cantango 0.9.4 → 0.9.4.1

data/README.textile

@@ -35,15 +35,18 @@ Run bundler in a terminal/console from the folder of your Gemfile (root folder o
 
 @$ bundle@
 
-h2. Update Nov 2, 2011
+h2. Update Nov 3, 2011
 
-Version 0.9.4 has been released with the following featuring and improvements:
+Version 0.9.4.1 has been released with the following featuring and improvements:
 
 * Redesign of Cache and Ability execution
   * Caching at the individual engine level that can be switched (configured) on/off
   * Individual caching for each type of Permit in the Permit engine
   * Each engine return a set of rules which are merged into one rule set for that particular execution mode
 * Caching for the new User AC engine
+* Ability to register your own Permit base classes simply by subclassing CanTango::Permit!
+  * This is useful if you want to go beyond the built in types, see the @custom_permit_spec.rb@ for an example
+* Some bug fixes
 
 The :user_ac engine is a port of the Permission system from the _Rails in Action_ book.
 With this engine a user can have many permissions defined, where each such permission is a persisted Permission model instance that describes a 'can' action on a specific type of object.

data/VERSION

@@ -1 +1 @@
-0.9.4
+0.9.4.1

data/cantango.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{cantango}
-  s.version = "0.9.4"
+  s.version = "0.9.4.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = [%q{Kristian Mandrup}, %q{Stanislaw Pankevich}]
-  s.date = %q{2011-11-02}
+  s.date = %q{2011-11-03}
   s.description = %q{Define your permission rules as role- or role group specific permits.
 Integrates well with multiple Devise user acounts.
 Includes rules caching.
@@ -91,6 +91,7 @@ Store permissions in yaml file or key-value store}
     "lib/cantango/configuration/guest.rb",
     "lib/cantango/configuration/hash_registry.rb",
     "lib/cantango/configuration/models.rb",
+    "lib/cantango/configuration/models/actions.rb",
     "lib/cantango/configuration/models/active_record.rb",
     "lib/cantango/configuration/models/data_mapper.rb",
     "lib/cantango/configuration/models/generic.rb",
@@ -117,6 +118,7 @@ Store permissions in yaml file or key-value store}
     "lib/cantango/helpers/debug.rb",
     "lib/cantango/helpers/role_methods.rb",
     "lib/cantango/model.rb",
+    "lib/cantango/model/actions.rb",
     "lib/cantango/model/filter.rb",
     "lib/cantango/model/scope.rb",
     "lib/cantango/permission_engine.rb",
@@ -360,6 +362,7 @@ Store permissions in yaml file or key-value store}
     "spec/cantango/configuration/user_spec.rb",
     "spec/cantango/configuration_spec.rb",
     "spec/cantango/license/save_license_spec.rb",
+    "spec/cantango/model/actions_spec.rb",
     "spec/cantango/model/filter_spec.rb",
     "spec/cantango/model/scope_spec.rb",
     "spec/cantango/models/items.rb",
@@ -397,6 +400,7 @@ Store permissions in yaml file or key-value store}
     "spec/cantango/permit_engine/user_permit_spec.rb",
     "spec/cantango/permit_engine_cached_spec.rb",
     "spec/cantango/permit_engine_spec.rb",
+    "spec/cantango/permits/custom_permit_spec.rb",
     "spec/cantango/permits/executor_cached_spec.rb",
     "spec/cantango/permits/executor_spec.rb",
     "spec/cantango/permits/macros_spec.rb",

data/lib/cantango/configuration/models.rb

@@ -2,10 +2,15 @@ module CanTango
   class Configuration
     class Models
       autoload_modules :Generic, :ActiveRecord, :DataMapper, :MongoMapper, :Mongoid
+      autoload_modules :Actions
 
       include Singleton
       include ClassExt
 
+      def actions
+        @actions ||= HashRegistry.new
+      end
+
       def by_reg_exp reg_exp
         raise "Must be a Regular Expression like: /xyz/ was #{reg_exp.inspect}" if !reg_exp.kind_of? Regexp
 
@@ -43,8 +48,6 @@ module CanTango
 
       private
 
-
-
       def adapter_for orm
         "CanTango::Configuration::Models::#{orm.to_s.camlize}".constantize.new
       end

data/lib/cantango/configuration/models/actions.rb

@@ -0,0 +1,26 @@
+module CanTango
+  class Configuration
+    class Models
+      class Actions
+        attr_reader :collection, :member
+
+        def initialize
+          @collection = []
+          @member = []
+        end
+
+        def actions_for type
+          send(type.to_sym) || []
+        end
+
+        def add_member action
+          @member << action.to_sym
+        end
+
+        def add_collection action
+          @collection << action.to_sym
+        end
+      end
+    end
+  end
+end

data/lib/cantango/configuration/permit_registry.rb

@@ -1,24 +1,23 @@
 module CanTango
   class Configuration
     class PermitRegistry
-      [:user, :account, :role, :role_group].each do |permit|
-        class_eval %{
-          def #{permit}
-            @#{permit} ||= HashRegistry.new
-          end
-        }
+      def get permit
+        raise ArgumentError, "Not an available permit" if !CanTango.config.permits.available_types.include? permit
+        inst_var_name = "@#{permit}"
+        instance_variable_set(inst_var_name, HashRegistry.new) if !instance_variable_get(inst_var_name)
+        instance_variable_get(inst_var_name)
       end
 
-      def registered_for type, name = nil        
+      def registered_for type, name = nil
         name ? registered_by(type)[name.to_s] : registered_by(type)
       end
 
       def registered_by type
-        send(type).registered
+        get(type).registered
       end
 
       def all
-        [user, account, role, role_group]
+        (CanTango.config.permits.available_types - [:special]).map{|p| send(p) if respond_to?(p)}
       end
 
       def show_all

data/lib/cantango/configuration/permits.rb

@@ -2,6 +2,7 @@ module CanTango
   class Configuration
     class Permits < PermitRegistry
       include Singleton
+      include CanTango::Helpers::Debug
 
       attr_reader :accounts
       attr_writer :enabled_types
@@ -11,8 +12,25 @@ module CanTango
       end
       alias_method :enabled, :enabled_types
 
+      def available_permits
+        @available_permits ||= default_permits
+      end
+
       def available_types
-        [:user, :account, :role, :role_group, :special]
+        available_permits.keys
+      end
+
+      def available_classes
+        available_permits.values.compact
+      end
+
+      def default_permits
+        { :user       => CanTango::Permits::UserPermit,
+          :account    => CanTango::Permits::AccountPermit,
+          :role       => CanTango::Permits::RolePermit,
+          :role_group => CanTango::Permits::RoleGroupPermit,
+          :special    => nil
+        }
       end
 
       def disable_types *types
@@ -61,9 +79,10 @@ module CanTango
 
       def register_permit_class(permit_name, permit_clazz, permit_type, account_name)
         registry = account_name ? self.send(account_name.to_sym) : self
-        puts "Registering #{permit_type} permit: #{permit_name} of class #{permit_clazz}" if CanTango.debug?
-        registry.send(permit_type)[permit_name] = permit_clazz
-        puts registry.send(permit_type).inspect if CanTango.debug?
+        debug "Registering #{permit_type} permit: #{permit_name} of class #{permit_clazz}"
+
+        registry.get(permit_type)[permit_name] = permit_clazz
+        debug registry.get(permit_type).inspect
       end
 
       def allowed candidate, actions, subjects, *extra_args

data/lib/cantango/model.rb

@@ -1,6 +1,6 @@
 module CanTango
   module Model
-    autoload_modules :Filter, :Scope
+    autoload_modules :Filter, :Scope, :Actions
   end
 end
 

data/lib/cantango/model/actions.rb

@@ -0,0 +1,45 @@
+module CanTango::Model
+  module Actions
+    def self.included(base)
+      register base
+      base.extend ClassMethods
+    end
+
+    def self.register clazz
+      model_actions[clazz.to_s.underscore.to_sym] = CanTango::Configuration::Models::Actions.new
+    end
+
+    def self.register_member_actions clazz, *actions
+      actions.flatten.each do |action|
+        model_actions[clazz].add_member action.to_sym
+      end
+    end
+
+    def self.register_collection_actions clazz, *actions
+      actions.flatten.each do |action|
+        model_actions[clazz].add_collection action.to_sym
+      end
+    end
+
+    def self.model_actions
+      CanTango.config.models.actions
+    end
+
+    module ClassMethods
+      def tango_actions *actions
+        action_clazz = self.name.underscore.to_sym
+        options = actions.extract_options!
+        clazz = CanTango::Model::Actions
+        case options[:as]
+        when :member
+          clazz.register_member_actions action_clazz, *actions
+        when :collection
+          clazz.register_collection_actions action_clazz, *actions
+        else
+          raise ArgumentError, "You must specify a :to option as the last argument, of either :member or :collection"
+        end
+      end
+    end
+  end
+end
+

data/lib/cantango/permit_engine.rb

@@ -65,18 +65,10 @@ module CanTango
     end
 
     def key_method_names
-      permits.keys.map {|type| key type }.compact
-    end
-
-    def key type
-      case type
-      when :role
-        roles_list_meth
-      when :role_group
-        role_groups_list_meth
-      else
-        nil
-      end
+      permits.keys.map do |permit|
+        permit_class = CanTango.config.permits.available_permits[permit]
+        permit_class.hash_key
+      end.compact
     end
   end
 end

data/lib/cantango/permit_engine/finder.rb

@@ -32,14 +32,18 @@ module CanTango
 
         # TODO: User/Account cases should be handled somehow following is just interim measure
       def account_permit
-        return nil if !user_account.class.name =~ /Account/
+        return nil if !registered_account? user_account.class
         found = account_permits_by(type)[name]
-        debug_msg account_permit_msg(found)
+        debug account_permit_msg(found)
         found
       rescue
         nil
       end
 
+      def registered_account? account
+        CanTango.config.user_accounts.registered_class? account
+      end
+
       def account_permit_msg found
         found.nil? ? "no account permits found for #{name}" : "account permits registered for name: #{name} -> #{found}"
       end

data/lib/cantango/permits/executor.rb

@@ -43,14 +43,8 @@ module CanTango
       end
 
       def key_method_names
-        case permit_type
-        when :role
-          [roles_list_meth]
-        when :role_group
-          [role_groups_list_meth]
-        else
-          []
-        end
+        permit_class = CanTango.config.permits.available_permits[permit_type]
+        permit_class.hash_key ? [permit_class.hash_key] : []
       end
     end
   end

data/lib/cantango/permits/permit.rb

@@ -18,11 +18,27 @@ module CanTango
 
       delegate :cached?, :options, :subject, :user, :user_account, :to => :ability
 
+      def self.inherited(subclass)
+        register subclass.name.split('::').last.sub(/Permit$/, '').underscore.to_sym, subclass
+      end
+
+      def self.register permit, subclass
+        available_permits[permit] = subclass
+      end
+
+      def self.available_permits
+        CanTango.config.permits.available_permits
+      end
+
       # creates the permit
       def initialize ability
         @ability  = ability
       end
 
+      def hash_key
+        nil
+      end
+
       def permit_type
         self.class.type
       end

data/lib/cantango/permits/role_group_permit.rb

@@ -50,6 +50,10 @@ module CanTango
         in_role_group? subject
       end
 
+      def hash_key
+        send role_groups_list_meth
+      end
+
       protected
 
       include CanTango::Helpers::RoleMethods

data/lib/cantango/permits/role_group_permit/builder.rb

@@ -1,23 +1,22 @@
 module CanTango
   module Permits
     class RoleGroupPermit < CanTango::Permit
-
       class Builder < CanTango::PermitEngine::Builder::Base
-        #class NoAvailableRoleGroups < StandardError; end
-
+        include CanTango::Helpers::Debug
         # builds a list of Permits for each role group of the current ability user (or account)
         # @return [Array<RoleGroupPermit::Base>] the role group permits built for this ability
         def build
           matching_permits = matching_role_groups(roles).inject([]) do |permits, role_group|
-            puts "Building RoleGroupPermit for #{role_group}" if CanTango.debug?
+            debug "Building RoleGroupPermit for #{role_group}"
             (permits << create_permit(role_group)) if valid?(role_group)
             permits
           end.compact
 
           if matching_permits.empty?
-            puts "Not building any RoleGroupPermits since no role groups are roles that are members of a role group could be found for the permission candidate" if CanTango.debug?
+            debug "Not building any RoleGroupPermits since no role groups could be found that are relevant for the permission candidate"
             return []
           end
+          matching_permits
         end
 
         def name

data/lib/cantango/permits/role_permit.rb

@@ -49,6 +49,10 @@ module CanTango
         in_role? subject
       end
 
+      def hash_key
+        send roles_list_meth
+      end
+
       protected
 
       include CanTango::Helpers::RoleMethods

data/lib/cantango/permits/role_permit/builder.rb

@@ -2,15 +2,17 @@ module CanTango
   module Permits
     class RolePermit < CanTango::Permit
       class Builder < CanTango::PermitEngine::Builder::Base
+        include CanTango::Helpers::Debug
+
         # builds a list of Permits for each role of the current ability user (or account)
         # @return [Array<RoleGroupPermit::Base>] the role permits built for this ability
         def build
           if roles.empty?
-            puts "Not building any RolePermit" if CanTango.debug?
+            debug "Not building any RolePermit"
             return [] if roles.empty?
           end
           roles.inject([]) do |permits, role|
-            puts "Building RolePermit for #{role}" if CanTango.debug?
+            debug "Building RolePermit for #{role}"
             (permits << create_permit(role)) if valid?(role.to_sym)
             permits
           end.compact
@@ -29,7 +31,6 @@ module CanTango
         def filter role
           CanTango::Filters::RoleFilter.new role
         end
-
       end
     end
   end

data/lib/cantango/rails/helpers/rest_helper.rb

@@ -1,4 +1,27 @@
 module CanTango::Rails::Helpers::RestHelper
+  CanTango.config.models.actions.each_pair do |model, actions|
+    actions.actions_for :member do |member_action|
+      class_eval %{
+        def #{member_action}_#{model.to_s.underscore}_path obj, options = {}
+          return unless can_perform_action?(user_type, :#{member_action}, obj)
+          # use i18n translation on label
+          link_to t(".#{member_action}"), rest_obj_action(obj, :#{member_action}, options)
+        end
+      }
+    end
+
+    actions.actions_for :collection do |collection_action|
+      class_eval %{
+        def #{collection_action}_#{model.to_s.underscore}_path obj, options = {}
+          clazz = obj.kind_of?(Class) ? obj : obj.class
+          return unless can_perform_action?(user_type, :#{collection_action}, clazz)
+          # use i18n translation on label
+          link_to t(".#{collection_action}"), send(action_method clazz, :#{collection_action}, options)
+        end
+      }
+    end
+  end
+
   CanTango.config.models.available_models.each do |model|
     class_eval %{
       def delete_#{model.to_s.underscore}_path obj, options = {}

data/spec/cantango/model/actions_spec.rb

@@ -0,0 +1,85 @@
+require 'rspec'
+require 'cantango'
+require 'simple_roles'
+require 'fixtures/models'
+require 'cantango/api/current_users'
+require 'cantango/api/current_user_accounts'
+
+class User
+  tango_user
+
+  include_and_extend SimpleRoles
+end
+
+class Admin < User
+  tango_user
+end
+
+
+CanTango.configure do |config|
+  config.cache_engine.set :off
+  config.permit_engine.set :on
+end
+
+class Context
+  include CanTango::Api::User::Ability
+
+  include_and_extend ::CurrentUsers
+  include_and_extend ::CurrentUserAccounts
+end
+
+class UserRolePermit < CanTango::RolePermit
+  def initialize ability
+    super
+  end
+
+  def permit_rules
+    can :edit, Project
+    cannot :publish, Project
+  end
+end
+
+class AdminRolePermit < CanTango::RolePermit
+  def initialize ability
+    super
+  end
+
+  def permit_rules
+    can :create, Project
+    can :show, Project
+
+    can :publish, Project
+  end
+end
+
+class Project
+  include CanTango::Model::Actions
+
+  tango_actions :search, :as => :collection
+
+  tango_actions :publish, :tag, :as => :member
+end
+
+describe CanTango::Model::Filter do
+  let(:context) { Context.new }
+
+  subject { CanTango.config.models.actions }
+
+  describe '#tango_actions' do
+
+    describe 'registered model actions' do
+      it 'should have registered :search as a collection action' do
+        subject[:project].actions_for(:collection).should include(:search)
+      end
+
+      it 'should have registered :publish as a member action' do
+        subject[:project].actions_for(:member).should include(:publish)
+      end
+
+      it 'should have registered :tag as a member action' do
+        subject[:project].actions_for(:member).should include(:publish)
+      end
+    end
+  end
+end
+

data/spec/cantango/permit_engine/builder/role_group_permits_spec.rb

@@ -1,6 +1,10 @@
 require 'spec_helper'
 require 'fixtures/models'
 
+class UserAccount
+  tango_account
+end
+
 class AdminsRoleGroupPermit < CanTango::RoleGroupPermit
   def initialize ability
     super

data/spec/cantango/permit_engine/finder_spec.rb

@@ -1,6 +1,14 @@
 require 'spec_helper'
 require 'fixtures/models'
 
+class UserAccount
+  tango_account
+end
+
+class AdminAccount
+  tango_account
+end
+
 module AdminAccountPermits
   class EditorRolePermit < CanTango::RolePermit
   end
@@ -71,7 +79,6 @@ def setup
 end
 
 describe CanTango::Permits::RolePermit::Finder do
-    
   setup
 
   context "Account" do
@@ -90,7 +97,7 @@ describe CanTango::Permits::RolePermit::Finder do
         finder.permit_class.should == "EditorRolePermit"
       end
     end
-    
+
     describe '#get_permit' do
       it 'should return the AdminAccount::EditorRolePermit' do
         finder.get_permit.should == AdminAccountPermits::EditorRolePermit

data/spec/cantango/permit_engine/role_group_permit_spec.rb

@@ -34,10 +34,10 @@ describe CanTango::Permits::RoleGroupPermit do
   describe 'attributes' do
     it "should be the permit for the :admins group" do
       permit.role_group.should == :admins
-    end     
+    end
 
     it "should have an ability" do
       permit.ability.should be_a(CanTango::Ability)
-    end     
+    end
   end
 end

data/spec/cantango/permits/custom_permit_spec.rb

@@ -0,0 +1,78 @@
+# registering a custom permit
+#
+
+require 'rspec'
+require 'cantango'
+# require 'simple_roles'
+require 'fixtures/models'
+require 'cantango/rspec'
+
+class MembershipPermit < CanTango::Permit
+  class Builder
+
+  end
+
+  class Finder
+
+  end
+
+  def self.inherited(base_clazz)
+    CanTango.config.permits.register_permit_class membership_name(base_clazz), base_clazz, type, account_name(base_clazz)
+  end
+
+  def self.type
+    :membership
+  end
+
+  def self.membership_name clazz
+    clazz.name.demodulize.gsub(/(.*)(MembershipPermit)/, '\1').underscore.to_sym
+  end
+
+  def permit_name
+    self.class.membership_name self.class
+  end
+  alias_method :membership_name, :permit_name
+
+  # creates the permit
+  # @param [Permits::Ability] the ability
+  # @param [Hash] the options
+  def initialize ability
+    super
+  end
+
+  # In a specific Role based Permit you can use 
+  #   def permit? user, options = {}
+  #     ... permission logic follows
+  #
+  # This will call the Permit::Base#permit? instance method (the method below)
+  # It will only return true if the user matches the role of the Permit class and the
+  #
+  # If these confitions are not met, it will return false and thus the outer permit 
+  # will not run the permission logic to follow
+  #
+  # Normally super for #permit? should not be called except for this case, 
+  # or if subclassing another Permit than Permit::Base
+  #
+  def permit?
+    super
+  end
+
+  def valid_for? subject
+    subject.memberships.include? membership_name
+  end
+end
+
+describe 'Custom Permit registration - Membership' do
+  it 'should register :membership as available permit' do
+    CanTango.config.permits.available_permits[:membership].should == MembershipPermit
+  end
+
+  it 'should register :membership as available permit type' do
+    CanTango.config.permits.available_types.should include(:membership)
+  end
+
+  it 'should register MmembershipPermit as available permit class' do
+    CanTango.config.permits.available_classes.should include(MembershipPermit)
+  end
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cantango
 version: !ruby/object:Gem::Version
-  version: 0.9.4
+  version: 0.9.4.1
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-11-02 00:00:00.000000000Z
+date: 2011-11-03 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70161262243140 !ruby/object:Gem::Requirement
+  requirement: &70209186980320 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
         version: 3.0.1
   type: :runtime
   prerelease: false
-  version_requirements: *70161262243140
+  version_requirements: *70209186980320
 - !ruby/object:Gem::Dependency
   name: cancan
-  requirement: &70161262240600 !ruby/object:Gem::Requirement
+  requirement: &70209186979560 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,10 +33,10 @@ dependencies:
         version: '1.4'
   type: :runtime
   prerelease: false
-  version_requirements: *70161262240600
+  version_requirements: *70209186979560
 - !ruby/object:Gem::Dependency
   name: sugar-high
-  requirement: &70161262227520 !ruby/object:Gem::Requirement
+  requirement: &70209186978580 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -44,10 +44,10 @@ dependencies:
         version: 0.6.0
   type: :runtime
   prerelease: false
-  version_requirements: *70161262227520
+  version_requirements: *70209186978580
 - !ruby/object:Gem::Dependency
   name: sweetloader
-  requirement: &70161262225460 !ruby/object:Gem::Requirement
+  requirement: &70209186967700 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -55,10 +55,10 @@ dependencies:
         version: 0.1.0
   type: :runtime
   prerelease: false
-  version_requirements: *70161262225460
+  version_requirements: *70209186967700
 - !ruby/object:Gem::Dependency
   name: hashie
-  requirement: &70161262223580 !ruby/object:Gem::Requirement
+  requirement: &70209186965280 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -66,10 +66,10 @@ dependencies:
         version: '0.4'
   type: :runtime
   prerelease: false
-  version_requirements: *70161262223580
+  version_requirements: *70209186965280
 - !ruby/object:Gem::Dependency
   name: rspec-rails
-  requirement: &70161262222320 !ruby/object:Gem::Requirement
+  requirement: &70209186963200 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -77,10 +77,10 @@ dependencies:
         version: 2.6.1
   type: :development
   prerelease: false
-  version_requirements: *70161262222320
+  version_requirements: *70209186963200
 - !ruby/object:Gem::Dependency
   name: forgery
-  requirement: &70161262221380 !ruby/object:Gem::Requirement
+  requirement: &70209186962020 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -88,10 +88,10 @@ dependencies:
         version: '0.3'
   type: :development
   prerelease: false
-  version_requirements: *70161262221380
+  version_requirements: *70209186962020
 - !ruby/object:Gem::Dependency
   name: factory_girl
-  requirement: &70161262217760 !ruby/object:Gem::Requirement
+  requirement: &70209186959280 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -99,10 +99,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70161262217760
+  version_requirements: *70209186959280
 - !ruby/object:Gem::Dependency
   name: sqlite3
-  requirement: &70161262216800 !ruby/object:Gem::Requirement
+  requirement: &70209186956860 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -110,10 +110,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70161262216800
+  version_requirements: *70209186956860
 - !ruby/object:Gem::Dependency
   name: sourcify
-  requirement: &70161262215960 !ruby/object:Gem::Requirement
+  requirement: &70209186956080 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -121,10 +121,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70161262215960
+  version_requirements: *70209186956080
 - !ruby/object:Gem::Dependency
   name: dkastner-moneta
-  requirement: &70161262215060 !ruby/object:Gem::Requirement
+  requirement: &70209186955040 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -132,10 +132,10 @@ dependencies:
         version: '1.0'
   type: :development
   prerelease: false
-  version_requirements: *70161262215060
+  version_requirements: *70209186955040
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70161262213820 !ruby/object:Gem::Requirement
+  requirement: &70209186953320 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -143,10 +143,10 @@ dependencies:
         version: 2.4.0
   type: :development
   prerelease: false
-  version_requirements: *70161262213820
+  version_requirements: *70209186953320
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &70161262212580 !ruby/object:Gem::Requirement
+  requirement: &70209186931540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -154,10 +154,10 @@ dependencies:
         version: 1.6.4
   type: :development
   prerelease: false
-  version_requirements: *70161262212580
+  version_requirements: *70209186931540
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &70161262211160 !ruby/object:Gem::Requirement
+  requirement: &70209186930560 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -165,10 +165,10 @@ dependencies:
         version: 1.0.1
   type: :development
   prerelease: false
-  version_requirements: *70161262211160
+  version_requirements: *70209186930560
 - !ruby/object:Gem::Dependency
   name: rdoc
-  requirement: &70161262206720 !ruby/object:Gem::Requirement
+  requirement: &70209186928720 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -176,7 +176,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70161262206720
+  version_requirements: *70209186928720
 description: ! 'Define your permission rules as role- or role group specific permits.
 
   Integrates well with multiple Devise user acounts.
@@ -262,6 +262,7 @@ files:
 - lib/cantango/configuration/guest.rb
 - lib/cantango/configuration/hash_registry.rb
 - lib/cantango/configuration/models.rb
+- lib/cantango/configuration/models/actions.rb
 - lib/cantango/configuration/models/active_record.rb
 - lib/cantango/configuration/models/data_mapper.rb
 - lib/cantango/configuration/models/generic.rb
@@ -288,6 +289,7 @@ files:
 - lib/cantango/helpers/debug.rb
 - lib/cantango/helpers/role_methods.rb
 - lib/cantango/model.rb
+- lib/cantango/model/actions.rb
 - lib/cantango/model/filter.rb
 - lib/cantango/model/scope.rb
 - lib/cantango/permission_engine.rb
@@ -531,6 +533,7 @@ files:
 - spec/cantango/configuration/user_spec.rb
 - spec/cantango/configuration_spec.rb
 - spec/cantango/license/save_license_spec.rb
+- spec/cantango/model/actions_spec.rb
 - spec/cantango/model/filter_spec.rb
 - spec/cantango/model/scope_spec.rb
 - spec/cantango/models/items.rb
@@ -568,6 +571,7 @@ files:
 - spec/cantango/permit_engine/user_permit_spec.rb
 - spec/cantango/permit_engine_cached_spec.rb
 - spec/cantango/permit_engine_spec.rb
+- spec/cantango/permits/custom_permit_spec.rb
 - spec/cantango/permits/executor_cached_spec.rb
 - spec/cantango/permits/executor_spec.rb
 - spec/cantango/permits/macros_spec.rb
@@ -868,7 +872,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2873936184602189922
+      hash: -2565050033249570748
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements: