allowance 0.0.1 → 0.0.2

data/.rspec

@@ -0,0 +1 @@
+--color

data/.travis.yml

@@ -0,0 +1,10 @@
+language: ruby
+rvm:
+  - 1.8.7
+  - 1.9.2
+  - 1.9.3
+  - jruby-18mode # JRuby in 1.9 mode
+  - rbx-18mode
+  - jruby-19mode # JRuby in 1.9 mode
+  - rbx-19mode
+script: bundle exec rake

data/.watchr

@@ -0,0 +1,15 @@
+def run(cmd, msg = nil)
+  puts "=== %s" % msg if msg
+  puts "=== %s" % cmd
+  system cmd
+  puts "\n"
+end
+
+watch("spec/.*_spec\.rb") { |m| run("bundle exec rspec %s" % m[0]) }
+watch("lib/allowance/(.*)\.rb") { |m| run("bundle exec rspec spec/%s_spec.rb" % m[1]) }
+watch('^spec/(spec_helper|factories)\.rb') { |f| run "bundle exec rake spec", "%s.rb has been modified" % f }
+
+# Ctrl-\
+Signal.trap('QUIT')   { run("bundle exec rake spec") }
+# Ctrl-C
+Signal.trap('INT')    { abort("\nQuitting.") }

data/allowance.gemspec

@@ -15,5 +15,7 @@ Gem::Specification.new do |gem|
   gem.require_paths = ["lib"]
   gem.version       = Allowance::VERSION
 
+  gem.add_development_dependency 'rake'
   gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'watchr'
 end

data/lib/allowance/permissions.rb

@@ -1,41 +1,40 @@
 module Allowance
   class Permissions
-    def initialize(context, &blk)
+    def initialize(context = nil, &blk)
       @permissions = {}
       @context = context
       instance_exec(context, &blk)
     end
 
-    def can?(*args)
-      if ![Symbol, Class].include?(args.last.class)
-        thing = args.pop
-        args.push(thing.class)
-      end
+    def can?(verb, object = nil)
+      return true if @permissions[[verb, object]]
 
-      if (p = find_permission(*args)).present?
-        thing ? scoped_model(*args).find(:first, conditions: { id: thing.id }).present? : true
-      else
-        false
+      # If object is a resource instance, try its class
+      if object.class.respond_to?(:find)
+        if can?(verb, object.class)
+          # See if the object is part of the defined scope
+          return !scoped_model(verb, object.class).
+            find(:first, :conditions => { :id => object.id }).nil?
+        end
       end
-    end
 
-    def can(*args)
-      options = args.pop if args.last.is_a?(Hash) || args.last.is_a?(Proc)
-      object  = args.pop unless args.last.is_a?(Symbol)
+      false
+    end
 
-      expand_permissions(args).each do |verb|
-        permissions[permission_identifier(verb, object)] ||= options || true
+    def can(verbs, objects = nil, scope = true, &blk)
+      expand_permissions(verbs).each do |verb|
+        [objects].flatten.each do |object|
+          @permissions[[verb, object]] = scope  # TODO: add blk, too
+        end
       end
     end
 
-    def scoped_model(*args)
-      model = args.last  # TODO: check that model is a class
-
-      if p = find_permission(*args)
+    def scoped_model(verb, model)
+      if p = @permissions[[verb, model]]
         if p.is_a?(Hash)
           model.where(p)
         elsif p.is_a?(Proc)
-          (p.arity == 0 ? model.instance_exec(&p) : model.call(r))
+          model.instance_exec(&p)
         else
           model
         end
@@ -44,17 +43,6 @@ module Allowance
       end
     end
 
-    def find_permission(*args)
-      object  = args.pop unless args.last.is_a?(Symbol)
-
-      args.flatten.each do |verb|
-        if p = permissions[permission_identifier(verb, object)]
-          return p
-        end
-      end
-      nil
-    end
-
   private
 
     def expand_permissions(*permissions)
@@ -66,12 +54,5 @@ module Allowance
         end
       end.flatten
     end
-
-    def permission_identifier(verb, object)
-      raise "Can't use enumerables as verbs" if verb.is_a?(Enumerable)
-      [verb.to_sym, object].compact
-    end
-
-    attr_reader :permissions
   end
 end

data/lib/allowance/version.rb

@@ -1,3 +1,3 @@
 module Allowance
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/spec/permissions_spec.rb

@@ -1,4 +1,87 @@
 require 'spec_helper'
 
-describe Allowance::Permissions do
+module Allowance
+  describe Permissions do
+    SomeClass = Class.new
+    SomeOtherClass = Class.new
+
+    it "should allow simple permissions to be specified" do
+      p = Permissions.new do
+        can :moo
+      end
+
+      insist p.can?(:moo)
+      refuse p.can?(:quack)
+    end
+
+    it "should allow verbs and objects" do
+      p = Permissions.new do
+        can :update, SomeClass
+      end
+
+      insist p.can?(:update, SomeClass)
+      refuse p.can?(:destroy, SomeClass)
+      refuse p.can?(:update, SomeOtherClass)
+    end
+
+    it "should run the permission definition block against the provided context" do
+      skills = mock(:singing => :good)
+
+      p = Permissions.new(skills) do |skills|
+        can :sing if skills.singing == :good
+      end
+
+      insist p.can? :sing
+    end
+
+    it "should expand :view to include :index and :show" do
+      p = Permissions.new do
+        can :view, SomeClass
+      end
+
+      insist p.can?(:view, SomeClass)
+      insist p.can?(:index, SomeClass)
+      insist p.can?(:show, SomeClass)
+    end
+
+    it "should verify permissions against model instances" do
+      model_class = Class.new
+      model_class.should_receive(:some_scope).and_return(model_class)
+
+      model_instance = model_class.new
+      model_instance.stub!(:id => 123)
+
+      model_class.should_receive(:find).and_return(model_instance)
+
+      p = Permissions.new do
+        can :view, model_class, lambda { some_scope }
+      end
+
+      insist p.can?(:view, model_instance)
+    end
+
+    describe "#scoped_model" do
+      it "should allow scopes to be defined through lambdas" do
+        model = mock
+        model.should_receive(:some_scope).and_return(scoped_model = mock)
+
+        p = Permissions.new do
+          can :view, model, lambda { some_scope }
+        end
+
+        p.scoped_model(:view, model).should == scoped_model
+      end
+
+      it "should allow scopes to be defined through where conditions" do
+        model = mock
+        model.should_receive(:where).with(:awesome => true).and_return(scoped_model = mock)
+
+        p = Permissions.new do
+          can :view, model, :awesome => true
+        end
+
+        p.scoped_model(:view, model).should == scoped_model
+      end
+    end
+  end
 end

data/spec/spec_helper.rb

@@ -3,3 +3,11 @@ lib_path = File.expand_path("#{SPEC_DIR}/../lib")
 $LOAD_PATH.unshift lib_path unless $LOAD_PATH.include?(lib_path)
 
 require 'allowance'
+
+def insist(what)
+  what.should == true
+end
+
+def refuse(what)
+  what.should == false
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: allowance
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -11,9 +11,31 @@ bindir: bin
 cert_chain: []
 date: 2012-05-27 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &70146150823900 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70146150823900
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70332184433920 !ruby/object:Gem::Requirement
+  requirement: &70146150819460 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70146150819460
+- !ruby/object:Gem::Dependency
+  name: watchr
+  requirement: &70146150838720 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,7 +43,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70332184433920
+  version_requirements: *70146150838720
 description: A generic, but decidedly awesome authorization control layer.
 email:
 - hendrik@mans.de
@@ -30,6 +52,9 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .rspec
+- .travis.yml
+- .watchr
 - Gemfile
 - LICENSE
 - README.md