RubyGems - papers_please - Versions diffs - 0.0.3.beta → 0.1.0 - Mend

papers_please 0.0.3.beta → 0.1.0

Files changed (18) hide show

checksums.yaml +5 -5
data/.gitignore +2 -0
data/Gemfile +2 -2
data/Gemfile.lock +7 -3
data/README.md +68 -41
data/Rakefile +3 -3
data/bin/console +4 -3
data/lib/papers_please/errors.rb +5 -0
data/lib/papers_please/permission.rb +42 -6
data/lib/papers_please/policy.rb +28 -2
data/lib/papers_please/rails/controller_methods.rb +25 -0
data/lib/papers_please/railtie.rb +23 -0
data/lib/papers_please/role.rb +19 -7
data/lib/papers_please/version.rb +1 -1
data/lib/papers_please.rb +38 -1
data/papers_please.gemspec +16 -15
metadata +36 -21
data/.byebug_history +0 -60

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA256:
-  metadata.gz: dfc4c5fd0a8edd23d0befb5b369c2c87247927230893534ddd338d504eccf72f
-  data.tar.gz: aa89dd7a72410900567bbd3b44f7ea7cd57abd44821d478499310fd8b99b7cd0
+SHA1:
+  metadata.gz: c2eae718044ec1bc5ae95e4a7cadb9bd5046cd8e
+  data.tar.gz: '0759782832b9706d6c59cdde394035731372d1d8'
 SHA512:
-  metadata.gz: a427adc6461f8d3e3641afcb1778e737811404bac92dd5637d621c88c9dc7c3d4b52d4fd745d9272fc5e5a2848a2e8c24c2302527921bf4e5013ad9acdf14cfb
-  data.tar.gz: ae00489c552cf58bfaa20555fcde4e0d84b9356b8d835d2e9d015bcfd683afce7f57dcb2f1880d801137f1aab443e2dbdca39938cc4907b42224b991d0623a23
+  metadata.gz: dc8356f4e7dc50c80a9d754a5b6e411448dcaad7e1a3f05d4016f3d89a6999837b0528b74b584648367f6b233589fcfea0994e5e6116dd7daef580138e4f2b98
+  data.tar.gz: e13e12d51105db39fb14c72d6999e80d5d099f511afc4bcabc82c668bc018f5c414ecd33f0fbc146f12430e328739c364bd2ed5f869b37b460cd4907f90030c6

data/.gitignore CHANGED Viewed

@@ -9,3 +9,5 @@
 # rspec failure tracking
 .rspec_status
+.byebug_history
+.DS_Store

data/Gemfile CHANGED Viewed

@@ -1,6 +1,6 @@
-source "https://rubygems.org"
+source 'https://rubygems.org'
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 # Specify your gem's dependencies in papers_please.gemspec
 gemspec

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,8 @@
 PATH
   remote: .
   specs:
-    papers_please (0.0.3.beta)
+    papers_please (0.1.0)
+      terminal-table
 GEM
   remote: https://rubygems.org/
@@ -29,12 +30,15 @@ GEM
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
+    terminal-table (1.8.0)
+      unicode-display_width (~> 1.1, >= 1.1.1)
+    unicode-display_width (1.4.0)
 PLATFORMS
   ruby
 DEPENDENCIES
-  bundler (~> 1.16)
+  bundler (~> 2.0)
   byebug
   papers_please!
   rake (~> 10.0)
@@ -42,4 +46,4 @@ DEPENDENCIES
   simplecov
 BUNDLED WITH
-   1.16.1
+   2.0.1

data/README.md CHANGED Viewed

@@ -4,41 +4,40 @@ A roles and permissions gem from Apsis Labs.
 **NOTE**: Still under heavy development, definitely not suitable for anything remotely resembling production usage. Very unlikely to even work.
 ## Example
 ```ruby
 # app/policies/access_policy.rb
 class AccessPolicy < PapersPlease::Policy
   def configure
-    # Define a role in a block
-    role :admin, (proc { |u| u.admin? }) do
-      grant [:manage, :archive], Post
+    # Define your roles
+    role :super, (proc { |u| u.super? })
+    role :admin, (proc { |u| u.admin? })
+    role :member, (proc { |u| u.member? })
+    role :guest
+    permit :super do |role|
+      role.grant [:manage], User
     end
-    # Define a role in a class
-    role :member, MemberRole
-    # Define a role with no predicate
-    role :guest do
-      grant [:read], Post, predicate: (proc { |u, post| !post.archived? })
+    permit :admin, :super do |role|
+      role.grant [:manage, :archive], Post
     end
-  end
-end
-# app/policies/roles/member_role.rb
-class MemberRole < PapersPlease::Role
-  predicate { |user| user.member? }
-  config do
-    grant :create, Post
-    grant [:read, :update], Post, query: (proc { |u| u.posts })
-    grant :archive, Post, query: method(:published_posts)
-  end
+    permit :member do |role|
+      role.grant [:create], Post
+      role.grant [:update, :read], Post, query: (proc { |u| u.posts })
+      role.grant [:archive], Post, query: (proc { |u| u.posts }), predicate: (proc { |u, post| !post.archived? })
+    end
-  private
+    permit :guest do |role|
+      role.grant [:read], Post, predicate: (proc { |u, post| !post.archived? })
+    end
-  def published_posts(user, klass)
-    user.posts.where(status: :published)
+    permit :member, :guest do |role|
+      role.grant [:read], Attachment, granted_by: [Post, (proc { |u, attachment| attachment.post })]
+    end
   end
 end
@@ -67,6 +66,16 @@ class PostsController < ApplicationController
     render json: @post
   end
 end
+class AttachmentsController < ApplicationController
+  # GET /attachments/:id
+  def show
+    @attachment = Attachment.find([:id])
+    policy.authorize! :read, @attachment # => proxied to Post permission check
+    send_data @attachment.data, type: @attachment.content_type
+  end
+end
 ```
 ## A helpful CLI
@@ -75,24 +84,34 @@ end
 $ rails papers_please:roles
 # =>
-# | role    | permission | object |
-# | :------ | :--------- | :----- |
-# | :admin  | :create    | Post   |
-# |         | :read      | Post   |
-# |         | :update    | Post   |
-# |         | :destroy   | Post   |
-# |         | :archive   | Post   |
-# |         |            |        |
-# | :member | :create    | Post   |
-# |         | :read      | Post   |
-# |         | :update    | Post   |
-# |         | :archive   | Post   |
-# |         |            |        |
-# | :guest  | :read      | Post   |
-$ rails papers_please:annotate [app/policies/access_policy.rb]
-# => output roles table to top of AccessPolicy file
+# +---------+------------+------------+------------+----------------+-------------------+
+# | role    | subject    | permission | has query? | has predicate? | granted by other? |
+# +---------+------------+------------+------------+----------------+-------------------+
+# | admin   | Post       | create     | yes        | yes            | no                |
+# |         | Post       | read       | yes        | yes            | no                |
+# |         | Post       | update     | yes        | yes            | no                |
+# |         | Post       | destroy    | yes        | yes            | no                |
+# |         | Attachment | create     | yes        | yes            | no                |
+# |         | Attachment | read       | yes        | yes            | no                |
+# |         | Attachment | update     | yes        | yes            | no                |
+# |         | Attachment | destroy    | yes        | yes            | no                |
+# +---------+------------+------------+------------+----------------+-------------------+
+# | manager | Post       | create     | yes        | yes            | no                |
+# |         | Post       | read       | yes        | yes            | no                |
+# |         | Post       | update     | yes        | yes            | no                |
+# |         | Post       | destroy    | yes        | yes            | no                |
+# |         | Attachment | create     | yes        | yes            | yes               |
+# |         | Attachment | read       | yes        | yes            | yes               |
+# |         | Attachment | update     | yes        | yes            | yes               |
+# |         | Attachment | destroy    | yes        | yes            | yes               |
+# +---------+------------+------------+------------+----------------+-------------------+
+# | member  | Post       | create     | yes        | yes            | no                |
+# |         | Post       | read       | yes        | yes            | no                |
+# |         | Post       | update     | yes        | yes            | no                |
+# |         | Attachment | create     | yes        | yes            | yes               |
+# |         | Attachment | read       | yes        | yes            | yes               |
+# |         | Attachment | update     | yes        | yes            | yes               |
+# +---------+------------+------------+------------+----------------+-------------------+
 ```
 ## Installation
@@ -141,3 +160,11 @@ This owes its existence to [`AccessGranted`](https://github.com/chaps-io/access-
 ## License
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+---
+# Built by Apsis
+[![apsis](https://s3-us-west-2.amazonaws.com/apsiscdn/apsis.png)](https://www.apsis.io)
+`papers_please` was built by Apsis Labs. We love sharing what we build! Check out our [other libraries on Github](https://github.com/apsislabs), and if you like our work you can [hire us](https://www.apsis.io/work-with-us/) to build your vision.

data/Rakefile CHANGED Viewed

@@ -1,6 +1,6 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 RSpec::Core::RakeTask.new(:spec)
-task :default => :spec
+task default: :spec

data/bin/console CHANGED Viewed

@@ -1,7 +1,8 @@
 #!/usr/bin/env ruby
-require "bundler/setup"
-require "papers_please"
+require 'bundler/setup'
+require 'papers_please'
+Dir['spec/fixtures/**/*.rb'].each { |f| require File.expand_path(f) }
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
@@ -10,5 +11,5 @@ require "papers_please"
 # require "pry"
 # Pry.start
-require "irb"
+require 'irb'
 IRB.start(__FILE__)

data/lib/papers_please/errors.rb CHANGED Viewed

@@ -3,6 +3,11 @@ module PapersPlease
   class AccessDenied < Error; end
+  class InvalidGrant < Error; end
+  class DuplicateRole < Error; end
+  class MissingRole < Error; end
   class DuplicatePermission < Error; end
   class InvalidPermission < Error; end

data/lib/papers_please/permission.rb CHANGED Viewed

@@ -1,12 +1,18 @@
 module PapersPlease
   class Permission
-    attr_accessor :key, :subject, :query, :predicate
+    attr_accessor :key, :subject, :query, :predicate, :granted_by, :granting_class
-    def initialize(key, subject, query: nil, predicate: nil)
-      @key = key
-      @subject = subject
-      @query = query
-      @predicate = predicate
+    def initialize(key, subject, query: nil, predicate: nil, granted_by: nil, granting_class: nil)
+      self.key = key
+      self.subject = subject
+      self.query = query
+      self.predicate = predicate
+      self.granted_by = granted_by
+      self.granting_class = granting_class
+    end
+    def granted_by_other?
+      @granting_class.is_a?(Class) && @granted_by.is_a?(Proc)
     end
     def matches?(key, subject)
@@ -15,14 +21,44 @@ module PapersPlease
     def granted?(*args)
       return predicate.call(*args) if predicate.is_a? Proc
+      # :nocov:
+      # as far as we can tell this line is unreachable, but just in case...
       false
+      # :nocov:
     end
     def fetch(*args)
       return query.call(*args) if query.is_a? Proc
       nil
     end
+    # Setters
+    def query=(val)
+      raise ArgumentError, "query must be a Proc, #{val.class} given" if val && !val.is_a?(Proc)
+      @query = val
+    end
+    def predicate=(val)
+      raise ArgumentError, "predicate must be a Proc, #{val.class} given" if val && !val.is_a?(Proc)
+      @predicate = val
+    end
+    def granted_by=(val)
+      raise ArgumentError, "granted_by must be a Proc, #{val.class} given" if val && !val.is_a?(Proc)
+      @granted_by = val
+    end
+    def granting_class=(val)
+      raise ArgumentError, "granting_class must be a Class, #{val.class} given" if val && !val.is_a?(Class)
+      @granting_class = val
+    end
     private
     def key_matches?(key)

data/lib/papers_please/policy.rb CHANGED Viewed

@@ -12,7 +12,7 @@ module PapersPlease
     end
     def configure
-      raise NotImplementedError, "The #configure method of the access policy was not implemented"
+      raise NotImplementedError, 'The #configure method of the access policy was not implemented'
     end
     # Add a role to the Policy
@@ -27,11 +27,35 @@ module PapersPlease
     end
     alias role add_role
+    # Add permissions to the Role
+    def add_permissions(keys)
+      return unless block_given?
+      Array(keys).each do |key|
+        raise MissingRole unless roles.key?(key)
+        yield roles[key]
+      end
+    end
+    alias permit add_permissions
     # Look up a stored permission block and call with
     # the current user and subject
     def can?(action, subject = nil)
       applicable_roles.each do |_, role|
         permission = role.find_permission(action, subject)
+        next if permission.nil?
+        # Proxy permission check if granted by other
+        if permission.granted_by_other?
+          # Get proxied subject
+          subject = subject.is_a?(Class) ? permission.granting_class : permission.granted_by.call(user, subject)
+          # Get proxied permission
+          permission = role.find_permission(action, subject)
+        end
+        # Check permission
         return permission.granted?(user, subject, action) unless permission.nil?
       end
@@ -43,7 +67,8 @@ module PapersPlease
     end
     def authorize!(action, subject)
-      raise AccessDenied.new("Access denied for #{action} on #{subject}") if cannot?(action, subject)
+      raise AccessDenied, "Access denied for #{action} on #{subject}" if cannot?(action, subject)
       subject
     end
@@ -57,6 +82,7 @@ module PapersPlease
       nil
     end
+    alias query scope_for
     # Fetch roles that apply to the current user
     def applicable_roles

data/lib/papers_please/rails/controller_methods.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module PapersPlease
+  module Rails
+    module ControllerMethods
+      def self.included(base)
+        base.helper_method :can?, :cannot?, :policy if base.respond_to? :helper_method
+      end
+      def policy
+        @policy ||= ::PapersPlease.new(current_user)
+      end
+      def can?(*args)
+        policy.can?(*args)
+      end
+      def cannot?(*args)
+        policy.cannot?(*args)
+      end
+      def authorize!(*args)
+        policy.authorize!(*args)
+      end
+    end
+  end
+end

data/lib/papers_please/railtie.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'rails/railtie'
+module PapersPlease
+  class Railtie < ::Rails::Railtie
+    rake_tasks do
+      Dir[File.join(File.dirname(__FILE__), 'tasks/*.rake')].each { |f| load f }
+    end
+    initializer :papers_plesae do
+      if defined? ActionController::Base
+        ActionController::Base.class_eval do
+          include PapersPlease::Rails::ControllerMethods
+        end
+      end
+      if defined? ActionController::API
+        ActionController::API.class_eval do
+          include PapersPlease::Rails::ControllerMethods
+        end
+      end
+    end
+  end
+end

data/lib/papers_please/role.rb CHANGED Viewed

@@ -6,23 +6,28 @@ module PapersPlease
       @name = name
       @predicate = predicate
       @permissions = []
-      instance_eval(&definition) unless definition.nil?
     end
     def applies_to?(user)
       return @predicate.call(user) if @predicate.is_a? Proc
       true
     end
-    def add_permission(actions, klass, query: nil, predicate: nil)
+    def add_permission(actions, klass, query: nil, predicate: nil, granted_by: nil)
       prepare_actions(actions).each do |action|
         raise DuplicatePermission if permission_exists?(action, klass)
+        raise InvalidGrant, 'granted_by must be an array of [Class, Proc]' if !granted_by.nil? && !valid_grant?(granted_by)
         has_query = query.is_a?(Proc)
         has_predicate = predicate.is_a?(Proc)
         permission = Permission.new(action, klass)
+        if granted_by
+          permission.granting_class = granted_by[0]
+          permission.granted_by = granted_by[1]
+        end
         if has_query && has_predicate
           # Both query & predicate provided
@@ -30,7 +35,6 @@ module PapersPlease
           permission.predicate = predicate
         elsif has_query && !has_predicate
           # Only query provided
           permission.query = query
           if action == :create && actions == :manage
@@ -47,7 +51,6 @@ module PapersPlease
           end
         elsif !has_query && has_predicate
           # Only predicate provided
           permission.predicate = predicate
         else
           # Neither provided
@@ -72,10 +75,19 @@ module PapersPlease
     private
+    def valid_grant?(tuple)
+      return false unless tuple.is_a? Array
+      return false unless tuple.length == 2
+      return false unless tuple[0].is_a? Class
+      return false unless tuple[1].is_a? Proc
+      true
+    end
     # Wrap actions, translating :manage into :crud
     def prepare_actions(action)
-      Array(*[action]).flat_map do |a|
-        a == :manage ? [:create, :read, :update, :destroy] : [a]
+      Array(action).flat_map do |a|
+        a == :manage ? %i[create read update destroy] : [a]
       end
     end
   end

data/lib/papers_please/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module PapersPlease
-  VERSION = "0.0.3.beta"
+  VERSION = '0.1.0'.freeze
 end

data/lib/papers_please.rb CHANGED Viewed

@@ -3,7 +3,44 @@ require 'papers_please/errors'
 require 'papers_please/policy'
 require 'papers_please/role'
 require 'papers_please/permission'
+require 'papers_please/railtie' if defined? Rails
 module PapersPlease
-  # Your code goes here...
+  def self.permissions_table(policy_klass)
+    require 'terminal-table'
+    policy = policy_klass.new(:system)
+    table = ::Terminal::Table.new do |t|
+      t.headings = [
+        'role',
+        'subject',
+        'permission',
+        'has query?',
+        'has predicate?',
+        'granted by other?'
+      ]
+      policy.roles.each_with_index do |(name, role), index|
+        t.add_separator unless index.zero?
+        first_line_of_role = true
+        role.permissions.group_by(&:subject).each do |subject, permissions|
+          permissions.each do |permission|
+            t.add_row [
+              first_line_of_role ? name : nil,
+              subject,
+              permission.key,
+              permission.query ? 'yes' : 'no',
+              permission.predicate ? 'yes' : 'no',
+              permission.granted_by_other? ? 'yes' : 'no',
+            ]
+            first_line_of_role = false
+          end
+        end
+      end
+    end
+    puts table
+  end
 end

data/papers_please.gemspec CHANGED Viewed

@@ -1,29 +1,30 @@
-lib = File.expand_path("../lib", __FILE__)
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require "papers_please/version"
+require 'papers_please/version'
 Gem::Specification.new do |spec|
-  spec.name          = "papers_please"
+  spec.name          = 'papers_please'
   spec.version       = PapersPlease::VERSION
-  spec.authors       = ["Apsis Labs"]
-  spec.email         = ["wyatt@apsis.io"]
+  spec.authors       = ['Apsis Labs']
+  spec.email         = ['wyatt@apsis.io']
-  spec.summary       = %q{A roles & permissions gem for ruby applications.}
-  spec.homepage      = "http://apsis.io"
-  spec.license       = "MIT"
+  spec.summary       = 'A roles & permissions gem for ruby applications.'
+  spec.homepage      = 'http://apsis.io'
+  spec.license       = 'MIT'
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
-  spec.bindir        = "exe"
+  spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
+  spec.add_dependency 'terminal-table'
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 10.0"
-  spec.add_development_dependency "rspec", "~> 3.0"
-  spec.add_development_dependency "byebug"
+  spec.add_development_dependency 'bundler', '~> 2.0'
+  spec.add_development_dependency 'byebug'
+  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'simplecov'
 end

metadata CHANGED Viewed

@@ -1,71 +1,85 @@
 --- !ruby/object:Gem::Specification
 name: papers_please
 version: !ruby/object:Gem::Version
-  version: 0.0.3.beta
+  version: 0.1.0
 platform: ruby
 authors:
 - Apsis Labs
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-10-03 00:00:00.000000000 Z
+date: 2019-05-07 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '10.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '10.0'
 - !ruby/object:Gem::Dependency
-  name: byebug
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -87,7 +101,6 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".byebug_history"
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
@@ -102,6 +115,8 @@ files:
 - lib/papers_please/errors.rb
 - lib/papers_please/permission.rb
 - lib/papers_please/policy.rb
+- lib/papers_please/rails/controller_methods.rb
+- lib/papers_please/railtie.rb
 - lib/papers_please/role.rb
 - lib/papers_please/version.rb
 - papers_please.gemspec
@@ -120,12 +135,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 2.6.13
 signing_key:
 specification_version: 4
 summary: A roles & permissions gem for ruby applications.

data/.byebug_history DELETED Viewed

@@ -1,60 +0,0 @@
-q
-@policy
-q
-permission
-c
-permission
-c
-permission
-c
-permission
-q
-res.include?(obj)
-posts.include?(obj)
-posts.include(obj)
-res
-obj
-c
-obj
-res.include?(obj)
-res.include?
-res
-c
-u.posts
-u
-c
-u
-c
-role
-q
-role
-q
-applicable_roles.count
-applicable_roles
-c
-q
-@user
-role.applies_to?(@user)
-role
-c
-q
-applicable_roles
-c
-q
-klass
-action
-permissions
-permission_exists?(action, klass)
-action
-q
-n
-s
-actions
-c
-n
-role
-c
-n
-roles.key?(:admin)
-roles
-name