cancan-permits 0.3.0 → 0.3.1

data/README.markdown

@@ -149,15 +149,51 @@ Alternatively set it for the Ability instance for more fine grained control
 
 The ORMs currently supported (and tested) are :active_record, :data_mapper, :mongoid, :mongo_mapper
 
+## Advanced Permit options
+
+Note that the options hash (second argument of the initializer) can also be used to pass custom data for the permission system to use to determine whether an action
+should be permitted. An example use of this is to pass in the HTTP request object. This approach is used in the default SystemPermit generated.
+
+The ability would most likely be configured with the current request in a view helper or directly from within the controller.
+
+<code>
+  editor_ability = Permits::Ability.new(@editor, :request => request)      
+</code>
+
+A Permit can then use this information
+ 
+<code>
+  def permit?(user, options = {}) 
+    request = options[:request]
+    if request && request.host.localhost? && localhost_manager?
+      can(:manage, :all) 
+      return :break
+    end    
+  end  
+</code>
+
+Now, if a request object is present and the host is 'localhost' and Permits has been configured to allow localhost to manage objects, then:
+The user is allowed to manage all objects and no other Permits are evaluated (to avoid them overriding this full right permission).
+
+In the code above, the built in <code>#localhost_manager?</code> method is used.
+
+To configure permits to allow localhost to manage objects:
+<code>
+  Permits::Configuration.localhost_manager = true
+</code>
+
+Please provide suggestions and feedback on how to improve this :)
+
 ## Permits Generator
 
 Options
-* --orm   : The ORM to use (active_record, data_mapper, mongoid, mongo_mapper)
-* --roles : The roles for which to generate permits ; default Guest (read all) and Admin (manage all) 
+* --orm         : The ORM to use (active_record, data_mapper, mongoid, mongo_mapper) - creates a Rails initializer
+* --initializer : A Rails 3 initializer file for Permits is generated by default. Use --no-initializer option to disable this
+* --roles       : The roles for which to generate permits ; default Guest (read all) and Admin (manage all) 
+* --licenses    : The licenses to generate; default UserAdmin and Blogging licenses are generated
 
-Note, by default the Permits generator will attempt to discover which roles are currently defined as available to the system
-and generate permits for those roles (using some conventions - TODO). Any roles specified in the --roles option are merged
-with the roles found to be available in the app.
+* --default-licenses  : By default exemplar licenses are generated. Use --no-default-licenses option to disable this
+* --default-permits   : By default :guest and :admin permits are generated. Use --no-default-permits option to disable this
 
 <code>$ rails g permits --orm active_record --roles guest author admin</code>
 
@@ -170,6 +206,10 @@ To get an understanding of what the generator generates for a Rails 3 applicatio
 In the file <code>permit_generator_spec.rb</code> make the following change <code>config.remove_temp_dir = false</code>
 This will prevent the rails /tmp dir from being deleted after the test run, so you can inspect what is generated in the Rails app. 
 
+# TODO ?
+
+The Permits generator should attempt to discover which roles are currently defined as available to the system (Generic Roles API, User#roles etc.) and generate permits for those roles. Any roles specified in the --roles option should be merged with the roles available in the app.
+
 ## Note on Patches/Pull Requests
  
 * Fork the project.

data/VERSION

@@ -1 +1 @@
-0.3.0
+0.3.1

data/cancan-permits.gemspec

@@ -5,7 +5,7 @@
 
 Gem::Specification.new do |s|
   s.name = %q{cancan-permits}
-  s.version = "0.3.0"
+  s.version = "0.3.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Kristian Mandrup"]
@@ -42,8 +42,9 @@ Gem::Specification.new do |s|
      "lib/cancan-permits/rspec/matchers/have_license_class.rb",
      "lib/cancan-permits/rspec/matchers/have_license_file.rb",
      "lib/generators/permits/permits_generator.rb",
-     "lib/generators/permits/templates/licenses.rb",
+     "lib/generators/permits/templates/blogging_license.rb",
      "lib/generators/permits/templates/permit.rb",
+     "lib/generators/permits/templates/user_admin_license.rb",
      "spec/active_record/db/database.yml",
      "spec/active_record/migrations/001_create_user.rb",
      "spec/active_record/migrations/002_create_comment.rb",

data/lib/cancan-permits/permits/ability.rb

@@ -27,7 +27,13 @@ module Permits
         permit = make_permit(role, ability, options)
         permits << permit if permit
       end
-      (special_permits + role_permits).flatten.compact
+      
+      # puts "Role permits: #{role_permits}"
+      
+      all_permits = (special_permits + role_permits).flatten.compact
+      # 
+      # puts "All permits: #{all_permits}"
+      # all_permits      
     end
 
     def initialize user, options = {}

data/lib/cancan-permits/rspec/matchers/have_license_class.rb

@@ -1,7 +1,7 @@
 module RSpec::RubyContentMatchers 
   module LicenseClass 
     def have_license_class name, superclass = 'License::Base'
-      superclass ? have_subclass(name, :superclass => superclass) : have_class(name)
+      superclass ? have_subclass(name.to_s + 'License', superclass) : have_class(name)
     end    
 
     def have_license_classes *names

data/lib/cancan-permits/rspec/matchers/have_license_file.rb

@@ -4,6 +4,7 @@ module RSpec::RubyContentMatchers
   module LicenseFile  
     class HaveLicenseFile
       include ::Rails3::Assist::Artifact::Directory
+      include ::Rails3::Assist::Directory
       
       attr_reader :name
   
@@ -12,12 +13,13 @@ module RSpec::RubyContentMatchers
       end
 
       def license_file name
-        File.join(permit_dir, "#{name}.rb")
+        File.join(app_dir, 'licenses', "#{name}_license.rb")
       end
 
       def matches? obj, &block
-        found = File.file? license_file(name)
-        yield if block && found
+        file_name = license_file(name)
+        found = File.file? file_name
+        yield File.read(file_name) if block && found
         found
       end  
     end

data/lib/generators/permits/permits_generator.rb

@@ -7,15 +7,17 @@ require 'logging_assist'
 class PermitsGenerator < Rails::Generators::Base
   desc "Creates a Permit for each role in 'app/permits' and ensures that the permit folder is added to Rails load path."
 
-  class_option :roles,  :type => :array,    :default => [], :desc => "Roles to create permits for"
+  class_option :roles,        :type => :array,      :default => [],               :desc => "Roles to create permits for"
+  class_option :licenses,     :type => :array,      :default => [],               :desc => "Licenses"
+
   # ORM to use
-  class_option :orm,    :type => :string,   :desc => "ORM to use", :default => 'active_record'
+  class_option :orm,          :type => :string,     :default => 'active_record',  :desc => "ORM to use"
+  class_option :initializer,  :type => :boolean,    :default => true,             :desc => "Create Permits initializer"
 
-  source_root File.dirname(__FILE__) + '/templates'
+  class_option :default_permits,    :type => :boolean,    :default => true, :desc => "Create default permits for guest and admin roles"
+  class_option :default_licenses,   :type => :boolean,    :default => true, :desc => "Create default exemplar licenses"
 
-  def default_roles
-    [:guest, :admin]
-  end
+  source_root File.dirname(__FILE__) + '/templates'
 
   def main_flow      
     default_roles.each do |role|
@@ -27,10 +29,19 @@ class PermitsGenerator < Rails::Generators::Base
     
     permit_logic = base_logic
     roles.each do |role|      
-      template_permit role if !default_roles.include?(role.to_sym)
+      template_permit(role) if !skip_permit?(role)
     end    
-    template "licenses.rb", "app/permits/licenses.rb"        
-    permits_initializer
+
+    if default_licenses?
+      template_license :user_admin
+      template_license :blogging
+    end  
+
+    licenses.each do |license|      
+      template_license(license) if !skip_license?(license)
+    end    
+
+    permits_initializer if permits_initializer?
   end
   
   protected
@@ -42,10 +53,39 @@ class PermitsGenerator < Rails::Generators::Base
 
   attr_accessor :permit_name, :permit_logic
 
+  def default_roles
+    [:guest, :admin]
+  end
+
+  def permits_initializer?
+    options[:initializer]
+  end
+
+  def skip_license? license
+    default_licenses? && default_licenses.include?(license.to_sym) 
+  end
+
+  def skip_permit? permit
+    default_permits? && default_roles.include?(permit.to_sym) 
+  end
+
+
   # TODO: merge with any registered roles in application
   def roles
     options[:roles].uniq.to_symbols
   end
+
+  def default_licenses?
+    options[:default_licenses]    
+  end
+
+  def default_permits?
+    options[:default_permits]    
+  end
+
+  def licenses
+    options[:licenses]    
+  end
   
   def orm
     options[:orm]
@@ -57,6 +97,10 @@ class PermitsGenerator < Rails::Generators::Base
     end
   end 
 
+  def template_license name 
+    template "#{name}_license.rb", "app/licenses/#{name}_license.rb"
+  end
+
   def template_permit name, template_name=nil
     permit_logic = send "#{name}_logic" if [:admin, :system, :any].include?(name)
     self.permit_name = name
@@ -73,10 +117,11 @@ class PermitsGenerator < Rails::Generators::Base
       # allow to manage all and return :break to 
       # abort calling any other permissions
   
-      if request.host.localhost? && localhost_manager?
+      request = options[:request]
+      if request && request.host.localhost? && localhost_manager?
         can(:manage, :all) 
         return :break
-      end
+      end    
 }
   end
 

data/lib/generators/permits/templates/{licenses.rb → blogging_license.rb}

@@ -1,13 +1,3 @@
-class UserAdminLicense < License::Base
-  def initialize name
-    super
-  end
-
-  def enforce!
-    can(:manage, User)
-  end
-end
-
 class BloggingLicense < License::Base
   def initialize name
     super

data/lib/generators/permits/templates/permit.rb

@@ -3,9 +3,8 @@ class <%= permit_name.to_s.camelize %>Permit < Permit::Base
     super
   end
 
-  def permit?(user, options = {}) 
+  def permit?(user, options = {})
     super
-    <%= permit_logic %>    
-    licenses :user_admin, :blogging
+    <%= permit_logic %>
   end  
 end

data/lib/generators/permits/templates/user_admin_license.rb

@@ -0,0 +1,10 @@
+class UserAdminLicense < License::Base
+  def initialize name
+    super
+  end
+
+  def enforce!
+    can(:manage, User)
+  end
+end
+

data/spec/generators/permit_generator_spec.rb

@@ -50,15 +50,19 @@ describe 'Permits generator' do
         @generator.should have_permit_files :guest, :admin
       end
       
-      it "should have created the Editor permit for the :editor role" do      
+      it "should have created the Editor permit for the :editor role and the permit should not use licenses" do      
         @generator.should have_permit_file :editor do |editor_permit|
-          # guest_permit.should have_licenses :user_admin, :blogging 
+          editor_permit.should_not have_licenses :user_admin, :blogging 
         end
       end
 
       it "should have created the License file with the :user_admin and :blogging licenses used by the :editor permit" do
-        @generator.should have_license_file :licenses do |license_file|      
-          # license_file.should have_license_classes :user_admin, :blogging
+        @generator.should have_license_file :user_admin do |license_file|      
+          license_file.should have_license_class :user_admin
+        end
+
+        @generator.should have_license_file :blogging do |license_file|      
+          license_file.should have_license_class :blogging
         end
       end
     end #ctx

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 3
-  - 0
-  version: 0.3.0
+  - 1
+  version: 0.3.1
 platform: ruby
 authors: 
 - Kristian Mandrup
@@ -187,8 +187,9 @@ files:
 - lib/cancan-permits/rspec/matchers/have_license_class.rb
 - lib/cancan-permits/rspec/matchers/have_license_file.rb
 - lib/generators/permits/permits_generator.rb
-- lib/generators/permits/templates/licenses.rb
+- lib/generators/permits/templates/blogging_license.rb
 - lib/generators/permits/templates/permit.rb
+- lib/generators/permits/templates/user_admin_license.rb
 - spec/active_record/db/database.yml
 - spec/active_record/migrations/001_create_user.rb
 - spec/active_record/migrations/002_create_comment.rb