action_permission 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (28) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +17 -0
  3. data/.rspec +1 -0
  4. data/Gemfile +4 -0
  5. data/LICENSE.txt +22 -0
  6. data/README.md +165 -0
  7. data/Rakefile +1 -0
  8. data/action_permission.gemspec +25 -0
  9. data/lib/action_permission/base.rb +71 -0
  10. data/lib/action_permission/controller.rb +56 -0
  11. data/lib/action_permission/dispatch.rb +96 -0
  12. data/lib/action_permission/railtie.rb +21 -0
  13. data/lib/action_permission/version.rb +3 -0
  14. data/lib/action_permission.rb +4 -0
  15. data/lib/generators/action_permission/install/USAGE +3 -0
  16. data/lib/generators/action_permission/install/install_generator.rb +37 -0
  17. data/lib/generators/action_permission/install/templates/application.rb +32 -0
  18. data/lib/generators/action_permission/permission/USAGE +2 -0
  19. data/lib/generators/action_permission/permission/permission_generator.rb +14 -0
  20. data/lib/generators/action_permission/permission/templates/permission.rb +45 -0
  21. data/lib/generators/rails/USAGE +16 -0
  22. data/lib/generators/rails/action_permission_controller_generator.rb +17 -0
  23. data/lib/generators/rails/templates/controller.rb +98 -0
  24. data/spec/base_spec.rb +108 -0
  25. data/spec/controller_spec.rb +101 -0
  26. data/spec/dispatch_spec.rb +164 -0
  27. data/spec/spec_helper.rb +43 -0
  28. metadata +148 -0
data/lib/generators/rails/templates/controller.rb ADDED
@@ -0,0 +1,98 @@
1
+ <% module_namespacing do -%>
2
+ class <%= controller_class_name %>Controller < ApplicationController
3
+ # GET <%= route_url %>
4
+ # GET <%= route_url %>.json
5
+ def index
6
+ @<%= plural_table_name %> = <%= orm_class.all(class_name) %>
7
+
8
+ respond_to do |format|
9
+ format.html # index.html.erb
10
+ format.json { render json: <%= "@#{plural_table_name}" %> }
11
+ end
12
+ end
13
+
14
+ # GET <%= route_url %>/1
15
+ # GET <%= route_url %>/1.json
16
+ def show
17
+ @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
18
+
19
+ respond_to do |format|
20
+ format.html # show.html.erb
21
+ format.json { render json: <%= "@#{singular_table_name}" %> }
22
+ end
23
+ end
24
+
25
+ # GET <%= route_url %>/new
26
+ # GET <%= route_url %>/new.json
27
+ def new
28
+ @<%= singular_table_name %> = <%= orm_class.build(class_name) %>
29
+
30
+ respond_to do |format|
31
+ format.html # new.html.erb
32
+ format.json { render json: <%= "@#{singular_table_name}" %> }
33
+ end
34
+ end
35
+
36
+ # GET <%= route_url %>/1/edit
37
+ def edit
38
+ @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
39
+ end
40
+
41
+ # POST <%= route_url %>
42
+ # POST <%= route_url %>.json
43
+ def create
44
+ @<%= singular_table_name %> = <%= orm_class.build(class_name, "#{singular_table_name}_params") %>
45
+
46
+ respond_to do |format|
47
+ if @<%= orm_instance.save %>
48
+ format.html { redirect_to @<%= singular_table_name %>, notice: <%= "'#{human_name} was successfully created.'" %> }
49
+ format.json { render json: <%= "@#{singular_table_name}" %>, status: :created, location: <%= "@#{singular_table_name}" %> }
50
+ else
51
+ format.html { render action: "new" }
52
+ format.json { render json: <%= "@#{orm_instance.errors}" %>, status: :unprocessable_entity }
53
+ end
54
+ end
55
+ end
56
+
57
+ # PATCH/PUT <%= route_url %>/1
58
+ # PATCH/PUT <%= route_url %>/1.json
59
+ def update
60
+ @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
61
+
62
+ respond_to do |format|
63
+ if @<%= orm_instance.update_attributes("#{singular_table_name}_params") %>
64
+ format.html { redirect_to @<%= singular_table_name %>, notice: <%= "'#{human_name} was successfully updated.'" %> }
65
+ format.json { head :no_content }
66
+ else
67
+ format.html { render action: "edit" }
68
+ format.json { render json: <%= "@#{orm_instance.errors}" %>, status: :unprocessable_entity }
69
+ end
70
+ end
71
+ end
72
+
73
+ # DELETE <%= route_url %>/1
74
+ # DELETE <%= route_url %>/1.json
75
+ def destroy
76
+ @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
77
+ @<%= orm_instance.destroy %>
78
+
79
+ respond_to do |format|
80
+ format.html { redirect_to <%= index_helper %>_url }
81
+ format.json { head :no_content }
82
+ end
83
+ end
84
+
85
+ private
86
+
87
+ # Use this method to whitelist the permissible parameters. Example:
88
+ # params.require(:person).permit(:name, :age)
89
+ # Also, you can specialize this method with per-user checking of permissible attributes.
90
+ # Use allowed_params_for to hook this into <%= controller_class_name %>Permission
91
+ def <%= "#{singular_table_name}_params" %>
92
+ allowed_params_for <%= ":#{singular_table_name}" %>, params
93
+ # delete the line above and uncomment this line to
94
+ # add back the default strong_parameters call
95
+ # params.require().permit(<%= attributes.map {|a| ":#{a.name}" }.sort.join(', ') %>)
96
+ end
97
+ end
98
+ <% end -%>
data/spec/base_spec.rb ADDED
@@ -0,0 +1,108 @@
1
+ require 'spec_helper'
2
+
3
+ describe ActionPermission::Base do
4
+
5
+ let(:membership) { Membership.new }
6
+ let(:base_permission) { ActionPermission::Base.new(membership)}
7
+ let(:test_permission) { TestsPermission.new(membership) }
8
+
9
+ describe '#load' do
10
+ it 'should call #identify on object passed as membership' do
11
+ membership.should_receive(:identify)
12
+ base_permission
13
+ end
14
+
15
+ it 'should call a method on the permission equal to the value returned by membership#idenify' do
16
+ test_permission.should_receive(:guest)
17
+ test_permission.load(membership)
18
+ end
19
+
20
+ it 'should set membership on the permission instance' do
21
+ test_permission.membership.is_a?(Membership).should be_true
22
+ end
23
+ end
24
+
25
+ describe '#allow?' do
26
+ it 'should return the value of the key passed' do
27
+ base_permission.allow([:show])
28
+ base_permission.allow?(:show).should be_true
29
+ end
30
+
31
+ it 'should return false if passed value that is not a key' do
32
+ base_permission.allow([:show])
33
+ base_permission.allow?(:index).should be_false
34
+ end
35
+
36
+ it 'should return false if keys value is a proc but no resource exists' do
37
+ base_permission.allow([:show]){ 'test' }
38
+ base_permission.allow?(:show).should be_false
39
+ end
40
+
41
+ context "with a provided resource" do
42
+ it 'should return true if keys value is a proc that returns truthy' do
43
+ base_permission.allow([:show]){ |resource| resource }
44
+ base_permission.allow?(:show, true).should be_true
45
+ end
46
+
47
+ it 'should return false if keys value is a proc that returns falsey' do
48
+ base_permission.allow([:show]){ |resource| false }
49
+ base_permission.allow?(:show, true).should be_false
50
+ end
51
+ end
52
+ end
53
+
54
+ describe '#allow' do
55
+ it 'should add actions passed to instance allow_actions hash keys' do
56
+ base_permission.allow([:show])
57
+ base_permission.allowed_actions.keys.include?('show').should be_true
58
+ end
59
+
60
+ it 'should set value of action keys to true if no block was passed' do
61
+ base_permission.allow([:show])
62
+ base_permission.allowed_actions['show'].should be_true
63
+ end
64
+
65
+ it 'should set a block as the value of the action keys when a block was given' do
66
+ base_permission.allow [:show] { 'test' }
67
+ base_permission.allowed_actions['show'].call.should eq('test')
68
+ end
69
+ end
70
+
71
+ describe '#allow_rest_actions' do
72
+ it "should add all 7 basic rest actions to allowed_actions" do
73
+ base_permission.allow_rest_actions
74
+ base_permission.allowed_actions.keys.size.should eq(7)
75
+ base_permission.allowed_actions.keys.should eq(['index', 'new', 'create', 'show', 'edit', 'update', 'destroy'])
76
+ end
77
+ end
78
+
79
+ describe '#params' do
80
+ it "should return array of all params allowed by permission" do
81
+ test_permission.params.should eq([:name, :email])
82
+ end
83
+ end
84
+
85
+ describe '#allow_params' do
86
+ it "should set the allowed_params for the permission object" do
87
+ test_permission.should_receive(:params).and_return([:name,:email])
88
+ test_permission.allow_params
89
+ test_permission.allowed_params.should eq([:name, :email])
90
+ end
91
+
92
+ it "should call allow_params_with_options to handle options" do
93
+ test_permission.should_receive(:allow_params_with_options)
94
+ test_permission.allow_params(except: :email)
95
+ end
96
+
97
+ it 'should exclude params from array based on except option' do
98
+ test_permission.allow_params(except: :email)
99
+ test_permission.allowed_params.should_not include(:email)
100
+ end
101
+
102
+ it 'should include only params pasted from the only option' do
103
+ test_permission.allow_params(only: :name)
104
+ test_permission.allowed_params.should_not include(:email)
105
+ end
106
+ end
107
+
108
+ end
data/spec/controller_spec.rb ADDED
@@ -0,0 +1,101 @@
1
+ require 'spec_helper'
2
+
3
+ describe ActionPermission::Controller do
4
+
5
+ before do
6
+ class BadController
7
+ include ActionPermission::Controller
8
+ authorize_with :current_user
9
+ def current_user
10
+ "current_user"
11
+ end
12
+ end
13
+ end
14
+
15
+ let (:controller) { TestsController.new }
16
+ let (:bad_controller) { BadController.new }
17
+
18
+ describe 'included' do
19
+ it "should add delegate methods" do
20
+ TestsController.instance_methods.should include(:allow?)
21
+ TestsController.instance_methods.should include(:allow_param?)
22
+ TestsController.instance_methods.should include(:allowed_params_for)
23
+ end
24
+
25
+ it "should add helper methods" do
26
+ TestsController._helper_methods.should include(:allow?)
27
+ TestsController._helper_methods.should include(:allow_param?)
28
+ TestsController._helper_methods.should include(:current_permission)
29
+ end
30
+ end
31
+
32
+ describe '.authorize_with' do
33
+ before do
34
+ class SomeController
35
+ include ActionPermission::Controller
36
+ authorize_with :dub_dub
37
+ def dub_dub; end
38
+ end
39
+ end
40
+
41
+ it 'should set permission_authorizer' do
42
+ SomeController.permission_authorizer.should eq(:dub_dub)
43
+ end
44
+
45
+ it 'should add method to helper methods' do
46
+ SomeController._helper_methods.should include(:dub_dub)
47
+ end
48
+ end
49
+
50
+ describe ".permission_authorizer" do
51
+
52
+ it "should respond as the method define with authorize_with" do
53
+ TestsController.permission_authorizer.should eq(:current_user)
54
+ end
55
+ end
56
+
57
+ describe "#current_permission" do
58
+ it "should respond with an instance of ActionPermission::Dispatch" do
59
+ controller.current_permission.is_a?(ActionPermission::Dispatch).should be_true
60
+ end
61
+
62
+ end
63
+
64
+ describe "#current_resource" do
65
+ it "should respond nil if inherited class has no current_resource method" do
66
+ bad_controller.current_resource.should be_nil
67
+ end
68
+
69
+ it "should respond with controller instance method if one is defined" do
70
+ controller.current_resource.should eq("current_resource")
71
+ end
72
+
73
+ end
74
+
75
+ describe '#authorize?' do
76
+ it 'should pass the current controller and action into dispatch' do
77
+ dispatch = double
78
+ allow(dispatch).to receive(:allow?).and_return(true)
79
+
80
+ controller.should_receive(:current_permission).
81
+ and_return(dispatch)
82
+
83
+ dispatch.should_receive(:allow?).
84
+ with("tests", "show", "current_resource")
85
+
86
+ controller.authorized?
87
+ end
88
+
89
+ it "should return true if action is allowed" do
90
+ controller.authorized?
91
+ end
92
+
93
+ it "should return false if action is not allowed" do
94
+ controller.should_receive(:params).and_return({controller: "tests", action: "new"})
95
+ controller.should_receive(:params).and_return({controller: "tests", action: "new"})
96
+
97
+ controller.authorized?
98
+ end
99
+ end
100
+
101
+ end
data/spec/dispatch_spec.rb ADDED
@@ -0,0 +1,164 @@
1
+ require 'spec_helper'
2
+
3
+ describe ActionPermission::Dispatch do
4
+
5
+ let(:membership) { Membership.new }
6
+ let(:dispatch) { ActionPermission::Dispatch.new(membership) }
7
+
8
+ describe '#allow?' do
9
+ it 'should load the appropriate permission file' do
10
+ dispatch.should_receive(:load_permission).
11
+ with(:test).
12
+ and_return(TestsPermission.new(membership))
13
+
14
+ dispatch.allow?(:test, :index)
15
+ end
16
+
17
+ it 'should return true for allowed actions' do
18
+ dispatch.allow?(:test, :index).should be_true
19
+ end
20
+
21
+ it 'should return false for actions now allowed' do
22
+ dispatch.allow?(:test, :new)
23
+ end
24
+ end
25
+
26
+ describe '#allowed_params_for' do
27
+
28
+ before do
29
+ class Test < ActiveRecord::Base; end
30
+ end
31
+
32
+ let(:params) do
33
+ p = double
34
+ allow(p).to receive(:require).and_return(p)
35
+ allow(p).to receive(:permit)
36
+ p
37
+ end
38
+
39
+ describe 'top level resources and controllers' do
40
+
41
+ before(:each) do
42
+ permission = double("TestsPermission", allowed_params: [:name, :email])
43
+ dispatch.should_receive(:load_permission)
44
+ .with("tests")
45
+ .and_return(permission)
46
+
47
+ params.should_receive(:permit)
48
+ .with(*permission.allowed_params)
49
+ end
50
+
51
+ let(:test_instance) do
52
+ test = double
53
+ allow(test).to receive(:class).and_return(Test)
54
+ test
55
+ end
56
+
57
+ context 'resource formatting' do
58
+ it "loads permission when provided a symbol" do
59
+ params.should_receive(:require).with("test")
60
+ dispatch.allowed_params_for(:test, params)
61
+ end
62
+ it 'loads permission when provided a string' do
63
+ params.should_receive(:require).with("test")
64
+ dispatch.allowed_params_for('test', params)
65
+ end
66
+ it 'loads permission when provided class' do
67
+ params.should_receive(:require).with("test")
68
+ dispatch.allowed_params_for(Test, params)
69
+ end
70
+ it 'loads permission when provided class instance' do
71
+ Test.should_receive(:new).and_return(test_instance)
72
+ params.should_receive(:require).with("test")
73
+ dispatch.allowed_params_for(Test.new, params)
74
+ end
75
+ end
76
+
77
+ context 'controller formatting' do
78
+ it 'loads permssion when provided a controller string' do
79
+ dispatch.allowed_params_for 'test', params, 'test'
80
+ end
81
+ it 'loads permssion when provided a controller symbol' do
82
+ dispatch.allowed_params_for 'test', params, :test
83
+ end
84
+ it 'loads permssion when provided a controller class' do
85
+ dispatch.allowed_params_for 'test', params, TestsController
86
+ end
87
+ it 'loads permssion when provided a controller string' do
88
+ dispatch.allowed_params_for 'test', params, TestsController.new
89
+ end
90
+ end
91
+ end
92
+
93
+ describe 'nested resources' do
94
+ before do
95
+ module Suite
96
+ class Test < ActiveRecord::Base; end
97
+ end
98
+ module Suites
99
+ class TestsController; end
100
+ end
101
+ end
102
+
103
+ before(:each) do
104
+ permission = double("TestsPermission", allowed_params: [:name, :email])
105
+ dispatch.should_receive(:load_permission)
106
+ .with("suites/tests")
107
+ .and_return(permission)
108
+ end
109
+
110
+ let(:test_instance) do
111
+ test = double
112
+ allow(test).to receive(:class).and_return(Suite::Test)
113
+ test
114
+ end
115
+
116
+ context 'resource formatting' do
117
+ it 'loads permission when provided a string' do
118
+ params.should_receive(:require).with("suite_test")
119
+ dispatch.allowed_params_for('suite/test', params)
120
+ end
121
+ it 'loads permission when provided class' do
122
+ params.should_receive(:require).with("suite_test")
123
+ dispatch.allowed_params_for(Suite::Test, params)
124
+ end
125
+ it 'loads permission when provided class instance' do
126
+ Suite::Test.should_receive(:new).and_return(test_instance)
127
+ params.should_receive(:require).with("suite_test")
128
+ dispatch.allowed_params_for(Suite::Test.new, params)
129
+ end
130
+ end
131
+
132
+ context 'controller formatting' do
133
+ it 'loads permssion when provided a controller string' do
134
+ dispatch.allowed_params_for 'test', params, 'suites/tests'
135
+ end
136
+ it 'loads permssion when provided a controller class' do
137
+ dispatch.allowed_params_for 'test', params, Suites::TestsController
138
+ end
139
+ it 'loads permssion when provided a controller string' do
140
+ dispatch.allowed_params_for 'test', params, Suites::TestsController.new
141
+ end
142
+ end
143
+ end
144
+ end
145
+
146
+ describe '#allow_param?' do
147
+ it 'should load the appropriate permission file' do
148
+ dispatch.should_receive(:load_permission).
149
+ with("tests").
150
+ and_return(TestsPermission.new(membership))
151
+
152
+ dispatch.allow_param?(:test, :index)
153
+ end
154
+
155
+ it 'should return true for allowed params' do
156
+ dispatch.allow_param?(:test, :name).should be_true
157
+ end
158
+
159
+ it 'should return false for actions now allowed' do
160
+ dispatch.allow_param?(:test, :password)
161
+ end
162
+ end
163
+
164
+ end
data/spec/spec_helper.rb ADDED
@@ -0,0 +1,43 @@
1
+ require 'rubygems'
2
+ require 'rails'
3
+ require 'rspec'
4
+ require './lib/action_permission.rb'
5
+
6
+ require 'abstract_controller/helpers'
7
+ require 'active_record'
8
+ require 'nulldb/rails'
9
+
10
+ ActiveRecord::Base.establish_connection :adapter => :nulldb
11
+
12
+ class Membership
13
+ def identify
14
+ 'guest'
15
+ end
16
+ end
17
+
18
+ class TestsPermission < ActionPermission::Base
19
+ def params
20
+ [:name, :email]
21
+ end
22
+ def guest
23
+ allow([:show, :index])
24
+ allow_params
25
+ end
26
+ end
27
+
28
+ class TestsController
29
+ include ActionPermission::Controller
30
+ authorize_with :current_user
31
+ def current_user
32
+ Membership.new
33
+ end
34
+ def current_resource
35
+ "current_resource"
36
+ end
37
+ def params
38
+ {controller: "tests", action: "show"}
39
+ end
40
+ end
41
+
42
+ RSpec.configure do |config|
43
+ end
metadata ADDED
@@ -0,0 +1,148 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: action_permission
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Matt Duffy
8
+ - Brian McElaney
9
+ - Mark Platt
10
+ autorequire:
11
+ bindir: bin
12
+ cert_chain: []
13
+ date: 2014-03-14 00:00:00.000000000 Z
14
+ dependencies:
15
+ - !ruby/object:Gem::Dependency
16
+ name: rails
17
+ requirement: !ruby/object:Gem::Requirement
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: '4'
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ requirements:
26
+ - - ~>
27
+ - !ruby/object:Gem::Version
28
+ version: '4'
29
+ - !ruby/object:Gem::Dependency
30
+ name: bundler
31
+ requirement: !ruby/object:Gem::Requirement
32
+ requirements:
33
+ - - ~>
34
+ - !ruby/object:Gem::Version
35
+ version: '1.3'
36
+ type: :development
37
+ prerelease: false
38
+ version_requirements: !ruby/object:Gem::Requirement
39
+ requirements:
40
+ - - ~>
41
+ - !ruby/object:Gem::Version
42
+ version: '1.3'
43
+ - !ruby/object:Gem::Dependency
44
+ name: rake
45
+ requirement: !ruby/object:Gem::Requirement
46
+ requirements:
47
+ - - '>='
48
+ - !ruby/object:Gem::Version
49
+ version: '0'
50
+ type: :development
51
+ prerelease: false
52
+ version_requirements: !ruby/object:Gem::Requirement
53
+ requirements:
54
+ - - '>='
55
+ - !ruby/object:Gem::Version
56
+ version: '0'
57
+ - !ruby/object:Gem::Dependency
58
+ name: rspec
59
+ requirement: !ruby/object:Gem::Requirement
60
+ requirements:
61
+ - - ~>
62
+ - !ruby/object:Gem::Version
63
+ version: '2'
64
+ type: :development
65
+ prerelease: false
66
+ version_requirements: !ruby/object:Gem::Requirement
67
+ requirements:
68
+ - - ~>
69
+ - !ruby/object:Gem::Version
70
+ version: '2'
71
+ - !ruby/object:Gem::Dependency
72
+ name: activerecord-nulldb-adapter
73
+ requirement: !ruby/object:Gem::Requirement
74
+ requirements:
75
+ - - '>='
76
+ - !ruby/object:Gem::Version
77
+ version: '0'
78
+ type: :development
79
+ prerelease: false
80
+ version_requirements: !ruby/object:Gem::Requirement
81
+ requirements:
82
+ - - '>='
83
+ - !ruby/object:Gem::Version
84
+ version: '0'
85
+ description:
86
+ email:
87
+ - matt@mttdffy.com
88
+ - ''
89
+ - ''
90
+ executables: []
91
+ extensions: []
92
+ extra_rdoc_files: []
93
+ files:
94
+ - .gitignore
95
+ - .rspec
96
+ - Gemfile
97
+ - LICENSE.txt
98
+ - README.md
99
+ - Rakefile
100
+ - action_permission.gemspec
101
+ - lib/action_permission.rb
102
+ - lib/action_permission/base.rb
103
+ - lib/action_permission/controller.rb
104
+ - lib/action_permission/dispatch.rb
105
+ - lib/action_permission/railtie.rb
106
+ - lib/action_permission/version.rb
107
+ - lib/generators/action_permission/install/USAGE
108
+ - lib/generators/action_permission/install/install_generator.rb
109
+ - lib/generators/action_permission/install/templates/application.rb
110
+ - lib/generators/action_permission/permission/USAGE
111
+ - lib/generators/action_permission/permission/permission_generator.rb
112
+ - lib/generators/action_permission/permission/templates/permission.rb
113
+ - lib/generators/rails/USAGE
114
+ - lib/generators/rails/action_permission_controller_generator.rb
115
+ - lib/generators/rails/templates/controller.rb
116
+ - spec/base_spec.rb
117
+ - spec/controller_spec.rb
118
+ - spec/dispatch_spec.rb
119
+ - spec/spec_helper.rb
120
+ homepage: https://github.com/mttdffy/action_permission
121
+ licenses:
122
+ - MIT
123
+ metadata: {}
124
+ post_install_message:
125
+ rdoc_options: []
126
+ require_paths:
127
+ - lib
128
+ required_ruby_version: !ruby/object:Gem::Requirement
129
+ requirements:
130
+ - - '>='
131
+ - !ruby/object:Gem::Version
132
+ version: '0'
133
+ required_rubygems_version: !ruby/object:Gem::Requirement
134
+ requirements:
135
+ - - '>='
136
+ - !ruby/object:Gem::Version
137
+ version: '0'
138
+ requirements: []
139
+ rubyforge_project:
140
+ rubygems_version: 2.2.2
141
+ signing_key:
142
+ specification_version: 4
143
+ summary: Controller-based action and attribute permissions
144
+ test_files:
145
+ - spec/base_spec.rb
146
+ - spec/controller_spec.rb
147
+ - spec/dispatch_spec.rb
148
+ - spec/spec_helper.rb