allowance 0.1.1 → 0.2.0

data/.travis.yml

@@ -1,10 +1,7 @@
 language: ruby
 rvm:
-  - 1.8.7
   - 1.9.2
   - 1.9.3
-  - jruby-18mode # JRuby in 1.9 mode
-  - rbx-18mode
-  - jruby-19mode # JRuby in 1.9 mode
-  - rbx-19mode
+  # - jruby-19mode # JRuby in 1.9 mode
+  # - rbx-19mode
 script: bundle exec rake

data/CHANGES.md

@@ -0,0 +1,10 @@
+## 0.2.0 (in development)
+
+* A complete refactoring to make things slimmer, leaner and meaner.
+* Moved all functionality into the `Allowance::Subject` mixin.
+* ActiveRecord integration.
+* Better specs!
+
+## 0.1.1 (2012-05-29)
+
+* Initial release, an extraction from [happy](https://github.com/hmans/happy)

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Hendrik Mans <hendrik@mans.de>
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -2,227 +2,216 @@
 
 **Allowance is a general-use permission management library for Ruby.
 It's decidedly simple, highly flexible, and has out-of-the-box support
-for ActiveModel-compliant classes.**
+for ActiveRecord models.**
 
-It was inspired by Ryan Bates' fantastic Rails authorization plugin [cancan](https://github.com/ryanb/cancan) and, unlike most other gems
-of its kind, is not bound to a specific framework.
+Key features are:
 
-A simple Example:
+* Works great in any Ruby project, not just Rails.
+* It loves ActiveRecord scopes.
+* Very little code (under 100 lines).
 
-``` ruby
-p = Allowance.define do |can|
-  # Allow logging in
-  can.login!
+Allowance was inspired by Ryan Bates' fantastic Rails authorization plugin [CanCan](https://github.com/ryanb/cancan).
 
-  # Allow creating new Article instances
-  can.create! Article
+### A simple example:
 
-  # Allow the user to edit Article instances that belong to him
-  can.edit! Article, :author_id => current_user.id
+~~~ ruby
+class User < ActiveRecord::Base
+  include Allowance::Subject
 
-  # Allow viewing all Article instances that are published or the user's
-  can.read! Article, ['published = ? OR author_id = ?', true, current_user.id]
-end
-```
-
-Allowance parses these permission definitions and stores them in the object the
-`Allowance.define` call returns. It is now up to you to query that object where
-necessary. Some examples:
+  def define_permissions
+    # every user can see all other users
+    allow :read, User
 
-``` ruby
-p.login?            # true
-p.create? Article   # true
-p.read? @article    # true or false, depending on state of @article
-```
+    # every user can see all published posts
+    allow :read, Post, Post.published
 
-You can use the same object to provide you with correctly scoped models, too:
+    # users can edit/delete their own posts
+    allow :manage, Post, user_id: id
 
-``` ruby
-p.scoped_model(:view, Article).all
-# -> Article.where(['published = ? OR author_id = ?', true, current_user.id]).all
-```
+    if admin?
+      # admins can edit/delete all posts
+      allow :manage, Post
+    end
+  end
+end
+~~~
 
 
 
 ## Installation
 
-### Requirements
+Simply add `allowance` to your project's `Gemfile` or install it through `gem install allowance`.
 
-Allowance should work fine with Ruby 1.8.7, 1.9.2, 1.9.3 and respective JRuby versions. Please consult Allowance's [Travis status page](http://travis-ci.org/hmans/allowance) for details.
+It should work fine with Ruby 1.9.2, 1.9.3 and respective JRuby versions. Please consult Allowance's [Travis status page](http://travis-ci.org/hmans/allowance) for details.
 
 [![Build Status](https://secure.travis-ci.org/hmans/allowance.png?branch=master)](http://travis-ci.org/hmans/allowance)
 
-### Installing through Bundler
-
-Well, you've done this before, haven't you? Just add the `allowance` gem to your project's Gemfile:
-
-``` ruby
-gem 'allowance'
-```
-
-### Installing without Bundler
-
-Install using RubyGems:
-
-```
-gem install allowance
-```
-
-Then require it in your code:
-
-```
-require 'rubygems'
-require 'allowance'
-```
-
 
 ## Usage
 
 ### Defining permissions
 
-Use `Allowance.define` to create a new permissions object, then use its `allow!` or `can!`
-methods to add permissions:
+Allowance generally thinks in terms of "subject", "verb" and, optionally, "object". For example, a _user_ (the subject) may be allowed to _edit_ (the verb) a _post_ (the object). The object may be optional; for example, a _user_ may be able to _login_, and so on.
 
-``` ruby
-p = Allowance.define
-p.allow! :sing
-```
+So, first of all, your application will need a subject. A subject can be any class that's using the `Allowance::Subject` mixin. In most applications, this will be your `User` class:
 
-Instead of using `allow!` or `can!`, you can just name the permission directly:
+~~~ ruby
+class User
+  include Allowance::Subject
+end
+~~~
 
-``` ruby
-p.sing!
-```
+Instances of this class can now be configured with permissions using the `#allow` method:
 
-You can also specify permissions as a block:
+~~~ ruby
+@user.allow :read, Post
+@user.allow :manage, Post, user_id: @user.id
+~~~
 
-``` ruby
-p = Allowance.define do |allow|
-  allow.sing!
-end
-```
+These permissions can be queried using the `#allowed?` method:
 
-### Querying permissions
+~~~ ruby
+if @user.allowed?(:destroy, @post)
+  @post.destroy
+end
+~~~
 
-Similar to how you define permissions, you can use the `allowed?` or `can?` methods, or
-query permissions directly by name. The following two lines are equivalent:
+Since you'll usually want permissions to be defined automatically when a subject instance is created, you can simply add a `#define_permissions` method that will get executed automatically:
 
-``` ruby
-p.allowed? :sing
-p.can? :sing
-p.sing?
-```
+~~~ ruby
+class User
+  include Allowance::Subject
 
-### One-dimensional permissions
+  def define_permissions
+    allow :read, Post
+    allow :manage, Post, user_id: id
+  end
+end
+~~~
 
-Allowance lets you define simple, one-dimenstional permissions like this:
 
-``` ruby
-p = Allowance.define do |allow|
-  allow.sing!
-  allow.play!
-  allow.dance! if current_user.can_dance?
-end
-```
+### Using Allowance with Rails
 
-### Two-dimensional permissions
+Most of you will be using Allowance within a Rails application. Allowance gives you a lot of flexibility as to how to plug it into your app, but the most straight forward way goes as follows.
 
-Most of the time, you will be using two-dimensional permissions, consisting of a
-_verb_ and an _object_, with the object typically being some kind of model class.
-For example:
+First of all, add the `Allowance::Subject` mixin to your `User` class and create a `define_permissions` method:
 
-``` ruby
-p = Allowance.define do |allow|
-  allow.view! Article
+~~~ ruby
+class User < ActiveRecord::Base
+  include Allowance::Subject
 
-  if current_user.is_admin?
-    allow.edit! Article
+  def define_permissions
+    allow :read, Post
+    allow :manage, Post, user_id: id
   end
 end
-```
+~~~
+
+Now, assuming your application has a `current_user` controller and helper method, you can use `current_user.allowed?` to query the currently logged in user's permissions. The code for this could look like this:
+
+~~~ ruby
+class ApplicationController < ActionController::Base
+  # Set up the current user. In this example, if a currently logged in
+  # user could not be found, we're creating (but not saving) a new
+  # instance representing a "guest" user.
+  # 
+  def current_user
+    @current_user ||= load_current_user || User.new
+  end
 
-When querying for permissions, just pass an object as an additional parameter:
+  # Make it available to your views, too.
+  #
+  helper_method :current_user
 
-``` ruby
-p.edit? Article
-```
+  # Load the currently logged in user. This is just one of the many
+  # ways of doing it, so this may look different in your app.
+  #
+  def load_current_user
+    User.find(session[:current_user_id]) if session[:current_user_id]
+  end
+end
+~~~  
 
-When you pass a class instance (instead of a class), Allowance will check for
-the permission defined for its class, so the following will work, too:
+All this is just a suggestion -- there are many ways of setting this up. If you're used to how CanCan does it, you could set up a separate, abstract permissions class using the `Allowance::Subject` mixin, create an instance in a `before_filter` and use that instead.
 
-``` ruby
-p.edit? @article
-```
 
-Allowance will even allow you to define permissions in specific objects -- this is not recommended, though, since permission objects defined through Allowance only exist in memory; if you need to control permissions on individual model objects, you'll be better off with another authorization library, ideally one that stores its permissions in your datastore.
+### Working with ActiveRecord scopes
 
+When defining permissions on ActiveRecord models, you can provide an optional scope as a third parameter, either as a hash of conditions, a lambda, or an actual ActiveRecord scope. Here's a couple of examples:
 
-### Defining model scopes
+~~~ ruby
+# Can read all posts
+allow :read, Post
 
-For classes implementing ActiveModel (eg. ActiveRecord, Mongoid and others), Allowance allows you to restrict certain permissions to specific scopes. For example, if, in  a web application, a user should only be able to see articles that have been published, but admin users can see everything, you can define the permissions like this:
+# Can only read posts I've created
+allow :read, Post, user_id: self.id
 
-``` ruby
-p = Allowance.define do |allow|
-  allow.view! Article, :published => true
+# Can only read published posts
+allow :read, Post, Post.published
 
-  if current_user.is_admin?
-    allow.view! Article
-  end
-end
-```
+# You can also provide strings...
+allow :read, Post, "published_at IS NOT NULL"
 
-You can see here that when a specific permission (for a _verb_ and _object_ combination) is defined more than once, the last definition will overwrite all those that came before it.
+# ...or lambdas:
+allow :read, Post, ->(p) { p.where("published_at < ?", 2.weeks.ago) }
+~~~
 
-In the example above, we defined the scope as a so-called "where conditions hash", ie. a hash passed to the model class' `.where` method. Since the hash notation assumes a logical AND and isn't all that flexible overall, you can also use the same string/array syntax you know from ActiveModel:
+When checking permissions against a model instance, Allowance will check if it's part of the allowed scope:
 
-``` ruby
-p.view! Article, ['published = ? OR user_id = ?', true, current_user.id]
-```
+~~~ ruby
+# This will look up whatever scope is permitted for :read actions
+# on Post and will check whether the provided instance is inside
+# that scope (by running `scope.exists?(instance)`).
 
-Lastly, you're encouraged to re-use scopes defined on the model class. Just define your scope using a lambda:
+allowed?(:read, @post)
+~~~
 
-``` ruby
-p.view! Article, lambda { |r| r.viewable_by(current_user) }
-```
+In addition to that, the subject provides a method called `#allowed_scope` that returns the scope that is allowed for a certain verb and class:
 
-Not only can use check permissions against those scopes, but you can also use the `#scoped_model` method to retreive a correctly scoped model according to its previous scope definition. For example:
+~~~ ruby
+@posts = current_user.allowed_scope(Post, :read)
+~~~
 
-``` ruby
-@articles = p.scoped_model(:view, Article).order('created_at DESC').all
-```
+Allowance also add a similar class method to your ActiveRecord classes, so the following will work, too:
 
-### Defining contextual permissions
+~~~ ruby
+@posts = Post.allowed(current_user, :read)
+~~~
 
-Since permissions are just Ruby code, you can use all your favorite language
-constructs when defining permissions. For example, in a web application
-providing a `current_user` method, you can do the following:
+This becomes handy in Rails controllers:
 
-``` ruby
-permissions = Allowance.define do |allow|
-  allow.read! Article
+~~~ ruby
+class PostsController < ApplicationController
+  def index
+    @posts = Post.allowed(current_user, :index).all
+    respond_with @posts
+  end
 
-  if current_user.is_admin?
-    allow.destroy! Article
+  def show
+    @post = Post.allowed(current_user, :show).find(params[:id])
+    respond_with @post
   end
+
+  # ...and so on.
 end
-```
+~~~
 
-You can then query this permission like you'd expect:
 
-``` ruby
-@article = Article.find(params[:id])
-if permissions.destroy? @article
-  @article.destroy
-else
-  raise "You're not allowed to do this"
-end
-```
+### Verb expansion
+
+Just like its big role model CanCan, Allowance automatically expands the `create`, `read`, `update` and `manage` verbs to include the common RESTful Rails controller action names:
+
+* `create` is expanded into `create` and `new`
+* `read` is expanded into `read`, `index` and `show`
+* `update` is expanded into `update` and `edit`
+* `manage` is expanded into `manage`, `index`, `show`, `new`, `create`, `edit`, `update` and `destroy`
+
 
 ## Contributing
 
 I'm looking forward to seeing your Pull Requests. However, please be aware that,
 like with pretty much all other projects I'm maintaining, I'm trying to keep it
-as small as possible, so I'm going to be somewhat picky about which pull
+as sharp and small as possible, so I'm going to be somewhat picky about which pull
 requests to accept. If you're adding new features, I recommed you check back
 with me first in order to avoid disappointment.
 

data/lib/allowance.rb

@@ -1,8 +1,9 @@
+module Allowance
+end
+
 require 'allowance/version'
-require 'allowance/permissions'
+require 'allowance/subject'
 
-module Allowance
-  def self.define(&blk)
-    Permissions.new(&blk)
-  end
+if defined?(ActiveRecord)
+  require 'allowance/activerecord_ext'
 end

data/lib/allowance/activerecord_ext.rb

@@ -0,0 +1,15 @@
+module Allowance
+  module ActiveRecordExtensions
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+      def allowed(subject, verb = nil)
+        subject.allowed_scope(self, verb)
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.send(:include, Allowance::ActiveRecordExtensions)

data/lib/allowance/subject.rb

@@ -0,0 +1,70 @@
+module Allowance
+  module Subject
+    def permissions
+      unless @permissions_defined
+        define_permissions
+        @permissions_defined = true
+      end
+
+      @permissions || {}
+    end
+
+    def define_permissions
+      # TODO: log a warning that the subject's define_permissions needs
+      #       to be overloaded.
+    end
+
+    def allowed?(verb, object = nil)
+      # Allow access if there is a direct match in permissions.
+      return true if permissions[[verb, object]]
+
+      # If object is a resource instance, try its class.
+      if object.class.respond_to?(:model_name)
+        if allowed?(verb, object.class)
+          # See if the object is part of the defined scope.
+          return allowed_scope(object.class, verb).exists?(object)
+        end
+      end
+
+      # Once we get here, access can't be granted.
+      false
+    end
+
+    def allow(verbs, objects = nil, scope = true)
+      expand_permissions(verbs).each do |verb|
+        [objects].flatten.each do |object|
+          @permissions ||= {}
+          @permissions[[verb, object]] = scope
+        end
+      end
+    end
+
+    def allowed_scope(model, verb = nil)
+      verb ||= :read
+
+      if p = permissions[[verb, model]]
+        case p
+          when Hash, String, Array then model.where(p)
+          when Proc then p.call(model)
+          else model.scoped
+        end
+      else
+        model.where('1=0')   # TODO: replace this with .none once available
+      end
+    end
+
+  private
+
+    def expand_permissions(*perms)
+      perms.flatten.map do |p|
+        case p
+          when :manage then [:manage, :index, :show, :new, :create, :edit, :update, :destroy]
+          when :create then [:create, :new]
+          when :read   then [:read, :index, :show]
+          when :update then [:update, :edit]
+          else p
+        end
+      end.flatten
+    end
+  end
+end

data/lib/allowance/version.rb

@@ -1,3 +1,3 @@
 module Allowance
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/spec/activerecord_ext_spec.rb

@@ -0,0 +1,7 @@
+require 'spec_helper'
+
+describe 'ActiveRecord extensions' do
+  describe '#allowed' do
+    pending
+  end
+end

data/spec/subject_spec.rb

@@ -0,0 +1,96 @@
+require 'spec_helper'
+
+describe "a class with the Allowance::Subject mixin" do
+  let(:some_class) { Class.new }
+  let(:some_other_class) { Class.new }
+
+  subject do
+    Class.new do
+      include Allowance::Subject
+    end.new
+  end
+
+  it "has an #allow method that allows setting of permissions" do
+    subject.allow :read
+    insist subject.allowed? :read
+    refuse subject.allowed? :manage
+  end
+
+  it "automatically runs the #define_permissions method" do
+    subject.class.class_eval do
+      def define_permissions
+        allow :manage
+      end
+    end
+
+    insist subject.allowed? :manage
+  end
+
+  it "supports verbs and objects" do
+    subject.allow :update, some_class
+
+    insist subject.allowed? :update,  some_class
+    refuse subject.allowed? :destroy, some_class
+    refuse subject.allowed? :update,  some_other_class
+  end
+
+  describe 'verb expansion' do
+    it "expands :read to include :index and :show" do
+      subject.allow :read, some_class
+
+      insist subject.allowed? :read, some_class
+      insist subject.allowed? :index, some_class
+      insist subject.allowed? :show, some_class
+    end
+  end
+
+  it "should verify permissions against model instances" do
+    model_class = Class.new
+    model_class.stub(model_name: 'Model')
+    model_class.should_receive(:some_scope).and_return(model_class)
+
+    model_instance = model_class.new
+    model_instance.stub!(:id => 123)
+
+    model_class.should_receive(:exists?).with(model_instance).and_return(true)
+
+    subject.allow :read, model_class, lambda { |r| r.some_scope }
+
+    insist subject.allowed? :read, model_instance
+  end
+
+  describe "#allowed_scope" do
+    let(:model) { double }
+    let(:allowed_scope) { double }
+
+    it "allows scopes to be defined through lambdas" do
+      subject.allow :read, model, ->(m) { m.some_scope }
+      model.should_receive(:some_scope).and_return(allowed_scope)
+      subject.allowed_scope(model, :read).should == allowed_scope
+    end
+
+    it "allows scopes to be defined through a conditions hash" do
+      subject.allow :read, model, :awesome => true
+      model.should_receive(:where).with(:awesome => true).and_return(allowed_scope)
+      subject.allowed_scope(model, :read).should == allowed_scope
+    end
+
+    it "allows scopes to be defined through a conditions string" do
+      subject.allow :read, model, "awesome = true"
+      model.should_receive(:where).with("awesome = true").and_return(allowed_scope)
+      subject.allowed_scope(model, :read).should == allowed_scope
+    end
+
+    it "allow scopes to be defined through a conditions array" do
+      subject.allow :read, model, ["awesome = ?", true]
+      model.should_receive(:where).with(["awesome = ?", true]).and_return(allowed_scope)
+      subject.allowed_scope(model, :read).should == allowed_scope
+    end
+
+    it "prevents access to models that have on permissions defined" do
+      model.should_receive(:where).with("1=0").and_return(allowed_scope)
+      subject.allowed_scope(model, :read).should == allowed_scope
+    end
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: allowance
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-05-29 00:00:00.000000000 Z
+date: 2012-12-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &70166894971300 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70166894971300
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70166894970560 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +37,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70166894970560
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: watchr
-  requirement: &70166894967440 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,7 +53,12 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70166894967440
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A general-use permission management library with support for ActiveModel.
 email:
 - hendrik@mans.de
@@ -56,16 +71,19 @@ files:
 - .rspec
 - .travis.yml
 - .watchr
+- CHANGES.md
 - Gemfile
+- LICENSE
 - README.md
 - Rakefile
 - allowance.gemspec
 - lib/allowance.rb
-- lib/allowance/permissions.rb
+- lib/allowance/activerecord_ext.rb
+- lib/allowance/subject.rb
 - lib/allowance/version.rb
-- spec/allowance_spec.rb
-- spec/permissions_spec.rb
+- spec/activerecord_ext_spec.rb
 - spec/spec_helper.rb
+- spec/subject_spec.rb
 homepage: https://github.com/hmans/allowance
 licenses: []
 post_install_message: 
@@ -86,12 +104,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.11
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: A general-use permission management library with support for ActiveModel.
 test_files:
-- spec/allowance_spec.rb
-- spec/permissions_spec.rb
+- spec/activerecord_ext_spec.rb
 - spec/spec_helper.rb
+- spec/subject_spec.rb
 has_rdoc: 

data/lib/allowance/permissions.rb

@@ -1,69 +0,0 @@
-module Allowance
-  class Permissions
-    def initialize
-      @permissions = {}
-      yield(self) if block_given?
-    end
-
-    def allowed?(verb, object = nil)
-      return true if @permissions[[verb, object]]
-
-      # If object is a resource instance, try its class
-      if object.class.respond_to?(:find)
-        if allowed?(verb, object.class)
-          # See if the object is part of the defined scope
-          return !scoped_model(verb, object.class).
-            find(:first, :conditions => { :id => object.id }).nil?
-        end
-      end
-
-      false
-    end
-
-    alias_method :can?, :allowed?
-
-    def allow!(verbs, objects = nil, scope = true, &blk)
-      expand_permissions(verbs).each do |verb|
-        [objects].flatten.each do |object|
-          @permissions[[verb, object]] = scope  # TODO: add blk, too
-        end
-      end
-    end
-
-    alias_method :can!, :allow!
-
-    def method_missing(name, *args, &blk)
-      if name.to_s =~ /(.+)!$/
-        allow!($1.to_sym, *args, &blk)
-      elsif name.to_s =~ /(.+)\?$/
-        allowed?($1.to_sym, *args, &blk)
-      else
-        super
-      end
-    end
-
-    def scoped_model(verb, model)
-      if p = @permissions[[verb, model]]
-        case p
-          when Hash, String, Array then model.where(p)
-          when Proc then p.call(model)
-          else model
-        end
-      else
-        model.where(false)
-      end
-    end
-
-  private
-
-    def expand_permissions(*permissions)
-      permissions.flatten.map do |p|
-        case p
-          when :manage then [:manage, :index, :show, :new, :create, :edit, :update, :destroy]
-          when :view   then [:view, :index, :show]
-          else p
-        end
-      end.flatten
-    end
-  end
-end

data/spec/allowance_spec.rb

@@ -1,17 +0,0 @@
-require 'spec_helper'
-
-module Allowance
-  describe "#define" do
-    it "should return an instance of Allowance::Permissions" do
-      Allowance.define.should be_kind_of(Allowance::Permissions)
-    end
-
-    it "should make sure the passed block is executed" do
-      p = Allowance.define do |allow|
-        allow.sing!
-      end
-
-      insist p.sing?
-    end
-  end
-end

data/spec/permissions_spec.rb

@@ -1,112 +0,0 @@
-require 'spec_helper'
-
-module Allowance
-  describe Permissions do
-    SomeClass = Class.new
-    SomeOtherClass = Class.new
-
-    it "should allow permissions to be specified and queried through its instance methods" do
-      subject.can! :sing
-      subject.allow! :dance
-
-      insist subject.can? :dance
-      insist subject.allowed? :sing
-    end
-
-    it "should allow simple permissions to be specified" do
-      subject.moo!
-
-      insist subject.moo?
-      refuse subject.quack?
-    end
-
-    it "should support a block-style initialization" do
-      p = Permissions.new do |can|
-        can.sing!
-      end
-
-      insist p.allowed? :sing
-      insist p.sing?
-    end
-
-    it "should not modify the block's scope" do
-      yup = true
-      nope = false
-
-      p = Permissions.new do |can|
-        can.sing!  if yup
-        can.dance! if nope
-      end
-
-      insist p.sing?
-      refuse p.dance?
-    end
-
-    it "should allow verbs and objects" do
-      subject.update! SomeClass
-
-      insist subject.update? SomeClass
-      refuse subject.destroy? SomeClass
-      refuse subject.update? SomeOtherClass
-    end
-
-    it "should expand :view to include :index and :show" do
-      subject.view! SomeClass
-
-      insist subject.view? SomeClass
-      insist subject.index? SomeClass
-      insist subject.show? SomeClass
-    end
-
-    it "should verify permissions against model instances" do
-      model_class = Class.new
-      model_class.should_receive(:some_scope).and_return(model_class)
-
-      model_instance = model_class.new
-      model_instance.stub!(:id => 123)
-
-      model_class.should_receive(:find).and_return(model_instance)
-
-      subject.view! model_class, lambda { |r| r.some_scope }
-
-      insist subject.view? model_instance
-    end
-
-    describe "#scoped_model" do
-      it "should allow scopes to be defined through lambdas" do
-        model = mock
-        model.should_receive(:some_scope).and_return(scoped_model = mock)
-
-        subject.view! model, lambda { |r| r.some_scope }
-        subject.scoped_model(:view, model).should == scoped_model
-      end
-
-      it "should allow scopes to be defined through a conditions hash" do
-        model = mock
-        model.should_receive(:where).with(:awesome => true).and_return(scoped_model = mock)
-
-        subject.view! model, :awesome => true
-
-        subject.scoped_model(:view, model).should == scoped_model
-      end
-
-      it "should allow scopes to be defined through a conditions string" do
-        model = mock
-        model.should_receive(:where).with("awesome = true").and_return(scoped_model = mock)
-
-        subject.view! model, "awesome = true"
-
-        subject.scoped_model(:view, model).should == scoped_model
-      end
-
-      it "should allow scopes to be defined through a conditions array" do
-        model = mock
-        model.should_receive(:where).with(["awesome = ?", true]).and_return(scoped_model = mock)
-
-        subject.view! model, ["awesome = ?", true]
-
-        subject.scoped_model(:view, model).should == scoped_model
-      end
-    end
-  end
-end