credentials 2.2.3 → 2.3.0

data/HISTORY

@@ -1,5 +1,9 @@
 === 2.2.3 / 2009-11-27
 
+* Add support for prepositions.
+
+=== 2.2.3 / 2009-11-27
+
 * Minor fix to ActionController extension.
 
 === 2.2.2 / 2009-11-25

data/VERSION

@@ -1 +1 @@
-2.2.3
+2.3.0

data/credentials.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{credentials}
-  s.version = "2.2.3"
+  s.version = "2.3.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Matt Powell"]
-  s.date = %q{2009-11-27}
+  s.date = %q{2009-12-16}
   s.description = %q{A generic actor/resource permission framework based on rules, not objects.}
   s.email = %q{fauxparse@gmail.com.com}
   s.extra_rdoc_files = [

data/lib/credentials/extensions/action_controller.rb

@@ -47,8 +47,8 @@ module Credentials
         # otherwise Credentials would also try to evaluate the
         # +edit+ method as an argument.
         def requires_permission_to(*args)
-          options = (args.last.is_a?(Hash) ? args.pop : {}).with_indifferent_access
-          %w(only except).each do |key|
+          options = (args.last.is_a?(Hash) ? args.pop : {})
+          [ :only, :except ].each do |key|
             options[key] = Array(options[key]).map(&:to_sym) if options[key]
           end
           self.required_credentials = self.required_credentials + [ [ options, args ] ]
@@ -80,12 +80,19 @@ module Credentials
         self.class.required_credentials.each do |options, args|
           next if options[:only] && !options[:only].include?(current_action)
           next if options[:except] && options[:except].include?(current_action)
-
+          
           raise Credentials::Errors::NotLoggedInError unless current_user
           evaluated = args.map do |arg|
             (arg.is_a?(Symbol) && respond_to?(arg) && !public_methods.include?(arg.to_s)) ? send(arg) : arg
           end
           
+          opts = returning({}) do |hash|
+            (Credentials::Prepositions & options.keys).each do |prep|
+              hash[prep] = send(options[prep])
+            end
+          end
+          evaluated << opts
+          
           unless current_user.can?(*evaluated)
             raise Credentials::Errors::AccessDeniedError
           end

data/lib/credentials/rule.rb

@@ -33,7 +33,7 @@ module Credentials
     # match any element of that array:
     #     class User
     #       credentials do |user|
-    #         user.can :fight, [ :shatner, :gandhi ]
+    #         user.can [ :punch, :fight ], [ :shatner, :gandhi ]
     #       end
     #     end
     #     
@@ -47,8 +47,10 @@ module Credentials
     #       end
     #     end
     def match?(*args)
-      return false unless arity == args.length
+      values = args.last.is_a?(Hash) ? args.pop : {}
       
+      return false unless arity == args.length
+
       parameters.zip(args).each do |expected, actual|
         case expected
         when :self then return false unless actual == args.first
@@ -56,7 +58,9 @@ module Credentials
         else return false unless expected === actual
         end
       end
+      
       result = true
+      result = result && (options.keys & Credentials::Prepositions).inject(true) { |memo, key| memo && evaluate_preposition(args.first, options[key], values[key]) }
       result = result && evaluate_condition(options[:if], :|, *args) unless options[:if].nil?
       result = result && !evaluate_condition(options[:unless], :&, *args) unless options[:unless].nil?
       result
@@ -84,5 +88,32 @@ module Credentials
         end
       end
     end
+
+    def evaluate_preposition(object, expected, actual)
+      return true if expected.nil?
+      return false if actual.nil?
+      return true if expected === actual
+      
+      single = expected.to_s
+      plural = single.respond_to?(:pluralize) ? single.pluralize : single + "s"
+      
+      lclass, rclass = [ object.class.name, actual.class.name ].map do |s|
+        s.gsub(/^.*::/, '').
+          gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
+          gsub(/([a-z\d])([A-Z])/,'\1_\2').
+          tr("-", "_").
+          downcase
+      end
+      
+      if object.respond_to?(:id) && actual.respond_to?(:"#{lclass}_id")
+        return true if actual.send(:"#{lclass}_id") == object.id
+      end
+      
+      if actual.respond_to?(:id) && object.respond_to?(:"#{rclass}_id")
+        return true if object.send(:"#{rclass}_id") == actual.id
+      end
+      
+      (object.respond_to?(single) && (object.send(single) == actual)) || (object.respond_to?(plural) && (object.send(plural).include?(actual)))
+    end
   end
 end

data/lib/credentials/rulebook.rb

@@ -123,6 +123,23 @@ module Credentials
     #         user.can :edit, :self
     #       end
     #     end
+    #
+    # == Prepositions (+:for+, +:on+, etc)
+    # You can do the following:
+    #     class User
+    #       credentials do |user|
+    #         user.can :delete, Comment, :on => :post
+    #       end
+    #     end
+    #
+    #     user.can? :delete, post.comments.first, :on => post
+    # ...means that Credentials will check if:
+    # * +post+ has a +user_id+ method matching +user.id+
+    # * +user+ has a +post_id+ method matching +post.id+
+    # * +user+ has a +post+ method matching +post+
+    # * +user+ has a +posts+ method that returns an array including +post+
+    #
+    # See Credentials::Prepositions for the list of available prepositions.
     def can(*args)
       self.rules << AllowRule.new(klass, *args)
     end

data/lib/credentials.rb

@@ -2,6 +2,10 @@ require "credentials/rulebook"
 require "credentials/extensions/object"
 require "credentials/extensions/magic_methods"
 
+module Credentials
+  Prepositions = [ :on, :for, :with, :at, :in, :from ].freeze
+end
+
 Object.send :include, Credentials::Extensions::Object
 
 if defined?(ActionController)

data/spec/controllers/test_controller_spec.rb

@@ -5,10 +5,12 @@ if defined?(ActionController)
     self.current_user_method = :logged_in_user
     requires_permission_to :view, :stuff, :except => [ :public ]
     requires_permission_to :break, :stuff, :only => [ :dangerous ]
+    requires_permission_to :create, :stuff, :for => :account, :only => [ :create ]
   
     def index; end
     def public; end
     def dangerous; end
+    def create; end
   
     def rescue_action(e)
       raise e
@@ -19,9 +21,14 @@ if defined?(ActionController)
     credentials do |user|
       user.can :view, :stuff
       user.can :break, :stuff, :if => :special?
+      user.can :create, :stuff, :for => :account
+      
+      def account; end
     end
   end
-
+  
+  class TestAccount; end
+  
   describe TestController do
     it "should know how to specify access credentials" do
       controller.class.should respond_to(:requires_permission_to)
@@ -77,6 +84,27 @@ if defined?(ActionController)
           }.should raise_error(Credentials::Errors::AccessDeniedError)
         end
       end
+
+      it "should be able to do stuff on its own account" do
+        @my_account = TestAccount.new
+        @user.stub!(:account).and_return(@my_account)
+        controller.stub!(:account).and_return(@my_account)
+        lambda {
+          get :create
+          response.should be_success
+        }.should_not raise_error(Credentials::Errors::AccessDeniedError)
+      end
+
+      it "should not be able to do stuff on someone else's account" do
+        @my_account = TestAccount.new
+        @your_account = TestAccount.new
+        @user.stub!(:account).and_return(@my_account)
+        controller.stub!(:account).and_return(@your_account)
+        lambda {
+          get :create
+          response.should_not be_success
+        }.should raise_error(Credentials::Errors::AccessDeniedError)
+      end
     end
   
     describe "when not logged in" do

data/spec/credentials_spec.rb

@@ -22,6 +22,14 @@ describe Animal do
   it "should not be able to clean another animal" do
     @sheep.should_not be_able_to :clean, @cow
   end
+
+  it "should be able to laugh at its friends" do
+    @dog = Animal.new("Dog")
+    @dog.friends = [ @cow ]
+    
+    @dog.should be_able_to :laugh, :at => @cow
+    @dog.should_not be_able_to :laugh, :at => @sheep
+  end
   
   it "should have magic methods for permissions" do
     lambda {
@@ -112,7 +120,7 @@ end
 
 describe Man do
   before :each do
-    @man = Man.new
+    @man = Man.new("Andrew")
   end
   
   it "should be able to do anything it wants" do

data/spec/domain.rb

@@ -1,9 +1,12 @@
 class Animal
   credentials do |animal|
     animal.can :clean, :self
+    animal.can :laugh, :at => :friend
   end
   
   attr_accessor :species, :hungry, :fast
+  attr_accessor :friends
+  def friends; @friends ||= []; end
   
   def initialize(species = nil, hungry = false, fast = false)
     @species = species

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: credentials
 version: !ruby/object:Gem::Version 
-  version: 2.2.3
+  version: 2.3.0
 platform: ruby
 authors: 
 - Matt Powell
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-11-27 00:00:00 +13:00
+date: 2009-12-16 00:00:00 +13:00
 default_executable: 
 dependencies: []