cancan-permits 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.markdown +10 -12
- data/VERSION +1 -1
- data/cancan-permits.gemspec +89 -0
- data/lib/cancan-permits/namespaces.rb +6 -1
- data/lib/cancan-permits/permit/base_license.rb +25 -0
- data/lib/cancan-permits/permit/base_permit.rb +13 -1
- data/lib/cancan-permits/permits/ability.rb +54 -0
- data/lib/cancan-permits/rspec/config.rb +8 -0
- data/lib/cancan-permits/rspec/matchers/have_license.rb +11 -0
- data/lib/cancan-permits/rspec/matchers/have_license_class.rb +11 -0
- data/lib/cancan-permits/rspec/matchers/have_license_file.rb +26 -0
- data/lib/generators/permits/permits_generator.rb +1 -0
- data/lib/generators/permits/templates/licenses.rb +22 -0
- data/lib/generators/permits/templates/permit.rb +11 -11
- data/spec/cancan-permits/fixtures/permits/admin_permit.rb +11 -13
- data/spec/cancan-permits/fixtures/permits/editor_permit.rb +21 -23
- data/spec/cancan-permits/fixtures/permits/guest_permit.rb +23 -24
- data/spec/cancan-permits/permits/owner_permits_spec.rb +2 -7
- data/spec/cancan-permits/permits/permits_spec.rb +4 -4
- data/spec/generators/permit_generator_spec.rb +38 -17
- data/spec/spec_helper.rb +7 -7
- metadata +10 -7
- data/lib/cancan-permits/permits/abiity.rb +0 -40
- data/lib/cancan-permits/rspec/matchers/have_permits.rb +0 -0
- data/spec/cancan-permits/fixtures/ability.rb +0 -19
data/README.markdown
CHANGED
@@ -34,19 +34,17 @@ By default it returns User.roles if such exists, otherwise it returns [:guest, :
|
|
34
34
|
_Note:_ You might consider using the Permits generator in order to generate your permits for you (see below)
|
35
35
|
|
36
36
|
<pre>
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
super
|
41
|
-
end
|
42
|
-
|
43
|
-
def permit?(user, request=nil)
|
44
|
-
super
|
45
|
-
return if !role_match? user
|
46
|
-
|
47
|
-
can :manage, :all
|
48
|
-
end
|
37
|
+
class AdminPermit < Permit::Base
|
38
|
+
def initialize(ability)
|
39
|
+
super
|
49
40
|
end
|
41
|
+
|
42
|
+
def permit?(user, request=nil)
|
43
|
+
super
|
44
|
+
return if !role_match? user
|
45
|
+
|
46
|
+
can :manage, :all
|
47
|
+
end
|
50
48
|
end
|
51
49
|
</pre>
|
52
50
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.1.
|
1
|
+
0.1.1
|
@@ -0,0 +1,89 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q{cancan-permits}
|
8
|
+
s.version = "0.1.1"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["Kristian Mandrup"]
|
12
|
+
s.date = %q{2010-09-19}
|
13
|
+
s.description = %q{Role specific Permits for use with CanCan permission system}
|
14
|
+
s.email = %q{kmandrup@gmail.com}
|
15
|
+
s.extra_rdoc_files = [
|
16
|
+
"LICENSE",
|
17
|
+
"README.markdown"
|
18
|
+
]
|
19
|
+
s.files = [
|
20
|
+
".document",
|
21
|
+
".gitignore",
|
22
|
+
".rspec",
|
23
|
+
"LICENSE",
|
24
|
+
"README.markdown",
|
25
|
+
"Rakefile",
|
26
|
+
"VERSION",
|
27
|
+
"cancan-permits.gemspec",
|
28
|
+
"lib/cancan-permits.rb",
|
29
|
+
"lib/cancan-permits/namespaces.rb",
|
30
|
+
"lib/cancan-permits/permit/base_license.rb",
|
31
|
+
"lib/cancan-permits/permit/base_permit.rb",
|
32
|
+
"lib/cancan-permits/permits/ability.rb",
|
33
|
+
"lib/cancan-permits/permits/configuration.rb",
|
34
|
+
"lib/cancan-permits/permits/roles.rb",
|
35
|
+
"lib/cancan-permits/rspec/config.rb",
|
36
|
+
"lib/cancan-permits/rspec/matchers/have_license.rb",
|
37
|
+
"lib/cancan-permits/rspec/matchers/have_license_class.rb",
|
38
|
+
"lib/cancan-permits/rspec/matchers/have_license_file.rb",
|
39
|
+
"lib/generators/permits/permits_generator.rb",
|
40
|
+
"lib/generators/permits/templates/licenses.rb",
|
41
|
+
"lib/generators/permits/templates/permit.rb",
|
42
|
+
"spec/cancan-permits/fixtures/permits/admin_permit.rb",
|
43
|
+
"spec/cancan-permits/fixtures/permits/editor_permit.rb",
|
44
|
+
"spec/cancan-permits/fixtures/permits/guest_permit.rb",
|
45
|
+
"spec/cancan-permits/permits/fixtures/models.rb",
|
46
|
+
"spec/cancan-permits/permits/owner_permits_spec.rb",
|
47
|
+
"spec/cancan-permits/permits/permits_spec.rb",
|
48
|
+
"spec/generators/permit_generator_spec.rb",
|
49
|
+
"spec/spec_helper.rb"
|
50
|
+
]
|
51
|
+
s.homepage = %q{http://github.com/kristianmandrup/cancan-permits}
|
52
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
53
|
+
s.require_paths = ["lib"]
|
54
|
+
s.rubygems_version = %q{1.3.7}
|
55
|
+
s.summary = %q{Permits for use with CanCan}
|
56
|
+
s.test_files = [
|
57
|
+
"spec/cancan-permits/fixtures/permits/admin_permit.rb",
|
58
|
+
"spec/cancan-permits/fixtures/permits/editor_permit.rb",
|
59
|
+
"spec/cancan-permits/fixtures/permits/guest_permit.rb",
|
60
|
+
"spec/cancan-permits/permits/fixtures/models.rb",
|
61
|
+
"spec/cancan-permits/permits/owner_permits_spec.rb",
|
62
|
+
"spec/cancan-permits/permits/permits_spec.rb",
|
63
|
+
"spec/generators/permit_generator_spec.rb",
|
64
|
+
"spec/spec_helper.rb"
|
65
|
+
]
|
66
|
+
|
67
|
+
if s.respond_to? :specification_version then
|
68
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
69
|
+
s.specification_version = 3
|
70
|
+
|
71
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
72
|
+
s.add_development_dependency(%q<rspec>, ["~> 2.0.0"])
|
73
|
+
s.add_runtime_dependency(%q<cancan>, ["~> 1.3"])
|
74
|
+
s.add_runtime_dependency(%q<require_all>, ["~> 1.1"])
|
75
|
+
s.add_runtime_dependency(%q<sugar-high>, ["~> 0.1"])
|
76
|
+
else
|
77
|
+
s.add_dependency(%q<rspec>, ["~> 2.0.0"])
|
78
|
+
s.add_dependency(%q<cancan>, ["~> 1.3"])
|
79
|
+
s.add_dependency(%q<require_all>, ["~> 1.1"])
|
80
|
+
s.add_dependency(%q<sugar-high>, ["~> 0.1"])
|
81
|
+
end
|
82
|
+
else
|
83
|
+
s.add_dependency(%q<rspec>, ["~> 2.0.0"])
|
84
|
+
s.add_dependency(%q<cancan>, ["~> 1.3"])
|
85
|
+
s.add_dependency(%q<require_all>, ["~> 1.1"])
|
86
|
+
s.add_dependency(%q<sugar-high>, ["~> 0.1"])
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module License
|
2
|
+
class Base
|
3
|
+
attr_reader :permit
|
4
|
+
|
5
|
+
def initialize permit
|
6
|
+
@permit = permit
|
7
|
+
end
|
8
|
+
|
9
|
+
def enforce!
|
10
|
+
raise "enforce! must be implemented by subclass of License::Base"
|
11
|
+
end
|
12
|
+
|
13
|
+
def can(action, subject, conditions = nil, &block)
|
14
|
+
permit.can action, subject, conditions, &block
|
15
|
+
end
|
16
|
+
|
17
|
+
def cannot(action, subject, conditions = nil, &block)
|
18
|
+
permit.cannot action, subject, conditions, &block
|
19
|
+
end
|
20
|
+
|
21
|
+
def owns(user, clazz, ownership_relation = :user_id, user_id_attribute = :id)
|
22
|
+
permit.owns user, clazz, ownership_relation, user_id_attribute
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -1,6 +1,18 @@
|
|
1
1
|
module Permit
|
2
2
|
class Base
|
3
3
|
attr_reader :ability
|
4
|
+
|
5
|
+
def licenses *names
|
6
|
+
names.to_strings.each do |name|
|
7
|
+
begin
|
8
|
+
module_name = "#{name.camelize}License"
|
9
|
+
clazz = module_name.constantize
|
10
|
+
clazz.new(self).enforce!
|
11
|
+
rescue
|
12
|
+
# puts "License #{module_name} not found"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
4
16
|
|
5
17
|
def initialize(ability)
|
6
18
|
@ability = ability
|
@@ -34,7 +46,7 @@ module Permit
|
|
34
46
|
end
|
35
47
|
|
36
48
|
def role_match? user
|
37
|
-
user.has_role? self.class.last_name.downcase.to_sym
|
49
|
+
user.has_role? self.class.last_name.gsub(/Permit$/, '').downcase.to_sym
|
38
50
|
end
|
39
51
|
|
40
52
|
def can_definitions
|
@@ -0,0 +1,54 @@
|
|
1
|
+
module Permits
|
2
|
+
class Ability
|
3
|
+
include CanCan::Ability
|
4
|
+
|
5
|
+
# set up each Permit instance to share this same Ability
|
6
|
+
# so that the can and cannot operations work on the same permission collection!
|
7
|
+
def self.permits ability
|
8
|
+
special_permits = []
|
9
|
+
special_permits << [:system, :any].map{|role| make_permit(role, ability)}
|
10
|
+
role_permits = Permits::Roles.available.inject([]) do |permits, role|
|
11
|
+
permit = make_permit(role, ability)
|
12
|
+
permits << permit if permit
|
13
|
+
end
|
14
|
+
(special_permits + role_permits).flatten.compact
|
15
|
+
end
|
16
|
+
|
17
|
+
def initialize(user, request=nil)
|
18
|
+
# put ability logic here!
|
19
|
+
user ||= Guest.new
|
20
|
+
|
21
|
+
Permits::Ability.permits(self).each do |permit|
|
22
|
+
# get role name of permit
|
23
|
+
permit_role = permit.class.demodulize.gsub(/Permit$/, '').underscore.to_sym
|
24
|
+
|
25
|
+
if permit_role == :system
|
26
|
+
# always execute system permit
|
27
|
+
result = role_permit.permit?(user, request)
|
28
|
+
break if result == :break
|
29
|
+
else
|
30
|
+
# only execute the permit if the user has the role of the permit or is for any role
|
31
|
+
if user.has_role?(permit_role) || permit_role == :any
|
32
|
+
# puts "user: #{user} of #{permit_role} has permit?"
|
33
|
+
permit.permit?(user, request)
|
34
|
+
# else
|
35
|
+
# puts "Permit #{permit} not used for role #{permit_role}"
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
protected
|
42
|
+
|
43
|
+
def self.make_permit role, ability
|
44
|
+
begin
|
45
|
+
clazz_name = "#{role.to_s.camelize}Permit"
|
46
|
+
permit_clazz = clazz_name.constantize
|
47
|
+
permit_clazz.new(ability) if permit_clazz && permit_clazz.kind_of?(Class)
|
48
|
+
rescue
|
49
|
+
# puts "permit class not found: #{clazz_name}"
|
50
|
+
nil
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
module RSpec::RubyContentMatchers
|
2
|
+
module License
|
3
|
+
def have_license_class name, superclass = nil
|
4
|
+
superclass ? have_subclass(name, :superclass => superclass) : have_class(name)
|
5
|
+
end
|
6
|
+
|
7
|
+
def have_license_classes *names
|
8
|
+
have_classes names
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'rails-app-spec'
|
2
|
+
|
3
|
+
module RSpec::RailsApp::File
|
4
|
+
module Matchers
|
5
|
+
class HaveLicenseFile
|
6
|
+
include ::Rails3::Assist::Artifact
|
7
|
+
include ::Rails3::Assist::File
|
8
|
+
|
9
|
+
attr_reader :name
|
10
|
+
|
11
|
+
def initialize name
|
12
|
+
@name = name
|
13
|
+
end
|
14
|
+
|
15
|
+
def matches? obj, &block
|
16
|
+
found = File.file? license_file(name)
|
17
|
+
yield if block && found
|
18
|
+
found
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def have_license_file name
|
23
|
+
HaveLicenseFile.new name
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
class UserAdminLicense < License::Base
|
2
|
+
def initialize name
|
3
|
+
super
|
4
|
+
end
|
5
|
+
|
6
|
+
def enforce!
|
7
|
+
can(:manage, User)
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
class BloggingLicense < License::Base
|
12
|
+
def initialize name
|
13
|
+
super
|
14
|
+
end
|
15
|
+
|
16
|
+
def enforce!
|
17
|
+
can(:read, Blog)
|
18
|
+
can(:create, Post)
|
19
|
+
owns(user, Post)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
@@ -1,12 +1,12 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
super
|
5
|
-
end
|
6
|
-
|
7
|
-
def permit?(user, request=nil)
|
8
|
-
super
|
9
|
-
<%= permit logic %>
|
10
|
-
end
|
1
|
+
class <%= permit_name.to_s.camelize %>Permit < Permit::Base
|
2
|
+
def initialize(ability)
|
3
|
+
super
|
11
4
|
end
|
12
|
-
|
5
|
+
|
6
|
+
def permit?(user, request=nil)
|
7
|
+
super
|
8
|
+
<%= permit_logic %>
|
9
|
+
|
10
|
+
licenses :user_admin, :blogging
|
11
|
+
end
|
12
|
+
end
|
@@ -1,14 +1,12 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
super
|
5
|
-
end
|
6
|
-
|
7
|
-
def permit?(user, request=nil)
|
8
|
-
super
|
9
|
-
return if !role_match? user
|
10
|
-
|
11
|
-
can :manage, :all
|
12
|
-
end
|
1
|
+
class AdminPermit < Permit::Base
|
2
|
+
def initialize(ability)
|
3
|
+
super
|
13
4
|
end
|
14
|
-
|
5
|
+
|
6
|
+
def permit?(user, request=nil)
|
7
|
+
super
|
8
|
+
return if !role_match? user
|
9
|
+
|
10
|
+
can :manage, :all
|
11
|
+
end
|
12
|
+
end
|
@@ -1,26 +1,24 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
end
|
1
|
+
class EditorPermit < Permit::Base
|
2
|
+
def initialize(ability)
|
3
|
+
super
|
4
|
+
end
|
6
5
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
6
|
+
def permit?(user, request=nil)
|
7
|
+
super
|
8
|
+
return if !role_match? user
|
9
|
+
|
10
|
+
# uses default user_id
|
11
|
+
owns(user, Comment)
|
12
|
+
#
|
13
|
+
owns(user, Post, :writer)
|
14
|
+
#
|
15
|
+
owns(user, Article, :author, :name)
|
17
16
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
17
|
+
# a user can manage comments he/she created
|
18
|
+
# can :manage, Comment do |comment|
|
19
|
+
# comment.try(:user) == user
|
20
|
+
# end
|
22
21
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
end
|
22
|
+
# can :create, Comment
|
23
|
+
end
|
24
|
+
end
|
@@ -1,25 +1,24 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
super
|
5
|
-
end
|
6
|
-
|
7
|
-
def permit?(user, request=nil)
|
8
|
-
super
|
9
|
-
return if !role_match? user
|
10
|
-
|
11
|
-
can :read, [Comment, Post]
|
12
|
-
can [:update, :destroy], [Comment]
|
13
|
-
can :create, Article
|
14
|
-
|
15
|
-
# owns(user, Comment)
|
16
|
-
|
17
|
-
# a user can manage comments he/she created
|
18
|
-
# can :manage, Comment do |comment|
|
19
|
-
# comment.try(:user) == user
|
20
|
-
# end
|
21
|
-
|
22
|
-
# can :create, Comment
|
23
|
-
end
|
1
|
+
class GuestPermit < Permit::Base
|
2
|
+
def initialize(ability)
|
3
|
+
super
|
24
4
|
end
|
25
|
-
|
5
|
+
|
6
|
+
def permit?(user, request=nil)
|
7
|
+
super
|
8
|
+
return if !role_match? user
|
9
|
+
|
10
|
+
can :read, [Comment, Post]
|
11
|
+
can [:update, :destroy], [Comment]
|
12
|
+
can :create, Article
|
13
|
+
|
14
|
+
licenses :user_admin, :blogging
|
15
|
+
# owns(user, Comment)
|
16
|
+
|
17
|
+
# a user can manage comments he/she created
|
18
|
+
# can :manage, Comment do |comment|
|
19
|
+
# comment.try(:user) == user
|
20
|
+
# end
|
21
|
+
|
22
|
+
# can :create, Comment
|
23
|
+
end
|
24
|
+
end
|
@@ -1,15 +1,10 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
4
|
-
# can [:update, :destroy], [Comment]
|
5
|
-
# can :create, Article
|
6
|
-
|
7
|
-
|
8
|
-
describe AuthAssistant::Ability do
|
3
|
+
describe Permits::Ability do
|
9
4
|
context "Editor user" do
|
10
5
|
before :each do
|
11
6
|
@editor = User.new(1, :editor, 'kristian')
|
12
|
-
@ability =
|
7
|
+
@ability = Permits::Ability.new @editor
|
13
8
|
@comment = Comment.new(1)
|
14
9
|
@post = Post.new(1)
|
15
10
|
@article = Article.new('kristian')
|
@@ -13,11 +13,11 @@ class Article
|
|
13
13
|
end
|
14
14
|
|
15
15
|
|
16
|
-
describe
|
16
|
+
describe Permits::Ability do
|
17
17
|
context "Guest user" do
|
18
18
|
before :each do
|
19
19
|
@guest = User.new(1, :guest)
|
20
|
-
@ability =
|
20
|
+
@ability = Permits::Ability.new @guest
|
21
21
|
@comment = Comment.new(1)
|
22
22
|
@post = Post.new(1)
|
23
23
|
end
|
@@ -29,7 +29,7 @@ describe AuthAssistant::Ability do
|
|
29
29
|
it "should be able to :read Comment and Post but NOT Article" do
|
30
30
|
@ability.can?(:read, Comment).should be_true
|
31
31
|
@ability.can?(:read, @comment).should be_true
|
32
|
-
|
32
|
+
|
33
33
|
@ability.can?(:read, Post).should be_true
|
34
34
|
@ability.can?(:read, @post).should be_true
|
35
35
|
|
@@ -50,7 +50,7 @@ describe AuthAssistant::Ability do
|
|
50
50
|
context "Admin user" do
|
51
51
|
before do
|
52
52
|
admin = User.new(2, :admin)
|
53
|
-
@ability =
|
53
|
+
@ability = Permits::Ability.new admin
|
54
54
|
end
|
55
55
|
#
|
56
56
|
# # can :manage, :all
|
@@ -1,35 +1,56 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
require 'generator-spec'
|
3
3
|
|
4
|
+
require_generator :permits
|
5
|
+
|
6
|
+
RSpec::Generator.configure do |config|
|
7
|
+
config.debug = true
|
8
|
+
config.remove_temp_dir = true #false
|
9
|
+
config.default_rails_root(__FILE__)
|
10
|
+
config.lib = File.dirname(__FILE__) + '/../lib'
|
11
|
+
config.logger = :stdout # :file
|
12
|
+
end
|
13
|
+
|
14
|
+
|
4
15
|
describe 'Permits generator' do
|
5
|
-
|
16
|
+
setup_generator :permits do
|
6
17
|
tests PermitsGenerator
|
7
18
|
end
|
8
19
|
|
9
20
|
describe 'result of running generator with default profile' do
|
10
21
|
before :each do
|
11
|
-
|
22
|
+
@generator = with_generator do |g|
|
12
23
|
g.run_generator
|
13
24
|
end
|
14
25
|
end
|
15
26
|
|
16
27
|
it "should create Admin permit" do
|
17
|
-
|
28
|
+
@generator.should generate_permit :admin
|
18
29
|
end
|
19
30
|
end
|
20
31
|
|
21
|
-
describe 'result of running generator with option to create permit for each registered role' do
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
32
|
+
# describe 'result of running generator with option to create permit for each registered role' do
|
33
|
+
# context "Registered roles :guest, :admin"
|
34
|
+
# before :each do
|
35
|
+
# with_generator do |g|
|
36
|
+
# g.run_generator "--roles admin guest"
|
37
|
+
# end
|
38
|
+
# end
|
39
|
+
#
|
40
|
+
# it "should have created Guest and Admin permits" do
|
41
|
+
# # Find at: 'app/permits/admin_permit.rb'
|
42
|
+
# g.should have_permit_files :guest, :admin
|
43
|
+
#
|
44
|
+
# # g.should have_permit_file :guest do |guest_permit|
|
45
|
+
# # guest_permit.should have_licenses :user_admin, :blogging
|
46
|
+
# # end
|
47
|
+
# #
|
48
|
+
# # g.should have_license_file :licenses do |license_file|
|
49
|
+
# # license_file.should have_module :license do |license_module|
|
50
|
+
# # license_module.should have_license_classes :user_admin, :blogging, :superclass => :base
|
51
|
+
# # end
|
52
|
+
# # end
|
53
|
+
# end
|
54
|
+
# end #ctx
|
55
|
+
# end
|
35
56
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,16 +1,16 @@
|
|
1
|
-
require 'rspec'
|
2
|
-
require 'rspec/autorun'
|
1
|
+
require 'rspec/core'
|
3
2
|
require 'cancan/matchers'
|
4
3
|
require 'cancan-permits'
|
5
4
|
|
6
|
-
require_all File.dirname(__FILE__) + 'cancan-permits/fixtures/permits'
|
7
|
-
|
5
|
+
require_all File.dirname(__FILE__) + '/cancan-permits/fixtures/permits'
|
6
|
+
|
7
|
+
require_all File.dirname(__FILE__) + '/cancan-permits/permits/fixtures'
|
8
8
|
|
9
9
|
RSpec.configure do |config|
|
10
10
|
config.mock_with :mocha
|
11
11
|
end
|
12
12
|
|
13
|
-
module
|
13
|
+
module Permits::Roles
|
14
14
|
def self.available
|
15
15
|
User.roles
|
16
16
|
end
|
@@ -23,11 +23,11 @@ class User
|
|
23
23
|
[:guest, :admin, :editor]
|
24
24
|
end
|
25
25
|
|
26
|
-
def initialize id, role, name
|
26
|
+
def initialize id, role, name = nil
|
27
27
|
self.id = id
|
28
28
|
raise ArgumentError, "Role #{role} is not in list of available roles: #{self.class.roles}" if !self.class.roles.include? role
|
29
29
|
self.role = role
|
30
|
-
self.name = name
|
30
|
+
self.name = name || role.to_s
|
31
31
|
end
|
32
32
|
|
33
33
|
def has_role? role
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 1
|
8
|
-
-
|
9
|
-
version: 0.1.
|
8
|
+
- 1
|
9
|
+
version: 0.1.1
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Kristian Mandrup
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-09-
|
17
|
+
date: 2010-09-19 00:00:00 +02:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -91,17 +91,21 @@ files:
|
|
91
91
|
- README.markdown
|
92
92
|
- Rakefile
|
93
93
|
- VERSION
|
94
|
+
- cancan-permits.gemspec
|
94
95
|
- lib/cancan-permits.rb
|
95
96
|
- lib/cancan-permits/namespaces.rb
|
97
|
+
- lib/cancan-permits/permit/base_license.rb
|
96
98
|
- lib/cancan-permits/permit/base_permit.rb
|
97
|
-
- lib/cancan-permits/permits/
|
99
|
+
- lib/cancan-permits/permits/ability.rb
|
98
100
|
- lib/cancan-permits/permits/configuration.rb
|
99
101
|
- lib/cancan-permits/permits/roles.rb
|
100
102
|
- lib/cancan-permits/rspec/config.rb
|
101
|
-
- lib/cancan-permits/rspec/matchers/
|
103
|
+
- lib/cancan-permits/rspec/matchers/have_license.rb
|
104
|
+
- lib/cancan-permits/rspec/matchers/have_license_class.rb
|
105
|
+
- lib/cancan-permits/rspec/matchers/have_license_file.rb
|
102
106
|
- lib/generators/permits/permits_generator.rb
|
107
|
+
- lib/generators/permits/templates/licenses.rb
|
103
108
|
- lib/generators/permits/templates/permit.rb
|
104
|
-
- spec/cancan-permits/fixtures/ability.rb
|
105
109
|
- spec/cancan-permits/fixtures/permits/admin_permit.rb
|
106
110
|
- spec/cancan-permits/fixtures/permits/editor_permit.rb
|
107
111
|
- spec/cancan-permits/fixtures/permits/guest_permit.rb
|
@@ -143,7 +147,6 @@ signing_key:
|
|
143
147
|
specification_version: 3
|
144
148
|
summary: Permits for use with CanCan
|
145
149
|
test_files:
|
146
|
-
- spec/cancan-permits/fixtures/ability.rb
|
147
150
|
- spec/cancan-permits/fixtures/permits/admin_permit.rb
|
148
151
|
- spec/cancan-permits/fixtures/permits/editor_permit.rb
|
149
152
|
- spec/cancan-permits/fixtures/permits/guest_permit.rb
|
@@ -1,40 +0,0 @@
|
|
1
|
-
module Permits
|
2
|
-
class Ability
|
3
|
-
include CanCan::Ability
|
4
|
-
|
5
|
-
# set up each RolePermit instance to share this same Ability
|
6
|
-
# so that the can and cannot operations work on the same permission collection!
|
7
|
-
def self.permits ability
|
8
|
-
special_permits << [:system, :any].map{|name| make_permit(role, ability)}
|
9
|
-
role_permits = Permits::Roles.available.inject([]) do |permits, role|
|
10
|
-
permits << make_permit role, ability
|
11
|
-
end
|
12
|
-
special_permits + role_permits
|
13
|
-
end
|
14
|
-
|
15
|
-
def initialize(user, request=nil)
|
16
|
-
# put ability logic here!
|
17
|
-
user ||= Guest.new
|
18
|
-
|
19
|
-
Ability.permits(self).each do |permit|
|
20
|
-
# get role name of permit
|
21
|
-
permit_role = permit.class.demodulize.to_sym
|
22
|
-
|
23
|
-
if permit_role == :system
|
24
|
-
# always execute system permit
|
25
|
-
result = role_permit.permit?(user, request)
|
26
|
-
break if result == :break
|
27
|
-
else
|
28
|
-
# only execute the permit if the user has the role of the permit or is for any role
|
29
|
-
role_permit.permit?(user, request) if user.has_role?(permit_role) || permit_role == :any
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
protected
|
35
|
-
|
36
|
-
def self.make_permit role, ability
|
37
|
-
"Permit::#{role.to_s.camelize}".constantize.new(ability)
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
File without changes
|
@@ -1,19 +0,0 @@
|
|
1
|
-
module AuthAssistant
|
2
|
-
class Ability
|
3
|
-
include CanCan::Ability
|
4
|
-
|
5
|
-
# set up each RolePermit instance to share this same Ability
|
6
|
-
# so that the can and cannot operations work on the same permission collection!
|
7
|
-
def self.role_permits ability
|
8
|
-
@role_permits = AuthAssistant::Roles.available.inject([]) do |permits, role|
|
9
|
-
permits << "RolePermit::#{role.to_s.camelize}".constantize.new(ability)
|
10
|
-
end
|
11
|
-
end
|
12
|
-
|
13
|
-
def initialize(user, request=nil)
|
14
|
-
# put ability logic here!
|
15
|
-
user ||= Guest.new
|
16
|
-
Ability.role_permits(self).each{|role_permit| role_permit.permit?(user, request) }
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|