be9-acl9 0.9.2 → 0.9.3

data/CHANGELOG.textile

@@ -1,3 +1,9 @@
+h2. 0.9.3 (04-Feb-2009)
+
+* Fix bug in delete_role - didn't work with custom class names
+* Add @:helper@ option for @access_control@.
+* Ability to generate helper methods directly (place @include Acl9Helpers@ in your helper module).
+
 h2. 0.9.2 (11-Jan-2009)
 
 * @access_control :method do end@ as shorter form for @access_control :as_method => :method do end@.

data/Manifest

@@ -1,22 +1,26 @@
-init.rb
-Manifest
-lib/acl9/model_extensions.rb
-lib/acl9/version.rb
+lib/acl9/helpers.rb
+lib/acl9/config.rb
 lib/acl9/model_extensions/subject.rb
 lib/acl9/model_extensions/object.rb
+lib/acl9/controller_extensions.rb
 lib/acl9/controller_extensions/generators.rb
 lib/acl9/controller_extensions/dsl_base.rb
-lib/acl9/config.rb
-lib/acl9/controller_extensions.rb
+lib/acl9/version.rb
+lib/acl9/model_extensions.rb
 lib/acl9.rb
-README.textile
-acl9.gemspec
-CHANGELOG.textile
-MIT-LICENSE
-Rakefile
+TODO
 spec/db/schema.rb
-spec/dsl_base_spec.rb
+spec/helpers_spec.rb
 spec/spec_helper.rb
+spec/models.rb
+spec/dsl_base_spec.rb
 spec/access_control_spec.rb
+spec/controllers.rb
 spec/roles_spec.rb
-spec/models.rb
+acl9.gemspec
+Manifest
+MIT-LICENSE
+Rakefile
+README.textile
+init.rb
+CHANGELOG.textile

data/README.textile

@@ -763,6 +763,33 @@ you may not only call @lolcats?@ with no arguments, which will basically return
 but also as @lolcats?(:lol => Lol.find(params[:lol]))@. The hash will be looked into first,
 even if you have an instance variable @lol@.
 
+h3. :helper
+
+Sometimes you want to have a boolean method (like @:filter => false@) accessible
+in your views. Acl9 can call @helper_method@ for you:
+
+<pre><code>
+  class LolController < ApplicationController 
+    access_control :helper => :lolcats? do
+      allow :cats, :by => :lol
+      # ...
+    end
+  end
+</code></pre>
+
+That's equivalent to
+
+<pre><code>
+  class LolController < ApplicationController 
+    access_control :lolcats?, :filter => false do
+      allow :cats, :by => :lol
+      # ...
+    end
+
+    helper_method :lolcats?
+  end
+</code></pre>
+
 h3. Other options
 
 Other options will be passed to @before_filter@. As such, you may use @:only@ and @:except@ to narrow
@@ -796,6 +823,32 @@ is basically equivalent to
   end
 </code></pre>
 
+h2. access_control in your helpers
+
+Apart from using @:helper@ option for @access_control@ call inside controller, there's a
+way to generate helper methods directly, like this:
+
+<pre><code>
+  module SettingsHelper
+    include Acl9Helpers
+
+    access_control :show_settings? do
+      allow :admin
+      allow :settings_manager
+    end
+  end
+</code></pre>
+
+Here we mix in @Acl9Helpers@ module which brings in @access_control@ method and call it,
+obtaining @show_settings?@ method. 
+
+An imaginary view:
+
+<pre><code>
+  <% if show_settings? %>
+    <%= link_to 'Settings', settings_path %>
+  <% end %>
+</code></pre>
 
 Copyright (c) 2009 Oleg Dashevskii, released under the MIT license.
 

data/Rakefile

@@ -17,7 +17,7 @@ begin
     p.summary = "Yet another role-based authorization system for Rails with a nice DSL for access control lists."
     p.url = "http://github.com/be9/acl9"
     p.ignore_pattern = ["spec/db/*.sqlite3", "spec/debug.log"]
-    p.development_dependencies = ["rspec >=1.1.11", "rspec-rails >=1.1.11"]
+    p.development_dependencies = ["rspec >=1.1.12", "rspec-rails >=1.1.12"]
   end
 rescue LoadError => boom
   puts "You are missing a dependency required for meta-operations on this gem."

data/TODO

@@ -0,0 +1,42 @@
+* Complex roles with ANDing.
+
+  Something like:
+
+    access_control do
+      allow all, :except => :destroy
+      allow complex_role, :to => :destroy do
+        is :strong
+        is :decisive
+        is :owner, :of => :object
+        is_not :banned
+        is_not :fake
+      end
+    end
+
+* Acl9-based menu generator.
+
+  If you get Access Denied on /secrets/index, probably you shouldn't see "Secrets" item
+  in the menu at all.
+
+  It can be very DRY. Say, we introduce :menu => true option to access_control method which
+  will make it register a lambda (can see/cannot see) in some global hash (indexed by controller name).
+
+  Then, given an URL, you'll be able to check it against this hash. /secrets/index is mapped to
+  SecretsController#index, so you run access_control_hash['SecretsController'].call('index') and
+  show the link only if true is returned.
+
+  The problem here is with objects. SecretsController's access_control block can reference instance 
+  variables during the permission check, but we have only current instantiated controller which can be any.
+
+  Another option is to distinguish visible part from access control part.
+
+    menu do 
+      item 'Home', home_path
+      item 'Secrets', secrets_path do
+        allow :trusted
+      end
+
+      # ...
+    end
+
+  Here only "trusted" users will see "Secrets" item.

data/acl9.gemspec

@@ -2,15 +2,15 @@
 
 Gem::Specification.new do |s|
   s.name = %q{acl9}
-  s.version = "0.9.2"
+  s.version = "0.9.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Oleg Dashevskii"]
-  s.date = %q{2009-01-14}
+  s.date = %q{2009-02-04}
   s.description = %q{Yet another role-based authorization system for Rails with a nice DSL for access control lists.}
   s.email = %q{olegdashevskii@gmail.com}
-  s.extra_rdoc_files = ["lib/acl9/model_extensions.rb", "lib/acl9/version.rb", "lib/acl9/model_extensions/subject.rb", "lib/acl9/model_extensions/object.rb", "lib/acl9/controller_extensions/generators.rb", "lib/acl9/controller_extensions/dsl_base.rb", "lib/acl9/config.rb", "lib/acl9/controller_extensions.rb", "lib/acl9.rb", "README.textile", "CHANGELOG.textile"]
-  s.files = ["init.rb", "Manifest", "lib/acl9/model_extensions.rb", "lib/acl9/version.rb", "lib/acl9/model_extensions/subject.rb", "lib/acl9/model_extensions/object.rb", "lib/acl9/controller_extensions/generators.rb", "lib/acl9/controller_extensions/dsl_base.rb", "lib/acl9/config.rb", "lib/acl9/controller_extensions.rb", "lib/acl9.rb", "README.textile", "acl9.gemspec", "CHANGELOG.textile", "MIT-LICENSE", "Rakefile", "spec/db/schema.rb", "spec/dsl_base_spec.rb", "spec/spec_helper.rb", "spec/access_control_spec.rb", "spec/roles_spec.rb", "spec/models.rb"]
+  s.extra_rdoc_files = ["lib/acl9/helpers.rb", "lib/acl9/config.rb", "lib/acl9/model_extensions/subject.rb", "lib/acl9/model_extensions/object.rb", "lib/acl9/controller_extensions.rb", "lib/acl9/controller_extensions/generators.rb", "lib/acl9/controller_extensions/dsl_base.rb", "lib/acl9/version.rb", "lib/acl9/model_extensions.rb", "lib/acl9.rb", "TODO", "README.textile", "CHANGELOG.textile"]
+  s.files = ["lib/acl9/helpers.rb", "lib/acl9/config.rb", "lib/acl9/model_extensions/subject.rb", "lib/acl9/model_extensions/object.rb", "lib/acl9/controller_extensions.rb", "lib/acl9/controller_extensions/generators.rb", "lib/acl9/controller_extensions/dsl_base.rb", "lib/acl9/version.rb", "lib/acl9/model_extensions.rb", "lib/acl9.rb", "TODO", "spec/db/schema.rb", "spec/helpers_spec.rb", "spec/spec_helper.rb", "spec/models.rb", "spec/dsl_base_spec.rb", "spec/access_control_spec.rb", "spec/controllers.rb", "spec/roles_spec.rb", "acl9.gemspec", "Manifest", "MIT-LICENSE", "Rakefile", "README.textile", "init.rb", "CHANGELOG.textile"]
   s.has_rdoc = true
   s.homepage = %q{http://github.com/be9/acl9}
   s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Acl9", "--main", "README.textile"]
@@ -24,14 +24,14 @@ Gem::Specification.new do |s|
     s.specification_version = 2
 
     if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_development_dependency(%q<rspec>, [">= 1.1.11"])
-      s.add_development_dependency(%q<rspec-rails>, [">= 1.1.11"])
+      s.add_development_dependency(%q<rspec>, [">= 1.1.12"])
+      s.add_development_dependency(%q<rspec-rails>, [">= 1.1.12"])
     else
-      s.add_dependency(%q<rspec>, [">= 1.1.11"])
-      s.add_dependency(%q<rspec-rails>, [">= 1.1.11"])
+      s.add_dependency(%q<rspec>, [">= 1.1.12"])
+      s.add_dependency(%q<rspec-rails>, [">= 1.1.12"])
     end
   else
-    s.add_dependency(%q<rspec>, [">= 1.1.11"])
-    s.add_dependency(%q<rspec-rails>, [">= 1.1.11"])
+    s.add_dependency(%q<rspec>, [">= 1.1.12"])
+    s.add_dependency(%q<rspec-rails>, [">= 1.1.12"])
   end
 end

data/lib/acl9.rb

@@ -9,6 +9,8 @@ end
 
 if defined? ActionController::Base
   require File.join(File.dirname(__FILE__), 'acl9', 'controller_extensions')
+  require File.join(File.dirname(__FILE__), 'acl9', 'helpers')
 
   ActionController::Base.send(:include, Acl9::ControllerExtensions)
+  Acl9Helpers = Acl9::Helpers unless defined?(Acl9Helpers)
 end

data/lib/acl9/controller_extensions.rb

@@ -8,11 +8,7 @@ module Acl9
 
     module ClassMethods
       def access_control(*args, &block)
-        opts = if args.last.is_a? Hash
-                 args.pop
-               else
-                 {}
-               end
+        opts = args.extract_options!
 
         case args.size
         when 0 then true
@@ -22,20 +18,33 @@ module Acl9
           if meth.is_a? Symbol
             opts[:as_method] = meth
           else
-            raise ArgumentError, "access control argument must be a :symbol!"
+            raise ArgumentError, "access_control argument must be a :symbol!"
           end
         else
           raise ArgumentError, "Invalid arguments for access_control"
         end
 
-        subject_method = opts.delete(:subject_method) || Acl9::config[:default_subject_method]
+        subject_method = opts[:subject_method] || Acl9::config[:default_subject_method]
 
         raise ArgumentError, "Block must be supplied to access_control" unless block
 
-        filter = opts.delete(:filter)
+        filter = opts[:filter]
         filter = true if filter.nil?
 
-        method = opts.delete(:as_method)
+        case helper = opts[:helper]
+        when true
+          raise ArgumentError, "you should specify :helper => :method_name" if !opts[:as_method]
+        when nil then nil
+        else
+          if opts[:as_method]
+            raise ArgumentError, "you can't specify both method name and helper name" 
+          else
+            opts[:as_method] = helper
+            filter = false
+          end
+        end
+
+        method = opts[:as_method]
 
         generator = case
                     when method && filter
@@ -48,12 +57,6 @@ module Acl9
 
         generator.acl_block!(&block)
         
-        if opts.delete(:debug)
-          Rails::logger.debug "=== Acl9 access_control expression dump (#{self.to_s})"
-          Rails::logger.debug generator.to_s
-          Rails::logger.debug "======"
-        end
-
         generator.install_on(self, opts)
       end
     end

data/lib/acl9/controller_extensions/generators.rb

@@ -34,6 +34,16 @@ module Acl9
         def _controller_ref
           @controller ? "#{@controller}." : ''
         end
+
+        def install_on(controller_class, options)
+          debug_dump(controller_class) if options[:debug]
+        end
+
+        def debug_dump(klass)
+          Rails::logger.debug "=== Acl9 access_control expression dump (#{klass.to_s})"
+          Rails::logger.debug self.to_s
+          Rails::logger.debug "======"
+        end
       end
 
       class FilterLambda < BaseGenerator
@@ -44,6 +54,8 @@ module Acl9
         end
 
         def install_on(controller_class, options)
+          super
+
           controller_class.send(:before_filter, options, &self.to_proc)
         end
 
@@ -71,6 +83,7 @@ module Acl9
         end
         
         def install_on(controller_class, options)
+          super
           _add_method(controller_class)
           controller_class.send(:before_filter, @method_name, options)
         end
@@ -96,8 +109,14 @@ module Acl9
       end
       
       class BooleanMethod < FilterMethod
-        def install_on(controller_class, *_)
+        def install_on(controller_class, opts)
+          debug_dump(controller_class) if opts[:debug]
+
           _add_method(controller_class)
+
+          if opts[:helper]
+            controller_class.send(:helper_method, @method_name)
+          end
         end
 
         protected 
@@ -114,6 +133,14 @@ module Acl9
           "(options[:#{object}] || #{super})"
         end
       end
+
+      class HelperMethod < BooleanMethod
+        def initialize(subject_method, method)
+          super
+
+          @controller = 'controller'
+        end
+      end
     end
   end
 end

data/lib/acl9/helpers.rb

@@ -0,0 +1,19 @@
+module Acl9
+  module Helpers
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+      def access_control(method, opts = {}, &block)
+        subject_method = opts.delete(:subject_method) || Acl9::config[:default_subject_method]
+        raise ArgumentError, "Block must be supplied to access_control" unless block
+      
+        generator = Acl9::Dsl::Generators::HelperMethod.new(subject_method, method)
+        
+        generator.acl_block!(&block)
+        generator.install_on(self, opts)
+      end
+    end
+  end
+end

data/lib/acl9/model_extensions/subject.rb

@@ -93,7 +93,7 @@ module Acl9
         if role
           self.roles.delete role
 
-          role.destroy if role.users.empty?
+          role.destroy if role.send(self.class.to_s.tableize).empty?
         end
       end
 

data/lib/acl9/version.rb

@@ -44,7 +44,7 @@ module Acl9 # :nodoc:
 
     MAJOR = 0
     MINOR = 9
-    TINY  = 2
+    TINY  = 3
 
     # The current version as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/spec/access_control_spec.rb

@@ -1,93 +1,32 @@
 require File.join(File.dirname(__FILE__), 'spec_helper')
 require File.join(File.dirname(__FILE__), '..', 'lib', 'acl9')
+require File.join(File.dirname(__FILE__), 'controllers')
 
-class EmptyController < ActionController::Base
-  attr_accessor :current_user
-  before_filter :set_current_user
-
-  [:index, :show, :new, :edit, :update, :delete, :destroy].each do |act|
-    define_method(act) {}
-  end
-  
-  private
-
-  def set_current_user
-    if params[:user]
-      self.current_user = params[:user]
-    end
-  end
-end
-
-class Admin
-  def has_role?(role, obj = nil)
-    role == "admin"
-  end
-end
-
-# all these controllers behave the same way
-
-class ACLBlock < EmptyController
-  access_control do
-    allow all, :to => [:index, :show]
-    allow :admin
-  end
-end
-
-class ACLMethod < EmptyController
-  access_control :as_method => :acl do
-    allow all, :to => [:index, :show]
-    allow :admin, :except => [:index, :show]
-  end
-end
-
-class ACLMethod2 < EmptyController
-  access_control :acl do
-    allow all, :to => [:index, :show]
-    allow :admin, :except => [:index, :show]
-  end
-end
-
-class ACLArguments < EmptyController
-  access_control :except => [:index, :show] do
-    allow :admin
-  end
-end
-
-class ACLBooleanMethod < EmptyController
-  access_control :acl, :filter => false do
-    allow all, :to => [:index, :show]
-    allow :admin
-  end
-
-  before_filter :check_acl
-
-  def check_acl
-    if self.acl
-      true
-    else 
-      raise Acl9::AccessDenied
+describe "permit anonymous to index and show and admin everywhere else", :shared => true do
+  class Admin
+    def has_role?(role, obj = nil)
+      role == "admin"
     end
   end
-end
 
-describe "permit anonymous to index and show and admin everywhere else", :shared => true do
   [:index, :show].each do |act|
     it "should permit anonymous to #{act}" do
       get act 
+      response.body.should == 'OK'
     end
   end
 
   [:new, :edit, :update, :delete, :destroy].each do |act|
     it "should forbid anonymous to #{act}" do
-      lambda do
-        get act 
-      end.should raise_error(Acl9::AccessDenied)
+      get act 
+      response.body.should == 'AccessDenied'
     end
   end
   
   [:index, :show, :new, :edit, :update, :delete, :destroy].each do |act|
     it "should permit admin to #{act}" do
       get act, :user => Admin.new
+      response.body.should == 'OK'
     end
   end
 end
@@ -120,29 +59,6 @@ describe ACLBooleanMethod, :type => :controller do
   it_should_behave_like "permit anonymous to index and show and admin everywhere else"
 end
 
-class MyDearFoo
-  include Singleton
-end
-
-class VenerableBar; end
-
-class ACLIvars < EmptyController
-  before_filter :set_ivars
-
-  access_control do
-    action :destroy do
-      allow :owner, :of => :foo
-      allow :bartender, :at => VenerableBar
-    end
-  end
-
-  private
-
-  def set_ivars
-    @foo = MyDearFoo.instance
-  end
-end
-
 describe ACLIvars, :type => :controller do
   class OwnerOfFoo
     def has_role?(role, obj)
@@ -152,77 +68,68 @@ describe ACLIvars, :type => :controller do
   
   class Bartender
     def has_role?(role, obj)
-      role == 'bartender' && obj == VenerableBar
+      role == 'bartender' && obj == ACLIvars::VenerableBar
     end
   end
 
   it "should allow owner of foo to destroy" do
     delete :destroy, :user => OwnerOfFoo.new
+    response.body.should == 'OK'
   end
   
   it "should allow bartender to destroy" do
     delete :destroy, :user => Bartender.new
+    response.body.should == 'OK'
   end
 end
 
-class TheOnlyUser 
-  include Singleton
-
-  def has_role?(role, subj)
-    role == "the_only_one"
-  end
-end
-
-class ACLSubjectMethod < ActionController::Base
-  access_control :subject_method => :the_only_user do
-    allow :the_only_one
-  end
-
-  def index; end
-
-  private
+describe ACLSubjectMethod, :type => :controller do
+  class TheOnlyUser 
+    include Singleton
 
-  def the_only_user
-    params[:user]
+    def has_role?(role, subj)
+      role == "the_only_one"
+    end
   end
-end
 
-describe ACLSubjectMethod, :type => :controller do
   it "should allow the only user to index" do
     get :index, :user => TheOnlyUser.instance
+    response.body.should == 'OK'
   end
   
   it "should deny anonymous to index" do
-    lambda do
-      get :index
-    end.should raise_error(Acl9::AccessDenied)
+    get :index
+    response.body.should == 'AccessDenied'
   end
 end
 
-class ACLObjectsHash < ActionController::Base
-  access_control :allowed?, :filter => false do
-    allow :owner, :of => :foo
+class FooOwner
+  def has_role?(role_name, obj)
+    role_name == 'owner' && obj == MyDearFoo.instance
   end
+end
 
-  def allow
-    @foo = nil
-    raise unless allowed?(:foo => MyDearFoo.instance)
+describe ACLObjectsHash, :type => :controller do
+  it "should consider objects hash and prefer it to @ivar" do
+    get :allow, :user => FooOwner.new
+    response.body.should == 'OK'
   end
   
-  def current_user
-    params[:user]
+  it "should return AccessDenied when not logged in" do
+    get :allow
+    response.body.should == 'AccessDenied'
   end
 end
 
-describe ACLObjectsHash, :type => :controller do
-  class FooOwner
-    def has_role?(role_name, obj)
-      role_name == 'owner' && obj == MyDearFoo.instance
-    end
-  end
-
-  it "should consider objects hash and prefer it to @ivar" do
+describe ACLHelperMethod, :type => :controller do
+  it "should return OK checking helper method" do
     get :allow, :user => FooOwner.new
+    response.body.should == 'OK'
+  end
+  
+  it "should return AccessDenied when not logged in" do
+    get :allow
+    response.body.should == 'AccessDenied'
   end
 end
 
@@ -235,7 +142,7 @@ describe "Argument checking" do
 
   it "should raise ArgumentError without a block" do
     arg_err do
-      class FailureController < ActionController::Base
+      class FailureController < ApplicationController
         access_control 
       end
     end
@@ -243,7 +150,7 @@ describe "Argument checking" do
   
   it "should raise ArgumentError with 1st argument which is not a symbol" do
     arg_err do
-      class FailureController < ActionController::Base
+      class FailureController < ApplicationController
         access_control 123 do end
       end
     end
@@ -251,9 +158,25 @@ describe "Argument checking" do
   
   it "should raise ArgumentError with more than 1 positional argument" do
     arg_err do
-      class FailureController < ActionController::Base
+      class FailureController < ApplicationController
         access_control :foo, :bar do end
       end
     end
   end
+  
+  it "should raise ArgumentError with :helper => true and no method name" do
+    arg_err do
+      class FailureController < ApplicationController
+        access_control :helper => true do end
+      end
+    end
+  end
+  
+  it "should raise ArgumentError with :helper => :method and a method name" do
+    arg_err do
+      class FailureController < ApplicationController
+        access_control :meth, :helper => :another_meth do end
+      end
+    end
+  end
 end

data/spec/controllers.rb

@@ -0,0 +1,139 @@
+class ApplicationController
+  rescue_from Acl9::AccessDenied do |e|
+    render :text => 'AccessDenied'
+  end
+end
+
+class EmptyController < ApplicationController
+  attr_accessor :current_user
+  before_filter :set_current_user
+
+  [:index, :show, :new, :edit, :update, :delete, :destroy].each do |act|
+    define_method(act) { render :text => 'OK' }
+  end
+
+  private
+
+  def set_current_user
+    if params[:user]
+      self.current_user = params[:user]
+    end
+  end
+end
+
+# all these controllers behave the same way
+
+class ACLBlock < EmptyController
+  access_control :debug => true do
+    allow all, :to => [:index, :show]
+    allow :admin
+  end
+end
+
+class ACLMethod < EmptyController
+  access_control :as_method => :acl do
+    allow all, :to => [:index, :show]
+    allow :admin, :except => [:index, :show]
+  end
+end
+
+class ACLMethod2 < EmptyController
+  access_control :acl do
+    allow all, :to => [:index, :show]
+    allow :admin, :except => [:index, :show]
+  end
+end
+
+class ACLArguments < EmptyController
+  access_control :except => [:index, :show] do
+    allow :admin
+  end
+end
+
+class ACLBooleanMethod < EmptyController
+  access_control :acl, :filter => false do
+    allow all, :to => [:index, :show]
+    allow :admin
+  end
+
+  before_filter :check_acl
+
+  def check_acl
+    if self.acl
+      true
+    else 
+      raise Acl9::AccessDenied
+    end
+  end
+end
+
+###########################################
+class MyDearFoo
+  include Singleton 
+end
+
+class ACLIvars < EmptyController
+  class VenerableBar; end
+
+  before_filter :set_ivars
+
+  access_control do
+    action :destroy do
+      allow :owner, :of => :foo
+      allow :bartender, :at => VenerableBar
+    end
+  end
+
+  private
+
+  def set_ivars
+    @foo = MyDearFoo.instance
+  end
+end
+
+class ACLSubjectMethod < ApplicationController
+  access_control :subject_method => :the_only_user do
+    allow :the_only_one
+  end
+
+  def index
+    render :text => 'OK'
+  end
+
+  private
+
+  def the_only_user
+    params[:user]
+  end
+end
+
+class ACLObjectsHash < ApplicationController
+  access_control :allowed?, :filter => false do
+    allow :owner, :of => :foo
+  end
+
+  def allow
+    @foo = nil
+    render :text => (allowed?(:foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
+  end
+  
+  def current_user
+    params[:user]
+  end
+end
+
+class ACLHelperMethod < ApplicationController
+  access_control :helper => :foo? do
+    allow :owner, :of => :foo
+  end
+
+  def allow
+    @foo = MyDearFoo.instance
+
+    render :inline => "<%= foo? ? 'OK' : 'AccessDenied' %>"
+  end
+  
+  def current_user
+    params[:user]
+  end
+end

data/spec/helpers_spec.rb

@@ -0,0 +1,92 @@
+require File.join(File.dirname(__FILE__), 'spec_helper')
+require File.join(File.dirname(__FILE__), '..', 'lib', 'acl9')
+
+module SomeHelper
+  include Acl9Helpers
+
+  access_control :the_question do
+    allow :hamlet, :to => :be
+    allow :hamlet, :except => :be
+  end
+end
+
+describe SomeHelper do
+  module Hamlet
+    def current_user
+      user = Object.new
+
+      class <<user
+        def has_role?(role, obj=nil)
+          role == 'hamlet'
+        end
+      end
+
+      user
+    end
+  end
+
+  module NotLoggedIn
+    def current_user; nil end
+  end
+  
+  module Noone
+    def current_user
+      user = Object.new
+
+      class <<user
+        def has_role?(*_); false end
+      end
+
+      user
+    end
+  end
+
+  class Base
+    include SomeHelper
+
+    attr_accessor :action_name
+    def controller
+      self
+    end
+  end
+
+  class Klass1 < Base
+    include Hamlet
+  end
+  
+  class Klass2 < Base
+    include NotLoggedIn
+  end
+  
+  class Klass3 < Base
+    include Noone
+  end
+
+  it "has :the_question method" do
+    Base.new.should respond_to(:the_question)
+  end
+  
+  it "role :hamlet is allowed to be" do
+    k = Klass1.new
+    k.action_name = 'be'
+    k.the_question.should be_true
+  end
+  
+  it "role :hamlet is allowed to not_be" do
+    k = Klass1.new
+    k.action_name = 'not_be'
+    k.the_question.should be_true
+  end
+  
+  it "not logged in is not allowed to be" do
+    k = Klass2.new
+    k.action_name = 'be'
+    k.the_question.should == false
+  end
+  
+  it "noone is not allowed to be" do
+    k = Klass3.new
+    k.action_name = 'be'
+    k.the_question.should == false
+  end
+end

data/spec/roles_spec.rb

@@ -256,5 +256,8 @@ describe "Roles with custom class names" do
 
     @subj.has_role?(:user, @foobar).should be_true
     @subj2.has_role?(:user, @foobar).should be_false
+
+    @subj.has_no_roles!
+    @subj2.has_no_roles!
   end
 end

data/spec/spec_helper.rb

@@ -1,4 +1,5 @@
 require 'rubygems'
+require 'activesupport'
 require 'spec'
 require 'activerecord'
 require 'action_controller'
@@ -8,15 +9,22 @@ require 'action_controller/integration'
 
 require 'active_record/fixtures'
 
-class ApplicationController < ActionController::Base
-end
-
 require 'rails/version'
 
 require 'spec/rails/matchers'
 require 'spec/rails/mocks'
+
+class ApplicationController < ActionController::Base
+end
+
 require 'spec/rails/example'
-require 'spec/rails/extensions'
+
+begin
+  require 'spec/rails/extensions'
+rescue MissingSourceFile
+  # it tries to load application.rb 
+end
+
 #require 'spec/rails/interop/testcase'
 
 this_dir = File.dirname(__FILE__)
@@ -32,3 +40,9 @@ load(File.join(this_dir, "db", "schema.rb"))
 ActionController::Routing::Routes.draw do |map|
   map.connect ":controller/:action/:id"
 end
+
+module Rails
+  mattr_accessor :logger
+end
+
+Rails.logger = ActiveRecord::Base.logger

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: be9-acl9
 version: !ruby/object:Gem::Version 
-  version: 0.9.2
+  version: 0.9.3
 platform: ruby
 authors: 
 - Oleg Dashevskii
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-01-14 00:00:00 -08:00
+date: 2009-02-04 00:00:00 -08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -19,7 +19,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.1.11
+        version: 1.1.12
     version: 
 - !ruby/object:Gem::Dependency 
   name: rspec-rails
@@ -28,7 +28,7 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        version: 1.1.11
+        version: 1.1.12
     version: 
 description: Yet another role-based authorization system for Rails with a nice DSL for access control lists.
 email: olegdashevskii@gmail.com
@@ -37,40 +37,46 @@ executables: []
 extensions: []
 
 extra_rdoc_files: 
-- lib/acl9/model_extensions.rb
-- lib/acl9/version.rb
+- lib/acl9/helpers.rb
+- lib/acl9/config.rb
 - lib/acl9/model_extensions/subject.rb
 - lib/acl9/model_extensions/object.rb
+- lib/acl9/controller_extensions.rb
 - lib/acl9/controller_extensions/generators.rb
 - lib/acl9/controller_extensions/dsl_base.rb
-- lib/acl9/config.rb
-- lib/acl9/controller_extensions.rb
+- lib/acl9/version.rb
+- lib/acl9/model_extensions.rb
 - lib/acl9.rb
+- TODO
 - README.textile
 - CHANGELOG.textile
 files: 
-- init.rb
-- Manifest
-- lib/acl9/model_extensions.rb
-- lib/acl9/version.rb
+- lib/acl9/helpers.rb
+- lib/acl9/config.rb
 - lib/acl9/model_extensions/subject.rb
 - lib/acl9/model_extensions/object.rb
+- lib/acl9/controller_extensions.rb
 - lib/acl9/controller_extensions/generators.rb
 - lib/acl9/controller_extensions/dsl_base.rb
-- lib/acl9/config.rb
-- lib/acl9/controller_extensions.rb
+- lib/acl9/version.rb
+- lib/acl9/model_extensions.rb
 - lib/acl9.rb
-- README.textile
-- acl9.gemspec
-- CHANGELOG.textile
-- MIT-LICENSE
-- Rakefile
+- TODO
 - spec/db/schema.rb
-- spec/dsl_base_spec.rb
+- spec/helpers_spec.rb
 - spec/spec_helper.rb
+- spec/models.rb
+- spec/dsl_base_spec.rb
 - spec/access_control_spec.rb
+- spec/controllers.rb
 - spec/roles_spec.rb
-- spec/models.rb
+- acl9.gemspec
+- Manifest
+- MIT-LICENSE
+- Rakefile
+- README.textile
+- init.rb
+- CHANGELOG.textile
 has_rdoc: true
 homepage: http://github.com/be9/acl9
 post_install_message: