permissify 0.0.16 → 0.0.17

data/Gemfile

@@ -43,12 +43,10 @@
 source :rubygems
 
 # gem "sqlite3"
-# TODO : any activerecord version dependency?
 # gem "activerecord", '~> 3.0.9', :require => "active_record"
-# gem "activerecord", :require => "active_record"
 # gem "with_model", "~> 0.2.5"
 # gem "meta_where"
 
 gemspec
 
-gem 'rspec' 
+gem 'rspec'

data/lib/generators/permissify/role/template/role.rb

@@ -16,6 +16,11 @@ class Role < ActiveRecord::Base
   class << self
     include Permissify::ModelClass
     include SystemFixtures::Roles
+
+    def force_seed_id(table, permissions_model, id)
+      # not sure if this is still needed, may differ depending on db adapter (written against mysql)
+      ActiveRecord::Base.connection.execute "UPDATE #{table}s SET id=#{id} WHERE id=#{permissions_model.id};"
+    end
   end
   
   def initialize_non_permission_values

data/lib/generators/permissify/role/template/roles.rb

@@ -5,7 +5,7 @@ module SystemFixtures::Roles
 
   def seeded?(role); role.id <= SEEDED_ORDERED_ROLES.length; end
   def seed
-    create_seeds :roles, SEED_SPECIFICATIONS
+    create_seeds SEED_SPECIFICATIONS
     Role.find(1).manage_ids = [2,3,4,5,6]
     Role.find(2).manage_ids = [2,3,4,5,6]
     Role.find(3).manage_ids = [3,4,5,6]

data/lib/permissify/ability_class.rb

@@ -46,6 +46,11 @@ module Permissify
       @@permissions.keys.each{ |key| @@permissions.delete(key) if key.start_with?(key_prefix) }
       @@permissions
     end
+
+    def remove_permissions(key_prefixes)
+      key_prefixes.each{ |key_prefix| remove_permission(key_prefix) }
+      @@permissions
+    end
     
     def current_permissions_hash
       @@permissions

data/lib/permissify/aggregate.rb

@@ -2,13 +2,34 @@ module Permissify
   module Aggregate
     attr_accessor :abilities
   
-    def permissions_union # [integer values].max
+    def permissions_union
       @union ||= construct_union
+      @working_permissions = @union
     end
   
+    def permissions_intersection(product_permissions)
+      @intersection ||= construct_intersection
+      @working_permissions = @intersection
+    end
+    
+    def allowed_to?(action, feature)
+      @working_permissions ||= permissions_union
+      (@working_permissions["#{feature}_#{action}"]['0'] == true rescue false)
+    end
+
+    def viewable?(feature);       allowed_to?(:view,    feature); end
+    def createable?(feature);     allowed_to?(:create,  feature); end
+    def updateable?(feature);     allowed_to?(:update,  feature); end
+    def deleteable?(feature);     allowed_to?(:delete,  feature); end
+    def subscribed_to?(feature);  allowed_to?(:on,      feature); end
+  
+    private
+
     def construct_union
       union = {}
-      self.send(self.class::PERMISSIFIED_ASSOCIATION).collect(&:permissions).each do |permissions_hash|
+      permissified_models = self.send(self.class::PERMISSIFIED_ASSOCIATION)
+      permissions_hashes = permissified_models.collect(&:permissions)
+      permissions_hashes.each do |permissions_hash|
         permissions_hash.each do |key, descriptor|
           descriptor ||= {'0' => false}
           if union[key].nil?
@@ -16,70 +37,66 @@ module Permissify
           else
             arbitrate(union, descriptor, key, :max)
           end
-          union[key]['0'] = (union[key]['0'] == '1' || descriptor['0'] == '1')
+          union[key]['0'] = (union[key]['0'] == true || descriptor['0'] == '1')
         end
       end
       union
     end
-  
-    def permissions_intersection(product_permissions)
-      return @intersection if @intersection
-      @intersection = {}
-      permissions_union
-
-      # TODO : Product/Role references should be plugged-in...
-      # - could aggregate keep track of class names that it is included in?
-      # - there is a lot tangled up in here...
-      Ability.all_for(%w(Product Role)).each do |ability|
-        key = ability[:key]
-        descriptor = @union[key]
-        product_descriptor = product_permissions[key]
-        if permissable?(descriptor) && permissable?(product_descriptor)
-          @intersection[key] = descriptor
-          arbitrate(@intersection, product_descriptor, key, :min)
-        else
-          @intersection[key] = null_permission
-        end
-      end
-
-      include_permissions_unless_common_to_role_and_product('Product', product_permissions)
-      include_permissions_unless_common_to_role_and_product('Role', @union)
-      @intersection
-    end
-  
-    def permissable?(descriptor); descriptor && (descriptor['0'] == true || descriptor['0'] == '1'); end
-    def subscribed_to?(feature); allowed_to?('on', feature); end
-    def allowed_to?(action, feature); (permissions_union["#{feature}_#{action}"]['0'] == true rescue false); end
-  
-    def include_permissions_unless_common_to_role_and_product(applicability_type, applicable_permissions)
-      Ability.all_for(applicability_type).each do |ability|
-        key = ability[:key]
-        descriptor = applicable_permissions[key]
-        unless @intersection.has_key?(key)
-          if permissable?(descriptor)
-            descriptor['0'] = true
-            @intersection[key] = descriptor
-            arbitrate(@intersection, descriptor, key, :min)
-          else
-            @intersection[key] = null_permission
-          end
-        end
-      end
-    end
-  
-    private
+    
     def arbitrate(aggregation, other_descriptor, key, min_or_max) # assuming all permission 'args' are integers stored as strings
       1.upto(other_descriptor.size-1) do |i|
-        is = i.to_s; aggregation[key][is] = [aggregation[key][is].to_i, other_descriptor[is].to_i].send(min_or_max) # .to_s ?
+        is = i.to_s
+        aggregation[key][is] = [aggregation[key][is].to_i, other_descriptor[is].to_i].send(min_or_max) # .to_s ?
       end
     end
-    def null_permission; {'0' => false, '1' => 0}; end
-  
-    # # TODO : need to do this differently : specify in model? discern from
-    # def permissions_association # kinda icky
-    #   klass = self.respond_to?(:products) ? self.class : Business
-    #   @permissions_association ||= {User => :roles, klass => :products}[self.class]
-    #   @permissions_association ||= :permission_objects
+
+    # TODO : flush out intersection stuff in corp/brand/business products phase
+    # def construct_intersection
+    #   intersection = {}
+    #   permissions_union
+    # 
+    #   # TODO : Product/Role references should be plugged-in...
+    #   # - could aggregate keep track of class names that it is included in?
+    #   # - there is a lot tangled up in here...
+    #   Ability.all_for(%w(Product Role)).each do |ability|
+    #     key = ability[:key]
+    #     descriptor = @union[key]
+    #     product_descriptor = product_permissions[key]
+    #     if permissable?(descriptor) && permissable?(product_descriptor)
+    #       intersection[key] = descriptor
+    #       arbitrate(intersection, product_descriptor, key, :min)
+    #     else
+    #       intersection[key] = null_permission
+    #     end
+    #   end
+    # 
+    #   include_permissions_unless_common_to_role_and_product('Product', product_permissions)
+    #   include_permissions_unless_common_to_role_and_product('Role', @union)
+    #   intersection
+    # end
+    # 
+    # def permissable?(descriptor)
+    #   descriptor && (descriptor['0'] == true || descriptor['0'] == '1')
+    # end
+    # 
+    # def include_permissions_unless_common_to_role_and_product(applicability_type, applicable_permissions)
+    #   Ability.all_for(applicability_type).each do |ability|
+    #     key = ability[:key]
+    #     descriptor = applicable_permissions[key]
+    #     unless @intersection.has_key?(key)
+    #       if permissable?(descriptor)
+    #         descriptor['0'] = true
+    #         @intersection[key] = descriptor
+    #         arbitrate(@intersection, descriptor, key, :min)
+    #       else
+    #         @intersection[key] = null_permission
+    #       end
+    #     end
+    #   end
+    # end
+    # 
+    # def null_permission
+    #   {'0' => false, '1' => 0}
     # end
   end
 end

data/lib/permissify/controller.rb

@@ -1,15 +1,24 @@
 module Permissify
   module Controller
-        
+
+    def allowed_to?(action, permission_category)
+      (domain_permissions["#{permission_category}_#{action}"]['0'] == true rescue false)
+    end
+    
+    private
+
     def domain_permissions
-      return current_entity.permissions_union if current_user.nil? # public pages allow corp/brand/merchant product permissions
-      return current_user.permissions_union unless current_entity # admin, by convention, not subscribed to any products
-      current_user.permissions_intersection(current_entity.permissions_union)
+      @permissions ||= determine_domain_permissions
     end
 
-    def allowed_to?(action, permission_category)
-      @permissions ||= domain_permissions
-      (@permissions["#{permission_category}_#{action}"]['0'] == true rescue false)
+    def determine_domain_permissions
+      e = current_entity
+      u = current_user
+      if u.nil?
+        e ? e.permissions_union : {}  # public pages display according to just corp/brand/merchant product permissions
+      else
+        e ? u.permissions_intersection(e.permissions_union) : u.permissions_union
+      end
     end
     
   end

data/lib/permissify/model.rb

@@ -12,17 +12,23 @@ module Permissify
   
     def allows?(ability_key)
       allowed = self.permissions[ability_key];
-      allowed && allowed['0']; 
-      end
+      # allowed && allowed['0']
+      allowed && (allowed['0'] == '1') 
+    end
+
     def remove_permissions(keys)
-      keys = [keys] if keys.class == String
+      keys = [keys] if keys.class != Array
       keys.each{ |k| self.permissions[k] = nil}
       self.save
     end
+    
     def update_permissions(new_or_updated_permissions)
       self.permissions = self.permissions.merge(new_or_updated_permissions)
       self.save
     end
-    def underscored_name_symbol; self.class.underscored_name_symbol(self.name); end
+    
+    def underscored_name_symbol
+      self.class.underscored_name_symbol(self.name)
+    end
   end
 end

data/lib/permissify/model_class.rb

@@ -1,17 +1,12 @@
 module Permissify
   module ModelClass
-    def retire_permissions_objects(retire_sql)
-      ActiveRecord::Base.connection.execute retire_sql
-    end
-
-    def create_seeds(table_name, seed_specifications)
-      @model_class_seed_specifications = seed_specifications
+    
+    def create_seeds(seed_specifications)
       seed_specifications.each do |id, name|
         permissions_model = locate(id, name)
-        permissions_model.permissions = send("#{underscored_name_symbol(name)}_permissions")
+        permissions_model.permissions = send("#{underscored_name_symbol(name)}_permissions") # interface methods needed for each seeded model
         permissions_model.save
       end
-      ActiveRecord::Base.connection.execute "ALTER TABLE #{table_name} AUTO_INCREMENT = 101;"
     end
 
     def create_with_id(table, id, name)
@@ -20,17 +15,18 @@ module Permissify
       permissions_model.name = name
       permissions_model.permissions = permissions
       permissions_model.save
-      ActiveRecord::Base.connection.execute "UPDATE #{table}s SET id=#{id} WHERE id=#{permissions_model.id};"
+      force_seed_id(table, permissions_model, id) # interface method : force_seed_id
       find(id)
     end
   
     def locate(id, name)
-      model_with_id   = find_by_id(id)
-      model_with_id ||= send("create_#{underscored_name_symbol(name)}")
+      model_with_id   = find_by_id(id) # interface method : ActiveRecord::Base.find_by_id
+      model_with_id ||= send("create_#{underscored_name_symbol(name)}") # interface methods needed for each seeded model
     end
 
     def underscored_name_symbol(name)
-      name.to_s.downcase.gsub('-','_').gsub(':','').gsub('  ',' ').gsub(' ','_')    
+      name.to_s.downcase.gsub(':','').gsub('-','_').gsub(' ','_').gsub(/__*/,'_')
     end
+    
   end
 end

data/lib/permissify/roles.rb

@@ -1,24 +1,42 @@
 module Permissify::Roles
   include Permissify::Aggregate
-  
-  def primary_domain_type; sorted_domain_types.first; end
-  def primary_role_name; role_list(:description).sort.first; end
-  def sorted_domain_types; role_list(:domain_type).sort; end
-  def manages_roles; role_list(:manages_roles); end
-  def manages_role_names; sorted_role_names(manages_roles); end
-  def role_list(collection_method); roles.collect(&collection_method).flatten.uniq; end
-  
-  def can_create_and_modify(users, app_instance) # TODO : unit test for this
-    role_names_that_this_user_can_manage = manages_role_names
-    # 2 ways to go here : must be able to manage *all* or *any* of a user's roles.
-    # Chose *all* to prevent lower ranking users from demoting higher ranking users
-    users.select do |u|
-      u_role_names = sorted_role_names(u.roles)
-      ! u_role_names.blank? && (role_names_that_this_user_can_manage & u_role_names) == u_role_names
+
+  # inclusion of this module necessitates that the app's roles implementation includes:
+  # 1. domain_type field
+  # 2. define DOMAIN_TYPES as a ranked list of strings in implementation of Role/Permissify::Model-including class
+
+  # NOTE: in example app, helper methods enforce only assigning domain_type-specific roles to users
+  #       (an brand user can only be asigned roles that have a domain type of Brand).
+  def primary_domain_type
+    return nil if roles.empty?
+    domain_types = roles.collect(&:domain_type)
+    ranked_domain_types = roles.first.class::DOMAIN_TYPES
+    ranked_domain_types.each do |ranked_domain_type|
+      return ranked_domain_type if domain_types.include?(ranked_domain_type)
     end
-    users.delete_if{|u| !u.instances.include?(app_instance)}
-    return users
+    nil # unrecognized domain_type value(s)
   end
   
-  def sorted_role_names(roles); roles.collect(&:name).sort; end
+  # uncomment/reimplement methods as needed for example app/as more light shines...
+  
+  # def primary_domain_type; sorted_domain_types.first; end
+  # def primary_role_name; role_list(:description).sort.first; end
+  # def sorted_domain_types; role_list(:domain_type).sort; end
+  # def manages_roles; role_list(:manages_roles); end
+  # def manages_role_names; sorted_role_names(manages_roles); end
+  # def role_list(collection_method); roles.collect(&collection_method).flatten.uniq; end
+  # 
+  # def can_create_and_modify(users, app_instance) # TODO : unit test for this
+  #   role_names_that_this_user_can_manage = manages_role_names
+  #   # 2 ways to go here : must be able to manage *all* or *any* of a user's roles.
+  #   # Chose *all* to prevent lower ranking users from demoting higher ranking users
+  #   users.select do |u|
+  #     u_role_names = sorted_role_names(u.roles)
+  #     ! u_role_names.blank? && (role_names_that_this_user_can_manage & u_role_names) == u_role_names
+  #   end
+  #   users.delete_if{|u| !u.instances.include?(app_instance)}
+  #   return users
+  # end
+  # 
+  # def sorted_role_names(roles); roles.collect(&:name).sort; end
 end

data/spec/permissify/aggregate_spec.rb

@@ -0,0 +1,83 @@
+require 'spec_helper'
+
+describe Permissify::Aggregate do
+
+  describe 'permissions_union' do
+    before(:each) { new_aggregate; @union = @a.permissions_union}
+
+    it 'should include keys for permissions specified (true or false) in any permissified model' do
+      @union.keys.to_set.should == @pms.collect(&:permissions).collect(&:keys).flatten.uniq.to_set
+    end
+
+    it 'should indicate permission for a key is true if permission set to true in any permissified object permission set' do
+      %w(p_1 p_2 p_3 p_4 p_5).each{ |permission| @union[permission]['0'].should be_true }
+    end
+
+    it 'should indicate permission for a key is false if permission not set to true in any permissified object permission set' do
+      %w(p_6 p_7 p_8).each{ |permission| @union[permission]['0'].should be_false }
+    end
+  end
+  
+  describe 'allowed_to?' do
+    before(:each) { new_aggregate }
+
+    it 'should return true when permission is set in a permissified model permission set' do
+      (1..5).each{ |action| @a.allowed_to?(action.to_s, 'p').should be_true }
+    end
+
+    it 'should return false when permission is set to false in all permissified model permission sets where it is present or not present in any permission set' do
+      (6..9).each{ |action| @a.allowed_to?(action.to_s, 'p').should be_false }
+    end
+  end
+  
+  [ %w(subscribed_to? product1_on   product1),
+    %w(viewable?      thing_view    thing),
+    %w(createable?    thing_create  thing),
+    %w(updateable?    thing_update  thing),
+    %w(deleteable?    thing_delete  thing),
+  ].each do |method_name, permission_key, method_arg|
+    describe "#{method_name}" do
+      it "should be true when permission for '#{permission_key}' is specified as true" do
+        method_should(be_true, {permission_key => {'0' => '1'}}, method_name, method_arg)
+      end
+
+      it "should be false when permission for '#{permission_key}' specified as false" do
+        method_should(be_false, {permission_key => {'0' => '0'}}, method_name, method_arg)
+      end
+
+      it "should be false when permission for '#{permission_key}' not specified" do
+        method_should(be_false, {}, method_name, method_arg)
+      end
+    
+      def method_should(be_true_or_false, permissions, method_name, method_arg)
+        new_aggregate( [new_permissified_model( permissions )] )
+        @a.send(method_name, method_arg).should be_true_or_false
+      end
+    end
+  end
+    
+  # TODO : work out intersection specs in corp/brand/business products phase
+  # describe 'permissions_intersection' do
+  #   it 'should ...' do
+  #   end
+  # end
+
+  def new_aggregate(permissified_models = default_permissified_models)
+    @a = Userish.new
+    @pms = permissified_models
+    @a.roles = @pms
+  end
+  
+  def default_permissified_models
+    [ new_permissified_model( {'p_1' => {'0' => '0'}, 'p_2' => {'0' => '1'}, 'p_3' => {'0' => '1'}, 'p_6' => {'0' => '0'}} ),
+      new_permissified_model( {'p_1' => {'0' => '1'}, 'p_2' => {'0' => '0'}, 'p_4' => {'0' => '1'}, 'p_7' => {'0' => '0'}} ),
+      new_permissified_model( {'p_1' => {'0' => '0'}, 'p_2' => {'0' => '0'}, 'p_5' => {'0' => '1'}, 'p_8' => {'0' => '0'}} )
+    ]
+  end
+  
+  def new_permissified_model(permissions)
+    pm = PermissifiedModel.new
+    pm.permissions = permissions
+    pm
+  end
+end

data/spec/permissify/controller_spec.rb

@@ -0,0 +1,74 @@
+require 'spec_helper'
+
+describe Permissify::Controller do
+  before(:each) { @controller = PermissifiedController.new }
+  
+  describe 'allowed_to?' do
+    describe 'and no current entity' do
+      before(:each) { @controller.should_receive(:current_entity).and_return(nil) }
+
+      it 'should return false when no current user' do
+        @controller.should_receive(:current_user).and_return(nil)
+        allowed_to_should be_false
+      end
+      
+      describe 'and current user is not nil' do
+        before(:each) do
+          @user = Userish.new
+          @controller.should_receive(:current_user).and_return(@user)
+        end
+
+        it 'should return true when current user has permission for category action' do
+          category_action_permission_causes_allowed_to_be true, be_true
+        end
+        
+        it 'should return false when current user does not have permission for category action' do
+          category_action_permission_causes_allowed_to_be false, be_false
+        end
+      end
+    end
+    
+    describe 'and current entity exists' do
+      describe 'and no current user' do
+        it 'should return true when current entity has permission for category action' do
+          pending('products phase')
+        end
+        
+        it 'should return false when current entity does not have permission for category action' do
+          pending('products phase')
+        end
+      end
+      
+      describe 'and current user is not nil' do
+        describe 'and current entity has permission for category action' do
+          it 'should return true when current user has permission for category action' do
+            pending('products phase')
+          end
+
+          it 'should return false when current user does not have permission for category action' do
+            pending('products phase')
+          end
+        end
+        
+        describe 'and current entity does not have permission for category action' do
+          it 'should return false when current user has permission for category action' do
+            pending('products phase')
+          end
+
+          it 'should return false when current user does not have permission for category action' do
+            pending('products phase')
+          end
+        end
+      end
+    end
+
+    def category_action_permission_causes_allowed_to_be(permission_true_or_false, be_true_or_false, action = :view, category = :something)
+      @user.should_receive(:permissions_union).and_return( {"#{category}_#{action}" => {'0' => permission_true_or_false} })
+      allowed_to_should be_true_or_false, action, category
+    end
+    
+    def allowed_to_should(be_true_or_false, action = :view, category = :something)
+      @controller.allowed_to?(:view, :something).should be_true_or_false
+    end
+  end
+end

data/spec/permissify/model_class_spec.rb

@@ -0,0 +1,68 @@
+require 'spec_helper'
+
+describe Permissify::ModelClass do
+  describe 'create_seeds' do
+    it 'should locate, set permissions and save each specified seed' do
+      (seed_specifications = [ [21, 'seeded model name1'], [81, 'seeded model name 2'] ]).each do |id, name|
+        PermissifiedModel.should_receive(:locate).with(id, name).and_return(located_model = mock)
+        app_implemented_permissions_method = "#{name.gsub(' ','_')}_permissions"
+        PermissifiedModel.should_receive(app_implemented_permissions_method).and_return(:name_permissions)
+        located_model.should_receive(:permissions=).with(:name_permissions)
+        located_model.should_receive(:save)
+      end
+      PermissifiedModel.create_seeds seed_specifications
+    end
+  end
+      
+  describe 'create_with_id' do
+    it 'should create a new object, set its name, permissions, save it, force its id and then find it' do
+      PermissifiedModel.should_receive(:name_permissions).and_return(:permissions_for_name)
+      PermissifiedModel.should_receive(:new).and_return(mocked_permissions_model = mock())
+      mocked_permissions_model.should_receive(:name=).with(:name)
+      mocked_permissions_model.should_receive(:permissions=).with(:permissions_for_name)
+      mocked_permissions_model.should_receive(:save)
+      PermissifiedModel.should_receive(:force_seed_id).with(:table, mocked_permissions_model, :id)
+      PermissifiedModel.should_receive(:find).with(:id).and_return(:model_returned_from_find)
+      PermissifiedModel.create_with_id(:table, :id, :name).should == :model_returned_from_find
+    end
+  end
+
+  describe 'locate' do
+    it 'should return model corresponding to input id when model with id exists' do
+      mock_find_by_id :model_from_find_by_id
+      PermissifiedModel.locate(:input_model_id, :input_model_id_name).should == :model_from_find_by_id
+    end
+    
+    it 'should return response from app-implemented "create_input_model_id_name"' do
+      mock_find_by_id nil
+      PermissifiedModel.should_receive(:create_input_model_id_name).and_return(:model_from_create_input_model_id_name)
+      PermissifiedModel.locate(:input_model_id, :input_model_id_name).should == :model_from_create_input_model_id_name
+    end
+    
+    def mock_find_by_id(mocked_return)
+      PermissifiedModel.should_receive(:find_by_id).with(:input_model_id).and_return(mocked_return)
+    end
+  end
+  
+  describe 'underscored_name_symbol' do
+    it 'should return a string' do
+      PermissifiedModel.underscored_name_symbol(:symbol).class.name.should == 'String'
+    end
+    
+    it 'should return a downcased version of input' do
+      PermissifiedModel.underscored_name_symbol(:SYMBOL).should == 'symbol'
+    end
+    
+    it 'should squish whitespace into a single underscore' do
+      PermissifiedModel.underscored_name_symbol('   squish     it  ').should == '_squish_it_'
+    end
+    
+    it 'should convert dashes to underscores' do
+      PermissifiedModel.underscored_name_symbol('-dash--to---underscore----').should == '_dash_to_underscore_'
+    end
+    
+    it 'should remove colons' do
+      PermissifiedModel.underscored_name_symbol(':colons:::be:gone:::').should == 'colonsbegone'
+    end
+  end
+end

data/spec/permissify/model_spec.rb

@@ -0,0 +1,102 @@
+require 'spec_helper'
+
+describe Permissify::Model do
+  describe 'establish_from_permissions_model' do
+    it 'should set from_permissions_model to nil when from is nil' do
+      from_permissions_model_should_be nil
+    end
+
+    it 'should set from_permissions_model to find response when from is set' do
+      PermissifiedModel.should_receive(:find).with(:with_from_value).and_return(:find_response)
+      from_permissions_model_should_be(:find_response, :with_from_value)
+    end
+    
+    def from_permissions_model_should_be(expected_from_permissions_model, from_value = nil)
+      new_model
+      @pm.from = from_value
+      @pm.establish_from_permissions_model
+      @pm.from_permissions_model.should == expected_from_permissions_model
+    end
+  end
+      
+  describe 'initialize_permissions' do
+    before(:each) { new_model }
+    
+    it 'should set permissions to empty hash when from is not set' do
+      permissions_should_be({}, nil)
+    end
+
+    it 'should set permissions from model that can be found with from value' do
+      other_permissions_model = mock(:permissions => :other_permissions)
+      @pm.should_receive(:establish_from_permissions_model).and_return(other_permissions_model)
+      permissions_should_be(:other_permissions, :with_from_value)
+    end
+    
+    def permissions_should_be(expected_permissions, from_value = nil)
+      @pm.from = from_value
+      @pm.initialize_permissions
+      @pm.permissions.should == expected_permissions
+    end
+  end
+
+  describe 'allows?' do
+    it 'should return false when ability key is not present in permissions' do
+      expect_allows({}, be_false)
+    end
+
+    it 'should return false when ability key is present in permissions but does not have a value corresponding to key \'0\'' do
+      expect_allows({'permission' => {'1' => 'notzero'}}, be_false)
+    end
+
+    [nil, 0, '0', 1].each do |value_that_evaluates_to_false|
+      it "should return false when ability key is present in permissions, and value corresponding to key '0' is #{value_that_evaluates_to_false} (#{value_that_evaluates_to_false.class.name})" do
+        expect_allows({'permission' => {'0' => value_that_evaluates_to_false}}, be_false)
+      end
+    end
+
+    it "should return true when ability key is present in permissions, and value corresponding to key '0' is '1'" do
+      expect_allows({'permission' => {'0' => '1'}}, be_true)
+    end
+    
+    def expect_allows(permission_hash_value, be_true_or_false)
+      new_model
+      @pm.permissions = permission_hash_value
+      @pm.allows?('permission').should be_true_or_false
+    end
+  end
+  
+  describe 'remove_permissions' do
+    it 'should set permissions value associated with input key(s) to nil' do
+      new_model
+      @pm.permissions = {:key1 => 1, :key2 => 1}
+      @pm.should_receive(:save)
+      @pm.remove_permissions(:key1)
+      @pm.permissions.should == {:key1 => nil, :key2 => 1}
+    end
+  end
+  
+  describe 'update_permissions' do
+    before(:each) { new_model }
+    it 'should save merged permissions' do
+      @pm.should_receive(:permissions).and_return(current_permissions = {})
+      current_permissions.should_receive(:merge).with(:new_permissions).and_return(:merged_permissions)
+      @pm.should_receive(:permissions=).with(:merged_permissions)
+      @pm.should_receive(:save)
+      @pm.update_permissions(:new_permissions)
+    end
+  end
+  
+  describe 'underscored_name_symbol' do
+    before(:each) { new_model }
+    
+    it 'should invoke class underscored_name_symbol method with model name' do
+      PermissifiedModel.should_receive(:underscored_name_symbol).with(@pm.name).and_return(:response_from_class_underscored_name_symbol_method)
+      @pm.underscored_name_symbol.should == :response_from_class_underscored_name_symbol_method
+    end
+  end
+  
+  def new_model
+    @pm = PermissifiedModel.new
+    @pm.name = 'model name'
+  end
+end

data/spec/permissify/roles_spec.rb

@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe Permissify::Roles do
+  
+  describe 'primary_domain_type' do
+    ranked_domain_types = Roleish::DOMAIN_TYPES
+    n = ranked_domain_types.length - 1
+    (0..n).each do |i|
+      subset_of_ranked_domain_types = ranked_domain_types[i..n]
+      expected_primary_domain_type  = subset_of_ranked_domain_types[0]
+      it "should return '#{expected_primary_domain_type}' when represented domain types are #{subset_of_ranked_domain_types.join(',')}" do
+        new_user_with_roles( subset_of_ranked_domain_types.collect{|dt| new_role(dt) }.reverse )
+        @u.primary_domain_type.should == expected_primary_domain_type
+      end
+    end
+  end
+  
+  def new_user_with_roles(roles)
+    @u = UserishWithRoles.new
+    @roles = roles
+    @u.roles = @roles
+  end
+  
+  def new_role(domain_type)
+    pm = Roleish.new
+    pm.domain_type = domain_type
+    pm
+  end
+end

data/spec/spec_helper.rb

@@ -1,9 +1,3 @@
-# This file was generated by the `rspec --init` command. Conventionally, all
-# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
-# Require this file using `require "spec_helper.rb"` to ensure that it is only
-# loaded once.
-#
-# See http://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
 require 'rubygems'
 require 'bundler/setup'
 
@@ -38,3 +32,32 @@ class NoSeedAbility
     include Permissify::AbilityClass
   end
 end
+
+class PermissifiedModel
+  include Permissify::Model
+  attr_accessor :name, :permissions
+  class << self
+    include Permissify::ModelClass
+  end
+end
+
+class Roleish < PermissifiedModel
+  DOMAIN_TYPES = %w(Admin Dealer Corporate Brand Merchant)
+  attr_accessor :domain_type
+end
+
+class Userish
+  include Permissify::Aggregate
+  PERMISSIFIED_ASSOCIATION = :roles
+  attr_accessor :roles
+end
+
+class UserishWithRoles
+  include Permissify::Roles
+  PERMISSIFIED_ASSOCIATION = :roles
+  attr_accessor :roles
+end
+
+class PermissifiedController
+  include Permissify::Controller
+end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: permissify
 version: !ruby/object:Gem::Version 
-  hash: 63
+  hash: 61
   prerelease: 
   segments: 
   - 0
   - 0
-  - 16
-  version: 0.0.16
+  - 17
+  version: 0.0.17
 platform: ruby
 authors: 
 - Frederick Fix
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-06-06 00:00:00 Z
+date: 2012-06-11 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rspec
@@ -109,6 +109,11 @@ files:
 - lib/permissify/roles.rb
 - lib/permissify.rb
 - spec/permissify/ability_class_spec.rb
+- spec/permissify/aggregate_spec.rb
+- spec/permissify/controller_spec.rb
+- spec/permissify/model_class_spec.rb
+- spec/permissify/model_spec.rb
+- spec/permissify/roles_spec.rb
 - spec/spec.opts
 - spec/spec_helper.rb
 - CHANGELOG.rdoc