Rails 5 fixes

.gitignore

@@ -5,5 +5,8 @@ rdoc
 gemfiles/*.lock
 log/*
 *.sublime*
-
-
+.ruby-version
+.ruby-gemset
+.idea
+Gemfile
+Gemfile.lock

.travis.yml

@@ -1,20 +1,12 @@
 language: ruby
 script: bundle exec rake test
+cache: bundler
 rvm:
-  - 1.8.7
-  - 1.9.3
+  - 2.2
+  - 2.4
+  - 2.5
 gemfile:
-  - gemfiles/2.3.gemfile
-  - gemfiles/3.0.gemfile
-  - gemfiles/3.1.gemfile
-  - gemfiles/3.2.gemfile
-  - gemfiles/4.0.gemfile
-  - gemfiles/4.1.gemfile
-matrix:
-  exclude:
-    - rvm: 1.8.7
-      gemfile: gemfiles/4.0.gemfile
-    - rvm: 1.8.7
-      gemfile: gemfiles/4.1.gemfile
-    - rvm: 1.9.3
-      gemfile: gemfiles/2.3.gemfile
+  - gemfiles/4.2.gemfile
+  - gemfiles/5.0.gemfile
+  - gemfiles/5.2.gemfile
+

README.rdoc

@@ -1,6 +1,6 @@
 = Declarative Authorization
 
-The declarative authorization plugin offers an authorization mechanism inspired 
+The declarative authorization plugin offers an authorization mechanism inspired
 by _RBAC_.  The most notable distinction to other authorization plugins is the
 declarative approach.  That is, authorization rules are not defined
 programmatically in between business logic but in an authorization configuration.
@@ -21,11 +21,11 @@ Plugin features
   * Authorize CRUD (Create, Read, Update, Delete) activities
   * Query rewriting to automatically only fetch authorized records
 * DSL for specifying Authorization rules in an authorization configuration
-* Support for Rails 4, with backwards compatibility through Rails 2
+* Support for Rails 4.1-2
 
 
 Requirements
-* An authentication mechanism 
+* An authentication mechanism
   * User object in Controller#current_user
   * (For model security) Setting Authorization.current_user
 * User objects need to respond to a method :role_symbols that returns an
@@ -55,14 +55,14 @@ Next, bundle and install.
 
 This installer will create a Role model, an admin and a user role, and set a
 has_and_belongs_to_many relationship between the User model and the Role model.
-It will also add a `role_symbols` method to the user model to meet
+It will also add a +role_symbols+ method to the user model to meet
 declarative_authorization's requirements.  The default User model is User.  You can override this by simply typing the name of a model as above.
 
-You can create the model with the fields provided by using the `--create-user` option.
+You can create the model with the fields provided by using the +--create-user+ option.
 
-The `--commit` option will run `rake db:migrate` and `rake db:seed`.
+The +--commit+ option will run +rake db:migrate+ and +rake db:seed+.
 
-The `--user-belongs-to-role` option will set up a one-to-many relationship between Users and Roles.
+The +--user-belongs-to-role+ option will set up a one-to-many relationship between Users and Roles.
 That is, each user has a role_id column and can only have one role.  Role inheritance can be used
 in authorization rules.
 
@@ -74,7 +74,7 @@ To copy a default set of authorization rules which includes CRUD priveleges, run
 
     $ rails g authorization:rules
 
-This command will copy the following to `config/authorization_rules.rb`.  Remember
+This command will copy the following to +config/authorization_rules.rb+.  Remember
 to implement the requirements of this gem as described in the Installation section
 at the end of this README if you do not use the above installer.
 
@@ -83,7 +83,7 @@ at the end of this README if you do not use the above installer.
         # add permissions for guests here, e.g.
         # has_permission_on :conferences, :to => :read
       end
-      
+
       # permissions on other roles, such as
       # role :admin do
       #   has_permission_on :conferences, :to => :manage
@@ -108,14 +108,14 @@ at the end of this README if you do not use the above installer.
 
 === Controller Authorization
 
-For RESTful controllers, add `filter_resource_access`:
+For RESTful controllers, add +filter_resource_access+:
 
     class MyRestfulController < ApplicationController
       filter_resource_access
       ...
     end
 
-For a non-RESTful controller, you can use `filter_access_to`:
+For a non-RESTful controller, you can use +filter_access_to+:
 
     class MyOtherController < ApplicationController
       filter_access_to :all
@@ -125,7 +125,7 @@ For a non-RESTful controller, you can use `filter_access_to`:
 
 === View Authorization
 
-Declarative Authorization will use `current_user` to check authorization.
+Declarative Authorization will use +current_user+ to check authorization.
 
     <%= link_to 'Edit Post', edit_post_path(@post) if permitted_to? :update, @post %>
 
@@ -147,12 +147,12 @@ Declarative Authorization will use `current_user` to check authorization.
                                  | Privilege |   | Context |  | Attribute |
                                  '-----------'   '---------'  '-----------'
 
-In the application domain, each *User* may be assigned to *Roles* that should 
-define the users' job in the application, such as _Administrator_.  On the 
-right-hand side of this diagram, application developers specify which *Permissions* 
+In the application domain, each *User* may be assigned to *Roles* that should
+define the users' job in the application, such as _Administrator_.  On the
+right-hand side of this diagram, application developers specify which *Permissions*
 are necessary for users to perform activities, such as calling a controller action,
 viewing parts of a View or acting on records in the database.  Note that
-Permissions consist of an *Privilege* that is to be performed, such as _read_, 
+Permissions consist of an *Privilege* that is to be performed, such as _read_,
 and a *Context* in that the Operation takes place, such as _companies_.
 
 In the authorization configuration, Permissions are assigned to Roles and Role
@@ -186,14 +186,14 @@ filter_access_to with the appropriate parameters to protect the CRUD methods.
 See Authorization::AuthorizationInController::ClassMethods for options on
 nested resources and custom member and collection actions.
 
-By default, declarative_authorization will enable filter_resource_access compatibility with strong_parameters in Rails 4.  If you want to disable this behavior, you can use the `:strong_parameters` option.
+By default, declarative_authorization will enable filter_resource_access compatibility with strong_parameters in Rails 4.  If you want to disable this behavior, you can use the +:strong_parameters+ option.
 
     class EmployeesController < ApplicationController
       filter_resource_access :strong_parameters => false
       ...
     end
 
-Simalarly, you can use `:strong_parameters => true` if you are using strong_parameters in Rails 3.
+Simalarly, you can use +:strong_parameters => true+ if you are using strong_parameters in Rails 3.
 
 If you prefer less magic or your controller has no resemblance with the resource
 controllers, directly calling filter_access_to may be the better option.  Examples
@@ -226,7 +226,7 @@ filter_access_to call may become more verbose:
     end
 
 For some actions it might be necessary to check certain attributes of the
-object the action is to be acting on.  Then, the object needs to be loaded 
+object the action is to be acting on.  Then, the object needs to be loaded
 before the action's access control is evaluated.  On the other hand, some actions
 might prefer the authorization to ignore specific attribute checks as the object is
 unknown at checking time, so attribute checks and thus automatic loading of
@@ -239,13 +239,13 @@ objects needs to be enabled explicitly.
       end
     end
 
-You can provide the needed object through before_filters.  This way, you have
+You can provide the needed object through before_actions.  This way, you have
 full control over the object that the conditions are checked against.  Just make
-sure, your before_filters occur before any of the filter_access_to calls.
+sure, your before_actions occur before any of the filter_access_to calls.
 
     class EmployeesController < ApplicationController
-      before_filter :new_employee_from_params, :only => :create
-      before_filter :new_employee, :only => [:index, :new]
+      before_action :new_employee_from_params, :only => :create
+      before_action :new_employee, :only => [:index, :new]
       filter_access_to :all, :attribute_check => true
 
       def create
@@ -260,8 +260,8 @@ sure, your before_filters occur before any of the filter_access_to calls.
 
 If the access is denied, a +permission_denied+ method is called on the
 current_controller, if defined, and the issue is logged.
-For further customization of the filters and object loading, have a look at 
-the complete API documentation of filter_access_to in 
+For further customization of the filters and object loading, have a look at
+the complete API documentation of filter_access_to in
 Authorization::AuthorizationInController::ClassMethods.
 
 
@@ -313,8 +313,8 @@ model that model security should be enforced on, i.e.
 Thus,
     Employee.create(...)
 fails, if the current user is not allowed to :create :employees according
-to the authorization rules.  For the application to find out about what 
-happened if an operation is denied, the filters throw 
+to the authorization rules.  For the application to find out about what
+happened if an operation is denied, the filters throw
 Authorization::NotAuthorized exceptions.
 
 As access control on read are costly, with possibly lots of objects being
@@ -336,8 +336,8 @@ the usual find method:
 
     Employee.with_permissions_to(:read).find(:all, :conditions => ...)
 
-If the current user is completely missing the permissions, an 
-Authorization::NotAuthorized exception is raised.  Through 
+If the current user is completely missing the permissions, an
+Authorization::NotAuthorized exception is raised.  Through
 Model.obligation_conditions, application developers may retrieve
 the conditions for manual rewrites.
 
@@ -385,9 +385,9 @@ Privilege hierarchies may be context-specific, e.g. applicable to :employees.
       privilege :manage, :employees, :includes => :increase_salary
     end
 
-For more complex use cases, authorizations need to be based on attributes.  Note 
+For more complex use cases, authorizations need to be based on attributes.  Note
 that you then also need to set :attribute_check => true in controllers for filter_access_to.
-E.g. if a branch admin should manage only employees of his branch (see 
+E.g. if a branch admin should manage only employees of his branch (see
 Authorization::Reader in the API docs for a full list of available operators):
 
     authorization do
@@ -454,14 +454,12 @@ setup and assume certain identities for tests:
         without_access_control do
           Employee.create(...)
         end
-        assert_nothing_raised do
-          with_user(admin) do
-            Employee.find(:first)
-          end
+        with_user(admin) do
+          Employee.find(:first)
         end
       end
     end
-    
+
 Or, with RSpec, it would work like this:
 
   describe Employee do
@@ -484,29 +482,16 @@ See Authorization::TestHelper for more information.
 
 
 = Installation of declarative_authorization
-
-One of three options to install the plugin:
-* Install by Gem:  Add to your environment.rb in the initializer block:
-    config.gem "declarative_authorization"
-  Note: you need gemcutter support in place, i.e. call
-    gem install gemcutter
-    gem tumble
-  And call from your application's root directory
-    rake gems:install
-* Alternativelyi, in Rails 2, to install from github, execute in your application's root directory
-    cd vendor/plugins && git clone git://github.com/stffn/declarative_authorization.git
-
-Then, 
-* provide the requirements as noted below, 
-* create a basic config/authorization_rules.rb--you might want to take the 
-  provided example authorization_rules.dist.rb in the plugin root as a starting 
-  point, 
+* provide the requirements as noted below,
+* create a basic config/authorization_rules.rb--you might want to take the
+  provided example authorization_rules.dist.rb in the plugin root as a starting
+  point,
 * add +filter_access_to+, +permitted_to+? and model security as needed.
 
 == Providing the Plugin's Requirements
 The requirements are
-* Rails >= 2.2, including 3 and Ruby >= 1.8.6, including 1.9
-* An authentication mechanism 
+* Rails >= 4.1 Ruby >= 2.2
+* An authentication mechanism
 * A user object returned by Controller#current_user
 * An array of role symbols returned by User#role_symbols
 * (For model security) Setting Authorization.current_user to the request's user
@@ -519,18 +504,18 @@ restful_authentication.
    cd ../.. && ruby script/generate authenticated user sessions
 * Move "include AuthenticatedSystem" to ApplicationController
 * Add +filter_access_to+ calls as described above.
-* If you'd like to use model security, add a before_filter that sets the user 
+* If you'd like to use model security, add a before_action that sets the user
   globally to your ApplicationController.  This is thread-safe.
-   before_filter :set_current_user
+   before_action :set_current_user
    protected
    def set_current_user
      Authorization.current_user = current_user
    end
 
 * Add roles field to the User model through a :+has_many+ association
-  (this is just one possible approach; you could just as easily use 
+  (this is just one possible approach; you could just as easily use
   :+has_many+ :+through+ or a serialized roles array):
-  * create a migration for table roles 
+  * create a migration for table roles
      class CreateRoles < ActiveRecord::Migration
        def self.up
          create_table "roles" do |t|
@@ -549,7 +534,7 @@ restful_authentication.
        belongs_to :user
      end
 
-  * add +has_many+ :+roles+ to the User model and a roles method that returns the roles 
+  * add +has_many+ :+roles+ to the User model and a roles method that returns the roles
     as an Array of Symbols, e.g.
      class User < ActiveRecord::Base
        has_many :roles
@@ -591,8 +576,8 @@ the following lines to your authorization_rules.rb for the appropriate role:
 Then, point your browser to
   http://localhost/authorization_rules
 
-The browser needs Rails 2.3 (for Engine support).  The graphical view requires 
-Graphviz (which e.g. can be installed through the graphviz package under Debian 
+The browser needs Rails 2.3 (for Engine support).  The graphical view requires
+Graphviz (which e.g. can be installed through the graphviz package under Debian
 and Ubuntu) and has only been tested under Linux.  Note: for Change Support
 you'll need to have a User#login method that returns a non-ambiguous user
 name for identification.
@@ -601,7 +586,7 @@ name for identification.
 = Help and Contact
 
 We have an issue tracker[http://github.com/stffn/declarative_authorization/issues]
-for bugs and feature requests as well as a 
+for bugs and feature requests as well as a
 Google Group[http://groups.google.com/group/declarative_authorization] for
 discussions on the usage of the plugin.  You are very welcome to contribute.
 Just fork the git repository and create a new issue, send a pull request or

Rakefile

@@ -3,9 +3,9 @@ require 'rake/testtask'
 require 'rdoc/task'
 
 desc 'Default: run unit tests against all versions.'
-task :default => 'bundles:test'
+task default: 'bundles:test'
 
-def run_for_bundles cmd
+def run_for_bundles(cmd)
   Dir['gemfiles/*.gemfile'].each do |gemfile|
     puts "\n#{gemfile}: #{cmd}"
     ENV['BUNDLE_GEMFILE'] = gemfile
@@ -47,7 +47,7 @@ if File.directory?(File.join(File.dirname(__FILE__), 'garlic'))
   require File.join(File.dirname(__FILE__), 'garlic')
 end
 
-desc "clone the garlic repo (for running ci tasks)"
+desc 'clone the garlic repo (for running ci tasks)'
 task :get_garlic do
-  sh "git clone git://github.com/ianwhite/garlic.git garlic"
+  sh 'git clone git://github.com/ianwhite/garlic.git garlic'
 end

Readme.md

@@ -0,0 +1,16 @@
+Original docs: [https://github.com/stffn/declarative_authorization/blob/master/README.rdoc](https://github.com/stffn/declarative_authorization/blob/master/README.rdoc)
+
+Extends Declarative Authorization with Rails 5.2 and Ruby 2.5 support, aiming for backwards compatibility as far as Rails 4.2 and Ruby 2.2 on a best-effort basis.
+
+Branch r5: [![Build Status](https://travis-ci.org/Xymist/declarative_authorization.svg?branch=r5)](https://travis-ci.org/Xymist/declarative_authorization)
+
+### Running tests for DA
+
+```
+cp gemfiles/{RAILS_VERSION}.gemfile Gemfile
+bundle
+
+bundle exec rake test
+```
+
+