adva-user 0.0.9 → 0.0.13

data/app/controllers/admin/base_controller_slice.rb

@@ -1,5 +1,5 @@
-require 'admin/base_controller'
-
-Admin::BaseController.class_eval do
+Adva.slice 'admin/base_controller#adva-user' do
   before_filter :authenticate_user!
+  require 'adva_user/authorization'
+  include AdvaUser::Authorization
 end

data/app/controllers/user/registrations_controller.rb

@@ -1,3 +1,13 @@
 class User::RegistrationsController < Devise::RegistrationsController
   layout 'user'
+
+  protected
+
+    def after_inactive_sign_up_path_for(resource)
+      if resource.is_a?(User)
+        params[:return_to] || new_user_session_path
+      else
+        raise "unknown resource: #{resource}"
+      end
+    end
 end

data/app/controllers/user/sessions_controller.rb

@@ -2,6 +2,6 @@ class User::SessionsController < Devise::SessionsController
   layout 'user'
 
   def after_sign_in_path_for(resource)
-    params[:return_to] || '/'
+    params[:return_to] || super
   end
 end

data/app/models/user.rb

@@ -9,4 +9,8 @@ class User < ActiveRecord::Base
   def roles
     read_attribute(:roles) || []
   end
+
+  def admin?
+    roles.include?('admin')
+  end
 end

data/app/views/user/confirmations/new.html.rb

@@ -6,6 +6,7 @@ class User::Confirmations::New < User::Form
     end
 
     def fields
+      super
       form.input :email
     end
 
@@ -13,4 +14,4 @@ class User::Confirmations::New < User::Form
       [resource, { :as => resource_name, :url => confirmation_path(resource_name) }]
     end
   end
-end
+end

data/app/views/user/form.rb

@@ -48,8 +48,8 @@ class User::Form < Adva::View::Form
       capture { link_to(:'user.links.sign_in', new_session_path(resource_name), :class => :sign_in) }
     end
 
-    def sign_up_link
-      capture { link_to(:'user.links.sign_up', new_registration_path(resource_name), :class => :sign_up) }
+    def sign_up_link(options={}, html_options={})
+      capture { link_to(:'user.links.sign_up', new_registration_path(resource_name, options), { :class => :sign_up }.merge(html_options)) }
     end
 
     def forgot_password_link

data/app/views/user/passwords/edit.html.rb

@@ -6,6 +6,7 @@ class User::Passwords::Edit < User::Form
     end
 
     def fields
+      super
       form.hidden_field :reset_password_token
       form.input :password
       form.input :password_confirmation
@@ -15,4 +16,4 @@ class User::Passwords::Edit < User::Form
       [resource, { :as => resource_name, :url => password_path(resource_name), :html => { :method => :put } }]
     end
   end
-end
+end

data/app/views/user/registrations/new.html.rb

@@ -6,13 +6,15 @@ class User::Registrations::New < User::Form
     end
 
     def fields
+      super
+      pass_return_to
       form.input :email
       form.input :password
-      form.input :password_confirmation
+      form.input :password_confirmation, :required => true
     end
 
     def form_arguments
       [resource, { :as => resource_name, :url => registration_path(resource_name) }]
     end
   end
-end
+end

data/app/views/user/sessions/new.html.rb

@@ -6,6 +6,7 @@ class User::Sessions::New < User::Form
     end
 
     def fields
+      super
       pass_return_to
       form.input :email
       form.input :password

data/app/views/user/unlocks/new.html.rb

@@ -6,6 +6,7 @@ class User::Unlocks::New < User::Form
     end
 
     def fields
+      super
       form.input :email
     end
 
@@ -13,4 +14,4 @@ class User::Unlocks::New < User::Form
       [resource, { :as => resource_name, :url => unlock_path(resource_name) }]
     end
   end
-end
+end

data/config/locales/en.yml

@@ -59,7 +59,9 @@ en:
       send_instructions: 'You will receive an email with instructions about how to confirm your account in a few minutes.'
       confirmed: 'Your account was successfully confirmed. You are now signed in.'
     registrations:
+      inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}. A confirmation was sent to your e-mail.'
       signed_up: 'You have signed up successfully. A confirmation was sent to your e-mail.'
+      inactive_signed_up: 'You have signed up successfully. However, we could not sign you in because your account is %{reason}. A confirmation was sent to your e-mail.'
       updated: 'You updated your account successfully.'
       destroyed: 'Bye! Your account was successfully cancelled. We hope to see you again soon.'
     unlocks:
@@ -85,3 +87,6 @@ en:
         sign_in: Sign in
         sign_up: Sign up
         sign_out: Sign out %{user}
+  flash:
+    admin:
+      access_denied: "Access Denied"

data/lib/adva/user.rb

@@ -7,14 +7,15 @@ module Adva
 
     # TODO [config] should probably happen in the client app
     # for more devise options see http://bit.ly/bwxrGg
-    initializer 'adva-user.devise_setup' do |app|
+    initializer 'adva-user.devise_setup', :before => 'action_mailer.set_configs' do |app|
 
       # FIXME [config]
-      app.config.action_mailer.default_url_options = { :host => 'www.example.com' }
+      app.config.action_mailer.default_url_options ||= {}
+      app.config.action_mailer.default_url_options.reverse_merge!({ :host => 'www.example.com' })
 
       Devise.setup do |config|
         require 'devise/orm/active_record'
-        config.mailer_sender   = 'please-change-me@config-initializers-devise.com'
+        config.mailer_sender   ||= 'please-change-me@config-initializers-devise.com'
         config.encryptor       = :bcrypt
         config.password_length = 5..20
       end

data/lib/adva_user/authorization.rb

@@ -0,0 +1,15 @@
+module AdvaUser
+  module Authorization
+    def self.included(controller)
+      controller.class_eval do
+        before_filter :authorize_user!
+      end
+    end
+
+    def authorize_user!
+      unless current_user.admin?
+        redirect_to root_url, :flash => {:alert => I18n.translate('flash.admin.access_denied')}
+      end
+    end
+  end
+end

data/lib/adva_user/version.rb

@@ -1,3 +1,3 @@
 module AdvaUser
-  VERSION = "0.0.9"
+  VERSION = "0.0.13"
 end

data/lib/testing/factories.rb

@@ -1,11 +1,14 @@
+Factory::DefaultPassword = 'secret'
+
 Factory.define :user, :class => User do |f|
   f.sequence(:email) { |n| "user-#{n}@example.com" }
-  f.password 'password'
+  f.password Factory::DefaultPassword
   f.after_build  { |user| User.deactivate_callbacks }
   f.after_create { |user| user.confirm!; User.activate_callbacks }
 end
 
 Factory.define :admin, :parent => :user do |f|
+  # FIXME should be possible to create more than one admin
   f.email { User.find_by_email('admin@admin.org') ? 'admin-2@admin.org' : 'admin@admin.org' }
-  f.password 'admin!'
+  f.roles %w(admin)
 end

data/lib/testing/step_definitions.rb

@@ -1,16 +1,9 @@
-Given /^I am signed in with "([^"]*)" and "([^"]*)"$/ do |email, password|
-  post user_session_path, :user => { :email => email, :password => password }
-  @user = User.find_by_email(email)
-end
-
-# This step should only be used for testing the login itself (login.feature)
-# Please, use the step 'Given I am signed in with "admin@admin.org" and "admin!"' in all
-# other features for performance reasons.
-Given /^I sign in with "([^"]*)" and "([^"]*)"$/ do |email, password|
-  get new_user_session_path
-  fill_in 'Email', :with => email
-  fill_in 'Password', :with => password
-  click_button 'Sign in'
+Given /^I (?:am signed|sign) in with "([^"]*)" and "([^"]*)"$/ do |email, password|
+  Given %Q~I am on the sign in page~
+  # use ids to be flexible about label changes
+   When %Q~I fill in "user_email" with "#{email}"~
+    And %Q~I fill in "user_password" with "#{password}"~
+    And %Q~I press "Sign in"~
   @user = User.find_by_email(email)
 end
 
@@ -23,3 +16,20 @@ Then 'I should be signed in' do
   When 'I go to the sign in page'
   Then 'I should be on the homepage'
 end
+
+# Two ways to use:
+#  Given I am logged in as admin
+#    => created the admin and login
+#  Given a user "Peter" exists with email: "peter-lustig@example.com"
+#    And I am logged in as the user "Peter"
+#    => uses the prepared user to log in
+#
+# Please set the passwort if the user only for auth tests
+Given /^I (?:am signed|sign) in as #{capture_model}$/ do |user|
+  unless user.include?('the') || user.include?('"')
+    Given %{#{user} exists}
+  end
+  user = model!(user)
+  And %Q~I am signed in with "#{user.email}" and "#{Factory::DefaultPassword}"~
+end
+

metadata

@@ -1,23 +1,27 @@
 --- !ruby/object:Gem::Specification 
 name: adva-user
 version: !ruby/object:Gem::Version 
-  hash: 13
+  hash: 5
   prerelease: 
   segments: 
   - 0
   - 0
-  - 9
-  version: 0.0.9
+  - 13
+  version: 0.0.13
 platform: ruby
 authors: 
-- Ingo Weiss
 - Sven Fuchs
+- Ingo Weiss
+- Raphaela Wrede
+- Matthias Viehweger
+- Niklas Hofer
+- Chris Floess
+- Johannes Strampe
 autorequire: 
 bindir: bin
 cert_chain: []
 
-date: 2011-02-28 00:00:00 +01:00
-default_executable: 
+date: 2011-07-29 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: adva-core
@@ -41,15 +45,15 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 23
+        hash: 19
         segments: 
         - 1
-        - 1
-        - 2
-        version: 1.1.2
+        - 3
+        - 4
+        version: 1.3.4
   type: :runtime
   version_requirements: *id002
-description: User engine for adva-cms2
+description: User engine for adva-cms2.
 email: nobody@adva-cms.org
 executables: []
 
@@ -58,38 +62,38 @@ extensions: []
 extra_rdoc_files: []
 
 files: 
+- app/controllers/admin/base_controller_slice.rb
+- app/controllers/installations_controller_slice.rb
+- app/controllers/user/confirmations_controller.rb
 - app/controllers/user/passwords_controller.rb
+- app/controllers/user/registrations_controller.rb
 - app/controllers/user/sessions_controller.rb
 - app/controllers/user/unlocks_controller.rb
-- app/controllers/user/confirmations_controller.rb
-- app/controllers/user/registrations_controller.rb
-- app/controllers/installations_controller_slice.rb
-- app/controllers/admin/base_controller_slice.rb
-- app/views/layouts/user.rb
+- app/models/account_slice.rb
+- app/models/user.rb
 - app/views/layouts/admin/_header_slice.rb
-- app/views/user/unlocks/new.html.rb
-- app/views/user/sessions/new.html.rb
+- app/views/layouts/user.rb
+- app/views/mailer/confirmation_instructions.html.erb
+- app/views/mailer/reset_password_instructions.html.erb
+- app/views/mailer/unlock_instructions.html.erb
+- app/views/user/confirmations/new.html.rb
+- app/views/user/form.rb
 - app/views/user/passwords/edit.html.rb
 - app/views/user/passwords/new.html.rb
-- app/views/user/form.rb
-- app/views/user/confirmations/new.html.rb
 - app/views/user/registrations/edit.html.rb
 - app/views/user/registrations/new.html.rb
-- app/views/mailer/confirmation_instructions.html.erb
-- app/views/mailer/unlock_instructions.html.erb
-- app/views/mailer/reset_password_instructions.html.erb
-- app/models/user.rb
-- app/models/account_slice.rb
-- config/routes.rb
+- app/views/user/sessions/new.html.rb
+- app/views/user/unlocks/new.html.rb
 - config/locales/en.yml
+- config/routes.rb
+- lib/adva/user.rb
 - lib/adva-user.rb
+- lib/adva_user/authorization.rb
 - lib/adva_user/version.rb
-- lib/adva/user.rb
 - lib/testing/factories.rb
 - lib/testing/paths.rb
 - lib/testing/step_definitions.rb
 - public/stylesheets/adva-user/user.css
-has_rdoc: true
 homepage: http://github.com/svenfuchs/adva-cms2
 licenses: []
 
@@ -119,7 +123,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: "[none]"
-rubygems_version: 1.4.2
+rubygems_version: 1.8.6
 signing_key: 
 specification_version: 3
 summary: User engine for adva-cms2