authority 2.9.0 → 2.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 49f7f09d33ece9e1d0f128c629d5963fbcf55c5b
-  data.tar.gz: 7978825534fc7412ed65cba9a531b0733d331100
+  metadata.gz: fdf6a52e9cb60311ecce6e69f4ee02cf0505596a
+  data.tar.gz: 89a0bca5f2c35bbc1983a11fd5e76906abe517dc
 SHA512:
-  metadata.gz: dd93e0ddda2bec80acf414af069344af29ee3ee287b1143d9bd7fff623bbf3bcdee6d2ca582665c8f9e60ccbbf4c6a3e223fb0414d4ec99bd840543864455ea0
-  data.tar.gz: a499cccc078b3777bf4543266976eb0d1df26951fca5a4419b7c7b813a1bbcae279b7ac4c0a03c03b3c54f4230fcb67d8c0d163deb16e9162579adeef39cab20
+  metadata.gz: 232f1fa7a9aa66327c3ebc955d5a9b4132762f0d4e484a12c8731428034fc07533a138a76ec7795fb282283fd2476dd9a1480747ea8291c6786a9ec06d8fcbc1
+  data.tar.gz: ad56524c7282089b1bd2fd49f7bf5b76ccddc9fdd6ae1043a4394227978ceeb7e302022af1db47b988eea1e33fcf1e937af856b87677aeb3cf3f88f7184ca5cd

data/.travis.yml

@@ -4,10 +4,10 @@ rvm:
   - 1.9.2
   - 1.9.3
   - 2.0.0
+  - 2.1.0
   - jruby-18mode # JRuby in 1.8 mode
   - jruby-19mode # JRuby in 1.9 mode
-  - rbx-18mode
-  - rbx-19mode
+  - rbx
 
 gemfile:
   - gemfiles/3.0.gemfile
@@ -23,5 +23,5 @@ matrix:
       gemfile: gemfiles/4.0.gemfile
     - rvm: jruby-18mode
       gemfile: gemfiles/4.0.gemfile
-    - rvm: rbx-18mode
+    - rvm: rbx
       gemfile: gemfiles/4.0.gemfile

data/CHANGELOG.markdown

@@ -2,6 +2,11 @@
 
 Authority does its best to use [semantic versioning](http://semver.org).
 
+## v2.10.0
+
+- Ability to return options when looking up a class for `authorize_actions_for`, thanks to [Adam Milligan](https://github.com/orchardadam)
+- Small refactor in controller code, thanks to [Stacey Touset](https://github.com/capicue)
+
 ## v2.9.0
 
 Add `all_actions` option for `authorize_actions_for`, thanks to [Igor Davydov](https://github.com/div). 

data/README.markdown

@@ -250,7 +250,7 @@ class ApplicationAuthorizer < Authority::Authorizer
 
   protected
 
-  def has_role_granting(user, able)
+  def has_role_granting?(user, able)
     # Does the user have any of the roles which give this permission?
     (roles_which_grant(able) & user.roles).any?
   end
@@ -390,9 +390,11 @@ class LlamasController < ApplicationController
   authorize_actions_for :llama_class
 
   def llama_class
-    # In a real application, you would choose your llama class
-    # much more carefully
+    # This method can simply return a class...
     [StandardLlama, LludicrousLlama].sample
+
+    # ... or an array with a class and some options
+    [OptionLladenLlama, {country: 'Peru'}]
   end
 end
 ```

data/lib/authority.rb

@@ -37,10 +37,10 @@ module Authority
     unless action_authorized?(action, resource, user, options)
       raise SecurityViolation.new(user, action, resource)
     end
-    resource
   end
 
   def self.action_authorized?(action, resource, user, options = {})
+    raise MissingUser if user.nil?
     resource_and_maybe_options = [resource, options].tap {|args| args.pop if args.last == {}}
     user.send("can_#{action}?", *resource_and_maybe_options)
   end
@@ -69,6 +69,30 @@ module Authority
     require 'authority/user_abilities'
   end
 
+  class MissingUser < StandardError
+    def message
+      "You tried to check authorization on `nil`. Authority doesn't know what
+      `nil` is allowed to do.  There are two ways you can fix this.
+
+      1. Authenticate before authorizing. If the user isn't signed in, force
+      them to sign in before they can attempt any action that requires
+      authorization.
+
+      2. When the user is not signed in, return a Null Object instead of
+      `nil`. (You could create an AnonymousUser class, for example.) It should
+      respond to the normal methods Authority will call (like `can_delete?`),
+      possibly by including `Authority::UserAbilities` and teaching your authorizers
+      what an anonymous user can do.
+
+      The downside of solution #2 is that a user who forgot to sign in will be
+      told they are not authorized for an action they could normally do. This might
+      be confusing.
+
+      However, you might use both strategies in different parts of your application.
+      "
+    end
+  end
+
 end
 
 require 'authority/configuration'

data/lib/authority/controller.rb

@@ -43,7 +43,8 @@ module Authority
       # ones and any other options applicable to a before_filter
       def authorize_actions_for(resource_or_finder, options = {})
         self.authority_resource = resource_or_finder
-        authority_actions(overridden_actions(options))
+        add_actions(options.fetch(:actions, {}))
+        force_action(options[:all_actions]) if options[:all_actions]
         before_filter :run_authorization_check, options
       end
 
@@ -51,8 +52,9 @@ module Authority
       #
       # @param [Hash] action_map - controller actions and methods, to be merged with existing action_map
       def authority_actions(action_map)
-        authority_action_map.merge!(overridden_actions(action_map))
-        authority_action_map.merge!(action_map.symbolize_keys)
+        forced_action = action_map.delete(:all_actions)
+        add_actions(action_map)
+        force_action(forced_action) if forced_action
       end
 
       def authority_action(action_map)
@@ -78,13 +80,24 @@ module Authority
         @authority_action_map ||= Authority.configuration.controller_action_map.dup
       end
 
-      def overridden_actions(options = {})
-        if forced_action = options.fetch(:all_actions, false)
-          overridden_actions = authority_action_map.inject({}) { |hash, (key, val)| hash.tap { |h| h[key] = forced_action } }
-        end
-        overridden_actions || options.fetch(:actions, {})
+      # Adds the passed in actions to the current action map.
+      #
+      # @param [Hash] action_map - controller actions and methods to be merged
+      # with the existing action map
+      def add_actions(action_map)
+        authority_action_map.merge!(action_map)
       end
 
+      # Updates the current action map to use the forced action for all of it's
+      # actions.
+      #
+      # @param [String OR Symbol] forced_action - the authority action to use
+      # for all Rails actions in the action map
+      def force_action(forced_action)
+        add_actions(
+          Hash[authority_action_map.map {|key, _| [key, forced_action] }]
+        )
+      end
     end
 
     protected
@@ -120,7 +133,7 @@ module Authority
     # The `before_filter` that will be setup to run when the class method
     # `authorize_actions_for` is called
     def run_authorization_check
-      authorize_action_for instance_authority_resource
+      authorize_action_for(*instance_authority_resource)
     end
 
     def instance_authority_resource

data/lib/authority/version.rb

@@ -1,3 +1,3 @@
 module Authority
-  VERSION = "2.9.0"
+  VERSION = "2.10.0"
 end

data/spec/authority/controller_spec.rb

@@ -109,16 +109,24 @@ describe Authority::Controller do
         it "if :all_actions option is given, it overrides the action hash to use the action given" do
           overridden_action_map = controller_class.authority_action_map
           overridden_action_map.update(overridden_action_map) {|k,v| v = :annihilate}
-          child_controller.should_receive(:authority_actions).with(overridden_action_map)
           child_controller.authorize_actions_for(resource_class, :all_actions => :annihilate)
+          child_controller.authority_action_map.should eq(overridden_action_map)
         end
 
-        it "passes the action hash to the `authority_actions` method" do
+        it "passes the action hash to the `add_actions` method" do
           new_actions = {:synthesize => :create, :annihilate => 'delete'}
-          child_controller.should_receive(:authority_actions).with(new_actions)
+          child_controller.should_receive(:add_actions).with(new_actions)
           child_controller.authorize_actions_for(resource_class, :actions => new_actions)
         end
 
+        it "updates the action map if :actions option is given" do
+          updated_map = child_controller.authority_action_map
+          updated_map[:synthesize] = :create
+          new_actions = {:synthesize => :create}
+          child_controller.authorize_actions_for(resource_class, :actions => new_actions)
+          expect(child_controller.authority_action_map).to eq(updated_map)
+        end
+
       end
 
       describe "authority_resource" do
@@ -178,25 +186,6 @@ describe Authority::Controller do
 
       end
 
-      describe "overridden_actions" do
-
-        it "overrides authority action map if option :all_actions is present" do
-          options = { :all_actions => :display, :actions => {:show => :display, :synthesize => :create} }
-          expect(controller_class.overridden_actions(options).values.uniq).to eq([:display])
-        end
-
-        it "returns :actions hash if option :all_actions is not present" do
-          options = { :actions => {:show => :display, :synthesize => :create, :annihilate => 'delete'} }
-          expect(controller_class.overridden_actions(options)).to eq(options[:actions])
-        end
-
-        it "returns an empty hash if no :all_actions nor :actions options present" do
-          options = { :show => :display, :synthesize => :create, :annihilate => 'delete' }
-          expect(controller_class.overridden_actions(options)).to eq({})
-        end
-
-      end
-
       describe "ensure_authorization_performed" do
 
         let(:controller_instance) { controller_class.new }
@@ -294,13 +283,28 @@ describe Authority::Controller do
 
           context "if the controller has such an instance method" do
 
-            before :each do
-              controller_instance.stub(:method_to_find_class).and_return(resource_class)
+            context "and the method returns a class" do
+              before :each do
+                controller_instance.stub(:method_to_find_class).and_return(resource_class)
+              end
+
+              it "checks authorization on that class" do
+                controller_instance.should_receive(:authorize_action_for).with(resource_class)
+                controller_instance.send(:run_authorization_check)
+              end
             end
 
-            it "checks authorization on class returned by that method" do
-              controller_instance.should_receive(:authorize_action_for).with(resource_class)
-              controller_instance.send(:run_authorization_check)
+            context "and the method returns an array containing a class and some options" do
+              let(:some_options) { { :a => 1, :b => 2 } }
+
+              before :each do
+                controller_instance.stub(:method_to_find_class).and_return([resource_class, some_options])
+              end
+
+              it "checks authorization on that class and passes the options" do
+                controller_instance.should_receive(:authorize_action_for).with(resource_class, some_options)
+                controller_instance.send(:run_authorization_check)
+              end
             end
 
           end

data/spec/authority_spec.rb

@@ -39,34 +39,49 @@ describe Authority do
 
   describe "enforcement" do
 
-    let(:user)           { ExampleUser.new }
     let(:resource_class) { ExampleResource }
 
-    describe "when given options" do
+    describe "when given a user object" do
+
+      let(:user)           { ExampleUser.new }
+
+      describe "when given options" do
+
+        it "checks the user's authorization, passing along the options" do
+          options = { :for => 'context' }
+          user.should_receive(:can_delete?).with(resource_class, options).and_return(true)
+          Authority.enforce(:delete, resource_class, user, options)
+        end
 
-      it "checks the user's authorization, passing along the options" do
-        options = { :for => 'context' }
-        user.should_receive(:can_delete?).with(resource_class, options).and_return(true)
-        Authority.enforce(:delete, resource_class, user, options)
       end
 
-    end
+      describe "when not given options" do
 
-    describe "when not given options" do
+        it "checks the user's authorization, passing no options" do
+          user.should_receive(:can_delete?).with(resource_class).and_return(true)
+          Authority.enforce(:delete, resource_class, user)
+        end
 
-      it "checks the user's authorization, passing no options" do
-        user.should_receive(:can_delete?).with(resource_class).and_return(true)
-        Authority.enforce(:delete, resource_class, user)
       end
 
-    end
+      it "raises a SecurityViolation if the action is unauthorized" do
+        expect { Authority.enforce(:update, resource_class, user) }.to raise_error(Authority::SecurityViolation)
+      end
+
+      it "doesn't raise a SecurityViolation if the action is authorized" do
+        expect { Authority.enforce(:read, resource_class, user) }.not_to raise_error()
+      end
 
-    it "raises a SecurityViolation if the action is unauthorized" do
-      expect { Authority.enforce(:update, resource_class, user) }.to raise_error(Authority::SecurityViolation)
     end
 
-    it "doesn't raise a SecurityViolation if the action is authorized" do
-      expect { Authority.enforce(:read, resource_class, user) }.not_to raise_error()
+    describe "when given a nil user" do
+
+      let(:user) { nil }
+
+      it "raises a helpful error" do
+        expect { Authority.enforce(:update, resource_class, user) }.to raise_error(Authority::MissingUser)
+      end
+
     end
 
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: authority
 version: !ruby/object:Gem::Version
-  version: 2.9.0
+  version: 2.10.0
 platform: ruby
 authors:
 - Nathan Long
@@ -9,34 +9,34 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-03 00:00:00.000000000 Z
+date: 2014-04-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 3.0.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.8.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.8.7
 description: Authority helps you authorize actions in your Rails app. It's ORM-neutral
@@ -49,9 +49,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".gitignore"
+- ".rspec"
+- ".travis.yml"
 - CHANGELOG.markdown
 - CONTRIBUTING.markdown
 - Gemfile
@@ -97,17 +97,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.2.0
 signing_key: 
 specification_version: 4
 summary: Authority helps you authorize actions in your Rails app using plain Ruby