shamu 0.0.18 → 0.0.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: dd0f794321cd3d306d36b16935e133e3ded9270b
-  data.tar.gz: 244f8025c48879a691c7faa6f6e76b3b45efe2e0
+  metadata.gz: 9cde1e60d3798de927cee92894d391d3387e1619
+  data.tar.gz: 204c11e52933dd2d88acb0e812d9e5183d3c09c0
 SHA512:
-  metadata.gz: 57d00e95ce2bf7a4d1ddbc224aff0a2790255a6bd1c1ac907f7450b95a30b63c7ca2cc404d0754c7ee363761386fc5c1567f1f50114957488d538be85d2cbda8
-  data.tar.gz: e2ab805eb2ba0db7969601cb825f827c8d5346c8ebd34db8e836543a6726b7327c20b68f092681555b56f1832d8dd8512d08d8bc1ddaf3170e6f221d5b3ab1a0
+  metadata.gz: cb22139780ad29697e690025ad740b2cb1673b3486f854744182972f4ff382a873c7f362a59936b39c82788742c5e486237d7b29c4346acfd3f0a2532e97f582
+  data.tar.gz: 7d06c76f61740a24724d4261a3b72d9117a5e5f36d6c600168271981c3c45ce23d1e637a9b677809d3996229e0df616e573d3994997ecb54a20310bfa349c65f

data/.rubocop.yml

@@ -39,7 +39,7 @@ Metrics/MethodLength:
   Max: 15
 
 Metrics/AbcSize:
-  Max: 20
+  Max: 24
 
 Metrics/CyclomaticComplexity:
   Max: 10

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    shamu (0.0.18)
+    shamu (0.0.19)
       activemodel (>= 5.0)
       activesupport (>= 5.0)
       crc32 (~> 1)
@@ -114,7 +114,7 @@ GEM
     minitest (5.10.2)
     multi_json (1.12.1)
     nenv (0.3.0)
-    nio4r (2.0.0)
+    nio4r (2.1.0)
     nokogiri (1.7.2)
       mini_portile2 (~> 2.1.0)
     notiffany (0.1.1)

data/lib/shamu/attributes.rb

@@ -51,6 +51,11 @@ module Shamu
       end
     end
 
+    # @return [Hash] a hash with the keys for each of the given names.
+    def slice( *names )
+      to_attributes only: names
+    end
+
     # Indicates if the object has an attribute with the given name. Aliased to
     # {#key?} to make the object look like a Hash.
     def attribute?( name )

data/lib/shamu/auditing/support.rb

@@ -51,7 +51,7 @@ module Shamu
         #     should call {Transaction#append_entity} to include any parent
         #     entities in the entity path.
         # @yieldreturn [Services::Result]
-        def audit_request( request, action: :smart, &block )
+        def audit_request( request, action: :smart, &block ) # rubocop:disable Metrics/PerceivedComplexity
           transaction = Transaction.new \
             user_id_chain: auditing_security_principal.user_id_chain,
             changes: request.to_attributes( only: request.assigned_attributes ),
@@ -63,7 +63,7 @@ module Shamu
           if result.valid?
             if result.entity
               transaction.append_entity result.entity
-            elsif request.respond_to?( :id ) && defined? entity_class
+            elsif !transaction.entities? && request.respond_to?( :id ) && defined? entity_class
               transaction.append_entity [ entity_class, request.id ]
             end
             auditing_service.commit( transaction )

data/lib/shamu/auditing/transaction.rb

@@ -49,6 +49,12 @@ module Shamu
         end
       end
 
+      # @return [Boolean] true if entities have been added to the transaction.
+      def entities?
+        entities.present?
+      end
+
+
       private
 
         attr_reader :entities

data/lib/shamu/entities/active_record.rb

@@ -27,12 +27,12 @@ module Shamu
       # @return [ActiveRecord::Relation]
       def by_list_scope( scope )
         criteria = all
-        criteria = apply_custom_list_scope( criteria, scope )
         criteria = apply_paging_scope( criteria, scope )        if scope.respond_to?( :paged? )
         criteria = apply_scoped_paging_scope( criteria, scope ) if scope.respond_to?( :scoped_page? )
         criteria = apply_window_paging_scope( criteria, scope ) if scope.respond_to?( :window_paged? )
         criteria = apply_dates_scope( criteria, scope )         if scope.respond_to?( :dated? )
         criteria = apply_sorting_scope( criteria, scope )       if scope.respond_to?( :sorted? )
+        criteria = apply_custom_list_scope( criteria, scope )
         criteria
       end
 
@@ -106,12 +106,16 @@ module Shamu
         def apply_custom_list_scope( criteria, scope )
           custom_list_scope_attributes( scope ).each do |name|
             scope_name = :"by_#{ name }"
+            apply_name = :"apply_#{ name }_list_scope"
+
             if criteria.respond_to?( scope_name )
               value    = scope.send( name )
               criteria = criteria.send scope_name, value if value.present?
+            elsif criteria.respond_to?( apply_name )
+              criteria = criteria.send apply_name, criteria, scope
             else
               # rubocop:disable Metrics/LineLength
-              fail ArgumentError, "Cannot apply '#{ name }' filter from #{ scope.class.name }. Add 'scope :#{ scope_name }, ->( #{ name } ) { ... }' to #{ criteria.class.name }"
+              fail ArgumentError, "Cannot apply '#{ name }' filter from #{ scope.class.name }. Add 'scope :#{ scope_name }, ->( #{ name } ) { ... }' or 'def self.#{ apply_name }( criteria, scope )' to #{ self.name }"
             end
           end
 

data/lib/shamu/entities/active_record_soft_destroy.rb

@@ -40,6 +40,17 @@ module Shamu
         # Exclude destroyed records by default.
         default_scope { except_destroyed }
 
+        # Apply list scoping that includes targeting `destroyed` state.
+        def self.apply_destroyed_list_scope( criteria, scope )
+          return criteria if scope.destroyed.nil?
+
+          if scope.destroyed
+            criteria.destroyed
+          else
+            criteria.except_destroyed
+          end
+        end
+
         #
         # @!endgroup Scopes
 

data/lib/shamu/entities/entity.rb

@@ -114,6 +114,29 @@ module Shamu
         self
       end
 
+      # Redact attributes on the entity.
+      #
+      # @param [Array<Symbol>,Hash] attributes to redact on the entity. Either
+      # a list of attributes to set to nil or a hash of attributes with their
+      # values.
+      def redact!( *attributes )
+        hash =
+          if attributes.first.is_a?( Symbol )
+            Hash[ attributes.zip( [ nil ] * attributes.length ) ]
+          else
+            attributes.first
+          end
+
+        assign_attributes hash
+        self
+      end
+
+      # @return [Entity] a modified version of the entity with the given
+      # attributes redacted.
+      def redact( attributes )
+        dup.redact!( attributes )
+      end
+
       private
 
         def serialize_attribute?( name, options )

data/lib/shamu/entities/list_scope/window_paging.rb

@@ -35,7 +35,7 @@ module Shamu
         #
         # @!endgroup Attributes
 
-        def self.included( base ) # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
+        def self.included( base ) # rubocop:disable Metrics/MethodLength
           super
 
           base.attribute :first, coerce: :to_i, default: ->() { default_first }

data/lib/shamu/rspec/matchers.rb

@@ -1,3 +1,25 @@
+RSpec::Matchers.define :raise_access_denied do |_expected|
+  def supports_block_expectations?
+    true
+  end
+
+  match do |actual|
+    begin
+      subject && subject.stub(:access_denied) do |exception|
+        raise exception
+      end
+
+      actual.call
+      false
+    rescue CanCan::AccessDenied
+      true
+    rescue Services::Security::AccessDeniedError
+      true
+    rescue
+      false
+    end
+  end
+end
 
 RSpec::Matchers.define :be_permitted_to do |*args|
 
@@ -41,4 +63,4 @@ RSpec::Matchers.define :absolutely_be_permitted_to do |*args|
   match do |policy|
     policy.permit?( *args ) == :yes
   end
-end
+end

data/lib/shamu/security/active_record_policy.rb

@@ -47,10 +47,11 @@ module Shamu
       #     when applying the refinement.
       # @return [ActiveRecord::Relation] the refined relation.
       def refine_relation( action, relation, additional_context = nil )
+        resolve_permissions
         refined = false
 
         refinements.each do |refinement|
-          if refinement.match?( action, relation )
+          if refinement.match?( action, relation, additional_context )
             refined  = true
             relation = refinement.apply( relation, additional_context ) || relation
           end
@@ -103,4 +104,4 @@ module Shamu
 
     end
   end
-end
+end

data/lib/shamu/security/no_policy.rb

@@ -3,7 +3,7 @@ module Shamu
 
     # Used in specs and service to service delegated requests to effectively
     # offer no policy and permit all actions.
-    class NoPolicy
+    class NoPolicy < Policy
 
       # (see Policy#permit?)
       def permit?( * )
@@ -12,4 +12,4 @@ module Shamu
 
     end
   end
-end
+end

data/lib/shamu/security/policy.rb

@@ -42,17 +42,24 @@ module Shamu
 
       # @!attribute
       # @return [Principal] principal holding user identity and access credentials.
-        attr_reader :principal
+      attr_reader :principal
 
       # @!attribute
       # @return [Array<Roles>] roles that have been granted to the {#principal}.
-        attr_reader :roles
+      attr_reader :roles
+
+      # @!attribute
+      # @return [Array<Integer>] additional user ids that the {#principal} is
+      # may act on behalf of.
+      attr_reader :related_user_ids
+
       #
       # @!endgroup Dependencies
 
-      def initialize( principal: nil, roles: nil )
-        @principal = principal || Principal.new
-        @roles     = roles || []
+      def initialize( principal: nil, roles: nil, related_user_ids: nil )
+        @principal        = principal || Principal.new
+        @roles            = roles || []
+        @related_user_ids = Array.wrap( related_user_ids )
       end
 
       # Authorize the given `action` on the given resource. If it is not
@@ -101,7 +108,7 @@ module Shamu
         def rules
           @rules ||= begin
             @rules = []
-            permissions
+            resolve_permissions
             @rules
           end
         end
@@ -123,11 +130,20 @@ module Shamu
         def principal_roles
           @principal_roles ||= begin
             expanded = self.class.expand_roles( *roles )
-            expanded << :user if principal.user_id && self.class.role_defined?( :user )
+            expanded << :authenticated if principal.user_id && self.class.role_defined?( :authenticated )
             expanded
           end
         end
 
+        # @!visibility public
+        #
+        # @param [Integer] id of the candidate user.
+        # @return [Boolean] true if the given id is one of the authorized user
+        # ids on the principal.
+        def is_principal?( id ) # rubocop:disable Style/PredicateName
+          principal.try( :user_id ) == id || related_user_ids.include?( id )
+        end
+
         # ============================================================================
         # @!group DSL
         #
@@ -155,9 +171,24 @@ module Shamu
         #
         # @return [void]
         def permissions
-          fail IncompleteSetupError, "Permissions have not been defined. Add a private `permissions` method to #{ self.class.name }" # rubocop:disable Metrics/LineLength
+          if respond_to?( :anonymous_permissions, true ) && respond_to?( :authenticated_permissions, true )
+            if principal.user_id
+              authenticated_permissions
+            else
+              anonymous_permissions
+            end
+          else
+            fail IncompleteSetupError, "Permissions have not been defined. Add a private `permissions` method to #{ self.class.name }" # rubocop:disable Metrics/LineLength
+          end
         end
 
+          # Makes sure the {#permissions} method is invoked only once.
+          def resolve_permissions
+            return if @permissions_resolved
+            @permissions_resolved = true
+            permissions
+          end
+
         # @!visibility public
         #
         # Permit one or more `actions` to be performed on a given `resource`.
@@ -167,6 +198,8 @@ module Shamu
         # called if the resource offered to {#permit?} is a Class or Module.
         #
         # @example
+          # end
+          # end
         #   permit :read, UserEntity
         #   permit :show, :dashboard
         #   permit :update, UserEntity do |user|
@@ -185,8 +218,9 @@ module Shamu
         # @yieldparam [Object] additional_context offered to {#permit?}.
         # @yieldreturn [:yes, :maybe, false] see {#permit?}.
         # @return [void]
-        def permit( *actions, resource, &block )
+        def permit( *actions, &block )
           result = @when_elevated ? :maybe : :yes
+          resource, actions = extract_resource( actions )
 
           add_rule( actions, resource, result, &block )
         end
@@ -200,7 +234,8 @@ module Shamu
         # @yield (see #permit)
         # @yieldparam (see #permit)
         # @yieldreturn [Boolean] true to deny the action.
-        def deny( *actions, resource, &block )
+        def deny( *actions, &block )
+          resource, actions = extract_resource( actions )
           add_rule( actions, resource, false, &block )
         end
 
@@ -247,9 +282,41 @@ module Shamu
           aliases[to] |= actions
         end
 
+        # @!visibility public
+        #
+        # Define the `resource` to {#permit} or {#deny} access to. Inside the
+        # block you can omit the `resource` param on DSL methods that expect
+        # it.
+        #
+        # @example
+        #   resource UserEntity do
+        #     permit :read
+        #     permit :update do |user|
+        #       user.id == principal.user_id
+        #     end
+        #
+        #     permit :chop, OtherKindOfEntity
+        #   end
+        def resource( resource )
+          last_resource = @dsl_resource
+          @dsl_resource = resource
+          yield
+        ensure
+          @dsl_resource = last_resource
+        end
+
         #
         # @!endgroup DSL
 
+        def dsl_resource
+          @dsl_resource || fail( "Provide a `resource` argument or use a #resource block to declare the protected resource." ) # rubocop:disable Metrics/LineLength
+        end
+
+        def extract_resource( actions )
+          resource = actions.last.is_a?( Symbol ) ? dsl_resource : actions.pop
+          [ resource, actions ]
+        end
+
         def add_rule( actions, resource, result, &block )
           rules.unshift PolicyRule.new( expand_aliases( actions ), resource, result, block )
         end

data/lib/shamu/security/policy_rule.rb

@@ -33,6 +33,7 @@ module Shamu
       #
       # @return [Boolean] true if the rule is a match.
       def match?( action, resource, additional_context )
+        return true  if actions.include? :any
         return false unless actions.include? action
         return false unless resource_match?( resource )
 
@@ -52,8 +53,11 @@ module Shamu
         def resource_match?( candidate )
           return true if resource == candidate
           return true if resource.is_a?( Module ) && candidate.is_a?( resource )
+
+          # Allow 'doubles' to match in specs
+          true if defined?( RSpec::Mocks::Double ) && candidate.is_a?( RSpec::Mocks::Double )
         end
 
     end
   end
-end
+end

data/lib/shamu/security/roles.rb

@@ -27,7 +27,7 @@ module Shamu
         # @param [Array<Symbol>] roles
         # @return [Array<Symbol>] the expanded roles.
         def expand_roles( *roles )
-          expand_roles_into( roles, [] )
+          expand_roles_into( roles, Set.new ).to_a
         end
 
         # @param [Symbol] the role to check.
@@ -39,6 +39,8 @@ module Shamu
         private
 
           def expand_roles_into( roles, expanded )
+            raise "No roles defined for #{ name }" unless self.roles.present?
+
             roles.each do |name|
               name = name.to_sym
 
@@ -59,4 +61,4 @@ module Shamu
       end
     end
   end
-end
+end

data/lib/shamu/security/support.rb

@@ -23,7 +23,7 @@ module Shamu
 
       included do
         attr_dependency :security_principal, Security::Principal unless method_defined? :security_principal
-        attr_dependency :roles_service, Security::RolesService unless method_defined? :roles_service
+        attr_dependency :roles_service, Security::RolesService
       end
 
       # @return [Policy] the security {Policy} for the service.
@@ -79,6 +79,20 @@ module Shamu
           security_principal.service_delegate?
         end
 
+
+      class_methods do
+
+        # Define the {Policy} class to use when enforcing policy on the service
+        # methods.
+        def policy_class( klass )
+          define_method :policy_class do
+            klass
+          end
+
+          private :policy_class
+        end
+      end
+
     end
   end
-end
+end

data/lib/shamu/security.rb

@@ -3,6 +3,7 @@ module Shamu
   module Security
     require "shamu/security/error"
     require "shamu/security/principal"
+    require "shamu/security/delegate_principal"
     require "shamu/security/policy"
     require "shamu/security/policy_rule"
     require "shamu/security/no_policy"
@@ -40,4 +41,4 @@ module Shamu
     end
 
   end
-end
+end

data/lib/shamu/services/active_record.rb

@@ -4,9 +4,20 @@ module Shamu
     # Helper methods useful for services that interact with {ActiveRecord::Base}
     # models.
     module ActiveRecord
+      extend ActiveSupport::Concern
+
+      included do
+        # Override to make sure we always catch ActiveRecord not found errors.
+        def with_request( * )
+          wrap_not_found do
+            super
+          end
+        end
+      end
 
       private
 
+
         # @!visibility public
         #
         # Watch for ActiveRecord::RecordNotFound errors and rethrow as a

data/lib/shamu/services/active_record_crud.rb

@@ -43,7 +43,7 @@ module Shamu
       extend ActiveSupport::Concern
 
       # Known DSL methods defined by {ActiveRecordCrud}.
-      DSL_METHODS = %i[ create update change destroy find list lookup finders ].freeze
+      DSL_METHODS = %i[ create update change destroy find list lookup finders crud ].freeze
 
       included do |base|
         base.include Shamu::Services::RequestSupport
@@ -120,7 +120,7 @@ module Shamu
           define_singleton_method( :model_class )  { model_class }
 
           ( Array( methods ) & DSL_METHODS ).each do |method|
-            send method
+            send :"define_#{ method }"
           end
 
           define_build_entities( &block )
@@ -236,7 +236,7 @@ module Shamu
 
             with_request params, klass do |request, *args|
               record = default_scope.find( request.id )
-              authorize! :destroy, build_entity( record )
+              authorize! :destroy, build_entity( record ), request
 
               instance_exec record, request, *args, &block if block_given?
               next record unless record.destroy

data/lib/shamu/services/request.rb

@@ -54,33 +54,35 @@ module Shamu
 
       # Execute block if the request is satisfied by the service successfully.
       def on_success( &block )
-        @on_success_callbacks ||= []
-        @on_success_callbacks << block
+        @on_success_blocks ||= []
+        @on_success_blocks << block
       end
 
       # Execute block if the request is not satisfied by the service.
       def on_fail( &block )
-        @on_fail_callbacks ||= []
-        @on_fail_callbacks << block
+        @on_fail_blocks ||= []
+        @on_fail_blocks << block
       end
 
       # Execute block when the service is done processing the request.
       def on_complete( &block )
-        @on_complete_callbacks ||= []
-        @on_complete_callbacks << block
+        @on_complete_blocks ||= []
+        @on_complete_blocks << block
       end
 
-      # Run any {#on_success} or #{on_fail} callbacks.
+      # Mark the request as complete and run any {#on_success} or #{on_fail}
+      # callbacks.
+      #
       # @param [Boolean] success true if the request was completed
       # successfully.
-      def run_callbacks( success )
+      def complete( success )
         if success
-          @on_success_callbacks && @on_success_callbacks.each( &:call )
+          @on_success_blocks && @on_success_blocks.each( &:call )
         else
-          @on_fail_callbacks && @on_fail_callbacks.each( &:call )
+          @on_fail_blocks && @on_fail_blocks.each( &:call )
         end
 
-        @on_fail_callbacks && @on_fail_callbacks.each( &:call )
+        @on_complete_blocks && @on_complete_blocks.each( &:call )
       end
 
       class << self

data/lib/shamu/services/request_support.rb

@@ -91,7 +91,7 @@ module Shamu
           sources = yield( request )
 
           result = Result.coerce( sources, request: request )
-          request.run_callbacks( result.valid? )
+          request.complete( result.valid? )
 
           result
         end

data/lib/shamu/version.rb

@@ -2,7 +2,7 @@
 
 module Shamu
   # The primary version number
-  VERSION_NUMBER  = "0.0.18"
+  VERSION_NUMBER  = "0.0.19"
 
   # Version suffix such as 'beta' or 'alpha'
   VERSION_SUFFIX  = ""

data/spec/lib/shamu/entities/entity_spec.rb

@@ -11,12 +11,32 @@ describe Shamu::Entities::Entity do
     end
   end
 
-  describe "#to_attributes" do
+  context "with instance" do
     let( :user )     { OpenStruct.new( name: "Heisenberg", email: "blue@rock.com" ) }
     let( :instance ) { klass.new( user: user ) }
 
-    it "does not include model attributes" do
-      expect( instance.to_attributes ).not_to have_key :user
+    describe "#to_attributes" do
+
+      it "does not include model attributes" do
+        expect( instance.to_attributes ).not_to have_key :user
+      end
+    end
+
+    describe "#redact" do
+      it "clears the assigned attribute" do
+        redacted = instance.redact( :name )
+        expect( redacted.name ).to be_nil
+      end
+
+      it "it returns instance of the same type" do
+        redacted = instance.redact( :name )
+        expect( redacted ).to be_a klass
+      end
+
+      it "assigns redacted values" do
+        redacted = instance.redact( name: "REDACTED" )
+        expect( redacted.name ).to eq "REDACTED"
+      end
     end
   end
 
@@ -53,4 +73,4 @@ describe Shamu::Entities::Entity do
       expect( klass.null_entity.new.name ).to eq "Unknown"
     end
   end
-end
+end

data/spec/lib/shamu/security/active_record_policy_spec.rb

@@ -1,10 +1,17 @@
 require "spec_helper"
 require "shamu/active_record"
 
+module ActiveRecordPolicySpec
+  class Policy < Shamu::Security::ActiveRecordPolicy
+    def permissions
+    end
+  end
+end
+
 describe Shamu::Security::ActiveRecordPolicy do
   use_active_record
 
-  let( :policy ) { Shamu::Security::ActiveRecordPolicy.new }
+  let( :policy ) { ActiveRecordPolicySpec::Policy.new }
 
   describe "#refine_relation" do
     before( :each ) do
@@ -35,4 +42,4 @@ describe Shamu::Security::ActiveRecordPolicy do
       end.to change { policy.send( :refinements ).length }
     end
   end
-end
+end

data/spec/lib/shamu/security/policy_spec.rb

@@ -7,11 +7,11 @@ describe Shamu::Security::Policy do
   let( :klass ) do
     Class.new( Shamu::Security::Policy ) do
       role :super_user, inherits: :admin
-      role :admin, inherits: :user
-      role :user
+      role :admin, inherits: :authenticated
+      role :authenticated
 
       public :in_role?, :add_rule, :rules, :permit, :deny, :when_elevated,
-             :alias_action, :expand_aliases
+             :alias_action, :expand_aliases, :resource
     end
   end
 
@@ -40,16 +40,16 @@ describe Shamu::Security::Policy do
   end
 
   describe "#in_role?" do
-    it "is true for :user when principal is signed in" do
+    it "is true for :authenticated when principal is signed in" do
       allow( policy.principal ).to receive( :user_id ).and_return 1
 
-      expect( policy.in_role?( :user ) ).to be_truthy
+      expect( policy.in_role?( :authenticated ) ).to be_truthy
     end
 
-    it "is false for :user when principal is anonymous" do
+    it "is false for :authenticated when principal is anonymous" do
       allow( policy.principal ).to receive( :user_id ).and_return nil
 
-      expect( policy.in_role?( :user ) ).to be_falsy
+      expect( policy.in_role?( :authenticated ) ).to be_falsy
     end
 
     it "is true for an explicitly assigned role" do
@@ -110,7 +110,7 @@ describe Shamu::Security::Policy do
     it "adds a :maybe rule when defined within #when_elevated" do
       allow( policy ).to receive( :permissions ) do
         policy.when_elevated do
-          policy.permit :do, :stuff
+          policy.permit :do, :stuff, nil
         end
       end
 
@@ -118,6 +118,28 @@ describe Shamu::Security::Policy do
     end
   end
 
+  describe "#resource" do
+    it "fails if no resource block and resource omitted to permit" do
+      expect do
+        policy.permit :read
+      end.to raise_exception( /resource/ )
+    end
+
+    it "uses the dsl resource when omitted" do
+      expect( policy ).to receive( :add_rule ).with( [ :read ], Object, :yes )
+      policy.resource Object do
+        policy.permit :read
+      end
+    end
+
+    it "uses an explicit resource when provided" do
+      expect( policy ).to receive( :add_rule ).with( [ :read ], Symbol, :yes )
+      policy.resource Object do
+        policy.permit :read, Symbol
+      end
+    end
+  end
+
   describe "#add_rule" do
     before( :each ) do
       allow( policy ).to receive( :permissions )
@@ -155,4 +177,4 @@ describe Shamu::Security::Policy do
       expect( policy.expand_aliases( [ :read ] ) ).to include :index
     end
   end
-end
+end

data/spec/lib/shamu/services/active_record_crud_spec.rb

@@ -74,7 +74,7 @@ describe Shamu::Services::ActiveRecordCrud do
 
     Shamu::Services::ActiveRecordCrud::DSL_METHODS.each do |method|
       it "defines standard DSL method `#{ method }` when passed via `:methods`" do
-        expect( klass ).to receive( method )
+        expect( klass ).to receive( :"define_#{ method }" )
         klass.resource( ActiveRecordCrudSpec::FavoriteEntity, ActiveRecordSpec::Favorite, methods: method )
       end
     end
@@ -434,7 +434,8 @@ describe Shamu::Services::ActiveRecordCrud do
     it "calls #authorize!" do
       expect( service ).to receive( :authorize! ).with(
         :destroy,
-        kind_of( ActiveRecordCrudSpec::FavoriteEntity )
+        kind_of( ActiveRecordCrudSpec::FavoriteEntity ),
+        kind_of( ActiveRecordCrudSpec::Request::Destroy )
       )
 
       service.destroy entity.id

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: shamu
 version: !ruby/object:Gem::Version
-  version: 0.0.18
+  version: 0.0.19
 platform: ruby
 authors:
 - Paul Alexander
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-08 00:00:00.000000000 Z
+date: 2017-06-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel