authority 2.1.0 → 2.2.0

data/CHANGELOG.markdown

@@ -1,6 +1,12 @@
 # Changelog
 
-This is mainly to document major new features and backwards-incompatible changes.
+## v2.2.0
+
+Allow passing options hash to `authorize_action_for`, like `authorize_action_for(@llama, :sporting => @hat_style)`.
+
+## v2.1.0
+
+Allow passing options hash, like `current_user.can_create?(Comment, :for => @post)`.
 
 ## v2.0.1
 

data/README.markdown

@@ -6,7 +6,7 @@ Authority will work fine with a standalone app or a single sign-on system. You c
 
 It requires that you already have some kind of user object in your application, accessible from all controllers and views via a method like `current_user` (configurable).
 
-[![Build Status](https://secure.travis-ci.org/nathanl/authority.png)](http://travis-ci.org/nathanl/authority)
+[![Build Status](https://secure.travis-ci.org/nathanl/authority.png?branch=master)](http://travis-ci.org/nathanl/authority)
 [![Dependency Status](https://gemnasium.com/nathanl/authority.png)](https://gemnasium.com/nathanl/authority)
 
 ## Contents
@@ -52,13 +52,13 @@ Using Authority, you have:
 
 Most importantly, you have **total flexibility**: Authority does not constrain you into using a particular scheme of roles and/or permissions.
 
-Authority lets you: 
+Authority lets you control access based on: 
 
-- Grant permissions based on users' points (like StackOverflow)
-- Check user roles in a separate, single-sign-on app
-- Disallow certain actions based on time or date
-- Allow an action only for users with compatible browsers
-- ...do anything else you can think of.
+- Roles in your app's database ([rolify](http://github.com/EppO/rolify) makes this easy)
+- Roles in a separate, single-sign-on app
+- Users' points (like StackOverflow)
+- Time and date
+- Weather, stock prices, vowels in the user's name, or **anything else you can check with Ruby**
 
 All you have to do is define the methods you need on your authorizers. You have all the flexibility of normal Ruby classes. 
 
@@ -347,6 +347,8 @@ class LlamasController < ApplicationController
 end
 ```
 
+As with other authorization checks, you can also pass options here, and they'll be sent along to your authorization method: `authorize_action_for(@llama, :sporting => @hat_style)`. Generally, though, your authorization will depend on some attribute or association of the model instance, so the authorizer can check `@llama.neck_strength` and `@llama.owner.nationality`, etc, without needing any additional information.
+
 <a name="views">
 ### Views
 
@@ -366,7 +368,18 @@ Anytime a user attempts an unauthorized action, Authority calls whatever control
 - Renders `public/403.html`
 - Logs the violation to whatever logger you configured.
 
-You can specify a different handler like this:
+You can define your own `authority_forbidden` method:
+
+
+```ruby
+# Send 'em back where they came from with a slap on the wrist
+def authority_forbidden(exception)
+  Authority.configuration.logger.warn(error.message)
+  redirect_to request.referrer.presence || root_path, :alert => 'You are not authorized to complete that action.'
+end
+```
+
+... or specify a different handler like this:
 
 ```ruby
 # config/initializers/authority.rb

data/lib/authority.rb

@@ -26,13 +26,17 @@ module Authority
   # @param [Symbol] action
   # @param [Model] resource instance
   # @param [User] user instance
+  # @param [Hash] options, arbitrary options hash to delegate to the authorizer
   # @raise [SecurityViolation] if user is not allowed to perform action on resource
   # @return [Model] resource instance
-  def self.enforce(action, resource, user)
-    action_authorized = user.send("can_#{action}?", resource)
-    unless action_authorized
-      raise SecurityViolation.new(user, action, resource)
-    end
+  def self.enforce(action, resource, user, *options)
+    action_authorized = if options.empty?
+                          user.send("can_#{action}?", resource)
+                        else
+                          user.send("can_#{action}?", resource, Hash[*options])
+                        end
+    raise SecurityViolation.new(user, action, resource) unless action_authorized
+
     resource
   end
 

data/lib/authority/controller.rb

@@ -74,15 +74,18 @@ module Authority
     end
 
     # To be run in a `before_filter`; ensure this controller action is allowed for the user
+    # Can be used directly within a controller action as well, given an instance or class with or
+    # without options to delegate to the authorizer.
     #
-    # @param authority_resource [Class], the model class associated with this controller
+    # @param [Class] authority_resource, the model class associated with this controller
+    # @param [Hash] options, arbitrary options hash to forward up the chain to the authorizer
     # @raise [MissingAction] if controller action isn't a key in `config.controller_action_map`
-    def authorize_action_for(authority_resource)
+    def authorize_action_for(authority_resource, *options)
       authority_action = self.class.authority_action_map[action_name.to_sym]
       if authority_action.nil?
         raise MissingAction.new("No authority action defined for #{action_name}")
       end
-      Authority.enforce(authority_action, authority_resource, authority_user)
+      Authority.enforce(authority_action, authority_resource, authority_user, *options)
     end
 
     class MissingAction < StandardError ; end

data/lib/authority/version.rb

@@ -1,3 +1,3 @@
 module Authority
-  VERSION = "2.1.0"
+  VERSION = "2.2.0"
 end

data/lib/generators/templates/authority_initializer.rb

@@ -64,7 +64,7 @@ Authority.configure do |config|
   #
   # Some possible settings:
   # config.logger = Rails.logger                     # Log with all your app's other messages
-  # config.logger = Logger.new('logs/authority.log') # Use this file
+  # config.logger = Logger.new('log/authority.log') # Use this file
   # config.logger = Logger.new('/dev/null')          # Don't log at all (on a Unix system)
 
 end

data/spec/authority/abilities_spec.rb

@@ -1,5 +1,5 @@
 require 'spec_helper'
-require 'support/ability_model'
+require 'support/example_model'
 require 'support/user'
 
 describe Authority::Abilities do
@@ -11,31 +11,31 @@ describe Authority::Abilities do
   describe "authorizer" do
 
     it "should have a class attribute getter for authorizer_name" do
-      AbilityModel.should respond_to(:authorizer_name)
+      ExampleModel.should respond_to(:authorizer_name)
     end
 
     it "should have a class attribute setter for authorizer_name" do
-      AbilityModel.should respond_to(:authorizer_name=)
+      ExampleModel.should respond_to(:authorizer_name=)
     end
 
     it "should have a default authorizer_name of 'ApplicationAuthorizer'" do
-      AbilityModel.authorizer_name.should eq("ApplicationAuthorizer")
+      ExampleModel.authorizer_name.should eq("ApplicationAuthorizer")
     end
 
     it "should constantize the authorizer name as the authorizer" do
-      AbilityModel.instance_variable_set(:@authorizer, nil)
-      AbilityModel.authorizer_name.should_receive(:constantize)
-      AbilityModel.authorizer
+      ExampleModel.instance_variable_set(:@authorizer, nil)
+      ExampleModel.authorizer_name.should_receive(:constantize)
+      ExampleModel.authorizer
     end
 
     it "should memoize the authorizer to avoid reconstantizing" do
-      AbilityModel.authorizer
-      AbilityModel.authorizer_name.should_not_receive(:constantize)
-      AbilityModel.authorizer
+      ExampleModel.authorizer
+      ExampleModel.authorizer_name.should_not_receive(:constantize)
+      ExampleModel.authorizer
     end
 
     it "should raise a friendly error if the authorizer doesn't exist" do
-      class NoAuthorizerModel < AbilityModel; end ;
+      class NoAuthorizerModel < ExampleModel; end ;
       NoAuthorizerModel.instance_variable_set(:@authorizer, nil)
       NoAuthorizerModel.authorizer_name = 'NonExistentAuthorizer'
       expect { NoAuthorizerModel.authorizer }.to raise_error(Authority::NoAuthorizerError)
@@ -49,14 +49,14 @@ describe Authority::Abilities do
       method_name = "#{adjective}_by?"
 
       it "should respond to `#{method_name}`" do
-        AbilityModel.should respond_to(method_name)
+        ExampleModel.should respond_to(method_name)
       end
 
       describe "if given an options hash" do
 
         it "should delegate `#{method_name}` to its authorizer class, passing the options" do
-          AbilityModel.authorizer.should_receive(method_name).with(@user, :lacking => 'nothing')
-          AbilityModel.send(method_name, @user, :lacking => 'nothing')
+          ExampleModel.authorizer.should_receive(method_name).with(@user, :lacking => 'nothing')
+          ExampleModel.send(method_name, @user, :lacking => 'nothing')
         end
 
       end
@@ -64,8 +64,8 @@ describe Authority::Abilities do
       describe "if not given an options hash" do
 
         it "should delegate `#{method_name}` to its authorizer class, passing no options" do
-          AbilityModel.authorizer.should_receive(method_name).with(@user)
-          AbilityModel.send(method_name, @user)
+          ExampleModel.authorizer.should_receive(method_name).with(@user)
+          ExampleModel.send(method_name, @user)
         end
 
       end
@@ -77,23 +77,23 @@ describe Authority::Abilities do
   describe "instance methods" do
 
     before :each do
-      @ability_model = AbilityModel.new
-      @authorizer    = AbilityModel.authorizer.new(@ability_model)
+      @example_model = ExampleModel.new
+      @authorizer    = ExampleModel.authorizer.new(@example_model)
     end
 
     Authority.adjectives.each do |adjective|
       method_name = "#{adjective}_by?"
 
       it "should respond to `#{method_name}`" do
-        @ability_model.should respond_to(method_name)
+        @example_model.should respond_to(method_name)
       end
 
       describe "if given an options hash" do
 
         it "should delegate `#{method_name}` to a new authorizer instance, passing the options" do
-          AbilityModel.authorizer.stub(:new).and_return(@authorizer)
+          ExampleModel.authorizer.stub(:new).and_return(@authorizer)
           @authorizer.should_receive(method_name).with(@user, :with => 'mayo')
-          @ability_model.send(method_name, @user, :with => 'mayo')
+          @example_model.send(method_name, @user, :with => 'mayo')
         end
 
       end
@@ -101,9 +101,9 @@ describe Authority::Abilities do
       describe "if not given an options hash" do
         
         it "should delegate `#{method_name}` to a new authorizer instance, passing no options" do
-          AbilityModel.authorizer.stub(:new).and_return(@authorizer)
+          ExampleModel.authorizer.stub(:new).and_return(@authorizer)
           @authorizer.should_receive(method_name).with(@user)
-          @ability_model.send(method_name, @user)
+          @example_model.send(method_name, @user)
         end
 
       end
@@ -111,15 +111,15 @@ describe Authority::Abilities do
     end
 
     it "should provide an accessor for its authorizer" do
-      @ability_model.should respond_to(:authorizer)
+      @example_model.should respond_to(:authorizer)
     end
 
     # When checking instance methods, we want to ensure that every check uses a new
     # instance of the authorizer. Otherwise, you might check, make a change to the
     # model instance, check again, and get an outdated answer.
     it "should always create a new authorizer instance when accessing the authorizer" do
-      @ability_model.class.authorizer.should_receive(:new).with(@ability_model).twice
-      2.times { @ability_model.authorizer }
+      @example_model.class.authorizer.should_receive(:new).with(@example_model).twice
+      2.times { @example_model.authorizer }
     end
 
   end

data/spec/authority/authorizer_spec.rb

@@ -1,17 +1,17 @@
 require 'spec_helper'
-require 'support/ability_model'
+require 'support/example_model'
 require 'support/user'
 
 describe Authority::Authorizer do
 
   before :each do
-    @ability_model = AbilityModel.new
-    @authorizer    = @ability_model.authorizer
+    @example_model = ExampleModel.new
+    @authorizer    = @example_model.authorizer
     @user          = User.new
   end
 
   it "should take a resource instance in its initializer" do
-    @authorizer.resource.should eq(@ability_model)
+    @authorizer.resource.should eq(@example_model)
   end
 
   describe "instance methods" do

data/spec/authority/controller_spec.rb

@@ -1,5 +1,5 @@
 require 'spec_helper'
-require 'support/ability_model'
+require 'support/example_model'
 require 'support/example_controllers'
 require 'support/mock_rails'
 require 'support/user'
@@ -61,18 +61,18 @@ describe Authority::Controller do
 
     describe "DSL (class) methods" do
       it "should allow specifying the model to protect" do
-        ExampleController.authorize_actions_for AbilityModel
-        ExampleController.authority_resource.should eq(AbilityModel)
+        ExampleController.authorize_actions_for ExampleModel
+        ExampleController.authority_resource.should eq(ExampleModel)
       end
 
       it "should pass the options provided to the before filter that is set up" do
         @options = {:only => [:show, :edit, :update]}
         ExampleController.should_receive(:before_filter).with(:run_authorization_check, @options)
-        ExampleController.authorize_actions_for AbilityModel, @options
+        ExampleController.authorize_actions_for ExampleModel, @options
       end
 
       it "should allow specifying the authority action map in the `authorize_actions_for` declaration" do
-        ExampleController.authorize_actions_for AbilityModel, :actions => {:eat => 'delete'}
+        ExampleController.authorize_actions_for ExampleModel, :actions => {:eat => 'delete'}
         ExampleController.authority_action_map[:eat].should eq('delete')
       end
 
@@ -91,10 +91,16 @@ describe Authority::Controller do
       end
 
       it "should check authorization on the model specified" do
-        @controller.should_receive(:authorize_action_for).with(AbilityModel)
+        @controller.should_receive(:authorize_action_for).with(ExampleModel)
         @controller.send(:run_authorization_check)
       end
 
+      it "should pass the options provided to `authorize_action_for` downstream" do
+        @controller.stub!(:action_name).and_return(:destroy)
+        Authority.should_receive(:enforce).with('delete', ExampleModel, @user, :for => 'context')
+        @controller.send(:authorize_action_for, ExampleModel, :for => 'context')
+      end
+
       it "should raise a SecurityViolation if authorization fails" do
         expect { @controller.send(:run_authorization_check) }.to raise_error(Authority::SecurityViolation)
       end

data/spec/authority/integration_spec.rb

@@ -0,0 +1,77 @@
+require 'spec_helper'
+require 'support/example_model'
+require 'support/user'
+
+describe "integration from user through model to authorizer" do
+
+  before :each do
+    @user          = User.new
+    @example_model = ExampleModel.new
+  end
+
+  describe "class methods" do
+
+    Authority.verbs.each do |verb|
+      verb_method      = "can_#{verb}?"
+      adjective        = Authority.abilities[verb]
+      adjective_method = "#{adjective}_by?"
+
+      describe "if given an options hash" do
+
+        it "should delegate `#{adjective_method}` to its authorizer class, passing the options" do
+          ExampleModel.authorizer.should_receive(adjective_method).with(@user, :lacking => 'nothing')
+          @user.send(verb_method, ExampleModel, :lacking => 'nothing')
+        end
+
+      end
+
+      describe "if not given an options hash" do
+
+        it "should delegate `#{adjective_method}` to its authorizer class, passing no options" do
+          ExampleModel.authorizer.should_receive(adjective_method).with(@user)
+          @user.send(verb_method, @example_model)
+        end
+
+      end
+
+    end
+
+  end
+
+  describe "instance methods" do
+
+    before :each do
+      @user          = User.new
+      @example_model = ExampleModel.new
+      @authorizer    = ExampleModel.authorizer.new(@example_model)
+      ExampleModel.authorizer.stub(:new).and_return(@authorizer)
+    end
+
+    Authority.verbs.each do |verb|
+      verb_method      = "can_#{verb}?"
+      adjective        = Authority.abilities[verb]
+      adjective_method = "#{adjective}_by?"
+
+      describe "if given an options hash" do
+
+        it "should delegate `#{adjective_method}` to a new authorizer instance, passing the options" do
+          @authorizer.should_receive(adjective_method).with(@user, :consistency => 'mushy')
+          @user.send(verb_method, @example_model, :consistency => 'mushy')
+        end
+
+      end
+
+      describe "if not given an options hash" do
+        
+        it "should delegate `#{adjective_method}` to a new authorizer instance, passing no options" do
+          @authorizer.should_receive(adjective_method).with(@user)
+          @user.send(verb_method, @example_model)
+        end
+
+      end
+
+    end
+
+  end
+
+end

data/spec/authority/user_abilities_spec.rb

@@ -1,11 +1,11 @@
 require 'spec_helper'
-require 'support/ability_model'
+require 'support/example_model'
 require 'support/user'
 
 describe Authority::UserAbilities do
 
   before :each do
-    @ability_model = AbilityModel.new
+    @example_model = ExampleModel.new
     @user          = User.new
   end
 
@@ -19,8 +19,8 @@ describe Authority::UserAbilities do
     describe "if given options" do
 
       it "should delegate the authorization check to the resource, passing the options" do
-        @ability_model.should_receive("#{Authority.abilities[verb]}_by?").with(@user, :size => 'wee')
-        @user.send(method_name, @ability_model, :size => 'wee')
+        @example_model.should_receive("#{Authority.abilities[verb]}_by?").with(@user, :size => 'wee')
+        @user.send(method_name, @example_model, :size => 'wee')
       end
 
     end
@@ -28,8 +28,8 @@ describe Authority::UserAbilities do
     describe "if not given options" do
 
       it "should delegate the authorization check to the resource, passing no options" do
-        @ability_model.should_receive("#{Authority.abilities[verb]}_by?").with(@user)
-        @user.send(method_name, @ability_model)
+        @example_model.should_receive("#{Authority.abilities[verb]}_by?").with(@user)
+        @user.send(method_name, @example_model)
       end
 
     end

data/spec/authority_spec.rb

@@ -1,5 +1,5 @@
 require 'spec_helper'
-require 'support/ability_model'
+require 'support/example_model'
 require 'support/user'
 
 describe Authority do
@@ -44,12 +44,31 @@ describe Authority do
       @user = User.new
     end
 
+    describe "if given options" do
+
+      it "should check the user's authorization, passing along the options" do
+        options = { :for => 'context' }
+        @user.should_receive(:can_delete?).with(ExampleModel, options).and_return(true)
+        Authority.enforce(:delete, ExampleModel, @user, options)
+      end
+
+    end
+
+    describe "if not given options" do
+
+      it "should check the user's authorization, passing no options" do
+        @user.should_receive(:can_delete?).with(ExampleModel).and_return(true)
+        Authority.enforce(:delete, ExampleModel, @user)
+      end
+
+    end
+
     it "should raise a SecurityViolation if the action is unauthorized" do
-      expect { Authority.enforce(:update, AbilityModel, @user) }.to raise_error(Authority::SecurityViolation)
+      expect { Authority.enforce(:update, ExampleModel, @user) }.to raise_error(Authority::SecurityViolation)
     end
 
     it "should not raise a SecurityViolation if the action is authorized" do
-      expect { Authority.enforce(:read, AbilityModel, @user) }.not_to raise_error(Authority::SecurityViolation)
+      expect { Authority.enforce(:read, ExampleModel, @user) }.not_to raise_error(Authority::SecurityViolation)
     end
 
   end

data/spec/support/{ability_model.rb → example_model.rb}

@@ -1,4 +1,4 @@
-class AbilityModel
+class ExampleModel
   include Authority::Abilities
 end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authority
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-08-10 00:00:00.000000000 Z
+date: 2012-10-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &2160582080 !ruby/object:Gem::Requirement
+  requirement: &81456900 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,7 +22,7 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *2160582080
+  version_requirements: *81456900
 description: Authority helps you authorize actions in your Rails app. It's ORM-neutral
   and has very little fancy syntax; just group your models under one or more Authorizer
   classes and write plain Ruby methods on them.
@@ -63,11 +63,12 @@ files:
 - spec/authority/authorizer_spec.rb
 - spec/authority/configuration_spec.rb
 - spec/authority/controller_spec.rb
+- spec/authority/integration_spec.rb
 - spec/authority/user_abilities_spec.rb
 - spec/authority_spec.rb
 - spec/spec_helper.rb
-- spec/support/ability_model.rb
 - spec/support/example_controllers.rb
+- spec/support/example_model.rb
 - spec/support/mock_rails.rb
 - spec/support/user.rb
 homepage: https://github.com/nathanl/authority
@@ -90,20 +91,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.16
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: Authority helps you authorize actions in your Rails app using plain Ruby
   methods on Authorizer classes.
-test_files:
-- spec/authority/abilities_spec.rb
-- spec/authority/authorizer_spec.rb
-- spec/authority/configuration_spec.rb
-- spec/authority/controller_spec.rb
-- spec/authority/user_abilities_spec.rb
-- spec/authority_spec.rb
-- spec/spec_helper.rb
-- spec/support/ability_model.rb
-- spec/support/example_controllers.rb
-- spec/support/mock_rails.rb
-- spec/support/user.rb
+test_files: []