cando 0.1.0

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/.rspec

@@ -0,0 +1 @@
+--color

data/.travis.yml

@@ -0,0 +1,8 @@
+language: ruby
+rvm:
+  - "1.9.3"
+cache: bundler
+before_script:
+    - mysql -e 'create database cando_test;'
+
+env: CANDO_TEST_DB=mysql://travis@127.0.0.1/cando_test

data/Gemfile

@@ -0,0 +1,21 @@
+source "http://rubygems.org"
+# Add dependencies required to use your gem here.
+# Example:
+#   gem "activesupport", ">= 2.3.5"
+
+gem "sequel"
+gem "rake"
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "rspec", "~> 2.10.0"
+  gem "rdoc", "~> 3.12"
+  gem "bundler", "~> 1.0"
+  gem "jeweler", "~> 2.0.1"
+  gem "simplecov", ">= 0"
+end
+
+group :test do
+  gem "mysql"
+end

data/Gemfile.lock

@@ -0,0 +1,79 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.3.6)
+    builder (3.2.2)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
+    diff-lcs (1.1.3)
+    docile (1.1.3)
+    faraday (0.9.0)
+      multipart-post (>= 1.2, < 3)
+    git (1.2.6)
+    github_api (0.11.3)
+      addressable (~> 2.3)
+      descendants_tracker (~> 0.0.1)
+      faraday (~> 0.8, < 0.10)
+      hashie (>= 1.2)
+      multi_json (>= 1.7.5, < 2.0)
+      nokogiri (~> 1.6.0)
+      oauth2
+    hashie (2.1.1)
+    highline (1.6.21)
+    jeweler (2.0.1)
+      builder
+      bundler (>= 1.0)
+      git (>= 1.2.5)
+      github_api
+      highline (>= 1.6.15)
+      nokogiri (>= 1.5.10)
+      rake
+      rdoc
+    json (1.8.1)
+    jwt (0.1.13)
+      multi_json (>= 1.5)
+    mini_portile (0.5.3)
+    multi_json (1.10.0)
+    multi_xml (0.5.5)
+    multipart-post (2.0.0)
+    mysql (2.9.1)
+    nokogiri (1.6.1)
+      mini_portile (~> 0.5.0)
+    oauth2 (0.9.3)
+      faraday (>= 0.8, < 0.10)
+      jwt (~> 0.1.8)
+      multi_json (~> 1.3)
+      multi_xml (~> 0.5)
+      rack (~> 1.2)
+    rack (1.5.2)
+    rake (10.3.1)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rspec (2.10.0)
+      rspec-core (~> 2.10.0)
+      rspec-expectations (~> 2.10.0)
+      rspec-mocks (~> 2.10.0)
+    rspec-core (2.10.1)
+    rspec-expectations (2.10.0)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.10.1)
+    sequel (4.10.0)
+    simplecov (0.8.2)
+      docile (~> 1.1.0)
+      multi_json
+      simplecov-html (~> 0.8.0)
+    simplecov-html (0.8.0)
+    thread_safe (0.3.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.0)
+  jeweler (~> 2.0.1)
+  mysql
+  rake
+  rdoc (~> 3.12)
+  rspec (~> 2.10.0)
+  sequel
+  simplecov

data/LICENSE.txt

@@ -0,0 +1,25 @@
+Copyright (c) 2014 Daniel Bornkessel
+
+The MIT License (MIT)
+
+Copyright © 2013 SoundCloud Ltd., Internal Tools Team
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+

data/README.md

@@ -0,0 +1,144 @@
+# CanDo [![Build Status](https://travis-ci.org/soundcloud/cando.svg?branch=master)](https://travis-ci.org/soundcloud/cando)
+
+CanDo is a small gem to implement a simple user access system based on users, roles &
+capabilites, where:
+
+  - each user can have 0, 1 or many roles
+  - each role can have 0, 1 or many capabilites
+
+Users have capabilities by getting roles assigned (role == collection of
+capabilities). Within the code, the `can` helper method can be used to test
+whether a user has a certain capability or not (see below for a working code example).
+
+## Dependencies
+
+CanDo depends on the following software:
+
+* [sequel](http://sequel.jeremyevans.net)
+* [rake](https://github.com/jimweirich/rake)
+
+
+## Installation and deployment
+
+Download and install rake with the following.
+
+        gem install cando
+
+## Configuration and usage
+
+### Database setup & configuration
+If you want to use an individual database for cando, create the db + credentials (adjust values):
+
+    CREATE DATABASE IF NOT EXISTS cando  DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci;
+    GRANT ALL ON `cando`.* to 'cando_user'@'localhost' identified by 'cando_passwd';
+
+Whenever you want to use a CanDo rake task, you need to set the database config via the env var `$CANDO_DB`:
+
+     export CANDO_DB=mysql://cando_user@cando_passwd@localhost/cando
+
+for other dbs, [see the sequel
+documentation](http://sequel.jeremyevans.net/rdoc/classes/Sequel.html#method-c-connect).
+**Note that you will have to require the gem for your respective dbms, i.e. the
+`mysql`-gem for mysql, the `sqlite3`-gem for sqlite, etc. **
+
+### Init cando
+Cando provides a rake task to get you started. This will setup the necessary
+tables (they are all prefixed with `cando` and thus should not interfere with
+your database.
+
+    rake cando:init
+
+### Using rake tasks
+Cando provides several useful rake tasks for easy cli-based operations. In order
+to use those edit (or create) the `Rakefile` and include
+
+    require 'cando'
+
+ To get an overview, execute:
+
+     $ rake -T cando
+     rake cando:init     # Initialize cando (creates schema and runs migration)
+
+     rake cando:list     # List roles
+     rake cando:add      # Add a new role (pass in role name and capabilities with role=<name> capabilities=<cap1>,<cap2>,...
+     rake cando:update   # Update role (pass in role name and capabilities with role=<name> capabilities=<cap1>,<cap2>,...
+     rake cando:remove   # Remove role (pass in role name with role=<name>)
+
+     rake cando:assign   # Assign role to user (args: roles=<r1>,<r2>,<rn> user=<user_urn>)
+     rake cando:users    # List users and their roles
+
+### Using CanDo in your project's code
+Using the CanDo in your code (working code with an empty database):
+
+    require 'cando'
+    include CanDo
+
+    CanDo.init do
+      # if passed, this will be executed if the user does not have the
+      # asked-for capability (only applies if 'can' is passed a block)
+      cannot_block do |user_urn, capability|
+        raise "#{user_urn} can not #{capability}"
+      end
+
+      connect "mysql://cando_user:cando_passwd@host:port/database"
+    end
+
+    # if the role or a capability does not exist, it'll be created
+    define_role("r1", ["capability1", "capability3"])
+    define_role("r2", ["capability2"])
+
+    # if the user does not exist, he'll be created -- the roles must be available
+    assign_roles("user1", ["r1", "r2"])
+    assign_roles("user2", ["r1"])
+
+    # use 'can' block syntax
+    can("user1", :capability1) do
+      puts "user has capability1"
+    end
+
+    # this will raise an exception as declared in the init block
+    can("user1", :super_admin) do
+      puts "hey hoh" # this will not be printed
+    end
+
+    # when no block is given, 'can' returns true or false/nil
+    unless can("user2", :capability2)
+      puts "user does not have capability1"
+    end
+
+## Versioning
+CanDo adheres to Semantic Versioning 2.0.0. If there is a violation of
+this scheme, report it as a bug.Specifically, if a patch or minor version is
+released and breaks backward compatibility, that version should be immediately
+yanked and/or a new version should be immediately released that restores
+compatibility. Any change that breaks the public API will only be introduced at
+a major-version release. As a result of this policy, you can (and should)
+specify any dependency on <project name> by using the Pessimistic Version
+Constraint with two digits of precision.
+
+## Licensing
+
+See the [LICENSE](LICENSE.md) file for details.
+
+The MIT License (MIT)
+
+Copyright &copy; 2014 Daniel Bornkessel
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+

data/Rakefile

@@ -0,0 +1,52 @@
+# encoding: utf-8
+
+require 'rake'
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://guides.rubygems.org/specification-reference/ for more options
+  gem.name = "cando"
+  gem.homepage = "http://github.com/kesselborn/cando"
+  gem.license = "MIT"
+  gem.summary = %Q{Simple roles helper}
+  gem.description = %Q{cando description}
+  gem.email = "daniel@soundcloud.com"
+  gem.authors = ["Daniel Bornkessel"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+desc "Code coverage detail"
+task :simplecov do
+  ENV['COVERAGE'] = "true"
+  Rake::Task['spec'].execute
+end
+
+task :default => :spec
+
+require 'rdoc/task'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "cando #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+  rdoc.rdoc_files.include('contrib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/cando.gemspec

@@ -0,0 +1,75 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "cando"
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Daniel Bornkessel"]
+  s.date = "2014-05-20"
+  s.description = "cando description"
+  s.email = "daniel@soundcloud.com"
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.md"
+  ]
+  s.files = [
+    ".document",
+    ".rspec",
+    ".travis.yml",
+    "Gemfile",
+    "Gemfile.lock",
+    "LICENSE.txt",
+    "README.md",
+    "Rakefile",
+    "VERSION",
+    "cando.gemspec",
+    "contrib/initial_schema.rb",
+    "lib/cando.rb",
+    "lib/models/capability.rb",
+    "lib/models/role.rb",
+    "lib/models/user.rb",
+    "lib/tasks/cando.rake",
+    "spec/cando_spec.rb",
+    "spec/spec_helper.rb"
+  ]
+  s.homepage = "http://github.com/kesselborn/cando"
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.23"
+  s.summary = "Simple roles helper"
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<sequel>, [">= 0"])
+      s.add_runtime_dependency(%q<rake>, [">= 0"])
+      s.add_development_dependency(%q<rspec>, ["~> 2.10.0"])
+      s.add_development_dependency(%q<rdoc>, ["~> 3.12"])
+      s.add_development_dependency(%q<bundler>, ["~> 1.0"])
+      s.add_development_dependency(%q<jeweler>, ["~> 2.0.1"])
+      s.add_development_dependency(%q<simplecov>, [">= 0"])
+    else
+      s.add_dependency(%q<sequel>, [">= 0"])
+      s.add_dependency(%q<rake>, [">= 0"])
+      s.add_dependency(%q<rspec>, ["~> 2.10.0"])
+      s.add_dependency(%q<rdoc>, ["~> 3.12"])
+      s.add_dependency(%q<bundler>, ["~> 1.0"])
+      s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
+      s.add_dependency(%q<simplecov>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<sequel>, [">= 0"])
+    s.add_dependency(%q<rake>, [">= 0"])
+    s.add_dependency(%q<rspec>, ["~> 2.10.0"])
+    s.add_dependency(%q<rdoc>, ["~> 3.12"])
+    s.add_dependency(%q<bundler>, ["~> 1.0"])
+    s.add_dependency(%q<jeweler>, ["~> 2.0.1"])
+    s.add_dependency(%q<simplecov>, [">= 0"])
+  end
+end
+

data/contrib/initial_schema.rb

@@ -0,0 +1,39 @@
+Sequel.migration do
+  up do
+   create_table :cando_users do
+     String :id, :unique => true, :null => false
+     primary_key :id
+    end
+
+   create_table :cando_roles do
+     String :id, :unique => true, :null => false
+     primary_key :id
+   end
+
+   create_table :cando_capabilities do
+     String :id, :unique => true, :null => false
+     primary_key :id
+   end
+
+   # associations
+   create_table :cando_roles_users do
+     String :user_id
+     String :role_id
+     primary_key [:user_id, :role_id], :name => :ur_pk
+   end
+
+   create_table :cando_capabilities_roles do
+     String :role_id
+     String :capability_id
+     primary_key [:role_id, :capability_id], :name =>:rc_pk
+   end
+  end
+
+  down do
+    drop_table :cando_users
+    drop_table :cando_roles
+    drop_table :cando_capabilities
+    drop_table :cando_roles_users
+    drop_table :cando_capabilities_roles
+  end
+end

data/lib/cando.rb

@@ -0,0 +1,88 @@
+require 'sequel' 
+
+if File.basename($0) == "rake"    # we are in a rake call: export our rake stuff
+  require 'rake'
+  import File.join(File.dirname(File.dirname(__FILE__)), "lib", "tasks", "cando.rake" )
+end
+
+module CanDo
+  class ConfigCannotBlockError < RuntimeError; end
+  class ConfigMysqlDBError < RuntimeError; end
+  class ConfigMysqlConnectionError < RuntimeError; end
+  class DBNotConnected < RuntimeError; end
+
+  def self.db
+    @db or raise DBNotConnected.new("CanDo is not connected to a database")
+  end
+
+  def self.init(&block)
+    CanDo.instance_eval &block
+
+    begin
+      Sequel::Model.db.test_connection
+    rescue ::Sequel::Error => e
+      raise DBNotConnected.new("No database connection established. Have you called 'connect' within the 'CanDo.init' block? Sequel error message is:\n#{e.message}")
+    end
+
+    Dir.glob(File.expand_path("#{__FILE__}/../models/*.rb")).each do |model|
+      require_relative model
+    end
+
+    Sequel::Model.db
+  end
+
+
+  # will be executed if `can(user_urn, :capability) { }` will not be executed
+  # due to missing capabilities
+  def self.cannot_block(&block)
+    if !block
+      raise ConfigCannotBlockError.new("CanDo#cannot_block expects block")
+    end
+    if block.arity != 2
+      raise ConfigCannotBlockError.new("CanDo#cannot_block expects block expecting two arguments |user_urn, capability|")
+    end
+
+    @@cannot_block_proc = block
+  end
+
+  def self.connect(connection)
+    if connection =~ /sqlite/
+      raise ConfigMysqlDBError.new("sqlite is not supported as it misses certain constraints")
+    end
+
+    begin
+      @db = Sequel.connect(connection)
+      @db.test_connection
+      @db
+    rescue => e
+      raise ConfigMysqlConnectionError.new(<<-EOF
+Error connecting to database. Be sure to pass in a databse config like 'mysql://user:passwd@host/database':
+#{e.message}
+EOF
+      )
+    end
+  end
+
+  def can(user_urn, capability)
+    user = CanDo::User.find(:id => user_urn)
+    has_permission = user && user.can(capability)
+    if block_given?
+      if has_permission
+       return yield
+      end
+      if @@cannot_block_proc
+        @@cannot_block_proc.call(user_urn, capability)
+      end
+    end
+
+    has_permission
+  end
+
+  def define_role(role, capabilities)
+    CanDo::Role.define_role(role, capabilities)
+  end
+
+  def assign_roles(user, roles)
+    CanDo::User.find_or_create(:id => user).assign_roles(roles)
+  end
+end

data/lib/models/capability.rb

@@ -0,0 +1,14 @@
+module CanDo
+  class Capability < Sequel::Model(:cando_capabilities)
+    many_to_many :roles, :join_table => :cando_capabilities_roles
+    unrestrict_primary_key
+    
+    def self.cleanup
+      Capability.all do |cap|
+        if cap.roles.count == 0
+          cap.destroy
+        end
+      end
+    end
+  end
+end

data/lib/models/role.rb

@@ -0,0 +1,27 @@
+module CanDo
+  class Role < Sequel::Model(:cando_roles)
+    many_to_many :users, :join_table => :cando_roles_users
+    many_to_many :capabilities, :join_table => :cando_capabilities_roles
+    unrestrict_primary_key
+
+    def before_destroy
+      self.remove_all_capabilities
+      self.remove_all_users
+      Capability.cleanup
+    end
+
+    def self.define_role(name, capabilities)
+      role = Role.find_or_create(:id => name)
+      role.remove_all_capabilities
+      capabilities.each do |capability|
+        role.add_capability( Capability.find_or_create(:id => capability.to_s) )
+      end
+
+      role
+    end
+
+    def to_s
+      "#{id}\t#{capabilities.map(&:id).join(",")}"
+    end
+  end
+end

data/lib/models/user.rb

@@ -0,0 +1,40 @@
+module CanDo
+  class UndefinedRole < Exception; end
+  class User < Sequel::Model(:cando_users)
+    many_to_many :roles, :join_table => :cando_roles_users
+    unrestrict_primary_key
+
+    def capabilities
+      roles.inject([]){|a,role| a << role.capabilities}.flatten.uniq.map(&:id)
+    end
+
+    def can(capability)
+      capabilities.include?(capability.to_s)
+    end
+
+    def assign_roles(roles)
+      self.class.db.transaction do
+        self.remove_all_roles
+        roles.each do |r|
+          begin
+            role = r.is_a?(CanDo::Role) ? r : CanDo::Role.where(:id => r).first!
+            self.add_role(role)
+          rescue Sequel::UniqueConstraintViolation => e
+            puts "user already has role '#{r}'"
+          rescue Sequel::NoMatchingRow
+            raise UndefinedRole.new("Role '#{r}' does not exist")
+          end
+        end
+      end
+      self
+    end
+
+    def role_names
+      roles.map(&:id)
+    end
+
+    def to_s
+      "#{id}\t#{role_names.join(",")}\t#{capabilities.join(",")}"
+    end
+  end
+end

data/lib/tasks/cando.rake

@@ -0,0 +1,138 @@
+require 'tmpdir'
+
+CANDO_MIGRATION_DIR = "db/cando-migrations"
+CANDO_SCHEMA = File.join(File.dirname(File.dirname(File.dirname(__FILE__))), "contrib", "initial_schema.rb")
+
+namespace :cando do
+  desc "Initialize cando (creates schema and runs migration)"
+  task :init do
+    if Dir.glob("#{CANDO_MIGRATION_DIR}/*#{File.basename(CANDO_SCHEMA)}*").empty?
+      puts green("Copying cando schema to local cando migrations folder '#{CANDO_MIGRATION_DIR}'")
+      cando_schema_migration = File.join(CANDO_MIGRATION_DIR, "#{Time.now.strftime("%Y%m%d%H%M%S")}_#{File.basename(CANDO_SCHEMA)}")
+
+      FileUtils.mkdir_p(CANDO_MIGRATION_DIR) unless File.exists?(CANDO_MIGRATION_DIR)
+      FileUtils.cp(CANDO_SCHEMA, cando_schema_migration)
+    else
+      $stderr.puts red("skipping copying cando schema migration file: already exists")
+    end
+
+    Sequel::Migrator.run(connect_to_db, CANDO_MIGRATION_DIR, { allow_missing_migration_files: true} )
+
+    puts <<EOF
+    #{green("Success!")}
+
+In order to add, update or remove a role, call
+
+    rake cando:add    role=<rolename> capabilities=<cap1>,<cap2>,<cap3>
+    rake cando:update role=<rolename> capabilities=<cap1>,<cap2>,<cap3>
+    rake cando:remove role=<rolename>
+
+When adding or updating a roles it doesn't matter whether the passed in capabilities
+exist or not -- if not existant, they will be created automatically
+
+For more cando rake tasks execute
+
+    rake -T cando
+
+EOF
+
+  end
+
+  desc "Add a new role (pass in role name and capabilities with role=<name> capabilities=<cap1>,<cap2>,... )"
+  task :add do
+    add_role(false)
+  end
+
+  desc "Update role (pass in role name and capabilities with role=<name> capabilities=<cap1>,<cap2>,... )"
+  task :update do
+    add_role(true)
+  end
+
+
+  desc "Remove role (pass in role name with role=<name>)"
+  task :remove do
+    unless ENV['role']
+      $stderr.puts red("usage: rake cando:remove role=<rolename>")
+      exit 1
+    end
+
+    connect_to_db
+    unless r = CanDo::Role.find(:id => ENV['role'])
+      $stderr.puts red("role '#{args.role}' does not exist")
+      exit 1
+    end
+
+    r.destroy
+  end
+
+  desc "Assign role to user (args: roles=<r1>,<r2>,<rn> user=<user_urn>)"
+  task :assign do
+    roles = ENV['roles']
+    user_urn  = ENV['user']
+
+    unless roles && user_urn
+      $stderr.puts red("usage: rake cando:assign user=<user_urn> roles=<role1>,<role2>,... ")
+    end
+
+    connect_to_db
+    include CanDo
+    assign_roles(user_urn, roles.split(","))
+  end
+
+  desc "List roles"
+  task :list do
+    connect_to_db
+    puts "ROLE\tCAPABILITIES"
+    CanDo::Role.all.each do |role|
+      puts role
+    end
+  end
+
+  desc "List users and their roles"
+  task :users do
+    connect_to_db
+    puts "USER_URN\tROLES\tCAPABILITIES"
+    CanDo::User.all.each do |user|
+      puts user
+    end
+  end
+
+end
+
+def green(text)
+  "\033[1;32;48m#{text}\033[m"
+end
+
+def red(text)
+  "\033[1;31;48m#{text}\033[m"
+end
+
+def add_role(force = false)
+  role         = ENV['role']
+  capabilities = ENV['capabilities'] && ENV['capabilities'].split(",")
+
+  unless role && capabilities
+    puts red("usage: rake cando:add    role=<rolename> capabilities=<cap1>,<cap2>,<cap3>")
+    exit 1
+  end
+
+  connect_to_db
+  if !force && CanDo::Role.find(:id => role)
+    puts red("Role '#{role}' already exists!")
+    puts "If you want to update '#{role}', please use 'rake cando:update'"
+    exit 1
+  end
+
+  include CanDo
+  define_role(role, capabilities)
+end
+
+def connect_to_db
+  unless ENV['CANDO_DB']
+    raise "Please pass in database config, e.g. CANDO_DB=mysql://user:passwd@host/database bundle exec rake cando:<command>"
+  end
+
+  CanDo.init do
+    connect(ENV['CANDO_DB'])
+  end
+end

data/spec/cando_spec.rb

@@ -0,0 +1,126 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+#describe "Cando" do
+#  it "fails" do
+#    fail "hey buddy, you should probably rename this file and start specing for real"
+#  end
+#end
+#
+describe "CanDo module methods" do
+  context "CanDo.cannot_block expects block accepting two parameters" do
+    it { expect{ CanDo.cannot_block }.to              raise_error(CanDo::ConfigCannotBlockError) }
+    it { expect{ CanDo.cannot_block{|x| x} }.to       raise_error(CanDo::ConfigCannotBlockError) }
+    it { expect{ CanDo.cannot_block{|x,y,z| x} }.to   raise_error(CanDo::ConfigCannotBlockError) }
+
+    it { expect{ CanDo.cannot_block{|x,y| x} }.to_not raise_error(CanDo::ConfigCannotBlockError) }
+  end
+
+  context "CanDo.connect" do
+    it { expect{ CanDo.connect(nil) }.to raise_error(CanDo::ConfigMysqlConnectionError) }
+    it { expect{ CanDo.connect("sqlite::memory:") }.to raise_error(CanDo::ConfigMysqlDBError) }
+    it { CanDo.connect(ENV['CANDO_TEST_DB']).test_connection be_true }
+  end
+
+  context "CanDo.init" do
+    context "CanDo.cannot_block called from config" do
+      it { expect{ CanDo.init{ cannot_block }}.to raise_error(CanDo::ConfigCannotBlockError) }
+    end
+  end
+
+  context "CanDo exported methods" do
+    include CanDo
+
+    context "CanDo#define_role" do
+      context "empty role (no capabilities)" do
+        it { expect{ define_role("role", []) }.to change{CanDo::Role.count}.from(0).to(1) }
+        it { expect{ define_role("role", []) }.to change{CanDo::Capability.count}.by(0) }
+      end
+
+      context "standard situation" do
+        it { expect{ define_role("role", [:capability1, :capability2]) }.to change{CanDo::Role.count}.from(0).to(1) }
+        it { expect{ define_role("role", [:capability1, :capability2]) }.to change{CanDo::Capability.count}.from(0).to(2) }
+      end
+
+      context "duplication" do
+        before(:each) { define_role("role", [:capability]) }
+
+        it { expect{ define_role("role", [:new_capability]) }.to change{CanDo::Role.count}.by(0) }
+        it { expect{ define_role("new_role", [:capability]) }.to change{CanDo::Capability.count}.by(0) }
+      end
+
+      context "cleanup" do
+        before(:each) do
+          @role = define_role("role", [:capabilty])
+        end
+
+        it { expect{ @role.destroy }.to change{CanDo::Role.count}.from(1).to(0) }
+        it { expect{ @role.destroy }.to change{CanDo::Capability.count}.from(1).to(0) }
+      end
+    end
+
+    context "CanDo#assign_roles" do
+      include CanDo
+
+      context "user without roles" do
+        it { expect{ assign_roles("user", []) }.to change{CanDo::User.count}.from(0).to(1) }
+        it { expect{ assign_roles("user", []) }.to change{CanDo::Role.count}.by(0) }
+      end
+
+      context "invalid roles" do
+        it { expect{ assign_roles("user", ["non-existant-role"]) }.to raise_error(CanDo::UndefinedRole) }
+        it { expect{ assign_roles("user", [nil]) }.to raise_error(CanDo::UndefinedRole) }
+      end
+
+      context "standard situation" do
+        before(:each) do
+          @r1 = define_role("r1", [:c1, :c2])
+          @r2 = define_role("r2", [:c2, :c3])
+        end
+
+        it { expect{ assign_roles("user", ["r1"]) }.to change{CanDo::User.count}.from(0).to(1) }
+        it { expect{ assign_roles("user", ["r1","r2"]) }.to change{CanDo::User.count}.from(0).to(1) }
+
+        it { expect{ assign_roles("user", [@r1]) }.to change{CanDo::User.count}.from(0).to(1) }
+        it { expect{ assign_roles("user", ["r1",@r2]) }.to change{CanDo::User.count}.from(0).to(1) }
+      end
+
+      context "cleanup" do
+        before(:each) do
+          @role = define_role("role", [:capabilty])
+          @user = assign_roles("user", [@role])
+        end
+
+        it { expect{ @user.destroy }.to change{CanDo::User.count}.from(1).to(0) }
+        it { expect{ @user.destroy }.to change{CanDo::Role.count}.by(0) }
+      end
+    end
+
+    context "CanDo#can" do
+      include CanDo
+
+      before(:each) do
+        @role = define_role("role", [:capability1, :capabilty2])
+        @user = assign_roles("user", [@role])
+      end
+
+      context "CanDo#can" do
+        it { can("user", :capability1).should be_true }
+        it { can("user", :undefined_capability).should be_false }
+
+        it { expect{ |can| can("user", :capability1, &can) }.to yield_control }
+
+        context "CanDo.cannot_block" do
+          class DummyException < RuntimeError; end
+          before(:all) do
+            CanDo.cannot_block do |user, capabilty|
+              raise DummyException
+            end
+          end
+
+          it { expect{ can("user", :undefined_capability){} }.to raise_error(DummyException) }
+          it { expect{ can("user", :undefined_capability)}.to_not raise_error(DummyException) }
+        end
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,48 @@
+require 'simplecov'
+require 'cando'
+
+module SimpleCov::Configuration
+  def clean_filters
+    @filters = []
+  end
+end
+
+SimpleCov.configure do
+  clean_filters
+  load_profile 'test_frameworks'
+end
+
+ENV["COVERAGE"] && SimpleCov.start do
+  add_filter "/.rvm/"
+end
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+
+require 'rspec'
+require 'cando'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+ENV['CANDO_TEST_DB'] or raise "Please set CANDO_TEST_DB to a valid configuration similar to 'mysql://user:passwd@localhost/database'"
+
+RSpec.configure do |config|
+  Sequel.extension :migration
+  migration = eval(File.read(File.join(File.dirname(File.dirname(__FILE__)), "contrib", "initial_schema.rb")))
+  db = nil
+
+  config.before(:suite) do
+    db = CanDo.init do
+      connect ENV['CANDO_TEST_DB']
+    end
+  end
+
+  config.before(:each) do
+    db.drop_table(*db.tables)
+    migration.apply(db, :up)
+  end
+end
+
+def connect
+end

metadata

@@ -0,0 +1,180 @@
+--- !ruby/object:Gem::Specification
+name: cando
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Daniel Bornkessel
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-05-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: sequel
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.10.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.10.0
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.0.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.0.1
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: cando description
+email: daniel@soundcloud.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE.txt
+- README.md
+files:
+- .document
+- .rspec
+- .travis.yml
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- VERSION
+- cando.gemspec
+- contrib/initial_schema.rb
+- lib/cando.rb
+- lib/models/capability.rb
+- lib/models/role.rb
+- lib/models/user.rb
+- lib/tasks/cando.rake
+- spec/cando_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/kesselborn/cando
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -3220119119017063207
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Simple roles helper
+test_files: []