pundit 0.1.0

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+bin

data/.travis.yml

@@ -0,0 +1,6 @@
+language: ruby
+rvm:
+  - 1.9.2
+  - 1.9.3
+  - jruby-19mode
+  - rbx-19mode

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in pundit.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2012 Jonas Nicklas, Elabs AB
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,260 @@
+# Pundit
+
+Pundit provides a set of helpers which guide you in leveraging regular Ruby
+classes and object oriented design patterns to build a simple, robust and
+scaleable authorization system.
+
+## Installation
+
+``` ruby
+gem "pundit"
+```
+
+Include Pundit in your application controller:
+
+``` ruby
+class ApplicationController < ActionController::Base
+  include Pundit
+  protect_from_forgery
+end
+```
+
+Optionally, you can run the generator, which will set up an application policy
+with some useful defaults for you:
+
+``` sh
+rails g pundit:install
+```
+
+## Policies
+
+Pundit is focused around the notion of policy classes. We suggest that you put
+these classes in `app/policies`. This is a simple example:
+
+``` ruby
+class PostPolicy
+  attr_reader :user, :post
+
+  def initialize(user, post)
+    @user = user
+    @post = post
+  end
+
+  def create?
+    user.admin? or not post.published?
+  end
+end
+```
+
+As you can see, this is just a plain Ruby class. As a convenience, we can inherit
+from Struct:
+
+``` ruby
+class PostPolicy < Struct.new(:user, :post)
+  def create?
+    user.admin? or not post.published?
+  end
+end
+```
+
+Pundit makes the following assumptions about this class:
+
+- The class has the same name as some kind of model class, only suffixed
+  with the word "Policy".
+- The first argument is a user. In your controller, Pundit will call the
+  `current_user` method to retrieve what to send into this argument
+- The second argument is some kind of model object, whose authorization
+  you want to check. This does not need to be an ActiveRecord or even
+  an ActiveModel object, it can be anything really.
+- The class implements some kind of query method, in this case `create?`.
+  Usually, this will map to the name of a particular controller action.
+
+That's it really.
+
+Supposing that you have an instance of class `Post`, Pundit now lets you do
+this in your controller:
+
+``` ruby
+def create
+  @post = Post.new(params[:post])
+  authorize @post
+  if @post.save
+    redirect_to @post
+  else
+    render :new
+  end
+end
+```
+
+The authorize method automatically infers that `Post` will have a matching
+`PostPolicy` class, and instantiates this class, handing in the current user
+and the given record. It then infers from the action name, that it should call
+`create?` on this instance of the policy. In this case, you can imagine that
+`authorize` would have done something like this:
+
+``` ruby
+raise "not authorized" unless PostPolicy.new(current_user, @post).create?
+```
+
+You can pass a second arguent to `authorize` if the name of the permission you
+want to check doesn't match the action name. For example:
+
+``` ruby
+def publish
+  @post = Post.find(params[:id])
+  authorize @post, :update?
+  @post.publish!
+  redirect_to @post
+end
+```
+
+You can easily get a hold of an instance of the policy through the `policy`
+method in both the view and controller. This is especially useful for
+conditionally showing links or buttons in the view:
+
+``` erb
+<% if policy(@post).create? %>
+  <%= link_to "New post", new_post_path %>
+<% end %>
+```
+
+## Ensuring policies are used
+
+Pundit adds a method called `verify_authorized` to your controllers. This
+method will raise an exception if `authorize` has not yet been called. You
+should run this method in an `after_filter` to ensure that you haven't
+forgotten to authorize the action. For example:
+
+``` ruby
+class ApplicationController < ActionController::Base
+  after_filter :verify_authorized, :except => :index
+end
+```
+
+## Scopes
+
+Often, you will want to have some kind of view listing records which a
+particular user has access to. When using Pundit, you are expected to
+define a class called a policy scope. It can look something like this:
+
+``` ruby
+class PostPolicy < Struct.new(:user, :post)
+  class Scope < Struct.new(:user, :scope)
+    def resolve
+      if user.admin?
+        scope
+      else
+        scope.where(:published => true)
+      end
+    end
+  end
+
+  def create?
+    user.admin? or not post.published?
+  end
+end
+```
+
+Pundit makes the following assumptions about this class:
+
+- The class has the name `Scope` and is nested under the policy class.
+- The first argument is a user. In your controller, Pundit will call the
+  `current_user` method to retrieve what to send into this argument.
+- The second argument is a scope of some kind on which to perform some kind of
+  query. It will usually be an ActiveRecord class or a
+  `ActiveRecord::Relation`, but it could be something else entirely.
+- Instances of this class respond to the method `resolve`, which should return
+  some kind of result which can be iterated over. For ActiveRecord classes,
+  this would usually be an `ActiveRecord::Relation`.
+
+You can now use this class from your controller via the `policy_scope` method:
+
+``` ruby
+def index
+  @posts = policy_scope(Post)
+end
+```
+
+Just as with your policy, this will automatically infer that you want to use
+the `PostPolicy::Scope` class, it will instantiate this class and call
+`resolve` on the instance. In this case it is a shortcut for doing:
+
+``` ruby
+def index
+  @posts = PostPolicy::Scope.new(current_user, Post).resolve
+end
+```
+
+You can, and are encouraged to, use this method in views:
+
+``` erb
+<% policy_scope(@user.posts).each do |post| %>
+  <p><% link_to @post.title, post_path(post) %></p>
+<% end %>
+```
+
+## Just plain old Ruby
+
+As you can see, Pundit doesn't do anything you couldn't have easily done
+yourself.  It's a very small library, it just provides a few neat helpers.
+Together these give you the power of building a well structured, fully working
+authorization system without using any special DSLs or funky syntax or
+anything.
+
+Remember that all of the policy and scope classes are just plain Ruby classes,
+which means you can use the same mechanisms you always use to DRY things up.
+Encapsulate a set of permissions into a module and include them in multiple
+policies. Use `alias_method` to make some permissions behave the same as
+others. Inherit from a base set of permissions. Use metaprogramming if you
+really have to.
+
+## Generator
+
+Use the supplied generator to generate policies:
+
+``` sh
+rails g pundit:policy post
+```
+
+## Closed systems
+
+In many applications, only logged in users are really able to do anything. If
+you're building such a system, it can be kind of cumbersome to check that the
+user in a policy isn't `nil` for every single permission.
+
+We suggest that you define a filter that redirects unauthenticated users to the
+login page. As a secondary defence, if you've defined an ApplicationPolicy, it
+might be a good idea to raise an exception if somehow an unauthenticated user
+got through. This way you can fail more gracefully.
+
+``` ruby
+class ApplicationPolicy
+  def initialize(user, record)
+    raise Pundit::NotAuthorized, "must be logged in" unless user
+    @user = user
+    @record = record
+  end
+end
+```
+
+## Manually retrieving policies and scopes
+
+Sometimes you want to retrieve a policy for a record outside the controller or
+view. For example when you delegate permissions from one policy to another.
+
+You can easily retrieve policies and scopes like this:
+
+``` ruby
+Pundit.policy!(user, post)
+Pundit.policy(user, post)
+
+Pundit.policy_scope!(user, Post)
+Pundit.policy_scope(user, Post)
+```
+
+The bang methods will raise an exception if the policy does not exist, whereas
+those without the bang will return nil.
+
+# License
+
+Licensed under the MIT license, see the separate LICENSE.txt file.

data/Rakefile

@@ -0,0 +1,16 @@
+require 'rubygems'
+require 'rspec/core/rake_task'
+require 'yard'
+
+desc "Run all examples"
+RSpec::Core::RakeTask.new(:spec) do |t|
+  #t.rspec_path = 'bin/rspec'
+  t.rspec_opts = %w[--color]
+end
+
+YARD::Rake::YardocTask.new do |t|
+  t.files   = ['lib/**/*.rb']
+  #t.options = ['--any', '--extra', '--opts'] # optional
+end
+
+task :default => [:spec]

data/lib/generators/pundit/install/USAGE

@@ -0,0 +1,2 @@
+Description:
+    Generates an application policy as a starting point for your application.

data/lib/generators/pundit/install/install_generator.rb

@@ -0,0 +1,11 @@
+module Pundit
+  module Generators
+    class InstallGenerator < ::Rails::Generators::Base
+      source_root File.expand_path(File.join(File.dirname(__FILE__), 'templates'))
+
+      def copy_application_policy
+        template 'application_policy.rb', 'app/policies/application_policy.rb'
+      end
+    end
+  end
+end

data/lib/generators/pundit/install/templates/application_policy.rb

@@ -0,0 +1,41 @@
+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+  end
+
+  def index?
+    scope.exists?
+  end
+
+  def show?
+    scope.where(:id => record.id).exists?
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  def scope
+    Pundit.policy_scope!(user, record.class)
+  end
+end
+

data/lib/generators/pundit/policy/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Generates a policy for a model with the given name.
+
+Example:
+    rails generate pundit:policy user
+
+    This will create:
+        app/policies/user_policy.rb

data/lib/generators/pundit/policy/policy_generator.rb

@@ -0,0 +1,11 @@
+module Pundit
+  module Generators
+    class PolicyGenerator < ::Rails::Generators::NamedBase
+      source_root File.expand_path(File.join(File.dirname(__FILE__), 'templates'))
+
+      def create_policy
+        template 'policy.rb', File.join('app/policies', class_path, "#{file_name}_policy.rb")
+      end
+    end
+  end
+end

data/lib/generators/pundit/policy/templates/policy.rb

@@ -0,0 +1,9 @@
+<% module_namespacing do -%>
+class <%= class_name %>Policy < ApplicationPolicy
+  class Scope < Struct.new(:user, :scope)
+    def resolve
+      scope
+    end
+  end
+end
+<% end -%>

data/lib/pundit.rb

@@ -0,0 +1,60 @@
+require "pundit/version"
+require "pundit/policy_finder"
+require "active_support/concern"
+require "active_support/core_ext/string/inflections"
+require "active_support/core_ext/object/blank"
+
+module Pundit
+  class NotAuthorizedError < StandardError; end
+  class NotDefinedError < StandardError; end
+
+  extend ActiveSupport::Concern
+
+  class << self
+    def policy_scope(user, scope)
+      policy = PolicyFinder.new(scope).scope
+      policy.new(user, scope).resolve if policy
+    end
+
+    def policy_scope!(user, scope)
+      PolicyFinder.new(scope).scope!.new(user, scope).resolve
+    end
+
+    def policy(user, record)
+      scope = PolicyFinder.new(record).policy
+      scope.new(user, record) if scope
+    end
+
+    def policy!(user, record)
+      PolicyFinder.new(record).policy!.new(user, record)
+    end
+  end
+
+  included do
+    if respond_to?(:helper_method)
+      helper_method :policy_scope
+      helper_method :policy
+    end
+  end
+
+  def verify_authorized
+    raise NotAuthorizedError unless @_policy_authorized
+  end
+
+  def authorize(record, query=nil)
+    query ||= params[:action].to_s + "?"
+    @_policy_authorized = true
+    unless policy(record).public_send(query)
+      raise NotAuthorizedError, "not allowed to #{query} this #{record}"
+    end
+    true
+  end
+
+  def policy_scope(scope)
+    Pundit.policy_scope!(current_user, scope)
+  end
+
+  def policy(record)
+    Pundit.policy!(current_user, record)
+  end
+end

data/lib/pundit/policy_finder.rb

@@ -0,0 +1,49 @@
+module Pundit
+  class PolicyFinder
+    attr_reader :object
+
+    def initialize(object)
+      @object = object
+    end
+
+    def name
+      if object.respond_to?(:model_name)
+        object.model_name.to_s
+      elsif object.class.respond_to?(:model_name)
+        object.class.model_name.to_s
+      elsif object.is_a?(Class)
+        object.to_s
+      else
+        object.class.to_s
+      end
+    end
+
+    def scope
+      scope_name.constantize
+    rescue NameError
+      nil
+    end
+
+    def policy
+      policy_name.constantize
+    rescue NameError
+      nil
+    end
+
+    def scope!
+      scope or raise NotDefinedError, "unable to find scope #{scope_name} for #{object}"
+    end
+
+    def policy!
+      policy or raise NotDefinedError, "unable to find policy #{policy_name} for #{object}"
+    end
+
+    def scope_name
+      "#{name}Policy::Scope"
+    end
+
+    def policy_name
+      "#{name}Policy"
+    end
+  end
+end

data/lib/pundit/rspec.rb

@@ -0,0 +1,47 @@
+module Pundit
+  module RSpec
+    module Matchers
+      extend ::RSpec::Matchers::DSL
+
+      matcher :permit do |user, record|
+        match do |policy|
+          permissions.all? { |permission| policy.new(user, record).public_send(permission) }
+        end
+
+        failure_message_for_should do |policy|
+          "Expected #{policy} to grant #{permissions.to_sentence} on #{record} but it didn't"
+        end
+
+        failure_message_for_should_not do |policy|
+          "Expected #{policy} not to grant #{permissions.to_sentence} on #{record} but it did"
+        end
+
+        def permissions
+          example.metadata[:permissions]
+        end
+      end
+    end
+
+    module DSL
+      def permissions(*list, &block)
+        describe(list.to_sentence, :permissions => list, :caller => caller) { instance_eval(&block) }
+      end
+    end
+
+    module PolicyExampleGroup
+      include Pundit::RSpec::Matchers
+
+      def self.included(base)
+        base.metadata[:type] = :policy
+        base.extend Pundit::RSpec::DSL
+        super
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include Pundit::RSpec::PolicyExampleGroup, :type => :policy, :example_group => {
+    :file_path => /spec\/policies/
+  }
+end

data/lib/pundit/version.rb

@@ -0,0 +1,3 @@
+module Pundit
+  VERSION = "0.1.0"
+end

data/pundit.gemspec

@@ -0,0 +1,25 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'pundit/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "pundit"
+  gem.version       = Pundit::VERSION
+  gem.authors       = ["Jonas Nicklas", "Elabs AB"]
+  gem.email         = ["jonas.nicklas@gmail.com", "dev@elabs.se"]
+  gem.description   = %q{Object oriented authorization for Rails applications}
+  gem.summary       = %q{OO authorization for Rails}
+  gem.homepage      = "http://github.com/elabs/pundit"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency "rails", "~>3.0"
+  gem.add_development_dependency "rspec", "~>2.0"
+  gem.add_development_dependency "pry"
+  gem.add_development_dependency "rake"
+  gem.add_development_dependency "yard"
+end

data/spec/pundit_spec.rb

@@ -0,0 +1,181 @@
+require "pundit"
+require "pry"
+require "active_model/naming"
+
+class PostPolicy < Struct.new(:user, :post)
+  def update?
+    post.user == user
+  end
+  def destroy?
+    false
+  end
+  def show?
+    true
+  end
+end
+class PostPolicy::Scope < Struct.new(:user, :scope)
+  def resolve
+    scope.published
+  end
+end
+class Post < Struct.new(:user)
+  def self.published
+    :published
+  end
+end
+
+class CommentPolicy < Struct.new(:user, :comment); end
+class CommentPolicy::Scope < Struct.new(:user, :scope)
+  def resolve
+    scope
+  end
+end
+class Comment; extend ActiveModel::Naming; end
+
+class Article; end
+
+describe Pundit do
+  let(:user) { stub }
+  let(:post) { Post.new(user) }
+  let(:comment) { Comment.new }
+  let(:article) { Article.new }
+  let(:controller) { stub(:current_user => user, :params => { :action => "update" }).tap { |c| c.extend(Pundit) } }
+
+  describe ".policy_scope" do
+    it "returns an instantiated policy scope given a plain model class" do
+      Pundit.policy_scope(user, Post).should == :published
+    end
+
+    it "returns an instantiated policy scope given an active model class" do
+      Pundit.policy_scope(user, Comment).should == Comment
+    end
+
+    it "returns nil if the given policy scope can't be found" do
+      Pundit.policy_scope(user, Article).should be_nil
+    end
+  end
+
+  describe ".policy_scope!" do
+    it "returns an instantiated policy scope given a plain model class" do
+      Pundit.policy_scope!(user, Post).should == :published
+    end
+
+    it "returns an instantiated policy scope given an active model class" do
+      Pundit.policy_scope!(user, Comment).should == Comment
+    end
+
+    it "throws an exception if the given policy scope can't be found" do
+      expect { Pundit.policy_scope!(user, Article) }.to raise_error(Pundit::NotDefinedError)
+    end
+  end
+
+  describe ".policy" do
+    it "returns an instantiated policy given a plain model instance" do
+      policy = Pundit.policy(user, post)
+      policy.user.should == user
+      policy.post.should == post
+    end
+
+    it "returns an instantiated policy given an active model instance" do
+      policy = Pundit.policy(user, comment)
+      policy.user.should == user
+      policy.comment.should == comment
+    end
+
+    it "returns an instantiated policy given a plain model class" do
+      policy = Pundit.policy(user, Post)
+      policy.user.should == user
+      policy.post.should == Post
+    end
+
+    it "returns an instantiated policy given an active model class" do
+      policy = Pundit.policy(user, Comment)
+      policy.user.should == user
+      policy.comment.should == Comment
+    end
+
+    it "returns nil if the given policy can't be found" do
+      Pundit.policy(user, article).should be_nil
+      Pundit.policy(user, Article).should be_nil
+    end
+  end
+
+  describe ".policy!" do
+    it "returns an instantiated policy given a plain model instance" do
+      policy = Pundit.policy!(user, post)
+      policy.user.should == user
+      policy.post.should == post
+    end
+
+    it "returns an instantiated policy given an active model instance" do
+      policy = Pundit.policy!(user, comment)
+      policy.user.should == user
+      policy.comment.should == comment
+    end
+
+    it "returns an instantiated policy given a plain model class" do
+      policy = Pundit.policy!(user, Post)
+      policy.user.should == user
+      policy.post.should == Post
+    end
+
+    it "returns an instantiated policy given an active model class" do
+      policy = Pundit.policy!(user, Comment)
+      policy.user.should == user
+      policy.comment.should == Comment
+    end
+
+    it "throws an exception if the given policy can't be found" do
+      expect { Pundit.policy!(user, article) }.to raise_error(Pundit::NotDefinedError)
+      expect { Pundit.policy!(user, Article) }.to raise_error(Pundit::NotDefinedError)
+    end
+  end
+
+  describe "#verify_authorized" do
+    it "does nothing when authorized" do
+      controller.authorize(post)
+      controller.verify_authorized
+    end
+
+    it "raises an exception when not authorized" do
+      expect { controller.verify_authorized }.to raise_error(Pundit::NotAuthorizedError)
+    end
+  end
+
+  describe "#authorize" do
+    it "infers the policy name and authorized based on it" do
+      controller.authorize(post).should be_true
+    end
+
+    it "can be given a different permission to check" do
+      controller.authorize(post, :show?).should be_true
+      expect { controller.authorize(post, :destroy?) }.to raise_error(Pundit::NotAuthorizedError)
+    end
+
+    it "raises an error when the permission check fails" do
+      expect { controller.authorize(Post.new) }.to raise_error(Pundit::NotAuthorizedError)
+    end
+  end
+
+  describe ".policy" do
+    it "returns an instantiated policy" do
+      policy = controller.policy(post)
+      policy.user.should == user
+      policy.post.should == post
+    end
+
+    it "throws an exception if the given policy can't be found" do
+      expect { controller.policy(article) }.to raise_error(Pundit::NotDefinedError)
+    end
+  end
+
+  describe ".policy_scope" do
+    it "returns an instantiated policy scope" do
+      controller.policy_scope(Post).should == :published
+    end
+
+    it "throws an exception if the given policy can't be found" do
+      expect { controller.policy_scope(Article) }.to raise_error(Pundit::NotDefinedError)
+    end
+  end
+end

metadata

@@ -0,0 +1,147 @@
+--- !ruby/object:Gem::Specification
+name: pundit
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Jonas Nicklas
+- Elabs AB
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-11-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: yard
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Object oriented authorization for Rails applications
+email:
+- jonas.nicklas@gmail.com
+- dev@elabs.se
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/generators/pundit/install/USAGE
+- lib/generators/pundit/install/install_generator.rb
+- lib/generators/pundit/install/templates/application_policy.rb
+- lib/generators/pundit/policy/USAGE
+- lib/generators/pundit/policy/policy_generator.rb
+- lib/generators/pundit/policy/templates/policy.rb
+- lib/pundit.rb
+- lib/pundit/policy_finder.rb
+- lib/pundit/rspec.rb
+- lib/pundit/version.rb
+- pundit.gemspec
+- spec/pundit_spec.rb
+homepage: http://github.com/elabs/pundit
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: OO authorization for Rails
+test_files:
+- spec/pundit_spec.rb
+has_rdoc: