acts_permissive 0.2.5 → 0.3.0

data/README.markdown

@@ -77,6 +77,9 @@ It's all a bit complicated to talk about, because we're not used to being able t
 
     friend.can?(:read, :in => private_circle) -> true
     friend.can?(:write, :in => private_circle) -> false
+    friend.can?(:read, journal) -> true
+    friend.can?(:write, journal) -> false
+    friend.can?(:read, photo) -> true
 
     foe.can?(:read, :in => public_circle) -> false
     foe.can?(:read, :in => private_circle) -> false
@@ -150,13 +153,6 @@ Object also has a some query methods:
 
     toothbrush.all_who_can(:use).include? wife -> true
 
-Note: It might be useful to have a can? method that can act on the individual object, such as
-
-    boss.can(:use, stapler) -> false
-
-But I've opted to leave that in the application's solution space, since this gem focuses on
-the circle of objects, not the individual object as much.
-
 You can also get all users in a circle, regardless of type
 
     private.users -> [john, wife]

data/lib/acts_permissive/permissive_object.rb

@@ -30,11 +30,13 @@ module ActsPermissive
       end
 
       #TODO: Refactor this shit!
+      # One way to do this. Figure out a list of permission masks that would pass,
+      # then use that to do a straight SQL query using "perm.mask IN [list]"
       def all_who_can *args
         # Get a list of users who can do whatever symbol based permissions are
         # listed. For instance
         # authors = @thing.all_who_can(:read, :write)
-
+        warn "\nPermissiveObject::all_who_can works, yeah, but it's a time suck. Use Carefully!"
         if args.include?(:see)
           raise PermissiveError, "Can only use :see as an option by itself" if args.count > 1
           return ActsPermissive::Grouping.who_can_see(self)

data/lib/acts_permissive/permissive_user.rb

@@ -64,7 +64,7 @@ module ActsPermissive
       def reset_permissions! *args
         options = args.extract_options!
         options.assert_valid_keys(:in)
-        # We're only using this if there are circles- not on generic objects, which should be INSIDE circles
+
         raise PermissiveError, "Must be called with a circle as an argument" if options[:in].nil?
 
         #get the permission, or build it if it doesn't exist
@@ -99,26 +99,47 @@ module ActsPermissive
       end
 
       def can? *args
+        #TODO this is freakin long. Refactor this shit
         options = args.extract_options!
         options.assert_valid_keys(:in, :see)
 
+        # Get the bitmap for the selected permissions
+        bits = args.select{|o| o.class == Symbol}.map{|s| Permission.bit_for s}.inject(0){|sum, p| sum + p }
+
         #if we're checking for :see, return right away
         if options[:see]
           return permissions_in(options[:see]).present?
         end
 
-        # We're only using this if there are circles- not on generic objects, which should be INSIDE circles
-        raise PermissiveError, "Must be called with a circle as an argument" if options[:in].nil?
-
-        #Get the permissions and return
-        perm = permissions_in options[:in]
-        if perm.nil?
-          false
+        # Get a list of objects that we might be searching on
+        objects = args.select{|o| o.respond_to? :is_used_permissively?}
+
+        raise "Cannot search in both circles and objects at the same time" if options[:in].present? and objects.count > 0
+
+        if options[:in].nil? and objects.count > 0
+          warn "You are testing permissions on multiple objects. This is an OR query, which will return true if ANY have the requested permission" if objects.count > 1
+          objects.each do |object|
+            object.circles.each do |circle|
+              # return true immediately if we find a circle where our permissions cover the bitmask
+              perm = permissions_in circle
+              if perm.present?
+                return true if perm.mask & bits == bits
+              end
+            end
+          end
+        elsif options[:in].present?
+          #Get the permissions and return
+          perm = permissions_in options[:in]
+          if perm.nil?
+            return false
+          else
+            return perm.mask & bits == bits
+          end
         else
-          #add up the bits and do a bitwise and to check permissions
-          bits = args.select{|o| o.class == Symbol}.map{|s| Permission.bit_for s}.inject(0){|sum, p| sum + p }
-          perm.mask & bits == bits
+          warn "You haven't given an object or circle to search on. Failing silently. Argument list: #{args.inspect}"
         end
+        # Failsafe to false
+        false
       end
 
       def revoke! *args

data/lib/acts_permissive/version.rb

@@ -1,3 +1,3 @@
 module ActsPermissive
-  VERSION = "0.2.5"
+  VERSION = "0.3.0"
 end

data/spec/active_resource_spec.rb

@@ -19,8 +19,8 @@ describe ActsPermissive::PermissiveObject do
   end
 
   before :each do
-    @user = Factory :user
-    @admin = Factory :admin
+    @user = FactoryGirl.create :user
+    @admin = FactoryGirl.create :admin
     @rest_object = RestObject.find(321)
     @circle = @user.build_circle :objects => [@rest_object]
   end
@@ -66,8 +66,8 @@ describe ActsPermissive::PermissiveObject do
 
     before :each do
       @admin.can!(:admin, :in => @circle)
-      @anne = Factory :user
-      @debbie = Factory :user
+      @anne = FactoryGirl.create :user
+      @debbie = FactoryGirl.create :user
       @anne.can!(:read, :in => @circle)
       @widget = RestObject.find(123)
       @widget.add_to @circle
@@ -81,26 +81,29 @@ describe ActsPermissive::PermissiveObject do
     end
 
     it "should return a list of users who can perform the given functions" do
+      lst = @rest_object.all_who_can(:read)
       [@user, @anne].each do |u|
-        @rest_object.all_who_can(:read).include?(u).should be_true
+        lst.include?(u).should be_true
       end
-
+      lst = @rest_object.all_who_can(:admin)
       [@user, @admin].each do |u|
-        @rest_object.all_who_can(:admin).include?(u).should be_true
+        lst.include?(u).should be_true
       end
     end
 
     it "should not include users who can't perform the function" do
+      lst = @rest_object.all_who_can(:write)
       [@admin, @debbie, @anne].each do |u|
-        @rest_object.all_who_can(:write).include?(u).should be_false
+        lst.include?(u).should be_false
       end
     end
 
     it "Should correctly show all users who can :see an object" do
+      lst = @rest_object.all_who_can(:see)
       [@admin, @anne, @user].each do |u|
-        @rest_object.all_who_can(:see).include?(u).should be_true
+        lst.include?(u).should be_true
       end
-      @rest_object.all_who_can(:see).include?(@debbie).should be_false
+      lst.include?(@debbie).should be_false
     end
 
     it "should throw an error when using :see with other permissions" do

data/spec/acts_permissive_spec.rb

@@ -2,15 +2,15 @@ require File.join(File.dirname(__FILE__), 'spec_helper')
 
 describe ActsPermissive do
   before :each do
-    @user = Factory :user
-    @admin = Factory :admin
-    @widget = Factory :widget
-    @widget2 = Factory :widget
-    @thing = Factory :thing
+    @user = FactoryGirl.create :user
+    @admin = FactoryGirl.create :admin
+    @widget = FactoryGirl.create :widget
+    @widget2 = FactoryGirl.create :widget
+    @thing = FactoryGirl.create :thing
     @admin_circle = @admin.build_circle :name => "blah", :objects => [@widget, @widget2]
     @user_circle = @user.build_circle :name => "yada", :objects => [@thing], :mask => 31
 
-    @new_user = Factory :user, :name => "@@@@@@@@@@@@@@@"
+    @new_user = FactoryGirl.create :user, :name => "@@@@@@@@@@@@@@@"
     @new_user.can!(:read, :in => @admin_circle)
     @new_user.can?(:read, :in => @admin_circle).should be_true
   end

data/spec/permission_spec.rb

@@ -3,10 +3,10 @@ require File.join(File.dirname(__FILE__), 'spec_helper')
 describe ActsPermissive::Permission do
 
   before :each do
-    @user = Factory :user
-    @admin = Factory :admin
-    @widget = Factory :widget
-    @thing = Factory :thing
+    @user = FactoryGirl.create :user
+    @admin = FactoryGirl.create :admin
+    @widget = FactoryGirl.create :widget
+    @thing = FactoryGirl.create :thing
 
     @admin_circle = @admin.build_circle :name => "blah", :objects => [@widget]
     @user_circle = @user.build_circle :name => "yada", :objects => [@thing], :mask => 31
@@ -14,7 +14,7 @@ describe ActsPermissive::Permission do
     @user.can!(:read, :write, :in => @admin_circle)
     @admin.can!(:read, :write, :admin, :in => @user_circle)
 
-    @new_user = Factory :user
+    @new_user = FactoryGirl.create :user
     @new_user.can!(:read, :in => @user_circle)
     @new_user.can!(:write, :in => @admin_circle)
   end

data/spec/permissive_circle_spec.rb

@@ -3,10 +3,10 @@ require File.join(File.dirname(__FILE__), 'spec_helper')
 describe ActsPermissive::Circle do
 
   before :each do
-    @user = Factory :user
-    @admin = Factory :admin
-    @thing = Factory :thing
-    @widget = Factory :widget
+    @user = FactoryGirl.create :user
+    @admin = FactoryGirl.create :admin
+    @thing = FactoryGirl.create :thing
+    @widget = FactoryGirl.create :widget
   end
 
   describe "class" do
@@ -38,8 +38,8 @@ describe ActsPermissive::Circle do
   describe "query methods" do
 
     before :each do
-      @another_thing = Factory :thing
-      @another_widget = Factory :widget
+      @another_thing = FactoryGirl.create :thing
+      @another_widget = FactoryGirl.create :widget
       @uc = @user.build_circle :name => "blah", :objects => [@thing, @another_thing]
       @ac = @admin.build_circle :name => "yada", :objects => [@widget, @another_widget, @thing]
     end
@@ -50,9 +50,9 @@ describe ActsPermissive::Circle do
     end
 
     it "should return the list of users in a circle" do
-      anne = Factory :user
-      debbie = Factory :user
-      frank = Factory :user
+      anne = FactoryGirl.create :user
+      debbie = FactoryGirl.create :user
+      frank = FactoryGirl.create :user
       anne.can!(:read, :in => @uc)
       debbie.can!(:read, :write, :in => @uc)
       frank.can!(:read, :in => @ac)
@@ -75,7 +75,7 @@ describe ActsPermissive::Circle do
 
   describe "scopes" do
     before :each do
-      @user = Factory :user
+      @user = FactoryGirl.create :user
       @circles = []
       %w{one two three four five blah yada}.each do |w|
         @circles << @user.build_circle( :name => w)
@@ -84,7 +84,7 @@ describe ActsPermissive::Circle do
     end
 
     it "should return a list of users" do
-      another_user = Factory :user
+      another_user = FactoryGirl.create :user
       another_user.can!(:read, :in => @circles.first)
       @circles.first.users.include?(@user).should be_true
       @circles.first.users.include?(another_user).should be_true

data/spec/permissive_grouping_spec.rb

@@ -3,10 +3,10 @@ require File.join(File.dirname(__FILE__), 'spec_helper')
 describe ActsPermissive::Grouping do
 
   before :each do
-    @user = Factory :user
-    @admin = Factory :admin
-    @widget = Factory :widget
-    @thing = Factory :thing
+    @user = FactoryGirl.create :user
+    @admin = FactoryGirl.create :admin
+    @widget = FactoryGirl.create :widget
+    @thing = FactoryGirl.create :thing
     @admin_circle = @admin.build_circle :name => "blah", :objects => [@widget]
     @user_circle = @user.build_circle :name => "yada", :objects => [@thing], :mask => 31
   end

data/spec/permissive_object_spec.rb

@@ -3,10 +3,10 @@ require File.join(File.dirname(__FILE__), 'spec_helper')
 describe ActsPermissive::PermissiveObject do
 
   before :each do
-    @user = Factory :user
-    @admin = Factory :admin
-    @thing = Factory :thing
-    @widget = Factory :widget
+    @user = FactoryGirl.create :user
+    @admin = FactoryGirl.create :admin
+    @thing = FactoryGirl.create :thing
+    @widget = FactoryGirl.create :widget
     @circle = @user.build_circle :objects => [@thing]
   end
 
@@ -40,8 +40,8 @@ describe ActsPermissive::PermissiveObject do
 
     before :each do
       @admin.can!(:admin, :in => @circle)
-      @anne = Factory :user
-      @debbie = Factory :user
+      @anne = FactoryGirl.create :user
+      @debbie = FactoryGirl.create :user
       @anne.can!(:read, :in => @circle)
       @widget.add_to @circle
     end
@@ -76,10 +76,12 @@ describe ActsPermissive::PermissiveObject do
       @thing.all_who_can(:see).include?(@debbie).should be_false
     end
 
-    it "should throw an error when using :see with other permissions" do
+    it "should throw an error when using :see with other permissions"
 
+    it "should throw a warning when using all_who_can" do
+      @thing.should_receive :warn
+      @thing.all_who_can(:write)
     end
-
   end
 
 end

data/spec/permissive_user_spec.rb

@@ -3,10 +3,10 @@ require File.join(File.dirname(__FILE__), 'spec_helper')
 describe ActsPermissive::PermissiveUser do
 
   before :each do
-    @user = Factory :user
-    @admin = Factory :admin
-    @widget = Factory :widget
-    @thing = Factory :thing
+    @user = FactoryGirl.create :user
+    @admin = FactoryGirl.create :admin
+    @widget = FactoryGirl.create :widget
+    @thing = FactoryGirl.create :thing
     @admin_circle = @admin.build_circle :name => "blah", :objects => [@widget]
     @user_circle = @user.build_circle :name => "yada", :objects => [@thing], :mask => 31
   end
@@ -77,10 +77,39 @@ describe ActsPermissive::PermissiveUser do
     end
 
     it "should return false for a user without permissions" do
-      new_user = Factory :user
+      new_user = FactoryGirl.create :user
       new_user.can?(:see => @user_circle).should be_false
       new_user.can?(:read, :in => @user_circle).should be_false
     end
+
+    describe "can methods on objects instead of circles" do
+
+      before :each do
+        @new_user = FactoryGirl.create :user
+        @new_user.can!(:read, :in => @admin_circle)
+      end
+
+      it "should allow using the can? method on a model" do
+        @new_user.can?(:read, @admin_circle.items.first).should be_true
+        @admin_circle.items.each{|i| @new_user.can?(:read, i).should be_true}
+        @admin_circle.items.each{|i| @new_user.can?(:write, i).should be_false}
+      end
+
+      it "should work with work with more than one object, but throw a warning" do
+        @new_user.should_receive(:warn)
+        @new_user.can?(:read, @admin_circle.items.first, @admin_circle.items.last)
+      end
+
+      it "should warn when returning false when no objects or circles are given" do
+        @new_user.should_receive(:warn)
+        @new_user.can?(:read)
+      end
+
+      it "should raise an exception if both circles and objects are given" do
+         lambda { @new_user.can?(:read, @admin_circle.items.first, :in => @admin_circle)}.should raise_error
+      end
+    end
+
   end
 
   describe "permissions methods" do

data/spec/sub_class_spec.rb

@@ -3,10 +3,10 @@ require File.join(File.dirname(__FILE__), 'spec_helper')
 describe SubClass do
 
   before :each do
-    @user = Factory :user
-    @admin = Factory :admin
-    @thing = Factory :thing
-    @widget = Factory :widget
+    @user = FactoryGirl.create :user
+    @admin = FactoryGirl.create :admin
+    @thing = FactoryGirl.create :thing
+    @widget = FactoryGirl.create :widget
   end
 
   describe "class" do
@@ -38,8 +38,8 @@ describe SubClass do
 
   describe "query methods" do
     before :each do
-      @another_thing = Factory :thing
-      @another_widget = Factory :widget
+      @another_thing = FactoryGirl.create :thing
+      @another_widget = FactoryGirl.create :widget
       @uc = @user.build_circle :class => SubClass, :name => "blah", :objects => [@thing, @another_thing]
       @ac = @admin.build_circle :class => SubClass, :name => "yada", :objects => [@widget, @another_widget, @thing]
     end
@@ -50,9 +50,9 @@ describe SubClass do
     end
 
     it "should return the list of users in a circle" do
-      anne = Factory :user
-      debbie = Factory :user
-      frank = Factory :user
+      anne = FactoryGirl.create :user
+      debbie = FactoryGirl.create :user
+      frank = FactoryGirl.create :user
       anne.can!(:read, :in => @uc)
       debbie.can!(:read, :write, :in => @uc)
       frank.can!(:read, :in => @ac)
@@ -75,7 +75,7 @@ describe SubClass do
 
   describe "scopes" do
     before :each do
-      @user = Factory :user
+      @user = FactoryGirl.create :user
       @circles = []
       %w{one two three four five blah yada}.each do |w|
         @circles << @user.build_circle(:class => SubClass, :name => w)
@@ -84,7 +84,7 @@ describe SubClass do
     end
 
     it "should return a list of users" do
-      another_user = Factory :user
+      another_user = FactoryGirl.create :user
       another_user.can!(:read, :in => @circles.first)
       @circles.first.users.include?(@user).should be_true
       @circles.first.users.include?(another_user).should be_true

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: acts_permissive
 version: !ruby/object:Gem::Version
-  version: 0.2.5
+  version: 0.3.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-03-10 00:00:00.000000000 Z
+date: 2012-04-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70330060202220 !ruby/object:Gem::Requirement
+  requirement: &70238536645680 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: 3.1.1
   type: :runtime
   prerelease: false
-  version_requirements: *70330060202220
+  version_requirements: *70238536645680
 - !ruby/object:Gem::Dependency
   name: uuidtools
-  requirement: &70330060201800 !ruby/object:Gem::Requirement
+  requirement: &70238536644760 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70330060201800
+  version_requirements: *70238536644760
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &70330060201340 !ruby/object:Gem::Requirement
+  requirement: &70238536643540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330060201340
+  version_requirements: *70238536643540
 - !ruby/object:Gem::Dependency
   name: sqlite3
-  requirement: &70330060200920 !ruby/object:Gem::Requirement
+  requirement: &70238536642380 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,10 +54,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330060200920
+  version_requirements: *70238536642380
 - !ruby/object:Gem::Dependency
   name: pg
-  requirement: &70330060200500 !ruby/object:Gem::Requirement
+  requirement: &70238536640340 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +65,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330060200500
+  version_requirements: *70238536640340
 - !ruby/object:Gem::Dependency
   name: capybara
-  requirement: &70330060200080 !ruby/object:Gem::Requirement
+  requirement: &70238536655020 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,10 +76,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330060200080
+  version_requirements: *70238536655020
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70330060199660 !ruby/object:Gem::Requirement
+  requirement: &70238536652880 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,21 +87,21 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330060199660
+  version_requirements: *70238536652880
 - !ruby/object:Gem::Dependency
   name: spork
-  requirement: &70330060199160 !ruby/object:Gem::Requirement
+  requirement: &70238536651460 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 0.9.0.rc
+        version: 0.9.0
   type: :development
   prerelease: false
-  version_requirements: *70330060199160
+  version_requirements: *70238536651460
 - !ruby/object:Gem::Dependency
   name: guard-rspec
-  requirement: &70330060198740 !ruby/object:Gem::Requirement
+  requirement: &70238536650340 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -109,10 +109,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330060198740
+  version_requirements: *70238536650340
 - !ruby/object:Gem::Dependency
   name: guard-spork
-  requirement: &70330060198280 !ruby/object:Gem::Requirement
+  requirement: &70238536649120 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -120,10 +120,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330060198280
+  version_requirements: *70238536649120
 - !ruby/object:Gem::Dependency
   name: factory_girl_rails
-  requirement: &70330044178940 !ruby/object:Gem::Requirement
+  requirement: &70238536661520 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -131,10 +131,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330044178940
+  version_requirements: *70238536661520
 - !ruby/object:Gem::Dependency
   name: simplecov
-  requirement: &70330044178380 !ruby/object:Gem::Requirement
+  requirement: &70238536655920 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -142,10 +142,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330044178380
+  version_requirements: *70238536655920
 - !ruby/object:Gem::Dependency
   name: growl
-  requirement: &70330044177940 !ruby/object:Gem::Requirement
+  requirement: &70238536671300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -153,10 +153,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330044177940
+  version_requirements: *70238536671300
 - !ruby/object:Gem::Dependency
   name: fakeweb
-  requirement: &70330044177460 !ruby/object:Gem::Requirement
+  requirement: &70238536669560 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -164,7 +164,18 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70330044177460
+  version_requirements: *70238536669560
+- !ruby/object:Gem::Dependency
+  name: rb-fsevent
+  requirement: &70238536668660 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70238536668660
 description: Allows for arbitrary permissions on arbitrary collections of objects,
   rather than system-wide role based management
 email: