cancannible 0.0.2 → 2.0.0

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    YWE0OWZkMjhlMWQ3ODMzNTVmZWNiMTk2ZWM5YmU2YjMyY2I1NTAwMA==
-  data.tar.gz: !binary |-
-    YjQ0NDZhNzQ5MzdhMDJiMDQ4NzRjMjI1MDE5ZGY1N2ViZjU2NThlMA==
+SHA256:
+  metadata.gz: 8ba63fd7b6b80a32a3bc93fbbe43845439c1eaffa9661e35510dbeff487af673
+  data.tar.gz: fdf8f225705b0e0fa9ea469674d62ce22b5340f48cb23fb94a2b8501112417cf
 SHA512:
-  metadata.gz: !binary |-
-    Zjc2OGYzMGI1ODA5ZmY4ZmQ3ZGRhNTU5MDM2MmRiOWJmNDNmNzI4MzZjYTY0
-    ZDNiNDM3ODVmZTExYzM5NDQ1ZmQyNDZmZjc0NDFiYWIxZTM2YjcwMTdiMGU0
-    YTliZGI0YjFhNDdjY2RmZWNhZjNhY2YyNDU5YTQ3MDQ3NDRhNjY=
-  data.tar.gz: !binary |-
-    MjFhMzBmNzQ5YTcyMzBmOTViMTYwMjEwNDI2YjllNjUxZjEzYjkxNmZjOTVi
-    YmVkOWZjMWUyODBiMDQ3MmY4YWExMDJiNmUzZTkzZTBlY2MwZWFjMzFmOWM0
-    MjNiMTBmMGFjNGI3OTllNTkxMjM3NTBmZDViOWYwNmVlZGMwZWE=
+  metadata.gz: f9068c6dce19852c747512ddafa0a29461586128d67408bc5c53f07e029e8273d0cb343acb4400dcfd180afd6596202837fac699838f62d6e252a56dd35f99df
+  data.tar.gz: e5ec5d5accb0e40139dbeee9b6bc211d3652688c7ffb17c1788c86cea455c626914b233d4eb52de2786993989df8018d38ddfb07bef5bedb2f04484d43f62054

data/.github/workflows/ruby.yml

@@ -0,0 +1,34 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will download a prebuilt Ruby version, install dependencies and run tests with Rake
+# For more information see: https://github.com/marketplace/actions/setup-ruby-jruby-and-truffleruby
+
+name: Ruby
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        ruby-version: ['2.7', '3.0']
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@473e4d8fe5dd94ee328fdfca9f8c9c7afc9dae5e
+        with:
+          ruby-version: ${{ matrix.ruby-version }}
+          bundler-cache: true # runs 'bundle install' and caches installed gems automatically
+      - name: Install dependencies
+        run: bundle install
+      - name: Run tests
+        run: bundle exec rake

data/Gemfile

@@ -1,8 +1,4 @@
 source 'https://rubygems.org'
 
-# currently testing on the 3.2 branch of rails
-# gem "activemodel", '~> 3.2'
-# gem "activerecord", '~> 3.2'
-
 # Specify your gem's dependencies in cancannible.gemspec
 gemspec

data/Guardfile

@@ -1,18 +1,8 @@
 # A sample Guardfile
 # More info at https://github.com/guard/guard#readme
 
-# Note: The cmd option is now required due to the increasing number of ways
-#       rspec may be run, below are examples of the most common uses.
-#  * bundler: 'bundle exec rspec'
-#  * bundler binstubs: 'bin/rspec'
-#  * spring: 'bin/rsspec' (This will use spring if running and you have
-#                          installed the spring binstubs per the docs)
-#  * zeus: 'zeus rspec' (requires the server to be started separetly)
-#  * 'just' rspec: 'rspec'
-guard :rspec, cmd: 'bundle exec rspec' do
+guard :rspec, cmd: 'bundle exec rspec', all_on_start: false, all_after_pass: false do
   watch(%r{^spec/.+_spec\.rb$})
-  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/unit/#{m[1]}_spec.rb" }
+  watch(%r{^lib/cancannible/(.+)\.rb$})   { |m| "spec/unit/#{m[1]}_spec.rb" }
   watch('spec/spec_helper.rb')  { "spec" }
-
 end
-

data/README.md

@@ -1,22 +1,28 @@
 # Cancannible
-[![Build Status](https://travis-ci.org/evendis/cancannible.svg?branch=master)](https://travis-ci.org/evendis/cancannible)
 
-Cancannible is a gem that extends CanCan with a range of capabilities:
+Cancannible is a gem that extends [CanCanCan](https://github.com/CanCanCommunity/cancancan) with a range of capabilities:
+
 * database-persisted permissions
 * export CanCan methods to the model layer (so that permissions can be applied in model methods, and easily set in a test case)
 * permissions inheritance (so that, for example, a User can inherit permissions from Roles and/or Groups)
 * caching of abilities (so that they don't need to be recalculated on each web request)
 * general-purpose access refinements (so that, for example, CanCan will automatically enforce multi-tenant or other security restrictions)
+* battle-tested with Rails 3.2.x and 4.2.x
+
+Two demo applications are available (with source) that show cancannible in action:
+
+* [cancannibledemo.evendis.com](http://cancannibledemo.evendis.com) uses Rails 3.2.x
+* [cancannibledemo4.evendis.com](http://cancannibledemo4.evendis.com) uses Rails 4.2.x
 
 ## Limitations
-Cancannible's origin was in a web application that's been in production for over 3 years.
+
+Cancannible's origin was in a web application that's been in production for over 4 years.
 This gem is an initial refactoring as a separate component. It continues to be used in production, but
 there are some limitations and constraints that will ideally be removed or changed over time:
 
 * It only supports ActiveRecord for permissions storage (specifically, it has been tested with PostgreSQL and SQLite)
 * It currently assumes permissions are stored in a Permission model with a specific structure
-* It works with the [CanCan](https://github.com/ryanb/cancan) gem. It has not yet been tested with the new [CanCanCan](https://github.com/CanCanCommunity/cancancan) gem.
-* It assumes and is only tested with Rails 3.2. Not yet with Rails 4.
+* It works with the [CanCanCan](https://github.com/CanCanCommunity/cancancan) gem.
 * It assumes your CanCan rules are setup with the default `Ability` class
 
 
@@ -120,6 +126,23 @@ For example, this is a simple scheme using Redis:
     end
 
 
+## Testing the gem
+
+The RSpec test suite runs as the default rake task:
+
+    rake
+    # same as:
+    rake spec
+
+For convenience, guard is included in the development gem environment, so you can start automatic testing-on-change:
+
+    bundle exec guard
+
+[Appraisal](https://github.com/thoughtbot/appraisal) is also included to run tests across Rails 3 and 4 environments:
+
+    appraisal rake spec
+
+
 ## Contributing
 
 1. Fork it ( https://github.com/evendis/cancannible/fork )

data/cancannible.gemspec

@@ -18,14 +18,17 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_runtime_dependency "activesupport", "~> 3.2"
-  spec.add_runtime_dependency "activemodel", "~> 3.2"
-  spec.add_runtime_dependency "cancan", "~> 1.6"
+  spec.add_runtime_dependency "activesupport", "~> 6.1"
+  spec.add_runtime_dependency "activemodel", "~> 6.1"
+  spec.add_runtime_dependency "cancancan"
 
-  spec.add_development_dependency "activerecord", "~> 3.2"
-  spec.add_development_dependency "sqlite3", "~> 1.3"
-  spec.add_development_dependency "bundler", "~> 1.6"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency "guard-rspec", "~> 4.0"
+  spec.add_development_dependency "activerecord", "~> 6.1"
+  spec.add_development_dependency "sqlite3", ">= 1.3.2"
+
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "rdoc"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "guard-rspec"
+  spec.add_development_dependency "rb-fsevent"
 end

data/lib/cancannible/config.rb

@@ -1,5 +1,4 @@
 module Cancannible
-
   mattr_accessor :refinements
   mattr_accessor :get_cached_abilities
   mattr_accessor :store_cached_abilities
@@ -24,5 +23,4 @@ module Cancannible
     self.refinements[stage] ||= []
     self.refinements[stage] << refinement
   end
-
-end
+end

data/lib/cancannible/grantee.rb

@@ -23,34 +23,25 @@ module Cancannible::Grantee
           resource_id = resource.try(:id)
         end
 
-        permission = find_by_asserted_and_ability_and_resource_id_and_resource_type(
-          asserted, ability, resource_id, resource_type)
-        unless permission
-          permission = find_or_initialize_by_asserted_and_ability_and_resource_id_and_resource_type(
-            !asserted, ability, resource_id, resource_type)
-          permission.asserted = asserted
-          permission.save!
-        end
+        # This looks ugly, but it avoid version-specific issues with find_by*/find_or_initialize_by* methods
+        permission = where(asserted: asserted, ability: ability, resource_id: resource_id, resource_type: resource_type).first
+        permission ||= where(asserted: !asserted, ability: ability, resource_id: resource_id, resource_type: resource_type).first
+        permission ||= new(asserted: asserted, ability: ability, resource_id: resource_id, resource_type: resource_type)
+        permission.asserted = asserted
+        permission.save!
+
+        proxy_association.owner.instance_variable_set :@abilities, nil # invalidate the owner's ability collection
 
-        # if Rails.version =~ /3\.0/ # the rails 3.0 way
-        #   proxy_owner.instance_variable_set :@permissions, nil # invalidate the owner's permissions collection
-        #   proxy_owner.instance_variable_set :@abilities, nil # invalidate the owner's ability collection
-        # else
-          proxy_association.owner.instance_variable_set :@abilities, nil # invalidate the owner's ability collection
-        # end
         permission
       end
     end
-
   end
 
   module ClassMethods
-
     # Command: configures the set of associations (array of symbols) from which permissions should be inherited
     def inherit_permissions_from(*relations)
       self.inheritable_permissions = relations
     end
-
   end
 
   # Returns the Ability set for the owner.
@@ -59,7 +50,13 @@ module Cancannible::Grantee
     @abilities = if refresh
       nil
     elsif Cancannible.get_cached_abilities.respond_to?(:call)
-      Cancannible.get_cached_abilities.call(self)
+      result = Cancannible.get_cached_abilities.call(self)
+      if result
+        # performs a crude compatibility check
+        rules_size = result.send(:rules).size rescue nil
+        rules_index_size = (result.instance_variable_get(:@rules_index) || []).size
+        result if !rules_size.nil? && rules_index_size == rules_size
+      end
     end
     return @abilities if @abilities
 
@@ -70,7 +67,7 @@ module Cancannible::Grantee
       ability_class.new(self)
     end
 
-    Cancannible.store_cached_abilities.call(self,@abilities) if Cancannible.store_cached_abilities.respond_to?(:call)
+    Cancannible.store_cached_abilities.call(self, @abilities) if Cancannible.store_cached_abilities.respond_to?(:call)
     @abilities
   end
 
@@ -104,16 +101,18 @@ module Cancannible::Grantee
   def cannot(ability, resource)
     permissions << [ability, resource, false]
   end
-
 end
 
-
 module Cancannible
   # This module is automatically included into all controllers.
   # It overrides some CanCan ControllerAdditions
   module ControllerAdditions
+    # Returns abilities cached in the current_user model.
+    # If that fails, returns a default Ability instance
     def current_ability
-      current_user.try(:abilities)
+      current_user.try(:abilities) || if ability_class = ('::Ability'.constantize rescue nil)
+        ability_class.new(current_user)
+      end
     end
   end
 end

data/lib/cancannible/preload_adapter.rb

@@ -2,14 +2,11 @@ module Cancannible::PreloadAdapter
   extend ActiveSupport::Concern
 
   included do
-
     # Tap Ability.new to first preload permissions via Cancannible
     alias_method :cancan_initialize, :initialize
     def initialize(user)
-      Cancannible::Preloader.preload_abilities!(user,self)
+      Cancannible::Preloader.preload_abilities!(user, self)
       cancan_initialize(user)
     end
-
   end
-
-end
+end

data/lib/cancannible/preloader.rb

@@ -1,19 +1,19 @@
 class Cancannible::Preloader
-
-  def self.preload_abilities!(grantee,cancan_ability_object)
-    new(grantee,cancan_ability_object).preload!
+  def self.preload_abilities!(grantee, cancan_ability_object)
+    new(grantee, cancan_ability_object).preload!
   end
 
   attr_accessor :grantee
   attr_accessor :cancan_ability_object
 
-  def initialize(grantee,cancan_ability_object)
+  def initialize(grantee, cancan_ability_object)
     self.grantee = grantee
     self.cancan_ability_object = cancan_ability_object
   end
 
   def preload!
     return unless grantee.respond_to?(:inherited_permissions)
+
     # load inherited permissions to CanCan Abilities
     preload_abilities_from_permissions(grantee.inherited_permissions)
     # load user-based permissions from database to CanCan Abilities
@@ -39,17 +39,15 @@ class Cancannible::Preloader
       end
 
       if permission.resource_id.nil?
-
         if action == :cannot
           # apply generic unrestricted permission to the class
-          cancan_ability_object.send( action, ability, resource_type )
+          cancan_ability_object.send(action, ability, resource_type)
         else
-
           refinements = resolve_resource_refinements(ability,model_resource)
 
           if refinements.empty?
             # apply generic unrestricted permission to the class
-            cancan_ability_object.send( action, ability, resource_type )
+            cancan_ability_object.send(action, ability, resource_type)
           else
             secondary_refinements = resolve_resource_refinements(ability,model_resource,2).presence || [{}]
             refinements.each do |refinement|
@@ -58,25 +56,22 @@ class Cancannible::Preloader
               end
             end
           end
-
         end
-
       elsif resource_type.find_by_id(permission.resource_id)
         cancan_ability_object.send( action,  ability, resource_type, id: permission.resource_id)
       end
-
     end
   end
 
   def resolve_resource_type(given_resource_type)
     model_resource = nil
     resource_type = given_resource_type
-    resource_type = resource_type==resource_type.downcase ? resource_type.to_sym : resource_type.constantize rescue nil
+    resource_type = resource_type == resource_type.downcase ? resource_type.to_sym : resource_type.constantize rescue nil
     model_resource = resource_type.respond_to?(:new) ? resource_type.new : resource_type rescue nil
     [resource_type,model_resource]
   end
 
-  def resolve_resource_refinements(ability,model_resource,stage=1)
+  def resolve_resource_refinements(ability, model_resource, stage=1)
     Array(Cancannible.refinements[stage-1]).each_with_object([]) do |refinement,memo|
       refinement_attributes = refinement.dup
 
@@ -111,5 +106,4 @@ class Cancannible::Preloader
       memo.push(restriction) if restriction.present?
     end
   end
-
-end
+end

data/lib/cancannible/version.rb

@@ -1,3 +1,3 @@
 module Cancannible
-  VERSION = "0.0.2"
+  VERSION = '2.0.0'
 end

data/lib/cancannible.rb

@@ -2,8 +2,8 @@ require 'active_support'
 require 'active_support/core_ext'
 require 'cancan'
 
-require "cancannible/version"
-require "cancannible/config"
-require "cancannible/preload_adapter"
-require "cancannible/preloader"
-require "cancannible/grantee"
+require 'cancannible/version'
+require 'cancannible/config'
+require 'cancannible/preload_adapter'
+require 'cancannible/preloader'
+require 'cancannible/grantee'

data/lib/generators/cancannible/install_generator.rb

@@ -34,6 +34,5 @@ module Cancannible
         end
       end
     end
-
   end
 end

data/lib/generators/cancannible/templates/cancannible_initializer.rb

@@ -1,5 +1,4 @@
 Cancannible.setup do |config|
-
   # ABILITY CACHING
   # ===============
   # Cancannible supports optional ability caching. This can provide a significant performance
@@ -24,6 +23,7 @@ Cancannible.setup do |config|
 
 
   # ACCESS REFINMENTS
+  # =================
   # Cancannible allows general-purpose access refinements to be declared here. This will be enforced
   # in addition to any rules defined in you Ability.rb file.
 
@@ -99,5 +99,4 @@ Cancannible.setup do |config|
   #
   # By default, access refinements are "stage 1" i.e. applied directly to the permissions being loaded.
   # By specifying stage 2, this refinement is applied on top of all stage 1 refinements (if possible / applicable)
-
 end

data/lib/generators/cancannible/templates/migration.rb

@@ -1,4 +1,4 @@
-class CreateCancanniblePermissions < ActiveRecord::Migration
+class CreateCancanniblePermissions < ActiveRecord::Migration[6.1]
   def change
     create_table :permissions, force: true do |table|
       table.integer  :permissible_id

data/lib/generators/cancannible/templates/permission.rb

@@ -1,8 +1,12 @@
 # The Permission class stores permissions managed by CanCan and Cancannible
 class Permission < ActiveRecord::Base
   belongs_to :permissible, polymorphic: true
-  belongs_to :resource, polymorphic: true
+  belongs_to :resource, polymorphic: true, optional: true
 
-  validates_uniqueness_of :ability, scope: [:resource_id, :resource_type, :permissible_id, :permissible_type]
+  validates :ability, uniqueness: { scope: [:resource_id, :resource_type, :permissible_id, :permissible_type] }
 
-end
+  # Note: for Rails 3 you may need to declare attr_accessible as follows, depending on your whitelist_attributes setting.
+  # A future version of cancannible should make this unnecessary.
+  #
+  # attr_accessible :asserted, :ability, :resource_id, :resource_type
+end

data/spec/spec_helper.rb

@@ -6,11 +6,11 @@ require 'sqlite3'
 
 # Requires supporting files with custom matchers and macros, etc,
 # in ./support/ and its subdirectories.
-Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].sort.each {|f| require f}
 
 RSpec.configure do |config|
   config.before do
     Cancannible.reset!
     run_migrations
   end
-end
+end

data/spec/support/migrations_helper.rb

@@ -1,5 +1,4 @@
 module MigrationsHelper
-
   def run_migrations
     ActiveRecord::Base.establish_connection({
         adapter:   'sqlite3',
@@ -8,7 +7,6 @@ module MigrationsHelper
 
     ActiveRecord::Migration.suppress_messages do
       ActiveRecord::Schema.define(:version => 0) do
-
         create_table "members", :force => true do |t|
           t.string   "name"
           t.string   "email"
@@ -49,13 +47,11 @@ module MigrationsHelper
           t.string   "name"
           t.integer  "category_id"
         end
-
       end
     end
   end
-
 end
 
 RSpec.configure do |conf|
   conf.include MigrationsHelper
-end
+end

data/spec/support/models.rb

@@ -1,13 +1,10 @@
 # These model definitions are just used for the test scenarios
 
-# The Permission class stores permissions maanged by CanCan and Cancannible
 class Permission < ActiveRecord::Base
   belongs_to :permissible, polymorphic: true
-  belongs_to :resource, polymorphic: true
+  belongs_to :resource, polymorphic: true, optional: true
 
-  validates_uniqueness_of :ability,
-    :scope => [:resource_id, :resource_type,
-      :permissible_id, :permissible_type]
+  validates :ability, uniqueness: { scope: [:resource_id, :resource_type, :permissible_id, :permissible_type] }
 end
 
 class Member < ActiveRecord::Base
@@ -29,7 +26,7 @@ class RolesUsers < ActiveRecord::Base
 end
 
 class Role < ActiveRecord::Base
-  has_many :roles_users, :class_name => 'RolesUsers'
+  has_many :roles_users, class_name: 'RolesUsers'
   has_many :users, through: :roles_users
 
   include Cancannible::Grantee

data/spec/unit/cached_abilities_spec.rb

@@ -3,29 +3,46 @@ require 'spec_helper'
 describe Cancannible do
   let(:grantee_class) { Member }
   let(:grantee) { grantee_class.create! }
+  let(:cached_object) do
+    abilities = Ability.new(grantee)
+    abilities.can :read, :all
+    abilities
+  end
 
   describe "#abilities" do
     subject { grantee.abilities }
 
     context "when get_cached_abilities provided" do
       before do
-        Cancannible.get_cached_abilities = proc{|grantee| "get_cached_abilities for #{grantee.id}" }
+        Cancannible.get_cached_abilities = proc { |grantee| cached_object }
+      end
+
+      it "returns the cached object" do
+        expect(cached_object.instance_variable_defined?(:@rules_index)).to eql(true)
+        expect(subject).to eql(cached_object)
       end
-      it "should returned the cached object" do
-        should eql("get_cached_abilities for #{grantee.id}")
+      context 'when incompatible cached_object' do
+        let(:cached_object) { 'bogative' }
+        it 'returns a new object' do
+          expect(subject).to be_an(Ability)
+          expect(subject).to_not eql(cached_object)
+        end
       end
       context "unless reload requested" do
         subject { grantee.abilities(true) }
-        it { should be_an(Ability) }
+        it 'returns a new object' do
+          expect(subject).to be_an(Ability)
+          expect(subject).to_not eql(cached_object)
+        end
       end
     end
 
     context "when store_cached_abilities provided" do
       before do
         @stored = nil
-        Cancannible.store_cached_abilities = proc{ |grantee,ability| @stored = { grantee_id: grantee.id, ability: ability } }
+        Cancannible.store_cached_abilities = proc { |grantee, ability| @stored = { grantee_id: grantee.id, ability: ability } }
       end
-      it "should store the cached object" do
+      it "stores the cached object" do
         expect { subject }.to change { @stored }.from(nil)
         expect(@stored[:grantee_id]).to eql(grantee.id)
         expect(@stored[:ability]).to be_an(Ability)
@@ -36,32 +53,29 @@ describe Cancannible do
       before do
         @stored = nil
         @store = 0
-        Cancannible.get_cached_abilities = proc{|grantee| @stored }
-        Cancannible.store_cached_abilities = proc{ |grantee,ability| @store += 1 ; @stored = { grantee_id: grantee.id, ability: ability } }
+        Cancannible.get_cached_abilities = proc { |grantee| @stored[:ability] if @stored }
+        Cancannible.store_cached_abilities = proc { |grantee, ability| @store += 1 ; @stored = { grantee_id: grantee.id, ability: ability } }
       end
-      it "should store the cached object on the first call" do
+      it "stores the cached object on the first call" do
         expect { subject }.to change { @stored }.from(nil)
         expect(@store).to eql(1)
         expect(@stored[:grantee_id]).to eql(grantee.id)
         expect(@stored[:ability]).to be_an(Ability)
       end
-      it "should return the cached object on the second call" do
+      it "returns the cached object on the second call" do
         expect { subject }.to change { @stored }.from(nil)
         expect(@store).to eql(1)
         expect { grantee.abilities }.to_not change { @store }
-        expect(grantee.abilities[:grantee_id]).to eql(grantee.id)
-        expect(grantee.abilities[:ability]).to be_an(Ability)
+        expect(grantee.abilities).to be_an(Ability)
+        expect(@stored[:grantee_id]).to eql(grantee.id)
       end
       it "should re-cache object on the second call if refresh requested" do
         expect { subject }.to change { @stored }.from(nil)
         expect(@store).to eql(1)
         expect { grantee.abilities(true) }.to change { @store }.from(1).to(2)
-        expect(grantee.abilities[:grantee_id]).to eql(grantee.id)
-        expect(grantee.abilities[:ability]).to be_an(Ability)
+        expect(grantee.abilities).to be_an(Ability)
+        expect(@stored[:grantee_id]).to eql(grantee.id)
       end
     end
-
-
   end
-
-end
+end

data/spec/unit/config_spec.rb

@@ -14,4 +14,4 @@ describe Cancannible do
       subject
     end
   end
-end
+end

data/spec/unit/custom_refinements_spec.rb

@@ -1,6 +1,5 @@
 require 'spec_helper'
 
-
 describe Cancannible do
   let(:grantee_class) { User }
   let(:ability) { :blow }
@@ -9,7 +8,6 @@ describe Cancannible do
   subject(:grantee) { grantee_class.create!(username: username) }
 
   describe "#can?" do
-
     context "with custom attribute association restriction" do
       let(:resource_class) { Widget }
       before do
@@ -245,7 +243,5 @@ describe Cancannible do
         it { should be_falsey }
       end
     end
-
   end
-
 end

data/spec/unit/grantee_spec.rb

@@ -4,7 +4,6 @@ describe Cancannible::Grantee do
   let(:grantee_class) { Member }
 
   context "without permissions inheritance" do
-
     describe "##inheritable_permissions" do
       subject { grantee_class.inheritable_permissions }
       it { should be_empty }
@@ -43,9 +42,13 @@ describe Cancannible::Grantee do
         context "when permission is not asserted" do
           it { should be_truthy }
         end
-        context "when permission is not asserted but can is" do
+        context "when :can already asserted" do
           before { grantee.can(:read, resource) }
           it { should be_falsey }
+          context "and then reset as :cannot" do
+            before { grantee.cannot(:read, resource) }
+            it { should be_truthy }
+          end
         end
         context "when permission is asserted" do
           before { grantee.cannot(:read, resource) }
@@ -54,31 +57,6 @@ describe Cancannible::Grantee do
       end
     end
 
-    context "with a nil resource" do
-      let!(:resource) { nil }
-      describe "#can? -> nil" do
-        subject { grantee.can?(:read, nil) }
-        context "when permission is not set" do
-          it { should be_falsey }
-        end
-        context "when permission is set" do
-          before { grantee.can(:read, resource) }
-          it { should be_truthy }
-        end
-      end
-      describe "#can? -> ''" do
-        subject { grantee.can?(:read, '') }
-        context "when permission is not set" do
-          it { should be_falsey }
-        end
-        context "when permission is set" do
-          before { grantee.can(:read, resource) }
-          it { should be_falsey }
-        end
-      end
-    end
-
-
     context "with a resource class" do
       let!(:resource) { Widget }
 
@@ -117,15 +95,14 @@ describe Cancannible::Grantee do
     context "with a non-existent model" do
       describe "instance" do
         let!(:obsolete_permission) {grantee.permissions.create!(asserted: true, ability: 'manage', resource_type: 'Bogative', resource_id: 33) }
-        it "should not error on load" do
-          expect { grantee.abilities }.to_not raise_error
+        it "raises CanCan::Error" do
+          expect { grantee.abilities }.to raise_error(CanCan::Error)
         end
       end
       describe "class" do
         let!(:obsolete_permission) {grantee.permissions.create!(asserted: true, ability: 'manage', resource_type: 'Bogative') }
-        it "should not error on load" do
-          grantee.abilities
-          expect { grantee.abilities }.to_not raise_error
+        it "raises CanCan::Error" do
+          expect { grantee.abilities }.to raise_error(CanCan::Error)
         end
       end
     end
@@ -134,19 +111,17 @@ describe Cancannible::Grantee do
       class SuperBogative < ActiveRecord::Base
       end
       context "instance" do
-        let!(:obsolete_permission) { grantee.permissions.create!(asserted: true, ability: 'manage', resource_type: 'SuperBogative', resource_id: 33) }
-        it "should not error on load" do
+        let!(:invalid_permission) { grantee.permissions.create!(asserted: true, ability: 'manage', resource_type: 'SuperBogative', resource_id: 33) }
+        it "does not error on load" do
           expect { grantee.abilities }.to_not raise_error
         end
       end
       context "class" do
-        let!(:obsolete_permission) { grantee.permissions.create!(asserted: true, ability: 'manage', resource_type: 'SuperBogative') }
-        it "should not error on load" do
+        let!(:invalid_permission) { grantee.permissions.create!(asserted: true, ability: 'manage', resource_type: 'SuperBogative') }
+        it "does not error on load" do
           expect { grantee.abilities }.to_not raise_error
         end
       end
     end
-
   end
-
 end

data/spec/unit/inherited_permissions_spec.rb

@@ -1,11 +1,9 @@
 require 'spec_helper'
 
-
 describe Cancannible do
   let(:grantee_class) { User }
 
   context "with mulitple sources of permissions inheritance" do
-
     describe "##inheritable_permissions" do
       subject { grantee_class.inheritable_permissions }
       it { should eql([:roles, :group]) }
@@ -15,12 +13,12 @@ describe Cancannible do
     let!(:role_b)  { Role.create! }
     let!(:group_a) { Group.create! }
     let!(:group_b) { Group.create! }
-    subject(:grantee) {
+    subject(:grantee) do
       u = grantee_class.new(group: group_a)
       u.roles << role_a
       u.save!
       u
-    }
+    end
 
     context "with a symbolic resource" do
       let!(:resource) { :something }
@@ -43,10 +41,8 @@ describe Cancannible do
           it { should be_truthy }
         end
       end
-
     end
 
-
     context "with a resource class" do
       let!(:resource) { Widget }
 
@@ -68,7 +64,6 @@ describe Cancannible do
           it { should be_truthy }
         end
       end
-
     end
 
     context "with a resource instance" do
@@ -136,10 +131,6 @@ describe Cancannible do
           it { should be_truthy }
         end
       end
-
-
     end
-
   end
-
 end

metadata

@@ -1,141 +1,169 @@
 --- !ruby/object:Gem::Specification
 name: cancannible
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 2.0.0
 platform: ruby
 authors:
 - Paul Gallagher
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-07-31 00:00:00.000000000 Z
+date: 2022-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '6.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '6.1'
 - !ruby/object:Gem::Dependency
-  name: cancan
+  name: cancancan
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '6.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.2'
+        version: '6.1'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: 1.3.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: 1.3.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.6'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: guard-rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rb-fsevent
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '0'
 description: Extends CanCan with dynamic, inheritable permissions stored in a database,
   with caching and multi-tenant refinements
 email:
@@ -144,9 +172,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
-- .rspec
-- .travis.yml
+- ".github/workflows/ruby.yml"
+- ".gitignore"
 - Gemfile
 - Guardfile
 - LICENSE.txt
@@ -176,24 +203,23 @@ homepage: https://github.com/evendis/cancannible
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.2
-signing_key: 
+rubygems_version: 3.2.20
+signing_key:
 specification_version: 4
 summary: Dynamic, configurable permissions for CanCan
 test_files:

data/.rspec

@@ -1,2 +0,0 @@
---format documentation
---color

data/.travis.yml

@@ -1,4 +0,0 @@
-# These are specific configuration settings required for travis-ci
-language: ruby
-rvm:
-  - 1.9.3