role_up 0.1.0

data/.gitignore

@@ -0,0 +1,16 @@
+.rvmrc
+*.log
+**/*/log/*
+pkg/*
+*.gem
+.bundle
+.DS_Store
+*.sw[o|a|p]
+test/dummy/db/repos/*
+test/dummy/db/*.sqlite3
+doc
+docs
+.yardoc
+test/dummy/tmp/**/*
+test/tmp/**/*
+

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in regulate.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,23 @@
+PATH
+  remote: .
+  specs:
+    role_up (0.1.0)
+      active_support (~> 3.0.0)
+      cancan (~> 1.6.5)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    active_support (3.0.0)
+      activesupport (= 3.0.0)
+    activesupport (3.0.0)
+    cancan (1.6.5)
+    minitest (2.2.2)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.0.0)
+  minitest (~> 2.2.2)
+  role_up!

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Quick Left, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,73 @@
+Role Up
+===========
+Rails 3 engine that adds some real-deal lovin' to `CanCan` authorization.
+
+### Convention
+Authorization definitions with `CanCan` quickly become verbose in complex
+applications. By breaking them up per model and being able to depend on
+a few common extras, we can drastically clean up our code. Let's look at
+the following directory structure...
+
+    - app/
+      - abilities/
+        + widget_ability.rb
+      - controllers/
+      - etc...
+
+As you can see, we've added a new folder to the `app/` directory in our
+project. Here, we'll create an ability file for each of our models that
+need it to define our authorization abilities.
+
+### Ability Files
+Here's an example ability file...
+
+    # app/abilities/widget_ability.rb
+    class WidgetAbility < Ability
+
+      define_rules :widget do |user|
+        can :manage , Widget , :user_id => user.id
+      end
+
+    end
+
+The `define_rules` method accepts a block and yields the current user.
+In this block, the standard `CanCan` ability definitions methods apply. If
+you have a set of standard authorization rules, you can reopen the
+provided `Ability` class and define a `standard_rules` block. Check
+it...
+
+    # app/abilities/ability.rb
+    class Ability
+
+      standard_rules do |user|
+        if user.admin?
+          can :manage , :all
+        end
+      end
+
+    end
+
+Standard rules will get evaluated last, and therefore take highest
+priority.
+
+### Model and Controller Helpers
+The standard `CanCan` helpers apply.
+
+### Setup
+You can configure the class that `RoleUp` will use to authorize with in
+the gem's setup block. The default is `:user`.  You can also pass class
+constants or strings as opposed to a symbol e.g.
+
+    # app/initializers/role_up.rb
+    RoleUp.setup do |config|
+      config.authorization_class = :cool_user # => CoolUser
+      # or
+      config.authorization_class = CoolUser # => CoolUser
+      # or
+      config.authorization_class = "cool_user" # => CoolUser
+      # or
+      config.authorization_class = "my_namespace/cool_user" # => MyNamspace::CoolUser
+      # or
+      config.authorization_class = "MyNamespace::CoolUser" # => MyNamspace::CoolUser
+    end
+

data/Rakefile

@@ -0,0 +1,12 @@
+require 'bundler'
+require 'rake/testtask'
+
+Bundler::GemHelper.install_tasks
+
+desc 'Unit tests.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = true
+end
+task :default => :test

data/lib/role_up.rb

@@ -0,0 +1,19 @@
+require "active_support/core_ext/module/attribute_accessors"
+require "cancan"
+
+module RoleUp
+
+  # Lock 'n Load
+  autoload :Errors , 'role_up/errors'
+  require 'role_up/ability'
+
+  # The class we'll authorize against
+  mattr_accessor :authorization_class
+  @@authorization_class = :user
+
+  # Fancy setup block
+  def self.setup
+    yield self
+  end
+
+end

data/lib/role_up/ability.rb

@@ -0,0 +1,106 @@
+# Requires
+require "active_support/core_ext/class/attribute_accessors"
+require "active_support/core_ext/string/inflections"
+require "cancan/ability"
+
+class ::Ability
+
+  # Attributes
+  attr_reader :authorization_instance
+
+  # Class Attributes
+  cattr_reader :ability_definitions
+  @@ability_definitions = {}
+
+  # Includes
+  include CanCan::Ability
+
+  def initialize( current_authorization_instance = nil , *resources )
+
+    # Load our authorization class
+    if current_authorization_instance
+      @authorization_instance = current_authorization_instance
+    else
+      @authorization_instance = get_new_authorization_instance
+    end
+
+    # Load rules
+    if resources.empty?
+      load_all_rules
+    else
+      load_rules_for! *resources
+    end
+
+  end
+
+  # Class Methods
+
+  def self.define_rules( &rule_set )
+    raise RoleUp::Errors::IncorrectAbilityClassDefinition unless self.to_s =~ /(\w+)Ability$/
+    resource = $1.underscore.to_sym
+    ability_definitions[ resource ] = rule_set
+  end
+
+  def self.standard_rules( &rule_set )
+    ability_definitions[ :__standard ] = rule_set
+  end
+
+  # Instance Methods
+
+  def add_standard_rules_to_resources_hash_if_defined( resources )
+    resources.delete :__standard # just get rid of it - we'll add it back if it's really there
+    resources << :__standard if standard_rules_defined?
+    resources
+  end
+
+  def constantize_authorization_class
+    begin
+      if RoleUp.authorization_class.is_a? Symbol
+        return RoleUp.authorization_class.to_s.camelize.constantize
+      elsif RoleUp.authorization_class.is_a? Class
+        return RoleUp.authorization_class
+      elsif RoleUp.authorization_class.is_a? String
+        return RoleUp.authorization_class.camelize.constantize
+      end
+    rescue
+      raise RoleUp::Errors::BadAuthorizationClass.new "Provided authorization class is malformed :: #{RoleUp.authorization_class}"
+    end
+  end
+
+  def get_new_authorization_instance
+    constantize_authorization_class.new
+  end
+
+  def load_all_rules
+    load_rules_for *self.class.ability_definitions.keys
+  end
+
+  def load_resource_rules( resource )
+    rules_block = self.class.ability_definitions[ resource ]
+    self.instance_exec( authorization_instance , &rules_block )
+  end
+
+  def load_resource_rules!( resource )
+    raise RoleUp::Errors::RulesNotDefinedError.new( "Rules not defined for #{resource}" ) unless rules_defined_for? resource
+    load_resource_rules resource
+  end
+
+  def load_rules_for( *resources )
+    add_standard_rules_to_resources_hash_if_defined resources
+    resources.each { |resource| load_resource_rules resource }
+  end
+
+  def load_rules_for!( *resources )
+    add_standard_rules_to_resources_hash_if_defined resources
+    resources.each { |resource| load_resource_rules! resource }
+  end
+
+  def rules_defined_for?( resource )
+    self.class.ability_definitions.include? resource
+  end
+
+  def standard_rules_defined?
+    rules_defined_for? :__standard
+  end
+
+end

data/lib/role_up/errors.rb

@@ -0,0 +1,7 @@
+module RoleUp
+  module Errors
+    class BadAuthorizationClass           < StandardError; end
+    class IncorrectAbilityClassDefinition < StandardError; end
+    class RulesNotDefinedError            < StandardError; end
+  end
+end

data/lib/role_up/version.rb

@@ -0,0 +1,5 @@
+module RoleUp
+  # Our gem version
+  VERSION = "0.1.0"
+end
+

data/role_up.gemspec

@@ -0,0 +1,29 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "role_up/version"
+
+Gem::Specification.new do |s|
+  s.name        = "role_up"
+  s.version     = RoleUp::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Ryan Cook"]
+  s.email       = ["ryan@quickleft.com"]
+  s.homepage    = "https://github.com/quickleft/role_up"
+  s.summary     = "role_up-#{s.version}"
+  s.description = %q{Rails 3 engine that adds some real-deal lovin' to CanCan authorization.}
+
+  s.rubyforge_project = "role_up"
+
+  # Runtime Dependencies
+  s.add_dependency "active_support"           , "~> 3.0.0"
+  s.add_dependency "cancan"                   , "~> 1.6.5"
+
+  # Development Dependencies
+  s.add_development_dependency "bundler"      , "~> 1.0.0"
+  s.add_development_dependency "minitest"     , "~> 2.2.2"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

data/test/ability_spec_test.rb

@@ -0,0 +1,65 @@
+require "test_helper"
+
+describe Ability do
+
+  describe "Class Level" do
+
+    it "should have a class var to hold our rule procs" do
+      Ability.class_variables.map { |var| var.to_sym }.must_include :@@ability_definitions
+    end
+
+    it "should respond to define_rules" do
+      Ability.must_respond_to :define_rules
+    end
+
+    it "should respond to standard_rules" do
+      Ability.must_respond_to :standard_rules
+    end
+
+  end
+
+  describe "Instance Level" do
+
+    before do
+      @ability = Ability.new( TestUser.new )
+    end
+
+    it "should respond to constantize_authorization_class" do
+      @ability.must_respond_to :constantize_authorization_class
+    end
+
+    it "should respond to get_new_authorization_instance" do
+      @ability.must_respond_to :get_new_authorization_instance
+    end
+
+    it "should respond to load_all_rules" do
+      @ability.must_respond_to :load_all_rules
+    end
+
+    it "should respond to load_resource_rules" do
+      @ability.must_respond_to :load_resource_rules
+    end
+
+    it "should respond to load_resource_rules!" do
+      @ability.must_respond_to :load_resource_rules!
+    end
+
+    it "should respond to load_rules_for" do
+      @ability.must_respond_to :load_rules_for
+    end
+
+    it "should respond to load_rules_for!" do
+      @ability.must_respond_to :load_rules_for!
+    end
+
+    it "should respond to rules_defined_for?" do
+      @ability.must_respond_to :rules_defined_for?
+    end
+
+    it "should respond to standard_rules_defined?" do
+      @ability.must_respond_to :standard_rules_defined?
+    end
+
+  end
+
+end

data/test/ability_test.rb

@@ -0,0 +1,159 @@
+require "test_helper"
+
+class AbilityTest < MiniTest::Unit::TestCase
+
+  def setup
+    reset_ability_class
+  end
+
+  ## add_standard_rules_to_resources_hash_if_defined
+  #
+
+    def test_standard_rules_are_not_added_if_they_dont_exist
+      ability = Ability.new
+      resources = [ :test_widget ]
+      modified_resources_hash = ability.add_standard_rules_to_resources_hash_if_defined resources
+      refute_includes modified_resources_hash , :__standard
+    end
+
+    def test_can_determine_whether_standard_rules_exist_and_add_them_to_resources_hash
+      load_standard_rules
+      ability = Ability.new
+      resources = [ :test_widget ]
+      modified_resources_hash = ability.add_standard_rules_to_resources_hash_if_defined resources
+      assert_includes modified_resources_hash , :__standard
+    end
+
+  ## constantize_authorization_class
+  #
+
+    def test_can_constantize_authorization_class_with_symbol
+      RoleUp.setup do |config|
+        config.authorization_class = :test_user
+      end
+      ability = Ability.new
+      assert_equal TestUser , ability.constantize_authorization_class
+    end
+
+    def test_can_constantize_authorization_class_with_constant
+      RoleUp.setup do |config|
+        config.authorization_class = TestUser
+      end
+      ability = Ability.new
+      assert_equal TestUser , ability.constantize_authorization_class
+    end
+
+    def test_can_constantize_authorization_class_with_constant_when_nested_in_module
+      RoleUp.setup do |config|
+        config.authorization_class = MyModule::TestUser
+      end
+      ability = Ability.new
+      assert_equal MyModule::TestUser , ability.constantize_authorization_class
+    end
+
+    def test_can_constantize_authorization_class_with_underscored_string
+      RoleUp.setup do |config|
+        config.authorization_class = "test_user"
+      end
+      ability = Ability.new
+      assert_equal TestUser , ability.constantize_authorization_class
+    end
+
+    def test_can_constantize_authorization_class_with_classy_string
+      RoleUp.setup do |config|
+        config.authorization_class = "TestUser"
+      end
+      ability = Ability.new
+      assert_equal TestUser , ability.constantize_authorization_class
+    end
+
+    def test_can_constantize_authorization_class_with_underscored_string_when_nested_in_module
+      RoleUp.setup do |config|
+        config.authorization_class = "my_module/test_user"
+      end
+      ability = Ability.new
+      assert_equal MyModule::TestUser , ability.constantize_authorization_class
+    end
+
+    def test_can_constantize_authorization_class_with_classy_string_when_nested_in_module
+      RoleUp.setup do |config|
+        config.authorization_class = "MyModule::TestUser"
+      end
+      ability = Ability.new
+      assert_equal MyModule::TestUser , ability.constantize_authorization_class
+    end
+
+    def test_can_raise_bad_authorization_class_error_when_bad_authorization_class_specified
+      RoleUp.setup do |config|
+        config.authorization_class = :bad_authorization_class!
+      end
+      assert_raises RoleUp::Errors::BadAuthorizationClass do
+        ability = Ability.new
+      end
+    end
+
+  ## get_new_authorization_instance
+  #
+
+    def test_get_new_authorization_instance_returns_instance_of_authorization_class
+      reset_ability_class
+      assert_instance_of TestUser , Ability.new.get_new_authorization_instance
+    end
+
+  ## load_resource_rules
+  #
+
+    def test_can_load_resource_rules
+      ability = Ability.new
+      load_test_widget_2_rules
+      ability.load_resource_rules(:test_widget2)
+      assert ability.can?( :manage , TestWidget2 )
+    end
+
+  ## load_resource_rules!
+  #
+
+    def test_load_resource_rules_with_bad_resource_trows_error
+      ability = Ability.new
+      assert_raises RoleUp::Errors::RulesNotDefinedError do
+        ability.load_resource_rules! :bogus_resource
+      end
+    end
+
+  ## load_rules_for
+  #
+
+    def test_standard_rules_override_other_rules_when_all_are_loaded
+      load_standard_rules
+      ability = Ability.new
+      refute ability.can? :manage , TestWidget
+    end
+
+  ## load_rules_for!
+  #
+
+    def test_standard_rules_override_other_rules_when_resources_are_specified
+      load_standard_rules
+      ability = Ability.new( TestUser.new , :test_widget )
+      refute ability.can? :manage , TestWidget
+    end
+
+  ## rules_defined_for?
+  #
+
+    def test_able_to_check_whether_rules_are_defined_for_a_resource
+      ability = Ability.new
+      assert ability.rules_defined_for? :test_widget
+    end
+
+  ## standard_rules_defined?
+  #
+
+    def test_able_to_check_whether_standard_rules_are_defined
+      load_standard_rules
+      ability = Ability.new
+      assert ability.standard_rules_defined?
+    end
+
+end
+

data/test/role_up_spec_test.rb

@@ -0,0 +1,18 @@
+require "test_helper"
+
+describe RoleUp do
+
+  it "must be a module" do
+    RoleUp.must_be_kind_of Module
+  end
+
+  it "should respond to authorization_class" do
+    RoleUp.must_respond_to :authorization_class
+  end
+
+  it "should respond to setup" do
+    RoleUp.must_respond_to :setup
+  end
+
+end
+

data/test/role_up_test.rb

@@ -0,0 +1,20 @@
+require 'test_helper'
+
+class RoleUpTest < MiniTest::Unit::TestCase
+
+  def test_that_ability_is_loaded
+    assert defined? Ability
+  end
+
+  def test_that_our_errors_are_loadable
+    assert defined? RoleUp::Errors
+  end
+
+  def test_that_role_up_yields_self_on_setup
+    RoleUp.setup do |config|
+      assert_equal RoleUp , config
+    end
+  end
+
+end
+

data/test/support/helper_classes.rb

@@ -0,0 +1,7 @@
+class TestUser; end
+class TestWidget; end
+class TestWidget2; end
+module MyModule
+  class TestUser; end
+end
+

data/test/support/helper_methods.rb

@@ -0,0 +1,38 @@
+def load_standard_rules
+  eval <<-___
+    class Ability
+      standard_rules do |test_user|
+        cannot :manage , TestWidget
+      end
+    end
+  ___
+end
+
+def load_test_widget_rules
+  eval <<-___
+    class TestWidgetAbility < Ability
+      define_rules do |test_user|
+        can :manage , TestWidget
+      end
+    end
+  ___
+end
+
+def load_test_widget_2_rules
+  eval <<-___
+    class TestWidget2Ability < Ability
+      define_rules do |test_user|
+        can :manage , TestWidget2
+      end
+    end
+  ___
+end
+
+def reset_ability_class
+  RoleUp.setup do |config|
+    config.authorization_class = :test_user
+  end
+  Ability.send :class_variable_set , :@@ability_definitions , {}
+  load_test_widget_rules
+end
+

data/test/test_helper.rb

@@ -0,0 +1,12 @@
+require "rubygems"
+require "bundler/setup"
+
+# make sure we're using the minitest gem
+gem "minitest"
+
+require "role_up"
+require "minitest/autorun"
+
+# Load support files
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+

metadata

@@ -0,0 +1,122 @@
+--- !ruby/object:Gem::Specification 
+name: role_up
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.1.0
+platform: ruby
+authors: 
+- Ryan Cook
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-06-02 00:00:00 Z
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: active_support
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 3.0.0
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: cancan
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.6.5
+  type: :runtime
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 1.0.0
+  type: :development
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: minitest
+  prerelease: false
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: 2.2.2
+  type: :development
+  version_requirements: *id004
+description: Rails 3 engine that adds some real-deal lovin' to CanCan authorization.
+email: 
+- ryan@quickleft.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gemtest
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- lib/role_up.rb
+- lib/role_up/ability.rb
+- lib/role_up/errors.rb
+- lib/role_up/version.rb
+- role_up.gemspec
+- test/ability_spec_test.rb
+- test/ability_test.rb
+- test/role_up_spec_test.rb
+- test/role_up_test.rb
+- test/support/helper_classes.rb
+- test/support/helper_methods.rb
+- test/test_helper.rb
+homepage: https://github.com/quickleft/role_up
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: role_up
+rubygems_version: 1.7.2
+signing_key: 
+specification_version: 3
+summary: role_up-0.1.0
+test_files: 
+- test/ability_spec_test.rb
+- test/ability_test.rb
+- test/role_up_spec_test.rb
+- test/role_up_test.rb
+- test/support/helper_classes.rb
+- test/support/helper_methods.rb
+- test/test_helper.rb