granted 0.1.0

data/spec/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/database.yml

@@ -0,0 +1,27 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+mysql: &mysql
+  adapter: mysql2
+  username: travis
+  database: granted_<%= Rails.env %>
+
+postgresql: &postgresql
+  adapter: postgresql
+  username: travis
+  database: granted_<%= Rails.env %>
+  min_messages: ERROR
+
+defaults: &defaults
+  pool: 16
+  timeout: 5000
+  host: localhost
+  <<: *<%= ENV['DB'] || "mysql" %>
+
+development:
+  <<: *defaults
+
+test:
+  <<: *defaults

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Dummy::Application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,37 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+end

data/spec/dummy/config/environments/production.rb

@@ -0,0 +1,67 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this)
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS
+  config.assets.compress = true
+
+  # Don't fallback to assets pipeline if a precompiled asset is missed
+  config.assets.compile = false
+
+  # Generate digests for assets URLs
+  config.assets.digest = true
+
+  # Defaults to nil and saved in location specified by config.assets.prefix
+  # config.assets.manifest = YOUR_PATH
+
+  # Specifies the header that your server uses for sending files
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Prepend all log lines with the following tags
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # config.assets.precompile += %w( search.js )
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  # config.active_record.auto_explain_threshold_in_seconds = 0.5
+end

data/spec/dummy/config/environments/test.rb

@@ -0,0 +1,37 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite. You never need to work with it otherwise. Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs. Don't rely on the data there!
+  config.cache_classes = true
+
+  # Configure static asset server for tests with Cache-Control for performance
+  config.serve_static_assets = true
+  config.static_cache_control = "public, max-age=3600"
+
+  # Log error messages when you accidentally call methods on nil
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+end

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/spec/dummy/config/initializers/inflections.rb

@@ -0,0 +1,15 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+#
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.acronym 'RESTful'
+# end

data/spec/dummy/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

data/spec/dummy/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Dummy::Application.config.secret_token = 'f7b4ced0254900c78f7ca3ceb21e4905a390c006e9817cca27b0b2c72a93d7a3c1dc9ff3effe452d032f36703f1a9fe79fab9ade961c8bd516b9986fbe2c1c16'

data/spec/dummy/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# Dummy::Application.config.session_store :active_record_store

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -0,0 +1,14 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json]
+end
+
+# Disable root element in JSON by default.
+ActiveSupport.on_load(:active_record) do
+  self.include_root_in_json = false
+end

data/spec/dummy/config/locales/en.yml

@@ -0,0 +1,5 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"

data/spec/dummy/config/routes.rb

@@ -0,0 +1,58 @@
+Dummy::Application.routes.draw do
+  # The priority is based upon order of creation:
+  # first created -> highest priority.
+
+  # Sample of regular route:
+  #   match 'products/:id' => 'catalog#view'
+  # Keep in mind you can assign values other than :controller and :action
+
+  # Sample of named route:
+  #   match 'products/:id/purchase' => 'catalog#purchase', :as => :purchase
+  # This route can be invoked with purchase_url(:id => product.id)
+
+  # Sample resource route (maps HTTP verbs to controller actions automatically):
+  #   resources :products
+
+  # Sample resource route with options:
+  #   resources :products do
+  #     member do
+  #       get 'short'
+  #       post 'toggle'
+  #     end
+  #
+  #     collection do
+  #       get 'sold'
+  #     end
+  #   end
+
+  # Sample resource route with sub-resources:
+  #   resources :products do
+  #     resources :comments, :sales
+  #     resource :seller
+  #   end
+
+  # Sample resource route with more complex sub-resources
+  #   resources :products do
+  #     resources :comments
+  #     resources :sales do
+  #       get 'recent', :on => :collection
+  #     end
+  #   end
+
+  # Sample resource route within a namespace:
+  #   namespace :admin do
+  #     # Directs /admin/products/* to Admin::ProductsController
+  #     # (app/controllers/admin/products_controller.rb)
+  #     resources :products
+  #   end
+
+  # You can have the root of your site routed with "root"
+  # just remember to delete public/index.html.
+  # root :to => 'welcome#index'
+
+  # See how all your routes lay out with "rake routes"
+
+  # This is a legacy wild controller route that's not recommended for RESTful applications.
+  # Note: This route will make all actions in every controller accessible via GET requests.
+  # match ':controller(/:action(/:id))(.:format)'
+end

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application

data/spec/dummy/db/migrate/20130805113508_create_user.rb

@@ -0,0 +1,9 @@
+class CreateUser < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+      
+      t.timestamps
+    end
+  end
+end

data/spec/dummy/db/migrate/20130805113515_create_document.rb

@@ -0,0 +1,10 @@
+class CreateDocument < ActiveRecord::Migration
+  def change
+    create_table :documents do |t|
+      t.string :name
+      t.text :content
+      
+      t.timestamps
+    end
+  end
+end

data/spec/dummy/db/migrate/20132406101010_create_grants.rb

@@ -0,0 +1,19 @@
+class CreateGrants < ActiveRecord::Migration
+  def self.filename
+    __FILE__
+  end
+
+  def change
+    create_table :grants do |t|
+      t.integer :grantee_id
+      t.string  :grantee_type
+      t.integer :subject_id
+      t.string  :subject_type
+      t.string  :type
+
+      t.timestamps
+    end
+
+    add_index :grants, [:grantee_id, :grantee_type, :subject_id, :subject_type, :type], unique: true, name: :grants_uniqueness
+  end
+end

data/spec/dummy/db/schema.rb

@@ -0,0 +1,41 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+
+ActiveRecord::Schema.define(:version => 20132406101010) do
+
+  create_table "documents", :force => true do |t|
+    t.string   "name"
+    t.text     "content"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+  create_table "grants", :force => true do |t|
+    t.integer  "grantee_id"
+    t.string   "grantee_type"
+    t.integer  "subject_id"
+    t.string   "subject_type"
+    t.string   "type"
+    t.datetime "created_at",   :null => false
+    t.datetime "updated_at",   :null => false
+  end
+
+  add_index "grants", ["grantee_id", "grantee_type", "subject_id", "subject_type", "type"], :name => "grants_uniqueness", :unique => true
+
+  create_table "users", :force => true do |t|
+    t.string   "name"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+end

data/spec/dummy/public/404.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/public/422.html

@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+</body>
+</html>

data/spec/dummy/public/500.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style type="text/css">
+    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
+    div.dialog {
+      width: 25em;
+      padding: 0 4em;
+      margin: 4em auto 0 auto;
+      border: 1px solid #ccc;
+      border-right-color: #999;
+      border-bottom-color: #999;
+    }
+    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+  </div>
+</body>
+</html>

data/spec/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/grant_class_factory_spec.rb

@@ -0,0 +1,17 @@
+require 'spec_helper'
+
+describe Granted::GrantClassFactory do
+  before(:all){ Granted::GrantClassFactory.create(:publish) }
+
+  it "has the right type" do
+    Granted::PublishGrant.new.class.name.should == 'Granted::PublishGrant'
+  end
+
+  it "creating the same class again doesn't hurt" do
+    expect{
+      Granted::GrantClassFactory.create(:double)
+      Granted::GrantClassFactory.create(:double)
+      Granted::GrantClassFactory.create(:double)
+    }.to_not raise_error
+  end
+end

data/spec/models/grant_spec.rb

@@ -0,0 +1,114 @@
+require 'spec_helper.rb'
+
+describe Granted::Grant do
+  before(:all) do
+    @alfred  = User.create name: 'Alfred'
+    @bruce   = User.create name: 'Bruce'
+    @alfreds = Document.create name: 'Alfreds', content: 'Secret'
+    @bruces  = Document.create name: 'Bruces', content: 'Secret'
+
+    Granted::WriteGrant.create! grantee: @alfred, subject: @alfreds
+  end
+
+  context "using a grantee as the starting point" do
+    it "lists Alfred's document as one of his writeable documents" do
+      @alfred.writeable_documents.count.should == 1
+    end
+
+    it "Alfred has no readable documents" do
+      @alfred.readable_documents.count.should == 0
+    end
+
+    it "Bruce has no documents at all" do
+      @bruce.all_documents.count.should == 0
+    end
+
+    it "grant read access on Alfred's document to Bruce" do
+      Granted::Grant.destroy_all
+      expect{
+        @bruce.grant(:read).on(@alfreds)
+      }.to change(@bruce.readable_documents, :count).from(0).to(1)
+    end
+
+    it "grant all access on Alfred's document to Bruce" do
+      Granted::Grant.destroy_all
+      expect{
+        @bruce.grant(:read, :write, :destroy).on(@alfreds)
+      }.to change(Grant, :count).from(0).to(3)
+    end
+
+    it "revoke write access on Alfred's document from Alfred" do
+      expect{
+        @alfred.revoke(:write).on(@alfreds)
+      }.to change(@alfred.writeable_documents, :count).from(1).to(0)
+    end
+
+    it "returns Alfred only once even though he has multiple rights" do
+      Granted::DestroyGrant.create(subject: @alfreds, grantee: @alfred)
+      @alfred.grants.count.should == 2
+      @alfred.all_documents.count.should == 1
+    end
+  end
+
+  context "using a subject as the starting point" do
+    it "lists Alfred's document as one of his writeable documents" do
+      @alfreds.write_users.count.should == 1
+    end
+
+    it "grant read access on Alfred's document to Bruce" do
+      Granted::Grant.destroy_all
+      expect{
+        @alfreds.grant(:read).to(@bruce)
+      }.to change(@alfreds.read_users, :count).from(0).to(1)
+    end
+
+    it "grant all access on Alfred's document to Bruce" do
+      Granted::Grant.destroy_all
+      expect{
+        @alfreds.grant(:read, :write, :destroy).to(@bruce)
+      }.to change(Grant, :count).from(0).to(3)
+    end
+
+    it "revoke write access on Alfred's document from Alfred" do
+      expect{
+        @alfreds.revoke(:write).from(@alfred)
+      }.to change(@alfreds.write_users, :count).from(1).to(0)
+    end
+
+    it "returns Alfreds only once even though he has multiple rights" do
+      Granted::DestroyGrant.create(subject: @alfreds, grantee: @alfred)
+      @alfreds.grants.count.should == 2
+      @alfreds.all_users.count.should == 1
+    end
+  end
+
+  context "granting/revoking rights: rails association style" do
+    it "adds a grant via subject's <<" do
+      expect{
+        @bruces.read_users << @alfred
+        @bruces.save!
+      }.to change(@alfred.readable_documents, :count).from(0).to(1)
+    end
+
+    it "adds a grant via grantee's <<" do
+      expect{
+        @alfred.readable_documents << @bruces
+        @alfred.save!
+      }.to change(@bruces.read_users, :count).by(1)
+    end
+  end
+
+  context "removing grant objects" do
+   it "when subject is deleted" do
+     expect{
+       @alfreds.destroy
+     }.to change(Grant, :count).by(-1)
+   end
+
+   it "when grantee is deleted" do
+    expect{
+      @alfred.destroy
+    }.to change(Grant, :count).by(-1)
+   end
+  end
+end