RubyGems - api_guardian - Versions diffs - 0.1.0.pre - Mend

api_guardian 0.1.0.pre

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

checksums.yaml +7 -0
data/MIT-LICENSE +20 -0
data/README.md +125 -0
data/Rakefile +30 -0
data/app/controllers/api_guardian/api_controller.rb +112 -0
data/app/controllers/api_guardian/application_controller.rb +11 -0
data/app/controllers/api_guardian/permissions_controller.rb +7 -0
data/app/controllers/api_guardian/registration_controller.rb +38 -0
data/app/controllers/api_guardian/roles_controller.rb +19 -0
data/app/controllers/api_guardian/users_controller.rb +20 -0
data/app/models/api_guardian/permission.rb +14 -0
data/app/models/api_guardian/role.rb +97 -0
data/app/models/api_guardian/role_permission.rb +8 -0
data/app/models/api_guardian/user.rb +23 -0
data/app/serializers/api_guardian/permission_serializer.rb +7 -0
data/app/serializers/api_guardian/role_serializer.rb +7 -0
data/app/serializers/api_guardian/user_serializer.rb +10 -0
data/config/initializers/api_guardian.rb +10 -0
data/config/initializers/doorkeeper.rb +143 -0
data/config/routes.rb +20 -0
data/db/migrate/20151117191338_api_guardian_enable_uuid_extension.rb +5 -0
data/db/migrate/20151117191911_create_api_guardian_roles.rb +9 -0
data/db/migrate/20151117195618_create_api_guardian_users.rb +25 -0
data/db/migrate/20151117212826_create_api_guardian_permissions.rb +10 -0
data/db/migrate/20151117213145_create_api_guardian_role_permissions.rb +11 -0
data/db/migrate/20151117225238_create_doorkeeper_tables.rb +42 -0
data/db/seeds.rb +32 -0
data/lib/api_guardian.rb +80 -0
data/lib/api_guardian/concerns/api_errors/handler.rb +145 -0
data/lib/api_guardian/concerns/api_errors/renderer.rb +45 -0
data/lib/api_guardian/concerns/api_request/validator.rb +66 -0
data/lib/api_guardian/configuration.rb +171 -0
data/lib/api_guardian/engine.rb +23 -0
data/lib/api_guardian/errors/invalid_content_type_error.rb +6 -0
data/lib/api_guardian/errors/invalid_permission_name_error.rb +6 -0
data/lib/api_guardian/errors/invalid_request_body_error.rb +6 -0
data/lib/api_guardian/errors/invalid_request_resource_id_error.rb +6 -0
data/lib/api_guardian/errors/invalid_request_resource_type_error.rb +6 -0
data/lib/api_guardian/errors/invalid_update_action_error.rb +6 -0
data/lib/api_guardian/errors/reset_token_expired_error.rb +6 -0
data/lib/api_guardian/errors/reset_token_user_mismatch_error.rb +6 -0
data/lib/api_guardian/policies/application_policy.rb +65 -0
data/lib/api_guardian/policies/permission_policy.rb +15 -0
data/lib/api_guardian/policies/role_policy.rb +15 -0
data/lib/api_guardian/policies/user_policy.rb +23 -0
data/lib/api_guardian/stores/base.rb +53 -0
data/lib/api_guardian/stores/permission_store.rb +6 -0
data/lib/api_guardian/stores/role_store.rb +9 -0
data/lib/api_guardian/stores/user_store.rb +86 -0
data/lib/api_guardian/version.rb +3 -0
data/lib/generators/api_guardian/install/USAGE +8 -0
data/lib/generators/api_guardian/install/install_generator.rb +19 -0
data/lib/generators/api_guardian/install/templates/README +1 -0
data/lib/generators/api_guardian/install/templates/api_guardian.rb +5 -0
data/lib/tasks/api_guardian_tasks.rake +4 -0
data/spec/concerns/api_errors/handler_spec.rb +114 -0
data/spec/concerns/api_request/validator_spec.rb +102 -0
data/spec/dummy/README.rdoc +28 -0
data/spec/dummy/Rakefile +6 -0
data/spec/dummy/app/controllers/application_controller.rb +5 -0
data/spec/dummy/bin/bundle +3 -0
data/spec/dummy/bin/rails +4 -0
data/spec/dummy/bin/rake +4 -0
data/spec/dummy/bin/setup +29 -0
data/spec/dummy/config.ru +4 -0
data/spec/dummy/config/application.rb +25 -0
data/spec/dummy/config/boot.rb +5 -0
data/spec/dummy/config/database.yml +13 -0
data/spec/dummy/config/environment.rb +5 -0
data/spec/dummy/config/environments/development.rb +41 -0
data/spec/dummy/config/environments/production.rb +79 -0
data/spec/dummy/config/environments/test.rb +42 -0
data/spec/dummy/config/initializers/assets.rb +11 -0
data/spec/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/spec/dummy/config/initializers/cookies_serializer.rb +3 -0
data/spec/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/spec/dummy/config/initializers/inflections.rb +16 -0
data/spec/dummy/config/initializers/mime_types.rb +4 -0
data/spec/dummy/config/initializers/session_store.rb +3 -0
data/spec/dummy/config/initializers/wrap_parameters.rb +14 -0
data/spec/dummy/config/locales/en.yml +23 -0
data/spec/dummy/config/routes.rb +3 -0
data/spec/dummy/config/secrets.yml +22 -0
data/spec/dummy/db/schema.rb +104 -0
data/spec/dummy/log/test.log +5031 -0
data/spec/dummy/public/404.html +67 -0
data/spec/dummy/public/422.html +67 -0
data/spec/dummy/public/500.html +66 -0
data/spec/dummy/public/favicon.ico +0 -0
data/spec/factories/permissions.rb +6 -0
data/spec/factories/role_permissions.rb +6 -0
data/spec/factories/roles.rb +24 -0
data/spec/factories/users.rb +11 -0
data/spec/models/permission_spec.rb +28 -0
data/spec/models/role_permission_spec.rb +27 -0
data/spec/models/role_spec.rb +209 -0
data/spec/models/user_spec.rb +44 -0
data/spec/policies/application_policy_spec.rb +118 -0
data/spec/policies/permission_policy_spec.rb +28 -0
data/spec/policies/role_policy_spec.rb +28 -0
data/spec/policies/user_policy_spec.rb +29 -0
data/spec/requests/permissions_controller_spec.rb +19 -0
data/spec/requests/registration_controller_spec.rb +151 -0
data/spec/requests/roles_controller_spec.rb +75 -0
data/spec/requests/users_controller_spec.rb +75 -0
data/spec/spec_helper.rb +138 -0
data/spec/stores/base_spec.rb +113 -0
data/spec/stores/permission_store_spec.rb +2 -0
data/spec/stores/role_store_spec.rb +12 -0
data/spec/stores/user_store_spec.rb +144 -0
data/spec/support/controller_concern_test_helpers.rb +21 -0
data/spec/support/matchers.rb +37 -0
data/spec/support/request_helpers.rb +111 -0
metadata +508 -0

data/app/models/api_guardian/role_permission.rb ADDED Viewed

@@ -0,0 +1,8 @@
+module ApiGuardian
+  class RolePermission < ActiveRecord::Base
+    belongs_to :role, class_name: ApiGuardian.role_class.to_s
+    belongs_to :permission, class_name: ApiGuardian.permission_class.to_s
+    validates :role_id, uniqueness: { scope: :permission_id, message: 'Permission combination already exists!' }
+  end
+end

data/app/models/api_guardian/user.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module ApiGuardian
+  class User < ActiveRecord::Base
+    acts_as_paranoid
+    has_secure_password
+    belongs_to :role, class_name: ApiGuardian.role_class.to_s
+    delegate :can?, :cannot?, to: :role
+    validates :email, presence: true, uniqueness: true
+    validates :password, length: { minimum: 8 }, if: :password
+    # Class Methods
+    def self.policy_class
+      ApiGuardian::Policies::UserPolicy
+    end
+    # Instance Methods
+    def reset_password_token_valid?
+      !reset_password_sent_at.nil? && 24.hours.ago <= reset_password_sent_at
+    end
+  end
+end

data/app/serializers/api_guardian/permission_serializer.rb ADDED Viewed

@@ -0,0 +1,7 @@
+module ApiGuardian
+  class PermissionSerializer < ActiveModel::Serializer
+    type 'permissions'
+    attributes :id, :name, :desc
+  end
+end

data/app/serializers/api_guardian/role_serializer.rb ADDED Viewed

@@ -0,0 +1,7 @@
+module ApiGuardian
+  class RoleSerializer < ActiveModel::Serializer
+    type 'roles'
+    attributes :id, :name, :permissions, :created_at, :updated_at
+  end
+end

data/app/serializers/api_guardian/user_serializer.rb ADDED Viewed

@@ -0,0 +1,10 @@
+module ApiGuardian
+  class UserSerializer < ActiveModel::Serializer
+    type 'users'
+    attributes :id, :first_name, :last_name, :email, :email_confirmed_at,
+               :phone_number, :phone_number_confirmed_at, :created_at, :updated_at
+    belongs_to :role
+  end
+end

data/config/initializers/api_guardian.rb ADDED Viewed

@@ -0,0 +1,10 @@
+ActiveModel::Serializer.config.adapter = :json_api
+api_mime_types = %w(
+  application/vnd.api+json
+  text/x-json
+  application/json
+)
+Mime::Type.unregister :json
+Mime::Type.register 'application/json', :json, api_mime_types

data/config/initializers/doorkeeper.rb ADDED Viewed

@@ -0,0 +1,143 @@
+::Doorkeeper.configure do
+  # Change the ORM that doorkeeper will use (needs plugins)
+  orm :active_record
+  # This block will be called to check whether the resource owner is authenticated or not.
+  resource_owner_from_credentials do
+    u = ApiGuardian.user_class.find_by(email: params[:email])
+    u if u && u.try(:authenticate, params[:password])
+  end
+  # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below.
+  # admin_authenticator do
+  #   # Put your admin authentication logic here.
+  #   # Example implementation:
+  #   Admin.find_by_id(session[:admin_id]) || redirect_to(new_admin_session_url)
+  # end
+  # Authorization Code expiration time (default 10 minutes).
+  # authorization_code_expires_in 10.minutes
+  # Access token expiration time (default 2 hours).
+  # If you want to disable expiration, set this to nil.
+  # access_token_expires_in 2.hours
+  # Assign a custom TTL for implicit grants.
+  # custom_access_token_expires_in do |oauth_client|
+  #   oauth_client.application.additional_settings.implicit_oauth_expiration
+  # end
+  # Use a custom class for generating the access token.
+  # https://github.com/doorkeeper-gem/doorkeeper#custom-access-token-generator
+  access_token_generator '::Doorkeeper::JWT'
+  # Reuse access token for the same resource owner within an application (disabled by default)
+  # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
+  # reuse_access_token
+  # Issue access tokens with refresh token (disabled by default)
+  use_refresh_token
+  # Provide support for an owner to be assigned to each registered application (disabled by default)
+  # Optional parameter :confirmation => true (default false) if you want to enforce ownership of
+  # a registered application
+  # Note: you must also run the rails g doorkeeper:application_owner generator to provide the necessary support
+  # enable_application_owner :confirmation => false
+  # Define access token scopes for your provider
+  # For more information go to
+  # https://github.com/doorkeeper-gem/doorkeeper/wiki/Using-Scopes
+  # default_scopes  :public
+  # optional_scopes :write, :update
+  # Change the way client credentials are retrieved from the request object.
+  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+  # falls back to the `:client_id` and `:client_secret` params from the `params` object.
+  # Check out the wiki for more information on customization
+  # client_credentials :from_basic, :from_params
+  # Change the way access token is authenticated from the request object.
+  # By default it retrieves first from the `HTTP_AUTHORIZATION` header, then
+  # falls back to the `:access_token` or `:bearer_token` params from the `params` object.
+  # Check out the wiki for more information on customization
+  # access_token_methods :from_bearer_authorization, :from_access_token_param, :from_bearer_param
+  # Change the native redirect uri for client apps
+  # When clients register with the following redirect uri, they won't be redirected to any server and the authorization code will be displayed within the provider
+  # The value can be any string. Use nil to disable this feature. When disabled, clients must provide a valid URL
+  # (Similar behaviour: https://developers.google.com/accounts/docs/OAuth2InstalledApp#choosingredirecturi)
+  #
+  # native_redirect_uri 'urn:ietf:wg:oauth:2.0:oob'
+  # Forces the usage of the HTTPS protocol in non-native redirect uris (enabled
+  # by default in non-development environments). OAuth2 delegates security in
+  # communication to the HTTPS protocol so it is wise to keep this enabled.
+  #
+  # force_ssl_in_redirect_uri !Rails.env.development?
+  # Specify what grant flows are enabled in array of Strings. The valid
+  # strings and the flows they enable are:
+  #
+  # "authorization_code" => Authorization Code Grant Flow
+  # "implicit"           => Implicit Grant Flow
+  # "password"           => Resource Owner Password Credentials Grant Flow
+  # "client_credentials" => Client Credentials Grant Flow
+  #
+  # If not specified, Doorkeeper enables authorization_code and
+  # client_credentials.
+  #
+  # implicit and password grant flows have risks that you should understand
+  # before enabling:
+  #   http://tools.ietf.org/html/rfc6819#section-4.4.2
+  #   http://tools.ietf.org/html/rfc6819#section-4.4.3
+  #
+  grant_flows %w(password)
+  # Under some circumstances you might want to have applications auto-approved,
+  # so that the user skips the authorization step.
+  # For example if dealing with a trusted application.
+  # skip_authorization do |resource_owner, client|
+  #   client.superapp? or resource_owner.admin?
+  # end
+  # WWW-Authenticate Realm (default "Doorkeeper").
+  # realm "Doorkeeper"
+end
+::Doorkeeper::JWT.configure do
+  # Set the payload for the JWT token. This should contain unique information
+  # about the user.
+  # Defaults to a randomly generated token in a hash
+  # { token: "RANDOM-TOKEN" }
+  token_payload do |opts|
+    user = ApiGuardian.user_class.find(opts[:resource_owner_id])
+    iat = DateTime.current.utc.to_i
+    {
+      iss: 'guideon:washington',
+      iat: iat,
+      exp: iat + opts[:expires_in],
+      jti: Digest::MD5.hexdigest([SecureRandom.hex, iat].join(':')),
+      sub: user.id,
+      user: {
+        id: user.id,
+        email: user.email
+      },
+      permissions: user.role.permissions
+    }
+  end
+  # Set the encryption secret. This would be shared with any other applications
+  # that should be able to read the payload of the token.
+  # Defaults to "secret"
+  secret_key 'MY-SECRET'
+  # If you want to use RS* encoding specify the path to the RSA key
+  # to use for signing.
+  # If you specify a secret_key_path it will be used instead of secret_key
+  # secret_key_path 'path/to/file.pem'
+  # Specify encryption type. Supports any algorithim in
+  # https://github.com/progrium/ruby-jwt
+  # defaults to nil
+  encryption_method :hs256
+end

data/config/routes.rb ADDED Viewed

@@ -0,0 +1,20 @@
+ApiGuardian::Engine.routes.draw do
+  # Registration
+  post '/register' => 'registration#create'
+  post '/reset-password' => 'registration#reset_password'
+  post '/complete-reset-password' => 'registration#complete_reset_password'
+  # API v1
+  use_doorkeeper scope: 'auth' do
+    skip_controllers :applications, :authorized_applications
+  end
+  resources :users, except: [:new, :edit] do
+    get 'permissions', on: :member
+  end
+  resources :roles, except: [:new, :edit]
+  resources :permissions, only: [:index]
+  match '*unmatched_route', to: 'application#not_found', via: :all
+end

data/db/migrate/20151117191338_api_guardian_enable_uuid_extension.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class ApiGuardianEnableUuidExtension < ActiveRecord::Migration
+  def change
+    enable_extension 'uuid-ossp'
+  end
+end

data/db/migrate/20151117191911_create_api_guardian_roles.rb ADDED Viewed

@@ -0,0 +1,9 @@
+class CreateApiGuardianRoles < ActiveRecord::Migration
+  def change
+    create_table :api_guardian_roles, id: :uuid do |t|
+      t.string :name
+      t.boolean :default, default: false
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20151117195618_create_api_guardian_users.rb ADDED Viewed

@@ -0,0 +1,25 @@
+class CreateApiGuardianUsers < ActiveRecord::Migration
+  def change
+    create_table :api_guardian_users, id: :uuid do |t|
+      t.string :first_name
+      t.string :last_name
+      t.string :email
+      t.datetime :email_confirmed_at
+      t.string :phone_number
+      t.datetime :phone_number_confirmed_at
+      t.string :password_digest, null: false
+      t.boolean :active, default: false
+      t.uuid :role_id, null: false
+      t.string :reset_password_token
+      t.datetime :reset_password_sent_at
+      t.datetime :deleted_at
+      t.timestamps null: false
+    end
+    add_index 'api_guardian_users', ['deleted_at'], name: 'index_api_guardian_users_on_deleted_at', using: :btree
+    add_index 'api_guardian_users', ['email'], name: 'index_api_guardian_users_on_email', unique: true, using: :btree
+    add_index 'api_guardian_users', ['reset_password_token'], name: 'index_api_guardian_users_on_reset_password_token', unique: true, using: :btree
+    add_index 'api_guardian_users', ['role_id'], name: 'index_api_guardian_users_on_role_id', using: :btree
+  end
+end

data/db/migrate/20151117212826_create_api_guardian_permissions.rb ADDED Viewed

@@ -0,0 +1,10 @@
+class CreateApiGuardianPermissions < ActiveRecord::Migration
+  def change
+    create_table :api_guardian_permissions, id: :uuid do |t|
+      t.string :name
+      t.string :desc
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20151117213145_create_api_guardian_role_permissions.rb ADDED Viewed

@@ -0,0 +1,11 @@
+class CreateApiGuardianRolePermissions < ActiveRecord::Migration
+  def change
+    create_table :api_guardian_role_permissions, id: :uuid do |t|
+      t.uuid :role_id
+      t.uuid :permission_id
+      t.boolean :granted, default: false
+      t.timestamps null: false
+    end
+  end
+end

data/db/migrate/20151117225238_create_doorkeeper_tables.rb ADDED Viewed

@@ -0,0 +1,42 @@
+class CreateDoorkeeperTables < ActiveRecord::Migration
+  def change
+    create_table :oauth_applications, id: :uuid do |t|
+      t.string :name, null: false
+      t.string :uid, null: false
+      t.string :secret, null: false
+      t.text :redirect_uri, null: false
+      t.string :scopes, null: false, default: ''
+      t.timestamps
+    end
+    add_index :oauth_applications, :uid, unique: true
+    create_table :oauth_access_grants, id: :uuid do |t|
+      t.uuid :resource_owner_id, null: false
+      t.uuid :application_id, null: false
+      t.string :token, null: false
+      t.integer :expires_in, null: false
+      t.text :redirect_uri, null: false
+      t.datetime :created_at, null: false
+      t.datetime :revoked_at
+      t.string :scopes
+    end
+    add_index :oauth_access_grants, :token, unique: true
+    create_table :oauth_access_tokens, id: :uuid do |t|
+      t.uuid :resource_owner_id
+      t.uuid :application_id
+      t.text :token, null: false
+      t.string :refresh_token
+      t.integer :expires_in
+      t.datetime :revoked_at
+      t.datetime :created_at, null: false
+      t.string :scopes
+    end
+    add_index :oauth_access_tokens, :token, unique: true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, unique: true
+  end
+end

data/db/seeds.rb ADDED Viewed

@@ -0,0 +1,32 @@
+# Roles
+admin_role = ApiGuardian.role_class.create!(name: 'Super Admin')
+user_role = ApiGuardian.role_class.create!(name: 'User', default: true)
+# Permissions
+ApiGuardian.permission_class.create!(name: 'user:create', desc: 'Ability to create User resource.')
+ApiGuardian.permission_class.create!(name: 'user:read', desc: 'Ability to read User resource.')
+ApiGuardian.permission_class.create!(name: 'user:update', desc: 'Ability to update User resource.')
+ApiGuardian.permission_class.create!(name: 'user:delete', desc: 'Ability to delete User resource.')
+ApiGuardian.permission_class.create!(name: 'user:manage', desc: 'Ability to manage User resource.')
+ApiGuardian.permission_class.create!(name: 'role:create', desc: 'Ability to create Role resource.')
+ApiGuardian.permission_class.create!(name: 'role:read', desc: 'Ability to read Role resource.')
+ApiGuardian.permission_class.create!(name: 'role:update', desc: 'Ability to update Role resource.')
+ApiGuardian.permission_class.create!(name: 'role:delete', desc: 'Ability to delete Role resource.')
+ApiGuardian.permission_class.create!(name: 'role:manage', desc: 'Ability to manage Role resource.')
+ApiGuardian.permission_class.create!(name: 'permission:create', desc: 'Ability to create Permission resource.')
+ApiGuardian.permission_class.create!(name: 'permission:read', desc: 'Ability to read Permission resource.')
+ApiGuardian.permission_class.create!(name: 'permission:update', desc: 'Ability to update Permission resource.')
+ApiGuardian.permission_class.create!(name: 'permission:delete', desc: 'Ability to delete Permission resource.')
+ApiGuardian.permission_class.create!(name: 'permission:manage', desc: 'Ability to manage Permission resource.')
+admin_role.create_default_permissions true
+user_role.create_default_permissions false
+# User
+ApiGuardian.user_class.create!(
+  first_name: 'Travis', last_name: 'Vignon', email: 'travis@lookitsatravis.com',
+  password: 'password', password_confirmation: 'password', role: admin_role,
+  active: true, email_confirmed_at: DateTime.now.utc
+)

data/lib/api_guardian.rb ADDED Viewed

@@ -0,0 +1,80 @@
+require 'rails-api'
+require 'doorkeeper'
+require 'doorkeeper-jwt'
+require 'pundit'
+require 'paranoia'
+require 'rack/cors'
+require 'kaminari'
+require 'active_model_serializers'
+require 'api_guardian/configuration'
+require "api_guardian/engine"
+module ApiGuardian
+  module Concerns
+    module ApiErrors
+      autoload :Handler, 'api_guardian/concerns/api_errors/handler'
+      autoload :Renderer, 'api_guardian/concerns/api_errors/renderer'
+    end
+    module ApiRequest
+      autoload :Validator, 'api_guardian/concerns/api_request/validator'
+    end
+  end
+  module Errors
+    autoload :InvalidContentTypeError, 'api_guardian/errors/invalid_content_type_error'
+    autoload :InvalidPermissionNameError, 'api_guardian/errors/invalid_permission_name_error'
+    autoload :InvalidRequestBodyError, 'api_guardian/errors/invalid_request_body_error'
+    autoload :InvalidRequestResourceIdError, 'api_guardian/errors/invalid_request_resource_id_error'
+    autoload :InvalidRequestResourceTypeError, 'api_guardian/errors/invalid_request_resource_type_error'
+    autoload :InvalidUpdateActionError, 'api_guardian/errors/invalid_update_action_error'
+    autoload :ResetTokenExpiredError, 'api_guardian/errors/reset_token_expired_error'
+    autoload :ResetTokenUserMismatchError, 'api_guardian/errors/reset_token_user_mismatch_error'
+  end
+  module Stores
+    autoload :Base, 'api_guardian/stores/base'
+    autoload :UserStore, 'api_guardian/stores/user_store'
+    autoload :RoleStore, 'api_guardian/stores/role_store'
+    autoload :PermissionStore, 'api_guardian/stores/permission_store'
+  end
+  module Policies
+    autoload :ApplicationPolicy, 'api_guardian/policies/application_policy'
+    autoload :PermissionPolicy, 'api_guardian/policies/permission_policy'
+    autoload :RolePolicy, 'api_guardian/policies/role_policy'
+    autoload :UserPolicy, 'api_guardian/policies/user_policy'
+  end
+  mattr_accessor :user_class
+  @@user_class = 'ApiGuardian::User'
+  mattr_accessor :role_class
+  @@role_class = 'ApiGuardian::Role'
+  mattr_accessor :permission_class
+  @@permission_class = 'ApiGuardian::Permission'
+  mattr_accessor :role_permission_class
+  @@role_permission_class = 'ApiGuardian::RolePermission'
+  def self.user_class
+    @@user_class.constantize
+  end
+  def self.role_class
+    @@role_class.constantize
+  end
+  def self.permission_class
+    @@permission_class.constantize
+  end
+  def self.role_permission_class
+    @@role_permission_class.constantize
+  end
+  def self.setup
+    yield self
+  end
+end