permitter 0.0.1

data/lib/permitter/exceptions.rb

@@ -0,0 +1,17 @@
+module Permitter
+  class Unauthorized < StandardError
+    attr_reader :action, :subject
+    attr_writer :default_message
+
+    def initialize(message = nil, action = nil, subject = nil)
+      @message = message
+      @action = action
+      @subject = subject
+      @default_message = "You are not authorized to access this page."
+    end
+
+    def to_s
+      @message || @default_message
+    end
+  end
+end

data/lib/permitter/matchers.rb

@@ -0,0 +1,11 @@
+RSpec::Matchers.define :allow_action do |*args|
+  match do |permission|
+    expect(permission.allowed_action?(*args)).to be true
+  end
+end
+
+RSpec::Matchers.define :allow_param do |*args|
+  match do |permission|
+    expect(permission.allowed_param?(*args)).to be true
+  end
+end

data/lib/permitter/model_additions.rb

@@ -0,0 +1,30 @@
+module Permitter
+  module ModelAdditions
+    extend ActiveSupport::Concern
+
+    included do
+      require 'squeel'
+    end
+
+    module ClassMethods
+
+      def permitted_by(permissions, action = :show)
+        status = permissions.allow_all? ? true : permissions.allowed_action(self.table_name, action)
+
+        if status.class == Proc
+          where(&status)
+        else
+          status ? all : none
+        end
+
+      end
+
+    end
+  end
+end
+
+if defined? ActiveRecord::Base
+  ActiveRecord::Base.class_eval do
+    include Permitter::ModelAdditions
+  end
+end

data/lib/permitter/permission.rb

@@ -0,0 +1,72 @@
+module Permitter
+  module Permission
+
+    def allowed_action?(controller, action, resource = nil)
+      if allow_all?
+        true
+      elsif @allowed_actions
+        allowed = @allowed_actions[[controller.to_s, action.to_s]]
+        (allowed && (allowed == true || resource && allowed.call(resource))) == true
+      else
+        false
+      end
+    end
+
+    def allowed_param?(resource, attribute)
+      if allow_all?
+        true
+      elsif @allowed_params && @allowed_params[resource]
+        @allowed_params[resource].include? attribute
+      else
+        false
+      end
+    end
+
+    def allowed_action(controller, action)
+      if @allowed_actions
+        @allowed_actions[[controller.to_s, action.to_s]]
+      end
+    end
+
+    def allow_action(controllers, actions, &block)
+      @allowed_actions ||= {}
+      Array(controllers).flatten.each do |controller|
+        Array(actions).flatten.each do |action|
+          @allowed_actions[[controller.to_s, action.to_s]] = block || true
+        end
+      end
+    end
+
+    def allow_param(resources, attributes)
+      @allowed_params ||= {}
+      resource_array = Array(resources).flatten
+      attribute_array = Array(attributes).flatten
+
+      resource_array.each do |resource|
+        @allowed_params[resource] ||= []
+        @allowed_params[resource] += attribute_array
+      end
+    end
+
+    def allow_all
+      @allow_all = true
+    end
+
+    def allow_all?
+      @allow_all ||= false
+    end
+
+    def permit_params!(params)
+      if @allow_all
+        params.permit!
+      elsif @allowed_params
+        @allowed_params.each do |resource, attributes|
+          if params[resource].respond_to? :permit
+            params[resource] = params[resource].permit(*attributes)
+          end
+        end
+      end
+    end
+
+  end
+end

data/lib/permitter/version.rb

@@ -0,0 +1,3 @@
+module Permitter
+  VERSION = "0.0.1"
+end

data/spec/README.rdoc

@@ -0,0 +1,21 @@
+= Permitter Specs
+
+== Running the specs
+
+To run the specs first run the +bundle+ command to install the necessary gems.
+
+  bundle
+
+Then the migrations for the dummy app must be run. Move to the dummy app root and run the migrations.
+
+  cd spec/dummy
+  rake db:migrate
+  rake test:prepare
+  cd ../..
+
+Finally, from the root of the gem, run the +rake+ command to run the specs.
+
+  rake
+
+The specs currently require Ruby >= 1.9.3
+They may or may not work with other Ruby versions.

data/spec/controllers/projects_controller_spec.rb

@@ -0,0 +1,243 @@
+require "spec_helper"
+
+describe ProjectsController do
+  before { @controller.stub(:current_user) { nil } }
+  let(:user)  { build(:user) }
+  let(:user1) { create(:user) }
+  let(:user2) { create(:user) }
+  let(:admin) { build(:admin) }
+  let(:project)  { create(:project) }
+  let(:project1) { create(:project, user: user1) }
+  let(:project2) { create(:project, user: user2) }
+
+  describe "GET #index" do
+    before { get :index }
+
+    it "responds successfully" do
+      expect(response).to be_success
+      expect(response.status).to eq(200)
+    end
+
+    it "renders the index template" do
+      expect(response).to render_template("index")
+    end
+
+    it "loads all of the projects into @projects" do
+      expect(assigns(:projects)).to eq(Project.all)
+    end
+  end
+
+
+  describe "GET #show" do
+    before do
+      unless example.metadata[:skip_before]
+        @controller.stub(:current_user) { user }
+        get :show, id: project.id
+      end
+    end
+
+    it "responds unsuccessfully if user not signed in", skip_before: true do
+      get :show, id: project.id
+      expect(response).to_not be_success
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(projects_url)
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds successfully if user signed in" do
+      expect(response).to be_success
+      expect(response.status).to eq(200)
+    end
+
+    it "renders the show template" do
+      expect(response).to render_template("show")
+    end
+
+    it "loads the project into @project" do
+      expect(assigns(:project)).to eq(project)
+    end
+  end
+
+
+  describe "GET #new" do
+    before do
+      unless example.metadata[:skip_before]
+        @controller.stub(:current_user) { user }
+        get :new
+      end
+    end
+
+    it "responds unsuccessfully if user not signed in", skip_before: true do
+      get :new
+      expect(response).to_not be_success
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(projects_url)
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds successfully if user signed in" do
+      expect(response).to be_success
+      expect(response.status).to eq(200)
+    end
+
+    it "renders the new template" do
+      expect(response).to render_template("new")
+    end
+
+    it "builds a new project into @project" do
+      expect(assigns(:project)).to be_a_new(Project)
+    end
+  end
+
+
+  describe "POST #create" do
+    let(:title)  { 'Title' }
+    let(:sticky) { true }
+    before do
+      unless example.metadata[:skip_before]
+        @controller.stub(:current_user) { user }
+        post :create, project: {title: title, sticky: sticky}
+      end
+    end
+
+    it "responds unsuccessfully if user not signed in", skip_before: true do
+      post :create
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(projects_url)
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds successfully if user signed in" do
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(project_url(assigns(:project)))
+      expect(flash.notice).to eq("Project was successfully created.")
+    end
+
+    it "creates a new project" do
+      expect(assigns(:project)).to eq(Project.last)
+    end
+
+    it "does not assign sticky variable" do
+      expect(assigns(:project).title).to eq(title)
+      expect(assigns(:project).sticky).to be_nil
+    end
+  end
+
+
+  describe "GET #edit" do
+    before do
+      unless example.metadata[:skip_before]
+        @controller.stub(:current_user) { user1 }
+        get :edit, id: project1.id
+      end
+    end
+
+    it "responds unsuccessfully if user not signed in", skip_before: true do
+      get :edit, id: project.id
+      expect(response).to_not be_success
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(projects_url)
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds unsuccessfully if user not associated with project", skip_before: true do
+      @controller.stub(:current_user) { user1 }
+      get :edit, id: project2.id
+      expect(response).to_not be_success
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(projects_url)
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds successfully if user associated with project" do
+      expect(response.status).to eq(200)
+    end
+
+    it "renders the edit template" do
+      expect(response).to render_template("edit")
+    end
+
+    it "loads the project into @project" do
+      expect(assigns(:project)).to eq(project1)
+    end
+  end
+
+
+  describe "PATCH #update" do
+    let(:title) { 'Updated Title' }
+    let(:sticky) { true }
+
+    before do
+      unless example.metadata[:skip_before]
+        @controller.stub(:current_user) { user1 }
+        @original_title = project1.title
+        @original_sticky = project1.sticky
+        patch :update, id: project1.id, project: {title: title, sticky: sticky}
+      end
+    end
+
+    it "responds unsuccessfully if user not signed in", skip_before: true do
+      patch :update, id: project.id
+      expect(response).to_not be_success
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(projects_url)
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds unsuccessfully if user not associated with project", skip_before: true do
+      @controller.stub(:current_user) { user1 }
+      patch :update, id: project2.id
+      expect(response).to_not be_success
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(projects_url)
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds successfully if user associated with project" do
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(project_url(assigns(:project)))
+      expect(flash.notice).to eq("Project was successfully updated.")
+    end
+
+    it "updates a project" do
+      expect(assigns(:project).title).to eq(title)
+      expect(assigns(:project).title).to_not eq(@original_title)
+    end
+
+    it "does not update sticky" do
+      expect(assigns(:project).sticky).to eq(@original_sticky)
+      expect(assigns(:project).sticky).to_not eq(sticky)
+    end
+  end
+
+
+  describe "DELETE #destroy" do
+
+    it "responds unsuccessfully if user not signed in" do
+      delete :destroy, id: project.id
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds unsuccessfully if user not an admin" do
+      @controller.stub(:current_user) { user1 }
+      delete :destroy, id: project1.id
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds successfully if user an admin" do
+      @controller.stub(:current_user) { admin }
+      delete :destroy, id: project.id
+      expect(flash.alert).to be nil
+    end
+
+    it "destroys a project" do
+      expect(Project.all).to include(project)
+
+      @controller.stub(:current_user) { admin }
+      delete :destroy, id: project.id
+      expect(Project.all).to_not include(project)
+    end
+  end
+
+
+end

data/spec/controllers/users_controller_spec.rb

@@ -0,0 +1,77 @@
+require "spec_helper"
+
+describe UsersController do
+  let(:user)  { create(:user) }
+  let(:admin) { create(:admin) }
+
+  describe "GET #index" do
+    before do
+      unless example.metadata[:skip_before]
+        @controller.stub(:current_user) { user }
+        get :index
+      end
+    end
+
+    it "responds successfully" do
+      expect(response).to be_success
+      expect(response.status).to eq(200)
+    end
+
+    it "renders the index template" do
+      expect(response).to render_template("index")
+    end
+
+    it "loads all of the users into @projects if admin", skip_before: true do
+      @controller.stub(:current_user) { admin }
+      get :index
+      expect(assigns(:users)).to eq(User.all)
+    end
+
+    it "loads only current user into @projects if not admin" do
+      expect(assigns(:users)).to eq([user])
+    end
+
+  end
+
+
+  describe "GET #show" do
+    before do
+      unless example.metadata[:skip_before]
+        @controller.stub(:current_user) { user }
+        get :show, id: user.id
+      end
+    end
+
+    it "responds unsuccessfully if user not signed in", skip_before: true do
+      @controller.stub(:current_user) { nil }
+      get :show, id: user.id
+      expect(response).to_not be_success
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(projects_url)
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds unsuccessfully if user signed in and not current user", skip_before: true do
+      @controller.stub(:current_user) { user }
+      get :show, id: admin.id
+      expect(response).to_not be_success
+      expect(response.status).to eq(302)
+      expect(response).to redirect_to(projects_url)
+      expect(flash.alert).to eq("You are not authorized to access this page.")
+    end
+
+    it "responds successfully if user signed in and current user" do
+      expect(response).to be_success
+      expect(response.status).to eq(200)
+    end
+
+    it "renders the show template" do
+      expect(response).to render_template("show")
+    end
+
+    it "loads the user into @user" do
+      expect(assigns(:user)).to eq(user)
+    end
+  end
+
+end