cancan-permits 0.1.4 → 0.2.1

data/README.markdown

@@ -1,6 +1,15 @@
 # CanCan Permits
 
-Role specific Permits for use with [CanCan](http://github.com/ryanb/cancan) permission system. 
+Role specific Permits for use with [CanCan](http://github.com/ryanb/cancan) permission system.
+
+## Update Oct 13
+
+Now updated to support multiple ownership startegies so that alternative ORMs can be supported. Demonstrates how to use it with Mongoid, including specs to prove it!
+Special thanks to Sam (yoda) for this inspiration and help in this regard :)
+
+The generator has also been updated slightly to support this new strategy as of version 0.2.1. 
+In general, the new Permits API now uses an options hash to replace the old optional request parameter. 
+This design allows for better extensibility in the future if needed. 
 
 ## Install
 
@@ -35,11 +44,11 @@ _Note:_ You might consider using the Permits generator in order to generate your
 
 <pre>
   class AdminPermit < Permit::Base
-    def initialize(ability)
+    def initialize(ability, options = {})
       super
     end
 
-    def permit?(user, request=nil)    
+    def permit?(user, options = {})    
       super
       return if !role_match? user
 

data/Rakefile

@@ -11,7 +11,7 @@ begin
     gem.add_development_dependency 'code-spec',       "~> 0.2.5"
     gem.add_development_dependency 'rails-app-spec',  "~> 0.2.14"
 
-    gem.add_dependency 'cancan',          "~> 1.3.2"
+    gem.add_dependency 'cancan',          "~> 1.4.0"
     gem.add_dependency 'require_all',     "~> 1.2.0"
     gem.add_dependency 'sugar-high',      "~> 0.2.10"
   end

data/VERSION

@@ -1 +1 @@
-0.1.4
+0.2.1

data/cancan-permits.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{cancan-permits}
-  s.version = "0.1.4"
+  s.version = "0.2.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Kristian Mandrup"]
-  s.date = %q{2010-10-07}
+  s.date = %q{2010-10-13}
   s.description = %q{Role specific Permits for use with CanCan permission system}
   s.email = %q{kmandrup@gmail.com}
   s.extra_rdoc_files = [
@@ -48,6 +48,10 @@ Gem::Specification.new do |s|
      "spec/cancan-permits/permits/owner_permits_spec.rb",
      "spec/cancan-permits/permits/permits_spec.rb",
      "spec/generators/permit_generator_spec.rb",
+     "spec/mongoid/models/all_models.rb",
+     "spec/mongoid/owner_permits_spec.rb",
+     "spec/mongoid/permits_spec.rb",
+     "spec/mongoid/spec_helper.rb",
      "spec/spec_helper.rb"
   ]
   s.homepage = %q{http://github.com/kristianmandrup/cancan-permits}
@@ -63,6 +67,10 @@ Gem::Specification.new do |s|
      "spec/cancan-permits/permits/owner_permits_spec.rb",
      "spec/cancan-permits/permits/permits_spec.rb",
      "spec/generators/permit_generator_spec.rb",
+     "spec/mongoid/models/all_models.rb",
+     "spec/mongoid/owner_permits_spec.rb",
+     "spec/mongoid/permits_spec.rb",
+     "spec/mongoid/spec_helper.rb",
      "spec/spec_helper.rb"
   ]
 
@@ -74,14 +82,14 @@ Gem::Specification.new do |s|
       s.add_development_dependency(%q<rspec>, ["~> 2.0.0.beta.22"])
       s.add_development_dependency(%q<code-spec>, ["~> 0.2.5"])
       s.add_development_dependency(%q<rails-app-spec>, ["~> 0.2.14"])
-      s.add_runtime_dependency(%q<cancan>, ["~> 1.3.2"])
+      s.add_runtime_dependency(%q<cancan>, ["~> 1.4.0"])
       s.add_runtime_dependency(%q<require_all>, ["~> 1.2.0"])
       s.add_runtime_dependency(%q<sugar-high>, ["~> 0.2.10"])
     else
       s.add_dependency(%q<rspec>, ["~> 2.0.0.beta.22"])
       s.add_dependency(%q<code-spec>, ["~> 0.2.5"])
       s.add_dependency(%q<rails-app-spec>, ["~> 0.2.14"])
-      s.add_dependency(%q<cancan>, ["~> 1.3.2"])
+      s.add_dependency(%q<cancan>, ["~> 1.4.0"])
       s.add_dependency(%q<require_all>, ["~> 1.2.0"])
       s.add_dependency(%q<sugar-high>, ["~> 0.2.10"])
     end
@@ -89,7 +97,7 @@ Gem::Specification.new do |s|
     s.add_dependency(%q<rspec>, ["~> 2.0.0.beta.22"])
     s.add_dependency(%q<code-spec>, ["~> 0.2.5"])
     s.add_dependency(%q<rails-app-spec>, ["~> 0.2.14"])
-    s.add_dependency(%q<cancan>, ["~> 1.3.2"])
+    s.add_dependency(%q<cancan>, ["~> 1.4.0"])
     s.add_dependency(%q<require_all>, ["~> 1.2.0"])
     s.add_dependency(%q<sugar-high>, ["~> 0.2.10"])
   end

data/lib/cancan-permits/permit/base_permit.rb

@@ -1,6 +1,7 @@
 module Permit
   class Base 
     attr_reader :ability
+    attr_reader :strategy # this can be used to customize the strategy used by owns to determine ownership, fx to support alternative ORMs 
 
     def licenses *names
       names.to_strings.each do |name|         
@@ -14,11 +15,12 @@ module Permit
       end
     end
        
-    def initialize(ability)
-      @ability = ability
+    def initialize ability, options = {}
+      @ability  = ability
+      @strategy = options[:strategy] || :default      
     end
 
-    def permit?(user, request=nil) 
+    def permit?(user, options = {}) 
       false
     end
 
@@ -30,13 +32,41 @@ module Permit
       can_definitions << CanCan::CanDefinition.new(false, action, subject, conditions, block)
     end
     
-    def owns(user, clazz, ownership_relation = :user_id, user_id_attribute = :id)
-      begin
+    def owns(user, clazz, ownership_relation = :user_id, user_id_attribute = :id, strategy_used = nil)
+      begin   
+        strategy_used = strategy_used || self.strategy
         user_id = user.send :"#{user_id_attribute}"              
       rescue
         raise ArgumentError, "ERROR (owns) - The user of class #{user.class} does not respond to ##{user_id_attribute}"
+      end        
+      # puts "can #{clazz} manage ownership: #{ownership_relation.inspect} => #{user_id.inspect} ???" 
+      # puts "Using strategy: #{strategy_used}"
+      begin
+        case strategy_used
+        when :mongoid   
+          # puts "Ownership with mongoid for class: #{clazz}"
+          # can :manage, clazz, ownership_relation => user_id
+          can :manage, clazz do |obj|  
+            # puts "obj: #{obj.inspect}"
+            # puts "ownership relation: #{ownership_relation}"          
+            # rel = obj.send ownership_relation
+            # 
+            # puts "related obj: #{rel.inspect}"
+            # puts "user_id: #{user_id_attribute.inspect}"
+            # puts "user.user_id: #{user.send(user_id_attribute).inspect}"
+            # puts user.send(user_id_attribute).to_s
+            #           
+            obj.send(ownership_relation) == user.send(user_id_attribute).to_s
+          end
+        when :default      
+          # puts "Basic CanCan ownership"
+          can :manage, clazz, ownership_relation => user_id
+        else
+          raise "Trying to use unknown ownership strategy: #{strategy}"
+        end
+      rescue Exception => e
+        puts e.inspect
       end
-        can :manage, clazz, ownership_relation => user_id
     end 
 
     protected

data/lib/cancan-permits/permits/ability.rb

@@ -4,34 +4,42 @@ module Permits
 
     # set up each Permit instance to share this same Ability 
     # so that the can and cannot operations work on the same permission collection!
-    def self.permits ability
+    def self.permits ability, options = {}
       special_permits = []
-      special_permits << [:system, :any].map{|role| make_permit(role, ability)}
+      special_permits << [:system, :any].map{|role| make_permit(role, ability, options)}
+      # puts "Available roles: #{Permits::Roles.available}"
       role_permits = Permits::Roles.available.inject([]) do |permits, role|
-        permit = make_permit(role, ability)
+        permit = make_permit(role, ability, options)
+        # puts "made permit: #{permit}"
         permits << permit if permit
       end
+      # puts "role_permits: #{role_permits.inspect}"      
       (special_permits + role_permits).flatten.compact
     end
 
-    def initialize(user, request=nil)
+    def initialize user, options = {}
       # put ability logic here!
       user ||= Guest.new   
-                  
-      Permits::Ability.permits(self).each do |permit|
+
+      all_permits = Permits::Ability.permits(self, options)
+      # puts "Trying permits: #{all_permits.inspect}"
+      all_permits.each do |permit|
         # get role name of permit 
         permit_role = permit.class.demodulize.gsub(/Permit$/, '').underscore.to_sym
-        
+
+        # puts "Permit role: #{permit_role.inspect}"
         if permit_role == :system
           # always execute system permit
-          result = role_permit.permit?(user, request)
+          result = permit.permit?(user, options)
           break if result == :break
         else
           # only execute the permit if the user has the role of the permit or is for any role
+          # puts "does user have_role? #{user.has_role?(permit_role)}, #{user.inspect}"
           if user.has_role?(permit_role) || permit_role == :any
             # puts "user: #{user} of #{permit_role} has permit?"
-            permit.permit?(user, request) 
-          # else
+            # puts "permit: #{permit.inspect}"
+            permit.permit?(user, options) 
+            # else
             # puts "Permit #{permit} not used for role #{permit_role}"
           end
         end
@@ -40,11 +48,12 @@ module Permits
     
     protected
     
-    def self.make_permit role, ability
+    def self.make_permit role, ability, options = {}
       begin            
         clazz_name = "#{role.to_s.camelize}Permit"
+        # puts "Attempting to load #{clazz_name} permition class"
         permit_clazz = clazz_name.constantize
-        permit_clazz.new(ability) if permit_clazz && permit_clazz.kind_of?(Class)
+        permit_clazz.new(ability, options) if permit_clazz && permit_clazz.kind_of?(Class)
       rescue
         # puts "permit class not found: #{clazz_name}"
         nil

data/lib/cancan-permits/permits/roles.rb

@@ -1,9 +1,10 @@
 module Permits::Roles
   def self.available
     if Module.const_defined? :User
-      User.roles if User.respond_to? :roles
+      [:guest, :admin]
+      #User.defined_roles if User.respond_to? :defined_roles
     else
       [:guest, :admin]
     end
   end
-end
+end

data/lib/generators/permits/templates/permit.rb

@@ -1,9 +1,9 @@
 class <%= permit_name.to_s.camelize %>Permit < Permit::Base
-  def initialize(ability)
+  def initialize(ability, options = {})
     super
   end
 
-  def permit?(user, request=nil) 
+  def permit?(user, options = {}) 
     super
     <%= permit_logic %>    
     licenses :user_admin, :blogging

data/spec/cancan-permits/fixtures/permits/admin_permit.rb

@@ -1,9 +1,9 @@
 class AdminPermit < Permit::Base
-  def initialize(ability)
+  def initialize(ability, options = {})
     super
   end
 
-  def permit?(user, request=nil)    
+  def permit?(user, options = {})    
     super
     return if !role_match? user
     

data/spec/cancan-permits/fixtures/permits/editor_permit.rb

@@ -1,9 +1,9 @@
 class EditorPermit < Permit::Base
-  def initialize(ability)
+  def initialize(ability, options = {})
     super
   end
 
-  def permit?(user, request=nil) 
+  def permit?(user, options = {}) 
     super
     return if !role_match? user
    

data/spec/cancan-permits/fixtures/permits/guest_permit.rb

@@ -1,18 +1,18 @@
 class GuestPermit < Permit::Base
-  def initialize(ability)
+  def initialize(ability, options = {})
     super
   end
 
-  def permit?(user, request=nil) 
+  def permit?(user, options = {}) 
     super    
     return if !role_match? user
     
     can :read, [Comment, Post]
-    can [:update, :destroy], [Comment]
     can :create, Article
  
-    licenses :user_admin, :blogging
-    # owns(user, Comment)
+    # licenses :user_admin, :blogging
+    
+    owns(user, Comment)
     
     # a user can manage comments he/she created
     # can :manage, Comment do |comment|

data/spec/mongoid/models/all_models.rb

@@ -0,0 +1,17 @@
+class Comment
+  include Mongoid::Document
+  
+  field :user_id, :type => String
+end
+
+class Post
+  include Mongoid::Document
+  
+  field :writer, :type => String
+end
+
+class Article
+  include Mongoid::Document
+  
+  field :author, :type => String  
+end

data/spec/mongoid/owner_permits_spec.rb

@@ -0,0 +1,73 @@
+require 'mongoid/spec_helper'
+
+describe Permits::Ability do
+  context "Editor user" do
+    context "using default :user_id relation - foreign key to User.id" do   
+      before :each do                  
+        @editor         = User.create(:name => "Kristian", :role => "editor")
+        @other_guy      = User.create(:name => "Random dude", :role => "admin")
+
+        @ability        = Permits::Ability.new(@editor, :strategy => :mongoid)
+
+        @own_comment    = Comment.create(:user_id => @editor.id)
+        @other_comment  = Comment.create(:user_id => @other_guy.id)      
+        # @post     = Post.create(:writer => @editor.id)
+        # @article  = Article.create(:author => @editor.id)
+      end      
+      
+      it "should be able to :read Comment he owns" do
+        @ability.should be_able_to(:read, Comment)
+        @ability.should be_able_to(:read, @own_comment)      
+      end
+
+      it "should be able to :update Comment he owns" do
+        @ability.should be_able_to(:update, @own_comment)      
+      end
+
+      it "should NOT be able to :update Comment he does NOT own" do
+        @ability.should_not be_able_to(:update, @other_comment)      
+      end
+      
+      it "should be able to :delete Comment he owns" do
+        @ability.should be_able_to(:delete, @own_comment)      
+      end
+      
+      it "should NOT be able to :update Comment he does NOT own" do
+        @ability.should_not be_able_to(:delete, @other_comment)      
+      end
+    end 
+    
+    context "using custom :writer relation - foreign key to User.id" do   
+      before :each do                  
+        @editor         = User.create(:name => "Kristian", :role => "editor")
+        @other_guy      = User.create(:name => "Random dude", :role => "admin")
+
+        @ability        = Permits::Ability.new(@editor, :strategy => :mongoid)
+
+        @own_post       = Post.create(:writer => @editor.id)
+        @other_post     = Post.create(:writer => @other_guy.id)      
+      end      
+      
+      it "should be able to :read Post he owns" do
+        @ability.should be_able_to(:read, Post)
+        @ability.should be_able_to(:read, @own_post)      
+      end
+
+      it "should be able to :update Post he owns" do
+        @ability.should be_able_to(:update, @own_post)      
+      end
+
+      it "should NOT be able to :update Post he does NOT own" do
+        @ability.should_not be_able_to(:update, @other_post)      
+      end
+      
+      it "should be able to :delete Post he owns" do
+        @ability.should be_able_to(:delete, @own_post)      
+      end
+      
+      it "should NOT be able to :update Post he does NOT own" do
+        @ability.should_not be_able_to(:delete, @other_post)      
+      end
+    end    
+  end        
+end

data/spec/mongoid/permits_spec.rb

@@ -0,0 +1,83 @@
+require 'mongoid/spec_helper'
+
+# class Comment
+#   attr_accessor :owner
+# end
+# 
+# class Post
+#   attr_accessor :writer  
+# end
+# 
+# class Article
+#   attr_accessor :author
+# end
+
+describe Permits::Ability do
+  context "Guest user" do
+    before :each do
+      @guest   = User.create(:name => "Kristian", :role => "guest")
+
+      @ability  = Permits::Ability.new(@guest)
+
+      @comment  = Comment.create(:user_id => @guest.id)
+
+      @post     = Post.create(:writer => @guest.id)
+
+      @article  = Article.create(:author => @guest.id)
+    end
+
+    # can :read, [Comment, Post]
+    # can [:update, :destroy], [Comment]
+    # can :create, Article
+
+    it "should be able to :read Comment and Post but NOT Article" do
+      @ability.can?(:read, Comment).should be_true
+      @ability.can?(:read, @comment).should be_true
+      
+      @ability.can?(:read, Post).should be_true      
+      @ability.can?(:read, @post).should be_true      
+      
+      @ability.can?(:read, Article).should be_false
+      @ability.can?(:read, @article).should be_false      
+    end
+
+    it "should be not able to :update only Comment" do
+      @ability.can?(:update, Comment).should be_true
+      @ability.can?(:update, @comment).should be_true      
+      
+      @ability.can?(:update, Post).should be_false
+      @ability.can?(:update, @post).should be_false
+    end
+
+  end
+  
+  context "Admin user" do
+    before do
+      @admin = User.create(:role => 'admin')
+      @ability = Permits::Ability.new(@admin)
+    end
+  # 
+  #   # can :manage, :all    
+  # 
+    it "should be able to :read anything" do
+      @ability.can?(:read, Comment).should be_true
+      @ability.can?(:read, Post).should be_true      
+    end
+  
+    it "should be not able to :update everything" do
+      @ability.can?(:update, Comment).should be_true
+      @ability.can?(:update, Post).should be_true
+    end
+  
+    it "should be not able to :create everything" do
+      @ability.can?(:create, Comment).should be_true
+      @ability.can?(:create, Post).should be_true      
+    end
+  
+    it "should be not able to :update everything" do
+      @ability.can?(:destroy, Comment).should be_true
+      @ability.can?(:destroy, Post).should be_true
+    end
+  end
+      
+end

data/spec/mongoid/spec_helper.rb

@@ -0,0 +1,61 @@
+require 'rspec/core' 
+require 'mongoid'
+require 'cancan/matchers'
+require 'cancan-permits'
+require 'cancan-permits/rspec'
+
+require_all File.dirname(__FILE__) + '/../cancan-permits/fixtures/permits'
+require_all File.dirname(__FILE__) + '/models/all_models'
+
+RSpec.configure do |config|
+  config.mock_with :mocha
+end
+
+module Permits::Roles
+  def self.available
+    User.roles
+  end
+end
+
+class User
+  include Mongoid::Document
+  
+  field :role, :type => String
+  field :name, :type => String  
+
+  def self.roles
+    [:guest, :admin, :editor]
+  end    
+  
+  def has_role? role
+    self.role.to_sym == role.to_sym
+  end     
+end
+
+                 
+Mongoid.configure.master = Mongo::Connection.new.db('cancan_permits')
+
+module Database
+  def self.teardown     
+    Mongoid.database.collections.each do |coll|
+      coll.remove
+    end
+  end
+end
+
+Mongoid.database.collections.each do |coll|
+  coll.remove
+end
+
+RSpec.configure do |config|
+  config.mock_with :mocha
+  config.before do
+    Mongoid.database.collections.each do |coll|
+      coll.remove
+    end
+  end
+end
+
+
+
+

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 0
+  - 2
   - 1
-  - 4
-  version: 0.1.4
+  version: 0.2.1
 platform: ruby
 authors: 
 - Kristian Mandrup
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-07 00:00:00 +02:00
+date: 2010-10-13 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -74,9 +74,9 @@ dependencies:
       - !ruby/object:Gem::Version 
         segments: 
         - 1
-        - 3
-        - 2
-        version: 1.3.2
+        - 4
+        - 0
+        version: 1.4.0
   type: :runtime
   version_requirements: *id004
 - !ruby/object:Gem::Dependency 
@@ -150,6 +150,10 @@ files:
 - spec/cancan-permits/permits/owner_permits_spec.rb
 - spec/cancan-permits/permits/permits_spec.rb
 - spec/generators/permit_generator_spec.rb
+- spec/mongoid/models/all_models.rb
+- spec/mongoid/owner_permits_spec.rb
+- spec/mongoid/permits_spec.rb
+- spec/mongoid/spec_helper.rb
 - spec/spec_helper.rb
 has_rdoc: true
 homepage: http://github.com/kristianmandrup/cancan-permits
@@ -191,4 +195,8 @@ test_files:
 - spec/cancan-permits/permits/owner_permits_spec.rb
 - spec/cancan-permits/permits/permits_spec.rb
 - spec/generators/permit_generator_spec.rb
+- spec/mongoid/models/all_models.rb
+- spec/mongoid/owner_permits_spec.rb
+- spec/mongoid/permits_spec.rb
+- spec/mongoid/spec_helper.rb
 - spec/spec_helper.rb