rspec-authorization 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d32c0f50faa40a57496f87a21d5ec3cdbf538f01
-  data.tar.gz: 4ad22903e43240efdf66a025c70d9812bb97c8a2
+  metadata.gz: 79650ca2e93b08c5ebd9008fa9e6f51e59d5245c
+  data.tar.gz: 64f6364b28ef24e98d203b764165201ac2c32a33
 SHA512:
-  metadata.gz: 68c08236ab63ec53595788a07de8256941934bf1993727d2edf002ab71efd6d6681060feb64ec4e96748a22a7d5457d4cf960d132a5d1d99744e53e7c8471da5
-  data.tar.gz: 342c1b6aa908f713b56eba516821f47af14d78e0659c8ff8f8574e11143570d1940d2f31d2a30ace4e05c4f65f02d8d4ee5555fb947cd47b30dd0393ed715840
+  metadata.gz: f28d44b4dec4e86ade6980070bebcbfdb0b35a9daded58db14e539c086ba380959ab81aee49a09e30839cfb1d2fcc16138c05ebc4588d1b6ea9cde4d00971262
+  data.tar.gz: f026a6b7e065e16d10e53bad7bfdaf66838abe3952cf421739d113b3334ba76bc077529b2f5d6788f56491fa3e3aa32520f5db42f123b63e1c20ed4652129da8

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 2.1.4
+before_script:
+  - bundle exec rake setup

data/.yardopts

@@ -0,0 +1,3 @@
+-
+HISTORY.md
+LICENSE.txt

data/Gemfile

@@ -8,7 +8,14 @@ group :development, :test do
   gem 'guard-rspec'
   gem 'pry'
   gem 'terminal-notifier-guard' if `uname` =~ /Darwin/
+  gem "codeclimate-test-reporter", require: nil
 
   gem 'jquery-rails'
   gem 'turbolinks'
 end
+
+group :docs do
+  gem "inch"
+  gem "rdoc"
+  gem "yard"
+end

data/Guardfile

@@ -4,6 +4,7 @@ guard :rspec, cmd: 'bundle exec rspec' do
   watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
   watch(%r{^tools/(.+)\.rb$})   { |m| "spec/tools/#{m[1]}_spec.rb" }
 
-  watch(%r{^controllers/(.+)\.rb$}) { |m| "spec/controllers/#{m[1]}_spec.rb" }
+  watch(%r{^lib/.+/matchers/.+\.rb$}) { "spec/controllers" }
+  watch(%r{^controllers/(.+)\.rb$})   { |m| "spec/controllers/#{m[1]}_spec.rb" }
 end
 

data/HISTORY.md

@@ -0,0 +1,32 @@
+
+[v0.0.2 / 2014-11-11] (https://github.com/hendrauzia/rspec-authorization/tree/v0.0.2)
+=====================
+
+  * Add RESTful methods matcher chaining
+  * Add object, callback and controller action stub
+  * Add documentation to have_permission_for matcher
+  * Add request documentation
+  * Refactor and add documentation to example
+  * Refactor and add documentation to example group
+  * Add documentation to gem requirement
+  * Add documentation to route
+  * Add yard as documentation generator
+  * Add documentation badge
+  * Add coverage, dependencies and security badges
+  * Fix rails test app spec
+  * Fix travis build
+  * Add travis badge and config
+  * Add gem version badge and usage
+
+[v0.0.1 / 2014-11-05] (https://github.com/hendrauzia/rspec-authorization/tree/v0.0.1)
+=====================
+
+  * Add have_permission_for matcher for restful actions
+  * Add rails test app template
+  * Add clean and reset rake task
+  * Update dependency to ruby 2.1.4
+  * Add rails test app for spec to run against
+  * Add rspec-rails for specs
+  * Add rspec-authorization gem scaffold using bundler
+  * Initial commit
+

data/README.md

@@ -1,22 +1,75 @@
-# Rspec::Authorization
+# RSpec::Authorization
 
-RSpec matcher for declarative_authorization. A neat way of asserting declarative_authorization's rules inside controller using RSpec matcher.
+[![GitHub](http://img.shields.io/badge/github-hendrauzia/rspec--authorization-blue.svg)](http://github.com/hendrauzia/rspec-authorization)
+[![Documentation](http://img.shields.io/badge/docs-rdoc.info-blue.svg)](http://rubydoc.org/github/hendrauzia/rspec-authorization)
+
+[![Gem Version](https://badge.fury.io/rb/rspec-authorization.svg)](http://badge.fury.io/rb/rspec-authorization)
+[![Build Status](https://travis-ci.org/hendrauzia/rspec-authorization.svg)](https://travis-ci.org/hendrauzia/rspec-authorization)
+[![Code Climate](https://codeclimate.com/github/hendrauzia/rspec-authorization/badges/gpa.svg)](https://codeclimate.com/github/hendrauzia/rspec-authorization)
+[![Test Coverage](https://codeclimate.com/github/hendrauzia/rspec-authorization/badges/coverage.svg)](https://codeclimate.com/github/hendrauzia/rspec-authorization)
+[![Dependency Status](https://gemnasium.com/hendrauzia/rspec-authorization.svg)](https://gemnasium.com/hendrauzia/rspec-authorization)
+[![security](https://hakiri.io/github/hendrauzia/rspec-authorization/master.svg)](https://hakiri.io/github/hendrauzia/rspec-authorization/master)
+[![Inline docs](http://inch-ci.org/github/hendrauzia/rspec-authorization.svg?branch=master)](http://inch-ci.org/github/hendrauzia/rspec-authorization)
+
+RSpec matcher for declarative_authorization. A neat way of asserting
+declarative_authorization's rules inside controller using RSpec matcher.
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
-```ruby
-gem 'rspec-authorization'
-```
+
+    gem 'rspec-authorization', group: :test
+
 
 And then execute:
 
-    $ bundle
+    bundle
 
 Or install it yourself as:
 
-    $ gem install rspec-authorization
+    gem install rspec-authorization
+
+## Requirement
+
+Current development focus is as follows, future development may support other
+dependencies, following are requirements for this gem:
+
+- declarative_authorization 1.0.0.pre
+- rails 4.x
+- rspec-rails 3.x
+
+## Usage
+
+In your controller spec:
+
+    describe ArticlesController do
+      it { is_expected.to have_permission_for(:a_role).to(:restful_action_name) }
+
+      it { is_expected.to have_permission_for(:writer).to(:index) }
+      it { is_expected.to have_permission_for(:writer).to(:show) }
+      it { is_expected.to have_permission_for(:writer).to(:new) }
+      it { is_expected.to have_permission_for(:writer).to(:create) }
+      it { is_expected.not_to have_permission_for(:writer).to(:edit) }
+      it { is_expected.not_to have_permission_for(:writer).to(:update) }
+      it { is_expected.not_to have_permission_for(:writer).to(:destroy) }
+    end
+
+You can also use convenience RESTful methods matcher:
+
+    describe ArticlesController do
+      it { is_expected.to have_permission_for(:user).to_read }
+      it { is_expected.not_to have_permission_for(:user).to_create }
+      it { is_expected.not_to have_permission_for(:user).to_update }
+      it { is_expected.not_to have_permission_for(:user).to_delete }
+
+      it { is_expected.to have_permission_for(:writer).to_read }
+      it { is_expected.to have_permission_for(:writer).to_create }
+      it { is_expected.to have_permission_for(:writer).to_update }
+      it { is_expected.not_to have_permission_for(:writer).to_delete }
+
+      it { is_expected.to have_permission_for(:editor).to_manage }
+    end
 
 ## Contributing
 

data/lib/rspec/authorization/adapters/example.rb

@@ -1,27 +1,50 @@
 module RSpec::Authorization
   module Adapters
+    # Wrapper to generate and immediately run example from +RSpec::Core::Example+.
+    # The purpose of this class is to abstract the running of an example without
+    # unnecessary artifacts from an RSpec example, such as: reporter, generated
+    # description, context and expectation.
+    #
+    # The sole purpose of this class is to generate the minimum required component
+    # needed to create and run an example, for our matcher to run against. The trick
+    # to run the example without producing unnecessary artifacts is to trigger
+    # the example's before and after hook manually without running any expectations.
     class Example
-      attr_reader :group, :example
+      # @return [Class] RSpec example group
+      attr_reader :group_target
+      # @return [RSpec::Core::Example] instance of RSpec example
+      attr_reader :target
 
-      def initialize(group)
-        @group   = group
-        @example = RSpec::Core::Example.new(group, "", {})
+      # Initialize example using RSpec example group. The RSpec example group can
+      # be retrieved using example group's target, consider the following example:
+      #
+      #   group   = ExampleGroup.new(ArticlesController)
+      #   example = Example.new(group.target)
+      #
+      # @param group_target [Class] RSpec example group from +ExampleGroup#target+
+      # @see ExampleGroup#target
+      def initialize(group_target)
+        @group_target = group_target
+        @target       = RSpec::Core::Example.new(group_target, "", {})
 
         set_example_group_instance
-      end
-
-      def run
         run_before_example
+        run_after_example
       end
 
       private
 
       def set_example_group_instance
-        @example.instance_variable_set :@example_group_instance, group.new
+        target.instance_variable_set :@example_group_instance, group_target.new
       end
 
       def run_before_example
-        @example.send :run_before_example
+        target.send :run_before_example
+      end
+
+      def run_after_example
+        target.example_group.hooks.run(:after, :example, target)
+        target.example_group_instance.teardown_mocks_for_rspec
       end
     end
   end

data/lib/rspec/authorization/adapters/example_group.rb

@@ -0,0 +1,78 @@
+module RSpec::Authorization
+  module Adapters
+    # Wrapper to generate +RSpec::Core::ExampleGroup+. The example group
+    # includes +RSpec::Rails::ControllerExampleGroup+ to add behavior testing,
+    # which provides methods to test the controller, such as: +get+, +post+,
+    # +patch+, +put+ and +delete+.
+    #
+    # Consider the following example:
+    #
+    #   group = ExampleGroup.new(ArticlesController)
+    #   group.target # => RSpec::ExampleGroups::ArticlesController
+    #
+    # Instantiating the class for a second time produce a different result:
+    #
+    #   group = ExampleGroup.new(ArticlesController)
+    #   group.target # => RSpec::ExampleGroups::ArticlesController_2
+    class ExampleGroup
+      # @return [Class] a class namespaced from +RSPec::ExampleGroups+
+      attr_reader :target
+
+      # Initialize example group using controller's class.
+      #
+      # @param klass [Class] controller's class for an example group
+      def initialize(klass)
+        @target = RSpec::Core::ExampleGroup.describe(klass) do
+          include RSpec::Rails::ControllerExampleGroup
+        end
+      end
+
+      # Run example for our example group. The example is actualy has
+      # no example at all, it is simply a wrapper for +RSpec::Core::Example+,
+      # running an actual example would produce unnecessary artifacts, while all
+      # we need is a simple wrapper on controller behavior.
+      #
+      # @return [Example] example object that has been run
+      # @see Example
+      def run_example
+        Example.new(target)
+      end
+
+      # Add instruction to be run before our example. Instructions added will be
+      # run inside the context of our example group, consider the following
+      # example:
+      #
+      #   before do
+      #     get :index
+      #   end
+      #
+      # The above statements behave exactly the same as RSpec +before+ method, and
+      # this method serve as a proxy to RSpec +before+ method call. That means
+      # everything that we can do inside +before+ method will be available inside
+      # +before+ to.
+      #
+      # @return [Array<RSpec::Core::Hooks::BeforeHook>] an array of before hook filter
+      def before(&block)
+        target.before(&block)
+      end
+
+      # Add instruction to be run after our example. Instructions added will be
+      # run inside the context of our example group, consider the following
+      # example:
+      #
+      #   after do
+      #     get :index
+      #   end
+      #
+      # The above statements behave exactly the same as RSpec +after+ method, and
+      # this method serve as a proxy to RSpec +after+ method call. That means
+      # everything that we can do inside +after+ method will be available inside
+      # +after+ to.
+      #
+      # @return [Array<RSpec::Core::Hooks::AfterHook>] an array of after hook filter
+      def after(&block)
+        target.after(&block)
+      end
+    end
+  end
+end

data/lib/rspec/authorization/adapters/request.rb

@@ -1,16 +1,86 @@
 module RSpec::Authorization
   module Adapters
+    # Create a request using wrapper around RSpec example. The request is made
+    # possible through wrapping the call around RSpec example, this approach
+    # is choosen because we need to get as close as possible to how the request
+    # is made inside RSpec.
+    #
+    # Once the request is created, it will immediately run and we can evaluate the
+    # response, consider the following example.
+    #
+    #   request = Request.new(ArticlesController, :index, :user)
+    #   request.response.status # => 200
+    #
+    # Since the request is actually creating a request to the provided controller,
+    # it will run everything inside the controller, and no stubbing is performed.
+    # Therefore exception inside controller will bubble up to the request and may
+    # cause unexpected result. That is with one exception, there is one exception,
+    # ActiveRecord::RecordNotFound is rescued and bypassed, therefore it will not
+    # affect the request.
     class Request
-      attr_reader :klass, :action, :role, :group, :route, :response
+      # @return [Class] controller class name
+      attr_reader :klass
+      # @return [Symbol] controller action name
+      attr_reader :action
+      # @return [Symbol] role name from +config/authorization_rules.rb+
+      attr_reader :role
+      # @return [ExampleGroup] example group of the request
+      # @see ExampleGroup
+      attr_reader :group
+      # @return [Route] route object of the action
+      # @see Route
+      attr_reader :route
+      # @return [ActionController::TestResponse] response object of the request
+      attr_reader :response
 
+      # Create request object and immediately run the request. Inside initialization
+      # a lot of stuff get stubbed, it is to allow request to be run with assumptions,
+      # following are the assumptions composed as private method run inside the
+      # initializer:
+      #
+      # +stub_current_user+::
+      #   The request is expected to run as a user with provided role. There is
+      #   no user created whatsoever, it only creates a double with role_symbols
+      #   defined and return it inside +current_user+.
+      #
+      # +stub_authorization_load_controller_object+::
+      #   The request is expected to ignore declarative_authorization controller's
+      #   object loading.
+      #
+      # +stub_authorization_load_object+::
+      #   The request is expected to ignore declarative_authorization object
+      #   loading. This is different from the above, and is expected to be called
+      #   if controller object isn't loaded.
+      #
+      # +stub_callbacks+::
+      #   The request is expected to ignore all callbacks defined inside the
+      #   controller.
+      #
+      # +stub_action+::
+      #   The request is expected to ignore all statements run inside the action
+      #   and configured to render nothing instead.
+      #
+      # All of the above assumptions is expected to run only inside this request
+      # only, and not to change the behavior of the application outside of this
+      # request.
+      #
+      # @param klass [Class] controller class name to request from
+      # @param action [Symbol] action name, currently only support RESTful action
+      # @param role [Symbol] role name from +config/authorization_rules.rb+
       def initialize(klass, action, role)
         @klass, @action, @role = klass, action, role
-        @group, @route = Group.new(klass), Route.new(action)
+        @group, @route = ExampleGroup.new(klass), Route.new(action)
+
+        @authorization_stubbed = false
 
         stub_current_user
+        stub_authorization_load_controller_object
+        stub_authorization_load_object
+        stub_callbacks
+        stub_action
 
         setup_response_retrieval
-        dispatch
+        group.run_example
       end
 
       private
@@ -32,24 +102,69 @@ module RSpec::Authorization
         end
       end
 
-      def setup_response_retrieval
-        args   = route
-        setter = response_setter
+      def stub_authorization_load_controller_object
+        group.before do
+          allow(controller).to receive(:load_controller_object)
+        end
+      end
+
+      def stub_authorization_load_object
+        return if @authorization_stubbed
+        @authorization_stubbed = true
 
         group.before do
-          begin
-            send *args
-          rescue ActiveRecord::RecordNotFound
-            response.status = 404
+          Authorization::ControllerPermission.instance_eval do
+            alias_method :load_object_original, :load_object
+            define_method :load_object do |*args, &block|
+              begin
+                load_object_original(*args, &block)
+              rescue ActiveRecord::RecordNotFound
+              end
+            end
           end
+        end
 
-          setter.call(response)
+        group.after do
+          Authorization::ControllerPermission.instance_eval do
+            remove_method :load_object
+
+            alias_method  :load_object, :load_object_original
+            remove_method :load_object_original
+          end
         end
       end
 
-      def dispatch
-        example = Example.new(group)
-        example.run
+      def stub_callbacks
+        group.before do
+          methods = controller._process_action_callbacks.map(&:filter).split(:filter_access_filter).last
+          controller.instance_eval do
+            methods.each do |method|
+              define_singleton_method method do |*args, &block|
+              end
+            end
+          end
+        end
+      end
+
+      def stub_action
+        args = route
+        group.before do
+          controller.instance_eval do
+            define_singleton_method args.action do |*args, &block|
+              render nothing: true
+            end
+          end
+        end
+      end
+
+      def setup_response_retrieval
+        args   = route
+        setter = response_setter
+
+        group.before do
+          send *args
+          setter.call(response)
+        end
       end
     end
   end

data/lib/rspec/authorization/adapters/route.rb

@@ -1,8 +1,107 @@
 module RSpec::Authorization
   module Adapters
+    # Generate route that defines RESTful method using provided action. It is
+    # used primarily in creating a new request and infered automatically to an
+    # array using the defined +#to_a+ method.
+    #
+    # Route generation has 3 primary part, which are:
+    # - +verb+
+    # - +action+
+    # - +params+
+    #
+    # The first part, +verb+ refers to RESTful method, which is described in
+    # +DICTIONARIES+, +action+ refers to controller action name, and +params+
+    # refers to parameters used in a request. This object can be automatically
+    # inferred as an array.
+    #
+    # Creating a route will generate a route object:
+    #
+    #   route = Route.new(:index)
+    #   route # => #<Route:...>
+    #
+    # This will infer the object as an array:
+    #
+    #   route = Route.new(:show)
+    #   send *route # => [:get, :show, { id: 1 }]
+    #
+    # @see #to_a
     class Route
+      # @return [Symbol] returns route action name
       attr_reader :action
 
+      # Initializing a route requires a RESTful action name that the route want
+      # to generate. The action that get passed is assigned to +action+ attributes
+      # and is publicly accessible.
+      #
+      #   route = Route.new(:index)
+      #   route.action # => :index
+      #
+      # Currently +Route+ only support RESTful action, passing non-RESTful action
+      # name is possible, but will result in unexpected result.
+      #
+      # @param action [Symbol] RESTful action name
+      # @see #verb
+      def initialize(action)
+        @action = action
+      end
+
+      # This method is used to retrieve a dummy params that's used for an action.
+      # Tipically an action for a resource member requires a param, while action
+      # for resource collection doesn't need any param.
+      #
+      # This will return a dummy params:
+      #
+      #   route = Route.new(:show)
+      #   route.params # => { id: 1 }
+      #
+      # This will return nil for a collection resource action:
+      #
+      #   route = Route.new(:index)
+      #   route.params # => nil
+      #
+      # @return [Hash, nil] a dummy hash params
+      def params
+        PARAMS[action]
+      end
+
+      # Return verb used for the RESTful action. The verb uses +DICTIONARIES+ to
+      # retrieve a valid method for an action. This method intentionally throws
+      # error if a non-RESTful action is used.
+      #
+      #   route = Route.new(:index)
+      #   route.verb # => :get
+      #
+      # This will throw error:
+      #
+      #   route = Route.new(:an_action)
+      #   route.verb # => KeyError: key not found: :an_action
+      #
+      # @return [Symbol] RESTful verb to be used for an action
+      def verb
+        DICTIONARIES.fetch(action)
+      end
+
+      # This method is used to convert Route object into an array. This method also
+      # used to automatically infer +Route+ as an array on method that uses +to_a+,
+      # therefore we don't need to manually invoke +#to_a+ on every call that
+      # requires an array object.
+      #
+      # This will return an array:
+      #
+      #   route = Route.new(:show)
+      #   route.to_a # => [:get, :show, { id: 1 }]
+      #
+      # This will also return an array inferred automatically
+      #
+      #   send *route # => [:get, :show, { id: 1 }]
+      #
+      # @return [Array] an array of verb, action and params
+      def to_a
+        [verb, action, params]
+      end
+
+      private
+
       DICTIONARIES = {
         index:   :get,
         show:    :get,
@@ -19,22 +118,6 @@ module RSpec::Authorization
         update:  { id: 1 },
         destroy: { id: 1 }
       }
-
-      def initialize(action)
-        @action = action
-      end
-
-      def params
-        PARAMS[action]
-      end
-
-      def verb
-        DICTIONARIES.fetch(action)
-      end
-
-      def to_a
-        [verb, action, params]
-      end
     end
   end
 end

data/lib/rspec/authorization/adapters.rb

@@ -1,10 +1,10 @@
 require "rspec/authorization/adapters/example"
-require "rspec/authorization/adapters/group"
+require "rspec/authorization/adapters/example_group"
 require "rspec/authorization/adapters/request"
 require "rspec/authorization/adapters/route"
 
 module RSpec::Authorization
-  module Adapters
+  module Adapters # :nodoc:
   end
 end
 

data/lib/rspec/authorization/matchers/have_permission_for.rb

@@ -1,43 +1,158 @@
 module RSpec::Authorization
   module Matchers
+    # Include this module to enable the +have_permission_for+ matcher inside RSpec.
+    # The following module is to be included only inside controller spec, this will
+    # add the capability to do a matcher against decalrative_authorization rules as
+    # follows:
+    #
+    #   it { is_expected.to have_permission_for(:user).to(:index) }
+    #
+    # For your convenience, the following configuration has been enabled inside
+    # RSpec configuration.
+    #
+    #   RSpec.configure do |config|
+    #     config.include RSpec::Authorization::Matchers::HavePermissionFor, type: :controller
+    #   end
     module HavePermissionFor
+      # Matcher to check permission of a role for a given controller in a spec. The
+      # following statement shows you how to use this matcher:
+      #
+      #   describe ArticlesController do
+      #     it { is_expected.to have_permission_for(:user).to(:index) }
+      #   end
+      #
+      # Currently this matcher only support RESTful action check, to check the
+      # controller against +config/authorization_rules.rb+. Skipping the +#to+
+      # method will result in default action assigned as +:index+.
+      #
+      # Therefore, the following statement is exactly the same as above:
+      #
+      #   it { is_expected.to have_permission_for(:user) }
+      #
+      # === RESTful methods
+      #
+      # For your convenience, there are 4 RESTful methods available to be chained
+      # from the matcher, which are:
+      #
+      # - +to_read+
+      # - +to_create+
+      # - +to_update+
+      # - +to_delete+
+      #
+      # Consider the following example:
+      #
+      #   it { is_expected.to have_permission_for(:user).to_read }
+      #   it { is_expected.to have_permission_for(:user).to_edit }
+      #   it { is_expected.not_to have_permission_for(:user).to_update }
+      #   it { is_expected.not_to have_permission_for(:user).to_delete }
+      #
+      # The above method is not related to declarative_authorization privileges,
+      # and serve simply as convinience method, below is a table of RESTful actions
+      # for each method mentioned above:
+      #
+      #   Method         RESTful action
+      #   ------------------------------------
+      #   to_read       [:index, :show]
+      #   to_edit       [:edit, :update]
+      #   to_create     [:new, :create]
+      #   to_delete     [:destroy]
+      #
+      # Matcher for RESTful methods is slightly different than that of a single
+      # method, following is how RESTful methods request results evaluated:
+      #
+      #   all_requests (of #to_read)       matches?     does_not_match?
+      #   -------------------------------------------------------------------
+      #   {index: true, show: true}        true         false
+      #   {index: true, show: false}       false        false
+      #   {index: false, show: false}      false        true
+      #
+      # @param role [Symbol] role name to matched against
       def have_permission_for(role)
         HavePermissionFor.new(role)
       end
 
-      # @private
-      class HavePermissionFor
+      class HavePermissionFor # :nodoc: all
         include Adapters
 
-        attr_reader :controller, :role, :action
+        attr_reader :controller, :role, :behave, :actions, :results
 
         def initialize(role)
-          @role   = role
-          @action = :index
+          @role = role
         end
 
         def to(action)
-          @action = action
+          @behave  = action
+          @actions = [behave]
+
+          self
+        end
+
+        def to_read
+          @behave  = :read
+          @actions = %i(index show)
+
+          self
+        end
+
+        def to_create
+          @behave  = :create
+          @actions = %i(new create)
+
           self
         end
 
+        def to_update
+          @behave  = :update
+          @actions = %i(edit update)
+
+          self
+        end
+
+        def to_delete
+          @behave  = :delete
+          @actions = %i(destroy)
+
+          self
+        end
+
+        def to_manage
+          @behave  = :manage
+          @actions = %i(index show new create edit update destroy)
+
+          self
+        end
+
+        def all_requests
+          actions.map do |action|
+            request = Request.new(controller.class, action, role)
+            [action, request.response.status != 403]
+          end
+        end
+
         def matches?(controller)
           @controller = controller
+          @results    = Hash[all_requests]
+
+          true unless results.value? false
+        end
+
+        def does_not_match?(controller)
+          @controller = controller
+          @results    = Hash[all_requests]
 
-          request = Request.new(controller.class, action, role)
-          request.response.status != 403
+          true unless results.value? true
         end
 
         def failure_message
-          "Expected #{controller.class} to have permission for #{role} to #{action}"
+          "Expected #{controller.class} to have permission for #{role} to #{behave}. #{results}"
         end
 
         def failure_message_when_negated
-          "Did not expect #{controller.class} to have permission for #{role} to #{action}"
+          "Did not expect #{controller.class} to have permission for #{role} to #{behave}. #{results}"
         end
 
         def description
-          "have permission for #{role} on #{action}"
+          "have permission for #{role} to #{behave}"
         end
       end
     end

data/lib/rspec/authorization/matchers.rb

@@ -1,7 +1,7 @@
 require 'rspec/authorization/matchers/have_permission_for'
 
 module RSpec::Authorization
-  module Matchers
+  module Matchers # :nodoc:
   end
 end
 

data/lib/rspec/authorization/version.rb

@@ -1,5 +1,5 @@
-module Rspec
+module RSpec
   module Authorization
-    VERSION = "0.0.1"
+    VERSION = "0.0.2"
   end
 end

data/lib/rspec/authorization.rb

@@ -3,7 +3,7 @@ require "rspec/authorization/adapters"
 require "rspec/authorization/matchers"
 require "rspec/authorization/version"
 
-module RSpec
-  module Authorization
+module RSpec # :nodoc:
+  module Authorization # :nodoc:
   end
 end

data/rspec-authorization.gemspec

@@ -4,7 +4,7 @@ require 'rspec/authorization/version'
 
 Gem::Specification.new do |spec|
   spec.name          = "rspec-authorization"
-  spec.version       = Rspec::Authorization::VERSION
+  spec.version       = RSpec::Authorization::VERSION
   spec.authors       = ["Hendra Uzia"]
   spec.email         = ["hendra.uzia@gmail.com"]
   spec.summary       = %q{RSpec matcher for declarative_authorization.}
@@ -18,7 +18,7 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
 
   spec.add_runtime_dependency "declarative_authorization"
-  spec.add_runtime_dependency "rspec-rails"
+  spec.add_runtime_dependency "rspec-rails", "~> 3.0"
 
   spec.add_development_dependency "bundler", "~> 1.7"
   spec.add_development_dependency "rails", "~> 4.0"

data/spec/controllers/articles_controller_spec.rb

@@ -0,0 +1,21 @@
+require 'rails_helper'
+
+describe ArticlesController do
+  it { is_expected.to have_permission_for(:user).to(:index) }
+  it { is_expected.not_to have_permission_for(:user).to(:show) }
+  it { is_expected.not_to have_permission_for(:user).to_create }
+  it { is_expected.not_to have_permission_for(:user).to_update }
+  it { is_expected.not_to have_permission_for(:user).to_delete }
+
+  it { is_expected.to have_permission_for(:premium).to_read }
+  it { is_expected.not_to have_permission_for(:premium).to_create }
+  it { is_expected.not_to have_permission_for(:premium).to_update }
+  it { is_expected.not_to have_permission_for(:premium).to_delete }
+
+  it { is_expected.to have_permission_for(:writer).to_read }
+  it { is_expected.to have_permission_for(:writer).to_create }
+  it { is_expected.not_to have_permission_for(:writer).to_update }
+  it { is_expected.not_to have_permission_for(:writer).to_delete }
+
+  it { is_expected.to have_permission_for(:editor).to_manage }
+end

data/spec/lib/rspec/authorization/adapters/example_group_spec.rb

@@ -0,0 +1,28 @@
+require 'rails_helper'
+
+include RSpec::Authorization::Adapters
+
+describe ExampleGroup do
+  let(:klass)         { ArticlesController }
+  let(:example_group) { ExampleGroup.new(klass) }
+
+  let(:before_instruction)   { ->{ :before } }
+  let(:after_instruction)    { ->{ :after } }
+
+  describe "target" do
+    subject { example_group.target }
+    its(:described_class) { is_expected.to eq klass }
+  end
+
+  describe "#before" do
+    specify { expect(example_group.before(&before_instruction).last.block).to eq before_instruction }
+  end
+
+  describe "#after" do
+    specify { expect(example_group.after(&after_instruction).first.block).to eq after_instruction }
+  end
+
+  describe "#run_example" do
+    specify { expect(example_group.run_example).to be_a_kind_of(Example) }
+  end
+end

data/spec/lib/rspec/authorization/adapters/example_spec.rb

@@ -4,23 +4,13 @@ include RSpec::Authorization::Adapters
 
 describe Example do
   let(:klass)   { GroupTestClass }
-  let(:group)   { Group.new(klass) }
-  let(:example) { Example.new(group) }
+  let(:group)   { ExampleGroup.new(klass) }
+  let(:example) { Example.new(group.target) }
 
-  subject { example }
-
-  its(:group)   { is_expected.to eq group }
-  its(:example) { is_expected.to be_a_kind_of RSpec::Core::Example }
+  before { allow_any_instance_of(Example).to receive(:run_before_example) }
 
-  context "private" do
-    describe "#set_example_group_instance" do
-      before { example.send :set_example_group_instance }
-      specify { expect(example.example.instance_variable_get :@example_group_instance).to be_a_kind_of group }
-    end
+  subject { example }
 
-    describe "#run_before_example" do
-      before { expect(example.example).to receive(:run_before_example).and_return(true) }
-      specify { expect(example.example.send :run_before_example).to be_present }
-    end
-  end
+  its(:group_target) { is_expected.to eq group.target }
+  its(:target)       { is_expected.to be_a_kind_of RSpec::Core::Example }
 end

data/spec/lib/rspec/authorization/adapters/request_spec.rb

@@ -3,9 +3,9 @@ require 'rails_helper'
 include RSpec::Authorization::Adapters
 
 describe Request do
-  let(:klass)   { PostsController }
-  let(:action)  { :index }
-  let(:role)    { :user }
+  let(:klass)   { ArticlesController }
+  let(:action)  { :update }
+  let(:role)    { :editor }
   let(:request) { Request.new(klass, action, role) }
 
   subject { request }

data/spec/spec_helper.rb

@@ -1,3 +1,6 @@
+require "codeclimate-test-reporter"
+CodeClimate::TestReporter.start
+
 require 'rspec/its'
 
 $LOAD_PATH << File.expand_path('../../tools', __FILE__)

data/spec/tools/rails_test_app_spec.rb

@@ -3,7 +3,8 @@ require 'rails_test_app'
 
 describe RailsTestApp do
   let(:test_app)   { RailsTestApp.new(:version) }
-  let(:dummy_file) { 'tmp/dummy-rails-test-app' }
+  let(:temp_path)  { "tmp" }
+  let(:dummy_file) { "#{temp_path}/dummy-rails-test-app" }
 
   describe ".new" do
     subject(:test_app) { RailsTestApp.new("4.1.6", "--skip-javascript") }
@@ -18,6 +19,7 @@ describe RailsTestApp do
     before { allow(test_app).to receive(:create_command).and_return("touch #{dummy_file}") }
     before { allow(test_app).to receive(:template_param) }
     before { allow(test_app).to receive(:option) }
+    before { `mkdir #{temp_path}` }
     after  { `rm -rf #{dummy_file}` }
 
     context "path does not exists" do

data/tools/rails_test_app/template.rb

@@ -5,8 +5,8 @@ rules = "config/authorization_rules.rb"
 run "mkdir ../../../config"
 run "ln -s ../spec/.rails/rails-#{Rails::VERSION::STRING}/#{rules} ../../../#{rules}"
 
-generate "scaffold post --skip-assets --skip-helper"
-generate "migration AddUserIdToPosts user:references"
+generate "scaffold article --skip-assets --skip-helper"
+generate "migration AddUserIdToArticles user:references"
 
 rake "db:migrate"
 run "bundle exec rake db:migrate RAILS_ENV=test"
@@ -14,27 +14,38 @@ run "bundle exec rake db:migrate RAILS_ENV=test"
 first_line = /\A.*/
 last_line  = /^.*\Z/
 
-inject_into_file "app/models/post.rb", %q{
+inject_into_file "app/models/article.rb", %q{
   belongs_to :user
 }, after: first_line
 
 inject_into_file "app/models/user.rb", %q{
-  has_many :posts
+  has_many :articles
 }, after: first_line
 
 inject_into_file "config/authorization_rules.rb", %q{
+  role :editor do
+    has_permission_on :articles, to: :manage
+  end
+
+  role :writer do
+    has_permission_on :articles, to: %i(read create)
+  end
+
+  role :premium do
+    has_permission_on :articles, to: :read
+  end
+
   role :user do
-    has_permission_on :posts, to: :manage
+    has_permission_on :articles, to: :index
   end
 }, after: first_line
 
 inject_into_file "app/controllers/application_controller.rb", %q{
   def current_user
-    User.where(id: session[:user_id]).presence
   end
 }, before: last_line
 
-inject_into_file "app/controllers/posts_controller.rb", %q{
+inject_into_file "app/controllers/articles_controller.rb", %q{
   filter_resource_access
 }, after: first_line
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rspec-authorization
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Hendra Uzia
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-05 00:00:00.000000000 Z
+date: 2014-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: declarative_authorization
@@ -28,16 +28,16 @@ dependencies:
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -120,15 +120,18 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".ruby-version"
+- ".travis.yml"
+- ".yardopts"
 - Gemfile
 - Guardfile
+- HISTORY.md
 - LICENSE.txt
 - README.md
 - Rakefile
 - lib/rspec/authorization.rb
 - lib/rspec/authorization/adapters.rb
 - lib/rspec/authorization/adapters/example.rb
-- lib/rspec/authorization/adapters/group.rb
+- lib/rspec/authorization/adapters/example_group.rb
 - lib/rspec/authorization/adapters/request.rb
 - lib/rspec/authorization/adapters/route.rb
 - lib/rspec/authorization/matchers.rb
@@ -136,9 +139,9 @@ files:
 - lib/rspec/authorization/version.rb
 - rspec-authorization.gemspec
 - spec/.keep
-- spec/controllers/posts_controller_spec.rb
+- spec/controllers/articles_controller_spec.rb
+- spec/lib/rspec/authorization/adapters/example_group_spec.rb
 - spec/lib/rspec/authorization/adapters/example_spec.rb
-- spec/lib/rspec/authorization/adapters/group_spec.rb
 - spec/lib/rspec/authorization/adapters/request_spec.rb
 - spec/lib/rspec/authorization/adapters/route_spec.rb
 - spec/rails_helper.rb
@@ -176,12 +179,13 @@ specification_version: 4
 summary: RSpec matcher for declarative_authorization.
 test_files:
 - spec/.keep
-- spec/controllers/posts_controller_spec.rb
+- spec/controllers/articles_controller_spec.rb
+- spec/lib/rspec/authorization/adapters/example_group_spec.rb
 - spec/lib/rspec/authorization/adapters/example_spec.rb
-- spec/lib/rspec/authorization/adapters/group_spec.rb
 - spec/lib/rspec/authorization/adapters/request_spec.rb
 - spec/lib/rspec/authorization/adapters/route_spec.rb
 - spec/rails_helper.rb
 - spec/spec_helper.rb
 - spec/support/group_test_class.rb
 - spec/tools/rails_test_app_spec.rb
+has_rdoc: 

data/lib/rspec/authorization/adapters/group.rb

@@ -1,14 +0,0 @@
-module RSpec::Authorization
-  module Adapters
-    class Group
-      class << self
-        def new(klass)
-          RSpec::Core::ExampleGroup.describe klass do
-            include RSpec::Rails::ControllerExampleGroup
-          end
-        end
-      end
-    end
-  end
-end
-

data/spec/controllers/posts_controller_spec.rb

@@ -1,11 +0,0 @@
-require 'rails_helper'
-
-describe PostsController do
-  it { is_expected.to have_permission_for(:user).to(:index) }
-  it { is_expected.to have_permission_for(:user).to(:new) }
-  it { is_expected.to have_permission_for(:user).to(:create) }
-  it { is_expected.to have_permission_for(:user).to(:show) }
-  it { is_expected.to have_permission_for(:user).to(:edit) }
-  it { is_expected.to have_permission_for(:user).to(:update) }
-  it { is_expected.to have_permission_for(:user).to(:destroy) }
-end

data/spec/lib/rspec/authorization/adapters/group_spec.rb

@@ -1,13 +0,0 @@
-require 'rails_helper'
-
-include RSpec::Authorization::Adapters
-
-describe Group do
-  let(:klass) { GroupTestClass }
-  let(:group) { Group.new(klass) }
-
-  describe ".new" do
-    subject { group }
-    its(:described_class) { is_expected.to eq GroupTestClass }
-  end
-end