cancan-permits 0.3.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. data/README.markdown +45 -5
  2. data/VERSION +1 -1
  3. data/cancan-permits.gemspec +3 -2
  4. data/lib/cancan-permits/permits/ability.rb +7 -1
  5. data/lib/cancan-permits/rspec/matchers/have_license_class.rb +1 -1
  6. data/lib/cancan-permits/rspec/matchers/have_license_file.rb +5 -3
  7. data/lib/generators/permits/permits_generator.rb +56 -11
  8. data/lib/generators/permits/templates/{licenses.rb → blogging_license.rb} +0 -10
  9. data/lib/generators/permits/templates/permit.rb +2 -3
  10. data/lib/generators/permits/templates/user_admin_license.rb +10 -0
  11. data/spec/generators/permit_generator_spec.rb +8 -4
  12. metadata +4 -3
data/README.markdown CHANGED
@@ -149,15 +149,51 @@ Alternatively set it for the Ability instance for more fine grained control
149
149
 
150
150
  The ORMs currently supported (and tested) are :active_record, :data_mapper, :mongoid, :mongo_mapper
151
151
 
152
+ ## Advanced Permit options
153
+
154
+ Note that the options hash (second argument of the initializer) can also be used to pass custom data for the permission system to use to determine whether an action
155
+ should be permitted. An example use of this is to pass in the HTTP request object. This approach is used in the default SystemPermit generated.
156
+
157
+ The ability would most likely be configured with the current request in a view helper or directly from within the controller.
158
+
159
+ <code>
160
+ editor_ability = Permits::Ability.new(@editor, :request => request)
161
+ </code>
162
+
163
+ A Permit can then use this information
164
+
165
+ <code>
166
+ def permit?(user, options = {})
167
+ request = options[:request]
168
+ if request && request.host.localhost? && localhost_manager?
169
+ can(:manage, :all)
170
+ return :break
171
+ end
172
+ end
173
+ </code>
174
+
175
+ Now, if a request object is present and the host is 'localhost' and Permits has been configured to allow localhost to manage objects, then:
176
+ The user is allowed to manage all objects and no other Permits are evaluated (to avoid them overriding this full right permission).
177
+
178
+ In the code above, the built in <code>#localhost_manager?</code> method is used.
179
+
180
+ To configure permits to allow localhost to manage objects:
181
+ <code>
182
+ Permits::Configuration.localhost_manager = true
183
+ </code>
184
+
185
+ Please provide suggestions and feedback on how to improve this :)
186
+
152
187
  ## Permits Generator
153
188
 
154
189
  Options
155
- * --orm : The ORM to use (active_record, data_mapper, mongoid, mongo_mapper)
156
- * --roles : The roles for which to generate permits ; default Guest (read all) and Admin (manage all)
190
+ * --orm : The ORM to use (active_record, data_mapper, mongoid, mongo_mapper) - creates a Rails initializer
191
+ * --initializer : A Rails 3 initializer file for Permits is generated by default. Use --no-initializer option to disable this
192
+ * --roles : The roles for which to generate permits ; default Guest (read all) and Admin (manage all)
193
+ * --licenses : The licenses to generate; default UserAdmin and Blogging licenses are generated
157
194
 
158
- Note, by default the Permits generator will attempt to discover which roles are currently defined as available to the system
159
- and generate permits for those roles (using some conventions - TODO). Any roles specified in the --roles option are merged
160
- with the roles found to be available in the app.
195
+ * --default-licenses : By default exemplar licenses are generated. Use --no-default-licenses option to disable this
196
+ * --default-permits : By default :guest and :admin permits are generated. Use --no-default-permits option to disable this
161
197
 
162
198
  <code>$ rails g permits --orm active_record --roles guest author admin</code>
163
199
 
@@ -170,6 +206,10 @@ To get an understanding of what the generator generates for a Rails 3 applicatio
170
206
  In the file <code>permit_generator_spec.rb</code> make the following change <code>config.remove_temp_dir = false</code>
171
207
  This will prevent the rails /tmp dir from being deleted after the test run, so you can inspect what is generated in the Rails app.
172
208
 
209
+ # TODO ?
210
+
211
+ The Permits generator should attempt to discover which roles are currently defined as available to the system (Generic Roles API, User#roles etc.) and generate permits for those roles. Any roles specified in the --roles option should be merged with the roles available in the app.
212
+
173
213
  ## Note on Patches/Pull Requests
174
214
 
175
215
  * Fork the project.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.3.0
1
+ 0.3.1
data/cancan-permits.gemspec CHANGED
@@ -5,7 +5,7 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{cancan-permits}
8
- s.version = "0.3.0"
8
+ s.version = "0.3.1"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Kristian Mandrup"]
@@ -42,8 +42,9 @@ Gem::Specification.new do |s|
42
42
  "lib/cancan-permits/rspec/matchers/have_license_class.rb",
43
43
  "lib/cancan-permits/rspec/matchers/have_license_file.rb",
44
44
  "lib/generators/permits/permits_generator.rb",
45
- "lib/generators/permits/templates/licenses.rb",
45
+ "lib/generators/permits/templates/blogging_license.rb",
46
46
  "lib/generators/permits/templates/permit.rb",
47
+ "lib/generators/permits/templates/user_admin_license.rb",
47
48
  "spec/active_record/db/database.yml",
48
49
  "spec/active_record/migrations/001_create_user.rb",
49
50
  "spec/active_record/migrations/002_create_comment.rb",
data/lib/cancan-permits/permits/ability.rb CHANGED
@@ -27,7 +27,13 @@ module Permits
27
27
  permit = make_permit(role, ability, options)
28
28
  permits << permit if permit
29
29
  end
30
- (special_permits + role_permits).flatten.compact
30
+
31
+ # puts "Role permits: #{role_permits}"
32
+
33
+ all_permits = (special_permits + role_permits).flatten.compact
34
+ #
35
+ # puts "All permits: #{all_permits}"
36
+ # all_permits
31
37
  end
32
38
 
33
39
  def initialize user, options = {}
data/lib/cancan-permits/rspec/matchers/have_license_class.rb CHANGED
@@ -1,7 +1,7 @@
1
1
  module RSpec::RubyContentMatchers
2
2
  module LicenseClass
3
3
  def have_license_class name, superclass = 'License::Base'
4
- superclass ? have_subclass(name, :superclass => superclass) : have_class(name)
4
+ superclass ? have_subclass(name.to_s + 'License', superclass) : have_class(name)
5
5
  end
6
6
 
7
7
  def have_license_classes *names
data/lib/cancan-permits/rspec/matchers/have_license_file.rb CHANGED
@@ -4,6 +4,7 @@ module RSpec::RubyContentMatchers
4
4
  module LicenseFile
5
5
  class HaveLicenseFile
6
6
  include ::Rails3::Assist::Artifact::Directory
7
+ include ::Rails3::Assist::Directory
7
8
 
8
9
  attr_reader :name
9
10
 
@@ -12,12 +13,13 @@ module RSpec::RubyContentMatchers
12
13
  end
13
14
 
14
15
  def license_file name
15
- File.join(permit_dir, "#{name}.rb")
16
+ File.join(app_dir, 'licenses', "#{name}_license.rb")
16
17
  end
17
18
 
18
19
  def matches? obj, &block
19
- found = File.file? license_file(name)
20
- yield if block && found
20
+ file_name = license_file(name)
21
+ found = File.file? file_name
22
+ yield File.read(file_name) if block && found
21
23
  found
22
24
  end
23
25
  end
data/lib/generators/permits/permits_generator.rb CHANGED
@@ -7,15 +7,17 @@ require 'logging_assist'
7
7
  class PermitsGenerator < Rails::Generators::Base
8
8
  desc "Creates a Permit for each role in 'app/permits' and ensures that the permit folder is added to Rails load path."
9
9
 
10
- class_option :roles, :type => :array, :default => [], :desc => "Roles to create permits for"
10
+ class_option :roles, :type => :array, :default => [], :desc => "Roles to create permits for"
11
+ class_option :licenses, :type => :array, :default => [], :desc => "Licenses"
12
+
11
13
  # ORM to use
12
- class_option :orm, :type => :string, :desc => "ORM to use", :default => 'active_record'
14
+ class_option :orm, :type => :string, :default => 'active_record', :desc => "ORM to use"
15
+ class_option :initializer, :type => :boolean, :default => true, :desc => "Create Permits initializer"
13
16
 
14
- source_root File.dirname(__FILE__) + '/templates'
17
+ class_option :default_permits, :type => :boolean, :default => true, :desc => "Create default permits for guest and admin roles"
18
+ class_option :default_licenses, :type => :boolean, :default => true, :desc => "Create default exemplar licenses"
15
19
 
16
- def default_roles
17
- [:guest, :admin]
18
- end
20
+ source_root File.dirname(__FILE__) + '/templates'
19
21
 
20
22
  def main_flow
21
23
  default_roles.each do |role|
@@ -27,10 +29,19 @@ class PermitsGenerator < Rails::Generators::Base
27
29
 
28
30
  permit_logic = base_logic
29
31
  roles.each do |role|
30
- template_permit role if !default_roles.include?(role.to_sym)
32
+ template_permit(role) if !skip_permit?(role)
31
33
  end
32
- template "licenses.rb", "app/permits/licenses.rb"
33
- permits_initializer
34
+
35
+ if default_licenses?
36
+ template_license :user_admin
37
+ template_license :blogging
38
+ end
39
+
40
+ licenses.each do |license|
41
+ template_license(license) if !skip_license?(license)
42
+ end
43
+
44
+ permits_initializer if permits_initializer?
34
45
  end
35
46
 
36
47
  protected
@@ -42,10 +53,39 @@ class PermitsGenerator < Rails::Generators::Base
42
53
 
43
54
  attr_accessor :permit_name, :permit_logic
44
55
 
56
+ def default_roles
57
+ [:guest, :admin]
58
+ end
59
+
60
+ def permits_initializer?
61
+ options[:initializer]
62
+ end
63
+
64
+ def skip_license? license
65
+ default_licenses? && default_licenses.include?(license.to_sym)
66
+ end
67
+
68
+ def skip_permit? permit
69
+ default_permits? && default_roles.include?(permit.to_sym)
70
+ end
71
+
72
+
45
73
  # TODO: merge with any registered roles in application
46
74
  def roles
47
75
  options[:roles].uniq.to_symbols
48
76
  end
77
+
78
+ def default_licenses?
79
+ options[:default_licenses]
80
+ end
81
+
82
+ def default_permits?
83
+ options[:default_permits]
84
+ end
85
+
86
+ def licenses
87
+ options[:licenses]
88
+ end
49
89
 
50
90
  def orm
51
91
  options[:orm]
@@ -57,6 +97,10 @@ class PermitsGenerator < Rails::Generators::Base
57
97
  end
58
98
  end
59
99
 
100
+ def template_license name
101
+ template "#{name}_license.rb", "app/licenses/#{name}_license.rb"
102
+ end
103
+
60
104
  def template_permit name, template_name=nil
61
105
  permit_logic = send "#{name}_logic" if [:admin, :system, :any].include?(name)
62
106
  self.permit_name = name
@@ -73,10 +117,11 @@ class PermitsGenerator < Rails::Generators::Base
73
117
  # allow to manage all and return :break to
74
118
  # abort calling any other permissions
75
119
 
76
- if request.host.localhost? && localhost_manager?
120
+ request = options[:request]
121
+ if request && request.host.localhost? && localhost_manager?
77
122
  can(:manage, :all)
78
123
  return :break
79
- end
124
+ end
80
125
  }
81
126
  end
82
127
 
data/lib/generators/permits/templates/{licenses.rb → blogging_license.rb} RENAMED
@@ -1,13 +1,3 @@
1
- class UserAdminLicense < License::Base
2
- def initialize name
3
- super
4
- end
5
-
6
- def enforce!
7
- can(:manage, User)
8
- end
9
- end
10
-
11
1
  class BloggingLicense < License::Base
12
2
  def initialize name
13
3
  super
data/lib/generators/permits/templates/permit.rb CHANGED
@@ -3,9 +3,8 @@ class <%= permit_name.to_s.camelize %>Permit < Permit::Base
3
3
  super
4
4
  end
5
5
 
6
- def permit?(user, options = {})
6
+ def permit?(user, options = {})
7
7
  super
8
- <%= permit_logic %>
9
- licenses :user_admin, :blogging
8
+ <%= permit_logic %>
10
9
  end
11
10
  end
data/lib/generators/permits/templates/user_admin_license.rb ADDED
@@ -0,0 +1,10 @@
1
+ class UserAdminLicense < License::Base
2
+ def initialize name
3
+ super
4
+ end
5
+
6
+ def enforce!
7
+ can(:manage, User)
8
+ end
9
+ end
10
+
data/spec/generators/permit_generator_spec.rb CHANGED
@@ -50,15 +50,19 @@ describe 'Permits generator' do
50
50
  @generator.should have_permit_files :guest, :admin
51
51
  end
52
52
 
53
- it "should have created the Editor permit for the :editor role" do
53
+ it "should have created the Editor permit for the :editor role and the permit should not use licenses" do
54
54
  @generator.should have_permit_file :editor do |editor_permit|
55
- # guest_permit.should have_licenses :user_admin, :blogging
55
+ editor_permit.should_not have_licenses :user_admin, :blogging
56
56
  end
57
57
  end
58
58
 
59
59
  it "should have created the License file with the :user_admin and :blogging licenses used by the :editor permit" do
60
- @generator.should have_license_file :licenses do |license_file|
61
- # license_file.should have_license_classes :user_admin, :blogging
60
+ @generator.should have_license_file :user_admin do |license_file|
61
+ license_file.should have_license_class :user_admin
62
+ end
63
+
64
+ @generator.should have_license_file :blogging do |license_file|
65
+ license_file.should have_license_class :blogging
62
66
  end
63
67
  end
64
68
  end #ctx
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 3
8
- - 0
9
- version: 0.3.0
8
+ - 1
9
+ version: 0.3.1
10
10
  platform: ruby
11
11
  authors:
12
12
  - Kristian Mandrup
@@ -187,8 +187,9 @@ files:
187
187
  - lib/cancan-permits/rspec/matchers/have_license_class.rb
188
188
  - lib/cancan-permits/rspec/matchers/have_license_file.rb
189
189
  - lib/generators/permits/permits_generator.rb
190
- - lib/generators/permits/templates/licenses.rb
190
+ - lib/generators/permits/templates/blogging_license.rb
191
191
  - lib/generators/permits/templates/permit.rb
192
+ - lib/generators/permits/templates/user_admin_license.rb
192
193
  - spec/active_record/db/database.yml
193
194
  - spec/active_record/migrations/001_create_user.rb
194
195
  - spec/active_record/migrations/002_create_comment.rb