app/models/role_permission.rb db/migrate/001_create_permissions.rb db/migrate/002_create_roles.rb db/migrate/003_create_role_permissions.rb db/migrate/004_create_role_assignments.rb test/app_root/app/controllers/application_controller.rb test/app_root/db/migrate/002_migrate_has_roles_to_version_4.rb test/functional/has_roles_test.rb test/unit/role_permission_test.rb @@ -1,5 +1,10 @@ == master +* Improve permission lookup performance +* Introduce RolePermission as the join model between Roles and Permissions +* Replace acts_as_enumeration with enumerate_by +* Add dependency on Rails 2.3 + == 0.2.0 / 2008-12-14 * Remove the PluginAWeek namespace CHANGELOG.rdoc @@ -1,4 +1,4 @@ -Copyright (c) 2006-2008 Aaron Pfeifer +Copyright (c) 2006-2009 Aaron Pfeifer Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the LICENSE @@ -22,10 +22,11 @@ Source == Description -One of the easiest and most straightforward techniques for adding role management -and authorization to specific parts of your application is restricting usage on -controller/action-basis. Each role defined in your system is mapped to one or -more permissions. Each permission is a combination of a controller and action. +One of the easiest and most straightforward techniques for adding role +management and authorization to specific parts of your application is +restricting usage on a controller/action-basis. Each role defined in your +system is mapped to one or more permissions. Each permission is a combination +of a controller and action. == Usage @@ -34,49 +35,41 @@ modified for your own usage. === Adding permissions -To add permissions, you can either define your own Permission model or create -an initializer like so: +To add permissions, you can create an initializer like so: -config/initializers/role_management: - Permission.create :id => 2, :controller => 'admin/stats' - Permission.create :id => 3, :controller => 'comments', :action => 'create' - ... +config/initializers/permissions.rb: -=== Adding/Updating roles - -To add or update roles, you can either define your own Role model or create an -initializer like so: - -config/initializers/roles.rb: - # Edit the default role called "administrator" - Role[:administrator].permissions << 'admin/stats/' - - # Create a new role called "developer" - Role.create :id => 2, :name => 'developer', :permissions => %w( - comments/create - admin/stats/ + Permission.bootstrap( + {:id => 1, :controller => 'application'}, + {:id => 2, :controller => 'admin/stats'}, + {:id => 3, :controller => 'comments', :action => 'create'}, + ... ) -=== Default Permissions/Roles - -By default, the following permissions are define: -* application - Permission for accessing any part of the application +=== Adding / Updating roles -By default, the following roles are defined: -* admin - An administrator with the default permissions - -You can remove the default permissions/roles by adding the following to your -initializer: +To add / update roles, you can create an initializer like so: config/initializers/roles.rb: - Role.destroy_all - Permission.destroy_all - ... + + Role.bootstrap( + {:id => 1, :name => 'admin'}, + {:id => 2, :name => 'developer'}, + ... + ) + + RolePermission.bootstrap( + {:role => 'admin', :permission => 'application/'}, + {:role => 'admin', :permission => 'admin/states/'}, + {:role => 'developer', :permission => 'comments/create'}, + {:role => 'developer', :permission => 'admin/stats/'}, + ... + ) === Checking a user's authorization -Below is an example of checking a user's authorization for a url before displaying -information: +Below is an example of checking a user's authorization for a url before +displaying information: app/views/layouts/application.rhtml: @@ -95,6 +88,5 @@ To run against a specific version of Rails: == Dependencies -* Rails 2.1 or later -* acts_as_enumeration[http://github.com/pluginaweek/acts_as_enumeration] -* plugins_plus[http://github.com/pluginaweek/plugins_plugins] (optional if app files are copied to your project tree) +* Rails 2.3 or later +* enumerate_by[http://github.com/pluginaweek/enumerate_by] README.rdoc @@ -1,42 +1,43 @@ -# A permission defines access to a single part of an application, restricted by -# both controller and action specifications. +# A permission defines access to a single part of an application, restricted +# by both controller and action specifications. # -# Permissions can be application-, controller-, or action-specific. Permissions -# using the +application+ controller are global. Permissions without any +action+ -# specified are controller-specific. Permissions with both +controller+ and +# Permissions can be application-, controller-, or action-specific. Those +# using the +application+ controller are global. Those without any +action+ +# specified are controller-specific. Those with both +controller+ and # +action+ specified are action-specific. # # == Examples # -# create :id => 1, :controller => 'application' # Access to the whole application -# create :id => 2, :controller => 'users' # Access to the Users controller (any action) -# create :id => 3, :controller => 'users', :action => 'index' # Access to the Users controller and index action +# Permission.bootstrap( +# {:id => 1, :controller => 'application'}, # Access to the whole application +# {:id => 2, :controller => 'users'}, # Access to the Users controller (any action) +# {:id => 3, :controller => 'users', :action => 'index'} # Access to the Users controller and index action +# ) class Permission < ActiveRecord::Base - acts_as_enumeration :path + enumerate_by :path - column :controller, :string - column :action, :string + has_many :assigned_roles, :class_name => 'RolePermission' + has_many :roles, :through => :assigned_roles - validates_presence_of :controller - validates_length_of :action, - :minimum => 1, - :allow_nil => true + validates_presence_of :controller + validates_length_of :action, :minimum => 1, :allow_nil => true + + before_validation :set_path class << self - # Is there a permission that exists which restricts the given url? If there - # is no permission that restricts the path, then anyone should be allowed - # access to it + # Is there a permission that exists which restricts the given url? If + # there is no permission that restricts the path, then anyone should be + # allowed access to it def restricts?(options = '') controller, action = recognize_path(options) # See if a permission exists for either the controller or controller/action # combination. If it doesn't, then the path isn't restricted - permission = find_by_path("#{controller}/") || find_by_path("#{controller}/#{action}") - !permission.nil? + exists?(:path => ["#{controller}/", "#{controller}/#{action}"]) end - # Parses the controller path and action from the given options. Options may - # be in any one of the following formats: + # Parses the controller path and action from the given options. Options + # may be in any one of the following formats: # * +string+ - A relative or absolute path in the application # * +hash+ - A hash include the controller/action attributes def recognize_path(options = '') @@ -48,10 +49,13 @@ class Permission < ActiveRecord::Base end end - def initialize(attributes = nil) #:nodoc: - super - self.path = "#{controller}/#{action}" - end + private + # Set full path for the controller / action + def set_path + self.path = "#{controller}/#{action}" + end - create :id => 1, :controller => 'application' + bootstrap( + {:id => 1, :controller => 'application'} + ) end app/models/permission.rb @@ -1,41 +1,19 @@ # A role defines a group of users in the system who are able to access a -# collection of features in the application. Examples of roles could be -# 'Administrator', 'Developer', or 'Guest'. +# collection of features in the application. # -# == Adding permissions +# == Examples # -# The features that a role has access to is dependent on the permissions that -# have been assigned to the role. -# -# To add permissions to an existing role, such as the administrator role -# pre-defined in this model: -# -# Role[:administrator].permissions << 'admin/stats/' -# -# To assigns permissions to a new role: -# -# Role.create :id => 2, :name => 'developer', :permissions => %w( -# comments/create -# admin/stats/ +# Role.bootstrap( +# {:id => 1, :name => 'administrator'}, +# {:id => 2, :name => 'developer'}, +# {:id => 3, :name => 'guest'} # ) -# -# Notice that permissions are in the form of the path defined by the -# controller/action. class Role < ActiveRecord::Base - acts_as_enumeration + enumerate_by :name - # The list of permissions that this role has access to - attr_accessor :permissions - - has_many :assignments, - :class_name => 'RoleAssignment' - - def initialize(attributes = nil) #:nodoc: - super - - @permissions ||= [] - @authorizations = {} - end + has_many :assigned_permissions, :class_name => 'RolePermission' + has_many :permissions, :through => :assigned_permissions + has_many :assignments, :class_name => 'RoleAssignment' # Is this role authorized for the given url? The url can be any one of the # following formats: @@ -46,23 +24,15 @@ class Role < ActiveRecord::Base # Authorization is based on whether the role has a permission that either # directly matches the path or represents a parent path (i.e. using the # controller/class hierarchy) - def authorized_for?(options = '') - path = Permission.recognize_path(options) - - if (authorized = @authorizations[path]).nil? - controller, action = path - - # Include parent controllers for inheritance support - controllers = "#{controller.camelize}Controller".constantize.ancestors.select {|c| c < ActionController::Base}.map(&:controller_path) - - authorized = @authorizations[path] = permissions.any? do |permission| - permission = Permission[permission] unless permission.is_a?(Permission) - controllers.include?(permission.controller) && (!permission.action? || permission.action == action) - end - end + named_scope :authorized_for, lambda {|*args| + options = args.first || '' + controller, action = Permission.recognize_path(options) + controllers = "#{controller.camelize}Controller".constantize.ancestors.select {|c| c < ActionController::Base}.map(&:controller_path) - authorized - end + {:joins => :permissions, :conditions => ['permissions.controller IN (?) AND (permissions.action IS NULL OR permissions.action = ?)', controllers, action]} + } - create :id => 1, :name => 'admin', :permissions => %w(application/) + bootstrap( + {:id => 1, :name => 'admin'} + ) end app/models/role.rb @@ -1,12 +1,9 @@ # Represents an assignment of a role to a user (assignee) in the system class RoleAssignment < ActiveRecord::Base - belongs_to :role - belongs_to :assignee, - :polymorphic => true + belongs_to :role + belongs_to :assignee, :polymorphic => true - validates_presence_of :role_id, - :assignee_id, - :assignee_type + validates_presence_of :role_id, :assignee_id, :assignee_type attr_accessible :role end app/models/role_assignment.rb @@ -4,14 +4,14 @@ require 'has_roles/url_helper' # Adds a generic implementation for dealing with role management module HasRoles module MacroMethods - # Indicates that the model has roles. This will create the folliwng - # association: - # * +role_assignments+ - The join association for roles that have been assigned to a record in this model + # Indicates that the model has roles. This will create the following + # associations: + # * +role_assignments+ - The join association for roles that have been + # assigned to a record in this model + # * +roles+ - The actual roles through the join association def has_roles - has_many :role_assignments, - :class_name => 'RoleAssignment', - :as => :assignee, - :dependent => :destroy + has_many :role_assignments, :class_name => 'RoleAssignment', :as => :assignee, :dependent => :destroy + has_many :roles, :through => :role_assignments include HasRoles::InstanceMethods end @@ -28,12 +28,7 @@ module HasRoles # user.authorized_for?('admin/messages') # user.authorized_for?('http://localhost:3000/admin/messages') def authorized_for?(options = '') - !Permission.restricts?(options) || roles.any? {|role| role.authorized_for?(options)} - end - - # All of the roles currently assigned - def roles - role_assignments.map(&:role) + !Permission.restricts?(options) || roles.authorized_for(options).exists? end end end lib/has_roles.rb @@ -1,6 +1,6 @@ module HasRoles - # Provides helper methods for conditionally making links depending on whether - # the current user is authorized to access the url being linked to. + # Provides helper methods for conditionally making links depending on + # whether the current user is authorized to access the url being linked to. # # In order to determine who the "current user" is, the helper methods # assume that a +current_user+ helper has been defined. An example of an @@ -19,7 +19,8 @@ module HasRoles # Only link to the url if the current user is authorized to access it. In # addition to the options normally available in +link_to+, the following # options can be specified: - # * +show_text+ - If set to true, will only display the text if the user is not authorized for the link. (Default is +false+). + # * +show_text+ - If set to true, will only display the text if the user + # is not authorized for the link. (Default is +false+). def link_to_if_authorized(name, options = {}, html_options = {}, &block) text_on_no_authorization = html_options.delete(:show_text) ? name : '' lib/has_roles/url_helper.rb @@ -1,9 +1,12 @@ require 'config/boot' -require "#{File.dirname(__FILE__)}/../../../../plugins_plus/boot" Rails::Initializer.run do |config| config.plugin_paths << '..' - config.plugins = %w(plugins_plus acts_as_enumeration has_roles) + config.plugins = %w(enumerate_by has_roles) config.cache_classes = false config.whiny_nils = true + config.action_controller.session = {:key => 'rails_session', :secret => 'd229e4d22437432705ab3985d4d246'} + config.after_initialize do + EnumerateBy.perform_caching = false + end end test/app_root/config/environment.rb @@ -35,14 +35,12 @@ module Factory build Permission do |attributes| attributes.reverse_merge!( - :id => 1, :controller => 'admin/users' ) end build Role do |attributes| attributes.reverse_merge!( - :id => 1, :name => 'developer' ) end @@ -52,6 +50,11 @@ module Factory attributes[:assignee] = create_user unless attributes.include?(:assignee) end + build RolePermission do |attributes| + attributes[:permission] = create_permission unless attributes.include?(:permission) + attributes[:role] = create_role unless attributes.include?(:role) + end + build User do |attributes| attributes.reverse_merge!( :login => 'admin' test/factory.rb @@ -25,8 +25,8 @@ class ControllerLoggedInTest < ActionController::TestCase @user = create_user @request.session[:user_id] = @user.id - @permission = create_permission(:controller => 'admin/users') - @role = create_role(:name => 'developer', :permissions => ['admin/users/']) + @role = create_role(:name => 'developer') + create_role_permission(:role => @role, :permission => create_permission(:controller => 'admin/users')) end def test_should_be_successful_if_authorized @@ -42,9 +42,4 @@ class ControllerLoggedInTest < ActionController::TestCase assert_equal '401', @response.code end - - def teardown - Role.destroy_all - Permission.destroy_all - end end test/functional/application_controller_test.rb @@ -60,10 +60,6 @@ class AuthorizationHelperWithoutPermissionsTest < ActionController::TestCase def test_should_not_be_authorized_for_custom_url assert !authorized_for?('/admin/users/destroy/1') end - - def teardown - Permission.destroy_all - end end class AuthorizationHelperWithPermissionsTest < ActionController::TestCase @@ -81,8 +77,8 @@ class AuthorizationHelperWithPermissionsTest < ActionController::TestCase @user = create_user session[:user_id] = @user.id - create_permission(:controller => 'admin/users') - role = create_role(:name => 'developer', :permissions => ['admin/users/']) + role = create_role(:name => 'developer') + create_role_permission(:role => role, :permission => create_permission(:controller => 'admin/users')) create_role_assignment(:role => role, :assignee => @user) end @@ -93,9 +89,4 @@ class AuthorizationHelperWithPermissionsTest < ActionController::TestCase def test_should_be_authorized_for_custom_url_if_user_has_proper_permissions assert authorized_for?('/admin/users/destroy/1') end - - def teardown - Role.destroy_all - Permission.destroy_all - end end test/helpers/authorization_helper_test.rb @@ -13,5 +13,6 @@ Test::Unit::TestCase.class_eval do end # Remove defaults for testing -Permission.destroy_all -Role.destroy_all +RolePermission.delete_all +Permission.delete_all +Role.delete_all test/test_helper.rb @@ -1,45 +1,41 @@ require File.dirname(__FILE__) + '/../test_helper' -class PermissionByDefaultTest < Test::Unit::TestCase +class PermissionByDefaultTest < ActiveRecord::TestCase def setup @permission = Permission.new end def test_should_not_have_a_controller - assert_nil @permission.controller + assert @permission.controller.blank? end def test_should_not_have_an_action assert @permission.action.blank? end - def test_should_have_a_path - assert_equal '/', @permission.path + def test_should_not_have_a_path + assert @permission.path.blank? end def test_should_use_controller_as_path_if_not_specified permission = Permission.new(:controller => 'users') + permission.valid? assert_equal 'users/', permission.path end def test_should_use_controller_and_action_as_path_if_not_specified permission = Permission.new(:controller => 'users', :action => 'index') + permission.valid? assert_equal 'users/index', permission.path end end -class PermissionTest < Test::Unit::TestCase +class PermissionTest < ActiveRecord::TestCase def test_should_be_valid_with_a_valid_set_of_attributes permission = new_permission assert permission.valid? end - def test_should_require_an_id - permission = new_permission(:id => nil) - assert !permission.valid? - assert permission.errors.invalid?(:id) - end - def test_should_require_a_controller permission = new_permission(:controller => nil) assert !permission.valid? @@ -57,13 +53,6 @@ class PermissionTest < Test::Unit::TestCase assert permission.errors.invalid?(:action) end - def test_should_require_a_path - permission = new_permission - permission.path = nil - assert !permission.valid? - assert permission.errors.invalid?(:path) - end - def test_should_require_a_unique_path permission = create_permission(:controller => 'application') @@ -71,75 +60,59 @@ class PermissionTest < Test::Unit::TestCase assert !second_permission.valid? assert second_permission.errors.invalid?(:path) end - - def test_should_protect_attributes_from_mass_assignment - permission = Permission.new( - :id => 123, - :controller => 'site', - :action => 'about', - :path => 'invalid' - ) - - assert_equal 123, permission.id - assert_equal 'site', permission.controller - assert_equal 'about', permission.action - assert_equal 'site/about', permission.path - end - - def teardown - Permission.destroy_all - end end -class PermissionAfterBeingCreatedTest < Test::Unit::TestCase +class PermissionAfterBeingCreatedTest < ActiveRecord::TestCase def setup @permission = create_permission(:controller => 'application') end - def test_should_have_an_id - assert_not_nil @permission.id + def test_should_have_a_path + assert_equal 'application/', @permission.path + end + + def test_should_have_no_assigned_roles + assert @permission.assigned_roles.empty? end - def teardown - Permission.destroy_all + def test_should_have_no_roles + assert @permission.roles.empty? end end -class PermissionAsAClassTest < Test::Unit::TestCase - def test_should_recognize_path_by_relative_url +class PermissionPathRecognitionTest < ActiveRecord::TestCase + def test_should_recognize_by_relative_url assert_equal ['users', 'index'], Permission.recognize_path('/users') end - def test_should_recognize_path_by_relative_url_with_namespace + def test_should_recognize_by_relative_url_with_namespace assert_equal ['admin/users', 'update'], Permission.recognize_path('/admin/users/update') end - def test_should_recognize_path_by_absolute_url + def test_should_recognize_by_absolute_url assert_equal ['users', 'index'], Permission.recognize_path('http://localhost:3000/users') end - def test_should_recognize_path_by_hash + def test_should_recognize_by_hash assert_equal ['users', 'index'], Permission.recognize_path(:controller => 'users', :action => 'index') end - def test_should_recognize_path_by_hash_with_namespace + def test_should_recognize_by_hash_with_namespace assert_equal ['admin/users', 'update'], Permission.recognize_path(:controller => 'admin/users', :action => 'update', :id => 1) end - def test_should_recognize_path_if_action_not_specified + def test_should_recognize_if_action_not_specified assert_equal ['users', 'index'], Permission.recognize_path(:controller => 'users') end - - def test_should_restrict_path_if_permission_exists_for_path +end + +class PermissionRestrictionTest < ActiveRecord::TestCase + def test_should_restrict_if_permission_exists_for_path create_permission(:controller => 'application') assert Permission.restricts?(:controller => 'application') end - def test_should_not_restrict_path_if_no_permission_exists_for_path + def test_should_not_restrict_if_no_permission_exists_for_path assert !Permission.restricts?('/users') end - - def teardown - Permission.destroy_all - end end test/unit/permission_test.rb @@ -1,6 +1,6 @@ require File.dirname(__FILE__) + '/../test_helper' -class RoleAssignmentByDefaultTest < Test::Unit::TestCase +class RoleAssignmentByDefaultTest < ActiveRecord::TestCase def setup @role_assignment = RoleAssignment.new end @@ -18,7 +18,7 @@ class RoleAssignmentByDefaultTest < Test::Unit::TestCase end end -class RoleAssignmentTest < Test::Unit::TestCase +class RoleAssignmentTest < ActiveRecord::TestCase def test_should_be_valid_with_a_valid_set_of_attributes role_assignment = new_role_assignment assert role_assignment.valid? @@ -57,8 +57,4 @@ class RoleAssignmentTest < Test::Unit::TestCase assert_nil role_assignment.assignee_type assert_equal 'admin', role_assignment.role end - - def teardown - Role.destroy_all - end end test/unit/role_assignment_test.rb @@ -1,6 +1,6 @@ require File.dirname(__FILE__) + '/../test_helper' -class RoleByDefaultTest < Test::Unit::TestCase +class RoleByDefaultTest < ActiveRecord::TestCase def setup @role = Role.new end @@ -8,13 +8,9 @@ class RoleByDefaultTest < Test::Unit::TestCase def test_should_not_have_a_name assert @role.name.blank? end - - def test_should_not_have_any_permissions - assert @role.permissions.empty? - end end -class RoleTest < Test::Unit::TestCase +class RoleTest < ActiveRecord::TestCase def test_should_be_valid_with_a_valid_set_of_attributes role = new_role assert role.valid? @@ -33,118 +29,112 @@ class RoleTest < Test::Unit::TestCase assert !second_role.valid? assert second_role.errors.invalid?(:name) end +end + +class RoleAfterBeingCreatedTest < ActiveRecord::TestCase + def setup + @role = create_role + end - def test_should_protect_attributes_from_mass_assignment - role = Role.new( - :id => 123, - :name => 'developer', - :permissions => ['application/'] - ) - - assert_equal 123, role.id - assert_equal 'developer', role.name - assert_equal ['application/'], role.permissions + def test_should_not_have_any_assigned_permissions + assert @role.permissions.empty? + end + + def test_should_not_have_any_permissions + assert @role.permissions.empty? end - def teardown - Role.destroy_all + def test_should_not_have_any_assignments + assert @role.assignments.empty? end end -class RoleAfterBeingCreatedTest < Test::Unit::TestCase +class RoleWithPermissionsTest < ActiveRecord::TestCase def setup @role = create_role + @permission_create = create_permission(:controller => 'users', :action => 'create') + @permission_update = create_permission(:controller => 'users', :action => 'update') + + create_role_permission(:role => @role, :permission => @permission_create) + create_role_permission(:role => @role, :permission => @permission_update) end - def test_should_not_have_any_assignments - assert @role.assignments.empty? + def test_should_have_assigned_permissions + assert_equal [@permission_create, @permission_update], @role.assigned_permissions.map(&:permission) end - def teardown - Role.destroy_all + def test_should_have_permissions + assert_equal [@permission_create, @permission_update], @role.permissions end end -class RoleWithPermissionsTest < Test::Unit::TestCase +class RoleWithAssignmentsTest < ActiveRecord::TestCase def setup - @role = new_role - @permission_create = create_permission(:id => 1, :controller => 'users', :action => 'create') - @permission_update = create_permission(:id => 2, :controller => 'users', :action => 'update') + @role = create_role - @role.permissions.concat([@permission_create, @permission_update]) - @role.save! + @administrator = create_role_assignment(:role => @role, :assignee => create_user(:login => 'admin')) + @developer = create_role_assignment(:role => @role, :assignee => create_user(:login => 'dev')) end - def test_should_have_permissions - assert_equal [@permission_create, @permission_update], @role.permissions + def test_should_have_assignments + assert_equal [@administrator, @developer], @role.assignments + end +end + +class RoleAuthorizedForScopeTest < ActiveRecord::TestCase + def setup + @role = create_role + @permission_create = create_permission(:controller => 'users', :action => 'create') + @permission_update = create_permission(:controller => 'users', :action => 'update') + + create_role_permission(:role => @role, :permission => @permission_create) + create_role_permission(:role => @role, :permission => @permission_update) end def test_should_authorize_for_a_relative_url - assert @role.authorized_for?('/users/create') + assert_equal [@role], Role.authorized_for('/users/create') end def test_should_not_authorize_for_a_relative_url_if_not_permissioned - assert !@role.authorized_for?('/admin/users/create') + assert_equal [], Role.authorized_for('/admin/users/create') end def test_should_authorize_for_an_absolute_url - assert @role.authorized_for?('http://localhost:3000/users/create') + assert_equal [@role], Role.authorized_for('http://localhost:3000/users/create') end def test_should_not_authorize_for_an_absolute_url_if_not_permissioned - assert !@role.authorized_for?('http://localhost:3000/users/edit') + assert_equal [], Role.authorized_for('http://localhost:3000/users/edit') end def test_should_authorize_for_a_controller - @role.permissions << create_permission(:id => 3, :controller => 'users') - assert @role.authorized_for?(:controller => 'users') + create_role_permission(:role => @role, :permission => create_permission(:controller => 'users')) + assert_equal [@role], Role.authorized_for(:controller => 'users') end def test_should_not_authorize_for_a_controller_if_not_permissioned - assert !@role.authorized_for?(:controller => 'admin/users') + assert_equal [], Role.authorized_for(:controller => 'admin/users') end def test_should_authorize_for_a_controller_and_action - assert @role.authorized_for?(:controller => 'users', :action => 'create') + assert_equal [@role], Role.authorized_for(:controller => 'users', :action => 'create') end def test_should_not_authorize_for_a_controller_and_action_if_not_permissioned - assert !@role.authorized_for?(:controller => 'users', :action => 'edit') + assert_equal [], Role.authorized_for(:controller => 'users', :action => 'edit') end def test_should_authorize_for_the_entire_application - @role.permissions << create_permission(:id => 3, :controller => 'application') - assert @role.authorized_for?(:controller => 'application') + create_role_permission(:role => @role, :permission => create_permission(:controller => 'application')) + assert_equal [@role], Role.authorized_for(:controller => 'application') end def test_should_not_authorize_for_the_entire_application_if_not_permissioned - assert !@role.authorized_for?(:controller => 'application') + assert_equal [], Role.authorized_for(:controller => 'application') end def test_should_authorize_if_permissioned_for_superclass_controller - @role.permissions << create_permission(:id => 3, :controller => 'admin/base') - assert @role.authorized_for?('/admin/users') - end - - def teardown - Role.destroy_all - Permission.destroy_all - end -end - -class RoleWithAssignmentsTest < Test::Unit::TestCase - def setup - @role = create_role - - @administrator = create_role_assignment(:role => @role, :assignee => create_user(:login => 'admin')) - @developer = create_role_assignment(:role => @role, :assignee => create_user(:login => 'dev')) - end - - def test_should_have_assignments - assert_equal [@administrator, @developer], @role.assignments - end - - def teardown - Role.destroy_all + create_role_permission(:role => @role, :permission => create_permission(:controller => 'admin/base')) + assert_equal [@role], Role.authorized_for('/admin/users') end end test/unit/role_test.rb db/migrate/001_create_role_assignments.rb test/app_root/app/controllers/application.rb test/app_root/db/migrate/002_migrate_has_roles_to_version_1.rb test/unit/has_roles_test.rb e9d49361d09334647cc2ee870b3d1302bba3cb7b Aaron Pfeifer aaron.pfeifer@gmail.com http://github.com/pluginaweek/has_roles/commit/2b7144216d71d4c02fc44c7d78501c5ea382b884 2b7144216d71d4c02fc44c7d78501c5ea382b884 2009-04-28T20:45:33-07:00 2009-04-28T20:45:33-07:00 Replace acts_as_enumeration with enumerate_by Add dependency on Rails 2.3 Introduce RolePermission as the join model between Roles and Permissions Improve permission lookup performance d812df0d2b8874236529cde453e2f62d1a7e3d1b Aaron Pfeifer aaron.pfeifer@gmail.com