cccux 0.1.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a2c04acd4a7bdb9bf56dd8bec3bff97fa96b47f311d99ad99ecc43f788ea86d2
-  data.tar.gz: 3aa15d6e9ede2db1c97356a67628a7c03f8ecee8b73af4578a86667d023ed0c6
+  metadata.gz: afb1191e0b22997a111737dfd7b40e7f3cfb8803cc5046b2091d711ff915dada
+  data.tar.gz: 372d9570edf0194fa3759922a6c1d18e60cd3d8ce2bf4c78fbc4ecdd0be15d61
 SHA512:
-  metadata.gz: 67c23f642f404f7b04de4f7f28394d12bb46812fc4f63f126aaa8dea8087257cf353472cb4c9e924d497f381877fb94250144667c3c140eec23cb9f1ab2fc066
-  data.tar.gz: beb6ffdf77cafdfa83dd9e9f55a44c0aa45674c107cd4e24b100588577e337e1c67e0c299dcf839e7e9bef41b6e2f90cad1add1a4bb34fa6ab0914300c5c4972
+  metadata.gz: 0d235d116f1ad65bf811c70e486b29da1d40dc354e96252db8e0d6fd8a5cfa7e99d2c30e3093e5d161c0267e115c8031a6af827ec31cba6f2b64c8b4fa1ca855
+  data.tar.gz: ba3f46415d6a00afc76907be4523a290abfa43441d6f706e4d35d30ab96a8ca664e6df1a2149a48bfe1190d6b4faf5a47bf6c7c310fbe683b34b60060bdb26e1

data/CHANGELOG.md

@@ -5,6 +5,71 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.2.1] - 2025-01-27
+
+### Added
+- **Multi-level Ownership Support**: Enhanced ownership system to support ownership chains (e.g., ProjectManager → Project → Task)
+- **Improved Model Discovery**: Enhanced model discovery to include all application models in role editing interface
+- **Enhanced Authorization Logic**: Improved Ability class to handle complex ownership relationships correctly
+- **Project Management Integration**: Added support for Project, Task, and ProjectManager models with proper authorization
+- **Comprehensive Test Coverage**: Added extensive test coverage for all major components and edge cases
+
+### Fixed
+- **Model Loading Issues**: Fixed Zeitwerk autoloading issues with empty model files
+- **Ownership Chain Logic**: Fixed ownership checking logic to properly traverse ownership relationships
+- **User Registration**: Fixed ActiveModel::UnknownAttributeError during user signup process
+- **Permission Inheritance**: Corrected permission inheritance for project managers and task ownership
+- **Debug Output Removal**: Cleaned up all debug output statements from production code
+- **Test Assertion Warnings**: Fixed auto-generated test methods and missing HTTP requests in tests
+
+### Technical Improvements
+- **Enhanced Test Coverage**: Improved test coverage for complex ownership scenarios
+- **Better Error Handling**: Enhanced error handling for missing models and invalid ownership configurations
+- **Performance Optimizations**: Improved model loading and authorization checking performance
+- **Code Quality**: Removed all debug statements and improved code organization
+
+## [0.1.2] - 2025-01-27
+
+### Added
+- **Multi-level Ownership Support**: Enhanced ownership system to support ownership chains (e.g., ProjectManager → Project → Task)
+- **Improved Model Discovery**: Enhanced model discovery to include all application models in role editing interface
+- **Enhanced Authorization Logic**: Improved Ability class to handle complex ownership relationships correctly
+- **Project Management Integration**: Added support for Project, Task, and ProjectManager models with proper authorization
+
+### Fixed
+- **Model Loading Issues**: Fixed Zeitwerk autoloading issues with empty model files
+- **Ownership Chain Logic**: Fixed ownership checking logic to properly traverse ownership relationships
+- **User Registration**: Fixed ActiveModel::UnknownAttributeError during user signup process
+- **Permission Inheritance**: Corrected permission inheritance for project managers and task ownership
+
+### Technical Improvements
+- **Enhanced Test Coverage**: Improved test coverage for complex ownership scenarios
+- **Better Error Handling**: Enhanced error handling for missing models and invalid ownership configurations
+- **Performance Optimizations**: Improved model loading and authorization checking performance
+
+## [0.1.1] - 2025-07-07
+
+### Added
+- **Comprehensive Test Suite**: Added extensive test coverage for all major components
+  - Model tests for User, Role, RoleAbility with validations and associations
+  - Ability class tests covering all authorization scenarios
+  - Controller tests for admin interface functionality  
+  - View helper tests for authorization-aware UI components
+  - Integration tests for complete authorization workflows
+  - Rake task tests for setup and configuration automation
+- **Test Fixtures**: Created comprehensive test data fixtures for users and roles
+- **Test Documentation**: Detailed test scenarios covering edge cases and security
+
+### Fixed
+- **Rails Version Compatibility**: Fixed schema version compatibility with Rails 7.2
+- **Dependency Constraints**: Removed incompatible RSpec dependency, using built-in Rails testing
+
+### Technical Improvements
+- **Security Testing**: Tests verify deny-by-default security model
+- **Ownership Testing**: Comprehensive tests for both direct and contextual ownership
+- **Multi-role Testing**: Tests verify cumulative permissions from multiple roles
+- **Guest User Testing**: Ensures proper handling of unauthenticated users
+
 ## [0.1.0] - 2025-07-07
 
 ### Added
@@ -64,4 +129,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Backward compatibility maintained during transition period
 - Clear upgrade path for existing installations
 
+[0.1.1]: https://github.com/bagus1/cccux/releases/tag/v0.1.1
 [0.1.0]: https://github.com/bagus1/cccux/releases/tag/v0.1.0 

data/README.md

@@ -4,6 +4,8 @@ CCCUX is a Rails engine that provides comprehensive role-based authorization wit
 
 ## Features
 
+CCCUX eliminates the complexity of traditional authorization solutions by providing:
+
 - **One-Line Controller Setup**: Just add `load_and_authorize_resource` to any controller
 - **No Model Code Required**: Models need no special concerns or methods
 - **UI-Driven Configuration**: Set up complex ownership patterns through the web interface
@@ -13,6 +15,21 @@ CCCUX is a Rails engine that provides comprehensive role-based authorization wit
 - **Admin Interface**: Clean, intuitive interface for role and permission management
 - **Rails 8 Compatible**: Works with Rails 8 and modern Rails applications
 
+### Why CCCUX is Simple
+
+Traditional authorization solutions require:
+- Complex model concerns and methods
+- Manual ability class configuration
+- Custom ownership logic in every model
+- Lots of boilerplate code
+
+**CCCUX eliminates all of this:**
+- ✅ One line per controller: `load_and_authorize_resource`
+- ✅ No model code required
+- ✅ UI-driven configuration
+- ✅ Automatic setup and integration
+- ✅ Works with standard Rails patterns
+
 ## Quick Start
 
 ### 1. Install the Engine
@@ -33,6 +50,10 @@ bundle install
 rails cccux:setup
 ```
 
+#### Setup Task Details
+
+The `rails cccux:setup` task performs these steps:
+
 **What the setup task does:**
 
 1. **Checks for Devise**: Verifies Devise is installed, guides you through installation if needed
@@ -48,11 +69,20 @@ The setup task automatically configures your `ApplicationController` with:
 - Error handling for authorization failures
 - View helpers for authorization checks
 
-### 3. Add Authorization to Controllers
+The setup task is idempotent - you can run it multiple times safely.
+
+### 3. Managing Permissions and Roles
+
+Start your server, login as the Role Manager user you created and navigate to `http://localhost:3000/cccux`. You should see links in the footer on your homepage.
+
+## Controller Configuration
+
+Controllers need minimal configuration to work with CCCUX - just add `load_and_authorize_resource` to any controller.
+
+### Basic Controller Setup
 
 **The only requirement: Add `load_and_authorize_resource` to your controllers**
 
-#### Basic Controller
 ```ruby
 class ProductsController < ApplicationController
   load_and_authorize_resource
@@ -67,7 +97,10 @@ class ProductsController < ApplicationController
 end
 ```
 
-#### Nested Resource Controller
+### Nested Resource Setup
+
+For controllers handling nested resources, use conditional loading:
+
 ```ruby
 class OrdersController < ApplicationController
   # Load parent resource when present
@@ -87,57 +120,14 @@ class OrdersController < ApplicationController
 end
 ```
 
-### 4. Configure Permissions
-
-Start your server and navigate to `http://localhost:3000/cccux`:
-
-1. **Model Discovery**: Click "Model Discovery" to automatically detect your models and create permissions
-2. **Roles Management**: Go to "Roles" to see default roles and create custom ones
-3. **Assign Permissions**: Configure which roles can perform which actions on your models
-
-## Permission Configuration
-
-CCCUX supports two access types:
-
-### Global Access
-- **What it does**: Access to all records everywhere
-- **Use case**: Administrators, managers with broad access
-- **Configuration**: Select "Global" access type
-
-### Owned Access
-- **What it does**: Access to records you own or have access to via relationships
-- **Use case**: Users editing their own records, managers accessing records in their scope
-- **Configuration**: Select "Owned" access type and configure ownership settings
-
-## Ownership Configuration Examples
-
-### Simple User Ownership
-**Scenario**: Users can only edit products they created
-
-- **Access Type**: Owned
-- **Ownership Model**: (leave blank)
-- **Foreign Key**: (leave blank - auto-detects `user_id`)
-- **User Key**: (leave blank - defaults to `user_id`)
-
-### Manager Ownership
-**Scenario**: Store managers can edit all orders in stores they manage
-
-- **Access Type**: Owned
-- **Ownership Model**: `StoreManager`
-- **Foreign Key**: `store_id`
-- **User Key**: `user_id`
-
-This configuration tells CCCUX: "Find all StoreManager records where user_id matches the current user, get their store_id values, and allow access to orders with those store_id values."
-
-### Complex Hierarchies
-**Scenario**: Regional managers can edit products in all stores in their region
+### Checking Roles in Code
 
-- **Access Type**: Owned
-- **Ownership Model**: `RegionalManager`
-- **Foreign Key**: `region_id`
-- **User Key**: `user_id`
+```ruby
+current_user.has_role?('Role Manager')  # => true/false
+current_user.roles                      # => ['Basic User', 'Store Manager']
+```
 
-## Model Requirements
+## Models
 
 **Models need NO special code!** CCCUX works with standard Rails models:
 
@@ -160,10 +150,60 @@ class Store < ApplicationRecord
 end
 ```
 
-**How it works:**
-- CCCUX automatically detects `user_id` and `creator_id` columns for simple ownership
-- Complex ownership patterns are handled through the UI configuration
-- The CCCUX Ability class dynamically queries your join tables based on your settings
+## Admin Interface
+
+Navigate to `/cccux` to access the admin interface:
+
+- **Dashboard**: Overview of roles, users, and permissions
+- **Roles**: Create and manage roles with drag-and-drop priority ordering
+- **Permissions**: View and create permissions for your models
+- **Users**: Assign roles to users
+- **Model Discovery**: Automatically detect new models and create permissions
+
+## Managing Permissions and Roles
+
+### Permission Configuration
+
+1. **Model Discovery**: Click "Model Discovery" to automatically detect your models and create permissions
+2. **CRUD Actions added by default**: The Model Discovery process will add permissions for Read, Create, Update and Delete. 
+3. **Additional Actions**: The Permissions page shows each model and all their permisssions. Click the "Create New xxx Permission" for a model and it will discover any additional actions that your controller and routes support. Add them and they'll be available for any role. 
+
+### Role Creation
+
+Once you've created all the permissions from the Model Discovery page, you can assign them to Roles. By default, CCCUX creates three roles. Guest, Basic User and Role Manager. For additional Roles, click the Create Role button and fill out the simple form. Once it's created, edit it to configure its abilities. 
+
+Click to edit a role to configure it.
+
+### Role Configuration
+
+CCCUX supports two access types for each action for each model. Global and Owned.
+
+#### Global Access
+- **What it does**: Access to the to all records for a model for the individual action. 
+- **Use case**: Allowing Read access to the role for all items in a model.
+- **Use case**: Allowing Create access to create an item in a model.
+- **Configuration**: Select "Global" access type
+
+#### Owned Access
+
+There are two types of Owned Access. When you click 'owned' for a permission (Update) for a model (Product) for a role ("Basic User"), by default, any user with that role will be able only update records they created. However additional fields will be displayed for 'Owned' role permissions. These allow you to allow access to a manager (Project Manager) if you have an appropriate model (ProjectManager) and relationships set up in your application. This is best used for nested routes (see the setup for nested routes above) so that for instance a Project Manager can manage all the Tasks in a Project. 
+
+##### Basic Owned Access
+
+- **By Default**: Access to records for the user that created them.
+- **Use case**: Users editing their own records
+
+##### Advanced Owned Access
+
+- **First** select 'Owned' for a permission on a model for a role. 
+- **Next** Select an Ownership Model (ProjectManager), and enter a foreign key (project_id) and a User Key (user_id)
+- **Result**: Now if managers (Project Managers) are assigned to the parent item (A Project), they can manage all the items (Tasks) within (their Project).
+
+### Role Assignment
+
+From the cccux dashboard, click users to see a list of users. Click to edit an individual user to add them to a role. Users can be assgined to multiple roles.
+
+
 
 ## View Helpers
 
@@ -202,7 +242,7 @@ You can also use standard CanCanCan patterns:
 <% end %>
 ```
 
-### Converting Existing Views
+## Converting Existing Views
 
 CCCUX includes a development tool to convert existing Rails views to use authorization helpers:
 
@@ -237,16 +277,6 @@ rails cccux:view_examples
 
 This conversion tool saves significant time when adding CCCUX to existing applications.
 
-## Admin Interface
-
-Navigate to `/cccux` to access the admin interface:
-
-- **Dashboard**: Overview of roles, users, and permissions
-- **Roles**: Create and manage roles with drag-and-drop priority ordering
-- **Permissions**: View and create permissions for your models
-- **Users**: Assign roles to users
-- **Model Discovery**: Automatically detect new models and create permissions
-
 ## Error Handling
 
 CCCUX automatically handles authorization errors:
@@ -257,6 +287,8 @@ CCCUX automatically handles authorization errors:
 
 ## Testing
 
+### Basic Authorization Testing
+
 Test your authorization with standard Rails testing:
 
 ```ruby
@@ -280,6 +312,31 @@ class ProductsControllerTest < ActionDispatch::IntegrationTest
 end
 ```
 
+### Comprehensive Test Suite
+
+CCCUX includes a comprehensive test suite covering:
+
+- **Model Tests**: User, Role, RoleAbility, and Ability model functionality
+- **Controller Tests**: User authorization and admin interface access
+- **Helper Tests**: Authorization helper methods and view helpers
+- **Integration Tests**: Complete authorization flow testing
+- **Task Tests**: Setup task functionality and configuration
+- **Fixture Tests**: Proper test data setup for users and roles
+
+Run the tests with:
+```bash
+cd path/to/cccux
+rails test
+```
+
+The test suite validates:
+- Role assignment and permission checking
+- Ownership-based access control
+- Admin interface restrictions
+- Database setup and seeding
+- View helper functionality
+- Error handling scenarios
+
 ## Advanced Usage
 
 ### Custom Ability Logic
@@ -301,51 +358,6 @@ class ProductsController < ApplicationController
 end
 ```
 
-### Multiple Role Assignment
-
-Users can have multiple roles, and permissions are cumulative:
-
-```ruby
-user.add_role('Basic User')
-user.add_role('Store Manager')
-user.roles # => ['Basic User', 'Store Manager']
-```
-
-### Checking Roles in Code
-
-```ruby
-current_user.has_role?('Role Manager')  # => true/false
-current_user.roles                      # => ['Basic User', 'Store Manager']
-```
-
-## Setup Task Details
-
-The `rails cccux:setup` task performs these steps:
-
-1. **Devise Check**: Ensures Devise is installed and configured
-2. **Route Mounting**: Adds CCCUX routes to your application
-3. **ApplicationController Configuration**: Automatically adds the CCCUX concern
-4. **Database Setup**: Creates all necessary tables and indexes
-5. **Default Data**: Seeds roles, permissions, and creates admin user
-6. **Status Verification**: Confirms all components are properly configured
-
-The setup task is idempotent - you can run it multiple times safely.
-
-## Why CCCUX is Simple
-
-Traditional authorization solutions require:
-- Complex model concerns and methods
-- Manual ability class configuration
-- Custom ownership logic in every model
-- Lots of boilerplate code
-
-**CCCUX eliminates all of this:**
-- ✅ One line per controller: `load_and_authorize_resource`
-- ✅ No model code required
-- ✅ UI-driven configuration
-- ✅ Automatic setup and integration
-- ✅ Works with standard Rails patterns
-
 ## Troubleshooting
 
 ### Common Issues

data/Rakefile

@@ -1,8 +1,61 @@
-require "bundler/setup"
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
 
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Cccux'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.md')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+# Load the engine's tasks
 APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
-load "rails/tasks/engine.rake"
+load 'rails/tasks/engine.rake'
+
+load 'rails/tasks/statistics.rake'
+
+require 'bundler/gem_tasks'
+
+# Custom test preparation task
+namespace :test do
+  desc "Prepare test database"
+  task :prepare do
+    puts "🧪 Preparing test database..."
+    
+    # Change to dummy app directory and setup database
+    Dir.chdir(File.expand_path("test/dummy", __dir__)) do
+      system("RAILS_ENV=test bundle exec rails db:environment:set RAILS_ENV=test")
+      system("RAILS_ENV=test bundle exec rails db:schema:load")
+    end
+    
+    puts "✅ Test database prepared"
+  end
+end
+
+# Override the default test task to include preparation
+task :test => 'test:prepare'
 
-load "rails/tasks/statistics.rake"
+# Dummy environment task for engine compatibility
+# This prevents "Don't know how to build task 'environment'" errors
+# when engine Rake tasks depend on :environment but it's not defined
+task :environment do
+  # No-op: Engine doesn't need full Rails environment loading
+  # Host applications will have their own real environment task
+end
 
-require "bundler/gem_tasks"
+# Dummy db:migrate task for engine compatibility
+# This prevents "Don't know how to build task 'db:migrate'" errors
+# when engine Rake tasks depend on :db:migrate but it's not defined
+namespace :db do
+  task :migrate do
+    # No-op: Engine doesn't need to run migrations in test context
+    # Host applications will have their own real db:migrate task
+    puts "Dummy db:migrate task called (no-op in engine context)"
+  end
+end

data/app/assets/stylesheets/cccux/application.css

@@ -1,102 +1,126 @@
 /*
- * This is a manifest file that'll be compiled into application.css, which will include all the files
- * listed below.
- *
- * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
- * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
- *
- * You're free to add application-wide styles to this file and they'll appear at the bottom of the
- * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
- * files in this directory. Styles in this file should be added after the last require_* statement.
- * It is generally better to create a new file per style scope.
- *
- *= require_tree .
- *= require_self
+ * CCCUX Engine Styles
+ * 
+ * This file contains styles for the CCCUX engine components.
  */
 
-/* Action Button Styles */
-.cccux-btn {
-    padding: 0.375rem 0.75rem;
-    text-decoration: none;
-    border-radius: 4px;
-    font-size: 0.875rem;
-    border: none;
-    cursor: pointer;
-    display: inline-block;
-    text-align: center;
+/* CCCUX Admin Styles */
+.cccux-admin {
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
+  line-height: 1.6;
+  color: #333;
 }
 
-.cccux-btn-view {
-    background: #17a2b8;
-    color: white;
+.cccux-admin h1 {
+  color: #2c3e50;
+  margin-bottom: 1rem;
 }
 
-.cccux-btn-view:hover {
-    background: #138496;
-    color: white;
-    text-decoration: none;
+.cccux-admin .btn {
+  display: inline-block;
+  padding: 0.5rem 1rem;
+  border: 1px solid #ddd;
+  border-radius: 4px;
+  text-decoration: none;
+  color: #333;
+  background: #f8f9fa;
 }
 
-.cccux-btn-edit {
-    background: #ffc107;
-    color: #212529;
+.cccux-admin .btn-primary {
+  background: #007bff;
+  color: white;
+  border-color: #007bff;
 }
 
-.cccux-btn-edit:hover {
-    background: #e0a800;
-    color: #212529;
-    text-decoration: none;
+.cccux-admin .btn-danger {
+  background: #dc3545;
+  color: white;
+  border-color: #dc3545;
 }
 
-.cccux-btn-delete {
-    background: #dc3545;
-    color: white;
+.cccux-admin table {
+  width: 100%;
+  border-collapse: collapse;
+  margin-bottom: 1rem;
 }
 
-.cccux-btn-delete:hover {
-    background: #c82333;
-    color: white;
+.cccux-admin th,
+.cccux-admin td {
+  padding: 0.75rem;
+  border-bottom: 1px solid #ddd;
+  text-align: left;
 }
 
-.cccux-btn-create {
-    background: #007bff;
-    color: white;
-    padding: 0.75rem 1.5rem;
-    font-weight: bold;
-    border-radius: 6px;
+.cccux-admin th {
+  background: #f8f9fa;
+  font-weight: 600;
 }
 
-.cccux-btn-create:hover {
-    background: #0056b3;
-    color: white;
-    text-decoration: none;
+/* CCCUX Footer Styles */
+.cccux-footer {
+  font-size: 0.9rem;
+  color: #6c757d;
+  margin-top: 1rem;
+  padding: .5rem 0;
+  border-top: 1px solid #e5e5e5;
+  background-color: #f8f9fa;
 }
 
-/* Button Group Utilities */
-.cccux-btn-group {
-    display: flex;
-    gap: 0.5rem;
+.cccux-footer .footer-link {
+  color: #red;
+  text-decoration: none;
+  margin: 0 0.5rem;
+
 }
 
-.cccux-btn-group-center {
-    display: flex;
-    gap: 0.5rem;
-    justify-content: center;
+.cccux-footer .footer-link:hover {
+  color: #0056b3;
+  text-decoration: underline;
 }
 
-.cccux-btn-group-end {
-    display: flex;
-    gap: 0.5rem;
-    justify-content: flex-end;
+.cccux-footer .footer-separator {
+  color: #dee2e6;
+  margin: 0 0.25rem;
+}
+
+.cccux-footer .user-info,
+.cccux-footer .auth-links {
+  font-size: 0.85rem;
+}
+
+.cccux-footer .container {
+  max-width: 1200px;
+  margin: 0 auto;
+  padding: 0 1rem;
 }
 
-/* Size Variants */
-.cccux-btn-sm {
-    padding: 0.25rem 0.5rem;
-    font-size: 0.75rem;
+.cccux-footer .row {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+  flex-wrap: wrap;
 }
 
-.cccux-btn-lg {
-    padding: 0.75rem 1.5rem;
-    font-size: 1rem;
+.cccux-footer .col-md-6 {
+  flex: 1;
+  min-width: 300px;
+}
+
+.cccux-footer .text-end {
+  text-align: right;
+}
+
+@media (max-width: 768px) {
+  .cccux-footer .row {
+    flex-direction: column;
+    gap: 0.5rem;
+  }
+
+  .cccux-footer .col-md-6 {
+    text-align: center;
+  }
+
+  .cccux-footer .text-end {
+    text-align: center;
+  }
 }