Allow authorization with options hash

nathanl · Aug 10, 2012 · 9330746 · 9330746
1 parent e2f9373
commit 9330746
Show file tree

Hide file tree

Showing 6 changed files with 130 additions and 30 deletions.
diff --git a/lib/authority/abilities.rb b/lib/authority/abilities.rb
@@ -21,8 +21,12 @@ module ClassMethods
       Authority.adjectives.each do |adjective|
 
         class_eval <<-RUBY, __FILE__, __LINE__ + 1
-          def #{adjective}_by?(user)
-            authorizer.#{adjective}_by?(user)
+          def #{adjective}_by?(user, options = {})
+            if options.empty?
+              authorizer.#{adjective}_by?(user)
+            else
+              authorizer.#{adjective}_by?(user, options)
+            end
           end
         RUBY
       end
@@ -38,8 +42,12 @@ def authorizer
     Authority.adjectives.each do |adjective|
 
       class_eval <<-RUBY, __FILE__, __LINE__ + 1
-        def #{adjective}_by?(user)
-          authorizer.#{adjective}_by?(user)
+        def #{adjective}_by?(user, options = {})
+          if options.empty?
+            authorizer.#{adjective}_by?(user)
+          else
+            authorizer.#{adjective}_by?(user, options)
+          end
         end
 
         def authorizer

diff --git a/lib/authority/authorizer.rb b/lib/authority/authorizer.rb
@@ -17,23 +17,31 @@ def initialize(resource)
     # Each instance method simply calls the corresponding class method
     Authority.adjectives.each do |adjective|
       class_eval <<-RUBY, __FILE__, __LINE__ + 1
-        def #{adjective}_by?(user)
-          self.class.#{adjective}_by?(user)
+        def #{adjective}_by?(user, options = {})
+          if options.empty?
+            self.class.#{adjective}_by?(user)
+          else
+            self.class.#{adjective}_by?(user, options)
+          end
         end
       RUBY
     end
 
     # Each class method simply calls the `default` method
     Authority.adjectives.each do |adjective|
       class_eval <<-RUBY, __FILE__, __LINE__ + 1
-        def self.#{adjective}_by?(user)
-          default(:#{adjective}, user)
+        def self.#{adjective}_by?(user, options = {})
+          if options.empty?
+            default(:#{adjective}, user)
+          else
+            default(:#{adjective}, user, options)
+          end
         end
       RUBY
     end
 
     # Whitelisting approach: anything not specified will be forbidden
-    def self.default(adjective, user)
+    def self.default(adjective, user, options = {})
       false
     end
 

diff --git a/lib/authority/user_abilities.rb b/lib/authority/user_abilities.rb
@@ -10,8 +10,12 @@ module UserAbilities
 
     Authority.verbs.each do |verb|
       class_eval <<-RUBY, __FILE__, __LINE__ + 1
-        def can_#{verb}?(resource)
-          resource.#{Authority.abilities[verb]}_by?(self)
+        def can_#{verb}?(resource, options = {})
+          if options.empty?
+            resource.#{Authority.abilities[verb]}_by?(self)
+          else
+            resource.#{Authority.abilities[verb]}_by?(self, options)
+          end
         end
       RUBY
     end

diff --git a/spec/authority/abilities_spec.rb b/spec/authority/abilities_spec.rb
@@ -52,9 +52,22 @@ class NoAuthorizerModel < AbilityModel; end ;
         AbilityModel.should respond_to(method_name)
       end
 
-      it "should delegate `#{method_name}` to its authorizer class" do
-        AbilityModel.authorizer.should_receive(method_name).with(@user)
-        AbilityModel.send(method_name, @user)
+      describe "if given an options hash" do
+
+        it "should delegate `#{method_name}` to its authorizer class, passing the options" do
+          AbilityModel.authorizer.should_receive(method_name).with(@user, :lacking => 'nothing')
+          AbilityModel.send(method_name, @user, :lacking => 'nothing')
+        end
+
+      end
+
+      describe "if not given an options hash" do
+
+        it "should delegate `#{method_name}` to its authorizer class, passing no options" do
+          AbilityModel.authorizer.should_receive(method_name).with(@user)
+          AbilityModel.send(method_name, @user)
+        end
+
       end
 
     end
@@ -75,10 +88,24 @@ class NoAuthorizerModel < AbilityModel; end ;
         @ability_model.should respond_to(method_name)
       end
 
-      it "should delegate `#{method_name}` to a new authorizer instance" do
-        AbilityModel.authorizer.stub(:new).and_return(@authorizer)
-        @authorizer.should_receive(method_name).with(@user)
-        @ability_model.send(method_name, @user)
+      describe "if given an options hash" do
+
+        it "should delegate `#{method_name}` to a new authorizer instance, passing the options" do
+          AbilityModel.authorizer.stub(:new).and_return(@authorizer)
+          @authorizer.should_receive(method_name).with(@user, :with => 'mayo')
+          @ability_model.send(method_name, @user, :with => 'mayo')
+        end
+
+      end
+
+      describe "if not given an options hash" do
+
+        it "should delegate `#{method_name}` to a new authorizer instance, passing no options" do
+          AbilityModel.authorizer.stub(:new).and_return(@authorizer)
+          @authorizer.should_receive(method_name).with(@user)
+          @ability_model.send(method_name, @user)
+        end
+
       end
 
     end

diff --git a/spec/authority/authorizer_spec.rb b/spec/authority/authorizer_spec.rb
@@ -23,9 +23,23 @@
         @authorizer.should respond_to(method_name)
       end
 
-      it "should delegate `#{method_name}` to the corresponding class method by default" do
-        @authorizer.class.should_receive(method_name).with(@user)
-        @authorizer.send(method_name, @user)
+
+      describe "if given an options hash" do
+
+        it "should delegate `#{method_name}` to the corresponding class method, passing the options" do
+          @authorizer.class.should_receive(method_name).with(@user, :under => 'God')
+          @authorizer.send(method_name, @user, :under => 'God')
+        end
+
+      end
+
+      describe "if not given an options hash" do
+
+        it "should delegate `#{method_name}` to the corresponding class method, passing no options" do
+          @authorizer.class.should_receive(method_name).with(@user)
+          @authorizer.send(method_name, @user)
+        end
+
       end
 
     end
@@ -41,10 +55,24 @@
         Authority::Authorizer.should respond_to(method_name)
       end
 
-      it "should delegate `#{method_name}` to the authorizer's `default` method by default" do
-        able = method_name.sub('_by?', '').to_sym
-        Authority::Authorizer.should_receive(:default).with(able, @user)
-        Authority::Authorizer.send(method_name, @user)
+      describe "if given an options hash" do
+
+        it "should delegate `#{method_name}` to the authorizer's `default` method, passing the options" do
+          able = method_name.sub('_by?', '').to_sym
+          Authority::Authorizer.should_receive(:default).with(able, @user, :with => 'gusto')
+          Authority::Authorizer.send(method_name, @user, :with => 'gusto')
+        end
+
+      end
+
+      describe "if not given an options hash" do
+
+        it "should delegate `#{method_name}` to the authorizer's `default` method, passing no options" do
+          able = method_name.sub('_by?', '').to_sym
+          Authority::Authorizer.should_receive(:default).with(able, @user)
+          Authority::Authorizer.send(method_name, @user)
+        end
+
       end
 
     end
@@ -53,8 +81,19 @@
 
   describe "the default method" do
 
-    it "should return false" do
-      Authority::Authorizer.default(:implodable, @user).should be_false
+    describe "if given an options hash" do
+
+      it "should return false" do
+        Authority::Authorizer.default(:implodable, @user, {:for => "my_object"}).should be_false
+      end
+    end
+
+    describe "if not given an options hash" do
+
+      it "should return false" do
+        Authority::Authorizer.default(:implodable, @user).should be_false
+      end
+
     end
 
   end

diff --git a/spec/authority/user_abilities_spec.rb b/spec/authority/user_abilities_spec.rb
@@ -16,10 +16,24 @@
       @user.should respond_to(method_name)
     end
 
-    it "should delegate the authorization check to the resource provided" do
-      @ability_model.should_receive("#{Authority.abilities[verb]}_by?").with(@user)
-      @user.send(method_name, @ability_model)
+    describe "if given options" do
+
+      it "should delegate the authorization check to the resource, passing the options" do
+        @ability_model.should_receive("#{Authority.abilities[verb]}_by?").with(@user, :size => 'wee')
+        @user.send(method_name, @ability_model, :size => 'wee')
+      end
+
     end
+
+    describe "if not given options" do
+
+      it "should delegate the authorization check to the resource, passing no options" do
+        @ability_model.should_receive("#{Authority.abilities[verb]}_by?").with(@user)
+        @user.send(method_name, @ability_model)
+      end
+
+    end
+
   end
 
 end