alberich 0.2.0

data/db/migrate/20121022223626_create_alberich_privileges.rb

@@ -0,0 +1,12 @@
+class CreateAlberichPrivileges < ActiveRecord::Migration
+  def change
+    create_table :alberich_privileges do |t|
+      t.integer :role_id,      :null => false
+      t.string :target_type,   :null => false
+      t.string :action,        :null => false
+
+      t.integer :lock_version, :default => 0
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20121023051301_create_alberich_base_permission_objects.rb

@@ -0,0 +1,9 @@
+class CreateAlberichBasePermissionObjects < ActiveRecord::Migration
+  def change
+    create_table :alberich_base_permission_objects do |t|
+      t.string  :name, :null => false
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20121023233648_create_alberich_permission_sessions.rb

@@ -0,0 +1,11 @@
+class CreateAlberichPermissionSessions < ActiveRecord::Migration
+  def change
+    create_table :alberich_permission_sessions do |t|
+      t.integer :user_id, :null => false
+      t.string :session_id, :null => false
+      t.integer :lock_version, :default => 0
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20121027023136_create_alberich_entities.rb

@@ -0,0 +1,34 @@
+class CreateAlberichEntities < ActiveRecord::Migration
+  class Alberich::Entity < ActiveRecord::Base; end
+
+  def up
+    create_table :alberich_entities do |t|
+      t.string :name
+      t.references :entity_target, :polymorphic => true, :null => false
+
+      t.integer :lock_version, :default => 0
+      t.timestamps
+    end
+    if Alberich.user_class.constantize.table_exists?
+      Alberich.user_class.constantize.all.each do |u|
+        unless u.entity
+          entity = Entity.new(:entity_target => u)
+          entity.name = u.to_s
+          entity.save!
+        end
+      end
+    end
+    if Alberich.user_group_class.constantize.table_exists?
+      Alberich.user_group_class.constantize.all.each do |ug|
+        unless ug.entity
+          entity = Entity.new(:entity_target => ug)
+          entity.name = ug.to_s
+          entity.save!
+        end
+      end
+    end
+  end
+  def down
+    drop_table :alberich_entities
+  end
+end

data/db/migrate/20121204205213_create_alberich_session_entities.rb

@@ -0,0 +1,12 @@
+class CreateAlberichSessionEntities < ActiveRecord::Migration
+  def change
+    create_table :alberich_session_entities do |t|
+      t.integer :user_id, :null => false
+      t.integer :entity_id, :null => false
+      t.integer :permission_session_id, :null => false
+      t.integer :lock_version, :default => 0
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20121205180518_create_alberich_permissions.rb

@@ -0,0 +1,13 @@
+class CreateAlberichPermissions < ActiveRecord::Migration
+  def change
+    create_table :alberich_permissions do |t|
+      t.integer :role_id, :null => false
+      t.integer :entity_id, :null => false
+      t.integer :permission_object_id
+      t.string  :permission_object_type
+      t.integer :lock_version, :default => 0
+
+      t.timestamps
+    end
+  end
+end

data/db/migrate/20130107043252_create_alberich_derived_permissions.rb

@@ -0,0 +1,18 @@
+class CreateAlberichDerivedPermissions < ActiveRecord::Migration
+  def change
+    create_table :alberich_derived_permissions do |t|
+      t.integer :permission_id, :null => false
+      t.integer :role_id, :null => false
+      t.integer :entity_id, :null => false
+      t.integer  :permission_object_id
+      t.string   :permission_object_type
+      t.integer :lock_version, :default => 0
+
+      t.timestamps
+    end
+    add_index :alberich_derived_permissions, :permission_id
+    add_index :alberich_derived_permissions,
+      [:permission_object_id, :permission_object_type],
+      :name => 'index_alberich_derived_permissions_on_perm_obj'
+  end
+end

data/lib/alberich.rb

@@ -0,0 +1,10 @@
+require "alberich/engine"
+
+module Alberich
+  mattr_accessor :user_class
+  mattr_accessor :groups_for_user_method
+  mattr_accessor :user_group_class
+  mattr_accessor :permissioned_object_classes
+  mattr_accessor :additional_privilege_scopes
+  mattr_accessor :require_user_method
+end

data/lib/alberich/#version.rb#

@@ -0,0 +1,3 @@
+module Alberich
+  VERSION = "0.2a.0"
+end

data/lib/alberich/engine.rb

@@ -0,0 +1,10 @@
+module Alberich
+  class Engine < ::Rails::Engine
+    isolate_namespace Alberich
+    config.generators do |g|
+      g.test_framework :rspec, :view_specs => false
+      g.template_engine :haml
+    end
+    config.active_record.observers = "alberich::Entity_target_observer"
+  end
+end

data/lib/alberich/version.rb

@@ -0,0 +1,3 @@
+module Alberich
+  VERSION = "0.2.0"
+end

data/lib/generators/alberich/install_generator.rb

@@ -0,0 +1,15 @@
+require 'rails/generators'
+
+module Alberich
+  class InstallGenerator < Rails::Generators::Base
+    desc "Copy Alberich default files"
+    source_root File.expand_path('../templates', __FILE__)
+
+    def copy_config
+      copy_file "alberich.rb", "config/initializers/alberich.rb"
+    end
+    def show_readme
+      readme 'README' if behavior == :invoke
+    end
+  end
+end

data/lib/generators/alberich/templates/README

@@ -0,0 +1,6 @@
+See the newly installed alberich.rb in your initializers directory for
+default settings.
+
+As an example. you can choose different classes for Alberich to hook
+into for user and user group, just specify those
+classes here.

data/lib/generators/alberich/templates/alberich.rb

@@ -0,0 +1,11 @@
+Alberich.user_class = "User"
+Alberich.groups_for_user_method = "all_groups"
+Alberich.user_group_class = "UserGroup"
+Alberich.permissioned_object_classes = []
+Alberich.additional_privilege_scopes = []
+
+Alberich.require_user_method = "require_user"
+
+ActiveSupport.on_load(:action_controller) do
+  ActionController::Base.send(:include, Alberich::ApplicationControllerHelper)
+end

data/lib/tasks/alberich_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :alberich do
+#   # Task goes here
+# end

data/spec/controllers/alberich/permissions_controller_spec.rb

@@ -0,0 +1,112 @@
+require 'spec_helper'
+
+module Alberich
+  describe PermissionsController do
+
+    before(:each) do
+      @admin_permission = FactoryGirl.create(:admin_permission)
+      @admin = @admin_permission.user
+      mock_warden(@admin)
+
+      @permission = FactoryGirl.create(:global_permission)
+    end
+
+    describe "GET index" do
+      it "assigns all permissions as @permissions" do
+        get :index, {}
+        assigns(:permissions).should include(@permission)
+      end
+    end
+
+    describe "POST create" do
+      describe "with valid params" do
+        it "creates a new Permission" do
+          expect {
+            post :create, {:entity_role_selected =>
+              [[Entity.for_target(FactoryGirl.create(:user)).id,
+                FactoryGirl.create(:role).id].join(",")]}
+          }.to change(Permission, :count).by(1)
+        end
+
+        it "redirects to index for global permission" do
+          post :create, {:entity_role_selected =>
+            [[Entity.for_target(FactoryGirl.create(:user)).id,
+              FactoryGirl.create(:role).id].join(",")]}
+          response.should redirect_to(permissions_path(:return_from_permission_change => true))
+        end
+      end
+
+      describe "with invalid params" do
+        it "shows proper error message" do
+          # Trigger the behavior that occurs when invalid params are submitted
+          Permission.any_instance.stub(:save).and_return(false)
+          post :create, {:entity_role_selected => []}
+          flash[:error].should eq("No users or groups selected")
+        end
+      end
+    end
+
+    describe "PUT update" do
+      describe "with valid params" do
+        it "updates the requested permission" do
+          # Assuming there are no other permissions in the database, this
+          # specifies that the Permission created on the previous line
+          # receives the :update_attributes message with whatever params are
+          # submitted in the request.
+          old_role = @permission.role
+          new_role = FactoryGirl.create(:role)
+          @permission.role.should eq(old_role)
+          put :multi_update, {:permission_role_selected =>
+            [[@permission.id,
+              new_role.id].join(",")]}
+          @permission.reload
+          @permission.role.should eq(new_role)
+        end
+
+        it "redirects to the index for global permissions" do
+          put :multi_update, {:permission_role_selected =>
+            [[@permission.id,
+              FactoryGirl.create(:role).id].join(",")]}
+          response.should redirect_to(permissions_path(:return_from_permission_change => true))
+        end
+
+      end
+
+      describe "with invalid params" do
+        it "assigns the permission as @permission" do
+          # Trigger the behavior that occurs when invalid params are submitted
+          permission2 = FactoryGirl.create(:global_permission, :entity => @permission.entity)
+          permission2.entity.should eq(@permission.entity)
+          permission2.permission_object.should eq(@permission.permission_object)
+          Permission.any_instance.stub(:save).and_return(false)
+          put :multi_update, {:permission_role_selected =>
+            ["#{@permission.id},#{permission2.role.id}"]}
+          flash[:error].should include("Could not add")
+        end
+
+        it "returns to index for global permission" do
+          permission2 = FactoryGirl.create(:global_permission, :entity => @permission.entity)
+          permission2.entity.should eq(@permission.entity)
+          permission2.permission_object.should eq(@permission.permission_object)
+          Permission.any_instance.stub(:save).and_return(false)
+          put :multi_update, {:permission_role_selected =>
+            ["#{@permission.id},#{permission2.role.id}"]}
+          response.should redirect_to(permissions_path(:return_from_permission_change => true))
+        end
+      end
+    end
+
+    describe "DELETE destroy" do
+      it "destroys the requested permission" do
+        expect {
+          delete :multi_destroy, {:permission_selected => [@permission.to_param]}
+        }.to change(Permission, :count).by(-1)
+      end
+
+      it "redirects to the permissions list" do
+        delete :multi_destroy, {:permission_selected => [@permission.to_param]}
+        response.should redirect_to(permissions_path(:return_from_permission_change => true))
+      end
+    end
+  end
+end

data/spec/controllers/alberich/privileges_controller_spec.rb

@@ -0,0 +1,131 @@
+require 'spec_helper'
+
+module Alberich
+  describe PrivilegesController do
+
+    before(:each) do
+      @role = FactoryGirl.create(:role)
+      @privilege = FactoryGirl.create(:privilege, :role_id => @role.id)
+      @admin_permission = FactoryGirl.create(:admin_permission)
+      @admin = @admin_permission.user
+      mock_warden(@admin)
+    end
+
+    describe "GET index" do
+      it "assigns all privileges as @privileges" do
+        get :index, {}
+        assigns(:privileges).should include(@privilege)
+      end
+    end
+
+    describe "GET show" do
+      it "assigns the requested privilege as @privilege" do
+        get :show, {:id => @privilege.to_param}
+        assigns(:privilege).should eq(@privilege)
+      end
+    end
+
+    describe "GET new" do
+      it "assigns a new privilege as @privilege" do
+        get :new, {}
+        assigns(:privilege).should be_a_new(Privilege)
+      end
+    end
+
+    describe "GET edit" do
+      it "assigns the requested privilege as @privilege" do
+        get :edit, {:id => @privilege.to_param}
+        assigns(:privilege).should eq(@privilege)
+      end
+    end
+
+    describe "POST create" do
+      describe "with valid params" do
+        it "creates a new Privilege" do
+          expect {
+            post :create, {:privilege => FactoryGirl.attributes_for(:privilege, :role_id => @role.id, :action => "modify").symbolize_keys}
+          }.to change(Privilege, :count).by(1)
+        end
+
+        it "assigns a newly created privilege as @privilege" do
+          post :create, {:privilege => FactoryGirl.attributes_for(:privilege, :role_id => @role.id, :action => "modify").symbolize_keys}
+          assigns(:privilege).should be_a(Privilege)
+          assigns(:privilege).should be_persisted
+        end
+
+        it "redirects to the created privilege" do
+          post :create, {:privilege => FactoryGirl.attributes_for(:privilege, :role_id => @role.id, :action => "modify").symbolize_keys}
+          response.should redirect_to(@role)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns a newly created but unsaved privilege as @privilege" do
+          # Trigger the behavior that occurs when invalid params are submitted
+          Privilege.any_instance.stub(:save).and_return(false)
+          post :create, {:privilege => {}}
+          assigns(:privilege).should be_a_new(Privilege)
+        end
+
+        it "re-renders the 'new' template" do
+          # Trigger the behavior that occurs when invalid params are submitted
+          Privilege.any_instance.stub(:save).and_return(false)
+          post :create, {:privilege => {}}
+          response.should render_template("new")
+        end
+      end
+    end
+
+    describe "PUT update" do
+      describe "with valid params" do
+        it "updates the requested privilege" do
+          # Assuming there are no other privileges in the database, this
+          # specifies that the Privilege created on the previous line
+          # receives the :update_attributes message with whatever params are
+          # submitted in the request.
+          Privilege.any_instance.should_receive(:update_attributes).with({'these' => 'params'})
+          put :update, {:id => @privilege.to_param, :privilege => {'these' => 'params'}}
+        end
+
+        it "assigns the requested privilege as @privilege" do
+          put :update, {:id => @privilege.to_param, :privilege => FactoryGirl.attributes_for(:privilege, :role_id => @role.id, :action => "modify").symbolize_keys}
+          assigns(:privilege).should eq(@privilege)
+        end
+
+        it "redirects to the privilege" do
+          put :update, {:id => @privilege.to_param, :privilege => FactoryGirl.attributes_for(:privilege, :role_id => @role.id, :action => "modify").symbolize_keys}
+          response.should redirect_to(@role)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns the privilege as @privilege" do
+          # Trigger the behavior that occurs when invalid params are submitted
+          Privilege.any_instance.stub(:save).and_return(false)
+          put :update, {:id => @privilege.to_param, :privilege => {}}
+          assigns(:privilege).should eq(@privilege)
+        end
+
+        it "re-renders the 'edit' template" do
+          # Trigger the behavior that occurs when invalid params are submitted
+          Privilege.any_instance.stub(:save).and_return(false)
+          put :update, {:id => @privilege.to_param, :privilege => {}}
+          response.should render_template("edit")
+        end
+      end
+    end
+
+    describe "DELETE destroy" do
+      it "destroys the requested privilege" do
+        expect {
+          delete :destroy, {:id => @privilege.to_param}
+        }.to change(Privilege, :count).by(-1)
+      end
+
+      it "redirects to the privileges list" do
+        delete :destroy, {:id => @privilege.to_param}
+        response.should redirect_to(@role)
+      end
+    end
+  end
+end

data/spec/controllers/alberich/roles_controller_spec.rb

@@ -0,0 +1,130 @@
+require 'spec_helper'
+
+module Alberich
+  describe RolesController do
+
+    before(:each) do
+      @role = FactoryGirl.create(:role)
+      @admin_permission = FactoryGirl.create(:admin_permission)
+      @admin = @admin_permission.user
+      mock_warden(@admin)
+    end
+
+    describe "GET index" do
+      it "assigns all roles as @roles" do
+        get :index, {}
+        assigns(:roles).should include(@role)
+      end
+    end
+
+    describe "GET show" do
+      it "assigns the requested role as @role" do
+        get :show, {:id => @role.to_param}
+        assigns(:role).should eq(@role)
+      end
+    end
+
+    describe "GET new" do
+      it "assigns a new role as @role" do
+        get :new, {}
+        assigns(:role).should be_a_new(Role)
+      end
+    end
+
+    describe "GET edit" do
+      it "assigns the requested role as @role" do
+        get :edit, {:id => @role.to_param}
+        assigns(:role).should eq(@role)
+      end
+    end
+
+    describe "POST create" do
+      describe "with valid params" do
+        it "creates a new Role" do
+          expect {
+            post :create, {:role => FactoryGirl.attributes_for(:role).symbolize_keys}
+          }.to change(Role, :count).by(1)
+        end
+
+        it "assigns a newly created role as @role" do
+          post :create, {:role => FactoryGirl.attributes_for(:role).symbolize_keys}
+          assigns(:role).should be_a(Role)
+          assigns(:role).should be_persisted
+        end
+
+        it "redirects to the created role" do
+          post :create, {:role => FactoryGirl.attributes_for(:role).symbolize_keys}
+          response.should redirect_to(Role.last)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns a newly created but unsaved role as @role" do
+          # Trigger the behavior that occurs when invalid params are submitted
+          Role.any_instance.stub(:save).and_return(false)
+          post :create, {:role => {}}
+          assigns(:role).should be_a_new(Role)
+        end
+
+        it "re-renders the 'new' template" do
+          # Trigger the behavior that occurs when invalid params are submitted
+          Role.any_instance.stub(:save).and_return(false)
+          post :create, {:role => {}}
+          response.should render_template("new")
+        end
+      end
+    end
+
+    describe "PUT update" do
+      describe "with valid params" do
+        it "updates the requested role" do
+          # Assuming there are no other roles in the database, this
+          # specifies that the Role created on the previous line
+          # receives the :update_attributes message with whatever params are
+          # submitted in the request.
+          Role.any_instance.should_receive(:update_attributes).with({'these' => 'params'})
+          put :update, {:id => @role.to_param, :role => {'these' => 'params'}}
+        end
+
+        it "assigns the requested role as @role" do
+          put :update, {:id => @role.to_param, :role => FactoryGirl.attributes_for(:role).symbolize_keys}
+          assigns(:role).should eq(@role)
+        end
+
+        it "redirects to the role" do
+          put :update, {:id => @role.to_param, :role => FactoryGirl.attributes_for(:role).symbolize_keys}
+          response.should redirect_to(@role)
+        end
+      end
+
+      describe "with invalid params" do
+        it "assigns the role as @role" do
+          # Trigger the behavior that occurs when invalid params are submitted
+          Role.any_instance.stub(:save).and_return(false)
+          put :update, {:id => @role.to_param, :role => {}}
+          assigns(:role).should eq(@role)
+        end
+
+        it "re-renders the 'edit' template" do
+          # Trigger the behavior that occurs when invalid params are submitted
+          Role.any_instance.stub(:save).and_return(false)
+          put :update, {:id => @role.to_param, :role => {}}
+          response.should render_template("edit")
+        end
+      end
+    end
+
+    describe "DELETE destroy" do
+      it "destroys the requested role" do
+        expect {
+          delete :destroy, {:id => @role.to_param}
+        }.to change(Role, :count).by(-1)
+      end
+
+      it "redirects to the roles list" do
+        delete :destroy, {:id => @role.to_param}
+        response.should redirect_to(roles_path)
+      end
+    end
+  end
+end