cancan-permits 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/README.markdown CHANGED
@@ -34,19 +34,17 @@ By default it returns User.roles if such exists, otherwise it returns [:guest, :
34
34
  _Note:_ You might consider using the Permits generator in order to generate your permits for you (see below)
35
35
 
36
36
  <pre>
37
- module RolePermit
38
- class Admin < Base
39
- def initialize(ability)
40
- super
41
- end
42
-
43
- def permit?(user, request=nil)
44
- super
45
- return if !role_match? user
46
-
47
- can :manage, :all
48
- end
37
+ class AdminPermit < Permit::Base
38
+ def initialize(ability)
39
+ super
49
40
  end
41
+
42
+ def permit?(user, request=nil)
43
+ super
44
+ return if !role_match? user
45
+
46
+ can :manage, :all
47
+ end
50
48
  end
51
49
  </pre>
52
50
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.1.0
1
+ 0.1.1
@@ -0,0 +1,89 @@
1
+ # Generated by jeweler
2
+ # DO NOT EDIT THIS FILE DIRECTLY
3
+ # Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
4
+ # -*- encoding: utf-8 -*-
5
+
6
+ Gem::Specification.new do |s|
7
+ s.name = %q{cancan-permits}
8
+ s.version = "0.1.1"
9
+
10
+ s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
+ s.authors = ["Kristian Mandrup"]
12
+ s.date = %q{2010-09-19}
13
+ s.description = %q{Role specific Permits for use with CanCan permission system}
14
+ s.email = %q{kmandrup@gmail.com}
15
+ s.extra_rdoc_files = [
16
+ "LICENSE",
17
+ "README.markdown"
18
+ ]
19
+ s.files = [
20
+ ".document",
21
+ ".gitignore",
22
+ ".rspec",
23
+ "LICENSE",
24
+ "README.markdown",
25
+ "Rakefile",
26
+ "VERSION",
27
+ "cancan-permits.gemspec",
28
+ "lib/cancan-permits.rb",
29
+ "lib/cancan-permits/namespaces.rb",
30
+ "lib/cancan-permits/permit/base_license.rb",
31
+ "lib/cancan-permits/permit/base_permit.rb",
32
+ "lib/cancan-permits/permits/ability.rb",
33
+ "lib/cancan-permits/permits/configuration.rb",
34
+ "lib/cancan-permits/permits/roles.rb",
35
+ "lib/cancan-permits/rspec/config.rb",
36
+ "lib/cancan-permits/rspec/matchers/have_license.rb",
37
+ "lib/cancan-permits/rspec/matchers/have_license_class.rb",
38
+ "lib/cancan-permits/rspec/matchers/have_license_file.rb",
39
+ "lib/generators/permits/permits_generator.rb",
40
+ "lib/generators/permits/templates/licenses.rb",
41
+ "lib/generators/permits/templates/permit.rb",
42
+ "spec/cancan-permits/fixtures/permits/admin_permit.rb",
43
+ "spec/cancan-permits/fixtures/permits/editor_permit.rb",
44
+ "spec/cancan-permits/fixtures/permits/guest_permit.rb",
45
+ "spec/cancan-permits/permits/fixtures/models.rb",
46
+ "spec/cancan-permits/permits/owner_permits_spec.rb",
47
+ "spec/cancan-permits/permits/permits_spec.rb",
48
+ "spec/generators/permit_generator_spec.rb",
49
+ "spec/spec_helper.rb"
50
+ ]
51
+ s.homepage = %q{http://github.com/kristianmandrup/cancan-permits}
52
+ s.rdoc_options = ["--charset=UTF-8"]
53
+ s.require_paths = ["lib"]
54
+ s.rubygems_version = %q{1.3.7}
55
+ s.summary = %q{Permits for use with CanCan}
56
+ s.test_files = [
57
+ "spec/cancan-permits/fixtures/permits/admin_permit.rb",
58
+ "spec/cancan-permits/fixtures/permits/editor_permit.rb",
59
+ "spec/cancan-permits/fixtures/permits/guest_permit.rb",
60
+ "spec/cancan-permits/permits/fixtures/models.rb",
61
+ "spec/cancan-permits/permits/owner_permits_spec.rb",
62
+ "spec/cancan-permits/permits/permits_spec.rb",
63
+ "spec/generators/permit_generator_spec.rb",
64
+ "spec/spec_helper.rb"
65
+ ]
66
+
67
+ if s.respond_to? :specification_version then
68
+ current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
69
+ s.specification_version = 3
70
+
71
+ if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
72
+ s.add_development_dependency(%q<rspec>, ["~> 2.0.0"])
73
+ s.add_runtime_dependency(%q<cancan>, ["~> 1.3"])
74
+ s.add_runtime_dependency(%q<require_all>, ["~> 1.1"])
75
+ s.add_runtime_dependency(%q<sugar-high>, ["~> 0.1"])
76
+ else
77
+ s.add_dependency(%q<rspec>, ["~> 2.0.0"])
78
+ s.add_dependency(%q<cancan>, ["~> 1.3"])
79
+ s.add_dependency(%q<require_all>, ["~> 1.1"])
80
+ s.add_dependency(%q<sugar-high>, ["~> 0.1"])
81
+ end
82
+ else
83
+ s.add_dependency(%q<rspec>, ["~> 2.0.0"])
84
+ s.add_dependency(%q<cancan>, ["~> 1.3"])
85
+ s.add_dependency(%q<require_all>, ["~> 1.1"])
86
+ s.add_dependency(%q<sugar-high>, ["~> 0.1"])
87
+ end
88
+ end
89
+
@@ -1,6 +1,11 @@
1
+ require 'sugar-high/module'
2
+
1
3
  module Permits
2
- modules :ability, :roles
4
+ modules :roles
3
5
  end
4
6
 
5
7
  module Permit
8
+ end
9
+
10
+ module License
6
11
  end
@@ -0,0 +1,25 @@
1
+ module License
2
+ class Base
3
+ attr_reader :permit
4
+
5
+ def initialize permit
6
+ @permit = permit
7
+ end
8
+
9
+ def enforce!
10
+ raise "enforce! must be implemented by subclass of License::Base"
11
+ end
12
+
13
+ def can(action, subject, conditions = nil, &block)
14
+ permit.can action, subject, conditions, &block
15
+ end
16
+
17
+ def cannot(action, subject, conditions = nil, &block)
18
+ permit.cannot action, subject, conditions, &block
19
+ end
20
+
21
+ def owns(user, clazz, ownership_relation = :user_id, user_id_attribute = :id)
22
+ permit.owns user, clazz, ownership_relation, user_id_attribute
23
+ end
24
+ end
25
+ end
@@ -1,6 +1,18 @@
1
1
  module Permit
2
2
  class Base
3
3
  attr_reader :ability
4
+
5
+ def licenses *names
6
+ names.to_strings.each do |name|
7
+ begin
8
+ module_name = "#{name.camelize}License"
9
+ clazz = module_name.constantize
10
+ clazz.new(self).enforce!
11
+ rescue
12
+ # puts "License #{module_name} not found"
13
+ end
14
+ end
15
+ end
4
16
 
5
17
  def initialize(ability)
6
18
  @ability = ability
@@ -34,7 +46,7 @@ module Permit
34
46
  end
35
47
 
36
48
  def role_match? user
37
- user.has_role? self.class.last_name.downcase.to_sym
49
+ user.has_role? self.class.last_name.gsub(/Permit$/, '').downcase.to_sym
38
50
  end
39
51
 
40
52
  def can_definitions
@@ -0,0 +1,54 @@
1
+ module Permits
2
+ class Ability
3
+ include CanCan::Ability
4
+
5
+ # set up each Permit instance to share this same Ability
6
+ # so that the can and cannot operations work on the same permission collection!
7
+ def self.permits ability
8
+ special_permits = []
9
+ special_permits << [:system, :any].map{|role| make_permit(role, ability)}
10
+ role_permits = Permits::Roles.available.inject([]) do |permits, role|
11
+ permit = make_permit(role, ability)
12
+ permits << permit if permit
13
+ end
14
+ (special_permits + role_permits).flatten.compact
15
+ end
16
+
17
+ def initialize(user, request=nil)
18
+ # put ability logic here!
19
+ user ||= Guest.new
20
+
21
+ Permits::Ability.permits(self).each do |permit|
22
+ # get role name of permit
23
+ permit_role = permit.class.demodulize.gsub(/Permit$/, '').underscore.to_sym
24
+
25
+ if permit_role == :system
26
+ # always execute system permit
27
+ result = role_permit.permit?(user, request)
28
+ break if result == :break
29
+ else
30
+ # only execute the permit if the user has the role of the permit or is for any role
31
+ if user.has_role?(permit_role) || permit_role == :any
32
+ # puts "user: #{user} of #{permit_role} has permit?"
33
+ permit.permit?(user, request)
34
+ # else
35
+ # puts "Permit #{permit} not used for role #{permit_role}"
36
+ end
37
+ end
38
+ end
39
+ end
40
+
41
+ protected
42
+
43
+ def self.make_permit role, ability
44
+ begin
45
+ clazz_name = "#{role.to_s.camelize}Permit"
46
+ permit_clazz = clazz_name.constantize
47
+ permit_clazz.new(ability) if permit_clazz && permit_clazz.kind_of?(Class)
48
+ rescue
49
+ # puts "permit class not found: #{clazz_name}"
50
+ nil
51
+ end
52
+ end
53
+ end
54
+ end
@@ -0,0 +1,8 @@
1
+ require 'rspec/core'
2
+ require 'code-spec'
3
+
4
+ require_all File.dirname(__FILE__) + '/matchers'
5
+
6
+ RSpec.configure do |config|
7
+ config.include RSpec::RubyContentMatchers::License
8
+ end
@@ -0,0 +1,11 @@
1
+ module RSpec::RubyContentMatchers
2
+ module License
3
+ def have_license name
4
+ have_call :licenses, :args => [name.to_sym]
5
+ end
6
+
7
+ def have_licenses *names
8
+ have_call :licenses, :args => names.to_symbols
9
+ end
10
+ end
11
+ end
@@ -0,0 +1,11 @@
1
+ module RSpec::RubyContentMatchers
2
+ module License
3
+ def have_license_class name, superclass = nil
4
+ superclass ? have_subclass(name, :superclass => superclass) : have_class(name)
5
+ end
6
+
7
+ def have_license_classes *names
8
+ have_classes names
9
+ end
10
+ end
11
+ end
@@ -0,0 +1,26 @@
1
+ require 'rails-app-spec'
2
+
3
+ module RSpec::RailsApp::File
4
+ module Matchers
5
+ class HaveLicenseFile
6
+ include ::Rails3::Assist::Artifact
7
+ include ::Rails3::Assist::File
8
+
9
+ attr_reader :name
10
+
11
+ def initialize name
12
+ @name = name
13
+ end
14
+
15
+ def matches? obj, &block
16
+ found = File.file? license_file(name)
17
+ yield if block && found
18
+ found
19
+ end
20
+ end
21
+
22
+ def have_license_file name
23
+ HaveLicenseFile.new name
24
+ end
25
+ end
26
+ end
@@ -35,6 +35,7 @@ class PermitsGenerator < Rails::Generators::Base
35
35
  self.permit_name = name
36
36
 
37
37
  template "permit.rb", "app/permits/#{name}_permit.rb"
38
+ template "licenses.rb", "app/permits/licenses.rb"
38
39
  end
39
40
 
40
41
  def any_logic
@@ -0,0 +1,22 @@
1
+ class UserAdminLicense < License::Base
2
+ def initialize name
3
+ super
4
+ end
5
+
6
+ def enforce!
7
+ can(:manage, User)
8
+ end
9
+ end
10
+
11
+ class BloggingLicense < License::Base
12
+ def initialize name
13
+ super
14
+ end
15
+
16
+ def enforce!
17
+ can(:read, Blog)
18
+ can(:create, Post)
19
+ owns(user, Post)
20
+ end
21
+ end
22
+
@@ -1,12 +1,12 @@
1
- module Permit
2
- class <%= permit_name %> < Base
3
- def initialize(ability)
4
- super
5
- end
6
-
7
- def permit?(user, request=nil)
8
- super
9
- <%= permit logic %>
10
- end
1
+ class <%= permit_name.to_s.camelize %>Permit < Permit::Base
2
+ def initialize(ability)
3
+ super
11
4
  end
12
- end
5
+
6
+ def permit?(user, request=nil)
7
+ super
8
+ <%= permit_logic %>
9
+
10
+ licenses :user_admin, :blogging
11
+ end
12
+ end
@@ -1,14 +1,12 @@
1
- module RolePermit
2
- class Admin < Base
3
- def initialize(ability)
4
- super
5
- end
6
-
7
- def permit?(user, request=nil)
8
- super
9
- return if !role_match? user
10
-
11
- can :manage, :all
12
- end
1
+ class AdminPermit < Permit::Base
2
+ def initialize(ability)
3
+ super
13
4
  end
14
- end
5
+
6
+ def permit?(user, request=nil)
7
+ super
8
+ return if !role_match? user
9
+
10
+ can :manage, :all
11
+ end
12
+ end
@@ -1,26 +1,24 @@
1
- module RolePermit
2
- class Editor < Base
3
- def initialize(ability)
4
- super
5
- end
1
+ class EditorPermit < Permit::Base
2
+ def initialize(ability)
3
+ super
4
+ end
6
5
 
7
- def permit?(user, request=nil)
8
- super
9
- return if !role_match? user
10
-
11
- # uses default user_id
12
- owns(user, Comment)
13
- #
14
- owns(user, Post, :writer)
15
- #
16
- owns(user, Article, :author, :name)
6
+ def permit?(user, request=nil)
7
+ super
8
+ return if !role_match? user
9
+
10
+ # uses default user_id
11
+ owns(user, Comment)
12
+ #
13
+ owns(user, Post, :writer)
14
+ #
15
+ owns(user, Article, :author, :name)
17
16
 
18
- # a user can manage comments he/she created
19
- # can :manage, Comment do |comment|
20
- # comment.try(:user) == user
21
- # end
17
+ # a user can manage comments he/she created
18
+ # can :manage, Comment do |comment|
19
+ # comment.try(:user) == user
20
+ # end
22
21
 
23
- # can :create, Comment
24
- end
25
- end
26
- end
22
+ # can :create, Comment
23
+ end
24
+ end
@@ -1,25 +1,24 @@
1
- module RolePermit
2
- class Guest < Base
3
- def initialize(ability)
4
- super
5
- end
6
-
7
- def permit?(user, request=nil)
8
- super
9
- return if !role_match? user
10
-
11
- can :read, [Comment, Post]
12
- can [:update, :destroy], [Comment]
13
- can :create, Article
14
-
15
- # owns(user, Comment)
16
-
17
- # a user can manage comments he/she created
18
- # can :manage, Comment do |comment|
19
- # comment.try(:user) == user
20
- # end
21
-
22
- # can :create, Comment
23
- end
1
+ class GuestPermit < Permit::Base
2
+ def initialize(ability)
3
+ super
24
4
  end
25
- end
5
+
6
+ def permit?(user, request=nil)
7
+ super
8
+ return if !role_match? user
9
+
10
+ can :read, [Comment, Post]
11
+ can [:update, :destroy], [Comment]
12
+ can :create, Article
13
+
14
+ licenses :user_admin, :blogging
15
+ # owns(user, Comment)
16
+
17
+ # a user can manage comments he/she created
18
+ # can :manage, Comment do |comment|
19
+ # comment.try(:user) == user
20
+ # end
21
+
22
+ # can :create, Comment
23
+ end
24
+ end
@@ -1,15 +1,10 @@
1
1
  require 'spec_helper'
2
2
 
3
- # can :read, [Comment, Post]
4
- # can [:update, :destroy], [Comment]
5
- # can :create, Article
6
-
7
-
8
- describe AuthAssistant::Ability do
3
+ describe Permits::Ability do
9
4
  context "Editor user" do
10
5
  before :each do
11
6
  @editor = User.new(1, :editor, 'kristian')
12
- @ability = AuthAssistant::Ability.new @editor
7
+ @ability = Permits::Ability.new @editor
13
8
  @comment = Comment.new(1)
14
9
  @post = Post.new(1)
15
10
  @article = Article.new('kristian')
@@ -13,11 +13,11 @@ class Article
13
13
  end
14
14
 
15
15
 
16
- describe AuthAssistant::Ability do
16
+ describe Permits::Ability do
17
17
  context "Guest user" do
18
18
  before :each do
19
19
  @guest = User.new(1, :guest)
20
- @ability = AuthAssistant::Ability.new @guest
20
+ @ability = Permits::Ability.new @guest
21
21
  @comment = Comment.new(1)
22
22
  @post = Post.new(1)
23
23
  end
@@ -29,7 +29,7 @@ describe AuthAssistant::Ability do
29
29
  it "should be able to :read Comment and Post but NOT Article" do
30
30
  @ability.can?(:read, Comment).should be_true
31
31
  @ability.can?(:read, @comment).should be_true
32
-
32
+
33
33
  @ability.can?(:read, Post).should be_true
34
34
  @ability.can?(:read, @post).should be_true
35
35
 
@@ -50,7 +50,7 @@ describe AuthAssistant::Ability do
50
50
  context "Admin user" do
51
51
  before do
52
52
  admin = User.new(2, :admin)
53
- @ability = AuthAssistant::Ability.new admin
53
+ @ability = Permits::Ability.new admin
54
54
  end
55
55
  #
56
56
  # # can :manage, :all
@@ -1,35 +1,56 @@
1
1
  require 'spec_helper'
2
2
  require 'generator-spec'
3
3
 
4
+ require_generator :permits
5
+
6
+ RSpec::Generator.configure do |config|
7
+ config.debug = true
8
+ config.remove_temp_dir = true #false
9
+ config.default_rails_root(__FILE__)
10
+ config.lib = File.dirname(__FILE__) + '/../lib'
11
+ config.logger = :stdout # :file
12
+ end
13
+
14
+
4
15
  describe 'Permits generator' do
5
- GeneratorSpec.with_generator do
16
+ setup_generator :permits do
6
17
  tests PermitsGenerator
7
18
  end
8
19
 
9
20
  describe 'result of running generator with default profile' do
10
21
  before :each do
11
- GeneratorSpec.with_generator do |g, check|
22
+ @generator = with_generator do |g|
12
23
  g.run_generator
13
24
  end
14
25
  end
15
26
 
16
27
  it "should create Admin permit" do
17
- g.should have_permit :admin
28
+ @generator.should generate_permit :admin
18
29
  end
19
30
  end
20
31
 
21
- describe 'result of running generator with option to create permit for each registered role' do
22
- context "Registered roles :guest, :admin"
23
- before :each do
24
- GeneratorSpec.with_generator do |g, check|
25
- g.run_generator "--roles admin guest"
26
- end
27
- end
28
-
29
- it "should have created Guest and Admin permits" do
30
- # Find at: 'app/permits/admin_permit.rb'
31
- g.should have_permits :guest, :admin
32
- end
33
- end
34
- end
32
+ # describe 'result of running generator with option to create permit for each registered role' do
33
+ # context "Registered roles :guest, :admin"
34
+ # before :each do
35
+ # with_generator do |g|
36
+ # g.run_generator "--roles admin guest"
37
+ # end
38
+ # end
39
+ #
40
+ # it "should have created Guest and Admin permits" do
41
+ # # Find at: 'app/permits/admin_permit.rb'
42
+ # g.should have_permit_files :guest, :admin
43
+ #
44
+ # # g.should have_permit_file :guest do |guest_permit|
45
+ # # guest_permit.should have_licenses :user_admin, :blogging
46
+ # # end
47
+ # #
48
+ # # g.should have_license_file :licenses do |license_file|
49
+ # # license_file.should have_module :license do |license_module|
50
+ # # license_module.should have_license_classes :user_admin, :blogging, :superclass => :base
51
+ # # end
52
+ # # end
53
+ # end
54
+ # end #ctx
55
+ # end
35
56
  end
data/spec/spec_helper.rb CHANGED
@@ -1,16 +1,16 @@
1
- require 'rspec'
2
- require 'rspec/autorun'
1
+ require 'rspec/core'
3
2
  require 'cancan/matchers'
4
3
  require 'cancan-permits'
5
4
 
6
- require_all File.dirname(__FILE__) + 'cancan-permits/fixtures/permits'
7
- require 'cancan-permits/fixtures/ability'
5
+ require_all File.dirname(__FILE__) + '/cancan-permits/fixtures/permits'
6
+
7
+ require_all File.dirname(__FILE__) + '/cancan-permits/permits/fixtures'
8
8
 
9
9
  RSpec.configure do |config|
10
10
  config.mock_with :mocha
11
11
  end
12
12
 
13
- module AuthAssistant::Roles
13
+ module Permits::Roles
14
14
  def self.available
15
15
  User.roles
16
16
  end
@@ -23,11 +23,11 @@ class User
23
23
  [:guest, :admin, :editor]
24
24
  end
25
25
 
26
- def initialize id, role, name
26
+ def initialize id, role, name = nil
27
27
  self.id = id
28
28
  raise ArgumentError, "Role #{role} is not in list of available roles: #{self.class.roles}" if !self.class.roles.include? role
29
29
  self.role = role
30
- self.name = name
30
+ self.name = name || role.to_s
31
31
  end
32
32
 
33
33
  def has_role? role
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 1
8
- - 0
9
- version: 0.1.0
8
+ - 1
9
+ version: 0.1.1
10
10
  platform: ruby
11
11
  authors:
12
12
  - Kristian Mandrup
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2010-09-17 00:00:00 +02:00
17
+ date: 2010-09-19 00:00:00 +02:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency
@@ -91,17 +91,21 @@ files:
91
91
  - README.markdown
92
92
  - Rakefile
93
93
  - VERSION
94
+ - cancan-permits.gemspec
94
95
  - lib/cancan-permits.rb
95
96
  - lib/cancan-permits/namespaces.rb
97
+ - lib/cancan-permits/permit/base_license.rb
96
98
  - lib/cancan-permits/permit/base_permit.rb
97
- - lib/cancan-permits/permits/abiity.rb
99
+ - lib/cancan-permits/permits/ability.rb
98
100
  - lib/cancan-permits/permits/configuration.rb
99
101
  - lib/cancan-permits/permits/roles.rb
100
102
  - lib/cancan-permits/rspec/config.rb
101
- - lib/cancan-permits/rspec/matchers/have_permits.rb
103
+ - lib/cancan-permits/rspec/matchers/have_license.rb
104
+ - lib/cancan-permits/rspec/matchers/have_license_class.rb
105
+ - lib/cancan-permits/rspec/matchers/have_license_file.rb
102
106
  - lib/generators/permits/permits_generator.rb
107
+ - lib/generators/permits/templates/licenses.rb
103
108
  - lib/generators/permits/templates/permit.rb
104
- - spec/cancan-permits/fixtures/ability.rb
105
109
  - spec/cancan-permits/fixtures/permits/admin_permit.rb
106
110
  - spec/cancan-permits/fixtures/permits/editor_permit.rb
107
111
  - spec/cancan-permits/fixtures/permits/guest_permit.rb
@@ -143,7 +147,6 @@ signing_key:
143
147
  specification_version: 3
144
148
  summary: Permits for use with CanCan
145
149
  test_files:
146
- - spec/cancan-permits/fixtures/ability.rb
147
150
  - spec/cancan-permits/fixtures/permits/admin_permit.rb
148
151
  - spec/cancan-permits/fixtures/permits/editor_permit.rb
149
152
  - spec/cancan-permits/fixtures/permits/guest_permit.rb
@@ -1,40 +0,0 @@
1
- module Permits
2
- class Ability
3
- include CanCan::Ability
4
-
5
- # set up each RolePermit instance to share this same Ability
6
- # so that the can and cannot operations work on the same permission collection!
7
- def self.permits ability
8
- special_permits << [:system, :any].map{|name| make_permit(role, ability)}
9
- role_permits = Permits::Roles.available.inject([]) do |permits, role|
10
- permits << make_permit role, ability
11
- end
12
- special_permits + role_permits
13
- end
14
-
15
- def initialize(user, request=nil)
16
- # put ability logic here!
17
- user ||= Guest.new
18
-
19
- Ability.permits(self).each do |permit|
20
- # get role name of permit
21
- permit_role = permit.class.demodulize.to_sym
22
-
23
- if permit_role == :system
24
- # always execute system permit
25
- result = role_permit.permit?(user, request)
26
- break if result == :break
27
- else
28
- # only execute the permit if the user has the role of the permit or is for any role
29
- role_permit.permit?(user, request) if user.has_role?(permit_role) || permit_role == :any
30
- end
31
- end
32
- end
33
-
34
- protected
35
-
36
- def self.make_permit role, ability
37
- "Permit::#{role.to_s.camelize}".constantize.new(ability)
38
- end
39
- end
40
- end
File without changes
@@ -1,19 +0,0 @@
1
- module AuthAssistant
2
- class Ability
3
- include CanCan::Ability
4
-
5
- # set up each RolePermit instance to share this same Ability
6
- # so that the can and cannot operations work on the same permission collection!
7
- def self.role_permits ability
8
- @role_permits = AuthAssistant::Roles.available.inject([]) do |permits, role|
9
- permits << "RolePermit::#{role.to_s.camelize}".constantize.new(ability)
10
- end
11
- end
12
-
13
- def initialize(user, request=nil)
14
- # put ability logic here!
15
- user ||= Guest.new
16
- Ability.role_permits(self).each{|role_permit| role_permit.permit?(user, request) }
17
- end
18
- end
19
- end