guachiman 0.1.6 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cf093d276a4515a2f1c3112adddd138ce7bceb49
-  data.tar.gz: b2e0db7423f35752ab8d23a5548bc56501a56bd6
+  metadata.gz: 661a1fd0d6c130c3005dc66cc240c71a6c2454e7
+  data.tar.gz: a23694ba8e7c8bd23f7acbf523f70ee14d8a134f
 SHA512:
-  metadata.gz: cccdb77e8e77682be8fb2ff70468f963c443e236df50229f7221b0cd9cabc97e9351089d87bb0fd6319b5465ad9fa465ba819911d9fc3fa755c1a09eed9770c6
-  data.tar.gz: 37c4a59caceb7b68a8dabf9a97ae4bafce9d6acc5cd51a871612a497ca5165b7429e8c6e92c6e544da5e83b4c6d1aa555dcdc7660aedde5dbf7d2ea72275cd56
+  metadata.gz: f28b8f640aa087a664fc75ba082c3ebbdf48efaea481397d3294aa974017c1a7919746abaf6cf0426689a145f9b6406e7c99282cf2998b2834e7ac8b56b88de0
+  data.tar.gz: 981660b65337eaf03b9ac3d9f48e675d32024d8418778186b2f74ecf8e02f0174c0bb35c03ecbc89f513a267977a06a8b43425951fcff9bc82de64331ae5e9b3

data/README.md

@@ -32,7 +32,7 @@ Run `rails g guachiman:install`
 
 This will generate a `permission.rb` file in `app/models`.
 
-Include `Guachiman::Permissible` in `ApplicationController` and implemente a `current_user` method there.
+Include `Guachiman::Permissible` in `ApplicationController` and implement a `current_user` method there.
 
 ```ruby
 include Guachiman::Permissible
@@ -42,7 +42,7 @@ def current_user
 end
 ```
 
-You can also override these methods to handle failed authorizations:
+You can also override these methods to handle failed authorizations for GET, non-AJAX requests:
 
 ```ruby
 def not_authorized
@@ -55,6 +55,14 @@ def not_signed_in
 end
 ```
 
+And you can also override this method to handle failed non-GET or AJAX requests:
+
+```ruby
+def render_unauthorized
+  render text: "NO", status: :unauthorized
+end
+```
+
 That's it, now you can describe your permissions in this way:
 
 ```ruby
@@ -62,35 +70,33 @@ class Permission
   include Guachiman::Permissions
   include Guachiman::Params
 
-  attr_reader :user, :request
+  attr_reader :current_user, :current_request
 
-  def initialize current_user, current_request
-    @user    = current_user
-    @request = current_request
+  def initialize user, request
+    @current_user    = user
+    @current_request = request
 
-    if user.nil?
+    if current_user.nil?
       guest
-    elsif user.admin?
+    elsif current_user.admin?
       admin
     else
       member
     end
   end
 
-  private
+private
 
   def guest
-    allow :sessions,   [:new, :create, :destroy]
-    allow :identities, [:new, :create]
-    allow :passwords,  [:new, :create]
+    allow :sessions, [:new, :create, :destroy]
+    allow :users,    [:new, :create]
 
     allow_param :user, [:name, :email, :password]
   end
 
   def member
     guest
-    allow :identities, [:show, :edit, :update]
-    allow :passwords,  [:edit, :update]
+    allow :users, [:show, :edit, :update]
   end
 
   def admin
@@ -99,6 +105,72 @@ class Permission
 end
 ```
 
-* `allow` takes a controller params key and an array of actions.
-* `allow_param` takes a model params key and an array of attributes.
-* `allow_all!` is a convinience method to allow all controlles, actions and parameteres.
+* `#allow` takes a **controller** params key or array of keys and an array of **actions**.
+* `#allow_param` takes a **model** params key or array of keys and an array of **attributes**.
+* `#allow_all!` is a convinience method to allow **all** controllers, actions and parameteres.
+
+You can also go a bit further in the way you specify your permissions, if you override `current_resource`:
+
+```ruby
+class OrdersController < ApplicationController
+...
+
+private
+  def current_resource
+    @order ||= params[:id].present? ? Order.find(params[:id]) : Order.new
+  end
+end
+```
+
+The `current_resource` is passed to a block that needs to return a truthy object to allow the action.
+
+```ruby
+def guest
+  allow :sessions, [:new, :create, :destroy]
+  allow :users,    [:new, :create]
+  allow :orders,   [:show, :edit, :update] do |order|
+    order.accessible_by_token? current_request.cookies['cart_token']
+  end
+
+  allow_param :user, [:name, :email, :password]
+end
+
+def member
+  guest
+
+  allow :users,  [:show, :edit, :update] do |user|
+    current_user == user
+  end
+  allow :orders, [:show, :edit, :update] do |order|
+    order.accessible_by_user? user
+  end
+end
+```
+
+You can also be more specific about the param permissions setting them to be read or write.
+
+```ruby
+def member
+  ...
+
+  allow_read_param  :contact, [:name, :phone, :email]
+  allow_write_param :contact, [:name, :phone]
+end
+```
+
+That can also be useful on the views because you get a `current_permission` helper that you can use like this:
+
+```erb
+<%= form_for current_resource do |f| %>
+  <% current_permission.write_allowed_params.each do |p| %>
+    <%= f.text_field p %>
+  <% end %>
+
+  <%= f.submit %>
+<% end %>
+```
+
+License
+-------
+
+MIT

data/lib/generators/guachiman/install/templates/permission.rb

@@ -2,15 +2,15 @@ class Permission
   include Guachiman::Permissions
   include Guachiman::Params
 
-  attr_reader :user, :request
+  attr_reader :current_user, :current_request
 
-  def initialize current_user, current_request
-    @user    = current_user
-    @request = current_request
+  def initialize user, request
+    @current_user    = user
+    @current_request = request
 
-    if user.nil?
+    if current_user.nil?
       guest
-    elsif user.admin?
+    elsif current_user.admin?
       admin
     else
       member

data/lib/guachiman/permissions.rb

@@ -12,11 +12,7 @@ module Guachiman
       end
     end
 
-    def allow_resource controllers, &block
-      allow controllers, [:index, :show, :new, :create, :edit, :update, :destroy]
-    end
-
-    def allow? controller, action, resource = nil
+    def allow? controller, action, resource=nil
       allowed = allow_all || check_allowed_action(controller, action)
       !!allowed && (allowed == true || resource && allowed.call(resource))
     end

data/lib/guachiman/rails/permissible.rb

@@ -6,6 +6,7 @@ module Guachiman
       before_filter :authorize
       helper_method :current_user
       helper_method :current_permission
+      helper_method :current_resource
     end
 
     def current_user
@@ -24,7 +25,7 @@ module Guachiman
       if current_permission.allow? controller_name, action_name, current_resource
         current_permission.permit_params! params
       else
-        if request.get?
+        if request.get? && !request.xhr?
           current_user ? not_authorized : not_signed_in
         else
           render_unauthorized

data/lib/guachiman/version.rb

@@ -1,3 +1,3 @@
 module Guachiman
-  VERSION = '0.1.6'
-end
+  VERSION = '0.2.0'
+end

data/test/generators/install_generator_test.rb

@@ -24,7 +24,7 @@ class InstallGeneratorTest < Rails::Generators::TestCase
       assert_match(/class Permission/, f)
       assert_match(/include Guachiman::Permissions/, f)
       assert_match(/include Guachiman::Params/, f)
-      assert_match(/initialize current_user/, f)
+      assert_match(/initialize user, request/, f)
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: guachiman
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.2.0
 platform: ruby
 authors:
 - Francesco Rodriguez
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-06 00:00:00.000000000 Z
+date: 2013-09-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -154,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.6
+rubygems_version: 2.1.2
 signing_key: 
 specification_version: 4
 summary: Basic authorization library