active_restrictors 0.1.1 → 0.2.0

data/CHANGELOG.rdoc

@@ -1,3 +1,14 @@
+== v0.2.0
+* Removed any remaining Rails 2 support
+* Added new parameter structure for defining restrictors
+* Added parameter mapping to allow old restrictor definitions to continue to function
+* Renamed :basic restrictor to :basic_user
+* Added two new restrictor types: basic_model and :implicit
+* Cleaned up restrictor functionality from both model directions
+* Updated #full_restrictors to provide all restrictors
+* Updated view helpers to provide all restrictors
+* Updated form building to use proper *_ids naming scheme
+
 == v0.1.1
 * Fixed class eval blocks
 * Fixed hash variable naming

data/Gemfile

@@ -0,0 +1,8 @@
+source :rubygems
+
+gem 'activerecord', '~> 3.0'
+gem 'rake'
+gem 'minitest'
+gem "sqlite3", :platform => [:ruby, :mswin, :mingw]
+gem "jdbc-sqlite3", :platform => :jruby
+gem "activerecord-jdbcsqlite3-adapter", :platform => :jruby

data/Gemfile.lock

@@ -0,0 +1,39 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    activemodel (3.1.3)
+      activesupport (= 3.1.3)
+      builder (~> 3.0.0)
+      i18n (~> 0.6)
+    activerecord (3.1.3)
+      activemodel (= 3.1.3)
+      activesupport (= 3.1.3)
+      arel (~> 2.2.1)
+      tzinfo (~> 0.3.29)
+    activerecord-jdbc-adapter (1.2.1)
+    activerecord-jdbcsqlite3-adapter (1.2.1)
+      activerecord-jdbc-adapter (~> 1.2.1)
+      jdbc-sqlite3 (~> 3.7.2)
+    activesupport (3.1.3)
+      multi_json (~> 1.0)
+    arel (2.2.1)
+    builder (3.0.0)
+    i18n (0.6.0)
+    jdbc-sqlite3 (3.7.2)
+    minitest (2.10.0)
+    multi_json (1.0.4)
+    rake (0.9.2.2)
+    sqlite3 (1.3.5)
+    tzinfo (0.3.31)
+
+PLATFORMS
+  java
+  ruby
+
+DEPENDENCIES
+  activerecord (~> 3.0)
+  activerecord-jdbcsqlite3-adapter
+  jdbc-sqlite3
+  minitest
+  rake
+  sqlite3

data/README.rdoc

@@ -1,6 +1,8 @@
 == ActiveRestrictors
 
-Chainable ActiveRecord restriction chaining.
+Chainable ActiveRecord restrictions.
+
+{<img src="https://secure.travis-ci.org/chrisroberts/active_restrictors.png" />}[http://travis-ci.org/chrisroberts/active_restrictors]
 
 === Overview
 
@@ -47,10 +49,12 @@ Now, suppose a User should only be allowed to to see a Fubar instance if the Fub
 
     add_restrictor(:permissions,
       :enabled => lambda{ User.current_user.fubars_enabled? },
-      :value => :name,
-      :multiple => true,
-      :default_view_all => true,
-      :user_values_only => lambda{ User.current_user }
+      :views => {
+        :value => :name,
+        :multiple => true,
+        :default_view_all => true,
+        :user_values_only => lambda{ User.current_user }
+      }
     )
   end
 
@@ -95,7 +99,25 @@ The second is on Fubar instances:
           %td= "#{pair.first}:"
           %td= pair.last
 
-== Advanced Restrictor
+== Restrictor Types
+
+=== Basic User
+
+- TODO
+
+=== Basic Model
+
+- TODO
+
+=== Implicit
+
+- TODO
+
+=== Full
+
+- TODO
+
+== Custom Restrictors
 
 === User custom
 

data/Rakefile

@@ -0,0 +1,5 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.pattern = 'spec/*_spec.rb'
+end

data/active_restrictors.gemspec

@@ -9,7 +9,8 @@ Gem::Specification.new do |s|
   s.email = 'chrisroberts.code@gmail.com'
   s.homepage = 'http://bitbucket.org/chrisroberts/active_restrictors'
   s.description = 'Restrictors for Models'
+  s.add_dependency 'activerecord', '~> 3.0'
   s.require_path = 'lib'
   s.extra_rdoc_files = ['README.rdoc', 'CHANGELOG.rdoc']
-  s.files = %w(README.rdoc CHANGELOG.rdoc active_restrictors.gemspec) + Dir.glob("{lib}/**/*")
+  s.files = Dir.glob('**/*')
 end

data/lib/active_restrictors/active_restrictor.rb

@@ -3,60 +3,86 @@ module ActiveRestrictor
 
     # name:: Name of restrictor. For non-basic types this must be the name of the association.
     # opts:: Options hash. Valid options:
-    #   :type:: Should be set to :basic when applying simple condition only
-    #   :condition:: Condition string applied to User
-    #   :class:: Class restriction is based on
-    #   :value:: Attribute name of value to display
-    #   :multiple:: Allow user to select multiple items for restriction
-    #   :include_blank:: Include blank option in restriction selection
-    #   :user_custom:: Block that returns User scope (passed: User scope, self instance)
-    #   :user_association:: Name of association on user
-    #   :model_custom:: Block that returns Model scope (passed: self instance, User instance)
+    #   :type:: :full, :implicit, :basic_model, :basic_user
+    #   :class:: Class restriction is based on if not guessable
     #   :enabled:: If restrictor is enabled. Must be boolean value or a callable object that returns boolean value
-    #   :default_view_all:: If user has not been assigned a restrictor, they see all unless set to false
-    #   :user_values_only:: User instance. Set this if you only want values set against user to be selectable
+    #   :scope:: Scope or callable block returning scope
+    #   :views =>
+    #     :value:: Attribute name of value to display
+    #     :multiple:: Multiple assignments allowed
+    #     :include_blank:: Allow assignments to be unset
+    #     :user_values_only:: User instance. Set this if you only want values set against user to be selectable
+    #     :id:: Value method for selection (defaults to :id)
+    #   :user_association:: Name of association on user (if different from restrictor name)
+    #   :user_custom:: Block that returns User scope (passed: User scope, self instance) - Used when generic scope building is lacking
+    #   :model_custom:: Block that returns Model scope (passed: self instance, User instance) - Used when generic scope building is lacking
+    #   :default_allowed_all:: If source instance has no restriction assigned, it is viewable
+    #   :default_view_all:: Alias for :default_allowed_all
     # Adds restrictions to Model
-    # NOTE: Basic type signifies that condition is forced without
-    # user interaction. This means no select options will be used
-    # as basic restrictors are never seen by the user. Basic restrictors
-    # are applied directly against the user model.
+    # NOTE: Basic types are run directly against the model culminating in a count to see if it is valid (ex for :basic_user: User.where(:allowed_to_do_stuff => true))
+    #       Implicit type is run directly against the source model. (ex: Fubar.includes(:feebar).where(:feebars => {:user_id => User.current_user.id}))
+    #       Full is a full restrictor using join tables and provides view helpers for management
     def add_restrictor(name, opts={})
       self.restrictors ||= []
-      new_opts = {:name => name, :id => :id, :enabled => true, :type => :full, :include => []}.merge(opts)
-      new_opts[:include] = [new_opts[:include]] unless new_opts[:include].is_a?(Array)
-      new_opts[:include].push(name) unless new_opts[:include].map(&:to_s).include?(name.to_s)
-      self.restrictors.push(new_opts)
-      if(new_opts[:type] == :full)
-        self.class_eval do
-          # This just creates a helper that will grab activerecord
-          # instance from passed in IDs for applied restriction
-          alias_method "original_#{name}=".to_sym, "#{name}=".to_sym
-          define_method("#{name}=") do |args|
-            args = (args.is_a?(Array) ? args : Array(args)).find_all{|arg|arg.present?}
-            new_args = []
-            ids = []
-            args.each do |item|
-              if(item.is_a?(ActiveRecord::Base) || (defined?(ActiveRecord::Relation) && item.is_a?(ActiveRecord::Relation)))
-                new_args << item
-              else
-                ids << item.to_i
-              end
-            end
-            new_args += new_opts[:class].find(ids) unless ids.empty?
-            self.send("original_#{name}=".to_sym, new_args)
-          end
+      new_opts = {:name => name, :enabled => true, :type => :full, :scope => self.scoped, :default_allowed_all => false}.merge(opts)
+      new_opts[:views] ||= {}
+      new_opts = map_deprecated_hash(new_opts)
+      new_opts[:views][:id] ||= :id
+      new_opts[:class] = restrictor_class(new_opts)
+      if(new_opts[:type] == :full && new_opts[:views][:value].blank?)
+        if(new_opts[:class].column_names.include?('name'))
+          new_opts[:views][:value] = :name
+        else
+          raise 'Value must be defined for association to generate views'
         end
       end
+      self.restrictors.push(new_opts)
+    end
+
+    # TODO: Add in proper mapping plus scope building
+    def map_deprecated_hash(hsh)
+      hsh[:type] = :basic_user if hsh[:type] == :basic
+      hsh[:scope] = self.class._restrictor_custom_user_class.where(hsh.delete(:condition)) if hsh[:condition].present?
+      [:value, :multiple, :include_blank, :user_values_only, :id].each do |v_opt|
+        hsh[:views][v_opt] = hsh.delete(v_opt) if hsh[v_opt].present?
+      end
+      hsh[:default_allowed_all] = hsh.delete(:default_view_all) if hsh.has_key?(:default_view_all)
+      hsh
     end
 
-    # Returns restrictors not of type :basic
-    def full_restrictors
-      self.restrictors.find_all{|restrictor| restrictor[:type] != :basic && check_enabled(restrictor[:enabled]) == true}
+    # Returns restrictors of type: :full
+    # NOTE: Returns enabled by default. Provide :include_disabled to get all
+    def full_restrictors(*args)
+      self.restrictors.find_all do |restrictor| 
+        restrictor[:type] == :full &&
+          (args.include?(:include_disabled) || check_enabled(restrictor[:enabled]) == true)
+      end
     end
 
-    # Returns restrictors of type :basic
-    def basic_restrictors
-      self.restrictors.find_all{|restrictor| restrictor[:type] == :basic && check_enabled(restrictor[:enabled]) == true}
+    # Returns restrictors of type :basic_model
+    # NOTE: Returns enabled by default. Provide :include_disabled to get all
+    def basic_model_restrictors(*args)
+      self.restrictors.find_all do |restrictor| 
+        restrictor[:type] == :basic_model && 
+          (args.include?(:include_disabled) || check_enabled(restrictor[:enabled]) == true)
+      end
+    end
+
+    # Returns restrictors of type :basic_user
+    # NOTE: Returns enabled by default. Provide :include_disabled to get all
+    def basic_user_restrictors(*args)
+      self.restrictors.find_all do |restrictor| 
+        restrictor[:type] == :basic_user && 
+          (args.include?(:include_disabled) || check_enabled(restrictor[:enabled]) == true)
+      end
+    end
+
+    # Returns restrictors of type :implicit
+    def implicit_restrictors(*args)
+      self.restrictors.find_all do |restrictor|
+        restrictor[:type] == :implicit &&
+          check_enabled(restrictor[:enabled]) == true
+      end
     end
 
     # Returns all restrictors that are currently in enabled state
@@ -70,8 +96,34 @@ module ActiveRestrictor
       if(hash[:class].present?)
         hash[:class]
       else
-        self.relect_on_association(hash[:name]).klass
+        if(hash[:type] == :basic_user)
+          _restrictor_custom_user_class
+        elsif(hash[:type] == :basic_model)
+          self
+        else
+          n = self.reflect_on_association(hash[:name]).try(:klass)
+          if(n.blank?)
+            raise "Failed to location association for restrictor. Given: #{hash[:name]}. Please check assocation name."
+          end
+          n
+        end
+      end
+    end
+
+    def restrictor_user_scoping
+      user_scope = _restrictor_custom_user_class.scoped
+      basic_user_restrictors.each do |restrictor|
+        user_scope = user_scope.merge(restrictor[:scope].respond_to?(:call) ? restrictor[:scope].call : restrictor[:scope])
       end
+      user_scope
+    end
+
+    def restrictor_klass_scoping
+      klass_scope = self.scoped
+      (implicit_restrictors + basic_model_restrictors).each do |restrictor|
+        klass_scope = klass_scope.merge(restrictor[:scope].respond_to?(:call) ? restrictor[:scope].call : restrictor[:scope])
+      end
+      klass_scope
     end
 
     private
@@ -89,6 +141,7 @@ module ActiveRestrictor
         false
       end
     end
+
   end
 
   module InstanceMethods
@@ -100,13 +153,26 @@ module ActiveRestrictor
     end
 
     # Returns restrictors not of type :basic
-    def full_restrictors
-      self.class.full_restrictors
+    # NOTE: Returns enabled by default. Provide :include_disabled to get all
+    def full_restrictors(*args)
+      self.class.full_restrictors(*args)
+    end
+
+    # Returns restrictors of type :basic_user
+    # NOTE: Returns enabled by default. Provide :include_disabled to get all
+    def basic_user_restrictors(*args)
+      self.class.basic_user_restrictors(*args)
+    end
+
+    # Returns restrictors of type :basic_model
+    # NOTE: Returns enabled by default. Provide :include_disabled to get all
+    def basic_model_restrictors(*args)
+      self.class.basic_model_restrictors(*args)
     end
 
-    # Returns restrictors of type :basic
-    def basic_restrictors
-      self.class.basic_restrictors
+    # Returns restrictors of type :implict
+    def implicit_restrictors
+      self.class.implicit_restrictors
     end
 
     # Returns all restrictors taht are currently in enabled status
@@ -114,31 +180,43 @@ module ActiveRestrictor
       self.class.enabled_restrictors
     end
 
+    # Grabs customizable user class
+    def _restrictor_custom_user_class
+      self.class._restrictor_custom_user_class
+    end
+
     # Returns User scope with all restrictors applied
     def allowed_users
-      user_scope = User.scoped
-      enabled_restrictors.each do |restrictor|
-        next if restrictor[:user_custom]
-        if(restrictor[:include].is_a?(ActiveRecord::Relation))
-          user_scope = user_scope.merge(restrictor[:include])
-        elsif(restrictor[:include].present?)
-          user_scope = user_scope.joins(restrictor[:include])
-        end
-        if(restrictor[:condition].is_a?(ActiveRecord::Relation))
-          user_scope = user_scope.merge(restrictor[:condition])
-        elsif(restrictor[:condition].respond_to?(:call))
-          user_scope = user_scope.merge(restrictor[:condition].call)
-        elsif(restrictor[:condition].present?)
-          user_scope = user_scope.where(restrictor[:condition])
+      klass_scope = self.class.restrictor_klass_scoping.where(:id => self.id)
+      user_scope = self.class.restrictor_user_scoping
+      if(klass_scope.count > 0)
+        full_restrictors.each do |restrictor|
+          user_scope = user_scope.includes(restrictor[:name])
+          unless(restrictor[:user_custom].present?)
+            rtable_name = restrictor[:table_name] || restrictor[:class].table_name
+            r_scope = self.send(restrictor[:name]).scoped.select("#{rtable_name}.id")
+            r_count = self.send(restrictor[:name]).scoped.select("count(*)")
+            # this next bit gets rid of the association_name.* rails insists upon and any extra cruft
+            r_scope.arel.ast.cores.first.projections.delete_if{|item| item != "#{rtable_name}.id"}
+            r_count.arel.ast.cores.first.projections.delete_if{|item| item != "count(*)"}
+            user_scope = user_scope.where(
+              "#{rtable_name}.id IN (#{r_scope.to_sql})#{
+                " OR (#{r_count.to_sql}) = 0" if restrictor[:default_allowed_all]
+              }"
+            )
+          else
+            user_scope = restrictor[:user_custom].call(user_scope, self)
+          end
         end
-        unless(restrictor[:type] == :basic)
-          user_scope = user_scope.where("#{restrictor[:table_name] || restrictor_class(restrictor).table_name}.id IN (#{self.send(restrictor[:name]).scoped.select(:id).to_sql})")
+        if(Array(implicit_restrictors).size > 0)
+          if(r = _restrictor_custom_user_class.reflect_on_all_associations.detect{|r| r.klass == self.class})
+            user_scope = user_scope.includes(r.name).merge(klass_scope)
+          end
         end
+        user_scope
+      else
+        user_scope.where('null')
       end
-      if((methods = enabled_restrictors.find_all{|res| res[:user_custom]}).size > 0)
-        user_scope = methods.inject(user_scope){|result,func| func.call(result, self)}
-      end
-      user_scope
     end
   end
 
@@ -151,14 +229,28 @@ module ActiveRestrictor
         extend ClassMethods
         include InstanceMethods
 
+        unless(base.singleton_methods.map(&:to_sym).include?(:_restrictor_custom_user_class))
+          class << self
+            # This can be overridden for customization
+            def _restrictor_custom_user_class
+              User
+            end
+          end
+        end
         scope :allowed_for, lambda{|*args|
           user = args.detect{|item|item.is_a?(User)}
-          where("#{table_name}.id IN (#{user.send("allowed_#{base.name.tableize}").select(:id).to_sql})")
+          if(user.present?)
+            r_scope = user.send("allowed_#{base.name.tableize}").select("#{base.table_name}.id")
+            r_scope.arel.ast.cores.first.projections.delete_if{|item| item != "#{base.table_name}.id"}
+            where("#{table_name}.id IN (#{r_scope.to_sql})")
+          else
+            where('null')
+          end
         }
       end
     end
     # Patch up the user to provide restricted methods
-    ([User] + User.descendants).compact.each do |user_klass|
+    ([klass._restrictor_custom_user_class] + klass._restrictor_custom_user_class.descendants).compact.each do |user_klass|
       user_klass.class_eval do
         # This patches a method onto the User instance to
         # provide access to the allowed instance of the model
@@ -168,45 +260,31 @@ module ActiveRestrictor
         define_method("allowed_#{klass.name.tableize}") do
           # First we perform a basic check against the User to see
           # if this user instance is even allowed by default
-          user_scope = User.scoped
-          klass.basic_restrictors.each do |restriction|
-            if(restriction[:condition].is_a?(ActiveRecord::Relation))
-              user_scope = user_scope.merge(restriction[:condition])
-            elsif(restriction[:condition].respond_to?(:call))
-              user_scope = user_scope.merge(restriction[:condition].call)
-            elsif(restriction[:condition].present?)
-              user_scope = user_scope.where(restriction[:condition])
-            end
-            if(restriction[:include].is_a?(ActiveRecord::Relation))
-              user_scope = user_scope.merge(restriction[:include])
-            elsif(restriction[:include].present?)
-              user_scope = user_scope.join(restriction[:include])
-            end
-          end
+          user_scope = klass.restrictor_user_scoping.where(:id => self.id)
           if(user_scope.count > 0)
-            scope = klass.scoped
+            scope = klass.restrictor_klass_scoping
             klass.full_restrictors.each do |restrictor|
-              next if restrictor[:model_custom].present?
-              rtable_name = restrictor[:table_name] || klass.restrictor_class(restrictor).table_name
-              r_scope = self.send(restrictor[:name]).scoped.select("#{rtable_name}.id")
-              r_scope.arel.ast.cores.first.projections.delete_at(0) # gets rid of the association_name.* rails insists upon
-              if(restrictor[:default_view_all])
-                scope = scope.includes(restrictor[:name]) if restrictor[:name].present?
+              scope = scope.includes(restrictor[:name])
+              if(restrictor[:scope].present?)
+                scope = scope.merge(restrictor[:scope].respond_to?(:call) ? restrictor[:scope].call : restrictor[:scope])
+              end
+              unless(restrictor[:model_custom].present?)
+                rtable_name = restrictor[:table_name] || restrictor[:class].table_name
+                r_scope = self.send(restrictor[:user_association] || restrictor[:name]).scoped.select("#{rtable_name}.id") # This gives us valid joiners!
+                # this next bit gets rid of the association_name.* rails insists upon and any extra cruft
+                r_scope.arel.ast.cores.first.projections.delete_if{|item| item != "#{rtable_name}.id"}
+                scope = scope.where(
+                  "#{rtable_name}.id IN (#{r_scope.to_sql})#{
+                    " OR #{rtable_name}.id IS NULL" if restrictor[:default_allowed_all]
+                  }"
+                )
               else
-                scope = scope.joins(restrictor[:name]) if restrictor[:name].present?
+                scope = restrictor[:model_custom].call(scope, self)
               end
-              scope = scope.where(
-                "#{rtable_name}.id IN (#{r_scope.to_sql})#{
-                  " OR #{rtable_name}.id IS NULL" if restrictor[:default_view_all]
-                }"
-              )
-            end
-            if((methods = klass.restrictors.map{|res| res[:model_custom]}.compact).size > 0)
-              scope = methods.inject(scope){|result,func| func.call(result, self)}
             end
             scope
           else
-            klass.where('false')
+            klass.where('null')
           end
         end
       end

data/lib/active_restrictors/active_restrictor_views.rb

@@ -1,57 +1,65 @@
 module ActiveRestrictors
   module View
+
     # obj:: Instance with restrictors enabled
+    # args:: argument hash :
+    #  :val_join:: string to join values with
+    #  :include_disabled:: includes all restrictors
     # val_join:: String to join restictor values together
     # Provides array of enabled restrictors in the form of:
     # [[restrictor_name_label, string_of_restriction_values]]
-    def display_full_restrictors(obj, val_join = '<br />')
+    def display_full_restrictors(obj, *args)
+      arg_h = args.last.is_a?(Hash) ? args.last : {}
+      res = []
+      if(args.size == 1 && args.first.is_a?(String))
+        val_join = args.first
+      else
+        val_join = arg_h[:val_join] || '<br />'
+      end
       if(obj.class.respond_to?(:full_restrictors))
-        obj.class.full_restrictors.map do |restrictor|
-          [
-            label(obj.class.name.camelize, restrictor[:name]),
-            obj.send(restrictor[:name]).map(&restrictor[:value].to_sym).join(val_join).html_safe
-          ]
+        r_args = arg_h[:include_disabled] ? [:include_disabled] : []
+        res = obj.class.full_restrictors(*r_args).map do |restrictor|
+          [label(obj.class.name.camelize, restrictor[:name]),
+            obj.send(restrictor[:name]).map(&restrictor[:views][:value].to_sym).join(val_join).html_safe]
         end
-      else
-        []
       end
-    end
-
-    def display_custom_restrictors(klass)
-      # Stub for now
-      []
+      res
     end
 
     # obj:: Instance with restrictors enabled
     # form:: Form object to attach restrictor fields to
+    # args:: Argument hash -> 
+    #  :include_disabled:: includes all restrictors
     # Provides form items for restrictors in an array of format:
     # [[restrictor_name_label, form_selection_string]]
-    def edit_full_restrictors(obj, form)
+    def edit_full_restrictors(obj, form, args={})
+      r_args = args[:include_disabled] ? [:include_disabled] : []
       if(obj.class.respond_to?(:full_restrictors))
-        obj.class.full_restrictors.map do |restrictor|
-          if(restrictor[:user_values_only])
-            if(restrictor[:user_values_only].respond_to?(:call))
-              user = restrictor[:user_values_only].call
+        obj.class.full_restrictors(*r_args).map do |restrictor|
+          if(restrictor[:views][:user_values_only])
+            if(restrictor[:views][:user_values_only].respond_to?(:call))
+              user = restrictor[:views][:user_values_only].call
               if(user)
                 values = user.send(restrictor[:name].to_sym).find(:all, :order => restrictor[:value])
               else
-                values = restrictor[:user_values_only].send(restrictor[:name].to_sym).find(:all, :order => restrictor[:value])
+                values = restrictor[:views][:user_values_only].send(restrictor[:name].to_sym).find(:all, :order => restrictor[:views][:value])
               end
             end
           end
-          values = restrictor[:class].find(:all, :order => restrictor[:value]) unless values
+          @_restrictor_inflector_helper ||= Class.send(:include, ActiveSupport::Inflector).new
+          values = restrictor[:class].find(:all, :order => restrictor[:views][:value]) unless values
           [
             form.label(restrictor[:name]),
             form.collection_select(
-              restrictor[:name],
+              "#{@_restrictor_inflector_helper.singularize(restrictor[:name])}_ids",
               values,
-              restrictor[:id],
-              restrictor[:value],
+              restrictor[:views][:id],
+              restrictor[:views][:value],
               {
-                :include_blank => restrictor[:include_blank],
-                :selected => Array(obj.send(restrictor[:name])).map(&restrictor[:id].to_sym)
+                :include_blank => restrictor[:views][:include_blank],
+                :selected => Array(obj.send(restrictor[:name])).map(&restrictor[:views][:id].to_sym)
               },
-              :multiple => restrictor[:multiple]
+              :multiple => restrictor[:views][:multiple]
             )
           ]
         end
@@ -59,11 +67,6 @@ module ActiveRestrictors
         []
       end
     end
-
-    def edit_custom_restrictors(klass)
-      # Stub for now
-      []
-    end
   end
 end
 

data/lib/active_restrictors/version.rb

@@ -13,5 +13,5 @@ module ActiveRestrictors
     end
   end
 
-  VERSION = Version.new('0.1.1')
+  VERSION = Version.new('0.2.0')
 end

data/spec/model_definitions.rb

@@ -0,0 +1,116 @@
+require 'active_record'
+require 'active_record/migration'
+require 'benchmark'
+class ModelSetup < ActiveRecord::Migration
+  def self.up
+    create_table :users do |t|
+      t.string :username
+      t.boolean :active
+    end
+    create_table :fubars do |t|
+      t.string :name
+      t.boolean :enabled
+      t.integer :user_id
+    end
+    create_table :permissions do |t|
+      t.string :name
+    end
+    create_table :groups do |t|
+      t.string :name
+    end
+    create_table :user_permissions do |t|
+      t.integer :user_id
+      t.integer :permission_id
+    end
+    create_table :fubar_permissions do |t|
+      t.integer :fubar_id
+      t.integer :permission_id
+    end
+    create_table :user_groups do |t|
+      t.integer :group_id
+      t.integer :user_id
+    end
+    create_table :fubar_groups do |t|
+      t.integer :group_id
+      t.integer :fubar_id
+    end
+  end
+end
+
+ModelSetup.up
+
+class User < ActiveRecord::Base
+  cattr_accessor :current_user
+  has_many :user_permissions, :dependent => :destroy
+  has_many :permissions, :through => :user_permissions
+  has_many :user_groups, :dependent => :destroy
+  has_many :groups, :through => :user_groups
+  has_many :fubars, :dependent => :destroy
+end
+
+class Permission < ActiveRecord::Base
+  has_many :user_permissions, :dependent => :destroy
+  has_many :users, :through => :user_permissions
+  has_many :fubar_permissions, :dependent => :destroy
+  has_many :fubars, :through => :fubar_permissions
+end
+
+class Group < ActiveRecord::Base
+  has_many :user_groups, :dependent => :destroy
+  has_many :users, :through => :user_groups
+  has_many :fubar_groups, :dependent => :destroy
+  has_many :fubars, :through => :fubar_groups
+end
+
+class Fubar < ActiveRecord::Base
+  include ActiveRestrictor
+  has_many :fubar_permissions, :dependent => :destroy
+  has_many :permissions, :through => :fubar_permissions
+  has_many :fubar_groups, :dependent => :destroy
+  has_many :groups, :through => :fubar_groups
+  belongs_to :user
+end
+
+class UserPermission < ActiveRecord::Base
+  belongs_to :user
+  belongs_to :permission
+end
+
+class FubarPermission < ActiveRecord::Base
+  belongs_to :fubar
+  belongs_to :permission
+end
+
+class FubarGroup < ActiveRecord::Base
+  belongs_to :fubar
+  belongs_to :group
+end
+
+class UserGroup < ActiveRecord::Base
+  belongs_to :user
+  belongs_to :group
+end
+
+def scrub_all
+  Fubar.restrictors.clear
+  UserGroup.delete_all
+  FubarGroup.delete_all
+  UserPermission.delete_all
+  FubarPermission.delete_all
+  User.current_user = nil
+  Fubar.update_all(:user_id => nil)
+end
+
+# Setup our test models
+10.times do |i|
+  User.create(:username => "user_#{i}", :active => i % 2 == 0)
+  Fubar.create(:name => "fubar_#{i}", :enabled => i % 2 == 0)
+end
+
+5.times do |i|
+  Permission.create(:name => "permission_#{i}")
+end
+
+5.times do |i|
+  Group.create(:name => "group_#{i}")
+end

data/spec/restrictor_spec.rb

@@ -0,0 +1,386 @@
+require File.join(File.expand_path(File.dirname(__FILE__)), 'setup')
+
+describe ActiveRestrictor do
+  # Check for proper setup at the start
+  describe 'after suite setup' do
+    it 'should have properly setup models' do
+      assert_equal 10,  User.count
+      assert_equal 10, Fubar.count
+      assert_equal 5, Group.count
+      assert_equal 5, Permission.count
+      refute_equal User.count, User.where(:active => true).count
+    end
+  end
+
+
+  #!!!! basic_user type restrictions
+  describe 'when basic user restrictor only allows active users' do
+    before do
+      Fubar.class_eval do
+        add_restrictor(:active,
+          :type => :basic_user,
+          :scope => User.where(:active => true)
+        )
+      end
+    end
+    after do
+      scrub_all
+    end
+    it 'should only allow active users access to fubars' do
+      u = User.where(:active => true).first
+      assert u.allowed_fubars.count > 0
+      u = User.where(:active => false).first
+      assert_equal 0, u.allowed_fubars.count
+    end
+    it 'should only show active users from fubars' do
+      Fubar.all.each do |fubar|
+        fubar.allowed_users.each do |user|
+          assert user.active
+        end
+      end
+    end
+  end
+
+  describe 'when basic user restrictor provide enabled block' do
+    before do
+      Fubar.class_eval do
+        add_restrictor(:active,
+          :type => :basic_user,
+          :scope => User.where(:active => true),
+          :enabled => lambda{ User.current_user.nil? || !User.current_user.username == 'user_1' }
+        )
+      end
+      u = User.find_by_username('user_1')
+      u.active = false
+      u.save!
+    end
+    after do
+      scrub_all
+    end
+    it 'should not allow fubars for user_1 when current_user is unset' do
+      assert_equal 0, User.find_by_username('user_1').allowed_fubars.count
+    end
+    it 'should allow fubars for user_1 when current_user is set' do
+      u = User.find_by_username('user_1')
+      User.current_user = u
+      assert u.allowed_fubars.count > 0
+    end
+  end
+
+  #!!! basic model type restrictions
+  describe 'when basic model restrictor only allows enabled fubars' do
+    before do
+      Fubar.class_eval do
+        add_restrictor(:enabled,
+          :type => :basic_model,
+          :scope => Fubar.where(:enabled => true)
+        )
+      end
+    end
+    after do
+      scrub_all
+    end
+    it 'should only allow users to access enabled fubars' do
+      User.all.each do |user|
+        user.allowed_fubars.each do |fubar|
+          assert fubar.enabled?
+        end
+      end
+    end
+    it 'should not provide users from disabled fubars' do
+      assert Fubar.where(:enabled => false).count > 0
+      Fubar.where(:enabled => false).all.each do |fubar|
+        assert_equal 0, fubar.allowed_users.count
+      end
+    end
+  end
+
+  #!!! implicit model type restrictions
+  describe 'when implict restrictor only allows fubars belonging to users' do
+    before do
+      Fubar.class_eval do
+        add_restrictor(:user,
+          :type => :implicit,
+          :scope => lambda{ where(:user_id => User.current_user.id) }
+        )
+      end
+      u = User.find_by_username("user_1")
+      3.times do |i|
+        f = Fubar.find_by_name("fubar_#{i}")
+        f.user_id = u.id
+        f.save!
+      end
+      User.current_user = u
+    end
+    after do
+      scrub_all
+    end
+    it 'should show 3 fubars for user_1' do
+      assert_equal 3, User.find_by_username('user_1').fubars.count
+    end
+    it 'should show no fubars for users not user_1' do
+      User.where("username != 'user_1'").all.each do |user|
+        assert_equal 0, user.fubars.count
+      end
+    end
+    it 'should only show allowed users as assigned users' do
+      Fubar.all.each do |fubar|
+        if(fubar.user_id.nil?)
+          assert_equal 0, fubar.allowed_users.count 
+        else
+          assert_equal 1, fubar.allowed_users.count
+          assert_equal 'user_1', fubar.allowed_users.first.username
+        end
+      end
+    end
+  end
+
+  #!!! full type restrictions
+  describe 'when full permission restrictor is applied' do
+    before do
+      Fubar.class_eval do
+        add_restrictor(:permissions,
+          :type => :full
+        )
+      end
+      3.times do |i|
+        perm = Permission.find_by_name("permission_#{i}")
+        user = User.find_by_username("user_#{i}")
+        fubar = Fubar.find_by_name("fubar_#{i}")
+        user.permissions << perm
+        fubar.permissions << perm
+      end
+    end
+    after do
+      scrub_all
+    end
+    it 'should only allow users with matching permissions' do
+      3.times do |i|
+        user = User.find_by_username("user_#{i}")
+        fubar = Fubar.find_by_name("fubar_#{i}")
+        assert_equal 1, user.allowed_fubars.count
+        assert_equal 1, fubar.allowed_users.count
+        assert_equal "fubar_#{i}", user.allowed_fubars.first.name
+        assert_equal "user_#{i}", fubar.allowed_users.first.username
+      end
+    end
+    it 'should not allow users without matching permissions' do
+      7.times do |i|
+        i = i + 3
+        user = User.find_by_username("user_#{i}")
+        fubar = Fubar.find_by_name("fubar_#{i}")
+        assert_equal 0, user.allowed_fubars.count
+        assert_equal 0, fubar.allowed_users.count
+      end
+    end
+  end
+
+  #!!! Stacked full restrictions
+  describe 'when full permission and full group restrictors are applied' do
+    before do
+      Fubar.class_eval do
+        add_restrictor(:permissions,
+          :type => :full
+        )
+        add_restrictor(:groups,
+          :type => :full
+        )
+      end
+      4.times do |i|
+        perm = Permission.find_by_name("permission_#{i}")
+        user = User.find_by_username("user_#{i}")
+        group = Group.find_by_name("group_#{i}")
+        fubar = Fubar.find_by_name("fubar_#{i}")
+        if(i % 2 == 0 || i == 3)
+          user.permissions << perm
+          fubar.permissions << perm
+        end
+        if(i % 2 == 1 || i == 3)
+          user.groups << group
+          fubar.groups << group
+        end
+      end
+    end
+    after do
+      scrub_all
+    end
+
+    it 'should be setup correctly' do
+      3.times do |i|
+        u = User.find_by_username("user_#{i}")
+        if(u.groups.count > 0)
+          assert_equal(1, u.groups.count)
+          assert_equal(0, u.permissions.count)
+        elsif(u.permissions.count > 0)
+          assert_equal(1, u.permissions.count)
+          assert_equal(0, u.groups.count)
+        else
+          flunk "User should have one group or one permission assigned"
+        end
+      end
+      assert_equal 1, User.find_by_username('user_3').groups.count
+      assert_equal 1, User.find_by_username('user_3').permissions.count
+      assert_equal 0, User.find_by_username('user_4').groups.count
+      assert_equal 0, User.find_by_username('user_5').permissions.count
+    end
+    it 'should allow not allow users with single matching permission or group only' do
+      3.times do |i|
+        user = User.find_by_username("user_#{i}")
+        assert_equal(0, user.allowed_fubars.count)
+      end
+    end
+    it 'should allow users with both matching permission and group' do
+      assert_equal(1, User.find_by_username('user_3').allowed_fubars.count)
+    end
+    it 'should not allow users with no matching permission or group' do
+      assert_equal(0, User.find_by_username('user_4').allowed_fubars.count)
+    end
+  end
+
+  describe 'when full permission and full group restrictors are applied using default_view_all' do
+    before do
+      Fubar.class_eval do
+        add_restrictor(:permissions,
+          :type => :full,
+          :default_view_all => true
+        )
+        add_restrictor(:groups,
+          :type => :full,
+          :default_view_all => true
+        )
+      end
+      4.times do |i|
+        perm = Permission.find_by_name("permission_#{i}")
+        user = User.find_by_username("user_#{i}")
+        group = Group.find_by_name("group_#{i}")
+        fubar = Fubar.find_by_name("fubar_#{i}")
+        if(i % 2 == 0 || i == 3)
+          user.permissions << perm
+          fubar.permissions << perm
+        end
+        if(i % 2 == 1 || i == 3)
+          user.groups << group
+          fubar.groups << group
+        end
+      end
+    end
+    after do
+      scrub_all
+    end
+
+    it 'should only provide fubars without assigned groups and permissions to users without assigned groups and permissions' do
+      User.includes(:groups, :permissions).where(:groups => {:id => nil}, :permissions => {:id => nil}).each do |user|
+        assert_equal(6, user.allowed_fubars.count)
+        user.allowed_fubars.each do |fubar|
+          assert_equal(0, fubar.groups.count)
+          assert_equal(0, fubar.permissions.count)
+        end
+        assert_equal(0, user.groups.count)
+        assert_equal(0, user.permissions.count)
+      end
+    end
+    it 'should provide fubars with with matching group or permissions and fubars without assigned groups or permissions' do
+      4.times do |i|
+        user = User.find_by_username("user_#{i}")
+        assert_equal(7, user.allowed_fubars.count)
+        user.allowed_fubars.each do |fubar|
+          if(fubar.groups.count > 0)
+            assert_equal fubar.groups.first, user.groups.first
+          end
+          if(fubar.permissions.count > 0)
+            assert_equal fubar.permissions.first, user.permissions.first
+          end
+        end
+      end
+    end
+    it 'should allow all users when no permission and groups are defined' do
+      6.times do |i|
+        fubar = Fubar.find_by_name("fubar_#{i + 4}")
+        assert_equal(10, fubar.allowed_users.count)
+      end
+    end
+    it 'should only allow users with matching permission or group' do
+      4.times do |i|
+        fubar = Fubar.find_by_name("fubar_#{i}")
+        assert_equal(1, fubar.allowed_users.count)
+      end
+    end
+  end
+
+  #!!! Stacked mixed restrictions
+  describe 'when basic and full restrictors are applied' do
+    before do
+      Fubar.class_eval do
+        add_restrictor(:enabled,
+          :type => :basic_user,
+          :scope => User.where(:active => true)
+        )
+        add_restrictor(:enabled,
+          :type => :basic_model,
+          :scope => where(:enabled => true)
+        )
+        add_restrictor(:permissions,
+          :type => :full
+        )
+      end
+      4.times do |i|
+        user = User.find_by_username("user_#{i}")
+        perm = Permission.find_by_name("permission_#{i}")
+        fubar = Fubar.find_by_name("fubar_#{i}")
+        user.permissions << perm
+        fubar.permissions << perm
+      end
+    end
+    after do
+      scrub_all
+    end
+
+    it "should have disabled and enabled users and fubars setup" do
+      users = 4.times.map{|i| User.find_by_username("user_#{i}")}
+      fubars = 4.times.map{|i| Fubar.find_by_name("fubar_#{i}")}
+      assert users.detect(&:active?), 'Expecting active users'
+      assert users.detect{|u| !u.active?}, 'Expecting inactive users'
+      assert fubars.detect(&:enabled?), 'Expecting enabled fubars'
+      assert fubars.detect{|f| !f.enabled?}, 'Expecting disabled fubars'
+    end
+    it "should not show any allowed users when fubar is disabled" do
+      fubar = Fubar.where(:name => 4.times.map{|i|"fubar_#{i}"}, :enabled => false).first
+      assert fubar, "Expecting Fubar instance to be found"
+      assert_equal 0, fubar.allowed_users.count
+    end
+    it "should only show active users when fubar is enabled" do
+      fubar = Fubar.where(:name => 4.times.map{|i|"fubar_#{i}"}, :enabled => true).first
+      assert fubar, "Expecting Fubar instance to be found"
+      assert fubar.allowed_users.count > 0, 'Expecting allowed users to be found'
+      fubar.allowed_users.each do |user|
+        assert user.active?, 'Expecting user to be active'
+      end
+    end
+    it "should not show any allowed fubars when user is inactive" do
+      user = User.where(:username => 4.times.map{|i|"user_#{i}"}, :active => false).first
+      assert user, "Expecting User instance to be found"
+      assert_equal(0, user.allowed_fubars.count)
+    end
+    it "should only show enabled fubars when user is active" do
+      user = User.where(:username => 4.times.map{|i|"user_#{i}"}, :active => true).first
+      assert user, "Expecting User instance to be found"
+      assert user.allowed_fubars.count > 0, 'Expecting allowed fubars to be found'
+      user.allowed_fubars.each do |fubar|
+        assert fubar.enabled?, 'Expecting fubar to be enabled'
+      end
+    end
+    it "should only show enabled fubars with same permission as user" do
+      User.where(:username => 4.times.map{|i|"user_#{i}"}, :active => true).all.each do |user|
+        assert user.active?, 'Expecting active user'
+        assert user.allowed_fubars.count > 0, 'Expecting user to have allowed fubars'
+        user.allowed_fubars.each do |fubar|
+          assert fubar.enabled?, 'Expecting Fubar to be enabled'
+          assert_equal fubar.permissions.first, user.permissions.first
+        end
+      end
+    end
+  end
+
+  # TODO: model_custom / user_custom
+  # TODO: more complex stacking
+end

data/spec/setup.rb

@@ -0,0 +1,17 @@
+$:.unshift(File.expand_path(File.dirname(__FILE__) + '/../lib'))
+require 'rubygems'
+require 'bundler/setup'
+require 'active_record'
+if(RUBY_PLATFORM == 'java')
+  require 'jdbc/sqlite3'
+else
+  require 'sqlite3'
+end
+require 'active_restrictors'
+require 'minitest/autorun'
+
+ActiveRecord::Base.establish_connection(
+  :adapter => 'sqlite3',
+  :database => ':memory:'
+)
+load File.join(File.expand_path(File.dirname(__FILE__)), 'model_definitions.rb')

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: active_restrictors
 version: !ruby/object:Gem::Version 
-  hash: 25
+  hash: 23
   prerelease: 
   segments: 
   - 0
-  - 1
-  - 1
-  version: 0.1.1
+  - 2
+  - 0
+  version: 0.2.0
 platform: ruby
 authors: 
 - Chris Roberts
@@ -15,10 +15,24 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-01-09 00:00:00 -08:00
+date: 2012-01-20 00:00:00 -08:00
 default_executable: 
-dependencies: []
-
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: activerecord
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 3
+        - 0
+        version: "3.0"
+  type: :runtime
+  version_requirements: *id001
 description: Restrictors for Models
 email: chrisroberts.code@gmail.com
 executables: []
@@ -29,13 +43,19 @@ extra_rdoc_files:
 - README.rdoc
 - CHANGELOG.rdoc
 files: 
+- Gemfile.lock
+- spec/restrictor_spec.rb
+- spec/setup.rb
+- spec/model_definitions.rb
 - README.rdoc
-- CHANGELOG.rdoc
-- active_restrictors.gemspec
+- Gemfile
 - lib/active_restrictors/active_restrictor_views.rb
 - lib/active_restrictors/version.rb
 - lib/active_restrictors/active_restrictor.rb
 - lib/active_restrictors.rb
+- active_restrictors.gemspec
+- CHANGELOG.rdoc
+- Rakefile
 has_rdoc: true
 homepage: http://bitbucket.org/chrisroberts/active_restrictors
 licenses: []