authoritah 0.0.5 → 0.1.0

data/lib/authoritah.rb

@@ -28,6 +28,9 @@ module Authoritah
         options = args.extract_options!
         args.each {|a| options[a] = nil}
         actions = options.delete(action_identifier)
+        on_reject = options.delete(:on_reject) || :render_404
+        
+        raise ":on_reject must be a symbol or a Proc" unless on_reject.is_a?(Symbol) || on_reject.is_a?(Proc)
         
         check_role_selectors(options)
 
@@ -35,8 +38,13 @@ module Authoritah
         role_predicate  = options.to_a.first[1]
         
         controller_permissions[controller_name.to_sym] ||= PermissionSet.new
-        controller_permissions[controller_name.to_sym] <<
-          {:type => perm_type, :role_method => role_method, :role_predicate => role_predicate, :actions => actions ? Array(actions) : nil}
+        controller_permissions[controller_name.to_sym] << {
+          :type => perm_type,
+          :role_method => role_method,
+          :role_predicate => role_predicate,
+          :actions => actions ? Array(actions) : nil,
+          :on_reject => on_reject
+        }
       end
       
       def this_controllers_permissions
@@ -61,16 +69,18 @@ module Authoritah
     module InstanceMethods
 
       def check_permissions
-        return true if permitted?(action_name.to_sym)
-        render(:file => File.join(RAILS_ROOT, 'public', '404.html'), :status => 404) 
-        false
+        permitted?(action_name.to_sym)
       end
       
       protected
       
+        def render_404
+          render(:file => File.join(RAILS_ROOT, 'public', '404.html'), :status => 404)
+        end
+      
         def permitted?(action)
           return true unless permissions = self.class.this_controllers_permissions
-          permissions.permits?(self, action) && !permissions.forbids?(self, action)
+          permissions.permits?(self, action)
         end
     end
     
@@ -90,39 +100,52 @@ module Authoritah
       end
       
       def permits?(controller, action)
-        apply_rules(:permit, controller, action).include?(false) == false
+        permitted, on_reject_action = apply_rule_chain(:permit, controller, action)
+        if permitted
+          return true
+        else
+          if on_reject_action.is_a?(Proc)
+            # debugger
+            # on_reject_action.call(controller)
+            controller.instance_eval(&on_reject_action)
+          else
+            controller.send(on_reject_action)
+          end
+          return false
+        end
       end
 
-      def forbids?(controller, action)
-        apply_rules(:forbid, controller, action).include?(true)
-      end
-      
       def permissions
         @permissions ||= []
       end
       
       protected
-      
-        def apply_rules(rule_type, controller, action)
-          permissions.select{|p| 
-            p[:type] == rule_type
-          }.select{|p| 
-            p[:actions].include?(action) || p[:actions].include?(:all)
-          }.map do |permission|
+        
+        # Returns [true, nil] if the rule chain applied without a problem.
+        # Returns [false, :reject_to]
+        def apply_rule_chain(rule_type, controller, action)
+          select_permissions_for(action).each do |permission|
             begin
-              if permission[:role_predicate].is_a? Symbol
+              response = if permission[:role_predicate].is_a? Symbol
                 controller.send(permission[:role_method]).send(permission[:role_predicate])
               elsif permission[:role_predicate].is_a? Proc
                 permission[:role_predicate].call(controller.send(permission[:role_method]))
               elsif permission[:role_predicate] == nil
                 controller.send(permission[:role_method])
-              else
-                false
               end
+              response = !response if permission[:type] == :forbid
+              return [false, permission[:on_reject]] unless response
             rescue
-              false
+              return [permission[:type] == :forbid, permission[:on_reject]]
             end
           end
+          [true, nil]
+        end
+                
+        def select_permissions_for(action)
+          permissions.select{|p| 
+             p[:actions].include?(action) || p[:actions].include?(:all)
+           }
         end
     end
     

data/spec/authoritah_spec.rb

@@ -1,5 +1,5 @@
 require File.dirname(__FILE__) + '/spec_helper'
-
+require 'ruby-debug'
 describe Authoritah::Controller do
   
   before(:each) do
@@ -200,6 +200,9 @@ describe TestAuthorizerController, :type => :controller do
         end
       end
       context "an unauthenticated user" do
+        before(:each) do
+          controller.stubs(:current_user => false)
+        end
         it "should render index" do get :index; response.should render_template('index') end
       end
     end
@@ -245,15 +248,73 @@ describe TestAuthorizerController, :type => :controller do
     end
   end
   
-  describe "overriding check_permissions" do
-    before(:each) do
-      TestAuthorizerController.permits(:current_user => :logged_in?)
-      TestAuthorizerController.send(:define_method, :check_permissions) do
-        return true if permitted?(action_name.to_sym)
-        redirect_to root_url
-        false
+  describe "specifying a different action to run on failure" do
+    
+    it "should check that :on_reject is a Proc or Symbol" do
+      lambda do
+        TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject => :method)
+      end.should_not raise_error
+      lambda do
+        TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject => Proc.new {})
+      end.should_not raise_error
+      lambda do
+        TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject => 5)
+      end.should raise_error
+    end
+    
+    context "when :on_reject => :set_flash_and_redirect" do
+      before(:each) do
+        TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject => :set_flash_and_redirect)
+        TestAuthorizerController.send(:define_method, :set_flash_and_redirect) do
+          flash[:error] = "You need to be logged in to do that"
+          redirect_to root_url
+        end
+      end
+      context "an unauthenticated user" do
+        it "should redirect to /" do
+          get :index
+          response.should redirect_to(root_url)
+        end
+        it "should set the flash" do
+          get :index
+          flash[:error].should == "You need to be logged in to do that"
+        end
+      end
+    end
+    
+    context "when :on_reject => Proc" do
+      before(:each) do
+        TestAuthorizerController.permits(:current_user => :logged_in?, :on_reject => Proc.new { redirect_to root_url })
+      end
+      context "an unauthenticated user" do
+        it "should redirect to /" do
+          get :index
+          response.should redirect_to(root_url)
+        end
       end
     end
-    it "should redirect to / instead of rendering /404.html" do get :index; response.should redirect_to(root_url) end
+    
+    context "with multiple rules" do
+      before(:each) do
+        TestAuthorizerController.permits(:current_user => :logged_in?)
+        TestAuthorizerController.forbids(:current_user => :blacklisted?, :on_reject => :set_blacklisted)
+        TestAuthorizerController.send(:define_method, :set_blacklisted) do
+          flash[:error] = "You can't be blacklisted to do that"
+          redirect_to '/blacklisted'
+        end
+      end
+      
+      context "as a blacklisted user" do
+        before(:each) do
+          controller.stubs(:current_user => stub(:logged_in? => true, :blacklisted? => true))
+        end
+        it 'should redirect to /blacklisted' do
+          get :index
+          response.should redirect_to('/blacklisted')
+        end
+      end
+      
+    end
   end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: authoritah
 version: !ruby/object:Gem::Version 
-  version: 0.0.5
+  version: 0.1.0
 platform: ruby
 authors: 
 - Steven Mohapi-Banks
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-10-05 00:00:00 +01:00
+date: 2009-11-04 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -20,7 +20,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.2.8
+        version: 1.2.9
     version: 
 - !ruby/object:Gem::Dependency 
   name: rspec-rails
@@ -30,7 +30,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.2.7.1
+        version: 1.2.9
     version: 
 - !ruby/object:Gem::Dependency 
   name: mocha
@@ -80,7 +80,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.4
+rubygems_version: 1.3.5
 signing_key: 
 specification_version: 3
 summary: A really simple authorization plugin for Rails.
@@ -91,9 +91,7 @@ test_files:
 - spec/railsenv/config/boot.rb
 - spec/railsenv/config/database.yml
 - spec/railsenv/config/environment.rb
-- spec/railsenv/config/environments/cucumber.rb
 - spec/railsenv/config/environments/development.rb
-- spec/railsenv/config/environments/production.rb
 - spec/railsenv/config/environments/test.rb
 - spec/railsenv/config/initializers/backtrace_silencers.rb
 - spec/railsenv/config/initializers/inflections.rb

data/spec/railsenv/config/environments/cucumber.rb

@@ -1,23 +0,0 @@
-config.cache_classes = true # This must be true for Cucumber to operate correctly!
-
-# Log error messages when you accidentally call methods on nil.
-config.whiny_nils = true
-
-# Show full error reports and disable caching
-config.action_controller.consider_all_requests_local = true
-config.action_controller.perform_caching             = false
-
-# Disable request forgery protection in test environment
-config.action_controller.allow_forgery_protection    = false
-
-# Tell Action Mailer not to deliver emails to the real world.
-# The :test delivery method accumulates sent emails in the
-# ActionMailer::Base.deliveries array.
-config.action_mailer.delivery_method = :test
-
-config.gem 'cucumber',    :lib => false,        :version => '>=0.3.100' unless File.directory?(File.join(Rails.root, 'vendor/plugins/cucumber'))
-config.gem 'webrat',      :lib => false,        :version => '>=0.5.0' unless File.directory?(File.join(Rails.root, 'vendor/plugins/webrat'))
-config.gem 'rspec',       :lib => false,        :version => '>=1.2.6' unless File.directory?(File.join(Rails.root, 'vendor/plugins/rspec'))
-config.gem 'rspec-rails', :lib => 'spec/rails', :version => '>=1.2.6' unless File.directory?(File.join(Rails.root, 'vendor/plugins/rspec-rails'))
-
-config.gem 'spork',       :lib => false,        :version => '>=0.5.9' unless File.directory?(File.join(Rails.root, 'vendor/plugins/spork'))

data/spec/railsenv/config/environments/production.rb

@@ -1,28 +0,0 @@
-# Settings specified here will take precedence over those in config/environment.rb
-
-# The production environment is meant for finished, "live" apps.
-# Code is not reloaded between requests
-config.cache_classes = true
-
-# Full error reports are disabled and caching is turned on
-config.action_controller.consider_all_requests_local = false
-config.action_controller.perform_caching             = true
-config.action_view.cache_template_loading            = true
-
-# See everything in the log (default is :info)
-# config.log_level = :debug
-
-# Use a different logger for distributed setups
-# config.logger = SyslogLogger.new
-
-# Use a different cache store in production
-# config.cache_store = :mem_cache_store
-
-# Enable serving of images, stylesheets, and javascripts from an asset server
-# config.action_controller.asset_host = "http://assets.example.com"
-
-# Disable delivery errors, bad email addresses will be ignored
-# config.action_mailer.raise_delivery_errors = false
-
-# Enable threaded mode
-# config.threadsafe!