toni 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c0672f47c55346d477e4489c4cefcb1f0e000c9b
-  data.tar.gz: 8cdca30ac45fd0d3674236da33729e9042938400
+  metadata.gz: 7ac2b196171e40bf0d69e5c191c4a9435ce3855a
+  data.tar.gz: 587bbdcb7dd9a86db28551388a8efe786b6ceaa6
 SHA512:
-  metadata.gz: 162bce0becb671e9bf13c50ce2667a8b096cef24bf10e0358f1e4f06d33136458994ffea265134c595f8dc9b5adf8ef7da549a0a828a5eed73a6bf8f60c04388
-  data.tar.gz: d20995225334b18c8ac4435ea7c3d2fdf952742679db715f44804d5f3ed1e666c56190ddc96422d0a0b4bfd2d47d5318aea306dab2cc8104ce1b42e3c175460d
+  metadata.gz: bdadf5d1db3e86f10963fda52f7b810d2f1ad87c071a0959d871f3f28a9bbac9dae2e28838eeaa7bfb3e4eb9f60ecf7fe88476cb2bff28e00de6415fd940b177
+  data.tar.gz: aa782e08c89471234beb82c2690f29c6ed0f8a10dc9e597e2ef8cd159784bf86d59278daf56e318301d43d6b83324d4c00e5fb6331618e64e2abca87c3752902

data/.travis.yml

@@ -2,7 +2,8 @@ language: ruby
 rvm:
   - 2.1.0
   - 2.0.0
+  - jruby-19mode
 addons:
   code_climate:
-    repo_token: 53df9a1d69568057bc007b09
+    repo_token: a08fee81d94a545de3cd98a06528c3428d7ec70cae31137730bdf10664eb0a61
 script: bundle exec rspec spec

data/Gemfile

@@ -3,4 +3,7 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in toni.gemspec
 gemspec
 
-gem "codeclimate-test-reporter", group: :test, require: nil
+gem "codeclimate-test-reporter", group: :test, require: nil
+gem "sqlite3", group: :test, platform: :ruby
+gem "jdbc-sqlite3", group: :test, platform: :jruby
+gem "activerecord-jdbcsqlite3-adapter", group: :test, platform: :jruby

data/README.md

@@ -1,9 +1,9 @@
 # Toni
-[![Build Status](https://travis-ci.org/jalyna/toni.svg?branch=master)](https://travis-ci.org/jalyna/toni) [![Code Climate](https://codeclimate.com/github/jalyna/toni/badges/gpa.svg)](https://codeclimate.com/github/jalyna/toni) [![Inline docs](http://inch-ci.org/github/jalyna/toni.png?branch=master)](http://inch-ci.org/github/jalyna/toni)
+[![Gem Version](https://badge.fury.io/rb/toni.svg)](http://badge.fury.io/rb/toni) [![Build Status](https://travis-ci.org/jalyna/toni.svg?branch=master)](https://travis-ci.org/jalyna/toni) [![Code Climate](https://codeclimate.com/github/jalyna/toni/badges/gpa.svg)](https://codeclimate.com/github/jalyna/toni) [![Test Coverage](https://codeclimate.com/github/jalyna/toni/badges/coverage.svg)](https://codeclimate.com/github/jalyna/toni) [![Inline docs](http://inch-ci.org/github/jalyna/toni.png?branch=master)](http://inch-ci.org/github/jalyna/toni)
 
 Toni enables you to create a centralized authorization rules configuration with a readable DSL, 
 similar to [declarative authorization](https://github.com/stffn/declarative_authorization), but not required to use with Ruby on Rails. 
-Internally the Gem is using RSpec Matchers. You can use Toni with **Sinatra** and **Ruby on Rails**.
+Internally the Gem is using RSpec Matchers. You can use Toni with **[Sinatra](#sinatra)** and **[Ruby on Rails](#ruby-on-rails)**.
 
 ## Installation
 
@@ -23,14 +23,113 @@ Or install it yourself as:
 
 ### Setup Authorization Rules
 
-TODO: Write usage instructions here
+To setup the rules that your toni uses you have to create a `authorization_rules.rb` file e.g. in your config folder:
 
-### Ruby on Rails
+```ruby
+# Guest role gets automatically assigned if you don't have a current_user
+role :guest do
+  has_permission_on :books, to: :read
+end
 
-TODO: Write usage instructions here
+role :author do
+  has_permission_on :books, to: [:create, :read, :update, :delete] do
+    expect_attribute :author_id { eq(current_user.id) }
+  end
+end
+
+role :admin do
+  has_permission_on :books, to: [:create, :read, :update, :delete]
+  has_permission_on :users, to: :delete do
+    expect_attribute :id { not.eq(current_user.id) }
+  end
+end
+```
+
+### Assign Roles
+
+To provide roles it is necessary to pass a `current_user` that provides a `role_symbols` method.
+
+```ruby
+class User
+  def role_symbols
+    [:user, :admin]
+  end
+end
+
+Toni.current_user = User.new
+```
+
+What logic this method contains is up to you.
 
 ### Sinatra
 
+The Toni Sinatra Module provides some usefule helpers and an error handling which can be useful
+if you want to map not authorized errors. And there is a `permitted_to` method where you can pass a block that gets executed when the current user has the demanded permissions.
+
+```ruby
+require "toni/sinatra"
+
+class AuthorizationApp < Sinatra::Base
+  # Register Toni Sinatra
+  register Toni::Sinatra
+
+  before do
+    # Set user after authentication
+    Toni.current_user = User.new
+  end
+
+  not_authorized do |e|
+    # Map NotAuthorizedError to 403
+    halt 403
+  end
+
+  set :show_exceptions, false
+
+  get '/' do
+    # This won't throw an exception, remove bang: false if you
+    # want that the not_authorized error handler is called
+    permitted_to(:read, :books, bang: false) do
+      "You can read books!"
+    end
+  end
+
+  get '/another_page' do
+    without_authorization do
+      "Hello world"
+    end
+  end
+end
+```
+
+A more detailed example can be found in [examples/sinatra](examples/sinatra).
+
+### Testing with RSpec
+
+To setup Toni's RspecHelper you have to change `spec_helper.rb`:
+```ruby
+require "toni/rspec_helper"
+RSpec.configure { |c| c.include Toni::RSpecHelper }
+```
+
+Then you are able to test permissions with following matcher:
+```ruby
+expect(user).to have_permission_on :books, to: :read
+expect(user).to_not have_permission_on :books, to: :create
+```
+
+By default your specs are running with authorization. If you want to exclude parts or execute with a specific user you can use:
+```ruby
+without_authorization do
+  book.create
+end
+
+with_user(user) do
+  book.save
+end
+```
+
+### Ruby on Rails
+
 TODO: Write usage instructions here
 
 ## Contributing

data/examples/sinatra/README.md

@@ -0,0 +1,9 @@
+# Toni in Sinatra
+
+## Installation
+    $ bundle
+    $ rackup
+
+## Further notes
+
+To setup sinatra with active record please have a look at the rails example (TODO).

data/examples/sinatra/app.rb

@@ -0,0 +1,33 @@
+require 'toni'
+require 'toni/sinatra'
+require 'sinatra'
+require 'CGI'
+require './user'
+
+class AuthorizationApp < Sinatra::Base
+  register Toni::Sinatra
+
+  before do
+    # Set user after authentication
+    Toni.current_user = User.new
+  end
+
+  not_authorized do |e|
+    # Map NotAuthorizedError to 403
+    halt 403, CGI.escapeHTML(e.message)
+  end
+
+  set :show_exceptions, false
+
+  get '/' do
+    permitted_to(:read, :books, bang: false) do
+      "You can read books!"
+    end
+  end
+
+  get '/create' do
+    permitted_to(:create, :books) do
+      "You can create books"
+    end
+  end
+end

data/examples/sinatra/config/authorization_rules.rb

@@ -0,0 +1,7 @@
+role :user do
+  has_permission_on :books, to: :read
+end
+
+role :admin do
+  has_permission_on :books, to: :create
+end

data/examples/sinatra/config.ru

@@ -0,0 +1,2 @@
+require './app'
+run AuthorizationApp

data/examples/sinatra/spec/authorization_rules_spec.rb

@@ -0,0 +1,20 @@
+require "spec_helper"
+
+describe "Authorization Rules" do
+  describe "user" do
+    it "is permitted to read books" do
+      user = double("user", role_symbols: [:user])
+      expect(user).to have_permission_on :books, to: :read
+    end
+    it "is not permitted to create books" do
+      user = double("user", role_symbols: [:user])
+      expect(user).to_not have_permission_on :books, to: :create
+    end
+  end
+  describe "admin" do
+    it "is permitted to create books" do
+      user = double("user", role_symbols: [:admin])
+      expect(user).to have_permission_on :books, to: :create
+    end
+  end
+end

data/examples/sinatra/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+require "rspec"
+require "toni/rspec_helper"
+
+require 'rack/test'
+
+require File.expand_path '../../app.rb', __FILE__
+
+ENV['RACK_ENV'] = 'test'
+
+RSpec.configure { |c| c.include Toni::RSpecHelper }

data/examples/sinatra/user.rb

@@ -0,0 +1,7 @@
+class User
+
+  def role_symbols
+    [:user]
+  end
+
+end

data/lib/toni/anonymous_user.rb

@@ -1,4 +1,4 @@
-class Toni
+module Toni
   class AnonymousUser
     def role_symbols
       [:guest]

data/lib/toni/builder.rb

@@ -2,7 +2,7 @@ require "toni/role"
 require "toni/permission"
 require "rspec/matchers"
 
-class Toni
+module Toni
   class Builder
 
     attr_reader :roles
@@ -46,8 +46,7 @@ class Toni
       attr_reader :permission
 
       def initialize(resource_name, options={}, &block)
-        options[:to] ||= [:manage]
-        @permission = Permission.new(resource_name, options[:to])
+        @permission = Permission.new(resource_name, [*options[:to]])
         if block_given?
           instance_eval &block
         end
@@ -84,6 +83,14 @@ class Toni
         Toni.current_user
       end
 
+      def not
+        Toni::PermissionMatcher::NotMatcher.new
+      end
+
+      def permitted_to(activity)
+        Toni::PermissionMatcher::PermittedToMatcher.new(activity)
+      end
+
     end
 
   end

data/lib/toni/permission.rb

@@ -1,14 +1,14 @@
 require "toni/permission_matcher"
 
-class Toni
+module Toni
   class Permission
 
     attr_reader :resource_name, :matchers, :activities
 
     def initialize(resource_name, activities = [])
-      @resource_name = resource_name
-      @matchers = []
-      @activities = activities
+      @resource_name  = resource_name
+      @matchers       = []
+      @activities     = activities
     end
 
     def add_matcher(method_name, matcher, is_attr = false)

data/lib/toni/permission_matcher.rb

@@ -1,12 +1,12 @@
-class Toni
+module Toni
   class PermissionMatcher
 
     attr_reader :method_name, :matcher, :is_attr
 
     def initialize(method_name, matcher, is_attr = false)
-      @method_name = method_name
-      @matcher = matcher
-      @is_attr = is_attr
+      @method_name  = method_name
+      @matcher      = matcher
+      @is_attr      = is_attr
     end
 
     def matches?(object)
@@ -16,5 +16,39 @@ class Toni
       matcher.matches?(object.send(method_name))
     end
 
+    class NotMatcher
+      attr_reader :matcher
+
+      def initialize
+        @matcher = nil
+      end
+
+      def method_missing(method_name, *args)
+        builder  = Toni::Builder::ExpectationBuilder.new
+        if builder.respond_to?(method_name)
+          @matcher = builder.send(method_name, *args)
+        else
+          super
+        end
+      end
+
+      def matches?(object)
+        raise Toni::MissingMatcherError if @matcher.nil?
+        !@matcher.matches?(object)
+      end
+    end
+
+    class PermittedToMatcher
+
+      def initialize(activity)
+        @activity = activity
+      end
+
+      def matches?(object)
+        Toni.permitted_to?(@activity, object)
+      end
+
+    end
+
   end
 end

data/lib/toni/role.rb

@@ -1,12 +1,12 @@
-class Toni
+module Toni
   class Role
 
     attr_reader :role_symbol, :ancestors, :permissions
 
     def initialize(role_symbol)
-      @role_symbol = role_symbol
-      @ancestors = []
-      @permissions = []
+      @role_symbol  = role_symbol
+      @ancestors    = []
+      @permissions  = []
     end
 
     def add_ancestor(role_symbol)

data/lib/toni/rspec_helper.rb

@@ -0,0 +1,27 @@
+require 'rspec/expectations'
+require 'toni'
+
+module Toni
+  module RSpecHelper
+    extend RSpec::Matchers::DSL
+
+    def with_user(user, &block)
+      Toni.current_user = user
+      result = yield
+      Toni.current_user = nil
+      result
+    end
+
+    def without_authorization(&block)
+      Toni.without_authorization(&block)
+    end
+
+    matcher :have_permission_on do |resource_or_name, options = {}|
+      match do |user|
+        with_user(user) do
+          [*options[:to]].all? { |a| Toni.permitted_to?(a, resource_or_name) }
+        end
+      end
+    end
+  end
+end

data/lib/toni/sinatra.rb

@@ -0,0 +1,33 @@
+require 'sinatra/base'
+
+module Toni
+  module Sinatra
+    module AuthorizationHelper
+      def permitted_to(activity, resource_or_name, options={}, &block)
+        options[:bang] = true unless options.key?(:bang)
+        if Toni.permitted_to?(activity, resource_or_name, options)
+          block.call if block_given?
+        end
+      end
+
+      def without_authorization(&block)
+        Toni.without_authorization(&block)
+      end
+    end
+
+    module AuthorizationErrorHandler
+      def not_authorized(&block)
+        error do
+          if env['sinatra.error'].instance_of? Toni::NotAuthorizedError
+            instance_exec env['sinatra.error'], &block if block_given?
+          end
+        end
+      end
+    end
+
+    def self.registered(app)
+      app.helpers   AuthorizationHelper
+      app.register  AuthorizationErrorHandler
+    end
+  end
+end

data/lib/toni/version.rb

@@ -1,3 +1,3 @@
-class Toni
-  VERSION = "0.0.1"
+module Toni
+  VERSION = "0.0.2"
 end

data/lib/toni.rb

@@ -2,36 +2,35 @@ require "toni/version"
 require "toni/anonymous_user"
 require "toni/builder"
 
-class Toni
-  AUTH_FILE = File.dirname(__FILE__) + "/authorization_rules.rb"
+module Toni
+  AUTH_FILE = "config/authorization_rules.rb"
 
   class InvalidCurrentUserError < StandardError; end
   class NoAuthorizationContextProvidedError < StandardError; end
   class NoMethodForMatcherError < StandardError; end
   class NotAuthorizedError < StandardError; end
+  class MissingMatcherError < StandardError; end
 
   class << self
-    @@without_authorization = false
-
     def current_user
-      @@curent_user ||= nil
-      @@curent_user || anonymous_user
+      @curent_user ||= nil
+      @curent_user || anonymous_user
     end
 
     def current_user=(user)
       raise InvalidCurrentUserError if !user.nil? && !user.respond_to?(:role_symbols)
-      @@curent_user = user
+      @curent_user = user
     end
 
     def roles
-      @@roles ||= build
+      @roles ||= build
     end
 
     def permitted_to?(activity, resource_or_name, options={})
-      return true if @@without_authorization
+      return true if @without_authorization
       permitted = current_roles.any?{ |r| r.permitted_to?(activity, resource_or_name, options) }
       if options[:bang] && !permitted
-        raise NotAuthorizedError.new("#{current_user.inspect} is not allowed to #{activity} on #{resource_or_name.inspect}")
+        raise NotAuthorizedError.new("#{current_user.to_s} with #{current_user.role_symbols.inspect} is not allowed to #{activity} on #{resource_or_name.inspect}")
       end
 
       permitted
@@ -42,9 +41,10 @@ class Toni
     end
 
     def without_authorization(&block)
-      @@without_authorization = true
-      yield if block_given?
-      @@without_authorization = false
+      @without_authorization = true
+      result = block_given? ? yield : nil
+      @without_authorization = false
+      result
     end
 
   private
@@ -58,7 +58,7 @@ class Toni
     end
 
     def anonymous_user
-      @@anonymous_user ||= AnonymousUser.new
+      @anonymous_user ||= AnonymousUser.new
     end
   end
-end
+end

data/spec/spec_helper.rb

@@ -3,7 +3,12 @@ CodeClimate::TestReporter.start
 
 require "active_record"
 
-ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+if ENV["RUBY_VERSION"].include?("jruby")
+  ActiveRecord::Base.establish_connection(:adapter => "jdbcsqlite3", :database => ":memory:")
+else
+  ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+end
+
 ActiveRecord::Schema.define do
   self.verbose = false
 

data/spec/toni/anonymous_user_spec.rb

@@ -1,3 +1,4 @@
+require "spec_helper"
 require "toni/anonymous_user"
 
 describe Toni::AnonymousUser do

data/spec/toni/builder_spec.rb

@@ -1,3 +1,4 @@
+require "spec_helper"
 require "toni/builder"
 
 describe Toni::Builder do
@@ -31,15 +32,15 @@ describe Toni::Builder::RoleBuilder do
 
   describe :includes do
     it "calls add_ancestor for the given role_symbol" do
+      expect(builder.role).to receive(:add_ancestor).with(:parent_user)
       builder.includes(:parent_user)
-      allow(builder.role).to receive(:add_ancestor).with(:parent_user)
     end
   end
 
   describe :has_permission_on do
     it "calls add_permission on role" do
+      expect(builder.role).to receive(:add_permission)
       builder.has_permission_on(:my_resource)
-      allow(builder.role).to receive(:add_permission)
     end
   end
 
@@ -49,6 +50,17 @@ describe Toni::Builder::PermissionBuilder do
 
   let(:builder) { Toni::Builder::PermissionBuilder.new(:resource_name) }
 
+  describe :initialize do
+    it "sets the activtities" do
+      builder = Toni::Builder::PermissionBuilder.new(:resource_name, to: [:create, :read])
+      expect(builder.permission.activities).to eq([:create, :read])
+    end
+    it "sets single activtities" do
+      builder = Toni::Builder::PermissionBuilder.new(:resource_name, to: :read)
+      expect(builder.permission.activities).to eq([:read])
+    end
+  end
+
   describe :permission do
     it "is a Permission" do
       expect(builder.permission).to be_instance_of(Toni::Permission)
@@ -57,17 +69,17 @@ describe Toni::Builder::PermissionBuilder do
 
   describe :expect_attribute do
     it "calls expect_method with is_attribute true" do
+      expect(builder).to receive(:expect_method).with(nil, true)
       builder.expect_attribute(nil)
-      allow(builder).to receive(:expect_method).with(nil, true)
     end
   end
 
   describe :expect_method do
     it "calls add_matcher on permission per method_name" do
+      expect(builder.permission).to receive(:add_matcher).with(:foo, anything, false)
+      expect(builder.permission).to receive(:add_matcher).with(:bar, anything, false)
       builder.expect_method(:foo) { nil }
       builder.expect_method(:bar) { nil }
-      allow(builder.permission).to receive(:add_matcher).with(:foo, anything)
-      allow(builder.permission).to receive(:add_matcher).with(:bar, anything)
     end
   end
 
@@ -78,7 +90,7 @@ describe Toni::Builder::ExpectationBuilder do
   let(:builder) { Toni::Builder::ExpectationBuilder.new }
 
   describe :execute do
-    it "calls block eagerly" do
+    it "calls block lazely" do
       double = double()
       builder = Toni::Builder::ExpectationBuilder.new do
         double.call
@@ -90,8 +102,8 @@ describe Toni::Builder::ExpectationBuilder do
 
   describe "uses rspec matchers" do
     it "calls rspec matcher methods" do
-      builder.be_nil
       allow(RSpec::Matchers).to receive(:be_nil)
+      builder.be_nil
     end
 
     it "sets the called matcher" do
@@ -102,4 +114,23 @@ describe Toni::Builder::ExpectationBuilder do
     end
   end
 
+  describe :not do
+    it "should create a NotMatcher" do
+      expect(builder.not).to be_instance_of(Toni::PermissionMatcher::NotMatcher)
+    end
+  end
+
+  describe :permitted_to do
+    it "should create a PermittedToMatcher" do
+      expect(builder.permitted_to(:read)).to be_instance_of(Toni::PermissionMatcher::PermittedToMatcher)
+    end
+  end
+
+  describe :current_user do
+    it "gets the toni user" do
+      expect(Toni).to receive(:current_user)
+      builder.current_user
+    end
+  end
+
 end

data/spec/toni/permission_matcher_spec.rb

@@ -1,3 +1,4 @@
+require "spec_helper"
 require "toni/permission_matcher"
 require "toni"
 require "ostruct"
@@ -77,4 +78,43 @@ describe Toni::PermissionMatcher do
     end
   end
 
+end
+
+describe Toni::PermissionMatcher::NotMatcher do
+
+  let(:not_matcher) { Toni::PermissionMatcher::NotMatcher.new }
+
+  describe :method_missing do
+    it "looks up method in ExpectationBuilder" do
+      expect { not_matcher.be_truthy }.to_not raise_error
+    end
+    it "throws error when method does not exist" do
+      expect { not_matcher.that_does_not_exist }.to raise_error
+    end
+  end
+
+  describe :matches? do
+    it "raises error when matcher is nil" do
+      expect { not_matcher.matches?(nil) }.to raise_error(Toni::MissingMatcherError)
+    end
+    it "uses matches method of matcher and flips the boolean" do
+      not_matcher.eq(nil)
+      expect(not_matcher.matches?(nil)).to eq(false)
+    end
+  end
+
+end
+
+describe Toni::PermissionMatcher::PermittedToMatcher do
+
+  let(:permitted_to_matcher) { Toni::PermissionMatcher::PermittedToMatcher.new(:read) }
+
+  describe :matches? do
+    it "calls Toni.permitted_to? for given attribute" do
+      double = double
+      expect(Toni).to receive(:permitted_to?).with(:read, double)
+      permitted_to_matcher.matches?(double)
+    end
+  end
+
 end

data/spec/toni/permission_spec.rb

@@ -1,3 +1,4 @@
+require "spec_helper"
 require "toni/permission"
 require "ostruct"
 

data/spec/toni/role_spec.rb

@@ -1,3 +1,4 @@
+require "spec_helper"
 require "toni/role"
 require "toni/permission"
 require "ostruct"

data/spec/toni/rspec_helper_spec.rb

@@ -0,0 +1,37 @@
+require "spec_helper"
+require "toni/rspec_helper"
+
+describe Toni::RSpecHelper do
+  include Toni::RSpecHelper
+
+  describe :without_authorization do
+    it "calls Toni without_authorization" do
+      expect(Toni).to receive(:without_authorization)
+      without_authorization
+    end
+  end
+
+  describe :with_user do
+    it "calls block with given user and return the result of the block" do
+      user = double("user")
+      expect(Toni).to receive(:current_user=).with(user)
+      expect(Toni).to receive(:current_user=).with(nil)
+      expect(with_user(user) { 1 }).to eq(1)
+    end
+  end
+
+  describe "have_permission_on matcher" do
+    it "returns true if all permissions are true for the given activities" do
+      user = double("user", role_symbols: [])
+      expect(Toni).to receive(:permitted_to?).with(:create, :books) { true }
+      expect(Toni).to receive(:permitted_to?).with(:read, :books) { true }
+      expect(user).to have_permission_on(:books, to: [:create, :read])
+    end
+    it "returns false if one permissions is not true for the given activities" do
+      user = double("user", role_symbols: [])
+      expect(Toni).to receive(:permitted_to?).with(:create, :books) { true }
+      expect(Toni).to receive(:permitted_to?).with(:read, :books) { false }
+      expect(user).not_to have_permission_on(:books, to: [:create, :read])
+    end
+  end
+end

data/spec/toni/sinatra_spec.rb

@@ -0,0 +1,78 @@
+require "spec_helper"
+require "toni/sinatra"
+require "rack/test"
+
+describe Toni::Sinatra::AuthorizationHelper do
+  let(:helper) {
+    Class.new do
+      include Toni::Sinatra::AuthorizationHelper
+    end.new
+  }
+
+  describe :permitted_to do
+    it "calls permitted_to? of toni, sets bang to true and calls the given block" do
+      double = double("block")
+      expect(Toni).to receive(:permitted_to?).with(:read, :books, bang: true) { true }
+      expect(double).to receive(:call)
+      helper.permitted_to(:read, :books) do
+        double.call
+      end
+    end
+
+    it "does not call the block if it is not permitted to" do
+      double = double("block")
+      expect(Toni).to receive(:permitted_to?).with(:read, :books, bang: false) { false }
+      expect(double).to_not receive(:call)
+      helper.permitted_to(:read, :books, bang: false) do
+        double.call
+      end
+    end
+  end
+
+  describe :without_authorization do
+    it "calls toni without_authorization" do
+      expect(Toni).to receive(:without_authorization)
+      helper.without_authorization
+    end
+  end
+end
+
+describe Toni::Sinatra::AuthorizationErrorHandler do
+  include Rack::Test::Methods
+
+  let(:app) {
+    Class.new(Sinatra::Base) do
+      register Toni::Sinatra
+
+      set :show_exceptions, false
+      set :raise_errors, false
+
+      not_authorized do |e|
+        halt 403, e.message
+      end
+
+      get '/' do
+        permitted_to(:read, :books) do
+          "permitted"
+        end
+      end
+    end
+  }
+
+  describe :not_authorized do
+    it "does not call error handler when permitted to" do
+      allow(Toni).to receive(:permitted_to?).with(:read, :books, anything) { true }
+      get '/'
+      expect(last_response.body).to eq("permitted")
+    end
+
+    it "calls error handler when permitted to" do
+      allow(Toni).to receive(:permitted_to?).with(:read, :books, anything) do
+        raise Toni::NotAuthorizedError.new("not authorized")
+      end
+      get '/'
+      expect(last_response.status).to eq(403)
+      expect(last_response.body).to eq("not authorized")
+    end
+  end
+end

data/spec/toni_spec.rb

@@ -1,3 +1,4 @@
+require "spec_helper"
 require "toni"
 require "ostruct"
 
@@ -6,6 +7,19 @@ describe Toni do
   let(:role_symbols) { [] }
   let(:current_user) { OpenStruct.new(role_symbols: role_symbols) }
 
+  before do
+    allow(File).to receive(:read).with(Toni::AUTH_FILE) do
+      <<-eos
+        role :guest do
+          has_permission_on :x, to: [:read, :delete]
+        end
+        role :user do
+          has_permission_on :test, to: [:read, :create]
+        end
+      eos
+    end
+  end
+
   describe ".current_user" do
     it "has a anonymous user as default" do
       expect(Toni.current_user).to be_instance_of(Toni::AnonymousUser)
@@ -29,15 +43,30 @@ describe Toni do
   end
 
   describe ".roles" do
-    pending
+    it "reads roles from auth_file" do
+      expect(Toni.roles.keys).to eq([:guest, :user])
+    end
   end
 
   describe ".current_roles" do
-    pending
+    let(:role_symbols) { [:user] }
+    it "gets the roles that are in the role_symbols methods" do
+      Toni.current_user = current_user
+      expect(Toni.current_roles).to eq([Toni.roles[:user]])
+    end
   end
 
   describe ".without_authorization" do
-    pending
+    it "executes block without authorization and returns result of the given block" do
+      with_authorization = Toni.permitted_to?(:something, :test)
+      without_authorization = false
+      expect(Toni.without_authorization do
+        without_authorization = Toni.permitted_to?(:something, :test)
+        3
+      end).to eq(3)
+      expect(with_authorization).to eq(false)
+      expect(without_authorization).to eq(true)
+    end
   end
 
   describe ".permitted_to?" do

data/toni.gemspec

@@ -27,5 +27,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec"
   spec.add_development_dependency "activerecord", "~> 4.1"
   spec.add_development_dependency "rails", "~> 4.1"
-  spec.add_development_dependency "sqlite3"
+  spec.add_development_dependency "sinatra"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: toni
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Jalyna
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-04 00:00:00.000000000 Z
+date: 2014-08-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec-expectations
@@ -95,7 +95,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '4.1'
 - !ruby/object:Gem::Dependency
-  name: sqlite3
+  name: sinatra
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
@@ -121,12 +121,21 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- examples/sinatra/README.md
+- examples/sinatra/app.rb
+- examples/sinatra/config.ru
+- examples/sinatra/config/authorization_rules.rb
+- examples/sinatra/spec/authorization_rules_spec.rb
+- examples/sinatra/spec/spec_helper.rb
+- examples/sinatra/user.rb
 - lib/toni.rb
 - lib/toni/anonymous_user.rb
 - lib/toni/builder.rb
 - lib/toni/permission.rb
 - lib/toni/permission_matcher.rb
 - lib/toni/role.rb
+- lib/toni/rspec_helper.rb
+- lib/toni/sinatra.rb
 - lib/toni/version.rb
 - spec/spec_helper.rb
 - spec/toni/anonymous_user_spec.rb
@@ -134,6 +143,8 @@ files:
 - spec/toni/permission_matcher_spec.rb
 - spec/toni/permission_spec.rb
 - spec/toni/role_spec.rb
+- spec/toni/rspec_helper_spec.rb
+- spec/toni/sinatra_spec.rb
 - spec/toni_spec.rb
 - toni.gemspec
 homepage: https://github.com/jalyna/toni
@@ -169,4 +180,6 @@ test_files:
 - spec/toni/permission_matcher_spec.rb
 - spec/toni/permission_spec.rb
 - spec/toni/role_spec.rb
+- spec/toni/rspec_helper_spec.rb
+- spec/toni/sinatra_spec.rb
 - spec/toni_spec.rb