Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Added enforcers

  • Loading branch information...
commit c1b39c256877ed5276274e712b03b5356ec8b5b6 1 parent 9cd08d7
Harry Brundage authored
View
1  examples/example_helper.rb
@@ -2,6 +2,7 @@
$LOAD_PATH.unshift(File.dirname(__FILE__))
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
require 'thwart'
+
# require 'rubygems'
# require 'ruby-debug'
View
45 lib/thwart.rb
@@ -1,31 +1,33 @@
+require 'active_support'
require 'active_support/callbacks'
require 'active_support/core_ext/module/attribute_accessors'
require "active_support/core_ext/module/delegation"
require "active_support/core_ext/array/wrap"
-# require 'thwart/canable'
-# require 'thwart/actions_store'
-# require 'thwart/action_group_builder'
-# require 'thwart/role_registry'
-# require 'thwart/role_builder'
-# require 'thwart/role'
-# require 'thwart/role'
-# require 'thwart/resource'
-# require 'thwart/actor'
-# require 'thwart/dsl'
+
+require 'thwart/canable'
+require 'thwart/actions_store'
+require 'thwart/action_group_builder'
+require 'thwart/role_registry'
+require 'thwart/role_builder'
+require 'thwart/role'
+require 'thwart/resource'
+require 'thwart/actor'
+require 'thwart/enforcer'
+require 'thwart/dsl'
module Thwart
- autoload :Cans, 'thwart/canable'
- autoload :Ables, 'thwart/canable'
- autoload :ActionsStore, 'thwart/actions_store'
- autoload :ActionGroupBuilder, 'thwart/action_group_builder'
- autoload :RoleRegistry, 'thwart/role_registry'
- autoload :RoleBuilder, 'thwart/role_builder'
- autoload :Role, 'thwart/role'
- autoload :DefaultRole, 'thwart/role'
- autoload :Resource, 'thwart/resource'
- autoload :Actor, 'thwart/actor'
- autoload :Dsl, 'thwart/dsl'
+ # autoload :Cans, 'thwart/canable'
+ # autoload :Ables, 'thwart/canable'
+ # autoload :ActionsStore, 'thwart/actions_store'
+ # autoload :ActionGroupBuilder, 'thwart/action_group_builder'
+ # autoload :RoleRegistry, 'thwart/role_registry'
+ # autoload :RoleBuilder, 'thwart/role_builder'
+ # autoload :Role, 'thwart/role'
+ # autoload :DefaultRole, 'thwart/role'
+ # autoload :Resource, 'thwart/resource'
+ # autoload :Actor, 'thwart/actor'
+ # autoload :Dsl, 'thwart/dsl'
# The default can => able methods for CRUD
CrudActions = {:create => :creatable, :view => :viewable, :update => :updatable, :destroy => :destroyable}
@@ -61,4 +63,5 @@ def configure(&block)
end
class MissingAttributeError < StandardError; end
+ class NoPermissionError < StandardError; end
end
View
15 lib/thwart/enforcer.rb
@@ -0,0 +1,15 @@
+module Thwart
+ module Enforcer
+ def thwart_access(resource)
+ raise ArgumentError, "Thwart needs a current_user method to enforce permissions." unless self.respond_to?(:current_user)
+ raise ArgumentError, "Thwart needs the params hash to have an [:action] to enforce." if params.nil? || params[:action].nil?
+ raise ArgumentError, "Unknown action #{params[:action]} to enforce" unless Thwart::Actions.has_can?(params[:action])
+
+ unless Thwart.query(current_user, resource, params[:action])
+ raise Thwart::NoPermissionError, "User #{current_user} doesn't have permission to #{params[:action]} #{resource}."
+ else
+ true
+ end
+ end
+ end
+end
View
17 spec/enforcer_spec.rb
@@ -0,0 +1,17 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+
+describe Thwart::Enforcer do
+ context "access enforcment" do
+ it "should need the current user method defined on the controller" do
+ lambda { instance_with_module(Thwart::Enforcer).thwart_access }.should raise_error(ArgumentError)
+ end
+ it "should need the params hash to have an action key" do
+ class_with_module(Thwart::Enforcer)
+ lambda { @controller.thwart_access }.should raise_error(ArgumentError)
+ end
+ it "should need the params[:actions] to be a recognized action"
+ it "should thwart access by raising an error if the user doesn't have permission"
+ it "should return true if the user does have permission"
+ end
+end
Please sign in to comment.
Something went wrong with that request. Please try again.