aegis 2.2.0 → 2.3.0

data/README.rdoc

@@ -64,6 +64,7 @@ There is an awesome {documentation wiki}[http://wiki.github.com/makandra/aegis/]
 * {Handling denied permissions in your controllers}[http://wiki.github.com/makandra/aegis/handling-denied-permissions-in-your-controllers]
 * {Changing behavior when a permission is undefined}[http://wiki.github.com/makandra/aegis/changing-behavior-when-a-permission-is-undefined]
 * {Multiple roles per user}[http://wiki.github.com/makandra/aegis/multiple-roles-per-user]
+* {Testing permissions}[http://wiki.github.com/makandra/aegis/testing-permissions]
 * {Upgrading to Aegis 2}[http://wiki.github.com/makandra/aegis/upgrading-to-aegis-2]
 
 

data/VERSION

@@ -1 +1 @@
-2.2.0
+2.3.0

data/aegis.gemspec

@@ -1,15 +1,15 @@
 # Generated by jeweler
-# DO NOT EDIT THIS FILE
-# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
   s.name = %q{aegis}
-  s.version = "2.2.0"
+  s.version = "2.3.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Henning Koch", "Tobias Kraze"]
-  s.date = %q{2010-08-13}
+  s.date = %q{2010-09-01}
   s.description = %q{Aegis is an authorization solution for Ruby on Rails that supports roles and a RESTish, resource-style declaration of permission rules.}
   s.email = %q{henning.koch@makandra.de}
   s.extra_rdoc_files = [
@@ -34,9 +34,15 @@ Gem::Specification.new do |s|
      "lib/aegis/role.rb",
      "lib/aegis/sieve.rb",
      "lib/aegis/spec.rb",
+     "lib/aegis/spec/matchers.rb",
      "lib/rails/action_controller.rb",
      "lib/rails/active_record.rb",
-     "spec/action_controller_spec.rb",
+     "spec/aegis/action_controller_spec.rb",
+     "spec/aegis/has_role_spec.rb",
+     "spec/aegis/loader_spec.rb",
+     "spec/aegis/permissions_spec.rb",
+     "spec/aegis/sieve_spec.rb",
+     "spec/aegis/spec/matchers_spec.rb",
      "spec/app_root/app/controllers/application_controller.rb",
      "spec/app_root/app/controllers/reviews_controller.rb",
      "spec/app_root/app/controllers/songs_controller.rb",
@@ -60,11 +66,7 @@ Gem::Specification.new do |s|
      "spec/app_root/log/.gitignore",
      "spec/app_root/script/console",
      "spec/controllers/reviews_controller_spec.rb",
-     "spec/has_role_spec.rb",
-     "spec/loader_spec.rb",
-     "spec/permissions_spec.rb",
      "spec/rcov.opts",
-     "spec/sieve_spec.rb",
      "spec/spec.opts",
      "spec/spec_helper.rb"
   ]
@@ -93,13 +95,14 @@ Gem::Specification.new do |s|
      "spec/app_root/db/migrate/002_create_properties.rb",
      "spec/app_root/db/migrate/003_create_reviews.rb",
      "spec/app_root/lib/console_with_fixtures.rb",
-     "spec/action_controller_spec.rb",
      "spec/controllers/reviews_controller_spec.rb",
      "spec/spec_helper.rb",
-     "spec/loader_spec.rb",
-     "spec/has_role_spec.rb",
-     "spec/permissions_spec.rb",
-     "spec/sieve_spec.rb"
+     "spec/aegis/action_controller_spec.rb",
+     "spec/aegis/has_role_spec.rb",
+     "spec/aegis/loader_spec.rb",
+     "spec/aegis/permissions_spec.rb",
+     "spec/aegis/sieve_spec.rb",
+     "spec/aegis/spec/matchers_spec.rb"
   ]
 
   if s.respond_to? :specification_version then
@@ -112,3 +115,4 @@ Gem::Specification.new do |s|
   else
   end
 end
+

data/lib/aegis/spec/matchers.rb

@@ -0,0 +1,63 @@
+module Aegis
+  module Spec
+    module Matchers
+
+      class CheckPermissions
+
+        def initialize(expected_resource, expected_options = {})
+          @expected_resource = expected_resource
+          @expected_options = expected_options
+        end
+
+        def matches?(controller)
+          @controller_class = controller.class
+          @actual_resource = @controller_class.instance_variable_get('@aegis_permissions_resource')
+          @actual_options = @controller_class.instance_variable_get('@aegis_permissions_options')
+          @actual_resource == @expected_resource && @actual_options == @expected_options
+        end
+
+        def failure_message
+          if @actual_resource != @expected_resource
+            "expected #{@controller_class} to check permissions against resource #{@expected_resource.inspect}, but it checked against #{@actual_resource.inspect}"
+          else
+            "expected #{@controller_class} to check permissions with options #{@expected_options.inspect}, but options were #{@actual_options.inspect}"
+          end
+        end
+
+        def negative_failure_message
+          if @actual_resource == @expected_resource
+            "expected #{@controller_class} to not check permissions against resource #{@expected_resource.inspect}"
+          else
+            "expected #{@controller_class} to not check permissions with options #{@expected_options.inspect}"
+          end
+        end
+
+        def description
+          description = "check permissions against resource #{@expected_resource.inspect}"
+          description << " with options #{@expected_options.inspect}" if @expected_options.any?
+          description
+        end
+
+      end
+
+      def check_permissions(*args)
+        CheckPermissions.new(*args)
+      end
+
+      def be_allowed_to(*args)
+        simple_matcher do |user, matcher|
+          action, *action_args = args
+          target = action.to_s + (action_args.present? ? " given #{action_args.inspect}" : "")
+          matcher.description = "be allowed to " + target
+          matcher.failure_message = "expected #{user.inspect} to be allowed to #{target}"
+          matcher.negative_failure_message = "expected #{user.inspect} to be denied to #{target}"
+          user.send("may_#{action}?", *action_args)
+        end
+      end
+
+    end
+  end
+end
+
+ActiveSupport::TestCase.send :include, Aegis::Spec::Matchers
+

data/lib/aegis/spec.rb

@@ -1,86 +1,4 @@
-module Aegis
-  module Matchers
+# Support aegis/spec for old code.
+# Maybe remove this some day.
+require 'aegis/spec/matchers'
 
-    class CheckPermissions
-
-      def initialize(expected_resource, expected_options = {})
-        @expected_resource = expected_resource
-        @expected_options = expected_options
-      end
-
-      def matches?(controller)
-        @controller_class = controller.class
-        @actual_resource = @controller_class.instance_variable_get('@aegis_permissions_resource')
-        @actual_options = @controller_class.instance_variable_get('@aegis_permissions_options')
-        @actual_resource == @expected_resource && @actual_options == @expected_options
-      end
-
-      def failure_message
-        if @actual_resource != @expected_resource
-          "expected #{@controller_class} to check permissions against resource #{@expected_resource.inspect}, but it checked against #{@actual_resource.inspect}"
-        else
-          "expected #{@controller_class} to check permissions with options #{@expected_options.inspect}, but options were #{@actual_options.inspect}"
-        end
-      end
-
-      def negative_failure_message
-        if @actual_resource == @expected_resource
-          "expected #{@controller_class} to not check permissions against resource #{@expected_resource.inspect}"
-        else
-          "expected #{@controller_class} to not check permissions with options #{@expected_options.inspect}"
-        end
-      end
-
-      def description
-        description = "check permissions against resource #{@expected_resource.inspect}"
-        description << " with options #{@expected_options.inspect}" if @expected_options.any?
-        description
-      end
-
-    end
-
-    def check_permissions(*args)
-      CheckPermissions.new(*args)
-    end
-
-  end
-end
-
-
-ActiveSupport::TestCase.send :include, Aegis::Matchers
-
-#Spec::Rails::Example::ControllerExampleGroup.extend Aegis::ControllerSpecMacros
-
-
-#  def it_should_allow_access_for(*allowed_roles, &block)
-#
-#    denied_roles = Permissions.roles.collect(&:name) - allowed_roles
-#
-#    describe 'permissions' do
-#
-#      before :each do
-#        sign_out
-#      end
-#
-#      it "should deny access when no user is signed in" do
-#        expect { instance_eval(&block) }.to raise_error(Aegis::AccessDenied)
-#      end
-#
-#      allowed_roles.each do |role|
-#        it "should allow access for an authenticated #{role}" do
-#          sign_in User.new(:role_name => role)
-#          expect { instance_eval(&block) }.to_not raise_error
-#          response.code.should == '200'
-#        end
-#      end
-#
-#      denied_roles.each do |role|
-#        it "should deny access for an authenticated #{role}" do
-#          sign_in User.new(:role_name => role)
-#          expect { instance_eval(&block) }.to raise_error(Aegis::AccessDenied)
-#        end
-#      end
-#
-#    end
-#
-#  end

data/spec/{action_controller_spec.rb → aegis/action_controller_spec.rb}

@@ -1,6 +1,6 @@
-require File.dirname(__FILE__) + "/spec_helper"
+require "spec_helper"
 
-describe 'Aegis::ActionController' do
+describe Aegis::ActionController do
 
   before(:each) do
 

data/spec/{has_role_spec.rb → aegis/has_role_spec.rb}

@@ -1,4 +1,4 @@
-require File.dirname(__FILE__) + "/spec_helper"
+require "spec_helper"
 
 describe Aegis::HasRole do
 

data/spec/{loader_spec.rb → aegis/loader_spec.rb}

@@ -1,4 +1,4 @@
-require File.dirname(__FILE__) + "/spec_helper"
+require "spec_helper"
 
 describe Aegis::Loader do
 

data/spec/{permissions_spec.rb → aegis/permissions_spec.rb}

@@ -1,4 +1,4 @@
-require File.dirname(__FILE__) + "/spec_helper"
+require "spec_helper"
 
 describe Aegis::Permissions do
 

data/spec/{sieve_spec.rb → aegis/sieve_spec.rb}

@@ -1,4 +1,4 @@
-require File.dirname(__FILE__) + "/spec_helper"
+require "spec_helper"
 
 describe Aegis::Sieve do
 

data/spec/aegis/spec/matchers_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe Aegis::Spec::Matchers do
+
+  describe 'be_allowed_to' do
+
+    before(:each) do
+
+      permissions = @permissions = Class.new(Aegis::Permissions) do
+        role :user
+        resources :files do
+          allow :user do
+            object == 'allowed-file'
+          end
+        end
+      end
+
+      @user_class = Class.new(ActiveRecord::Base) do
+        set_table_name 'users'
+        has_role :permissions => permissions
+      end
+
+      @user = @user_class.new(:role_name => 'user')
+
+    end
+
+    it 'should match the positive case' do
+      @user.should be_allowed_to(:update_file, 'allowed-file')
+    end
+
+    it 'should match the negative case' do
+      @user.should_not be_allowed_to(:update_file, 'denied-file')
+    end
+
+  end
+
+  describe 'check_permissions' do
+
+    before(:each) do
+      @controller = Class.new(ActionController::Base) do
+        permissions :post
+      end.new
+    end
+
+    it 'should match the positive case' do
+      @controller.should check_permissions(:post)
+    end
+
+    it 'should match the negative case' do
+      @controller.should_not check_permissions(:reviews)
+    end
+
+  end
+
+end

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 2
-  - 2
+  - 3
   - 0
-  version: 2.2.0
+  version: 2.3.0
 platform: ruby
 authors: 
 - Henning Koch
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-08-13 00:00:00 +02:00
+date: 2010-09-01 00:00:00 +02:00
 default_executable: 
 dependencies: []
 
@@ -46,9 +46,15 @@ files:
 - lib/aegis/role.rb
 - lib/aegis/sieve.rb
 - lib/aegis/spec.rb
+- lib/aegis/spec/matchers.rb
 - lib/rails/action_controller.rb
 - lib/rails/active_record.rb
-- spec/action_controller_spec.rb
+- spec/aegis/action_controller_spec.rb
+- spec/aegis/has_role_spec.rb
+- spec/aegis/loader_spec.rb
+- spec/aegis/permissions_spec.rb
+- spec/aegis/sieve_spec.rb
+- spec/aegis/spec/matchers_spec.rb
 - spec/app_root/app/controllers/application_controller.rb
 - spec/app_root/app/controllers/reviews_controller.rb
 - spec/app_root/app/controllers/songs_controller.rb
@@ -72,11 +78,7 @@ files:
 - spec/app_root/log/.gitignore
 - spec/app_root/script/console
 - spec/controllers/reviews_controller_spec.rb
-- spec/has_role_spec.rb
-- spec/loader_spec.rb
-- spec/permissions_spec.rb
 - spec/rcov.opts
-- spec/sieve_spec.rb
 - spec/spec.opts
 - spec/spec_helper.rb
 has_rdoc: true
@@ -129,10 +131,11 @@ test_files:
 - spec/app_root/db/migrate/002_create_properties.rb
 - spec/app_root/db/migrate/003_create_reviews.rb
 - spec/app_root/lib/console_with_fixtures.rb
-- spec/action_controller_spec.rb
 - spec/controllers/reviews_controller_spec.rb
 - spec/spec_helper.rb
-- spec/loader_spec.rb
-- spec/has_role_spec.rb
-- spec/permissions_spec.rb
-- spec/sieve_spec.rb
+- spec/aegis/action_controller_spec.rb
+- spec/aegis/has_role_spec.rb
+- spec/aegis/loader_spec.rb
+- spec/aegis/permissions_spec.rb
+- spec/aegis/sieve_spec.rb
+- spec/aegis/spec/matchers_spec.rb