RubyGems - permissive - Versions diffs - 0.2.2.alpha → 0.2.4.alpha - Mend

permissive 0.2.2.alpha → 0.2.4.alpha

Files changed (13) hide show

data/VERSION +1 -1
data/lib/permissive/has_permissions.rb +16 -18
data/lib/permissive/permission.rb +0 -1
data/lib/permissive/permission_definition.rb +63 -7
data/spec/checking_permissions_spec.rb +71 -0
data/spec/defining_permissions_spec.rb +37 -0
data/spec/has_permissions_spec.rb +12 -328
data/spec/metaprogramming_spec.rb +75 -0
data/spec/roles_spec.rb +64 -0
data/spec/scoping_permissions_spec.rb +117 -0
data/spec/spec_helper.rb +7 -2
data/spec/spec_models.rb +13 -0
metadata +9 -3

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 0.2.2.alpha
1	+ 0.2.4.alpha

data/lib/permissive/has_permissions.rb CHANGED Viewed

@@ -22,6 +22,7 @@ module Permissive
           def can!(*args)
             options = args.extract_options!
             options.assert_valid_keys(:on, :reset)
+            options.delete(:on) if options[:on] == :global
             permission_matcher = case options[:on]
             when ActiveRecord::Base
               permission = proxy_owner.permissions.find_or_initialize_by_scoped_object_id_and_scoped_object_type(options[:on].id, options[:on].class.name)
@@ -41,8 +42,14 @@ module Permissive
                 permission.mask = permission.mask | bit
               end
             end
-            permission.save!
+            if proxy_owner.new_record?
+              permission.permitted_object = proxy_owner
+              proxy_owner.permissions.push(permission)
+            else
+              permission.save!
+            end
             permission
+            # raise 'set'
           end
           def can?(*args)
@@ -54,8 +61,12 @@ module Permissive
           def revoke(*args)
             options = args.extract_options!
-            if args.length == 1 && args.first == :all
-              on(options[:on]).destroy_all
+            if args.first == :all
+              if options[:on]
+                on(options[:on]).destroy_all
+              else
+                reload.destroy_all
+              end
             else
               bits = bits_for(options[:on], args)
               on(options[:on]).each do |permission|
@@ -71,7 +82,7 @@ module Permissive
           def bits_for(scope, permissions)
             on = PermissionDefinition.normalize_scope(proxy_owner.class, scope)
-            permissions.map do |permission|
+            permissions.flatten.map do |permission|
               proxy_owner.class.permissions[on].try(:permissions).try(:[], permission.to_s.underscore.gsub('/', '_').to_sym) || raise(Permissive::InvalidPermissionError.new("#{proxy_owner.class.name} does not have a#{'n' if permission.to_s[0, 1].downcase =~ /[aeiou]/} #{permission} permission#{" on #{on}" if on}"))
             end
           end
@@ -81,20 +92,7 @@ module Permissive
         delegate :can!, :can?, :revoke, :to => :permissions
         permission_definition = Permissive::PermissionDefinition.define(self, options, &block)
-        permission_setter = options[:on].nil? || options[:on] == :global ? 'permissions=' : "#{options[:on].to_s.singularize}_permissions="
-        class_eval <<-eoc
-          def #{permission_setter}(values)
-            values ||= []
-            if values.all? {|value| value.is_a?(String) || value.is_a?(Symbol)}
-              can!(values, :reset => true, :on => #{options[:on].inspect})
-            else
-              super(values)
-            end
-          end
-        eoc
+        permission_definition.define_methods
         # Oh that's right, it'll return an object.
         permission_definition
       end

data/lib/permissive/permission.rb CHANGED Viewed

@@ -1,7 +1,6 @@
 # This is the core permission class that Permissive uses.
 module Permissive
   class Permission < ActiveRecord::Base
-    attr_writer :grant_template, :template
     belongs_to :permitted_object, :polymorphic => true
     belongs_to :scoped_object, :polymorphic => true
     named_scope :granted, lambda {|permissions|

data/lib/permissive/permission_definition.rb CHANGED Viewed

@@ -17,6 +17,7 @@ module Permissive
       end
       def interpolate_scope(model, scope)
+        return :global if scope.to_s == 'global'
         attempted_scope = scope.to_s.singularize.classify
         model_module = model.name.to_s.split('::')
         model_module.pop
@@ -29,6 +30,7 @@ module Permissive
       end
       def normalize_scope(model, scope)
+        return :global if scope.to_s == 'global'
         scope = case scope
         when Class
           scope.name.tableize
@@ -51,6 +53,59 @@ module Permissive
       end
     end
+    def define_methods
+      permission_setter = @options[:on] == :global ? 'permissions' : "#{@options[:on].to_s.singularize}_permissions"
+      if model.instance_methods.include?("#{permission_setter}=")
+        if !model.instance_methods.include?("#{permission_setter}_with_permissive=")
+          model.class_eval <<-eoc
+            def #{permission_setter}_with_permissive=(values)
+              values ||= []
+              if values.all? {|value| value.is_a?(String) || value.is_a?(Symbol)}
+                can!(values, :reset => true, :on => #{@options[:on].inspect})
+              else
+                self.#{permission_setter}_without_permissive = values
+              end
+            end
+            # alias_method_chain "#{permission_setter}=", :permissive
+          eoc
+        end
+        model.alias_method_chain "#{permission_setter}=", :permissive
+      else
+        model.class_eval <<-eoc
+          def #{permission_setter}=(values)
+            values ||= []
+            if values.all? {|value| value.is_a?(String) || value.is_a?(Symbol)}
+              can!(values, :reset => true, :on => #{@options[:on].inspect})
+            end
+          end
+        eoc
+      end
+      if model.instance_methods.include?('role=') && !model.respond_to?(:permissive_role_defined?)
+        puts "role= defined but role_defined? is false"
+        model.class_eval do
+          def role_with_permissive=(role_name)
+            self.permissions = self.class.permissions[:global].roles[role_name.to_s.downcase.to_sym]
+            self.role_without_permissive = role_name.to_s.downcase
+          end
+        end
+        model.alias_method_chain :role=, :permissive
+      else
+        model.class_eval do
+          def role=(role_name)
+            self.permissions = self.class.permissions[:global].roles[role_name.to_s.downcase.to_sym]
+          end
+          class << self
+            def permissive_role_defined?
+              true
+            end
+            protected :permissive_role_defined?
+          end
+        end
+      end
+    end
     def initialize(model, options = {})
       options.assert_valid_keys(:on)
       @options = options
@@ -62,7 +117,8 @@ module Permissive
     end
     def on(class_name, &block)
-      Permissive::PermissionDefinition.define(model, @options.merge(:on => class_name), &block)
+      permission_definition = Permissive::PermissionDefinition.define(model, @options.merge(:on => class_name), &block)
+      permission_definition.define_methods
     end
     def permission(name, value)
@@ -82,12 +138,12 @@ module Permissive
         @role = name.to_s.to_sym
         roles[@role] ||= []
         instance_eval(&block) if block_given?
-      end
-      unless model.instance_methods.include?('role=')
-        model.class_eval do
-          def role=(role_name)
-            self.permissions = self.class.permissions[:global].roles[role_name.to_s.downcase.to_sym]
-          end
+        if model.instance_methods.include?('role') && !model.instance_methods.include?("is_#{name}?")
+          model.class_eval <<-eoc
+            def is_#{name}?
+              role == #{name.to_s.downcase.inspect}
+            end
+          eoc
         end
       end
     end

data/spec/checking_permissions_spec.rb ADDED Viewed

@@ -0,0 +1,71 @@
+require File.join(File.dirname(__FILE__), 'spec_helper')
+load File.join File.dirname(__FILE__), 'spec_models.rb'
+describe Permissive, "checking" do
+  before :each do
+    PermissiveSpecHelper.db_up
+    Permissive::User.has_permissions do
+      to :manage_games, 0
+      to :control_rides, 1
+      to :punch, 2
+    end
+    @user = Permissive::User.create
+  end
+  it "should allow permissions checks through the `can?' method" do
+    @user.can?(:manage_games).should be_false
+  end
+  it "should respond to the `can!' method" do
+    @user.should respond_to(:can!)
+  end
+  it "should allow permissions setting through the `can!' method" do
+    count = @user.permissions.count
+    @user.can!(:manage_games)
+    @user.permissions.count.should == count.next
+  end
+  it "should return correct permissions through the `can?' method" do
+    @user.can!(:manage_games)
+    @user.can?(:manage_games).should be_true
+    @user.can?(:control_rides).should be_false
+    @user.can?(:punch).should be_false
+  end
+  it "should return correct permissions on multiple requests" do
+    @user.can!(:manage_games)
+    @user.can!(:control_rides)
+    @user.can?(:manage_games, :control_rides).should be_true
+    @user.can?(:manage_games, :punch).should be_false
+    @user.can?(:control_rides, :punch).should be_false
+    @user.can?(:manage_games, :control_rides, :punch).should be_false
+  end
+  it "should revoke the correct permissions through the `revoke' method" do
+    @user.can!(:manage_games, :control_rides)
+    @user.can?(:manage_games).should be_true
+    @user.can?(:control_rides).should be_true
+    @user.revoke(:control_rides)
+    @user.can?(:control_rides).should be_false
+    @user.can?(:manage_games).should be_true
+  end
+  it "should revoke the full permissions through the `revoke' method w/an :all argument" do
+    @user.can!(:manage_games, :control_rides)
+    @user.can?(:manage_games).should be_true
+    @user.can?(:control_rides).should be_true
+    @user.revoke(:all)
+    @user.can?(:manage_games).should be_false
+    @user.can?(:control_rides).should be_false
+  end
+  it "should support a :reset option" do
+    @user.can!(:manage_games, :control_rides)
+    @user.can?(:manage_games).should be_true
+    @user.can!(:punch, :reset => true)
+    @user.can?(:manage_games).should_not be_true
+    @user.can?(:punch).should be_true
+  end
+end

data/spec/defining_permissions_spec.rb ADDED Viewed

@@ -0,0 +1,37 @@
+require File.join(File.dirname(__FILE__), 'spec_helper')
+load File.join File.dirname(__FILE__), 'spec_models.rb'
+describe Permissive, "defining permissions" do
+  before :each do
+    PermissiveSpecHelper.db_up
+  end
+  it "should require Numeric permissions" do
+    lambda {
+      Permissive::User.has_permissions { to :dance_on_the_rooftops, "Dance, bitches!" }
+    }.should raise_error(Permissive::PermissionError)
+  end
+  it "should allow me to scope permissions inside the block" do
+    Permissive::Organization.has_permissions do
+      to :hire_employees, 0
+      to :fire_employees, 1
+      on :users do
+        to :hire, 0
+        to :fire, 1
+      end
+    end
+    # Ew, lots of assertions here...
+    Permissive::Organization.permissions[:global].permissions.should have_key(:hire_employees)
+    Permissive::Organization.permissions[:global].permissions.should have_key(:fire_employees)
+    Permissive::Organization.permissions[:global].permissions.should_not have_key(:hire)
+    Permissive::Organization.permissions[:global].permissions.should_not have_key(:fire)
+    Permissive::Organization.permissions[:permissive_users].permissions.should have_key(:hire)
+    Permissive::Organization.permissions[:permissive_users].permissions.should have_key(:fire)
+    Permissive::Organization.permissions[:permissive_users].permissions.should_not have_key(:hire_employees)
+    Permissive::Organization.permissions[:permissive_users].permissions.should_not have_key(:fire_employees)
+  end
+end

data/spec/has_permissions_spec.rb CHANGED Viewed

@@ -1,347 +1,31 @@
 require File.join(File.dirname(__FILE__), 'spec_helper')
+load File.join File.dirname(__FILE__), 'spec_models.rb'
-# Setup some basic models to test with. We'll set permissions on both,
-# and then test :scope'd permissions through both.
-class Permissive::Organization < ActiveRecord::Base
-  set_table_name :permissive_organizations
-end
-class Permissive::User < ActiveRecord::Base
-  set_table_name :permissive_users
-end
-describe Permissive::Permission do
+describe Permissive, "`has_permissions' default class method" do
   before :each do
     PermissiveSpecHelper.db_up
   end
-  describe "`has_permissions' default class method" do
-    [Permissive::User, Permissive::Organization].each do |model|
-      before :each do
-        model.has_permissions do
-          on :organizations
-        end
-      end
-      describe model do
-        it "should create a permissions reflection" do
-          model.new.should respond_to(:permissions)
-        end
-        it "should create a `can?' method" do
-          model.new.should respond_to(:can?)
-        end
-        it "should create a `revoke' method" do
-          model.new.should respond_to(:revoke)
-        end
-      end
-    end
-  end
-  describe "permissions definitions" do
-    it "should require Numeric permissions" do
-      lambda {
-        Permissive::User.has_permissions { to :dance_on_the_rooftops, "Dance, bitches!" }
-      }.should raise_error(Permissive::PermissionError)
-    end
-    it "should allow me to scope permissions inside the block" do
-      Permissive::Organization.has_permissions do
-        to :hire_employees, 0
-        to :fire_employees, 1
-        on :users do
-          to :hire, 0
-          to :fire, 1
-        end
-      end
-      # Ew, lots of assertions here...
-      Permissive::Organization.permissions[:global].permissions.should have_key(:hire_employees)
-      Permissive::Organization.permissions[:global].permissions.should have_key(:fire_employees)
-      Permissive::Organization.permissions[:global].permissions.should_not have_key(:hire)
-      Permissive::Organization.permissions[:global].permissions.should_not have_key(:fire)
-      Permissive::Organization.permissions[:permissive_users].permissions.should have_key(:hire)
-      Permissive::Organization.permissions[:permissive_users].permissions.should have_key(:fire)
-      Permissive::Organization.permissions[:permissive_users].permissions.should_not have_key(:hire_employees)
-      Permissive::Organization.permissions[:permissive_users].permissions.should_not have_key(:fire_employees)
-    end
-  end
-  describe "permissions checking" do
+  [Permissive::User, Permissive::Organization].each do |model|
     before :each do
-      Permissive::User.has_permissions do
-        to :manage_games, 0
-        to :control_rides, 1
-        to :punch, 2
+      model.has_permissions do
+        on :organizations
       end
-      @user = Permissive::User.create
-    end
-    it "should allow permissions checks through the `can?' method" do
-      @user.can?(:manage_games).should be_false
-    end
-    it "should respond to the `can!' method" do
-      @user.should respond_to(:can!)
-    end
-    it "should allow permissions setting through the `can!' method" do
-      count = @user.permissions.count
-      @user.can!(:manage_games)
-      @user.permissions.count.should == count.next
     end
-    it "should return correct permissions through the `can?' method" do
-      @user.can!(:manage_games)
-      @user.can?(:manage_games).should be_true
-      @user.can?(:control_rides).should be_false
-      @user.can?(:punch).should be_false
-    end
-    it "should return correct permissions on multiple requests" do
-      @user.can!(:manage_games)
-      @user.can!(:control_rides)
-      @user.can?(:manage_games, :control_rides).should be_true
-      @user.can?(:manage_games, :punch).should be_false
-      @user.can?(:control_rides, :punch).should be_false
-      @user.can?(:manage_games, :control_rides, :punch).should be_false
-    end
-    it "should revoke the correct permissions through the `revoke' method" do
-      @user.can!(:manage_games, :control_rides)
-      @user.can?(:manage_games).should be_true
-      @user.can?(:control_rides).should be_true
-      @user.revoke(:control_rides)
-      @user.can?(:control_rides).should be_false
-      @user.can?(:manage_games).should be_true
-    end
-    it "should revoke the full permissions through the `revoke' method w/an :all argument" do
-      @user.can!(:manage_games, :control_rides)
-      @user.can?(:manage_games).should be_true
-      @user.can?(:control_rides).should be_true
-      @user.revoke(:all)
-      @user.can?(:manage_games).should be_false
-      @user.can?(:control_rides).should be_false
-    end
-    it "should support a :reset option" do
-      @user.can!(:manage_games, :control_rides)
-      @user.can?(:manage_games).should be_true
-      @user.can!(:punch, :reset => true)
-      @user.can?(:manage_games).should_not be_true
-      @user.can?(:punch).should be_true
-    end
-  end
-  describe "scoped permissions" do
-    before :each do
-      Permissive::User.has_permissions(:on => :organizations) do
-        to :manage_games, 0
-        to :control_rides, 1
-        on :users do
-          to :punch, 2
-        end
-      end
-      @user = Permissive::User.create
-      @organization = Permissive::Organization.create
-    end
-    it "should allow scoped permissions checks through the `can?' method" do
-      @user.can?(:manage_games, :on => @organization).should be_false
-    end
-    describe "on instances" do
-      it "should return correct permissions through a scoped `can?' method" do
-        @user.can!(:manage_games, :on => @organization)
-        @user.can?(:manage_games, :on => @organization).should be_true
+    describe model do
+      it "should create a permissions reflection" do
+        model.new.should respond_to(:permissions)
       end
-      it "should not respond to generic permissions on scoped permissions" do
-        @user.can!(:manage_games, :on => @organization)
-        @user.can?(:manage_games).should be_false
-        @user.can?(:manage_games, :on => @organization).should be_true
+      it "should create a `can?' method" do
+        model.new.should respond_to(:can?)
       end
-      it "should revoke the correct permissions through the `revoke' method" do
-        @user.can!(:manage_games, :control_rides, :on => @organization)
-        @user.can?(:manage_games, :on => @organization).should be_true
-        @user.can?(:control_rides, :on => @organization).should be_true
-        @user.revoke(:manage_games, :on => @organization)
-        @user.can?(:manage_games, :on => @organization).should be_false
-        @user.can?(:control_rides, :on => @organization).should be_true
-      end
-      it "should revoke the full permissions through the `revoke' method w/an :all argument" do
-        @user.can!(:punch)
-        @user.can!(:manage_games, :control_rides, :on => @organization)
-        @user.can?(:manage_games, :on => @organization).should be_true
-        @user.can?(:control_rides, :on => @organization).should be_true
-        @user.can?(:punch).should be_true
-        @user.revoke(:all, :on => @organization)
-        !@user.can?(:manage_games, :on => @organization).should be_false
-        !@user.can?(:control_rides, :on => @organization).should be_false
-        @user.can?(:punch).should be_true
+      it "should create a `revoke' method" do
+        model.new.should respond_to(:revoke)
       end
     end
-    describe "on classes" do
-      it "should ignore instance-specific permissions" do
-        @user.can!(:punch, :on => Permissive::User)
-        @user.can?(:punch, :on => Permissive::User).should be_true
-        @user.can?(:punch, :on => Permissive::User.create).should be_false
-      end
-      it "should interpolate symbols" do
-        @user.can!(:punch, :on => :users)
-        @user.can?(:punch, :on => Permissive::User).should be_true
-      end
-      it "should interpolate strings" do
-        @user.can!(:punch, :on => 'users')
-        @user.can?(:punch, :on => Permissive::User).should be_true
-      end
-      it "should forget strings if a corresponding class doesn't exist" do
-        Permissive::User.has_permissions(:on => :foobar) { to :punch, 0 }
-        @user.can!(:punch, :on => :foobar)
-        @user.can?(:punch, :on => :foobar).should be_true
-      end
-      it "should probably work with non-namespaced models, since those are standard these days" do
-        class PermissiveUser < ActiveRecord::Base
-          has_permissions do
-            to :do_stuff, 0
-            to :be_lazy, 1
-            on Permissive::Organization do
-              to :dance, 0
-              to :sing, 1
-            end
-          end
-        end
-        user = PermissiveUser.create
-        user.can!(:do_stuff)
-        user.can?(:do_stuff).should be_true
-        user.can!(:dance, :on => Permissive::Organization)
-        user.can?(:dance, :on => Permissive::Organization).should be_true
-      end
-    end
-  end
-  describe "automatic method creation" do
-    before :each do
-      Permissive::User.has_permissions(:on => :organizations)
-      @user = Permissive::User.create
-      @organization = Permissive::Organization.create
-      @user.can!(:control_rides)
-      @user.can!(:punch)
-      @user.can!(:manage_games, :on => @organization)
-    end
-    it "should not respond to invalid permission methods" do
-      lambda {
-        @user.can_control_rides_fu?
-      }.should raise_error(NoMethodError)
-    end
-    it "should cache chained methods" do
-      @user.respond_to?(:can_control_rides_and_manage_games?).should be_false
-      @user.can_control_rides_and_manage_games?.should be_false
-      @user.should respond_to(:can_control_rides_and_manage_games?)
-    end
-    it "should respond to valid permission methods" do
-      @user.can_control_rides?.should be_true
-      @user.can_punch?.should be_true
-      @user.can_manage_games?.should be_false
-    end
-    it "should respond to chained permission methods" do
-      @user.can_control_rides_and_punch?.should be_true
-      @user.can_control_rides_and_manage_games?.should be_false
-    end
-    it "should respond to scoped permission methods" do
-      @user.can_manage_games_on?(@organization).should be_true
-      @user.can_punch?(@organization).should be_false
-      ['control_rides', 'punch'].each do |permission|
-        @user.send("can_#{permission}_on?", @organization).should be_false
-      end
-    end
-    describe "for setting permissions" do
-      it "should return the permission" do
-        @user.can_manage_games!.should be_instance_of Permissive::Permission
-        @user.can_manage_games?.should be_true
-      end
-      it "should support scoping" do
-        @user.can_manage_games_in!(@organization).should be_instance_of Permissive::Permission
-        @user.can_manage_games?.should be_false
-        @user.can_manage_games_in?(@organization).should be_true
-      end
-    end
-    it "should support revoking, too" do
-      @user.can_manage_games!
-      @user.can_manage_games?.should be_true
-      @user.cannot_manage_games!
-      @user.can_manage_games?.should be_false
-    end
-  end
-  describe "roles" do
-    before :each do
-      Permissive::User.has_permissions do
-        to :hire_employees, 0
-        to :manage_games, 1
-        to :control_rides, 2
-        role :games do
-          can :manage_games
-        end
-        role :rides do
-          can :control_rides
-        end
-      end
-    end
-    it "should provide a `roles` hash" do
-      Permissive::User.permissions[:global].roles[:games].should == [:manage_games]
-      Permissive::User.permissions[:global].roles[:rides].should == [:control_rides]
-    end
-    it "should accept multiple roles" do
-      Permissive::User.has_permissions do
-        to :fight, 0
-        to :flee, 1
-        to :urinate, 2
-        role(:normie, :hero) { can :fight }
-        role(:coward, :normie) { can :flee, :urinate }
-      end
-      Permissive::User.permissions[:global].roles[:normie].should == [:fight, :flee, :urinate]
-      Permissive::User.permissions[:global].roles[:hero].should == [:fight]
-      Permissive::User.permissions[:global].roles[:coward].should == [:flee, :urinate]
-    end
-    it "should allow me to assign a role" do
-      @james = Permissive::User.create!
-      @james.should respond_to(:role=)
-      @james.role = 'rides'
-      @james.can_control_rides?.should be_true
-      @james.can_manage_games?.should be_false
-    end
   end
 end

data/spec/metaprogramming_spec.rb ADDED Viewed

@@ -0,0 +1,75 @@
+require File.join(File.dirname(__FILE__), 'spec_helper')
+load File.join File.dirname(__FILE__), 'spec_models.rb'
+describe Permissive, "automatic method creation" do
+  before :each do
+    PermissiveSpecHelper.db_up
+    Permissive::User.has_permissions do
+      to :manage_games, 0
+      to :control_rides, 1
+      to :punch, 2
+    end
+    Permissive::User.has_permissions(:on => :organizations) do
+      to :punch, 0
+    end
+    @user = Permissive::User.create
+    @organization = Permissive::Organization.create
+    @user.can!(:control_rides)
+    @user.can!(:punch)
+    @user.can!(:manage_games, :on => @organization)
+  end
+  it "should not respond to invalid permission methods" do
+    lambda {
+      @user.can_control_rides_fu?
+      }.should raise_error(NoMethodError)
+    end
+    it "should cache chained methods" do
+      @user.respond_to?(:can_control_rides_and_manage_games?).should be_false
+      @user.can_control_rides_and_manage_games?.should be_false
+      @user.should respond_to(:can_control_rides_and_manage_games?)
+    end
+    it "should respond to valid permission methods" do
+      @user.can_control_rides?.should be_true
+      @user.can_punch?.should be_true
+      @user.can_manage_games?.should be_false
+    end
+    it "should respond to chained permission methods" do
+      @user.can_control_rides_and_punch?.should be_true
+      @user.can_control_rides_and_manage_games?.should be_false
+    end
+    it "should respond to scoped permission methods" do
+      @user.can_manage_games_on?(@organization).should be_true
+      @user.can_punch?(@organization).should be_false
+      ['control_rides', 'punch'].each do |permission|
+        @user.send("can_#{permission}_on?", @organization).should be_false
+      end
+    end
+    describe "for setting permissions" do
+      it "should return the permission" do
+        @user.can_manage_games!.should be_instance_of Permissive::Permission
+        @user.can_manage_games?.should be_true
+      end
+      it "should support scoping" do
+        @user.can_manage_games_in!(@organization).should be_instance_of Permissive::Permission
+        @user.can_manage_games?.should be_false
+        @user.can_manage_games_in?(@organization).should be_true
+      end
+    end
+    it "should support revoking, too" do
+      @user.can_manage_games!
+      @user.can_manage_games?.should be_true
+      @user.cannot_manage_games!
+      @user.can_manage_games?.should be_false
+    end
+  end

data/spec/roles_spec.rb ADDED Viewed

@@ -0,0 +1,64 @@
+require File.join(File.dirname(__FILE__), 'spec_helper')
+load File.join File.dirname(__FILE__), 'spec_models.rb'
+describe Permissive, "roles" do
+  before :each do
+    PermissiveSpecHelper.db_up
+  end
+  describe "basics" do
+    before :each do
+      Permissive::User.has_permissions do
+        to :hire_employees, 0
+        to :manage_games, 1
+        to :control_rides, 2
+        role :games do
+          can :manage_games
+        end
+        role :rides do
+          can :control_rides
+        end
+      end
+    end
+    it "should provide a `roles` hash" do
+      Permissive::User.permissions[:global].roles[:games].should == [:manage_games]
+      Permissive::User.permissions[:global].roles[:rides].should == [:control_rides]
+    end
+    it "should allow me to assign a role" do
+      @james = Permissive::User.create!
+      @james.should respond_to(:role=)
+      @james.role = 'rides'
+      @james.can_control_rides?.should be_true
+      @james.can_manage_games?.should be_false
+    end
+  end
+  describe "multiple role definitions" do
+    before :each do
+      Permissive::User.has_permissions do
+        to :fight, 0
+        to :flee, 1
+        to :urinate, 2
+        role(:normie, :hero) { can :fight }
+        role(:coward, :normie) { can :flee, :urinate }
+      end
+    end
+    it "should contain the various permissions" do
+      Permissive::User.permissions[:global].roles[:normie].should == [:fight, :flee, :urinate]
+      Permissive::User.permissions[:global].roles[:hero].should == [:fight]
+      Permissive::User.permissions[:global].roles[:coward].should == [:flee, :urinate]
+    end
+    it "should assign the correct permissions" do
+      user = Permissive::User.create!(:role => 'hero')
+      user.can?(:fight).should be_true
+      user.can?(:flee).should be_false
+    end
+  end
+end

data/spec/scoping_permissions_spec.rb ADDED Viewed

@@ -0,0 +1,117 @@
+require File.join File.dirname(__FILE__), 'spec_helper'
+load File.join File.dirname(__FILE__), 'spec_models.rb'
+describe Permissive, "scoped permissions" do
+  before :each do
+    PermissiveSpecHelper.db_up
+    Permissive::User.has_permissions(:on => :organizations) do
+      to :manage_games, 0
+      to :control_rides, 1
+      on :users do
+        to :punch, 2
+      end
+    end
+    @user = Permissive::User.create
+    @organization = Permissive::Organization.create
+  end
+  it "should allow scoped permissions checks through the `can?' method" do
+    @user.can?(:manage_games, :on => @organization).should be_false
+  end
+  describe "on instances" do
+    it "should return correct permissions through a scoped `can?' method" do
+      @user.can!(:manage_games, :on => @organization)
+      @user.can?(:manage_games, :on => @organization).should be_true
+    end
+    it "should not respond to generic permissions on scoped permissions" do
+      @user.can!(:manage_games, :on => @organization)
+      @user.can?(:manage_games).should be_false
+      @user.can?(:manage_games, :on => @organization).should be_true
+    end
+    it "should revoke the correct permissions through the `revoke' method" do
+      @user.can!(:manage_games, :control_rides, :on => @organization)
+      @user.can?(:manage_games, :on => @organization).should be_true
+      @user.can?(:control_rides, :on => @organization).should be_true
+      @user.revoke(:manage_games, :on => @organization)
+      @user.can?(:manage_games, :on => @organization).should be_false
+      @user.can?(:control_rides, :on => @organization).should be_true
+    end
+    it "should revoke the full permissions through the `revoke' method w/an :all argument" do
+      user = Permissive::User.create
+      @user.can!(:punch, :on => user)
+      @user.can!(:manage_games, :control_rides, :on => @organization)
+      @user.can?(:manage_games, :on => @organization).should be_true
+      @user.can?(:control_rides, :on => @organization).should be_true
+      @user.can?(:punch, :on => user).should be_true
+      @user.revoke(:all)
+      @user.can?(:manage_games, :on => @organization).should be_false
+      @user.can?(:control_rides, :on => @organization).should be_false
+      @user.can?(:punch, :on => user).should be_false
+    end
+    it "should revoke scoped permissions through the `revoke' method w/:on and :all arguments" do
+      user = Permissive::User.create
+      @user.can!(:punch, :on => user)
+      @user.can!(:manage_games, :control_rides, :on => @organization)
+      @user.can?(:manage_games, :on => @organization).should be_true
+      @user.can?(:control_rides, :on => @organization).should be_true
+      @user.can?(:punch, :on => user).should be_true
+      @user.revoke(:all, :on => @organization)
+      @user.can?(:manage_games, :on => @organization).should be_false
+      @user.can?(:control_rides, :on => @organization).should be_false
+      @user.can?(:punch, :on => user).should be_true
+    end
+  end
+  describe "on classes" do
+    it "should ignore instance-specific permissions" do
+      @user.can!(:punch, :on => Permissive::User)
+      @user.can?(:punch, :on => Permissive::User).should be_true
+      @user.can?(:punch, :on => Permissive::User.create).should be_false
+    end
+    it "should interpolate symbols" do
+      @user.can!(:punch, :on => :users)
+      @user.can?(:punch, :on => Permissive::User).should be_true
+    end
+    it "should interpolate strings" do
+      @user.can!(:punch, :on => 'users')
+      @user.can?(:punch, :on => Permissive::User).should be_true
+    end
+    it "should forget strings if a corresponding class doesn't exist" do
+      Permissive::User.has_permissions(:on => :foobar) { to :punch, 0 }
+      @user.can!(:punch, :on => :foobar)
+      @user.can?(:punch, :on => :foobar).should be_true
+    end
+    it "should probably work with non-namespaced models, since those are standard these days" do
+      class PermissiveUser < ActiveRecord::Base
+        has_permissions do
+          to :do_stuff, 0
+          to :be_lazy, 1
+          on Permissive::Organization do
+            to :dance, 0
+            to :sing, 1
+          end
+        end
+      end
+      user = PermissiveUser.create
+      user.can!(:do_stuff)
+      user.can?(:do_stuff).should be_true
+      user.can!(:dance, :on => Permissive::Organization)
+      user.can?(:dance, :on => Permissive::Organization).should be_true
+      user.can?(:sing, :in => Permissive::Organization).should be_false
+    end
+  end
+end

data/spec/spec_helper.rb CHANGED Viewed

@@ -1,6 +1,6 @@
 require 'rubygems'
 require 'active_record'
-require 'permissive'
+require File.join File.dirname(__FILE__), '..', 'lib', 'permissive'
 module PermissiveSpecHelper
   def self.clear_log
@@ -16,6 +16,10 @@ module PermissiveSpecHelper
         create_table :permissive_users, :force => true do |t|
           t.timestamps
         end
+        create_table :permissive_users_with_roles, :force => true do |t|
+          t.string :role
+          t.timestamps
+        end
         create_table :permissive_organizations, :force => true do |t|
           t.timestamps
         end
@@ -31,9 +35,10 @@ module PermissiveSpecHelper
   end
   def self.log_path
-    File.join(File.dirname(__FILE__), 'spec.log')
+    @log_path ||= File.join(File.dirname(__FILE__), 'spec.log')
   end
 end
 # Setup the logging
+PermissiveSpecHelper.clear_log
 ActiveRecord::Base.logger = Logger.new(PermissiveSpecHelper.log_path)

data/spec/spec_models.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# Setup some basic models to test with. We'll set permissions on both,
+# and then test :scope'd permissions through both.
+class Permissive::Organization < ActiveRecord::Base
+  set_table_name :permissive_organizations
+end
+class Permissive::User < ActiveRecord::Base
+  set_table_name :permissive_users
+end
+class UserWithRole < ActiveRecord::Base
+  set_table_name :permissive_users_with_roles
+end

metadata CHANGED Viewed

@@ -5,9 +5,9 @@ version: !ruby/object:Gem::Version
   segments:
   - 0
   - 2
-  - 2
+  - 4
   - alpha
-  version: 0.2.2.alpha
+  version: 0.2.4.alpha
 platform: ruby
 authors:
 - Flip Sasser
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2010-04-19 00:00:00 -04:00
+date: 2010-04-20 00:00:00 -04:00
 default_executable:
 dependencies: []
@@ -85,5 +85,11 @@ signing_key:
 specification_version: 3
 summary: Permissive gives your ActiveRecord models granular permission support
 test_files:
+- spec/checking_permissions_spec.rb
+- spec/defining_permissions_spec.rb
 - spec/has_permissions_spec.rb
+- spec/metaprogramming_spec.rb
+- spec/roles_spec.rb
+- spec/scoping_permissions_spec.rb
 - spec/spec_helper.rb
+- spec/spec_models.rb