authority 2.3.0 → 2.3.1

data/README.markdown

@@ -370,7 +370,16 @@ If the user isn't allowed to edit widgets, they won't see the link. If they're n
 Authority is organized around protecting resources. But **occasionally** you **may** need to authorize something that has no particular resource. For that, it provides the generic `can?` method. It works like this:
 
 ```ruby
-  current_user.can?(:view_stats_dashboard) # calls `ApplicationAuthorizer.can_view_stats_dashboard?`
+current_user.can?(:view_stats_dashboard) # calls `ApplicationAuthorizer.authorizes_to_view_stats_dashboard?`
+current_user.can?(:view_stats_dashboard, :on => :tuesdays, :with => :tea) # same, passing the options
+
+# application_authorizer.rb
+class ApplicationAuthorizer < Authority::Authorizer
+  # ...
+  def self.authorizes_to_view_stats_dashboard?(user, options = {})
+    user.has_role?(:manager) # or whatever
+  end
+end
 ```
 
 Use this very sparingly, and consider it a [code smell](http://en.wikipedia.org/wiki/Code_smell). Overuse will turn your `ApplicationAuthorizer` into a junk drawer of methods. Ask yourself, "am I sure I don't have a resource for this? Should I have one?"
@@ -389,7 +398,7 @@ You can define your own `authority_forbidden` method:
 ```ruby
 # Send 'em back where they came from with a slap on the wrist
 def authority_forbidden(exception)
-  Authority.configuration.logger.warn(error.message)
+  Authority.logger.warn(error.message)
   redirect_to request.referrer.presence || root_path, :alert => 'You are not authorized to complete that action.'
 end
 ```

data/TODO.markdown

@@ -6,6 +6,10 @@
 - Test `ActionController` integration
 - Add tests for the generators
 
+## Code
+
+- Look into using the `Forwardable` module for delegation in various places. (Does it handle passing options if given and nothing if not?)
+
 ## Structural changes
 
 - Consider the huge change from authorizer objects to modules for permissions. This eliminates the awkwardness of "to check a resource instance, let's go instantiate an authorizer and give it this resource instance..." If we make this change, describe a detailed upgrade path.

data/lib/authority.rb

@@ -57,6 +57,10 @@ module Authority
     configuration
   end
 
+  def self.logger
+    @logger ||= configuration.logger
+  end
+
   private
 
   def self.require_authority_internals!

data/lib/authority/controller.rb

@@ -38,7 +38,7 @@ module Authority
       end
 
       def authority_action(action_map)
-        puts "Authority's `authority_action` method has been renamed \
+        Authority.logger.warn "Authority's `authority_action` method has been renamed \
         to `authority_actions` (plural) to reflect the fact that you can \
         set multiple actions in one shot. Please update your controllers \
         accordingly. (called from #{caller.first})".squeeze(' ')
@@ -77,7 +77,7 @@ module Authority
     #
     # @param [Exception] error, an error that indicates the user tried to perform a forbidden action.
     def authority_forbidden(error)
-      Authority.configuration.logger.warn(error.message)
+      Authority.logger.warn(error.message)
       render :file => Rails.root.join('public', '403.html'), :status => 403, :layout => false
     end
 

data/lib/authority/user_abilities.rb

@@ -20,8 +20,21 @@ module Authority
       RUBY
     end
 
-    def can?(action)
-      ApplicationAuthorizer.send("can_#{action}?", self)
+    def can?(action, options = {})
+      begin
+        ApplicationAuthorizer.send("authorizes_to_#{action}?", self, options)
+      rescue NoMethodError => original_exception
+        begin
+          # For backwards compatibility
+          response = ApplicationAuthorizer.send("can_#{action}?", self, options)
+          Authority.logger.warn(
+            "DEPRECATION WARNING: Please rename `ApplicationAuthorizer.can_#{action}?` to `authorizes_to_#{action}?`"
+          )
+          response
+        rescue NoMethodError => new_exception
+          raise original_exception
+        end
+      end
     end
 
   end

data/lib/authority/version.rb

@@ -1,3 +1,3 @@
 module Authority
-  VERSION = "2.3.0"
+  VERSION = "2.3.1"
 end

data/lib/generators/templates/authority_initializer.rb

@@ -64,7 +64,7 @@ Authority.configure do |config|
   #
   # Some possible settings:
   # config.logger = Rails.logger                     # Log with all your app's other messages
-  # config.logger = Logger.new('log/authority.log') # Use this file
+  # config.logger = Logger.new('log/authority.log')  # Use this file
   # config.logger = Logger.new('/dev/null')          # Don't log at all (on a Unix system)
 
 end

data/spec/authority/configuration_spec.rb

@@ -19,7 +19,7 @@ describe Authority::Configuration do
         logger = Logger.new(null)
         Logger.should_receive(:new).with(STDERR).and_return(logger)
         Authority.configure
-        Authority.configuration.logger
+        Authority.logger
       end
 
     end

data/spec/authority/controller_spec.rb

@@ -191,14 +191,14 @@ describe Authority::Controller do
         let(:mock_error) { mock(:message => 'oh noes! an error!') }
 
         it "logs an error" do
-          Authority.configuration.logger.should_receive(:warn)
+          Authority.logger.should_receive(:warn)
           controller_instance.stub(:render)
           controller_instance.send(:authority_forbidden, mock_error)
         end
 
         it "renders the public/403.html file" do
           forbidden_page = Rails.root.join('public/403.html')
-          Authority.configuration.logger.stub(:warn)
+          Authority.logger.stub(:warn)
           controller_instance.should_receive(:render).with(:file => forbidden_page, :status => 403, :layout => false)
           controller_instance.send(:authority_forbidden, mock_error)
         end

data/spec/authority/user_abilities_spec.rb

@@ -39,9 +39,56 @@ describe Authority::UserAbilities do
 
   describe "using `can?` for non-resource-specific checks" do
 
-    it "checks with ApplicationAuthorizer" do
-      ApplicationAuthorizer.should_receive(:can_mimic_lemurs?).with(user)
-      user.can?(:mimic_lemurs)
+    context "when ApplicationAuthorizer responds to a matching `authorizes_to?` call" do
+
+      before :each do
+        ApplicationAuthorizer.stub(:authorizes_to_mimic_lemurs?).and_return('yessir')
+      end
+
+      it "uses the `authorizes_to` return value" do
+        expect(user.can?(:mimic_lemurs)).to eq('yessir')
+      end
+
+    end
+
+    context "when ApplicationAuthorizer does not respond to a matching `authorizes_to?` call" do
+
+      before :each do
+        ApplicationAuthorizer.stub(:authorizes_to_mimic_lemurs?).and_raise(NoMethodError.new('eh?'))
+      end
+
+      context "when ApplicationAuthorizer responds to a matching `can` call" do
+
+        before :each do
+          ApplicationAuthorizer.stub(:can_mimic_lemurs?).and_return('thumbs up!')
+          Authority.logger.stub(:warn)
+        end
+
+        it "uses the `can` return value (for backwards compatibility)" do
+          expect(user.can?(:mimic_lemurs)).to eq('thumbs up!')
+        end
+
+        it "sends a deprecation warning" do
+          Authority.logger.should_receive(:warn).with(
+            "DEPRECATION WARNING: Please rename `ApplicationAuthorizer.can_mimic_lemurs?` to `authorizes_to_mimic_lemurs?`"
+          )
+          user.can?(:mimic_lemurs)
+        end
+
+      end
+
+      context "when ApplicationAuthorizer does not respond to a matching `can` call" do
+
+        before(:each) do
+          ApplicationAuthorizer.stub(:can_mimic_lemurs?).and_raise(NoMethodError.new('whaaa?'))
+        end
+
+        it "re-raises the NoMethodError from the missing `authorizes_to?`" do
+          expect{user.can?(:mimic_lemurs)}.to raise_error(NoMethodError, 'eh?')
+        end
+
+      end
+
     end
 
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authority
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.3.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-12-09 00:00:00.000000000 Z
+date: 2012-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &69990830 !ruby/object:Gem::Requirement
+  requirement: &2152639540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,7 +22,7 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *69990830
+  version_requirements: *2152639540
 description: Authority helps you authorize actions in your Rails app. It's ORM-neutral
   and has very little fancy syntax; just group your models under one or more Authorizer
   classes and write plain Ruby methods on them.
@@ -90,9 +90,19 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.10
+rubygems_version: 1.8.16
 signing_key: 
 specification_version: 3
 summary: Authority helps you authorize actions in your Rails app using plain Ruby
   methods on Authorizer classes.
-test_files: []
+test_files:
+- spec/authority/abilities_spec.rb
+- spec/authority/authorizer_spec.rb
+- spec/authority/configuration_spec.rb
+- spec/authority/controller_spec.rb
+- spec/authority/integration_spec.rb
+- spec/authority/user_abilities_spec.rb
+- spec/authority_spec.rb
+- spec/spec_helper.rb
+- spec/support/example_classes.rb
+- spec/support/mock_rails.rb