grant 2.0.0 → 2.0.1

data/lib/grant/status.rb

@@ -0,0 +1,60 @@
+module Grant
+  module Status
+
+    def grant_disabled?
+      Thread.current[:grant_disabled] == true
+    end
+
+    def grant_enabled?
+      Thread.current[:grant_disabled] == false
+    end
+
+    def disable_grant
+      Thread.current[:grant_disabled] = true
+    end
+
+    def enable_grant
+      Thread.current[:grant_disabled] = false
+    end
+
+    def without_grant
+      previously_disabled = grant_disabled?
+
+      begin
+        disable_grant
+        result = yield if block_given?
+      ensure
+        enable_grant unless previously_disabled
+      end
+
+      result
+    end
+
+    def with_grant
+      previously_disabled = grant_disabled?
+
+      begin
+        enable_grant
+        result = yield if block_given?
+      ensure
+        disable_grant if previously_disabled
+      end
+
+      result
+    end
+
+    def do_as(user)
+      previous_user = Grant::User.current_user
+
+      begin
+        Grant::User.current_user = user
+        result = yield if block_given?
+      ensure
+        Grant::User.current_user = previous_user
+      end
+
+      result
+    end
+
+  end
+end

data/lib/grant/user.rb

@@ -1,16 +1,15 @@
 module Grant
   module User
+
     def current_user
-      Thread.current[@@current_user_symbol]
+      Thread.current[:grant_user]
     end
 
     def current_user=(user)
-      Thread.current[@@current_user_symbol] = user
+      Thread.current[:grant_user] = user
     end
-    
+
     module_function :current_user, :current_user=
 
-    private
-    @@current_user_symbol = :grant_current_user_symbol
   end
-end
+end

data/lib/grant/version.rb

@@ -1,3 +1,3 @@
 module Grant
-  VERSION = "2.0.0"
-end
+  VERSION = "2.0.1"
+end

data/spec/config_spec.rb

@@ -0,0 +1,29 @@
+require File.dirname(__FILE__) + '/spec_helper'
+require 'grant/config'
+
+describe Grant::Config do
+  
+  describe 'Configuration' do
+    it "should parse actions from a config array" do
+      config = Grant::Config.new(:create, 'update')
+      config.actions.should_not be_nil
+      config.actions.should have(2).items
+      config.actions.should =~ [:create, :update]
+    end
+  end
+
+  describe 'Configuration Validation' do
+    it "should raise a Grant::Error if no action is specified" do
+      lambda {
+        Grant::Config.new
+      }.should raise_error(Grant::Error)
+    end
+
+    it "should raise a Grant::Error if an invalid action is specified" do
+      lambda {
+        Grant::Config.new(:create, :view)
+      }.should raise_error(Grant::Error)
+    end
+  end
+
+end

data/spec/grantable_spec.rb

@@ -0,0 +1,99 @@
+require File.dirname(__FILE__) + '/spec_helper'
+require 'grant/grantable'
+require 'grant/user'
+
+describe Grant::Grantable do
+  before(:each) do
+    @user = User.create
+    Grant::User.current_user = @user
+  end
+
+  it 'should not restrict CRUD operations until the first grant method call' do
+    lambda {
+      m = Model.create
+      m = Model.find(m.id)
+      m.update_attributes(:name => 'new')
+      m.destroy
+    }.should_not raise_error
+  end
+
+  it 'should automatically include Grant::Status after the first grant method call' do
+    redefine_model { grant(:create) { true } }
+    Model.included_modules.should include(Grant::Status)
+  end
+
+  it 'should setup failing Grant::Grantor objects for create, find, update, and destroy callbacks when initialized' do
+    m = Model.create
+    Model.initialize_grant
+    lambda { Model.create }.should raise_error(Grant::Error)
+    lambda { Model.find(m.id) }.should raise_error(Grant::Error)
+    lambda { m.update_attributes(:name => 'new') }.should raise_error(Grant::Error)
+    lambda { m.destroy }.should raise_error(Grant::Error)
+  end
+
+  it 'should indicate whether Grant has been initialized' do
+    redefine_model
+    Model.should_not be_grant_initialized
+    Model.initialize_grant
+    Model.should be_grant_initialized
+  end
+
+  it 'should associate callbacks with active record create, find, update, and destroy callbacks' do
+    redefine_model do
+      grant(:create) { true }
+      grant(:find) { true }
+      grant(:update) { false }
+      grant(:destroy) { false }
+    end
+
+    m = Model.create
+    m = Model.find(m.id)
+    lambda { m.update_attributes(:name => 'new')}.should raise_error(Grant::Error)
+    lambda { m.destroy }.should raise_error(Grant::Error)
+  end
+
+  it 'should allow multiple actions to be specified in a grant statement' do
+    redefine_model
+    m = Model.create
+    redefine_model do
+      grant(:create, :find) { false }
+      grant(:update, :destroy) { true }
+    end
+
+    lambda { Model.find(m.id) }.should raise_error(Grant::Error)
+    lambda { Model.create }.should raise_error(Grant::Error)
+    m.update_attributes(:name => 'new')
+    m.destroy
+  end
+
+  it 'should allow callbacks to be redefined with subsequent grant statements' do
+    redefine_model do
+      grant(:create) { true }
+      grant(:create) { false }
+    end
+
+    lambda { Model.create }.should raise_error(Grant::Error)
+  end
+
+  it 'should provide callbacks with the user and model being protected' do
+    redefine_model do
+      grant(:create) do |user, model|
+        user.should == Grant::User.current_user
+        model.should_not == nil
+        true
+      end
+    end
+
+    Model.create
+  end
+
+  def redefine_model(&blk)
+    clazz = Class.new(ActiveRecord::Base, &blk)
+    Object.send :remove_const, 'Model'
+    Object.send :const_set, 'Model', clazz
+  end
+
+  class User < ActiveRecord::Base; end
+  class Model < ActiveRecord::Base; end
+
+end

data/spec/grantor_spec.rb

@@ -0,0 +1,40 @@
+require File.dirname(__FILE__) + '/spec_helper'
+require 'ostruct'
+require 'grant/grantor'
+
+describe Grant::Grantor do
+
+  describe '#initialize' do
+    it 'should define a before_create callback method when passed create as an argument' do
+      Grant::Grantor.new(:create).should respond_to(:before_create)
+    end
+    it 'should define an after_find callback method when passed find as an argument' do
+      Grant::Grantor.new(:find).should respond_to(:after_find)
+    end
+    it 'should define a before_update callback method when passed update as an argument' do
+      Grant::Grantor.new(:update).should respond_to(:before_update)
+    end
+    it 'should define a before_destroy callback method when passed destroy as an argument' do
+      Grant::Grantor.new(:destroy).should respond_to(:before_destroy)
+    end
+  end
+
+  describe '#error' do
+    it 'should raise a nicely formatted error detailing the user and model objects' do
+      user = OpenStruct.new(:id => 1)
+      model = OpenStruct.new(:id => 2)
+      action = :create
+
+      begin
+        Grant::Grantor.new(:create).error(user, action, model)
+      rescue => ex
+        ex.message.should include("#{user.class.name}:#{user.id}")
+        ex.message.should include("#{model.class.name}:#{model.id}")
+        ex.message.should include(action.to_s)
+      else
+        fail "should have received an exception"
+      end
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -1,45 +1,10 @@
 require 'rspec'
+require 'grant'
 
 # Requires supporting files with custom matchers and macros, etc,
 # in ./support/ and its subdirectories.
 Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
 
 RSpec.configure do |config|
-  # If you're not using ActiveRecord you should remove these
-  # lines, delete config/database.yml and disable :active_record
-  # in your config/boot.rb
-  # config.use_transactional_fixtures = true
-  # config.use_instantiated_fixtures  = false
-
-  # == Fixtures
-  #
-  # You can declare fixtures for each example_group like this:
-  #   describe "...." do
-  #     fixtures :table_a, :table_b
-  #
-  # Alternatively, if you prefer to declare them only once, you can
-  # do so right here. Just uncomment the next line and replace the fixture
-  # names with your fixtures.
-  #
-  # config.global_fixtures = :all
-  #
-  # If you declare global fixtures, be aware that they will be declared
-  # for all of your examples, even those that don't use them.
-  #
-  # You can also declare which fixtures to use (for example fixtures for test/fixtures):
-  #
-  # config.fixture_path = RAILS_ROOT + '/spec/fixtures/'
-  #
-  # == Mock Framework
-  #
-  # RSpec uses it's own mocking framework by default. If you prefer to
-  # use mocha, flexmock or RR, uncomment the appropriate line:
-  #
-  # config.mock_with :mocha
-  # config.mock_with :flexmock
-  # config.mock_with :rr
-  #
-  # == Notes
-  #
-  # For more information take a look at Spec::Runner::Configuration and Spec::Runner
+  config.include TransactionalSpecs
 end

data/spec/status_spec.rb

@@ -0,0 +1,18 @@
+require File.dirname(__FILE__) + '/spec_helper'
+require 'grant/status'
+
+describe Grant::Status do
+  it "should be enabled if set to enabled" do
+    obj = Class.new { include Grant::Status }.new
+    obj.enable_grant
+    obj.should be_grant_enabled
+    obj.should_not be_grant_disabled
+  end
+
+  it "should be disabled if set to disabled" do
+    obj = Class.new { include Grant::Status }.new
+    obj.disable_grant
+    obj.should_not be_grant_enabled
+    obj.should be_grant_disabled
+  end
+end

data/spec/support/db_setup.rb

@@ -0,0 +1,48 @@
+require 'active_support/core_ext'
+require 'active_record'
+
+tmpdir = File.join(File.dirname(__FILE__), '..', '..', 'tmp')
+FileUtils.mkdir(tmpdir) unless File.exist?(tmpdir)
+test_db = File.join(tmpdir, 'test.db')
+
+connection_spec = {
+  :adapter => 'sqlite3',
+  :database => test_db
+}
+
+# Delete any existing instance of the test database
+FileUtils.rm test_db, :force => true
+
+# Create a new test database
+ActiveRecord::Base.establish_connection(connection_spec)
+
+# ActiveRecord::Base.connection.initialize_schema_migrations_table
+
+class CreateUser < ActiveRecord::Migration
+  def self.up
+    create_table :users, :force => true do |t|
+      t.column :username, :string
+    end
+  end
+
+  def self.down
+    drop_table :users
+  end
+end
+
+class CreateModel < ActiveRecord::Migration
+  def self.up
+    create_table :models, :force => true do |t|
+      t.column :name, :string
+      t.column :value, :string
+    end
+  end
+
+  def self.down
+    drop_table :models
+  end
+end
+
+CreateUser.up
+CreateModel.up
+

data/spec/support/transactional_specs.rb

@@ -0,0 +1,17 @@
+module TransactionalSpecs
+
+  def self.included(base)
+    base.class_eval do
+      around(:each) do |spec|
+        ActiveRecord::Base.transaction do
+          begin
+            spec.call
+          ensure
+            raise ActiveRecord::Rollback
+          end
+        end
+      end
+    end
+  end
+
+end

data/spec/user_spec.rb

@@ -7,19 +7,19 @@ describe Grant::User do
     Grant::User.current_user = user
     Grant::User.current_user.should == user
   end
-  
+
   it "should not return the same user from a different thread" do
     user = "user"
     user2 = "user2"
-    
+
     Grant::User.current_user = user
-    
+
     Thread.new do
       Grant::User.current_user.should be_nil
       Grant::User.current_user = user2
       Grant::User.current_user.should == user2
     end
-    
+
     Grant::User.current_user.should == user
   end
-end
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: grant
 version: !ruby/object:Gem::Version 
-  hash: 15
-  prerelease: false
+  hash: 13
+  prerelease: 
   segments: 
   - 2
   - 0
-  - 0
-  version: 2.0.0
+  - 1
+  version: 2.0.1
 platform: ruby
 authors: 
 - Jeff Kunkle
@@ -16,7 +16,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-01-05 00:00:00 -05:00
+date: 2011-03-21 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -25,14 +25,48 @@ dependencies:
   requirement: &id001 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - "="
       - !ruby/object:Gem::Version 
-        hash: 3
+        hash: 27
         segments: 
+        - 2
+        - 5
         - 0
-        version: "0"
+        version: 2.5.0
   type: :development
   version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: sqlite3-ruby
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - "="
+      - !ruby/object:Gem::Version 
+        hash: 29
+        segments: 
+        - 1
+        - 3
+        - 3
+        version: 1.3.3
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: activerecord
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">"
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 3
+        - 0
+        - 0
+        version: 3.0.0
+  type: :development
+  version_requirements: *id003
 description: Grant is a Ruby gem and Rails plugin that forces you to make explicit security decisions about the operations performed on your ActiveRecord models.
 email: 
 executables: []
@@ -42,23 +76,32 @@ extensions: []
 extra_rdoc_files: []
 
 files: 
-- lib/grant/config_parser.rb
+- .gitignore
+- CHANGELOG.md
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.rdoc
+- Rakefile
+- grant.gemspec
+- init.rb
+- lib/grant.rb
+- lib/grant/config.rb
+- lib/grant/grantable.rb
+- lib/grant/grantor.rb
 - lib/grant/integration.rb
 - lib/grant/model_security.rb
 - lib/grant/spec_helpers.rb
-- lib/grant/thread_local.rb
-- lib/grant/thread_status.rb
+- lib/grant/status.rb
 - lib/grant/user.rb
 - lib/grant/version.rb
-- lib/grant.rb
-- LICENSE
-- README.rdoc
-- spec/config_parser_spec.rb
-- spec/integration_spec.rb
-- spec/model_security_spec.rb
+- spec/config_spec.rb
+- spec/grantable_spec.rb
+- spec/grantor_spec.rb
 - spec/spec_helper.rb
-- spec/thread_local_spec.rb
-- spec/thread_status_spec.rb
+- spec/status_spec.rb
+- spec/support/db_setup.rb
+- spec/support/transactional_specs.rb
 - spec/user_spec.rb
 has_rdoc: true
 homepage: http://github.com/nearinfinity/grant
@@ -83,24 +126,23 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 23
+      hash: 3
       segments: 
-      - 1
-      - 3
-      - 6
-      version: 1.3.6
+      - 0
+      version: "0"
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.7
+rubygems_version: 1.4.2
 signing_key: 
 specification_version: 3
 summary: Conscious security constraints for your ActiveRecord model objects
 test_files: 
-- spec/config_parser_spec.rb
-- spec/integration_spec.rb
-- spec/model_security_spec.rb
+- spec/config_spec.rb
+- spec/grantable_spec.rb
+- spec/grantor_spec.rb
 - spec/spec_helper.rb
-- spec/thread_local_spec.rb
-- spec/thread_status_spec.rb
+- spec/status_spec.rb
+- spec/support/db_setup.rb
+- spec/support/transactional_specs.rb
 - spec/user_spec.rb