toni 0.0.2 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7ac2b196171e40bf0d69e5c191c4a9435ce3855a
-  data.tar.gz: 587bbdcb7dd9a86db28551388a8efe786b6ceaa6
+  metadata.gz: 14722f9cb78336b60a87caf4ab45e8b7d17c37d1
+  data.tar.gz: dd9abb810b120478e41d070d04efe88dc1bd3b80
 SHA512:
-  metadata.gz: bdadf5d1db3e86f10963fda52f7b810d2f1ad87c071a0959d871f3f28a9bbac9dae2e28838eeaa7bfb3e4eb9f60ecf7fe88476cb2bff28e00de6415fd940b177
-  data.tar.gz: aa782e08c89471234beb82c2690f29c6ed0f8a10dc9e597e2ef8cd159784bf86d59278daf56e318301d43d6b83324d4c00e5fb6331618e64e2abca87c3752902
+  metadata.gz: 6ba6677c52e0da7577d75865e2f4484b1b353809dfa0b96b081e32ba9faf877fbe70447d05a85e936863275287ff74b1ee0dce03da490b4d55a4f8d9a4507fb2
+  data.tar.gz: 267549c89b11bd2c3a9c2a9364c318fdc5e2df5294bb3cb50b6c813224e409677ba74b6c3f23f49b7c90f53bf07485dd5f3cb87087ff9aa4a13868ddad00acbb

data/lib/toni.rb

@@ -1,5 +1,6 @@
 require "toni/version"
 require "toni/anonymous_user"
+require "toni/permission_filter"
 require "toni/builder"
 
 module Toni
@@ -10,6 +11,7 @@ module Toni
   class NoMethodForMatcherError < StandardError; end
   class NotAuthorizedError < StandardError; end
   class MissingMatcherError < StandardError; end
+  class MissingPermissionFilterError < StandardError; end
 
   class << self
     def current_user
@@ -40,6 +42,12 @@ module Toni
       roles.select { |role_symbol, r| current_user.role_symbols.include?(role_symbol) }.values
     end
 
+    def current_permissions_for(activity, resource_or_name)
+      current_roles.map do |r|
+        r.permissions_for(activity, resource_or_name)
+      end.flatten
+    end
+
     def without_authorization(&block)
       @without_authorization = true
       result = block_given? ? yield : nil

data/lib/toni/in_model.rb

@@ -0,0 +1,50 @@
+module Toni
+  module InModel
+    def self.included(base)
+      base.extend(ClassMethods)
+
+      [:create, :update, :destroy].each do |action|
+        base.send(:"before_#{action}") do |object|
+          activity = action == :destroy ? :delete : action
+          Toni.permitted_to?(activity, object, bang: true)
+        end
+      end
+
+      base.send(:after_find) do |object|
+        Toni.permitted_to?(:read, object, bang: true)
+      end
+
+      # TODO: Should be active record only
+      base.scope :permitted_to, -> {
+        base.send(:filter_by_permissions)
+      }
+    end
+
+    module ClassMethods
+
+      private
+
+      def filter_by_permissions
+        where(*scope_for_filter_permissions)
+      end
+
+      def scope_for_filter_permissions
+        permissions = Toni.current_permissions_for(:read, authorization_context)
+        return ["0 = 1"] if permissions.empty?
+        permissions.inject([""]) do |cond, p|
+          conditions = p.matchers.map(&:filter_condition).compact.inject([""]) do |cond2, filter_cond|
+            concat_filters(cond2, filter_cond)
+          end
+          concat_filters(cond, conditions, " OR ")
+        end
+      end
+
+      def concat_filters(cond, conditions, separator=" AND ")
+        return cond if conditions[0] == ""
+        cond[0] = "#{cond[0]}#{separator unless cond[0].empty?}(#{conditions[0]})"
+        cond.push(*conditions[1..-1])
+        cond
+      end
+    end
+  end
+end

data/lib/toni/permission.rb

@@ -12,12 +12,16 @@ module Toni
     end
 
     def add_matcher(method_name, matcher, is_attr = false)
-      @matchers << PermissionMatcher.new(method_name, matcher, is_attr)
+      @matchers << PermissionMatcher::Base.new(method_name, matcher, is_attr)
     end
 
-    def permitted_to?(activity, res, options={})
+    def permission_for?(activity, res)
       resource_name == (res.is_a?(Symbol) ? res : res.class.authorization_context) &&
-        activities.include?(activity) && matches?(res)
+        activities.include?(activity)
+    end
+
+    def permitted_to?(activity, res, options={})
+      permission_for?(activity, res) && matches?(res)
     end
 
   private

data/lib/toni/permission_filter.rb

@@ -0,0 +1,81 @@
+module Toni
+  class PermissionFilter
+    attr_reader :permission_matcher
+
+    def self.permission_filters
+      @filterable_matchers ||= constants.select do |c|
+        const_get(c).is_a?(Class)
+      end
+    end
+
+    def initialize(permission_matcher)
+      @permission_matcher = permission_matcher
+    end
+
+    def filter_condition
+      raise "implement me"
+    end
+
+    def matcher
+      permission_matcher.matcher
+    end
+
+    def attr_name
+      permission_matcher.method_name
+    end
+
+    class Eq < PermissionFilter
+      def filter_condition
+        ["#{attr_name} = ?", matcher.expected]
+      end
+
+      def filter_condition_inverse
+        ["#{attr_name} != ?", matcher.expected]
+      end
+    end
+
+    class BeNil < PermissionFilter
+      def filter_condition
+        ["#{attr_name} IS NULL"]
+      end
+
+      def filter_condition_inverse
+        ["#{attr_name} IS NOT NULL"]
+      end
+    end
+
+    class BeTruthy < PermissionFilter
+      def filter_condition
+        ["#{attr_name} IS NOT NULL AND #{attr_name} != ''"]
+      end
+
+      def filter_condition_inverse
+        BeFalsey.new(permission_matcher).filter_condition
+      end
+    end
+
+    class BeFalsey < PermissionFilter
+      def filter_condition
+        ["#{attr_name} = '' OR #{attr_name} IS NULL"]
+      end
+
+      def filter_condition_inverse
+        BeTruthy.new(permission_matcher).filter_condition
+      end
+    end
+
+    class BeBetween < PermissionFilter
+      def filter_condition
+        ["#{attr_name} >= ? AND #{attr_name} <= ?", 
+          matcher.instance_variable_get(:@min),
+          matcher.instance_variable_get(:@max)]
+      end
+
+      def filter_condition_inverse
+        ["#{attr_name} < ? OR #{attr_name} > ?", 
+          matcher.instance_variable_get(:@min),
+          matcher.instance_variable_get(:@max)]
+      end
+    end
+  end
+end

data/lib/toni/permission_matcher.rb

@@ -1,54 +1,4 @@
-module Toni
-  class PermissionMatcher
-
-    attr_reader :method_name, :matcher, :is_attr
-
-    def initialize(method_name, matcher, is_attr = false)
-      @method_name  = method_name
-      @matcher      = matcher
-      @is_attr      = is_attr
-    end
-
-    def matches?(object)
-      unless object.respond_to?(method_name)
-        raise Toni::NoMethodForMatcherError.new("#{method_name} is not defined for #{object.inspect}")
-      end
-      matcher.matches?(object.send(method_name))
-    end
-
-    class NotMatcher
-      attr_reader :matcher
-
-      def initialize
-        @matcher = nil
-      end
-
-      def method_missing(method_name, *args)
-        builder  = Toni::Builder::ExpectationBuilder.new
-        if builder.respond_to?(method_name)
-          @matcher = builder.send(method_name, *args)
-        else
-          super
-        end
-      end
-
-      def matches?(object)
-        raise Toni::MissingMatcherError if @matcher.nil?
-        !@matcher.matches?(object)
-      end
-    end
-
-    class PermittedToMatcher
-
-      def initialize(activity)
-        @activity = activity
-      end
-
-      def matches?(object)
-        Toni.permitted_to?(@activity, object)
-      end
-
-    end
-
-  end
-end
+require 'toni/permission_matcher/has_matcher'
+require 'toni/permission_matcher/base'
+require 'toni/permission_matcher/not_matcher'
+require 'toni/permission_matcher/permitted_to_matcher'

data/lib/toni/permission_matcher/base.rb

@@ -0,0 +1,31 @@
+module Toni
+  module PermissionMatcher
+
+    class Base
+
+      include HasMatcher
+
+      attr_reader :method_name, :is_attr
+
+      def initialize(method_name, matcher, is_attr = false)
+        @method_name  = method_name
+        @matcher      = matcher
+        @is_attr      = is_attr
+      end
+
+      def matches?(object)
+        unless object.respond_to?(method_name)
+          raise Toni::NoMethodForMatcherError.new("#{method_name} is not defined for #{object.inspect}")
+        end
+        matcher.matches?(object.send(method_name))
+      end
+
+      def filter_condition
+        return nil unless is_attr
+        super
+      end
+
+    end
+
+  end
+end

data/lib/toni/permission_matcher/has_matcher.rb

@@ -0,0 +1,41 @@
+module Toni
+  module PermissionMatcher
+
+    module HasMatcher
+
+      def self.included(base)
+        base.send(:attr_reader, :matcher)
+      end
+
+      def matches?(object)
+        raise "implement me"
+      end
+
+      def filter_condition
+        return matcher.filter_condition if matcher.respond_to?(:filter_condition)
+
+        filter = permission_filter
+        if filter.nil?
+          raise Toni::MissingPermissionFilterError.new("No permission matcher for #{matcher.class.inspect}")
+        end
+
+        filter.filter_condition
+      end
+
+    private
+
+      def permission_filter
+        if permission_filter_class
+          Toni::PermissionFilter.const_get(permission_filter_class).new(self)
+        end
+      end
+
+      def permission_filter_class
+        @permission_filter ||= Toni::PermissionFilter.permission_filters.detect do |c|
+          !matcher.class.name.nil? && c.to_s.split('::').last == matcher.class.name.split('::').last
+        end
+      end
+    end
+
+  end
+end

data/lib/toni/permission_matcher/not_matcher.rb

@@ -0,0 +1,37 @@
+module Toni
+  module PermissionMatcher
+
+    class NotMatcher
+
+      include HasMatcher
+
+      def initialize
+        @matcher = nil
+      end
+
+      def method_missing(method_name, *args)
+        builder  = Toni::Builder::ExpectationBuilder.new
+        if builder.respond_to?(method_name)
+          @matcher = builder.send(method_name, *args)
+        else
+          super
+        end
+      end
+
+      def matches?(object)
+        raise Toni::MissingMatcherError if @matcher.nil?
+        !@matcher.matches?(object)
+      end
+
+      def filter_condition
+        filter = permission_filter
+        unless filter && filter.respond_to?(:filter_condition_inverse)
+          raise Toni::MissingPermissionFilterError.new("No permission matcher for #{matcher.class.inspect}")
+        end
+
+        filter.filter_condition_inverse
+      end
+    end
+
+  end
+end

data/lib/toni/permission_matcher/permitted_to_matcher.rb

@@ -0,0 +1,15 @@
+module Toni
+  module PermissionMatcher
+    class PermittedToMatcher
+
+      def initialize(activity)
+        @activity = activity
+      end
+
+      def matches?(object)
+        Toni.permitted_to?(@activity, object)
+      end
+
+    end
+  end
+end

data/lib/toni/role.rb

@@ -26,6 +26,14 @@ module Toni
       end
     end
 
+    def permissions_for(activity, res)
+      unless res.is_a?(Symbol) || res.class.respond_to?(:authorization_context)
+        raise Toni::NoAuthorizationContextProvidedError
+      end
+      res = res.class.authorization_context unless res.is_a?(Symbol)
+      current_permissions.select { |p| p.permission_for?(activity, res) }
+    end
+
   private
 
     def current_permissions

data/lib/toni/version.rb

@@ -1,3 +1,3 @@
 module Toni
-  VERSION = "0.0.2"
+  VERSION = "0.1.0"
 end

data/spec/toni/in_model_spec.rb

@@ -0,0 +1,135 @@
+require "toni"
+require "toni/in_model"
+require "active_record"
+require "spec_helper"
+
+describe Toni::InModel do
+  let(:record_class) do
+    Class.new(ActiveRecord::Base) do
+      def self.table_name
+        :test
+      end
+      def self.authorization_context
+        :resource_name
+      end
+    end
+  end
+
+  let(:record) { record_class.new }
+
+  before do
+    record_class.destroy_all
+    allow(Toni).to receive(:current_roles) { [] }
+  end
+
+  context :before_filter do
+    it "adds before filter on include" do
+      expect(record_class).to receive(:before_destroy)
+      expect(record_class).to receive(:before_create)
+      expect(record_class).to receive(:before_update)
+      expect(record_class).to receive(:after_find)
+      record_class.send(:include, Toni::InModel)
+    end
+
+    it "calls permitted_to? if records gets found" do
+      record_class.send(:include, Toni::InModel)
+      Toni.without_authorization { record.save }
+      allow(Toni).to receive(:permitted_to?) { true }
+      expect(Toni).to receive(:permitted_to?).with(:read, record_class, bang: true)
+      record_class.find(record.id)
+    end
+
+    it "calls permitted_to? if records gets created" do
+      record_class.send(:include, Toni::InModel)
+      allow(Toni).to receive(:permitted_to?) { true }
+      expect(Toni).to receive(:permitted_to?).with(:create, record_class, bang: true)
+      record.save
+    end
+
+    it "calls permitted_to? if records gets updated" do
+      record_class.send(:include, Toni::InModel)
+      allow(Toni).to receive(:permitted_to?) { true }
+      record.save
+      record.foo = :x
+      expect(Toni).to receive(:permitted_to?).with(:update, record_class, bang: true)
+      record.save
+    end
+
+    it "calls permitted_to? if records gets destroyes" do
+      record_class.send(:include, Toni::InModel)
+      allow(Toni).to receive(:permitted_to?) { true }
+      record.save
+      expect(Toni).to receive(:permitted_to?).with(:delete, record_class, bang: true)
+      record.destroy
+    end
+
+    it "does not create record if permitted_to bangs" do
+      record_class.send(:include, Toni::InModel)
+      allow(Toni).to receive(:permitted_to?) { raise Toni::NotAuthorizedError }
+      expect { record.save }.to raise_error(Toni::NotAuthorizedError)
+      expect(record_class.count).to eq(0)
+    end
+
+    it "does not update record if permitted_to bangs" do
+      record_class.send(:include, Toni::InModel)
+      Toni.without_authorization { record.save }
+      allow(Toni).to receive(:permitted_to?) { raise Toni::NotAuthorizedError }
+      record.foo = :x
+      expect { record.save }.to raise_error(Toni::NotAuthorizedError)
+      expect(record_class.count).to eq(1)
+      allow(Toni).to receive(:permitted_to?) { true }
+      expect(record_class.first.foo).to be_nil
+    end
+
+    it "does not destroy record if permitted_to bangs" do
+      record_class.send(:include, Toni::InModel)
+      Toni.without_authorization { record.save }
+      allow(Toni).to receive(:permitted_to?) { raise Toni::NotAuthorizedError }
+      expect { record.destroy }.to raise_error(Toni::NotAuthorizedError)
+      expect(record_class.count).to eq(1)
+    end
+  end
+
+  context :scope do
+
+    let(:matcher) { RSpec::Matchers::BuiltIn::BeNil.new }
+    let(:matcher2) { RSpec::Matchers::BuiltIn::Eq.new("x") }
+    let(:matcher3) { RSpec::Matchers::BuiltIn::Eq.new("y") }
+    let(:permission) do
+      p = Toni::Permission.new(:resource_name, [:read, :create])
+      p.add_matcher(:foo, matcher, true)
+      p.add_matcher(:bar, matcher2, true)
+      p
+    end
+    let(:permission2) do
+      p = Toni::Permission.new(:resource_name, [:read])
+      p.add_matcher(:foo, matcher3, true)
+      p
+    end
+
+    it "creates a scope" do
+      expect(record_class).to receive(:scope).with(:permitted_to, anything)
+      record_class.send(:include, Toni::InModel)
+    end
+
+    it "creates a useful scope" do
+      record_class.send(:include, Toni::InModel)
+      allow(Toni).to receive(:current_permissions_for).with(:read, :resource_name) do
+        [permission, permission2]
+      end
+      expect(record_class.send(:scope_for_filter_permissions)).to eq(["((foo IS NULL) AND (bar = ?)) OR ((foo = ?))", "x", "y"])
+    end
+
+    it "scopes permitted_to" do
+      allow(Toni).to receive(:current_permissions_for).with(:read, :resource_name) do
+        [permission, permission2]
+      end
+      record_class.send(:include, Toni::InModel)
+      allow(Toni).to receive(:permitted_to?) { true }
+      r1 = record_class.create(foo: "x", bar: "y")
+      r2 = record_class.create(foo: nil, bar: "x")
+      r3 = record_class.create(foo: "y", bar: "something")
+      expect(record_class.permitted_to.map(&:id)).to eq([r2.id, r3.id])
+    end
+  end
+end

data/spec/toni/permission_filter_spec.rb

@@ -0,0 +1,69 @@
+require "spec_helper"
+require "toni"
+require "ostruct"
+
+describe Toni::PermissionFilter do
+
+  let(:expectation_builder) { Toni::Builder::ExpectationBuilder.new }
+  let(:matcher) { expectation_builder.eq("test") }
+  let(:permission_matcher) { Toni::PermissionMatcher::Base.new(:foo, matcher, true) }
+
+  let(:permission_filter) do
+    described_class.new(permission_matcher)
+  end
+
+  describe ".permission_filters" do
+    it "returns constants of available permission filters" do
+      expect(Toni::PermissionFilter.permission_filters).to match_array([
+        :Eq, :BeNil, :BeTruthy, :BeFalsey, :BeBetween
+      ])
+    end
+  end
+
+  describe Toni::PermissionFilter::Eq do
+    it "creates condition" do
+      expect(permission_filter.filter_condition).to eq(["foo = ?", "test"])
+    end
+    it "creates opposite condition" do
+      expect(permission_filter.filter_condition_inverse).to eq(["foo != ?", "test"])
+    end
+  end
+
+  describe Toni::PermissionFilter::BeNil do
+    it "creates condition" do
+      expect(permission_filter.filter_condition).to eq(["foo IS NULL"])
+    end
+    it "creates opposite condition" do
+      expect(permission_filter.filter_condition_inverse).to eq(["foo IS NOT NULL"])
+    end
+  end
+
+  describe Toni::PermissionFilter::BeTruthy do
+    it "creates condition" do
+      expect(permission_filter.filter_condition).to eq(["foo IS NOT NULL AND foo != ''"])
+    end
+    it "creates opposite condition" do
+      expect(permission_filter.filter_condition_inverse).to eq(["foo = '' OR foo IS NULL"])
+    end
+  end
+
+  describe Toni::PermissionFilter::BeFalsey do
+    it "creates condition" do
+      expect(permission_filter.filter_condition).to eq(["foo = '' OR foo IS NULL"])
+    end
+    it "creates opposite condition" do
+      expect(permission_filter.filter_condition_inverse).to eq(["foo IS NOT NULL AND foo != ''"])
+    end
+  end
+
+  describe Toni::PermissionFilter::BeBetween do
+    let(:matcher) { expectation_builder.be_between(5, 10) }
+    it "creates condition" do
+      expect(permission_filter.filter_condition).to eq(["foo >= ? AND foo <= ?", 5, 10])
+    end
+    it "creates opposite condition" do
+      expect(permission_filter.filter_condition_inverse).to eq(["foo < ? OR foo > ?", 5, 10])
+    end
+  end
+
+end

data/spec/toni/permission_matcher_spec.rb

@@ -12,11 +12,11 @@ describe Toni::PermissionMatcher do
       end
     end.new
   end
-  let(:permission_matcher) { Toni::PermissionMatcher.new(:foo, matcher) }
+  let(:permission_matcher) { Toni::PermissionMatcher::Base.new(:foo, matcher) }
 
   describe :method_name do
     it "sets the method_name on initialize" do
-      expect(Toni::PermissionMatcher.new(:method_name, nil).method_name).to eq(:method_name)
+      expect(Toni::PermissionMatcher::Base.new(:method_name, nil).method_name).to eq(:method_name)
     end
   end
 
@@ -32,6 +32,33 @@ describe Toni::PermissionMatcher do
     end
   end
 
+  describe :filter_condition do
+    let(:expectation_builder) { Toni::Builder::ExpectationBuilder.new }
+    let(:matcher2) { expectation_builder.eq("test") }
+    let(:permission_matcher) { Toni::PermissionMatcher::Base.new(:foo, matcher2, true) }
+
+    it "return nil if is_attr is false" do
+      permission_matcher = Toni::PermissionMatcher::Base.new(:foo, matcher2, false)
+      expect(permission_matcher.filter_condition).to eq(nil)
+    end
+
+    it "gets filter condition from filterable permission matcher if it exist" do
+      expect_any_instance_of(Toni::PermissionFilter::Eq).to receive(:filter_condition)
+      permission_matcher.filter_condition
+    end
+
+    it "raises error when permission matcher is not available" do
+      allow(permission_matcher).to receive(:permission_filter) { nil }
+      expect { permission_matcher.filter_condition }.to raise_error(Toni::MissingPermissionFilterError)
+    end
+
+    it "uses filter_condition method of matcher if matcher responds" do
+      allow(matcher2).to receive(:respond_to?) { true }
+      expect(matcher2).to receive(:filter_condition) { "condition" }
+      expect(permission_matcher.filter_condition).to eq("condition")
+    end
+  end
+
   describe :matches? do
     let(:object) do
       Class.new do
@@ -66,14 +93,14 @@ describe Toni::PermissionMatcher do
 
     it "returns true if matcher is rspec nil matcher and value is nil" do
       matcher = RSpec::Matchers::BuiltIn::BeNil.new
-      permission_matcher = Toni::PermissionMatcher.new(:foo, matcher)
+      permission_matcher = Toni::PermissionMatcher::Base.new(:foo, matcher)
       expect(permission_matcher.matches?(object)).to eq(true)
     end
 
     it "returns false if matcher is rspec nil matcher and value is not nil" do
       allow(object).to receive(:foo) { "a string" }
       matcher = RSpec::Matchers::BuiltIn::BeNil.new
-      permission_matcher = Toni::PermissionMatcher.new(:foo, matcher)
+      permission_matcher = Toni::PermissionMatcher::Base.new(:foo, matcher)
       expect(permission_matcher.matches?(object)).to eq(false)
     end
   end
@@ -103,6 +130,20 @@ describe Toni::PermissionMatcher::NotMatcher do
     end
   end
 
+  describe :filter_condition do
+    it "gets filter condition from child matcher if it responds to filter_condition_inverse" do
+      not_matcher.be_truthy
+      expect_any_instance_of(Toni::PermissionFilter::BeTruthy).to receive(:filter_condition_inverse)
+      not_matcher.filter_condition
+    end
+
+    it "raises error when child matcher does not respond to filter_condition_inverse" do
+      not_matcher.be_truthy
+      allow_any_instance_of(Toni::PermissionFilter::BeTruthy).to receive(:respond_to?) { false }
+      expect { not_matcher.filter_condition }.to raise_error(Toni::MissingPermissionFilterError)
+    end
+  end
+
 end
 
 describe Toni::PermissionMatcher::PermittedToMatcher do

data/spec/toni/permission_spec.rb

@@ -21,7 +21,22 @@ describe Toni::Permission do
   describe :add_matcher do
     it "adds the matcher" do
       permission.add_matcher(:foo, nil)
-      expect(permission.matchers.first).to be_instance_of(Toni::PermissionMatcher)
+      expect(permission.matchers.first).to be_instance_of(Toni::PermissionMatcher::Base)
+    end
+  end
+
+  describe :permission_for? do
+    let(:permission) do
+      Toni::Permission.new(:resource_name, [:read, :create])
+    end
+    it "should be allowed to read resource_name" do
+      expect(permission.permission_for?(:read, :resource_name)).to eq(true)
+    end
+    it "should be allowed to delete resource_name" do
+      expect(permission.permission_for?(:delete, :resource_name)).to eq(false)
+    end
+    it "should be allowed to read xxx" do
+      expect(permission.permission_for?(:read, :xxx)).to eq(false)
     end
   end
 
@@ -31,16 +46,9 @@ describe Toni::Permission do
       Toni::Permission.new(:resource_name, [:read, :create])
     end
 
-    context "with resource_name" do
-      it "should be allowed to read resource_name" do
-        expect(permission.permitted_to?(:read, :resource_name)).to eq(true)
-      end
-      it "should be allowed to delete resource_name" do
-        expect(permission.permitted_to?(:delete, :resource_name)).to eq(false)
-      end
-      it "should be allowed to read xxx" do
-        expect(permission.permitted_to?(:read, :xxx)).to eq(false)
-      end
+    it "calls permission_for?" do
+      expect(permission).to receive(:permission_for?).with(:read, :resource_name) { true }
+      expect(permission.permitted_to?(:read, :resource_name)).to eq(true)
     end
 
     context "with matchers" do

data/spec/toni/role_spec.rb

@@ -34,6 +34,26 @@ describe Toni::Role do
     end
   end
 
+  describe :permissions_for do
+
+    let(:permission) { Toni::Permission.new(:resource_name, [:read, :create]) }
+    let(:permission2) { Toni::Permission.new(:other_resource, [:read, :create]) }
+
+    let(:role) do
+      role = Toni::Role.new(:user)
+      role.add_permission(permission)
+      role.add_permission(permission2)
+      role
+    end
+
+    it "returns all permissions that are belonging to resource and activity" do
+      allow(permission).to receive(:permission_for?).with(:read, :resource_name) { true }
+      allow(permission2).to receive(:permission_for?).with(:read, :resource_name) { false }
+      expect(role.permissions_for(:read, :resource_name)).to eq([permission])
+    end
+
+  end
+
   describe :permitted_to? do
 
     let(:permission) do

data/spec/toni_spec.rb

@@ -56,6 +56,19 @@ describe Toni do
     end
   end
 
+  describe ".current_permissions_for" do
+    let(:user_role) { Toni::Role.new(:user) }
+    let(:seller_role) { Toni::Role.new(:seller) }
+    let(:permission1) { Toni::Permission.new(:books, [:read]) }
+    let(:permission2) { Toni::Permission.new(:books, [:read]) }
+    it "gets the permissions that are assigned to current roles for a specific resource" do
+      allow(Toni).to receive(:current_roles) { [user_role, seller_role] }
+      expect(user_role).to receive(:permissions_for).with(:read, :books) { [permission1] }
+      expect(seller_role).to receive(:permissions_for).with(:read, :books) { [permission2] }
+      expect(Toni.current_permissions_for(:read, :books)).to eq([permission1, permission2])
+    end
+  end
+
   describe ".without_authorization" do
     it "executes block without authorization and returns result of the given block" do
       with_authorization = Toni.permitted_to?(:something, :test)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: toni
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.1.0
 platform: ruby
 authors:
 - Jalyna
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-10 00:00:00.000000000 Z
+date: 2014-08-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec-expectations
@@ -131,8 +131,14 @@ files:
 - lib/toni.rb
 - lib/toni/anonymous_user.rb
 - lib/toni/builder.rb
+- lib/toni/in_model.rb
 - lib/toni/permission.rb
+- lib/toni/permission_filter.rb
 - lib/toni/permission_matcher.rb
+- lib/toni/permission_matcher/base.rb
+- lib/toni/permission_matcher/has_matcher.rb
+- lib/toni/permission_matcher/not_matcher.rb
+- lib/toni/permission_matcher/permitted_to_matcher.rb
 - lib/toni/role.rb
 - lib/toni/rspec_helper.rb
 - lib/toni/sinatra.rb
@@ -140,6 +146,8 @@ files:
 - spec/spec_helper.rb
 - spec/toni/anonymous_user_spec.rb
 - spec/toni/builder_spec.rb
+- spec/toni/in_model_spec.rb
+- spec/toni/permission_filter_spec.rb
 - spec/toni/permission_matcher_spec.rb
 - spec/toni/permission_spec.rb
 - spec/toni/role_spec.rb
@@ -177,6 +185,8 @@ test_files:
 - spec/spec_helper.rb
 - spec/toni/anonymous_user_spec.rb
 - spec/toni/builder_spec.rb
+- spec/toni/in_model_spec.rb
+- spec/toni/permission_filter_spec.rb
 - spec/toni/permission_matcher_spec.rb
 - spec/toni/permission_spec.rb
 - spec/toni/role_spec.rb