('some_controller#some_other')
       end
 
       it "allows action for that level and higher" do
-        guard.should authorize(account_with_role(:god)).to_perform_action('/some_controller/some_action')
-        guard.should authorize(account_with_role(:admin)).to_perform_action('/some_controller/some_action')
-        guard.should_not authorize(account_with_role(:worker)).to_perform_action('/some_controller/some_action')
+        guard.should authorize(account_with_role(:god)).to_perform_action('some_controller#some_action')
+        guard.should authorize(account_with_role(:admin)).to_perform_action('some_controller#some_action')
+        guard.should_not authorize(account_with_role(:worker)).to_perform_action('some_controller#some_action')
       end
 
       it "allows action for that level and higher until second level" do
-        guard.should authorize(account_with_role(:king)).to_perform_action('/some_controller/some_other_action')
-        guard.should authorize(account_with_role(:admin)).to_perform_action('/some_controller/some_other_action')
-        guard.should_not authorize(account_with_role(:god)).to_perform_action('/some_controller/some_other_action')
-        guard.should_not authorize(account_with_role(:worker)).to_perform_action('/some_controller/some_other_action')
+        guard.should authorize(account_with_role(:king)).to_perform_action('some_controller#some_other_action')
+        guard.should authorize(account_with_role(:admin)).to_perform_action('some_controller#some_other_action')
+        guard.should_not authorize(account_with_role(:god)).to_perform_action('some_controller#some_other_action')
+        guard.should_not authorize(account_with_role(:worker)).to_perform_action('some_controller#some_other_action')
       end
 
       it "does not allow the action for a account with an illegal role value" do
-        guard.should_not authorize(account_with_role(:biker)).to_perform_action('/some_controller/some_action')
+        guard.should_not authorize(account_with_role(:biker)).to_perform_action('some_controller#some_action')
       end
     end
 
@@ -168,58 +181,70 @@ describe ActionGuard do
       let(:mock_block_body) { mock }
 
       before do
-        guard.leveled_rule('/some_controller/some_action', :admin) do |accnt|
-          mock_block_body.block_called(accnt)
+        guard.leveled_rule('some_controller#some_action', :admin) do |*args|
+          mock_block_body.block_called(*args)
         end
       end
 
       it "does not authorize action if the rule disallows the action" do
         account = account_with_role(:worker)
-        mock_block_body.should_receive(:block_called).with(account).never
-        guard.should_not authorize(account).to_perform_action('/some_controller/some_action')
+        mock_block_body.should_receive(:block_called).never
+        guard.should_not authorize(account).to_perform_action('some_controller#some_action')
+      end
+
+      it "calls block if action is authorized" do
+        account = account_with_role(:admin)
+        mock_block_body.should_receive(:block_called).with(account, request_params_for('some_controller#some_action'))
+        guard.authorized?(account, a_request_for( 'some_controller#some_action'))
       end
 
       it "does not authorize action if role sufices and block returns false" do
         account = account_with_role(:admin)
-        mock_block_body.should_receive(:block_called).with(account).and_return false
-        guard.should_not be_authorized(account,'/some_controller/some_action')
+        mock_block_body.stub(:block_called).and_return false
+        guard.should_not be_authorized(account, a_request_for('some_controller#some_action'))
       end
 
       it "authorizes action is role sufices and block returns true" do
         account = account_with_role(:admin)
-        mock_block_body.should_receive(:block_called).with(account).and_return true
-        guard.should be_authorized(account,'/some_controller/some_action')
+        mock_block_body.stub(:block_called).and_return true
+        guard.should be_authorized(account, a_request_for('some_controller#some_action'))
       end
     end
 
     describe "matching rules" do
       before do
-        guard.allow_rule('/home')
-        guard.refuse_rule('/maintenance')
+        guard.allow_rule('home')
+        guard.refuse_rule('maintenance')
       end
+
       it "does not authorize if path does not match any rule" do
-        guard.authorized?(nil, '/unmatched/path').should be_false
+        guard.authorized?(nil, a_request_for('unmatched/path')).should be_false
       end
+
       it "matches a rule on exact path" do
-        guard.should authorize(nil).to_perform_action('/home')
+        guard.should authorize(nil).to_perform_action('home')
       end
+
       it "matches a rule on part of a path" do
-        guard.should authorize(nil).to_perform_action('/home/contact')
+        guard.should authorize(nil).to_perform_action('home/contact')
       end
-      it "preferres a longer path" do
-        guard.allow_rule('/maintenance/show')
-        guard.authorized?(nil, '/maintenance/edit/1').should be_false
-        guard.should authorize(nil).to_perform_action('/maintenance/show/1')
+
+      it "preferres a longer path in matching" do
+        guard.allow_rule('maintenance/things')
+        guard.should_not authorize(nil).to_perform_action('maintenance#edit?id=1')
+        guard.should authorize(nil).to_perform_action('maintenance/things')
       end
+
       it "preferres a longer path regardless off order of appearance" do
-        guard.allow_rule('/some_path/show')
-        guard.refuse_rule('/some_path')
-        guard.authorized?(nil, '/some_path/edit/1').should be_false
-        guard.should authorize(nil).to_perform_action('/some_path/show/1')
+        guard.allow_rule('some_path#show')
+        guard.refuse_rule('some_path')
+        guard.should_not authorize(nil).to_perform_action('some_path#edit?id=1')
+        guard.should authorize(nil).to_perform_action('some_path#show?1')
       end
+
       it "matches all rules from the beginnning of the path" do
         # /home/maintenance is evaluated by /home, not by /maintenance
-        guard.should authorize(nil).to_perform_action('/home/maintenance')
+        guard.should authorize(nil).to_perform_action('home/maintenance')
       end
     end
   end
@@ -229,20 +254,20 @@ describe ActionGuard do
       guard.load_from_string %q{
         role :worker, 1
         role :admin, 0
-        allow '/some_controller', :at_least => :worker
-        allow '/some_controller/some_action', :at_least => :admin
-        allow '/some_controller/when_role_matches_exact', :only_by => :worker
-        allow '/some_controller/when_matches_exact_by_implication', :at_least => :worker, :at_most => :worker
-        allow '/'
+        allow 'some_controller', :at_least => :worker
+        allow 'some_controller#some_action', :at_least => :admin
+        allow 'some_controller#when_role_matches_exact', :only_by => :worker
+        allow 'some_controller#when_matches_exact_by_implication', :at_least => :worker, :at_most => :worker
+        allow '' # wildcard for other controllers
       }
-      guard.should authorize(account_with_role(:admin)).to_perform_action('/some_controller/some_action')
-      guard.should_not authorize(account_with_role(:worker)).to_perform_action('/some_controller/some_action')
-      guard.should authorize(account_with_role(:worker)).to_perform_action('/some_controller/some_other_action')
-      guard.should authorize(account_with_role(:worker)).to_perform_action('/some_other_controller/some_other_action')
-      guard.should authorize(nil).to_perform_action('/some_other_controller/some_other_action')
-      guard.should_not authorize(account_with_role(:admin)).to_perform_action('/some_controller/when_role_matches_exact')
-      guard.should authorize(account_with_role(:worker)).to_perform_action('/some_controller/when_matches_exact_by_implication')
-      guard.should_not authorize(account_with_role(:admin)).to_perform_action('/some_controller/when_matches_exact_by_implication')
+      guard.should authorize(account_with_role(:admin)).to_perform_action('some_controller#some_action')
+      guard.should_not authorize(account_with_role(:worker)).to_perform_action('some_controller#some_action')
+      guard.should authorize(account_with_role(:worker)).to_perform_action('some_controller#some_other_action')
+      guard.should authorize(account_with_role(:worker)).to_perform_action('some_other_controller#some_other_action')
+      guard.should authorize(nil).to_perform_action('some_other_controller#some_other_action')
+      guard.should_not authorize(account_with_role(:admin)).to_perform_action('some_controller#when_role_matches_exact')
+      guard.should authorize(account_with_role(:worker)).to_perform_action('some_controller#when_matches_exact_by_implication')
+      guard.should_not authorize(account_with_role(:admin)).to_perform_action('some_controller#when_matches_exact_by_implication')
     end
   end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: action-guard
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 19
   prerelease: 
   segments: 
-  - 0
+  - 1
   - 1
   - 0
-  version: 0.1.0
+  version: 1.1.0
 platform: ruby
 authors: 
 - Rob Westgeest
@@ -15,10 +15,12 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-03-01 00:00:00 Z
+date: 2012-06-06 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  prerelease: false
+  name: rspec
+  version_requirements: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -29,12 +31,12 @@ dependencies:
         - 5
         - 0
         version: 2.5.0
-  version_requirements: *id001
-  name: rspec
-  prerelease: false
+  requirement: *id001
   type: :development
 - !ruby/object:Gem::Dependency 
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  prerelease: false
+  name: bundler
+  version_requirements: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -45,12 +47,12 @@ dependencies:
         - 0
         - 0
         version: 1.0.0
-  version_requirements: *id002
-  name: bundler
-  prerelease: false
+  requirement: *id002
   type: :development
 - !ruby/object:Gem::Dependency 
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  prerelease: false
+  name: jeweler
+  version_requirements: &id003 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ~>
@@ -61,12 +63,12 @@ dependencies:
         - 5
         - 2
         version: 1.5.2
-  version_requirements: *id003
-  name: jeweler
-  prerelease: false
+  requirement: *id003
   type: :development
 - !ruby/object:Gem::Dependency 
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  prerelease: false
+  name: rcov
+  version_requirements: &id004 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -75,12 +77,12 @@ dependencies:
         segments: 
         - 0
         version: "0"
-  version_requirements: *id004
-  name: rcov
-  prerelease: false
+  requirement: *id004
   type: :development
 - !ruby/object:Gem::Dependency 
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  prerelease: false
+  name: ZenTest
+  version_requirements: &id005 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">="
@@ -91,12 +93,12 @@ dependencies:
         - 2
         - 0
         version: 4.2.0
-  version_requirements: *id005
-  name: ZenTest
-  prerelease: false
+  requirement: *id005
   type: :development
 - !ruby/object:Gem::Dependency 
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  prerelease: false
+  name: rspec
+  version_requirements: &id006 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
     - - ">"
@@ -107,9 +109,7 @@ dependencies:
         - 5
         - 0
         version: 2.5.0
-  version_requirements: *id006
-  name: rspec
-  prerelease: false
+  requirement: *id006
   type: :development
 description: authorisation module of actions based on url-paths for usage in Rails and possibly other ruby based web frameworks
 email: rob.westgeest@qwan.it
@@ -170,9 +170,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.8.10
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
-summary: Action guard-0.1.0
+summary: Action guard-1.1.0
 test_files: []