sevn 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 14c5d4b42f9d4bffb2ff415941eaf0b384123611
-  data.tar.gz: 1c96bd1fe26c727a328b6772cfb5f8deee2efcb8
+  metadata.gz: 01bac45609156ae06537b04f1214238b248d0e53
+  data.tar.gz: d0caa0640db4d178e40e11efea16c995874656e3
 SHA512:
-  metadata.gz: 7072708bb086fce7c1c87aaa208cf44959ef0a634fb02358cd5437673092740a4fa231f0c571fdaf7d1f1f5369c2715cab4bde4f933262fb6544219fd218f25c
-  data.tar.gz: ee73ce1a8a0a0615434e39cc56527f558220dc829cddc3c998038beb142d9fe81ba7d04c116044e9b00e00ab5758c96bf769b54e35297d73164c609d81683071
+  metadata.gz: 734c28abc2a8c661be4506c41be5f29ea1732ebab76b7af7f95df065c5f501702465e6dd52a1279fa9142697395e1b9b4e88fc13b3038b9c1a0ec6752a9b9d69
+  data.tar.gz: 85e2311e7f2c8603828e02fe92f7b7926c07f11f37ca63d699b8e752105836e50879caed2ebc1a0d22a4d1f84d2862d97322699af530a0142a219dc232cc2361

data/lib/sevn/ability.rb

@@ -57,6 +57,36 @@ module Sevn
       end
     end
 
+    # Check if +object+ is authorized to do +actions+ in +subject+
+    # if action is not allowed it will raise an Unauthorized error
+    #
+    # == Parameters:
+    # actions::
+    #   Symbol or Array of Symbols of the actions to check
+    # object::
+    #   object trying to access resource
+    # subject::
+    #   resource to be accessed
+    # options::
+    #   a list of options to consider when checking.
+    #
+    # == Options:
+    # use_pack::
+    #   check for actions in the specified pack instead of auto-determining the pack.
+    #
+    # == Returns:
+    # +subject+
+    #
+    # == Exceptions:
+    # if object is not allowed to do action on subject, it will raise an UnauthorizedError
+    #
+    def authorize!(object, actions, subject, options = {})
+      if !allowed?(object, actions, subject, options)
+        raise Sevn::Errors::UnauthorizedError.new(object, actions, subject)
+      end
+      subject
+    end
+
     private
       def add_pack(name, pack)
         if valid_rules_pack?(pack)

data/lib/sevn/errors.rb

@@ -32,5 +32,17 @@ module Sevn
         'RulesPack abilities must be an "Array"'
       end
     end
+
+    class UnauthorizedError < StandardError
+      def initialize(object, action, subject)
+        @object = object
+        @action = action
+        @subject = subject
+      end
+
+      def message
+        "#{@object.inspect} is not authorized to do '#{@action}' to #{@subject.inspect}"
+      end
+    end
   end
 end

data/lib/sevn/version.rb

@@ -1,3 +1,3 @@
 module Sevn
-  VERSION = '0.0.2'
+  VERSION = '0.0.3'
 end

data/spec/support/valid_abilities_example.rb

@@ -8,8 +8,8 @@ shared_examples :valid_abilities do
       @mikes_book = Book.new("Life", @mike)
     end
 
-    def allowed?(action, object, subject)
-      abilities.allowed?(action, object, subject)
+    def allowed?(object, action, subject)
+      abilities.allowed?(object, action, subject)
     end
 
     describe "should return true or false depend on access" do
@@ -49,4 +49,63 @@ shared_examples :valid_abilities do
       end
     end
   end
+
+  describe :authorize! do
+    before do
+      @jim = Author.new("Jim")
+      @mike = Author.new("Mike")
+
+      @jims_book = Book.new("The Game", @jim)
+      @mikes_book = Book.new("Life", @mike)
+    end
+
+    def authorize!(object, action, subject)
+      abilities.authorize!(object, action, subject)
+    end
+
+    describe "should return the subject or raise UnauthorizedError" do
+      context :read_book do
+        it { expect(authorize!(@jim,  :read_book, @jims_book)).to be(@jims_book) }
+        it { expect(authorize!(@mike, :read_book, @mikes_book)).to be(@mikes_book) }
+        it { expect(authorize!(@jim,  :read_book, @mikes_book)).to be(@mikes_book) }
+        it { expect(authorize!(@mike, :read_book, @jims_book)).to be(@jims_book) }
+      end
+
+      context :rate_book do
+        it { expect{authorize!(@jim,  :rate_book, @jims_book)}.to raise_error(Sevn::Errors::UnauthorizedError) }
+        it { expect{authorize!(@mike, :rate_book, @mikes_book)}.to raise_error(Sevn::Errors::UnauthorizedError) }
+        it { expect(authorize!(@jim,  :rate_book, @mikes_book)).to be(@mikes_book) }
+        it { expect(authorize!(@mike, :rate_book, @jims_book)).to be(@jims_book) }
+      end
+
+      context :edit_book do
+        it { expect(authorize!(@jim, :edit_book, @jims_book)).to be(@jims_book) }
+        it { expect(authorize!(@mike,:edit_book,  @mikes_book)).to be(@mikes_book) }
+        it { expect{authorize!(@jim, :edit_book, @mikes_book)}.to raise_error(Sevn::Errors::UnauthorizedError) }
+        it { expect{authorize!(@mike,:edit_book,  @jims_book)}.to raise_error(Sevn::Errors::UnauthorizedError) }
+      end
+
+      context :publish_book do
+        it { expect{authorize!(@jim, :publish_book, @jims_book)}.to raise_error(Sevn::Errors::UnauthorizedError) }
+        it { expect{authorize!(@mike,:publish_book,  @mikes_book)}.to raise_error(Sevn::Errors::UnauthorizedError) }
+        it { expect{authorize!(@jim, :publish_book, @mikes_book)}.to raise_error(Sevn::Errors::UnauthorizedError) }
+        it { expect{authorize!(@mike,:publish_book,  @jims_book)}.to raise_error(Sevn::Errors::UnauthorizedError) }
+      end
+
+      context 'passing multiple actions' do
+        it { expect(authorize!(@jim, [:read_book, :edit_book], @jims_book)).to be(@jims_book) }
+        it {
+          expect {
+            authorize!(@jim, [:ead_book,  :publish_book, :edit_book], @jims_book)
+          }.to raise_error(Sevn::Errors::UnauthorizedError)
+        }
+        it { expect(authorize!(@mike, [:read_book, :edit_book], @mikes_book)).to be(@mikes_book) }
+        it {
+          expect {
+            authorize!(@mike, [:rate_book, :publish_book, :edit_book], @mikes_book)
+          }.to raise_error(Sevn::Errors::UnauthorizedError)
+        }
+      end
+    end
+  end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sevn
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Miguel Cervera