cancan-permits 0.2.5 → 0.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +2 -0
- data/Changelog.txt +12 -0
- data/README.markdown +2 -11
- data/Rakefile +2 -2
- data/VERSION +1 -1
- data/cancan-permits.gemspec +38 -9
- data/lib/cancan-permits/{permit → license}/base_license.rb +0 -0
- data/lib/cancan-permits/main.rb +2 -1
- data/lib/cancan-permits/permit/base_permit.rb +6 -2
- data/lib/cancan-permits/permit/util.rb +7 -0
- data/lib/cancan-permits/permits/ability.rb +6 -2
- data/spec/active_record/owner_permits_spec.rb +1 -73
- data/spec/active_record/permits_spec.rb +1 -37
- data/spec/active_record/spec_helper.rb +2 -0
- data/spec/data_mapper/owner_permits_spec.rb +1 -74
- data/spec/data_mapper/permits_spec.rb +1 -36
- data/spec/data_mapper/spec_helper.rb +2 -0
- data/spec/fixtures/permits/any_permit.rb +9 -0
- data/spec/fixtures/permits/super_admin_permit.rb +12 -0
- data/spec/fixtures/permits/system_permit.rb +9 -0
- data/spec/generic/api/basic/config.rb +15 -0
- data/spec/generic/api/basic/xgroup.rb +55 -0
- data/spec/generic/api/basic/xgroup_orm.rb +20 -0
- data/spec/generic/api/owner/config.rb +25 -0
- data/spec/generic/api/owner/xgroup.rb +59 -0
- data/spec/generic/api/owner/xgroup_orm.rb +23 -0
- data/spec/generic/owner_permits_spec.rb +1 -27
- data/spec/generic/permits_spec.rb +1 -65
- data/spec/generic/spec_helper.rb +15 -1
- data/spec/mongo_mapper/owner_permits_spec.rb +1 -74
- data/spec/mongo_mapper/permits_spec.rb +1 -35
- data/spec/mongo_mapper/spec_helper.rb +5 -4
- data/spec/mongoid/owner_permits_spec.rb +1 -73
- data/spec/mongoid/permits_spec.rb +1 -65
- data/spec/mongoid/spec_helper.rb +4 -3
- data/spec/simply_stored/CouchDB.txt +104 -0
- data/spec/simply_stored/models/all_models.rb +17 -0
- data/spec/simply_stored/owner_permits_spec.rb +2 -0
- data/spec/simply_stored/permits_spec.rb +2 -0
- data/spec/simply_stored/spec_helper.rb +53 -0
- metadata +39 -10
|
@@ -1,37 +1,2 @@
|
|
|
1
1
|
require 'data_mapper/spec_helper'
|
|
2
|
-
|
|
3
|
-
Permits::Ability.orm = :data_mapper
|
|
4
|
-
|
|
5
|
-
describe Permits::Ability do
|
|
6
|
-
context "Guest user" do
|
|
7
|
-
before :each do
|
|
8
|
-
@guest = User.create(:name => "Kristian", :role => "guest")
|
|
9
|
-
@ability = Permits::Ability.new(@guest)
|
|
10
|
-
|
|
11
|
-
@comment = Comment.create(:user_id => @guest.id)
|
|
12
|
-
|
|
13
|
-
@post = Post.create(:writer => @guest.id)
|
|
14
|
-
|
|
15
|
-
@article = Article.create(:author => @guest.id)
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
it "should be able to :read Comment and Post but NOT Article" do
|
|
19
|
-
@ability.can?(:read, Comment).should be_true
|
|
20
|
-
@ability.can?(:read, @comment).should be_true
|
|
21
|
-
|
|
22
|
-
@ability.can?(:read, Post).should be_true
|
|
23
|
-
@ability.can?(:read, @post).should be_true
|
|
24
|
-
|
|
25
|
-
@ability.can?(:read, Article).should be_false
|
|
26
|
-
@ability.can?(:read, @article).should be_false
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
it "should be not able to :update only Comment" do
|
|
30
|
-
@ability.can?(:update, Comment).should be_true
|
|
31
|
-
@ability.can?(:update, @comment).should be_true
|
|
32
|
-
|
|
33
|
-
@ability.can?(:update, Post).should be_false
|
|
34
|
-
@ability.can?(:update, @post).should be_false
|
|
35
|
-
end
|
|
36
|
-
end
|
|
37
|
-
end
|
|
2
|
+
require 'generic/api/basic/xgroup_orm'
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
def basic_config context
|
|
2
|
+
send :"#{context}_config"
|
|
3
|
+
end
|
|
4
|
+
|
|
5
|
+
def guest_config
|
|
6
|
+
@guest = User.new(1, :guest)
|
|
7
|
+
@ability = Permits::Ability.new @guest
|
|
8
|
+
@comment = Comment.new(1)
|
|
9
|
+
@post = Post.new(1)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def admin_config
|
|
13
|
+
@admin = User.new(1, :admin, 'kristian')
|
|
14
|
+
@ability = Permits::Ability.new(@admin)
|
|
15
|
+
end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
require 'generic/api/basic/config'
|
|
2
|
+
|
|
3
|
+
describe Permits::Ability do
|
|
4
|
+
context "Guest user" do
|
|
5
|
+
before :each do
|
|
6
|
+
basic_config :guest
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
it "should be able to :read Comment and Post but NOT Article" do
|
|
10
|
+
@ability.can?(:read, Comment).should be_true
|
|
11
|
+
@ability.can?(:read, @comment).should be_true
|
|
12
|
+
|
|
13
|
+
@ability.can?(:read, Post).should be_true
|
|
14
|
+
@ability.can?(:read, @post).should be_true
|
|
15
|
+
|
|
16
|
+
@ability.can?(:read, Article).should be_false
|
|
17
|
+
@ability.can?(:read, @article).should be_false
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
it "should be not able to :update only Comment" do
|
|
21
|
+
@ability.can?(:update, Comment).should be_true
|
|
22
|
+
@ability.can?(:update, @comment).should be_true
|
|
23
|
+
|
|
24
|
+
@ability.can?(:update, Post).should be_false
|
|
25
|
+
@ability.can?(:update, @post).should be_false
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
context "Admin user" do
|
|
30
|
+
before do
|
|
31
|
+
basic_config :admin
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
it "should be able to :read anything" do
|
|
35
|
+
@ability.can?(:read, Comment).should be_true
|
|
36
|
+
@ability.can?(:read, Post).should be_true
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
it "should be not able to :update everything" do
|
|
40
|
+
@ability.can?(:update, Comment).should be_true
|
|
41
|
+
@ability.can?(:update, Post).should be_true
|
|
42
|
+
end
|
|
43
|
+
|
|
44
|
+
it "should be not able to :create everything" do
|
|
45
|
+
@ability.can?(:create, Comment).should be_true
|
|
46
|
+
@ability.can?(:create, Post).should be_true
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
it "should be not able to :update everything" do
|
|
50
|
+
@ability.can?(:destroy, Comment).should be_true
|
|
51
|
+
@ability.can?(:destroy, Post).should be_true
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
end
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
require 'generic/api/basic/xgroup'
|
|
2
|
+
|
|
3
|
+
# override some key methods to ensure it works with ORM object instantiation
|
|
4
|
+
def basic_config context
|
|
5
|
+
send :"#{context}_config"
|
|
6
|
+
end
|
|
7
|
+
|
|
8
|
+
def guest_config
|
|
9
|
+
@guest = User.create(:name => "Kristian", :role => "guest")
|
|
10
|
+
@ability = Permits::Ability.new(@guest)
|
|
11
|
+
@comment = Comment.create(:user_id => @guest.id)
|
|
12
|
+
@post = Post.create(:writer => @guest.id)
|
|
13
|
+
@article = Article.create(:author => @guest.id)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def admin_config
|
|
17
|
+
@admin = User.create(:role => 'admin')
|
|
18
|
+
@ability = Permits::Ability.new(@admin)
|
|
19
|
+
end
|
|
20
|
+
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
def owner_config context
|
|
2
|
+
send :"#{context}_config"
|
|
3
|
+
end
|
|
4
|
+
|
|
5
|
+
def editor_config
|
|
6
|
+
puts "editor config"
|
|
7
|
+
|
|
8
|
+
@editor = User.new(1, :editor, 'kristian')
|
|
9
|
+
@ability = Permits::Ability.new @editor
|
|
10
|
+
@own_comment = Comment.new(1)
|
|
11
|
+
@other_comment = Comment.new(2)
|
|
12
|
+
@post = Post.new(1)
|
|
13
|
+
@article = Article.new('kristian')
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def two_users_config
|
|
17
|
+
@editor = User.new(1, :editor, "kristian")
|
|
18
|
+
@other_guy = User.new(1, :admin, "other")
|
|
19
|
+
|
|
20
|
+
@ability = Permits::Ability.new @editor
|
|
21
|
+
|
|
22
|
+
@own_post = Post.new(1)
|
|
23
|
+
@other_post = Post.new(2)
|
|
24
|
+
end
|
|
25
|
+
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
require 'generic/api/owner/config'
|
|
2
|
+
|
|
3
|
+
describe Permits::Ability do
|
|
4
|
+
context "Editor user" do
|
|
5
|
+
context "using default :user_id relation - foreign key to User.id" do
|
|
6
|
+
before :each do
|
|
7
|
+
owner_config :editor
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
it "should be able to :read Comment he owns" do
|
|
11
|
+
@ability.should be_able_to(:read, Comment)
|
|
12
|
+
@ability.should be_able_to(:read, @own_comment)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
it "should be able to :update Comment he owns" do
|
|
16
|
+
@ability.should be_able_to(:update, @own_comment)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
it "should NOT be able to :update Comment he does NOT own" do
|
|
20
|
+
@ability.should_not be_able_to(:update, @other_comment)
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
it "should be able to :delete Comment he owns" do
|
|
24
|
+
@ability.should be_able_to(:delete, @own_comment)
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
it "should NOT be able to :update Comment he does NOT own" do
|
|
28
|
+
@ability.should_not be_able_to(:delete, @other_comment)
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
context "using custom :writer relation - foreign key to User.id" do
|
|
33
|
+
before :each do
|
|
34
|
+
owner_config :two_users
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
it "should be able to :read Post he owns" do
|
|
38
|
+
@ability.should be_able_to(:read, Post)
|
|
39
|
+
@ability.should be_able_to(:read, @own_post)
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
it "should be able to :update Post he owns" do
|
|
43
|
+
@ability.should be_able_to(:update, @own_post)
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
it "should NOT be able to :update Post he does NOT own" do
|
|
47
|
+
@ability.should_not be_able_to(:update, @other_post)
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
it "should be able to :delete Post he owns" do
|
|
51
|
+
@ability.should be_able_to(:delete, @own_post)
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
it "should NOT be able to :update Post he does NOT own" do
|
|
55
|
+
@ability.should_not be_able_to(:delete, @other_post)
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
end
|
|
59
|
+
end
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
require 'generic/api/owner/xgroup'
|
|
2
|
+
|
|
3
|
+
def two_users_config
|
|
4
|
+
@editor = User.create(:name => "Kristian", :role => "editor")
|
|
5
|
+
@other_guy = User.create(:name => "Random dude", :role => "admin")
|
|
6
|
+
|
|
7
|
+
@ability = Permits::Ability.new(@editor)
|
|
8
|
+
|
|
9
|
+
@own_post = Post.create(:writer => @editor.id)
|
|
10
|
+
@other_post = Post.create(:writer => @other_guy.id)
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def editor_config
|
|
14
|
+
@editor = User.create(:name => "Kristian", :role => "editor")
|
|
15
|
+
@other_guy = User.create(:name => "Random dude", :role => "admin")
|
|
16
|
+
|
|
17
|
+
@ability = Permits::Ability.new(@editor)
|
|
18
|
+
|
|
19
|
+
@own_comment = Comment.create(:user_id => @editor.id)
|
|
20
|
+
@other_comment = Comment.create(:user_id => @other_guy.id)
|
|
21
|
+
# @post = Post.create(:writer => @editor.id)
|
|
22
|
+
# @article = Article.create(:author => @editor.id)
|
|
23
|
+
end
|
|
@@ -1,28 +1,2 @@
|
|
|
1
1
|
require 'generic/spec_helper'
|
|
2
|
-
|
|
3
|
-
describe Permits::Ability do
|
|
4
|
-
context "Editor user" do
|
|
5
|
-
before :each do
|
|
6
|
-
@editor = User.new(1, :editor, 'kristian')
|
|
7
|
-
@ability = Permits::Ability.new @editor
|
|
8
|
-
@comment = Comment.new(1)
|
|
9
|
-
@post = Post.new(1)
|
|
10
|
-
@article = Article.new('kristian')
|
|
11
|
-
end
|
|
12
|
-
|
|
13
|
-
it "should be able to :read Comment he owns, using default :user_id relation - foreign key to User.id" do
|
|
14
|
-
@ability.should be_able_to(:read, Comment)
|
|
15
|
-
@ability.should be_able_to(:read, @comment)
|
|
16
|
-
end
|
|
17
|
-
|
|
18
|
-
it "should be able to :read Post he owns, using :owner relation - foreign key to User.id" do
|
|
19
|
-
@ability.should be_able_to(:read, Post)
|
|
20
|
-
@ability.should be_able_to(:read, @post)
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
it "should be able to :read Article he owns, using :author relation - foreign key to User.name" do
|
|
24
|
-
@ability.should be_able_to(:read, Article)
|
|
25
|
-
@ability.should be_able_to(:read, @article)
|
|
26
|
-
end
|
|
27
|
-
end
|
|
28
|
-
end
|
|
2
|
+
require 'generic/api/owner/xgroup'
|
|
@@ -1,66 +1,2 @@
|
|
|
1
1
|
require 'generic/spec_helper'
|
|
2
|
-
|
|
3
|
-
describe Permits::Ability do
|
|
4
|
-
context "Guest user" do
|
|
5
|
-
before :each do
|
|
6
|
-
@guest = User.new(1, :guest)
|
|
7
|
-
@ability = Permits::Ability.new @guest
|
|
8
|
-
@comment = Comment.new(1)
|
|
9
|
-
@post = Post.new(1)
|
|
10
|
-
end
|
|
11
|
-
|
|
12
|
-
# can :read, [Comment, Post]
|
|
13
|
-
# can [:update, :destroy], [Comment]
|
|
14
|
-
# can :create, Article
|
|
15
|
-
|
|
16
|
-
it "should be able to :read Comment and Post but NOT Article" do
|
|
17
|
-
@ability.can?(:read, Comment).should be_true
|
|
18
|
-
@ability.can?(:read, @comment).should be_true
|
|
19
|
-
|
|
20
|
-
@ability.can?(:read, Post).should be_true
|
|
21
|
-
@ability.can?(:read, @post).should be_true
|
|
22
|
-
|
|
23
|
-
@ability.can?(:read, Article).should be_false
|
|
24
|
-
@ability.can?(:read, @article).should be_false
|
|
25
|
-
end
|
|
26
|
-
|
|
27
|
-
it "should be not able to :update only Comment" do
|
|
28
|
-
@ability.can?(:update, Comment).should be_true
|
|
29
|
-
@ability.can?(:update, @comment).should be_true
|
|
30
|
-
|
|
31
|
-
@ability.can?(:update, Post).should be_false
|
|
32
|
-
@ability.can?(:update, @post).should be_false
|
|
33
|
-
end
|
|
34
|
-
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
context "Admin user" do
|
|
38
|
-
before do
|
|
39
|
-
admin = User.new(2, :admin)
|
|
40
|
-
@ability = Permits::Ability.new admin
|
|
41
|
-
end
|
|
42
|
-
#
|
|
43
|
-
# # can :manage, :all
|
|
44
|
-
#
|
|
45
|
-
it "should be able to :read anything" do
|
|
46
|
-
@ability.can?(:read, Comment).should be_true
|
|
47
|
-
@ability.can?(:read, Post).should be_true
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
it "should be not able to :update everything" do
|
|
51
|
-
@ability.can?(:update, Comment).should be_true
|
|
52
|
-
@ability.can?(:update, Post).should be_true
|
|
53
|
-
end
|
|
54
|
-
|
|
55
|
-
it "should be not able to :create everything" do
|
|
56
|
-
@ability.can?(:create, Comment).should be_true
|
|
57
|
-
@ability.can?(:create, Post).should be_true
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
it "should be not able to :update everything" do
|
|
61
|
-
@ability.can?(:destroy, Comment).should be_true
|
|
62
|
-
@ability.can?(:destroy, Post).should be_true
|
|
63
|
-
end
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
end
|
|
2
|
+
require 'generic/api/basic/xgroup'
|
data/spec/generic/spec_helper.rb
CHANGED
|
@@ -12,11 +12,25 @@ module Permits::Roles
|
|
|
12
12
|
end
|
|
13
13
|
end
|
|
14
14
|
|
|
15
|
+
class Guest
|
|
16
|
+
class << self
|
|
17
|
+
attr_accessor :id_counter
|
|
18
|
+
|
|
19
|
+
def next_id
|
|
20
|
+
@id_counter += 1
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def create
|
|
24
|
+
User.new next_id, :guest, 'Guest'
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
|
|
15
29
|
class User
|
|
16
30
|
attr_accessor :id, :role, :name
|
|
17
31
|
|
|
18
32
|
def self.roles
|
|
19
|
-
[:guest, :admin, :editor]
|
|
33
|
+
[:guest, :admin, :editor, :super_admin]
|
|
20
34
|
end
|
|
21
35
|
|
|
22
36
|
def initialize id, role, name = nil
|
|
@@ -1,75 +1,2 @@
|
|
|
1
1
|
require 'mongo_mapper/spec_helper'
|
|
2
|
-
|
|
3
|
-
Permits::Ability.orm = :mongo_mapper
|
|
4
|
-
|
|
5
|
-
describe Permits::Ability do
|
|
6
|
-
context "Editor user" do
|
|
7
|
-
context "using default :user_id relation - foreign key to User.id" do
|
|
8
|
-
before :each do
|
|
9
|
-
@editor = User.create(:name => "Kristian", :role => "editor")
|
|
10
|
-
@other_guy = User.create(:name => "Random dude", :role => "admin")
|
|
11
|
-
|
|
12
|
-
@ability = Permits::Ability.new(@editor)
|
|
13
|
-
|
|
14
|
-
@own_comment = Comment.create(:user_id => @editor.id)
|
|
15
|
-
@other_comment = Comment.create(:user_id => @other_guy.id)
|
|
16
|
-
# @post = Post.create(:writer => @editor.id)
|
|
17
|
-
# @article = Article.create(:author => @editor.id)
|
|
18
|
-
end
|
|
19
|
-
|
|
20
|
-
it "should be able to :read Comment he owns" do
|
|
21
|
-
@ability.should be_able_to(:read, Comment)
|
|
22
|
-
@ability.should be_able_to(:read, @own_comment)
|
|
23
|
-
end
|
|
24
|
-
|
|
25
|
-
it "should be able to :update Comment he owns" do
|
|
26
|
-
@ability.should be_able_to(:update, @own_comment)
|
|
27
|
-
end
|
|
28
|
-
|
|
29
|
-
it "should NOT be able to :update Comment he does NOT own" do
|
|
30
|
-
@ability.should_not be_able_to(:update, @other_comment)
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
it "should be able to :delete Comment he owns" do
|
|
34
|
-
@ability.should be_able_to(:delete, @own_comment)
|
|
35
|
-
end
|
|
36
|
-
|
|
37
|
-
it "should NOT be able to :update Comment he does NOT own" do
|
|
38
|
-
@ability.should_not be_able_to(:delete, @other_comment)
|
|
39
|
-
end
|
|
40
|
-
end
|
|
41
|
-
|
|
42
|
-
context "using custom :writer relation - foreign key to User.id" do
|
|
43
|
-
before :each do
|
|
44
|
-
@editor = User.create(:name => "Kristian", :role => "editor")
|
|
45
|
-
@other_guy = User.create(:name => "Random dude", :role => "admin")
|
|
46
|
-
|
|
47
|
-
@ability = Permits::Ability.new(@editor)
|
|
48
|
-
|
|
49
|
-
@own_post = Post.create(:writer => @editor.id)
|
|
50
|
-
@other_post = Post.create(:writer => @other_guy.id)
|
|
51
|
-
end
|
|
52
|
-
|
|
53
|
-
it "should be able to :read Post he owns" do
|
|
54
|
-
@ability.should be_able_to(:read, Post)
|
|
55
|
-
@ability.should be_able_to(:read, @own_post)
|
|
56
|
-
end
|
|
57
|
-
|
|
58
|
-
it "should be able to :update Post he owns" do
|
|
59
|
-
@ability.should be_able_to(:update, @own_post)
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
it "should NOT be able to :update Post he does NOT own" do
|
|
63
|
-
@ability.should_not be_able_to(:update, @other_post)
|
|
64
|
-
end
|
|
65
|
-
|
|
66
|
-
it "should be able to :delete Post he owns" do
|
|
67
|
-
@ability.should be_able_to(:delete, @own_post)
|
|
68
|
-
end
|
|
69
|
-
|
|
70
|
-
it "should NOT be able to :update Post he does NOT own" do
|
|
71
|
-
@ability.should_not be_able_to(:delete, @other_post)
|
|
72
|
-
end
|
|
73
|
-
end
|
|
74
|
-
end
|
|
75
|
-
end
|
|
2
|
+
require 'generic/api/owner/xgroup_orm'
|