rolify 4.0.0 → 4.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5b9f204d757588d80887b2193a4eb9ea1b0fd471
-  data.tar.gz: 97030122590f294b06b595af6edc1dec44d13176
+  metadata.gz: edae47a21706d1859520df05876acf68d95c0d48
+  data.tar.gz: 09dbd84321d04321d1ef889db0911fa86f1ccbe4
 SHA512:
-  metadata.gz: 75dc73295700924357b77c4359f43939c3e44d0857015f7f30dc26e4f06c99e1667f7767977e1a9bb332028ee177cab6ba860538a4d1dd640da5175246989a68
-  data.tar.gz: 01e0a0874a8ded544155535b4b9cff68f643b20fce6e71e21615ef7c4a5f7ca47b68e4b6ea9de34ec13af5e51bce6fb781f52351483ede4e05e152f21a662c5e
+  metadata.gz: 910c97443cd78a0386a36f2d6645708c7f6eadf5b84815ca51f8b1cbd39f4a6e1236a16688c37ef99a48234deb44a25c684e7852ce146f7d0e75cc22817a841c
+  data.tar.gz: 4525bec755d35bb470d364088bdfe2c7f2a39b61cf140944363518ed5626de9f4c438c088d432002a7b41edc750dccc7a032b94f76d075d068f0770b762223cb

data/.gitignore

@@ -8,3 +8,4 @@ coverage/*
 log*/*
 .rbx/*
 .rspec
+*.swp

data/CHANGELOG.rdoc

@@ -1,3 +1,9 @@
+= 4.1.0 (Aug 04, 2015)
+* added `without_role` method for resources and classes
+* fix `has_role?` with :any and an unsaved user
+* rename the `with_role` method on a resource to `find_as`
+* add a strict parameter to check only roles that were set without supers.
+
 = 4.0.0 (Feb 12, 2015)
 * Increasing version number to 4.0.0 for semantic versioning since `has_role` was removed in 3.5.0
 * Fix spec to pass.

data/README.md

@@ -1,12 +1,11 @@
 # rolify [![Gem Version](https://badge.fury.io/rb/rolify.svg)](http://badge.fury.io/rb/rolify) [![build status](https://secure.travis-ci.org/RolifyCommunity/rolify.png)](http://travis-ci.org/RolifyCommunity/rolify) [![Dependency Status](https://gemnasium.com/RolifyCommunity/rolify.svg)](https://gemnasium.com/RolifyCommunity/rolify) [![Code Climate](https://codeclimate.com/github/RolifyCommunity/rolify.png)](https://codeclimate.com/github/RolifyCommunity/rolify) [![Coverage Status](https://img.shields.io/coveralls/RolifyCommunity/rolify.svg)](https://coveralls.io/r/RolifyCommunity/rolify?branch=master)
 
-
 Very simple Roles library without any authorization enforcement supporting scope on resource object.
 
-Let's see an example: 
+Let's see an example:
 
 ```ruby
-user.has_role?(:moderator, Forum.first) 
+user.has_role?(:moderator, Forum.first)
 => false # if user is moderator of another Forum
 ```
 
@@ -23,7 +22,7 @@ This library can be easily integrated with any authentication gem ([devise](http
 
 ## Installation
 
-In <b>Rails 3</b>, add this to your Gemfile and run the +bundle+ command.
+Add this to your Gemfile and run the +bundle+ command.
 
 ```ruby
 gem "rolify"
@@ -119,7 +118,7 @@ That's it !
 
 ### 5. Role queries
 
-To check if a user has a global role: 
+To check if a user has a global role:
 
 ```ruby
 user = User.find(1)
@@ -152,7 +151,7 @@ user.has_role? :moderator, Forum.last
 => true
 ```
 
-A global role overrides resource role request: 
+A global role overrides resource role request:
 
 ```ruby
 user = User.find(4)
@@ -163,7 +162,7 @@ user.has_role? :moderator, Forum.last
 => true
 ```
 
-### 6. Resource roles querying 
+### 6. Resource roles querying
 
 Starting from rolify 3.0, you can search roles on instance level or class level resources.
 
@@ -181,10 +180,10 @@ forum.applied_roles
 
 ```ruby
 Forum.with_role(:admin)
-# => [ list of Forum instances that has role "admin" binded to it ] 
+# => [ list of Forum instances that has role "admin" binded to it ]
 Forum.with_role(:admin, current_user)
 # => [ list of Forum instances that has role "admin" binded to it and belongs to current_user roles ]
-Forum.with_roles([:admin, :user], current_user)
+Forum.with_all_roles([:admin, :user], current_user)
 # => [ list of Forum instances that has role "admin" or "user" binded to it and belongs to current_user roles ]
 
 User.with_any_role(:user, :admin)
@@ -202,12 +201,30 @@ Forum.find_roles(:admin, current_user)
 # => [ list of roles that binded to any Forum instance or to the Forum class with "admin" as a role name and belongs to current_user roles ]
 ```
 
+### Strict Mode
+
+```ruby
+class User < ActiveRecord::Base
+  rolify strict: true
+end
+
+@user = User.first
+
+@user.add_role(:forum, Forum)
+@user.add_role(:forum, Forum.first)
+
+@user.has_role?(:forum, Forum) #=> true
+@user.has_role?(:forum, Forum.first) #=> true
+@user.has_role?(:forum, Forum.last) #=> false
+```
+I.e. you get true only on a role that you manually add.
+
 ## Resources
 
 * [Wiki](https://github.com/RolifyCommunity/rolify/wiki)
 * [Usage](https://github.com/RolifyCommunity/rolify/wiki/Usage): all the available commands
 * [Tutorials](https://github.com/RolifyCommunity/rolify/wiki#wiki-tutorials):
-  * [How-To use rolify with Devise and CanCan](https://github.com/RolifyCommunity/rolify/wiki/Tutorial)
+  * [How-To use rolify with Devise and CanCanCan](https://github.com/RolifyCommunity/rolify/wiki/Devise---CanCanCan---rolify-Tutorial)
   * [Using rolify with Devise and Authority](https://github.com/RolifyCommunity/rolify/wiki/Using-rolify-with-Devise-and-Authority)
   * [Step-by-step tutorial](http://railsapps.github.com/tutorial-rails-bootstrap-devise-cancan.html) provided by [RailsApps](http://railsapps.github.com/)
 

data/lib/generators/active_record/rolify_generator.rb

@@ -13,6 +13,15 @@ module ActiveRecord
       end
 
       def inject_role_class
+        if args[1]=="engine"
+          if args[2]=="devise"
+            require 'devise'
+            require "#{ENGINE_ROOT}/config/initializers/devise.rb"
+            require "#{ENGINE_ROOT}/app/models/#{user_cname.downcase}.rb"
+          else
+            require "#{ENGINE_ROOT}/app/models/#{user_cname.downcase}.rb"
+          end
+        end
         inject_into_class(model_path, class_name, model_content)
       end
 

data/lib/rolify.rb

@@ -8,7 +8,7 @@ require 'rolify/role'
 module Rolify
   extend Configure
 
-  attr_accessor :role_cname, :adapter, :role_join_table_name, :role_table_name
+  attr_accessor :role_cname, :adapter, :resource_adapter, :role_join_table_name, :role_table_name, :strict_rolify
   @@resource_types = []
 
   def rolify(options = {})
@@ -31,6 +31,9 @@ module Rolify
 
     self.adapter = Rolify::Adapter::Base.create("role_adapter", self.role_cname, self.name)
     load_dynamic_methods if Rolify.dynamic_shortcuts
+
+    #use strict roles
+    self.strict_rolify = true if options[:strict]
   end
 
   def adapter
@@ -48,10 +51,15 @@ module Rolify
 
     has_many association_name, resourcify_options
 
-    self.adapter = Rolify::Adapter::Base.create("resource_adapter", self.role_cname, self.name)
+    self.resource_adapter = Rolify::Adapter::Base.create("resource_adapter", self.role_cname, self.name)
     @@resource_types << self.name
   end
 
+  def resource_adapter
+    return self.superclass.resource_adapter unless self.instance_variable_defined? '@resource_adapter'
+    @resource_adapter
+  end
+
   def scopify
     require "rolify/adapters/#{Rolify.orm}/scopes.rb"
     extend Rolify::Adapter::Scopes
@@ -65,4 +73,5 @@ module Rolify
   def self.resource_types
     @@resource_types
   end
+
 end

data/lib/rolify/adapters/active_record/resource_adapter.rb

@@ -37,6 +37,11 @@ module Rolify
         end
       end
 
+      def all_except(resource, excluded_obj)
+        prime_key = resource.primary_key.to_sym
+        resource.where(prime_key => (resource.all - excluded_obj).map(&prime_key))
+      end
+
       private
 
       def quote(column)

data/lib/rolify/adapters/active_record/role_adapter.rb

@@ -8,6 +8,16 @@ module Rolify
         relation.where(conditions, *values)
       end
 
+      def where_strict(relation, args)
+        resource = if args[:resource].is_a?(Class)
+                     {class: args[:resource].to_s, id: nil}
+                   else
+                     {class: args[:resource].class.name, id: args[:resource].id}
+                   end
+
+        relation.where(:name => args[:name], :resource_type => resource[:class], :resource_id => resource[:id])
+      end
+
       def find_or_create_by(role_name, resource_type = nil, resource_id = nil)
         role_class.where(:name => role_name, :resource_type => resource_type, :resource_id => resource_id).first_or_create
       end
@@ -45,6 +55,11 @@ module Rolify
         query
       end
 
+      def all_except(user, excluded_obj)
+        prime_key = user.primary_key.to_sym
+        user.where(prime_key => (user.all - excluded_obj).map(&prime_key))
+      end
+
       private
 
       def build_conditions(relation, args)

data/lib/rolify/adapters/base.rb

@@ -59,6 +59,7 @@ module Rolify
       def in(resources, roles)
         raise NotImplementedError.new("You must implement in")
       end
+
     end
   end
 end

data/lib/rolify/adapters/mongoid/resource_adapter.rb

@@ -39,6 +39,10 @@ module Rolify
         end
       end
 
+      def all_except(resource, excluded_obj)
+        resource.not_in(_id: excluded_obj.to_a)
+      end
+
     end
   end
 end

data/lib/rolify/adapters/mongoid/role_adapter.rb

@@ -8,6 +8,16 @@ module Rolify
         relation.any_of(*conditions)
       end
 
+      def where_strict(relation, args)
+        resource = if args[:resource].is_a?(Class)
+                     {class: args[:resource].to_s, id: nil}
+                   else
+                     {class: args[:resource].class.name, id: args[:resource].id}
+                   end
+
+          relation.where(:name => args[:name], :resource_type => resource[:class], :resource_id => resource[:id])
+      end
+
       def find_or_create_by(role_name, resource_type = nil, resource_id = nil)
         self.role_class.find_or_create_by(:name => role_name,
                                           :resource_type => resource_type,
@@ -58,6 +68,10 @@ module Rolify
         query
       end
 
+      def all_except(user, excluded_obj)
+        user.not_in(_id: excluded_obj.to_a)
+      end
+
       private
 
       def build_conditions(relation, args)

data/lib/rolify/configure.rb

@@ -52,13 +52,13 @@ module Rolify
     private
 
     def sanity_check(role_cnames)
-      return true if "assets:precompile"==ARGV[0]
+      return true if (ARGV[0] =~ /assets:/) == 0
 
       role_cnames = [ "Role" ] if role_cnames.empty?
       role_cnames.each do |role_cname|
         role_class = role_cname.constantize
         if role_class.superclass.to_s == "ActiveRecord::Base" && role_table_missing?(role_class)
-          warn "[WARN] table '#{role_cname}' doesn't exist. Did you run the migration ? Ignoring rolify config."
+          warn "[WARN] table '#{role_cname}' doesn't exist. Did you run the migration? Ignoring rolify config."
           return false
         end
       end

data/lib/rolify/dynamic.rb

@@ -1,8 +1,19 @@
+require "rolify/configure"
+
 module Rolify
   module Dynamic
     def load_dynamic_methods
-      self.role_class.all.each do |r|
-        define_dynamic_method(r.name, r.resource)
+      if ENV['ADAPTER'] == 'mongoid'
+        # for compatibility with MongoidDB - does not support polymorphic includes
+        self.role_class.all.each do |r|
+          define_dynamic_method(r.name, r.resource)
+        end
+      else
+        # otherwise should be able to support polymorphic includes.
+        # supported Rails version >= 3.2 with AR should use find_each, since use of .all.each is deprecated
+        self.role_class.includes(:resource).find_each do |r|
+          define_dynamic_method(r.name, r.resource)
+        end
       end
     end
 
@@ -18,4 +29,4 @@ module Rolify
       end
     end
   end
-end
+end

data/lib/rolify/finders.rb

@@ -4,6 +4,10 @@ module Rolify
       self.adapter.scope(self, :name => role_name, :resource => resource)
     end
 
+    def without_role(role_name, resource = nil)
+      self.adapter.all_except(self, self.with_role(role_name, resource))
+    end
+
     def with_all_roles(*args)
       users = []
       parse_args(args, users) do |users_to_add|

data/lib/rolify/resource.rb

@@ -6,7 +6,7 @@ module Rolify
 
     module ClassMethods
       def find_roles(role_name = nil, user = nil)
-        self.adapter.find_roles(role_name, self, user)
+        self.resource_adapter.find_roles(role_name, self, user)
       end
 
       def with_role(role_name, user = nil)
@@ -16,14 +16,29 @@ module Rolify
           role_name = role_name.to_s
         end
 
-        resources = self.adapter.resources_find(self.role_table_name, self, role_name) #.map(&:id)
-        user ? self.adapter.in(resources, user, role_name) : resources
+        resources = self.resource_adapter.resources_find(self.role_table_name, self, role_name) #.map(&:id)
+        user ? self.resource_adapter.in(resources, user, role_name) : resources
       end
       alias :with_roles :with_role
+      alias :find_as :with_role 
+      alias :find_multiple_as :with_role
+
+
+      def without_role(role_name, user = nil)
+        self.resource_adapter.all_except(self, self.find_as(role_name, user))
+      end
+      alias :without_roles :without_role
+      alias :except_as :without_role 
+      alias :except_multiple_as :without_role 
+
+
 
       def applied_roles(children = true)
-        self.adapter.applied_roles(self, children)
+        self.resource_adapter.applied_roles(self, children)
       end
+
+
+      
     end
 
     def applied_roles

data/lib/rolify/role.rb

@@ -23,8 +23,15 @@ module Rolify
     alias_method :grant, :add_role
 
     def has_role?(role_name, resource = nil)
+      return has_strict_role?(role_name, resource) if self.class.strict_rolify and resource and resource != :any
+
       if new_record?
-        role_array = self.roles.detect { |r| r.name.to_s == role_name.to_s && (r.resource == resource || resource.nil?) }
+        role_array = self.roles.detect { |r|
+          r.name.to_s == role_name.to_s &&
+            (r.resource == resource ||
+             resource.nil? ||
+             (resource == :any && r.resource.present?))
+        }
       else
         role_array = self.class.adapter.where(self.roles, name: role_name, resource: resource)
       end
@@ -33,6 +40,10 @@ module Rolify
       role_array != []
     end
 
+    def has_strict_role?(role_name, resource)
+      self.class.adapter.where_strict(self.roles, name: role_name, resource: resource).any?
+    end
+
     def has_all_roles?(*args)
       args.each do |arg|
         if arg.is_a? Hash

data/lib/rolify/version.rb

@@ -1,3 +1,3 @@
 module Rolify
-  VERSION = "4.0.0"
+  VERSION = "4.1.0"
 end

data/spec/rolify/config_spec.rb

@@ -57,7 +57,7 @@ describe Rolify do
         
         subject { Forum }
         
-        its("adapter.class") { should be(Rolify::Adapter::ResourceAdapter) }
+        its("resource_adapter.class") { should be(Rolify::Adapter::ResourceAdapter) }
       end
     end
 
@@ -88,7 +88,7 @@ describe Rolify do
 
           subject { Forum }
 
-          its("adapter.class") { should be(Rolify::Adapter::ResourceAdapter) }
+          its("resource_adapter.class") { should be(Rolify::Adapter::ResourceAdapter) }
         end
       end
       
@@ -118,7 +118,7 @@ describe Rolify do
 
           subject { Forum }
 
-          its("adapter.class") { should be(Rolify::Adapter::ResourceAdapter) }
+          its("resource_adapter.class") { should be(Rolify::Adapter::ResourceAdapter) }
         end
       end
     end
@@ -184,7 +184,7 @@ describe Rolify do
 
       subject { Forum }
       it { should satisfy { |u| u.include? Rolify::Resource }}
-      its("adapter.class") { should be(Rolify::Adapter::ResourceAdapter) }
+      its("resource_adapter.class") { should be(Rolify::Adapter::ResourceAdapter) }
     end
   end
 end

data/spec/rolify/coverage/.last_run.json

@@ -0,0 +1,5 @@
+{
+  "result": {
+    "covered_percent": 100.0
+  }
+}

data/spec/rolify/coverage/.resultset.json

@@ -0,0 +1,7 @@
+{
+  "RSpec": {
+    "coverage": {
+    },
+    "timestamp": 1427836082
+  }
+}

data/spec/rolify/resource_spec.rb

@@ -27,7 +27,7 @@ describe Rolify::Resource do
   let!(:player_role)     { captain.add_role(:player, Team.last) }
   let!(:company_role)    { admin.add_role(:owner, Company.first) }
 
-  describe ".with_roles" do
+  describe ".find_multiple_as" do
     subject { Group }
 
     it { should respond_to(:find_roles).with(1).arguments }
@@ -38,15 +38,15 @@ describe Rolify::Resource do
         subject { Forum }
 
         it "should include Forum instances with forum role" do
-          subject.with_role(:forum).should =~ [ Forum.first, Forum.last ]
+          subject.find_as(:forum).should =~ [ Forum.first, Forum.last ]
         end
 
         it "should include Forum instances with godfather role" do
-          subject.with_role(:godfather).should =~ Forum.all.to_a
+          subject.find_as(:godfather).should =~ Forum.all
         end
 
         it "should be able to modify the resource", :if => ENV['ADAPTER'] == 'active_record' do
-          forum_resource = subject.with_role(:forum).first
+          forum_resource = subject.find_as(:forum).first
           forum_resource.name = "modified name"
           expect { forum_resource.save }.not_to raise_error
         end
@@ -56,7 +56,7 @@ describe Rolify::Resource do
         subject { Group }
 
         it "should include Group instances with group role" do
-          subject.with_role(:group).should =~ [ Group.last ]
+          subject.find_as(:group).should =~ [ Group.last ]
         end
       end
 
@@ -64,7 +64,7 @@ describe Rolify::Resource do
         subject { Group.last }
 
         it "should ignore nil entries" do
-          subject.subgroups.with_role(:group).should =~ [ ]
+          subject.subgroups.find_as(:group).should =~ [ ]
         end
       end
     end
@@ -74,7 +74,7 @@ describe Rolify::Resource do
         subject { Group }
 
         it "should include Group instances with both group and grouper roles" do
-          subject.with_roles([:group, :grouper]).should =~ [ Group.first, Group.last ]
+          subject.find_multiple_as([:group, :grouper]).should =~ [ Group.first, Group.last ]
         end
       end
     end
@@ -84,27 +84,27 @@ describe Rolify::Resource do
         subject { Forum }
 
         it "should get all Forum instances binded to the forum role and the admin user" do
-          subject.with_role(:forum, admin).should =~ [ Forum.first ]
+          subject.find_as(:forum, admin).should =~ [ Forum.first ]
         end
 
         it "should get all Forum instances binded to the forum role and the tourist user" do
-          subject.with_role(:forum, tourist).should =~ [ Forum.last ]
+          subject.find_as(:forum, tourist).should =~ [ Forum.last ]
         end
 
         it "should get all Forum instances binded to the godfather role and the admin user" do
-          subject.with_role(:godfather, admin).should =~ Forum.all.to_a
+          subject.find_as(:godfather, admin).should =~ Forum.all.to_a
         end
 
         it "should get all Forum instances binded to the godfather role and the tourist user" do
-          subject.with_role(:godfather, tourist).should be_empty
+          subject.find_as(:godfather, tourist).should be_empty
         end
 
         it "should get Forum instances binded to the group role and the tourist user" do
-          subject.with_role(:group, tourist).should =~ [ Forum.first ]
+          subject.find_as(:group, tourist).should =~ [ Forum.first ]
         end
 
         it "should not get Forum instances not binded to the group role and the tourist user" do
-          subject.with_role(:group, tourist).should_not include(Forum.last)
+          subject.find_as(:group, tourist).should_not include(Forum.last)
         end
       end
 
@@ -112,11 +112,11 @@ describe Rolify::Resource do
         subject { Group }
 
         it "should get all resources binded to the group role and the admin user" do
-          subject.with_role(:group, admin).should =~ [ Group.last ]
+          subject.find_as(:group, admin).should =~ [ Group.last ]
         end
 
         it "should not get resources not binded to the group role and the admin user" do
-          subject.with_role(:group, admin).should_not include(Group.first)
+          subject.find_as(:group, admin).should_not include(Group.first)
         end
       end
     end
@@ -126,7 +126,7 @@ describe Rolify::Resource do
         subject { Forum }
 
         it "should get Forum instances binded to the forum and group roles and the tourist user" do
-          subject.with_roles([:forum, :group], tourist).should =~ [ Forum.first, Forum.last ]
+          subject.find_multiple_as([:forum, :group], tourist).should =~ [ Forum.first, Forum.last ]
         end
 
       end
@@ -135,7 +135,7 @@ describe Rolify::Resource do
         subject { Group }
 
         it "should get Group instances binded to the group and grouper roles and the admin user" do
-          subject.with_roles([:group, :grouper], admin).should =~ [ Group.first, Group.last ]
+          subject.find_multiple_as([:group, :grouper], admin).should =~ [ Group.first, Group.last ]
         end
 
       end
@@ -145,14 +145,138 @@ describe Rolify::Resource do
       subject { Team }
 
       it "should find Team instance using team_code column" do
-        subject.with_roles([:captain, :player], captain).should =~ [ Team.first, Team.last ]
+        subject.find_multiple_as([:captain, :player], captain).should =~ [ Team.first, Team.last ]
       end
     end
 
     context "with a resource using STI" do
       subject { Organization }
       it "should find instances of children classes" do
-        subject.with_roles(:owner, admin).should =~ [ Company.first ]
+        subject.find_multiple_as(:owner, admin).should =~ [ Company.first ]
+      end
+    end
+  end
+
+
+  describe ".except_multiple_as" do
+    subject { Group }
+
+    it { should respond_to(:find_roles).with(1).arguments }
+    it { should respond_to(:find_roles).with(2).arguments }
+
+    context "with a role name as argument" do
+      context "on the Forum class" do
+        subject { Forum }
+
+        it "should not include Forum instances with forum role" do
+          subject.except_as(:forum).should_not =~ [ Forum.first, Forum.last ]
+        end
+
+        it "should not include Forum instances with godfather role" do
+          subject.except_as(:godfather).should be_empty
+        end
+
+        it "should be able to modify the resource", :if => ENV['ADAPTER'] == 'active_record' do
+          forum_resource = subject.except_as(:forum).first
+          forum_resource.name = "modified name"
+          expect { forum_resource.save }.not_to raise_error
+        end
+      end
+
+      context "on the Group class" do
+        subject { Group }
+
+        it "should not include Group instances with group role" do
+          subject.except_as(:group).should_not =~ [ Group.last ]
+        end
+      end
+
+    end
+
+    context "with an array of role names as argument" do
+      context "on the Group class" do
+        subject { Group }
+
+        it "should include Group instances without either the group and grouper roles" do
+          subject.except_multiple_as([:group, :grouper]).should_not =~ [ Group.first, Group.last ]
+        end
+      end
+    end
+
+    context "with a role name and a user as arguments" do
+      context "on the Forum class" do
+        subject { Forum }
+
+        it "should get all Forum instances the admin user does not have the forum role" do
+          subject.except_as(:forum, admin).should_not =~ [ Forum.first ]
+        end
+
+        it "should get all Forum instances the tourist user does not have the forum role" do
+          subject.except_as(:forum, tourist).should_not =~ [ Forum.last ]
+        end
+
+        it "should get all Forum instances the admin user does not have the godfather role" do
+          subject.except_as(:godfather, admin).should_not =~ Forum.all
+        end
+
+        it "should get all Forum instances tourist user does not have the godfather role" do
+          subject.except_as(:godfather, tourist).should =~ Forum.all
+        end
+
+        it "should get Forum instances the tourist user does not have the group role" do
+          subject.except_as(:group, tourist).should_not =~ [ Forum.first ]
+        end
+
+        it "should get Forum instances the tourist user does not have the group role" do
+          subject.except_as(:group, tourist).should_not =~ [ Forum.first ]
+        end
+      end
+
+      context "on the Group class" do
+        subject { Group }
+
+        it "should get all resources not bounded to the group role and the admin user" do
+          subject.except_as(:group, admin).should =~ [ Group.first ]
+        end
+
+        it "should not get resources bound to the group role and the admin user" do
+          subject.except_as(:group, admin).should include(Group.first)
+        end
+      end
+    end
+
+    context "with an array of role names and a user as arguments" do
+      context "on the Forum class" do
+        subject { Forum }
+
+        it "should get Forum instances not bound to the forum and group roles and the tourist user" do
+          subject.except_multiple_as([:forum, :group], tourist).should_not =~ [ Forum.first, Forum.last ]
+        end
+
+      end
+
+      context "on the Group class" do
+        subject { Group }
+
+        it "should get Group instances binded to the group and grouper roles and the admin user" do
+          subject.except_multiple_as([:group, :grouper], admin).should =~ [ ]
+        end
+
+      end
+    end
+
+    context "with a model not having ID column" do
+      subject { Team }
+
+      it "should find Team instance not using team_code column" do
+        subject.except_multiple_as(:captain, captain).should =~ [ Team.last ]
+      end
+    end
+
+    context "with a resource using STI" do
+      subject { Organization }
+      it "should exclude instances of children classes with matching" do
+        subject.except_as(:owner, admin).should_not =~ [ Company.first ]
       end
     end
   end
@@ -404,6 +528,7 @@ describe Rolify::Resource do
     end
   end
 
+
   describe '.resource_types' do
 
     it 'include all models that call resourcify' do
@@ -411,4 +536,36 @@ describe Rolify::Resource do
                                           "Team", "Organization")
     end
   end
+
+
+  describe "#strict" do
+    context "strict user" do
+      before(:all) do
+        @strict_user = StrictUser.first
+        @strict_user.add_role(:forum, Forum.first)
+        @strict_user.add_role(:forum, Forum)
+      end
+
+      it "should return only strict forum" do
+        @strict_user.has_role?(:forum, Forum.first).should be true
+      end
+
+      it "should return false on strict another forum" do
+        @strict_user.has_role?(:forum, Forum.last).should be false
+      end
+
+      it "should return true if user has role on Forum model" do
+        @strict_user.has_role?(:forum, Forum).should be true
+      end
+
+      it "should return true if user has role any forum name" do
+        @strict_user.has_role?(:forum, :any).should be true
+      end
+
+      it "should return false when deleted role on Forum model" do
+        @strict_user.remove_role(:forum, Forum)
+        @strict_user.has_role?(:forum, Forum).should be false
+      end
+    end
+  end
 end

data/spec/rolify/shared_examples/shared_examples_for_finders.rb

@@ -49,6 +49,56 @@ shared_examples_for :finders do |param_name, param_method|
       end
     end
 
+    describe ".without_role" do
+      it { should respond_to(:without_role).with(1).argument }
+      it { should respond_to(:without_role).with(2).arguments }
+
+      context "with a global role" do
+        it { subject.without_role("admin".send(param_method)).should_not eq([ root ]) }
+        it { subject.without_role("moderator".send(param_method)).should_not be_empty }
+        it { subject.without_role("visitor".send(param_method)).should_not be_empty }
+      end
+
+      context "with a class scoped role" do
+        context "on Forum class" do
+          it { subject.without_role("admin".send(param_method), Forum).should_not eq([ root ]) }
+          it { subject.without_role("moderator".send(param_method), Forum).should_not eq([ modo ]) }
+          it { subject.without_role("visitor".send(param_method), Forum).should_not be_empty }
+        end
+
+        context "on Group class" do
+          it { subject.without_role("admin".send(param_method), Group).should_not eq([ root ]) }
+          it { subject.without_role("moderator".send(param_method), Group).should_not eq([ root ]) }
+          it { subject.without_role("visitor".send(param_method), Group).should_not be_empty }
+        end
+      end
+
+      context "with an instance scoped role" do
+        context "on Forum.first instance" do
+          it { subject.without_role("admin".send(param_method), Forum.first).should_not eq([ root ]) }
+          it { subject.without_role("moderator".send(param_method), Forum.first).should_not eq([ modo ]) }
+          it { subject.without_role("visitor".send(param_method), Forum.first).should_not be_empty }
+        end
+
+        context "on Forum.last instance" do
+          it { subject.without_role("admin".send(param_method), Forum.last).should_not eq([ root ]) }
+          it { subject.without_role("moderator".send(param_method), Forum.last).should_not eq([ modo ]) }
+          it { subject.without_role("visitor".send(param_method), Forum.last).should_not include(root, visitor) } # =~ doesn't pass using mongoid, don't know why...
+        end
+
+        context "on Group.first instance" do
+          it { subject.without_role("admin".send(param_method), Group.first).should_not eq([ root ]) }
+          it { subject.without_role("moderator".send(param_method), Group.first).should_not eq([ root ]) }
+          it { subject.without_role("visitor".send(param_method), Group.first).should_not eq([ modo ]) }
+        end
+
+        context "on Company.first_instance" do
+          it { subject.without_role("owner".send(param_method), Company.first).should_not eq([ owner ]) }
+        end
+      end
+    end
+    
+
     describe ".with_all_roles" do
       it { should respond_to(:with_all_roles) }
 

data/spec/rolify/shared_examples/shared_examples_for_has_role.rb

@@ -79,6 +79,11 @@ shared_examples_for "#has_role?_examples" do |param_name, param_method|
       context "on instance scoped role request" do
         it { subject.has_role?("moderator".send(param_method), Forum.first).should be_truthy }
         it { subject.has_role?("moderator".send(param_method), :any).should be_truthy }
+        it {
+          m = subject.class.new
+          m.add_role("moderator", Forum.first)
+          m.has_role?("moderator".send(param_method), :any).should be_truthy
+        }
       end
 
       it "should not get an instance scoped role when asking for a global" do
@@ -132,4 +137,4 @@ shared_examples_for "#has_role?_examples" do |param_name, param_method|
       end
     end
   end
-end
+end

data/spec/rolify/shared_examples/shared_examples_for_roles.rb

@@ -7,6 +7,7 @@ require "rolify/shared_examples/shared_examples_for_has_any_role"
 require "rolify/shared_examples/shared_examples_for_remove_role"
 require "rolify/shared_examples/shared_examples_for_finders"
 
+
 shared_examples_for Rolify::Role do
   before(:all) do
     reset_defaults

data/spec/support/adapters/active_record.rb

@@ -13,11 +13,18 @@ end
 
 class Role < ActiveRecord::Base
   has_and_belongs_to_many :users, :join_table => :users_roles
+  has_and_belongs_to_many :strict_users, :join_table => :strict_users_roles
+
   belongs_to :resource, :polymorphic => true
 
   extend Rolify::Adapter::Scopes
 end
 
+# Strict user and role classes
+class StrictUser < ActiveRecord::Base
+  rolify strict: true
+end
+
 # Resourcifed and rolifed at the same time
 class HumanResource < ActiveRecord::Base
   resourcify :resources

data/spec/support/adapters/mongoid.rb

@@ -18,9 +18,18 @@ class User
   field :login, :type => String
 end
 
+# Standard user and role classes
+class StrictUser
+  include Mongoid::Document
+  rolify strict: true
+
+  field :login, :type => String
+end
+
 class Role
   include Mongoid::Document
   has_and_belongs_to_many :users
+  has_and_belongs_to_many :strict_users
   belongs_to :resource, :polymorphic => true
 
   field :name, :type => String
@@ -148,4 +157,4 @@ end
 
 class Company < Organization
 
-end
+end

data/spec/support/data.rb

@@ -1,7 +1,7 @@
 # Users
-[ User, Customer, Admin::Moderator ].each do |user|
+[ User, Customer, Admin::Moderator, StrictUser ].each do |user|
   user.destroy_all
-  
+
   user.create(:login => "admin")
   user.create(:login => "moderator")
   user.create(:login => "god")
@@ -25,4 +25,4 @@ Team.create(:team_code => "1", :name => "PSG")
 Team.create(:team_code => "2", :name => "MU")
 
 Organization.create
-Company.create
+Company.create

data/spec/support/schema.rb

@@ -10,7 +10,7 @@ ActiveRecord::Schema.define do
     end
   end
 
-  [ :users, :human_resources, :customers, :admin_moderators ].each do |table|
+  [ :users, :human_resources, :customers, :admin_moderators, :strict_users ].each do |table|
     create_table(table) do |t|
       t.string :login
     end
@@ -21,6 +21,11 @@ ActiveRecord::Schema.define do
     t.references :role
   end
 
+  create_table(:strict_users_roles, :id => false) do |t|
+    t.references :strict_user
+    t.references :role
+  end
+
   create_table(:human_resources_roles, :id => false) do |t|
     t.references :human_resource
     t.references :role

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rolify
 version: !ruby/object:Gem::Version
-  version: 4.0.0
+  version: 4.1.0
 platform: ruby
 authors:
 - Florent Monbillard
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-12 00:00:00.000000000 Z
+date: 2015-08-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ammeter
@@ -84,7 +84,6 @@ files:
 - README.md
 - Rakefile
 - UPGRADE.rdoc
-- circle.yml
 - gemfiles/Gemfile.rails-3.2
 - gemfiles/Gemfile.rails-4.0
 - gemfiles/Gemfile.rails-4.1
@@ -122,6 +121,9 @@ files:
 - spec/generators/rolify/rolify_mongoid_generator_spec.rb
 - spec/generators_helper.rb
 - spec/rolify/config_spec.rb
+- spec/rolify/coverage/.last_run.json
+- spec/rolify/coverage/.resultset.json
+- spec/rolify/coverage/.resultset.json.lock
 - spec/rolify/custom_spec.rb
 - spec/rolify/matchers_spec.rb
 - spec/rolify/namespace_spec.rb
@@ -167,7 +169,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: rolify
-rubygems_version: 2.2.2
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
 summary: Roles library with resource scoping
@@ -177,6 +179,9 @@ test_files:
 - spec/generators/rolify/rolify_mongoid_generator_spec.rb
 - spec/generators_helper.rb
 - spec/rolify/config_spec.rb
+- spec/rolify/coverage/.last_run.json
+- spec/rolify/coverage/.resultset.json
+- spec/rolify/coverage/.resultset.json.lock
 - spec/rolify/custom_spec.rb
 - spec/rolify/matchers_spec.rb
 - spec/rolify/namespace_spec.rb

data/circle.yml

@@ -1,13 +0,0 @@
-machine:
-  ruby:
-    version: 2.1.3
-  environment:
-    CODECLIMATE_REPO_TOKEN: 6bd8d374b120a5449b9a4b7dfda40cc0609dbade48a1b6655f04a9bc8de3a3ee
-    ADAPTER: active_record
-    ADAPTER: mongoid
-dependencies:
-  pre:
-    - gem install bundler
-test:
-  override:
-    - bundle exec rake:spec_all