authoritah 0.0.4 → 0.0.5

data/README.rdoc

@@ -19,16 +19,21 @@ By default (i.e. when no Authoritah declarations are made) all requests are allo
     permits :current_user => :admin?
   end
   
-This is a wildcard rule. It assumes you have a method on your controller called "current_user" (as something like restful_authentication or authlogic would provide) that returns an object that can respond to an admin? message - the rule will pass if admin? returns true. Once a permit rule is defined access to the actions of this controller are ONLY permitted if you fulfill the predicate. 
+This is a wildcard rule. It assumes you have a method on your controller called "current_user" (as something like restful_authentication or authlogic would provide) that returns an object that can respond to an admin? message - the rule will pass if admin? returns true (or more strictly, non-false). Once a permit rule is defined access to the actions of this controller are ONLY permitted if you fulfill the predicate. If you just have a case where you have a method on your controller to check authorisation, you can do the following:
 
   class WidgetController < ApplicationController
 
-    permits :current_user => :admin?, :to => [:create, :destroy]
-    permits :current_user => :logged_in?, :to => :show
+    permits :logged_in?
   end
 
 What about if we only want to control access to certain actions? Easy, add a :to option and pass it an action or array of actions. You can add as many rules and scope them by action - Authoritah will ensure that a request is only permitted if all rules for a given action pass.
 
+  class WidgetController < ApplicationController
+
+    permits :current_user => :admin?, :to => [:create, :destroy]
+    permits :current_user => :logged_in?, :to => :show
+  end
+
 You also have the ability to expressly forbid access using the forbids directive:
 
   class WidgetController < ApplicationController

data/lib/authoritah.rb

@@ -26,10 +26,11 @@ module Authoritah
       
       def apply_declaration(perm_type, action_identifier, args)
         options = args.extract_options!
+        args.each {|a| options[a] = nil}
         actions = options.delete(action_identifier)
         
         check_role_selectors(options)
-        
+
         role_method     = options.to_a.first[0]
         role_predicate  = options.to_a.first[1]
         
@@ -113,6 +114,8 @@ module Authoritah
                 controller.send(permission[:role_method]).send(permission[:role_predicate])
               elsif permission[:role_predicate].is_a? Proc
                 permission[:role_predicate].call(controller.send(permission[:role_method]))
+              elsif permission[:role_predicate] == nil
+                controller.send(permission[:role_method])
               else
                 false
               end

data/spec/authoritah_spec.rb

@@ -26,6 +26,17 @@ describe Authoritah::Controller do
       TestAuthorizerController.permits(:current_user => :logged_in?, :another_user => :logged_out?)
     end.should raise_error(Authoritah::Controller::OptionsError)
   end
+  
+  describe "a basic permits wildcard rule with no predicate" do
+    before(:each) do
+      TestAuthorizerController.permits(:current_user)
+      @permissions = TestAuthorizerController.send(:controller_permissions)[:test_authorizer]
+    end
+    it "should have one permission" do @permissions.size.should == 1 end
+    it "should use current_user to retrieve the 'role object'" do @permissions.first[:role_method].should == :current_user end
+    it "should have nil predicate method" do @permissions.first[:role_predicate].should == nil end
+    it "should not specify the actions" do @permissions.first[:actions].should == [:all] end
+  end
     
   describe "a basic permits wildcard rule" do
     before(:each) do
@@ -70,6 +81,32 @@ describe TestAuthorizerController, :type => :controller do
   end
   
   describe "specifying permit rules" do
+    context "with a wildcard permission (no predicate)" do
+      before(:each) do
+        TestAuthorizerController.permits(:current_user)
+      end
+
+      context "a user exists" do
+        before(:each) do
+          controller.stubs(:current_user => true)
+        end
+        it "should render index" do
+          get :index
+          response.should render_template('index')
+        end
+      end
+      context "an unauthenticated user" do
+        before(:each) do
+          controller.stubs(:current_user => false)
+        end
+        it "should receive a 404" do
+          get :index
+          response.status.should == "404 Not Found"
+          response.should render_template(File.join(RAILS_ROOT, 'public', '/404.html'))
+        end
+      end
+    end
+    
     context "with a wildcard permission" do
       before(:each) do
         TestAuthorizerController.permits(:current_user => :logged_in?)
@@ -207,4 +244,16 @@ describe TestAuthorizerController, :type => :controller do
       end
     end
   end
+  
+  describe "overriding check_permissions" do
+    before(:each) do
+      TestAuthorizerController.permits(:current_user => :logged_in?)
+      TestAuthorizerController.send(:define_method, :check_permissions) do
+        return true if permitted?(action_name.to_sym)
+        redirect_to root_url
+        false
+      end
+    end
+    it "should redirect to / instead of rendering /404.html" do get :index; response.should redirect_to(root_url) end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: authoritah
 version: !ruby/object:Gem::Version 
-  version: 0.0.4
+  version: 0.0.5
 platform: ruby
 authors: 
 - Steven Mohapi-Banks
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-09-28 00:00:00 +01:00
+date: 2009-10-05 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -80,7 +80,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.5
+rubygems_version: 1.3.4
 signing_key: 
 specification_version: 3
 summary: A really simple authorization plugin for Rails.