bsm_oa 0.3.1

data/app/views/bsm_oa/roles/show.html.erb

@@ -0,0 +1,41 @@
+<div class="page-header">
+  <div class="pull-right">
+    <%= link_to "&larr; Back".html_safe, bsm_oa_roles_path, class: 'btn btn-lg btn-default'%>
+  </div>
+  <h1><%= @role.name %></h1>
+</div>
+
+<h3>Details</h3>
+<div class="table-responsive">
+  <table class="table table-hover">
+    <tr>
+      <th>Name:</th>
+      <td><%= @role.name %></td>
+    </tr>
+    <tr>
+      <th>Description:</th>
+      <td>
+        <%= '&ndash;'.html_safe unless @role.description %>
+        <%= @role.description %>
+      </td>
+    </tr>
+  </table>
+</div>
+
+<h3>
+  Authorizations
+  <%= link_to 'New', new_bsm_oa_role_bsm_oa_authorization_path(@role), class: 'btn btn-sm btn-primary' %>
+</h3>
+<div class="table-responsive">
+  <table class="table table-hover">
+    <thead>
+      <tr><th>Application</th><th>Permissions</th><th>&nbsp;</th></tr>
+    </thead>
+    <tbody>
+      <% @role.authorizations.includes(:application).each do |auth| %>
+        <%= render 'authorization', auth: auth %>
+      <% end -%>
+    </tbody>
+  </table>
+</div>
+

data/app/views/bsm_oa/roles/show.json.jbuilder

@@ -0,0 +1 @@
+json.partial! 'role', role: @role

data/app/views/bsm_oa/roles/update.json.jbuilder

@@ -0,0 +1 @@
+json.partial! 'role', role: @role

data/bsm_oa.gemspec

@@ -0,0 +1,37 @@
+$:.push File.expand_path('../lib', __FILE__)
+
+require 'bsm_oa/version'
+
+Gem::Specification.new do |s|
+  s.name        = 'bsm_oa'
+  s.version     = BsmOa::VERSION
+  s.authors     = ['Andy Born', 'Dimitrij Denissenko']
+  s.email       = 'info@blacksquaremedia.com'
+  s.homepage    = 'https://github.org/bsm/oa'
+  s.summary     = 'Rails Open Authority engine'
+  s.description = 'Opinionated toolbox for building centralised authorities'
+  s.licenses    = ['MIT']
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- spec/*`.split("\n")
+  s.require_paths = ['lib']
+
+  s.add_dependency 'railties', '>= 4.1', '< 5.0'
+  s.add_dependency 'doorkeeper', '~> 3.0.0.rc'
+  s.add_dependency 'responders', '~> 2.0'
+  s.add_dependency 'jbuilder', '~> 2.2'
+  s.add_dependency 'bsm-models'
+  s.add_dependency 'has_scope', '~> 0.6'
+  s.add_dependency 'simple_form', '~> 3.1'
+  s.add_dependency 'jquery-rails'
+
+  s.add_development_dependency 'rails', '>= 4.1'
+  s.add_development_dependency 'combustion', '~> 0.5.3'
+  s.add_development_dependency 'rspec-rails'
+  s.add_development_dependency 'factory_girl'
+  s.add_development_dependency 'json_spec'
+  s.add_development_dependency 'faker'
+  s.add_development_dependency 'shoulda-matchers'
+  s.add_development_dependency 'database_cleaner'
+  s.add_development_dependency 'sqlite3'
+end

data/config.ru

@@ -0,0 +1,7 @@
+require 'rubygems'
+require 'bundler'
+
+Bundler.require :default, :development
+
+Combustion.initialize! :all
+run Combustion::Application

data/db/migrate/20150507113313_bsm_oa_create_doorkeeper_tables.rb

@@ -0,0 +1,43 @@
+class BsmOaCreateDoorkeeperTables < ActiveRecord::Migration
+  def change
+    create_table :oauth_applications do |t|
+      t.string  :name,         null: false
+      t.string  :uid,          null: false
+      t.string  :secret,       null: false
+      t.text    :redirect_uri, null: false
+      t.string  :scopes,       null: false, default: ''
+      t.text    :permissions
+      t.timestamps null: false
+    end
+
+    add_index :oauth_applications, :uid, unique: true
+
+    create_table :oauth_access_grants do |t|
+      t.integer  :resource_owner_id, null: false
+      t.integer  :application_id,    null: false
+      t.string   :token,             null: false
+      t.integer  :expires_in,        null: false
+      t.text     :redirect_uri,      null: false
+      t.datetime :created_at,        null: false
+      t.datetime :revoked_at
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_grants, :token, unique: true
+
+    create_table :oauth_access_tokens do |t|
+      t.integer  :resource_owner_id
+      t.integer  :application_id
+      t.string   :token,             null: false
+      t.string   :refresh_token
+      t.integer  :expires_in
+      t.datetime :revoked_at
+      t.datetime :created_at,        null: false
+      t.string   :scopes
+    end
+
+    add_index :oauth_access_tokens, :token, unique: true
+    add_index :oauth_access_tokens, :resource_owner_id
+    add_index :oauth_access_tokens, :refresh_token, unique: true
+  end
+end

data/db/migrate/20150513155732_bsm_oa_create_tables.rb

@@ -0,0 +1,16 @@
+class BsmOaCreateTables < ActiveRecord::Migration
+  def change
+    create_table :bsm_oa_authorizations do |t|
+      t.integer :role_id, null: false
+      t.integer :application_id, null: false
+      t.text    :permissions
+    end
+    add_index :bsm_oa_authorizations, [:role_id, :application_id], unique: :true
+
+    create_table :bsm_oa_roles do |t|
+      t.string :name, null: false, size: 80
+      t.string :description
+    end
+    add_index :bsm_oa_roles, [:name], unique: :true
+  end
+end

data/lib/bsm_oa/application_mixin.rb

@@ -0,0 +1,37 @@
+module BsmOa
+  module ApplicationMixin
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :authorizations, class_name: BsmOa::Authorization, inverse_of: :application, dependent: :destroy
+      has_many :roles, inverse_of: :applications, class_name: BsmOa::Role, through: :authorizations, foreign_key: :role_id
+
+      serialize :permissions, Bsm::Model::Coders::JsonColumn.new(Array)
+      validate  :must_have_simple_word_permissions
+
+      before_validation :normalize_permissions!
+
+      scope :ordered, -> { order(:name) }
+    end
+
+    def permissions_string=(permissions_string)
+      self.permissions = permissions_string.split(/\W+/)
+    end
+
+    def permissions_string
+      permissions.sort.join(' ')
+    end
+
+    protected
+
+      def must_have_simple_word_permissions
+        errors.add :permissions, :invalid if permissions.any? {|pm| pm =~ /[^a-z0-9]/ }
+      end
+
+      def normalize_permissions!
+        self.permissions = Array.wrap(permissions).reject(&:blank?).map(&:strip).map(&:downcase).uniq
+      end
+
+  end
+end
+

data/lib/bsm_oa/authorization.rb

@@ -0,0 +1,49 @@
+module BsmOa
+  class Authorization < ActiveRecord::Base
+    self.table_name = :"#{table_name_prefix}bsm_oa_authorizations#{table_name_suffix}"
+
+    # ---> ASSOCIATIONS
+    belongs_to :role, inverse_of: :authorizations
+    belongs_to :application, inverse_of: :authorizations, class_name: Doorkeeper::Application, foreign_key: :application_id
+
+    # ---> ATTRIBUTES
+    serialize :permissions, Bsm::Model::Coders::JsonColumn.new(Array)
+    attr_readonly :application_id, :role_id, :application
+
+    # ---> VALIDATIONS
+    validates :application, :role, :application_id, :role_id, presence: :true
+    validates :application_id, uniqueness: { scope: :role_id }
+
+    # ---> CALLBACKS
+    before_validation :normalize_permissions!
+
+    # ---> SCOPES
+    scope :ordered, -> { order(id: :desc) }
+
+    # @param [String] name permission name
+    def toggle(name)
+      if permissions.include?(name)
+        self.permissions = permissions - [name]
+      else
+        self.permissions = permissions + [name]
+      end
+      save
+    end
+
+    def permissions_string=(str)
+      self.permissions = str.split("\s")
+    end
+
+    def permissions_string
+      permissions.sort.join(' ')
+    end
+
+    protected
+
+      def normalize_permissions!
+        self.permissions = permissions.reject(&:blank?).map(&:strip).map(&:downcase).uniq
+        self.permissions &= application.permissions if application
+      end
+
+  end
+end

data/lib/bsm_oa/config.rb

@@ -0,0 +1,19 @@
+module BsmOa
+  class Config
+
+    def user_class(value = nil)
+      if value.nil?
+        @user_class = @user_class.constantize if String === @user_class
+        @user_class ||= "::User".constantize
+      else
+        @user_class = value
+      end
+    end
+
+    def user_attrs(*attrs)
+      @user_attrs = attrs unless attrs.empty?
+      @user_attrs ||= [:id, :email]
+    end
+
+  end
+end

data/lib/bsm_oa/engine.rb

@@ -0,0 +1,27 @@
+module BsmOa
+  class Engine < Rails::Engine
+
+    initializer 'bsm_oa.migrations' do |app|
+      unless app.root.to_s.match root.to_s
+        config.paths["db/migrate"].expanded.each do |path|
+          app.config.paths["db/migrate"] << path
+        end
+      end
+    end
+
+    initializer "bsm_oa.routes" do
+      Routes.install!
+    end
+
+    initializer "bsm_oa.models" do
+      ActiveSupport.on_load(:active_record) do
+        require 'bsm_oa/application_mixin'
+        require 'bsm_oa/authorization'
+        require 'bsm_oa/role'
+
+        Doorkeeper::Application.send :include, ApplicationMixin
+      end
+    end
+
+  end
+end

data/lib/bsm_oa/role.rb

@@ -0,0 +1,28 @@
+module BsmOa
+  class Role < ActiveRecord::Base
+    self.table_name = :"#{table_name_prefix}bsm_oa_roles#{table_name_suffix}"
+
+    # ---> ASSOCIATIONS
+    has_many :authorizations, inverse_of: :role, dependent: :destroy
+    has_many :applications, inverse_of: :roles, class_name: Doorkeeper::Application, through: :authorizations, foreign_key: :application_id
+
+    # ---> VALIDATIONS
+    validates :name,
+      presence: true,
+      length: { maximum: 80, allow_blank: true },
+      uniqueness: { case_sensitive: false, allow_blank: true }
+
+    # ---> SCOPES
+    scope :ordered, -> { order(id: :desc) }
+
+    # ---> CALLBACKS
+    before_validation :normalize_attributes!
+
+    private
+
+      def normalize_attributes!
+        self.name = name.try(:strip)
+      end
+
+  end
+end

data/lib/bsm_oa/routes.rb

@@ -0,0 +1,24 @@
+module BsmOa
+  module Routes
+
+    def self.install!
+      ActionDispatch::Routing::Mapper.send :include, Helper
+    end
+
+    module Helper
+
+      def mount_bsm_oa
+        get 'me(.:format)', to: 'bsm_oa/accounts#show', as: :bsm_oa_me
+        resources :roles, controller: 'bsm_oa/roles', as: :bsm_oa_roles do
+          resources :authorizations, controller: 'bsm_oa/authorizations', as: :bsm_oa_authorizations, shallow: true do
+            put :toggle, on: :member, path: "toggle/:permission"
+          end
+        end
+        use_doorkeeper do
+          controllers applications: 'bsm_oa/applications'
+        end
+      end
+
+    end
+  end
+end

data/lib/bsm_oa/version.rb

@@ -0,0 +1,3 @@
+module BsmOa
+  VERSION = "0.3.1"
+end

data/lib/bsm_oa.rb

@@ -0,0 +1,25 @@
+require 'doorkeeper'
+require 'bsm-models'
+require 'responders'
+require 'jbuilder'
+require 'has_scope'
+require 'simple_form'
+
+require 'bsm_oa/version'
+require 'bsm_oa/engine'
+require 'bsm_oa/routes'
+require 'bsm_oa/config'
+
+module BsmOa
+  class << self
+
+    def configure(&block)
+      config.send :instance_eval, &block
+    end
+
+    def config
+      @config ||= Config.new
+    end
+
+  end
+end

data/spec/controllers/bsm_oa/accounts_controller_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+describe BsmOa::AccountsController, type: :controller do
+
+  let(:authorization) { create :authorization }
+  let(:application)   { authorization.application }
+  let(:user)          { create :user, roles: [authorization.role] }
+  let(:access_token)  { Doorkeeper::AccessToken.create! resource_owner_id: user.id, application_id: application.id }
+
+  describe 'routing' do
+    it { is_expected.to route(:get, "/me").to(action: :show) }
+  end
+
+  describe 'GET show.json (successful)' do
+    before do
+      request.headers["Authorization"] = "Bearer #{access_token.token}"
+      get :show, client_id: application.uid, client_secret: application.secret, format: 'json'
+    end
+
+    it { expect(response.body).to have_json_size(3) }
+    it { expect(response.body).to have_json_size(1).at_path('authorizations') }
+    it { expect(response.body).to have_json_size(2).at_path('authorizations/0') }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'GET show.json (bad auth token)' do
+    before do
+      request.headers["Authorization"] = "Bearer abcdef"
+      get :show, format: 'json'
+    end
+
+    it { is_expected.to respond_with(:unauthorized) }
+  end
+
+end

data/spec/controllers/bsm_oa/applications_controller_spec.rb

@@ -0,0 +1,114 @@
+require 'spec_helper'
+
+describe BsmOa::ApplicationsController, type: :controller do
+
+  let(:user)        { create :user }
+  let(:application) { create :application }
+
+  describe 'routing' do
+    it { is_expected.to route(:get,  "/oauth/applications").to(action: :index) }
+    it { is_expected.to route(:post, "/oauth/applications").to(action: :create) }
+    it { is_expected.to route(:get,  "/oauth/applications/new").to(action: :new) }
+    it { is_expected.to route(:get,  "/oauth/applications/1").to(action: :show, id: 1) }
+    it { is_expected.to route(:put,  "/oauth/applications/1").to(action: :update, id: 1) }
+    it { is_expected.to route(:delete, "/oauth/applications/1").to(action: :destroy, id: 1) }
+  end
+
+  describe 'GET index.json' do
+    before do
+      application
+      get :index, format: 'json'
+    end
+
+    it { expect(response.body).to have_json_size(1) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'GET show.json' do
+    before do
+      get :show, format: 'json', id: application.to_param
+    end
+
+    it { expect(response.body).to have_json_size(6) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'GET show.html' do
+    before do
+      get :show, format: 'html', id: application.to_param
+    end
+
+    it { is_expected.to redirect_to("http://test.host/oauth/applications") }
+  end
+
+  describe 'POST create.json (successful)' do
+    before do
+      post :create, format: 'json', doorkeeper_application: attributes_for(:application)
+    end
+
+    it { expect(response.body).to have_json_size(6) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'POST create.json (unsuccessful)' do
+    before do
+      post :create, format: 'json', doorkeeper_application: attributes_for(:application, name: nil)
+    end
+
+    it { expect(response.body).to have_json_path('errors') }
+    it { is_expected.to respond_with(:unprocessable_entity) }
+  end
+
+  describe 'POST create.html' do
+    before do
+      post :create, doorkeeper_application: attributes_for(:application)
+    end
+
+    it { is_expected.to respond_with(:redirect) }
+    it { is_expected.to redirect_to("http://test.host/oauth/applications/#{Doorkeeper::Application.last.to_param}") }
+  end
+
+  describe 'PUT update.json (successful)' do
+    before do
+      put :update, format: 'json', id: application.to_param, doorkeeper_application: application.attributes
+    end
+
+    it { expect(response.body).to have_json_size(6) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'PUT update.json (unsuccessful)' do
+    before do
+      put :update, format: 'json', id: application.to_param, doorkeeper_application: application.attributes.merge(name: nil)
+    end
+
+    it { expect(response.body).to have_json_path('errors') }
+    it { is_expected.to respond_with(:unprocessable_entity) }
+  end
+
+  describe 'PUT update.html' do
+    before do
+      put :update, id: application.to_param, doorkeeper_application: application.attributes
+    end
+
+    it { is_expected.to respond_with(:redirect) }
+    it { is_expected.to redirect_to("http://test.host/oauth/applications/#{application.to_param}") }
+  end
+
+  describe 'DELETE destroy.json' do
+    before do
+      delete :destroy, format: 'json', id: application.to_param
+    end
+
+    it { is_expected.to respond_with(:no_content) }
+  end
+
+  describe 'DELETE destroy.html' do
+    before do
+      delete :destroy, id: application.to_param
+    end
+
+    it { is_expected.to respond_with(:redirect) }
+    it { is_expected.to redirect_to("http://test.host/oauth/applications") }
+  end
+end