authority 0.2.0 → 0.3.0

data/README.md

@@ -7,11 +7,11 @@
 No time for reading! Reading is for chumps! Here's the skinny:
 
 - Install in your Rails project
-- Put this in your controllers: `check_authorization_on ModelName`
+- Put this in your controllers: `check_authorization_on YourModelNameHere` (the model that controller works with)
 - Put this in your models:  `include Authority::Abilities`
-- For each model you have, create a corresponding Authorization file. For example, for `app/models/lolcat.rb`, create `app/authorizations/lolcat_authorization.rb` with an empty class inheriting from `Authorization`.
-- Add class methods to that authorization to set rules that can be enforced just by looking at the resource class, like "this user cannot create Lolcats, period."
-- Add instance methods to that authorization to set rules that need to look at a resource instance, like "a user can only edit a Lolcat if it belongs to that user and has not been marked as 'classic'".
+- For each model you have, create a corresponding `YourModelNameHereAuthorizer`. For example, for `app/models/lolcat.rb`, create `app/authorizers/lolcat_authorizer.rb` with an empty class inheriting from `Authority::Authorizer`.
+- Add class methods to that authorizer to set rules that can be enforced just by looking at the resource class, like "this user cannot create Lolcats, period."
+- Add instance methods to that authorizer to set rules that need to look at a resource instance, like "a user can only edit a Lolcat if it belongs to that user and has not been marked as 'classic'".
 
 ## Overview
 
@@ -148,7 +148,6 @@ If you update your authorizer as follows:
 ## TODO
 
 - Document syntax for checking rules during a controller action
-- Rename Authorization to Authorizer
 - Update generator to create an authorizer for every model
 - Generator
   - Add generators or hook into existing rails generators

data/lib/authority/abilities.rb

@@ -21,7 +21,15 @@ module Authority
       end
 
       def authorizer
-        @authorizer ||= authorizer_name.constantize
+        begin
+          @authorizer ||= authorizer_name.constantize
+        rescue StandardError => e
+          if e.is_a?(NameError)
+            raise Authority::NoAuthorizerError.new("#{authorizer_name} does not exist in your application")
+          else
+            raise e
+          end
+        end
       end
     end
 

data/lib/authority/authorizer.rb

@@ -24,4 +24,6 @@ module Authority
     end
 
   end
+
+  class NoAuthorizerError < StandardError ; end ;
 end

data/lib/authority/controller.rb

@@ -3,7 +3,7 @@ module Authority
     extend ActiveSupport::Concern
 
     included do
-      rescue_from Authority::SecurityTransgression, :with => 'forbidden'
+      rescue_from Authority::SecurityTransgression, :with => :authority_forbidden
       class_attribute :authority_resource
       class_attribute :authority_actions
     end

data/lib/authority/railtie.rb

@@ -4,7 +4,7 @@ module Authority
   class Railtie < ::Rails::Railtie
 
     initializer "authority.controller" do
-      ApplicationController.send(:include, Authority::Controller)
+      ActionController::Base.send(:include, Authority::Controller)
     end
 
   end

data/lib/authority/version.rb

@@ -1,3 +1,3 @@
 module Authority
-  VERSION = "0.2.0"
+  VERSION = "0.3.0"
 end

data/spec/authority/abilities_spec.rb

@@ -1,5 +1,6 @@
 require 'spec_helper'
 require 'support/ability_model'
+require 'support/no_authorizer_model'
 require 'support/user'
 
 describe Authority::Abilities do
@@ -34,6 +35,10 @@ describe Authority::Abilities do
       AbilityModel.authorizer
     end
 
+    it "should raise a friendly error if the authorizer doesn't exist" do
+      expect { NoAuthorizerModel.authorizer }.to raise_error(Authority::NoAuthorizerError)
+    end
+
   end
 
   describe "class methods" do

data/spec/authority/controller_spec.rb

@@ -9,7 +9,7 @@ describe Authority::Controller do
   describe "when including" do
     it "should specify rescuing security transgressions" do
       class DummyController < ExampleController ; end
-      DummyController.should_receive(:rescue_from).with(Authority::SecurityTransgression, :with => 'forbidden')
+      DummyController.should_receive(:rescue_from).with(Authority::SecurityTransgression, :with => :authority_forbidden)
       DummyController.send(:include, Authority::Controller)
     end
   end

data/spec/support/no_authorizer_model.rb

@@ -0,0 +1,5 @@
+# No corresponding Authorizer is defined for this model
+
+class NoAuthorizerModel
+  include Authority::Abilities
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authority
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
   prerelease: 
 platform: ruby
 authors:
@@ -14,7 +14,7 @@ date: 2012-03-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &2152320300 !ruby/object:Gem::Requirement
+  requirement: &2160392740 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *2152320300
+  version_requirements: *2160392740
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &2152319760 !ruby/object:Gem::Requirement
+  requirement: &2160392220 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,7 +33,7 @@ dependencies:
         version: 1.0.0
   type: :development
   prerelease: false
-  version_requirements: *2152319760
+  version_requirements: *2160392220
 description: Gem for managing authorization on model actions in Rails
 email:
 - nathanmlong@gmail.com
@@ -70,6 +70,7 @@ files:
 - spec/support/ability_model.rb
 - spec/support/example_controller.rb
 - spec/support/mock_rails.rb
+- spec/support/no_authorizer_model.rb
 - spec/support/user.rb
 homepage: https://github.com/nathanl/authority
 licenses: []
@@ -107,4 +108,5 @@ test_files:
 - spec/support/ability_model.rb
 - spec/support/example_controller.rb
 - spec/support/mock_rails.rb
+- spec/support/no_authorizer_model.rb
 - spec/support/user.rb