protector 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ffb03e438ddf160d6def55eedad02d8666ed2c4a
+  data.tar.gz: 8c1cf283df6c5ddd6e0cb96dd8439331406911b4
+SHA512:
+  metadata.gz: 83ac0169c982cfa2a839eefb4dda73c10c8432516cb2eea9919e1a337233f1c86be2fbbd53164a3da01b65e19bc929afcef50e48e3918c11348f095fe2376d1c
+  data.tar.gz: 5eaa624122f8c6272b0e7b2f139f83e7f12961f487a3019119f8e05bdd82b68fa2eee5d0d4ebb1888cc122aac58b080c27abf9f4a0a05eec7f34818e72e5063b

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,3 @@
+--tty
+--color
+--format progress

data/Gemfile

@@ -0,0 +1,10 @@
+source 'https://rubygems.org'
+gemspec
+
+gem 'rake'
+gem 'pry'
+gem 'rspec'
+gem 'guard'
+gem 'guard-rspec'
+
+gem 'activerecord', '>= 3.0'

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Boris Staal
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,33 @@
+# Protector
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'protector'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install protector
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+
+## LICENSE
+
+It is free software, and may be redistributed under the terms of MIT license.

data/Rakefile

@@ -0,0 +1,8 @@
+require 'bundler/setup'
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+desc "Default: run the unit tests."
+task :default => :spec

data/lib/protector/adapters/active_record.rb

@@ -0,0 +1,105 @@
+module Protector
+  module Adapters
+    module ActiveRecord
+      def self.activate!
+        ::ActiveRecord::Base.send :include, Protector::Adapters::ActiveRecord::Base
+        ::ActiveRecord::Relation.send :include, Protector::Adapters::ActiveRecord::Relation
+      end
+
+      module Base
+        extend ActiveSupport::Concern
+
+        included do
+          include Protector::DSL::Base
+          include Protector::DSL::Entry
+
+          validate(on: :create) do
+            return unless @protector_subject
+            errors[:base] << I18n.t('protector.invalid') unless creatable?
+          end
+
+          validate(on: :update) do
+            return unless @protector_subject
+            errors[:base] << I18n.t('protector.invalid') unless updatable?
+          end
+
+          before_destroy do
+            return true unless @protector_subject
+            destroyable?
+          end
+        end
+
+        module ClassMethods
+          def restrict(subject)
+            all.restrict(subject)
+          end
+        end
+
+        def protector_meta
+          unless @protector_subject
+            raise "Unprotected entity detected: use `restrict` method to protect it."
+          end
+
+          self.class.protector_meta.evaluate(
+            self.class,
+            self.class.column_names,
+            @protector_subject,
+            self
+          )
+        end
+
+        def visible?
+          protector_meta.relation.where(
+            self.class.primary_key => send(self.class.primary_key)
+          ).any?
+        end
+
+        def creatable?
+          fields = HashWithIndifferentAccess[changed.map{|x| [x, __send__(x)]}]
+          protector_meta.creatable?(fields)
+        end
+
+        def updatable?
+          fields = HashWithIndifferentAccess[changed.map{|x| [x, __send__(x)]}]
+          protector_meta.updatable?(fields)
+        end
+
+        def destroyable?
+          protector_meta.destroyable?
+        end
+      end
+
+      module Relation
+        extend ActiveSupport::Concern
+
+        included do
+          include Protector::DSL::Base
+
+          alias_method_chain :exec_queries, :protector
+        end
+
+        def protector_meta
+          @klass.protector_meta.evaluate(@klass, @klass.column_names, @protector_subject)
+        end
+
+        def count
+          super || 0
+        end
+
+        def sum
+          super || 0
+        end
+
+        def calculate(*args)
+          return super unless @protector_subject
+          merge(protector_meta.relation).unrestrict.calculate *args
+        end
+
+        def exec_queries_with_protector(*args)
+          return exec_queries_without_protector unless @protector_subject
+          @records = merge(protector_meta.relation).unrestrict.send :exec_queries
+        end
+      end
+    end
+  end
+end

data/lib/protector/dsl.rb

@@ -0,0 +1,143 @@
+module Protector
+  module DSL
+    # DSL meta storage and evaluator
+    class Meta
+      class Box
+        attr_accessor :access, :relation, :destroyable
+
+        def initialize(model, fields, subject, entry, blocks)
+          @model       = model
+          @fields      = fields
+          @access      = {update: {}, view: {}, create: {}}.with_indifferent_access
+          @relation    = false
+          @destroyable = false
+
+          blocks.each do |b|
+            if b.arity == 2
+              instance_exec subject, entry, &b
+            elsif b.arity == 1
+              instance_exec subject, &b
+            else
+              instance_exec &b
+            end
+          end
+        end
+
+        def scope(&block)
+          @relation = @model.instance_eval(&block)
+        end
+
+        def can(action, *fields)
+          return @destroyable = true if action == :destroy
+          return unless @access[action]
+
+          if fields.size == 0
+            @fields.each{|f| @access[action][f] = nil}
+          else
+            fields.each do |a|
+              if a.is_a?(Array)
+                a.each{|f| @access[action][f] = nil}
+              elsif a.is_a?(Hash)
+                @access[action].merge!(a)
+              else
+                @access[action][a] = nil
+              end
+            end
+          end
+        end
+
+        def cannot(action, *fields)
+          return @destroyable = false if action == :destroy
+          return unless @access[action]
+
+          if fields.size == 0
+            @access[action].clear
+          else
+            fields.each do |a|
+              if a.is_a?(Array)
+                a.each{|f| @access[action].delete(f)}
+              else
+                @access[action].delete(a)
+              end
+            end
+          end
+        end
+
+        def creatable?(fields=false)
+          modifiable? :create, fields
+        end
+
+        def updatable?(fields=false)
+          modifiable? :update, fields
+        end
+
+        def destroyable?
+          @destroyable
+        end
+
+        private
+
+        def modifiable?(part, fields)
+          return false unless @access[part].length > 0
+
+          if fields
+            return false if (fields.keys - @access[part].keys).length > 0
+
+            fields.each do |k,v|
+              case x = @access[part][k]
+              when Range
+                return false unless x.include?(v)
+              when Proc
+                return false unless x.call(v)
+              end
+            end
+          end
+
+          true
+        end
+      end
+
+      def <<(block)
+        (@blocks ||= []) << block
+      end
+
+      def evaluate(model, fields, subject, entry=nil)
+        Box.new(model, fields, subject, entry, @blocks)
+      end
+    end
+
+    module Base
+      extend ActiveSupport::Concern
+
+      included do
+        attr_reader :protector_subject
+      end
+
+      def restrict(subject)
+        @protector_subject = subject
+        self
+      end
+
+      def unrestrict
+        @protector_subject = nil
+        self
+      end
+    end
+
+    module Entry
+      extend ActiveSupport::Concern
+
+      included do
+        class <<self
+          attr_reader :protector_meta
+        end
+      end
+
+      module ClassMethods
+        def protect(&block)
+          (@protector_meta ||= Meta.new) << block
+        end
+      end
+    end
+  end
+end

data/lib/protector/version.rb

@@ -0,0 +1,3 @@
+module Protector
+  VERSION = "0.0.1"
+end

data/lib/protector.rb

@@ -0,0 +1,13 @@
+require "active_support/all"
+
+require "protector/version"
+require "protector/dsl"
+require "protector/adapters/active_record"
+
+I18n.load_path << Dir[File.join File.expand_path(File.dirname(__FILE__)), '..', 'locales', '*.yml']
+
+Protector::Adapters::ActiveRecord.activate! if defined?(ActiveRecord)
+
+module Protector
+  # Your code goes here...
+end

data/locales/en.yml

@@ -0,0 +1,3 @@
+en:
+  protector:
+    invalid: "Access denied"

data/protector.gemspec

@@ -0,0 +1,23 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'protector/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "protector"
+  spec.version       = Protector::VERSION
+  spec.authors       = ["Boris Staal"]
+  spec.email         = ["boris@staal.io"]
+  spec.description   = %q{Comfortable (seriously) white-list security restrictions for models on a field level}
+  spec.summary       = %q{Protector is a successor to the Heimdallr gem: it hits the same goals keeping the Ruby way}
+  spec.homepage      = "https://github.com/inossidabile/protector"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "activesupport"
+  spec.add_dependency "i18n"
+end

data/spec/lib/adapters/active_record_spec.rb

@@ -0,0 +1,96 @@
+require 'spec_helpers/boot'
+
+describe Protector::Adapters::ActiveRecord do
+  before(:all) do
+    ActiveRecord::Schema.verbose = false
+    ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
+    ActiveRecord::Migration.create_table :dummies do |t|
+      t.string  :string
+      t.integer :number
+      t.text    :text
+      t.timestamps
+    end
+
+    class Dummy < ActiveRecord::Base; end
+    Dummy.create! string: 'zomgstring', number: 999, text: 'zomgtext'
+    Dummy.create! string: 'zomgstring', number: 777, text: 'zomgtext'
+
+    Protector::Adapters::ActiveRecord.activate!
+  end
+
+  describe Protector::Adapters::ActiveRecord::Base do
+    before(:each) do
+      @dummy = Class.new(ActiveRecord::Base) do
+        self.table_name = "dummies"
+      end
+    end
+
+    it "includes" do
+      @dummy.ancestors.should include(Protector::Adapters::ActiveRecord::Base)
+    end
+
+    it "scopes" do
+      scope = @dummy.restrict('!')
+      scope.should be_an_instance_of ActiveRecord::Relation
+      scope.protector_subject.should == '!'
+    end
+
+    it_behaves_like "a model"
+  end
+
+  describe Protector::Adapters::ActiveRecord::Relation do
+    before(:all) do
+      @dummy = Class.new(ActiveRecord::Base) do
+        self.table_name = "dummies"
+      end
+    end
+
+    it "includes" do
+      @dummy.all.ancestors.should include(Protector::Adapters::ActiveRecord::Base)
+    end
+
+    it "saves subject" do
+      @dummy.all.restrict('!').where(number: 999).protector_subject.should == '!'
+    end
+
+    context "with null relation" do
+      before(:each) do
+        @dummy.instance_eval do
+          protect{ scope{ none } }
+        end
+      end
+
+      it "counts" do
+        @dummy.all.count.should == 2
+        @dummy.all.restrict('!').count.should == 0
+      end
+
+      it "fetches" do
+        fetched = @dummy.all.restrict('!').to_a
+
+        @dummy.all.to_a.length.should == 2
+        fetched.length.should == 0
+      end
+    end
+
+    context "with active relation" do
+      before(:each) do
+        @dummy.instance_eval do
+          protect{ scope{ where(number: 999) } }
+        end
+      end
+
+      it "counts" do
+        @dummy.all.count.should == 2
+        @dummy.all.restrict('!').count.should == 1
+      end
+
+      it "fetches" do
+        fetched = @dummy.all.restrict('!').to_a
+
+        @dummy.all.to_a.length.should == 2
+        fetched.length.should == 1
+      end
+    end
+  end
+end

data/spec/lib/dsl_spec.rb

@@ -0,0 +1,116 @@
+require 'spec_helpers/boot'
+
+describe Protector::DSL do
+  describe Protector::DSL::Base do
+    before :each do
+      @base = Class.new{ include Protector::DSL::Base }
+    end
+
+    it "defines proper methods" do
+      @base.instance_methods.should include(:restrict)
+      @base.instance_methods.should include(:protector_subject)
+    end
+
+    it "remembers protection subject" do
+      base = @base.new
+      base.restrict("universe")
+      base.protector_subject.should == "universe"
+    end
+
+    it "forgets protection subject" do
+      base = @base.new
+      base.restrict("universe")
+      base.protector_subject.should == "universe"
+      base.unrestrict
+      base.protector_subject.should == nil
+    end
+  end
+
+  describe Protector::DSL::Entry do
+    before :each do
+      @entry = Class.new{ include Protector::DSL::Entry }
+    end
+
+    it "instantiates meta entity" do
+      @entry.instance_eval do
+        protect do; end
+      end
+
+      @entry.protector_meta.should be_an_instance_of(Protector::DSL::Meta)
+    end
+  end
+
+  describe Protector::DSL::Meta do
+    l = -> (x) { x > 4 }
+
+    before :each do
+      @meta = Protector::DSL::Meta.new
+
+      # << -> FTW!
+      @meta << -> {
+        scope { 'relation' }
+      }
+
+      @meta << -> (user) {
+        user.should  == 'user'
+
+        can    :view
+        cannot :view, %w(field5), :field4
+      }
+
+      @meta << -> (user, entry) {
+        user.should  == 'user'
+        entry.should == 'entry'
+
+        can :update, %w(field1 field2 field3),
+          field4: 0..5,
+          field5: l
+
+        can :destroy
+      }
+    end
+
+    it "evaluates" do
+      @meta.evaluate(nil, [], 'user', 'entry')
+    end
+
+    it "sets relation" do
+      data = @meta.evaluate(nil, [], 'user', 'entry')
+      data.relation.should == 'relation'
+    end
+
+    it "sets access" do
+      data = @meta.evaluate(nil, %w(field1 field2 field3 field4 field5), 'user', 'entry')
+      data.access.should == {
+        "update" => {
+          "field1" => nil,
+          "field2" => nil,
+          "field3" => nil,
+          "field4" => 0..5,
+          "field5" => l
+        },
+        "view" => {
+          "field1" => nil,
+          "field2" => nil,
+          "field3" => nil
+        },
+        "create" => {}
+      }
+    end
+
+    it "marks destroyable" do
+      data = @meta.evaluate(nil, [], 'user', 'entry')
+      data.destroyable?.should == true
+    end
+
+    it "marks updatable" do
+      data = @meta.evaluate(nil, [], 'user', 'entry')
+      data.updatable?.should == true
+    end
+
+    it "marks creatable" do
+      data = @meta.evaluate(nil, [], 'user', 'entry')
+      data.creatable?.should == false
+    end
+  end
+end

data/spec/spec_helpers/boot.rb

@@ -0,0 +1,18 @@
+require 'pry'
+require 'protector'
+
+require 'active_record'
+
+require_relative 'model'
+
+RSpec.configure do |config|
+  config.treat_symbols_as_metadata_keys_with_true_values = true
+  config.run_all_when_everything_filtered = true
+  config.filter_run :focus
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = 'random'
+end

data/spec/spec_helpers/model.rb

@@ -0,0 +1,333 @@
+RSpec::Matchers.define :invalidate do
+  match do |actual|
+    actual.save.should == false
+    actual.errors[:base].should == ["Access denied"]
+  end
+end
+
+RSpec::Matchers.define :validate do
+  match do |actual|
+    actual.class.transaction do
+      actual.save.should == true
+      raise ActiveRecord::Rollback
+    end
+
+    true
+  end
+end
+
+shared_examples_for "a model" do
+  it "evaluates meta properly" do
+    @dummy.instance_eval do
+      protect do |subject, dummy|
+        subject.should == '!'
+
+        scope { limit(5) }
+
+        can :view
+        can :create
+        can :update
+      end
+    end
+
+    fields = Hash[*%w(id string number text created_at updated_at).map{|x| [x, nil]}.flatten]
+    dummy  = @dummy.new.restrict('!')
+    meta   = dummy.protector_meta
+
+    meta.access[:view].should   == fields
+    meta.access[:create].should == fields
+    meta.access[:update].should == fields
+  end
+
+  describe "visibility" do
+    it "marks blocked" do
+      @dummy.instance_eval do
+        protect do
+          scope { none }
+        end
+      end
+
+      @dummy.first.restrict('!').visible?.should == false
+    end
+
+    it "marks allowed" do
+      @dummy.instance_eval do
+        protect do
+          scope { limit(5) }
+        end
+      end
+
+      @dummy.first.restrict('!').visible?.should == true
+    end
+  end
+
+  describe "creatability" do
+    context "with empty meta" do
+      before(:each) do
+        @dummy.instance_eval do
+          protect do; end
+        end
+      end
+
+      it "marks blocked" do
+        dummy = @dummy.new(string: 'bam', number: 1)
+        dummy.restrict('!').creatable?.should == false
+      end
+
+      it "invalidates" do
+        dummy = @dummy.new(string: 'bam', number: 1).restrict('!')
+        dummy.should invalidate
+      end
+    end
+
+    context "by list of fields" do
+      before(:each) do
+        @dummy.instance_eval do
+          protect do
+            can :create, :string
+          end
+        end
+      end
+
+      it "marks blocked" do
+        dummy = @dummy.new(string: 'bam', number: 1)
+        dummy.restrict('!').creatable?.should == false
+      end
+
+      it "marks allowed" do
+        dummy = @dummy.new(string: 'bam')
+        dummy.restrict('!').creatable?.should == true
+      end
+
+      it "invalidates" do
+        dummy = @dummy.new(string: 'bam', number: 1).restrict('!')
+        dummy.should invalidate
+      end
+
+      it "validates" do
+        dummy = @dummy.new(string: 'bam').restrict('!')
+        dummy.should validate
+      end
+    end
+
+    context "by lambdas" do
+      before(:each) do
+        @dummy.instance_eval do
+          protect do
+            can :create, string: -> (x) { x.length == 5 }
+          end
+        end
+      end
+
+      it "marks blocked" do
+        dummy = @dummy.new(string: 'bam')
+        dummy.restrict('!').creatable?.should == false
+      end
+
+      it "marks allowed" do
+        dummy = @dummy.new(string: '12345')
+        dummy.restrict('!').creatable?.should == true
+      end
+
+      it "invalidates" do
+        dummy = @dummy.new(string: 'bam').restrict('!')
+        dummy.should invalidate
+      end
+
+      it "validates" do
+        dummy = @dummy.new(string: '12345').restrict('!')
+        dummy.should validate
+      end
+    end
+
+    context "by ranges" do
+      before(:each) do
+        @dummy.instance_eval do
+          protect do
+            can :create, number: 0..2
+          end
+        end
+      end
+
+      it "marks blocked" do
+        dummy = @dummy.new(number: 500)
+        dummy.restrict('!').creatable?.should == false
+      end
+
+      it "marks allowed" do
+        dummy = @dummy.new(number: 2)
+        dummy.restrict('!').creatable?.should == true
+      end
+
+      it "invalidates" do
+        dummy = @dummy.new(number: 500).restrict('!')
+        dummy.should invalidate
+      end
+
+      it "validates" do
+        dummy = @dummy.new(number: 2).restrict('!')
+        dummy.should validate
+      end
+    end
+  end
+
+  describe "updatability" do
+    context "with empty meta" do
+      before(:each) do
+        @dummy.instance_eval do
+          protect do; end
+        end
+      end
+
+      it "marks blocked" do
+        dummy = @dummy.first
+        dummy.assign_attributes(string: 'bam', number: 1)
+        dummy.restrict('!').updatable?.should == false
+      end
+
+      it "invalidates" do
+        dummy = @dummy.first.restrict('!')
+        dummy.assign_attributes(string: 'bam', number: 1)
+        dummy.should invalidate
+      end
+    end
+
+    context "by list of fields" do
+      before(:each) do
+        @dummy.instance_eval do
+          protect do
+            can :update, :string
+          end
+        end
+      end
+
+      it "marks blocked" do
+        dummy = @dummy.first
+        dummy.assign_attributes(string: 'bam', number: 1)
+        dummy.restrict('!').updatable?.should == false
+      end
+
+      it "marks allowed" do
+        dummy = @dummy.first
+        dummy.assign_attributes(string: 'bam')
+        dummy.restrict('!').updatable?.should == true
+      end
+
+      it "invalidates" do
+        dummy = @dummy.first.restrict('!')
+        dummy.assign_attributes(string: 'bam', number: 1)
+        dummy.should invalidate
+      end
+
+      it "validates" do
+        dummy = @dummy.first.restrict('!')
+        dummy.assign_attributes(string: 'bam')
+        dummy.should validate
+      end
+    end
+
+    context "by lambdas" do
+      before(:each) do
+        @dummy.instance_eval do
+          protect do
+            can :update, string: -> (x) { x.length == 5 }
+          end
+        end
+      end
+
+      it "marks blocked" do
+        dummy = @dummy.first
+        dummy.assign_attributes(string: 'bam')
+        dummy.restrict('!').updatable?.should == false
+      end
+
+      it "marks allowed" do
+        dummy = @dummy.first
+        dummy.assign_attributes(string: '12345')
+        dummy.restrict('!').updatable?.should == true
+      end
+
+      it "invalidates" do
+        dummy = @dummy.first.restrict('!')
+        dummy.assign_attributes(string: 'bam')
+        dummy.should invalidate
+      end
+
+      it "validates" do
+        dummy = @dummy.first.restrict('!')
+        dummy.assign_attributes(string: '12345')
+        dummy.should validate
+      end
+    end
+
+    context "by ranges" do
+      before(:each) do
+        @dummy.instance_eval do
+          protect do
+            can :update, number: 0..2
+          end
+        end
+      end
+
+      it "marks blocked" do
+        dummy = @dummy.first
+        dummy.assign_attributes(number: 500)
+        dummy.restrict('!').updatable?.should == false
+      end
+
+      it "marks allowed" do
+        dummy = @dummy.first
+        dummy.assign_attributes(number: 2)
+        dummy.restrict('!').updatable?.should == true
+      end
+
+      it "invalidates" do
+        dummy = @dummy.first.restrict('!')
+        dummy.assign_attributes(number: 500)
+        dummy.should invalidate
+      end
+
+      it "validates" do
+        dummy = @dummy.first.restrict('!')
+        dummy.assign_attributes(number: 2)
+        dummy.should validate
+      end
+    end
+  end
+
+  describe "destroyability" do
+    it "marks blocked" do
+      @dummy.instance_eval do
+        protect do; end
+      end
+
+      @dummy.first.restrict('!').destroyable?.should == false
+    end
+
+    it "marks allowed" do
+      @dummy.instance_eval do
+        protect do; can :destroy; end
+      end
+
+      @dummy.first.restrict('!').destroyable?.should == true
+    end
+
+    it "invalidates" do
+      @dummy.instance_eval do
+        protect do; end
+      end
+
+      @dummy.first.restrict('!').destroy.should == false
+    end
+
+    it "validates" do
+      @dummy.instance_eval do
+        protect do; can :destroy; end
+      end
+
+      dummy = @dummy.create!.restrict('!')
+      dummy.destroy.should == dummy
+      dummy.destroyed?.should == true
+    end
+  end
+end

metadata

@@ -0,0 +1,94 @@
+--- !ruby/object:Gem::Specification
+name: protector
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Boris Staal
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-05-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: i18n
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Comfortable (seriously) white-list security restrictions for models on
+  a field level
+email:
+- boris@staal.io
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rspec
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/protector.rb
+- lib/protector/adapters/active_record.rb
+- lib/protector/dsl.rb
+- lib/protector/version.rb
+- locales/en.yml
+- protector.gemspec
+- spec/lib/adapters/active_record_spec.rb
+- spec/lib/dsl_spec.rb
+- spec/spec_helpers/boot.rb
+- spec/spec_helpers/model.rb
+homepage: https://github.com/inossidabile/protector
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: 'Protector is a successor to the Heimdallr gem: it hits the same goals keeping
+  the Ruby way'
+test_files:
+- spec/lib/adapters/active_record_spec.rb
+- spec/lib/dsl_spec.rb
+- spec/spec_helpers/boot.rb
+- spec/spec_helpers/model.rb