Added enforcers

examples/example_helper.rb

@@ -2,6 +2,7 @@
 $LOAD_PATH.unshift(File.dirname(__FILE__))
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
 require 'thwart'
+
 # require 'rubygems'
 # require 'ruby-debug'
 

lib/thwart.rb

@@ -1,31 +1,33 @@
+require 'active_support'
 require 'active_support/callbacks'
 require 'active_support/core_ext/module/attribute_accessors'
 require "active_support/core_ext/module/delegation"
 require "active_support/core_ext/array/wrap"
 
-# require 'thwart/canable'
-# require 'thwart/actions_store'
-# require 'thwart/action_group_builder'
-# require 'thwart/role_registry'
-# require 'thwart/role_builder'
-# require 'thwart/role'
-# require 'thwart/role'
-# require 'thwart/resource'
-# require 'thwart/actor'
-# require 'thwart/dsl'
+
+require 'thwart/canable'
+require 'thwart/actions_store'
+require 'thwart/action_group_builder'
+require 'thwart/role_registry'
+require 'thwart/role_builder'
+require 'thwart/role'
+require 'thwart/resource'
+require 'thwart/actor'
+require 'thwart/enforcer'
+require 'thwart/dsl'
 
 module Thwart
-  autoload :Cans, 'thwart/canable'
-  autoload :Ables, 'thwart/canable'
-  autoload :ActionsStore, 'thwart/actions_store'
-  autoload :ActionGroupBuilder, 'thwart/action_group_builder'
-  autoload :RoleRegistry, 'thwart/role_registry'
-  autoload :RoleBuilder, 'thwart/role_builder'
-  autoload :Role, 'thwart/role'
-  autoload :DefaultRole, 'thwart/role'
-  autoload :Resource, 'thwart/resource'
-  autoload :Actor, 'thwart/actor'
-  autoload :Dsl, 'thwart/dsl'
+  # autoload :Cans, 'thwart/canable'
+  # autoload :Ables, 'thwart/canable'
+  # autoload :ActionsStore, 'thwart/actions_store'
+  # autoload :ActionGroupBuilder, 'thwart/action_group_builder'
+  # autoload :RoleRegistry, 'thwart/role_registry'
+  # autoload :RoleBuilder, 'thwart/role_builder'
+  # autoload :Role, 'thwart/role'
+  # autoload :DefaultRole, 'thwart/role'
+  # autoload :Resource, 'thwart/resource'
+  # autoload :Actor, 'thwart/actor'
+  # autoload :Dsl, 'thwart/dsl'
 
   # The default can => able methods for CRUD
   CrudActions = {:create => :creatable, :view => :viewable, :update => :updatable, :destroy => :destroyable}
@@ -61,4 +63,5 @@ def configure(&block)
   end
 
   class MissingAttributeError < StandardError; end
+  class NoPermissionError < StandardError; end
 end

lib/thwart/enforcer.rb

@@ -0,0 +1,15 @@
+module Thwart
+  module Enforcer
+    def thwart_access(resource)
+      raise ArgumentError, "Thwart needs a current_user method to enforce permissions." unless self.respond_to?(:current_user)
+      raise ArgumentError, "Thwart needs the params hash to have an [:action] to enforce." if params.nil? || params[:action].nil?
+      raise ArgumentError, "Unknown action #{params[:action]} to enforce" unless Thwart::Actions.has_can?(params[:action])
+
+      unless Thwart.query(current_user, resource, params[:action])
+        raise Thwart::NoPermissionError, "User #{current_user} doesn't have permission to #{params[:action]} #{resource}."
+      else
+        true
+      end
+    end
+  end
+end

spec/enforcer_spec.rb

@@ -0,0 +1,17 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+
+describe Thwart::Enforcer do
+  context "access enforcment" do
+    it "should need the current user method defined on the controller" do
+      lambda { instance_with_module(Thwart::Enforcer).thwart_access }.should raise_error(ArgumentError)
+    end
+    it "should need the params hash to have an action key" do
+      class_with_module(Thwart::Enforcer)
+      lambda { @controller.thwart_access }.should raise_error(ArgumentError)
+    end
+    it "should need the params[:actions] to be a recognized action"
+    it "should thwart access by raising an error if the user doesn't have permission"
+    it "should return true if the user does have permission"
+  end
+end