osm 1.2.7 → 1.2.8

data/.rspec

@@ -1 +1,2 @@
 --color
+--format documentation

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## Version 1.2.8
+
+  * api.get\_user\_permissions now includes the quartermaster permission
+  * Fix administer permission level excluded from ApiAccess
+
 ## Version 1.2.7
 
   * Fix can't compare exception when a FlexiRecord has a nil name.

data/README.md

@@ -7,7 +7,7 @@ Master branch:
 [![Code Climate](https://codeclimate.com/github/robertgauld/osm.png?branch=master)](https://codeclimate.com/github/robertgauld/osm)
 
 Staging branch:
-[![Build Status](https://secure.travis-ci.org/robertgauld/osm.png?branch=staging)](http://travis-ci.org/robertgauld/o
+[![Build Status](https://secure.travis-ci.org/robertgauld/osm.png?branch=staging)](http://travis-ci.org/robertgauld/osm)
 [![Coveralls Status](https://coveralls.io/repos/robertgauld/osm/badge.png?branch=master)](https://coveralls.io/r/robertgauld/osm)
 [![Code Climate](https://codeclimate.com/github/robertgauld/osm.png?branch=staging)](https://codeclimate.com/github/robertgauld/osm)
 

data/gemfiles/rails3

@@ -6,10 +6,8 @@ gem 'activesupport', '~> 3.2'
 gem 'dirty_hashy', '~> 0.2.1'
 gem 'httparty', '~> 0.9'
 gem 'rake', '~> 10.1'
-gem 'rspec', '~> 2.0', '< 2.14'
+gem 'rspec', '~> 2.0', '>= 2.14.1'
 gem 'fakeweb', '~> 1.3.0'
 gem 'osm', :path=>'../'
 gem 'coveralls', '~> 0.7'
 gem 'simplecov', '~> 0.7'
-
-#gemspec :path=>"../"

data/lib/array_of_validator.rb

@@ -6,8 +6,12 @@ class ArrayOfValidator < ActiveModel::EachValidator
         record.errors.add(attribute, "items in the Array must be a #{options[:item_type].name}")
       else
         # We don't want to check the item is valid if it's the wrong type
-        if !options[:item_valid].nil? && (value_item.valid? != options[:item_valid])
-          record.errors.add(attribute, 'contains an invalid item')
+        unless options[:item_valid].nil?
+          # Check validity of item matches item_valid option
+          unless value_item.valid?.eql?(options[:item_valid])
+            message = "contains #{value_item.valid? ? 'a valid' : 'an invalid'} item"
+            record.errors.add(attribute, message)
+          end
         end
       end
     end

data/lib/osm.rb

@@ -150,7 +150,7 @@ module Osm
     }
 
     return permissions.inject({}) do |new_hash, (key, value)|
-      if ["badge", "member", "user", "register", "contact", "programme","events", "flexi", "finance"].include?(key)
+      if ["badge", "member", "user", "register", "contact", "programme","events", "flexi", "finance", "quartermaster"].include?(key)
         # This is a permission we care about
         new_hash[key.to_sym] = permissions_map[value.to_i]
       end

data/lib/osm/api_access.rb

@@ -42,6 +42,7 @@ module Osm
       permissions_map = {
         10  => [:read],
         20  => [:read, :write],
+        100 => [:read, :write, :administer]
       }
       result = Array.new
       ids = Array.new

data/lib/osm/meeting.rb

@@ -269,7 +269,7 @@ module Osm
       end
       badges = nil
 
-      if user_has_permission?(api, :write, :badge, section_id, options)
+      if has_permission?(api, :write, :badge, section_id, options)
         # We can shortcut and do it in one query
         badges = api.perform_query("users.php?action=getActivityRequirements&date=#{date.strftime(Osm::OSM_DATE_FORMAT)}&sectionid=#{section.id}&section=#{section.type}")
 

data/lib/osm/model.rb

@@ -112,13 +112,22 @@ module Osm
     end
 
 
+    # Check if the user has access to a section
+    # @param [Osm::Api] api The api to use to make the request
+    # @param [Osm::Section, Fixnum, #to_i] section The Section (or its ID) the $
+    # @!macro options_get
+    # @return [Boolean] If the Api user has access the section
+    def self.has_access_to_section?(api, section, options={})
+      api.get_user_permissions(options).keys.include?(section.to_i)
+    end
+
     # Raise an exception if the user does not have access to a section
     # @param [Osm::Api] api The api to use to make the request
     # @param [Osm::Section, Fixnum, #to_i] section The Section (or its ID) the permission is required on
     # @!macro options_get
     # @raise [Osm::Forbidden] If the Api user can not access the section
     def self.require_access_to_section(api, section, options={})
-      unless api.get_user_permissions(options).keys.include?(section.to_i)
+      unless has_access_to_section?(api, section, options)
         raise Osm::Forbidden, "You do not have access to that section"
       end
     end
@@ -138,7 +147,7 @@ module Osm
     # @param [Osm::Section, Fixnum, #to_i] section The Section (or its ID) the permission is required on
     # @!macro options_get
     def self.has_permission?(api, to, on, section, options={})
-      user_has_permission(api, to, on, section, options) && api_has_permission(api, to, on, section, options)
+      user_has_permission?(api, to, on, section, options) && api_has_permission?(api, to, on, section, options)
     end
 
     # Check if the user has the relevant permission within OSM
@@ -165,13 +174,9 @@ module Osm
     # @param [Osm::Section, Fixnum, #to_i] section The Section (or its ID) the permission is required on
     # @!macro options_get
     def self.api_has_permission?(api, to, on, section, options={})
-      section_id = section.to_i
-      permissions = Osm::ApiAccess.get_ours(api, section_id, options).permissions
-      permissions = permissions[on] || []
-      unless permissions.include?(to)
-        return false
-      end
-      return true
+      access = Osm::ApiAccess.get_ours(api, section, options)
+      return false if access.nil?
+      (access.permissions[on] || []).include?(to)
     end
 
     # Raise an exception if the user does not have the relevant permission
@@ -182,22 +187,24 @@ module Osm
     # @!macro options_get
     # @raise [Osm::Forbidden] If the Api user does not have the required permission
     def self.require_permission(api, to, on, section, options={})
+      section = Osm::Section.get(api, section.to_i, options) unless section.is_a?(Osm::Section)
+      section_name = section.try(:name)
       unless user_has_permission?(api, to, on, section, options)
-        raise Osm::Forbidden, "Your OSM user does not have permission to #{to} on #{on} for #{Osm::Section.get(api, section.to_i, options).try(:name)}"
+        raise Osm::Forbidden, "Your OSM user does not have permission to #{to} on #{on} for #{section_name}."
       end
       unless api_has_permission?(api, to, on, section, options)
-        raise Osm::Forbidden, "You have not granted the #{to} permissions on #{on} to the #{api.api_name} API for #{Osm::Section.get(api, section.to_i, options).try(:name)}"
+        raise Osm::Forbidden, "You have not granted the #{to} permissions on #{on} to the #{api.api_name} API for #{section_name}."
       end
     end
 
     # Raise an exception if the user does not have the relevant permission
     # @param [Osm::Api] api The api to use to make the request
-    # @param [Symbol] level The OSM subscription level required (:bronze, :silver, :gold, :gold_plus)
+    # @param [Symbol, Fixnum] level The OSM subscription level required (:bronze, :silver, :gold, :gold_plus)
     # @param [Osm::Section, Fixnum, #to_i] section The Section (or its ID) the subscription is required on
     # @!macro options_get
     # @raise [Osm::Forbidden] If the Section does not have the required OSM Subscription (or higher)
     def self.require_subscription(api, level, section, options={})
-      section = Osm::Section.get(api, section, options) if section.is_a?(Fixnum)
+      section = Osm::Section.get(api, section, options) unless section.is_a?(Osm::Section)
       if level.is_a?(Symbol) # Convert to Fixnum
         case level
         when :bronze
@@ -214,7 +221,7 @@ module Osm
       end
       if section.nil? || section.subscription_level < level
         level_name = Osm::SUBSCRIPTION_LEVEL_NAMES[level] || level
-        raise Osm::Forbidden, "Insufficent OSM subscription level (#{level_name} required for #{section.name})"
+        raise Osm::Forbidden, "Insufficent OSM subscription level (#{level_name} required for #{section.name})."
       end
     end
 
@@ -225,7 +232,7 @@ module Osm
     # @param [Osm::Section, Fixnum, #to_i] section The Section (or its ID) the permission is required on
     # @!macro options_get
     def self.require_ability_to(api, to, on, section, options={})
-      section = Osm::Section.get(api, section, options) if section.is_a?(Fixnum)
+      section = Osm::Section.get(api, section, options) unless section.is_a?(Osm::Section)
       require_permission(api, to, on, section, options)
       if section.youth_section? && [:register, :contact, :events, :flexi].include?(on)
         require_subscription(api, :silver, section, options)

data/spec/array_of_validator_spec.rb

@@ -0,0 +1,102 @@
+# encoding: utf-8
+require 'spec_helper'
+
+
+class FixnumTestModel < Osm::Model
+  attribute :array
+  validates :array, :array_of => {:item_type => Fixnum}
+end
+
+class TestItem
+  def initialize(attrs)
+    @valid = !!attrs[:valid]
+  end
+  def valid?
+    @valid
+  end
+end
+
+class ValidTestModel < Osm::Model
+  attribute :array
+  validates :array, :array_of => {:item_type => TestItem, :item_valid=>true}
+end
+
+class InvalidTestModel < Osm::Model
+  attribute :array
+  validates :array, :array_of => {:item_type => TestItem, :item_valid=>false}
+end
+
+class NovalidTestModel < Osm::Model
+  attribute :array
+  validates :array, :array_of => {:item_type => TestItem}
+end
+
+
+describe "array_of validator" do
+
+  it "Allows an empty array" do
+    i = FixnumTestModel.new(array: [])
+    i.valid?.should == true
+    i.errors.count.should == 0
+  end
+
+  describe ":item_type option" do
+
+    it "Allows arrays of the right type" do
+      i = FixnumTestModel.new(array: [1, 2, 3])
+      i.valid?.should == true
+      i.errors.count.should == 0
+    end
+
+    it "Forbids arrays containing >= 1 incorrect type" do
+      i = FixnumTestModel.new(array: [1, '2', 3])
+      i.valid?.should == false
+      i.errors.count.should == 1
+      i.errors.messages.should == {:array=>["items in the Array must be a Fixnum"]}
+    end
+
+  end
+
+  describe ":valid option" do
+
+    it "Allows (in)valid items unless valid option is passed" do
+      i = NovalidTestModel.new(array: [TestItem.new(valid: false), TestItem.new(valid: true)])
+      i.valid?.should == true
+      i.errors.count.should == 0
+    end
+
+    describe "Valid option is false" do
+
+      it "Contains all invalid items" do
+        i = InvalidTestModel.new(array: [TestItem.new(valid: false)])
+        i.valid?.should == true
+        i.errors.count.should == 0
+      end
+
+      it "Contains a valid item" do
+        i = InvalidTestModel.new(array: [TestItem.new(valid: true)])
+        i.valid?.should == false
+        i.errors.count.should == 1
+        i.errors.messages.should == {:array => ['contains a valid item']}
+      end
+
+    end
+
+    describe "Valid option is true" do
+
+      it "Contains all valid items" do
+        i = ValidTestModel.new(array: [TestItem.new(valid: true)])
+        i.valid?.should == true
+        i.errors.count.should == 0
+      end
+
+      it "Contains an invalid item" do
+        i = ValidTestModel.new(array: [TestItem.new(valid: false)])
+        i.valid?.should == false
+        i.errors.count.should == 1
+        i.errors.messages.should == {:array => ['contains an invalid item']}      end
+    end
+
+  end
+
+end

data/spec/osm/activity_spec.rb

@@ -119,8 +119,8 @@ describe "Activity" do
       activity.location.should == :indoors
       activity.shared.should == 0
       activity.rating.should == 4
-      activity.editable.should == true
-      activity.deletable.should == false
+      activity.editable.should be_true
+      activity.deletable.should be_false
       activity.used.should == 3
       activity.versions[0].version.should == 0
       activity.versions[0].created_by.should == 1

data/spec/osm/api_access_spec.rb

@@ -35,7 +35,7 @@ describe "API Access" do
           {
             'apiid' => '1',
             'name' => 'API Name',
-            'permissions' => { 'read' => '10', 'readwrite' => '20' }
+            'permissions' => { 'read' => '10', 'readwrite' => '20', 'administer' => '100' }
           }, {
             'apiid' => '2',
             'name' => 'API 2 Name',
@@ -54,7 +54,7 @@ describe "API Access" do
         api_access = api_accesses[0]
         api_access.id.should == 1
         api_access.name.should == 'API Name'
-        api_access.permissions.should == {:read => [:read], :readwrite => [:read, :write]}
+        api_access.permissions.should == {:read => [:read], :readwrite => [:read, :write], :administer => [:read, :write, :administer]}
       end
 
       it "From cache" do

data/spec/osm/badge_spec.rb

@@ -36,7 +36,7 @@ describe "Badge" do
     requirement.name.should == 'name'
     requirement.description.should == 'description'
     requirement.field.should == 'field'
-    requirement.editable.should == true
+    requirement.editable.should be_true
     requirement.badge.osm_key.should == 'key'
     requirement.valid?.should be_true
   end
@@ -423,7 +423,7 @@ describe "Badge" do
         requirement.name.should == 'r_name'
         requirement.description.should == 'r_description'
         requirement.field.should == 'r_field'
-        requirement.editable.should == true
+        requirement.editable.should be_true
         requirement.badge.osm_key.should == 'badge'
       end
 
@@ -445,7 +445,7 @@ describe "Badge" do
         requirement.name.should == 'r_name'
         requirement.description.should == 'r_description'
         requirement.field.should == 'r_field'
-        requirement.editable.should == true
+        requirement.editable.should be_true
         requirement.badge.osm_key.should == 'badge'
       end
 
@@ -467,7 +467,7 @@ describe "Badge" do
         requirement.name.should == 'r_name'
         requirement.description.should == 'r_description'
         requirement.field.should == 'r_field'
-        requirement.editable.should == true
+        requirement.editable.should be_true
         requirement.badge.osm_key.should == 'badge'
       end
 
@@ -489,7 +489,7 @@ describe "Badge" do
         requirement.name.should == 'r_name'
         requirement.description.should == 'r_description'
         requirement.field.should == 'r_field'
-        requirement.editable.should == true
+        requirement.editable.should be_true
         requirement.badge.osm_key.should == 'badge'
       end
 

data/spec/osm/badges_spec.rb

@@ -51,7 +51,7 @@ describe "Badges" do
       FakeWeb.register_uri(:post, "https://www.onlinescoutmanager.co.uk/challenges.php?action=outstandingBadges&section=cubs&sectionid=1&termid=2", :body => data.to_json, :content_type => 'application/json')
 
       db = Osm::Badges.get_due_badges(@api, Osm::Section.new(:id => 1, :type => :cubs), 2)
-      db.empty?.should == false
+      db.empty?.should be_false
       db.badge_names.should == {'badge_name_1'=>'Badge Name', 'staged_staged_participation_2'=>'Participation (Level 2)'}
       db.by_member.should == {1=>['badge_name_1', 'staged_staged_participation_2'], 2=>['staged_staged_participation_2']}
       db.member_names.should == {1 => 'John Doe', 2 => 'Jane Doe'}
@@ -62,7 +62,7 @@ describe "Badges" do
     it "handles an empty array representing no due badges" do
       FakeWeb.register_uri(:post, "https://www.onlinescoutmanager.co.uk/challenges.php?action=outstandingBadges&section=cubs&sectionid=1&termid=2", :body => '[]', :content_type => 'application/json')
       db = Osm::Badges.get_due_badges(@api, Osm::Section.new(:id => 1, :type => :cubs), 2)
-      db.should_not == nil
+      db.should_not be_nil
     end
 
 

data/spec/osm/event_spec.rb

@@ -32,7 +32,7 @@ describe "Event" do
     event.section_id.should == 2
     event.name.should == 'Event name'
     event.start.should == DateTime.new(2001, 1, 2, 12, 0, 0)
-    event.finish.should == nil
+    event.finish.should be_nil
     event.cost.should == '1.23'
     event.location.should == 'Somewhere'
     event.notes.should == 'None'
@@ -41,10 +41,10 @@ describe "Event" do
     event.notepad.should == 'notepad'
     event.public_notepad.should == 'public notepad'
     event.confirm_by_date.should == Date.new(2002, 1, 2)
-    event.allow_changes.should == true
-    event.reminders.should == false
+    event.allow_changes.should be_true
+    event.reminders.should be_false
     event.attendance_limit.should == 3
-    event.attendance_limit_includes_leaders.should == true
+    event.attendance_limit_includes_leaders.should be_true
     event.attendance_reminder.should == 14
     event.allow_booking.should be_false
     event.valid?.should be_true
@@ -196,16 +196,16 @@ describe "Event" do
         event.notepad.should == 'notepad'
         event.public_notepad.should == 'public notepad'
         event.confirm_by_date.should == Date.new(2002, 1, 2)
-        event.allow_changes.should == true
-        event.reminders.should == false
+        event.allow_changes.should be_true
+        event.reminders.should be_false
         event.attendance_limit.should == 3
-        event.attendance_limit_includes_leaders.should == true
+        event.attendance_limit_includes_leaders.should be_true
         event.attendance_reminder.should == 7
-        event.allow_booking.should == true
+        event.allow_booking.should be_true
         event.columns[0].id.should == 'f_1'
         event.columns[0].name.should == 'Name'
         event.columns[0].label.should == 'Label'
-        event.columns[0].parent_required.should == true
+        event.columns[0].parent_required.should be_true
         event.valid?.should be_true
       end
 
@@ -282,7 +282,7 @@ describe "Event" do
       it "No limit" do
         event = Osm::Event.new(:attendance_limit => 0, :id => 1, :section_id => 2)
         event.spaces?(@api).should be_true
-        event.spaces(@api).should == nil
+        event.spaces(@api).should be_nil
       end
 
       it "Under limit" do
@@ -975,4 +975,4 @@ describe "Event" do
 
   end
 
-end
+end

data/spec/osm/flexi_record_spec.rb

@@ -103,6 +103,18 @@ describe "Flexi Record" do
     records.sort.should == [fr1, fr2, fr3]
   end
 
+  it "Compare handles a nil name" do
+    fr1 = Osm::FlexiRecord.new(section_id: 1, name: nil)
+    fr2 = Osm::FlexiRecord.new(section_id: 1, name: 'Something')
+    (fr1 <=> fr2).should == -1
+  end
+
+  it "Compare handles a nil section_id" do
+    fr1 = Osm::FlexiRecord.new(section_id: nil, name: 'a')
+    fr2 = Osm::FlexiRecord.new(section_id: 1, name: 'a')
+    (fr1 <=> fr2).should == -1
+  end
+
 
   describe "Using the API" do
 

data/spec/osm/grouping_spec.rb

@@ -29,7 +29,7 @@ describe "Grouping" do
       patrol.id.should == 1
       patrol.section_id.should == 2
       patrol.name.should == 'Patrol Name'
-      patrol.active.should == true
+      patrol.active.should be_true
       patrol.points.should == 3
       patrol.valid?.should be_true
     end
@@ -101,4 +101,4 @@ describe "Grouping" do
 
   end
 
-end
+end

data/spec/osm/invoice_spec.rb

@@ -20,8 +20,8 @@ describe "Invoice" do
     i.name.should == 'Name'
     i.extra_details.should == 'Extra Details'
     i.date.should == Date.new(2001, 2, 3)
-    i.archived.should == true
-    i.finalised.should == true
+    i.archived.should be_true
+    i.finalised.should be_true
     i.valid?.should be_true
   end
 
@@ -168,8 +168,8 @@ describe "Invoice" do
           invoice.name.should == 'Invoice 1'
           invoice.extra_details.should == 'Some more details'
           invoice.date.should == Date.new(2010, 1, 1)
-          invoice.archived.should == false
-          invoice.finalised.should == false
+          invoice.archived.should be_false
+          invoice.finalised.should be_false
           invoice.valid?.should be_true
         end
 

data/spec/osm/meeting_spec.rb

@@ -157,6 +157,7 @@ describe "Meeting" do
     end
 
     it "Fetch badge requirements for a meeting (from API)" do
+      Osm::Model.stub('has_permission?').and_return(true)
       badges_body = [{'a'=>'a'},{'a'=>'A'}]
       FakeWeb.register_uri(:post, 'https://www.onlinescoutmanager.co.uk/users.php?action=getActivityRequirements&date=2000-01-02&sectionid=3&section=cubs', :body => badges_body.to_json, :content_type => 'application/json')
       roles_body = [
@@ -169,6 +170,7 @@ describe "Meeting" do
     end
 
     it "Fetch badge requirements for a meeting (iterating through activities)" do
+      Osm::Model.stub('has_permission?').with(@api, :write, :badge, 3, {}).and_return(false)
       roles_body = [
         {"sectionConfig"=>"{\"subscription_level\":1,\"subscription_expires\":\"2013-01-05\",\"sectionType\":\"cubs\",\"columnNames\":{\"column_names\":\"names\"},\"numscouts\":10,\"hasUsedBadgeRecords\":true,\"hasProgramme\":true,\"extraRecords\":[],\"wizard\":\"false\",\"fields\":{\"fields\":true},\"intouch\":{\"intouch_fields\":true},\"mobFields\":{\"mobile_fields\":true}}", "groupname"=>"3rd Somewhere", "groupid"=>"3", "groupNormalised"=>"1", "sectionid"=>"3", "sectionname"=>"Section 1", "section"=>"beavers", "isDefault"=>"1", "permissions"=>{"badge"=>10, "member"=>20, "user"=>100, "register"=>100, "contact"=>100, "programme"=>10, "originator"=>1, "events"=>100, "finance"=>100, "flexi"=>100}},
       ]
@@ -253,7 +255,7 @@ describe "Meeting" do
         :start_time => '11:11',
         :finish_time => '22:22',
         :title => 'Title',
-      }).should be_true
+      }).is_a?(Osm::Meeting).should be_true
     end
 
     it "Create a meeting (failed)" do
@@ -265,7 +267,7 @@ describe "Meeting" do
         :start_time => '11:11',
         :finish_time => '22:22',
         :title => 'Title',
-      }).should be_false
+      }).should be_nil
     end
 
 

data/spec/osm/model_spec.rb

@@ -179,4 +179,232 @@ describe "Model" do
 
   end
 
+  describe "Access control" do
+
+    describe "user_has_permission?" do
+
+      before :each do
+        @api.stub(:get_user_permissions).and_return( { 1 => {foo: [:bar]} } )
+      end
+
+      it "Has permission" do
+        Osm::Model.user_has_permission?(@api, :bar, :foo, 1).should be_true
+      end
+
+      it "Doesn't have the level of permission" do
+        Osm::Model.user_has_permission?(@api, :barbar, :foo, 1).should be_false
+      end
+
+      it "Doesn't have access to section" do
+        Osm::Model.user_has_permission?(@api, :bar, :foo, 2).should be_false
+      end
+
+    end
+
+    describe "api_has_permission?" do
+
+      before :each do
+        Osm::ApiAccess.stub(:get_ours).and_return(Osm::ApiAccess.new(
+          id: @api.api_id,
+          name: @api.api_name,
+          permissions: {foo: [:bar]}
+        ))
+      end
+
+      it "Has permission" do
+        Osm::Model.api_has_permission?(@api, :bar, :foo, 1).should be_true
+      end
+
+      it "Doesn't have the level of permission" do
+        Osm::Model.api_has_permission?(@api, :barbar, :foo, 1).should be_false
+      end
+
+      it "Doesn't have access to the section" do
+        Osm::ApiAccess.stub(:get_ours).and_return(nil)
+        Osm::Model.api_has_permission?(@api, :bar, :foo, 2).should be_false
+      end
+
+    end
+
+    describe "has_permission?" do
+
+      it "Only returns true if the user can and they have granted the api permission" do
+        section = Osm::Section.new
+        options = {:foo => :bar}
+        expect(Osm::Model).to receive('user_has_permission?').with(@api, :can_do, :can_to, section, options).and_return(true)
+        expect(Osm::Model).to receive('api_has_permission?').with(@api, :can_do, :can_to, section, options).and_return(true)
+        Osm::Model.has_permission?(@api, :can_do, :can_to, section, options).should be_true
+      end
+
+      describe "Otherwise returns false" do
+        [ [true,false], [false, true], [false, false] ].each do |user, api|
+          it "User #{user ? 'can' : "can't"} and #{api ? 'has' : "hasn't"} given access" do
+            Osm::Model.stub('user_has_permission?').and_return(user)
+            Osm::Model.stub('api_has_permission?').and_return(api)
+            Osm::Model.has_permission?(@api, :can_do, :can_to, Osm::Section.new).should be_false
+          end
+        end
+      end
+
+    end
+
+    describe "has_access_to_section?" do
+
+      before :each do
+        @api.stub(:get_user_permissions).and_return( {1=>{}} )
+      end
+
+      it "Has access" do
+        Osm::Model.has_access_to_section?(@api, 1).should be_true
+      end
+
+      it "Doesn't have access" do
+        Osm::Model.has_access_to_section?(@api, 2).should be_false
+      end 
+
+    end
+
+    describe "require_access_to_section" do
+
+      before :each do
+        Osm::Model.unstub(:require_access_to_section)
+      end
+
+      it "Does nothing when access is allowed" do
+        Osm::Model.stub('has_access_to_section?') { true }
+        expect{ Osm::Model.require_access_to_section(@api, 1) }.not_to raise_error
+      end
+
+      it "Raises exception when access is not allowed" do
+        Osm::Model.stub('has_access_to_section?') { false }
+        expect{ Osm::Model.require_access_to_section(@api, 1) }.to raise_error(Osm::Forbidden, "You do not have access to that section")
+      end
+
+    end
+
+    describe "require_permission" do
+
+      it "Does nothing when access is allowed" do
+        Osm::Model.stub('user_has_permission?').and_return(true)
+        Osm::Model.stub('api_has_permission?').and_return(true)
+        section = Osm::Section.new(name: 'A SECTION')
+        expect{ Osm::Model.require_permission(@api, :to, :on, section) }.not_to raise_error
+      end
+
+      it "Raises exception when user doesn't have access" do
+        Osm::Model.stub('user_has_permission?').and_return(false)
+        Osm::Model.stub('api_has_permission?').and_return(true)
+        section = Osm::Section.new(name: 'A SECTION')
+        expect{ Osm::Model.require_permission(@api, :can_do, :can_on, section) }.to raise_error(Osm::Forbidden, "Your OSM user does not have permission to can_do on can_on for A SECTION.")
+      end
+
+      it "Raises exception when api doesn't have access" do
+        Osm::Model.stub('user_has_permission?').and_return(true)
+        Osm::Model.stub('api_has_permission?').and_return(false)
+        section = Osm::Section.new(name: 'A SECTION')
+        expect{ Osm::Model.require_permission(@api, :can_to, :can_on, section) }.to raise_error(Osm::Forbidden, "You have not granted the can_to permissions on can_on to the API NAME API for A SECTION.")
+      end
+
+    end
+
+    describe "require_subscription" do
+
+      it "Checks against a number" do
+        section1 = Osm::Section.new(subscription_level: 1, name: 'NAME') # Bronze
+        section2 = Osm::Section.new(subscription_level: 2, name: 'NAME') # Silver
+        section3 = Osm::Section.new(subscription_level: 3, name: 'NAME') # Gold
+        section4 = Osm::Section.new(subscription_level: 4, name: 'NAME') # Gold+
+
+        expect{ Osm::Model.require_subscription(@api, 1, section1) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, 2, section1) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Silver required for NAME).")
+        expect{ Osm::Model.require_subscription(@api, 3, section1) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Gold required for NAME).")
+        expect{ Osm::Model.require_subscription(@api, 4, section1) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Gold+ required for NAME).")
+
+        expect{ Osm::Model.require_subscription(@api, 1, section2) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, 2, section2) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, 3, section2) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Gold required for NAME).")
+        expect{ Osm::Model.require_subscription(@api, 4, section2) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Gold+ required for NAME).")
+
+        expect{ Osm::Model.require_subscription(@api, 1, section3) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, 2, section3) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, 3, section3) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, 4, section3) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Gold+ required for NAME).")
+
+        expect{ Osm::Model.require_subscription(@api, 1, section4) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, 2, section4) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, 3, section4) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, 4, section4) }.not_to raise_error
+      end
+
+      it "Checks against a symbol" do
+        section1 = Osm::Section.new(subscription_level: 1, name: 'NAME') # Bronze
+        section2 = Osm::Section.new(subscription_level: 2, name: 'NAME') # Silver
+        section3 = Osm::Section.new(subscription_level: 3, name: 'NAME') # Gold
+        section4 = Osm::Section.new(subscription_level: 4, name: 'NAME') # Gold+
+
+        expect{ Osm::Model.require_subscription(@api, :bronze, section1) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, :silver, section1) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Silver required for NAME).")
+        expect{ Osm::Model.require_subscription(@api, :gold, section1) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Gold required for NAME).")
+        expect{ Osm::Model.require_subscription(@api, :gold_plus, section1) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Gold+ required for NAME).")
+
+        expect{ Osm::Model.require_subscription(@api, :bronze, section2) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, :silver, section2) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, :gold, section2) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Gold required for NAME).")
+        expect{ Osm::Model.require_subscription(@api, :gold_plus, section2) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Gold+ required for NAME).")
+
+        expect{ Osm::Model.require_subscription(@api, :bronze, section3) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, :silver, section3) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, :gold, section3) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, :gold_plus, section3) }.to raise_error(Osm::Forbidden, "Insufficent OSM subscription level (Gold+ required for NAME).")
+
+        expect{ Osm::Model.require_subscription(@api, :bronze, section4) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, :silver, section4) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, :gold, section4) }.not_to raise_error
+        expect{ Osm::Model.require_subscription(@api, :gold_plus, section4) }.not_to raise_error
+      end
+
+    end
+
+    describe "Require_abillity_to" do
+
+      before :each do
+        Osm::Model.unstub(:require_ability_to)
+      end
+
+      it "Requires permission" do
+        section = Osm::Section.new(type: :waiting)
+        options = {foo: 'bar'}
+        expect(Osm::Model).to receive(:require_permission).with(@api, :can_do, :can_on, section, options).and_return(true)
+        expect(Osm::Model).not_to receive(:require_subscription)
+        expect{ Osm::Model.require_ability_to(@api, :can_do, :can_on, section, options) }.not_to raise_error
+      end
+
+      describe "Requires the right subscription level for" do
+
+        before :each do
+          @section = Osm::Section.new(type: :beavers)
+          @options = {bar: 'foo'}
+          Osm::Model.stub(:require_permission).and_return(nil)
+        end
+
+        [:register, :contact, :events, :flexi].each do |can_on|
+          it ":#{can_on.to_s} (Silver)" do
+            expect(Osm::Model).to receive(:require_subscription).with(@api, :silver, @section, @options).and_return(true)
+            expect{ Osm::Model.require_ability_to(@api, :read, can_on, @section, @options) }.to_not raise_error
+          end
+        end
+
+        [:finance].each do |can_on|
+          it ":#{can_on.to_s} (Gold)" do
+            expect(Osm::Model).to receive(:require_subscription).with(@api, :gold, @section, @options).and_return(true)
+            expect{ Osm::Model.require_ability_to(@api, :read, can_on, @section, @options) }.to_not raise_error
+          end
+        end
+
+      end
+
+    end
+
+  end
+
 end

data/spec/osm/osm_spec.rb

@@ -22,19 +22,19 @@ describe "Online Scout Manager" do
     end
 
     it "is given neither" do
-      Osm::make_datetime('', '').should == nil
+      Osm::make_datetime('', '').should be_nil
     end
 
     it "is given an invalid date" do
-      Osm::make_datetime('No date here1', '04:05:06').should == nil
+      Osm::make_datetime('No date here1', '04:05:06').should be_nil
     end
 
     it "is given an invalid time" do
-      Osm::make_datetime('2001-02-03', 'No time here!').should == nil
+      Osm::make_datetime('2001-02-03', 'No time here!').should be_nil
     end
 
     it "is given just an invalid date" do
-      Osm::make_datetime('No date here1', nil).should == nil
+      Osm::make_datetime('No date here1', nil).should be_nil
     end
   end
 

data/spec/osm/section_spec.rb

@@ -64,29 +64,29 @@ describe "Section" do
     section.group_id.should == 3
     section.group_name.should == '3rd Somewhere'
     section.flexi_records.should == []
-    section.gocardless.should == true
+    section.gocardless.should be_true
     section.myscout_events_expires.should == Date.today + 61
     section.myscout_badges_expires.should == Date.today + 62
     section.myscout_programme_expires.should == Date.today + 63
     section.myscout_details_expires.should == Date.today + 64
-    section.myscout_events.should == true
-    section.myscout_badges.should == true
-    section.myscout_programme.should == true
-    section.myscout_payments.should == true
+    section.myscout_events.should be_true
+    section.myscout_badges.should be_true
+    section.myscout_programme.should be_true
+    section.myscout_payments.should be_true
     section.myscout_emails.should == {:email1 => true, :email2 => false}
     section.myscout_email_address_from.should == 'send_from@example.com'
     section.myscout_email_address_copy.should == ''
-    section.myscout_badges_partial.should == true
-    section.myscout_programme_summary.should == true
-    section.myscout_programme_times.should == true
+    section.myscout_badges_partial.should be_true
+    section.myscout_programme_summary.should be_true
+    section.myscout_programme_times.should be_true
     section.myscout_programme_show.should == 20
     section.myscout_event_reminder_count.should == 4
     section.myscout_event_reminder_frequency.should == 5
     section.myscout_payment_reminder_count.should == 6
     section.myscout_payment_reminder_frequency.should == 7
-    section.myscout_details.should == true
+    section.myscout_details.should be_true
     section.myscout_details_email_changes_to.should == 'notify-changes-to@example.com'
-    section.sms_sent_test.should == true
+    section.sms_sent_test.should be_true
     section.sms_messages_sent.should == 8
     section.sms_messages_remaining.should == 9
     section.valid?.should be_true
@@ -97,7 +97,7 @@ describe "Section" do
     section = Osm::Section.new
 
     section.subscription_level.should == 1
-    section.subscription_expires.should == nil
+    section.subscription_expires.should be_nil
     section.type.should == :unknown
     section.column_names.should == {}
     section.fields.should == {}
@@ -108,7 +108,7 @@ describe "Section" do
     section.myscout_email_address_copy.should == ''
     section.myscout_details_email_changes_to.should == ''
     section.myscout_programme_show.should == 0
-    section.sms_sent_test.should == false
+    section.sms_sent_test.should be_false
     section.sms_messages_sent.should == 0
     section.sms_messages_remaining.should == 0
   end
@@ -144,29 +144,29 @@ describe "Section" do
         section.flexi_records.size.should == 1
         section.flexi_records[0].id.should == 111
         section.flexi_records[0].name.should == 'Flexi Record 1'
-        section.gocardless.should == true
+        section.gocardless.should be_true
         section.myscout_events_expires.should == Date.new(2013, 1, 6)
         section.myscout_badges_expires.should == Date.new(2013, 1, 7)
         section.myscout_programme_expires.should == Date.new(2013, 1, 8)
         section.myscout_programme_show.should == 10
         section.myscout_details_expires.should == Date.new(2013, 1, 9)
-        section.myscout_events.should == true
-        section.myscout_badges.should == true
-        section.myscout_programme.should == true
-        section.myscout_payments.should == true
+        section.myscout_events.should be_true
+        section.myscout_badges.should be_true
+        section.myscout_programme.should be_true
+        section.myscout_payments.should be_true
         section.myscout_emails.should == {:email1 => true, :email2 => false}
         section.myscout_email_address_from.should == 'send_from@example.com'
         section.myscout_email_address_copy.should == ''
-        section.myscout_badges_partial.should == true
-        section.myscout_programme_summary.should == true
-        section.myscout_programme_times.should == true
+        section.myscout_badges_partial.should be_true
+        section.myscout_programme_summary.should be_true
+        section.myscout_programme_times.should be_true
         section.myscout_event_reminder_count.should == 4
         section.myscout_event_reminder_frequency.should == 5
         section.myscout_payment_reminder_count.should == 6
         section.myscout_payment_reminder_frequency.should == 7
-        section.myscout_details.should == true
+        section.myscout_details.should be_true
         section.myscout_details_email_changes_to.should == 'notify-changes-to@example.com'
-        section.sms_sent_test.should == true
+        section.sms_sent_test.should be_true
         section.sms_messages_remaining.should == 8
         section.sms_messages_sent.should == 9
         section.valid?.should be_true

data/spec/osm/term_spec.rb

@@ -53,9 +53,9 @@ describe "Term" do
     term2 = Osm::Term.new(@attributes.merge(:start => (Date.today -  0), :finish => (Date.today + 0)))
     term3 = Osm::Term.new(@attributes.merge(:start => (Date.today +  1), :finish => (Date.today + 60)))
 
-    term1.before?(Date.today).should == true
-    term2.before?(Date.today).should == false
-    term3.before?(Date.today).should == false
+    term1.before?(Date.today).should be_true
+    term2.before?(Date.today).should be_false
+    term3.before?(Date.today).should be_false
   end
 
   it "Works out if it is completly after a date" do
@@ -63,9 +63,9 @@ describe "Term" do
     term2 = Osm::Term.new(@attributes.merge(:start => (Date.today -  0), :finish => (Date.today + 0)))
     term3 = Osm::Term.new(@attributes.merge(:start => (Date.today +  1), :finish => (Date.today + 60)))
 
-    term1.after?(Date.today).should == false
-    term2.after?(Date.today).should == false
-    term3.after?(Date.today).should == true
+    term1.after?(Date.today).should be_false
+    term2.after?(Date.today).should be_false
+    term3.after?(Date.today).should be_true
   end
 
   it "Works out if it has passed" do
@@ -73,9 +73,9 @@ describe "Term" do
     term2 = Osm::Term.new(@attributes.merge(:start => (Date.today -  0), :finish => (Date.today + 0)))
     term3 = Osm::Term.new(@attributes.merge(:start => (Date.today +  1), :finish => (Date.today + 60)))
 
-    term1.past?().should == true
-    term2.past?().should == false
-    term3.past?().should == false
+    term1.past?().should be_true
+    term2.past?().should be_false
+    term3.past?().should be_false
   end
 
   it "Works out if it is in the future" do
@@ -83,9 +83,9 @@ describe "Term" do
     term2 = Osm::Term.new(@attributes.merge(:start => (Date.today -  0), :finish => (Date.today + 0)))
     term3 = Osm::Term.new(@attributes.merge(:start => (Date.today +  1), :finish => (Date.today + 60)))
 
-    term1.future?().should == false
-    term2.future?().should == false
-    term3.future?().should == true
+    term1.future?().should be_false
+    term2.future?().should be_false
+    term3.future?().should be_true
   end
 
   it "Works out if it is the current term" do
@@ -93,9 +93,9 @@ describe "Term" do
     term2 = Osm::Term.new(@attributes.merge(:start=> (Date.today -  0), :finish => (Date.today + 0)))
     term3 = Osm::Term.new(@attributes.merge(:start => (Date.today +  1), :finish => (Date.today + 60)))
 
-    term1.current?().should == false
-    term2.current?().should == true
-    term3.current?().should == false
+    term1.current?().should be_false
+    term2.current?().should be_true
+    term3.current?().should be_false
   end
 
   it "Works out if it contains a date" do
@@ -103,9 +103,9 @@ describe "Term" do
     term2 = Osm::Term.new(@attributes.merge(:start => (Date.today -  0), :finish => (Date.today + 0)))
     term3 = Osm::Term.new(@attributes.merge(:start => (Date.today +  1), :finish => (Date.today + 60)))
 
-    term1.contains_date?(Date.today).should == false
-    term2.contains_date?(Date.today).should == true
-    term3.contains_date?(Date.today).should == false
+    term1.contains_date?(Date.today).should be_false
+    term2.contains_date?(Date.today).should be_true
+    term3.contains_date?(Date.today).should be_false
   end
 
   it "Date helpers return false for nil dates" do

data/spec/spec_helper.rb

@@ -20,6 +20,7 @@ FakeWeb.allow_net_connect = %r[^https://coveralls.io] # Allow coveralls to repor
 
 
 RSpec.configure do |config|
+
   # == Mock Framework
   #
   # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
@@ -27,7 +28,17 @@ RSpec.configure do |config|
   # config.mock_with :mocha
   # config.mock_with :flexmock
   # config.mock_with :rr
-  config.mock_with :rspec
+  config.mock_with :rspec  do |configuration|
+    # Using the expect syntax is preferable to the should syntax in some cases.
+    # The problem here is that the :should syntax that RSpec uses can fail in
+    # the case of proxy objects, and objects that include the delegate module.
+    # Essentially it requires that we define methods on every object in the
+    # system. Not owning every object means that we cannot ensure this works in
+    # a consistent manner. The expect syntax gets around this problem by not
+    # relying on RSpec specific methods being defined on every object in the
+    # system.
+    configuration.syntax = [:expect, :should]
+  end
 
   config.before(:each) do
     FakeWeb.clean_registry
@@ -54,8 +65,8 @@ RSpec.configure do |config|
     Osm::configure(@CONFIGURATION)
     
     @api = Osm::Api.new('user_id', 'secret')
-    Osm::Model.stub(:require_ability_to) {}
-    Osm::Model.stub(:require_access_to_section) {}
+    Osm::Model.stub(:require_ability_to).and_return(nil)
+    Osm::Model.stub(:require_access_to_section).and_return(nil)
   end
 end
 

data/version.rb

@@ -1,3 +1,3 @@
 module Osm
-  VERSION = "1.2.7"
+  VERSION = "1.2.8"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: osm
 version: !ruby/object:Gem::Version
-  version: 1.2.7
+  version: 1.2.8
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-15 00:00:00.000000000 Z
+date: 2014-03-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -267,6 +267,7 @@ files:
 - lib/osm/sms.rb
 - lib/osm/term.rb
 - osm.gemspec
+- spec/array_of_validator_spec.rb
 - spec/osm/activity_spec.rb
 - spec/osm/api_access_spec.rb
 - spec/osm/api_spec.rb