moulin_rouge 0.0.1.alpha

data/CHANGELOG.md

@@ -0,0 +1,2 @@
+CHANGELOG
+=========

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2012 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,215 @@
+Moulin Rouge
+============
+
+**Moulin Rouge** is a DSL to manage your permissions and groups of access outside the [CanCan](https://github.com/ryanb/cancan) Ability class. It will help you organize and declare your permissions with has much ruby files you judge necessary, that are automatically pushed to CanCan authorization system. It is also decoupled from the role system.
+
+There are a bunch of examples bellow to show you how to implement.
+
+Installation
+------------
+
+Add the gem to your Gemfile:
+
+    gem 'moulin_rouge'
+  
+And install it
+
+    bundle install
+
+Run the generator to install the roles and permissions structure:
+
+    rails g moulinrouge:install
+  
+Generate a permission file:
+
+    rails g moulinrouge:permission <name>
+    
+Add your permissions to newly created file:
+  
+```ruby
+role :name do
+  can :read, :something
+end
+```
+
+By default your `current_user` method should respond to `is?`, but you can change this method to match your role system at the configuration.
+
+Usage
+-----
+
+First of all, you have to accept that the role registering belongs to the ruby code. Organizing this ruby files  it's a really important issue to any large application.
+
+When you run:
+
+      bundle g moulinrouge:install
+    
+This will create the following folder structure:
+
+      root
+      | app/
+      | | permissions/
+      | config/
+      | | initalizers
+      | | | moulin_rouge.rb
+    
+### Defining roles ###
+    
+All your permission files will be stored inside the `app/permissions` folder. Just create a ruby file inside and the definitions will be automatically defined.
+  
+```ruby
+role :superuser do
+  can :manage, :all
+end
+
+role :editors do
+  can :manage, Articles
+end
+
+role :authors do
+  can :manage, Article do |article|
+    article.user_id == current_user.id
+  end
+end
+```
+
+Note that the `can` method is the **same** for defining abilities in CanCan, and will be passed as they are on the Ability class. See [Defining Abilities](https://github.com/ryanb/cancan/wiki/defining-abilities) for more information on what you `can` do. 
+
+Also, the others CanCan methods are avaliable (`cannot`, `can?`, `cannot?`) and will act like expected.
+  
+### Groups ###
+  
+A group is an easy way to organize your permissions, no matter where file the definition is. All groups with the same name, will have their abilities and permissions nested together.
+
+The group will delegate all abilities defined into, to their childrens, so any children role or group  will have the abilities defined in the parent. Also the group is not an avaliable role, they only serve has namespaces.
+
+```ruby
+group :marketing do
+  can :read, Dashboard
+
+  role :manager do
+    can :manage, Proposal
+  end
+
+  role :salesman do
+    can :manage, Proposal, :user_id => current_user.id
+  end
+end
+```
+
+To avoid name conflicts, whenever you have a nested roles or groups, their name will be prefixed with the parent name separeted by a `_` underscore just like they were namespaced.
+
+Following the example above, will generate two roles:
+
+```ruby
+MoulinRouge::Permission.list  
+# => [:marketing_manager, :marketing_salesman]
+# => :marketing_manager   => can :read, Dashboard, can :manage, Proposal
+# => :marketing_salesman  => can :read, Dashboard, can :manage, Proposal, :user_id => current_user.id
+```
+
+### Nested roles ###
+
+When you have nested rules, they will act has namespaces, no ability will be shared unless is explicited with the `include` method.
+  
+```ruby
+role :marketing do
+  can :manage, Proposal
+
+  role :salesman do
+    can :read, Proposal
+  end
+end
+```
+
+Following the example above, this will generate two roles with the abilities:
+
+```ruby
+MoulinRouge::Permission.list  
+# => [:marketing, :marketing_salesman]
+# => :marketing            => can :manage, Proposal
+# => :marketing_salesman   => can :read, Proposal
+```
+
+### Extending ###
+
+Many times you want to extend a role from another one, **MoulinRouge** let you `include` the abilities from one role to another, all the abilities from the target will be appended to the caller. 
+
+Only roles can be included, and if you provide a name that isn't defined, a `RoleNotFound` will be raised. Notice by the example bellow, that you should provide the full name of the role in order to find the correct one.
+
+```ruby
+group :marketing do
+  role :admin do
+    can :do, :something
+  end
+end
+
+role :super do
+  include :marketing_admin
+end
+```
+
+Configuration
+-------------
+
+```ruby
+MoulinRouge.configure do |config|
+  # Cache permissions
+  config.cache = Rails.env.production?
+  # The search path for permissions
+  config.path = 'app/permissions/**/*.rb'
+  # The method that will test the permission
+  config.test_method = :is?
+  # The class of the model
+  config.model = User
+  # How you like to call the active user model
+  config.model_instance = :current_user
+end
+```
+
+Goodies
+-------
+
+For those who like I dislikes the `load_and_authorize_resource` method from CanCan, here is provided a cleaner and more flexible solution through `ActionController::Responder`, the `MoulinRouge::CanCan::Responder` bellow there are instruction to activate them.
+
+Create the file `lib/application_responder.rb` with the following:
+
+```ruby
+require 'moulin_rouge/cancan/responder'
+
+class ApplicationResponder < ActionController::Responder
+  include MoulinRouge::CanCan::Responder
+end
+```
+
+And on your `application_controller.rb` just add the responder:
+
+```ruby
+require 'application_responder'
+
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+  self.responder = ApplicationResponder
+  ...
+end
+```
+
+More about the `Responder` class:
+
+*   http://blog.plataformatec.com.br/2009/08/embracing-rest-with-mind-body-and-soul/
+*   http://archives.ryandaigle.com/articles/2009/8/6/what-s-new-in-edge-rails-cleaner-restful-controllers-w-respond_with/
+
+Thanks
+=======
+
+*   [Troles](https://github.com/kristianmandrup/trole)
+*   [CanTango](https://github.com/kristianmandrup/cantango)
+*   [Declarative Authorization](https://github.com/stffn/declarative_authorization)
+
+### A little of history ###
+
+Mouling Rouge is a cabaret in Paris best know as the birthplace on modern [CanCan](https://github.com/ryanb/cancan) second to [Wikipedia](http://en.wikipedia.org/wiki/Moulin_Rouge).
+
+Credits
+=======
+
+**Edson Hilios** <edson (at) hilios (dot) com (dot) br>

data/init.rb

@@ -0,0 +1,3 @@
+require 'moulin_rouge'
+
+MoulinRouge.run!

data/lib/moulin_rouge.rb

@@ -0,0 +1,44 @@
+Dir[File.expand_path("moulin_rouge/**/*.rb", File.dirname(__FILE__))].each {|f| require f;}
+
+module MoulinRouge
+    # Returns the global Configuration object.
+    def self.configuration
+      @configuration ||= MoulinRouge::Configuration.new
+    end
+
+    # Yields the global configuration to a block.
+    def self.configure
+      yield configuration if block_given?
+    end
+    
+    # Create the main permission, import all permission files and
+    # define the Ability class require for CanCan
+    def self.run!
+      self.load!
+      # Create the ability class
+      Object.const_set 'Ability', Class.new(MoulinRouge::CanCan::Ability) unless Object.const_defined? 'Ability'
+      # Change flag
+      @@run = true
+    end
+
+    # Import all permission files in the configuration
+    def self.load!
+      MoulinRouge::Permission.main.import(MoulinRouge.configuration.path)
+    end
+
+    # Returns true if the run! method was called and false oterwise
+    def self.run?
+      @@run ||= false
+    end
+
+    # Reset all permission and load them again
+    def self.reload!
+      reset!
+      load!
+    end
+
+    # Reset all constants
+    def self.reset! #:nodoc:
+      MoulinRouge::Permission.reset!
+    end
+end

data/lib/moulin_rouge/cancan/ability.rb

@@ -0,0 +1,25 @@
+require 'cancan'
+
+module MoulinRouge
+  module CanCan
+    class Ability
+      include ::CanCan::Ability
+      # Define all permissions collect by MoulinRouge
+      def initialize(model)
+        model = MoulinRouge.configuration.model.new if model.nil? and not MoulinRouge.configuration.model.nil?
+        # Reload all permissions if cache is disabled
+        MoulinRouge.reload! unless MoulinRouge.configuration.cache
+        # Set all permissions in main
+        MoulinRouge::Permission.main.abilities.each do |ability|
+          ability.send_to(self, model)
+        end
+        # Set all permissions by roles
+        MoulinRouge::Permission.all.each do |role, permission|
+          permission.abilities.each do |ability|
+            ability.send_to(self, model)
+          end if model.send(MoulinRouge.configuration.test_method, role)
+        end
+      end
+    end
+  end
+end

data/lib/moulin_rouge/cancan/method.rb

@@ -0,0 +1,24 @@
+module MoulinRouge
+  module CanCan
+    class Method
+      attr_reader :name, :args, :block
+      def initialize(name, *args, &block)
+        @name, @args, @block = name, args, block
+      end
+
+      # Send this method to the given object
+      def send_to(object, proc_scope = nil)
+        # Evaluate any proc in args
+        if args.last.is_a?(Hash)
+          args.last.each do |key, value|
+            if value.is_a?(Proc)
+              args.last[key] = value.call(proc_scope || object)
+            end
+          end
+        end
+        # Send
+        object.send(name, *args, &block)
+      end
+    end
+  end
+end

data/lib/moulin_rouge/cancan/responder.rb

@@ -0,0 +1,7 @@
+module MoulinRouge
+  module CanCan
+    class Responder # < ActionController::Responder
+
+    end
+  end
+end

data/lib/moulin_rouge/configuration.rb

@@ -0,0 +1,15 @@
+require 'rbconfig'
+
+module MoulinRouge
+  class Configuration
+    attr_accessor :path, :test_method, :cache, :model_instance, :model
+    
+    def initialize
+      @path           = "app/permissions/**/*.rb"
+      @test_method    = :is?
+      @cache          = true
+      @model          = nil
+      @model_instance = :current_user
+    end
+  end
+end

data/lib/moulin_rouge/model_double.rb

@@ -0,0 +1,10 @@
+module MoulinRouge
+  class ModelDouble
+    # Return an block for later evaluation
+    def method_missing(name, *args, &block)
+      lambda do |scope|
+        scope.send(name, *args, &block)
+      end
+    end
+  end
+end

data/lib/moulin_rouge/permission.rb

@@ -0,0 +1,140 @@
+module MoulinRouge
+  class RoleNotFound < Exception; end
+  # A wrapper to catch and store the DSL methods
+  class Permission
+    CANCAN_METHODS = [:can, :cannot, :can?, :cannot?]
+    # Returns a string with the given name
+    attr_reader :singular_name
+    
+    # Returns a instance of the parent permission.
+    # When nil this is the main permission.
+    attr_reader :parent
+
+    # Returns true if it's a group or flase otherwise
+    attr_reader :is_a_group
+    
+    # Creates a new permission and evaluate the given block
+    # with roles, groups and abilities on this scope.
+    # If the parent is a group append all their abilities to self
+    def initialize(name, options = {}, &block)
+      @singular_name  = name
+      @parent         = options.delete(:parent)
+      @is_group       = options.delete(:group)
+      abilities.concat(parent.abilities) if not parent.nil? and parent.group?
+      instance_eval(&block) if block_given?
+      # Store this permission
+      self.class.add(self) unless parent.nil? or @is_group
+    end
+
+    def method_missing(name, *args, &block)
+      return store_method(name, *args, &block) if CANCAN_METHODS.include?(name)
+      return MoulinRouge::ModelDouble.new if MoulinRouge.configuration.model_instance == name
+      super(name, *args, &block)
+    end
+    
+    # Define a new role inside this scope. If exists a role with the 
+    # same name evaluate the block inside them instead of create a new one
+    def role(name, options = {}, &block)
+      if children = find(name)
+        children.instance_eval(&block)
+        children
+      else
+        childrens << self.class.new(name, options.merge!({:parent => self}), &block)
+        childrens.last
+      end
+    end
+
+    # Define a group inside this scope
+    def group(name, options = {}, &block)
+      options.merge!({:group => true})
+      role(name, options, &block)
+    end
+
+    # Returns true if is a group
+    def group?
+      @is_group
+    end
+
+    # Add the given parameters to the authorizations list
+    def store_method(name, *args, &block)
+      abilities << MoulinRouge::CanCan::Method.new(name, *args, &block)
+      abilities.last
+    end
+
+    # Returns an array with all childrens
+    def childrens
+      @childrens ||= []
+    end
+
+    # Returns an array with all authorizations declared on this permission
+    def abilities
+      @abilities ||= []
+    end
+
+    # Returns all abilities for this permission.
+    # If this is a group, grab the abilities from parent.
+    def inherithed_abilities
+      abilities.concat(childrens.map(&:inherithed_abilities).flatten).uniq
+    end
+    
+    # Execute all files in the given path in the class scope
+    def import(path)
+      Dir[path].each { |file| instance_eval(File.open(file).read) }
+    end
+    
+    # Returns the instance of the children with the given name if exists and nil otherwise
+    def find(name)
+      childrens.each { |children| return children if children.name == name or children.singular_name == name }
+     return nil
+    end
+
+    # Appends all childrens and abilities from one object to another,
+    # raises an error if could not found a match.
+    def include(name)
+      unless from = self.class.all[name]
+        raise RoleNotFound
+      end
+      from.childrens.each { |children| childrens << children.dup }
+      from.abilities.each { |ability|  abilities << ability.dup  }
+    end
+    
+    # Returns a symbol with the name appended with the parents separeted by a underscore
+    def name
+      unless @name
+        @name  = []
+        @name << self.parent.name.to_s if not self.parent.nil? and not self.parent.parent.nil?
+        @name << self.singular_name.to_s
+        @name  = @name.join('_')
+      end
+      @name.to_sym
+    end
+    
+    class << self
+      # The instance of the main container, if don't exist create one
+      def main
+        @main ||= self.new(:main)
+      end
+      # Returns an array with the name of all roles created
+      def list
+        @list ||= []
+      end
+
+      # Returns an hash with all permissions defined
+      def all
+        @all ||= {}
+      end
+
+      # Stores the instance on the all hash and add the name to the list
+      def add(instance)
+        name = instance.name
+        self.all[name] = instance
+        self.list << name unless self.list.include?(name)
+      end
+
+      # Reset all constants
+      def reset! #:nodoc:
+        @main, @list, @all = nil
+      end
+    end
+  end
+end

data/lib/moulin_rouge/version.rb

@@ -0,0 +1,3 @@
+module MoulinRouge
+  VERSION = "0.0.1.alpha"
+end

data/lib/tasks/moulin_rouge_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :moulin_rouge do
+#   # Task goes here
+# end

data/spec/fixtures/role.rb

@@ -0,0 +1,3 @@
+role :test do
+  can :do, :something
+end

data/spec/moulin_rouge/cancan/ability_spec.rb

@@ -0,0 +1,89 @@
+require 'spec_helper'
+
+describe MoulinRouge::CanCan::Ability do
+  let(:test_method) { MoulinRouge.configuration.test_method.to_sym }
+  let(:model)       { double("model", test_method => true) }
+  let(:ability)     { MoulinRouge::CanCan::Ability.new(model) }
+  let(:permission)  { MoulinRouge::Permission.main }
+
+  before(:each) do
+    MoulinRouge::CanCan::Ability.any_instance.stub(:can) { true }
+    # The current permission will create the following abilities 
+    # for each role because of nested rules:
+    #               => can(:do, :this) # for everybody
+    # :role         => can(:do, :something)
+    # :role_nested  => can(:create, :something)
+    # :group_nested => can(:read, :something), can(:edit, :something)
+    permission.can(:do, :this)
+    permission.role(:role) do
+      can(:do, :something)
+
+      role(:nested) do
+        can(:create, :something)
+      end
+    end
+    permission.group(:group) do
+      can :read, :something
+
+      role(:nested) do
+        can :edit, :something
+      end
+    end
+  end
+  
+  it "includes the CanCan::Ability module" do
+    ability.should be_a(CanCan::Ability)
+  end
+
+  describe "#initialize" do
+    it "call test_method in model for each permission" do
+      model.should_receive(test_method).with(:role)
+      model.should_receive(test_method).with(:role_nested)
+      model.should_receive(test_method).with(:group_nested)
+      ability
+    end
+
+    it "call can method for each ability of the permission" do
+      # First all permissions in main
+      MoulinRouge::CanCan::Ability.any_instance.should_receive(:can).with(:do, :this).once
+      # Please read the expetations explanation at before(:each) method
+      MoulinRouge::CanCan::Ability.any_instance.should_receive(:can).with(:do, :something).once
+      MoulinRouge::CanCan::Ability.any_instance.should_receive(:can).with(:create, :something).once
+      MoulinRouge::CanCan::Ability.any_instance.should_receive(:can).with(:read, :something).once
+      MoulinRouge::CanCan::Ability.any_instance.should_receive(:can).with(:edit, :something).once
+      ability # Execute
+    end
+
+    it "executes the can method with exactly the same arguments and block that was stored" do
+      # Concat permissions from main and from all defined classes
+      abilities = permission.abilities + MoulinRouge::Permission.all.values.map(&:abilities)
+      abilities.flatten.each do |ability|
+        MoulinRouge::CanCan::Ability.any_instance.should_receive(:can).with(*ability.args, &ability.block).at_least(:once)
+      end
+      ability # Execute
+    end
+
+    it "reloads all permissions when cache is set to false" do
+      MoulinRouge.configuration.cache = false
+      MoulinRouge.should_receive(:reload!).once
+      ability # Execute
+    end
+
+    it "creates a new instance of model if the config is not nil and the initializer argument is also nil" do
+      klass = Class.new
+      klass.stub(:new) { model }
+      # Test
+      klass.should_receive(:new).once
+      MoulinRouge.configuration.model = klass
+      MoulinRouge::CanCan::Ability.new(nil)
+    end
+
+    it "executes any proc on the model object" do
+      MoulinRouge::Permission.reset!
+      ####
+      MoulinRouge::Permission.main.can(:do, :this, :user_id => MoulinRouge::ModelDouble.new.id)
+      model.should_receive(:id)
+      ability # Execute
+    end
+  end
+end

data/spec/moulin_rouge/cancan/method_spec.rb

@@ -0,0 +1,40 @@
+require 'spec_helper'
+
+describe MoulinRouge::CanCan::Method do
+  let(:name)    { :can }
+  let(:args)    { [:one, :two] }
+  let(:proc)    { Proc.new { :block } }
+  let(:object)  { double(method.name => true) }
+  let(:method)  { MoulinRouge::CanCan::Method.new(name, *args, &proc) }
+  
+  describe "#args" do
+    it "is a reader attribute" do
+      method.args.should eq(args)
+    end
+  end
+  
+  describe "#block" do
+    it "is a reader attribute" do
+      method.block.should eq(proc)
+    end
+  end
+
+  describe "#name" do
+    it "is a reader attribute" do
+      method.name.should eq(name)
+    end
+  end
+
+  describe "#send_to" do
+    it "sends this method to the given object" do
+      object.should_receive(method.name).with(*method.args, &method.block)
+      method.send_to(object)
+    end
+
+    it "evaluate any arguments that are proc" do
+      method = MoulinRouge::CanCan::Method.new(:can, :do, :something, :on => proc)
+      method.send_to(object)
+      method.args.last[:on].should be(:block)
+    end
+  end
+end

data/spec/moulin_rouge/cancan/responder_spec.rb

@@ -0,0 +1,5 @@
+require 'spec_helper'
+
+describe MoulinRouge::CanCan::Responder do
+
+end

data/spec/moulin_rouge/configuration_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper'
+
+describe MoulinRouge::Configuration do
+  let(:config) { MoulinRouge::Configuration.new }
+  
+  describe "#path" do
+    it "returns a string" do
+      config.path.should be_a(String)
+    end
+  end
+  
+  describe "#path=" do
+    it "sets the value" do
+      config.path = "test"
+      config.path.should eq("test")
+    end
+  end
+
+  describe "#test_method" do
+    it "returns a symbol" do
+      config.test_method.should be_a(Symbol)
+    end
+  end
+  
+  describe "#test_method=" do
+    it "sets the value" do
+      config.test_method = :"test"
+      config.test_method.should eq(:"test")
+    end
+  end
+
+  describe "#cache" do
+    it "returns a boolean" do
+      config.cache.should be_true
+    end
+  end
+  
+  describe "#cache=" do
+    it "sets the value" do
+      config.cache = false
+      config.cache.should eq(false)
+    end
+  end
+
+  describe "#model_instance" do
+    it "returns a boolean" do
+      config.model_instance.should be_a(Symbol)
+    end
+  end
+  
+  describe "#model_instance=" do
+    it "sets the value" do
+      config.model_instance = :user
+      config.model_instance.should eq(:user)
+    end
+  end
+
+  describe "#model" do
+    it "returns an class or nil" do
+      config.model.should be_nil
+    end
+  end
+  
+  describe "#model=" do
+    it "sets the class" do
+      klass = Class.new
+      config.model = klass
+      config.model.should eq(klass)
+    end
+  end
+end

data/spec/moulin_rouge/model_double_spec.rb

@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+describe MoulinRouge::ModelDouble do
+  let(:model) { MoulinRouge::ModelDouble.new }
+  
+  it "returns an proc for every method called in this class" do
+    model.id.should be_a(Proc)
+    model.abc.should be_a(Proc)
+  end
+  
+  it "the proc sends the methods to the given scope with all arguments" do
+    object = double(:id => true)
+    object.should_receive(:id).with(:this).once
+    model.id(:this).call(object)
+  end
+end

data/spec/moulin_rouge/permission_spec.rb

@@ -0,0 +1,316 @@
+require 'spec_helper'
+
+describe MoulinRouge::Permission do
+  let(:permission) { MoulinRouge::Permission.new(:name) }
+
+  describe "#initialize" do
+    it "evaluate the groups and authorizations to the class scope" do
+      permission = MoulinRouge::Permission.new(:scope) do
+        self.class.should == MoulinRouge::Permission
+        can :do, :something
+        role :for
+      end
+    end
+    
+    it "append the new instance to #all and #list if it's a role" do
+      MoulinRouge::Permission.new(:main) do
+        role(:one)
+      end
+      MoulinRouge::Permission.all.should include(:one)
+      MoulinRouge::Permission.list.should include(:one)
+    end
+
+    it "inherits all abilities from parent if this is a group" do
+      role = nil
+      MoulinRouge::Permission.new(:main) do
+        group(:group) do
+          can :do, :this
+          role = role(:role)
+        end
+      end
+      role.abilities.first.args.should include(:do, :this)
+    end
+  end
+  
+  describe "#name" do
+    it "returns the given name on class initialization" do
+      permission.name.should be(:name)
+    end
+  end
+  
+  describe "#parent" do
+    it "returns nil when for main" do
+      permission.parent.should be_nil
+    end
+    
+    it "returns a instance of the MoulinRouge::Permission" do
+      another = MoulinRouge::Permission.new(:another, :parent => permission)
+      another.parent.should be_a(MoulinRouge::Permission)
+      another.parent.should be(permission)
+    end
+  end
+
+  describe "#childrens" do
+    it "returns an array" do
+      permission.childrens.should be_an(Array)
+    end
+  end
+
+  describe "#abilities" do
+    it "returns an array" do
+      permission.abilities.should be_a(Array)
+    end
+  end
+
+  describe "#inherithed_abilities" do
+    it "returns all abilities from self and their childrens" do
+      permission.can :do, :this
+      # First nested level
+      one = permission.role(:one) do
+        can :do, :one
+      end
+      # Second nested level
+      two = one.role(:two) do
+        can :do, :two
+      end
+      permission.inherithed_abilities.should be_an(Array)
+      permission.inherithed_abilities.length.should be(3)
+      one.inherithed_abilities.length.should be(2)
+      two.inherithed_abilities.length.should be(1)
+    end
+  end
+  
+  describe "#role" do
+    it "returns a new permission with the parent setted to the class that are calling" do
+      role = permission.role(:test)
+      role.should be_a(MoulinRouge::Permission)
+      role.parent.should be(permission)
+    end
+
+    it "adds a new instance on children" do
+      permission.childrens.should be_empty
+      permission.role(:name)
+      permission.childrens.should_not be_empty
+    end
+    
+    it "appends the content if the name is already present" do
+      permission.role(:test) { can :do, :this }
+      # should create one children ...
+      permission.childrens.length.should be(1)
+      # ... and one ability
+      permission.childrens.first.abilities.length.should be(1)
+      
+      permission.role(:test) { can :do, :this }
+      # should not create other children ...
+      permission.childrens.length.should be(1)
+      # ... and append the new ability
+      permission.childrens.first.abilities.length.should be(2)
+    end
+  end
+
+  describe "#group" do
+    it "not add the group name to permission list" do
+      permission.group(:test)
+      MoulinRouge::Permission.list.should_not include(:test)
+    end
+  end
+
+  describe "#group?" do
+    it "returns true if is a group and false otherwise" do
+      role = permission.role(:role)
+      group = permission.group(:group)
+      role.group?.should be_false
+      group.group?.should be_true
+    end
+  end
+
+  describe "#method_missing" do
+    let(:args) { [:one, :two] }
+    let(:proc) { Proc.new { :block } }
+
+    context "collect all cancan methods and store under abilities" do
+      MoulinRouge::Permission::CANCAN_METHODS.each do |method_name|
+        describe "##{method_name}" do
+          it "adds a new ability to this permission" do
+            permission.abilities.should be_empty
+            permission.send(method_name, *args, &proc)
+            permission.abilities.should_not be_empty
+          end
+
+          it "stores nil on block attribute when no block is given" do
+            permission.send(method_name, *args)
+            permission.abilities.first.block.should be_nil
+          end
+
+          it "stores the method" do
+            permission.abilities.should be_empty
+            permission.send(method_name, *args, &proc)
+            permission.abilities.should_not be_empty
+
+            method = permission.abilities.first
+            method.should be_a(MoulinRouge::CanCan::Method)
+            # Evaluate the class of the arguments and block
+            method.args.should be_a(Array)
+            method.block.should be_a(Proc)
+            # Just check the value
+            method.args.should eq(args)
+            method.block.call.should be(:block)
+          end
+        end
+      end
+    end
+
+    it "receives and stores in a proc calls on the model object" do
+      ability = nil
+      permission.role(:test) do
+        ability = can :do, :this, :user_id => current_user.id
+      end
+      ability.args.last[:user_id].should be_a(Proc)
+    end
+
+    it "raise an error if the method is not registered has a cancan method" do
+      lambda { permission.send(:abcdefg, *args, &proc) }.should raise_error(NoMethodError)
+    end
+  end
+  
+  describe "#import" do
+    let(:files_opened) { [] }
+    
+    it "glob all files in the given path and evaluate their content in the class scope" do
+      File.stub(:open) { |file| files_opened << file; double("file", :read => "")  }
+      permission.import(MoulinRouge.configuration.path)
+      files_opened.should include(*Dir[MoulinRouge.configuration.path])
+    end
+    
+    it "let raise exceptions when there are syntax errors" do
+      tests = []
+      tests << %|
+        # Wrong method name
+        roe :name do
+        end
+      |
+      tests << %|
+        # Wrong method name
+        groups :name do
+        end
+      |
+      tests << %|
+        # Wrong method name
+        cn :
+      |
+      tests << %|
+        # Wrong method name
+        role do
+        end
+      |
+      # Execute them all
+      tests.each do |test|
+        create_permission test
+        lambda { permission.import(MoulinRouge.configuration.path) }.should raise_error
+      end
+    end
+  end
+  
+  describe "#find" do
+    it "returns the instance of the permission if there is children with this name and nil otherwise" do
+      role = permission.role(:test)
+      permission.find(:test).should be(role)
+      permission.find(:bad).should be_nil
+    end
+  end
+  
+  describe "#name" do
+    it "returns an symbol containing the name with the parents separeted by a underscore" do
+      first_children, second_children = nil
+      MoulinRouge::Permission.new(:main) do
+        first_children = role(:one) do
+          second_children = role(:two)
+        end
+      end
+      first_children.name.should be(:one)
+      second_children.name.should be(:one_two)
+    end
+  end
+
+  describe "#include" do
+    it "appends all childrens and abilities from one object to another" do
+      one, another = nil
+      one = permission.role(:one) do
+        role(:nested)
+        can :do, :something
+      end
+      another = permission.role(:another) do
+        include :one
+      end
+      another.childrens.should_not be_empty
+      another.abilities.should_not be_empty
+      another.childrens.first.singular_name.should be(:nested)
+      another.abilities.first.args.should include(:do, :something)
+    end
+
+    it "raises an error if could not find the requested permission" do
+      lambda {
+        permission.role(:name) do
+          include :not_found
+        end
+      }.should raise_error(MoulinRouge::RoleNotFound)
+    end
+  end
+  
+  context "self" do
+    describe "#main" do
+      it "returns the main MoulinRouge::Permission instance" do
+        MoulinRouge::Permission.main.should be_instance_of(permission.class)
+      end
+    end
+
+    describe "#list" do
+      it "returns an array" do
+        MoulinRouge::Permission.list.should be_a(Array)
+      end
+    end
+
+    describe "#all" do
+      it "returns an hash with all created permissions" do
+        MoulinRouge::Permission.all.should be_a(Hash)
+      end
+
+      it "store all permissions instantiated unless the main one" do
+        hello_world = permission.role(:hello_world) do
+          can :do
+        end
+        MoulinRouge::Permission.all[hello_world.name].should be(hello_world)
+      end
+    end
+
+    describe "#add" do
+      it "should append the object instance on Permission.all and Permission.names" do
+        object = double(:name => :foo)
+        MoulinRouge::Permission.stub(:all)    { @all  ||= double()   }
+        MoulinRouge::Permission.stub(:list)   { @list ||= double(:include? => false) }
+        MoulinRouge::Permission.list.should_receive(:'<<').with(object.name)
+        MoulinRouge::Permission.all.should_receive(:'[]=').with(object.name, object)
+        MoulinRouge::Permission.add(object)
+      end
+    end
+
+    describe "#reset!" do
+      it "sets to nil the main, list and all constants" do
+        # Create some
+        permission.role(:one)
+        permission.role(:two)
+        MoulinRouge::Permission.all.should_not be_empty
+        MoulinRouge::Permission.list.should_not be_empty
+        # Apply
+        MoulinRouge::Permission.reset!
+        # Evaluate constants
+        MoulinRouge::Permission.instance_variable_get(:'@main').should be_nil
+        MoulinRouge::Permission.instance_variable_get(:'@all').should be_nil
+        MoulinRouge::Permission.instance_variable_get(:'@list').should be_nil
+        # Evaluate has arrays
+        MoulinRouge::Permission.all.should be_empty
+        MoulinRouge::Permission.list.should be_empty
+      end
+    end
+  end
+end

data/spec/moulin_rouge_spec.rb

@@ -0,0 +1,77 @@
+require 'spec_helper'
+
+describe MoulinRouge do
+  it "should be a module" do
+    MoulinRouge.should be_a(Module)
+  end
+  
+  context "self" do
+    describe "#configuration" do
+      it "returns the same object every time" do
+        MoulinRouge.configuration.should equal(MoulinRouge.configuration)
+      end
+    end
+
+    describe "#configure" do
+      it "yields the current configuration" do
+        MoulinRouge.configure do |config|
+          config.should eq(MoulinRouge::configuration)
+        end
+      end
+    end
+
+    describe "#run!" do
+      it "calls the load! method" do
+        MoulinRouge.should_receive(:load!).once
+        MoulinRouge.run!
+      end
+
+      it "creates a class named Ability inherited from MoulinRouge::CanCan::Ability" do
+        MoulinRouge.run!
+        Object.const_get('Ability').should_not be_nil
+        Object.const_get('Ability').ancestors.should include(MoulinRouge::CanCan::Ability)
+      end
+    end
+
+    describe "#run?" do
+      it "returns true if the run! method was called and false oterwise" do
+        MoulinRouge.class_variable_set(:'@@run', false)
+        MoulinRouge.run?.should be_false
+        MoulinRouge.run!
+        MoulinRouge.run?.should be_true
+      end
+    end
+
+    describe "#load!" do
+      context "(with stubs)" do
+        it "call import the config path on the main permission" do
+          MoulinRouge::Permission.main.should_receive(:import).with(MoulinRouge.configuration.path).once
+          MoulinRouge.load!
+          MoulinRouge::Permission.main.should_not be_nil
+        end
+      end
+
+      context "(without stubs)" do
+        it "evaluate all permissions in the path" do
+          MoulinRouge.load!
+          MoulinRouge::Permission.main.childrens.should_not be_empty
+        end
+      end
+    end
+
+    describe "reset!" do
+      it "calls the reset! method on Permission" do
+        MoulinRouge::Permission.should_receive(:reset!).twice # One in the before(:each) in spec_helper.rb and another here
+        MoulinRouge.reset!
+      end
+    end
+
+    describe "#reload!" do
+      it "Reset all permissions and load them again" do
+        MoulinRouge.should_receive(:reset!).twice # One in the before(:each) in spec_helper.rb and another here
+        MoulinRouge.should_receive(:load!).once
+        MoulinRouge.reload!
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,40 @@
+require 'simplecov'
+SimpleCov.start
+
+require 'rubygems'
+require 'bundler/setup'
+require 'rspec'
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[File.expand_path("spec/support/**/*.rb")].each {|f| require f}
+
+# Require all files from the project
+Dir[File.expand_path("lib/**/*.rb")].each {|f| require f}
+
+def permission_file
+  File.expand_path("spec/fixtures/spec_permission.rb")
+end
+
+def create_permission(content)
+  f = File.open(permission_file, 'w')
+  f.write(content)
+ensure
+  f.close
+end
+
+RSpec.configure do |config|
+  config.mock_with :rspec
+  config.before do
+    MoulinRouge.configure do |config|
+      config.path = File.join(File.expand_path(File.dirname(__FILE__)), "/fixtures/**/*.rb")
+    end
+  end
+  # Reset the MoulinRouge global variables
+  # Remove the permission file created by the helper
+  config.after(:each) do
+    MoulinRouge.reset!
+    MoulinRouge.configuration.cache = true
+    FileUtils.rm_rf(permission_file) if File.exists?(permission_file)
+  end
+end

metadata

@@ -0,0 +1,132 @@
+--- !ruby/object:Gem::Specification
+name: moulin_rouge
+version: !ruby/object:Gem::Version
+  version: 0.0.1.alpha
+  prerelease: 6
+platform: ruby
+authors:
+- Edson Hilios
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-03-16 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: cancan
+  requirement: &19713720 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: *19713720
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: &19713280 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *19713280
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &19712860 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *19712860
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: &19712420 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *19712420
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: &19712000 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *19712000
+description: A wrapper to CanCan authorization system, allowing you to define permissions
+  in many ruby files. Add new functionality allowing you do more with less.
+email:
+- edson.hilios@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- MIT-LICENSE
+- README.md
+- lib/tasks/moulin_rouge_tasks.rake
+- lib/moulin_rouge.rb
+- lib/moulin_rouge/model_double.rb
+- lib/moulin_rouge/permission.rb
+- lib/moulin_rouge/version.rb
+- lib/moulin_rouge/cancan/responder.rb
+- lib/moulin_rouge/cancan/ability.rb
+- lib/moulin_rouge/cancan/method.rb
+- lib/moulin_rouge/configuration.rb
+- init.rb
+- spec/fixtures/role.rb
+- spec/spec_helper.rb
+- spec/moulin_rouge_spec.rb
+- spec/moulin_rouge/permission_spec.rb
+- spec/moulin_rouge/configuration_spec.rb
+- spec/moulin_rouge/cancan/method_spec.rb
+- spec/moulin_rouge/cancan/responder_spec.rb
+- spec/moulin_rouge/cancan/ability_spec.rb
+- spec/moulin_rouge/model_double_spec.rb
+homepage: https://github.com/hilios/moulin_rouge
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>'
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Organize your CanCan permissions in many files.
+test_files:
+- spec/fixtures/role.rb
+- spec/spec_helper.rb
+- spec/moulin_rouge_spec.rb
+- spec/moulin_rouge/permission_spec.rb
+- spec/moulin_rouge/configuration_spec.rb
+- spec/moulin_rouge/cancan/method_spec.rb
+- spec/moulin_rouge/cancan/responder_spec.rb
+- spec/moulin_rouge/cancan/ability_spec.rb
+- spec/moulin_rouge/model_double_spec.rb