can-has-permission 0.1.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/generators/can_has_permission_generator.rb +6 -6
- data/generators/templates/can_has_permission_create_permission_maps.rb +18 -0
- data/generators/templates/can_has_permission_create_role_maps.rb +18 -0
- data/lib/action_controller.rb +14 -0
- data/lib/can-has-permission.rb +11 -8
- data/lib/can-has-permission/permission.rb +3 -23
- data/lib/can-has-permission/permission_map.rb +11 -0
- data/lib/can-has-permission/role.rb +9 -20
- data/lib/can-has-permission/role_map.rb +11 -0
- data/spec/spec_helper.rb +6 -6
- data/spec/tests/anonymous_spec.rb +20 -2
- data/spec/tests/permission_map_spec.rb +37 -0
- data/spec/tests/permission_spec.rb +11 -50
- data/spec/tests/role_map_spec.rb +37 -0
- data/spec/tests/role_spec.rb +22 -43
- metadata +13 -14
- data/generators/templates/can_has_permission_create_permission_types.rb +0 -14
- data/generators/templates/can_has_permission_create_permissions.rb +0 -18
- data/generators/templates/can_has_permission_create_role_types.rb +0 -14
- data/generators/templates/can_has_permission_create_roles.rb +0 -18
- data/lib/can-has-permission/permission_type.rb +0 -7
- data/lib/can-has-permission/role_type.rb +0 -14
- data/spec/tests/permission_type_spec.rb +0 -20
- data/spec/tests/role_type_spec.rb +0 -38
|
@@ -4,14 +4,14 @@ class CanHasPermissionGenerator < Rails::Generator::Base
|
|
|
4
4
|
record do |m|
|
|
5
5
|
m.migration_template "can_has_permission_create_anonymous.rb", "db/migrate",
|
|
6
6
|
{ :migration_file_name => "can_has_permission_create_anonymous" }
|
|
7
|
-
m.migration_template "
|
|
8
|
-
{ :migration_file_name => "
|
|
9
|
-
m.migration_template "can_has_permission_create_role_types.rb", "db/migrate",
|
|
10
|
-
{ :migration_file_name => "can_has_permission_create_role_types" }
|
|
11
|
-
m.migration_template "can_has_permission_create_permission_types.rb", "db/migrate",
|
|
12
|
-
{ :migration_file_name => "can_has_permission_create_permission_types" }
|
|
7
|
+
m.migration_template "can_has_permission_create_permission_maps.rb", "db/migrate",
|
|
8
|
+
{ :migration_file_name => "can_has_permission_create_permission_maps" }
|
|
13
9
|
m.migration_template "can_has_permission_create_roles.rb", "db/migrate",
|
|
14
10
|
{ :migration_file_name => "can_has_permission_create_roles" }
|
|
11
|
+
m.migration_template "can_has_permission_create_permissions.rb", "db/migrate",
|
|
12
|
+
{ :migration_file_name => "can_has_permission_create_permissions" }
|
|
13
|
+
m.migration_template "can_has_permission_create_role_maps.rb", "db/migrate",
|
|
14
|
+
{ :migration_file_name => "can_has_permission_create_role_maps" }
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
class CanHasPermissionCreatePermissionMaps < ActiveRecord::Migration
|
|
2
|
+
def self.up
|
|
3
|
+
create_table :permission_maps do |t|
|
|
4
|
+
t.string :permissible_type, :null => false
|
|
5
|
+
t.integer :permissible_id, :null => false
|
|
6
|
+
t.integer :permission_id, :null => false
|
|
7
|
+
t.timestamps
|
|
8
|
+
end
|
|
9
|
+
add_index :permission_maps, :permission_id
|
|
10
|
+
add_index :permission_maps, [:permissible_id, :permissible_type]
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.down
|
|
14
|
+
remove_index :permission_maps, :permission_id
|
|
15
|
+
remove_index :permission_maps, [:permissible_id, :permissible_type]
|
|
16
|
+
drop_table :permission_maps
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
class CanHasPermissionCreateRoleMaps < ActiveRecord::Migration
|
|
2
|
+
def self.up
|
|
3
|
+
create_table :role_maps do |t|
|
|
4
|
+
t.string :permissible_type, :null => false
|
|
5
|
+
t.integer :permissible_id, :null => false
|
|
6
|
+
t.integer :role_id, :null => false
|
|
7
|
+
t.timestamps
|
|
8
|
+
end
|
|
9
|
+
add_index :role_maps, :role_id
|
|
10
|
+
add_index :role_maps, [:permissible_id, :permissible_type]
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.down
|
|
14
|
+
remove_index :role_maps, :role_id
|
|
15
|
+
remove_index :role_maps, [:permissible_id, :permissible_type]
|
|
16
|
+
drop_table :role_maps
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
module ActionController
|
|
2
|
+
module Filters
|
|
3
|
+
module ClassMethods
|
|
4
|
+
def requires_permission(permission)
|
|
5
|
+
before_filter lambda { |instance|
|
|
6
|
+
unless instance.send(:current_user).can?(permission)
|
|
7
|
+
instance.send(:permission_denied, permission)
|
|
8
|
+
return false
|
|
9
|
+
end
|
|
10
|
+
}
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
data/lib/can-has-permission.rb
CHANGED
|
@@ -2,17 +2,19 @@ module CanHasPermission
|
|
|
2
2
|
|
|
3
3
|
def self.included(base)
|
|
4
4
|
base.class_eval do
|
|
5
|
-
has_many :
|
|
6
|
-
has_many :
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
has_many :role_maps, :as => 'permissible', :class_name => 'CanHasPermission::RoleMap'
|
|
6
|
+
has_many :permission_maps, :as => 'permissible', :class_name => 'CanHasPermission::PermissionMap'
|
|
7
|
+
has_many :permissions, :through => :permission_maps
|
|
8
|
+
has_many :roles, :through => :role_maps
|
|
9
|
+
accepts_nested_attributes_for :role_maps
|
|
10
|
+
accepts_nested_attributes_for :permission_maps
|
|
9
11
|
end
|
|
10
12
|
end
|
|
11
13
|
|
|
12
14
|
def can?(permission)
|
|
13
15
|
return true if (!self.permissions.select{|p| p.name == permission.to_s}.empty?)
|
|
14
16
|
self.roles.each do |role|
|
|
15
|
-
return true if role.
|
|
17
|
+
return true if role.can?(permission)
|
|
16
18
|
end
|
|
17
19
|
false
|
|
18
20
|
end
|
|
@@ -22,8 +24,9 @@ module CanHasPermission
|
|
|
22
24
|
end
|
|
23
25
|
end
|
|
24
26
|
|
|
27
|
+
require File.join(File.dirname(__FILE__), 'can-has-permission', 'permission_map')
|
|
25
28
|
require File.join(File.dirname(__FILE__), 'can-has-permission', 'permission')
|
|
26
|
-
require File.join(File.dirname(__FILE__), 'can-has-permission', '
|
|
29
|
+
require File.join(File.dirname(__FILE__), 'can-has-permission', 'role_map')
|
|
27
30
|
require File.join(File.dirname(__FILE__), 'can-has-permission', 'role')
|
|
28
|
-
require File.join(File.dirname(__FILE__), 'can-has-permission', '
|
|
29
|
-
require File.join(File.dirname(__FILE__), '
|
|
31
|
+
require File.join(File.dirname(__FILE__), 'can-has-permission', 'anonymous')
|
|
32
|
+
require File.join(File.dirname(__FILE__), 'action_controller')
|
|
@@ -1,27 +1,7 @@
|
|
|
1
1
|
module CanHasPermission
|
|
2
2
|
class Permission < ActiveRecord::Base
|
|
3
|
-
validates_presence_of :
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
validates_uniqueness_of :permissible_type, :permissible_id, :scope => :permissible_id
|
|
7
|
-
before_save :create_permission, :unless => lambda{|instance| instance.name.blank?}
|
|
8
|
-
|
|
9
|
-
belongs_to :permissible, :polymorphic => true
|
|
10
|
-
belongs_to :permission_type, :class_name => 'CanHasPermission::PermissionType'
|
|
11
|
-
|
|
12
|
-
def name=(permission)
|
|
13
|
-
@permission = permission.to_s
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
#test this
|
|
17
|
-
def name
|
|
18
|
-
@permission || permission_type.try(:name)
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
protected
|
|
22
|
-
|
|
23
|
-
def create_permission
|
|
24
|
-
self.permission_type_id = CanHasPermission::PermissionType.find_or_create_by_name(:name => self.name).id
|
|
25
|
-
end
|
|
3
|
+
validates_presence_of :name
|
|
4
|
+
validates_uniqueness_of :name
|
|
5
|
+
has_many :permission_maps, :class_name => 'CanHasPermission::PermissionMap'
|
|
26
6
|
end
|
|
27
7
|
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
module CanHasPermission
|
|
2
|
+
class PermissionMap < ActiveRecord::Base
|
|
3
|
+
validates_presence_of :permission_id
|
|
4
|
+
#validates_presence_of :permissible_id
|
|
5
|
+
#validates_presence_of :permissible_type
|
|
6
|
+
validates_uniqueness_of :permissible_type, :permissible_id, :scope => :permissible_id
|
|
7
|
+
|
|
8
|
+
belongs_to :permissible, :polymorphic => true
|
|
9
|
+
belongs_to :permission, :class_name => 'CanHasPermission::Permission'
|
|
10
|
+
end
|
|
11
|
+
end
|
|
@@ -1,25 +1,14 @@
|
|
|
1
1
|
module CanHasPermission
|
|
2
2
|
class Role < ActiveRecord::Base
|
|
3
|
-
validates_presence_of :
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
def name=(role)
|
|
13
|
-
@role = role.to_s
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def name
|
|
17
|
-
@role || role_type.try(:name)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
protected
|
|
21
|
-
def create_role
|
|
22
|
-
self.role_type_id = CanHasPermission::RoleType.find_or_create_by_name(:name => self.name).id
|
|
3
|
+
validates_presence_of :name
|
|
4
|
+
validates_uniqueness_of :name
|
|
5
|
+
has_many :role_maps, :class_name => 'CanHasPermission::RoleMap'
|
|
6
|
+
has_many :permission_maps, :as => 'permissible', :class_name => 'CanHasPermission::PermissionMap'
|
|
7
|
+
has_many :permissions, :through => :permission_maps
|
|
8
|
+
|
|
9
|
+
def can?(permission)
|
|
10
|
+
return true if (!self.permissions.select{|p| p.name == permission.to_s}.empty?)
|
|
11
|
+
false
|
|
23
12
|
end
|
|
24
13
|
end
|
|
25
14
|
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
module CanHasPermission
|
|
2
|
+
class RoleMap < ActiveRecord::Base
|
|
3
|
+
validates_presence_of :role_id
|
|
4
|
+
#validates_presence_of :permissible_id
|
|
5
|
+
#validates_presence_of :permissible_type
|
|
6
|
+
validates_uniqueness_of :permissible_type, :permissible_id, :scope => :permissible_id
|
|
7
|
+
|
|
8
|
+
belongs_to :permissible, :polymorphic => true
|
|
9
|
+
belongs_to :role, :class_name => 'CanHasPermission::Role'
|
|
10
|
+
end
|
|
11
|
+
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -7,7 +7,7 @@ require 'ruby-debug'
|
|
|
7
7
|
def reset_database
|
|
8
8
|
ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
|
|
9
9
|
ActiveRecord::Schema.define(:version => 1) do
|
|
10
|
-
create_table :
|
|
10
|
+
create_table :roles do |t|
|
|
11
11
|
t.string :name, :null => false
|
|
12
12
|
t.timestamps
|
|
13
13
|
end
|
|
@@ -17,22 +17,22 @@ def reset_database
|
|
|
17
17
|
t.timestamps
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
create_table :
|
|
20
|
+
create_table :permissions do |t|
|
|
21
21
|
t.string :name, :null => false
|
|
22
22
|
t.timestamps
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
-
create_table :
|
|
25
|
+
create_table :role_maps do |t|
|
|
26
26
|
t.string :permissible_type, :null => false
|
|
27
27
|
t.integer :permissible_id, :null => false
|
|
28
|
-
t.integer :
|
|
28
|
+
t.integer :role_id, :null => false
|
|
29
29
|
t.timestamps
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
create_table :
|
|
32
|
+
create_table :permission_maps do |t|
|
|
33
33
|
t.string :permissible_type, :null => false
|
|
34
34
|
t.integer :permissible_id, :null => false
|
|
35
|
-
t.integer :
|
|
35
|
+
t.integer :permission_id, :null => false
|
|
36
36
|
t.timestamps
|
|
37
37
|
end
|
|
38
38
|
end
|
|
@@ -51,17 +51,18 @@ describe CanHasPermission::Anonymous do
|
|
|
51
51
|
end
|
|
52
52
|
end
|
|
53
53
|
end
|
|
54
|
+
|
|
54
55
|
describe "creating a role_type with permissions" do
|
|
55
56
|
before(:each) do
|
|
56
57
|
@role_type_name = 'type'
|
|
57
|
-
@role_type = CanHasPermission::
|
|
58
|
+
@role_type = CanHasPermission::Role.create!(:name => @role_type_name)
|
|
58
59
|
@role_type.permissions.create!(:name => 'perm')
|
|
59
60
|
@role_type.reload
|
|
60
61
|
end
|
|
61
62
|
describe "and adding the role to anon" do
|
|
62
63
|
before(:each) do
|
|
63
64
|
@role = CanHasPermission::Anonymous.create!(:name => 'user')
|
|
64
|
-
@role.
|
|
65
|
+
@role.role_maps.create!(:role => @role_type)
|
|
65
66
|
end
|
|
66
67
|
describe "#can?" do
|
|
67
68
|
it "should return true when given the permission" do
|
|
@@ -73,4 +74,21 @@ describe CanHasPermission::Anonymous do
|
|
|
73
74
|
end
|
|
74
75
|
end
|
|
75
76
|
end
|
|
77
|
+
|
|
78
|
+
it "using nested attributes should save" do
|
|
79
|
+
role =CanHasPermission::Role.create!(:name => 'role')
|
|
80
|
+
anon = CanHasPermission::Anonymous.create(:name => 'user', :role_maps_attributes => [{:role => role}])
|
|
81
|
+
anon.reload
|
|
82
|
+
anon.role_maps.should_not be_empty
|
|
83
|
+
anon.roles.should_not be_empty
|
|
84
|
+
anon.role_maps.first.permissible_id.should_not be_nil
|
|
85
|
+
end
|
|
86
|
+
it "using nested attributes should save" do
|
|
87
|
+
role =CanHasPermission::Permission.create!(:name => 'role')
|
|
88
|
+
anon = CanHasPermission::Anonymous.create(:name => 'user', :permission_maps_attributes => [{:permission => role}])
|
|
89
|
+
anon.reload
|
|
90
|
+
anon.permission_maps.should_not be_empty
|
|
91
|
+
anon.permissions.should_not be_empty
|
|
92
|
+
anon.permission_maps.first.permissible_id.should_not be_nil
|
|
93
|
+
end
|
|
76
94
|
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
|
+
|
|
3
|
+
describe CanHasPermission::PermissionMap do
|
|
4
|
+
it "created with all attributes should be valid" do
|
|
5
|
+
role = CanHasPermission::PermissionMap.new(:permissible_id => 1, :permissible_type => 'Object', :permission_id => 1)
|
|
6
|
+
role.should be_valid
|
|
7
|
+
end
|
|
8
|
+
it "should be invalid without an id" do
|
|
9
|
+
role = CanHasPermission::PermissionMap.new(:permissible_id => 1, :permissible_type => 'Object')
|
|
10
|
+
role.should be_invalid
|
|
11
|
+
end
|
|
12
|
+
it "two permissions with the same object should not be valid" do
|
|
13
|
+
role1 = CanHasPermission::PermissionMap.create!(:permissible_id => 1, :permissible_type => 'Object', :permission_id => 1)
|
|
14
|
+
role2 = CanHasPermission::PermissionMap.new(:permissible_id => 1, :permissible_type => 'Object', :permission_id => 1)
|
|
15
|
+
role2.should_not be_valid
|
|
16
|
+
end
|
|
17
|
+
it "two permissions with different object ids should be valid" do
|
|
18
|
+
role1 = CanHasPermission::PermissionMap.create!(:permissible_id => 1, :permissible_type => 'Object', :permission_id => 1)
|
|
19
|
+
role2 = CanHasPermission::PermissionMap.new(:permissible_id => 2, :permissible_type => 'Object', :permission_id => 1)
|
|
20
|
+
role2.should be_valid
|
|
21
|
+
end
|
|
22
|
+
it "two permissions with the same object but different roles should be valid" do
|
|
23
|
+
role1 = CanHasPermission::PermissionMap.create!(:permissible_id => 1, :permissible_type => 'Object', :permission_id => 1)
|
|
24
|
+
role2 = CanHasPermission::PermissionMap.new(:permissible_id => 2, :permissible_type => 'Object', :permission_id => 2)
|
|
25
|
+
role2.should be_valid
|
|
26
|
+
end
|
|
27
|
+
describe "with a permission" do
|
|
28
|
+
before(:each) do
|
|
29
|
+
@role_type = CanHasPermission::Permission.create!(:name => 'role')
|
|
30
|
+
end
|
|
31
|
+
it "should be valid without a name" do
|
|
32
|
+
role = CanHasPermission::PermissionMap.new(:permissible_id => 1, :permissible_type => 'Object', :permission => @role_type)
|
|
33
|
+
role.should be_valid
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
end
|
|
@@ -1,59 +1,20 @@
|
|
|
1
1
|
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
2
|
|
|
3
3
|
describe CanHasPermission::Permission do
|
|
4
|
-
it "
|
|
5
|
-
role = CanHasPermission::Permission.new(:
|
|
4
|
+
it "should be valid with a name" do
|
|
5
|
+
role = CanHasPermission::Permission.new(:name => 'Bingo')
|
|
6
6
|
role.should be_valid
|
|
7
7
|
end
|
|
8
|
-
it "should be
|
|
9
|
-
role = CanHasPermission::Permission.new(
|
|
10
|
-
role.
|
|
8
|
+
it "should not be valid without a name" do
|
|
9
|
+
role = CanHasPermission::Permission.new()
|
|
10
|
+
role.should_not be_valid
|
|
11
11
|
end
|
|
12
|
-
it "
|
|
13
|
-
|
|
14
|
-
|
|
12
|
+
it "should not be valid when it has a name that already exists" do
|
|
13
|
+
name = 'the same'
|
|
14
|
+
role1 = CanHasPermission::Permission.create!(:name => 'the same')
|
|
15
|
+
role2 = CanHasPermission::Permission.new(:name => 'the same')
|
|
16
|
+
role1.should be_valid
|
|
17
|
+
role1.id.should_not be_nil
|
|
15
18
|
role2.should_not be_valid
|
|
16
19
|
end
|
|
17
|
-
it "two permissions with different object ids should be valid" do
|
|
18
|
-
role1 = CanHasPermission::Permission.create!(:permissible_id => 1, :permissible_type => 'Object', :name => 'role')
|
|
19
|
-
role2 = CanHasPermission::Permission.new(:permissible_id => 2, :permissible_type => 'Object', :name => 'role')
|
|
20
|
-
role2.should be_valid
|
|
21
|
-
end
|
|
22
|
-
describe "with a role type" do
|
|
23
|
-
before(:each) do
|
|
24
|
-
@role_type = CanHasPermission::PermissionType.create!(:name => 'role')
|
|
25
|
-
end
|
|
26
|
-
it "should be valid without a name" do
|
|
27
|
-
role = CanHasPermission::Permission.new(:permissible_id => 1, :permissible_type => 'Object', :name => @role_type)
|
|
28
|
-
role.should be_valid
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
it "should be invalid without a permissible_id" do
|
|
32
|
-
role = CanHasPermission::Permission.new(:permissible_type => 'Object', :name => 'role')
|
|
33
|
-
role.should be_invalid
|
|
34
|
-
end
|
|
35
|
-
it "should be invalid without a permissible_type" do
|
|
36
|
-
role = CanHasPermission::Permission.new(:permissible_id => 1, :name => 'role', :name => 'role')
|
|
37
|
-
role.should be_invalid
|
|
38
|
-
end
|
|
39
|
-
describe "created with a name and not a permission" do
|
|
40
|
-
before(:each) do
|
|
41
|
-
@role_name = 'role'
|
|
42
|
-
@role = CanHasPermission::Permission.create!(:permissible_id => 1, :permissible_type => 'Object', :name => @role_name)
|
|
43
|
-
end
|
|
44
|
-
it "should create a permission_type" do
|
|
45
|
-
CanHasPermission::PermissionType.count(:conditions => {:name => @role_name}).should == 1
|
|
46
|
-
end
|
|
47
|
-
describe "and another role of the same permission is created" do
|
|
48
|
-
before(:each) do
|
|
49
|
-
@role2 = CanHasPermission::Permission.create!(:permissible_id => 2, :permissible_type => 'Object', :name => @role_name)
|
|
50
|
-
end
|
|
51
|
-
it "should not create a second permission_type" do
|
|
52
|
-
CanHasPermission::PermissionType.count(:conditions => {:name => @role_name}).should == 1
|
|
53
|
-
end
|
|
54
|
-
it "both should have the same permission_type instance" do
|
|
55
|
-
@role2.permission_type_id.should == @role.permission_type_id
|
|
56
|
-
end
|
|
57
|
-
end
|
|
58
|
-
end
|
|
59
20
|
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
|
+
|
|
3
|
+
describe CanHasPermission::RoleMap do
|
|
4
|
+
it "created with all attributes should be valid" do
|
|
5
|
+
role = CanHasPermission::RoleMap.new(:permissible_id => 1, :permissible_type => 'Object', :role_id => 1)
|
|
6
|
+
role.should be_valid
|
|
7
|
+
end
|
|
8
|
+
it "should be invalid without an id" do
|
|
9
|
+
role = CanHasPermission::RoleMap.new(:permissible_id => 1, :permissible_type => 'Object')
|
|
10
|
+
role.should be_invalid
|
|
11
|
+
end
|
|
12
|
+
it "two permissions with the same object should not be valid" do
|
|
13
|
+
role1 = CanHasPermission::RoleMap.create!(:permissible_id => 1, :permissible_type => 'Object', :role_id => 1)
|
|
14
|
+
role2 = CanHasPermission::RoleMap.new(:permissible_id => 1, :permissible_type => 'Object', :role_id => 1)
|
|
15
|
+
role2.should_not be_valid
|
|
16
|
+
end
|
|
17
|
+
it "two permissions with different object ids should be valid" do
|
|
18
|
+
role1 = CanHasPermission::RoleMap.create!(:permissible_id => 1, :permissible_type => 'Object', :role_id => 1)
|
|
19
|
+
role2 = CanHasPermission::RoleMap.new(:permissible_id => 2, :permissible_type => 'Object', :role_id => 1)
|
|
20
|
+
role2.should be_valid
|
|
21
|
+
end
|
|
22
|
+
it "two permissions with the same object but different roles should be valid" do
|
|
23
|
+
role1 = CanHasPermission::RoleMap.create!(:permissible_id => 1, :permissible_type => 'Object', :role_id => 1)
|
|
24
|
+
role2 = CanHasPermission::RoleMap.new(:permissible_id => 2, :permissible_type => 'Object', :role_id => 2)
|
|
25
|
+
role2.should be_valid
|
|
26
|
+
end
|
|
27
|
+
describe "with a permission" do
|
|
28
|
+
before(:each) do
|
|
29
|
+
@role_type = CanHasPermission::Role.create!(:name => 'role')
|
|
30
|
+
end
|
|
31
|
+
it "should be valid without a name" do
|
|
32
|
+
role = CanHasPermission::RoleMap.new(:permissible_id => 1, :permissible_type => 'Object', :role => @role_type)
|
|
33
|
+
role.should be_valid
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
end
|
data/spec/tests/role_spec.rb
CHANGED
|
@@ -1,58 +1,37 @@
|
|
|
1
1
|
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
2
|
|
|
3
3
|
describe CanHasPermission::Role do
|
|
4
|
-
it "
|
|
5
|
-
role = CanHasPermission::Role.new(:
|
|
4
|
+
it "should be valid with a name" do
|
|
5
|
+
role = CanHasPermission::Role.new(:name => 'Bingo')
|
|
6
6
|
role.should be_valid
|
|
7
7
|
end
|
|
8
|
-
it "should be
|
|
9
|
-
role = CanHasPermission::Role.new(
|
|
10
|
-
role.
|
|
8
|
+
it "should not be valid without a name" do
|
|
9
|
+
role = CanHasPermission::Role.new()
|
|
10
|
+
role.should_not be_valid
|
|
11
11
|
end
|
|
12
|
-
it "
|
|
13
|
-
|
|
14
|
-
|
|
12
|
+
it "should not be valid when it has a name that already exists" do
|
|
13
|
+
name = 'the same'
|
|
14
|
+
role1 = CanHasPermission::Role.create!(:name => 'the same')
|
|
15
|
+
role2 = CanHasPermission::Role.new(:name => 'the same')
|
|
16
|
+
role1.should be_valid
|
|
17
|
+
role1.id.should_not be_nil
|
|
15
18
|
role2.should_not be_valid
|
|
16
19
|
end
|
|
17
|
-
|
|
18
|
-
role1 = CanHasPermission::Role.create!(:permissible_id => 1, :permissible_type => 'Object', :name => 'role')
|
|
19
|
-
role2 = CanHasPermission::Role.new(:permissible_id => 2, :permissible_type => 'Object', :name => 'role')
|
|
20
|
-
role2.should be_valid
|
|
21
|
-
end
|
|
22
|
-
describe "with a role type" do
|
|
23
|
-
before(:each) do
|
|
24
|
-
@role_type = CanHasPermission::RoleType.create!(:name => 'role')
|
|
25
|
-
end
|
|
26
|
-
it "should be valid without a name" do
|
|
27
|
-
role = CanHasPermission::Role.new(:permissible_id => 1, :permissible_type => 'Object', :role_type => @role_type)
|
|
28
|
-
role.should be_valid
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
it "should be invalid without a permissible_id" do
|
|
32
|
-
role = CanHasPermission::Role.new(:permissible_type => 'Object', :name => 'role')
|
|
33
|
-
role.should be_invalid
|
|
34
|
-
end
|
|
35
|
-
it "should be invalid without a permissible_type" do
|
|
36
|
-
role = CanHasPermission::Role.new(:permissible_id => 1, :name => 'role', :name => 'role')
|
|
37
|
-
role.should be_invalid
|
|
38
|
-
end
|
|
39
|
-
describe "created with a name and not a type" do
|
|
20
|
+
describe "creating a role_type with permissions" do
|
|
40
21
|
before(:each) do
|
|
41
|
-
@
|
|
42
|
-
@role
|
|
22
|
+
@role = CanHasPermission::Role.create!(:name => 'joe')
|
|
23
|
+
@role.permissions.create!(:name => 'perm')
|
|
24
|
+
@role.reload
|
|
43
25
|
end
|
|
44
|
-
it "should
|
|
45
|
-
|
|
26
|
+
it "should have an attached permission" do
|
|
27
|
+
@role.permissions.should_not be_empty
|
|
46
28
|
end
|
|
47
|
-
describe "
|
|
48
|
-
|
|
49
|
-
@
|
|
50
|
-
end
|
|
51
|
-
it "should not create a second role_type" do
|
|
52
|
-
CanHasPermission::RoleType.count(:conditions => {:name => @role_name}).should == 1
|
|
29
|
+
describe "#can?" do
|
|
30
|
+
it "should return true when given the permission" do
|
|
31
|
+
@role.can?(:perm).should be_true
|
|
53
32
|
end
|
|
54
|
-
it "
|
|
55
|
-
@
|
|
33
|
+
it "should return false when given a different permission" do
|
|
34
|
+
@role.can?(:perm2).should be_false
|
|
56
35
|
end
|
|
57
36
|
end
|
|
58
37
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: can-has-permission
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 21
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
|
+
- 2
|
|
8
9
|
- 1
|
|
9
|
-
|
|
10
|
-
version: 0.1.0
|
|
10
|
+
version: 0.2.1
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Chris Rode
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2010-08-
|
|
18
|
+
date: 2010-08-26 00:00:00 +01:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies: []
|
|
21
21
|
|
|
@@ -30,23 +30,22 @@ extra_rdoc_files:
|
|
|
30
30
|
files:
|
|
31
31
|
- generators/can_has_permission_generator.rb
|
|
32
32
|
- generators/templates/can_has_permission_create_anonymous.rb
|
|
33
|
-
- generators/templates/
|
|
34
|
-
- generators/templates/
|
|
35
|
-
-
|
|
36
|
-
- generators/templates/can_has_permission_create_roles.rb
|
|
33
|
+
- generators/templates/can_has_permission_create_permission_maps.rb
|
|
34
|
+
- generators/templates/can_has_permission_create_role_maps.rb
|
|
35
|
+
- lib/action_controller.rb
|
|
37
36
|
- lib/can-has-permission.rb
|
|
38
37
|
- lib/can-has-permission/anonymous.rb
|
|
39
38
|
- lib/can-has-permission/permission.rb
|
|
40
|
-
- lib/can-has-permission/
|
|
39
|
+
- lib/can-has-permission/permission_map.rb
|
|
41
40
|
- lib/can-has-permission/role.rb
|
|
42
|
-
- lib/can-has-permission/
|
|
41
|
+
- lib/can-has-permission/role_map.rb
|
|
43
42
|
- README.rdoc
|
|
44
43
|
- spec/spec_helper.rb
|
|
45
44
|
- spec/tests/anonymous_spec.rb
|
|
45
|
+
- spec/tests/permission_map_spec.rb
|
|
46
46
|
- spec/tests/permission_spec.rb
|
|
47
|
-
- spec/tests/
|
|
47
|
+
- spec/tests/role_map_spec.rb
|
|
48
48
|
- spec/tests/role_spec.rb
|
|
49
|
-
- spec/tests/role_type_spec.rb
|
|
50
49
|
has_rdoc: true
|
|
51
50
|
homepage: http://github.com/cirode/can-has-permission
|
|
52
51
|
licenses: []
|
|
@@ -84,7 +83,7 @@ summary: simple permissions based authorisation
|
|
|
84
83
|
test_files:
|
|
85
84
|
- spec/spec_helper.rb
|
|
86
85
|
- spec/tests/anonymous_spec.rb
|
|
86
|
+
- spec/tests/permission_map_spec.rb
|
|
87
87
|
- spec/tests/permission_spec.rb
|
|
88
|
-
- spec/tests/
|
|
88
|
+
- spec/tests/role_map_spec.rb
|
|
89
89
|
- spec/tests/role_spec.rb
|
|
90
|
-
- spec/tests/role_type_spec.rb
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
class CanHasPermissionCreatePermissionTypes < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
create_table :permission_types do |t|
|
|
4
|
-
t.string :name, :null => false
|
|
5
|
-
t.timestamps
|
|
6
|
-
end
|
|
7
|
-
add_index :permission_types, :name, :unique => true
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
def self.down
|
|
11
|
-
remove_index :permission_types, :name
|
|
12
|
-
drop_table :permission_types
|
|
13
|
-
end
|
|
14
|
-
end
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
class CanHasPermissionCreatePermissions < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
create_table :permissions do |t|
|
|
4
|
-
t.string :permissible_type, :null => false
|
|
5
|
-
t.integer :permissible_id, :null => false
|
|
6
|
-
t.integer :permission_type_id, :null => false
|
|
7
|
-
t.timestamps
|
|
8
|
-
end
|
|
9
|
-
add_index :permissions, :permission_type_id
|
|
10
|
-
add_index :permissions, [:permissible_id, :permissible_type]
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def self.down
|
|
14
|
-
remove_index :permissions, :permission_type_id
|
|
15
|
-
remove_index :permissions, [:permissible_id, :permissible_type]
|
|
16
|
-
drop_table :permissions
|
|
17
|
-
end
|
|
18
|
-
end
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
class CanHasPermissionCreateRoleTypes < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
create_table :role_types do |t|
|
|
4
|
-
t.string :name, :null => false
|
|
5
|
-
t.timestamps
|
|
6
|
-
end
|
|
7
|
-
add_index :role_types, :name, :unique => true
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
def self.down
|
|
11
|
-
remove_index :role_types, :name
|
|
12
|
-
drop_table :role_types
|
|
13
|
-
end
|
|
14
|
-
end
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
class CanHasPermissionCreateRoles < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
create_table :roles do |t|
|
|
4
|
-
t.string :permissible_type, :null => false
|
|
5
|
-
t.integer :permissible_id, :null => false
|
|
6
|
-
t.integer :role_type_id, :null => false
|
|
7
|
-
t.timestamps
|
|
8
|
-
end
|
|
9
|
-
add_index :roles, :role_type_id
|
|
10
|
-
add_index :roles, [:permissible_id, :permissible_type]
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def self.down
|
|
14
|
-
remove_index :roles, :role_type_id
|
|
15
|
-
remove_index :roles, [:permissible_id, :permissible_type]
|
|
16
|
-
drop_table :roles
|
|
17
|
-
end
|
|
18
|
-
end
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
module CanHasPermission
|
|
2
|
-
class RoleType < ActiveRecord::Base
|
|
3
|
-
validates_presence_of :name
|
|
4
|
-
validates_uniqueness_of :name
|
|
5
|
-
has_many :roles, :class_name => 'CanHasPermission::Role'
|
|
6
|
-
has_many :permissions, :as => 'permissible', :class_name => 'CanHasPermission::Permission'
|
|
7
|
-
accepts_nested_attributes_for :permissions
|
|
8
|
-
|
|
9
|
-
def can?(permission)
|
|
10
|
-
return true if (!self.permissions.select{|p| p.name == permission.to_s}.empty?)
|
|
11
|
-
false
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
end
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
|
-
|
|
3
|
-
describe CanHasPermission::PermissionType do
|
|
4
|
-
it "should be valid with a name" do
|
|
5
|
-
role = CanHasPermission::PermissionType.new(:name => 'Bingo')
|
|
6
|
-
role.should be_valid
|
|
7
|
-
end
|
|
8
|
-
it "should not be valid without a name" do
|
|
9
|
-
role = CanHasPermission::PermissionType.new()
|
|
10
|
-
role.should_not be_valid
|
|
11
|
-
end
|
|
12
|
-
it "should not be valid when it has a name that already exists" do
|
|
13
|
-
name = 'the same'
|
|
14
|
-
role1 = CanHasPermission::PermissionType.create!(:name => 'the same')
|
|
15
|
-
role2 = CanHasPermission::PermissionType.new(:name => 'the same')
|
|
16
|
-
role1.should be_valid
|
|
17
|
-
role1.id.should_not be_nil
|
|
18
|
-
role2.should_not be_valid
|
|
19
|
-
end
|
|
20
|
-
end
|
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
|
-
|
|
3
|
-
describe CanHasPermission::RoleType do
|
|
4
|
-
it "should be valid with a name" do
|
|
5
|
-
role = CanHasPermission::RoleType.new(:name => 'Bingo')
|
|
6
|
-
role.should be_valid
|
|
7
|
-
end
|
|
8
|
-
it "should not be valid without a name" do
|
|
9
|
-
role = CanHasPermission::RoleType.new()
|
|
10
|
-
role.should_not be_valid
|
|
11
|
-
end
|
|
12
|
-
it "should not be valid when it has a name that already exists" do
|
|
13
|
-
name = 'the same'
|
|
14
|
-
role1 = CanHasPermission::RoleType.create!(:name => 'the same')
|
|
15
|
-
role2 = CanHasPermission::RoleType.new(:name => 'the same')
|
|
16
|
-
role1.should be_valid
|
|
17
|
-
role1.id.should_not be_nil
|
|
18
|
-
role2.should_not be_valid
|
|
19
|
-
end
|
|
20
|
-
describe "creating a role_type with permissions" do
|
|
21
|
-
before(:each) do
|
|
22
|
-
@role = CanHasPermission::RoleType.create!(:name => 'joe')
|
|
23
|
-
@role.permissions.create!(:name => 'perm')
|
|
24
|
-
@role.reload
|
|
25
|
-
end
|
|
26
|
-
it "should have an attached permission" do
|
|
27
|
-
@role.permissions.should_not be_empty
|
|
28
|
-
end
|
|
29
|
-
describe "#can?" do
|
|
30
|
-
it "should return true when given the permission" do
|
|
31
|
-
@role.can?(:perm).should be_true
|
|
32
|
-
end
|
|
33
|
-
it "should return false when given a different permission" do
|
|
34
|
-
@role.can?(:perm2).should be_false
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
end
|