consul 0.4.1 → 0.4.2

data/.travis.yml

@@ -1,8 +1,12 @@
 language: ruby
 rvm:
   - "1.8.7"
-  - "1.9.2"
   - "1.9.3"
-  - rbx-18mode
-  - rbx-19mode
+  - ree
 script: rake all:bundle all:spec
+notifications:
+  email:
+    - fail@makandra.de
+branches:
+  only:
+    - master

data/README.md

@@ -1,10 +1,14 @@
 Consul - A scope-based authorization solution
 =============================================
 
+[![Build Status](https://secure.travis-ci.org/makandra/consul.png?branch=master)](https://travis-ci.org/makandra/consul)
+
 Consul is a authorization solution for Ruby on Rails that uses scopes to control what a user can see or edit.
 
 We have used Consul in combination with [assignable_values](https://github.com/makandra/assignable_values) to solve a variety of authorization requirements ranging from boring to bizarre.
 
+Also see our crash course video: [Solving bizare authorization requirements with Rails](http://bizarre-authorization.talks.makandra.com/).
+
 
 Describing a power for your application
 ---------------------------------------
@@ -59,8 +63,8 @@ You can also write power checks like this:
 
     power.include?(:notes)
     power.include!(:notes)
-    power.include?(:note, Note.last)
-    power.include!(:note, Note.last)
+    power.include?(:notes, Note.last)
+    power.include!(:notes, Note.last)
 
 
 Boolean powers
@@ -83,6 +87,60 @@ You can query it like the other powers:
     power.dashboard! # => raises Consul::Powerless unless Power#dashboard? returns true
 
 
+Powers that give no access at all
+---------------------------------
+
+Note that there is a difference between having access to an empty list of records, and having no access at all.
+If you want to express that a user has no access at all, make the respective power return `nil`.
+
+Note how the power in the example below returns `nil` unless the user is an admin:
+
+    class Power
+      ...
+
+      power :users do
+        User if @user.admin?
+      end
+
+    end
+
+When a non-admin queries the `:users` power, she will get the following behavior:
+
+    power.notes # => returns nil
+    power.notes? # => returns false
+    power.notes! # => raises Consul::Powerless
+    power.note?(Note.last) # => returns false
+    power.note!(Note.last) # => raises Consul::Powerless
+
+
+Other types of powers
+---------------------
+
+A power can return any type of object. For instance, you often want to return an array:
+
+    class Power
+      ...
+
+      power :assignable_note_states do
+        if admin?
+          %w[draft pending published retracted]
+        else
+          %w[draft pending]
+        end
+      end
+
+    end
+
+You can query it like any other power. E.g. if a non-admin queries this power she will get the following behavior:
+
+    power.assignable_note_states # => ['draft', 'pending']
+    power.assignable_note_states? # => returns true
+    power.assignable_note_states! # => does nothing (because the power isn't nil)
+    power.assignable_note_state?('draft') # => returns true
+    power.assignable_note_state?('published') # => returns false
+    power.assignable_note_state!('published') # => raises Consul::Powerless
+
+
 Role-based permissions
 ----------------------
 
@@ -329,9 +387,9 @@ Now run `bundle install` to lock the gem into your project.
 Development
 -----------
 
-A Rails 2 test application lives in `spec/app_root`. You can run specs from the project root by saying:
+Test applications for various Rails versions lives in `spec`. You can run specs from the project root by saying:
 
-  bundle exec rake spec
+  bundle exec rake all:spec
 
 If you would like to contribute:
 

data/lib/consul/power.rb

@@ -13,7 +13,9 @@ module Consul
       if record.nil?
         !!power_value
       else
-        if scope?(power_value)
+        if power_value.nil?
+          false
+        elsif scope?(power_value)
           power_ids_name = self.class.power_ids_name(name)
           send(power_ids_name, *args).include?(record.id)
         elsif collection?(power_value)

data/lib/consul/version.rb

@@ -1,3 +1,3 @@
 module Consul
-  VERSION = '0.4.1'
+  VERSION = '0.4.2'
 end

data/spec/rails-3.2/Gemfile

@@ -8,6 +8,5 @@ gem 'shoulda-matchers'
 gem 'sqlite3'
 gem 'rspec_candy'
 gem 'ruby-debug', :platforms => :mri_18
-gem 'database_cleaner'
 
 gem 'consul', :path => '../..'

data/spec/rails-3.2/spec/spec_helper.rb

@@ -8,9 +8,8 @@ FileUtils.rm(Dir.glob("#{ENV['RAILS_ROOT']}/db/*.db"), :force => true)
 # Load the Rails environment and testing framework
 require "#{File.dirname(__FILE__)}/../app_root/config/environment"
 require 'rspec/rails'
-require 'database_cleaner'
 
-DatabaseCleaner.strategy = :truncation
+# DatabaseCleaner.strategy = :truncation
 
 require 'rspec_candy/helpers'
 
@@ -21,9 +20,9 @@ ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate")
 print "\033[0m"
 
 RSpec.configure do |config|
-  config.use_transactional_fixtures = false
+  config.use_transactional_fixtures = true
   config.use_instantiated_fixtures  = false
-  config.before(:each) do
-    DatabaseCleaner.clean
-  end
+  #config.before(:each) do
+  #  DatabaseCleaner.clean
+  #end
 end

data/spec/shared/consul/power_spec.rb

@@ -22,6 +22,60 @@ describe Consul::Power do
 
   end
 
+  context 'nil powers' do
+
+    describe '#include?' do
+
+      context 'when no record is given' do
+
+        it 'should return false' do
+          @user.role = 'guest'
+          @user.power.clients.should be_nil
+          @user.power.clients?.should be_false
+        end
+
+      end
+
+      context 'with a given record' do
+
+        it 'should return false' do
+          client = Client.create!
+          @user.role = 'guest'
+          @user.power.clients.should be_nil
+          @user.power.client?(client).should be_false
+        end
+
+      end
+
+    end
+
+    describe '#include!' do
+
+      context 'when no record is given' do
+
+        it 'should raise Consul::Powerless when the power returns nil' do
+          @user.role = 'guest'
+          @user.power.clients.should be_nil
+          expect { @user.power.clients! }.to raise_error(Consul::Powerless)
+        end
+
+      end
+
+      context 'with a given record' do
+
+        it 'should raise Consul::Powerless when' do
+          client = Client.create!
+          @user.role = 'guest'
+          @user.power.clients.should be_nil
+          expect { @user.power.client!(client) }.to raise_error(Consul::Powerless)
+        end
+
+      end
+
+    end
+
+  end
+
   context 'scope powers' do
 
     it 'should return the registered scope' do
@@ -40,12 +94,6 @@ describe Consul::Power do
           @user.power.clients?.should be_true
         end
 
-        it 'should return false if the power returns nil' do
-          @user.role = 'guest'
-          @user.power.clients.should be_nil
-          @user.power.clients?.should be_false
-        end
-
       end
 
       context 'with a given record' do
@@ -72,12 +120,6 @@ describe Consul::Power do
 
       context 'when no record is given' do
 
-        it 'should raise Consul::Powerless when the power returns nil' do
-          @user.role = 'guest'
-          @user.power.clients.should be_nil
-          expect { @user.power.clients! }.to raise_error(Consul::Powerless)
-        end
-
         it 'should not raise Consul::Powerless when the power returns a scope (which might or might not match records)' do
           expect { @user.power.clients! }.to_not raise_error
         end

metadata

@@ -1,54 +1,60 @@
---- !ruby/object:Gem::Specification
+--- !ruby/object:Gem::Specification 
 name: consul
-version: !ruby/object:Gem::Version
-  version: 0.4.1
+version: !ruby/object:Gem::Version 
+  hash: 11
   prerelease: 
+  segments: 
+  - 0
+  - 4
+  - 2
+  version: 0.4.2
 platform: ruby
-authors:
+authors: 
 - Henning Koch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-11-23 00:00:00.000000000 Z
-dependencies:
-- !ruby/object:Gem::Dependency
+
+date: 2012-12-14 00:00:00 +01:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
   name: memoizer
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rails
-  requirement: !ruby/object:Gem::Requirement
+  requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
   type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rails
   prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :runtime
+  version_requirements: *id002
 description: A scope-based authorization solution for Ruby on Rails.
 email: henning.koch@makandra.de
 executables: []
+
 extensions: []
+
 extra_rdoc_files: []
-files:
+
+files: 
 - .gitignore
 - .travis.yml
 - README.md
@@ -136,29 +142,39 @@ files:
 - spec/shared/consul/controllers/songs_controller_spec.rb
 - spec/shared/consul/controllers/users_controller_spec.rb
 - spec/shared/consul/power_spec.rb
+has_rdoc: true
 homepage: https://github.com/makandra/consul
 licenses: []
+
 post_install_message: 
 rdoc_options: []
-require_paths:
+
+require_paths: 
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement
+required_ruby_version: !ruby/object:Gem::Requirement 
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
-required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
-  requirements:
-  - - ! '>='
-    - !ruby/object:Gem::Version
-      version: '0'
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
 requirements: []
+
 rubyforge_project: 
-rubygems_version: 1.8.24
+rubygems_version: 1.3.9.4
 signing_key: 
 specification_version: 3
 summary: A scope-based authorization solution for Ruby on Rails.
 test_files: []
-has_rdoc: 
+