consul 0.1.0

data/.gitignore

@@ -0,0 +1,7 @@
+doc
+pkg
+*.gem
+.idea
+spec/app_root/log/*
+
+

data/Gemfile

@@ -0,0 +1,9 @@
+source 'http://rubygems.org'
+
+gem 'rails', '<3.0.0'
+gem 'consul', :path => '.'
+gem 'rspec', '=1.3.1'
+gem 'rspec-rails', '=1.3.3'
+gem 'jeweler'
+gem 'ruby-debug'
+

data/Gemfile.lock

@@ -0,0 +1,58 @@
+PATH
+  remote: .
+  specs:
+    consul (0.0.1)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (2.3.10)
+      actionpack (= 2.3.10)
+    actionpack (2.3.10)
+      activesupport (= 2.3.10)
+      rack (~> 1.1.0)
+    activerecord (2.3.10)
+      activesupport (= 2.3.10)
+    activeresource (2.3.10)
+      activesupport (= 2.3.10)
+    activesupport (2.3.10)
+    columnize (0.3.2)
+    gemcutter (0.6.1)
+    git (1.2.5)
+    jeweler (1.4.0)
+      gemcutter (>= 0.1.0)
+      git (>= 1.2.5)
+      rubyforge (>= 2.0.0)
+    json_pure (1.4.6)
+    linecache (0.43)
+    rack (1.1.0)
+    rails (2.3.10)
+      actionmailer (= 2.3.10)
+      actionpack (= 2.3.10)
+      activerecord (= 2.3.10)
+      activeresource (= 2.3.10)
+      activesupport (= 2.3.10)
+      rake (>= 0.8.3)
+    rake (0.8.7)
+    rspec (1.3.1)
+    rspec-rails (1.3.3)
+      rack (>= 1.0.0)
+      rspec (= 1.3.1)
+    ruby-debug (0.10.4)
+      columnize (>= 0.1)
+      ruby-debug-base (~> 0.10.4.0)
+    ruby-debug-base (0.10.4)
+      linecache (>= 0.3)
+    rubyforge (2.0.4)
+      json_pure (>= 1.1.7)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  consul!
+  jeweler
+  rails (< 3.0.0)
+  rspec (= 1.3.1)
+  rspec-rails (= 1.3.3)
+  ruby-debug

data/README.rdoc

@@ -0,0 +1,213 @@
+= Consul - A scope-based authorization solution
+
+Consul is a authorization solution for Ruby on Rails that uses scopes to control what a user can see or edit.
+
+
+== Status of this project
+
+Consul is a new kind of authorization solution for Rails applications that are mainly driven by scopes.
+While Consul has been used in production code, we are still figuring out whether or not it is a good idea.
+Also documentation is still sparse.
+
+If you are looking for something less adventurous with a stable API and great documentation, checkout out our
+other authorization solution, {Aegis}[https://github.com/makandra/aegis].
+
+
+== Describing a power for your application
+
+You describe access to your application by putting a <tt>Power</tt> model into <tt>app/models/power.rb</tt>:
+
+  class Power
+    include Consul::Power
+
+    def initialize(user)
+      @user = user
+    end
+
+    power :notes do
+      Note.by_author(@user)
+    end
+
+    power :users do
+      User if @user.admin?
+    end
+
+    power :dashboard do
+      true # not a scope, but a boolean power. This is useful to control access to stuff that doesn't live in the database.
+    end
+
+  end
+
+
+== Querying a power
+
+Common things you might want from a power:
+
+1. Get its scope
+2. Ask whether it is there
+3. Raise an error unless it its there
+4. Ask whether a given record is included in its scope
+5. Raise an error unless a given record is included in its scope
+
+Here is how to do all of that:
+
+  power = Power.new(user)
+  power.notes # => returns an ActiveRecord::Scope
+  power.notes? # => returns true if Power#notes returns a scope
+  power.notes! # => raises Consul::Powerless unless Power#notes returns a scope
+  power.note?(Note.last) # => returns whether the given Note is in the Power#notes scope. Caches the result for subsequent queries.
+  power.note!(Note.last) # => raises Consul::Powerless unless the given Note is in the Power#notes scope
+
+You can also write power checks like this:
+
+  power.include?(:notes)
+  power.include!(:notes)
+  power.include?(:note, Note.last)
+  power.include!(:note, Note.last)
+
+
+== Boolean powers
+
+Boolean powers are useful to control access to stuff that doesn't live in the database:
+
+  class Power
+    ...
+
+    power :dashboard do
+      true
+    end
+
+  end
+
+You can query it like the other powers:
+
+  power.dashboard? # => true
+  power.dashboard! # => raises Consul::Powerless unless Power#dashboard? returns true
+
+
+== Role-based permissions
+
+Consul has no built-in support for role-based permissions, but you can easily implement it yourself. Let's say your <tt>User</tt> model has a string column <tt>role</tt> which can be <tt>"author"</tt> or "<tt>"admin"</tt>:
+
+  class Power
+    include Consul::Power
+
+    def initialize(user)
+      @user = user
+    end
+
+    power :notes do
+      case role
+        when :admin then Note
+        when :author then Note.by_author
+      end
+    end
+
+    private
+
+    def role
+      @user.role.to_sym
+    end
+
+  end
+
+
+== Controller integration
+
+It is convenient to expose a helper method <tt>current_power</tt> for your controllers and views:
+
+  class ApplicationController < ActionController::Base
+
+    private
+
+    def current_power
+      @current_power ||= Power.new(current_user)
+    end
+
+    helper_method :current_power
+
+  end
+
+You can now use power scopes to control access:
+
+  class NotesController < ApplicationController
+
+    def show
+      @note = current_power.notes.find(params[:id])
+    end
+
+  end
+
+Get convenient controller macros by including <tt>Consul::Controller</tt> in your application:
+
+  class ApplicationController < ActionController::Base
+    include Consul::Controller
+  end
+
+To make sure a power is given before every action in a controller:
+
+  class NotesController < ApplicationController
+    power :notes
+  end
+
+You can use <tt>:except</tt> and <tt>:only</tt> options like in before filters.
+
+You can also map different powers to different actions:
+
+  class NotesController < ApplicationController
+    power :notes, :map => { [:edit, :update, :destroy] => :changable_notes }
+  end
+
+It is often convenient to map a power scope to a private controller method:
+
+  class NotesController < ApplicationController
+
+    power :notes, :as => end_of_association_chain
+
+    def show
+      @note = end_of_association_chain.find(params[:id])
+    end
+
+  end
+
+This is especially useful when you are using a RESTful controller library like {resource_controller}[https://github.com/jamesgolick/resource_controller]. The mapped method is aware of the <tt>:map</tt> option.
+
+You can force yourself to use a <tt>power</tt> check in every controller. This will raise <tt>Consul::UncheckedPower</tt> if you ever forget it:
+
+  class ApplicationController < ActionController::Base
+    include Consul::Controller
+    require_power_check
+  end
+
+Should you for some obscure reason want to forego the power check:
+
+  class ApiController < ApplicationController
+    skip_power_check
+  end
+
+== Installation
+
+Add the following to your <tt>Gemfile</tt>:
+    gem 'consul'
+
+Now run
+    bundle install
+
+
+== Rails 3 compatibility
+
+We cannot guarantee Rails 3 compatibility at this point.
+
+
+== Development
+
+A Rails 2 test application lives in <tt>spec/app_root</tt>. You can run specs from the project root by saying:
+
+  bundle exec rake spec
+  
+
+== Credits
+
+Henning Koch
+
+{makandra.com}[http://makandra.com/]

data/Rakefile

@@ -0,0 +1,33 @@
+require 'rake'
+require 'rake/rdoctask'
+require 'spec/rake/spectask'
+
+task :default => :spec
+
+Spec::Rake::SpecTask.new() do |t|
+  t.spec_opts = ['--options', "\"spec/spec.opts\""]
+  t.spec_files = FileList['spec/**/*_spec.rb']
+end
+
+desc 'Generate documentation for the consul gem'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'consul'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "consul"
+    gemspec.summary = "Scope-based authorization solution for Rails"
+    gemspec.email = "henning.koch@makandra.de"
+    gemspec.homepage = "http://github.com/makandra/consul"
+    gemspec.description = "Consul is a scope-based authorization solution for Ruby on Rails."
+    gemspec.authors = ["Henning Koch"]
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/consul.gemspec

@@ -0,0 +1,93 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{consul}
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Henning Koch"]
+  s.date = %q{2011-04-12}
+  s.description = %q{Consul is a scope-based authorization solution for Ruby on Rails.}
+  s.email = %q{henning.koch@makandra.de}
+  s.extra_rdoc_files = [
+    "README.rdoc"
+  ]
+  s.files = [
+    ".gitignore",
+     "Gemfile",
+     "Gemfile.lock",
+     "README.rdoc",
+     "Rakefile",
+     "VERSION",
+     "consul.gemspec",
+     "lib/consul.rb",
+     "lib/consul/controller.rb",
+     "lib/consul/errors.rb",
+     "lib/consul/power.rb",
+     "lib/consul/spec/matchers.rb",
+     "spec/app_root/app/controllers/application_controller.rb",
+     "spec/app_root/app/models/client.rb",
+     "spec/app_root/app/models/note.rb",
+     "spec/app_root/app/models/power.rb",
+     "spec/app_root/app/models/user.rb",
+     "spec/app_root/config/boot.rb",
+     "spec/app_root/config/database.yml",
+     "spec/app_root/config/environment.rb",
+     "spec/app_root/config/environments/in_memory.rb",
+     "spec/app_root/config/environments/mysql.rb",
+     "spec/app_root/config/environments/postgresql.rb",
+     "spec/app_root/config/environments/sqlite.rb",
+     "spec/app_root/config/environments/sqlite3.rb",
+     "spec/app_root/config/routes.rb",
+     "spec/app_root/db/migrate/001_create_users.rb",
+     "spec/app_root/db/migrate/002_create_clients.rb",
+     "spec/app_root/db/migrate/003_create_notes.rb",
+     "spec/app_root/lib/console_with_fixtures.rb",
+     "spec/app_root/log/.gitignore",
+     "spec/app_root/script/console",
+     "spec/consul/power_spec.rb",
+     "spec/rcov.opts",
+     "spec/spec.opts",
+     "spec/spec_helper.rb"
+  ]
+  s.homepage = %q{http://github.com/makandra/consul}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Scope-based authorization solution for Rails}
+  s.test_files = [
+    "spec/app_root/db/migrate/001_create_users.rb",
+     "spec/app_root/db/migrate/002_create_clients.rb",
+     "spec/app_root/db/migrate/003_create_notes.rb",
+     "spec/app_root/config/boot.rb",
+     "spec/app_root/config/environment.rb",
+     "spec/app_root/config/routes.rb",
+     "spec/app_root/config/environments/in_memory.rb",
+     "spec/app_root/config/environments/mysql.rb",
+     "spec/app_root/config/environments/postgresql.rb",
+     "spec/app_root/config/environments/sqlite.rb",
+     "spec/app_root/config/environments/sqlite3.rb",
+     "spec/app_root/lib/console_with_fixtures.rb",
+     "spec/app_root/app/controllers/application_controller.rb",
+     "spec/app_root/app/models/client.rb",
+     "spec/app_root/app/models/note.rb",
+     "spec/app_root/app/models/power.rb",
+     "spec/app_root/app/models/user.rb",
+     "spec/consul/power_spec.rb",
+     "spec/spec_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end
+

data/lib/consul.rb

@@ -0,0 +1,3 @@
+require 'consul/power'
+require 'consul/errors'
+require 'consul/controller'

data/lib/consul/controller.rb

@@ -0,0 +1,79 @@
+module Consul
+  module Controller
+
+    def self.included(base)
+      base.send :include, InstanceMethods
+      base.send :extend, ClassMethods
+    end
+
+    module ClassMethods
+
+      private
+
+      def require_power_check(options = {})
+        before_filter :unchecked_power, options
+      end
+
+      def skip_power_check(options = {})
+        skip_before_filter :unchecked_power, options
+      end
+
+      def power(*args)
+
+        args_copy = args.dup
+        options = args_copy.extract_options!
+        default_power = args_copy.shift # might be nil
+
+        filter_options = options.slice(:except, :only)
+        skip_power_check filter_options
+
+        power_method = options[:power] || :current_power
+        actions_map = (options[:map] || {})
+
+        direct_access_method = options[:as]
+
+        # Store arguments for testing
+        @consul_power_args = args
+
+        before_filter :check_power, filter_options
+
+        private
+
+        define_method :check_power do
+          send(power_method).include!(power_for_action)
+        end
+
+        define_method direct_access_method do
+          send(power_method).send(power_for_action)
+        end if direct_access_method
+
+        define_method :power_for_action do
+          key = actions_map.keys.detect do |actions|
+            Array(actions).collect(&:to_s).include?(action_name)
+          end
+          if key
+            actions_map[key]
+          elsif default_power
+            default_power
+          else
+            raise Consul::UnmappedAction, "Could not map the action ##{action_name} to a power"
+          end
+        end
+
+      end
+
+    end
+
+    module InstanceMethods
+
+      private
+
+      def unchecked_permissions
+        raise Consul::UncheckedPower, "This controller does not check against a power"
+      end
+
+    end
+
+  end
+  
+end

data/lib/consul/errors.rb

@@ -0,0 +1,5 @@
+module Consul
+  class Powerless < StandardError; end
+  class UncheckedPower < StandardError; end
+  class UnmappedAction < StandardError; end
+end

data/lib/consul/power.rb

@@ -0,0 +1,52 @@
+module Consul
+  module Power
+
+    def self.included(base)
+      base.extend ActiveSupport::Memoizable
+      base.extend ClassMethods
+    end
+
+    def include?(name, *args)
+      args = args.dup
+      record = args.shift
+      power_value = send(name)
+      if record.nil? || boolean_or_nil?(power_value)
+        !!power_value
+      else
+        power_ids_name = self.class.power_ids_name(name)
+        send(power_ids_name, *args).include?(record.id)
+      end
+    end
+
+    def include!(*args)
+      include?(*args) or raise Consul::Powerless.new("No power to #{args.inspect}")
+    end
+
+    private
+
+    def boolean_or_nil?(value)
+      [TrueClass, FalseClass, NilClass].include?(value.class)
+    end
+
+    module ClassMethods
+
+      def power(name, &block)
+        define_method(name, &block)
+        define_method("#{name.to_s}?") { |*args| include?(name, *args) }
+        define_method("#{name.to_s}!") { |*args| include!(name, *args) }
+        define_method("#{name.to_s.singularize}?") { |*args| include?(name, *args) }
+        define_method("#{name.to_s.singularize}!") { |*args| include!(name, *args) }
+        ids_method = power_ids_name(name)
+        define_method(ids_method) { |*args| send(name, *args).scoped(:select => 'id').collect(&:id) }
+        memoize ids_method
+        name
+      end
+
+      def power_ids_name(name)
+        "#{name.to_s.singularize}_ids"
+      end
+
+    end
+
+  end
+end

data/lib/consul/spec/matchers.rb

@@ -0,0 +1,40 @@
+module Aegis
+  module Spec
+    module Matchers
+
+      class CheckPower
+
+        def initialize(*args)
+          @expected_args = args
+        end
+
+        def matches?(controller)
+          @controller_class = controller.class
+          @actual_args = @controller_class.instance_variable_get('@consul_power_args')
+          @actual_args == @expected_args
+        end
+
+        def failure_message
+          "expected #{@controller_class} to check against power #{@expected_args.inspect} but it checked against #{@actual_args.inspect}"
+        end
+
+        def negative_failure_message
+          "expected #{@controller_class} to not check against power #{@expected_args.inspect}"
+        end
+
+        def description
+          description = "check against power #{@expected_args.inspect}"
+          description
+        end
+
+      end
+
+      def check_power(*args)
+        CheckPower.new(*args)
+      end
+
+    end
+  end
+end
+
+ActiveSupport::TestCase.send :include, Aegis::Spec::Matchers

data/spec/app_root/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+
+end

data/spec/app_root/app/models/client.rb

@@ -0,0 +1,13 @@
+class Client < ActiveRecord::Base
+
+  has_many :notes
+
+  named_scope :active, :conditions => ["deleted = ? OR deleted IS NULL", false]
+
+  def foo
+    with_scope do
+
+    end
+  end
+
+end

data/spec/app_root/app/models/note.rb

@@ -0,0 +1,7 @@
+class Note < ActiveRecord::Base
+
+  belongs_to :client
+
+  validates_presence_of :client_id
+
+end

data/spec/app_root/app/models/power.rb

@@ -0,0 +1,28 @@
+class Power
+  include Consul::Power
+
+  def initialize(user)
+    @user = user
+  end
+
+  power :clients do
+    Client.active
+  end
+
+  power :client_notes do |client|
+    client.notes
+  end
+
+  power :admin do
+    false
+  end
+
+  power :moderator do
+    nil
+  end
+  
+  power :dashboard do
+    true
+  end
+
+end

data/spec/app_root/app/models/user.rb

@@ -0,0 +1,8 @@
+class User < ActiveRecord::Base
+
+  def power
+    @power ||= Power.new(self)
+  end
+
+end
+

data/spec/app_root/config/boot.rb

@@ -0,0 +1,114 @@
+# Allow customization of the rails framework path
+RAILS_FRAMEWORK_ROOT = (ENV['RAILS_FRAMEWORK_ROOT'] || "#{File.dirname(__FILE__)}/../../../../../../vendor/rails") unless defined?(RAILS_FRAMEWORK_ROOT) 
+
+# Don't change this file!
+# Configure your app in config/environment.rb and config/environments/*.rb
+
+RAILS_ROOT = "#{File.dirname(__FILE__)}/.." unless defined?(RAILS_ROOT)
+
+module Rails
+  class << self
+    def boot!
+      unless booted?
+        preinitialize
+        pick_boot.run
+      end
+    end
+
+    def booted?
+      defined? Rails::Initializer
+    end
+
+    def pick_boot
+      (vendor_rails? ? VendorBoot : GemBoot).new
+    end
+
+    def vendor_rails?
+      File.exist?(RAILS_FRAMEWORK_ROOT)
+    end
+
+    def preinitialize
+      load(preinitializer_path) if File.exist?(preinitializer_path)
+    end
+
+    def preinitializer_path
+      "#{RAILS_ROOT}/config/preinitializer.rb"
+    end
+  end
+
+  class Boot
+    def run
+      load_initializer
+      Rails::Initializer.run(:set_load_path)
+    end
+  end
+
+  class VendorBoot < Boot
+    def load_initializer
+      require "#{RAILS_FRAMEWORK_ROOT}/railties/lib/initializer"
+      Rails::Initializer.run(:install_gem_spec_stubs)
+    end
+  end
+
+  class GemBoot < Boot
+    def load_initializer
+      self.class.load_rubygems
+      load_rails_gem
+      require 'initializer'
+    end
+
+    def load_rails_gem
+      if version = self.class.gem_version
+        gem 'rails', version
+      else
+        gem 'rails'
+      end
+    rescue Gem::LoadError => load_error
+      $stderr.puts %(Missing the Rails #{version} gem. Please `gem install -v=#{version} rails`, update your RAILS_GEM_VERSION setting in config/environment.rb for the Rails version you do have installed, or comment out RAILS_GEM_VERSION to use the latest version installed.)
+      exit 1
+    end
+
+    class << self
+      def rubygems_version
+        Gem::RubyGemsVersion rescue nil
+      end
+
+      def gem_version
+        if defined? RAILS_GEM_VERSION
+          RAILS_GEM_VERSION
+        elsif ENV.include?('RAILS_GEM_VERSION')
+          ENV['RAILS_GEM_VERSION']
+        else
+          parse_gem_version(read_environment_rb)
+        end
+      end
+
+      def load_rubygems
+        require 'rubygems'
+        min_version = '1.1.1'
+        unless rubygems_version >= min_version
+          $stderr.puts %Q(Rails requires RubyGems >= #{min_version} (you have #{rubygems_version}). Please `gem update --system` and try again.)
+          exit 1
+        end
+ 
+      rescue LoadError
+        $stderr.puts %Q(Rails requires RubyGems >= #{min_version}. Please install RubyGems and try again: http://rubygems.rubyforge.org)
+        exit 1
+      end
+
+      def parse_gem_version(text)
+        $1 if text =~ /^[^#]*RAILS_GEM_VERSION\s*=\s*["']([!~<>=]*\s*[\d.]+)["']/
+      end
+
+      private
+        def read_environment_rb
+          environment_rb = "#{RAILS_ROOT}/config/environment.rb"
+          environment_rb = "#{HELPER_RAILS_ROOT}/config/environment.rb" unless File.exists?(environment_rb)
+          File.read(environment_rb)
+        end
+    end
+  end
+end
+
+# All that for this:
+Rails.boot!

data/spec/app_root/config/database.yml

@@ -0,0 +1,21 @@
+in_memory:
+  adapter: sqlite3
+  database: ":memory:"
+  verbosity: quiet
+sqlite:
+  adapter: sqlite
+  dbfile: plugin_test.sqlite.db
+sqlite3:
+  adapter: sqlite3
+  dbfile: plugin_test.sqlite3.db
+postgresql:
+  adapter: postgresql
+  username: postgres
+  password: postgres
+  database: plugin_test
+mysql:
+  adapter: mysql
+  host: localhost
+  username: root
+  password:
+  database: plugin_test

data/spec/app_root/config/environment.rb

@@ -0,0 +1,14 @@
+require File.join(File.dirname(__FILE__), 'boot')
+
+Rails::Initializer.run do |config|
+  config.cache_classes = false
+  config.whiny_nils = true
+  config.action_controller.session = { :key => "_myapp_session", :secret => "gwirofjweroijger8924rt2zfwehfuiwehb1378rifowenfoqwphf23" }
+  config.plugin_locators.unshift(
+    Class.new(Rails::Plugin::Locator) do
+      def plugins
+        [Rails::Plugin.new(File.expand_path('.'))]
+      end
+    end
+  ) unless defined?(PluginTestHelper::PluginLocator)
+end

data/spec/app_root/config/routes.rb

@@ -0,0 +1,7 @@
+ActionController::Routing::Routes.draw do |map|
+
+  map.resources :properties do |properties|
+    properties.resources :reviews
+  end
+
+end

data/spec/app_root/db/migrate/001_create_users.rb

@@ -0,0 +1,11 @@
+class CreateUsers < ActiveRecord::Migration
+
+  def self.up
+    create_table :users
+  end
+
+  def self.down
+    drop_table :users
+  end
+
+end

data/spec/app_root/db/migrate/002_create_clients.rb

@@ -0,0 +1,13 @@
+class CreateClients < ActiveRecord::Migration
+
+  def self.up
+    create_table :clients do |t|
+      t.boolean :deleted
+    end
+  end
+
+  def self.down
+    drop_table :clients
+  end
+
+end

data/spec/app_root/db/migrate/003_create_notes.rb

@@ -0,0 +1,13 @@
+class CreateNotes < ActiveRecord::Migration
+
+  def self.up
+    create_table :notes do |t|
+      t.integer :client_id
+    end
+  end
+
+  def self.down
+    drop_table :notes
+  end
+
+end

data/spec/app_root/lib/console_with_fixtures.rb

@@ -0,0 +1,4 @@
+# Loads fixtures into the database when running the test app via the console
+(ENV['FIXTURES'] ? ENV['FIXTURES'].split(/,/) : Dir.glob(File.join(Rails.root, '../fixtures/*.{yml,csv}'))).each do |fixture_file|
+  Fixtures.create_fixtures(File.join(Rails.root, '../fixtures'), File.basename(fixture_file, '.*'))
+end

data/spec/app_root/script/console

@@ -0,0 +1,7 @@
+irb = RUBY_PLATFORM =~ /(:?mswin|mingw)/ ? 'irb.bat' : 'irb'
+libs =  " -r irb/completion"
+libs << " -r test/test_helper"
+libs << " -r console_app"
+libs << " -r console_with_helpers"
+libs << " -r console_with_fixtures"
+exec "#{irb} #{libs} --simple-prompt"

data/spec/consul/power_spec.rb

@@ -0,0 +1,112 @@
+require 'spec_helper'
+
+describe Consul::Power do
+
+  before :each do
+    @user = User.create!
+    @deleted_client = Client.create!(:deleted => true)
+    @client1 = Client.create!
+    @client1_note1 = @client1.notes.create!
+    @client1_note2 = @client1.notes.create!
+    @client2 = Client.create!
+    @client2_note1 = @client2.notes.create!
+    @client2_note2 = @client2.notes.create!
+  end
+
+  describe 'example scenario' do
+
+    it 'should work as expected' do
+      Client.active.should == [@client1, @client2]
+      @client1.notes.should == [@client1_note1, @client1_note2] 
+    end
+
+  end
+
+  describe 'scope methods' do
+
+    it 'should return the registered scope' do
+      @user.power.clients.all.should == [@client1, @client2]
+    end
+
+    it 'should allow to register scopes with arguments' do
+      @user.power.client_notes(@client1).should == [@client1_note1, @client1_note2]
+    end
+
+  end
+
+  describe 'scope_ids methods' do
+
+    it 'should return record ids that match the registered scope' do
+      @user.power.client_ids.should == [@client1.id, @client2.id]
+    end
+
+    it 'should cache scope ids' do
+      @user.power.should_receive(:clients).once.and_return(double('scope').as_null_object)
+      2.times { @user.power.client_ids }
+    end
+
+  end
+
+  describe 'include?' do
+
+    it 'should return true if a given record belongs to a scope' do
+      @user.power.client?(@client1).should be_true
+    end
+
+    it 'should return false if a given record does not belong to a scope' do
+      @user.power.client?(@deleted_client).should be_false
+    end
+
+    it 'should only trigger a single query for multiple checks on the same scope' do
+      ActiveRecord::Base.connection.should_receive(:select_all).once.and_return([]) #.and_return(double('connection').as_null_object)
+      @user.power.client?(@client1)
+      @user.power.client?(@deleted_client)
+    end
+
+    it 'should return true when the queried power returns a scope (which might or might not match records)' do
+      @user.power.clients?.should be_true
+    end
+
+    it 'should return true when the queried power is not a scope, but returns true' do
+      @user.power.dashboard?.should be_true
+    end
+
+    it 'should return false when the queried power is not a scope, but returns false' do
+      @user.power.admin?.should be_false
+    end
+
+    it 'should return false when the queried power is not a scope, but returns nil' do
+      @user.power.moderator?.should be_false
+    end
+
+  end
+
+  describe 'include!' do
+
+    it 'should raise Consul::Powerless when the given record belongs to a scope' do
+      expect { @user.power.client!(@deleted_client) }.to raise_error(Consul::Powerless)
+    end
+
+    it 'should not raise Consul::Powerless when the given record does not belong to a scope' do
+      expect { @user.power.client!(@client1) }.to_not raise_error
+    end
+
+    it 'should not raise Consul::Powerless when the queried power returns a scope (which might or might not match records)' do
+      expect { @user.power.clients! }.to_not raise_error
+    end
+
+    it 'should not raise Consul::Powerless when the queried power is not a scope, but returns true' do
+      expect { @user.power.dashboard! }.to_not raise_error
+    end
+
+    it 'should raise Consul::Powerless when the queried power is not a scope, but returns false' do
+      expect { @user.power.admin! }.to raise_error
+    end
+
+    it 'should raise Consul::Powerless when the queried power is not a scope, but returns nil' do
+      expect { @user.power.moderator! }.to raise_error
+    end
+
+  end
+
+end

data/spec/rcov.opts

@@ -0,0 +1,2 @@
+--exclude "spec/*,gems/*"
+--rails

data/spec/spec.opts

@@ -0,0 +1,4 @@
+--colour
+--format progress
+--loadby mtime
+--reverse

data/spec/spec_helper.rb

@@ -0,0 +1,20 @@
+$: << File.join(File.dirname(__FILE__), "/../lib" )
+
+# Set the default environment to sqlite3's in_memory database
+ENV['RAILS_ENV'] ||= 'in_memory'
+
+# Load the Rails environment and testing framework
+require "#{File.dirname(__FILE__)}/app_root/config/environment"
+require "#{File.dirname(__FILE__)}/../lib/consul"
+require 'spec/rails'
+
+# Undo changes to RAILS_ENV
+silence_warnings {RAILS_ENV = ENV['RAILS_ENV']}
+
+# Run the migrations
+ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate")
+
+Spec::Runner.configure do |config|
+  config.use_transactional_fixtures = true
+  config.use_instantiated_fixtures  = false
+end

metadata

@@ -0,0 +1,120 @@
+--- !ruby/object:Gem::Specification 
+name: consul
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Henning Koch
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-04-12 00:00:00 +02:00
+default_executable: 
+dependencies: []
+
+description: Consul is a scope-based authorization solution for Ruby on Rails.
+email: henning.koch@makandra.de
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- README.rdoc
+files: 
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- README.rdoc
+- Rakefile
+- VERSION
+- consul.gemspec
+- lib/consul.rb
+- lib/consul/controller.rb
+- lib/consul/errors.rb
+- lib/consul/power.rb
+- lib/consul/spec/matchers.rb
+- spec/app_root/app/controllers/application_controller.rb
+- spec/app_root/app/models/client.rb
+- spec/app_root/app/models/note.rb
+- spec/app_root/app/models/power.rb
+- spec/app_root/app/models/user.rb
+- spec/app_root/config/boot.rb
+- spec/app_root/config/database.yml
+- spec/app_root/config/environment.rb
+- spec/app_root/config/environments/in_memory.rb
+- spec/app_root/config/environments/mysql.rb
+- spec/app_root/config/environments/postgresql.rb
+- spec/app_root/config/environments/sqlite.rb
+- spec/app_root/config/environments/sqlite3.rb
+- spec/app_root/config/routes.rb
+- spec/app_root/db/migrate/001_create_users.rb
+- spec/app_root/db/migrate/002_create_clients.rb
+- spec/app_root/db/migrate/003_create_notes.rb
+- spec/app_root/lib/console_with_fixtures.rb
+- spec/app_root/log/.gitignore
+- spec/app_root/script/console
+- spec/consul/power_spec.rb
+- spec/rcov.opts
+- spec/spec.opts
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/makandra/consul
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Scope-based authorization solution for Rails
+test_files: 
+- spec/app_root/db/migrate/001_create_users.rb
+- spec/app_root/db/migrate/002_create_clients.rb
+- spec/app_root/db/migrate/003_create_notes.rb
+- spec/app_root/config/boot.rb
+- spec/app_root/config/environment.rb
+- spec/app_root/config/routes.rb
+- spec/app_root/config/environments/in_memory.rb
+- spec/app_root/config/environments/mysql.rb
+- spec/app_root/config/environments/postgresql.rb
+- spec/app_root/config/environments/sqlite.rb
+- spec/app_root/config/environments/sqlite3.rb
+- spec/app_root/lib/console_with_fixtures.rb
+- spec/app_root/app/controllers/application_controller.rb
+- spec/app_root/app/models/client.rb
+- spec/app_root/app/models/note.rb
+- spec/app_root/app/models/power.rb
+- spec/app_root/app/models/user.rb
+- spec/consul/power_spec.rb
+- spec/spec_helper.rb