cant 0.2.0

data/.gitignore

@@ -0,0 +1,7 @@
+pkg/*
+coverage/
+.yardoc
+doc/
+
+*.gem
+.bundle

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,13 @@
+source "http://rubygems.org"
+
+# dependencies in cant.gemspec
+gemspec
+
+group :development do
+  gem 'rspec'
+  gem 'wrong'
+  gem 'guard-rspec'
+  gem 'growl'
+end
+
+

data/Gemfile.lock

@@ -0,0 +1,69 @@
+PATH
+  remote: .
+  specs:
+    cant (0.1.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    ParseTree (3.0.6)
+      RubyInline (>= 3.7.0)
+      sexp_processor (>= 3.0.0)
+    RubyInline (3.8.6)
+      ZenTest (~> 4.3)
+    ZenTest (4.4.2)
+    configuration (1.2.0)
+    diff-lcs (1.1.2)
+    file-tail (1.0.5)
+      spruz (>= 0.1.0)
+    growl (1.0.3)
+    guard (0.2.2)
+      open_gem (~> 1.4.2)
+      thor (~> 0.14.3)
+    guard-rspec (0.1.9)
+      guard (>= 0.2.2)
+    launchy (0.3.7)
+      configuration (>= 0.0.5)
+      rake (>= 0.8.1)
+    open_gem (1.4.2)
+      launchy (~> 0.3.5)
+    predicated (0.2.2)
+    rake (0.8.7)
+    rspec (2.3.0)
+      rspec-core (~> 2.3.0)
+      rspec-expectations (~> 2.3.0)
+      rspec-mocks (~> 2.3.0)
+    rspec-core (2.3.0)
+    rspec-expectations (2.3.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.3.0)
+    ruby2ruby (1.2.5)
+      ruby_parser (~> 2.0)
+      sexp_processor (~> 3.0)
+    ruby_parser (2.0.5)
+      sexp_processor (~> 3.0)
+    sexp_processor (3.0.5)
+    sourcify (0.4.0)
+      ruby2ruby (>= 1.2.5)
+      sexp_processor (>= 3.0.5)
+    spruz (0.2.2)
+    thor (0.14.6)
+    wrong (0.5.0)
+      ParseTree (~> 3.0)
+      diff-lcs (~> 1.1.2)
+      file-tail (~> 1.0)
+      predicated (>= 0.2.2)
+      ruby2ruby (~> 1.2)
+      ruby_parser (~> 2.0.4)
+      sexp_processor (~> 3.0)
+      sourcify (>= 0.3.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  cant!
+  growl
+  guard-rspec
+  rspec
+  wrong

data/Guardfile

@@ -0,0 +1,8 @@
+# A sample Guardfile
+# More info at http://github.com/guard/guard#readme
+
+guard 'rspec', :version => 2 do
+  watch('^spec/(.*)_spec.rb')
+  watch('^lib/(.*)\.rb')                              { |m| "spec/#{m[1]}_spec.rb" }
+  watch('^spec/spec_helper.rb')                       { "spec" }
+end

data/LICENSE.mit

@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2010 Thierry Henrio
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,204 @@
+Intent
+======
+
+Lightweight authorization library, that let you choose where and how you write your rules
+
+Cant is agnostic : you can use it in any existing or future framework, provided names don't clash
+
+Cant is small and even simple : it is 120 lines of code, has no dependencies but for testing
+
+Cant can be configured at class level, and support basic configuration inheritance
+
+
+What does it look like ?
+========================
+
+Examples
+--------
+
+* in an existing model
+
+        class User
+          include Cant::Embeddable
+      
+          cant do |action, code|
+            (action == :post and Code === code) if drunken?
+          end
+        end
+
+        deny {bob.cant? :post, kata}
+
+* in a separate model
+        
+        class Permission
+          include Cant::Embeddable
+      
+          cant do |user, action, resource|
+            (action == :post and Code === resource) if user.drunken?
+          end
+        end
+
+        assert {permission.cant? jackie, :post, kata}        
+
+* in a rails controller
+
+        class ApplicationController < ActionController::Base
+          include Cant::Embeddable
+          alias_method :authorize_user!, :die_if_cant!
+          helper_method :cant?
+          
+          rescue_from Cant::AccessDenied do |error|
+            flash[:error] = error.message
+            redirect_to request.referer
+          end
+        end
+        
+        class KatasController < ApplicationController
+          before_filter :authenticate_user!, :authorize_user!
+      
+          cant do |request|
+            current_user.drunken? if request.method == 'POST'
+          end
+        end
+        
+* in a rack middleware ... I have not experimented yet ...
+  
+  breaking authorization into small independent pieces is valuable, and you do not need a library for that, though using Cant::Editable and Cant::Questionable mixins can help you do that
+  
+        
+
+Concepts
+========
+
+Cant is simply put a reduce (or [fold](http://learnyousomeerlang.com/higher-order-functions)) on a list of Rules.
+
+* __Rule__ 
+
+  a tuple of functions {__predicate__, __die__}.
+  
+* __rules__
+
+  a list of __Rule__s
+
+* __fold__
+
+  function defining how __rules__ are traversed, and how each predicate is evaluated, and what is the result
+
+  Cant provide two fold functions, returning both first __Rule__ that predicates, or nil
+
+* __predicate__
+
+  default rationale is : true means cant
+
+* __die__
+
+  a function, that can raise or return any result suitable to your need
+
+* __cant?__
+
+  calls fold function to operate on __rules__
+
+* __die\_if\_cant!__
+
+  calls fold function to operate on __rules__, and calls die function on result
+
+How do I define rules ?
+=======================
+
+First, choose where you want to define your list, and what information a Rule will need
+
+The point of cant is to define a lists of similar rules together, so that they will require similar informations
+
+A list of rules can be embedded in an existing class using Cant::Embeddable mixin
+
+* define rule and functions at class level
+* evaluate predicates at instance level
+
+Then there is one list of rules for any instance of this class, and instance evaluation leads to terser rules
+
+Note that a list of rules can be shared by many inquirers, either explicitly or by using class instance variable inheritance feature
+
+Default Values
+--------------
+
+__Cant__ module has "reasonable" default values for __fold__, __die__, __rules__
+
+The Cant::Editable module gather methods to configure a Cant engine (fold, die, rules), and defaults to Cant module values
+
+Inheritance
+-----------
+
+Cant support _basic_ inheritance functionality for configuration with the Cant::Embeddable module ...
+Ouch what that means ?
+
+    Given Admin inherits from User
+      And User.die {"I'm not dead!"}
+    Then assert {Admin.die.call == "I'm not dead!"} is true
+
+Well, have a look at read documentation and source code embeddable.rb if you are having trouble with this functionality
+
+What is the arity of a __predicate__ function ? 
+-----------------------------------------------
+
+You are free to pick one that suit your needs
+
+There are a couple of things to drive your choice :
+
+* params of __cant?__ are passed to __predicate__
+
+* params of __die\_if\_cant!__ are passed to __predicate__ and __die__
+
+* number and order of params of in a rule list should be the same
+
+* the context of predicate evaluation (that is defined in fold function)
+  the receiver methods will be available in function
+  
+* a container can be a handy parameter (Hash)
+  _env_, _params_
+  
+* a block is a proc, and can use default values for params
+
+So pick your own semantic, or grow an existing one
+
+How do I verify authorization ?
+===============================
+
+Cant very meaning is : you can unless you cant, and you define what you cant
+
+Defining _not_ or _negative_ ability require some thinking, and I believe we can do it :)
+
+Use __cant?__ method to check
+
+Use __die\_if\_cant!__ method to check and run __die__ code
+
+When you check, provide the list of parameters you specified in your list of rules
+
+Inspired from
+=============
+
+* [cancan](https://github.com/ryanb/cancan), as I started with it and saw that it did not functioned in presence of mongoid as of < 1.5 ... so I planned to do something no dependent of a model implementation
+
+* [learn you some erlang?](http://learnyousomeerlang.com/higher-order-functions#maps-filters-folds), for the fold illustrations
+
+* [Howard](http://rubyquiz.com/quiz67.html) and [Nunemaker](http://railstips.org/blog/archives/2006/11/18/class-and-instance-variables-in-ruby/) for inheritable class instance variables
+
+
+Does it work ?
+==============
+
+specs are green on mri : [1.9.2-p0, 1.8.7-p302]
+
+C0 coverage is acceptable under ruby-1.9.2-p0 (100% is acceptable for this kind of code)
+
+There is few lines of code as concept is simple : fold a list of functions...
+Though, we can make it better and lesser, cant we ?
+
+
+Help|Contribute
+===============
+
+Fill an item in tracker
+
+Add a page on wiki
+
+Add a spec, open a pull request on topic branch, commit granted on first accepted patch|pull

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks
+
+task :clean do
+  FileUtils.rm_rf 'pkg', :verbose => true
+end

data/cant.gemspec

@@ -0,0 +1,52 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "cant/version"
+
+Gem::Specification.new do |s|
+  s.name        = "cant"
+  s.version     = Cant::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["thierry.henrio"]
+  s.email       = ["thierry.henrio@gmail.com"]
+  s.homepage    = "https://github.com/thierryhenrio"
+  s.summary     = %q{Tiny authorization library, let you craft your own rules}
+  s.description = %q{
+    include Cant
+    ------------
+        class User; include Cant::Embeddable; end
+        
+        class AuthorizationMiddleware; include Cant::Embeddable; end
+        
+    declare rules
+    -------------
+        User.cant do |action=:update, post|
+          not post.user == self if Post === resource and action == :update
+        end
+        
+        AuthorizationMiddleware.cant do |env|
+          not env['user'] == env['post'].user if env.path =~ /^\posts/ and env.method == 'PUT'
+        end
+        
+    verify
+    ------
+        user.cant? :update, post
+        user.die_if_cant! :update, post
+
+    control
+    -------
+        rescue_from Cant::AccessDenied do |error|
+         flash[:error] = error.message
+         redirect_to request.referer
+        end
+    }
+
+  s.rubyforge_project = "cant"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+  
+  s.add_development_dependency 'rspec'
+  s.add_development_dependency 'wrong'
+end

data/lib/cant/embeddable.rb

@@ -0,0 +1,39 @@
+require 'cant/engine'
+module Cant
+  module Embeddable
+    # class instance variable can be helpful there
+    # 
+    # http://rubyquiz.com/quiz67.html
+    # http://rubykoans.com/
+    #
+    # and there is code available, though I did not fully parsed it with enlightenment yet :)
+    # https://github.com/ahoward/fattr
+    # 
+    # see also
+    # http://www.ruby-forum.com/topic/197051
+    # http://railstips.org/blog/archives/2006/11/18/class-and-instance-variables-in-ruby/
+    # 
+    class << self
+      def included(base)
+        base.extend Cant::Editable
+        
+        # XXX this sucks if class defines its own inherited callback and includes Cant::Embeddable
+        # double evil : order of inherited and extend statement has an effect : latter overwrite earlier !!!
+        class << base
+          def inherited(subclass)
+            subclass.rules.concat(rules)
+            [:die, :fold].each do |attr|
+              subclass.send(attr, &(send(attr)))
+            end
+            super
+          end
+        end
+      end
+    end
+    
+    include Cant::Questionable
+    def cantfiguration
+      self.class
+    end    
+  end  
+end

data/lib/cant/engine.rb

@@ -0,0 +1,175 @@
+module Cant
+  module Editable
+    # list of Rules
+    # returns the list of rules for this device
+    def rules
+      unless @rules
+        @rules = []
+        @rules.concat(Cant.rules) unless self == Cant
+      end
+      @rules
+    end    
+    # add a Rule, as a pair of functions {predicate, die}
+    #
+    # block form sets predicate function.
+    # block can have argument, (as any proc)
+    #
+    # eg :
+    #  rooms = [:kitchen] 
+    #  cant {|context| rooms.include?(context[:room]) and context[:user]}
+    #  cant {current_user.admin?}
+    #
+    # returns a rule which die function can be configured
+    #
+    #   cant do |controller|
+    #     controller.request.path =~ /admin/ unless controller.current_user.admin?
+    #   end.die do |controller| 
+    #     raise AccessDenied.new(controller.request)
+    #   end
+    # 
+    # options form looks for the predicate and die functions as values in options, 
+    # under symbols :predicate and :die
+    # 
+    # cant :predicate => proc {|controller| not controller.current_user}, 
+    #   :die => proc {|controller| controller.redirect '/users/sign_in'}
+    def cant(options={}, &block)
+      rule = if block.nil?
+        Rule.new(options[:predicate], options[:die] || self.die)
+      else
+        Rule.new(block, self.die)
+      end
+      rules << rule
+      rule
+    end
+
+    # set default die function for this device
+    #
+    # example : 
+    #   die do |request|
+    #     raise AccessDenied, "Cant process #{request}"
+    #   end
+    def die(&block)
+      @die = block unless block.nil?
+      @die || Cant.die
+    end
+    
+    # define fold function
+    # fold function has arity 2..n
+    # - rules : the rules to traverse
+    # - receiver : a Questionable asking for cant?
+    # - *args : the arguments for each rule to pass to predicate functions
+    # 
+    # returns a rule if strategy evaluates it cant do
+    # nil either
+    #
+    # eg :
+    #   fold {true} #=> always cant
+    #   fold {|rules, _receiver, context| rules.reverse.find {|rule| rule.predicate?(context)}}
+    def fold(&block)
+      @fold = block unless block.nil?
+      @fold || Cant.fold
+    end
+  end
+  
+  # module level configuration
+  #   Cant.fold
+  #   Cant.die
+  class << self
+    include Editable
+  end
+  # module level default values
+  fold {|rules, receiver, *args| Folds.first_rule_that_predicates_in_receiver(rules, receiver, *args)}
+  die {|*args| raise AccessDenied, "Cant you do that #{args}, can you ??"}
+  
+  # questionable interface
+  module Questionable
+    attr_writer :cantfiguration
+    def cantfiguration
+      @cantfiguration ||= Object.new.extend(Editable)
+    end
+    # return strategy fold for rules with context (a rule or nil)
+    def cant?(*args)
+      cantfiguration.fold.call(cantfiguration.rules, self, *args)
+    end
+    # return evaled die function of strategy fold
+    def die_if_cant!(*args)
+      rule = cant?(*args)
+      rule.die!(*args) if rule
+    end
+  end
+
+  # standalone engine
+  class Engine
+    include Editable
+    include Questionable
+    def cantfiguration
+      self
+    end
+  end
+
+  # a Rule is a pair of functions :
+  # - predicate(*args), that return true if predicate is met (hint of predicate?)
+  # - die(*args), that cant raise if convenient
+  #
+  # this class could have been:
+  # -spared
+  # -an Array, with an optional syntactic sugar
+  class Rule
+    # a new rule with a predicate and response function
+    def initialize(predicate=nil, die=Cant.die)
+      @predicate=predicate
+      @die = die
+    end
+    # set or return predicate function using block
+    # 
+    # return true means rule can die
+    #
+    # example : 
+    #   predicate do |request|
+    #     not current_user.admin? if request.path =~ /^\/admin/ 
+    #   end    
+    def predicate(&block)
+      @predicate = block unless block.nil?
+      @predicate
+    end
+    # evaluates predicate function with args
+    def predicate?(*args)
+      predicate.call(*args)
+    end    
+    # set die function using block
+    #
+    # example : 
+    #   die do |request|
+    #     raise AccessDenied, "Cant process #{request}"
+    #   end
+    def die(&block)
+      @die = block unless block.nil?
+      @die
+    end
+    # call die function with args
+    # 
+    # *args - variable list of arguments
+    def die!(*args)
+      die.call(*args)
+    end
+  end
+  
+  module Folds
+    class << self
+      # first rule that predicates to true, all args are carried to closure
+      # this strategy does not use the receiver argument, and evaluate each predicate with the binding of its creation
+      def first_rule_that_predicates(rules, _receiver, *args)
+        rules.find {|rule| rule.predicate?(*args)}
+      end
+      # strategy that evals block in receiver context
+      # closure is rebound to receiver (acting as a function)
+      def first_rule_that_predicates_in_receiver(rules, receiver, *args)
+        rules.find do |rule|
+          receiver.instance_exec(*args, &(rule.predicate))
+        end
+      end
+    end
+  end
+    
+  class AccessDenied < RuntimeError; end
+end

data/lib/cant/version.rb

@@ -0,0 +1,3 @@
+module Cant
+  VERSION = "0.2.0"
+end

data/lib/cant.rb

@@ -0,0 +1,2 @@
+require 'cant/engine'
+require 'cant/embeddable'

data/spec/cant/embeddable_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+require 'cant/embeddable'
+
+describe Cant::Embeddable do
+  class Foo
+    def foo?; true; end
+    include Cant::Embeddable
+    cant {|x| 9<x if foo?}
+  end
+  class Bar < Foo
+    def foo?; false; end
+    def bar?; true; end
+    cant {|x| x>20 if bar?}
+    die {true}
+  end
+  describe 'including class' do
+    it 'can configured, and instance be queried' do
+      foo = Foo.new
+      deny {foo.cant?(9)}
+      assert {rescuing{foo.die_if_cant!(10)}.is_a? Cant::AccessDenied}
+    end
+  end 
+  describe 'subclass' do
+    # this does not work !!!
+    # 
+    # it 'has base class callback called' do
+    #   assert {bar.imposterized?}
+    # end
+    it 'has superclass and self rules' do
+      assert {Bar.rules.length == 2}
+    end
+    it 'subclass can use it' do
+      bar = Bar.new
+      bar.cant?(10)
+      assert {bar.cant?(21)}
+    end
+    # XXX this might be considered as a bug
+    it 'does not gain superclass rules when modified after class loading' do
+      Foo.rules << :whop
+      deny {Bar.rules.include? :whoop}
+    end
+  end
+end

data/spec/cant/engine_spec.rb

@@ -0,0 +1,148 @@
+require 'spec_helper'
+require 'cant'
+require 'stunts/stunt'
+
+describe Cant do
+  it 'has fold default value to first_rule_that_predicates_in_receiver' do
+    Cant.cant {|x| include? x}
+    a = [1]
+    assert {Cant.fold.call(Cant.rules, a, 1)}
+  end
+  it 'has a raising die function' do
+    e = rescuing {Cant.die.call(:do, :that)}
+    assert {e.is_a? Cant::AccessDenied}
+    assert {e.message =~ /^Cant you do that.*\?$/}
+  end
+  it 'rules is enumerable' do
+    assert {Cant.rules.respond_to? :each}
+  end
+  after do
+    Cant.rules.clear
+  end
+end
+
+
+describe Cant::Editable do
+  let(:editable) {Object.new.extend Cant::Editable}
+  describe "#cant" do
+    it 'returns a Cant::Rule' do
+      rule = editable.cant {true}
+      assert {rule.is_a? Cant::Rule}
+    end
+    it 'accepts an option argument, that can provide both predicate and response functions' do
+      predicate, die = proc {:predicate}, proc {:die}
+      rule = editable.cant :predicate => predicate, :die => die
+      assert {rule.predicate == predicate}
+    end
+  end
+
+  describe '#fold' do
+    context 'with a block' do
+      it 'sets the fold proc' do
+        editable.fold {:onoes}
+        assert {editable.fold.call == :onoes}
+      end
+    end
+  end
+  
+  describe "#die" do
+    before do
+      # XXX preserving default value for class instance variable
+      @proc=Cant.instance_variable_get(:@die)
+      Cant.die{2}
+    end
+    it 'provide default die function for this engine rules' do
+      editable.die{:im_not_dead}
+      assert {editable.cant.die.call == :im_not_dead}
+    end
+    it "returns top level response function as a fall case" do
+      assert {editable.cant.die.call == 2}      
+    end
+    after do
+      Cant.instance_variable_set(:@die, @proc)
+    end  
+  end
+  
+  describe "rules" do
+    it 'cant does not creep in module rules' do
+      editable.cant {true}
+      deny {Cant.rules.include? editable.rules.first}
+    end
+    it 'has module rules first' do
+      Cant.rules << :first
+      assert {editable.rules == [:first]}
+    end
+    after do
+      Cant.rules.clear
+    end
+  end  
+end
+
+describe Cant::Questionable do
+  include Cant::Questionable
+  # query
+  describe '#cant?' do
+    let(:admin) {Stunt.new(:admin => true)}
+    let(:user) {Stunt.new(:admin => false)}
+    
+    before do
+      cantfiguration.cant{|context| context[:url] =~ /admin/ and context[:user].admin?}
+    end
+    it 'authorize admin on /admin/users' do
+      assert {cant?(:url => '/admin/users', :user => admin)}
+    end
+    it 'deny user on /admin/users' do
+      deny {cant?(:url => '/admin/users', :user => user)}
+    end
+  end
+  
+  # query or die
+  describe '#die_if_cant!' do
+    it "return die function evaluation" do
+      cantfiguration.cant{true}.die{1}
+      assert {die_if_cant! == 1}
+    end
+  end
+  
+  it 'cant be given a cantfiguration' do
+    self.cantfiguration = 1
+    assert{cantfiguration == 1}
+  end
+end
+
+describe Cant::Rule do
+  let(:rule) {Cant::Rule.new}
+  describe "#die, #die!" do
+    it 'die! return call of die block' do
+      rule.die {1}
+      assert {rule.die! == 1}
+    end
+  end
+end
+
+describe Cant::Folds do
+  describe "#first_rule_that_predicates" do
+    it 'carries all tailing args to closure (there is a first unused one)' do
+      rule = Cant::Rule.new(proc {|x,y| x+y==10})
+      deny {Cant::Folds.first_rule_that_predicates([rule], nil, 2, 7)}
+      assert {Cant::Folds.first_rule_that_predicates([rule], nil, 2, 8) == rule}
+    end
+  end
+  describe "#first_rule_that_predicates_in_receiver" do
+    let(:receiver) {Stunt.new(:admin => true)}
+    it 'carry args to function evaled in receiver' do
+      rule = Cant::Rule.new(lambda {|x,y| admin? if (x+y == 2)})
+      assert {Cant::Folds.first_rule_that_predicates_in_receiver([rule], receiver, 1, 1)}
+      assert {Cant::Folds.first_rule_that_predicates_in_receiver([rule], receiver, 1, 1)}
+    end
+  end
+end
+
+describe Cant::Engine do
+  let(:engine) {Cant::Engine.new}
+  it 'can be configured and queried' do
+    engine.cant{|x,y,z| x+y != z}.die{'bad arith'}
+    deny {engine.cant?(1,2,3)}
+    assert {engine.die_if_cant!(1,2,4) == 'bad arith'}
+  end
+end

data/spec/integration_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+require 'models/user'
+
+describe User do
+  before do
+    User.cant do |env|
+      env[:path] =~ /^\/admin/ unless admin?
+    end
+  end
+  
+  context "without being an admin" do
+    let(:user) {User.new}
+    it 'can not access /admin ' do
+      assert {user.cant?(:path => '/admin')}
+    end
+  end
+end

data/spec/models/user.rb

@@ -0,0 +1,8 @@
+require 'cant/embeddable'
+
+class User
+  attr_accessor :admin
+  alias_method :admin?, :admin
+
+  include Cant::Embeddable
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'rspec'
+require 'wrong/adapters/rspec'
+RSpec.configure do |configuration|
+end
+
+(require 'simplecov'; SimpleCov.start) if ENV['COVERAGE']

data/spec/stunts/stunt.rb

@@ -0,0 +1,11 @@
+class Stunt
+  def initialize(properties={})
+    properties.each { |k,v|
+      (class << self; self end).module_eval {
+        attr_accessor k
+        alias_method "#{k}?".to_sym, k if [TrueClass, FalseClass].include?(v.class)        
+      }
+      self.send("#{k}=", v)
+    }
+  end
+end

metadata

@@ -0,0 +1,113 @@
+--- !ruby/object:Gem::Specification 
+name: cant
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 2
+  - 0
+  version: 0.2.0
+platform: ruby
+authors: 
+- thierry.henrio
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-01-03 00:00:00 +01:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: wrong
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id002
+description: "\n    include Cant\n    ------------\n        class User; include Cant::Embeddable; end\n        \n        class AuthorizationMiddleware; include Cant::Embeddable; end\n        \n    declare rules\n    -------------\n        User.cant do |action=:update, post|\n          not post.user == self if Post === resource and action == :update\n        end\n        \n        AuthorizationMiddleware.cant do |env|\n          not env['user'] == env['post'].user if env.path =~ /^\\posts/ and env.method == 'PUT'\n        end\n        \n    verify\n    ------\n        user.cant? :update, post\n        user.die_if_cant! :update, post\n\n    control\n    -------\n        rescue_from Cant::AccessDenied do |error|\n         flash[:error] = error.message\n         redirect_to request.referer\n        end\n    "
+email: 
+- thierry.henrio@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- .rspec
+- Gemfile
+- Gemfile.lock
+- Guardfile
+- LICENSE.mit
+- README.markdown
+- Rakefile
+- cant.gemspec
+- lib/cant.rb
+- lib/cant/embeddable.rb
+- lib/cant/engine.rb
+- lib/cant/version.rb
+- spec/cant/embeddable_spec.rb
+- spec/cant/engine_spec.rb
+- spec/integration_spec.rb
+- spec/models/user.rb
+- spec/spec_helper.rb
+- spec/stunts/stunt.rb
+has_rdoc: true
+homepage: https://github.com/thierryhenrio
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: cant
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Tiny authorization library, let you craft your own rules
+test_files: 
+- spec/cant/embeddable_spec.rb
+- spec/cant/engine_spec.rb
+- spec/integration_spec.rb
+- spec/models/user.rb
+- spec/spec_helper.rb
+- spec/stunts/stunt.rb