permissioner 0.0.2.beta → 0.1.0.beta

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cfc2e5ec9d5f94f5c6630cac9b25295e5d6c0730
-  data.tar.gz: 35ceaa2887957280d16025bf13da99d891d23685
+  metadata.gz: 5ba85c8029c5e0f9a4f4f9e57c546ff2dc87e74e
+  data.tar.gz: e9502b6cb5c9a1dc7a269ce74af1e93b23e4606e
 SHA512:
-  metadata.gz: 68a379955f1b30f03d356196495edc5bc3ba5a7f51cd6466e7723e453fcbcea5db11bad372a71fad1b6e2f9fab298af4adcc8a3cbd032bba50f8dcf6e147c01f
-  data.tar.gz: e2dd5c7b676575a23fe64207317e2af0ff00fbdc51df8f6442a2342bd8ffc4905989c11be269665a22e68f1732985704b15bbd85ae2fde09c283b685dfb36fa0
+  metadata.gz: e4802cc89cfb79b4a6d500f72ca4d0e4d31650bf6c183bebd8c7caac7d34342d074fead3c94e9ece2d6e3eb79f4d3b04566a497c52806d2cf8e12be65c993295
+  data.tar.gz: 9d1710c507e6d7a74ed131d8f8899bd3ef6abcd7623ff676c69c3341be585a0d150f7c7536c073152ae4ad8674286157c017cbaf83f983a24485448b90d995c0

data/lib/permissioner.rb

@@ -1,6 +1,6 @@
 require "permissioner/version"
-require "permissioner/permission_service_additions"
-require "permissioner/permission_configurer"
+require "permissioner/service_additions"
+require "permissioner/configurer"
 require "permissioner/controller_additions"
 require "permissioner/exceptions"
 require "permissioner/railtie" if defined?(Rails)

data/lib/permissioner/{permission_configurer.rb → configurer.rb}

@@ -24,10 +24,10 @@ module Permissioner
   #     end
   # end
   #
-  module PermissionConfigurer
+  module Configurer
 
     attr_reader :current_user, :permission_service
-    delegate :allow_actions, :allow_attributes, :add_filter, to: :permission_service
+    delegate :allow_actions, :allow_attributes, :add_filter, :clear_filters, to: :permission_service
 
 
     # Expects an instance of a class including module Permissioner::PermissionServiceAdditions acting as

data/lib/permissioner/controller_additions.rb

@@ -7,8 +7,7 @@ module Permissioner
     end
 
     def authorize
-      if permission_service.allow_action?(params[:controller], params[:action], current_resource) &&
-          permission_service.passed_filters?(params[:controller], params[:action], params)
+      if permission_service.allow_action?(params[:controller], params[:action], resource: current_resource, params: params)
         permission_service.permit_params!(params)
       else
         raise Permissioner::NotAuthorized

data/lib/permissioner/matchers.rb

@@ -1,16 +1,48 @@
-RSpec::Matchers.define :allow_action do |*args|
-  match do |permission_service|
-    permission_service.allow_action?(*args)
-  end
-end
+require 'permissioner/matchers/exactly_expect_actions'
+require 'permissioner/matchers/exactly_allow_attributes'
+require 'permissioner/matchers/exactly_allow_controllers'
+require 'permissioner/matchers/exactly_allow_resources'
 
 RSpec::Matchers.define :allow_attribute do |*args|
   match do |permission_service|
     permission_service.allow_attribute?(*args)
   end
 end
-RSpec::Matchers.define :pass_filters do |controller, action, params={}|
+
+RSpec::Matchers.define :pass_filters do |*args|
   match do |permission_service|
-    permission_service.passed_filters?(controller, action, params)
+    permission_service.passed_filters?(*args)
+  end
+end
+
+module Permissioner
+  module Matchers
+
+    RSpec::Matchers.define :allow_action do |*args|
+      match do |permission_service|
+        permission_service.allow_action?(*args)
+      end
+    end
+
+    def exactly_allow_actions(*expected_actions)
+      ExactlyExpectActions.new(:@allowed_actions, *expected_actions)
+    end
+
+    def exactly_have_filters_for(*expected_actions)
+      ExactlyExpectActions.new(:@filters, *expected_actions)
+    end
+
+    def exactly_allow_attributes(*expected_attributes)
+      ExactlyAllowAttributes.new(*expected_attributes)
+    end
+
+    def exactly_allow_controllers(*expected_controllers)
+      ExactlyAllowControllers.new(*expected_controllers)
+    end
+
+    def exactly_allow_resources(*expected_resources)
+      ExactlyAllowResources.new(*expected_resources)
+    end
+
   end
 end

data/lib/permissioner/matchers/exactly_allow_attributes.rb

@@ -0,0 +1,137 @@
+module Permissioner
+  module Matchers
+    class ExactlyAllowAttributes
+
+      def initialize(*all_expected_attributes)
+        @all_expected_attributes = all_expected_attributes.collect do |value|
+          raise 'multiple attributes for a resource must stated as array, e.g. [:user_id, :username]' if value.size > 2
+          [value[0], Array(value[1])]
+        end
+        @failing_attributes = []
+      end
+
+      def matches?(permission_service)
+        @permission_service = permission_service
+        expected_attributes_exactly_match?
+      end
+
+      def failure_message_for_should
+        if @failing_attributes.empty?
+          "expected to find allowed attributes for resources\n" \
+          "#{all_expected_resources}, but found allowed attributes for resources\n"\
+          "#{all_allowed_resources}"
+        else
+          message = "expected attributes did not match for following resources:\n"
+          @failing_attributes.inject(message) do |msg, value|
+            msg +=
+                "#{value[0]}:\n"\
+                "#{value[1]} were expected to be allowed, but attributes\n"\
+                "#{allowed_attrributes_for_resource(value[0])} are allowed\n"
+            msg
+          end
+        end
+      end
+
+      def failure_message_for_should_not
+        'given attributes are exactly allowed although this is not expected'
+      end
+
+      private
+
+      def expected_attributes_exactly_match?
+        resources_exactly_match? && attributes_exactly_match?
+      end
+
+      def resources_exactly_match?
+        all_expected_resources == all_allowed_resources
+      end
+
+      def attributes_exactly_match?
+        @all_expected_attributes.each do |resource, expected_attributes_for_resource|
+
+          match = expected_attributes_for_resource.count == allowed_attrributes_for_resource(resource).count
+
+          if match
+            match = expected_attributes_for_resource.all? do |expected_attribute|
+              @permission_service.allow_attribute?(resource, expected_attribute)
+            end
+          end
+
+          unless match
+            @failing_attributes << [resource, expected_attributes_for_resource]
+          end
+        end
+        @failing_attributes.empty?
+      end
+
+      def all_expected_resources
+        @all_expected_resources ||= begin
+          @all_expected_attributes.collect { |value| value[0] }.sort
+        end
+      end
+
+      def all_allowed_resources
+        @all_allowed_resources ||= begin
+          if all_allowed_attributes.any?
+            all_allowed_attributes.keys.sort
+          else
+            []
+          end
+        end
+      end
+
+      def allowed_attrributes_for_resource(resource)
+        @all_allowed_attributes ||= {}
+        @all_allowed_attributes[resource] ||= begin
+          if all_allowed_attributes[resource]
+            all_allowed_attributes[resource].sort
+          else
+            []
+          end
+        end
+      end
+
+      def all_allowed_attributes
+        @all_allowed_attributes ||= begin
+          all_allowed_attributes = @permission_service.instance_variable_get(:@allowed_attributes)
+          all_allowed_attributes || {}
+        end
+      end
+
+      #def matches?(permission_service)
+      #  @permission_service = permission_service
+      #  expected_attributs_exactly_macht? allowed_attributes_for_resource
+      #end
+      #
+      #def failure_message_for_should
+      #  "expected that for resource \"#{@resource}\" attributes\n"\
+      #  "#{@expected_attributes} are exactly allowed, but found attributes\n"\
+      #  "#{allowed_attributes_for_resource} allowed"
+      #end
+      #
+      #def failure_message_for_should_not
+      #  "expected that for resource \"#{@resource}\" attributes\n"\
+      #  "#{@expected_attributes} are exactly not allowed,\n"\
+      #  "but those attributes are exactly allowed\n"
+      #end
+      #
+      #private
+      #
+      #def expected_attributs_exactly_macht?(allowed_attributes_for_resource)
+      #  allowed_attributes_for_resource.count == @expected_attributes.count &&
+      #      @expected_attributes.all? { |attribute| allowed_attributes_for_resource.include? attribute }
+      #end
+      #
+      #def allowed_attributes_for_resource
+      #  @allowed_attributes_for_resource ||= begin
+      #    all_allowed_attributes = @permission_service.instance_variable_get(:@allowed_attributes)
+      #    if all_allowed_attributes && all_allowed_attributes[@resource]
+      #      all_allowed_attributes[@resource]
+      #    else
+      #      []
+      #    end
+      #  end
+      #end
+    end
+  end
+end

data/lib/permissioner/matchers/exactly_allow_controllers.rb

@@ -0,0 +1,48 @@
+module Permissioner
+  module Matchers
+    class ExactlyAllowControllers
+
+      def initialize(*expected_controllers)
+        @expected_controllers = expected_controllers.collect { |controller| controller.to_s }
+      end
+
+      def matches?(permission_service)
+        @permission_service = permission_service
+        controllers_exactly_match?(allowed_controllers)
+      end
+
+      def failure_message_for_should
+        "expected to exactly allow controllers \n" \
+          "#{@expected_controllers.sort}, but found controllers\n"\
+          "#{allowed_controllers.sort} allowed"
+      end
+
+      def failure_message_for_should_not
+        "expected to exactly not allow controllers \n" \
+          "#{@expected_controllers.sort}, but these controllers are exactly allowed\n"\
+      end
+
+      private
+
+      def allowed_controllers
+        @allowed_controllers ||= begin
+          all_allowed_actions = @permission_service.instance_variable_get(:@allowed_actions)
+          if all_allowed_actions
+            all_allowed_actions.keys.collect { |e| e.first }.uniq
+          else
+            []
+          end
+        end
+      end
+
+      def all_controllers_allowed?(allowed_controllers)
+        @expected_controllers.all? { |controller| allowed_controllers.include? controller }
+      end
+
+      def controllers_exactly_match?(allowed_controllers)
+        allowed_controllers.count == @expected_controllers.count && all_controllers_allowed?(allowed_controllers)
+      end
+
+    end
+  end
+end

data/lib/permissioner/matchers/exactly_allow_resources.rb

@@ -0,0 +1,44 @@
+module Permissioner
+  module Matchers
+    class ExactlyAllowResources
+
+      def initialize(*expected_resources)
+        @expected_resources = expected_resources
+      end
+
+      def matches?(permission_service)
+        @permission_service = permission_service
+        resources_exactly_match?
+      end
+
+      def failure_message_for_should
+        "expected to exactly allow resources \n" \
+        "#{@expected_resources.sort}, but found resources\n"\
+        "#{allowed_resources.sort} allowed"
+      end
+
+      def failure_message_for_should_not
+        "expected to exactly not allow resources \n" \
+        "#{@expected_resources.sort}, but these resources are exactly allowed\n"\
+      end
+
+      private
+
+      def resources_exactly_match?
+        allowed_resources.count == @expected_resources.count &&
+            @expected_resources.all? { |resource| allowed_resources.include? resource }
+      end
+
+      def allowed_resources
+        @allowed_resources ||= begin
+          allowed_attributes = @permission_service.instance_variable_get(:@allowed_attributes)
+          if allowed_attributes
+            allowed_attributes.keys
+          else
+            []
+          end
+        end
+      end
+    end
+  end
+end

data/lib/permissioner/matchers/exactly_expect_actions.rb

@@ -0,0 +1,100 @@
+module Permissioner
+  module Matchers
+    class ExactlyExpectActions
+
+      def initialize(actions_instance_var, *all_expected_actions)
+        @all_expected_actions = all_expected_actions.collect do |value|
+          raise 'multiple actions for a controller must stated as array, e.g. [:new, :create]' if value.size > 2
+          [value[0].to_s, Array(value[1]).collect! { |e| e.to_s }]
+        end
+        @failing_actions = []
+        @actions_instance_var = actions_instance_var
+      end
+
+      def matches?(permission_service)
+        @permission_service = permission_service
+        expected_actions_exactly_match?
+      end
+
+      def failure_message_for_should
+        if @failing_actions.empty?
+          "expected to find actions for controllers \n" \
+          "#{all_expected_controllers}, but found actions for controllers\n"\
+          "#{all_actuel_controllers}"
+        else
+          message = "expected actions did not match for following controllers:\n"
+          @failing_actions.inject(message) do |msg, value|
+            msg +=
+                "#{value[0]}:\n"\
+                "#{value[1]} were expected but found actions\n"\
+                "#{actual_actions_for_controller(value[0])}\n"
+            msg
+          end
+        end
+      end
+
+      def failure_message_for_should_not
+        'given actions are exactly match although this is not expected'
+      end
+
+      private
+
+      def expected_actions_exactly_match?
+        controllers_exactly_match? && actions_exactly_match?
+      end
+
+      def controllers_exactly_match?
+        all_actuel_controllers == all_expected_controllers
+      end
+
+      def actions_exactly_match?
+        @all_expected_actions.each do |controller, expected_actions_for_controller|
+          expected_actions_for_controller.sort!
+          match = actions_for_controller_exactly_match?(controller, expected_actions_for_controller)
+          @failing_actions << [controller, expected_actions_for_controller] unless match
+          match
+        end
+        @failing_actions.empty?
+      end
+
+      def actions_for_controller_exactly_match?(controller, expected_actions_for_controller)
+        if expected_actions_for_controller == ['all']
+          actual_actions_for_controller(controller).include?('all')
+        else
+          expected_actions_for_controller == actual_actions_for_controller(controller)
+        end
+      end
+
+      def all_actuel_actions
+        @all_actuel_actions ||= begin
+          @permission_service.instance_variable_get(@actions_instance_var) || {}
+        end
+      end
+
+      def all_actuel_controllers
+        @all_actuel_controllers ||= begin
+          all_actuel_actions.keys.collect { |e| e.first }.uniq.sort
+        end
+      end
+
+      def all_expected_controllers
+        @all_expected_controllers ||= begin
+          @all_expected_actions.collect { |e| e[0] }
+        end.sort
+      end
+
+      def actual_actions_for_controller(controller)
+        @actual_actions_for_controller ||= {}
+
+        @actual_actions_for_controller[controller] ||= begin
+          all_actuel_actions.keys.inject([]) do |actual_actions_for_controller, value|
+            if value[0] == controller
+              actual_actions_for_controller << value[1]
+            end
+            actual_actions_for_controller
+          end.uniq.sort
+        end
+      end
+    end
+  end
+end

data/lib/permissioner/{permission_service_additions.rb → service_additions.rb}

@@ -1,5 +1,5 @@
 module Permissioner
-  module PermissionServiceAdditions
+  module ServiceAdditions
 
     attr_accessor :current_user
 
@@ -8,19 +8,23 @@ module Permissioner
       configure_permissions
     end
 
-
-    def allow_action?(controller, action, resource = nil)
-      allowed = @allow_all || (@allowed_actions && @allowed_actions[[controller.to_s, action.to_s]])
-      allowed && (allowed == true || resource && allowed.call(resource))
+    def allow_action?(controller, action, subjects={})
+      allowed =
+          @allow_all ||
+          (@allowed_actions &&
+              (@allowed_actions[[controller.to_s, action.to_s]] || @allowed_actions[[controller.to_s, 'all']]))
+      allowed = allowed && (allowed == true || allowed.call(subjects[:resource]))
+      allowed && passed_filters?(controller, action, subjects)
     end
 
     def allow_attribute?(resource, attribute)
       @allow_all || @allowed_attributes && @allowed_attributes[resource].try(:include?, attribute)
     end
 
-    def passed_filters?(controller, action, params)
+    def passed_filters?(controller, action, subjects={})
+      resource, params = subjects[:resource], subjects[:params] || {}
       if @filters && @filters[[controller.to_s, action.to_s]]
-        @filters[[controller.to_s, action.to_s]].all? { |block| block.call(params) }
+        @filters[[controller.to_s, action.to_s]].all? { |block| block.call(resource, params) }
       else
         true
       end
@@ -85,6 +89,18 @@ module Permissioner
       end
     end
 
+    def clear_all_filters
+      @filters = nil
+    end
+
+    def clear_filters controllers, actions
+      Array(controllers).each do |controller|
+        Array(actions).each do |action|
+          @filters.delete([controller.to_s, action.to_s])
+        end
+      end
+    end
+
     # Configures permissions by instantiate a new object of the given class which is intended to include
     # the module Permissioner::PermissionConfigurer.
     #