can-has-permission 0.0.1

data/.gitignore

@@ -0,0 +1 @@
+pkg

data/README.rdoc

@@ -0,0 +1,10 @@
+TODO:
+Generators
+AnonymousUser
+Write documentation
+
+Self Cleanup
+Query optimisation
+Refactor
+Work out a way to do non_destructive changes (ie: rely on save)
+Can_not should be able to optionally deny access even if a role grants permission

data/Rakefile

@@ -0,0 +1,23 @@
+require 'rubygems'
+require 'rake'
+
+Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].each{|task| load task}
+
+task :test do
+  system("spec spec/tests/*_spec.rb")
+end
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "can-has-permission"
+    gemspec.summary = "simple permissions based authorisation"
+    gemspec.description = "simple permissions based authorisation with roles"
+    gemspec.email = "cirode@gmail.com"
+    gemspec.homepage = "http://github.com/cirode/can_has_permission"
+    gemspec.authors = ["Chris Rode"]
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler not available. Install it with: gem install jeweler"
+end

data/VERSION

@@ -0,0 +1 @@
+0.0.1

data/can-has-permission.gemspec

@@ -0,0 +1,60 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{can-has-permission}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Chris Rode"]
+  s.date = %q{2010-08-10}
+  s.description = %q{simple permissions based authorisation with roles}
+  s.email = %q{cirode@gmail.com}
+  s.extra_rdoc_files = [
+    "README.rdoc"
+  ]
+  s.files = [
+    ".gitignore",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "can-has-permission.gemspec",
+     "lib/can-has-permission.rb",
+     "lib/can-has-permission/has_permission.rb",
+     "lib/can-has-permission/has_role.rb",
+     "lib/can-has-permission/permission.rb",
+     "lib/can-has-permission/role.rb",
+     "spec/spec_helper.rb",
+     "spec/tests/can_has_permission_spec.rb",
+     "spec/tests/has_permission_spec.rb",
+     "spec/tests/has_role_spec.rb",
+     "spec/tests/permission_spec.rb",
+     "spec/tests/role_spec.rb"
+  ]
+  s.homepage = %q{http://github.com/cirode/can_has_permission}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{simple permissions based authorisation}
+  s.test_files = [
+    "spec/spec_helper.rb",
+     "spec/tests/can_has_permission_spec.rb",
+     "spec/tests/has_permission_spec.rb",
+     "spec/tests/has_role_spec.rb",
+     "spec/tests/permission_spec.rb",
+     "spec/tests/role_spec.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end
+

data/lib/can-has-permission.rb

@@ -0,0 +1,56 @@
+module CanHasPermission
+  def can
+    CanHasPermission::HasPermission.find(:all, :conditions => { :model => self.class.to_s, :model_id => self.id}).collect{|has_perm| has_perm.permission}
+  end
+  
+  def can?(permission)
+    role_ids = []
+    CanHasPermission::HasRole.find(:all, :conditions => { :model => self.class.to_s, :model_id => self.id}).each do |role|
+      role_ids << role.id
+    end
+    CanHasPermission::HasPermission.find(:first,:include=>[:permission_class], :conditions => ['((model =? and model_id =? ) or (model=? and model_id in (?) ))and permissions.name=?',self.class.to_s, self.id,CanHasPermission::Role.to_s,role_ids, permission.to_s]) != nil
+  end
+  
+  def can=(permission_list)
+    permission_list = [permission_list] unless permission_list.respond_to?(:each)
+    permission_list.each do |permission|
+      #if database is down then catestrophic error
+      CanHasPermission::HasPermission.create!(:permission =>permission.to_s, :model => self.class.to_s, :model_id => self.id) unless self.can?(permission)
+    end
+  end
+  
+  def can_not(permission_list)
+    permission_list = [permission_list] unless permission_list.respond_to?(:each)
+    CanHasPermission::HasPermission.find(:all,:include=>[:permission_class], :conditions => ['model =? and model_id =? and permissions.name in (?)',self.class.to_s, self.id, permission_list.collect{|p| p.to_s}]).each do |has_permission|
+      has_permission.destroy
+    end
+  end
+  
+  def has_role?(role)
+    CanHasPermission::HasRole.find(:first,:include=>[:role_class], :conditions => ['model =? and model_id =? and roles.name=?',self.class.to_s, self.id, role.to_s]) != nil
+  end
+  
+  def roles
+    CanHasPermission::HasRole.find(:all, :conditions => { :model => self.class.to_s, :model_id => self.id}).collect{|has_role| has_role.role}
+  end
+  
+  def add_roles(role_list)
+    role_list = [role_list] unless role_list.respond_to?(:each)
+    role_list.each do |role|
+      #if database is down then catestrophic error
+      CanHasPermission::HasRole.create!(:role =>role.to_s, :model => self.class.to_s, :model_id => self.id) unless self.has_role?(role)
+    end
+  end
+  
+  def remove_roles(role_list)
+    role_list = [role_list] unless role_list.respond_to?(:each)
+    CanHasPermission::HasRole.find(:all,:include=>[:role_class], :conditions => ['model =? and model_id =? and roles.name in (?)',self.class.to_s, self.id, role_list.collect{|p| p.to_s}]).each do |has_role|
+      has_role.destroy
+    end
+  end
+end
+
+require File.join(File.dirname(__FILE__), 'can-has-permission', 'has_permission')
+require File.join(File.dirname(__FILE__), 'can-has-permission', 'permission')
+require File.join(File.dirname(__FILE__), 'can-has-permission', 'role')
+require File.join(File.dirname(__FILE__), 'can-has-permission', 'has_role')

data/lib/can-has-permission/has_permission.rb

@@ -0,0 +1,24 @@
+class CanHasPermission::HasPermission < ActiveRecord::Base
+  validates_presence_of :permission_id, :if => lambda{|instance| instance.permission.blank?}
+  validates_presence_of :model_id
+  validates_presence_of :model
+  validates_uniqueness_of :model, :model_id, :scope => :permission_id
+  before_save :create_permission, :unless => lambda{|instance| instance.permission.blank?}
+  
+  belongs_to :permission_class, :class_name => 'CanHasPermission::Permission', :foreign_key => 'permission_id'
+  
+  def permission=(permission)
+    @permission = permission.to_s
+  end
+  
+  #test this
+  def permission
+    permission_class.try(:name).try(:to_sym) || @permission
+  end
+  
+  protected
+  
+  def create_permission
+    self.permission_id = CanHasPermission::Permission.find_or_create_by_name(:name => self.permission).id
+  end
+end

data/lib/can-has-permission/has_role.rb

@@ -0,0 +1,22 @@
+class CanHasPermission::HasRole < ActiveRecord::Base
+  validates_presence_of :role_id, :if => lambda{|instance| instance.role.blank?}
+  validates_presence_of :model_id
+  validates_presence_of :model
+  validates_uniqueness_of :model, :model_id, :scope => :role_id
+  before_save :create_role, :unless => lambda{|instance| instance.role.blank?}
+  
+  belongs_to :role_class, :class_name => 'CanHasPermission::Role', :foreign_key => 'role_id'
+  
+  #write and test a callback that changes the role on save if changed
+  def role=(role)
+    @role = role.to_s
+  end
+  #test this
+  def role
+    role_class.try(:name).try(:to_sym) || @role
+  end
+  protected
+  def create_role
+    self.role_id = CanHasPermission::Role.find_or_create_by_name(:name => self.role).id
+  end
+end

data/lib/can-has-permission/permission.rb

@@ -0,0 +1,4 @@
+class CanHasPermission::Permission < ActiveRecord::Base
+  validates_presence_of :name
+  validates_uniqueness_of :name
+end

data/lib/can-has-permission/role.rb

@@ -0,0 +1,5 @@
+class CanHasPermission::Role < ActiveRecord::Base
+  include CanHasPermission
+  validates_presence_of :name
+  validates_uniqueness_of :name
+end

data/spec/spec_helper.rb

@@ -0,0 +1,41 @@
+$LOAD_PATH << File.join(File.dirname(__FILE__), '..', 'lib')
+require 'active_record'
+require 'can-has-permission'
+require 'rubygems'
+require 'ruby-debug'
+
+ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+
+def reset_database
+  ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+  ActiveRecord::Schema.define(:version => 1) do
+    create_table :roles do |t|
+      t.string :name, :null => false
+      t.timestamps
+    end
+    
+    create_table :permissions do |t|
+      t.string :name, :null => false
+      t.timestamps
+    end
+    
+    create_table :has_roles do |t|
+      t.string :model, :null => false
+      t.integer :model_id, :null => false
+      t.integer :role_id, :null => false
+      t.timestamps
+    end
+    create_table :has_permissions do |t|
+      t.string :model, :null => false
+      t.integer :model_id, :null => false
+      t.integer :permission_id, :null => false
+      t.timestamps
+    end
+  end
+end
+
+Spec::Runner.configure do |config|
+  config.before(:each) do
+    reset_database
+  end
+end

data/spec/tests/can_has_permission_spec.rb

@@ -0,0 +1,279 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper')
+
+
+class TestingClass
+  include CanHasPermission
+  attr_accessor :id
+  def initialize(id=nil)
+    @@id ||=0
+    self.id = id || (@@id +=1)
+  end
+  
+  def self.find(id)
+    self.class.new(id)
+  end
+end
+
+describe CanHasPermission, "after including in TestingClass object" do
+  before(:each) do
+    @testing_object = TestingClass.new
+  end
+  describe ", TestingClass object " do
+    it "should have #has_role?" do
+      @testing_object.respond_to?(:has_role?).should be_true
+    end
+    it "should have #roles" do
+      @testing_object.respond_to?(:roles).should be_true
+    end
+    it "should have #add_roles" do
+      @testing_object.respond_to?(:add_roles).should be_true
+    end
+    it "should have #remove_roles" do
+      @testing_object.respond_to?(:remove_roles).should be_true
+    end
+    it "should have #can?" do
+      @testing_object.respond_to?(:can?).should be_true
+    end
+    it "should have #can" do
+      @testing_object.respond_to?(:can).should be_true
+    end
+    it "should have #can=" do
+      @testing_object.respond_to?(:can=).should be_true
+    end
+    it "should have #can_not" do
+      @testing_object.respond_to?(:can_not).should be_true
+    end
+  end
+  
+  describe "with no permissions" do
+    it "#can should return an empty list" do
+      @testing_object.can.should be_empty
+    end
+    
+    describe "#can?" do
+      it "should return false with a symbol" do
+        @testing_object.can?(:do_something).should be_false
+      end
+      it "should return false with a string" do
+        @testing_object.can?('do_something').should be_false
+      end
+    end
+    
+    describe "#can=" do
+      it "should accept an empty list" do
+        @testing_object.can=([])
+        @testing_object.can.should be_empty
+      end
+      it "should accept being given a list with items and treat them as strings" do
+        @testing_object.can=[true]
+        @testing_object.can.size.should == 1 
+        @testing_object.can.first.should == true.to_s.to_sym
+      end
+      it "should treat any object as its string representation" do
+        @testing_object.can=true
+        @testing_object.can.size.should == 1 
+        @testing_object.can.first.should == true.to_s.to_sym
+      end
+    end
+  end
+  
+  describe "with permissions" do
+    before(:each) do
+      @testing_object.can=(:role1)
+    end
+    
+    it "#can should return a filled list" do
+      @testing_object.can.should_not be_empty
+    end
+
+    describe "#can?" do
+      describe "when the permission isnt in the list" do
+        it "should return false with a symbol" do
+          @testing_object.can?(:do_something).should be_false
+        end
+        it "should return false with a string" do
+          @testing_object.can?('do_something').should be_false
+        end
+      end
+      describe "when the permission is in the list" do
+        it "should return true with a symbol" do
+          @testing_object.can?(:role1).should be_true
+        end
+        it "should return true with a string" do
+          @testing_object.can?('role1').should be_true
+        end
+      end
+    end
+
+    describe "#can=" do
+      it "should accept an empty list" do
+        @testing_object.can=([])
+        @testing_object.can.should_not be_empty
+      end
+      it "should accept being given a list with items and treat them as strings" do
+        @testing_object.can=[true]
+        @testing_object.can.size.should == 2 
+        @testing_object.can.should include(true.to_s.to_sym)
+      end
+      it "should treat any object as its string representation" do
+        @testing_object.can=true
+        @testing_object.can.size.should == 2 
+        @testing_object.can.should include(true.to_s.to_sym)
+      end
+      it "should accept an already added permission and change nothing" do
+        @testing_object.can=(:role1)
+        @testing_object.can.size.should == 1
+        @testing_object.can.should include(:role1.to_s.to_sym)
+      end
+    end
+    
+    describe "#can_not" do
+      it "should accept an empty list" do
+        @testing_object.can_not([])
+        @testing_object.can.should_not be_empty
+      end
+      it "should accept being given a list with items and treat them as strings" do
+        @testing_object.can_not([:role1])
+        @testing_object.can.should be_empty
+        @testing_object.can.should_not include(:role1)
+      end
+      it "should treat any object as its string representation" do
+        old_size = @testing_object.can.size
+        @testing_object.can=(true)
+        @testing_object.can_not(true)
+        @testing_object.can.size.should == old_size
+        @testing_object.can.should_not include(true.to_s.to_sym)
+      end
+      it "should accept a role not added and change nothing" do
+        @testing_object.can_not(true)
+        @testing_object.can.should_not be_empty
+        @testing_object.can.should include(:role1)
+      end
+    end
+  end
+  
+  describe "with no roles" do
+    it "#roles should return an empty list" do
+      @testing_object.roles.should be_empty
+    end
+    
+    describe "#has_role?" do
+      it "should return false with a symbol" do
+        @testing_object.has_role?(:do_something).should be_false
+      end
+      it "should return false with a string" do
+        @testing_object.has_role?('do_something').should be_false
+      end
+    end
+    
+    describe "#add_roles" do
+      it "should accept an empty list" do
+        @testing_object.add_roles([])
+        @testing_object.roles.should be_empty
+      end
+      it "should accept being given a list with items and treat them as strings" do
+        @testing_object.add_roles([true])
+        @testing_object.roles.size.should == 1 
+        @testing_object.roles.first.should == true.to_s.to_sym
+      end
+      it "should treat any object as its string representation" do
+        @testing_object.add_roles(true)
+        @testing_object.roles.size.should == 1 
+        @testing_object.roles.first.should == true.to_s.to_sym
+      end
+    end
+  end
+  
+  describe "with roles" do
+    before(:each) do
+      @testing_object.add_roles(:role1)
+    end
+    
+    it "#roles should return a filled list" do
+      @testing_object.roles.size.should == 1
+    end
+    
+    describe "#has_role?" do
+      describe "when the role isnt in the list" do
+        it "should return false with a symbol" do
+          @testing_object.has_role?(:do_something).should be_false
+        end
+        it "should return false with a string" do
+          @testing_object.has_role?('do_something').should be_false
+        end
+      end
+      describe "when the role is in the list" do
+        it "should return true with a symbol" do
+          @testing_object.has_role?(:role1).should be_true
+        end
+        it "should return true with a string" do
+          @testing_object.has_role?('role1').should be_true
+        end
+      end
+    end
+    
+    describe "#add_roles" do
+      it "should accept an empty list" do
+        @testing_object.add_roles([])
+        @testing_object.roles.should_not be_empty
+      end
+      it "should accept being given a list with items and treat them as strings" do
+        @testing_object.add_roles([true])
+        @testing_object.roles.size.should == 2
+        @testing_object.roles.should include(true.to_s.to_sym)
+      end
+      it "should treat any object as its string representation" do
+        @testing_object.add_roles(true)
+        @testing_object.roles.size.should == 2 
+        @testing_object.roles.should include(true.to_s.to_sym)
+      end
+      it "should accept an already added role and change nothing" do
+        @testing_object.add_roles(:role1)
+        @testing_object.roles.size.should == 1
+        @testing_object.roles.should include(:role1.to_s.to_sym)
+      end
+    end
+    
+    describe "#remove_roles" do
+      it "should accept an empty list" do
+        @testing_object.remove_roles([])
+        @testing_object.roles.should_not be_empty
+      end
+      it "should accept being given a list with items and treat them as strings" do
+        @testing_object.remove_roles([:role1])
+        @testing_object.roles.should be_empty
+        @testing_object.roles.should_not include(:role1)
+      end
+      it "should treat any object as its string representation" do
+        old_size = @testing_object.roles.size
+        @testing_object.add_roles(true)
+        @testing_object.remove_roles(true)
+        @testing_object.roles.size.should == old_size
+        @testing_object.roles.should_not include(true.to_s.to_sym)
+      end
+      it "should accept a role not added and change nothing" do
+        @testing_object.remove_roles(true)
+        @testing_object.roles.should_not be_empty
+        @testing_object.roles.should include(:role1)
+      end
+    end
+    
+    describe "#can?" do
+      it "should return false" do
+        @testing_object.can?(:do_stuff).should be_false
+      end
+    end
+    
+    describe "that have permissions" do
+      before(:each) do
+        role = CanHasPermission::Role.find(:first)
+        role.can=(:do_stuff)
+      end
+      describe "#can?" do
+        it "should return true when given a permission the role has" do
+          @testing_object.can?(:do_stuff).should be_true
+        end
+      end
+    end
+  end
+end

data/spec/tests/has_permission_spec.rb

@@ -0,0 +1,74 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper')
+
+describe CanHasPermission::HasPermission do
+  it "should be valid with a permission_id, type and model_id" do
+    has_permission = CanHasPermission::HasPermission.new(:permission_id => 1, :model => 'Bingo', :model_id => 1)
+    has_permission.should be_valid
+  end
+  it "should not be valid without a permission_id" do
+    has_permission = CanHasPermission::HasPermission.new(:model => 'Bingo', :model_id => 1)
+    has_permission.should_not be_valid
+  end
+  it "should not be valid without a type" do
+    has_permission = CanHasPermission::HasPermission.new(:permission_id => 1, :model_id => 1)
+    has_permission.should_not be_valid
+  end
+  it "should not be valid without a model_id" do
+    has_permission = CanHasPermission::HasPermission.new(:permission_id => 1, :model => 'Type')
+    has_permission.should_not be_valid
+  end
+  it "should not be valid when it has a permission_id, model_id and type that already exist" do
+    name = 'the same'
+    has_permission1 = CanHasPermission::HasPermission.create!(:permission_id => 1, :model => 'Bingo', :model_id => 1)
+    has_permission2 = CanHasPermission::HasPermission.new(:permission_id => 1, :model => 'Bingo', :model_id => 1)
+    has_permission1.should be_valid
+    has_permission1.id.should_not be_nil
+    has_permission2.should_not be_valid
+  end
+  describe "when a permission exists" do
+    before(:each) do
+      CanHasPermission::Permission.create!(:name => 'this_exists')
+      @permission_count = CanHasPermission::Permission.count
+    end
+    it "should be valid without a permission_id but with the permission name" do
+      has_permission = CanHasPermission::HasPermission.new(:model => 'Bingo', :permission => 'this_exists', :model_id => 1)
+      has_permission.should be_valid
+    end
+    it "should be valid without a permission_id but with the permission name as a symbol" do
+      has_permission = CanHasPermission::HasPermission.new(:model => 'Bingo', :permission => :this_exists, :model_id => 1)
+      has_permission.should be_valid
+    end
+    it "should not create another permission" do
+      CanHasPermission::HasPermission.create!(:model => 'Bingo', :permission => 'this_exists', :model_id => 1)
+      CanHasPermission::Permission.count.should == @permission_count
+    end
+  end
+  
+  describe "when a permission does not exist" do
+    before(:each) do
+      CanHasPermission::Permission.count.should ==0
+    end
+    it "should be valid without a permission_id but with the permission name" do
+      has_permission = CanHasPermission::HasPermission.new(:model => 'Bingo', :permission => 'this_exists', :model_id => 1)
+      has_permission.should be_valid
+    end
+    it "should be valid without a permission_id but with the permission name as a symbol" do
+      has_permission = CanHasPermission::HasPermission.new(:model => 'Bingo', :permission => :this_exists, :model_id => 1)
+      has_permission.should be_valid
+    end
+    it "should create the permission" do
+      has_permission = CanHasPermission::HasPermission.create!(:model => 'Bingo2', :permission => 'this_exists', :model_id => 1)
+      CanHasPermission::Permission.count.should == 1
+      CanHasPermission::Permission.find_by_name('this_exists').should_not be_nil
+    end
+    it "should create the permission with symbol" do
+      has_permission = CanHasPermission::HasPermission.create!(:model => 'Bingo2', :permission => :this_exists, :model_id => 1)
+      CanHasPermission::Permission.count.should == 1
+      CanHasPermission::Permission.find_by_name('this_exists').should_not be_nil
+    end
+    it "should be invalid with a blank permission" do
+      has_permission = CanHasPermission::HasPermission.new(:model => 'Bingo', :permission => '', :model_id => 1)
+      has_permission.should be_invalid
+    end
+  end
+end

data/spec/tests/has_role_spec.rb

@@ -0,0 +1,74 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper')
+
+describe CanHasPermission::HasRole do
+  it "should be valid with a role_id, type and model_id" do
+    has_role = CanHasPermission::HasRole.new(:role_id => 1, :model => 'Bingo', :model_id => 1)
+    has_role.should be_valid
+  end
+  it "should not be valid without a role_id" do
+    has_role = CanHasPermission::HasRole.new(:model => 'Bingo', :model_id => 1)
+    has_role.should_not be_valid
+  end
+  it "should not be valid without a type" do
+    has_role = CanHasPermission::HasRole.new(:role_id => 1, :model_id => 1)
+    has_role.should_not be_valid
+  end
+  it "should not be valid without a model_id" do
+    has_role = CanHasPermission::HasRole.new(:role_id => 1, :model => 'Type')
+    has_role.should_not be_valid
+  end
+  it "should not be valid when it has a role_id, model_id and type that already exist" do
+    name = 'the same'
+    has_role1 = CanHasPermission::HasRole.create!(:role_id => 1, :model => 'Bingo', :model_id => 1)
+    has_role2 = CanHasPermission::HasRole.new(:role_id => 1, :model => 'Bingo', :model_id => 1)
+    has_role1.should be_valid
+    has_role1.id.should_not be_nil
+    has_role2.should_not be_valid
+  end
+  describe "when a role exists" do
+    before(:each) do
+      CanHasPermission::Role.create!(:name => 'this_exists')
+      @role_count = CanHasPermission::Role.count
+    end
+    it "should be valid without a role_id but with the role name" do
+      has_role = CanHasPermission::HasRole.new(:model => 'Bingo', :role => 'this_exists', :model_id => 1)
+      has_role.should be_valid
+    end
+    it "should be valid without a role_id but with the role name as a symbol" do
+      has_role = CanHasPermission::HasRole.new(:model => 'Bingo', :role => :this_exists, :model_id => 1)
+      has_role.should be_valid
+    end
+    it "should not create another role" do
+      CanHasPermission::HasRole.create!(:model => 'Bingo', :role => 'this_exists', :model_id => 1)
+      CanHasPermission::Role.count.should == @role_count
+    end
+  end
+  
+  describe "when a role does not exist" do
+    before(:each) do
+      CanHasPermission::Role.count.should ==0
+    end
+    it "should be valid without a role_id but with the role name" do
+      has_role = CanHasPermission::HasRole.new(:model => 'Bingo', :role => 'this_exists', :model_id => 1)
+      has_role.should be_valid
+    end
+    it "should be valid without a role_id but with the role name as a symbol" do
+      has_role = CanHasPermission::HasRole.new(:model => 'Bingo', :role => :this_exists, :model_id => 1)
+      has_role.should be_valid
+    end
+    it "should create the role" do
+      has_role = CanHasPermission::HasRole.create!(:model => 'Bingo2', :role => 'this_exists', :model_id => 1)
+      CanHasPermission::Role.count.should == 1
+      CanHasPermission::Role.find_by_name('this_exists').should_not be_nil
+    end
+    it "should create the role with symbol" do
+      has_role = CanHasPermission::HasRole.create!(:model => 'Bingo2', :role => :this_exists, :model_id => 1)
+      CanHasPermission::Role.count.should == 1
+      CanHasPermission::Role.find_by_name('this_exists').should_not be_nil
+    end
+    it "should be invalid with a blank role" do
+      has_role = CanHasPermission::HasRole.new(:model => 'Bingo', :role => '', :model_id => 1)
+      has_role.should be_invalid
+    end
+  end
+end

data/spec/tests/permission_spec.rb

@@ -0,0 +1,20 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper')
+
+describe CanHasPermission::Permission do
+  it "should be valid with a name" do
+    role = CanHasPermission::Permission.new(:name => 'Bingo')
+    role.should be_valid
+  end
+  it "should not be valid without a name" do
+    role = CanHasPermission::Permission.new()
+    role.should_not be_valid
+  end
+  it "should not be valid when it has a name that already exists" do
+    name = 'the same'
+    role1 = CanHasPermission::Permission.create!(:name => 'the same')
+    role2 = CanHasPermission::Permission.new(:name => 'the same')
+    role1.should be_valid
+    role1.id.should_not be_nil
+    role2.should_not be_valid
+  end
+end

data/spec/tests/role_spec.rb

@@ -0,0 +1,20 @@
+require File.join(File.dirname(__FILE__), '..', 'spec_helper')
+
+describe CanHasPermission::Role do
+  it "should be valid with a name" do
+    role = CanHasPermission::Role.new(:name => 'Bingo')
+    role.should be_valid
+  end
+  it "should not be valid without a name" do
+    role = CanHasPermission::Role.new()
+    role.should_not be_valid
+  end
+  it "should not be valid when it has a name that already exists" do
+    name = 'the same'
+    role1 = CanHasPermission::Role.create!(:name => 'the same')
+    role2 = CanHasPermission::Role.new(:name => 'the same')
+    role1.should be_valid
+    role1.id.should_not be_nil
+    role2.should_not be_valid
+  end
+end

metadata

@@ -0,0 +1,87 @@
+--- !ruby/object:Gem::Specification 
+name: can-has-permission
+version: !ruby/object:Gem::Version 
+  hash: 29
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Chris Rode
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-08-10 00:00:00 +01:00
+default_executable: 
+dependencies: []
+
+description: simple permissions based authorisation with roles
+email: cirode@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.rdoc
+files: 
+- .gitignore
+- README.rdoc
+- Rakefile
+- VERSION
+- can-has-permission.gemspec
+- lib/can-has-permission.rb
+- lib/can-has-permission/has_permission.rb
+- lib/can-has-permission/has_role.rb
+- lib/can-has-permission/permission.rb
+- lib/can-has-permission/role.rb
+- spec/spec_helper.rb
+- spec/tests/can_has_permission_spec.rb
+- spec/tests/has_permission_spec.rb
+- spec/tests/has_role_spec.rb
+- spec/tests/permission_spec.rb
+- spec/tests/role_spec.rb
+has_rdoc: true
+homepage: http://github.com/cirode/can_has_permission
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: simple permissions based authorisation
+test_files: 
+- spec/spec_helper.rb
+- spec/tests/can_has_permission_spec.rb
+- spec/tests/has_permission_spec.rb
+- spec/tests/has_role_spec.rb
+- spec/tests/permission_spec.rb
+- spec/tests/role_spec.rb