permissioner 0.0.1.beta

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+.idea/

data/.rspec

@@ -0,0 +1 @@
+--color

data/CHANGELOG

@@ -0,0 +1,3 @@
+## v0.0.1.beta
+
+* Intitial release

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in permissioner.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,9 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard 'rspec' do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/#{m[1]}_spec.rb"}
+  watch('spec/spec_helper.rb')  { "spec" }
+end
+

data/LICENSE.txt

@@ -0,0 +1,6 @@
+Copyright (c) 2013 Daniel Grawunder, Christian Mierich.
+All rights reserved. This program and the accompanying materials
+are made available under the terms of the Eclipse Public License v1.0
+which accompanies this distribution, and is available at
+http://www.eclipse.org/legal/epl-v10.html or in the file epl-v10.html
+at the root of this distribution.

data/README.md

@@ -0,0 +1,29 @@
+# Permissioner
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'permissioner'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install permissioner
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,5 @@
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+task default: :spec

data/epl-v10.html

@@ -0,0 +1,262 @@
+<?xml version="1.0" encoding="ISO-8859-1" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+<title>Eclipse Public License - Version 1.0</title>
+<style type="text/css">
+  body {
+    size: 8.5in 11.0in;
+    margin: 0.25in 0.5in 0.25in 0.5in;
+    tab-interval: 0.5in;
+    }
+  p {  	
+    margin-left: auto;
+    margin-top:  0.5em;
+    margin-bottom: 0.5em;
+    }
+  p.list {
+  	margin-left: 0.5in;
+    margin-top:  0.05em;
+    margin-bottom: 0.05em;
+    }
+  </style>
+
+</head>
+
+<body lang="EN-US">
+
+<h2>Eclipse Public License - v 1.0</h2>
+
+<p>THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE
+PUBLIC LICENSE (&quot;AGREEMENT&quot;). ANY USE, REPRODUCTION OR
+DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS
+AGREEMENT.</p>
+
+<p><b>1. DEFINITIONS</b></p>
+
+<p>&quot;Contribution&quot; means:</p>
+
+<p class="list">a) in the case of the initial Contributor, the initial
+code and documentation distributed under this Agreement, and</p>
+<p class="list">b) in the case of each subsequent Contributor:</p>
+<p class="list">i) changes to the Program, and</p>
+<p class="list">ii) additions to the Program;</p>
+<p class="list">where such changes and/or additions to the Program
+originate from and are distributed by that particular Contributor. A
+Contribution 'originates' from a Contributor if it was added to the
+Program by such Contributor itself or anyone acting on such
+Contributor's behalf. Contributions do not include additions to the
+Program which: (i) are separate modules of software distributed in
+conjunction with the Program under their own license agreement, and (ii)
+are not derivative works of the Program.</p>
+
+<p>&quot;Contributor&quot; means any person or entity that distributes
+the Program.</p>
+
+<p>&quot;Licensed Patents&quot; mean patent claims licensable by a
+Contributor which are necessarily infringed by the use or sale of its
+Contribution alone or when combined with the Program.</p>
+
+<p>&quot;Program&quot; means the Contributions distributed in accordance
+with this Agreement.</p>
+
+<p>&quot;Recipient&quot; means anyone who receives the Program under
+this Agreement, including all Contributors.</p>
+
+<p><b>2. GRANT OF RIGHTS</b></p>
+
+<p class="list">a) Subject to the terms of this Agreement, each
+Contributor hereby grants Recipient a non-exclusive, worldwide,
+royalty-free copyright license to reproduce, prepare derivative works
+of, publicly display, publicly perform, distribute and sublicense the
+Contribution of such Contributor, if any, and such derivative works, in
+source code and object code form.</p>
+
+<p class="list">b) Subject to the terms of this Agreement, each
+Contributor hereby grants Recipient a non-exclusive, worldwide,
+royalty-free patent license under Licensed Patents to make, use, sell,
+offer to sell, import and otherwise transfer the Contribution of such
+Contributor, if any, in source code and object code form. This patent
+license shall apply to the combination of the Contribution and the
+Program if, at the time the Contribution is added by the Contributor,
+such addition of the Contribution causes such combination to be covered
+by the Licensed Patents. The patent license shall not apply to any other
+combinations which include the Contribution. No hardware per se is
+licensed hereunder.</p>
+
+<p class="list">c) Recipient understands that although each Contributor
+grants the licenses to its Contributions set forth herein, no assurances
+are provided by any Contributor that the Program does not infringe the
+patent or other intellectual property rights of any other entity. Each
+Contributor disclaims any liability to Recipient for claims brought by
+any other entity based on infringement of intellectual property rights
+or otherwise. As a condition to exercising the rights and licenses
+granted hereunder, each Recipient hereby assumes sole responsibility to
+secure any other intellectual property rights needed, if any. For
+example, if a third party patent license is required to allow Recipient
+to distribute the Program, it is Recipient's responsibility to acquire
+that license before distributing the Program.</p>
+
+<p class="list">d) Each Contributor represents that to its knowledge it
+has sufficient copyright rights in its Contribution, if any, to grant
+the copyright license set forth in this Agreement.</p>
+
+<p><b>3. REQUIREMENTS</b></p>
+
+<p>A Contributor may choose to distribute the Program in object code
+form under its own license agreement, provided that:</p>
+
+<p class="list">a) it complies with the terms and conditions of this
+Agreement; and</p>
+
+<p class="list">b) its license agreement:</p>
+
+<p class="list">i) effectively disclaims on behalf of all Contributors
+all warranties and conditions, express and implied, including warranties
+or conditions of title and non-infringement, and implied warranties or
+conditions of merchantability and fitness for a particular purpose;</p>
+
+<p class="list">ii) effectively excludes on behalf of all Contributors
+all liability for damages, including direct, indirect, special,
+incidental and consequential damages, such as lost profits;</p>
+
+<p class="list">iii) states that any provisions which differ from this
+Agreement are offered by that Contributor alone and not by any other
+party; and</p>
+
+<p class="list">iv) states that source code for the Program is available
+from such Contributor, and informs licensees how to obtain it in a
+reasonable manner on or through a medium customarily used for software
+exchange.</p>
+
+<p>When the Program is made available in source code form:</p>
+
+<p class="list">a) it must be made available under this Agreement; and</p>
+
+<p class="list">b) a copy of this Agreement must be included with each
+copy of the Program.</p>
+
+<p>Contributors may not remove or alter any copyright notices contained
+within the Program.</p>
+
+<p>Each Contributor must identify itself as the originator of its
+Contribution, if any, in a manner that reasonably allows subsequent
+Recipients to identify the originator of the Contribution.</p>
+
+<p><b>4. COMMERCIAL DISTRIBUTION</b></p>
+
+<p>Commercial distributors of software may accept certain
+responsibilities with respect to end users, business partners and the
+like. While this license is intended to facilitate the commercial use of
+the Program, the Contributor who includes the Program in a commercial
+product offering should do so in a manner which does not create
+potential liability for other Contributors. Therefore, if a Contributor
+includes the Program in a commercial product offering, such Contributor
+(&quot;Commercial Contributor&quot;) hereby agrees to defend and
+indemnify every other Contributor (&quot;Indemnified Contributor&quot;)
+against any losses, damages and costs (collectively &quot;Losses&quot;)
+arising from claims, lawsuits and other legal actions brought by a third
+party against the Indemnified Contributor to the extent caused by the
+acts or omissions of such Commercial Contributor in connection with its
+distribution of the Program in a commercial product offering. The
+obligations in this section do not apply to any claims or Losses
+relating to any actual or alleged intellectual property infringement. In
+order to qualify, an Indemnified Contributor must: a) promptly notify
+the Commercial Contributor in writing of such claim, and b) allow the
+Commercial Contributor to control, and cooperate with the Commercial
+Contributor in, the defense and any related settlement negotiations. The
+Indemnified Contributor may participate in any such claim at its own
+expense.</p>
+
+<p>For example, a Contributor might include the Program in a commercial
+product offering, Product X. That Contributor is then a Commercial
+Contributor. If that Commercial Contributor then makes performance
+claims, or offers warranties related to Product X, those performance
+claims and warranties are such Commercial Contributor's responsibility
+alone. Under this section, the Commercial Contributor would have to
+defend claims against the other Contributors related to those
+performance claims and warranties, and if a court requires any other
+Contributor to pay any damages as a result, the Commercial Contributor
+must pay those damages.</p>
+
+<p><b>5. NO WARRANTY</b></p>
+
+<p>EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS
+PROVIDED ON AN &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS
+OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION,
+ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY
+OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely
+responsible for determining the appropriateness of using and
+distributing the Program and assumes all risks associated with its
+exercise of rights under this Agreement , including but not limited to
+the risks and costs of program errors, compliance with applicable laws,
+damage to or loss of data, programs or equipment, and unavailability or
+interruption of operations.</p>
+
+<p><b>6. DISCLAIMER OF LIABILITY</b></p>
+
+<p>EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT
+NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT,
+INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING
+WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR
+DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
+HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.</p>
+
+<p><b>7. GENERAL</b></p>
+
+<p>If any provision of this Agreement is invalid or unenforceable under
+applicable law, it shall not affect the validity or enforceability of
+the remainder of the terms of this Agreement, and without further action
+by the parties hereto, such provision shall be reformed to the minimum
+extent necessary to make such provision valid and enforceable.</p>
+
+<p>If Recipient institutes patent litigation against any entity
+(including a cross-claim or counterclaim in a lawsuit) alleging that the
+Program itself (excluding combinations of the Program with other
+software or hardware) infringes such Recipient's patent(s), then such
+Recipient's rights granted under Section 2(b) shall terminate as of the
+date such litigation is filed.</p>
+
+<p>All Recipient's rights under this Agreement shall terminate if it
+fails to comply with any of the material terms or conditions of this
+Agreement and does not cure such failure in a reasonable period of time
+after becoming aware of such noncompliance. If all Recipient's rights
+under this Agreement terminate, Recipient agrees to cease use and
+distribution of the Program as soon as reasonably practicable. However,
+Recipient's obligations under this Agreement and any licenses granted by
+Recipient relating to the Program shall continue and survive.</p>
+
+<p>Everyone is permitted to copy and distribute copies of this
+Agreement, but in order to avoid inconsistency the Agreement is
+copyrighted and may only be modified in the following manner. The
+Agreement Steward reserves the right to publish new versions (including
+revisions) of this Agreement from time to time. No one other than the
+Agreement Steward has the right to modify this Agreement. The Eclipse
+Foundation is the initial Agreement Steward. The Eclipse Foundation may
+assign the responsibility to serve as the Agreement Steward to a
+suitable separate entity. Each new version of the Agreement will be
+given a distinguishing version number. The Program (including
+Contributions) may always be distributed subject to the version of the
+Agreement under which it was received. In addition, after a new version
+of the Agreement is published, Contributor may elect to distribute the
+Program (including its Contributions) under the new version. Except as
+expressly stated in Sections 2(a) and 2(b) above, Recipient receives no
+rights or licenses to the intellectual property of any Contributor under
+this Agreement, whether expressly, by implication, estoppel or
+otherwise. All rights in the Program not expressly granted under this
+Agreement are reserved.</p>
+
+<p>This Agreement is governed by the laws of the State of New York and
+the intellectual property laws of the United States of America. No party
+to this Agreement will bring a legal action under this Agreement more
+than one year after the cause of action arose. Each party waives its
+rights to a jury trial in any resulting litigation.</p>
+
+</body>
+
+</html>
+------------A8suzBvPzrflNqC2kT6WbM--

data/lib/permissioner/controller_additions.rb

@@ -0,0 +1,27 @@
+module Permissioner
+  module ControllerAdditions
+
+    def self.included(base)
+      base.helper_method :allow_action?, :allow_attribute?
+      base.delegate :allow_action?, :allow_attribute?, to: :permission_service
+    end
+
+    def authorize
+      if permission_service.allow_action?(params[:controller], params[:action], current_resource) &&
+          permission_service.passed_filters?(params[:controller], params[:action], params)
+        permission_service.permit_params!(params)
+      else
+        raise Permissioner::NotAuthorized
+      end
+    end
+
+    def permission_service
+      @permission_service ||= PermissionService.create(current_user)
+    end
+
+    def current_resource
+      nil
+    end
+
+  end
+end

data/lib/permissioner/exceptions.rb

@@ -0,0 +1,3 @@
+module Permissioner
+  class NotAuthorized < StandardError; end
+end

data/lib/permissioner/matchers.rb

@@ -0,0 +1,16 @@
+RSpec::Matchers.define :allow_action do |*args|
+  match do |permission_service|
+    permission_service.allow_action?(*args)
+  end
+end
+
+RSpec::Matchers.define :allow_attribute do |*args|
+  match do |permission_service|
+    permission_service.allow_attribute?(*args)
+  end
+end
+RSpec::Matchers.define :passed_filters do |*args|
+  match do |permission_service|
+    permission_service.passed_filters?(*args)
+  end
+end

data/lib/permissioner/permission_configurer.rb

@@ -0,0 +1,59 @@
+module Permissioner
+
+  # This module is intended to be included in a class configuring permissions for a permissions service.
+  #
+  # The including class should overwrite the instance method configure_permissions in which the can allow actions and
+  # attributes and can add filters. In order to support this, this module provides the methods #allow_actions,
+  # #allow_attributes and #add_filters which all will be delegated to the permission service.
+  #
+  # To obtain the signed in user instance call current_user.
+  #
+  # In order to get an instance of the including class call the class method ::create acting as an factory method and
+  # ensures correct initialization.
+  #
+  # class ManagerPermissions
+  #
+  #   include Permissioner::PermissionConfigurer
+  #
+  #   def configure_permissions
+  #
+  #     if current_user.manager?
+  #
+  #       allow_actions :projects, :update
+  #       allow_attributes: project, [:name, description]
+  #     end
+  # end
+  #
+  module PermissionConfigurer
+
+    attr_accessor :current_user, :permission_service
+    delegate :allow_actions, :allow_attributes, :add_filter, to: :permission_service
+
+    module ClassMethods
+
+      # Calling this method is the only intended way for creating an instance of the including class. It ensures the
+      # correct initialization and configurations of the permissions.
+      #
+      # Expects the an instance of a class including module Permissioner::PermissionServiceAdditions acting as
+      # permission service and current signed in user.
+      #
+      def create permission_service, current_user
+        permission_configurer= self.new
+        permission_configurer.permission_service = permission_service
+        permission_configurer.current_user = current_user
+        permission_configurer.configure_permissions
+        permission_configurer
+      end
+    end
+
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    # Should be overwritten by the including class and is called during initialization in ::create.
+    # This the intended place where permissions should be configured.
+    #
+    def configure_permissions
+    end
+  end
+end

data/lib/permissioner/permission_service_additions.rb

@@ -0,0 +1,105 @@
+module Permissioner
+  module PermissionServiceAdditions
+
+    module ClassMethods
+
+      def create current_user
+        permission_service = self.new
+        permission_service.current_user = current_user
+        permission_service.configure_permissions
+        permission_service
+      end
+    end
+
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    attr_accessor :current_user
+
+    def allow_action?(controller, action, resource = nil)
+      allowed = @allow_all || (@allowed_actions && @allowed_actions[[controller.to_s, action.to_s]])
+      allowed && (allowed == true || resource && allowed.call(resource))
+    end
+
+    def allow_attribute?(resource, attribute)
+      @allow_all || @allowed_attributes && @allowed_attributes[resource].try(:include?, attribute)
+    end
+
+    def passed_filters?(controller, action, params)
+      if @filters && @filters[[controller.to_s, action.to_s]]
+        @filters[[controller.to_s, action.to_s]].all? { |block| block.call(params) }
+      else
+        true
+      end
+    end
+
+    def permit_params!(params)
+      if @allow_all
+        params.permit!
+      elsif @allowed_attributes
+        @allowed_attributes.each do |resource, attributes|
+          if params[resource].respond_to? :permit
+            params[resource] = params[resource].permit(*attributes)
+          end
+        end
+      end
+    end
+
+    def allow_all
+      @allow_all = true
+    end
+
+    #Adds the given actions to the list of allowed actions.
+    #The first argument is the controller, the second is the action.
+    #You can allow a single action or multiple actions at once:
+    #
+    #   allow_actions :comments, :index
+    #   allow_acitons [:comments, :posts], [:index, :create, :update]
+    #
+    #If a block is given it is stored for the given action and will be evaluated every time the authorization for the
+    #action runs. If the block returns true the action is allowed otherwise not. The current_resource will be put
+    #in the block.
+    #
+    def allow_actions(controllers, actions, &block)
+      @allowed_actions ||= {}
+      Array(controllers).each do |controller|
+        Array(actions).each do |action|
+          @allowed_actions[[controller.to_s, action.to_s]] = block || true
+        end
+      end
+    end
+
+    def allow_attributes(resources, attributes)
+      @allowed_attributes ||= {}
+      Array(resources).each do |resource|
+        @allowed_attributes[resource] ||= []
+        @allowed_attributes[resource] += Array(attributes)
+      end
+    end
+
+    def add_filter(controllers, actions, &block)
+      raise 'no block given' unless block_given?
+      @filters ||= {}
+      Array(controllers).each do |controller|
+        Array(actions).each do |action|
+          @filters[[controller.to_s, action.to_s]] ||= []
+          @filters[[controller.to_s, action.to_s]] << block
+        end
+      end
+    end
+
+    # Configures permissions by calling the factory method ::create on the given class which is intended to include
+    # the module Permissioner::PermissionConfigurer.
+    #
+    def configure configurer_class
+      configurer_class.create(self, current_user)
+    end
+
+    # Should be overwritten by the including class and is called during initialization in ::create.
+    # This the intended place where permissions should be configured.
+    #
+    def configure_permissions
+    end
+  end
+end

data/lib/permissioner/railtie.rb

@@ -0,0 +1,8 @@
+module Permissioner
+  class Railtie < Rails::Railtie
+
+    initializer "permissioner.controller_additions" do
+      ActionController::Base.send :include, ControllerAdditions
+    end
+  end
+end

data/lib/permissioner/version.rb

@@ -0,0 +1,3 @@
+module Permissioner
+  VERSION = "0.0.1.beta"
+end

data/lib/permissioner.rb

@@ -0,0 +1,9 @@
+require "permissioner/version"
+require "permissioner/permission_service_additions"
+require "permissioner/permission_configurer"
+require "permissioner/controller_additions"
+require "permissioner/exceptions"
+require "permissioner/railtie" if defined?(Rails)
+
+module Permissioner
+end

data/permissioner.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'permissioner/version'
+
+Gem::Specification.new do |gem|
+  gem.name = "permissioner"
+  gem.version = Permissioner::VERSION
+  gem.authors = ["Daniel Grawunder, Christian Mierich"]
+  gem.email = ["gramie.sw@gmail.com"]
+  gem.description = %q{A Ruby on Rails authorization gem}
+  gem.summary = %q{An easy to use authorization solution for Ruby on Rails.}
+
+  gem.files = `git ls-files`.split($/)
+  gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
+  gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_development_dependency "rspec", "~> 2.13"
+  gem.add_development_dependency "activesupport", "~>3.2"
+  gem.add_development_dependency "guard-rspec", "~>2.6.0"
+end

data/spec/permissioner/controller_additions_spec.rb

@@ -0,0 +1,107 @@
+require 'spec_helper'
+
+describe Permissioner::ControllerAdditions do
+
+  before :each do
+    @controller_class = Class.new
+    @controller_class.stub(:helper_method)
+    @controller_class.send(:include, Permissioner::ControllerAdditions)
+    @controller = @controller_class.new
+    @controller.stub(:current_user)
+  end
+
+  describe '::included' do
+
+    before :each do
+      @clazz = Class.new
+    end
+
+    it 'should delegate helper methods to permission service' do
+      @clazz.should_receive(:helper_method).with(:allow_action?, :allow_attribute?)
+      @clazz.send(:include, Permissioner::ControllerAdditions)
+    end
+
+    it 'should delegate helper methods to permission servie' do
+      @clazz.stub(:helper_method)
+      @clazz.should_receive(:delegate).with(:allow_action?, :allow_attribute?, to: :permission_service)
+      @clazz.send(:include, Permissioner::ControllerAdditions)
+    end
+  end
+
+
+  describe 'authorize' do
+
+    before :each do
+      @params = {controller: 'comments', action: 'index'}
+      @controller.stub(:params).and_return(@params)
+    end
+
+    it 'should call permit_params! if action allwed and filters passed' do
+      @controller.permission_service.should_receive(:allow_action?).and_return(true)
+      @controller.permission_service.should_receive(:passed_filters?).and_return(true)
+      @controller.permission_service.should_receive(:permit_params!).with(@params)
+      @controller.authorize
+    end
+
+    it 'should call allow_action? with correct parameters' do
+      @controller.should_receive(:current_resource).and_return('current_resource')
+      @controller.permission_service.should_receive(:allow_action?).with('comments', 'index', 'current_resource').and_return(true)
+      @controller.permission_service.stub(:passed_filters?).and_return(true)
+      @controller.authorize
+    end
+
+    it 'should call add_filters? with correct parameters' do
+      @controller.should_receive(:current_resource).and_return('current_resource')
+      @controller.permission_service.stub(:allow_action?).and_return(true)
+      @controller.permission_service.should_receive(:passed_filters?).with('comments', 'index', @params).and_return(true)
+      @controller.authorize
+    end
+
+    it 'should raise Permissioner::NotAuthorized when action not allowed' do
+      @controller.permission_service.should_receive(:allow_action?).with('comments', 'index', nil).and_return(false)
+      expect {
+        @controller.authorize
+      }.to raise_error Permissioner::NotAuthorized
+    end
+
+    it 'should raise Permissioner::NotAuthorized when action are allowed but filters did not passed' do
+      @controller.permission_service.should_receive(:allow_action?).and_return(true)
+      @controller.permission_service.should_receive(:passed_filters?).and_return(false)
+      expect {
+        @controller.authorize
+      }.to raise_error Permissioner::NotAuthorized
+    end
+  end
+
+  describe '#permission_service' do
+
+    it 'should return instance of PermissionService' do
+      @controller.permission_service.class.should eq PermissionService
+    end
+
+    it 'should cache PermissionService instance' do
+      permission_service_1 = @controller.permission_service
+      permission_service_2 = @controller.permission_service
+      permission_service_1.should eq permission_service_2
+    end
+
+    it 'should create PermissionService by calling PermissionService::create' do
+      PermissionService.should_receive(:create)
+      @controller.permission_service
+    end
+
+    it 'should pass current_user to PermissionService::create' do
+      @controller.should_receive(:current_user).and_return('current_user')
+      PermissionService.should_receive(:create).with('current_user')
+      @controller.permission_service
+    end
+  end
+
+  describe '#current_resource' do
+
+    it 'should return nil as default' do
+      @controller.current_resource.should be_nil
+    end
+  end
+
+end

data/spec/permissioner/matchers_spec.rb

@@ -0,0 +1,47 @@
+require 'spec_helper'
+
+describe 'matchers' do
+
+  before :each do
+    @permission_service = double('permission_service')
+  end
+
+  describe 'allow_action' do
+
+    it 'should delegate call to PermissionService#allow_action?' do
+      @permission_service.should_receive(:allow_action?).with(:comments, :index).and_return(true)
+      @permission_service.should allow_action :comments, :index
+    end
+
+    it 'should return false when PermissionService#allow_action? returns false' do
+      @permission_service.should_receive(:allow_action?).and_return(false)
+      @permission_service.should_not allow_action
+    end
+  end
+
+  describe 'allow_attribute' do
+
+    it 'should delegate call to PermissionService#allow_action?' do
+      @permission_service.should_receive(:allow_attribute?).with(:comment, :user_id, :text).and_return(true)
+      @permission_service.should allow_attribute :comment, :user_id, :text
+    end
+
+    it 'should return false when PermissionService#allow_action? returns false' do
+      @permission_service.should_receive(:allow_attribute?).and_return(false)
+      @permission_service.should_not allow_attribute
+    end
+  end
+
+  describe 'passed_filters' do
+
+    it 'should delegate call to PermissionService#allow_action?' do
+      @permission_service.should_receive(:passed_filters?).with(:comment, :user_id, :text).and_return(true)
+      @permission_service.should passed_filters :comment, :user_id, :text
+    end
+
+    it 'should return false when PermissionService#allow_action? returns false' do
+      @permission_service.should_receive(:passed_filters?).and_return(false)
+      @permission_service.should_not passed_filters
+    end
+  end
+end

data/spec/permissioner/permission_configurer_spec.rb

@@ -0,0 +1,60 @@
+require 'spec_helper'
+
+describe Permissioner::PermissionConfigurer do
+
+  before :each do
+    @permission_configurer_class = Class.new
+    @permission_configurer_class.send(:include, Permissioner::PermissionConfigurer)
+    @permissioin_configurer = @permission_configurer_class.new
+  end
+
+  context 'delegation' do
+
+    it 'should delegate call to allow_actions to permission_service' do
+      @permissioin_configurer.should_receive(:allow_actions).with(:comments, :index)
+      @permissioin_configurer.allow_actions(:comments, :index)
+    end
+
+    it 'should delegate call to allow_attributes to permission_service' do
+      @permissioin_configurer.should_receive(:allow_attributes).with(:comment, [:user_id, :text])
+      @permissioin_configurer.allow_attributes(:comment, [:user_id, :text])
+    end
+
+    it 'should delegate call to add_filter to permission_service' do
+      @permissioin_configurer.should_receive(:add_filter).with(:comments, :create, Proc.new {})
+      @permissioin_configurer.add_filter(:comments, :create, Proc.new {})
+    end
+  end
+
+  describe '::included' do
+
+    it 'should extend including class with module Permissioner::PermissionConfigurer::ClassMethods' do
+      clazz = Class.new
+      clazz.should_receive(:extend).with(Permissioner::PermissionConfigurer::ClassMethods)
+      clazz.send(:include, Permissioner::PermissionConfigurer)
+    end
+  end
+  
+  describe '::create' do
+
+    it 'should return permission_service instance' do
+      permission_service = @permission_configurer_class.create(nil, nil)
+      permission_service.class.included_modules.should include(Permissioner::PermissionConfigurer)
+    end
+
+    it 'should set permission_service' do
+      @permission_configurer_class.any_instance.should_receive(:permission_service=).with('permission_service')
+      @permission_configurer_class.create('permission_service', nil)
+    end
+
+    it 'should set current_user' do
+      @permission_configurer_class.any_instance.should_receive(:current_user=).with('current_user')
+      @permission_configurer_class.create(nil, 'current_user')
+    end
+
+    it 'should call configure_permissions current_user' do
+      @permission_configurer_class.any_instance.should_receive(:configure_permissions)
+      @permission_configurer_class.create(nil, nil)
+    end
+  end
+end

data/spec/permissioner/permission_service_additions_spec.rb

@@ -0,0 +1,263 @@
+require 'spec_helper'
+
+describe Permissioner::PermissionServiceAdditions do
+
+  before :each do
+    @permission_service_class = Class.new
+    @permission_service_class.send(:include, Permissioner::PermissionServiceAdditions)
+    @permission_service = @permission_service_class.new
+  end
+
+  describe '::included' do
+
+    it 'should extend including class with module Permissioner::PermissionServiceAdditions::ClassMethods' do
+      clazz = Class.new
+      clazz.should_receive(:extend).with(Permissioner::PermissionServiceAdditions::ClassMethods)
+      clazz.send(:include, Permissioner::PermissionServiceAdditions)
+    end
+  end
+
+  describe '::create' do
+
+    before :each do
+      @permission_service_class.any_instance.stub(:configure_permissions)
+    end
+
+    it 'should return permission_service instance' do
+      permission_service = @permission_service_class.create(nil)
+      permission_service.class.included_modules.should include(Permissioner::PermissionServiceAdditions)
+    end
+
+    it 'should set current_user' do
+      @permission_service_class.any_instance.should_receive(:current_user=).with('current_user')
+      @permission_service_class.create('current_user')
+    end
+
+    it 'should call configure_permissions current_user' do
+      @permission_service_class.any_instance.should_receive(:configure_permissions)
+      @permission_service_class.create(nil)
+    end
+  end
+
+  describe '#allow_action?' do
+
+    it 'should return true if @allow_all is true' do
+      @permission_service.allow_all
+      @permission_service.allow_action?(:comments, :index).should be_true
+    end
+
+    context 'when no block given' do
+
+      it 'should return true if given action allowed' do
+        @permission_service.allow_actions :comments, :index
+        @permission_service.allow_action?(:comments, :index).should be_true
+      end
+
+      it 'should return false if given action not allowed' do
+        @permission_service.allow_action?(:comments, :index).should be_false
+        @permission_service.allow_actions :comments, :create
+        @permission_service.allow_action?(:comments, :index).should be_false
+      end
+    end
+
+    context 'when block given' do
+
+      it 'should call block for given action when ressource is given' do
+        block = Proc.new {}
+        block.should_receive(:call)
+        @permission_service.allow_actions :comments, :index, &block
+        @permission_service.allow_action?(:comments, :index, 'resource')
+      end
+
+      it 'should not call block for given action but no ressource is given' do
+        block = Proc.new {}
+        block.should_receive(:call).never
+        @permission_service.allow_actions :comments, :index, &block
+        @permission_service.allow_action?(:comments, :index)
+      end
+
+      it 'should return true when block returns true' do
+        block = Proc.new { true }
+        @permission_service.allow_actions :comments, :index, &block
+        @permission_service.allow_action?(:comments, :index, 'resource').should be_true
+      end
+
+      it 'should return false when block returns false' do
+        block = Proc.new { false }
+        @permission_service.allow_actions :comments, :index, &block
+        @permission_service.allow_action?(:comments, :index, 'resource').should be_false
+      end
+
+      it 'should return false when no ressource given' do
+        block = Proc.new { true }
+        @permission_service.allow_actions :comments, :index, &block
+        @permission_service.allow_action?(:comments, :index).should be_false
+      end
+    end
+  end
+
+  describe '#passed_filters?' do
+
+    it 'should return true when all blocks for given controller and action returns true' do
+      @permission_service.add_filter(:comments, :create, &Proc.new { true })
+      @permission_service.passed_filters?(:comments, :create, 'params').should be_true
+    end
+
+    it 'should return true when no filters are added at all' do
+      @permission_service.passed_filters?(:comments, :create, 'params').should be_true
+    end
+
+    it 'should return true when for given controller and action no filters has been added' do
+      @permission_service.add_filter(:comments, :update, &Proc.new {})
+      @permission_service.passed_filters?(:comments, :create, 'params').should be_true
+    end
+
+    it 'should return false when at least one block for given controller and action returns false' do
+      @permission_service.add_filter(:comments, :create, &Proc.new { true })
+      @permission_service.add_filter(:comments, :create, &Proc.new { false })
+      @permission_service.add_filter(:comments, :create, &Proc.new { true })
+      @permission_service.passed_filters?(:comments, :create, 'params').should be_false
+    end
+
+    it 'should pass params to the given block' do
+      params = Object.new
+      @permission_service.add_filter(:comments, :create, &Proc.new { |p| p.object_id.should eq params.object_id })
+      @permission_service.passed_filters?(:comments, :create, params)
+    end
+  end
+
+  describe '#allow_attributes?' do
+
+    it 'should return true when @allow_all is true' do
+      @permission_service.allow_all
+      @permission_service.allow_attribute?(:comment, :user_id).should be_true
+    end
+
+    it 'should return true when param is allowed' do
+      @permission_service.allow_attributes(:comment, :user_id)
+      @permission_service.allow_attribute?(:comment, :user_id).should be_true
+    end
+
+    it 'should return false when param not allowed' do
+      @permission_service.allow_attribute?(:comment, :user_id).should be_false
+    end
+  end
+
+  describe '#permit_params!' do
+
+    it 'should call permit! on given params when @allow_all is true' do
+      params = double('params')
+      params.should_receive(:permit!)
+      @permission_service.allow_all
+      @permission_service.permit_params!(params)
+    end
+
+    it 'should call permit on allowed params' do
+      params = {comment: {user_id: '12', text: 'text', date: 'date'}, post: {title: 'title', content: 'content'}}
+      @permission_service.allow_attributes(:comment, [:user_id, :text])
+      @permission_service.allow_attributes(:post, [:title, :content])
+      params[:comment].should_receive(:respond_to?).with(:permit).and_return(true)
+      params[:comment].should_receive(:permit).with(:user_id, :text)
+      params[:post].should_receive(:permit).with(:title, :content)
+      @permission_service.permit_params!(params)
+    end
+  end
+
+  describe '#allow_all' do
+
+    it 'should set @allow_all to true' do
+      @permission_service.allow_all
+      @permission_service.instance_variable_get(:@allow_all).should be_true
+    end
+  end
+
+  describe '#allow_actions' do
+
+    it 'should add controller and action to @allowed_actions' do
+      @permission_service.allow_actions :comments, :index
+      allowed_actions = @permission_service.instance_variable_get(:@allowed_actions)
+      allowed_actions.count.should eq 1
+      allowed_actions[['comments', 'index']].should be_true
+    end
+
+    it 'should add controllers and action to @allowed_actions when multiple given' do
+      @permission_service.allow_actions([:comments, :users], [:index, :create])
+      allowed_actions = @permission_service.instance_variable_get(:@allowed_actions)
+      allowed_actions.count.should eq 4
+      allowed_actions[['comments', 'index']].should be_true
+      allowed_actions[['comments', 'create']].should be_true
+      allowed_actions[['users', 'index']].should be_true
+      allowed_actions[['users', 'create']].should be_true
+    end
+
+    it 'should add controllers and action to @allowed_actions and store block when given' do
+      block = Proc.new {}
+      @permission_service.allow_actions(:comments, :edit, &block)
+      allowed_actions = @permission_service.instance_variable_get(:@allowed_actions)
+      allowed_actions[['comments', 'edit']].object_id.should eq block.object_id
+    end
+  end
+
+  describe '#allow_attributes' do
+
+    it 'should add resource and attribute to @allowed_params' do
+      @permission_service.allow_attributes :comment, :text
+      allowed_params = @permission_service.instance_variable_get(:@allowed_attributes)
+      allowed_params.count.should eq 1
+      allowed_params[:comment].should eq [:text]
+    end
+
+    it 'should add resource and attribute to @allowed_params if multiple given' do
+      @permission_service.allow_attributes [:comment, :post], [:user, :text]
+      allowed_params = @permission_service.instance_variable_get(:@allowed_attributes)
+      allowed_params.count.should eq 2
+      allowed_params[:comment].should eq [:user, :text]
+      allowed_params[:post].should eq [:user, :text]
+    end
+  end
+
+  describe '#add_filter' do
+
+    it 'should add given block to @filters addressed by controller and action' do
+      block = Proc.new {}
+      @permission_service.add_filter(:comments, :create, &block)
+      filter_list = @permission_service.instance_variable_get(:@filters)[['comments', 'create']]
+      filter_list.count.should eq 1
+      filter_list.should include block
+    end
+
+    it 'should add given block to @filters addressed by controller and action when multiple given' do
+      block = Proc.new {}
+      @permission_service.add_filter([:comments, :posts], [:create, :update], &block)
+      @permission_service.instance_variable_get(:@filters)[['comments', 'create']].should include block
+      @permission_service.instance_variable_get(:@filters)[['comments', 'update']].should include block
+      @permission_service.instance_variable_get(:@filters)[['posts', 'create']].should include block
+      @permission_service.instance_variable_get(:@filters)[['posts', 'update']].should include block
+    end
+
+    it 'should add multiple blocks to @filters addressed by controller and action' do
+      block_1 = Proc.new { 'block 1' }
+      block_2 = Proc.new { 'block 2' }
+      @permission_service.add_filter(:comments, :create, &block_1)
+      @permission_service.add_filter(:comments, :create, &block_2)
+      filter_list = @permission_service.instance_variable_get(:@filters)[['comments', 'create']]
+      filter_list.count.should eq 2
+      filter_list.should include block_1
+      filter_list.should include block_2
+    end
+
+    it 'should rails exception when no block given' do
+      expect { @permission_service.add_filter(:comments, :index) }.to raise_error('no block given')
+    end
+  end
+
+  describe 'configure' do
+
+    it 'should call create on the given configurer class' do
+    @permission_service.stub(:current_user).and_return('current_user')
+    configurer_class = double('permission_configurer')
+    configurer_class.should_receive(:create).with(@permission_service, 'current_user')
+    @permission_service.configure(configurer_class)
+  end
+end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+require 'active_support/core_ext/object/try'
+require 'active_support/core_ext/module/delegation'
+require 'permissioner'
+require 'permissioner/matchers'
+
+
+class PermissionService
+
+  include Permissioner::PermissionServiceAdditions
+end

metadata

@@ -0,0 +1,121 @@
+--- !ruby/object:Gem::Specification
+name: permissioner
+version: !ruby/object:Gem::Version
+  version: 0.0.1.beta
+  prerelease: 6
+platform: ruby
+authors:
+- Daniel Grawunder, Christian Mierich
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-05-09 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.13'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.13'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: guard-rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+description: A Ruby on Rails authorization gem
+email:
+- gramie.sw@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- CHANGELOG
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- epl-v10.html
+- lib/permissioner.rb
+- lib/permissioner/controller_additions.rb
+- lib/permissioner/exceptions.rb
+- lib/permissioner/matchers.rb
+- lib/permissioner/permission_configurer.rb
+- lib/permissioner/permission_service_additions.rb
+- lib/permissioner/railtie.rb
+- lib/permissioner/version.rb
+- permissioner.gemspec
+- spec/permissioner/controller_additions_spec.rb
+- spec/permissioner/matchers_spec.rb
+- spec/permissioner/permission_configurer_spec.rb
+- spec/permissioner/permission_service_additions_spec.rb
+- spec/spec_helper.rb
+homepage: 
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>'
+    - !ruby/object:Gem::Version
+      version: 1.3.1
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: An easy to use authorization solution for Ruby on Rails.
+test_files:
+- spec/permissioner/controller_additions_spec.rb
+- spec/permissioner/matchers_spec.rb
+- spec/permissioner/permission_configurer_spec.rb
+- spec/permissioner/permission_service_additions_spec.rb
+- spec/spec_helper.rb