has_roles 0.0.2

data/CHANGELOG

@@ -0,0 +1,19 @@
+*SVN*
+
+*0.0.2* (September 26th, 2007)
+
+* Fix role_assignments unique index having too long a name
+
+* Add workaround for old sqlite versions that can't handle :distinct => true
+
+*0.0.1* (September 5th, 2007)
+
+* Add #role_ids and #role_ids=(new_ids) for models
+
+* Added documentation
+
+* Added helper methods for determining authorization within views
+
+* Added unit tests
+
+* Convert dos newlines to unix newlines

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2006-2007 Aaron Pfeifer & Neil Abraham
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,83 @@
+= has_roles
+
++has_roles+ provides simple role management based on controllers/actions.
+
+== Resources
+
+API
+
+* http://api.pluginaweek.org/has_roles
+
+Wiki
+
+* http://wiki.pluginaweek.org/Has_roles
+
+Announcement
+
+* http://www.pluginaweek.org
+
+Source
+
+* http://svn.pluginaweek.org/trunk/plugins/active_record/has/has_roles
+
+Development
+
+* http://dev.pluginaweek.org/browser/trunk/plugins/active_record/has/has_roles
+
+== Description
+
+One of the easiest and most straightforward techniques for adding role management
+and authorization to specific parts of your application is restricting usage on
+controller/action-basis.  Each role defined in your system is mapped to one or
+more permissions.  Each permission is a combination of a controller and action.
+
+== Usage
+
+=== Checking a user's authorization
+
+Below is an example of checking a user's authorization for a url before display
+information:
+
+app/views/layouts/application.rhtml:
+
+  <% if authorized_for?(:controller => 'admin/users') -%>
+  <p>Read to start administering your website?</p>
+  <% end -%>
+
+=== Global authorization
+
+You can define a global permission that will add access for all controllers by
+defining a controller with the path 'application'.  See the test fixtures for
+more information.
+
+=== Running migrations
+
+To migrate the tables required for this plugin, you can either run the
+migration from the command line like so:
+
+  rake db:migrate:plugins PLUGIN=has_roles
+
+or (more ideally) generate a migration file that will integrate into your main
+application's migration path:
+
+  ruby script/generate plugin_migration has_roles
+
+== Testing
+
+Before you can run any tests, the following gems must be installed:
+* plugin_test_helper[http://wiki.pluginaweek.org/Plugin_test_helper]
+* dry_validity_assertions[http://wiki.pluginaweek.org/Dry_validity_assertions]
+
+== Dependencies
+
+This plugin is a plugin+.  That means that it contains a slice of an
+application, such as models and migrations.  To test or use a plugin+, you
+must have the following plugins/gems installed:
+* plugin_dependencies[http://wiki.pluginaweek.org/Plugin_dependencies]
+* loaded_plugins[http://wiki.pluginaweek.org/Loaded_plugins]
+* appable_plugins[http://wiki.pluginaweek.org/Appable_plugins]
+* plugin_migrations[http://wiki.pluginaweek.org/Plugin_migrations]
+
+Instead of installing each individual plugin+ feature, you can install them all
+at once using the plugins+[http://wiki.pluginaweek.org/Plugins_plus] meta package,
+which contains all additional features.

data/Rakefile

@@ -0,0 +1,79 @@
+require 'rake/testtask'
+require 'rake/rdoctask'
+require 'rake/gempackagetask'
+require 'rake/contrib/sshpublisher'
+
+PKG_NAME           = 'has_roles'
+PKG_VERSION        = '0.0.2'
+PKG_FILE_NAME      = "#{PKG_NAME}-#{PKG_VERSION}"
+RUBY_FORGE_PROJECT = 'pluginaweek'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test the has_roles plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for the has_roles plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'HasRoles'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+spec = Gem::Specification.new do |s|
+  s.name            = PKG_NAME
+  s.version         = PKG_VERSION
+  s.platform        = Gem::Platform::RUBY
+  s.summary         = 'Provides simple role management based on controllers/actions'
+  
+  s.files           = FileList['{app,db,lib,test}/**/*'].to_a + %w(CHANGELOG init.rb MIT-LICENSE Rakefile README)
+  s.require_path    = 'lib'
+  s.autorequire     = 'has_roles'
+  s.has_rdoc        = true
+  s.test_files      = Dir['test/**/*_test.rb']
+  
+  s.author          = 'Aaron Pfeifer, Neil Abraham'
+  s.email           = 'info@pluginaweek.org'
+  s.homepage        = 'http://www.pluginaweek.org'
+end
+  
+Rake::GemPackageTask.new(spec) do |p|
+  p.gem_spec = spec
+  p.need_tar = true
+  p.need_zip = true
+end
+
+desc 'Publish the beta gem'
+task :pgem => [:package] do
+  Rake::SshFilePublisher.new('pluginaweek@pluginaweek.org', '/home/pluginaweek/gems.pluginaweek.org/gems', 'pkg', "#{PKG_FILE_NAME}.gem").upload
+end
+
+desc 'Publish the API documentation'
+task :pdoc => [:rdoc] do
+  Rake::SshDirPublisher.new('pluginaweek@pluginaweek.org', "/home/pluginaweek/api.pluginaweek.org/#{PKG_NAME}", 'rdoc').upload
+end
+
+desc 'Publish the API docs and gem'
+task :publish => [:pdoc, :release]
+
+desc 'Publish the release files to RubyForge.'
+task :release => [:gem, :package] do
+  require 'rubyforge'
+  
+  ruby_forge = RubyForge.new
+  ruby_forge.login
+
+  %w( gem tgz zip ).each do |ext|
+    file = "pkg/#{PKG_FILE_NAME}.#{ext}"
+    puts "Releasing #{File.basename(file)}..."
+    
+    ruby_forge.add_release(RUBY_FORGE_PROJECT, PKG_NAME, PKG_VERSION, file)
+  end
+end

data/app/models/controller.rb

@@ -0,0 +1,82 @@
+# Represents the name of a controller in the application.  The path of the controller
+# includes its namespace, if any.  For example:
+# 
+#   users       # => UsersController
+#   admin/users # => Admin::UsersController
+class Controller < ActiveRecord::Base
+  has_many  :permissions,
+              :dependent => :destroy
+  
+  validates_presence_of   :path
+  validates_format_of     :path,
+                            :with => /^[a-z]+(\/[a-z]+)*$/i,
+                            :allow_nil => true
+  validates_uniqueness_of :path,
+                            :allow_nil => true
+  
+  class << self
+    # Finds all of the permissioned controllers and maps/orders them by parent
+    def find_all_mapped_by_parent
+      controllers_by_parent = Controller.find(:all).inject(ActiveSupport::OrderedHash.new) do |controllers, controller|
+        controller.klass.parents.each {|parent| controllers[parent] ||= []}
+        controllers[controller.klass.parent] << controller
+        controllers
+      end
+      
+      # Sort all the controllers within each parent alphabetically
+      controllers_by_parent.each do |parent, controllers|
+        controllers.sort! do |c1, c2|
+          c1.name <=> c2.name
+        end
+      end
+      
+      # Sort the parents (first by closest to Object, then alphabetically)
+      controllers_by_parent.sort! do |c1, c2|
+        if c1.first == Object
+          -1
+        elsif c2.first == Object
+          1
+        else
+          c1.first.name <=> c2.first.name
+        end
+      end
+    end
+    
+    # Parses the controller path and action from the given options
+    def recognize_path(options = '')
+      options = ActionController::Routing::Routes.recognize_path(URI.parse(options).path) if options.is_a?(String)
+      controller_path, action = options[:controller], options[:action]
+      controller_path = controller_path.controller_path if controller_path.is_a?(Class)
+      
+      return controller_path, action ? action.to_s : 'index'
+    end
+  end
+  
+  # Returns the class that this controller represents
+  def klass
+    @klass ||= "#{path.camelize}Controller".constantize
+  end
+  
+  # The humanized name of this controller.  This will not include the parent's name.
+  def name
+    @name ||= klass.controller_name.titleize
+  end
+  
+  # Possible paths that can match this controller.  This includes paths from all
+  # superclasses up to ApplicationController.
+  def possible_path_matches
+    klass.ancestors.select {|c| Class === c && c < ActionController::Base}.map(&:controller_path)
+  end
+  
+  # Is this a global controller?  If a user has a permission on the global
+  # controller, then he has permissions on all controllers.  At least one user
+  # in the system should have global access.
+  def global?
+    path == 'application'
+  end
+  
+  # Returns the name of the controller
+  def to_s #:nodoc
+    name
+  end
+end

data/app/models/permission.rb

@@ -0,0 +1,44 @@
+# A permission defines access to a single part of an application, restricted by
+# both controller and action specifications.
+# 
+# Permissions can be application-, controller-, or action-specific.  Permissions
+# using the +application+ controller are global.  Permissions without any +action+
+# specified are controller-specific.  Permissions with both +controller+ and
+# +action+ specified are action-specific.
+class Permission < ActiveRecord::Base
+  belongs_to              :controller
+  has_and_belongs_to_many :roles
+  
+  validates_presence_of   :controller_id
+  validates_length_of     :action,
+                            :minimum => 1,
+                            :allow_nil => true
+  validates_uniqueness_of :action,
+                            :scope => :controller_id,
+                            :allow_nil => true
+  
+  class << self
+    # Is there a permission that exists which restricts the given url?.  See
+    # <tt>Controller#recognize_path</tt> for possible options.
+    def restricts?(options = '')
+      controller_path, action = Controller.recognize_path(options)
+      count(
+        :include => :controller,
+        :conditions => ['path = ? AND (action IS NULL OR action = ?)', controller_path, action],
+        :distinct => true # TODO: Workaround for old sqlite versions until Rails 1.2
+      ) > 0
+    end
+    
+    # Finds all permissions that are authorized for the given url.  See
+    # <tt>Controller#recognize_path</tt> for possible options.
+    def find_all_authorized_for(options = '')
+      controller_path, action = Controller.recognize_path(options)
+      controller = Controller.new(:path => controller_path)
+      
+      find(:all,
+        :include => :controller,
+        :conditions => ['path IN (?) AND (action IS NULL OR action = ?)', controller.possible_path_matches, action]
+      )
+    end
+  end
+end

data/app/models/role.rb

@@ -0,0 +1,30 @@
+# A role defines a group of users in the system who are able to access a
+# collection of features in the application.  Examples of roles could be
+# 'Administrator', 'Developer', or 'Guest'.
+class Role < ActiveRecord::Base
+  has_and_belongs_to_many :permissions
+  has_many                :assignments,
+                            :class_name => 'RoleAssignment',
+                            :dependent => true
+  
+  validates_presence_of   :name
+  validates_uniqueness_of :name,
+                            :allow_nil => true
+  
+  class << self
+    # Finds all roles that are authorized for the given url
+    def find_all_authorized_for(options = '')
+      controller_path, action = Controller.recognize_path(options)
+      controller = Controller.new(:path => controller_path)
+      
+      find(:all,
+        :include => {:permissions => :controller},
+        :conditions => ['path IN (?) AND (action IS NULL OR action = ?)', controller.possible_path_matches, action]
+      )
+    end
+  end
+  
+  def to_s #:nodoc
+    name
+  end
+end

data/app/models/role_assignment.rb

@@ -0,0 +1,10 @@
+# Represents an assignment of a role to a user (assignee) in the system
+class RoleAssignment < ActiveRecord::Base
+  belongs_to  :role
+  belongs_to  :assignee,
+                :polymorphic => true
+  
+  validates_presence_of :role_id,
+                        :assignee_id,
+                        :assignee_type
+end

data/db/migrate/001_create_controllers.rb

@@ -0,0 +1,13 @@
+class CreateControllers < ActiveRecord::Migration
+  def self.up
+    create_table :controllers do |t|
+      t.column :path, :string, :null => false
+      t.column :description, :text
+    end
+    add_index :controllers, :path, :unique => true
+  end
+
+  def self.down
+    drop_table :controllers
+  end
+end

data/db/migrate/002_create_permissions.rb

@@ -0,0 +1,13 @@
+class CreatePermissions < ActiveRecord::Migration
+  def self.up
+    create_table :permissions do |t|
+      t.column :controller_id, :integer, :null => false
+      t.column :action, :string
+    end
+    add_index :permissions, [:controller_id, :action], :unique => true
+  end
+
+  def self.down
+    drop_table :permissions
+  end
+end

data/db/migrate/003_create_roles.rb

@@ -0,0 +1,13 @@
+class CreateRoles < ActiveRecord::Migration
+  def self.up
+    create_table :roles do |t|
+      t.column :name, :string, :null => false
+      t.column :description, :text
+    end
+    add_index :roles, :name, :unique => true
+  end
+  
+  def self.down
+    drop_table :roles
+  end
+end

data/db/migrate/004_create_permissions_roles.rb

@@ -0,0 +1,13 @@
+class CreatePermissionsRoles < ActiveRecord::Migration
+  def self.up
+    create_table :permissions_roles, :id => false do |t|
+      t.column :permission_id, :integer, :null => false
+      t.column :role_id, :integer, :null => false
+    end
+    add_index :permissions_roles, [:permission_id, :role_id], :unique => true
+  end
+
+  def self.down
+    drop_table :permissions_roles
+  end
+end

data/db/migrate/005_create_role_assignments.rb

@@ -0,0 +1,14 @@
+class CreateRoleAssignments < ActiveRecord::Migration
+  def self.up
+    create_table :role_assignments do |t|
+      t.column :role_id, :integer, :null => false
+      t.column :assignee_id, :integer, :null => false
+      t.column :assignee_type, :string, :null => false
+    end
+    add_index :role_assignments, [:role_id, :assignee_id, :assignee_type], :unique => true, :name => 'index_role_assignments_on_role_and_assignee'
+  end
+
+  def self.down
+    drop_table :role_assignments
+  end
+end

data/init.rb

@@ -0,0 +1 @@
+require 'has_roles'

data/lib/has_roles.rb

@@ -0,0 +1,65 @@
+require 'has_roles/authorization_helper'
+
+module PluginAWeek #:nodoc:
+  module Has #:nodoc:
+    # Provides dead simple role management
+    module Roles
+      def self.included(base) #:nodoc:
+        base.extend(MacroMethods)
+      end
+      
+      module MacroMethods
+        # Indicates that the model has roles
+        def has_roles
+          has_many  :role_assignments,
+                      :class_name => 'RoleAssignment',
+                      :as => :assignee,
+                      :dependent => :destroy
+          has_many  :roles,
+                      :through => :role_assignments
+          
+          include PluginAWeek::Has::Roles::InstanceMethods
+        end
+      end
+      
+      module InstanceMethods
+        # Checks whether this user is authorized to access the given url.
+        # Caching of authorizations is baked into the method.  So long as the
+        # same user object is used, an authorization for the same path will be
+        # cached and returned.
+        # 
+        # See <tt>Controller#recognize_path</tt> for more information about the possible
+        # options that can be used.
+        def authorized_for?(options = '')
+          @authorizations ||= {}
+          
+          controller_path, action = Controller.recognize_path(options)
+          options = {:controller => controller_path, :action => action}
+          @authorizations["#{controller_path}/#{action}"] ||= Permission.restricts?(options) ? roles.find_all_authorized_for(options).any? : true
+        end
+        
+        # Gets the ids of all roles associated with this user
+        def role_ids
+          roles.map(&:id)
+        end
+        
+        # Sets the topics to associate with this fact.
+        def role_ids=(ids)
+          removed_ids = role_ids - ids
+          new_ids = ids - role_ids
+          
+          transaction do
+            role_assignments.delete(role_assignments.select {|assignment| removed_ids.include?(assignment.role_id)})
+            new_ids.each {|id| role_assignments.create!(:role_id => id)}
+          end
+          
+          roles.reload
+        end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.class_eval do
+  include PluginAWeek::Has::Roles
+end

data/lib/has_roles/authorization_helper.rb

@@ -0,0 +1,56 @@
+module PluginAWeek #:nodoc:
+  module Has #:nodoc:
+    module Roles
+      # Provides helper methods for determining whether users are authorized
+      # for a given url.
+      # 
+      # In order to determine who the current user is, the helper methods
+      # assume that a +current_user+ helper has been defined.  If this method
+      # is not already defined, it will assume that the current user is stored
+      # in the session as <tt>session['user']</tt>.  If your application implements
+      # this differently, you can override it like so:
+      # 
+      #   module ApplicationHelper
+      #     def current_user
+      #       session['user_id'] ? User.find(session['user_id']) : nil
+      #     end
+      #   end
+      module AuthorizationHelper
+        def self.included(base) #:nodoc:
+          unless base.instance_methods.include?('current_user')
+            base.class_eval do
+              def current_user
+                session['user']
+              end
+            end
+          end
+        end
+        
+        # Check if the user is authorized for the url specified by the given options.
+        # See <tt>Controller#recognize_path</tt> for a description of the possible
+        # options that can be passed in.
+        def authorized_for?(options = {})
+          current_user && current_user.authorized_for?(options)
+        end
+        
+        # Only link to the url if the user is authorized to access it.  In
+        # addition to the options normally available in +link_to+, the following
+        # options can be specified:
+        # * +show_text+ - If set to true, will only display the text if the user is not authorized for the link. (Default is +false+).
+        def link_to_if_authorized(name, options = {}, html_options = {}, *parameters_for_method_reference, &block)
+          text_on_no_authorization = html_options.delete(:show_text) ? name : ''
+          
+          if authorized_for?(options)
+            link_to name, options, html_options, *parameters_for_method_reference, &block
+          else
+            text_on_no_authorization
+          end
+        end
+      end
+    end
+  end
+end
+
+ActionController::Base.class_eval do
+  helper PluginAWeek::Has::Roles::AuthorizationHelper
+end

data/test/app_root/app/controllers/admin/users_controller.rb

@@ -0,0 +1,2 @@
+class Admin::UsersController < ApplicationController
+end

data/test/app_root/app/controllers/home_controller.rb

@@ -0,0 +1,2 @@
+class HomeController < ApplicationController
+end

data/test/app_root/app/controllers/payment/pay_pal/transactions_controller.rb

@@ -0,0 +1,2 @@
+class Payment::PayPal::TransactionsController < Payment::TransactionsController
+end

data/test/app_root/app/controllers/payment/transactions_controller.rb

@@ -0,0 +1,2 @@
+class Payment::TransactionsController < ApplicationController
+end

data/test/app_root/app/controllers/users_controller.rb

@@ -0,0 +1,2 @@
+class UsersController < ApplicationController
+end

data/test/app_root/app/models/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  has_roles
+end

data/test/app_root/config/environment.rb

@@ -0,0 +1,25 @@
+require 'config/boot'
+
+$:.unshift("#{RAILS_ROOT}/../../../../../rails/plugin_dependencies/lib")
+begin
+  require 'plugin_dependencies'
+rescue Exception => e
+end
+
+Rails::Initializer.run do |config|
+  config.plugin_paths.concat([
+    "#{RAILS_ROOT}/../../..",
+    "#{RAILS_ROOT}/../../../../migrations",
+    "#{RAILS_ROOT}/../../../../../rails",
+    "#{RAILS_ROOT}/../../../../../test"
+  ])
+  config.plugins = [
+    'loaded_plugins',
+    'appable_plugins',
+    'plugin_migrations',
+    File.basename(File.expand_path("#{RAILS_ROOT}/../..")),
+    'dry_validity_assertions'
+  ]
+  config.cache_classes = false
+  config.whiny_nils = true
+end

data/test/app_root/config/routes.rb

@@ -0,0 +1,3 @@
+ActionController::Routing::Routes.draw do |map|
+  map.connect ':controller/:action/:id'
+end

data/test/app_root/db/migrate/001_create_users.rb

@@ -0,0 +1,11 @@
+class CreateUsers < ActiveRecord::Migration
+  def self.up
+    create_table :users do |t|
+      t.column :login, :string, :null => false
+    end
+  end
+
+  def self.down
+    drop_table :users
+  end
+end

data/test/fixtures/controllers.yml

@@ -0,0 +1,19 @@
+application:
+  id: 1
+  path: application
+  
+users:
+  id: 2
+  path: users
+  
+admin_users:
+  id: 3
+  path: admin/users
+  
+payment_transactions:
+  id: 4
+  path: payment/transactions
+  
+payment_pay_pal_transactions:
+  id: 5
+  path: payment/pay_pal/transactions

data/test/fixtures/permissions.yml

@@ -0,0 +1,27 @@
+crud_application:
+  id: 1
+  controller_id: 1
+  
+read_application:
+  id: 2
+  controller_id: 1
+  action: index
+  
+read_users:
+  id: 3
+  controller_id: 2
+  action: index
+  
+update_users:
+  id: 4
+  controller_id: 2
+  action: update
+  
+crud_admin_users:
+  id: 5
+  controller_id: 3
+  
+create_pay_pal_payment_transactions:
+  id: 6
+  controller_id: 5
+  action: create

data/test/fixtures/permissions_roles.yml

@@ -0,0 +1,15 @@
+administrator_crud_application:
+  role_id: 1
+  permission_id: 1
+  
+moderator_crud_admin_users:
+  role_id: 2
+  permission_id: 5
+  
+guest_read_application:
+  role_id: 3
+  permission_id: 2
+  
+guest_create_pay_pal_payment_transactions:
+  role_id: 3
+  permission_id: 6

data/test/fixtures/role_assignments.yml

@@ -0,0 +1,17 @@
+administrator:
+  id: 1
+  role_id: 1
+  assignee_id: 1
+  assignee_type: User
+  
+moderator:
+  id: 2
+  role_id: 2
+  assignee_id: 2
+  assignee_type: User
+  
+guest:
+  id: 3
+  role_id: 3
+  assignee_id: 3
+  assignee_type: User

data/test/fixtures/roles.yml

@@ -0,0 +1,11 @@
+administrator:
+  id: 1
+  name: Administrator
+  
+moderator:
+  id: 2
+  name: Moderator
+  
+guest:
+  id: 3
+  name: Guest

data/test/fixtures/users.yml

@@ -0,0 +1,11 @@
+administrator:
+  id: 1
+  login: admin
+  
+moderator:
+  id: 2
+  login: moderator
+  
+guest:
+  id: 3
+  login: guest

data/test/test_helper.rb

@@ -0,0 +1,9 @@
+# Load the plugin testing framework
+$:.unshift("#{File.dirname(__FILE__)}/../../../../test/plugin_test_helper/lib")
+require 'rubygems'
+require 'plugin_test_helper'
+
+PluginAWeek::PluginMigrations.migrate('has_roles')
+
+# Run the migrations
+ActiveRecord::Migrator.migrate("#{RAILS_ROOT}/db/migrate")

data/test/unit/authorization_helper_test.rb

@@ -0,0 +1,40 @@
+require "#{File.dirname(__FILE__)}/../test_helper"
+
+class AuthorizationHelperTest < Test::Unit::TestCase
+  include ActionView::Helpers::TagHelper
+  include ActionView::Helpers::UrlHelper
+  include PluginAWeek::Has::Roles::AuthorizationHelper
+  
+  fixtures :controllers, :permissions, :roles, :permissions_roles, :users, :role_assignments
+  
+  def setup
+    @controller = HomeController.new
+    @controller.request = ActionController::TestRequest.new
+    @controller.instance_eval {@_params = request.path_parameters}
+    @controller.send(:initialize_current_url)
+  end
+  
+  def current_user
+    users(:guest)
+  end
+  
+  def test_should_be_authorized_if_user_has_proper_permissions
+    assert authorized_for?('/users/index')
+  end
+  
+  def test_should_not_be_authorized_if_user_doesnt_have_proper_permissions
+    assert !authorized_for?('/admin/users/destroy')
+  end
+  
+  def test_should_link_to_nothing_if_not_authorized_and_not_showing_text
+    assert_equal '', link_to_if_authorized('Destroy User', '/admin/users/destroy', :show_text => false)
+  end
+  
+  def test_should_display_text_if_not_authorized_and_showing_text
+    assert_equal 'Destroy User', link_to_if_authorized('Destroy User', '/admin/users/destroy', :show_text => true)
+  end
+  
+  def test_should_link_to_url_if_authorized
+    assert_equal '<a href="/users">Destroy User</a>', link_to_if_authorized('Destroy User', {:controller => 'users', :action => 'index'}, :show_text => false)
+  end
+end

data/test/unit/controller_test.rb

@@ -0,0 +1,95 @@
+require "#{File.dirname(__FILE__)}/../test_helper"
+
+class ControllerTest < Test::Unit::TestCase
+  fixtures :controllers, :permissions
+  
+  def test_should_be_valid
+    assert_valid controllers(:users)
+  end
+  
+  def test_should_require_path
+    assert_invalid controllers(:users), :path, nil, ''
+  end
+  
+  def test_should_require_specific_format_for_paths
+    assert_invalid controllers(:users), :path, '/users', '//users', 'users/', 'admin//users', '1'
+  end
+  
+  def test_should_require_unique_path
+    assert_invalid controllers(:users).clone, :path
+  end
+  
+  def test_should_have_associated_permissions
+    assert_equal [permissions(:read_users), permissions(:update_users)], controllers(:users).permissions
+  end
+  
+  def test_should_destroy_associated_permissions_when_destroyed
+    controllers(:users).destroy
+    assert_nil Permission.find_by_controller_id(2)
+  end
+  
+  def test_should_use_path_for_klass
+    assert_equal UsersController, controllers(:users).klass
+  end
+  
+  def test_should_use_namespaced_path_for_klass
+    assert_equal Admin::UsersController, controllers(:admin_users).klass
+  end
+  
+  def test_should_use_controller_name_for_name_if_controller_is_not_namespaced
+    assert_equal 'Users', controllers(:users).name
+  end
+  
+  def test_should_use_demodulized_controller_name_for_name_if_controller_is_namespaced
+    assert_equal 'Users', controllers(:admin_users).name
+  end
+  
+  def test_possible_path_matches_should_include_all_superclasses_except_base_controller
+    assert_equal %w(users application), controllers(:users).possible_path_matches
+    assert_equal %w(admin/users application), controllers(:admin_users).possible_path_matches
+    assert_equal %w(payment/pay_pal/transactions payment/transactions application), controllers(:payment_pay_pal_transactions).possible_path_matches
+  end
+  
+  def test_should_be_global_if_path_is_application
+    assert controllers(:application).global?
+  end
+  
+  def test_should_not_be_global_if_path_is_not_application
+    assert !controllers(:users).global?
+    assert !controllers(:admin_users).global?
+  end
+  
+  def test_stringification_should_use_name
+    assert_equal 'Users', controllers(:users).to_s
+  end
+  
+  def test_should_map_parents_for_all_controllers
+    expected = [
+      [Object, [controllers(:application), controllers(:users)]],
+      [Admin, [controllers(:admin_users)]],
+      [Payment, [controllers(:payment_transactions)]],
+      [Payment::PayPal, [controllers(:payment_pay_pal_transactions)]]
+    ]
+    assert_equal expected, Controller.find_all_mapped_by_parent
+  end
+  
+  def test_should_recognize_path_by_string
+    assert_equal ['users', 'index'], Controller.recognize_path('/users')
+  end
+  
+  def test_should_recognize_namespaced_path_by_string
+    assert_equal ['admin/users', 'update'], Controller.recognize_path('/admin/users/update')
+  end
+  
+  def test_should_recognize_path_by_hash
+    assert_equal ['users', 'index'], Controller.recognize_path(:controller => 'users', :action => 'index')
+  end
+  
+  def test_should_recognize_namespaced_path_by_hash
+    assert_equal ['admin/users', 'update'], Controller.recognize_path(:controller => 'admin/users', :action => 'update', :id => 1)
+  end
+  
+  def test_should_recognize_path_if_action_not_specified
+    assert_equal ['users', 'index'], Controller.recognize_path(:controller => 'users')
+  end
+end

data/test/unit/has_roles_test.rb

@@ -0,0 +1,49 @@
+require "#{File.dirname(__FILE__)}/../test_helper"
+
+class HasRolesTest < Test::Unit::TestCase
+  fixtures :controllers, :permissions, :roles, :permissions_roles, :users, :role_assignments
+  
+  def test_should_have_role_assignments_association
+    assert_equal [role_assignments(:administrator)], users(:administrator).role_assignments
+  end
+  
+  def test_should_destroy_role_assignments_when_destroyed
+    users(:administrator).destroy
+    assert_nil RoleAssignment.find_by_assignee_id(1)
+  end
+  
+  def test_should_have_roles_association
+    assert_equal [roles(:administrator)], users(:administrator).roles
+  end
+  
+  def test_should_be_authorized_if_user_has_proper_permissions
+    assert users(:guest).authorized_for?('/users/index')
+  end
+  
+  def test_should_not_be_authorized_if_user_doesnt_have_proper_permissions
+    assert !users(:guest).authorized_for?('/admin/users/destroy')
+  end
+  
+  def test_roles_ids_should_map_all_ids
+    assert_equal [1], users(:administrator).role_ids
+  end
+  
+
+  def test_should_destroy_old_roles_when_replaced
+    user = users(:administrator)
+    user.role_ids = []
+    assert_equal [], user.roles
+  end
+  
+  def test_should_add_new_roles_when_replaced
+    user = users(:administrator)
+    user.role_ids = [1, 2]
+    assert_equal [roles(:administrator), roles(:moderator)], user.roles
+  end
+  
+  def test_should_destroy_old_roles_and_add_new_roles_when_replaced
+    user = users(:administrator)
+    user.role_ids = [2]
+    assert_equal [roles(:moderator)], user.roles
+  end
+end

data/test/unit/permission_test.rb

@@ -0,0 +1,53 @@
+require "#{File.dirname(__FILE__)}/../test_helper"
+
+class PermissionTest < Test::Unit::TestCase
+  fixtures :controllers, :permissions, :roles, :permissions_roles
+  
+  def test_should_be_valid
+    assert_valid permissions(:crud_application)
+  end
+  
+  def test_should_require_controller_id
+    assert_invalid permissions(:crud_application), :controller_id, nil
+  end
+  
+  def test_should_require_unique_action_per_controller
+    assert_invalid permissions(:read_application).clone, :action
+  end
+  
+  def test_should_not_require_action
+    assert_valid permissions(:crud_application), :action, nil, 'show', 'update'
+  end
+  
+  def test_should_require_specific_action_length_if_action_specified
+    assert_invalid permissions(:crud_application), :action, ''
+  end
+  
+  def test_should_have_controller_association
+    assert_equal controllers(:application), permissions(:crud_application).controller
+  end
+  
+  def test_should_have_roles_association
+    assert_equal [roles(:administrator)], permissions(:crud_application).roles
+  end
+  
+  def test_should_restrict_path_if_permissioned_action_exists
+    assert Permission.restricts?('/users/index')
+  end
+  
+  def test_should_restrict_path_if_permissioned_controller_exists
+    assert Permission.restricts?('/admin/users')
+  end
+  
+  def test_should_not_restrict_path_if_permissioned_action_doesnt_exist
+    assert !Permission.restricts?(:controller => 'home', :action => 'index')
+  end
+  
+  def test_should_not_restrict_path_if_permissioned_controller_doesnt_exist
+    assert !Permission.restricts?(:controller => 'home')
+  end
+  
+  def test_should_find_all_permissions_authorized_for_path
+    assert_equal [permissions(:crud_application), permissions(:read_application), permissions(:read_users)], Permission.find_all_authorized_for('/users/index')
+  end
+end

data/test/unit/role_assignment_test.rb

@@ -0,0 +1,29 @@
+require "#{File.dirname(__FILE__)}/../test_helper"
+
+class RoleAssignmentTest < Test::Unit::TestCase
+  fixtures :roles, :users, :role_assignments
+  
+  def test_should_be_valid
+    assert_valid role_assignments(:administrator)
+  end
+  
+  def test_should_require_role_id
+    assert_invalid role_assignments(:administrator), :role_id, nil
+  end
+  
+  def test_should_require_assignee_id
+    assert_invalid role_assignments(:administrator), :assignee_id, nil
+  end
+  
+  def test_should_require_assignee_type
+    assert_invalid role_assignments(:administrator), :assignee_type, nil
+  end
+  
+  def test_should_have_role_association
+    assert_equal roles(:administrator), role_assignments(:administrator).role
+  end
+  
+  def test_should_have_assignee_association
+    assert_equal users(:administrator), role_assignments(:administrator).assignee
+  end
+end

data/test/unit/role_test.rb

@@ -0,0 +1,38 @@
+require "#{File.dirname(__FILE__)}/../test_helper"
+
+class RoleTest < Test::Unit::TestCase
+  fixtures :controllers, :permissions, :roles, :permissions_roles, :users, :role_assignments
+  
+  def test_should_be_valid
+    assert_valid roles(:administrator)
+  end
+  
+  def test_should_require_name
+    assert_invalid roles(:administrator), :name, nil, ''
+  end
+  
+  def test_should_require_unique_name
+    assert_invalid roles(:administrator).clone, :name
+  end
+  
+  def test_should_have_permissions_association
+    assert_equal [permissions(:crud_application)], roles(:administrator).permissions
+  end
+  
+  def test_should_have_assignments_association
+    assert_equal [role_assignments(:administrator)], roles(:administrator).assignments
+  end
+  
+  def test_should_destroy_assignments_when_destroyed
+    roles(:administrator).destroy
+    assert_nil RoleAssignment.find_by_role_id(1)
+  end
+  
+  def test_should_use_name_for_strinigification
+    assert_equal 'Administrator', roles(:administrator).to_s
+  end
+  
+  def test_should_find_all_roles_authorized_for_path
+    assert_equal [roles(:administrator), roles(:guest)], Role.find_all_authorized_for('/users/index')
+  end
+end

metadata

@@ -0,0 +1,103 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.9.4
+specification_version: 1
+name: has_roles
+version: !ruby/object:Gem::Version 
+  version: 0.0.2
+date: 2007-09-26 00:00:00 -04:00
+summary: Provides simple role management based on controllers/actions
+require_paths: 
+- lib
+email: info@pluginaweek.org
+homepage: http://www.pluginaweek.org
+rubyforge_project: 
+description: 
+autorequire: has_roles
+default_executable: 
+bindir: bin
+has_rdoc: true
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      version: 0.0.0
+  version: 
+platform: ruby
+signing_key: 
+cert_chain: 
+post_install_message: 
+authors: 
+- Aaron Pfeifer, Neil Abraham
+files: 
+- app/models
+- app/models/role.rb
+- app/models/controller.rb
+- app/models/role_assignment.rb
+- app/models/permission.rb
+- db/migrate
+- db/migrate/003_create_roles.rb
+- db/migrate/004_create_permissions_roles.rb
+- db/migrate/001_create_controllers.rb
+- db/migrate/005_create_role_assignments.rb
+- db/migrate/002_create_permissions.rb
+- lib/has_roles.rb
+- lib/has_roles
+- lib/has_roles/authorization_helper.rb
+- test/test_helper.rb
+- test/fixtures
+- test/app_root
+- test/unit
+- test/fixtures/controllers.yml
+- test/fixtures/users.yml
+- test/fixtures/role_assignments.yml
+- test/fixtures/permissions.yml
+- test/fixtures/permissions_roles.yml
+- test/fixtures/roles.yml
+- test/app_root/config
+- test/app_root/app
+- test/app_root/db
+- test/app_root/config/routes.rb
+- test/app_root/config/environment.rb
+- test/app_root/app/models
+- test/app_root/app/controllers
+- test/app_root/app/models/user.rb
+- test/app_root/app/controllers/payment
+- test/app_root/app/controllers/users_controller.rb
+- test/app_root/app/controllers/admin
+- test/app_root/app/controllers/home_controller.rb
+- test/app_root/app/controllers/payment/pay_pal
+- test/app_root/app/controllers/payment/transactions_controller.rb
+- test/app_root/app/controllers/payment/pay_pal/transactions_controller.rb
+- test/app_root/app/controllers/admin/users_controller.rb
+- test/app_root/db/migrate
+- test/app_root/db/migrate/001_create_users.rb
+- test/unit/role_test.rb
+- test/unit/permission_test.rb
+- test/unit/role_assignment_test.rb
+- test/unit/has_roles_test.rb
+- test/unit/controller_test.rb
+- test/unit/authorization_helper_test.rb
+- CHANGELOG
+- init.rb
+- MIT-LICENSE
+- Rakefile
+- README
+test_files: 
+- test/unit/role_test.rb
+- test/unit/permission_test.rb
+- test/unit/role_assignment_test.rb
+- test/unit/has_roles_test.rb
+- test/unit/controller_test.rb
+- test/unit/authorization_helper_test.rb
+rdoc_options: []
+
+extra_rdoc_files: []
+
+executables: []
+
+extensions: []
+
+requirements: []
+
+dependencies: []
+