RubyGems - acts_as_permission - Versions diffs - 2.0.0 → 2.0.1 - Mend

acts_as_permission 2.0.0 → 2.0.1

Files changed (7) hide show

data/README.md ADDED

@@ -0,0 +1,320 @@
+Acts as permission
+==================
+Acts as permission is a plugin for Ruby on Rails that allows to assign a list of
+permissions on an object, according to the ACL concept, where each permission
+can be extended to a subject.
+More specifically, it can make possible to allow or to deny any action of the
+controller of a protected resource.  These actions are called permittables.
+A permittable action can be directly attached to a resource.  Examples of such
+actions:
+*   `show`,
+*   `edit`,
+*   `update`,
+*   `destroy`.
+Or it can be indirectly, through a parent resource.  Examples:
+*   `index`,
+*   `new`,
+*   `create`.
+Here is an example of query to a direct article's action:
+``` ruby
+@article = Article.find(params[:id])
+@article.permission?("articles#destroy")          # => false
+```
+Same query, extended to a user:
+``` ruby
+@article.permission?("articles#destroy", @bob)    # => nil
+@article.permission?("articles#destroy", @admin)  # => true
+```
+A query example on an indirect articles' action, through a category:
+``` ruby
+@category = Category.find(params[:category_id])
+@category.permission?("articles#index")           # => true
+```
+Other examples, on unpermittable actions:
+``` ruby
+@category.permission?("articles#read")            # => nil
+@category.permission?("silk_routes#index")        # => nil
+```
+The value of a permission depends on its context, which includes a route and an
+optional extension to a permitted resource.
+The `permission?(route, ext = nil)` query may return, depending on the context:
+*   `true`, if the permission is allowed;
+*   `false`, if the permission is denied;
+*   `nil`, if the permission is indefinable (resulting of the unknown context).
+Philosophy
+----------
+General library that does only one thing, without any feature.
+Installation
+------------
+Include the gem in your `Gemfile`:
+    gem 'acts_as_permission'
+And run the `bundle` command.  Or as a plugin:
+    rails plugin install git://github.com/cyril/acts_as_permission.git
+Then, generate files and apply the migration:
+    rails generate permissions
+    rake db:migrate
+Getting started
+---------------
+### Configuring models
+Permittable models have to be declared with `acts_as_permission`.  And they have
+to be so with a default permission mask.  For example:
+``` ruby
+# app/models/article.rb
+class Article < ActiveRecord::Base
+  acts_as_permission({
+    'articles#show'     => [true, {}],
+    'articles#edit'     => [false, {
+      permitted_id: 1,
+      permitted_type: "User",
+      value: true }],
+    'articles#update'   => [false, {
+      permitted_id: 1,
+      permitted_type: "User",
+      value: true }],
+    'articles#destroy'  => [false, {
+      permitted_id: 1,
+      permitted_type: "User",
+      value: true }],
+    'comments#index'    => true,
+    'comments#new'      => [true, [{
+      permitted_id: 3,
+      permitted_type: "User",
+      value: false }]],
+    'comments#create'   => [true, [{
+      permitted_id: 3,
+      permitted_type: "User",
+      value: false }]]})
+  belongs_to :user
+  has_many :comments, dependent: :destroy
+end
+# app/models/comment.rb
+class Comment < ActiveRecord::Base
+  acts_as_permission([
+    ["comments#show",    true],
+    ["comments#edit",    [false, [
+      {permitted_id: 1, permitted_type: "User", value: true},
+      {permitted_id: 2, permitted_type: "User", value: true} ]]],
+    ["comments#update",  [false, [
+      {permitted_id: 1, permitted_type: "User", value: true},
+      {permitted_id: 2, permitted_type: "User", value: true} ]]],
+    ["comments#destroy", [false, {
+      permitted_id: 1,
+      permitted_type: "User",
+      value: true }]]])
+  belongs_to :article
+  belongs_to :user
+end
+```
+Optionally, some models (such as `User`, `Group`, `Role`) can also be declared
+as permitted with `is_able_to_be_permitted`.  Example:
+``` ruby
+# app/models/user.rb
+class User < ActiveRecord::Base
+  is_able_to_be_permitted
+  with_options(dependent: :destroy) do |opts|
+    opts.has_many :articles
+    opts.has_many :comments
+  end
+end
+```
+### Configuring controllers
+Example of a fully protected comments controller:
+``` ruby
+class CommentsController < ApplicationController
+  before_filter :check_permissions
+  # GET /comments
+  # GET /comments.xml
+  def index
+    @comments = current_resource.comments
+    respond_to do |format|
+      format.html # index.html.erb
+      format.xml  { render :xml => @comments }
+    end
+  end
+  # GET /comments/1
+  # GET /comments/1.xml
+  def show
+    @comment = current_resource
+    respond_to do |format|
+      format.html # show.html.erb
+      format.xml  { render :xml => @comment }
+    end
+  end
+  # GET /comments/new
+  # GET /comments/new.xml
+  def new
+    @comment = current_resource.comments.build
+    respond_to do |format|
+      format.html # new.html.erb
+      format.xml  { render :xml => @comment }
+    end
+  end
+  # GET /comments/1/edit
+  def edit
+    @comment = current_resource
+  end
+  # POST /comments
+  # POST /comments.xml
+  def create
+    @comment = current_resource.comments.build(params[:comment])
+    respond_to do |format|
+      if @comment.save
+        format.html { redirect_to(@comment,
+          :notice => 'Comment was successfully created.') }
+        format.xml  { render :xml => @comment, :status => :created,
+          :location => @comment }
+      else
+        format.html { render :action => "new" }
+        format.xml  { render :xml => @comment.errors,
+          :status => :unprocessable_entity }
+      end
+    end
+  end
+  # PUT /comments/1
+  # PUT /comments/1.xml
+  def update
+    @comment = current_resource
+    respond_to do |format|
+      if @comment.update_attributes(params[:comment])
+        format.html { redirect_to(@comment,
+          :notice => 'Comment was successfully updated.') }
+        format.xml  { head :ok }
+      else
+        format.html { render :action => "edit" }
+        format.xml  { render :xml => @comment.errors,
+          :status => :unprocessable_entity }
+      end
+    end
+  end
+  # DELETE /comments/1
+  # DELETE /comments/1.xml
+  def destroy
+    @comment = current_resource
+    @comment.destroy
+    respond_to do |format|
+      format.html { redirect_to(comments_url) }
+      format.xml  { head :ok }
+    end
+  end
+  protected
+  def check_permissions
+    route = [ params[:controller],
+              params[:action] ].join('#')
+    unless (current_user &&
+                         current_resource.permission?(route, current_user)) ||
+                         current_resource.permission?(route)
+      respond_to do |format|
+        format.html { redirect_to(:back, :warning => '403 Forbidden',
+          :status => :forbidden) }
+        format.xml  { render :xml => '403 Forbidden', :status => :forbidden }
+      end
+    end
+  end
+  def current_resource
+    @current_resource ||= if params[:id]
+      Comment.find(params[:id])
+    else
+      Article.find(params[:article_id], :readonly => true)
+    end
+  end
+end
+```
+### Configuring views
+We can now perform some checks on related views from a comment instance, thanks
+to the protected actions of its controller, in order to only display allowed
+links:
+``` ruby
+if current_user && @comment.permission?("comments#edit", current_user) ||
+                   @comment.permission?("comments#edit")
+  link_to "Edit comment", edit_article_comment_path(@comment.article, @comment)
+end
+```
+And also some indirect checks from the current article instance, like this one:
+``` ruby
+if current_user && @article.permission?("comments#index", current_user) ||
+                   @article.permission?("comments#index")
+  link_to "Comments", article_comments_path(@article)
+end
+```
+Or this other one:
+``` ruby
+if current_user && @article.permission?("comments#new", current_user) ||
+                   @article.permission?("comments#new")
+  link_to "New comment", new_article_comment_path(@article)
+end
+```
+#### Form helper
+Object's permissions management is as simple as:
+``` ruby
+form_for @article do |f|
+  permission_fields f
+end
+```
+Copyright (c) 2009-2011 Cyril Wack, released under the MIT license

data/VERSION.yml CHANGED

@@ -1,4 +1,4 @@
 ---
 :major: 2
 :minor: 0
-:patch: 0
+:patch: 1

data/acts_as_permission.gemspec CHANGED

@@ -1,9 +1,9 @@
 Gem::Specification.new do |s|
   s.name        = "acts_as_permission"
-  s.version     = Psych.load_file("VERSION.yml").values.join('.')
+  s.version     = YAML.load_file("VERSION.yml").values.join('.')
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Cyril Wack"]
-  s.email       = ["cyril@gosu.fr"]
+  s.email       = ["contact@cyril.io"]
   s.homepage    = "http://github.com/cyril/acts_as_permission"
   s.summary     = %q{Simple permission solution for Rails.}
   s.description = %q{Simple Rails plugin to assign a list of permissions on a resource.}

data/lib/acts_as_permission.rb CHANGED

@@ -44,10 +44,6 @@ module ActsAsPermission
       permissions.compact
     end
-    def mass_assignment_authorizer
-      super + [:permissions_attributes]
-    end
     def has_permission?(action)
       ActiveSupport::Deprecation.warn 'has_permission?(action) is deprecated ' +
         'and may be removed from future releases, use permission?(route, ext ' +
@@ -119,6 +115,7 @@ class ActiveRecord::Base
     has_many :permissions, :as => :permittable, :dependent => :destroy
     accepts_nested_attributes_for :permissions, :allow_destroy => true
+    attr_accessible :permissions_attributes
     validates_associated :permissions
     class << self

data/test/permission_test.rb CHANGED

@@ -195,28 +195,35 @@ class PermissionTest < MiniTest::Unit::TestCase
     refute @blog.permission?("articles#new")
     assert_nil @blog.permission?("silk_routes#index")
     assert_equal 5, @blog.permissions.count
-    assert_empty @blog.permissions.delete_all
+    @blog.permissions.delete_all
+    assert_empty @blog.permissions
     refute_empty @blog.create_default_permissions!
     assert_equal @blog.permissions.length, @blog.permissions.count
-    assert_empty @blog.permissions.delete_all
+    refute_empty @blog.permissions
+    @blog.permissions.delete_all
+    assert_empty @blog.permissions
     assert_empty @blog.permissions
     refute_nil @blog.create_permission!("categories#create", false, @admin)
     assert_equal 1, @blog.permissions.count
     refute @blog.permission?(:"categories#create", @admin)
     assert_equal 1, @blog.permissions.count
-    assert_empty @blog.permissions.delete_all
+    @blog.permissions.delete_all
+    assert_empty @blog.permissions
     assert @blog.permission("categories#create", @admin).
       update_attribute(:value, false)
     assert_equal 1, @blog.permissions.count
     refute @blog.permission?(:"categories#create", @admin)
     assert_equal 1, @blog.permissions.count
-    assert_empty @blog.permissions.delete_all
+    @blog.permissions.delete_all
+    assert_empty @blog.permissions
     refute_nil @blog.create_permission!("categories#create", true, @admin)
     assert @blog.permission?(:"categories#create", @admin)
-    assert_empty @blog.permissions.delete_all
+    @blog.permissions.delete_all
+    assert_empty @blog.permissions
     refute_nil @blog.create_permission!("categories#create", true, @admin)
     assert @blog.permission?(:"categories#create", @admin)
-    assert_empty @blog.permissions.delete_all
+    @blog.permissions.delete_all
+    assert_empty @blog.permissions
     refute_nil @blog.create_permission!("categories#create", true, @bob)
     refute Blog.first.permissions.empty?
     assert_equal @blog.permissions.length, @blog.permissions.count
@@ -246,7 +253,8 @@ class PermissionTest < MiniTest::Unit::TestCase
     assert @category.permission?("articles#create", @bob)
     assert_nil @category.permission?("articles#show", @bob)
     assert_equal 5, @category.permissions.count
-    assert_empty @category.permissions.delete_all
+    @category.permissions.delete_all
+    assert_empty @category.permissions
     assert_nil @category.permission?("articles#create", @bob)
     refute_nil @category.create_permission!("articles#create", true, @bob)
     assert @category.permission?("articles#create", @bob)
@@ -274,7 +282,8 @@ class PermissionTest < MiniTest::Unit::TestCase
     refute @article.permission?('comments#new', @spammer)
     refute @article.permission?('comments#create', @spammer)
     assert_equal 5, @article.permissions.count
-    assert_empty @article.permissions.delete_all
+    @article.permissions.delete_all
+    assert_empty @article.permissions
     assert_equal 0, @article.permissions.count
     assert @article.permission?('comments#new')
     assert_equal @article.permissions.count, @article.permissions.length
@@ -318,7 +327,8 @@ class PermissionTest < MiniTest::Unit::TestCase
     assert_equal 1, @comment1.permissions.count
     refute @comment1.permission?(:"comments#show")
     assert_equal 1, @comment1.permissions.count
-    assert_empty @comment1.permissions.delete_all
+    @comment1.permissions.delete_all
+    assert_empty @comment1.permissions
     assert @comment1.permission?(:"comments#show")
     assert_equal 1, @comment1.permissions.count
     refute_nil @comment1.permission("comments#show").

metadata CHANGED

@@ -1,39 +1,43 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification
 name: acts_as_permission
-version: !ruby/object:Gem::Version
-  version: 2.0.0
+version: !ruby/object:Gem::Version
   prerelease:
+  version: 2.0.1
 platform: ruby
-authors:
+authors:
 - Cyril Wack
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-04-23 00:00:00.000000000Z
-dependencies:
-- !ruby/object:Gem::Dependency
+date: 2011-09-08 00:00:00 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: railties
-  requirement: &2153626060 !ruby/object:Gem::Requirement
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
-  prerelease: false
-  version_requirements: *2153626060
+  version_requirements: *id001
 description: Simple Rails plugin to assign a list of permissions on a resource.
-email:
-- cyril@gosu.fr
+email:
+- contact@cyril.io
 executables: []
 extensions: []
 extra_rdoc_files: []
-files:
+files:
 - .gitignore
 - .rvmrc
 - Gemfile
 - MIT-LICENSE
-- README.rdoc
+- README.md
 - Rakefile
 - VERSION.yml
 - acts_as_permission.gemspec
@@ -52,28 +56,30 @@ files:
 - test/test_helper.rb
 homepage: http://github.com/cyril/acts_as_permission
 licenses: []
 post_install_message:
 rdoc_options: []
-require_paths:
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
 requirements: []
 rubyforge_project: acts_as_permission
-rubygems_version: 1.7.2
+rubygems_version: 1.8.9
 signing_key:
 specification_version: 3
 summary: Simple permission solution for Rails.
-test_files:
-- test/permission_test.rb
-- test/test_helper.rb
+test_files: []

data/README.rdoc DELETED

@@ -1,296 +0,0 @@
-= Acts as permission
-Acts as permission is a plugin for Ruby on Rails that allows to assign a list of
-permissions on an object, according to the ACL concept, where each permission
-can be extended to a subject.
-More specifically, it can make possible to allow or to deny any action of the
-controller of a protected resource.  These actions are called permittables.
-A permittable action can be directly attached to a resource.  Examples of such
-actions:
-* <tt>show</tt>,
-* <tt>edit</tt>,
-* <tt>update</tt>,
-* <tt>destroy</tt>.
-Or it can be indirectly, through a parent resource.  Examples:
-* <tt>index</tt>,
-* <tt>new</tt>,
-* <tt>create</tt>.
-Here is an example of query to a direct article's action:
-  @article = Article.find(params[:id])
-  @article.permission?("articles#destroy")          # => false
-Same query, extended to a user:
-  @article.permission?("articles#destroy", @bob)    # => nil
-  @article.permission?("articles#destroy", @admin)  # => true
-A query example on an indirect articles' action, through a category:
-  @category = Category.find(params[:category_id])
-  @category.permission?("articles#index")           # => true
-Other examples, on unpermittable actions:
-  @category.permission?("articles#read")            # => nil
-  @category.permission?("silk_routes#index")        # => nil
-The value of a permission depends on its context, which includes a route and an
-optional extension to a permitted resource.
-The <tt>permission?(route, ext = nil)</tt> query may return, depending on the
-context:
-* <tt>true</tt>, if the permission is allowed;
-* <tt>false</tt>, if the permission is denied;
-* <tt>nil</tt>, if the permission is indefinable (resulting of the unknowned
-context).
-== Philosophy
-General library that does only one thing, without any feature.
-== Installation
-Include the gem in your <tt>Gemfile</tt>:
-  gem 'acts_as_permission'
-And run the +bundle+ command.  Or as a plugin:
-  rails plugin install git://github.com/cyril/acts_as_permission.git
-Then, generate files and apply the migration:
-  rails generate permissions
-  rake db:migrate
-== Getting started
-=== Configuring models
-Permittable models have to be declared with <tt>acts_as_permission</tt>.  And
-they have to be so with a default permission mask.  For example:
-  # app/models/article.rb
-  class Article < ActiveRecord::Base
-    acts_as_permission({
-      'articles#show'     => [true, {}],
-      'articles#edit'     => [false, {
-        :permitted_id => 1,
-        :permitted_type => "User",
-        :value => true }],
-      'articles#update'   => [false, {
-        :permitted_id => 1,
-        :permitted_type => "User",
-        :value => true }],
-      'articles#destroy'  => [false, {
-        :permitted_id => 1,
-        :permitted_type => "User",
-        :value => true }],
-      'comments#index'    => true,
-      'comments#new'      => [true, [{
-        :permitted_id => 3,
-        :permitted_type => "User",
-        :value => false }]],
-      'comments#create'   => [true, [{
-        :permitted_id => 3,
-        :permitted_type => "User",
-        :value => false }]]})
-    belongs_to :user
-    has_many :comments, :dependent => :destroy
-  end
-  # app/models/comment.rb
-  class Comment < ActiveRecord::Base
-    acts_as_permission([
-      ["comments#show",     true],
-      ["comments#edit",     [false, [
-        {:permitted_id => 1, :permitted_type => "User", :value => true},
-        {:permitted_id => 2, :permitted_type => "User", :value => true} ]]],
-      ["comments#update",   [false, [
-        {:permitted_id => 1, :permitted_type => "User", :value => true},
-        {:permitted_id => 2, :permitted_type => "User", :value => true} ]]],
-      ["comments#destroy",  [false, {
-        :permitted_id => 1,
-        :permitted_type => "User",
-        :value => true }]]])
-    belongs_to :article
-    belongs_to :user
-  end
-Optionally, some models (such as <tt>User</tt>, <tt>Group</tt>, <tt>Role</tt>)
-can also be declared as permitted with <tt>is_able_to_be_permitted</tt>.
-Example:
-  # app/models/user.rb
-  class User < ActiveRecord::Base
-    is_able_to_be_permitted
-    with_options :dependent => :destroy do |opts|
-      opts.has_many :articles
-      opts.has_many :comments
-    end
-  end
-=== Configuring controllers
-Example of a fully protected comments controller:
-  class CommentsController < ApplicationController
-    before_filter :check_permissions
-    # GET /comments
-    # GET /comments.xml
-    def index
-      @comments = current_resource.comments
-      respond_to do |format|
-        format.html # index.html.erb
-        format.xml  { render :xml => @comments }
-      end
-    end
-    # GET /comments/1
-    # GET /comments/1.xml
-    def show
-      @comment = current_resource
-      respond_to do |format|
-        format.html # show.html.erb
-        format.xml  { render :xml => @comment }
-      end
-    end
-    # GET /comments/new
-    # GET /comments/new.xml
-    def new
-      @comment = current_resource.comments.build
-      respond_to do |format|
-        format.html # new.html.erb
-        format.xml  { render :xml => @comment }
-      end
-    end
-    # GET /comments/1/edit
-    def edit
-      @comment = current_resource
-    end
-    # POST /comments
-    # POST /comments.xml
-    def create
-      @comment = current_resource.comments.build(params[:comment])
-      respond_to do |format|
-        if @comment.save
-          format.html { redirect_to(@comment,
-            :notice => 'Comment was successfully created.') }
-          format.xml  { render :xml => @comment, :status => :created,
-            :location => @comment }
-        else
-          format.html { render :action => "new" }
-          format.xml  { render :xml => @comment.errors,
-            :status => :unprocessable_entity }
-        end
-      end
-    end
-    # PUT /comments/1
-    # PUT /comments/1.xml
-    def update
-      @comment = current_resource
-      respond_to do |format|
-        if @comment.update_attributes(params[:comment])
-          format.html { redirect_to(@comment,
-            :notice => 'Comment was successfully updated.') }
-          format.xml  { head :ok }
-        else
-          format.html { render :action => "edit" }
-          format.xml  { render :xml => @comment.errors,
-            :status => :unprocessable_entity }
-        end
-      end
-    end
-    # DELETE /comments/1
-    # DELETE /comments/1.xml
-    def destroy
-      @comment = current_resource
-      @comment.destroy
-      respond_to do |format|
-        format.html { redirect_to(comments_url) }
-        format.xml  { head :ok }
-      end
-    end
-    protected
-    def check_permissions
-      route = [ params[:controller],
-                params[:action] ].join('#')
-      unless (current_user &&
-                           current_resource.permission?(route, current_user)) ||
-                           current_resource.permission?(route)
-        respond_to do |format|
-          format.html { redirect_to(:back, :warning => '403 Forbidden',
-            :status => :forbidden) }
-          format.xml  { render :xml => '403 Forbidden', :status => :forbidden }
-        end
-      end
-    end
-    def current_resource
-      @current_resource ||= if params[:id]
-        Comment.find(params[:id])
-      else
-        Article.find(params[:article_id], :readonly => true)
-      end
-    end
-  end
-=== Configuring views
-We can now perform some checks on related views from a comment instance, thanks
-to the protected actions of its controller, in order to only display allowed
-links:
-  <% if current_user && @comment.permission?("comments#edit", current_user) ||
-                        @comment.permission?("comments#edit") %>
-    <%= link_to "Edit comment",
-      edit_article_comment_path(@comment.article, @comment) %>
-  <% end %>
-And also some indirect checks from the current article instance, like this one:
-  <% if current_user && @article.permission?("comments#index", current_user) ||
-                        @article.permission?("comments#index") %>
-    <%= link_to "Comments", article_comments_path(@article) %>
-  <% end %>
-Or this other one:
-  <% if current_user && @article.permission?("comments#new", current_user) ||
-                        @article.permission?("comments#new") %>
-    <%= link_to "New comment", new_article_comment_path(@article) %>
-  <% end %>
-==== Form helper
-Object's permissions management is as simple as:
-  <%= permission_fields f %>
-Copyright (c) 2009-2011 Cyril Wack, released under the MIT license