can-has-permission 0.1.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- data/generators/can_has_permission_generator.rb +6 -6
- data/generators/templates/can_has_permission_create_permission_maps.rb +18 -0
- data/generators/templates/can_has_permission_create_role_maps.rb +18 -0
- data/lib/action_controller.rb +14 -0
- data/lib/can-has-permission.rb +11 -8
- data/lib/can-has-permission/permission.rb +3 -23
- data/lib/can-has-permission/permission_map.rb +11 -0
- data/lib/can-has-permission/role.rb +9 -20
- data/lib/can-has-permission/role_map.rb +11 -0
- data/spec/spec_helper.rb +6 -6
- data/spec/tests/anonymous_spec.rb +20 -2
- data/spec/tests/permission_map_spec.rb +37 -0
- data/spec/tests/permission_spec.rb +11 -50
- data/spec/tests/role_map_spec.rb +37 -0
- data/spec/tests/role_spec.rb +22 -43
- metadata +13 -14
- data/generators/templates/can_has_permission_create_permission_types.rb +0 -14
- data/generators/templates/can_has_permission_create_permissions.rb +0 -18
- data/generators/templates/can_has_permission_create_role_types.rb +0 -14
- data/generators/templates/can_has_permission_create_roles.rb +0 -18
- data/lib/can-has-permission/permission_type.rb +0 -7
- data/lib/can-has-permission/role_type.rb +0 -14
- data/spec/tests/permission_type_spec.rb +0 -20
- data/spec/tests/role_type_spec.rb +0 -38
|
@@ -4,14 +4,14 @@ class CanHasPermissionGenerator < Rails::Generator::Base
|
|
|
4
4
|
record do |m|
|
|
5
5
|
m.migration_template "can_has_permission_create_anonymous.rb", "db/migrate",
|
|
6
6
|
{ :migration_file_name => "can_has_permission_create_anonymous" }
|
|
7
|
-
m.migration_template "
|
|
8
|
-
{ :migration_file_name => "
|
|
9
|
-
m.migration_template "can_has_permission_create_role_types.rb", "db/migrate",
|
|
10
|
-
{ :migration_file_name => "can_has_permission_create_role_types" }
|
|
11
|
-
m.migration_template "can_has_permission_create_permission_types.rb", "db/migrate",
|
|
12
|
-
{ :migration_file_name => "can_has_permission_create_permission_types" }
|
|
7
|
+
m.migration_template "can_has_permission_create_permission_maps.rb", "db/migrate",
|
|
8
|
+
{ :migration_file_name => "can_has_permission_create_permission_maps" }
|
|
13
9
|
m.migration_template "can_has_permission_create_roles.rb", "db/migrate",
|
|
14
10
|
{ :migration_file_name => "can_has_permission_create_roles" }
|
|
11
|
+
m.migration_template "can_has_permission_create_permissions.rb", "db/migrate",
|
|
12
|
+
{ :migration_file_name => "can_has_permission_create_permissions" }
|
|
13
|
+
m.migration_template "can_has_permission_create_role_maps.rb", "db/migrate",
|
|
14
|
+
{ :migration_file_name => "can_has_permission_create_role_maps" }
|
|
15
15
|
end
|
|
16
16
|
end
|
|
17
17
|
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
class CanHasPermissionCreatePermissionMaps < ActiveRecord::Migration
|
|
2
|
+
def self.up
|
|
3
|
+
create_table :permission_maps do |t|
|
|
4
|
+
t.string :permissible_type, :null => false
|
|
5
|
+
t.integer :permissible_id, :null => false
|
|
6
|
+
t.integer :permission_id, :null => false
|
|
7
|
+
t.timestamps
|
|
8
|
+
end
|
|
9
|
+
add_index :permission_maps, :permission_id
|
|
10
|
+
add_index :permission_maps, [:permissible_id, :permissible_type]
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.down
|
|
14
|
+
remove_index :permission_maps, :permission_id
|
|
15
|
+
remove_index :permission_maps, [:permissible_id, :permissible_type]
|
|
16
|
+
drop_table :permission_maps
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
class CanHasPermissionCreateRoleMaps < ActiveRecord::Migration
|
|
2
|
+
def self.up
|
|
3
|
+
create_table :role_maps do |t|
|
|
4
|
+
t.string :permissible_type, :null => false
|
|
5
|
+
t.integer :permissible_id, :null => false
|
|
6
|
+
t.integer :role_id, :null => false
|
|
7
|
+
t.timestamps
|
|
8
|
+
end
|
|
9
|
+
add_index :role_maps, :role_id
|
|
10
|
+
add_index :role_maps, [:permissible_id, :permissible_type]
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def self.down
|
|
14
|
+
remove_index :role_maps, :role_id
|
|
15
|
+
remove_index :role_maps, [:permissible_id, :permissible_type]
|
|
16
|
+
drop_table :role_maps
|
|
17
|
+
end
|
|
18
|
+
end
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
module ActionController
|
|
2
|
+
module Filters
|
|
3
|
+
module ClassMethods
|
|
4
|
+
def requires_permission(permission)
|
|
5
|
+
before_filter lambda { |instance|
|
|
6
|
+
unless instance.send(:current_user).can?(permission)
|
|
7
|
+
instance.send(:permission_denied, permission)
|
|
8
|
+
return false
|
|
9
|
+
end
|
|
10
|
+
}
|
|
11
|
+
end
|
|
12
|
+
end
|
|
13
|
+
end
|
|
14
|
+
end
|
data/lib/can-has-permission.rb
CHANGED
|
@@ -2,17 +2,19 @@ module CanHasPermission
|
|
|
2
2
|
|
|
3
3
|
def self.included(base)
|
|
4
4
|
base.class_eval do
|
|
5
|
-
has_many :
|
|
6
|
-
has_many :
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
has_many :role_maps, :as => 'permissible', :class_name => 'CanHasPermission::RoleMap'
|
|
6
|
+
has_many :permission_maps, :as => 'permissible', :class_name => 'CanHasPermission::PermissionMap'
|
|
7
|
+
has_many :permissions, :through => :permission_maps
|
|
8
|
+
has_many :roles, :through => :role_maps
|
|
9
|
+
accepts_nested_attributes_for :role_maps
|
|
10
|
+
accepts_nested_attributes_for :permission_maps
|
|
9
11
|
end
|
|
10
12
|
end
|
|
11
13
|
|
|
12
14
|
def can?(permission)
|
|
13
15
|
return true if (!self.permissions.select{|p| p.name == permission.to_s}.empty?)
|
|
14
16
|
self.roles.each do |role|
|
|
15
|
-
return true if role.
|
|
17
|
+
return true if role.can?(permission)
|
|
16
18
|
end
|
|
17
19
|
false
|
|
18
20
|
end
|
|
@@ -22,8 +24,9 @@ module CanHasPermission
|
|
|
22
24
|
end
|
|
23
25
|
end
|
|
24
26
|
|
|
27
|
+
require File.join(File.dirname(__FILE__), 'can-has-permission', 'permission_map')
|
|
25
28
|
require File.join(File.dirname(__FILE__), 'can-has-permission', 'permission')
|
|
26
|
-
require File.join(File.dirname(__FILE__), 'can-has-permission', '
|
|
29
|
+
require File.join(File.dirname(__FILE__), 'can-has-permission', 'role_map')
|
|
27
30
|
require File.join(File.dirname(__FILE__), 'can-has-permission', 'role')
|
|
28
|
-
require File.join(File.dirname(__FILE__), 'can-has-permission', '
|
|
29
|
-
require File.join(File.dirname(__FILE__), '
|
|
31
|
+
require File.join(File.dirname(__FILE__), 'can-has-permission', 'anonymous')
|
|
32
|
+
require File.join(File.dirname(__FILE__), 'action_controller')
|
|
@@ -1,27 +1,7 @@
|
|
|
1
1
|
module CanHasPermission
|
|
2
2
|
class Permission < ActiveRecord::Base
|
|
3
|
-
validates_presence_of :
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
validates_uniqueness_of :permissible_type, :permissible_id, :scope => :permissible_id
|
|
7
|
-
before_save :create_permission, :unless => lambda{|instance| instance.name.blank?}
|
|
8
|
-
|
|
9
|
-
belongs_to :permissible, :polymorphic => true
|
|
10
|
-
belongs_to :permission_type, :class_name => 'CanHasPermission::PermissionType'
|
|
11
|
-
|
|
12
|
-
def name=(permission)
|
|
13
|
-
@permission = permission.to_s
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
#test this
|
|
17
|
-
def name
|
|
18
|
-
@permission || permission_type.try(:name)
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
protected
|
|
22
|
-
|
|
23
|
-
def create_permission
|
|
24
|
-
self.permission_type_id = CanHasPermission::PermissionType.find_or_create_by_name(:name => self.name).id
|
|
25
|
-
end
|
|
3
|
+
validates_presence_of :name
|
|
4
|
+
validates_uniqueness_of :name
|
|
5
|
+
has_many :permission_maps, :class_name => 'CanHasPermission::PermissionMap'
|
|
26
6
|
end
|
|
27
7
|
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
module CanHasPermission
|
|
2
|
+
class PermissionMap < ActiveRecord::Base
|
|
3
|
+
validates_presence_of :permission_id
|
|
4
|
+
#validates_presence_of :permissible_id
|
|
5
|
+
#validates_presence_of :permissible_type
|
|
6
|
+
validates_uniqueness_of :permissible_type, :permissible_id, :scope => :permissible_id
|
|
7
|
+
|
|
8
|
+
belongs_to :permissible, :polymorphic => true
|
|
9
|
+
belongs_to :permission, :class_name => 'CanHasPermission::Permission'
|
|
10
|
+
end
|
|
11
|
+
end
|
|
@@ -1,25 +1,14 @@
|
|
|
1
1
|
module CanHasPermission
|
|
2
2
|
class Role < ActiveRecord::Base
|
|
3
|
-
validates_presence_of :
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
def name=(role)
|
|
13
|
-
@role = role.to_s
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def name
|
|
17
|
-
@role || role_type.try(:name)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
protected
|
|
21
|
-
def create_role
|
|
22
|
-
self.role_type_id = CanHasPermission::RoleType.find_or_create_by_name(:name => self.name).id
|
|
3
|
+
validates_presence_of :name
|
|
4
|
+
validates_uniqueness_of :name
|
|
5
|
+
has_many :role_maps, :class_name => 'CanHasPermission::RoleMap'
|
|
6
|
+
has_many :permission_maps, :as => 'permissible', :class_name => 'CanHasPermission::PermissionMap'
|
|
7
|
+
has_many :permissions, :through => :permission_maps
|
|
8
|
+
|
|
9
|
+
def can?(permission)
|
|
10
|
+
return true if (!self.permissions.select{|p| p.name == permission.to_s}.empty?)
|
|
11
|
+
false
|
|
23
12
|
end
|
|
24
13
|
end
|
|
25
14
|
end
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
module CanHasPermission
|
|
2
|
+
class RoleMap < ActiveRecord::Base
|
|
3
|
+
validates_presence_of :role_id
|
|
4
|
+
#validates_presence_of :permissible_id
|
|
5
|
+
#validates_presence_of :permissible_type
|
|
6
|
+
validates_uniqueness_of :permissible_type, :permissible_id, :scope => :permissible_id
|
|
7
|
+
|
|
8
|
+
belongs_to :permissible, :polymorphic => true
|
|
9
|
+
belongs_to :role, :class_name => 'CanHasPermission::Role'
|
|
10
|
+
end
|
|
11
|
+
end
|
data/spec/spec_helper.rb
CHANGED
|
@@ -7,7 +7,7 @@ require 'ruby-debug'
|
|
|
7
7
|
def reset_database
|
|
8
8
|
ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
|
|
9
9
|
ActiveRecord::Schema.define(:version => 1) do
|
|
10
|
-
create_table :
|
|
10
|
+
create_table :roles do |t|
|
|
11
11
|
t.string :name, :null => false
|
|
12
12
|
t.timestamps
|
|
13
13
|
end
|
|
@@ -17,22 +17,22 @@ def reset_database
|
|
|
17
17
|
t.timestamps
|
|
18
18
|
end
|
|
19
19
|
|
|
20
|
-
create_table :
|
|
20
|
+
create_table :permissions do |t|
|
|
21
21
|
t.string :name, :null => false
|
|
22
22
|
t.timestamps
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
-
create_table :
|
|
25
|
+
create_table :role_maps do |t|
|
|
26
26
|
t.string :permissible_type, :null => false
|
|
27
27
|
t.integer :permissible_id, :null => false
|
|
28
|
-
t.integer :
|
|
28
|
+
t.integer :role_id, :null => false
|
|
29
29
|
t.timestamps
|
|
30
30
|
end
|
|
31
31
|
|
|
32
|
-
create_table :
|
|
32
|
+
create_table :permission_maps do |t|
|
|
33
33
|
t.string :permissible_type, :null => false
|
|
34
34
|
t.integer :permissible_id, :null => false
|
|
35
|
-
t.integer :
|
|
35
|
+
t.integer :permission_id, :null => false
|
|
36
36
|
t.timestamps
|
|
37
37
|
end
|
|
38
38
|
end
|
|
@@ -51,17 +51,18 @@ describe CanHasPermission::Anonymous do
|
|
|
51
51
|
end
|
|
52
52
|
end
|
|
53
53
|
end
|
|
54
|
+
|
|
54
55
|
describe "creating a role_type with permissions" do
|
|
55
56
|
before(:each) do
|
|
56
57
|
@role_type_name = 'type'
|
|
57
|
-
@role_type = CanHasPermission::
|
|
58
|
+
@role_type = CanHasPermission::Role.create!(:name => @role_type_name)
|
|
58
59
|
@role_type.permissions.create!(:name => 'perm')
|
|
59
60
|
@role_type.reload
|
|
60
61
|
end
|
|
61
62
|
describe "and adding the role to anon" do
|
|
62
63
|
before(:each) do
|
|
63
64
|
@role = CanHasPermission::Anonymous.create!(:name => 'user')
|
|
64
|
-
@role.
|
|
65
|
+
@role.role_maps.create!(:role => @role_type)
|
|
65
66
|
end
|
|
66
67
|
describe "#can?" do
|
|
67
68
|
it "should return true when given the permission" do
|
|
@@ -73,4 +74,21 @@ describe CanHasPermission::Anonymous do
|
|
|
73
74
|
end
|
|
74
75
|
end
|
|
75
76
|
end
|
|
77
|
+
|
|
78
|
+
it "using nested attributes should save" do
|
|
79
|
+
role =CanHasPermission::Role.create!(:name => 'role')
|
|
80
|
+
anon = CanHasPermission::Anonymous.create(:name => 'user', :role_maps_attributes => [{:role => role}])
|
|
81
|
+
anon.reload
|
|
82
|
+
anon.role_maps.should_not be_empty
|
|
83
|
+
anon.roles.should_not be_empty
|
|
84
|
+
anon.role_maps.first.permissible_id.should_not be_nil
|
|
85
|
+
end
|
|
86
|
+
it "using nested attributes should save" do
|
|
87
|
+
role =CanHasPermission::Permission.create!(:name => 'role')
|
|
88
|
+
anon = CanHasPermission::Anonymous.create(:name => 'user', :permission_maps_attributes => [{:permission => role}])
|
|
89
|
+
anon.reload
|
|
90
|
+
anon.permission_maps.should_not be_empty
|
|
91
|
+
anon.permissions.should_not be_empty
|
|
92
|
+
anon.permission_maps.first.permissible_id.should_not be_nil
|
|
93
|
+
end
|
|
76
94
|
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
|
+
|
|
3
|
+
describe CanHasPermission::PermissionMap do
|
|
4
|
+
it "created with all attributes should be valid" do
|
|
5
|
+
role = CanHasPermission::PermissionMap.new(:permissible_id => 1, :permissible_type => 'Object', :permission_id => 1)
|
|
6
|
+
role.should be_valid
|
|
7
|
+
end
|
|
8
|
+
it "should be invalid without an id" do
|
|
9
|
+
role = CanHasPermission::PermissionMap.new(:permissible_id => 1, :permissible_type => 'Object')
|
|
10
|
+
role.should be_invalid
|
|
11
|
+
end
|
|
12
|
+
it "two permissions with the same object should not be valid" do
|
|
13
|
+
role1 = CanHasPermission::PermissionMap.create!(:permissible_id => 1, :permissible_type => 'Object', :permission_id => 1)
|
|
14
|
+
role2 = CanHasPermission::PermissionMap.new(:permissible_id => 1, :permissible_type => 'Object', :permission_id => 1)
|
|
15
|
+
role2.should_not be_valid
|
|
16
|
+
end
|
|
17
|
+
it "two permissions with different object ids should be valid" do
|
|
18
|
+
role1 = CanHasPermission::PermissionMap.create!(:permissible_id => 1, :permissible_type => 'Object', :permission_id => 1)
|
|
19
|
+
role2 = CanHasPermission::PermissionMap.new(:permissible_id => 2, :permissible_type => 'Object', :permission_id => 1)
|
|
20
|
+
role2.should be_valid
|
|
21
|
+
end
|
|
22
|
+
it "two permissions with the same object but different roles should be valid" do
|
|
23
|
+
role1 = CanHasPermission::PermissionMap.create!(:permissible_id => 1, :permissible_type => 'Object', :permission_id => 1)
|
|
24
|
+
role2 = CanHasPermission::PermissionMap.new(:permissible_id => 2, :permissible_type => 'Object', :permission_id => 2)
|
|
25
|
+
role2.should be_valid
|
|
26
|
+
end
|
|
27
|
+
describe "with a permission" do
|
|
28
|
+
before(:each) do
|
|
29
|
+
@role_type = CanHasPermission::Permission.create!(:name => 'role')
|
|
30
|
+
end
|
|
31
|
+
it "should be valid without a name" do
|
|
32
|
+
role = CanHasPermission::PermissionMap.new(:permissible_id => 1, :permissible_type => 'Object', :permission => @role_type)
|
|
33
|
+
role.should be_valid
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
end
|
|
@@ -1,59 +1,20 @@
|
|
|
1
1
|
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
2
|
|
|
3
3
|
describe CanHasPermission::Permission do
|
|
4
|
-
it "
|
|
5
|
-
role = CanHasPermission::Permission.new(:
|
|
4
|
+
it "should be valid with a name" do
|
|
5
|
+
role = CanHasPermission::Permission.new(:name => 'Bingo')
|
|
6
6
|
role.should be_valid
|
|
7
7
|
end
|
|
8
|
-
it "should be
|
|
9
|
-
role = CanHasPermission::Permission.new(
|
|
10
|
-
role.
|
|
8
|
+
it "should not be valid without a name" do
|
|
9
|
+
role = CanHasPermission::Permission.new()
|
|
10
|
+
role.should_not be_valid
|
|
11
11
|
end
|
|
12
|
-
it "
|
|
13
|
-
|
|
14
|
-
|
|
12
|
+
it "should not be valid when it has a name that already exists" do
|
|
13
|
+
name = 'the same'
|
|
14
|
+
role1 = CanHasPermission::Permission.create!(:name => 'the same')
|
|
15
|
+
role2 = CanHasPermission::Permission.new(:name => 'the same')
|
|
16
|
+
role1.should be_valid
|
|
17
|
+
role1.id.should_not be_nil
|
|
15
18
|
role2.should_not be_valid
|
|
16
19
|
end
|
|
17
|
-
it "two permissions with different object ids should be valid" do
|
|
18
|
-
role1 = CanHasPermission::Permission.create!(:permissible_id => 1, :permissible_type => 'Object', :name => 'role')
|
|
19
|
-
role2 = CanHasPermission::Permission.new(:permissible_id => 2, :permissible_type => 'Object', :name => 'role')
|
|
20
|
-
role2.should be_valid
|
|
21
|
-
end
|
|
22
|
-
describe "with a role type" do
|
|
23
|
-
before(:each) do
|
|
24
|
-
@role_type = CanHasPermission::PermissionType.create!(:name => 'role')
|
|
25
|
-
end
|
|
26
|
-
it "should be valid without a name" do
|
|
27
|
-
role = CanHasPermission::Permission.new(:permissible_id => 1, :permissible_type => 'Object', :name => @role_type)
|
|
28
|
-
role.should be_valid
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
it "should be invalid without a permissible_id" do
|
|
32
|
-
role = CanHasPermission::Permission.new(:permissible_type => 'Object', :name => 'role')
|
|
33
|
-
role.should be_invalid
|
|
34
|
-
end
|
|
35
|
-
it "should be invalid without a permissible_type" do
|
|
36
|
-
role = CanHasPermission::Permission.new(:permissible_id => 1, :name => 'role', :name => 'role')
|
|
37
|
-
role.should be_invalid
|
|
38
|
-
end
|
|
39
|
-
describe "created with a name and not a permission" do
|
|
40
|
-
before(:each) do
|
|
41
|
-
@role_name = 'role'
|
|
42
|
-
@role = CanHasPermission::Permission.create!(:permissible_id => 1, :permissible_type => 'Object', :name => @role_name)
|
|
43
|
-
end
|
|
44
|
-
it "should create a permission_type" do
|
|
45
|
-
CanHasPermission::PermissionType.count(:conditions => {:name => @role_name}).should == 1
|
|
46
|
-
end
|
|
47
|
-
describe "and another role of the same permission is created" do
|
|
48
|
-
before(:each) do
|
|
49
|
-
@role2 = CanHasPermission::Permission.create!(:permissible_id => 2, :permissible_type => 'Object', :name => @role_name)
|
|
50
|
-
end
|
|
51
|
-
it "should not create a second permission_type" do
|
|
52
|
-
CanHasPermission::PermissionType.count(:conditions => {:name => @role_name}).should == 1
|
|
53
|
-
end
|
|
54
|
-
it "both should have the same permission_type instance" do
|
|
55
|
-
@role2.permission_type_id.should == @role.permission_type_id
|
|
56
|
-
end
|
|
57
|
-
end
|
|
58
|
-
end
|
|
59
20
|
end
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
|
+
|
|
3
|
+
describe CanHasPermission::RoleMap do
|
|
4
|
+
it "created with all attributes should be valid" do
|
|
5
|
+
role = CanHasPermission::RoleMap.new(:permissible_id => 1, :permissible_type => 'Object', :role_id => 1)
|
|
6
|
+
role.should be_valid
|
|
7
|
+
end
|
|
8
|
+
it "should be invalid without an id" do
|
|
9
|
+
role = CanHasPermission::RoleMap.new(:permissible_id => 1, :permissible_type => 'Object')
|
|
10
|
+
role.should be_invalid
|
|
11
|
+
end
|
|
12
|
+
it "two permissions with the same object should not be valid" do
|
|
13
|
+
role1 = CanHasPermission::RoleMap.create!(:permissible_id => 1, :permissible_type => 'Object', :role_id => 1)
|
|
14
|
+
role2 = CanHasPermission::RoleMap.new(:permissible_id => 1, :permissible_type => 'Object', :role_id => 1)
|
|
15
|
+
role2.should_not be_valid
|
|
16
|
+
end
|
|
17
|
+
it "two permissions with different object ids should be valid" do
|
|
18
|
+
role1 = CanHasPermission::RoleMap.create!(:permissible_id => 1, :permissible_type => 'Object', :role_id => 1)
|
|
19
|
+
role2 = CanHasPermission::RoleMap.new(:permissible_id => 2, :permissible_type => 'Object', :role_id => 1)
|
|
20
|
+
role2.should be_valid
|
|
21
|
+
end
|
|
22
|
+
it "two permissions with the same object but different roles should be valid" do
|
|
23
|
+
role1 = CanHasPermission::RoleMap.create!(:permissible_id => 1, :permissible_type => 'Object', :role_id => 1)
|
|
24
|
+
role2 = CanHasPermission::RoleMap.new(:permissible_id => 2, :permissible_type => 'Object', :role_id => 2)
|
|
25
|
+
role2.should be_valid
|
|
26
|
+
end
|
|
27
|
+
describe "with a permission" do
|
|
28
|
+
before(:each) do
|
|
29
|
+
@role_type = CanHasPermission::Role.create!(:name => 'role')
|
|
30
|
+
end
|
|
31
|
+
it "should be valid without a name" do
|
|
32
|
+
role = CanHasPermission::RoleMap.new(:permissible_id => 1, :permissible_type => 'Object', :role => @role_type)
|
|
33
|
+
role.should be_valid
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
end
|
data/spec/tests/role_spec.rb
CHANGED
|
@@ -1,58 +1,37 @@
|
|
|
1
1
|
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
2
|
|
|
3
3
|
describe CanHasPermission::Role do
|
|
4
|
-
it "
|
|
5
|
-
role = CanHasPermission::Role.new(:
|
|
4
|
+
it "should be valid with a name" do
|
|
5
|
+
role = CanHasPermission::Role.new(:name => 'Bingo')
|
|
6
6
|
role.should be_valid
|
|
7
7
|
end
|
|
8
|
-
it "should be
|
|
9
|
-
role = CanHasPermission::Role.new(
|
|
10
|
-
role.
|
|
8
|
+
it "should not be valid without a name" do
|
|
9
|
+
role = CanHasPermission::Role.new()
|
|
10
|
+
role.should_not be_valid
|
|
11
11
|
end
|
|
12
|
-
it "
|
|
13
|
-
|
|
14
|
-
|
|
12
|
+
it "should not be valid when it has a name that already exists" do
|
|
13
|
+
name = 'the same'
|
|
14
|
+
role1 = CanHasPermission::Role.create!(:name => 'the same')
|
|
15
|
+
role2 = CanHasPermission::Role.new(:name => 'the same')
|
|
16
|
+
role1.should be_valid
|
|
17
|
+
role1.id.should_not be_nil
|
|
15
18
|
role2.should_not be_valid
|
|
16
19
|
end
|
|
17
|
-
|
|
18
|
-
role1 = CanHasPermission::Role.create!(:permissible_id => 1, :permissible_type => 'Object', :name => 'role')
|
|
19
|
-
role2 = CanHasPermission::Role.new(:permissible_id => 2, :permissible_type => 'Object', :name => 'role')
|
|
20
|
-
role2.should be_valid
|
|
21
|
-
end
|
|
22
|
-
describe "with a role type" do
|
|
23
|
-
before(:each) do
|
|
24
|
-
@role_type = CanHasPermission::RoleType.create!(:name => 'role')
|
|
25
|
-
end
|
|
26
|
-
it "should be valid without a name" do
|
|
27
|
-
role = CanHasPermission::Role.new(:permissible_id => 1, :permissible_type => 'Object', :role_type => @role_type)
|
|
28
|
-
role.should be_valid
|
|
29
|
-
end
|
|
30
|
-
end
|
|
31
|
-
it "should be invalid without a permissible_id" do
|
|
32
|
-
role = CanHasPermission::Role.new(:permissible_type => 'Object', :name => 'role')
|
|
33
|
-
role.should be_invalid
|
|
34
|
-
end
|
|
35
|
-
it "should be invalid without a permissible_type" do
|
|
36
|
-
role = CanHasPermission::Role.new(:permissible_id => 1, :name => 'role', :name => 'role')
|
|
37
|
-
role.should be_invalid
|
|
38
|
-
end
|
|
39
|
-
describe "created with a name and not a type" do
|
|
20
|
+
describe "creating a role_type with permissions" do
|
|
40
21
|
before(:each) do
|
|
41
|
-
@
|
|
42
|
-
@role
|
|
22
|
+
@role = CanHasPermission::Role.create!(:name => 'joe')
|
|
23
|
+
@role.permissions.create!(:name => 'perm')
|
|
24
|
+
@role.reload
|
|
43
25
|
end
|
|
44
|
-
it "should
|
|
45
|
-
|
|
26
|
+
it "should have an attached permission" do
|
|
27
|
+
@role.permissions.should_not be_empty
|
|
46
28
|
end
|
|
47
|
-
describe "
|
|
48
|
-
|
|
49
|
-
@
|
|
50
|
-
end
|
|
51
|
-
it "should not create a second role_type" do
|
|
52
|
-
CanHasPermission::RoleType.count(:conditions => {:name => @role_name}).should == 1
|
|
29
|
+
describe "#can?" do
|
|
30
|
+
it "should return true when given the permission" do
|
|
31
|
+
@role.can?(:perm).should be_true
|
|
53
32
|
end
|
|
54
|
-
it "
|
|
55
|
-
@
|
|
33
|
+
it "should return false when given a different permission" do
|
|
34
|
+
@role.can?(:perm2).should be_false
|
|
56
35
|
end
|
|
57
36
|
end
|
|
58
37
|
end
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: can-has-permission
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 21
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
|
+
- 2
|
|
8
9
|
- 1
|
|
9
|
-
|
|
10
|
-
version: 0.1.0
|
|
10
|
+
version: 0.2.1
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Chris Rode
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2010-08-
|
|
18
|
+
date: 2010-08-26 00:00:00 +01:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies: []
|
|
21
21
|
|
|
@@ -30,23 +30,22 @@ extra_rdoc_files:
|
|
|
30
30
|
files:
|
|
31
31
|
- generators/can_has_permission_generator.rb
|
|
32
32
|
- generators/templates/can_has_permission_create_anonymous.rb
|
|
33
|
-
- generators/templates/
|
|
34
|
-
- generators/templates/
|
|
35
|
-
-
|
|
36
|
-
- generators/templates/can_has_permission_create_roles.rb
|
|
33
|
+
- generators/templates/can_has_permission_create_permission_maps.rb
|
|
34
|
+
- generators/templates/can_has_permission_create_role_maps.rb
|
|
35
|
+
- lib/action_controller.rb
|
|
37
36
|
- lib/can-has-permission.rb
|
|
38
37
|
- lib/can-has-permission/anonymous.rb
|
|
39
38
|
- lib/can-has-permission/permission.rb
|
|
40
|
-
- lib/can-has-permission/
|
|
39
|
+
- lib/can-has-permission/permission_map.rb
|
|
41
40
|
- lib/can-has-permission/role.rb
|
|
42
|
-
- lib/can-has-permission/
|
|
41
|
+
- lib/can-has-permission/role_map.rb
|
|
43
42
|
- README.rdoc
|
|
44
43
|
- spec/spec_helper.rb
|
|
45
44
|
- spec/tests/anonymous_spec.rb
|
|
45
|
+
- spec/tests/permission_map_spec.rb
|
|
46
46
|
- spec/tests/permission_spec.rb
|
|
47
|
-
- spec/tests/
|
|
47
|
+
- spec/tests/role_map_spec.rb
|
|
48
48
|
- spec/tests/role_spec.rb
|
|
49
|
-
- spec/tests/role_type_spec.rb
|
|
50
49
|
has_rdoc: true
|
|
51
50
|
homepage: http://github.com/cirode/can-has-permission
|
|
52
51
|
licenses: []
|
|
@@ -84,7 +83,7 @@ summary: simple permissions based authorisation
|
|
|
84
83
|
test_files:
|
|
85
84
|
- spec/spec_helper.rb
|
|
86
85
|
- spec/tests/anonymous_spec.rb
|
|
86
|
+
- spec/tests/permission_map_spec.rb
|
|
87
87
|
- spec/tests/permission_spec.rb
|
|
88
|
-
- spec/tests/
|
|
88
|
+
- spec/tests/role_map_spec.rb
|
|
89
89
|
- spec/tests/role_spec.rb
|
|
90
|
-
- spec/tests/role_type_spec.rb
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
class CanHasPermissionCreatePermissionTypes < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
create_table :permission_types do |t|
|
|
4
|
-
t.string :name, :null => false
|
|
5
|
-
t.timestamps
|
|
6
|
-
end
|
|
7
|
-
add_index :permission_types, :name, :unique => true
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
def self.down
|
|
11
|
-
remove_index :permission_types, :name
|
|
12
|
-
drop_table :permission_types
|
|
13
|
-
end
|
|
14
|
-
end
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
class CanHasPermissionCreatePermissions < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
create_table :permissions do |t|
|
|
4
|
-
t.string :permissible_type, :null => false
|
|
5
|
-
t.integer :permissible_id, :null => false
|
|
6
|
-
t.integer :permission_type_id, :null => false
|
|
7
|
-
t.timestamps
|
|
8
|
-
end
|
|
9
|
-
add_index :permissions, :permission_type_id
|
|
10
|
-
add_index :permissions, [:permissible_id, :permissible_type]
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def self.down
|
|
14
|
-
remove_index :permissions, :permission_type_id
|
|
15
|
-
remove_index :permissions, [:permissible_id, :permissible_type]
|
|
16
|
-
drop_table :permissions
|
|
17
|
-
end
|
|
18
|
-
end
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
class CanHasPermissionCreateRoleTypes < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
create_table :role_types do |t|
|
|
4
|
-
t.string :name, :null => false
|
|
5
|
-
t.timestamps
|
|
6
|
-
end
|
|
7
|
-
add_index :role_types, :name, :unique => true
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
def self.down
|
|
11
|
-
remove_index :role_types, :name
|
|
12
|
-
drop_table :role_types
|
|
13
|
-
end
|
|
14
|
-
end
|
|
@@ -1,18 +0,0 @@
|
|
|
1
|
-
class CanHasPermissionCreateRoles < ActiveRecord::Migration
|
|
2
|
-
def self.up
|
|
3
|
-
create_table :roles do |t|
|
|
4
|
-
t.string :permissible_type, :null => false
|
|
5
|
-
t.integer :permissible_id, :null => false
|
|
6
|
-
t.integer :role_type_id, :null => false
|
|
7
|
-
t.timestamps
|
|
8
|
-
end
|
|
9
|
-
add_index :roles, :role_type_id
|
|
10
|
-
add_index :roles, [:permissible_id, :permissible_type]
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
def self.down
|
|
14
|
-
remove_index :roles, :role_type_id
|
|
15
|
-
remove_index :roles, [:permissible_id, :permissible_type]
|
|
16
|
-
drop_table :roles
|
|
17
|
-
end
|
|
18
|
-
end
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
module CanHasPermission
|
|
2
|
-
class RoleType < ActiveRecord::Base
|
|
3
|
-
validates_presence_of :name
|
|
4
|
-
validates_uniqueness_of :name
|
|
5
|
-
has_many :roles, :class_name => 'CanHasPermission::Role'
|
|
6
|
-
has_many :permissions, :as => 'permissible', :class_name => 'CanHasPermission::Permission'
|
|
7
|
-
accepts_nested_attributes_for :permissions
|
|
8
|
-
|
|
9
|
-
def can?(permission)
|
|
10
|
-
return true if (!self.permissions.select{|p| p.name == permission.to_s}.empty?)
|
|
11
|
-
false
|
|
12
|
-
end
|
|
13
|
-
end
|
|
14
|
-
end
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
|
-
|
|
3
|
-
describe CanHasPermission::PermissionType do
|
|
4
|
-
it "should be valid with a name" do
|
|
5
|
-
role = CanHasPermission::PermissionType.new(:name => 'Bingo')
|
|
6
|
-
role.should be_valid
|
|
7
|
-
end
|
|
8
|
-
it "should not be valid without a name" do
|
|
9
|
-
role = CanHasPermission::PermissionType.new()
|
|
10
|
-
role.should_not be_valid
|
|
11
|
-
end
|
|
12
|
-
it "should not be valid when it has a name that already exists" do
|
|
13
|
-
name = 'the same'
|
|
14
|
-
role1 = CanHasPermission::PermissionType.create!(:name => 'the same')
|
|
15
|
-
role2 = CanHasPermission::PermissionType.new(:name => 'the same')
|
|
16
|
-
role1.should be_valid
|
|
17
|
-
role1.id.should_not be_nil
|
|
18
|
-
role2.should_not be_valid
|
|
19
|
-
end
|
|
20
|
-
end
|
|
@@ -1,38 +0,0 @@
|
|
|
1
|
-
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
|
2
|
-
|
|
3
|
-
describe CanHasPermission::RoleType do
|
|
4
|
-
it "should be valid with a name" do
|
|
5
|
-
role = CanHasPermission::RoleType.new(:name => 'Bingo')
|
|
6
|
-
role.should be_valid
|
|
7
|
-
end
|
|
8
|
-
it "should not be valid without a name" do
|
|
9
|
-
role = CanHasPermission::RoleType.new()
|
|
10
|
-
role.should_not be_valid
|
|
11
|
-
end
|
|
12
|
-
it "should not be valid when it has a name that already exists" do
|
|
13
|
-
name = 'the same'
|
|
14
|
-
role1 = CanHasPermission::RoleType.create!(:name => 'the same')
|
|
15
|
-
role2 = CanHasPermission::RoleType.new(:name => 'the same')
|
|
16
|
-
role1.should be_valid
|
|
17
|
-
role1.id.should_not be_nil
|
|
18
|
-
role2.should_not be_valid
|
|
19
|
-
end
|
|
20
|
-
describe "creating a role_type with permissions" do
|
|
21
|
-
before(:each) do
|
|
22
|
-
@role = CanHasPermission::RoleType.create!(:name => 'joe')
|
|
23
|
-
@role.permissions.create!(:name => 'perm')
|
|
24
|
-
@role.reload
|
|
25
|
-
end
|
|
26
|
-
it "should have an attached permission" do
|
|
27
|
-
@role.permissions.should_not be_empty
|
|
28
|
-
end
|
|
29
|
-
describe "#can?" do
|
|
30
|
-
it "should return true when given the permission" do
|
|
31
|
-
@role.can?(:perm).should be_true
|
|
32
|
-
end
|
|
33
|
-
it "should return false when given a different permission" do
|
|
34
|
-
@role.can?(:perm2).should be_false
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
end
|
|
38
|
-
end
|