right_on 0.3.0 → 0.4.0

data/spec/role_model_spec.rb

@@ -25,4 +25,9 @@ describe RightOn::RoleModel do
     expect(admin.has_privileges_of?(basic_user)).to be true
     expect(basic_user.has_privileges_of?(admin)).to be false
   end
+
+  it 'links back to users' do
+    admin # load admin
+    expect(admin_role.users.size).to eq 1
+  end
 end

data/spec/rule_spec.rb

@@ -0,0 +1,81 @@
+require 'active_record'
+require 'active_support/all'
+require 'cancan/rule'
+require 'right_on/error'
+require 'right_on/rule'
+require 'spec_helper'
+
+describe RightOn::Rule do
+  subject(:rule) { RightOn::Rule.rule_for(right) }
+
+  describe '#self.rule_for' do
+    let(:right) {
+      double(name: 'Do Something', can: true, action: 'action', subject: 'subject', conditions: {})
+    }
+
+    it 'should return a cancan rule' do
+      is_expected.to be_a(CanCan::Rule)
+    end
+  end
+
+  describe '#call' do
+    context 'when an action is not specified' do
+      let(:right) {
+        double(name: 'Do Something', can: true, action: nil, subject: 'subject', conditions: {})
+      }
+
+      it 'should fail with exception' do
+        expect{rule}.to raise_error(RightOn::Error, 'must specify an action')
+      end
+    end
+
+    context 'when the subject is not a model' do
+      let(:right) {
+        double(name: 'Do Something', can: true, action: 'action', subject: 'subject', conditions: {})
+      }
+
+      it 'should return a CanCan::Rule' do
+        is_expected.to be_a(CanCan::Rule)
+      end
+
+      it 'should convert the action to a symbol' do
+        expect(rule.actions).to eq([:action])
+      end
+
+      it 'should set the subject' do
+        expect(rule.subjects).to eq(['subject'])
+      end
+
+      it 'should not have any conditions' do
+        expect(rule.conditions).to eq({})
+      end
+    end
+
+    context 'when the subject is a model' do
+      let(:right) {
+        double(name: 'Do Something', can: true, action: 'action', subject: 'Model', conditions: {})
+      }
+
+      before do
+        class Model < ActiveRecord::Base
+        end
+      end
+
+      it 'should return a CanCan::Rule' do
+        is_expected.to be_a(CanCan::Rule)
+      end
+
+      it 'should convert the action to a symbol' do
+        expect(rule.actions).to eq([:action])
+      end
+
+      it 'should convert the subject to a model' do
+        expect(rule.subjects).to eq([Model])
+      end
+
+      it 'should not have any conditions' do
+        expect(rule.conditions).to eq({})
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -19,7 +19,7 @@ RSpec.configure do |config|
   config.run_all_when_everything_filtered = true
   config.filter_run :focus
   config.before :all do
-    RightOn::Right.cache = ActiveSupport::Cache::MemoryStore.new
+    RightOn::RightAllowed.cache = ActiveSupport::Cache::MemoryStore.new
   end
 end
 
@@ -31,8 +31,6 @@ ActiveRecord::Base.establish_connection :adapter => 'sqlite3', :database => DB_F
 
 load('spec/schema.rb')
 
-RightOn::Right.rights_yaml 'db/rights_roles.yml'
-
 class Model < ActiveRecord::Base
 end
 

data/spec/support/bootstrap.rb

@@ -1,15 +1,25 @@
 class Bootstrap
-  def self.reset_database
+  def self.various_rights_with_actions
     RightOn::Right.delete_all
-    RightOn::Role.delete_all
-    User.delete_all
+    {
+      users:         create_right('users'),
+      models:        create_right('models'),
+      models_index:  create_right('models#index'),
+      models_change: create_right('models#change'),
+      models_view:   create_right('models#view')
+    }
+  end
 
-    basic_right = RightOn::Right.create!(:name => 'basic', :controller => 'basic')
-    admin_right = RightOn::Right.create!(:name => 'admin', :controller => 'admin')
-    basic_role  = RightOn::Role.create!(:title => 'Basic', :rights => [basic_right])
-    admin_role  = RightOn::Role.create!(:title => 'Admin', :rights => [admin_right])
+  def self.create_right(name)
+    RightOn::Right.create!(build_right_attrs(name))
+  end
 
-    User.create!(name: 'basic', roles: [basic_role])
-    User.create!(name: 'admin', roles: [basic_role, admin_role])
+  def self.build_right_attrs(name)
+    if name['#']
+      controller, action = name.split('#')
+      { name: name, controller: controller, action: action }
+    else
+      { name: name, controller: name }
+    end
   end
 end

data/spec/support/coverage_loader.rb

@@ -1,4 +1,4 @@
 require 'simplecov-rcov'
 require 'coveralls'
 require 'coverage/kit'
-Coverage::Kit.setup(minimum_coverage: 91.7)
+Coverage::Kit.setup(minimum_coverage: 92.8)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: right_on
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Michael Noack
@@ -9,36 +9,50 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-08-03 00:00:00.000000000 Z
+date: 2018-04-13 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: cancancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: 4.0.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: 4.0.0
 - !ruby/object:Gem::Dependency
   name: input_reader
   requirement: !ruby/object:Gem::Requirement
@@ -137,6 +151,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -172,7 +200,9 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".hound.yml"
 - ".rspec"
+- ".rubocop.yml"
 - ".travis.yml"
 - CHANGELOG.md
 - Gemfile
@@ -181,12 +211,13 @@ files:
 - Rakefile
 - db/migration.rb
 - db/rights_roles.yml
-- gemfiles/rails3.gemfile
 - gemfiles/rails4.gemfile
 - gemfiles/rails5.gemfile
 - lib/right_on.rb
-- lib/right_on/action_controller_extensions.rb
+- lib/right_on/ability.rb
 - lib/right_on/by_group.rb
+- lib/right_on/controller_additions.rb
+- lib/right_on/error.rb
 - lib/right_on/generators/USAGE
 - lib/right_on/generators/right_migration_generator.rb
 - lib/right_on/generators/templates/right_migration.rb
@@ -194,17 +225,23 @@ files:
 - lib/right_on/rails.rb
 - lib/right_on/railtie.rb
 - lib/right_on/right.rb
+- lib/right_on/right_allowed.rb
 - lib/right_on/rights_manager.rb
 - lib/right_on/role.rb
 - lib/right_on/role_model.rb
+- lib/right_on/rule.rb
 - lib/right_on/tasks/rights_roles.rake
 - lib/right_on/tasks/seeds_rights.rake
 - lib/right_on/version.rb
 - right_on.gemspec
-- spec/action_controller_extensions_spec.rb
-- spec/permission_defnied_spec.rb
+- spec/ability_spec.rb
+- spec/by_group_spec.rb
+- spec/controller_additions_spec.rb
+- spec/permission_denied_response_spec.rb
+- spec/right_allowed_spec.rb
 - spec/right_on_spec.rb
 - spec/role_model_spec.rb
+- spec/rule_spec.rb
 - spec/schema.rb
 - spec/spec_helper.rb
 - spec/support/bootstrap.rb
@@ -231,15 +268,19 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.7.3
 signing_key: 
 specification_version: 4
 summary: Set of extensions to core rails to give rights and roles.
 test_files:
-- spec/action_controller_extensions_spec.rb
-- spec/permission_defnied_spec.rb
+- spec/ability_spec.rb
+- spec/by_group_spec.rb
+- spec/controller_additions_spec.rb
+- spec/permission_denied_response_spec.rb
+- spec/right_allowed_spec.rb
 - spec/right_on_spec.rb
 - spec/role_model_spec.rb
+- spec/rule_spec.rb
 - spec/schema.rb
 - spec/spec_helper.rb
 - spec/support/bootstrap.rb

data/gemfiles/rails3.gemfile

@@ -1,7 +0,0 @@
-source 'https://rubygems.org'
-gemspec :path => '../'
-
-group :development, :test do
-  gem 'rails', '~> 3.2.0'
-  gem 'rails_4_backports' # find_by
-end

data/lib/right_on/action_controller_extensions.rb

@@ -1,68 +0,0 @@
-module RightOn
-
-  module ActionControllerExtensions
-
-    def self.included(base)
-      base.module_eval do
-        helper_method :access_allowed?, :access_allowed_to_controller?
-        class_attribute :rights_from
-        class_attribute :permission_denied_layout
-      end
-    end
-
-    # Checks the access privilege of the user and renders permission_denied page if required
-    def verify_rights
-      access_allowed?(controller_action_options) || permission_denied
-    end
-
-    # Checks the access privilege for a controller
-    def access_allowed_to_controller?(controller)
-      controller_class = "#{controller.to_s.camelcase}Controller".safe_constantize
-
-      # Handle inheritance of rights
-      if controller_class && controller_class.rights_from.present?
-        controller = controller_class.rights_from.to_s
-      end
-
-      access_allowed?(controller)
-    end
-
-    # Checks the access privilege of the user and returns true or false
-    def access_allowed?(opts={})
-      if opts.is_a?(String)
-        controller, action = opts.split('#')
-        opts = {:controller => controller, :action => action}
-      end
-      opts[:controller] ||= params[:controller]
-      opts[:action]     ||= params[:action]
-      current_user.rights.any? { |r| r.allowed?(opts.slice(:controller, :action)) }
-    end
-
-    # Called if a security check determines permission is denied
-    def permission_denied
-      @permission_denied_response = RightOn::PermissionDeniedResponse.new(params, controller_action_options)
-
-      respond_to do |format|
-        format.html { render status: 401, template: 'permission_denied', layout: (permission_denied_layout || false) }
-        format.json do
-          render status: 401, json: @permission_denied_response.to_json
-        end
-        format.js do
-          render :update, status: 401 do |page|
-            page.alert(@permission_denied_layout.text_message)
-          end
-        end
-      end
-
-      false
-    end
-
-    def controller_action_options
-      opts = params.slice(:controller, :action)
-      opts[:controller] = rights_from.to_s if rights_from
-      opts
-    end
-
-  end
-
-end

data/spec/action_controller_extensions_spec.rb

@@ -1,34 +0,0 @@
-require 'spec_helper'
-
-require 'action_controller'
-class AdminController < ActionController::Base
-  include RightOn::ActionControllerExtensions
-  def current_user
-    Thread.current[:user]
-  end
-end
-
-describe AdminController do
-  let(:basic_user) { User.where(name: 'basic').first }
-  let(:admin_user) { User.where(name: 'admin').first }
-
-  before do
-    Bootstrap.reset_database
-    controller.params = {controller: 'admin', action: 'index'}
-  end
-
-  let(:controller) { AdminController.new }
-  context 'basic user' do
-    before { Thread.current[:user] = basic_user }
-    it 'should not allow access' do
-      expect(controller.access_allowed?).to be false
-    end
-  end
-
-  context 'admin user' do
-    before { Thread.current[:user] = admin_user }
-    it 'should allow access' do
-      expect(controller.access_allowed?).to be true
-    end
-  end
-end