permissify 0.0.17 → 0.0.18

data/lib/generators/permissify/ability/template/abilities.rb

@@ -7,14 +7,19 @@ module SystemFixtures::Abilities
 
     # can organize permissions into categories that correspond to your client's/product team's view of app.
     # suggest playing with your Ability class and the builder methods in console.
-    # add_category('Tabs', 'Tabs', ['Role'], %w(Admin Dealer Corporate Brand Merchant))
+
+    # NOTE : 'Role' and 'Product' references in following example are actually *class names*.
+    # This is a name coupling (see Permissify::Union) that can be overriden.
+    
+    # applies_to_users_only = [User::PERMISSIFIED_ABILITY_APPLICABILITY]
+    # add_category('Tabs', 'Tabs', applies_to_users_only, %w(Admin Dealer Corporate Brand Merchant))
     # { 'Roles'                 => 'Admin',
     #   'Admin Users'           => 'Admin',
     #   'Dealer Users'          => 'Dealer Admin',
     #   'Corporate Users'       => 'Corporate Admin',
     #   'Brand Users'           => 'Brand Admin',
     #   'Merchant Users'        => 'Merchant Admin',
-    # }.each{ |category, section| add_category(category, section) }
+    # }.each{ |category, section| add_category(category, section, applies_to_users_only) }
   end
   
 end

data/lib/generators/permissify/controller/template/permissified_controller.rb

@@ -1,10 +1,10 @@
-module PermissifiedController # Interface : override/rewrite as needed for your app
+module PermissifiedController # Interfaces : override/rewrite as needed for your app
   
-  # app-specific consideration for whether operating on a merchant/business, brand, corporation, dealer or admin
-  def current_entity
-    TODO_IMPLEMENT_PERMISSIFY_CONTROLLER_CURRENT_ENTITY_INTERFACE_METHOD
-    # return @current_entity if @current_entity
-    # nil
-  end
+  # controller-accessible methods that app has implemented to access models that have been permissified.
+  PERMISSIFY = SPECIFY_PERMISSIFIED_MODEL_LIST_IN__APP__CONTROLLERS__PERMISSIFIED_CONTROLLER
 
+  # PERMISSIFY =  { User::PERMISSIFIED_ABILITY_APPLICABILITY => :current_user,
+  #                 'Product' => :current_entity, # Merchant::PERMISSIFIED_ABILITY_APPLICABILITY
+  #               }
+  
 end

data/lib/permissify.rb

@@ -1,6 +1,7 @@
 require 'permissify/ability_class'
-require 'permissify/aggregate'
+require 'permissify/common'
 require 'permissify/controller'
 require 'permissify/model'
 require 'permissify/model_class'
+require 'permissify/union'
 require 'permissify/roles'

data/lib/permissify/ability_class.rb

@@ -18,22 +18,30 @@ module Permissify
   
     def all_for(applicability_types)
       applicability_types = [applicability_types] if applicability_types.kind_of?(String)
+      applicability_types = applicability_types.to_set
       all.select{|a| (a[:applicability] & applicability_types) == applicability_types}
     end
 
-    def add(key, category, section, action, applicability, number_of_values, position, default_values, admin_expression='', category_allows = :multiple)
-      @@abilities <<  { :key => key, :category => category, :section => section, :action => action,
+    def get(action, category)
+      key = key_for(action, category)
+      all.select{ |ability| ability[:key] == key }.first
+    end
+    
+    def add(category, section, action, applicability, requires_any_or_all, number_of_values, position, default_values, admin_expression='', category_allows = :multiple)
+      applicability = applicability.to_set
+      @@abilities <<  { :key => key_for(action, category), :category => category, :section => section, :action => action,
                         :applicability => applicability, :number_of_values => number_of_values, :position => position,
-                        :default_values => default_values, :administration_expression => admin_expression, :category_allows => category_allows}
+                        :default_values => default_values, :administration_expression => admin_expression,
+                        :category_allows => category_allows, :any_or_all => requires_any_or_all}
     end
 
-    def add_category(category, section, applicability=['Role'], actions=%w(View Create Update Delete), category_allows = :multiple)
+    def add_category(category, section, applicability, actions = %w(View Create Update Delete), requires_any_or_all = :all?, category_allows = :multiple)
       actions = [actions] unless actions.kind_of?(Array)
       actions.collect do |action|
-        add("#{key_token(category)}_#{key_token(action)}", category, section, action, applicability, 1, actions.index(action)+1, [false], '', category_allows)
+        add(category, section, action, applicability, requires_any_or_all, 1, actions.index(action)+1, [false], '', category_allows)
       end
     end
-
+    
     def create_permissions_hash(view_only_categories=[], remove_categories=[], applicability_types = 'Role')
       @@permissions = {}
       all_for(applicability_types).each{|permission| @@permissions[permission[:key]] = {'0' => '1'}}
@@ -55,10 +63,15 @@ module Permissify
     def current_permissions_hash
       @@permissions
     end
+
+    def key_for(action, category)
+      "#{key_token(category)}_#{key_token(action)}"
+    end
   
     private
+
     def key_token(token)
-      token.downcase.gsub('-','_').gsub(':','').gsub('  ',' ').gsub(' ','_')
+      token.to_s.downcase.gsub('-','_').gsub(':','').gsub('  ',' ').gsub(' ','_')
     end
     
     def view_only(category)

data/lib/permissify/common.rb

@@ -0,0 +1,33 @@
+module Permissify
+  module Common
+
+    def allowed_to?(action, ability_category)
+      permission(action, ability_category) == true
+    end
+
+    def viewable?(ability_category);       allowed_to?(:view,    ability_category); end
+    def createable?(ability_category);     allowed_to?(:create,  ability_category); end
+    def updateable?(ability_category);     allowed_to?(:update,  ability_category); end
+    def deleteable?(ability_category);     allowed_to?(:delete,  ability_category); end
+    def subscribed_to?(ability_category);  allowed_to?(:on,      ability_category); end
+    
+    def permissible?(permissions_hash, action, category)
+      key = Ability.key_for(action, category)
+      (permission = permissions_hash[key]) && permission['0'] == true
+    end
+
+    def log_permissions
+      message = "*** PermissifyController permissions: #{@permissions.inspect}"
+      defined?(logger) ? logger.debug(message) : puts(message)
+    end
+    
+    # NOTE : mothballed additional permission values...
+    # def arbitrate(aggregation, other_descriptor, key, min_or_max) # assuming all permission 'args' are integers stored as strings
+    #   1.upto(other_descriptor.size-1) do |i|
+    #     is = i.to_s
+    #     aggregation[key][is] = [aggregation[key][is].to_i, other_descriptor[is].to_i].send(min_or_max) # .to_s ?
+    #   end
+    # end
+    
+  end
+end

data/lib/permissify/controller.rb

@@ -1,24 +1,41 @@
 module Permissify
   module Controller
 
-    def allowed_to?(action, permission_category)
-      (domain_permissions["#{permission_category}_#{action}"]['0'] == true rescue false)
+    include Permissify::Common
+
+    def permission(action, category) # interface used by Permissfy::Common.allowed_to?
+      @permissions ||= construct_permissions # TODO : get lazier?
+      permissible?(@permissions, action, category)
     end
-    
+
     private
 
-    def domain_permissions
-      @permissions ||= determine_domain_permissions
+    def construct_permissions
+      @applicable_permissions = {}
+      permissions = {}
+      Ability.all.each { |ability| permissions[ ability[:key] ] = authorized?(ability) }
+      # puts "*** PERMISSIONS: #{permissions.inspect} ***"
+      permissions
     end
-
-    def determine_domain_permissions
-      e = current_entity
-      u = current_user
-      if u.nil?
-        e ? e.permissions_union : {}  # public pages display according to just corp/brand/merchant product permissions
-      else
-        e ? u.permissions_intersection(e.permissions_union) : u.permissions_union
-      end
+    
+    def authorized?(ability, key = ability[:key], applicablity = ability[:applicability], requires_any_or_all = ability[:any_or_all])
+      # puts "AUTHORIZED?: ability: #{key}, #{applicablity}, #{requires_any_or_all}"
+      authorizations = applicablity.collect{|applicable| applicable_authorization(applicable, key) }
+      { '0' => authorizations.send(requires_any_or_all) }
+    end
+    
+    def applicable_authorization(applicable, key)
+      (permission = applicable_permissions(applicable)[key]) && permission['0'] == true
+    end
+    
+    def applicable_permissions(applicablity)
+      @applicable_permissions[applicablity] ||= permissified_model_permissions(applicablity)
+    end
+    
+    def permissified_model_permissions(applicablity)
+      permissified_model_method = self.class::PERMISSIFY[applicablity]
+      permissified_model = send(permissified_model_method)
+      permissified_model ? permissified_model.permissions : Hash.new({})
     end
     
   end

data/lib/permissify/roles.rb

@@ -1,42 +1,45 @@
-module Permissify::Roles
-  include Permissify::Aggregate
+module Permissify
+  module Roles
 
-  # inclusion of this module necessitates that the app's roles implementation includes:
-  # 1. domain_type field
-  # 2. define DOMAIN_TYPES as a ranked list of strings in implementation of Role/Permissify::Model-including class
+    include Permissify::Union
 
-  # NOTE: in example app, helper methods enforce only assigning domain_type-specific roles to users
-  #       (an brand user can only be asigned roles that have a domain type of Brand).
-  def primary_domain_type
-    return nil if roles.empty?
-    domain_types = roles.collect(&:domain_type)
-    ranked_domain_types = roles.first.class::DOMAIN_TYPES
-    ranked_domain_types.each do |ranked_domain_type|
-      return ranked_domain_type if domain_types.include?(ranked_domain_type)
+    # inclusion of this module necessitates that the app's roles implementation includes:
+    # 1. domain_type field
+    # 2. define DOMAIN_TYPES as a ranked list of strings in implementation of Role/Permissify::Model-including class
+
+    # NOTE: in example app, helper methods enforce only assigning domain_type-specific roles to users
+    #       (an brand user can only be asigned roles that have a domain type of Brand).
+    def primary_domain_type
+      return nil if roles.empty?
+      domain_types = roles.collect(&:domain_type)
+      ranked_domain_types = roles.first.class::DOMAIN_TYPES
+      ranked_domain_types.each do |ranked_domain_type|
+        return ranked_domain_type if domain_types.include?(ranked_domain_type)
+      end
+      nil # unrecognized domain_type value(s)
     end
-    nil # unrecognized domain_type value(s)
-  end
   
-  # uncomment/reimplement methods as needed for example app/as more light shines...
+    # uncomment/reimplement methods as needed for example app/as more light shines...
   
-  # def primary_domain_type; sorted_domain_types.first; end
-  # def primary_role_name; role_list(:description).sort.first; end
-  # def sorted_domain_types; role_list(:domain_type).sort; end
-  # def manages_roles; role_list(:manages_roles); end
-  # def manages_role_names; sorted_role_names(manages_roles); end
-  # def role_list(collection_method); roles.collect(&collection_method).flatten.uniq; end
-  # 
-  # def can_create_and_modify(users, app_instance) # TODO : unit test for this
-  #   role_names_that_this_user_can_manage = manages_role_names
-  #   # 2 ways to go here : must be able to manage *all* or *any* of a user's roles.
-  #   # Chose *all* to prevent lower ranking users from demoting higher ranking users
-  #   users.select do |u|
-  #     u_role_names = sorted_role_names(u.roles)
-  #     ! u_role_names.blank? && (role_names_that_this_user_can_manage & u_role_names) == u_role_names
-  #   end
-  #   users.delete_if{|u| !u.instances.include?(app_instance)}
-  #   return users
-  # end
-  # 
-  # def sorted_role_names(roles); roles.collect(&:name).sort; end
+    # def primary_domain_type; sorted_domain_types.first; end
+    # def primary_role_name; role_list(:description).sort.first; end
+    # def sorted_domain_types; role_list(:domain_type).sort; end
+    # def manages_roles; role_list(:manages_roles); end
+    # def manages_role_names; sorted_role_names(manages_roles); end
+    # def role_list(collection_method); roles.collect(&collection_method).flatten.uniq; end
+    # 
+    # def can_create_and_modify(users, app_instance) # TODO : unit test for this
+    #   role_names_that_this_user_can_manage = manages_role_names
+    #   # 2 ways to go here : must be able to manage *all* or *any* of a user's roles.
+    #   # Chose *all* to prevent lower ranking users from demoting higher ranking users
+    #   users.select do |u|
+    #     u_role_names = sorted_role_names(u.roles)
+    #     ! u_role_names.blank? && (role_names_that_this_user_can_manage & u_role_names) == u_role_names
+    #   end
+    #   users.delete_if{|u| !u.instances.include?(app_instance)}
+    #   return users
+    # end
+    # 
+    # def sorted_role_names(roles); roles.collect(&:name).sort; end
+  end
 end

data/lib/permissify/union.rb

@@ -0,0 +1,33 @@
+module Permissify
+  module Union
+
+    include Permissify::Common
+
+    def permission(action, category) # interface used by Permissify::Common.allowed_to?
+      @union ||= construct_union # TODO : get lazier?
+      permissible?(@union, action, category)
+    end
+
+    private
+
+    def construct_union
+      union = {}
+      permissified_models = self.send(self.class::PERMISSIFIED_ASSOCIATION)
+      permissions_hashes = permissified_models.collect(&:permissions)
+      permissions_hashes.each do |permissions_hash|
+        permissions_hash.each do |key, descriptor|
+          union[key] ||= {'0' => false}
+          # NOTE : mothballed additional permission values...
+          # if union[key].nil?
+          #   union[key] = descriptor # TODO : check : does this have '1' or true? is spec construction masking reality?
+          # else
+          #   arbitrate(union, descriptor, key, :max)
+          # end
+          # union[key]['0'] = (union[key]['0'] == true || descriptor['0'] == '1')
+          union[key]['0'] = true if descriptor['0'] == '1'
+        end
+      end
+      union
+    end
+  end
+end

data/spec/permissify/ability_class_spec.rb

@@ -11,10 +11,20 @@ describe Permissify::AbilityClass do
     describe 'and interface seed implemented' do
       it 'should return the correct number of abilities' do
         (a = Ability.all).size.should == 29
-        a.first.should == {:default_values=>[false], :applicability=>["Role"], :category=>"Tabs", :administration_expression=>"", :section=>"Tabs", :category_allows=>:multiple, :number_of_values=>1, :key=>"tabs_admin", :position=>1, :action=>"Admin"}
+        a.first.should == tab_admin_ability
       end
     end
   end
+  
+  describe 'get' do
+    it 'should return ability that has input action and category' do
+      Ability.get('admin', 'tabs').should == tab_admin_ability
+    end
+    
+    it 'should be nil when no ability with input key exists' do
+      Ability.get('wrong', 'tabs').should be_nil
+    end
+  end
       
   describe 'abilities builder method' do
     before(:each) { Ability.reset }
@@ -28,24 +38,27 @@ describe Permissify::AbilityClass do
     describe 'add_category' do
       it 'should establish correct ability expression for fully specified category and action' do
         add_category1_section1
-        Ability.current.should == [{:section=>"section1", :category=>"category1", :action=>"view", :position=>1, :key=>"category1_view", :applicability=>["Role", "Product"], :category_allows=>:one_or_none, :administration_expression=>"", :number_of_values=>1, :default_values=>[false]}]
+        Ability.current.should == [{:section=>"section1", :category=>"category1", :action=>"view", :position=>1, :key=>"category1_view", :applicability=>["Role", "Product"].to_set, :category_allows=>:one_or_none, :administration_expression=>"", :number_of_values=>1, :default_values=>[false], :any_or_all => :all?}]
       end
 
       it 'should establish correct ability expression for category and action with defaulted values' do
-        Ability.add_category('category2', 'section2')
-        Ability.current.should == [ {:section=>"section2", :category=>"category2", :action=>"View",   :position=>1, :key=>"category2_view",   :applicability=>["Role"], :category_allows=>:multiple, :administration_expression=>"", :number_of_values=>1, :default_values=>[false]},
-                                    {:section=>"section2", :category=>"category2", :action=>"Create", :position=>2, :key=>"category2_create", :applicability=>["Role"], :category_allows=>:multiple, :administration_expression=>"", :number_of_values=>1, :default_values=>[false]},
-                                    {:section=>"section2", :category=>"category2", :action=>"Update", :position=>3, :key=>"category2_update", :applicability=>["Role"], :category_allows=>:multiple, :administration_expression=>"", :number_of_values=>1, :default_values=>[false]},
-                                    {:section=>"section2", :category=>"category2", :action=>"Delete", :position=>4, :key=>"category2_delete", :applicability=>["Role"], :category_allows=>:multiple, :administration_expression=>"", :number_of_values=>1, :default_values=>[false]} ]
+        Ability.add_category('category2', 'section2', ['Role'])
+        Ability.current.should == [ {:section=>"section2", :category=>"category2", :action=>"View",   :position=>1, :key=>"category2_view",   :applicability=>["Role"].to_set, :category_allows=>:multiple, :administration_expression=>"", :number_of_values=>1, :default_values=>[false], :any_or_all => :all?},
+                                    {:section=>"section2", :category=>"category2", :action=>"Create", :position=>2, :key=>"category2_create", :applicability=>["Role"].to_set, :category_allows=>:multiple, :administration_expression=>"", :number_of_values=>1, :default_values=>[false], :any_or_all => :all?},
+                                    {:section=>"section2", :category=>"category2", :action=>"Update", :position=>3, :key=>"category2_update", :applicability=>["Role"].to_set, :category_allows=>:multiple, :administration_expression=>"", :number_of_values=>1, :default_values=>[false], :any_or_all => :all?},
+                                    {:section=>"section2", :category=>"category2", :action=>"Delete", :position=>4, :key=>"category2_delete", :applicability=>["Role"].to_set, :category_allows=>:multiple, :administration_expression=>"", :number_of_values=>1, :default_values=>[false], :any_or_all => :all?} ]
       end
     end
   end
 
-  # TODO : specs for just Product, and Role and Product, applicabilities
   describe 'permission builder method' do
 
-    describe 'create_permissions_hash(view_only_categories=[], remove_categories=[], applicability_types = "Role")' do
-      before(:each) { Ability.seed; @ability_key_set = Ability.current.collect{|a| a[:key]}.to_set }
+    describe 'create_permissions_hash' do
+      before(:each) do
+        Ability.reset;
+        Ability.seed;
+        @ability_key_set = Ability.current.collect{|a| a[:key]}.to_set
+      end
 
       it 'should express each current ability when invoked with no arguments' do
         @ability_key_set.should == Ability.create_permissions_hash.keys.to_set
@@ -78,6 +91,10 @@ describe Permissify::AbilityClass do
   end
   
   def add_category1_section1(actions = 'view')
-    Ability.add_category('category1', 'section1', %w(Role Product), actions, :one_or_none)
+    Ability.add_category('category1', 'section1', %w(Role Product), actions, :all?, :one_or_none)
+  end
+
+  def tab_admin_ability
+    {:default_values=>[false], :applicability=>["Role"].to_set, :category=>"Tabs", :administration_expression=>"", :section=>"Tabs", :category_allows=>:multiple, :number_of_values=>1, :key=>"tabs_admin", :position=>1, :action=>"Admin", :any_or_all => :all?}
   end
 end

data/spec/permissify/controller_spec.rb

@@ -1,74 +1,99 @@
 require 'spec_helper'
 
 describe Permissify::Controller do
-  before(:each) { @controller = PermissifiedController.new }
-  
+
   describe 'allowed_to?' do
-    describe 'and no current entity' do
-      before(:each) { @controller.should_receive(:current_entity).and_return(nil) }
+    before(:each) do
+      @controller = PermissifiedControllerish.new # controller specifies multiple permissified_model_method/ability applicability pairs
+    end
 
-      it 'should return false when no current user' do
+    describe 'for an ability with a single applicability type, ' do
+      before(:each) do
+        @applicability = [Userish::PERMISSIFIED_ABILITY_APPLICABILITY]
+        add_ability :all?
+      end
+      
+      it 'should be false when controller-specified model method for applicability type returns nil' do
         @controller.should_receive(:current_user).and_return(nil)
         allowed_to_should be_false
       end
       
-      describe 'and current user is not nil' do
-        before(:each) do
-          @user = Userish.new
-          @controller.should_receive(:current_user).and_return(@user)
-        end
-
-        it 'should return true when current user has permission for category action' do
+      describe 'and the model method associated with applicability type returns a (permissified) model, ' do
+        before(:each) { current_user_exists }
+      
+        it 'should be true when model authorizes permission for ability' do
           category_action_permission_causes_allowed_to_be true, be_true
         end
         
-        it 'should return false when current user does not have permission for category action' do
+        it 'should be false when model does not authorize permission for ability' do
           category_action_permission_causes_allowed_to_be false, be_false
         end
       end
     end
     
-    describe 'and current entity exists' do
-      describe 'and no current user' do
-        it 'should return true when current entity has permission for category action' do
-          pending('products phase')
+    describe 'for an ability with multiple applicability types, ' do
+      before(:each) do
+        current_user_exists
+        @applicability = [Entityish::PERMISSIFIED_ABILITY_APPLICABILITY, Userish::PERMISSIFIED_ABILITY_APPLICABILITY]
+      end
+
+      describe 'and ability requires all, ' do
+        before(:each) { add_ability(:all?) }
+
+        it 'should be false when any applicable model permission method returns nil' do
+          @controller.should_receive(:current_entity).and_return(nil)
+          category_action_permission_causes_allowed_to_be false, be_false
         end
+
+        describe 'and all applicable model permission methods return a (permissified) model' do
+          before(:each) do
+            @entity = Entityish.new
+            @controller.should_receive(:current_entity).and_return(@entity)
+            @entity.should_receive(:permissions).and_return( {"something_manage" => {'0' => true} })
+          end
+          
+          it 'should be false when any applicable permissified model does not have permission for the ability' do
+            category_action_permission_causes_allowed_to_be false, be_false
+          end
         
-        it 'should return false when current entity does not have permission for category action' do
-          pending('products phase')
+          it 'should be true when all applicable permissified models have permission for the ability' do
+            category_action_permission_causes_allowed_to_be true, be_true
+          end
         end
       end
       
-      describe 'and current user is not nil' do
-        describe 'and current entity has permission for category action' do
-          it 'should return true when current user has permission for category action' do
-            pending('products phase')
-          end
+      describe 'and ability requires any' do
+        before(:each) { add_ability(:any?) ; @controller.should_receive(:current_entity).and_return(nil) }
 
-          it 'should return false when current user does not have permission for category action' do
-            pending('products phase')
-          end
+        it 'should be true when any applicable permissified model has permission for the ability' do
+          category_action_permission_causes_allowed_to_be true, be_true, :log_permissions
         end
-        
-        describe 'and current entity does not have permission for category action' do
-          it 'should return false when current user has permission for category action' do
-            pending('products phase')
-          end
 
-          it 'should return false when current user does not have permission for category action' do
-            pending('products phase')
-          end
+        it 'should be false when no applicable permissified model has permission for the ability' do
+          category_action_permission_causes_allowed_to_be false, be_false, :log_permissions
         end
       end
     end
 
-    def category_action_permission_causes_allowed_to_be(permission_true_or_false, be_true_or_false, action = :view, category = :something)
-      @user.should_receive(:permissions_union).and_return( {"#{category}_#{action}" => {'0' => permission_true_or_false} })
+    def add_ability(requires_any_or_all)
+      Ability.reset
+      Ability.add_category('something', 'a section', @applicability, 'manage', requires_any_or_all)
+    end
+    
+    def category_action_permission_causes_allowed_to_be(permission_true_or_false, be_true_or_false, log_option = :none, action = :manage, category = :something)
+      @user.should_receive(:permissions).and_return( {"#{category}_#{action}" => {'0' => permission_true_or_false} })
       allowed_to_should be_true_or_false, action, category
+      @controller.log_permissions if log_option == :log_permissions
     end
     
-    def allowed_to_should(be_true_or_false, action = :view, category = :something)
-      @controller.allowed_to?(:view, :something).should be_true_or_false
+    def allowed_to_should(be_true_or_false, action = :manage, category = :something)
+      @controller.allowed_to?(:manage, :something).should be_true_or_false
     end
+
+    def current_user_exists
+      @user = Userish.new
+      @controller.should_receive(:current_user).and_return(@user)
+    end
+
   end
 end

data/spec/permissify/{aggregate_spec.rb → union_spec.rb}

@@ -1,23 +1,7 @@
 require 'spec_helper'
 
-describe Permissify::Aggregate do
+describe Permissify::Union do
 
-  describe 'permissions_union' do
-    before(:each) { new_aggregate; @union = @a.permissions_union}
-
-    it 'should include keys for permissions specified (true or false) in any permissified model' do
-      @union.keys.to_set.should == @pms.collect(&:permissions).collect(&:keys).flatten.uniq.to_set
-    end
-
-    it 'should indicate permission for a key is true if permission set to true in any permissified object permission set' do
-      %w(p_1 p_2 p_3 p_4 p_5).each{ |permission| @union[permission]['0'].should be_true }
-    end
-
-    it 'should indicate permission for a key is false if permission not set to true in any permissified object permission set' do
-      %w(p_6 p_7 p_8).each{ |permission| @union[permission]['0'].should be_false }
-    end
-  end
-  
   describe 'allowed_to?' do
     before(:each) { new_aggregate }
 
@@ -56,12 +40,6 @@ describe Permissify::Aggregate do
     end
   end
     
-  # TODO : work out intersection specs in corp/brand/business products phase
-  # describe 'permissions_intersection' do
-  #   it 'should ...' do
-  #   end
-  # end
-
   def new_aggregate(permissified_models = default_permissified_models)
     @a = Userish.new
     @pms = permissified_models

data/spec/spec_helper.rb

@@ -2,7 +2,6 @@ require 'rubygems'
 require 'bundler/setup'
 
 require 'permissify'
-require 'permissify/ability_class'
 
 RSpec.configure do |config|
   config.treat_symbols_as_metadata_keys_with_true_values = true
@@ -22,7 +21,7 @@ class Ability
         'Corporate Users'       => 'Corporate Admin',
         'Brand Users'           => 'Brand Admin',
         'Merchant Users'        => 'Merchant Admin',
-      }.each{ |category, section| add_category(category, section) }
+      }.each{ |category, section| add_category(category, section, ['Role']) }
     end
   end
 end
@@ -47,7 +46,8 @@ class Roleish < PermissifiedModel
 end
 
 class Userish
-  include Permissify::Aggregate
+  include Permissify::Union
+  PERMISSIFIED_ABILITY_APPLICABILITY = 'Role'
   PERMISSIFIED_ASSOCIATION = :roles
   attr_accessor :roles
 end
@@ -58,6 +58,16 @@ class UserishWithRoles
   attr_accessor :roles
 end
 
-class PermissifiedController
+class Entityish
+  include Permissify::Union
+  PERMISSIFIED_ABILITY_APPLICABILITY = 'Product'
+  PERMISSIFIED_ASSOCIATION = :products
+  attr_accessor :products
+end
+
+class PermissifiedControllerish
   include Permissify::Controller
+  PERMISSIFY =  { Userish::PERMISSIFIED_ABILITY_APPLICABILITY => :current_user,
+                  Entityish::PERMISSIFIED_ABILITY_APPLICABILITY => :current_entity,
+                } # in lieu of 'include PermissifiedController'
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: permissify
 version: !ruby/object:Gem::Version 
-  hash: 61
+  hash: 59
   prerelease: 
   segments: 
   - 0
   - 0
-  - 17
-  version: 0.0.17
+  - 18
+  version: 0.0.18
 platform: ruby
 authors: 
 - Frederick Fix
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-06-11 00:00:00 Z
+date: 2012-06-13 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: rspec
@@ -102,18 +102,19 @@ files:
 - lib/generators/permissify/views/USAGE
 - lib/generators/permissify/views/views_generator.rb
 - lib/permissify/ability_class.rb
-- lib/permissify/aggregate.rb
+- lib/permissify/common.rb
 - lib/permissify/controller.rb
 - lib/permissify/model.rb
 - lib/permissify/model_class.rb
 - lib/permissify/roles.rb
+- lib/permissify/union.rb
 - lib/permissify.rb
 - spec/permissify/ability_class_spec.rb
-- spec/permissify/aggregate_spec.rb
 - spec/permissify/controller_spec.rb
 - spec/permissify/model_class_spec.rb
 - spec/permissify/model_spec.rb
 - spec/permissify/roles_spec.rb
+- spec/permissify/union_spec.rb
 - spec/spec.opts
 - spec/spec_helper.rb
 - CHANGELOG.rdoc

data/lib/permissify/aggregate.rb

@@ -1,102 +0,0 @@
-module Permissify
-  module Aggregate
-    attr_accessor :abilities
-  
-    def permissions_union
-      @union ||= construct_union
-      @working_permissions = @union
-    end
-  
-    def permissions_intersection(product_permissions)
-      @intersection ||= construct_intersection
-      @working_permissions = @intersection
-    end
-    
-    def allowed_to?(action, feature)
-      @working_permissions ||= permissions_union
-      (@working_permissions["#{feature}_#{action}"]['0'] == true rescue false)
-    end
-
-    def viewable?(feature);       allowed_to?(:view,    feature); end
-    def createable?(feature);     allowed_to?(:create,  feature); end
-    def updateable?(feature);     allowed_to?(:update,  feature); end
-    def deleteable?(feature);     allowed_to?(:delete,  feature); end
-    def subscribed_to?(feature);  allowed_to?(:on,      feature); end
-  
-    private
-
-    def construct_union
-      union = {}
-      permissified_models = self.send(self.class::PERMISSIFIED_ASSOCIATION)
-      permissions_hashes = permissified_models.collect(&:permissions)
-      permissions_hashes.each do |permissions_hash|
-        permissions_hash.each do |key, descriptor|
-          descriptor ||= {'0' => false}
-          if union[key].nil?
-            union[key] = descriptor
-          else
-            arbitrate(union, descriptor, key, :max)
-          end
-          union[key]['0'] = (union[key]['0'] == true || descriptor['0'] == '1')
-        end
-      end
-      union
-    end
-    
-    def arbitrate(aggregation, other_descriptor, key, min_or_max) # assuming all permission 'args' are integers stored as strings
-      1.upto(other_descriptor.size-1) do |i|
-        is = i.to_s
-        aggregation[key][is] = [aggregation[key][is].to_i, other_descriptor[is].to_i].send(min_or_max) # .to_s ?
-      end
-    end
-
-    # TODO : flush out intersection stuff in corp/brand/business products phase
-    # def construct_intersection
-    #   intersection = {}
-    #   permissions_union
-    # 
-    #   # TODO : Product/Role references should be plugged-in...
-    #   # - could aggregate keep track of class names that it is included in?
-    #   # - there is a lot tangled up in here...
-    #   Ability.all_for(%w(Product Role)).each do |ability|
-    #     key = ability[:key]
-    #     descriptor = @union[key]
-    #     product_descriptor = product_permissions[key]
-    #     if permissable?(descriptor) && permissable?(product_descriptor)
-    #       intersection[key] = descriptor
-    #       arbitrate(intersection, product_descriptor, key, :min)
-    #     else
-    #       intersection[key] = null_permission
-    #     end
-    #   end
-    # 
-    #   include_permissions_unless_common_to_role_and_product('Product', product_permissions)
-    #   include_permissions_unless_common_to_role_and_product('Role', @union)
-    #   intersection
-    # end
-    # 
-    # def permissable?(descriptor)
-    #   descriptor && (descriptor['0'] == true || descriptor['0'] == '1')
-    # end
-    # 
-    # def include_permissions_unless_common_to_role_and_product(applicability_type, applicable_permissions)
-    #   Ability.all_for(applicability_type).each do |ability|
-    #     key = ability[:key]
-    #     descriptor = applicable_permissions[key]
-    #     unless @intersection.has_key?(key)
-    #       if permissable?(descriptor)
-    #         descriptor['0'] = true
-    #         @intersection[key] = descriptor
-    #         arbitrate(@intersection, descriptor, key, :min)
-    #       else
-    #         @intersection[key] = null_permission
-    #       end
-    #     end
-    #   end
-    # end
-    # 
-    # def null_permission
-    #   {'0' => false, '1' => 0}
-    # end
-  end
-end