authority 1.0.0.pre2 → 1.0.0.pre3

data/.rspec

@@ -0,0 +1 @@
+--color

data/CHANGELOG.markdown

@@ -2,6 +2,14 @@
 
 This is mainly to document major new features and backwards-incompatible changes.
 
+## v1.0.0.pre3
+
+- Rename controller methods (again):
+  - `authorize_actions_on` => `authorize_actions_for`
+  - `authorize_action_on` => `authorize_action_for`
+- Cleaned up `authorize_action_for` to only accept a `resource` argument (the
+  current user is determined by `authority_user`)
+
 ## v1.0.0.pre2
 
 Rename controller methods:

data/README.markdown

@@ -16,7 +16,7 @@ No time for reading! Reading is for chumps! Here's the skinny:
   - Add instance methods to that authorizer to set rules that need to look at a resource instance, like "a user can only edit a Lolcat if it belongs to that user and has not been marked as 'classic'".
 - Wire up your user, models and controllers to work with your authorizers:
   - In your [user class](#users), `include Authority::UserAbilities`.
-  - Put this in your [controllers](#controllers): `authorize_actions_on YourModelNameHere` (the model that controller works with)
+  - Put this in your [controllers](#controllers): `authorize_actions_for YourModelNameHere` (the model that controller works with)
   - Put this in your [models](#models):  `include Authority::Abilities`
 
 ## Overview
@@ -182,17 +182,17 @@ That's it! All your authorizer classes could be left empty.
 
 In your controllers, add this method call:
 
-    authorize_actions_on ModelName
+    authorize_actions_for ModelName
 
 That sets up a `before_filter` that **calls your class-level methods before each action**. For instance, before running the `update` action, it will check whether the current user (determined using the configurable `user_method`) `can_update?(ModelName)` at a class level. A return value of false means "this user can never update models of this class."
 
 By the way, any options you pass in will be used on the `before_filter` that gets created, so you can do things like this:
 
-    authorize_actions_on InvisibleSwordsman, :only => :show
+    authorize_actions_for InvisibleSwordsman, :only => :show
 
 #### Usage within a controller action
 
-If you need to check some attributes of a model instance to decide if an action is permissible, you can use the **singular** `authorize_action_on(@resource_instance, @user)`. This method will determine which controller action it was called from, look at the controller action map, determine which method should be checked on the model, and check it.
+If you need to check some attributes of a model instance to decide if an action is permissible, you can use the **singular** `authorize_action_for(@resource_instance)`. This method will determine which controller action it was called from, look at the controller action map, determine which method should be checked on the model, and check it.
 
 The default controller action map is as follows:
 
@@ -213,25 +213,25 @@ So, for example, if you did this:
 
       def edit
         @message = Message.find(params[:id])
-        authorize_action_on(@message, current_user)
+        authorize_action_for(@message)
       end
       ...
 
     end
 
-... Authority would determine that it was called from within `edit`, that the `edit` controller action requires permission to `update`, and check whether the user `can_update?(@message)`.
+... Authority would determine that it was called from within `edit`, that the `edit` controller action requires permission to `update`, and check whether the current user `can_update?(@message)`.
 
-Each controller gets its own copy of the controller action map. If you want to edit a **single** controller's action map, you can either pass a hash into `authorize_actions_on`, which will get merged into the existing actions hash...
+Each controller gets its own copy of the controller action map. If you want to edit a **single** controller's action map, you can either pass a hash into `authorize_actions_for`, which will get merged into the existing actions hash...
 
     class BadgerController < ApplicationController
-      authorize_actions_on Badger, :actions => {:neuter => 'update'}
+      authorize_actions_for Badger, :actions => {:neuter => 'update'}
       ...
     end
 
 ...or you can use a separate method call:
 
     class BadgerController < ApplicationController
-      authorize_actions_on Badger
+      authorize_actions_for Badger
 
       authority_action :neuter => 'update'
 

data/TODO.markdown

@@ -3,12 +3,15 @@
 ## Design
 
 - Carefully think through names of all public methods & see if they could be clearer or more intuitive
-- Consider making empty authorizers unnecessary: if one isn't defined, automatically define it as empty. This would reduce setup but slightly increase obfuscation of the workings.
-- Decide whether there's any reason why `authorizer_action_on` needs a user argument, when we already know the method to call to get the current user.
 
 ## Chores
 
-- Add separate generator to make an empty authorizer for each file in `app/models`
+- Add separate generator to make an empty authorizer for each file in `app/models` (prompt for each one)
 - Test generators
-- Test view helpers
-- Document how you can bypass creating an authorizer for each model - by setting authorizer name directly and having them share.
+
+## Documentation
+
+- Make README more concise, or at least more navigable.
+- How to bypass creating an authorizer for each model - by setting authorizer name directly and having them share.
+- For instance-level checks, ensuring that you don't call `update` first; use `attributes=` before calling `authorize_action_on`.
+- Example of checking clean/dirty attributes in instance-level checks. For example, if I'm only allowed to update blue laser cannons, can I make them red? Maybe I need to check whether the old value was blue?

data/lib/authority/controller.rb

@@ -8,7 +8,6 @@ module Authority
     included do
       rescue_from Authority::SecurityTransgression, :with => :authority_forbidden
       class_attribute :authority_resource
-      class_attribute :controller_action_map
     end
 
     module ClassMethods
@@ -18,9 +17,9 @@ module Authority
       # @param [Class] model_class - class whose authorizer should be consulted
       # @param [Hash] options - can contain :actions to be merged with existing
       # ones and any other options applicable to a before_filter
-      def authorize_actions_on(model_class, options = {})
+      def authorize_actions_for(model_class, options = {})
         self.authority_resource = model_class
-        self.controller_action_map = Authority.configuration.controller_action_map.merge(options[:actions] || {}).symbolize_keys
+        authority_action(options[:actions] || {})
         before_filter :run_authorization_check, options
       end
 
@@ -28,7 +27,15 @@ module Authority
       #
       # @param [Hash] action_map - controller actions and methods, to be merged with existing action_map
       def authority_action(action_map)
-        self.controller_action_map.merge!(action_map).symbolize_keys
+        authority_action_map.merge!(action_map.symbolize_keys)
+      end
+
+      # The controller action to authority action map used for determining
+      # which Rails actions map to which authority actions (ex: index to read)
+      #
+      # @return [Hash] A duplicated copy of the configured controller_action_map
+      def authority_action_map
+        @authority_action_map ||= Authority.configuration.controller_action_map.dup
       end
     end
 
@@ -42,21 +49,32 @@ module Authority
       render :file => Rails.root.join('public', '403.html'), :status => 403, :layout => false
     end
 
+    private
+
+    # The before filter that will be setup to run when the class method
+    # `authorize_actions_for` is called
     def run_authorization_check
-      authorize_action_on self.class.authority_resource, send(Authority.configuration.user_method)
+      authorize_action_for self.class.authority_resource
+    end
+
+    # Convencience wrapper for sending configured user_method to extract the
+    # request's current user
+    #
+    # @return [Object] the user object returned from sending the user_method
+    def authority_user
+      send(Authority.configuration.user_method)
     end
 
     # To be run in a before_filter; ensure this controller action is allowed for the user
     #
     # @param authority_resource [Class], the model class associated with this controller
-    # @param user, object representing the current user of the application
     # @raise [MissingAction] if controller action isn't a key in `config.controller_action_map`
-    def authorize_action_on(authority_resource, user)
-      authority_action = self.class.controller_action_map[action_name.to_sym]
+    def authorize_action_for(authority_resource)
+      authority_action = self.class.authority_action_map[action_name.to_sym]
       if authority_action.nil?
         raise MissingAction.new("No authority action defined for #{action_name}")
       end
-      Authority.enforce(authority_action, authority_resource, user)
+      Authority.enforce(authority_action, authority_resource, authority_user)
     end
 
     class MissingAction < StandardError ; end

data/lib/authority/version.rb

@@ -1,3 +1,3 @@
 module Authority
-  VERSION = "1.0.0.pre2"
+  VERSION = "1.0.0.pre3"
 end

data/spec/authority/controller_spec.rb

@@ -1,6 +1,6 @@
 require 'spec_helper'
 require 'support/ability_model'
-require 'support/example_controller'
+require 'support/example_controllers'
 require 'support/mock_rails'
 require 'support/user'
 
@@ -8,43 +8,50 @@ describe Authority::Controller do
 
   describe "when including" do
     it "should specify rescuing security transgressions" do
-      class DummyController < ExampleController ; end
-      DummyController.should_receive(:rescue_from).with(Authority::SecurityTransgression, :with => :authority_forbidden)
-      DummyController.send(:include, Authority::Controller)
+      SampleController.should_receive(:rescue_from).with(Authority::SecurityTransgression, :with => :authority_forbidden)
+      SampleController.send(:include, Authority::Controller)
     end
   end
 
   describe "after including" do
-    before :all do
-      ExampleController.send(:include, Authority::Controller)
+
+    describe "the authority controller action map" do
+
+      it "should be created on demand" do
+        ExampleController.instance_variable_set(:@authority_action_map, nil)
+        ExampleController.authority_action_map.should be_a(Hash)
+        ExampleController.authority_action_map.should_not be(Authority.configuration.controller_action_map)
+      end
+
+      describe "when subclassing" do
+        it "should allow the child class to edit the controller action map without affecting the parent class" do
+          DummyController.authority_action :erase => 'delete'
+          ExampleController.authority_action_map[:erase].should be_nil
+        end
+      end
+      
     end
 
     describe "DSL (class) methods" do
       it "should allow specifying the model to protect" do
-        ExampleController.authorize_actions_on AbilityModel
+        ExampleController.authorize_actions_for AbilityModel
         ExampleController.authority_resource.should eq(AbilityModel)
       end
 
       it "should pass the options provided to the before filter that is set up" do
         @options = {:only => [:show, :edit, :update]}
         ExampleController.should_receive(:before_filter).with(:run_authorization_check, @options)
-        ExampleController.authorize_actions_on AbilityModel, @options
+        ExampleController.authorize_actions_for AbilityModel, @options
       end
 
-      it "should give the controller its own copy of the authority actions map" do
-        ExampleController.authorize_actions_on AbilityModel
-        ExampleController.controller_action_map.should be_a(Hash)
-        ExampleController.controller_action_map.should_not be(Authority.configuration.controller_action_map)
-      end
-
-      it "should allow specifying the authority action map in the `authorize_actions_on` declaration" do
-        ExampleController.authorize_actions_on AbilityModel, :actions => {:eat => 'delete'}
-        ExampleController.controller_action_map[:eat].should eq('delete')
+      it "should allow specifying the authority action map in the `authorize_actions_for` declaration" do
+        ExampleController.authorize_actions_for AbilityModel, :actions => {:eat => 'delete'}
+        ExampleController.authority_action_map[:eat].should eq('delete')
       end
 
       it "should have a write into the authority actions map usuable in a DSL format" do
         ExampleController.authority_action :smite => 'delete'
-        ExampleController.controller_action_map[:smite].should eq('delete')
+        ExampleController.authority_action_map[:smite].should eq('delete')
       end
     end
 
@@ -57,7 +64,7 @@ describe Authority::Controller do
       end
 
       it "should check authorization on the model specified" do
-        @controller.should_receive(:authorize_action_on).with(AbilityModel, @user)
+        @controller.should_receive(:authorize_action_for).with(AbilityModel)
         @controller.send(:run_authorization_check)
       end
 
@@ -70,6 +77,18 @@ describe Authority::Controller do
         expect { @controller.send(:run_authorization_check) }.to raise_error(Authority::Controller::MissingAction)
       end
 
+      it "should return the authority_user for the current request by using the configured user_method" do
+        @controller.should_receive(Authority.configuration.user_method)
+        @controller.send(:authority_user)
+      end
+
+      describe "in controllers that inherited from a controller including authority, but don't call any class method" do
+        it "should automatically have a new copy of the authority_action_map" do
+          @controller = InstanceController.new
+          @controller.class.authority_action_map.should eq(Authority.configuration.controller_action_map)
+        end
+      end
+
       describe "authority_forbidden action" do
 
         before :each do

data/spec/support/example_controllers.rb

@@ -0,0 +1,23 @@
+module MockController
+  def rescue_from(*args) ; end
+  def before_filter(*args) ; end
+end
+
+# this controller will have `authority_actions_for` called on it
+class ExampleController
+  extend MockController
+  include Authority::Controller
+end
+
+class DummyController < ExampleController
+end
+
+class InstanceController < ExampleController
+end
+
+# this controller will not have `authority_actions_for` called on it but will
+# have `authority_action_for` called on it
+class SampleController
+  extend MockController
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authority
 version: !ruby/object:Gem::Version
-  version: 1.0.0.pre2
+  version: 1.0.0.pre3
   prerelease: 6
 platform: ruby
 authors:
@@ -14,7 +14,7 @@ date: 2012-03-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &82931510 !ruby/object:Gem::Requirement
+  requirement: &2164558540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *82931510
+  version_requirements: *2164558540
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &82931200 !ruby/object:Gem::Requirement
+  requirement: &2164557960 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,7 +33,7 @@ dependencies:
         version: 1.0.0
   type: :development
   prerelease: false
-  version_requirements: *82931200
+  version_requirements: *2164557960
 description: Gem for managing authorization on model actions in Rails.
 email:
 - nathanmlong@gmail.com
@@ -43,6 +43,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - .gitignore
+- .rspec
 - .rvmrc
 - .travis.yml
 - CHANGELOG.markdown
@@ -71,7 +72,7 @@ files:
 - spec/authority_spec.rb
 - spec/spec_helper.rb
 - spec/support/ability_model.rb
-- spec/support/example_controller.rb
+- spec/support/example_controllers.rb
 - spec/support/mock_rails.rb
 - spec/support/no_authorizer_model.rb
 - spec/support/user.rb
@@ -95,9 +96,21 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.10
+rubygems_version: 1.8.16
 signing_key: 
 specification_version: 3
 summary: Authority gives you a clean and easy way to say, in your Rails app, **who**
   is allowed to do **what** with your models, with minimal clutter.
-test_files: []
+test_files:
+- spec/authority/abilities_spec.rb
+- spec/authority/authorizer_spec.rb
+- spec/authority/configuration_spec.rb
+- spec/authority/controller_spec.rb
+- spec/authority/user_abilities_spec.rb
+- spec/authority_spec.rb
+- spec/spec_helper.rb
+- spec/support/ability_model.rb
+- spec/support/example_controllers.rb
+- spec/support/mock_rails.rb
+- spec/support/no_authorizer_model.rb
+- spec/support/user.rb

data/spec/support/example_controller.rb

@@ -1,5 +0,0 @@
-class ExampleController
-  def self.rescue_from(*args) ; end
-
-  def self.before_filter(*args) ; end
-end