authority 2.3.0 → 2.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/README.markdown CHANGED
@@ -370,7 +370,16 @@ If the user isn't allowed to edit widgets, they won't see the link. If they're n
370
370
  Authority is organized around protecting resources. But **occasionally** you **may** need to authorize something that has no particular resource. For that, it provides the generic `can?` method. It works like this:
371
371
 
372
372
  ```ruby
373
- current_user.can?(:view_stats_dashboard) # calls `ApplicationAuthorizer.can_view_stats_dashboard?`
373
+ current_user.can?(:view_stats_dashboard) # calls `ApplicationAuthorizer.authorizes_to_view_stats_dashboard?`
374
+ current_user.can?(:view_stats_dashboard, :on => :tuesdays, :with => :tea) # same, passing the options
375
+
376
+ # application_authorizer.rb
377
+ class ApplicationAuthorizer < Authority::Authorizer
378
+ # ...
379
+ def self.authorizes_to_view_stats_dashboard?(user, options = {})
380
+ user.has_role?(:manager) # or whatever
381
+ end
382
+ end
374
383
  ```
375
384
 
376
385
  Use this very sparingly, and consider it a [code smell](http://en.wikipedia.org/wiki/Code_smell). Overuse will turn your `ApplicationAuthorizer` into a junk drawer of methods. Ask yourself, "am I sure I don't have a resource for this? Should I have one?"
@@ -389,7 +398,7 @@ You can define your own `authority_forbidden` method:
389
398
  ```ruby
390
399
  # Send 'em back where they came from with a slap on the wrist
391
400
  def authority_forbidden(exception)
392
- Authority.configuration.logger.warn(error.message)
401
+ Authority.logger.warn(error.message)
393
402
  redirect_to request.referrer.presence || root_path, :alert => 'You are not authorized to complete that action.'
394
403
  end
395
404
  ```
data/TODO.markdown CHANGED
@@ -6,6 +6,10 @@
6
6
  - Test `ActionController` integration
7
7
  - Add tests for the generators
8
8
 
9
+ ## Code
10
+
11
+ - Look into using the `Forwardable` module for delegation in various places. (Does it handle passing options if given and nothing if not?)
12
+
9
13
  ## Structural changes
10
14
 
11
15
  - Consider the huge change from authorizer objects to modules for permissions. This eliminates the awkwardness of "to check a resource instance, let's go instantiate an authorizer and give it this resource instance..." If we make this change, describe a detailed upgrade path.
data/lib/authority.rb CHANGED
@@ -57,6 +57,10 @@ module Authority
57
57
  configuration
58
58
  end
59
59
 
60
+ def self.logger
61
+ @logger ||= configuration.logger
62
+ end
63
+
60
64
  private
61
65
 
62
66
  def self.require_authority_internals!
@@ -38,7 +38,7 @@ module Authority
38
38
  end
39
39
 
40
40
  def authority_action(action_map)
41
- puts "Authority's `authority_action` method has been renamed \
41
+ Authority.logger.warn "Authority's `authority_action` method has been renamed \
42
42
  to `authority_actions` (plural) to reflect the fact that you can \
43
43
  set multiple actions in one shot. Please update your controllers \
44
44
  accordingly. (called from #{caller.first})".squeeze(' ')
@@ -77,7 +77,7 @@ module Authority
77
77
  #
78
78
  # @param [Exception] error, an error that indicates the user tried to perform a forbidden action.
79
79
  def authority_forbidden(error)
80
- Authority.configuration.logger.warn(error.message)
80
+ Authority.logger.warn(error.message)
81
81
  render :file => Rails.root.join('public', '403.html'), :status => 403, :layout => false
82
82
  end
83
83
 
@@ -20,8 +20,21 @@ module Authority
20
20
  RUBY
21
21
  end
22
22
 
23
- def can?(action)
24
- ApplicationAuthorizer.send("can_#{action}?", self)
23
+ def can?(action, options = {})
24
+ begin
25
+ ApplicationAuthorizer.send("authorizes_to_#{action}?", self, options)
26
+ rescue NoMethodError => original_exception
27
+ begin
28
+ # For backwards compatibility
29
+ response = ApplicationAuthorizer.send("can_#{action}?", self, options)
30
+ Authority.logger.warn(
31
+ "DEPRECATION WARNING: Please rename `ApplicationAuthorizer.can_#{action}?` to `authorizes_to_#{action}?`"
32
+ )
33
+ response
34
+ rescue NoMethodError => new_exception
35
+ raise original_exception
36
+ end
37
+ end
25
38
  end
26
39
 
27
40
  end
@@ -1,3 +1,3 @@
1
1
  module Authority
2
- VERSION = "2.3.0"
2
+ VERSION = "2.3.1"
3
3
  end
@@ -64,7 +64,7 @@ Authority.configure do |config|
64
64
  #
65
65
  # Some possible settings:
66
66
  # config.logger = Rails.logger # Log with all your app's other messages
67
- # config.logger = Logger.new('log/authority.log') # Use this file
67
+ # config.logger = Logger.new('log/authority.log') # Use this file
68
68
  # config.logger = Logger.new('/dev/null') # Don't log at all (on a Unix system)
69
69
 
70
70
  end
@@ -19,7 +19,7 @@ describe Authority::Configuration do
19
19
  logger = Logger.new(null)
20
20
  Logger.should_receive(:new).with(STDERR).and_return(logger)
21
21
  Authority.configure
22
- Authority.configuration.logger
22
+ Authority.logger
23
23
  end
24
24
 
25
25
  end
@@ -191,14 +191,14 @@ describe Authority::Controller do
191
191
  let(:mock_error) { mock(:message => 'oh noes! an error!') }
192
192
 
193
193
  it "logs an error" do
194
- Authority.configuration.logger.should_receive(:warn)
194
+ Authority.logger.should_receive(:warn)
195
195
  controller_instance.stub(:render)
196
196
  controller_instance.send(:authority_forbidden, mock_error)
197
197
  end
198
198
 
199
199
  it "renders the public/403.html file" do
200
200
  forbidden_page = Rails.root.join('public/403.html')
201
- Authority.configuration.logger.stub(:warn)
201
+ Authority.logger.stub(:warn)
202
202
  controller_instance.should_receive(:render).with(:file => forbidden_page, :status => 403, :layout => false)
203
203
  controller_instance.send(:authority_forbidden, mock_error)
204
204
  end
@@ -39,9 +39,56 @@ describe Authority::UserAbilities do
39
39
 
40
40
  describe "using `can?` for non-resource-specific checks" do
41
41
 
42
- it "checks with ApplicationAuthorizer" do
43
- ApplicationAuthorizer.should_receive(:can_mimic_lemurs?).with(user)
44
- user.can?(:mimic_lemurs)
42
+ context "when ApplicationAuthorizer responds to a matching `authorizes_to?` call" do
43
+
44
+ before :each do
45
+ ApplicationAuthorizer.stub(:authorizes_to_mimic_lemurs?).and_return('yessir')
46
+ end
47
+
48
+ it "uses the `authorizes_to` return value" do
49
+ expect(user.can?(:mimic_lemurs)).to eq('yessir')
50
+ end
51
+
52
+ end
53
+
54
+ context "when ApplicationAuthorizer does not respond to a matching `authorizes_to?` call" do
55
+
56
+ before :each do
57
+ ApplicationAuthorizer.stub(:authorizes_to_mimic_lemurs?).and_raise(NoMethodError.new('eh?'))
58
+ end
59
+
60
+ context "when ApplicationAuthorizer responds to a matching `can` call" do
61
+
62
+ before :each do
63
+ ApplicationAuthorizer.stub(:can_mimic_lemurs?).and_return('thumbs up!')
64
+ Authority.logger.stub(:warn)
65
+ end
66
+
67
+ it "uses the `can` return value (for backwards compatibility)" do
68
+ expect(user.can?(:mimic_lemurs)).to eq('thumbs up!')
69
+ end
70
+
71
+ it "sends a deprecation warning" do
72
+ Authority.logger.should_receive(:warn).with(
73
+ "DEPRECATION WARNING: Please rename `ApplicationAuthorizer.can_mimic_lemurs?` to `authorizes_to_mimic_lemurs?`"
74
+ )
75
+ user.can?(:mimic_lemurs)
76
+ end
77
+
78
+ end
79
+
80
+ context "when ApplicationAuthorizer does not respond to a matching `can` call" do
81
+
82
+ before(:each) do
83
+ ApplicationAuthorizer.stub(:can_mimic_lemurs?).and_raise(NoMethodError.new('whaaa?'))
84
+ end
85
+
86
+ it "re-raises the NoMethodError from the missing `authorizes_to?`" do
87
+ expect{user.can?(:mimic_lemurs)}.to raise_error(NoMethodError, 'eh?')
88
+ end
89
+
90
+ end
91
+
45
92
  end
46
93
 
47
94
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: authority
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.3.0
4
+ version: 2.3.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -10,11 +10,11 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2012-12-09 00:00:00.000000000 Z
13
+ date: 2012-12-10 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: rails
17
- requirement: &69990830 !ruby/object:Gem::Requirement
17
+ requirement: &2152639540 !ruby/object:Gem::Requirement
18
18
  none: false
19
19
  requirements:
20
20
  - - ! '>='
@@ -22,7 +22,7 @@ dependencies:
22
22
  version: 3.0.0
23
23
  type: :runtime
24
24
  prerelease: false
25
- version_requirements: *69990830
25
+ version_requirements: *2152639540
26
26
  description: Authority helps you authorize actions in your Rails app. It's ORM-neutral
27
27
  and has very little fancy syntax; just group your models under one or more Authorizer
28
28
  classes and write plain Ruby methods on them.
@@ -90,9 +90,19 @@ required_rubygems_version: !ruby/object:Gem::Requirement
90
90
  version: '0'
91
91
  requirements: []
92
92
  rubyforge_project:
93
- rubygems_version: 1.8.10
93
+ rubygems_version: 1.8.16
94
94
  signing_key:
95
95
  specification_version: 3
96
96
  summary: Authority helps you authorize actions in your Rails app using plain Ruby
97
97
  methods on Authorizer classes.
98
- test_files: []
98
+ test_files:
99
+ - spec/authority/abilities_spec.rb
100
+ - spec/authority/authorizer_spec.rb
101
+ - spec/authority/configuration_spec.rb
102
+ - spec/authority/controller_spec.rb
103
+ - spec/authority/integration_spec.rb
104
+ - spec/authority/user_abilities_spec.rb
105
+ - spec/authority_spec.rb
106
+ - spec/spec_helper.rb
107
+ - spec/support/example_classes.rb
108
+ - spec/support/mock_rails.rb