walruz 0.0.3 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +58 -48
- data/Rakefile +1 -1
- data/VERSION.yml +1 -1
- data/lib/walruz/actor.rb +1 -1
- data/lib/walruz/policy.rb +37 -2
- data/lib/walruz/subject.rb +2 -0
- data/lib/walruz/utils.rb +12 -22
- data/spec/scenario.rb +5 -5
- data/spec/walruz/actor_spec.rb +4 -4
- data/spec/walruz/policy_spec.rb +2 -2
- data/spec/walruz/utils_spec.rb +5 -5
- metadata +3 -3
data/README.rdoc
CHANGED
@@ -10,7 +10,7 @@ Walruz facilitates the separation between the authorization process on the busin
|
|
10
10
|
|
11
11
|
== Walruz Architecture
|
12
12
|
|
13
|
-
Walruz provides modules and classes that
|
13
|
+
Walruz provides modules and classes that help on the implementation of the concepts given previously, this are:
|
14
14
|
|
15
15
|
- Walruz::Subject
|
16
16
|
Module that provides the interface to associate policies to an action in the subject
|
@@ -26,76 +26,77 @@ Walruz provides modules and classes that helps on the implementation of the conc
|
|
26
26
|
|
27
27
|
Subject classes may specify a set of actions that can be performed to them using the check_authorization method
|
28
28
|
|
29
|
-
class
|
29
|
+
class User
|
30
30
|
include Walruz::Subject
|
31
31
|
|
32
|
-
check_authorization :
|
33
|
-
:
|
32
|
+
check_authorization :read => UserReadPolicy,
|
33
|
+
:update => UserUpdatePolicy
|
34
34
|
end
|
35
35
|
|
36
36
|
If there is just one policy to every possible action performed to the subject, you may specify the :default action, or just specify the Policy class.
|
37
37
|
|
38
38
|
Example:
|
39
39
|
|
40
|
-
class
|
40
|
+
class User
|
41
41
|
include Walruz::Subject
|
42
42
|
|
43
|
-
check_authorization
|
43
|
+
check_authorization UserPolicy
|
44
44
|
end
|
45
45
|
|
46
46
|
or
|
47
47
|
|
48
|
-
class
|
48
|
+
class User
|
49
49
|
include Walruz::Subject
|
50
50
|
|
51
|
-
check_authorization :default =>
|
51
|
+
check_authorization :default => UserPolicy
|
52
52
|
end
|
53
53
|
|
54
54
|
You can also specify other flags with the default flag.
|
55
55
|
|
56
|
-
class
|
56
|
+
class User
|
57
57
|
include Walruz::Subject
|
58
58
|
|
59
|
-
check_authorization :
|
60
|
-
:
|
61
|
-
:default =>
|
59
|
+
check_authorization :read => UserReadPolicy,
|
60
|
+
:update => UserUpdatePolicy,
|
61
|
+
:default => UserPolicy
|
62
62
|
end
|
63
63
|
|
64
64
|
== Actors verify if they are able to perform an action on a subject
|
65
65
|
|
66
|
-
Actor classes can use several methods to check if the actor instance can perform the given action on
|
66
|
+
Actor classes can use several methods to check if the actor instance can perform the given action on a subject. This are:
|
67
67
|
|
68
68
|
- `can?(action, subject)`
|
69
|
-
Returns boolean that says if the actor can execute or not the action on the subject
|
69
|
+
Returns boolean that says if the actor can execute or not the action on the subject.
|
70
70
|
|
71
|
-
- `
|
71
|
+
- `authorize(action, subject)`
|
72
72
|
In case the actor can execute the action on the subject, it returns the parameters hash from the policy, otherwise it will raise a Walruz::NotAuthorized.
|
73
73
|
|
74
|
-
- `satisfies?(
|
75
|
-
It behaves just like the `can?` method, but instead of giving an action to be executed to the subject, it
|
74
|
+
- `satisfies?(policy_label, subject)`
|
75
|
+
It behaves just like the `can?` method, but instead of giving an action to be executed to the subject, it receives a policy label.
|
76
76
|
|
77
|
-
In case the given action is not assigned to any policy, a default Policy will be executed (if given), if no default policy is given then a Walruz::
|
77
|
+
In case the given action is not assigned to any policy, a default Policy will be executed (if given), if no default policy is given then a Walruz::ActionNotFound exception will be raised.
|
78
78
|
|
79
79
|
Examples:
|
80
80
|
|
81
|
-
current_user.can?(:read, friends_profile)
|
82
|
-
# code to be executed if current user can read a friends profile
|
83
|
-
end
|
81
|
+
current_user.can?(:read, friends_profile)
|
84
82
|
|
85
|
-
current_user.satisfies?(
|
83
|
+
current_user.satisfies?(:actor_is_admin, nil) do
|
86
84
|
# execute some admin logic
|
87
85
|
end
|
88
86
|
|
89
|
-
policy_params = current_user.
|
87
|
+
policy_params = current_user.authorize(:read, friends_profile)
|
90
88
|
# all the code executed bellow will be executed when the actor is authorized
|
91
89
|
|
92
90
|
== Implementing Policies
|
93
91
|
|
94
|
-
To implement a
|
92
|
+
To implement a policy, it is necessary to inherit from the Walruz::Policy class. This class provides a method called `authorized?` that return either a Boolean, or an Array of two items, the first one being a Boolean, and the second being a Hash of parameters returned from the Policy.
|
93
|
+
|
94
|
+
Every Policy Class also has a label associated to it, by default the label will be the name of the class in underscore case; if you want to have a custom label for a Policy Class, you can invoke the `set_policy_label` method on the class context and specify the label that you want for it. This label is used on the `satisfies?` method.
|
95
95
|
|
96
96
|
Examples:
|
97
97
|
|
98
98
|
class ActorIsAdmin < Walruz::Policy
|
99
|
+
set_policy_label :is_admin
|
99
100
|
|
100
101
|
def authorized?(actor, _)
|
101
102
|
actor.is_admin?
|
@@ -118,29 +119,35 @@ Examples:
|
|
118
119
|
|
119
120
|
end
|
120
121
|
|
122
|
+
|
121
123
|
== Composing basic policies to create complex ones
|
122
124
|
|
123
|
-
Sometimes policies can turn really messy, specially when you have a complex business model. The good news is that
|
125
|
+
Sometimes policies can turn really messy, specially when you have a complex business model. The good news is that normally this complex policies are a composition of more simple policies (e.g. ActorCanSeeUserPictures). Instead of creating this new classes that replicates the same logic of basic policies, we could merge them together in the following way:
|
124
126
|
|
125
|
-
ActorCanSeeUserPictures = Walruz::Utils.
|
127
|
+
ActorCanSeeUserPictures = Walruz::Utils.all(UserIsFriend, UserAllowsDisclosureOfPictures)
|
126
128
|
|
127
|
-
There is also the utility methods `
|
129
|
+
There is also the utility methods `any` and `not`, to create combinations of policies.
|
128
130
|
|
129
|
-
If your policy returns a parameters hash, and you are using the `
|
131
|
+
If your policy returns a parameters hash, and you are using the `all` method, the parameters of each policy will be merged together, if you are using the `any` method, the parameters of the first policy that returns true will be returned.
|
130
132
|
|
131
|
-
One other thing that the utility methods
|
133
|
+
One other thing that the utility methods does for you is that it leaves its track on the returned policy parameters, when you invoke a composite policy, every policy will leave in the parameters hash the policy_label with a question mark at the end, that way you can know which policies were successful or not.
|
132
134
|
|
133
135
|
Example:
|
134
136
|
|
135
137
|
class ActorIsAdmin < Walruz::Policy
|
136
|
-
|
138
|
+
set_policy_label :is_admin
|
139
|
+
|
140
|
+
def authorized?(actor, _)
|
141
|
+
actor.is_admin?
|
142
|
+
end
|
143
|
+
|
137
144
|
end
|
138
145
|
|
139
146
|
class ActorIsSubject < Walruz::Policy
|
140
147
|
def authorized?(actor, subject); actor == subject; end
|
141
148
|
end
|
142
149
|
|
143
|
-
UserReadPolicy =
|
150
|
+
UserReadPolicy = any(ActorIsSubject, ActorIsAdmin)
|
144
151
|
|
145
152
|
class User < AbstractORM
|
146
153
|
include Walruz::Subject
|
@@ -148,19 +155,22 @@ Example:
|
|
148
155
|
check_authorizations :read => UserReadPolicy
|
149
156
|
end
|
150
157
|
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
158
|
+
class UsersController < Framework::Controller
|
159
|
+
def show
|
160
|
+
policy_params = current_user.authorize(:read, other_user)
|
161
|
+
if policy_params[:actor_is_subject?]
|
162
|
+
# do logic of the user interacting with herself
|
163
|
+
elsif policy_params[:is_admin?]
|
164
|
+
# do logic of the admin user interacting with other user
|
165
|
+
else
|
166
|
+
# do other logic here...
|
167
|
+
end
|
158
168
|
end
|
159
169
|
end
|
160
170
|
|
161
171
|
== Dependencies between Policies
|
162
172
|
|
163
|
-
Sometimes you would like to have a Policy that strictly depends in other
|
173
|
+
Sometimes you would like to have a Policy that strictly depends in other policies, on the previous example `UserAllowsDisclosureOfPictures` could have a dependency that says that only the User allows the disclosure of pictures if and only if there is a friend relationship, so we could re-implement this policy as:
|
164
174
|
|
165
175
|
Example:
|
166
176
|
|
@@ -169,7 +179,7 @@ Example:
|
|
169
179
|
# ...
|
170
180
|
end
|
171
181
|
|
172
|
-
Suppose you need the parameters returned by the previous Policy, you can have them with the params method
|
182
|
+
Suppose you need the parameters returned by the previous Policy, you can have them with the `params` method.
|
173
183
|
|
174
184
|
Example:
|
175
185
|
|
@@ -182,7 +192,7 @@ Example:
|
|
182
192
|
|
183
193
|
end
|
184
194
|
|
185
|
-
== Policy combinators
|
195
|
+
== Policy combinators
|
186
196
|
|
187
197
|
Sometimes you would like to execute policies that are not directly related to a subject, but to the association of a subject. Given the example above of the friendship relationship and the disclosure of pictures, sometimes you would like to check if a user can see a picture directly on the picture model.
|
188
198
|
|
@@ -194,7 +204,7 @@ Suppose we have the following model in our system:
|
|
194
204
|
|
195
205
|
and we would like to check if the current_user can see (read) the picture using:
|
196
206
|
|
197
|
-
current_user.can(:read, picture_instance)
|
207
|
+
current_user.can?(:read, picture_instance)
|
198
208
|
|
199
209
|
If you may recall, we already implemented the logic that checks that authorization in UserAllowsDisclosureOfPictures, but that policy only works when the subject is of class User; given that you have a subject of class Picture you can not re-use this policy.
|
200
210
|
|
@@ -208,9 +218,9 @@ You could solve this issue doing the following:
|
|
208
218
|
|
209
219
|
end
|
210
220
|
|
211
|
-
But as you may see, we are just creating new policies to handle old ones, we are not combining the policies effectively. To avoid this caveat, you can use the `
|
221
|
+
But as you may see, we are just creating new policies to handle old ones, we are not combining the policies effectively. To avoid this caveat, you can use the `PolicyClass.for_subject` method:
|
212
222
|
|
213
|
-
PictureReadPolicy =
|
223
|
+
PictureReadPolicy = UserAllowsDisclosureOfPictures.for_subject(:owner)
|
214
224
|
|
215
225
|
class Picture < AbstractORM
|
216
226
|
include Walruz::Subject
|
@@ -219,7 +229,7 @@ But as you may see, we are just creating new policies to handle old ones, we are
|
|
219
229
|
check_authorizations :read => PictureReadPolicy
|
220
230
|
end
|
221
231
|
|
222
|
-
The
|
232
|
+
The parameter of `but_for` is the name of the subject's method that will return a new subject, this new subject is then passed through the policy. Pretty neat eh?
|
223
233
|
|
224
234
|
== Returning custom errors
|
225
235
|
|
@@ -245,14 +255,14 @@ You'll notice that once you start implementing policies for your system, you'll
|
|
245
255
|
- The first name of the policy should be the Subject class (e.g. UserIsFriend)
|
246
256
|
- If the policy only applies to the actor, the policy class name should start with the Actor word (e.g. ActorIsAdmin)
|
247
257
|
- You should always have the compositions of policies in just one place in your library folder (e.g. in policies.rb file).
|
248
|
-
- The result of policy compositions should finish with the word Policy (e.g `UserDeletePolicy =
|
249
|
-
- Use `
|
258
|
+
- The result of policy compositions should finish with the word Policy (e.g `UserDeletePolicy = any(ActorIsSubject, ActorIsAdmin`))
|
259
|
+
- Use `PolicyClass.but_for` when you are combining the PolicyClass with other policies, if you are not doing this, consider checking authorizations on parents of the subject instead of the subject (e.g. current_user.can?(:see_pictures_of, picture.owner))
|
250
260
|
|
251
261
|
If you follow this rules, it will be much easier for you to merge policies together in an efficient way.
|
252
262
|
|
253
263
|
== Rails Integration
|
254
264
|
|
255
|
-
See
|
265
|
+
See "walruz-rails":http://walruz-rails.rubyforge.com gem
|
256
266
|
|
257
267
|
== More examples
|
258
268
|
|
data/Rakefile
CHANGED
@@ -7,7 +7,7 @@ begin
|
|
7
7
|
gem.name = "walruz"
|
8
8
|
gem.summary = %Q{Walruz is a gem that provides an easy but powerful way to implement authorization policies in a system, relying on the composition of simple policies to create more complex ones.}
|
9
9
|
gem.email = "roman@noomi.com"
|
10
|
-
gem.homepage = "http://github.com/
|
10
|
+
gem.homepage = "http://github.com/noomii/walruz"
|
11
11
|
gem.authors = ["Roman Gonzalez"]
|
12
12
|
gem.rubyforge_project = "walruz"
|
13
13
|
|
data/VERSION.yml
CHANGED
data/lib/walruz/actor.rb
CHANGED
@@ -63,7 +63,7 @@ module Walruz
|
|
63
63
|
# Raises:
|
64
64
|
# Walruz::NotAuthorized error if the actor can't interact with the subject
|
65
65
|
#
|
66
|
-
def
|
66
|
+
def authorize(label, subject)
|
67
67
|
result = subject.can_be?(label, self)
|
68
68
|
if result[0]
|
69
69
|
cached_values_for_can[[label, subject]] = result[0]
|
data/lib/walruz/policy.rb
CHANGED
@@ -12,6 +12,7 @@ module Walruz
|
|
12
12
|
attr_reader :params
|
13
13
|
|
14
14
|
# @private
|
15
|
+
# :nodoc:
|
15
16
|
def self.inherited(child)
|
16
17
|
@policies ||= {}
|
17
18
|
unless child.policy_label.nil?
|
@@ -20,12 +21,37 @@ module Walruz
|
|
20
21
|
end
|
21
22
|
|
22
23
|
#
|
23
|
-
# See Walruz.policies
|
24
|
+
# See +Walruz.policies+.
|
24
25
|
#
|
25
26
|
def self.policies
|
26
27
|
@policies || {}
|
27
28
|
end
|
28
29
|
|
30
|
+
# Creates a new policy class based on an existing one, this method is used
|
31
|
+
# when you want to reuse a Policy class for a subject association
|
32
|
+
#
|
33
|
+
# See the "Policy Combinators" section on the README for more info
|
34
|
+
#
|
35
|
+
def self.for_subject(key, &block)
|
36
|
+
# :nodoc:
|
37
|
+
clazz = Class.new(Walruz::Policy) do
|
38
|
+
extend Walruz::Utils::PolicyCompositionHelper
|
39
|
+
|
40
|
+
# :nodoc:
|
41
|
+
def authorized?(actor, subject)
|
42
|
+
params = self.class.params
|
43
|
+
new_subject = subject.send(params[:key])
|
44
|
+
result = self.class.policy.new.safe_authorized?(actor, new_subject)
|
45
|
+
params[:callback].call(result[0], result[1], actor, subject) if params[:callback]
|
46
|
+
result
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
50
|
+
clazz.policy = self
|
51
|
+
clazz.set_params(:key => key, :callback => block)
|
52
|
+
clazz
|
53
|
+
end
|
54
|
+
|
29
55
|
#
|
30
56
|
# Returns a Proc with a curried actor, making it easier
|
31
57
|
# to perform validations of a policy in an Array of subjects
|
@@ -65,28 +91,32 @@ module Walruz
|
|
65
91
|
|
66
92
|
# Utility for depends_on macro
|
67
93
|
# @private
|
94
|
+
# :nodoc:
|
68
95
|
def self.policy_dependencies=(dependencies)
|
69
96
|
@_policy_dependencies = dependencies
|
70
97
|
end
|
71
98
|
|
72
99
|
# Utility for depends_on macro
|
73
100
|
# @private
|
101
|
+
# :nodoc:
|
74
102
|
def self.policy_dependencies
|
75
103
|
@_policy_dependencies
|
76
104
|
end
|
77
105
|
|
78
106
|
# Utility for depends_on macro
|
79
107
|
# @private
|
108
|
+
# :nodoc:
|
80
109
|
def self.return_policy
|
81
110
|
if policy_dependencies.nil?
|
82
111
|
self
|
83
112
|
else
|
84
|
-
|
113
|
+
all(*policy_dependencies)
|
85
114
|
end
|
86
115
|
end
|
87
116
|
|
88
117
|
# Utility method (copied from ActiveSupport)
|
89
118
|
# @private
|
119
|
+
# :nodoc:
|
90
120
|
def self.underscore(camel_cased_word)
|
91
121
|
if camel_cased_word.empty?
|
92
122
|
camel_cased_word
|
@@ -129,6 +159,9 @@ module Walruz
|
|
129
159
|
|
130
160
|
end
|
131
161
|
|
162
|
+
#
|
163
|
+
# Returns the label assigned to the policy
|
164
|
+
#
|
132
165
|
def self.policy_label
|
133
166
|
@policy_label ||= (self.name.empty? ? nil : :"#{self.underscore(self.name)}")
|
134
167
|
end
|
@@ -144,6 +177,7 @@ module Walruz
|
|
144
177
|
end
|
145
178
|
|
146
179
|
# @private
|
180
|
+
# :nodoc:
|
147
181
|
def safe_authorized?(actor, subject)
|
148
182
|
result = Array(authorized?(actor, subject))
|
149
183
|
result[1] ||= {}
|
@@ -152,6 +186,7 @@ module Walruz
|
|
152
186
|
end
|
153
187
|
|
154
188
|
# @private
|
189
|
+
# :nodoc:
|
155
190
|
def set_params(params)
|
156
191
|
@params = params
|
157
192
|
end
|
data/lib/walruz/subject.rb
CHANGED
@@ -17,6 +17,7 @@ module Walruz
|
|
17
17
|
end
|
18
18
|
|
19
19
|
# @private
|
20
|
+
# :nodoc:
|
20
21
|
def can_be?(action, actor)
|
21
22
|
check_authorization_actions_are_setted(action)
|
22
23
|
action = if self.class._walruz_policies.key?(:default)
|
@@ -39,6 +40,7 @@ module Walruz
|
|
39
40
|
end
|
40
41
|
|
41
42
|
# @private
|
43
|
+
# :nodoc:
|
42
44
|
def check_authorization_actions_are_setted(action)
|
43
45
|
if self.class._walruz_policies.nil?
|
44
46
|
message =<<BEGIN
|
data/lib/walruz/utils.rb
CHANGED
@@ -32,10 +32,12 @@ module Walruz
|
|
32
32
|
|
33
33
|
end
|
34
34
|
|
35
|
-
def
|
35
|
+
def any(*policies)
|
36
|
+
# :nodoc:
|
36
37
|
clazz = Class.new(Walruz::Policy) do
|
37
38
|
extend PolicyCompositionHelper
|
38
39
|
|
40
|
+
# :nodoc:
|
39
41
|
def authorized?(actor, subject)
|
40
42
|
result = nil
|
41
43
|
self.class.policies.detect do |policy|
|
@@ -50,10 +52,12 @@ module Walruz
|
|
50
52
|
clazz
|
51
53
|
end
|
52
54
|
|
53
|
-
def
|
55
|
+
def all(*policies)
|
56
|
+
# :nodoc:
|
54
57
|
clazz = Class.new(Walruz::Policy) do
|
55
58
|
extend PolicyCompositionHelper
|
56
59
|
|
60
|
+
# :nodoc:
|
57
61
|
def authorized?(actor, subject)
|
58
62
|
acum = [true, {}]
|
59
63
|
self.class.policies.each do |policy|
|
@@ -67,6 +71,7 @@ module Walruz
|
|
67
71
|
acum[0] ? acum : acum[0]
|
68
72
|
end
|
69
73
|
|
74
|
+
# :nodoc:
|
70
75
|
def self.policy_keyword
|
71
76
|
(self.policies.map { |p| p.policy_keyword.to_s[0..-2] }.join('_and_') + "?").to_sym
|
72
77
|
end
|
@@ -76,15 +81,18 @@ module Walruz
|
|
76
81
|
clazz
|
77
82
|
end
|
78
83
|
|
79
|
-
def
|
84
|
+
def negate(policy)
|
85
|
+
# :nodoc:
|
80
86
|
clazz = Class.new(Walruz::Policy) do
|
81
87
|
extend PolicyCompositionHelper
|
82
88
|
|
89
|
+
# :nodoc:
|
83
90
|
def authorized?(actor, subject)
|
84
91
|
result = self.class.policy.new.safe_authorized?(actor, subject)
|
85
92
|
!result[0]
|
86
93
|
end
|
87
94
|
|
95
|
+
# :nodoc:
|
88
96
|
def self.policy_keyword
|
89
97
|
keyword = self.policy.policy_keyword.to_s[0..-2]
|
90
98
|
:"not(#{keyword})?"
|
@@ -95,25 +103,7 @@ module Walruz
|
|
95
103
|
clazz
|
96
104
|
end
|
97
105
|
|
98
|
-
|
99
|
-
clazz = Class.new(Walruz::Policy) do
|
100
|
-
extend PolicyCompositionHelper
|
101
|
-
|
102
|
-
def authorized?(actor, subject)
|
103
|
-
params = self.class.params
|
104
|
-
new_subject = subject.send(params[:key])
|
105
|
-
result = self.class.policy.new.safe_authorized?(actor, new_subject)
|
106
|
-
params[:callback].call(result[0], result[1], actor, subject) if params[:callback]
|
107
|
-
result
|
108
|
-
end
|
109
|
-
|
110
|
-
end
|
111
|
-
clazz.policy = policy
|
112
|
-
clazz.set_params(:key => key, :callback => block)
|
113
|
-
clazz
|
114
|
-
end
|
115
|
-
|
116
|
-
module_function(:orP, :andP, :notP, :lift_subject)
|
106
|
+
module_function(:any, :all, :negate)
|
117
107
|
|
118
108
|
end
|
119
109
|
end
|
data/spec/scenario.rb
CHANGED
@@ -13,7 +13,7 @@ class Beatle
|
|
13
13
|
end
|
14
14
|
|
15
15
|
def sing_the_song(song)
|
16
|
-
response =
|
16
|
+
response = authorize(:sing, song)
|
17
17
|
case response[:owner]
|
18
18
|
when Colaboration
|
19
19
|
authors = response[:owner].authors.dup
|
@@ -26,7 +26,7 @@ class Beatle
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def sing_with_john(song)
|
29
|
-
|
29
|
+
authorize(:sing_with_john, song)
|
30
30
|
"Ok John, Let's Play '%s'" % song.name
|
31
31
|
end
|
32
32
|
|
@@ -75,7 +75,7 @@ end
|
|
75
75
|
#
|
76
76
|
# end
|
77
77
|
|
78
|
-
AuthorPolicy =
|
78
|
+
AuthorPolicy = SubjectIsActorPolicy.for_subject(:author) do |authorized, params, actor, subject|
|
79
79
|
params.merge!(:owner => actor) if authorized
|
80
80
|
end
|
81
81
|
|
@@ -105,8 +105,8 @@ class Song
|
|
105
105
|
include Walruz::Subject
|
106
106
|
extend Walruz::Utils
|
107
107
|
|
108
|
-
check_authorizations :sing =>
|
109
|
-
:sell =>
|
108
|
+
check_authorizations :sing => any(AuthorPolicy, AuthorInColaborationPolicy),
|
109
|
+
:sell => all(AuthorPolicy, negate(AuthorInColaborationPolicy)),
|
110
110
|
:sing_with_john => ColaboratingWithJohnPolicy
|
111
111
|
attr_accessor :name
|
112
112
|
attr_accessor :colaboration
|
data/spec/walruz/actor_spec.rb
CHANGED
@@ -2,8 +2,8 @@ require File.dirname(__FILE__) + '/../spec_helper'
|
|
2
2
|
|
3
3
|
describe 'Walruz::Actor' do
|
4
4
|
|
5
|
-
it "should add an instance method `
|
6
|
-
Beatle::JOHN.should respond_to(:
|
5
|
+
it "should add an instance method `authorize` to included classes" do
|
6
|
+
Beatle::JOHN.should respond_to(:authorize)
|
7
7
|
end
|
8
8
|
|
9
9
|
it "should add an instance method `can?` to included classes" do
|
@@ -15,7 +15,7 @@ describe 'Walruz::Actor' do
|
|
15
15
|
end
|
16
16
|
|
17
17
|
|
18
|
-
describe "
|
18
|
+
describe "#authorize" do
|
19
19
|
|
20
20
|
it "should raise a Walruz::NotAuthorized error when the actor is not authorized" do
|
21
21
|
lambda do
|
@@ -45,7 +45,7 @@ describe 'Walruz::Actor' do
|
|
45
45
|
end
|
46
46
|
|
47
47
|
# @deprecated functionality
|
48
|
-
# WHY: When you execute `can?` you should probably have already executed `
|
48
|
+
# WHY: When you execute `can?` you should probably have already executed `authorize`
|
49
49
|
# it "should execute a given block if the condition is true" do
|
50
50
|
# proc_called = lambda { raise "Is being called" }
|
51
51
|
# lambda do
|
data/spec/walruz/policy_spec.rb
CHANGED
@@ -7,7 +7,7 @@ describe Walruz::Policy do
|
|
7
7
|
end
|
8
8
|
|
9
9
|
it "should generate an indicator that the policy was executed after authorization queries" do
|
10
|
-
policy = Beatle::PAUL.
|
10
|
+
policy = Beatle::PAUL.authorize(:sing, Song::YESTERDAY)
|
11
11
|
policy[:author_policy?].should be_true
|
12
12
|
end
|
13
13
|
|
@@ -23,7 +23,7 @@ describe Walruz::Policy do
|
|
23
23
|
|
24
24
|
it "should raise an Walruz::ActionNotFound exception when the action is not specified, and there is no default one" do
|
25
25
|
lambda do
|
26
|
-
Beatle::RINGO.
|
26
|
+
Beatle::RINGO.authorize(:sing_drunk, Song::TAXMAN)
|
27
27
|
end.should raise_error(Walruz::ActionNotFound)
|
28
28
|
end
|
29
29
|
|
data/spec/walruz/utils_spec.rb
CHANGED
@@ -4,17 +4,17 @@ describe Walruz::Utils do
|
|
4
4
|
|
5
5
|
def check_actor_can_on_subject(label, actor, subject)
|
6
6
|
lambda do
|
7
|
-
actor.
|
7
|
+
actor.authorize(label, subject)
|
8
8
|
end.should_not raise_error(Walruz::NotAuthorized)
|
9
9
|
end
|
10
10
|
|
11
11
|
def check_actor_can_not_on_subject(label, actor, subject)
|
12
12
|
lambda do
|
13
|
-
actor.
|
13
|
+
actor.authorize(label, subject)
|
14
14
|
end.should raise_error(Walruz::NotAuthorized)
|
15
15
|
end
|
16
16
|
|
17
|
-
describe "when using combinators `
|
17
|
+
describe "when using combinators `any`, `all` or `negate`" do
|
18
18
|
|
19
19
|
it "should work properly" do
|
20
20
|
check_actor_can_not_on_subject(:sell, Beatle::JOHN, Song::A_DAY_IN_LIFE)
|
@@ -23,7 +23,7 @@ describe Walruz::Utils do
|
|
23
23
|
|
24
24
|
end
|
25
25
|
|
26
|
-
describe "
|
26
|
+
describe "#all" do
|
27
27
|
|
28
28
|
it "should return as policy keyword, the name of the original policies keywords concatenated with `_and_`" do
|
29
29
|
Beatle::JOHN.can?(:sell, Song::ALL_YOU_NEED_IS_LOVE) do |policy_params|
|
@@ -33,7 +33,7 @@ describe Walruz::Utils do
|
|
33
33
|
|
34
34
|
end
|
35
35
|
|
36
|
-
describe "
|
36
|
+
describe "#negate" do
|
37
37
|
|
38
38
|
it "should return as policy keyword, the name of the original policy keyword with a `not()` around" do
|
39
39
|
Beatle::JOHN.can?(:sell, Song::ALL_YOU_NEED_IS_LOVE) do |policy_params|
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: walruz
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Roman Gonzalez
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-
|
12
|
+
date: 2009-07-02 00:00:00 -07:00
|
13
13
|
default_executable:
|
14
14
|
dependencies: []
|
15
15
|
|
@@ -41,7 +41,7 @@ files:
|
|
41
41
|
- spec/walruz/utils_spec.rb
|
42
42
|
- spec/walruz/walruz_spec.rb
|
43
43
|
has_rdoc: true
|
44
|
-
homepage: http://github.com/
|
44
|
+
homepage: http://github.com/noomii/walruz
|
45
45
|
licenses: []
|
46
46
|
|
47
47
|
post_install_message:
|