bsm_oa 0.3.1

data/spec/controllers/bsm_oa/authorizations_controller_spec.rb

@@ -0,0 +1,164 @@
+require 'spec_helper'
+
+describe BsmOa::AuthorizationsController, type: :controller do
+
+  let(:role)        { create :role }
+  let(:resource)    { create :authorization, role: role }
+
+  describe 'routing' do
+    it { is_expected.to route(:get, "/roles/1/authorizations").to(action: :index, bsm_oa_role_id: 1) }
+    it { is_expected.to route(:get, "/roles/1/authorizations/new").to(action: :new, bsm_oa_role_id: 1) }
+    it { is_expected.to route(:post, "/roles/1/authorizations").to(action: :create, bsm_oa_role_id: 1) }
+    it { is_expected.to route(:get, "/authorizations/1").to(action: :show, id: 1) }
+    it { is_expected.to route(:put, "/authorizations/1").to(action: :update, id: 1) }
+    it { is_expected.to route(:get, "/authorizations/1/edit").to(action: :edit, id: 1) }
+    it { is_expected.to route(:delete, "/authorizations/1").to(action: :destroy, id: 1) }
+    it { is_expected.to route(:put, "/authorizations/1/toggle/admin").to(action: :toggle, id: 1, permission: "admin") }
+  end
+
+  describe 'GET index.json' do
+    before do
+      resource
+      get :index, bsm_oa_role_id: role.to_param, format: 'json'
+    end
+
+    it { is_expected.to respond_with(:success) }
+    it { expect(response.body).to have_json_size(1) }
+    it { expect(response.body).to have_json_size(3).at_path('0') }
+  end
+
+  describe 'GET index.html' do
+    before do
+      resource
+      get :index, bsm_oa_role_id: role.to_param
+    end
+
+    it { is_expected.to render_template(:index) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'GET new.html' do
+    before do
+      get :new, bsm_oa_role_id: role.to_param
+    end
+    it { is_expected.to render_template(:new) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'GET show.html' do
+    before do
+      get :show, id: resource.to_param
+    end
+    it { is_expected.to redirect_to("/roles/#{resource.role.to_param}") }
+  end
+
+  describe 'GET show.json' do
+    before do
+      get :show, id: resource.to_param, format: "json"
+    end
+    it { is_expected.to respond_with(:success) }
+    it { expect(response.body).to have_json_size(4) }
+  end
+
+  describe 'GET edit.html' do
+    before do
+      get :edit, id: resource.to_param
+    end
+    it { is_expected.to render_template(:edit) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'POST create.json (successful)' do
+    before do
+      role = create(:role)
+      post :create, format: 'json', bsm_oa_role_id: role.to_param, authorization: resource.attributes.merge( permissions_string: 'admin')
+    end
+
+    it { is_expected.to respond_with(:created) }
+    it { expect(response.body).to have_json_size(4) }
+  end
+
+  describe 'POST create.html (successful)' do
+    before do
+      role = create(:role)
+      post :create, authorization: resource.attributes.merge( permissions_string: 'admin'), bsm_oa_role_id: role.to_param
+    end
+
+    it { is_expected.to respond_with(:redirect) }
+    it { is_expected.to redirect_to("/authorizations/#{BsmOa::Authorization.last.to_param}") }
+  end
+
+  describe 'POST create.html (unsuccessful)' do
+    before do
+      role = create(:role)
+      post :create, bsm_oa_role_id: role.to_param, authorization: { application_id: '' }
+     end
+
+    it { is_expected.to respond_with(:success) }
+    it { is_expected.to render_template(:new) }
+  end
+
+  describe 'PUT update.html (successful)' do
+    before do
+      put :update, id: resource.to_param, authorization: { permissions_string: 'admin' }
+    end
+
+    it { is_expected.to respond_with(:redirect) }
+    it { is_expected.to redirect_to("/authorizations/#{BsmOa::Authorization.last.to_param}") }
+  end
+
+  describe 'PUT update.html (unsuccessful)' do
+    before do
+      put :update, id: resource.to_param, authorization: { application_id: '0' }
+    end
+
+    it { is_expected.to respond_with(:success) }
+    it { is_expected.to render_template(:edit) }
+  end
+
+  describe 'PUT update.json (successful)' do
+    before do
+      put :update, format: 'json', id: resource.to_param, authorization: { permissions_string: 'admin' }
+    end
+
+    it { is_expected.to respond_with(:no_content) }
+  end
+
+  describe 'PUT update.json (unsuccessful)' do
+    before do
+      put :update, format: 'json', id: resource.to_param, authorization: { application_id: '0' }
+    end
+
+    it { is_expected.to respond_with(:unprocessable_entity) }
+  end
+
+  describe 'PUT toggle' do
+    before do
+      put :toggle, id: resource.to_param, permission: "admin"
+    end
+
+    it { is_expected.to respond_with(:redirect) }
+    it { is_expected.to redirect_to("/authorizations/1") }
+  end
+
+  describe 'PUT toggle.js' do
+    before do
+      put :toggle, id: resource.to_param, permission: "admin", format: "js"
+    end
+
+    it { is_expected.to respond_with(:success) }
+    it { expect(resource.reload.permissions).to be_empty }
+  end
+
+  describe 'PUT toggle.json' do
+    before do
+      put :toggle, id: resource.to_param, permission: "admin", format: "json"
+    end
+
+    it { is_expected.to respond_with(:success) }
+    it { expect(response.body).to have_json_size(4) }
+  end
+
+end
+
+

data/spec/controllers/bsm_oa/roles_controller_spec.rb

@@ -0,0 +1,140 @@
+require 'spec_helper'
+
+describe BsmOa::RolesController, type: :controller do
+
+  let(:resource)  { create :role }
+  let(:user)     { create :user }
+
+  describe 'routing' do
+    it { is_expected.to route(:get, "/roles").to(action: :index) }
+    it { is_expected.to route(:get, "/roles/new").to(action: :new) }
+    it { is_expected.to route(:get, "/roles/1").to(action: :show, id: 1) }
+    it { is_expected.to route(:get, "/roles/1/edit").to(action: :edit, id: 1) }
+    it { is_expected.to route(:post, "/roles").to(action: :create) }
+    it { is_expected.to route(:put, "/roles/1").to(action: :update, id: 1) }
+  end
+
+  describe 'GET index.json' do
+    before do
+      resource
+      get :index, format: 'json'
+    end
+
+    it { is_expected.to respond_with(:success) }
+    it { expect(response.body).to have_json_size(1) }
+  end
+
+  describe 'GET show.json' do
+    before do
+      get :show, id: resource.to_param, format: 'json'
+    end
+
+    it { is_expected.to respond_with(:success) }
+    it { expect(response.body).to have_json_size(2) }
+  end
+
+  describe 'POST create.json (successful)' do
+    before do
+      post :create, format: 'json', role: resource.attributes.merge(name: "admin")
+    end
+
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'PUT update.json (successful)' do
+    before do
+      post :update, format: 'json', id: resource.to_param, role: { name: "newname"}
+    end
+
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'GET index.html' do
+    before do
+      get :index
+    end
+
+    it { is_expected.to render_template(:index) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'GET show.html' do
+    before do
+      get :show, id: resource.to_param
+    end
+
+    it { is_expected.to render_template(:show) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'GET edit.html' do
+    before do
+      get :edit, id: resource.to_param
+    end
+    it { is_expected.to render_template(:edit) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'GET new.html' do
+    before do
+      get :new
+    end
+    it { is_expected.to render_template(:new) }
+    it { is_expected.to respond_with(:success) }
+  end
+
+  describe 'POST create.html (successful)' do
+    before do
+      post :create, role: resource.attributes.merge(name: "newname")
+    end
+    it { is_expected.to respond_with(:redirect) }
+    it { is_expected.to redirect_to("http://test.host/roles/#{BsmOa::Role.last.to_param}") }
+  end
+
+  describe 'POST create.html (unsuccessful)' do
+    before do
+      post :create, role: resource.attributes
+    end
+
+    it { is_expected.to respond_with(:success) }
+    it { is_expected.to render_template(:new) }
+  end
+
+  describe 'PUT update.html (successful)' do
+    before do
+      post :update, id: resource.to_param, role: { name: "newname"}
+    end
+
+    it { is_expected.to respond_with(:redirect) }
+    it { is_expected.to redirect_to("http://test.host/roles/#{resource.to_param}") }
+  end
+
+  describe 'PUT update.html (unsuccessful)' do
+    before do
+      put :update, id: resource.to_param, role: { name: "" }
+    end
+
+    it { is_expected.to respond_with(:success) }
+    it { is_expected.to render_template(:edit) }
+  end
+
+  describe 'DELETE destroy.json' do
+    before do
+      delete :destroy, format: 'json', id: resource.to_param
+    end
+
+    it { is_expected.to respond_with(:no_content) }
+  end
+
+  describe 'DELETE destroy.html' do
+    before do
+      delete :destroy, id: resource.to_param
+    end
+
+    it { is_expected.to respond_with(:redirect) }
+    it { is_expected.to redirect_to("http://test.host/roles") }
+  end
+
+end
+
+

data/spec/factories.rb

@@ -0,0 +1,23 @@
+FactoryGirl.define do
+
+  factory :application, class: Doorkeeper::Application do
+    sequence(:name) { |n| "Application #{n}" }
+    redirect_uri 'https://app.com/callback'
+    permissions ['admin', 'finance', 'operations']
+  end
+
+  factory :authorization, class: BsmOa::Authorization do
+    role
+    application
+    permissions ['admin']
+  end
+
+  factory :role, class: BsmOa::Role do
+    name { Faker::Lorem.word }
+  end
+
+  factory :user do
+    email   { Faker::Internet.email }
+  end
+
+end

data/spec/internal/config/database.yml

@@ -0,0 +1,3 @@
+test:
+  adapter:  sqlite3
+  database: db/combustion_test.sqlite

data/spec/internal/config/routes.rb

@@ -0,0 +1,3 @@
+Rails.application.routes.draw do
+  mount_bsm_oa
+end

data/spec/internal/db/schema.rb

@@ -0,0 +1,13 @@
+ActiveRecord::Schema.define do
+
+  create_table :users do |t|
+    t.string :email
+  end
+
+  create_table :roles_users, id: false do |t|
+    t.integer :role_id
+    t.integer :user_id
+  end
+  add_index :roles_users, [:role_id, :user_id], unique: true
+
+end

data/spec/internal/log/.gitignore

@@ -0,0 +1 @@
+*.log

data/spec/lib/bsm_oa/application_mixin_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe Doorkeeper::Application, type: :model do
+
+  it { is_expected.to have_many(:authorizations).dependent(:destroy) }
+  it { is_expected.to have_many(:roles).through(:authorizations) }
+
+  it { is_expected.to serialize(:permissions) }
+
+  ['valid', 'VALID', 'v4lid'].each do |val|
+    it { is_expected.to allow_value([val]).for(:permissions) }
+  end
+
+  ['inv&lid', 'not valid'].each do |val|
+    it { is_expected.not_to allow_value([val]).for(:permissions) }
+  end
+
+  it 'should have default secret and uid attributes' do
+    app = create(:application, secret: nil, uid: nil)
+    expect(app.secret).to_not be_nil
+    expect(app.uid).to_not be_nil
+  end
+
+  it 'should all secret and uid to be user set' do
+    app = create(:application, secret: 'secr3t', uid: 'nexusU1D')
+    expect(app.secret).to eq('secr3t')
+    expect(app.uid).to eq('nexusU1D')
+  end
+
+  it 'should normalize permissions' do
+    app = create(:application, permissions: ['admin', 'Finance', ' employee ', ''])
+    expect(app.permissions).to eq ['admin', 'finance', 'employee']
+  end
+
+  it 'should set and return string of permissions' do
+    app = create(:application)
+    app.permissions_string = 'admin, finance, employee'
+    expect(app.permissions).to eq ['admin', 'finance', 'employee']
+    expect(app.permissions_string).to eq 'admin employee finance'
+  end
+
+  it 'should scope ordered' do
+    create(:application)
+    expect(described_class.ordered.size).to eq(1)
+  end
+
+end
+

data/spec/lib/bsm_oa/authorization_spec.rb

@@ -0,0 +1,53 @@
+require 'spec_helper'
+
+RSpec.describe BsmOa::Authorization, type: :model do
+
+  it { is_expected.to belong_to(:role) }
+  it { is_expected.to belong_to(:application) }
+
+  it { is_expected.to validate_presence_of :role }
+  it { is_expected.to validate_presence_of :role_id }
+  it { is_expected.to validate_presence_of :application }
+  it { is_expected.to validate_presence_of :application_id }
+
+  describe 'uniqueness validation' do
+    subject { build(:authorization) }
+    it { is_expected.to validate_uniqueness_of(:application_id).scoped_to(:role_id) }
+  end
+
+  it { is_expected.to serialize(:permissions) }
+
+  it 'should set and return string of permissions' do
+    subject = create(:authorization)
+    subject.permissions_string = 'admin operations finance'
+    expect(subject.permissions).to eq ['admin', 'operations', 'finance']
+    expect(subject.permissions_string).to eq 'admin finance operations'
+  end
+
+  it 'should normalize permissions' do
+    subject = create(:authorization)
+    subject.permissions = ["admin ", "Finance", "operatiOns", "unknown"]
+    expect(subject).to be_valid
+    expect(subject.permissions).to eq ['admin', 'finance', 'operations']
+  end
+
+  it 'should have ordered scope' do
+    create(:authorization)
+    expect(described_class.ordered.size).to eq(1)
+  end
+
+  describe 'toggle' do
+    let(:authorization) { create :authorization}
+
+    it 'should toggle adding permissions' do
+      authorization.toggle('finance')
+      expect(authorization.reload.permissions).to eq(['admin', 'finance'])
+    end
+    it 'should toggle removing permissions' do
+      authorization.toggle('admin')
+      expect(authorization.reload.permissions).to eq([])
+    end
+  end
+end
+
+

data/spec/lib/bsm_oa/config_spec.rb

@@ -0,0 +1,20 @@
+require 'spec_helper'
+
+RSpec.describe BsmOa::Config do
+
+  it "should have defaults" do
+    expect(subject.user_class).to eq(::User)
+    expect(subject.user_attrs).to eq([:id, :email])
+  end
+
+  it "should set custom user classes" do
+    subject.user_class "String"
+    expect(subject.user_class).to eq(::String)
+  end
+
+  it "should set custom user attributes" do
+    subject.user_attrs :id, :name, :admin
+    expect(subject.user_attrs).to eq([:id, :name, :admin])
+  end
+
+end

data/spec/lib/bsm_oa/role_spec.rb

@@ -0,0 +1,22 @@
+require 'spec_helper'
+
+RSpec.describe BsmOa::Role, type: :model do
+
+  it { is_expected.to have_many(:authorizations).dependent(:destroy) }
+  it { is_expected.to have_many(:applications).through(:authorizations) }
+
+  it { is_expected.to validate_presence_of(:name) }
+  it { is_expected.to validate_length_of(:name).is_at_most(80) }
+  it { is_expected.to validate_uniqueness_of(:name).case_insensitive }
+
+  it 'should have ordered scope' do
+    create(:role)
+    expect(described_class.ordered.length).to eq(1)
+  end
+
+  it 'should normalize name attribute' do
+    subject = create(:role, name: ' Something ')
+    expect(subject.name).to eq('Something')
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,64 @@
+ENV['RAILS_ENV'] ||= 'test'
+
+$LOAD_PATH.unshift File.expand_path('..', __FILE__)
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+$LOAD_PATH.unshift File.expand_path('../../app', __FILE__)
+
+# Initialize combustion
+require 'combustion'
+Combustion.initialize! :active_record do
+
+  Doorkeeper.configure do
+    orm :active_record
+  end
+
+  SimpleForm.setup do |_|
+  end
+
+end
+
+# Internal app
+class User < ActiveRecord::Base
+  has_and_belongs_to_many :roles, class_name: "BsmOa::Role", join_table: 'roles_users'
+  has_many :authorizations, through: :roles, class_name: "BsmOa::Authorization"
+end
+
+# Load rspec
+require 'rspec/rails'
+require 'shoulda-matchers'
+require 'json_spec'
+require 'factory_girl'
+require 'faker'
+require 'database_cleaner'
+
+RSpec.configure do |config|
+  config.use_transactional_fixtures = true
+  config.infer_spec_type_from_file_location!
+  config.render_views
+
+  config.before :suite do
+    silence_stream(STDOUT) do
+      ActiveRecord::Migrator.migrate(File.expand_path('../../db/migrate', __FILE__), nil)
+    end
+    FactoryGirl.find_definitions
+  end
+
+  config.before :suite do
+    DatabaseCleaner.strategy = :transaction
+    DatabaseCleaner.clean_with :truncation
+  end
+
+  config.around :each do |example|
+    DatabaseCleaner.cleaning { example.run }
+  end
+
+  config.expect_with :rspec do |expectations|
+    expectations.include_chain_clauses_in_custom_matcher_descriptions = true
+  end
+  config.mock_with :rspec do |mocks|
+    mocks.verify_partial_doubles = true
+  end
+
+  config.include FactoryGirl::Syntax::Methods
+  config.include JsonSpec::Helpers
+end