aaf-gumboot 1.0.0.pre.alpha.2

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,64 @@
+class ApplicationController < ActionController::Base
+  Forbidden = Class.new(StandardError)
+  private_constant :Forbidden
+  rescue_from Forbidden, with: :forbidden
+
+  Unauthorized = Class.new(StandardError)
+  private_constant :Unauthorized
+  rescue_from Unauthorized, with: :unauthorized
+
+  protect_from_forgery with: :exception
+  before_action :ensure_authenticated
+  after_action :ensure_access_checked
+
+  def subject
+    subject = session[:subject_id] && Subject.find_by_id(session[:subject_id])
+    return nil unless subject.try(:functioning?)
+    @subject = subject
+  end
+
+  protected
+
+  def ensure_authenticated
+    return force_authentication unless session[:subject_id]
+
+    @subject = Subject.find_by(id: session[:subject_id])
+    raise(Unauthorized, 'Subject invalid') unless @subject
+    raise(Unauthorized, 'Subject not functional') unless @subject.functioning?
+  end
+
+  def ensure_access_checked
+    return if @access_checked
+
+    method = "#{self.class.name}##{params[:action]}"
+    raise("No access control performed by #{method}")
+  end
+
+  def check_access!(action)
+    raise(Forbidden) unless subject.permits?(action)
+    @access_checked = true
+  end
+
+  def public_action
+    @access_checked = true
+  end
+
+  def unauthorized
+    reset_session
+    render 'dynamic_errors/unauthorized',
+           status: :unauthorized,
+           layout: 'application'
+  end
+
+  def forbidden
+    render 'dynamic_errors/forbidden',
+           status: :forbidden,
+           layout: 'application'
+  end
+
+  def force_authentication
+    session[:return_url] = request.url if request.get?
+
+    redirect_to('/auth/login')
+  end
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/dummy/app/models/api_subject.rb

@@ -0,0 +1,23 @@
+require 'accession'
+
+class APISubject < ActiveRecord::Base
+  include Accession::Principal
+
+  has_many :api_subject_roles
+  has_many :roles, through: :api_subject_roles
+
+  valhammer
+  validates :x509_cn, format: { with: /\A[\w-]+\z/ }
+
+  def permissions
+    # This could be extended to gather permissions from
+    # other data sources providing input to api_subject identity
+    roles.joins(:permissions).pluck('permissions.value')
+  end
+
+  def functioning?
+    # more than enabled? could inform functioning?
+    # such as an administrative or AAF lock
+    enabled?
+  end
+end

data/spec/dummy/app/models/api_subject_role.rb

@@ -0,0 +1,6 @@
+class APISubjectRole < ActiveRecord::Base
+  belongs_to :api_subject
+  belongs_to :role
+
+  validates :api_subject, :role, presence: true
+end

data/spec/dummy/app/models/permission.rb

@@ -0,0 +1,7 @@
+class Permission < ActiveRecord::Base
+  belongs_to :role
+
+  valhammer
+
+  validates :value, format: Accession::Permission.regexp
+end

data/spec/dummy/app/models/role.rb

@@ -0,0 +1,11 @@
+class Role < ActiveRecord::Base
+  has_many :api_subject_roles
+  has_many :api_subjects, through: :api_subject_roles
+
+  has_many :subject_roles
+  has_many :subjects, through: :subject_roles
+
+  has_many :permissions
+
+  valhammer
+end

data/spec/dummy/app/models/subject.rb

@@ -0,0 +1,20 @@
+class Subject < ActiveRecord::Base
+  include Accession::Principal
+
+  has_many :subject_roles
+  has_many :roles, through: :subject_roles
+
+  valhammer
+
+  def permissions
+    # This could be extended to gather permissions from
+    # other data sources providing input to subject identity
+    roles.joins(:permissions).pluck('permissions.value')
+  end
+
+  def functioning?
+    # more than enabled? could inform functioning?
+    # such as an administrative or AAF lock
+    enabled?
+  end
+end

data/spec/dummy/app/models/subject_role.rb

@@ -0,0 +1,6 @@
+class SubjectRole < ActiveRecord::Base
+  belongs_to :subject
+  belongs_to :role
+
+  validates :subject, :role, presence: true
+end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    'application', media: 'all', 'data-turbolinks-track' => true %>
+  <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/bin/bundle

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+load Gem.bin_path('bundler', 'bundle')

data/spec/dummy/bin/rails

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+APP_PATH = File.expand_path('../../config/application', __FILE__)
+require_relative '../config/boot'
+require 'rails/commands'

data/spec/dummy/bin/rake

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require_relative '../config/boot'
+require 'rake'
+Rake.application.run

data/spec/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment', __FILE__)
+run Rails.application

data/spec/dummy/config/application.rb

@@ -0,0 +1,18 @@
+require File.expand_path('../boot', __FILE__)
+
+# Pick the frameworks you want:
+require 'active_record/railtie'
+require 'action_controller/railtie'
+require 'action_mailer/railtie'
+require 'action_view/railtie'
+require 'sprockets/railtie'
+# require "rails/test_unit/railtie"
+
+require 'valhammer'
+
+Bundler.require(*Rails.groups)
+
+module Dummy
+  class Application < Rails::Application
+  end
+end

data/spec/dummy/config/boot.rb

@@ -0,0 +1,5 @@
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])
+$LOAD_PATH.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/database.yml

@@ -0,0 +1,5 @@
+test:
+  adapter: sqlite3
+  pool: 1
+  timeout: 5000
+  database: ':memory:'

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require File.expand_path('../application', __FILE__)
+
+# Initialize the Rails application.
+Rails.application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,32 @@
+Rails.application.configure do
+  config.cache_classes = false
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send.
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise an error on page load if there are pending migrations.
+  config.active_record.migration_error = :page_load
+
+  # Debug mode disables concatenation and preprocessing of assets.
+  # This option may cause significant delays in view rendering with a large
+  # number of complex assets.
+  config.assets.debug = true
+
+  # Adds additional error checking when serving assets at runtime.
+  # Checks for improperly declared sprockets dependencies.
+  # Raises helpful error messages.
+  config.assets.raise_runtime_errors = true
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+end

data/spec/dummy/config/environments/production.rb

@@ -0,0 +1,37 @@
+Rails.application.configure do
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS.
+  config.assets.js_compressor = :uglifier
+  # config.assets.css_compressor = :sass
+
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
+  config.assets.compile = false
+
+  # Generate digests for assets URLs.
+  config.assets.digest = true
+
+  config.log_level = :info
+
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  config.log_formatter = ::Logger::Formatter.new
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
+end

data/spec/dummy/config/environments/test.rb

@@ -0,0 +1,33 @@
+Rails.application.configure do
+  config.cache_classes = true
+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+
+  # Configure static asset server for tests with Cache-Control for performance.
+  config.serve_static_assets  = true
+  config.static_cache_control = 'public, max-age=3600'
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates.
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Print deprecation notices to the stderr.
+  config.active_support.deprecation = :stderr
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+end

data/spec/dummy/config/initializers/assets.rb

@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Version of your assets, change this if you want to expire all your assets.
+Rails.application.config.assets.version = '1.0'

data/spec/dummy/config/initializers/cookies_serializer.rb

@@ -0,0 +1,3 @@
+# Be sure to restart your server when you modify this file.
+
+Rails.application.config.action_dispatch.cookies_serializer = :json

data/spec/dummy/config/initializers/filter_parameter_logging.rb

@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Configure sensitive parameters which will be filtered from the log file.
+Rails.application.config.filter_parameters += [:password]

data/spec/dummy/config/initializers/inflections.rb

@@ -0,0 +1,15 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+
+ActiveSupport::Inflector.inflections(:en) do |inflect|
+  inflect.acronym 'API'
+end

data/spec/dummy/config/initializers/mime_types.rb

@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf

data/spec/dummy/config/initializers/session_store.rb

@@ -0,0 +1,3 @@
+# Be sure to restart your server when you modify this file.
+
+Rails.application.config.session_store :cookie_store, key: '_dummy_session'

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -0,0 +1,9 @@
+
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
+end
+
+# To enable root element in JSON for ActiveRecord objects.
+# ActiveSupport.on_load(:active_record) do
+#  self.include_root_in_json = true
+# end

data/spec/dummy/config/locales/en.yml

@@ -0,0 +1,23 @@
+# Files in the config/locales directory are used for internationalization
+# and are automatically loaded by Rails. If you want to use locales other
+# than English, add the necessary files in this directory.
+#
+# To use the locales, use `I18n.t`:
+#
+#     I18n.t 'hello'
+#
+# In views, this is aliased to just `t`:
+#
+#     <%= t('hello') %>
+#
+# To use a different locale, set it with `I18n.locale`:
+#
+#     I18n.locale = :es
+#
+# This would use the information in config/locales/es.yml.
+#
+# To learn more, please read the Rails Internationalization guide
+# available at http://guides.rubyonrails.org/i18n.html.
+
+en:
+  hello: "Hello world"