arrthorizer 0.1.0.pre2 → 0.1.0

data/README.md

@@ -1,5 +1,5 @@
-[![Build Status](https://travis-ci.org/ReneB/arrthorizer.png?branch=fyfbd_118)](https://travis-ci.org/ReneB/arrthorizer)
-(The build is currently supposed to fail, since the gem is not in a releasable state yet)
+[![Code Climate](https://codeclimate.com/github/BUS-OGD/arrthorizer.png)](https://codeclimate.com/github/BUS-OGD/arrthorizer)
+[![Build Status](https://travis-ci.org/BUS-OGD/arrthorizer.png)](https://travis-ci.org/BUS-OGD/arrthorizer)
 
 # Arrthorizer
 

data/lib/arrthorizer.rb

@@ -7,6 +7,7 @@ module Arrthorizer
 
   autoload :Role,                     "arrthorizer/role"
   autoload :ContextRole,              "arrthorizer/context_role"
+  autoload :Group,                    "arrthorizer/group"
 
   autoload :Permission,               "arrthorizer/permission"
   autoload :Privilege,                "arrthorizer/privilege"
@@ -23,6 +24,24 @@ module Arrthorizer
   end
 
   def self.configure(&block)
-    self.tap(&block)
+    self.instance_eval(&block)
+  end
+
+  ##
+  # Inject a dependency for Arrthorizer's Groups feature.
+  # The provided object needs to be able to respond_to :is_member_of?
+  # The is_member_of? function is expected to return a boolean-like
+  # object which represents whether or not the user is a member of the
+  # provided Group
+  def self.check_group_membership_using(object)
+    if object.respond_to?(:is_member_of?)
+      @membership_service = object
+    else
+      raise "Arrthorizer cannot check role membership using #{object.inspect}"
+    end
+  end
+
+  def self.membership_service
+    @membership_service
   end
 end

data/lib/arrthorizer/group.rb

@@ -0,0 +1,26 @@
+##
+# This is the class of all Groups. A Group is a role that does not depend
+# on context, but rather on membership - a user can be made a member
+# of such a role. This might be related to that person's role in the
+# organization, for example.
+module Arrthorizer
+  class Group < Role
+    attr_reader :name
+
+    def initialize(name)
+      @name = name
+
+      Role.register(self)
+    end
+
+    def applies_to_user?(user, _)
+      is_member?(user)
+    end
+
+  private
+    def is_member?(user)
+      Arrthorizer.membership_service.is_member_of?(user, self)
+    end
+  end
+end
+

data/lib/arrthorizer/rails/controller_configuration.rb

@@ -13,9 +13,12 @@ module Arrthorizer
         self.defaults_block = block
       end
 
-      def for_action(action, &block)
-        add_action_block(action, &block)
+      def for_action(*actions, &block)
+        actions.each do |action|
+          add_action_block(action, &block)
+        end
       end
+      alias_method :for_actions, :for_action
 
       def block_for(action)
         action_blocks.fetch(action) { defaults_block }

data/lib/arrthorizer/role.rb

@@ -2,7 +2,7 @@
 module Arrthorizer
   class Role
     # Template method: This method is implemented in the
-    # ContextRole subclasses.
+    # ContextRole subclasses and Group.
     def applies_to_user?(user, context = {})
       raise NotImplementedError, "#{self.name} does not implement #applies_to_user?(user, context)"
     end

data/lib/arrthorizer/version.rb

@@ -1,3 +1,3 @@
 module Arrthorizer
-  VERSION = "0.1.0.pre2"
+  VERSION = "0.1.0"
 end

data/lib/generators/arrthorizer/install/templates/config.yml

@@ -11,9 +11,10 @@
 # Let's also assume that we have Roles for Forum::TopicStarter and Forum::Administrators.
 # ForumTopicStarters may be allowed to delete any topics they started and update them in
 # whatever way they deem relevant, but not change any topics they did not start themselves. This
-# means the role would be a ContextRole.
-# Let's also assume you have a LoggedInUser role which allows anyone to see any topic or start a
-# new one, as # long as they're logged in.
+# means the role would be a ContextRole. The administrators can do anything they bloody well
+# please with any topic at all (therefore, the role would be a Group). Let's also assume
+# you have a LoggedInUser role which allows anyone to see any topic or start a new one, as
+# long as they're logged in.
 #
 # We would define these privileges as follows:
 #

data/spec/integration/group/initialize_spec.rb

@@ -0,0 +1,11 @@
+require "spec_helper"
+
+describe Arrthorizer::Group do
+  describe :initialize do
+    it "registers the new instance with Role" do
+      role = Arrthorizer::Group.new("some new group")
+
+      Arrthorizer::Role.get(role).should == role
+    end
+  end
+end

data/spec/{controllers → integration}/some_controller_spec.rb

@@ -4,7 +4,7 @@ describe SomeController do
   let(:action) { Arrthorizer::Rails::ControllerAction.fetch("some#some_action") }
   let(:other_action) { Arrthorizer::Rails::ControllerAction.fetch("some#other_action") }
 
-  describe :some_action do
+  describe :some_action, type: :controller do
     let!(:privilege) { action.privilege }
     let!(:current_user) { double("user") }
 
@@ -12,6 +12,57 @@ describe SomeController do
       controller.stub(:current_user) { current_user }
     end
 
+    describe "group roles" do
+      let!(:group) { Arrthorizer::Group.new("some group") }
+
+      context "when the role is linked to the privilege" do
+        before do
+          Arrthorizer::Permission.grant(privilege, to: group)
+        end
+
+        context "when I am a member of the required group" do
+          before do
+            add_user_to_group(current_user, group)
+          end
+
+          it "succeeds" do
+            get :some_action
+
+            response.should be_success
+          end
+        end
+
+        context "when I am not a member of the required group" do
+          before do
+            remove_user_from_group(current_user, group)
+          end
+
+          it "fails" do
+            get :some_action
+
+            response.should be_forbidden
+          end
+        end
+
+        context "when I am only a member of an unrelated group" do
+          let(:other_group) { Arrthorizer::Group.new("other group") }
+
+          before do
+            other_privilege = other_action.privilege
+            Arrthorizer::Permission.grant(other_privilege, to: other_group)
+            remove_user_from_group(current_user, group)
+            add_user_to_group(current_user, other_group)
+          end
+
+          it "fails" do
+            get :some_action
+
+            response.should be_forbidden
+          end
+        end
+      end
+    end
+
     describe "context roles" do
       let!(:context_role) do
         configure_context_role do |user, context|
@@ -76,4 +127,20 @@ describe SomeController do
       role.stub(:applies_to_user?, &block)
     end
   end
+
+  def add_user_to_group( user, group )
+    stub_membership_with(user, group) do
+      true
+    end
+  end
+
+  def remove_user_from_group( user, group )
+    stub_membership_with(user, group) do
+      false
+    end
+  end
+
+  def stub_membership_with(user, group, &block)
+    Arrthorizer.membership_service.stub(:is_member_of?).with(user, group, &block)
+  end
 end

data/spec/internal/app/roles/another_group.rb

@@ -0,0 +1 @@
+AnotherGroup = Arrthorizer::Group.new('antother_group')

data/spec/internal/app/roles/some_group.rb

@@ -0,0 +1 @@
+SomeGroup = Arrthorizer::Group.new('some_group')

data/spec/internal/config/application.rb

@@ -15,7 +15,7 @@ if defined?(Bundler)
   # Bundler.require(:default, :assets, Rails.env)
 end
 
-module TestCbac
+module TestArrthorizer
   class Application < Rails::Application
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers

data/spec/internal/config/environment.rb

@@ -2,4 +2,4 @@
 require File.expand_path('../application', __FILE__)
 
 # Initialize the rails application
-TestCbac::Application.initialize!
+TestArrthorizer::Application.initialize!

data/spec/internal/config/initializers/arrthorizer.rb

@@ -0,0 +1,9 @@
+class EmptyMembershipService
+  def is_member_of?(*args)
+    raise NotImplementedError
+  end
+end
+
+Arrthorizer.configure do
+  check_group_membership_using EmptyMembershipService.new
+end

data/spec/permission/grant_spec.rb

@@ -3,7 +3,7 @@ require "spec_helper"
 describe Arrthorizer::Permission do
   describe :grant do
     let(:privilege) { Arrthorizer::Privilege.new(name: "privilege") }
-    let(:role) { UnnamespacedContextRole }
+    let(:role) { Arrthorizer::Group.new("role") }
 
     it "adds the role to the privilege set" do
       Arrthorizer::Permission.grant(privilege, to: role)

data/spec/privilege/accessible_to_spec.rb

@@ -3,8 +3,8 @@ require "spec_helper"
 describe Arrthorizer::Privilege do
   subject(:privilege) { Arrthorizer::Privilege.new(name: "some privilege") }
 
-  let(:role) { Namespaced::ContextRole }
-  let(:other_role) { UnnamespacedContextRole }
+  let(:role) { SomeGroup }
+  let(:other_role) { AnotherGroup }
 
   describe :accessible_to? do
     context "when a Role was configured to have access to this privilege" do

data/spec/privilege/initialize_spec.rb

@@ -2,7 +2,7 @@ require "spec_helper"
 
 describe Arrthorizer::Privilege do
   describe :initialize do
-    let(:role) { UnnamespacedContextRole }
+    let(:role) { SomeGroup }
     let(:roles) { [ role ] }
     let(:name) { "some name" }
 

data/spec/privilege/make_accessible_to_spec.rb

@@ -3,7 +3,7 @@ require "spec_helper"
 describe Arrthorizer::Privilege do
   describe :make_accessible_to do
     let(:privilege) { Arrthorizer::Privilege.new(name: "privilege") }
-    let(:role) { UnnamespacedContextRole }
+    let(:role) { SomeGroup }
 
     it "makes the privilege accessible to the role" do
       expect {
@@ -12,7 +12,7 @@ describe Arrthorizer::Privilege do
     end
 
     it "does not make it accessible to a different role" do
-      unrelated_role = Namespaced::ContextRole
+      unrelated_role = Arrthorizer::Group.new("unrelated role")
 
       expect {
         privilege.make_accessible_to(role)

data/spec/role/get_spec.rb

@@ -25,5 +25,21 @@ describe Arrthorizer::Role do
         end
       end
     end
+
+    context "fetching Groups" do
+      let(:expected_role) { SomeGroup } # provided by the internal Rails app
+
+      context "when a Group is provided" do
+        it_behaves_like "finding the right Role" do
+          let(:arg) { expected_role }
+        end
+      end
+
+      context "when a String representing a Group is provided" do
+        it_behaves_like "finding the right Role" do
+          let(:arg) { expected_role.to_key }
+        end
+      end
+    end
   end
 end

metadata

@@ -1,7 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: arrthorizer
 version: !ruby/object:Gem::Version
-  version: 0.1.0.pre2
+  version: 0.1.0
+  prerelease: 
 platform: ruby
 authors:
 - René van den Berg
@@ -9,25 +10,28 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-31 00:00:00.000000000 Z
+date: 2014-02-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: combustion
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -35,6 +39,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -42,29 +47,33 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
-    - - '>='
+    - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Contextual authorization for your Rails (3+) application
@@ -88,6 +97,7 @@ files:
 - lib/arrthorizer/context.rb
 - lib/arrthorizer/context_builder.rb
 - lib/arrthorizer/context_role.rb
+- lib/arrthorizer/group.rb
 - lib/arrthorizer/permission.rb
 - lib/arrthorizer/privilege.rb
 - lib/arrthorizer/rails.rb
@@ -109,9 +119,10 @@ files:
 - spec/context_builder/build_spec.rb
 - spec/context_role/to_key_spec.rb
 - spec/context_spec.rb
-- spec/controllers/some_controller_spec.rb
+- spec/integration/group/initialize_spec.rb
 - spec/integration/registry/missing_handler_spec.rb
 - spec/integration/role_spec.rb
+- spec/integration/some_controller_spec.rb
 - spec/internal/app/assets/images/rails.png
 - spec/internal/app/assets/javascripts/application.js
 - spec/internal/app/assets/javascripts/test.js.coffee
@@ -123,7 +134,9 @@ files:
 - spec/internal/app/helpers/test_helper.rb
 - spec/internal/app/mailers/.gitkeep
 - spec/internal/app/models/.gitkeep
+- spec/internal/app/roles/another_group.rb
 - spec/internal/app/roles/namespaced/context_role.rb
+- spec/internal/app/roles/some_group.rb
 - spec/internal/app/roles/unnamespaced_context_role.rb
 - spec/internal/app/views/layouts/application.html.erb
 - spec/internal/app/views/some/some_action.html.erb
@@ -132,6 +145,7 @@ files:
 - spec/internal/config/boot.rb
 - spec/internal/config/database.yml
 - spec/internal/config/environment.rb
+- spec/internal/config/initializers/arrthorizer.rb
 - spec/internal/config/routes.rb
 - spec/internal/db/schema.rb
 - spec/internal/log/.gitignore
@@ -156,26 +170,27 @@ files:
 - spec/support/reset.rb
 homepage: https://github.com/BUS-ogd/arrthorizer
 licenses: []
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>='
+  - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
-  - - '>'
+  - - ! '>='
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.0
+rubygems_version: 1.8.23
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: Contextual authorization for your Rails (3+) application
 test_files:
 - spec/arrthorizer_exception/inner_spec.rb
@@ -184,9 +199,10 @@ test_files:
 - spec/context_builder/build_spec.rb
 - spec/context_role/to_key_spec.rb
 - spec/context_spec.rb
-- spec/controllers/some_controller_spec.rb
+- spec/integration/group/initialize_spec.rb
 - spec/integration/registry/missing_handler_spec.rb
 - spec/integration/role_spec.rb
+- spec/integration/some_controller_spec.rb
 - spec/internal/app/assets/images/rails.png
 - spec/internal/app/assets/javascripts/application.js
 - spec/internal/app/assets/javascripts/test.js.coffee
@@ -198,7 +214,9 @@ test_files:
 - spec/internal/app/helpers/test_helper.rb
 - spec/internal/app/mailers/.gitkeep
 - spec/internal/app/models/.gitkeep
+- spec/internal/app/roles/another_group.rb
 - spec/internal/app/roles/namespaced/context_role.rb
+- spec/internal/app/roles/some_group.rb
 - spec/internal/app/roles/unnamespaced_context_role.rb
 - spec/internal/app/views/layouts/application.html.erb
 - spec/internal/app/views/some/some_action.html.erb
@@ -207,6 +225,7 @@ test_files:
 - spec/internal/config/boot.rb
 - spec/internal/config/database.yml
 - spec/internal/config/environment.rb
+- spec/internal/config/initializers/arrthorizer.rb
 - spec/internal/config/routes.rb
 - spec/internal/db/schema.rb
 - spec/internal/log/.gitignore

checksums.yaml

@@ -1,7 +0,0 @@
----
-SHA1:
-  metadata.gz: b71c7c666f99142b09c0bf02f42eba2942090799
-  data.tar.gz: 7ae245473bca34b41a2d99b5fdb01a240b8bb2fc
-SHA512:
-  metadata.gz: b7c6ab52920724e0ee79ae75365385829c7d3f5f2124aec3380687cfca1fc0d308412d38c697b6d9264b05422834d2667b494ecce7dfd8087380a399ef40d992
-  data.tar.gz: c2d9eacd2683e5b07b2231cf58ad2405b240e334811dc884ea811dc8ecf585cf6bf46afd269a7778a90ce36db7eba2f825ccdef4fd9bf63276503f328b639ca5