kankri 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 136760abbcab49dfdada252777f2e0597e0167d3
-  data.tar.gz: c9da45c3e30a82533f71840801b2c8ab35907125
+  metadata.gz: 1a28b6708e74babd3eb76fbe143d1e9ddad83b7e
+  data.tar.gz: 589070377d1025cb55c66f96d9952bf4144789fb
 SHA512:
-  metadata.gz: 122cf49d0d79df39cbc7a3b7dda429c9081f785e8047690ea88c1528f97c3e55d6b24980c9bcc6a42f3cdab289d883e4d22cd7be7e2bed006572c8888302f106
-  data.tar.gz: 12e15471a892db8476ef77b235a03f5ea4c619900a90390749fabe4dba521a3dbe409206ac03a53d184a6e1454537fbd57ecbe82861cf977a644a17f60f6d414
+  metadata.gz: 338b0fb18ad4fdc91105e070412bfff3c750ffb60c01155ef53167d43d5a5e90a9efc751ab84d2ae12210aee0b71c726be83d52e05026247831fd132841bb9ce
+  data.tar.gz: 34d9fccd754ae9b75e05c6a56b9fd4e9f1046c3196417f32571c13d0f2417135697bb8ae68d7932298a91e88f8916860cd3b48edfd10543f01cb5f3504d0fe99

data/.gitignore

@@ -16,3 +16,5 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+
+measurements

data/CHANGELOG

@@ -0,0 +1,6 @@
+0.1.1
+  - Some refactoring
+  - 100% code and YARD coverage
+
+0.1.0
+  - Initial version

data/Rakefile

@@ -1,7 +1,14 @@
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
+require 'yard'
+require 'yardstick/rake/measurement'
+require 'yardstick/rake/verify'
 
 RSpec::Core::RakeTask.new
+YARD::Rake::YardocTask.new
+Yardstick::Rake::Verify.new
+Yardstick::Rake::Measurement.new
 
 task :default => :spec
+task :doc => :yard
 task :test => :spec

data/kankri.gemspec

@@ -24,8 +24,11 @@ Gem::Specification.new do |spec|
   spec.require_paths = ['lib']
 
   spec.add_development_dependency 'bundler', '~> 1.3'
-  spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'rspec'
-  spec.add_development_dependency 'simplecov'
-  spec.add_development_dependency 'fuubar'
+  spec.add_development_dependency 'rake', '~> 10', '>= 10.1.1'
+  spec.add_development_dependency 'rspec', '~> 2', '>= 2.14'
+  spec.add_development_dependency 'simplecov', '~> 0.8'
+  spec.add_development_dependency 'fuubar', '~> 1'
+  spec.add_development_dependency 'yard', '~> 0.8'
+  spec.add_development_dependency 'yardstick', '~> 0.9'
+  spec.add_development_dependency 'backports', '~> 3', '>= 3.3.5'
 end

data/lib/kankri.rb

@@ -1,4 +1,5 @@
 require 'kankri/password_check'
+require 'kankri/privilege_check'
 require 'kankri/privilege_set'
 require 'kankri/privilege_subject'
 require 'kankri/simple_authenticator'
@@ -26,7 +27,7 @@ module Kankri
   #
   # @api public
   # @example  Create an authenticator from a hash of users.
-  #   Kankri.authenticator_From_hash(
+  #   Kankri.authenticator_from_hash(
   #     admin: {
   #       password: 'hunter2',
   #       privileges: {

data/lib/kankri/exceptions.rb

@@ -1,3 +1,4 @@
+# Exceptions for Kankri.
 module Kankri
   # Exception generated when authentication fails.
   AuthenticationFailure = Class.new(RuntimeError)

data/lib/kankri/password_check.rb

@@ -1,34 +1,110 @@
 module Kankri
   # A method object that represents a check on username/password pairs
+  #
+  # This is a basic check based on string comparison, failing if either
+  # username or password are empty or nil.  If used with a hashing
+  # authenticator, the hashing must be done before the password checking.
+  # Similarly, PasswordCheck does not convert to or from symbols; the
+  # authenticator must do this itself.
   class PasswordCheck
+    # Creates a password check instance
+    #
+    # Passwords may be literal passwords, hashes or any other secret that
+    # can be compared by ==.  Any hashing or other processing (such as type
+    # conversion) must be done by the Authenticator.
+    #
+    # @api public
+    # @example  Initialises a PasswordCheck.
+    #   PasswordCheck.new('alf', 'hunter2', 'alf' => 'hunter2')
+    #
+    # @param username [Object]  The username; this is typically a Symbol or a
+    #   String.
+    # @param password [String]  The password to check against the passwords
+    #   database.
+    # @param passwords [Hash]  The hash mapping usernames to their passwords.
     def initialize(username, password, passwords)
       @username = username
       @password = password
       @passwords = passwords
     end
 
+    # Checks to see if the authentication credentials are correct
+    #
+    # @api public
+    # @example  Perform a successful authentication check.
+    #   checker.ok?
+    #   #=> true
+    # @example  Perform an unsuccessful authentication check.
+    #   checker.ok?
+    #   #=> false
+    #
+    # @return [Boolean]  True if the password matches; false otherwise.
     def ok?
       auth_present? && user_known? && password_match?
     end
 
+    # Creates and runs a password check
+    #
+    # @api public
+    # @example  Check a correct password.
+    #   PasswordCheck.check('alf', 'hunter2', 'alf' => 'hunter2')
+    #   #=> true
+    # @example  Check an incorrect password.
+    #   PasswordCheck.check('alf', 'nope', 'alf' => 'hunter2')
+    #   #=> false
+    #
+    # @param (see #initialize)
+    #
+    # @return (see #ok?)
+    def self.check(*args)
+      PasswordCheck.new(*args).ok?
+    end
+
+    private
+
+    # Checks to see if the authentication credentials are present and non-empty
+    #
+    # @api private
+    #
+    # @return [Boolean]  True if the credentials are present; false otherwise.
     def auth_present?
       username_present? && password_present?
     end
 
+    # Checks to see if the username is present and non-empty
+    #
+    # @api private
+    #
+    # @return [Boolean]  True if the username is present; false otherwise.
     def username_present?
       !(@username.nil? || @username.empty?)
     end
 
+    # Checks to see if the password is present and non-empty
+    #
+    # @api private
+    #
+    # @return [Boolean]  True if the password is present; false otherwise.
     def password_present?
       !(@password.nil? || @password.empty?)
     end
 
-    def password_match?
-      @passwords.fetch(@username) == @password
-    end
-
+    # Checks to see if the user has a known password
+    #
+    # @api private
+    #
+    # @return [Boolean]  True if the user's password is known; false otherwise.
     def user_known?
       @passwords.key?(@username)
     end
+
+    # Checks to see if the password matches that on record for the user
+    #
+    # @api private
+    #
+    # @return [Boolean]  True if the password matches; false otherwise.
+    def password_match?
+      @passwords.fetch(@username) == @password
+    end
   end
 end

data/lib/kankri/privilege_check.rb

@@ -0,0 +1,104 @@
+module Kankri
+  # A method object for checking privileges
+  #
+  # A PrivilegeChecker takes the target privilege key and required privilege,
+  # as well as the hash mapping privilege keys to their
+  class PrivilegeChecker
+    # Creates a PrivilegeChecker
+    #
+    # @api public
+    # @example  Initialise a passing privilege check.
+    #   PrivilegeChecker.new(:foo, :bar, foo: [:bar])
+    # @example  Initialise a failing privilege check.
+    #   PrivilegeChecker.new(:foo, :bar, foo: [])
+    #
+    # @param target [Symbol]  The privilege key that is the target of this
+    #   privilege check.
+    # @param requisite [Symbol]  The privilege required under the privilege
+    #   key.
+    # @param privileges [Hash]  A hash mapping privilege keys to their
+    #   privilege lists.
+    def initialize(target, requisite, privileges)
+      @target = target
+      @requisite = requisite
+      @privileges = privileges
+    end
+
+    # Runs the privilege checker and checks the privilege
+    #
+    # @api public
+    # @example  Runs a passing privilege checker.
+    #   checker.run
+    #   #=> true
+    # @example  Runs a failing privilege checker.
+    #   checker.run
+    #   #=> false
+    #
+    # @return [Boolean]  True if the privilege is held by the privilege set
+    #   for the target; false otherwise.
+    def valid?
+      target_in_privileges? && has_privilege?
+    end
+
+    # Creates and runs a privilege checker
+    #
+    # @api public
+    # @example  Do a passing privilege check.
+    #   PrivilegeChecker.check(:foo, :bar, foo: [:bar])
+    #   #=> true
+    #
+    # @example  Do a failing privilege check.
+    #   PrivilegeChecker.check(:foo, :bar, foo: [])
+    #   #=> false
+    #
+    # @param (see #initialize)
+    #
+    # @return (see #valid?)
+    def self.check(*args)
+      new(*args).valid?
+    end
+
+    private
+
+    # Checks to see if the target is in the privileges set
+    #
+    # @api private
+    #
+    # @return [Boolean]  True if the target key is in the privileges set;
+    #   false otherwise.
+    def target_in_privileges?
+      @privileges.key?(@target)
+    end
+
+    # Checks to see if the privilege request is satisfied for the target
+    #
+    # This assumes that the target exists in the privilege list.
+    #
+    # @api private
+    #
+    # @return [Boolean]  True if the privilege is held by the privilege set
+    #   for the target; false otherwise.
+    def has_privilege?
+      has_all? || has_direct?
+    end
+
+    # Checks to see if the privilege request is satisfied by an 'all' clause
+    #
+    # @api private
+    # @return [Boolean]  True if this privilege set has all privileges for a
+    #   target; false otherwise.
+    def has_all?
+      @privileges.fetch(@target) == :all
+    end
+
+    # Checks to see if the privilege request is satisfied directly
+    #
+    # @api private
+    #
+    # @return [Boolean]  True if this privilege set explicitly has a certain
+    #   privilege for a certain target; false otherwise.
+    def has_direct?
+      @privileges.fetch(@target).include?(@requisite)
+    end
+  end
+end

data/lib/kankri/privilege_set.rb

@@ -1,21 +1,32 @@
 require 'kankri/exceptions'
+require 'kankri/privilege_check'
 
 module Kankri
-  # Wrapper around a set of privileges a client has
+  # Wrapper around a set of privileges a user has
+  #
+  # The PrivilegeSet is the return value of an Authenticator, and represents
+  # the level of privilege the
   class PrivilegeSet
-    # Initialises a privilege set.
+    # Initialises a privilege set
     #
     # @api public
-    # @example Create a privilege set with no privileges.
+    # @example  Create a privilege set with no privileges.
     #   PrivilegeSet.new({})
-    # @example Create a privilege set with some privileges.
+    # @example  Create a privilege set with some privileges.
     #   PrivilegeSet.new({channel_set: [:get, :put]})
     def initialize(privileges)
-      @privileges = privileges
-      symbolise_privileges
+      @privileges = symbolise_privileges(privileges)
     end
 
     # Requires a certain privilege on a certain target
+    #
+    # @api public
+    # @example  Check your privilege.
+    #   privs.require(:channel, :put)
+    #
+    # @param (see #has?)
+    #
+    # @return [void]
     def require(target, privilege)
       fail(InsufficientPrivilegeError) unless has?(target, privilege)
     end
@@ -23,65 +34,47 @@ module Kankri
     # Checks to see if a certain privilege exists on a given target
     #
     # @api public
-    # @example Check your privilege.
+    # @example  Check your privilege.
     #   privs.has?(:channel, :put)
     #   #=> false
     #
-    # @param target [Symbol] The handler target the privilege is for.
-    # @param privilege [Symbol] The privilege (one of :get, :put, :post or
+    # @param target [Symbol]  The handler target the privilege is for.
+    # @param privilege [Symbol]  The privilege (one of :get, :put, :post or
     #   :delete).
     #
-    # @return [Boolean] true if the privileges are sufficient; false
+    # @return [Boolean]  True if the privileges are sufficient; false
     #   otherwise.
     def has?(privilege, target)
-      PrivilegeChecker.new(target, privilege, @privileges).check?
+      PrivilegeChecker.check(target.to_sym, privilege.to_sym, @privileges)
     end
 
     private
 
-    def symbolise_privileges
-      @privileges = Hash[@privileges.map do |key, key_privs|
-        [key.to_sym, symbolise_privilege_list(key_privs)]
-      end]
+    # Converts the keys and values in a privileges hash into Symbols
+    #
+    # @api private
+    #
+    # @param privileges [Hash]  The privilege hash to symbolise.
+    #
+    # @return [Hash]  The symbolised privileges set.
+    def symbolise_privileges(privileges)
+      Hash[
+        privileges.map do |key, key_privs|
+          [key.to_sym, symbolise_privilege_list(key_privs)]
+        end
+      ]
     end
 
+    # Converts a privilege list to Symbols
+    #
+    # If the privilege list is the String 'all', it will become :all.
+    # If it is an actual list, each privilege will be converted to a Symbol.
+    #
+    # @api private
+    #
+    # @return [Object]  The symbolised privilege list.
     def symbolise_privilege_list(privlist)
       privlist.is_a?(Array) ? privlist.map(&:to_sym) : privlist.to_sym
     end
   end
-
-  # A method object for checking privileges.
-  class PrivilegeChecker
-    def initialize(target, requisite, privileges)
-      @target = target.intern
-      @requisite = requisite.intern
-      @privileges = privileges
-    end
-
-    def check?
-      has_all? || has_direct?
-    end
-
-    private
-
-    # @return [Boolean] true if this privilege set has all privileges for a
-    #   target.
-    def has_all?
-      @privileges[@target] == :all
-    end
-
-    # @return [Boolean] true if this privilege set explicitly has a certain
-    #   privilege for a certain target.
-    def has_direct?
-      target_in_privileges? && requisite_in_target_privileges?
-    end
-
-    def target_in_privileges?
-      @privileges.key?(@target)
-    end
-
-    def requisite_in_target_privileges?
-      @privileges[@target].include?(@requisite)
-    end
-  end
 end

data/lib/kankri/privilege_subject.rb

@@ -4,12 +4,42 @@ module Kankri
   # This expects the including class to define a method, 'privilege_key',
   # which identifies the object in the privilege set.
   module PrivilegeSubject
-    # Checks whether an operation can proceed on this privilege subject
+    # Checks whether a privilege is granted for this object
+    #
+    # This looks in the privilege set under the key returned by #privilege_key.
+    #
+    # @api public
+    # @example  Checks for a privilege that is in the set for this object.
+    #   subject.can?(:get, privilege_set)
+    #   #=> true
+    #
+    # @example  Checks for a privilege that is not in the set for this object.
+    #   subject.can?(:get, privilege_set)
+    #   #=> false
+    #
+    # @param operation [Object]  The String or Symbol identifying the operation
+    #   for which privileges are required.
+    #
+    # @param privilege_set [PrivilegeSet]  The set of privileges that must
+    #   contain the required privilege.
+    #
+    # @return [Boolean]  True if the privileges are sufficient; false
+    #   otherwise.
     def can?(operation, privilege_set)
       privilege_set.has?(operation, privilege_key)
     end
 
-    # Fails if an operation cannot proceed on this model object
+    # Raises an exception if a privilege is not granted for this object
+    #
+    # This looks in the privilege set under the key returned by #privilege_key.
+    #
+    # @api public
+    # @example  Requires a privilege to continue.
+    #   subject.require(:get, privilege_set)
+    #
+    # @param (see #can?)
+    #
+    # @return [void]
     def fail_if_cannot(operation, privilege_set)
       privilege_set.require(operation, privilege_key)
     end

data/lib/kankri/simple_authenticator.rb

@@ -6,21 +6,82 @@ module Kankri
   # This object holds user data in memory, including passwords.  It is thus
   # not secure for mission-critical applications.
   class SimpleAuthenticator
-    # Makes hashing functions for users based on SHA256.
+    extend Forwardable
+
+    # Makes hashing functions for users based on SHA256
+    #
+    # @api public
+    # @example  Create a set of hashing functions for a given set of usernames
+    #   SimpleAuthenticator::sha256_hasher(['alf', 'roy', 'busby'])
+    #
+    # @param usernames [Array]  A list of usernames to form the keys of the
+    #   hashing table.
+    #
+    # @return [Hash]  A hash mapping usernames to functions that will take
+    #   passwords and return their hashed equivalent.
     def self.sha256_hasher(usernames)
       digest_hasher(usernames, Digest::SHA256)
     end
 
-    # Makes hashing functions for users based on a Digest implementation.
+    # Makes hashing functions for users based on a Digest implementation
+    #
+    # Each hashing function uses a random salt value, which is stored inside
+    # the function and unique to the username.
+    #
+    # @api public
+    # @example  Create a set of hashing functions for a given set of usernames
+    #   SimpleAuthenticator::digest_hasher(['joe', 'ron'], Digest::SHA256)
+    #
+    # @param usernames [Array]  A list of usernames to form the keys of the
+    #   hashing table.
+    # @param hasher [Digest]  A Digest to use when hashing the user passwords
+    #
+    # @return [Hash]  A hash mapping usernames to functions that will take
+    #   passwords and return their hashed equivalent.
     def self.digest_hasher(usernames, hasher)
       Hash[
         usernames.map do |username|
           salt = SecureRandom.random_bytes
-          [username, ->(password) { hasher.digest(password + salt) } ]
+          [username, ->(password) { hasher.digest(password + salt) }]
         end
       ]
     end
 
+    # Initialises the SimpleAuthenticator
+    #
+    # @api public
+    # @example  Initialises the SimpleAuthenticator with a user hash.
+    #   SimpleAuthenticator.new(
+    #     admin: {
+    #       password: 'hunter2',
+    #       privileges: {
+    #         foo: 'all',
+    #         bar: ['abc', 'def', 'ghi'],
+    #         baz: []
+    #       }
+    #     }
+    #   )
+    # @example  Initialises the SimpleAuthenticator with a custom hasher.
+    #   SimpleAuthenticator.new(
+    #     { admin: {
+    #         password: 'hunter2',
+    #         privileges: {
+    #           foo: 'all',
+    #           bar: ['abc', 'def', 'ghi'],
+    #           baz: []
+    #         }
+    #       }
+    #     }, hasher
+    #   )
+    #
+    # @param users [String]  A hash mapping usernames (which may be Strings or
+    #   Symbols) to hashes containing a mapping from :password to the user's
+    #   password, and from :privileges to a hash mapping privilege keys to
+    #   privilege lists.
+    # @param hash_maker [Object]  A callable that takes a list of usernames
+    #   and returns a hash mapping the usernames to functions that hash
+    #   passwords for those users.  If nil, a sensible default hasher will be
+    #   used.
     def initialize(users, hash_maker = nil)
       hash_maker ||= self.class.method(:sha256_hasher)
       @users = users
@@ -30,6 +91,23 @@ module Kankri
       @privilege_sets = privilege_sets
     end
 
+    # Attempts to authenticate with the given username and password
+    #
+    # This will fail with an AuthenticationFailure exception if the credentials
+    # are invalid.
+    #
+    # @api public
+    # @example  Authenticates with a String username and password.
+    #   auth.authenticate('joe_bloggs', 'hunter2')
+    # @example  Authenticates with a Symbol username and String password.
+    #   auth.authenticate(:joe_bloggs, 'hunter2')
+    #
+    # @param username [Object]  The candidate username; this may be either a
+    #   String or a Symbol, and will be normalised to a Symbol.
+    # @param username [Object]  The candidate username; this may be either a
+    #   String or a Symbol, and will be normalised to a String.
+    #
+    # @return [PrivilegeSet]  The privilege set for the username
     def authenticate(username, password)
       auth_fail unless auth_ok?(username.intern, password.to_s)
       privileges_for(username.intern)
@@ -37,11 +115,20 @@ module Kankri
 
     private
 
-    def privileges_for(username)
-      @privilege_sets[username]
-    end
+    # Returns the privilege set for the given username
+    #
+    # @api private
+    #
+    # @param username [Object]  The username whose privilege set is sought.
+    #
+    # @return [PrivilegeSet]  The privilege set for the username
+    def_delegator :@privilege_sets, :fetch, :privileges_for
 
     # Creates a hash mapping username symbols to their password strings
+    #
+    # @api private
+    #
+    # @return [Hash]  A hash mapping usernames to passwords
     def passwords
       transform_users do |name, entry|
         plaintext = entry.fetch(:password).to_s
@@ -50,29 +137,83 @@ module Kankri
     end
 
     # Creates a hash mapping username symbols to their privilege sets
+    #
+    # @api private
+    #
+    # @return [Hash]  A hash mapping usernames to privilege sets
     def privilege_sets
       transform_users { |_, entry| PrivilegeSet.new(entry.fetch(:privileges)) }
     end
 
+    # Creates a new Hash by modifying the entries of the user hash
+    #
+    # @api private
+    #
+    # @yieldparam name [Object]  The username.
+    # @yieldparam entry [Hash]  The user entry.
+    #
+    # @return [Hash]  The hash mapping usernames to the yielded values.
     def transform_users
       Hash[@users.map { |name, entry| [name.intern, (yield name, entry)] }]
     end
 
+    # Fails with an AuthenticationFailure exception
+    #
+    # @api private
+    #
+    # @return [void]
     def auth_fail
       fail(Kankri::AuthenticationFailure)
     end
 
+    # Checks to see if given authentication credentials are OK
+    #
+    # @api private
+    #
+    # @param username [Object]  The username of the authentication attempt.
+    # @param password [Object]  The password of the authentication attempt.
+    #
+    # @return [Boolean]  True if the authentication attempt fails; false
+    #   otherwise.
     def auth_ok?(username, password)
       username_present?(username) && password_ok?(username, password)
     end
 
+    # Checks to see if the username is in the system
+    #
+    # @api private
+    #
+    # @param username [Object]  The username of the authentication attempt.
+    #
+    # @return [Boolean]  True if the username exists in the authenticator;
+    #  false otherwise.
     def username_present?(username)
       @hashers.key?(username) && @passwords.key?(username)
     end
 
+    # Checks the password to see if it is correct for this username
+    #
+    # @api private
+    #
+    # @param username [Object]  The username of the authentication attempt.
+    # @param password [Object]  The password of the authentication attempt.
+    #
+    # @return [Boolean]  True if the password is correct; false otherwise.
     def password_ok?(username, password)
-      hashed_pass = @hashers.fetch(username).call(password)
-      PasswordCheck.new(username, hashed_pass, @passwords).ok?
+      hashed_pass = hashed_password(username, password)
+      PasswordCheck.check(username, hashed_pass, @passwords)
+    end
+
+    # Applies the user's hashing function to the candidate password
+    #
+    # @api private
+    #
+    # @param username [Object]  The username of the authentication attempt.
+    # @param password [Object]  The password of the authentication attempt.
+    #
+    # @return [Object]  The hashed password.
+    def hashed_password(username, password)
+      @hashers.fetch(username).call(password)
     end
   end
 end

data/lib/kankri/version.rb

@@ -1,3 +1,4 @@
+# The current gem version.  See CHANGELOG for details.
 module Kankri
-  VERSION = "0.1.0"
+  VERSION = '0.1.1'
 end

data/spec/privilege_subject_spec.rb

@@ -1,6 +1,7 @@
 require 'spec_helper'
 require 'kankri'
 
+# A mock object for testing PrivilegeSubject
 class MockPrivilegeSubject
   include Kankri::PrivilegeSubject
 
@@ -13,7 +14,7 @@ describe MockPrivilegeSubject do
   let(:privilege_set) { double(:privilege_set) }
   let(:operation) { double(:operation) }
 
-  {fail_if_cannot: :require, can?: :has?}.each do |subject_meth, set_meth|
+  { fail_if_cannot: :require, can?: :has? }.each do |subject_meth, set_meth|
     describe "##{subject_meth}" do
       context 'when given a valid privilege set and operation' do
         it "calls ##{set_meth} on the privilege set with the handler target" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: kankri
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Matt Windsor
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-12-23 00:00:00.000000000 Z
+date: 2013-12-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -28,58 +28,118 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10'
     - - '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 10.1.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '10'
     - - '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 10.1.1
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2'
     - - '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.14'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2'
     - - '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '2.14'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: fuubar
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: yardstick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: backports
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3'
     - - '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.3.5
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3'
     - - '>='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.3.5
 description: "\n    Kankri is a library for quickly setting up basic authentication
   with\n    object-action privileges.  It's intended to be used in projects which
   need\n    a simple auth system with no run-time requirements and little set-up.
@@ -92,6 +152,7 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .rspec
+- CHANGELOG
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -100,6 +161,7 @@ files:
 - lib/kankri.rb
 - lib/kankri/exceptions.rb
 - lib/kankri/password_check.rb
+- lib/kankri/privilege_check.rb
 - lib/kankri/privilege_set.rb
 - lib/kankri/privilege_subject.rb
 - lib/kankri/simple_authenticator.rb
@@ -141,3 +203,4 @@ test_files:
 - spec/privilege_subject_spec.rb
 - spec/simple_authenticator_spec.rb
 - spec/spec_helper.rb
+has_rdoc: