RubyGems - indulgence - Versions diffs - 0.0.1 - Mend

indulgence 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

data/MIT-LICENSE +20 -0
data/README.rdoc +315 -0
data/Rakefile +13 -0
data/lib/active_record/acts/indulgent.rb +42 -0
data/lib/indulgence.rb +7 -0
data/lib/indulgence/ability.rb +19 -0
data/lib/indulgence/indulgent.rb +27 -0
data/lib/indulgence/permission.rb +104 -0
data/lib/indulgence/version.rb +10 -0
data/test/db/config.yml +17 -0
data/test/db/migrate/20130408085511_create_users.rb +11 -0
data/test/db/migrate/20130408103015_create_roles.rb +8 -0
data/test/db/migrate/20130408132217_create_things.rb +7 -0
data/test/db/schema.rb +36 -0
data/test/db/test.sqlite3.db +0 -0
data/test/lib/role.rb +7 -0
data/test/lib/thing.rb +19 -0
data/test/lib/thing_permission.rb +46 -0
data/test/lib/user.rb +9 -0
data/test/test_helper.rb +9 -0
data/test/units/indulgence/ability_test.rb +36 -0
data/test/units/indulgence/permission_test.rb +15 -0
data/test/units/role_test.rb +16 -0
data/test/units/thing_permission_test.rb +78 -0
data/test/units/thing_test.rb +98 -0
data/test/units/user_test.rb +21 -0
metadata +120 -0

data/MIT-LICENSE ADDED

@@ -0,0 +1,20 @@
+Copyright 2013 Rob Nichols
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc ADDED

@@ -0,0 +1,315 @@
+= Indulgence
+Yet another permissions gem.
+In creating Indulgence I wanted a role based permissions tool that did two main
+things:
+* Determine what permission a user had to do something to an object
+* Filtered a search of objects based on the those permissions
+It was apparent to me that if 'something' was one of the CRUD actions, it would
+cover all the use cases I could think of. So permissions were sub-divided into
+the 'abilities': create, read, update, and delete.
+The other requirement was that the permission for an object could be defined
+succinctly within a single file.
+== Defining indulgent permissions
+Indulgence is added to a class via acts_as_indulgent:
+    class Thing < ActiveRecord::Base
+      acts_as_indulgent
+    end
+Used in this way, permissions need to be defined in an Indulgence::Permission
+object called ThingPermission, with an instance method :default
+    class ThingPermission < Indulgence::Permission
+      def default
+        {
+          create: none,
+          read: all,
+          update: none,
+          delete: none
+        }
+      end
+    end
+This needs to be available to the Thing class. For example, in a rails app, by
+placing it in app/permissions/thing_permission.rb
+== Users and Roles
+Indulgence assumes that permissions will be tested against an entity object
+(e.g. User), that has a role object associated with it, and that each role can
+be uniquely identified by a name method.
+The default behaviour assumes that the entity object has a :role method that
+returns the role object, and that the role object has a :name method. So
+typically, these objects could look like this:
+    class User < ActiveRecord::Base
+      belongs_to :role
+    end
+    class Role < ActiveRecord::Base
+      has_many :users
+      validates :name, :uniqueness => true
+    end
+    role = Role.create(:name => 'pleb')
+    user = User.create(
+      :first_name => 'Joe',
+      :last_name => 'Blogs',
+      :role_id => role.id
+    )
+== indulge?
+Simple true/false permission can be determined using the :indulge? method:
+    thing = Thing.first
+    thing.indulge?(user, :create) == false
+    thing.indulge?(user, :read)   == true
+    thing.indulge?(user, :update) == false
+    thing.indulge?(user, :delete) == false
+== indulgence
+The :indulgence method is used as a where filter:
+    Thing.indulgence(user, :create) --> raises ActiveRecord::RecordNotFound
+    Thing.indulgence(user, :read) == Thing.all
+    Thing.indulgence(user, :update) --> raises ActiveRecord::RecordNotFound
+    Thing.indulgence(user, :delete) --> raises ActiveRecord::RecordNotFound
+So to find all the blue things that the user has permission to read:
+    Thing.indulgence(user, :read).where(:colour => 'blue')
+== Customisation
+=== Adding other roles
+Up until now, all users get the same permissions irrespective of role. Let's
+give Emperors the right to see and do anything by first creating an emperor
+    emperor = Role.create(:name => 'emperor')
+    caesar = User.create(
+      :first_name => 'Julius',
+      :last_name => 'Ceasar',
+      :role_id => emporor.id
+    )
+And then defining what they can do by adding these two methods to ThingPermission:
+    def abilities
+      {
+        emperor: default.merge(emperor)
+      }
+    end
+    def emperor
+      {
+        create: all,
+        update: all,
+        delete: all
+      }
+    end
+This uses a merger of the default abilities so that only the variant abilities
+need to be defined in the emperor method. That is, _read_ is inherited from
+_default_ rather than being defined in _emperor_, as it is already set to *all*.
+abilities is a hash of hashes. The lowest level, associates action names with
+ability objects. The top level associates role names to the lower level ability
+object hashes. The construction is perhaps clearer in the abilities above was
+written like this:
+    def abilities
+      {
+        emperor: {
+          create: all,
+          read:   default[:read],
+          update: all,
+          delete: all
+        }
+      }
+    end
+With this done:
+    thing.indulge?(caesar, :create) == true
+    thing.indulge?(caesar, :read)   == true
+    thing.indulge?(caesar, :update) == true
+    thing.indulge?(caesar, :delete) == true
+    Thing.indulgence(caesar, :create) == Thing.all
+    Thing.indulgence(caesar, :read)   == Thing.all
+    Thing.indulgence(caesar, :update) == Thing.all
+    Thing.indulgence(caesar, :delete) == Thing.all
+=== Adding abilities
+Indulgence has two built in abilities. These are *all* and *none*. These two
+have provided all the functionality described above, but in most real cases
+some more fine tuned ability setting will be needed.
+Let's create an author role, and give authors the ability to create and update
+their own things.
+    author = Role.create(:name => :author)
+Next we need to give author's ownership of things. So we add an :author_id
+attribute to Thing, and a matching :author method:
+    class Thing < ActiveRecord::Base
+      acts_as_indulgent
+      belongs_to :author, :class_name => 'User'
+    end
+Then we need to create an Ability that uses this relationship to determine
+permissions. This can be done by adding this method to ThingPermission:
+  def things_they_wrote
+    define_ability(
+      :name => :things_they_wrote,
+      :truth => lambda {|thing| thing.author_id == entity.id},
+      :where_clause => {:author_id => entity.id}
+    )
+  end
+This will create an Ability object with the following methods:
+[name]          Allows abilities of the same kind to be matched
+[truth]         Used by :indulge?
+[where_clause]  Used by :indulgence
+Note that Indulgence::Permission#entity returns the entity object passed to the
+instance on creation. In this example, that will be the User.
+==== The where clause
+In this example:
+    Thing.indulgence(user, :read) == Thing.where(:author_id => user.id)
+if the :read ability is matched to *things_they_wrote*
+==== truth
+In *all* :truth is simply _true_, and in *none* :truth is _false_.
+For more complex abilities :truth should be a lambda that is passed the object
+being tested, and returns _true_ if permission should be given. Otherwise _false_
+should be returned.
+Once *things_they_wrote* has been defined, we can use it to define a new set
+of abilities:
+    def abilities
+      {
+        emperor: default.merge(emperor),
+        author:  default.merge(author)
+      }
+    end
+    def author
+      {
+        create: things_they_wrote,
+        update: things_they_wrote
+      }
+    end
+With that done:
+    cicero = User.create(
+      :first_name => 'Marcus',
+      :last_name => 'Cicero',
+      :role_id => author.id
+    )
+    thing.author = cicero
+    thing.save
+    thing.indulge?(cicero, :create) == true
+    thing.indulge?(cicero, :read)   == true
+    thing.indulge?(cicero, :update) == true
+    thing.indulge?(cicero, :delete) == false
+    Thing.indulgence(cicero, :create) == [thing]
+    Thing.indulgence(cicero, :read)   == Thing.all
+    Thing.indulgence(cicero, :update) == [thing]
+    Thing.indulgence(cicero, :delete)  --> raises ActiveRecord::RecordNotFound
+=== Alternative Permission Class
+As stated above, the default behaviour is for a Thing class to expect its
+permissions to be defined in ThingPermission. However, you can define an
+alternative class name:
+    acts_as_indulgent :using => PermissionsForThing
+=== Alternative Entity behaviour
+Consider this example:
+    class User < ActiveRecord::Base
+      belongs_to :position
+    end
+    class Position < ActiveRecord::Base
+      has_many :users
+      validates :title, :uniqueness => true
+    end
+There are two ways of dealing with this.
+If only ThingPermission is affected, the attributes that stores the _role_method_
+and _role_name_method_ could be overwritten:
+    class ThingPermission < Indulgence::Permission
+      def self.role_method
+        :position
+      end
+      def self.role_name_method
+        :title
+      end
+      .....
+    end
+Alternatively if all permissions were to be altered the super class Permission
+could be updated (for example in a rails initializer):
+    Indulgence::Permission.role_method = :position
+    Indulgence::Permission.role_name_method = :title
+=== Alternative method names
+The method names _indulgence_ and _indulge?_ may not suit your application. If
+you wish to use alternative names, they can be aliased like this:
+    acts_as_indulgent(
+      :truth_method => :permit?,
+      :where_method => :permitted
+    )
+With this used to define indulgence in Thing, we can do this:
+    thing.permit?(cicero, :update) == true
+    thing.permit?(cicero, :delete) == false
+    Thing.permitted(cicero, :create) == [thing]
+    Thing.permitted(cicero, :read)   == Thing.all
+== Examples
+For some examples, have a look at the tests. In particular, look at the object
+definitions in test/lib.

data/Rakefile ADDED

@@ -0,0 +1,13 @@
+require 'rubygems'
+require 'rake'
+require 'rake/clean'
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+  t.test_files = FileList['test/**/*_test.rb']
+end
+require 'standalone_migrations'
+StandaloneMigrations::Tasks.load_tasks

data/lib/active_record/acts/indulgent.rb ADDED

@@ -0,0 +1,42 @@
+module ActiveRecord
+  module Acts
+    module Indulgent
+      def self.included(base)
+        base.send :extend, ClassMethods
+      end
+      module ClassMethods
+        def acts_as_indulgent(args = {})
+          include Indulgence::Indulgent::InstanceMethods
+          extend Indulgence::Indulgent::ClassMethods
+          alias_method args[:truth_method], :indulge? if args[:truth_method]
+          singleton_class.send(:alias_method, args[:where_method], :indulgence) if args[:where_method]
+          self.indulgent_permission_class = args[:using]
+        end
+        def indulgent_permission_class
+          @indulgent_permission_class
+        end
+        private
+        def default_indulgence_permission_class
+          class_name = to_s
+          name = class_name + "Permission"
+          require name.underscore
+          if const_defined? name
+            class_eval name
+          end
+        end
+        def indulgent_permission_class=(klass = nil)
+          @indulgent_permission_class = klass || default_indulgence_permission_class
+        end
+      end
+    end
+  end
+end
+ActiveRecord::Base.send(:include, ActiveRecord::Acts::Indulgent)

data/lib/indulgence.rb ADDED

@@ -0,0 +1,7 @@
+require_relative 'indulgence/permission'
+require_relative 'indulgence/indulgent'
+require_relative 'active_record/acts/indulgent'
+module Indulgence
+end

data/lib/indulgence/ability.rb ADDED

@@ -0,0 +1,19 @@
+module Indulgence
+  class Ability
+    attr_reader :name, :truth, :where_clause
+    def initialize(args = {})
+      @name = args[:name]
+      @truth = args[:truth]
+      @where_clause = args[:where_clause]
+    end
+    def ==(another_ability)
+      [:name, :truth, :where_clause].each do |method|
+        return false if send(method) != another_ability.send(method)
+      end
+      return true
+    end
+  end
+end

data/lib/indulgence/indulgent.rb ADDED

@@ -0,0 +1,27 @@
+module Indulgence
+  module Indulgent
+    module ClassMethods
+      def indulgence(entity, ability)
+        permission = indulgent_permission_class.new(entity, ability)
+        raise_not_found if permission.ability == Permission.none or permission.ability.blank?
+        where(permission.where)
+      end
+      private
+      def raise_not_found
+        raise ActiveRecord::RecordNotFound.new('Unable to find the item(s) you were looking for')
+      end
+    end
+    module InstanceMethods
+      def indulge?(entity, ability)
+        permission = self.class.indulgent_permission_class.new(entity, ability)
+        return permission.indulge? self
+      end
+    end
+  end
+end

data/lib/indulgence/permission.rb ADDED

@@ -0,0 +1,104 @@
+require_relative 'ability'
+module Indulgence
+  class Permission
+    attr_reader :entity, :ability
+    def initialize(entity, ability)
+      self
+      @entity = entity
+      @ability = abilities_for_role[ability]
+    end
+    def abilities
+      {}
+    end
+    def default
+      raise 'There must always be a default'
+    end
+    def where
+      ability.where_clause
+    end
+    def indulge?(thing)
+      ability.truth.respond_to?(:call) ? ability.truth.call(thing) : ability.truth
+    end
+    @@role_method = :role
+    def self.role_method=(name)
+      @@role_method = name.to_sym
+    end
+    def self.role_method
+      @@role_method
+    end
+    @@role_name_method = :name
+    def self.role_name_method=(name)
+      @@role_name_method = name.to_sym
+    end
+    def self.role_name_method
+      @@role_name_method
+    end
+    def self.none
+      @none ||= define_ability(
+        :name => :none,
+        :truth => false
+      )
+    end
+    def self.all
+      @all ||= define_ability(
+        :name => :all,
+        :truth => true
+      )
+    end
+    def self.define_ability(args)
+      Ability.new args
+    end
+    def define_ability(args)
+      self.class.define_ability(args)
+    end
+    # Ensure passing an unknown key behaves as one would expect for a hash
+    def [](key)
+      return {}[key] unless keys.include? key
+      super
+    end
+    def role_name
+      @role_name ||= entity_role_name
+    end
+    def abilities_for_role
+      abilities[role_name] || default
+    end
+    private
+    def entity_role_name
+      role = entity.send(self.class.role_method)
+      name_method = self.class.role_name_method
+      if role and abilities.keys.include?(role.send(name_method).to_sym)
+        role.send(name_method).to_sym
+      else
+        :default
+      end
+    end
+    def all
+      self.class.all
+    end
+    def none
+      self.class.none
+    end
+  end
+end

data/lib/indulgence/version.rb ADDED

@@ -0,0 +1,10 @@
+module Indulgence
+  VERSION = "0.0.1"
+end
+# History
+# =======
+#
+# 0.0.1   Initial build
+#         First alpa version
+#

data/test/db/config.yml ADDED

@@ -0,0 +1,17 @@
+test: &test
+  adapter: sqlite3
+  database: test/db/test.sqlite3.db
+  pool: 5
+  timeout: 5000
+develop:
+  adapter: sqlite3
+  database: test/db/develop.sqlite3.db
+  pool: 5
+  timeout: 5000
+production:
+  adapter: sqlite3
+  database: test/db/production.sqlite3.db
+  pool: 5
+  timeout: 5000

data/test/db/migrate/20130408085511_create_users.rb ADDED

@@ -0,0 +1,11 @@
+require 'active_record'
+class CreateUsers < ActiveRecord::Migration
+  def change
+    create_table :users do |t|
+      t.string :name
+      t.integer :role_id
+      t.timestamps
+    end
+  end
+end

data/test/db/migrate/20130408103015_create_roles.rb ADDED

@@ -0,0 +1,8 @@
+require 'active_record'
+class CreateRoles < ActiveRecord::Migration
+  create_table :roles do |t|
+    t.string :name
+    t.timestamps
+  end
+end

data/test/db/migrate/20130408132217_create_things.rb ADDED

@@ -0,0 +1,7 @@
+class CreateThings < ActiveRecord::Migration
+  create_table :things do |t|
+    t.string :name
+    t.integer :owner_id
+    t.timestamps
+  end
+end

data/test/db/schema.rb ADDED

@@ -0,0 +1,36 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended to check this file into your version control system.
+ActiveRecord::Schema.define(:version => 20130408132217) do
+  create_table "roles", :force => true do |t|
+    t.string   "name"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+  create_table "things", :force => true do |t|
+    t.string   "name"
+    t.integer  "owner_id"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+  create_table "users", :force => true do |t|
+    t.string   "name"
+    t.integer  "role_id"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+end

data/test/db/test.sqlite3.db ADDED

Binary file

data/test/lib/role.rb ADDED

@@ -0,0 +1,7 @@
+class Role < ActiveRecord::Base
+  has_many :users
+  def title
+    self.name
+  end
+end

data/test/lib/thing.rb ADDED

@@ -0,0 +1,19 @@
+class Thing < ActiveRecord::Base
+  belongs_to :owner, :class_name => 'User'
+  acts_as_indulgent(
+    :truth_method => :permit?,
+    :where_method => :permitted
+  )
+end
+class OtherThing < Thing
+  acts_as_indulgent :using => ThingPermission
+end

data/test/lib/thing_permission.rb ADDED

@@ -0,0 +1,46 @@
+require 'indulgence'
+class ThingPermission < Indulgence::Permission
+  def abilities
+    {
+      god: default.merge(god),
+      demigod: default.merge(demigod)
+    }
+  end
+  def default
+    {
+      create: none,
+      read: all,
+      update: none,
+      delete: none
+    }
+  end
+  def god
+    {
+      create: all,
+      update: all,
+      delete: all
+    }
+  end
+  def demigod
+    {
+      create: things_they_own,
+      update: things_they_own,
+      delete: things_they_own
+    }
+  end
+  def things_they_own
+    @things_they_own ||= define_ability(
+      :name => :things_they_own,
+      :truth => lambda {|thing| thing.owner_id == entity.id},
+      :where_clause => {:owner_id => entity.id}
+    )
+  end
+end

data/test/lib/user.rb ADDED

@@ -0,0 +1,9 @@
+class User < ActiveRecord::Base
+  belongs_to :role
+  has_many :things, :foreign_key => 'owner_id'
+  alias_method :position, :role
+end

data/test/test_helper.rb ADDED

@@ -0,0 +1,9 @@
+ENV["RAILS_ENV"] = "test"
+$:.unshift File.join(File.dirname(__FILE__),'units')
+$:.unshift File.join(File.dirname(__FILE__),'lib')
+$:.unshift File.join(File.dirname(__FILE__),'..','lib','indulgence')
+require 'test/unit'
+require 'active_record'
+ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database =>  "test/db/test.sqlite3.db"

data/test/units/indulgence/ability_test.rb ADDED

@@ -0,0 +1,36 @@
+require_relative '../../test_helper'
+require 'ability'
+module Indulgence
+  class AbilityTest < Test::Unit::TestCase
+    def test_none
+      none = Ability.new(
+        :name => :none,
+        :truth => false
+      )
+      assert_equal(:none, none.name)
+      assert_equal(false, none.truth)
+      assert_equal(nil, none.where_clause)
+    end
+    def test_all
+      all = Ability.new(
+        :name => :all,
+        :truth => true
+      )
+      assert_equal(:all, all.name)
+      assert_equal(true, all.truth)
+      assert_equal(nil, all.where_clause)
+    end
+    def test_equality
+      attributes = {:name => :same, :true => true}
+      ability = Ability.new(attributes)
+      other_ability = Ability.new(attributes)
+      assert(ability == other_ability, "#{ability} == #{other_ability} should return true")
+      assert_equal(ability, other_ability)
+    end
+  end
+end

data/test/units/indulgence/permission_test.rb ADDED

@@ -0,0 +1,15 @@
+require_relative '../../test_helper'
+require 'user'
+module Indulgence
+  class PermissionTest < Test::Unit::TestCase
+    def test_creation_fails_as_methods_undefined_in_parent_class
+      assert_raise RuntimeError do
+        Permission.new(User.create(:name => 'Whisp'), :read)
+      end
+    end
+  end
+end

data/test/units/role_test.rb ADDED

@@ -0,0 +1,16 @@
+require_relative '../test_helper'
+require 'user'
+require 'role'
+class RoleTest < Test::Unit::TestCase
+  def teardown
+    User.delete_all
+    Role.delete_all
+  end
+  def test_users
+    role = Role.create(:name => 'god')
+    user = User.create(:name => 'Harry', :role_id => role.id)
+    assert_equal([user], role.users)
+  end
+end

data/test/units/thing_permission_test.rb ADDED

@@ -0,0 +1,78 @@
+require_relative '../test_helper'
+require 'user'
+require 'role'
+require 'thing_permission'
+class ThingPermissionTest < Test::Unit::TestCase
+  Permission = Indulgence::Permission
+  def setup
+    god = Role.create(:name => 'god')
+    mortal = Role.create(:name => 'mortal')
+    @user = User.create(:name => 'Trevor', :role_id => mortal.id)
+    @super_user = User.create(:name => 'Jane', :role_id => god.id)
+    @original_role_name = Permission.role_method
+    @original_role_name_method = Permission.role_name_method
+  end
+  def test_super_user_permissions
+    assert_equal Permission.all, ThingPermission.new(@super_user, :create).ability
+    assert_equal Permission.all, ThingPermission.new(@super_user, :read).ability
+    assert_equal Permission.all, ThingPermission.new(@super_user, :update).ability
+    assert_equal Permission.all, ThingPermission.new(@super_user, :delete).ability
+  end
+  def test_default_permissions
+    assert_equal Permission.none, ThingPermission.new(@user, :create).ability
+    assert_equal Permission.all, ThingPermission.new(@user, :read).ability
+    assert_equal Permission.none, ThingPermission.new(@user, :update).ability
+    assert_equal Permission.none, ThingPermission.new(@user, :delete).ability
+  end
+  def test_role_name
+    assert_equal @super_user.role.name.to_sym, ThingPermission.new(@super_user, :read).role_name
+  end
+  def test_role_name_when_not_defined_in_permissions
+    assert_equal :default, ThingPermission.new(@user, :read).role_name
+  end
+  def test_setting_unknown_role_method_causes_error
+    Permission.role_method = :something_else
+    assert_raise NoMethodError do
+      ThingPermission.new(@super_user, :read).role_name
+    end
+  end
+  def test_setting_role_method
+    Permission.role_method = :position
+    test_super_user_permissions
+  end
+  def test_setting_unknown_role_name_method_causes_error
+    Permission.role_name_method = :something_else
+    assert_raise NoMethodError do
+      ThingPermission.new(@super_user, :read).role_name
+    end
+  end
+  def test_setting_role_name_method
+    Permission.role_name_method = :title
+    test_super_user_permissions
+  end
+  def teardown
+    User.delete_all
+    Role.delete_all
+    Thing.delete_all
+    Permission.role_method = @original_role_name
+    Permission.role_name_method = @original_role_name_method
+  end
+  def make_things
+    @users_thing = Thing.create(:one, :owner_id => @user.id)
+    @super_users_thing = Thing.create(:two, :owner_id => @super_user.id)
+  end
+end

data/test/units/thing_test.rb ADDED

@@ -0,0 +1,98 @@
+require_relative '../test_helper'
+require 'user'
+require 'thing'
+class ThingTest < Test::Unit::TestCase
+  def setup
+    @god = Role.create(:name => 'god')
+    @demigod = Role.create(:name => 'demigod')
+    @owner = User.create(:name => 'Mary')
+    @thing = Thing.create(:name => 'Stuff', :owner_id => @owner.id)
+  end
+  def test_user
+    assert_equal(@owner, @thing.owner)
+    assert_equal([@thing], @owner.things)
+  end
+  def test_indulge
+    make_second_thing
+    assert_equal(true, @thing.indulge?(@owner, :read))
+    assert_equal(false, @thing.indulge?(@owner, :delete))
+    assert_equal(false, @other_thing.indulge?(@owner, :delete))
+  end
+  def test_indulge_by_god
+    make_second_thing
+    @owner.update_attribute(:role_id, @god.id)
+    assert_equal(true, @thing.indulge?(@owner, :read))
+    assert_equal(true, @thing.indulge?(@owner, :delete))
+    assert_equal(true, @other_thing.indulge?(@owner, :delete))
+  end
+  def test_indulge_by_demigod
+    make_second_thing
+    @owner.update_attribute(:role_id, @demigod.id)
+    assert_equal(true, @thing.indulge?(@owner, :read))
+    assert_equal(true, @thing.indulge?(@owner, :delete))
+    assert_equal(false, @other_thing.indulge?(@owner, :delete))
+  end
+  def test_indulge_other_thing
+    other_thing = OtherThing.create(:name => 'Other Stuff', :owner_id => @owner.id)
+    assert_equal(true, other_thing.indulge?(@owner, :read))
+    assert_equal(false, other_thing.indulge?(@owner, :delete))
+  end
+  def test_indulgence
+    make_second_thing
+    @owner.update_attribute(:role_id, @demigod.id)
+    assert_equal(Thing.order('id'), Thing.indulgence(@owner, :read).order('id'))
+    assert_equal(Thing.order('id'), Thing.indulgence(@user, :read).order('id'))
+    assert_equal([@thing], Thing.indulgence(@owner, :delete))
+    assert_raise ActiveRecord::RecordNotFound do
+      Thing.indulgence(@user, :delete)
+    end
+  end
+  def test_find
+    make_second_thing
+    @owner.update_attribute(:role_id, @demigod.id)
+    assert_equal(@thing, Thing.indulgence(@owner, :delete).find(@thing.id))
+    assert_raise ActiveRecord::RecordNotFound do
+      assert_equal(@thing, Thing.indulgence(@user, :delete).find(@thing.id))
+    end
+  end
+  def test_truth_method
+    make_second_thing
+    assert_equal(true, @thing.permit?(@owner, :read))
+    assert_equal(false, @thing.permit?(@owner, :delete))
+    assert_equal(false, @other_thing.permit?(@owner, :delete))
+  end
+  def test_where_method
+    make_second_thing
+    @owner.update_attribute(:role_id, @demigod.id)
+    assert_equal(Thing.order('id'), Thing.permitted(@owner, :read).order('id'))
+    assert_equal(Thing.order('id'), Thing.permitted(@user, :read).order('id'))
+    assert_equal([@thing], Thing.permitted(@owner, :delete))
+    assert_raise ActiveRecord::RecordNotFound do
+      Thing.permitted(@user, :delete)
+    end
+  end
+  def make_second_thing
+    @user = User.create(:name => 'Clive')
+    @other_thing = Thing.create(:name => 'Debris', :owner_id => @user.id)
+  end
+  def teardown
+    Role.delete_all
+    User.delete_all
+    Thing.delete_all
+  end
+end

data/test/units/user_test.rb ADDED

@@ -0,0 +1,21 @@
+require_relative '../test_helper'
+require 'user'
+require 'role'
+class UserTest < Test::Unit::TestCase
+  def teardown
+    User.delete_all
+    Role.delete_all
+  end
+  def test_create
+    user = User.create(:name => 'Bob')
+    assert_equal(user, User.find_by_name('Bob'))
+  end
+  def test_role
+    role = Role.create(:name => 'god')
+    user = User.create(:name => 'Harry', :role_id => role.id)
+    assert_equal(role, user.role)
+  end
+end

metadata ADDED

@@ -0,0 +1,120 @@
+--- !ruby/object:Gem::Specification
+name: indulgence
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease:
+platform: ruby
+authors:
+- Rob Nichols
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2013-04-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activerecord
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Packages permission functionality into a set of permission objects.
+email:
+- rob@undervale.co.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/active_record/acts/indulgent.rb
+- lib/indulgence/version.rb
+- lib/indulgence/indulgent.rb
+- lib/indulgence/ability.rb
+- lib/indulgence/permission.rb
+- lib/indulgence.rb
+- MIT-LICENSE
+- Rakefile
+- README.rdoc
+- test/units/role_test.rb
+- test/units/indulgence/permission_test.rb
+- test/units/indulgence/ability_test.rb
+- test/units/user_test.rb
+- test/units/thing_permission_test.rb
+- test/units/thing_test.rb
+- test/lib/role.rb
+- test/lib/user.rb
+- test/lib/thing.rb
+- test/lib/thing_permission.rb
+- test/db/migrate/20130408103015_create_roles.rb
+- test/db/migrate/20130408085511_create_users.rb
+- test/db/migrate/20130408132217_create_things.rb
+- test/db/config.yml
+- test/db/test.sqlite3.db
+- test/db/schema.rb
+- test/test_helper.rb
+homepage: https://github.com/reggieb/indulgence
+licenses: []
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 1.8.24
+signing_key:
+specification_version: 3
+summary: Yet another permissions gem
+test_files:
+- test/units/role_test.rb
+- test/units/indulgence/permission_test.rb
+- test/units/indulgence/ability_test.rb
+- test/units/user_test.rb
+- test/units/thing_permission_test.rb
+- test/units/thing_test.rb
+- test/lib/role.rb
+- test/lib/user.rb
+- test/lib/thing.rb
+- test/lib/thing_permission.rb
+- test/db/migrate/20130408103015_create_roles.rb
+- test/db/migrate/20130408085511_create_users.rb
+- test/db/migrate/20130408132217_create_things.rb
+- test/db/config.yml
+- test/db/test.sqlite3.db
+- test/db/schema.rb
+- test/test_helper.rb