canner 0.0.2 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d4c1916c358ac2040e5e7af1b5f458694f1d7556
-  data.tar.gz: 48e86af5958f48b6ce380c3352ab959f9bbcdf54
+  metadata.gz: 5fe7375f518e4b28b54badd6031ace79365f8105
+  data.tar.gz: 8939b3f2f12e4a4dbb6cb4cf76e288369bbf0e5f
 SHA512:
-  metadata.gz: 8ad895fff72a54398cbe5fd46fffdb5484c09f11cbd3a345d5e2519fd6469ec2b3c94f2c837dadbc99582ef59d5f8f9ac70befba74fc4a5af8316d45b5176d83
-  data.tar.gz: da99f014df61265620e9ae56cdb8af833d852b0e71b0fc6a3bbdd91ecea5b13854ee420138ff817305fa57938238f4087e87b888eae451f0c5a4c567adc1d8c5
+  metadata.gz: 62a5ea258681115223f0f122d13246ef36f29eae14b8725831d0e79d1ec81f4a07f91189ba4a44d7465b2639581cc530ea409028bf508dce52e04b2adda0b86a
+  data.tar.gz: 5ec594066b2daeeff61bdb71f7580dcb71bd6ce427549dbc74a9ae9f48700d9411312d1edb1ce3323321e6ae52307161f1854556f0b19d5d24beac9f20db4df1

data/README.md

@@ -1,35 +1,22 @@
 Canner
 ======
 
-Canner is an authorization gem heavily modeled after Pundit.
-The goal is to take away some of the magic that exists in other auth gems out there and
-provide the flexibility needed for your specific app.
+Canner is an authorization gem heavily modeled after Pundit.  
 
-Who needs another auth gem?  There's a bunch of very good ones out there.
-Pundit, cancan, cancancan, Declarative Authorization to name a few very good alternatives.
+Canner's intention is to provide you a framework for authorization that has little to no magic.  
+Your canner policies can be as simple or as complicated as your app requires.
 
-Unfortunately none of those solutions had built in support for a requirement I had on a project.
-My application needed to authorize a user at a given store location.
+Who needs another auth gem?  There's a bunch of very good ones out there.  
+Pundit, cancan, cancancan and Declarative Authorization to name a few alternatives.  
 
-Suppose I opened a store in Pittsburgh named Joe's Hash Rockets. The word quickly got around that Joe's
-hash rockets are the best in town!  Business is booming and after some market research I determine that
-Cleveland is a perfect place to open another store location.
+Unfortunately for me, none of those solutions had built in support for a requirement I have on the
+project [Kennel Captain](http://www.kennelcaptain.com)  
 
-The problem is that I have some reports that only the store manager should see.
-In any of the above listed gems if you have a manager role you could see all the reports regardless
-of the store location aka store branch.
+We need to authorize a user at a given store location, and that's a feature canner will support.
 
-Canner takes this additional layer of authorization in to account.
-Instead of saying:
-Can the currently signed in user access this particular report.
-Canner can say:
-Can the currently signed in user access this particular report for this particular branch.
+For details see the wiki page [Authorize with Branches ( Store Locations )](https://github.com/jacklin10/canner/wiki/Authorize-with-Branches)
 
-To do this in other libraries you might find yourself creating roles like
-pittsburgh_manager and cleveland_manager.  Or maybe writing some monkey patches to hack in what you need.
-
-Canner is designed to give you an outline of what you'll need for your app's auth needs and leaves
-the level of complexity needed up to the requirements of your particular application.
+Also note that canner works fine if you don't need this particular feature, its just there if you do.
 
 ## Installation
 
@@ -46,14 +33,6 @@ Then run
 bundle install
 ```
 
-After the gem is installed you'll need to run the install generator:
-
-``` ruby
-rails g canner:install
-```
-
-This will create a policies directory and create the base_policy.rb
-
 Now include canner in your application_controller.rb
 
 ``` ruby
@@ -66,13 +45,24 @@ You'll then need to create a Policy class for the models you'd like to authorize
 rails g canner:policy user
 ```
 
-Restart your server
+If your app gets roles from a user in a way other than @current_user.roles then you'll
+need to override the fetch_roles policy method.
+
+```ruby
+rails g canner:fetch_roles
+```
+
+More details are available in the wiki: 
+[Overriding the Fetching of Roles](https://github.com/jacklin10/canner/wiki/Feed-Roles)
 
 ## Policies
 
 As mentioned Canner is strongly influenced by Pundit and is also based on Policy objects.
-Your policy objects should be named using the pattern model_namePolicy.rb.
-i.e UserPolicy, CustomerPolicy, AppPolicy.
+Your policy objects should be named using the following pattern:   
+UserPolicy, CustomerPolicy, AppPolicy.
+
+Use the generator to save you some time: 
+``` rails g canner:policy <model name> ```
 
 Your policy models need to implement 2 methods:
 ``` ruby
@@ -85,7 +75,9 @@ end
 
 ### canner_scope
 
-The canner_scope method is used to scope the models consistently in your app.
+You'll want to implement this method for each of your model policies that extend from base_policy.rb.
+
+The canner_scope method is used to scope the authorized models consistently in your app.
 
 For example in my app the Customers controller uses the canner_scope to
 ensure only Users from the current_company are displayed.
@@ -129,9 +121,12 @@ class CustomerPolicy < BasePolicy
 end
 ```
 
-### can?
+Now you don't really need to think about the auth logic when fetching a list of customers.
+Just make sure you use the policy and you'll only show the users what is intended.
 
-You probably recognize this method from Ryan Bates' cancan gem.  The idea is the same as well.
+Also if your policy changes at some point its a one place fix.
+
+### can?
 
 You use the can method to determine if the current_user is able to access an action or resource.
 
@@ -148,10 +143,9 @@ when :something_random
 else
   false
 end
-
-# Then in controller do:
-can?(:something_random, :customer)
 ```
+# Then in controller do:
+```can?(:something_random, :customer)```
 
 In english the can method is saying:
 
@@ -160,12 +154,22 @@ use the CustomerPolicy's can? method to do the checking.
 
 `can?(:something_random, :user)` would use the ... you guessed it UserPolicy's can? method.
 
+If you want to deny access by default across all model policies you could do something as simple as:
+
+``` ruby
+def can?
+  false
+end
+```
+
+in your base_policy's `can?` method
+
 ### Force the Use of Policies
 
 Also like Pundit you can force your app to use policies.
 I recommend you do this so you don't forget to wrap authorization about some of your resources.
 
-To make sure your controller actions are using the can? method add this to your
+To make sure your controller actions are using the can? method add this near the top of your
 application_controller.rb
 
 ``` ruby
@@ -180,6 +184,15 @@ after_action :ensure_scope, only: :index
 Note the use of only here.  You usually won't need the canner_scope on anything except
 for the index to be strictly enforced.
 
+If you would like to skip for a particular controller just add
+``` ruby
+skip_filter :ensure_scope
+```
+And / Or
+``` ruby
+skip_filter :ensure_auth
+```
+
 ### Handle Canner Authorization Failures
 
 When a user does stumble onto something they don't have access to you'll want to politely
@@ -188,18 +201,18 @@ tell them about it and direct the app flow as you see fit.
 To accomplish this in your application_controller.rb add
 
 ``` ruby
-  rescue_from Canner::NotAuthorizedError, with: :user_not_authorized
+rescue_from Canner::NotAuthorizedError, with: :user_not_authorized
 ```
 
 You can name your method whatever you want.  Mine is user_not_authorized and looks like this:
 
 ``` ruby
-  private
+private
 
-  def user_not_authorized(exception)
-    flash[:error] = exception.message
-    redirect_to(request.referrer || root_path)
-  end
+def user_not_authorized(exception)
+  flash[:error] = exception.message
+  redirect_to(request.referrer || root_path)
+end
 ```
 
 ### Using can? in views
@@ -228,4 +241,7 @@ would only be able to see the create customer link if they had an admin role.
   end
 ```
 
+## Testing
 
+See the wiki for some testing tips
+[Testing](https://github.com/jacklin10/canner/wiki/Testing)

data/canner.gemspec

@@ -20,7 +20,7 @@ Gem::Specification.new do |gem|
   gem.add_dependency "activesupport"
   gem.add_development_dependency "activemodel"
   gem.add_development_dependency "bundler", "~> 1.3"
-  gem.add_development_dependency "rspec", "~> 3.0"
+  gem.add_development_dependency "rspec", "~> 2.1"
   gem.add_development_dependency "pry"
   gem.add_development_dependency "rake"
   gem.add_development_dependency "yard"

data/lib/canner/policy.rb

@@ -0,0 +1,60 @@
+module Canner
+
+  class Policy
+
+    def initialize(current_user, method, current_branch=nil)
+      @current_user = current_user
+      @current_branch = current_branch
+      @method = method.to_sym
+      @roles = fetch_roles
+    end
+
+    # if you handle your roles differently you'll need to override.
+    # use: rails g canner:fetch_roles
+    # expects an array or strings or symbols that represent the user roles
+    def fetch_roles
+      @current_user.roles
+    end
+
+    # implement in your policy class to auto scope in an action
+    def canner_scope
+      raise ArgumentError.new("NOT IMPLEMENTED")
+      # ex:
+      # case @method
+      # when :index
+      #   User.by_branch(@current_branch)
+      # else
+      #   User.none
+      # end
+    end
+
+    # implment in your policy class.
+    # return true when the user can access the action or resource and false when they can't
+    def can?
+      raise ArgumentError.new("NOT IMPLEMENTED")
+      # ex:
+      # case @method
+      # when :index, :show
+      #   has_role?(:admin)
+      # else
+      #   false
+      # end
+    end
+
+    protected
+
+    def is_method?(methods)
+      prepare(methods).include?(@method)
+    end
+
+    def has_role?(roles)
+      begin
+        @roles.any?{|r| Util.prepare(roles).include?(r.to_sym) }
+      rescue Exception => e
+        raise ArgumentError.new "Canner: Problem fetching user roles. If current_user.roles isn't how you do it see wiki for overriding fetch_roles."
+      end
+    end
+
+  end
+
+end

data/lib/canner/util.rb

@@ -13,7 +13,7 @@ class Util
 
     # ensure given roles are in the form of an array
     def arrayify(roles)
-      roles.class == Array ? roles : [roles].flatten
+      Array.wrap(roles).flatten
     end
 
   end

data/lib/canner/version.rb

@@ -1,3 +1,3 @@
 module Canner
-  VERSION = "0.0.2"
+  VERSION = "0.1.0"
 end

data/lib/canner.rb

@@ -1,10 +1,19 @@
-# ASSUMES that your permissions policy is in a file with the same name as your model but with Perm.
-# i.e UserPerm, CustomerPerm
+require 'active_support/core_ext/string'
+require "active_support/concern"
+require 'canner/policy'
+require 'canner/util'
+
 module Canner
 
+  extend ActiveSupport::Concern
+
   # so you don't have to have a helper method in the app_controller
-  def self.included(c)
-    c.helper_method :canner_policy
+  included do
+    if respond_to?(:helper_method)
+      helper_method :canner_policy
+      helper_method :canner_user
+      helper_method :canner_branch
+    end
   end
 
   class NotAuthorizedError < StandardError
@@ -14,12 +23,21 @@ module Canner
   class AuthNotUsedError < StandardError; end
   class ScopeNotUsedError < StandardError; end
 
+  def auth_used
+    @auth_used ||= false
+  end
+
+  def scope_used
+    @scope_used ||= false
+  end
+
   # method_name - The controller action method that you are concerned with access
   # target_model - Name of the object you are limiting access to. ( :user, :pet, :customer )
   # target_obj   - The instance obj for what you want to test.  ( does user 1 have access to company 1?)
   def instance_can?(method_name, target_model, target_obj)
     policy = canner_policy(method_name, target_model)
     raise NotAuthorizedError.new("You do not have access to this #{target_model.capitalize}") unless policy.instance_can?(target_obj)
+    true
   end
 
   # method_name - The controller action method that you are concerned with access
@@ -27,6 +45,7 @@ module Canner
   def can?(method_name, target_model)
     @auth_used = true
     raise NotAuthorizedError.new("You are not authorized to perform this action.") unless canner_policy(method_name, target_model).can?
+    true
   end
 
   # method_name - The controller action method that you are concerned with access
@@ -36,20 +55,32 @@ module Canner
     canner_policy(method_name, target_model).canner_scope
   end
 
+  # override this if your method for getting the current user isn't called current_user.
+  def canner_user
+    current_user
+  end
+
+  # override this if your method for getting the current branch isn't called current_branch.
+  def canner_branch
+    current_branch
+  end
+
   protected
 
   def ensure_scope
     return if devise_controller? rescue false
-    raise ScopeNotUsedError.new("Must use a canner_scope or exclude this action from the after_action") unless @scope_used
+    raise ScopeNotUsedError.new("Must use a canner_scope or exclude this action from the after_action") unless scope_used
+    true
   end
 
   def ensure_auth
     return if devise_controller? rescue false
-    raise AuthNotUsedError.new("Must use can? method or exclude this action from the after_action") unless @auth_used
+    raise AuthNotUsedError.new("Must use can? method or exclude this action from the after_action") unless auth_used
+    true
   end
 
   def canner_policy(method_name, target_model)
-    derive_class_name(target_model).constantize.new(current_user, current_branch, method_name)
+    derive_class_name(target_model).constantize.new(canner_user, method_name, canner_branch)
   end
 
   def derive_class_name(target_model)

data/lib/generators/canner/fetch_roles/USAGE

@@ -0,0 +1,3 @@
+Description:
+  Generates a base_policy.rb and a stub for the fetch_roles method.  
+  rails g canner:fetch_roles

data/lib/generators/canner/{install/install_generator.rb → fetch_roles/fetch_roles_generator.rb}

@@ -1,6 +1,6 @@
 module Canner
   module Generators
-    class InstallGenerator < ::Rails::Generators::Base
+    class FetchRolesGenerator < ::Rails::Generators::Base
       source_root File.expand_path(File.join(File.dirname(__FILE__), 'templates'))
 
       def copy_application_policy

data/lib/generators/canner/fetch_roles/templates/base_policy.rb

@@ -0,0 +1,8 @@
+class BasePolicy < Canner::Policy
+
+  # results expected to be an array or strings or symbols that represent the user roles
+  def fetch_roles
+    @current_user.roles
+  end
+
+end

data/lib/generators/canner/policy/USAGE

@@ -1,8 +1,14 @@
 Description:
-    Generates a policy for a model with the given name.
+  Generates a policy for a model with the given name.
 
-Example:
+  Example:
     rails generate canner:policy user
 
     This will create:
-        app/policies/user_policy.rb
+      app/policies/user_policy.rb
+  
+  Note: 
+    If you have overridden fetch_roles, or created a base policy of your own you'll want to pass
+    the parent option and specify your parent.
+
+    rails generate canner:policy user --parent BasePolicy

data/lib/generators/canner/policy/policy_generator.rb

@@ -2,12 +2,24 @@ module Canner
   module Generators
     class PolicyGenerator < ::Rails::Generators::NamedBase
       source_root File.expand_path(File.join(File.dirname(__FILE__), 'templates'))
+      check_class_collision suffix: "Policy"
+
+      class_option :parent, type: :string, desc: "The parent class for the generated policy"
 
       def create_policy
         template 'policy.rb', File.join('app/policies', class_path, "#{file_name}_policy.rb")
       end
 
       hook_for :test_framework
+
+      private
+
+      def parent_class_name
+        options.fetch("parent") do
+          Canner::Policy
+        end
+      end
+
     end
   end
 end

data/lib/generators/canner/policy/templates/policy.rb

@@ -1,5 +1,5 @@
 <% module_namespacing do -%>
-class <%= class_name %>Policy < BasePolicy
+class <%= class_name %>Policy < <%= parent_class_name %>
 
   def canner_scope
     case @method

data/lib/generators/test_unit/policy_generator.rb

@@ -0,0 +1,11 @@
+module TestUnit
+  module Generators
+    class PolicyGenerator < ::Rails::Generators::NamedBase
+      source_root File.expand_path(File.join(File.dirname(__FILE__), 'templates'))
+
+      def create_policy_test
+        template 'policy_test.rb', File.join('test/policies', class_path, "#{file_name}_policy_test.rb")
+      end
+    end
+  end
+end

data/lib/generators/test_unit/templates/policy_test.rb

@@ -0,0 +1,11 @@
+require 'test_helper'
+
+class <%= class_name %>PolicyTest < ActiveSupport::TestCase
+
+  def can?
+  end
+
+  def canner_scope
+  end
+
+end

data/spec/canner_spec.rb

@@ -0,0 +1,151 @@
+require "spec_helper"
+require "canner"
+
+class Sample
+end
+
+class SamplePolicy
+
+  def initialize(current_user, method, current_branch)
+    @current_user = current_user
+    @current_branch = current_branch
+    @method = method.to_sym
+    @roles = fetch_roles
+  end
+
+  def fetch_roles
+    # ['admin']
+  end
+
+  def canner_scope
+    # [Sample.new]
+  end
+
+end
+
+class AppController
+  include Canner
+
+  attr_reader :current_user, :current_branch, :params
+end
+
+describe Canner do
+  let(:user) { double }
+  let(:branch) { double }
+  let(:app_controller) { AppController.new }
+  let(:sample_policy) {SamplePolicy.new(user, 'index', branch) }
+
+  describe "instance_can?" do
+
+    it "should call the policy's instance_can method" do
+      expect(app_controller).to receive(:canner_policy).and_return(sample_policy)
+      expect(sample_policy).to receive(:instance_can?).and_return true
+
+      app_controller.instance_can?('test', 'sample', Sample.new)
+    end
+
+    it "should raise a NotAuthorizedError if the policy's instance_can? returns false" do
+      expect(app_controller).to receive(:canner_policy).and_return(sample_policy)
+      expect(sample_policy).to receive(:instance_can?).and_return false
+
+      expect { app_controller.instance_can?('test', 'sample', Sample.new) }.to raise_error(Canner::NotAuthorizedError)
+    end
+
+    it "should return true if the policy allows access to the instance" do
+      expect(app_controller).to receive(:canner_policy).and_return(sample_policy)
+      expect(sample_policy).to receive(:instance_can?).and_return true
+
+      app_controller.instance_can?('test', 'sample', Sample.new).should be_truthy
+    end
+
+  end
+
+  describe "can?" do
+
+    it "should call the policy's can? method" do
+      expect(app_controller).to receive(:canner_policy).and_return(sample_policy)
+      expect(sample_policy).to receive(:can?).and_return true
+
+      app_controller.can?('test', 'sample')
+    end
+
+    it "should raise a NotAuthorized error if the policy's can? returns false" do
+      expect(app_controller).to receive(:canner_policy).and_return(sample_policy)
+      expect(sample_policy).to receive(:can?).and_return false
+
+      expect { app_controller.can?('test', 'sample') }.to raise_error(Canner::NotAuthorizedError)
+    end
+
+    it "should return true if the policy's can? permits access" do
+      expect(app_controller).to receive(:canner_policy).and_return(sample_policy)
+      expect(sample_policy).to receive(:can?).and_return true
+
+      expect(app_controller.can?('test', 'sample')).to eq true
+    end
+
+  end
+
+  describe "canner_scope" do
+
+    it "should call the policy's canner_scope" do
+      expect(app_controller).to receive(:canner_policy).and_return(sample_policy)
+      expect(sample_policy).to receive(:canner_scope)
+
+      app_controller.canner_scope('test', 'sample')
+    end
+
+  end
+
+  describe "ensure_scope" do
+
+    it "should not raise an error if canner_scope was called" do
+      expect(app_controller).to receive(:canner_policy).and_return(sample_policy)
+      expect(sample_policy).to receive(:canner_scope).and_return(true)
+      app_controller.canner_scope('test', 'sample')
+
+      expect(app_controller.send(:ensure_scope)).to be_truthy
+    end
+
+    it "should raise error if canner_scope was not called" do
+      expect { app_controller.send(:ensure_scope) }.to raise_error(Canner::ScopeNotUsedError)
+    end
+
+  end
+
+  describe "ensure_auth" do
+
+    it "should not raise an error if can? was called" do
+      expect(app_controller).to receive(:canner_policy).and_return(sample_policy)
+      expect(sample_policy).to receive(:can?).and_return(true)
+      app_controller.can?('test', 'sample')
+
+      expect(app_controller.send(:ensure_auth)).to be_truthy
+    end
+
+    it "should raise error if can? was not called" do
+      expect { app_controller.send(:ensure_auth) }.to raise_error(Canner::AuthNotUsedError)
+    end
+
+  end
+
+  describe "canner_policy" do
+
+    it "should instantiate the proper policy class" do
+      expect(app_controller).to receive(:canner_user).and_return user
+      expect(app_controller).to receive(:canner_branch).and_return branch
+
+      expect(app_controller.send(:canner_policy, 'test', 'sample')).to be_a SamplePolicy
+    end
+
+  end
+
+  describe "derive_class_name" do
+
+    it "should return the proper policy class name from the model" do
+      expect(app_controller.send(:derive_class_name, 'sample')).to eq "SamplePolicy"
+      expect(app_controller.send(:derive_class_name, 'samples')).to eq "SamplePolicy"
+    end
+
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,17 @@
+# This file was generated by the `rspec --init` command. Conventionally, all
+# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
+# Require this file using `require "spec_helper"` to ensure that it is only
+# loaded once.
+#
+# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end

metadata

@@ -1,111 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: canner
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.1.0
 platform: ruby
 authors:
 - Joe Acklin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-17 00:00:00.000000000 Z
+date: 2014-08-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '2.1'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: No magic authorization for Rails
@@ -115,25 +115,28 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
+- .gitignore
 - Gemfile
 - LICENSE
 - README.md
 - Rakefile
 - canner.gemspec
 - lib/canner.rb
-- lib/canner/rspec.rb
+- lib/canner/policy.rb
 - lib/canner/util.rb
 - lib/canner/version.rb
-- lib/generators/canner/install/USAGE
-- lib/generators/canner/install/install_generator.rb
-- lib/generators/canner/install/templates/base_policy.rb
+- lib/generators/canner/fetch_roles/USAGE
+- lib/generators/canner/fetch_roles/fetch_roles_generator.rb
+- lib/generators/canner/fetch_roles/templates/base_policy.rb
 - lib/generators/canner/policy/USAGE
 - lib/generators/canner/policy/policy_generator.rb
 - lib/generators/canner/policy/templates/policy.rb
 - lib/generators/rspec/policy_generator.rb
 - lib/generators/rspec/templates/policy_spec.rb
-- spec/Gemfile
+- lib/generators/test_unit/policy_generator.rb
+- lib/generators/test_unit/templates/policy_test.rb
+- spec/canner_spec.rb
+- spec/spec_helper.rb
 homepage: https://github.com/jacklin10/canner
 licenses:
 - MIT
@@ -144,19 +147,21 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.0
+rubygems_version: 2.4.1
 signing_key: 
 specification_version: 4
 summary: Rails Auth
 test_files:
-- spec/Gemfile
+- spec/canner_spec.rb
+- spec/spec_helper.rb
+has_rdoc: 

data/lib/generators/canner/install/USAGE

@@ -1,2 +0,0 @@
-Description:
-    Generates the canner base policy.  All your policies need to inherit from this policy.

data/lib/generators/canner/install/templates/base_policy.rb

@@ -1,52 +0,0 @@
-class BasePolicy
-
-  def initialize(current_user, current_branch, method)
-    @current_user = current_user
-    @current_branch = current_branch
-    @method = method.to_sym
-    @roles = fetch_roles
-  end
-
-  # implement this in your policy class
-  # expects an array or strings or symbols that represent the user roles
-  def fetch_roles
-    raise ArgumentError.new("YOU NEED TO IMPLEMENT")
-    # ex. User.roles
-  end
-
-  # implement in your policy class to auto scope in an action
-  def canner_scope
-    raise ArgumentError.new("NOT IMPLEMENTED")
-    # ex:
-    # case @method
-    # when :index
-    #   User.by_branch(@current_branch)
-    # else
-    #   User.none
-    # end
-  end
-
-  # implment in your policy class.
-  # return true when the user can access the action or resource and false when they can't
-  def can?
-    raise ArgumentError.new("NOT IMPLEMENTED")
-    # ex:
-    # case @method
-    # when :index, :show
-    #   has_role?(:admin)
-    # else
-    #   false
-    # end
-  end
-
-  protected
-
-  def is_method?(methods)
-    prepare(methods).include?(@method)
-  end
-
-  def has_role?(roles)
-    @roles.any?{|r| prepare(roles).include?(r.to_sym) }
-  end
-
-end

data/spec/Gemfile

@@ -1,4 +0,0 @@
-source 'https://rubygems.org'
-
-# Specify your gem's dependencies in canner.gemspec
-gemspec