RubyGems - indulgence - Versions diffs - 0.0.1 - Mend

indulgence 0.0.1

Files changed (27) hide show

data/MIT-LICENSE +20 -0
data/README.rdoc +315 -0
data/Rakefile +13 -0
data/lib/active_record/acts/indulgent.rb +42 -0
data/lib/indulgence.rb +7 -0
data/lib/indulgence/ability.rb +19 -0
data/lib/indulgence/indulgent.rb +27 -0
data/lib/indulgence/permission.rb +104 -0
data/lib/indulgence/version.rb +10 -0
data/test/db/config.yml +17 -0
data/test/db/migrate/20130408085511_create_users.rb +11 -0
data/test/db/migrate/20130408103015_create_roles.rb +8 -0
data/test/db/migrate/20130408132217_create_things.rb +7 -0
data/test/db/schema.rb +36 -0
data/test/db/test.sqlite3.db +0 -0
data/test/lib/role.rb +7 -0
data/test/lib/thing.rb +19 -0
data/test/lib/thing_permission.rb +46 -0
data/test/lib/user.rb +9 -0
data/test/test_helper.rb +9 -0
data/test/units/indulgence/ability_test.rb +36 -0
data/test/units/indulgence/permission_test.rb +15 -0
data/test/units/role_test.rb +16 -0
data/test/units/thing_permission_test.rb +78 -0
data/test/units/thing_test.rb +98 -0
data/test/units/user_test.rb +21 -0
metadata +120 -0

data/MIT-LICENSE ADDED

@@ -0,0 +1,20 @@
+Copyright 2013 Rob Nichols
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc ADDED

@@ -0,0 +1,315 @@
+= Indulgence
+Yet another permissions gem.
+In creating Indulgence I wanted a role based permissions tool that did two main
+things:
+* Determine what permission a user had to do something to an object
+* Filtered a search of objects based on the those permissions
+It was apparent to me that if 'something' was one of the CRUD actions, it would
+cover all the use cases I could think of. So permissions were sub-divided into
+the 'abilities': create, read, update, and delete.
+The other requirement was that the permission for an object could be defined
+succinctly within a single file.
+== Defining indulgent permissions
+Indulgence is added to a class via acts_as_indulgent:
+    class Thing < ActiveRecord::Base
+      acts_as_indulgent
+    end
+Used in this way, permissions need to be defined in an Indulgence::Permission
+object called ThingPermission, with an instance method :default
+    class ThingPermission < Indulgence::Permission
+      def default
+        {
+          create: none,
+          read: all,
+          update: none,
+          delete: none
+        }
+      end
+    end
+This needs to be available to the Thing class. For example, in a rails app, by
+placing it in app/permissions/thing_permission.rb
+== Users and Roles
+Indulgence assumes that permissions will be tested against an entity object
+(e.g. User), that has a role object associated with it, and that each role can
+be uniquely identified by a name method.
+The default behaviour assumes that the entity object has a :role method that
+returns the role object, and that the role object has a :name method. So
+typically, these objects could look like this:
+    class User < ActiveRecord::Base
+      belongs_to :role
+    end
+    class Role < ActiveRecord::Base
+      has_many :users
+      validates :name, :uniqueness => true
+    end
+    role = Role.create(:name => 'pleb')
+    user = User.create(
+      :first_name => 'Joe',
+      :last_name => 'Blogs',
+      :role_id => role.id
+    )
+== indulge?
+Simple true/false permission can be determined using the :indulge? method:
+    thing = Thing.first
+    thing.indulge?(user, :create) == false
+    thing.indulge?(user, :read)   == true
+    thing.indulge?(user, :update) == false
+    thing.indulge?(user, :delete) == false
+== indulgence
+The :indulgence method is used as a where filter:
+    Thing.indulgence(user, :create) --> raises ActiveRecord::RecordNotFound
+    Thing.indulgence(user, :read) == Thing.all
+    Thing.indulgence(user, :update) --> raises ActiveRecord::RecordNotFound
+    Thing.indulgence(user, :delete) --> raises ActiveRecord::RecordNotFound
+So to find all the blue things that the user has permission to read:
+    Thing.indulgence(user, :read).where(:colour => 'blue')
+== Customisation
+=== Adding other roles
+Up until now, all users get the same permissions irrespective of role. Let's
+give Emperors the right to see and do anything by first creating an emperor
+    emperor = Role.create(:name => 'emperor')
+    caesar = User.create(
+      :first_name => 'Julius',
+      :last_name => 'Ceasar',
+      :role_id => emporor.id
+    )
+And then defining what they can do by adding these two methods to ThingPermission:
+    def abilities
+      {
+        emperor: default.merge(emperor)
+      }
+    end
+    def emperor
+      {
+        create: all,
+        update: all,
+        delete: all
+      }
+    end
+This uses a merger of the default abilities so that only the variant abilities
+need to be defined in the emperor method. That is, _read_ is inherited from
+_default_ rather than being defined in _emperor_, as it is already set to *all*.
+abilities is a hash of hashes. The lowest level, associates action names with
+ability objects. The top level associates role names to the lower level ability
+object hashes. The construction is perhaps clearer in the abilities above was
+written like this:
+    def abilities
+      {
+        emperor: {
+          create: all,
+          read:   default[:read],
+          update: all,
+          delete: all
+        }
+      }
+    end
+With this done:
+    thing.indulge?(caesar, :create) == true
+    thing.indulge?(caesar, :read)   == true
+    thing.indulge?(caesar, :update) == true
+    thing.indulge?(caesar, :delete) == true
+    Thing.indulgence(caesar, :create) == Thing.all
+    Thing.indulgence(caesar, :read)   == Thing.all
+    Thing.indulgence(caesar, :update) == Thing.all
+    Thing.indulgence(caesar, :delete) == Thing.all
+=== Adding abilities
+Indulgence has two built in abilities. These are *all* and *none*. These two
+have provided all the functionality described above, but in most real cases
+some more fine tuned ability setting will be needed.
+Let's create an author role, and give authors the ability to create and update
+their own things.
+    author = Role.create(:name => :author)
+Next we need to give author's ownership of things. So we add an :author_id
+attribute to Thing, and a matching :author method:
+    class Thing < ActiveRecord::Base
+      acts_as_indulgent
+      belongs_to :author, :class_name => 'User'
+    end
+Then we need to create an Ability that uses this relationship to determine
+permissions. This can be done by adding this method to ThingPermission:
+  def things_they_wrote
+    define_ability(
+      :name => :things_they_wrote,
+      :truth => lambda {|thing| thing.author_id == entity.id},
+      :where_clause => {:author_id => entity.id}
+    )
+  end
+This will create an Ability object with the following methods:
+[name]          Allows abilities of the same kind to be matched
+[truth]         Used by :indulge?
+[where_clause]  Used by :indulgence
+Note that Indulgence::Permission#entity returns the entity object passed to the
+instance on creation. In this example, that will be the User.
+==== The where clause
+In this example:
+    Thing.indulgence(user, :read) == Thing.where(:author_id => user.id)
+if the :read ability is matched to *things_they_wrote*
+==== truth
+In *all* :truth is simply _true_, and in *none* :truth is _false_.
+For more complex abilities :truth should be a lambda that is passed the object
+being tested, and returns _true_ if permission should be given. Otherwise _false_
+should be returned.
+Once *things_they_wrote* has been defined, we can use it to define a new set
+of abilities:
+    def abilities
+      {
+        emperor: default.merge(emperor),
+        author:  default.merge(author)
+      }
+    end
+    def author
+      {
+        create: things_they_wrote,
+        update: things_they_wrote
+      }
+    end
+With that done:
+    cicero = User.create(
+      :first_name => 'Marcus',
+      :last_name => 'Cicero',
+      :role_id => author.id
+    )
+    thing.author = cicero
+    thing.save
+    thing.indulge?(cicero, :create) == true
+    thing.indulge?(cicero, :read)   == true
+    thing.indulge?(cicero, :update) == true
+    thing.indulge?(cicero, :delete) == false
+    Thing.indulgence(cicero, :create) == [thing]
+    Thing.indulgence(cicero, :read)   == Thing.all
+    Thing.indulgence(cicero, :update) == [thing]
+    Thing.indulgence(cicero, :delete)  --> raises ActiveRecord::RecordNotFound
+=== Alternative Permission Class
+As stated above, the default behaviour is for a Thing class to expect its
+permissions to be defined in ThingPermission. However, you can define an
+alternative class name:
+    acts_as_indulgent :using => PermissionsForThing
+=== Alternative Entity behaviour
+Consider this example:
+    class User < ActiveRecord::Base
+      belongs_to :position
+    end
+    class Position < ActiveRecord::Base
+      has_many :users
+      validates :title, :uniqueness => true
+    end
+There are two ways of dealing with this.
+If only ThingPermission is affected, the attributes that stores the _role_method_
+and _role_name_method_ could be overwritten:
+    class ThingPermission < Indulgence::Permission
+      def self.role_method
+        :position
+      end
+      def self.role_name_method
+        :title
+      end
+      .....
+    end
+Alternatively if all permissions were to be altered the super class Permission
+could be updated (for example in a rails initializer):
+    Indulgence::Permission.role_method = :position
+    Indulgence::Permission.role_name_method = :title
+=== Alternative method names
+The method names _indulgence_ and _indulge?_ may not suit your application. If
+you wish to use alternative names, they can be aliased like this:
+    acts_as_indulgent(
+      :truth_method => :permit?,
+      :where_method => :permitted
+    )
+With this used to define indulgence in Thing, we can do this:
+    thing.permit?(cicero, :update) == true
+    thing.permit?(cicero, :delete) == false
+    Thing.permitted(cicero, :create) == [thing]
+    Thing.permitted(cicero, :read)   == Thing.all
+== Examples
+For some examples, have a look at the tests. In particular, look at the object
+definitions in test/lib.

data/Rakefile ADDED

@@ -0,0 +1,13 @@
+require 'rubygems'
+require 'rake'
+require 'rake/clean'
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+  t.test_files = FileList['test/**/*_test.rb']
+end
+require 'standalone_migrations'
+StandaloneMigrations::Tasks.load_tasks

data/lib/active_record/acts/indulgent.rb ADDED

@@ -0,0 +1,42 @@
+module ActiveRecord
+  module Acts
+    module Indulgent
+      def self.included(base)
+        base.send :extend, ClassMethods
+      end
+      module ClassMethods
+        def acts_as_indulgent(args = {})
+          include Indulgence::Indulgent::InstanceMethods
+          extend Indulgence::Indulgent::ClassMethods
+          alias_method args[:truth_method], :indulge? if args[:truth_method]
+          singleton_class.send(:alias_method, args[:where_method], :indulgence) if args[:where_method]
+          self.indulgent_permission_class = args[:using]
+        end
+        def indulgent_permission_class
+          @indulgent_permission_class
+        end
+        private
+        def default_indulgence_permission_class
+          class_name = to_s
+          name = class_name + "Permission"
+          require name.underscore
+          if const_defined? name
+            class_eval name
+          end
+        end
+        def indulgent_permission_class=(klass = nil)
+          @indulgent_permission_class = klass || default_indulgence_permission_class
+        end
+      end
+    end
+  end
+end
+ActiveRecord::Base.send(:include, ActiveRecord::Acts::Indulgent)

data/lib/indulgence.rb ADDED

@@ -0,0 +1,7 @@
+require_relative 'indulgence/permission'
+require_relative 'indulgence/indulgent'
+require_relative 'active_record/acts/indulgent'
+module Indulgence
+end

data/lib/indulgence/ability.rb ADDED

@@ -0,0 +1,19 @@
+module Indulgence
+  class Ability
+    attr_reader :name, :truth, :where_clause
+    def initialize(args = {})
+      @name = args[:name]
+      @truth = args[:truth]
+      @where_clause = args[:where_clause]
+    end
+    def ==(another_ability)
+      [:name, :truth, :where_clause].each do |method|
+        return false if send(method) != another_ability.send(method)
+      end
+      return true
+    end
+  end
+end

data/lib/indulgence/indulgent.rb ADDED

@@ -0,0 +1,27 @@
+module Indulgence
+  module Indulgent
+    module ClassMethods
+      def indulgence(entity, ability)
+        permission = indulgent_permission_class.new(entity, ability)
+        raise_not_found if permission.ability == Permission.none or permission.ability.blank?
+        where(permission.where)
+      end
+      private
+      def raise_not_found
+        raise ActiveRecord::RecordNotFound.new('Unable to find the item(s) you were looking for')
+      end
+    end
+    module InstanceMethods
+      def indulge?(entity, ability)
+        permission = self.class.indulgent_permission_class.new(entity, ability)
+        return permission.indulge? self
+      end
+    end
+  end
+end

data/lib/indulgence/permission.rb ADDED

@@ -0,0 +1,104 @@
+require_relative 'ability'
+module Indulgence
+  class Permission
+    attr_reader :entity, :ability
+    def initialize(entity, ability)
+      self
+      @entity = entity
+      @ability = abilities_for_role[ability]
+    end
+    def abilities
+      {}
+    end
+    def default
+      raise 'There must always be a default'
+    end
+    def where
+      ability.where_clause
+    end
+    def indulge?(thing)
+      ability.truth.respond_to?(:call) ? ability.truth.call(thing) : ability.truth
+    end
+    @@role_method = :role
+    def self.role_method=(name)
+      @@role_method = name.to_sym
+    end
+    def self.role_method
+      @@role_method
+    end
+    @@role_name_method = :name
+    def self.role_name_method=(name)
+      @@role_name_method = name.to_sym
+    end
+    def self.role_name_method
+      @@role_name_method
+    end
+    def self.none
+      @none ||= define_ability(
+        :name => :none,
+        :truth => false
+      )
+    end
+    def self.all
+      @all ||= define_ability(
+        :name => :all,
+        :truth => true
+      )
+    end
+    def self.define_ability(args)
+      Ability.new args
+    end
+    def define_ability(args)
+      self.class.define_ability(args)
+    end
+    # Ensure passing an unknown key behaves as one would expect for a hash
+    def [](key)
+      return {}[key] unless keys.include? key
+      super
+    end
+    def role_name
+      @role_name ||= entity_role_name
+    end
+    def abilities_for_role
+      abilities[role_name] || default
+    end
+    private
+    def entity_role_name
+      role = entity.send(self.class.role_method)
+      name_method = self.class.role_name_method
+      if role and abilities.keys.include?(role.send(name_method).to_sym)
+        role.send(name_method).to_sym
+      else
+        :default
+      end
+    end
+    def all
+      self.class.all
+    end
+    def none
+      self.class.none
+    end
+  end
+end

data/lib/indulgence/version.rb ADDED

@@ -0,0 +1,10 @@
+module Indulgence
+  VERSION = "0.0.1"
+end
+# History
+# =======
+#
+# 0.0.1   Initial build
+#         First alpa version
+#

data/test/db/config.yml ADDED

@@ -0,0 +1,17 @@
+test: &test
+  adapter: sqlite3
+  database: test/db/test.sqlite3.db
+  pool: 5
+  timeout: 5000
+develop:
+  adapter: sqlite3
+  database: test/db/develop.sqlite3.db
+  pool: 5
+  timeout: 5000
+production:
+  adapter: sqlite3
+  database: test/db/production.sqlite3.db
+  pool: 5
+  timeout: 5000

data/test/db/migrate/20130408085511_create_users.rb ADDED

@@ -0,0 +1,11 @@
+require 'active_record'
+class CreateUsers < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+      t.integer :role_id
+      t.timestamps
+    end
+  end
+end

data/test/db/migrate/20130408103015_create_roles.rb ADDED

@@ -0,0 +1,8 @@
+require 'active_record'
+class CreateRoles < ActiveRecord::Migration
+  create_table :roles do |t|
+    t.string :name
+    t.timestamps
+  end
+end

data/test/db/migrate/20130408132217_create_things.rb ADDED

@@ -0,0 +1,7 @@
+class CreateThings < ActiveRecord::Migration
+  create_table :things do |t|
+    t.string :name
+    t.integer :owner_id
+    t.timestamps
+  end
+end

data/test/db/schema.rb ADDED

@@ -0,0 +1,36 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+ActiveRecord::Schema.define(:version => 20130408132217) do
+  create_table "roles", :force => true do |t|
+    t.string   "name"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+  create_table "things", :force => true do |t|
+    t.string   "name"
+    t.integer  "owner_id"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+  create_table "users", :force => true do |t|
+    t.string   "name"
+    t.integer  "role_id"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+end

data/test/db/test.sqlite3.db ADDED

Binary file

data/test/lib/role.rb ADDED

@@ -0,0 +1,7 @@
+class Role < ActiveRecord::Base
+  has_many :users
+  def title
+    self.name
+  end
+end

data/test/lib/thing.rb ADDED

@@ -0,0 +1,19 @@
+class Thing < ActiveRecord::Base
+  belongs_to :owner, :class_name => 'User'
+  acts_as_indulgent(
+    :truth_method => :permit?,
+    :where_method => :permitted
+  )
+end
+class OtherThing < Thing
+  acts_as_indulgent :using => ThingPermission
+end

data/test/lib/thing_permission.rb ADDED

@@ -0,0 +1,46 @@
+require 'indulgence'
+class ThingPermission < Indulgence::Permission
+  def abilities
+    {
+      god: default.merge(god),
+      demigod: default.merge(demigod)
+    }
+  end
+  def default
+    {
+      create: none,
+      read: all,
+      update: none,
+      delete: none
+    }
+  end
+  def god
+    {
+      create: all,
+      update: all,
+      delete: all
+    }
+  end
+  def demigod
+    {
+      create: things_they_own,
+      update: things_they_own,
+      delete: things_they_own
+    }
+  end
+  def things_they_own
+    @things_they_own ||= define_ability(
+      :name => :things_they_own,
+      :truth => lambda {|thing| thing.owner_id == entity.id},
+      :where_clause => {:owner_id => entity.id}
+    )
+  end
+end

data/test/lib/user.rb ADDED

@@ -0,0 +1,9 @@
+class User < ActiveRecord::Base
+  belongs_to :role
+  has_many :things, :foreign_key => 'owner_id'
+  alias_method :position, :role
+end

data/test/test_helper.rb ADDED

@@ -0,0 +1,9 @@
+ENV["RAILS_ENV"] = "test"
+$:.unshift File.join(File.dirname(__FILE__),'units')
+$:.unshift File.join(File.dirname(__FILE__),'lib')
+$:.unshift File.join(File.dirname(__FILE__),'..','lib','indulgence')
+require 'test/unit'
+require 'active_record'
+ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database =>  "test/db/test.sqlite3.db"

data/test/units/indulgence/ability_test.rb ADDED

@@ -0,0 +1,36 @@
+require_relative '../../test_helper'
+require 'ability'
+module Indulgence
+  class AbilityTest < Test::Unit::TestCase
+    def test_none
+      none = Ability.new(
+        :name => :none,
+        :truth => false
+      )
+      assert_equal(:none, none.name)
+      assert_equal(false, none.truth)
+      assert_equal(nil, none.where_clause)
+    end
+    def test_all
+      all = Ability.new(
+        :name => :all,
+        :truth => true
+      )
+      assert_equal(:all, all.name)
+      assert_equal(true, all.truth)
+      assert_equal(nil, all.where_clause)
+    end
+    def test_equality
+      attributes = {:name => :same, :true => true}
+      ability = Ability.new(attributes)
+      other_ability = Ability.new(attributes)
+      assert(ability == other_ability, "#{ability} == #{other_ability} should return true")
+      assert_equal(ability, other_ability)
+    end
+  end
+end

data/test/units/indulgence/permission_test.rb ADDED

@@ -0,0 +1,15 @@
+require_relative '../../test_helper'
+require 'user'
+module Indulgence
+  class PermissionTest < Test::Unit::TestCase
+    def test_creation_fails_as_methods_undefined_in_parent_class
+      assert_raise RuntimeError do
+        Permission.new(User.create(:name => 'Whisp'), :read)
+      end
+    end
+  end
+end

data/test/units/role_test.rb ADDED

@@ -0,0 +1,16 @@
+require_relative '../test_helper'
+require 'user'
+require 'role'
+class RoleTest < Test::Unit::TestCase
+  def teardown
+    User.delete_all
+    Role.delete_all
+  end
+  def test_users
+    role = Role.create(:name => 'god')
+    user = User.create(:name => 'Harry', :role_id => role.id)
+    assert_equal([user], role.users)
+  end
+end

data/test/units/thing_permission_test.rb ADDED

@@ -0,0 +1,78 @@
+require_relative '../test_helper'
+require 'user'
+require 'role'
+require 'thing_permission'
+class ThingPermissionTest < Test::Unit::TestCase
+  Permission = Indulgence::Permission
+  def setup
+    god = Role.create(:name => 'god')
+    mortal = Role.create(:name => 'mortal')
+    @user = User.create(:name => 'Trevor', :role_id => mortal.id)
+    @super_user = User.create(:name => 'Jane', :role_id => god.id)
+    @original_role_name = Permission.role_method
+    @original_role_name_method = Permission.role_name_method
+  end
+  def test_super_user_permissions
+    assert_equal Permission.all, ThingPermission.new(@super_user, :create).ability
+    assert_equal Permission.all, ThingPermission.new(@super_user, :read).ability
+    assert_equal Permission.all, ThingPermission.new(@super_user, :update).ability
+    assert_equal Permission.all, ThingPermission.new(@super_user, :delete).ability
+  end
+  def test_default_permissions
+    assert_equal Permission.none, ThingPermission.new(@user, :create).ability
+    assert_equal Permission.all, ThingPermission.new(@user, :read).ability
+    assert_equal Permission.none, ThingPermission.new(@user, :update).ability
+    assert_equal Permission.none, ThingPermission.new(@user, :delete).ability
+  end
+  def test_role_name
+    assert_equal @super_user.role.name.to_sym, ThingPermission.new(@super_user, :read).role_name
+  end
+  def test_role_name_when_not_defined_in_permissions
+    assert_equal :default, ThingPermission.new(@user, :read).role_name
+  end
+  def test_setting_unknown_role_method_causes_error
+    Permission.role_method = :something_else
+    assert_raise NoMethodError do
+      ThingPermission.new(@super_user, :read).role_name
+    end
+  end
+  def test_setting_role_method
+    Permission.role_method = :position
+    test_super_user_permissions
+  end
+  def test_setting_unknown_role_name_method_causes_error
+    Permission.role_name_method = :something_else
+    assert_raise NoMethodError do
+      ThingPermission.new(@super_user, :read).role_name
+    end
+  end
+  def test_setting_role_name_method
+    Permission.role_name_method = :title
+    test_super_user_permissions
+  end
+  def teardown
+    User.delete_all
+    Role.delete_all
+    Thing.delete_all
+    Permission.role_method = @original_role_name
+    Permission.role_name_method = @original_role_name_method
+  end
+  def make_things
+    @users_thing = Thing.create(:one, :owner_id => @user.id)
+    @super_users_thing = Thing.create(:two, :owner_id => @super_user.id)
+  end
+end

data/test/units/thing_test.rb ADDED

@@ -0,0 +1,98 @@
+require_relative '../test_helper'
+require 'user'
+require 'thing'
+class ThingTest < Test::Unit::TestCase
+  def setup
+    @god = Role.create(:name => 'god')
+    @demigod = Role.create(:name => 'demigod')
+    @owner = User.create(:name => 'Mary')
+    @thing = Thing.create(:name => 'Stuff', :owner_id => @owner.id)
+  end
+  def test_user
+    assert_equal(@owner, @thing.owner)
+    assert_equal([@thing], @owner.things)
+  end
+  def test_indulge
+    make_second_thing
+    assert_equal(true, @thing.indulge?(@owner, :read))
+    assert_equal(false, @thing.indulge?(@owner, :delete))
+    assert_equal(false, @other_thing.indulge?(@owner, :delete))
+  end
+  def test_indulge_by_god
+    make_second_thing
+    @owner.update_attribute(:role_id, @god.id)
+    assert_equal(true, @thing.indulge?(@owner, :read))
+    assert_equal(true, @thing.indulge?(@owner, :delete))
+    assert_equal(true, @other_thing.indulge?(@owner, :delete))
+  end
+  def test_indulge_by_demigod
+    make_second_thing
+    @owner.update_attribute(:role_id, @demigod.id)
+    assert_equal(true, @thing.indulge?(@owner, :read))
+    assert_equal(true, @thing.indulge?(@owner, :delete))
+    assert_equal(false, @other_thing.indulge?(@owner, :delete))
+  end
+  def test_indulge_other_thing
+    other_thing = OtherThing.create(:name => 'Other Stuff', :owner_id => @owner.id)
+    assert_equal(true, other_thing.indulge?(@owner, :read))
+    assert_equal(false, other_thing.indulge?(@owner, :delete))
+  end
+  def test_indulgence
+    make_second_thing
+    @owner.update_attribute(:role_id, @demigod.id)
+    assert_equal(Thing.order('id'), Thing.indulgence(@owner, :read).order('id'))
+    assert_equal(Thing.order('id'), Thing.indulgence(@user, :read).order('id'))
+    assert_equal([@thing], Thing.indulgence(@owner, :delete))
+    assert_raise ActiveRecord::RecordNotFound do
+      Thing.indulgence(@user, :delete)
+    end
+  end
+  def test_find
+    make_second_thing
+    @owner.update_attribute(:role_id, @demigod.id)
+    assert_equal(@thing, Thing.indulgence(@owner, :delete).find(@thing.id))
+    assert_raise ActiveRecord::RecordNotFound do
+      assert_equal(@thing, Thing.indulgence(@user, :delete).find(@thing.id))
+    end
+  end
+  def test_truth_method
+    make_second_thing
+    assert_equal(true, @thing.permit?(@owner, :read))
+    assert_equal(false, @thing.permit?(@owner, :delete))
+    assert_equal(false, @other_thing.permit?(@owner, :delete))
+  end
+  def test_where_method
+    make_second_thing
+    @owner.update_attribute(:role_id, @demigod.id)
+    assert_equal(Thing.order('id'), Thing.permitted(@owner, :read).order('id'))
+    assert_equal(Thing.order('id'), Thing.permitted(@user, :read).order('id'))
+    assert_equal([@thing], Thing.permitted(@owner, :delete))
+    assert_raise ActiveRecord::RecordNotFound do
+      Thing.permitted(@user, :delete)
+    end
+  end
+  def make_second_thing
+    @user = User.create(:name => 'Clive')
+    @other_thing = Thing.create(:name => 'Debris', :owner_id => @user.id)
+  end
+  def teardown
+    Role.delete_all
+    User.delete_all
+    Thing.delete_all
+  end
+end

data/test/units/user_test.rb ADDED

@@ -0,0 +1,21 @@
+require_relative '../test_helper'
+require 'user'
+require 'role'
+class UserTest < Test::Unit::TestCase
+  def teardown
+    User.delete_all
+    Role.delete_all
+  end
+  def test_create
+    user = User.create(:name => 'Bob')
+    assert_equal(user, User.find_by_name('Bob'))
+  end
+  def test_role
+    role = Role.create(:name => 'god')
+    user = User.create(:name => 'Harry', :role_id => role.id)
+    assert_equal(role, user.role)
+  end
+end

metadata ADDED

@@ -0,0 +1,120 @@
+--- !ruby/object:Gem::Specification
+name: indulgence
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease:
+platform: ruby
+authors:
+- Rob Nichols
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2013-04-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Packages permission functionality into a set of permission objects.
+email:
+- rob@undervale.co.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/active_record/acts/indulgent.rb
+- lib/indulgence/version.rb
+- lib/indulgence/indulgent.rb
+- lib/indulgence/ability.rb
+- lib/indulgence/permission.rb
+- lib/indulgence.rb
+- MIT-LICENSE
+- Rakefile
+- README.rdoc
+- test/units/role_test.rb
+- test/units/indulgence/permission_test.rb
+- test/units/indulgence/ability_test.rb
+- test/units/user_test.rb
+- test/units/thing_permission_test.rb
+- test/units/thing_test.rb
+- test/lib/role.rb
+- test/lib/user.rb
+- test/lib/thing.rb
+- test/lib/thing_permission.rb
+- test/db/migrate/20130408103015_create_roles.rb
+- test/db/migrate/20130408085511_create_users.rb
+- test/db/migrate/20130408132217_create_things.rb
+- test/db/config.yml
+- test/db/test.sqlite3.db
+- test/db/schema.rb
+- test/test_helper.rb
+homepage: https://github.com/reggieb/indulgence
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.24
+signing_key:
+specification_version: 3
+summary: Yet another permissions gem
+test_files:
+- test/units/role_test.rb
+- test/units/indulgence/permission_test.rb
+- test/units/indulgence/ability_test.rb
+- test/units/user_test.rb
+- test/units/thing_permission_test.rb
+- test/units/thing_test.rb
+- test/lib/role.rb
+- test/lib/user.rb
+- test/lib/thing.rb
+- test/lib/thing_permission.rb
+- test/db/migrate/20130408103015_create_roles.rb
+- test/db/migrate/20130408085511_create_users.rb
+- test/db/migrate/20130408132217_create_things.rb
+- test/db/config.yml
+- test/db/test.sqlite3.db
+- test/db/schema.rb
+- test/test_helper.rb