cancan-permits 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.markdown +10 -12
- data/VERSION +1 -1
- data/cancan-permits.gemspec +89 -0
- data/lib/cancan-permits/namespaces.rb +6 -1
- data/lib/cancan-permits/permit/base_license.rb +25 -0
- data/lib/cancan-permits/permit/base_permit.rb +13 -1
- data/lib/cancan-permits/permits/ability.rb +54 -0
- data/lib/cancan-permits/rspec/config.rb +8 -0
- data/lib/cancan-permits/rspec/matchers/have_license.rb +11 -0
- data/lib/cancan-permits/rspec/matchers/have_license_class.rb +11 -0
- data/lib/cancan-permits/rspec/matchers/have_license_file.rb +26 -0
- data/lib/generators/permits/permits_generator.rb +1 -0
- data/lib/generators/permits/templates/licenses.rb +22 -0
- data/lib/generators/permits/templates/permit.rb +11 -11
- data/spec/cancan-permits/fixtures/permits/admin_permit.rb +11 -13
- data/spec/cancan-permits/fixtures/permits/editor_permit.rb +21 -23
- data/spec/cancan-permits/fixtures/permits/guest_permit.rb +23 -24
- data/spec/cancan-permits/permits/owner_permits_spec.rb +2 -7
- data/spec/cancan-permits/permits/permits_spec.rb +4 -4
- data/spec/generators/permit_generator_spec.rb +38 -17
- data/spec/spec_helper.rb +7 -7
- metadata +10 -7
- data/lib/cancan-permits/permits/abiity.rb +0 -40
- data/lib/cancan-permits/rspec/matchers/have_permits.rb +0 -0
- data/spec/cancan-permits/fixtures/ability.rb +0 -19
data/README.markdown
CHANGED
@@ -34,19 +34,17 @@ By default it returns User.roles if such exists, otherwise it returns [:guest, :
|
|
34
34
|
_Note:_ You might consider using the Permits generator in order to generate your permits for you (see below)
|
35
35
|
|
36
36
|
<pre>
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
super
|
41
|
-
end
|
42
|
-
|
43
|
-
def permit?(user, request=nil)
|
44
|
-
super
|
45
|
-
return if !role_match? user
|
46
|
-
|
47
|
-
can :manage, :all
|
48
|
-
end
|
37
|
+
class AdminPermit < Permit::Base
|
38
|
+
def initialize(ability)
|
39
|
+
super
|
49
40
|
end
|
41
|
+
|
42
|
+
def permit?(user, request=nil)
|
43
|
+
super
|
44
|
+
return if !role_match? user
|
45
|
+
|
46
|
+
can :manage, :all
|
47
|
+
end
|
50
48
|
end
|
51
49
|
</pre>
|
52
50
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.1.
|
1
|
+
0.1.1
|
@@ -0,0 +1,89 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q{cancan-permits}
|
8
|
+
s.version = "0.1.1"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["Kristian Mandrup"]
|
12
|
+
s.date = %q{2010-09-19}
|
13
|
+
s.description = %q{Role specific Permits for use with CanCan permission system}
|
14
|
+
s.email = %q{kmandrup@gmail.com}
|
15
|
+
s.extra_rdoc_files = [
|
16
|
+
"LICENSE",
|
17
|
+
"README.markdown"
|
18
|
+
]
|
19
|
+
s.files = [
|
20
|
+
".document",
|
21
|
+
".gitignore",
|
22
|
+
".rspec",
|
23
|
+
"LICENSE",
|
24
|
+
"README.markdown",
|
25
|
+
"Rakefile",
|
26
|
+
"VERSION",
|
27
|
+
"cancan-permits.gemspec",
|
28
|
+
"lib/cancan-permits.rb",
|
29
|
+
"lib/cancan-permits/namespaces.rb",
|
30
|
+
"lib/cancan-permits/permit/base_license.rb",
|
31
|
+
"lib/cancan-permits/permit/base_permit.rb",
|
32
|
+
"lib/cancan-permits/permits/ability.rb",
|
33
|
+
"lib/cancan-permits/permits/configuration.rb",
|
34
|
+
"lib/cancan-permits/permits/roles.rb",
|
35
|
+
"lib/cancan-permits/rspec/config.rb",
|
36
|
+
"lib/cancan-permits/rspec/matchers/have_license.rb",
|
37
|
+
"lib/cancan-permits/rspec/matchers/have_license_class.rb",
|
38
|
+
"lib/cancan-permits/rspec/matchers/have_license_file.rb",
|
39
|
+
"lib/generators/permits/permits_generator.rb",
|
40
|
+
"lib/generators/permits/templates/licenses.rb",
|
41
|
+
"lib/generators/permits/templates/permit.rb",
|
42
|
+
"spec/cancan-permits/fixtures/permits/admin_permit.rb",
|
43
|
+
"spec/cancan-permits/fixtures/permits/editor_permit.rb",
|
44
|
+
"spec/cancan-permits/fixtures/permits/guest_permit.rb",
|
45
|
+
"spec/cancan-permits/permits/fixtures/models.rb",
|
46
|
+
"spec/cancan-permits/permits/owner_permits_spec.rb",
|
47
|
+
"spec/cancan-permits/permits/permits_spec.rb",
|
48
|
+
"spec/generators/permit_generator_spec.rb",
|
49
|
+
"spec/spec_helper.rb"
|
50
|
+
]
|
51
|
+
s.homepage = %q{http://github.com/kristianmandrup/cancan-permits}
|
52
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
53
|
+
s.require_paths = ["lib"]
|
54
|
+
s.rubygems_version = %q{1.3.7}
|
55
|
+
s.summary = %q{Permits for use with CanCan}
|
56
|
+
s.test_files = [
|
57
|
+
"spec/cancan-permits/fixtures/permits/admin_permit.rb",
|
58
|
+
"spec/cancan-permits/fixtures/permits/editor_permit.rb",
|
59
|
+
"spec/cancan-permits/fixtures/permits/guest_permit.rb",
|
60
|
+
"spec/cancan-permits/permits/fixtures/models.rb",
|
61
|
+
"spec/cancan-permits/permits/owner_permits_spec.rb",
|
62
|
+
"spec/cancan-permits/permits/permits_spec.rb",
|
63
|
+
"spec/generators/permit_generator_spec.rb",
|
64
|
+
"spec/spec_helper.rb"
|
65
|
+
]
|
66
|
+
|
67
|
+
if s.respond_to? :specification_version then
|
68
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
69
|
+
s.specification_version = 3
|
70
|
+
|
71
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
72
|
+
s.add_development_dependency(%q<rspec>, ["~> 2.0.0"])
|
73
|
+
s.add_runtime_dependency(%q<cancan>, ["~> 1.3"])
|
74
|
+
s.add_runtime_dependency(%q<require_all>, ["~> 1.1"])
|
75
|
+
s.add_runtime_dependency(%q<sugar-high>, ["~> 0.1"])
|
76
|
+
else
|
77
|
+
s.add_dependency(%q<rspec>, ["~> 2.0.0"])
|
78
|
+
s.add_dependency(%q<cancan>, ["~> 1.3"])
|
79
|
+
s.add_dependency(%q<require_all>, ["~> 1.1"])
|
80
|
+
s.add_dependency(%q<sugar-high>, ["~> 0.1"])
|
81
|
+
end
|
82
|
+
else
|
83
|
+
s.add_dependency(%q<rspec>, ["~> 2.0.0"])
|
84
|
+
s.add_dependency(%q<cancan>, ["~> 1.3"])
|
85
|
+
s.add_dependency(%q<require_all>, ["~> 1.1"])
|
86
|
+
s.add_dependency(%q<sugar-high>, ["~> 0.1"])
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module License
|
2
|
+
class Base
|
3
|
+
attr_reader :permit
|
4
|
+
|
5
|
+
def initialize permit
|
6
|
+
@permit = permit
|
7
|
+
end
|
8
|
+
|
9
|
+
def enforce!
|
10
|
+
raise "enforce! must be implemented by subclass of License::Base"
|
11
|
+
end
|
12
|
+
|
13
|
+
def can(action, subject, conditions = nil, &block)
|
14
|
+
permit.can action, subject, conditions, &block
|
15
|
+
end
|
16
|
+
|
17
|
+
def cannot(action, subject, conditions = nil, &block)
|
18
|
+
permit.cannot action, subject, conditions, &block
|
19
|
+
end
|
20
|
+
|
21
|
+
def owns(user, clazz, ownership_relation = :user_id, user_id_attribute = :id)
|
22
|
+
permit.owns user, clazz, ownership_relation, user_id_attribute
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -1,6 +1,18 @@
|
|
1
1
|
module Permit
|
2
2
|
class Base
|
3
3
|
attr_reader :ability
|
4
|
+
|
5
|
+
def licenses *names
|
6
|
+
names.to_strings.each do |name|
|
7
|
+
begin
|
8
|
+
module_name = "#{name.camelize}License"
|
9
|
+
clazz = module_name.constantize
|
10
|
+
clazz.new(self).enforce!
|
11
|
+
rescue
|
12
|
+
# puts "License #{module_name} not found"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
4
16
|
|
5
17
|
def initialize(ability)
|
6
18
|
@ability = ability
|
@@ -34,7 +46,7 @@ module Permit
|
|
34
46
|
end
|
35
47
|
|
36
48
|
def role_match? user
|
37
|
-
user.has_role? self.class.last_name.downcase.to_sym
|
49
|
+
user.has_role? self.class.last_name.gsub(/Permit$/, '').downcase.to_sym
|
38
50
|
end
|
39
51
|
|
40
52
|
def can_definitions
|
@@ -0,0 +1,54 @@
|
|
1
|
+
module Permits
|
2
|
+
class Ability
|
3
|
+
include CanCan::Ability
|
4
|
+
|
5
|
+
# set up each Permit instance to share this same Ability
|
6
|
+
# so that the can and cannot operations work on the same permission collection!
|
7
|
+
def self.permits ability
|
8
|
+
special_permits = []
|
9
|
+
special_permits << [:system, :any].map{|role| make_permit(role, ability)}
|
10
|
+
role_permits = Permits::Roles.available.inject([]) do |permits, role|
|
11
|
+
permit = make_permit(role, ability)
|
12
|
+
permits << permit if permit
|
13
|
+
end
|
14
|
+
(special_permits + role_permits).flatten.compact
|
15
|
+
end
|
16
|
+
|
17
|
+
def initialize(user, request=nil)
|
18
|
+
# put ability logic here!
|
19
|
+
user ||= Guest.new
|
20
|
+
|
21
|
+
Permits::Ability.permits(self).each do |permit|
|
22
|
+
# get role name of permit
|
23
|
+
permit_role = permit.class.demodulize.gsub(/Permit$/, '').underscore.to_sym
|
24
|
+
|
25
|
+
if permit_role == :system
|
26
|
+
# always execute system permit
|
27
|
+
result = role_permit.permit?(user, request)
|
28
|
+
break if result == :break
|
29
|
+
else
|
30
|
+
# only execute the permit if the user has the role of the permit or is for any role
|
31
|
+
if user.has_role?(permit_role) || permit_role == :any
|
32
|
+
# puts "user: #{user} of #{permit_role} has permit?"
|
33
|
+
permit.permit?(user, request)
|
34
|
+
# else
|
35
|
+
# puts "Permit #{permit} not used for role #{permit_role}"
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
protected
|
42
|
+
|
43
|
+
def self.make_permit role, ability
|
44
|
+
begin
|
45
|
+
clazz_name = "#{role.to_s.camelize}Permit"
|
46
|
+
permit_clazz = clazz_name.constantize
|
47
|
+
permit_clazz.new(ability) if permit_clazz && permit_clazz.kind_of?(Class)
|
48
|
+
rescue
|
49
|
+
# puts "permit class not found: #{clazz_name}"
|
50
|
+
nil
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
module RSpec::RubyContentMatchers
|
2
|
+
module License
|
3
|
+
def have_license_class name, superclass = nil
|
4
|
+
superclass ? have_subclass(name, :superclass => superclass) : have_class(name)
|
5
|
+
end
|
6
|
+
|
7
|
+
def have_license_classes *names
|
8
|
+
have_classes names
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'rails-app-spec'
|
2
|
+
|
3
|
+
module RSpec::RailsApp::File
|
4
|
+
module Matchers
|
5
|
+
class HaveLicenseFile
|
6
|
+
include ::Rails3::Assist::Artifact
|
7
|
+
include ::Rails3::Assist::File
|
8
|
+
|
9
|
+
attr_reader :name
|
10
|
+
|
11
|
+
def initialize name
|
12
|
+
@name = name
|
13
|
+
end
|
14
|
+
|
15
|
+
def matches? obj, &block
|
16
|
+
found = File.file? license_file(name)
|
17
|
+
yield if block && found
|
18
|
+
found
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
def have_license_file name
|
23
|
+
HaveLicenseFile.new name
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
class UserAdminLicense < License::Base
|
2
|
+
def initialize name
|
3
|
+
super
|
4
|
+
end
|
5
|
+
|
6
|
+
def enforce!
|
7
|
+
can(:manage, User)
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
class BloggingLicense < License::Base
|
12
|
+
def initialize name
|
13
|
+
super
|
14
|
+
end
|
15
|
+
|
16
|
+
def enforce!
|
17
|
+
can(:read, Blog)
|
18
|
+
can(:create, Post)
|
19
|
+
owns(user, Post)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
@@ -1,12 +1,12 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
super
|
5
|
-
end
|
6
|
-
|
7
|
-
def permit?(user, request=nil)
|
8
|
-
super
|
9
|
-
<%= permit logic %>
|
10
|
-
end
|
1
|
+
class <%= permit_name.to_s.camelize %>Permit < Permit::Base
|
2
|
+
def initialize(ability)
|
3
|
+
super
|
11
4
|
end
|
12
|
-
|
5
|
+
|
6
|
+
def permit?(user, request=nil)
|
7
|
+
super
|
8
|
+
<%= permit_logic %>
|
9
|
+
|
10
|
+
licenses :user_admin, :blogging
|
11
|
+
end
|
12
|
+
end
|
@@ -1,14 +1,12 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
super
|
5
|
-
end
|
6
|
-
|
7
|
-
def permit?(user, request=nil)
|
8
|
-
super
|
9
|
-
return if !role_match? user
|
10
|
-
|
11
|
-
can :manage, :all
|
12
|
-
end
|
1
|
+
class AdminPermit < Permit::Base
|
2
|
+
def initialize(ability)
|
3
|
+
super
|
13
4
|
end
|
14
|
-
|
5
|
+
|
6
|
+
def permit?(user, request=nil)
|
7
|
+
super
|
8
|
+
return if !role_match? user
|
9
|
+
|
10
|
+
can :manage, :all
|
11
|
+
end
|
12
|
+
end
|
@@ -1,26 +1,24 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
end
|
1
|
+
class EditorPermit < Permit::Base
|
2
|
+
def initialize(ability)
|
3
|
+
super
|
4
|
+
end
|
6
5
|
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
6
|
+
def permit?(user, request=nil)
|
7
|
+
super
|
8
|
+
return if !role_match? user
|
9
|
+
|
10
|
+
# uses default user_id
|
11
|
+
owns(user, Comment)
|
12
|
+
#
|
13
|
+
owns(user, Post, :writer)
|
14
|
+
#
|
15
|
+
owns(user, Article, :author, :name)
|
17
16
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
17
|
+
# a user can manage comments he/she created
|
18
|
+
# can :manage, Comment do |comment|
|
19
|
+
# comment.try(:user) == user
|
20
|
+
# end
|
22
21
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
end
|
22
|
+
# can :create, Comment
|
23
|
+
end
|
24
|
+
end
|
@@ -1,25 +1,24 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
|
4
|
-
super
|
5
|
-
end
|
6
|
-
|
7
|
-
def permit?(user, request=nil)
|
8
|
-
super
|
9
|
-
return if !role_match? user
|
10
|
-
|
11
|
-
can :read, [Comment, Post]
|
12
|
-
can [:update, :destroy], [Comment]
|
13
|
-
can :create, Article
|
14
|
-
|
15
|
-
# owns(user, Comment)
|
16
|
-
|
17
|
-
# a user can manage comments he/she created
|
18
|
-
# can :manage, Comment do |comment|
|
19
|
-
# comment.try(:user) == user
|
20
|
-
# end
|
21
|
-
|
22
|
-
# can :create, Comment
|
23
|
-
end
|
1
|
+
class GuestPermit < Permit::Base
|
2
|
+
def initialize(ability)
|
3
|
+
super
|
24
4
|
end
|
25
|
-
|
5
|
+
|
6
|
+
def permit?(user, request=nil)
|
7
|
+
super
|
8
|
+
return if !role_match? user
|
9
|
+
|
10
|
+
can :read, [Comment, Post]
|
11
|
+
can [:update, :destroy], [Comment]
|
12
|
+
can :create, Article
|
13
|
+
|
14
|
+
licenses :user_admin, :blogging
|
15
|
+
# owns(user, Comment)
|
16
|
+
|
17
|
+
# a user can manage comments he/she created
|
18
|
+
# can :manage, Comment do |comment|
|
19
|
+
# comment.try(:user) == user
|
20
|
+
# end
|
21
|
+
|
22
|
+
# can :create, Comment
|
23
|
+
end
|
24
|
+
end
|
@@ -1,15 +1,10 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
|
-
|
4
|
-
# can [:update, :destroy], [Comment]
|
5
|
-
# can :create, Article
|
6
|
-
|
7
|
-
|
8
|
-
describe AuthAssistant::Ability do
|
3
|
+
describe Permits::Ability do
|
9
4
|
context "Editor user" do
|
10
5
|
before :each do
|
11
6
|
@editor = User.new(1, :editor, 'kristian')
|
12
|
-
@ability =
|
7
|
+
@ability = Permits::Ability.new @editor
|
13
8
|
@comment = Comment.new(1)
|
14
9
|
@post = Post.new(1)
|
15
10
|
@article = Article.new('kristian')
|
@@ -13,11 +13,11 @@ class Article
|
|
13
13
|
end
|
14
14
|
|
15
15
|
|
16
|
-
describe
|
16
|
+
describe Permits::Ability do
|
17
17
|
context "Guest user" do
|
18
18
|
before :each do
|
19
19
|
@guest = User.new(1, :guest)
|
20
|
-
@ability =
|
20
|
+
@ability = Permits::Ability.new @guest
|
21
21
|
@comment = Comment.new(1)
|
22
22
|
@post = Post.new(1)
|
23
23
|
end
|
@@ -29,7 +29,7 @@ describe AuthAssistant::Ability do
|
|
29
29
|
it "should be able to :read Comment and Post but NOT Article" do
|
30
30
|
@ability.can?(:read, Comment).should be_true
|
31
31
|
@ability.can?(:read, @comment).should be_true
|
32
|
-
|
32
|
+
|
33
33
|
@ability.can?(:read, Post).should be_true
|
34
34
|
@ability.can?(:read, @post).should be_true
|
35
35
|
|
@@ -50,7 +50,7 @@ describe AuthAssistant::Ability do
|
|
50
50
|
context "Admin user" do
|
51
51
|
before do
|
52
52
|
admin = User.new(2, :admin)
|
53
|
-
@ability =
|
53
|
+
@ability = Permits::Ability.new admin
|
54
54
|
end
|
55
55
|
#
|
56
56
|
# # can :manage, :all
|
@@ -1,35 +1,56 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
require 'generator-spec'
|
3
3
|
|
4
|
+
require_generator :permits
|
5
|
+
|
6
|
+
RSpec::Generator.configure do |config|
|
7
|
+
config.debug = true
|
8
|
+
config.remove_temp_dir = true #false
|
9
|
+
config.default_rails_root(__FILE__)
|
10
|
+
config.lib = File.dirname(__FILE__) + '/../lib'
|
11
|
+
config.logger = :stdout # :file
|
12
|
+
end
|
13
|
+
|
14
|
+
|
4
15
|
describe 'Permits generator' do
|
5
|
-
|
16
|
+
setup_generator :permits do
|
6
17
|
tests PermitsGenerator
|
7
18
|
end
|
8
19
|
|
9
20
|
describe 'result of running generator with default profile' do
|
10
21
|
before :each do
|
11
|
-
|
22
|
+
@generator = with_generator do |g|
|
12
23
|
g.run_generator
|
13
24
|
end
|
14
25
|
end
|
15
26
|
|
16
27
|
it "should create Admin permit" do
|
17
|
-
|
28
|
+
@generator.should generate_permit :admin
|
18
29
|
end
|
19
30
|
end
|
20
31
|
|
21
|
-
describe 'result of running generator with option to create permit for each registered role' do
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
32
|
+
# describe 'result of running generator with option to create permit for each registered role' do
|
33
|
+
# context "Registered roles :guest, :admin"
|
34
|
+
# before :each do
|
35
|
+
# with_generator do |g|
|
36
|
+
# g.run_generator "--roles admin guest"
|
37
|
+
# end
|
38
|
+
# end
|
39
|
+
#
|
40
|
+
# it "should have created Guest and Admin permits" do
|
41
|
+
# # Find at: 'app/permits/admin_permit.rb'
|
42
|
+
# g.should have_permit_files :guest, :admin
|
43
|
+
#
|
44
|
+
# # g.should have_permit_file :guest do |guest_permit|
|
45
|
+
# # guest_permit.should have_licenses :user_admin, :blogging
|
46
|
+
# # end
|
47
|
+
# #
|
48
|
+
# # g.should have_license_file :licenses do |license_file|
|
49
|
+
# # license_file.should have_module :license do |license_module|
|
50
|
+
# # license_module.should have_license_classes :user_admin, :blogging, :superclass => :base
|
51
|
+
# # end
|
52
|
+
# # end
|
53
|
+
# end
|
54
|
+
# end #ctx
|
55
|
+
# end
|
35
56
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -1,16 +1,16 @@
|
|
1
|
-
require 'rspec'
|
2
|
-
require 'rspec/autorun'
|
1
|
+
require 'rspec/core'
|
3
2
|
require 'cancan/matchers'
|
4
3
|
require 'cancan-permits'
|
5
4
|
|
6
|
-
require_all File.dirname(__FILE__) + 'cancan-permits/fixtures/permits'
|
7
|
-
|
5
|
+
require_all File.dirname(__FILE__) + '/cancan-permits/fixtures/permits'
|
6
|
+
|
7
|
+
require_all File.dirname(__FILE__) + '/cancan-permits/permits/fixtures'
|
8
8
|
|
9
9
|
RSpec.configure do |config|
|
10
10
|
config.mock_with :mocha
|
11
11
|
end
|
12
12
|
|
13
|
-
module
|
13
|
+
module Permits::Roles
|
14
14
|
def self.available
|
15
15
|
User.roles
|
16
16
|
end
|
@@ -23,11 +23,11 @@ class User
|
|
23
23
|
[:guest, :admin, :editor]
|
24
24
|
end
|
25
25
|
|
26
|
-
def initialize id, role, name
|
26
|
+
def initialize id, role, name = nil
|
27
27
|
self.id = id
|
28
28
|
raise ArgumentError, "Role #{role} is not in list of available roles: #{self.class.roles}" if !self.class.roles.include? role
|
29
29
|
self.role = role
|
30
|
-
self.name = name
|
30
|
+
self.name = name || role.to_s
|
31
31
|
end
|
32
32
|
|
33
33
|
def has_role? role
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 1
|
8
|
-
-
|
9
|
-
version: 0.1.
|
8
|
+
- 1
|
9
|
+
version: 0.1.1
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Kristian Mandrup
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-09-
|
17
|
+
date: 2010-09-19 00:00:00 +02:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -91,17 +91,21 @@ files:
|
|
91
91
|
- README.markdown
|
92
92
|
- Rakefile
|
93
93
|
- VERSION
|
94
|
+
- cancan-permits.gemspec
|
94
95
|
- lib/cancan-permits.rb
|
95
96
|
- lib/cancan-permits/namespaces.rb
|
97
|
+
- lib/cancan-permits/permit/base_license.rb
|
96
98
|
- lib/cancan-permits/permit/base_permit.rb
|
97
|
-
- lib/cancan-permits/permits/
|
99
|
+
- lib/cancan-permits/permits/ability.rb
|
98
100
|
- lib/cancan-permits/permits/configuration.rb
|
99
101
|
- lib/cancan-permits/permits/roles.rb
|
100
102
|
- lib/cancan-permits/rspec/config.rb
|
101
|
-
- lib/cancan-permits/rspec/matchers/
|
103
|
+
- lib/cancan-permits/rspec/matchers/have_license.rb
|
104
|
+
- lib/cancan-permits/rspec/matchers/have_license_class.rb
|
105
|
+
- lib/cancan-permits/rspec/matchers/have_license_file.rb
|
102
106
|
- lib/generators/permits/permits_generator.rb
|
107
|
+
- lib/generators/permits/templates/licenses.rb
|
103
108
|
- lib/generators/permits/templates/permit.rb
|
104
|
-
- spec/cancan-permits/fixtures/ability.rb
|
105
109
|
- spec/cancan-permits/fixtures/permits/admin_permit.rb
|
106
110
|
- spec/cancan-permits/fixtures/permits/editor_permit.rb
|
107
111
|
- spec/cancan-permits/fixtures/permits/guest_permit.rb
|
@@ -143,7 +147,6 @@ signing_key:
|
|
143
147
|
specification_version: 3
|
144
148
|
summary: Permits for use with CanCan
|
145
149
|
test_files:
|
146
|
-
- spec/cancan-permits/fixtures/ability.rb
|
147
150
|
- spec/cancan-permits/fixtures/permits/admin_permit.rb
|
148
151
|
- spec/cancan-permits/fixtures/permits/editor_permit.rb
|
149
152
|
- spec/cancan-permits/fixtures/permits/guest_permit.rb
|
@@ -1,40 +0,0 @@
|
|
1
|
-
module Permits
|
2
|
-
class Ability
|
3
|
-
include CanCan::Ability
|
4
|
-
|
5
|
-
# set up each RolePermit instance to share this same Ability
|
6
|
-
# so that the can and cannot operations work on the same permission collection!
|
7
|
-
def self.permits ability
|
8
|
-
special_permits << [:system, :any].map{|name| make_permit(role, ability)}
|
9
|
-
role_permits = Permits::Roles.available.inject([]) do |permits, role|
|
10
|
-
permits << make_permit role, ability
|
11
|
-
end
|
12
|
-
special_permits + role_permits
|
13
|
-
end
|
14
|
-
|
15
|
-
def initialize(user, request=nil)
|
16
|
-
# put ability logic here!
|
17
|
-
user ||= Guest.new
|
18
|
-
|
19
|
-
Ability.permits(self).each do |permit|
|
20
|
-
# get role name of permit
|
21
|
-
permit_role = permit.class.demodulize.to_sym
|
22
|
-
|
23
|
-
if permit_role == :system
|
24
|
-
# always execute system permit
|
25
|
-
result = role_permit.permit?(user, request)
|
26
|
-
break if result == :break
|
27
|
-
else
|
28
|
-
# only execute the permit if the user has the role of the permit or is for any role
|
29
|
-
role_permit.permit?(user, request) if user.has_role?(permit_role) || permit_role == :any
|
30
|
-
end
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
protected
|
35
|
-
|
36
|
-
def self.make_permit role, ability
|
37
|
-
"Permit::#{role.to_s.camelize}".constantize.new(ability)
|
38
|
-
end
|
39
|
-
end
|
40
|
-
end
|
File without changes
|
@@ -1,19 +0,0 @@
|
|
1
|
-
module AuthAssistant
|
2
|
-
class Ability
|
3
|
-
include CanCan::Ability
|
4
|
-
|
5
|
-
# set up each RolePermit instance to share this same Ability
|
6
|
-
# so that the can and cannot operations work on the same permission collection!
|
7
|
-
def self.role_permits ability
|
8
|
-
@role_permits = AuthAssistant::Roles.available.inject([]) do |permits, role|
|
9
|
-
permits << "RolePermit::#{role.to_s.camelize}".constantize.new(ability)
|
10
|
-
end
|
11
|
-
end
|
12
|
-
|
13
|
-
def initialize(user, request=nil)
|
14
|
-
# put ability logic here!
|
15
|
-
user ||= Guest.new
|
16
|
-
Ability.role_permits(self).each{|role_permit| role_permit.permit?(user, request) }
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|