protector 0.6.4 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 06ef70fc6fb353ebf794e6386d1f071f5561bf01
-  data.tar.gz: e566043d18cb952d1eff71144afaa1f50d7b2657
+  metadata.gz: 6b6f32b7d79bf2d7f9780574d4dbb40c561713ea
+  data.tar.gz: 9bbcc88df9a26dddaed4703eba2b07ae314cff05
 SHA512:
-  metadata.gz: 89d14e47526fbbe0b59f63467188db88ac0d7a02729370da0ff07a4938cd43c47d7fee7639cbd429f09a9020f5a93af5ac50d700414c178feb80f93197918fe8
-  data.tar.gz: 2e82a2ce1327e8f5573d7321ac481a2054850ddce6d5fde687362cda6525da3b31317cf23423ffea86d5116c1dff981e15c335d371086eedff033857276af679
+  metadata.gz: 4bc5bcb7599dfaa7befa6340290d9aa329e98cb967cfbcfa6e122c6c7ca24ed944d3ca4fc42293d67ccb135be0210f0707f39c84463b2e37f4b54ccf5042d396
+  data.tar.gz: 3229c4cb23b9eaf637247d83297b1f6bddd515dd15ea2f30e3db9e747dac6e35d629eb40e69a188d9667d2f150710db8656d453ec16de36bfb4e0d4be928de13

data/.rubocop.yml

@@ -0,0 +1,26 @@
+AllCops:
+  Excludes:
+    - spec/**
+    - perf/**
+    - migrations/**
+
+LineLength:
+  Enabled: false
+
+SpaceAroundEqualsInParameterDefault:
+  Enabled: false
+
+Documentation:
+  Enabled: false
+
+MethodLength:
+  Enabled: false
+
+ClassLength:
+  Enabled: false
+
+TrivialAccessors:
+  ExactNameMatch: true
+
+ParameterLists:
+  Max: 6

data/Appraisals

@@ -9,14 +9,14 @@ appraise "AR_4" do
 end
 
 appraise "Rails_3.2" do
-  gem "combustion", github: 'pat/combustion'
+  gem "combustion", github: "pat/combustion", ref: "50a946b5a7ab3d9249f0e5fcebbb73488a91b1e5"
   gem "rails", "3.2.13"
   gem "strong_parameters"
   gem "activerecord-jdbcsqlite3-adapter", platform: :jruby, github: "jruby/activerecord-jdbc-adapter"
 end
 
 appraise "Rails_4" do
-  gem "combustion", github: 'pat/combustion'
+  gem "combustion", github: "pat/combustion", ref: "50a946b5a7ab3d9249f0e5fcebbb73488a91b1e5"
   gem "rails", "4.0.0"
   gem "activerecord-jdbcsqlite3-adapter", platform: :jruby, github: "jruby/activerecord-jdbc-adapter"
 end

data/README.md

@@ -21,6 +21,7 @@ We are working hard to extend the list with:
 Protector is an extension and therefore hides deeply inside your ORM library making itself compatible to the most gems you use. Sometimes however, you might need additional integration to take the best from it:
 
   * [Protector and Strong Parameters](https://github.com/inossidabile/protector/wiki/Protector-and-Strong-Parameters)
+  * [Protector and InheritedResources](https://github.com/inossidabile/protector/wiki/Protector-and-Inherited-Resources)
   * [Protector and CanCan](https://github.com/inossidabile/protector/wiki/Protector-and-CanCan)
   * [Protector and SimpleForm](https://github.com/inossidabile/protector/wiki/Protector-and-SimpleForm)
 
@@ -39,16 +40,16 @@ class Article < ActiveRecord::Base          # Fields: title, text, user_id, hidd
     if user.admin?
       scope { all }                         # Admins can retrieve anything
 
-      can :view                             # ... and view anything
+      can :read                             # ... and view anything
       can :create                           # ... and create anything
       can :update                           # ... and update anything
       can :destroy                          # ... and they can delete
     else
       scope { where(hidden: false) }        # Non-admins can only read insecure data
 
-      can :view                             # Allow to read any field
+      can :read                             # Allow to read any field
       if user.nil?                          # User is unknown and therefore not authenticated
-        cannot :view, :text                 # Guests can't read the text
+        cannot :read, :text                 # Guests can't read the text
       end
 
       can :create, %w(title text)           # Non-admins can't set `hidden` flag
@@ -145,7 +146,7 @@ Each restricted model responds to the following methods:
 * `updatable?` – determines if you pass validation on update with the fields you changed
 * `destroyable?` – determines if you can destroy the model
 
-In fact Protector does not limit you to `:view`, `:update` and `:create` actions. They are just used internally. You however can define any other to make custom roles and restrictions. All of them are able to work on a field level.
+In fact Protector does not limit you to `:read`, `:update` and `:create` actions. They are just used internally. You however can define any other to make custom roles and restrictions. All of them are able to work on a field level.
 
 ```ruby
 protect do
@@ -230,3 +231,5 @@ Protector features basic Rails integration so you can assign options using `conf
 ## License
 
 It is free software, and may be redistributed under the terms of MIT license.
+
+[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/inossidabile/protector/trend.png)](https://bitdeli.com/free "Bitdeli Badge")

data/lib/protector.rb

@@ -1,12 +1,12 @@
-require "active_support/all"
-require "i18n"
+require 'active_support/all'
+require 'i18n'
 
-require "protector/version"
-require "protector/dsl"
-require "protector/adapters/active_record"
-require "protector/adapters/sequel"
+require 'protector/version'
+require 'protector/dsl'
+require 'protector/adapters/active_record'
+require 'protector/adapters/sequel'
 
-require "protector/engine" if defined?(Rails)
+require 'protector/engine' if defined?(Rails)
 
 I18n.load_path += Dir[File.expand_path File.join('..', 'locales', '*.yml'), File.dirname(__FILE__)]
 
@@ -20,7 +20,7 @@ module Protector
     attr_accessor :config
 
     def paranoid=
-      "`Protector.paranoid = ...` is deprecated! Please change it to `Protector.config.paranoid = ...`"
+      '`Protector.paranoid = ...` is deprecated! Please change it to `Protector.config.paranoid = ...`'
     end
 
     # Allows executing any code having Protector globally disabled
@@ -39,21 +39,22 @@ module Protector
     end
 
     def activate!
-      ADAPTERS.each{|adapter| adapter.activate!}
+      ADAPTERS.each { |adapter| adapter.activate! }
     end
   end
 
+  # Internal protector config holder
   class Config < ActiveSupport::OrderedOptions
     def paranoid?
       !!paranoid
     end
 
     def strong_parameters?
-      strong_parameters == nil || !!strong_parameters
+      strong_parameters.nil? || !!strong_parameters
     end
   end
 
   self.config = Config.new
 end
 
-Protector.activate!
+Protector.activate!

data/lib/protector/adapters/active_record.rb

@@ -30,12 +30,14 @@ module Protector
       end
 
       def self.null_proc
+        # rubocop:disable IndentationWidth, EndAlignment
         @null_proc ||= if modern?
-          Proc.new{ none }
+          proc { none }
         else
-          Proc.new{ where("1=0") }
+          proc { where('1=0') }
         end
+        # rubocop:enable IndentationWidth, EndAlignment
       end
     end
   end
-end
+end

data/lib/protector/adapters/active_record/association.rb

@@ -10,8 +10,8 @@ module Protector
           if method_defined?(:scope)
             alias_method_chain :scope, :protector
           else
-            alias_method "scope_without_protector", "scoped"
-            alias_method "scoped", "scope_with_protector"
+            alias_method 'scope_without_protector', 'scoped'
+            alias_method 'scoped', 'scope_with_protector'
           end
         end
 
@@ -24,4 +24,4 @@ module Protector
       end
     end
   end
-end
+end

data/lib/protector/adapters/active_record/base.rb

@@ -36,19 +36,20 @@ module Protector
             super
           end
 
-          unless Protector::Adapters::ActiveRecord.modern?
+          if !Protector::Adapters::ActiveRecord.modern?
             def self.restrict!(*args)
-              scoped.restrict! *args
+              scoped.restrict!(*args)
             end
           else
             def self.restrict!(*args)
-              all.restrict! *args
+              all.restrict!(*args)
             end
           end
 
           def [](name)
+            # rubocop:disable ParenthesesAroundCondition
             if (
-              !protector_subject? || 
+              !protector_subject? ||
               name == self.class.primary_key ||
               (self.class.primary_key.is_a?(Array) && self.class.primary_key.include?(name)) ||
               protector_meta.readable?(name)
@@ -57,6 +58,7 @@ module Protector
             else
               nil
             end
+            # rubocop:enable ParenthesesAroundCondition
           end
         end
 
@@ -64,7 +66,7 @@ module Protector
           # Storage of {Protector::DSL::Meta}
           def protector_meta
             @protector_meta ||= Protector::DSL::Meta.new(Protector::Adapters::ActiveRecord, self) do
-              self.column_names
+              column_names
             end
           end
 
@@ -73,7 +75,7 @@ module Protector
             super
 
             # Show some <3 to composite primary keys
-            unless (primary_key == name || Array(primary_key).include?(name))
+            unless primary_key == name || Array(primary_key).include?(name)
               generated_attribute_methods.module_eval <<-STR, __FILE__, __LINE__ + 1
                 alias_method #{"#{name}_unprotected".inspect}, #{name.inspect}
 
@@ -91,7 +93,7 @@ module Protector
 
         # Gathers real changed values bypassing restrictions
         def protector_changed
-          HashWithIndifferentAccess[changed.map{|field| [field, read_attribute(field)]}]
+          HashWithIndifferentAccess[changed.map { |field| [field, read_attribute(field)] }]
         end
 
         # Storage for {Protector::DSL::Meta::Box}
@@ -129,4 +131,4 @@ module Protector
       end
     end
   end
-end
+end

data/lib/protector/adapters/active_record/preloader.rb

@@ -11,8 +11,8 @@ module Protector
             if method_defined?(:scope)
               alias_method_chain :scope, :protector
             else
-              alias_method "scope_without_protector", "scoped"
-              alias_method "scoped", "scope_with_protector"
+              alias_method 'scope_without_protector', 'scoped'
+              alias_method 'scoped', 'scope_with_protector'
             end
           end
 
@@ -39,4 +39,4 @@ module Protector
       end
     end
   end
-end
+end

data/lib/protector/adapters/active_record/relation.rb

@@ -32,6 +32,10 @@ module Protector
           new.creatable?
         end
 
+        def can?(action, field=false)
+          protector_meta.can?(action, field)
+        end
+
         # Gets {Protector::DSL::Meta::Box} of this relation
         def protector_meta(subject=protector_subject)
           @klass.protector_meta.evaluate(subject)
@@ -70,13 +74,13 @@ module Protector
         # Merges current relation with restriction and calls real `calculate`
         def calculate(*args)
           return super unless protector_subject?
-          protector_relation.unrestrict!.calculate *args
+          protector_relation.unrestrict!.calculate(*args)
         end
 
         # Merges current relation with restriction and calls real `exists?`
         def exists?(*args)
           return super unless protector_subject?
-          protector_relation.unrestrict!.exists? *args
+          protector_relation.unrestrict!.exists?(*args)
         end
 
         # Forwards protection subject to the new instance
@@ -85,7 +89,7 @@ module Protector
 
           # strong_parameters integration
           if Protector.config.strong_parameters? && args.first.respond_to?(:permit)
-            Protector::ActiveRecord::StrongParameters::sanitize! args, true, protector_meta
+            Protector::ActiveRecord::StrongParameters.sanitize! args, true, protector_meta
           end
 
           new_without_protector(*args, &block).restrict!(protector_subject)
@@ -128,7 +132,7 @@ module Protector
           # ourselves respecting security scopes FTW!
           associations, relation.preload_values = relation.preload_values, []
 
-          @records = relation.send(:exec_queries).each{|record| record.restrict!(subject)}
+          @records = relation.send(:exec_queries).each { |record| record.restrict!(subject) }
 
           # Now we have @records restricted properly so let's preload associations!
           associations.each do |association|
@@ -210,13 +214,13 @@ module Protector
           results
         end
 
-      private
+        private
 
         def protector_expand_inclusion_hash(inclusion, results=[], base=[], klass=@klass)
           inclusion.each do |key, value|
             model = klass.reflect_on_association(key.to_sym).klass
             value = [value] unless value.is_a?(Array)
-            nest  = [key]+base
+            nest  = [key] + base
 
             value.each do |v|
               if v.is_a?(Hash)
@@ -224,15 +228,15 @@ module Protector
               else
                 results << [
                   model.reflect_on_association(v.to_sym).klass,
-                  nest.inject(v){|a, n| { n => a } }
+                  nest.reduce(v) { |a, n| { n => a } }
                 ]
               end
             end
 
-            results << [model, base.inject(key){|a, n| { n => a } }]
+            results << [model, base.reduce(key) { |a, n| { n => a } }]
           end
         end
       end
     end
   end
-end
+end

data/lib/protector/adapters/active_record/strong_parameters.rb

@@ -3,9 +3,9 @@ module Protector
     module StrongParameters
       def self.sanitize!(args, is_new, meta)
         if is_new
-          args[0] = args[0].permit *meta.access[:create].keys if meta.access.include? :create
+          args[0] = args[0].permit(*meta.access[:create].keys) if meta.access.include? :create
         else
-          args[0] = args[0].permit *meta.access[:update].keys if meta.access.include? :update
+          args[0] = args[0].permit(*meta.access[:update].keys) if meta.access.include? :update
         end
       end
 
@@ -16,7 +16,7 @@ module Protector
         if Protector.config.strong_parameters? && args.first.respond_to?(:permit) \
             && !new_record? && protector_subject?
 
-          StrongParameters::sanitize! args, false, protector_meta
+          StrongParameters.sanitize! args, false, protector_meta
         end
 
         super

data/lib/protector/adapters/sequel.rb

@@ -21,8 +21,8 @@ module Protector
       end
 
       def self.null_proc
-        @null_proc ||= Proc.new{ where("1=0") }
+        @null_proc ||= proc { where('1=0') }
       end
     end
   end
-end
+end

data/lib/protector/adapters/sequel/dataset.rb

@@ -19,7 +19,7 @@ module Protector
           # @param entity [Object]          Entity coming from Dataset
           def call(entity)
             entity = mutator.call(entity) if mutator
-            return entity if !entity.respond_to?(:restrict!)
+            return entity unless entity.respond_to?(:restrict!)
             entity.restrict!(@subject)
           end
         end
@@ -34,6 +34,10 @@ module Protector
           model.new.restrict!(protector_subject).creatable?
         end
 
+        def can?(action, field=false)
+          protector_meta.can?(action, field)
+        end
+
         # Gets {Protector::DSL::Meta::Box} of this dataset
         def protector_meta(subject=protector_subject)
           model.protector_meta.evaluate(subject)
@@ -67,4 +71,4 @@ module Protector
       end
     end
   end
-end
+end

data/lib/protector/adapters/sequel/eager_graph_loader.rb

@@ -12,13 +12,13 @@ module Protector
           initialize_without_protector(dataset)
 
           if dataset.protector_subject?
-            @row_procs.each do |k,v|
+            @row_procs.each do |k, v|
               @row_procs[k] = Dataset::Restrictor.new(dataset.protector_subject, v)
-              @ta_map[k][1] = @row_procs[k] if @ta_map.has_key?(k)
+              @ta_map[k][1] = @row_procs[k] if @ta_map.key?(k)
             end
           end
         end
       end
     end
   end
-end
+end

data/lib/protector/adapters/sequel/model.rb

@@ -19,19 +19,19 @@ module Protector
           # Storage of {Protector::DSL::Meta}
           def protector_meta
             @protector_meta ||= Protector::DSL::Meta.new(Protector::Adapters::Sequel, self) do
-              self.columns
+              columns
             end
           end
 
           # Gets default restricted `Dataset`
           def restrict!(*args)
-            dataset.clone.restrict! *args
+            dataset.clone.restrict!(*args)
           end
         end
 
         # Gathers real values of given fields bypassing restrictions
         def protector_changed(fields)
-          HashWithIndifferentAccess[fields.map{|x| [x.to_s, @values[x]]}]
+          HashWithIndifferentAccess[fields.map { |x| [x.to_s, @values[x]] }]
         end
 
         # Storage for {Protector::DSL::Meta::Box}
@@ -47,7 +47,6 @@ module Protector
 
         # Checks if current model can be created in the context of current subject
         def creatable?
-          fields = HashWithIndifferentAccess[keys.map{|x| [x.to_s, @values[x]]}]
           protector_meta.creatable? protector_changed(keys)
         end
 
@@ -67,13 +66,16 @@ module Protector
 
         # Basic security validations
         def validate
-          super; return unless protector_subject?
+          super
+          return unless protector_subject?
 
+          # rubocop:disable IndentationWidth, EndAlignment
           field = if new?
             protector_meta.first_uncreatable_field protector_changed(keys)
           else
             protector_meta.first_unupdatable_field protector_changed(changed_columns)
           end
+          # rubocop:enable IndentationWidth, EndAlignment
 
           errors.add :base, I18n.t('protector.invalid', field: field) if field
         end
@@ -88,8 +90,9 @@ module Protector
         #
         # @param name [Symbol]          Name of attribute to read
         def [](name)
+          # rubocop:disable ParenthesesAroundCondition
           if (
-            !protector_subject? || 
+            !protector_subject? ||
             name == self.class.primary_key ||
             (self.class.primary_key.is_a?(Array) && self.class.primary_key.include?(name)) ||
             protector_meta.readable?(name.to_s)
@@ -98,6 +101,7 @@ module Protector
           else
             nil
           end
+          # rubocop:enable ParenthesesAroundCondition
         end
 
         # This is used whenever we fetch data
@@ -114,4 +118,4 @@ module Protector
       end
     end
   end
-end
+end

data/lib/protector/dsl.rb

@@ -24,11 +24,11 @@ module Protector
             blocks.each do |b|
               case b.arity
               when 2
-                instance_exec subject, entry, &b
+                instance_exec(subject, entry, &b)
               when 1
-                instance_exec subject, &b
+                instance_exec(subject, &b)
               else
-                instance_exec &b
+                instance_exec(&b)
               end
             end
           end
@@ -69,14 +69,14 @@ module Protector
         end
 
         def eval_scope_procs(instance)
-          return scope_procs.reduce(instance) do |relation, scope_proc|
+          scope_procs.reduce(instance) do |relation, scope_proc|
             relation.instance_eval(&scope_proc)
           end
         end
 
         # Enables action for given fields.
         #
-        # Built-in possible actions are: `:view`, `:update`, `:create`.
+        # Built-in possible actions are: `:read`, `:update`, `:create`.
         # You can pass any other actions you want to use with {#can?} afterwards.
         #
         # **The method enables action for every field if `fields` splat is empty.**
@@ -94,25 +94,27 @@ module Protector
         #
         # @example
         #   protect do
-        #     can :view               # Can view any field
-        #     can :view, 'f1'         # Can view `f1` field
-        #     can :view, %w(f2 f3)    # Can view `f2`, `f3` fields
+        #     can :read               # Can read any field
+        #     can :read, 'f1'         # Can read `f1` field
+        #     can :read, %w(f2 f3)    # Can read `f2`, `f3` fields
         #     can :update, f1: 1..2   # Can update f1 field with values between 1 and 2
         #
         #     # Can create f1 field with value equal to 'olo'
         #     can :create, f1: lambda{|x| x == 'olo'}
         #   end
         def can(action, *fields)
+          action = deprecate_actions(action)
+
           return @destroyable = true if action == :destroy
 
           @access[action] = {} unless @access[action]
 
           if fields.length == 0
-            @fields.each{|f| @access[action][f.to_s] = nil}
+            @fields.each { |f| @access[action][f.to_s] = nil }
           else
             fields.each do |a|
               if a.is_a?(Array)
-                a.each{|f| @access[action][f.to_s] = nil}
+                a.each { |f| @access[action][f.to_s] = nil }
               elsif a.is_a?(Hash)
                 @access[action].merge!(a.stringify_keys)
               else
@@ -132,6 +134,8 @@ module Protector
         # @see #can
         # @see #can?
         def cannot(action, *fields)
+          action = deprecate_actions(action)
+
           return @destroyable = false if action == :destroy
 
           return unless @access[action]
@@ -141,7 +145,7 @@ module Protector
           else
             fields.each do |a|
               if a.is_a?(Array)
-                a.each{|f| @access[action].delete(f.to_s)}
+                a.each { |f| @access[action].delete(f.to_s) }
               else
                 @access[action].delete(a.to_s)
               end
@@ -155,7 +159,7 @@ module Protector
 
         # Checks whether given field of a model is readable in context of current subject
         def readable?(field)
-          @access[:view] && @access[:view].has_key?(field)
+          @access[:read] && @access[:read].key?(field)
         end
 
         # Checks whether you can create a model with given field in context of current subject
@@ -191,7 +195,7 @@ module Protector
           return false unless @access[action]
           return !@access[action].empty? unless field
 
-          @access[action].has_key?(field.to_s)
+          @access[action].key?(field.to_s)
         end
 
         def cannot?(*args)
@@ -206,14 +210,14 @@ module Protector
           diff = fields.keys - @access[part].keys
           return diff.first if diff.length > 0
 
-          fields.each do |k,v|
+          fields.each do |k, v|
             case x = @access[part][k]
             when Range
               return k unless x.include?(v)
             when Proc
               return k unless x.call(v)
             else
-              return k if x != nil && x != v
+              return k if !x.nil? && x != v
             end
           end
 
@@ -225,6 +229,17 @@ module Protector
           return false if fields && first_unmodifiable_field(part, fields)
           true
         end
+
+        def deprecate_actions(action)
+          if action == :view
+            ActiveSupport::Deprecation.warn ":view rule has been deprecated and replaced with :read! "+
+              "Starting from version 1.0 :view will be treated as a custom rule."
+
+            :read
+          else
+            action
+          end
+        end
       end
 
       def initialize(adapter, model, &fields_proc)
@@ -263,7 +278,7 @@ module Protector
       # subject on a non-protected model
       def protector_subject
         unless protector_subject?
-          raise "Unprotected entity detected for '#{self.class}': use `restrict` method to protect it."
+          fail "Unprotected entity detected for '#{self.class}': use `restrict` method to protect it."
         end
 
         @protector_subject
@@ -305,4 +320,4 @@ module Protector
       end
     end
   end
-end
+end

data/lib/protector/engine.rb

@@ -2,12 +2,12 @@ module Protector
   class Engine < ::Rails::Engine
     config.protector = ActiveSupport::OrderedOptions.new
 
-    initializer "protector.configuration" do |app|
-      app.config.protector.each{|k,v| Protector.config[k] = v}
+    initializer 'protector.configuration' do |app|
+      app.config.protector.each { |k, v| Protector.config[k] = v }
 
       if Protector::Adapters::ActiveRecord.modern?
         ::ActiveRecord::Base.send(:include, Protector::ActiveRecord::StrongParameters)
       end
     end
   end
-end
+end

data/lib/protector/version.rb

@@ -1,4 +1,4 @@
 module Protector
   # Gem version
-  VERSION = "0.6.4"
+  VERSION = '0.7.0'
 end

data/perf/active_record_perf.rb

@@ -18,14 +18,14 @@ activate do
   Dummy.instance_eval do
     protect do
       scope { every }
-      can :view, :string
+      can :read, :string
     end
   end
 
   Fluffy.instance_eval do
     protect do
       scope { every }
-      can :view
+      can :read
     end
   end
 

data/perf/sequel_perf.rb

@@ -16,14 +16,14 @@ activate do
   Dummy.instance_eval do
     protect do
       scope { where }
-      can :view, :string
+      can :read, :string
     end
   end
 
   Fluffy.instance_eval do
     protect do
       scope { where }
-      can :view
+      can :read
     end
   end
 

data/spec/lib/protector/adapters/active_record_spec.rb

@@ -18,7 +18,7 @@ if defined?(ActiveRecord)
               scope{ where(klass.table_name => {number: 999}) }
             end
 
-            can :view, :dummy_id unless x == '-'
+            can :read, :dummy_id unless x == '-'
           end
         end
       end

data/spec/lib/protector/adapters/sequel_spec.rb

@@ -15,7 +15,7 @@ if defined?(Sequel)
             scope{ where('1=0') } if x == '-'
             scope{ where("#{klass.table_name}__number".to_sym => 999) } if x == '+' 
 
-            can :view, :dummy_id unless x == '-'
+            can :read, :dummy_id unless x == '-'
           end
         end
       end

data/spec/lib/protector/dsl_spec.rb

@@ -85,7 +85,7 @@ describe Protector::DSL do
       before :each do
         @meta = Protector::DSL::Meta.new(nil, nil){%w(field1 field2 field3 field4 field5)}
         @meta << lambda {
-          can :view
+          can :read
         }
 
         @meta << lambda {|user|
@@ -95,7 +95,7 @@ describe Protector::DSL do
         @meta << lambda {|user|
           user.should  == 'user' if user
 
-          cannot :view, %w(field5), :field4
+          cannot :read, %w(field5), :field4
         }
 
         @meta << lambda {|user, entry|
@@ -144,7 +144,7 @@ describe Protector::DSL do
             "field4" => 0..5,
             "field5" => l
           },
-          view: {
+          read: {
             "field1" => nil,
             "field2" => nil,
             "field3" => nil
@@ -181,6 +181,24 @@ describe Protector::DSL do
       end
     end
 
+    context "deprecated methods" do
+      before :each do
+        @meta = Protector::DSL::Meta.new(nil, nil){%w(field1 field2 field3)}
+
+        @meta << lambda {
+          can :view
+          cannot :view, :field2
+        }
+      end
+
+      it "evaluates" do
+        data = ActiveSupport::Deprecation.silence { @meta.evaluate('user', 'entry') }
+        data.can?(:read).should == true
+        data.can?(:read, :field1).should == true
+        data.can?(:read, :field2).should == false
+      end
+    end
+
     context "custom methods" do
       before :each do
         @meta = Protector::DSL::Meta.new(nil, nil){%w(field1 field2)}

data/spec/spec_helpers/examples/model.rb

@@ -7,7 +7,7 @@ shared_examples_for "a model" do
 
         scope { limit(5) }
 
-        can :view
+        can :read
         can :create
         can :update
       end
@@ -16,7 +16,7 @@ shared_examples_for "a model" do
     fields = Hash[*%w(id string number text dummy_id).map{|x| [x, nil]}.flatten]
     meta   = dummy.new.restrict!('!').protector_meta
 
-    meta.access[:view].should   == fields
+    meta.access[:read].should   == fields
     meta.access[:create].should == fields
     meta.access[:update].should == fields
   end
@@ -64,7 +64,7 @@ shared_examples_for "a model" do
     it "hides fields" do
       dummy.instance_eval do
         protect do
-          can :view, :string
+          can :read, :string
         end
       end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protector
 version: !ruby/object:Gem::Version
-  version: 0.6.4
+  version: 0.7.0
 platform: ruby
 authors:
 - Boris Staal
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-17 00:00:00.000000000 Z
+date: 2013-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -48,6 +48,7 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .rspec
+- .rubocop.yml
 - .travis.yml
 - .yardopts
 - Appraisals