cream 0.5.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.document +5 -0
- data/.gitignore +39 -0
- data/.rspec +1 -0
- data/Changelog.txt +8 -0
- data/Gemfile +27 -0
- data/LICENSE +20 -0
- data/README.markdown +196 -0
- data/Rakefile +40 -0
- data/VERSION +1 -0
- data/app/views/auth_assist/menu/_admin_login_items.html.erb +11 -0
- data/app/views/auth_assist/menu/_login_items.html.erb +11 -0
- data/app/views/auth_assist/menu/_registration_items.html.erb +10 -0
- data/config/locales/en.yml +14 -0
- data/cream.gemspec +169 -0
- data/features/FEATURE_NOTES.txt +6 -0
- data/features/permission/adds_permission.feature +0 -0
- data/features/role_strategy/adds_role_strategy.feature +0 -0
- data/features/role_strategy/clears_role_strategy.feature +0 -0
- data/init.rb +1 -0
- data/lib/cream.rb +21 -0
- data/lib/cream/configure.rb +3 -0
- data/lib/cream/configure/after_init/role_config.rb +29 -0
- data/lib/cream/configure/rails.rb +23 -0
- data/lib/cream/controller/ability.rb +7 -0
- data/lib/cream/helper/authlabels.rb +21 -0
- data/lib/cream/helper/host.rb +11 -0
- data/lib/cream/helper/role.rb +48 -0
- data/lib/cream/namespaces.rb +5 -0
- data/lib/cream/role.rb +7 -0
- data/lib/cream/view/host_area.rb +12 -0
- data/lib/cream/view/role_area.rb +38 -0
- data/lib/cream/view/user_action_menu.rb +21 -0
- data/lib/generators/cream/config/DESIGN NOTES.markdown +61 -0
- data/lib/generators/cream/config/config_generator.rb +72 -0
- data/lib/generators/cream/config/modules/cancan_config.rb +22 -0
- data/lib/generators/cream/config/modules/cream_config.rb +23 -0
- data/lib/generators/cream/config/modules/devise_config.rb +108 -0
- data/lib/generators/cream/config/modules/helper.rb +57 -0
- data/lib/generators/cream/config/modules/permits_config.rb +15 -0
- data/lib/generators/cream/config/modules/roles_config.rb +15 -0
- data/lib/generators/cream/views/haml_util.rb +44 -0
- data/lib/generators/cream/views/views_generator.rb +34 -0
- data/lib/generators/cream_refactor.rb +82 -0
- data/log/development.log +0 -0
- data/sandbox/test.rb +40 -0
- data/spec/cream/configure/rails_spec.rb +51 -0
- data/spec/cream/helper/host_spec.rb +68 -0
- data/spec/cream/helper/role_spec.rb +187 -0
- data/spec/cream/view/host_area_spec.rb +61 -0
- data/spec/cream/view/role_area_spec.rb +124 -0
- data/spec/cream/view/role_ext_spec.rb +36 -0
- data/spec/generator_spec_helper.rb +26 -0
- data/spec/generators/cream/config/devise/existing_devise_users.rb +61 -0
- data/spec/generators/cream/config/empty_app/default_args_spec.rb +51 -0
- data/spec/generators/cream/config/permits/existing_permits_spec.rb +0 -0
- data/spec/generators/cream/config/permits/no_permits_spec.rb +0 -0
- data/spec/generators/cream/config/roles/default_roles.rb +51 -0
- data/spec/generators/cream/config/roles/roles_spec.rb +60 -0
- data/spec/generators/cream/shared_examples.rb +18 -0
- data/spec/generators/cream/views_generator_spec.rb +30 -0
- data/spec/spec_helper.rb +18 -0
- data/wiki/CONFIG_GENERATOR.txt +21 -0
- data/wiki/DESIGN.txt +21 -0
- data/wiki/INSTALLATION.txt +6 -0
- data/wiki/PERMITS.txt +32 -0
- data/wiki/ROLE_STRATEGIES.txt +40 -0
- data/wiki/SPEC_NOTES.txt +6 -0
- data/wiki/VIEWS_GENERATOR.txt +35 -0
- data/wiki/VIEW_HELPERS.txt +162 -0
- metadata +374 -0
@@ -0,0 +1,26 @@
|
|
1
|
+
require 'rspec/core'
|
2
|
+
require 'generator-spec'
|
3
|
+
require 'devise-spec'
|
4
|
+
require 'roles-spec'
|
5
|
+
require 'cream'
|
6
|
+
|
7
|
+
RSpec::Generator.configure do |config|
|
8
|
+
config.debug = false
|
9
|
+
config.remove_temp_dir = false # true
|
10
|
+
config.default_rails_root(__FILE__)
|
11
|
+
config.lib = File.dirname(__FILE__) + '/../lib'
|
12
|
+
config.logger = :stdout
|
13
|
+
end
|
14
|
+
|
15
|
+
RSpec.configure do |config|
|
16
|
+
config.mock_with :mocha
|
17
|
+
|
18
|
+
config.before do
|
19
|
+
create_rails_app
|
20
|
+
end
|
21
|
+
|
22
|
+
config.after do
|
23
|
+
remove_rails_app
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'generator_spec_helper'
|
2
|
+
require_generator :cream => :config
|
3
|
+
|
4
|
+
LOGFILE = File.expand_path File.dirname(__FILE__) + '/../../config_generator-init.log'
|
5
|
+
|
6
|
+
describe 'Cream config generator: strategy "admin_flag", init Devise user model User' do
|
7
|
+
use_helpers :model, :controller, :permit, :files, :file
|
8
|
+
|
9
|
+
before :each do
|
10
|
+
setup_generator 'config_generator' do
|
11
|
+
tests Cream::Generators::ConfigGenerator
|
12
|
+
end
|
13
|
+
remove_all_permits
|
14
|
+
remove_locale :cream
|
15
|
+
|
16
|
+
File.remove_from controller_file(:application) do
|
17
|
+
%{
|
18
|
+
rescue_from CanCan::AccessDenied do |exception|
|
19
|
+
flash[:error] = exception.message
|
20
|
+
redirect_to root_url
|
21
|
+
end
|
22
|
+
}
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
after :each do
|
27
|
+
remove_all_permits
|
28
|
+
end
|
29
|
+
|
30
|
+
describe "Configure Rails 3 app with Cream using init devise" do
|
31
|
+
before do
|
32
|
+
puts "Running generator"
|
33
|
+
Dir.chdir Rails.root do
|
34
|
+
@generator = with_generator do |g|
|
35
|
+
arguments = "--strategy admin_flag --init-devise --logfile #{LOGFILE}".args
|
36
|
+
puts "arguments: #{arguments}"
|
37
|
+
g.run_generator arguments
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end # before
|
41
|
+
|
42
|
+
it "should generate a Devise User with only a :guest role using :role_string strategy" do
|
43
|
+
@generator.should generate_model :user do |clazz|
|
44
|
+
clazz.should have_default_devise_options
|
45
|
+
|
46
|
+
# clazz.should use_roles :generic
|
47
|
+
# clazz.should include_module 'Roles::Generic'
|
48
|
+
# clazz.should have_call :roles, :args => ':guest'
|
49
|
+
# clazz.should have_call :role_strategy, :args => ":role_string"
|
50
|
+
end
|
51
|
+
end # it
|
52
|
+
|
53
|
+
# it "should generate a Devise Admin user" do
|
54
|
+
# @generator.should generate_model :admin do |clazz|
|
55
|
+
# # clazz.should use_roles :generic
|
56
|
+
# # clazz.should include_module 'Roles::Generic'
|
57
|
+
# clazz.should inherit_from :user
|
58
|
+
# end
|
59
|
+
# end # it
|
60
|
+
end # desc
|
61
|
+
end
|
@@ -0,0 +1,51 @@
|
|
1
|
+
require 'generator_spec_helper'
|
2
|
+
require_generator :cream => :config
|
3
|
+
|
4
|
+
LOGFILE = File.expand_path File.dirname(__FILE__) + '/../../config_generator-default.log'
|
5
|
+
|
6
|
+
puts "Logfile at: #{LOGFILE}"
|
7
|
+
|
8
|
+
describe 'role strategy generator: admin_flag' do
|
9
|
+
use_helpers :model, :controller, :permit, :files, :file
|
10
|
+
|
11
|
+
before :each do
|
12
|
+
setup_generator 'roles_generator' do
|
13
|
+
tests Cream::Generators::ConfigGenerator
|
14
|
+
end
|
15
|
+
remove_all_permits
|
16
|
+
remove_locale :cream if locale_file? :cream
|
17
|
+
|
18
|
+
File.remove_from controller_file(:application) do
|
19
|
+
%{
|
20
|
+
rescue_from CanCan::AccessDenied do |exception|
|
21
|
+
flash[:error] = exception.message
|
22
|
+
redirect_to root_url
|
23
|
+
end
|
24
|
+
}
|
25
|
+
end if controller_file? :application
|
26
|
+
end
|
27
|
+
|
28
|
+
after :each do
|
29
|
+
remove_all_permits
|
30
|
+
end
|
31
|
+
|
32
|
+
describe "Configure Rails 3 app with Cream using default options" do
|
33
|
+
before do
|
34
|
+
puts "Running generator"
|
35
|
+
Dir.chdir Rails.root do
|
36
|
+
@generator = with_generator do |g|
|
37
|
+
arguments = "--strategy admin_flag --logfile #{LOGFILE}".args
|
38
|
+
puts "arguments: #{arguments}"
|
39
|
+
g.run_generator arguments
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end # before
|
43
|
+
|
44
|
+
it "should generate a Devise User with only a :guest role using :role_string strategy" do
|
45
|
+
@generator.should_not generate_model :user
|
46
|
+
@generator.should have_gems :devise, :cancan, :roles_active_record
|
47
|
+
end # it
|
48
|
+
end # desc
|
49
|
+
end # desc
|
50
|
+
|
51
|
+
|
File without changes
|
File without changes
|
@@ -0,0 +1,51 @@
|
|
1
|
+
require 'generator_spec_helper'
|
2
|
+
require_generator :cream => :config
|
3
|
+
|
4
|
+
LOGFILE = File.expand_path File.dirname(__FILE__) + '/../../config_generator-default.log'
|
5
|
+
|
6
|
+
puts "Logfile at: #{LOGFILE}"
|
7
|
+
|
8
|
+
describe 'role strategy generator: admin_flag' do
|
9
|
+
use_helpers :model, :controller, :permit, :files, :file
|
10
|
+
|
11
|
+
before :each do
|
12
|
+
setup_generator 'roles_generator' do
|
13
|
+
tests Cream::Generators::ConfigGenerator
|
14
|
+
end
|
15
|
+
remove_all_permits
|
16
|
+
remove_locale :cream if locale_file? :cream
|
17
|
+
|
18
|
+
File.remove_from controller_file(:application) do
|
19
|
+
%{
|
20
|
+
rescue_from CanCan::AccessDenied do |exception|
|
21
|
+
flash[:error] = exception.message
|
22
|
+
redirect_to root_url
|
23
|
+
end
|
24
|
+
}
|
25
|
+
end if controller_file? :application
|
26
|
+
end
|
27
|
+
|
28
|
+
after :each do
|
29
|
+
remove_all_permits
|
30
|
+
end
|
31
|
+
|
32
|
+
describe "Configure Rails 3 app with Cream using default options" do
|
33
|
+
before do
|
34
|
+
puts "Running generator"
|
35
|
+
Dir.chdir Rails.root do
|
36
|
+
@generator = with_generator do |g|
|
37
|
+
arguments = "--strategy admin_flag --logfile #{LOGFILE}".args
|
38
|
+
puts "arguments: #{arguments}"
|
39
|
+
g.run_generator arguments
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end # before
|
43
|
+
|
44
|
+
it "should generate a Devise User with only a :guest role using :role_string strategy" do
|
45
|
+
@generator.should_not generate_model :user
|
46
|
+
@generator.should have_gems :devise, :cancan, :roles_active_record
|
47
|
+
end # it
|
48
|
+
end # desc
|
49
|
+
end # desc
|
50
|
+
|
51
|
+
|
@@ -0,0 +1,60 @@
|
|
1
|
+
require 'generator_spec_helper'
|
2
|
+
require_generator :cream => :config
|
3
|
+
|
4
|
+
LOGFILE = File.expand_path File.dirname(__FILE__) + '/../../config_generator-roles.log'
|
5
|
+
|
6
|
+
describe 'role strategy generator: admin_flag' do
|
7
|
+
use_helpers :model, :controller, :permit, :files, :file
|
8
|
+
|
9
|
+
before :each do
|
10
|
+
setup_generator 'config_generator' do
|
11
|
+
tests Cream::Generators::ConfigGenerator
|
12
|
+
end
|
13
|
+
remove_all_permits
|
14
|
+
remove_locale :cream
|
15
|
+
|
16
|
+
File.remove_from controller_file(:application) do
|
17
|
+
%{
|
18
|
+
rescue_from CanCan::AccessDenied do |exception|
|
19
|
+
flash[:error] = exception.message
|
20
|
+
redirect_to root_url
|
21
|
+
end
|
22
|
+
}
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
after :each do
|
27
|
+
remove_all_permits
|
28
|
+
end
|
29
|
+
|
30
|
+
describe "Configure Rails 3 app with Cream using init devise" do
|
31
|
+
before do
|
32
|
+
puts "Running generator"
|
33
|
+
Dir.chdir Rails.root do
|
34
|
+
@generator = with_generator do |g|
|
35
|
+
arguments = "--strategy role_string --init-devise --roles editor author --logfile #{LOGFILE}".args
|
36
|
+
puts "arguments: #{arguments}"
|
37
|
+
g.run_generator arguments
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end # before
|
41
|
+
|
42
|
+
it "should generate a Devise User with only a :guest role using :role_string strategy" do
|
43
|
+
|
44
|
+
# Devise User with Roles setup
|
45
|
+
@generator.should generate_model :user do |clazz|
|
46
|
+
clazz.should have_devise_options :defaults
|
47
|
+
clazz.should use_roles :generic
|
48
|
+
clazz.should include_module 'Roles::ActiveRecord'
|
49
|
+
clazz.should have_call :valid_roles_are, :args => ':admin, :guest, :editor, :author'
|
50
|
+
clazz.should have_call :role_strategy, :args => ":role_string"
|
51
|
+
end
|
52
|
+
|
53
|
+
# Gemfile
|
54
|
+
@generator.should have_gems :devise, :cancan, :roles_active_record
|
55
|
+
|
56
|
+
# Permissions
|
57
|
+
@generator.should generate_permits :admin, :guest, :editor, :author
|
58
|
+
end # it
|
59
|
+
end # desc
|
60
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
it "should generate Permits for Guest and Admin roles"
|
2
|
+
@generator.should generate_permits :guest, :admin
|
3
|
+
end
|
4
|
+
|
5
|
+
it "should generate Permits for Guest and Admin roles"
|
6
|
+
@generator.should generate_permits :guest, :admin
|
7
|
+
end
|
8
|
+
|
9
|
+
|
10
|
+
it "should inject permission exception handling into controller 'application_controller'"
|
11
|
+
@generator.should update_controller :application do |clazz|
|
12
|
+
clazz.should match /rescue_from CanCan::AccessDenied/
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should generate 'cream' locale file"
|
17
|
+
@generator.should generate_locale_file :cream
|
18
|
+
end
|
@@ -0,0 +1,30 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'Generator' do
|
4
|
+
with_generator do |g, c|
|
5
|
+
g.tests Cream::Generators::ViewsGenerator
|
6
|
+
c.setup
|
7
|
+
end
|
8
|
+
|
9
|
+
def check_generated_views folder=nil
|
10
|
+
with_generator do |g, check|
|
11
|
+
if folder
|
12
|
+
g.run_generator folder
|
13
|
+
else
|
14
|
+
g.run_generator
|
15
|
+
folder = 'menu'
|
16
|
+
end
|
17
|
+
check.view folder, '_admin_login_items.html.erb', %w{admin_block not_admin_block}
|
18
|
+
check.view folder, '_login_items.html.erb', %w{user_block not_user_block}
|
19
|
+
check.view folder, 'registration_items.html.erb', %w{user_block not_user_block}
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
it "should create views in default scope 'menu' " do
|
24
|
+
check_generated_views
|
25
|
+
end
|
26
|
+
|
27
|
+
it "should create views in explicit scope 'login' " do
|
28
|
+
check_generated_views 'login'
|
29
|
+
end
|
30
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
require 'rspec/core'
|
2
|
+
require 'rspec-action_view'
|
3
|
+
require 'generator-spec'
|
4
|
+
require 'cream'
|
5
|
+
|
6
|
+
RSpec::Generator.configure do |config|
|
7
|
+
config.debug = false
|
8
|
+
config.remove_temp_dir = false # true
|
9
|
+
config.default_rails_root(__FILE__)
|
10
|
+
config.lib = File.dirname(__FILE__) + '/../lib'
|
11
|
+
config.logger = :stdout
|
12
|
+
end
|
13
|
+
|
14
|
+
|
15
|
+
RSpec.configure do |config|
|
16
|
+
config.mock_with :mocha
|
17
|
+
end
|
18
|
+
|
@@ -0,0 +1,21 @@
|
|
1
|
+
The *config* generator generates a configuration initializer file for setting up `cream` to use a particular role strategy.
|
2
|
+
|
3
|
+
<pre>$ rails g cream:config --strategy NAME</pre>
|
4
|
+
|
5
|
+
NAME is the name of a role strategy.
|
6
|
+
|
7
|
+
Strategies with a single role for each user
|
8
|
+
* admin_field
|
9
|
+
* role_string
|
10
|
+
* one_role
|
11
|
+
|
12
|
+
Strategies with multiple roles for each user
|
13
|
+
* roles_mask
|
14
|
+
* many_roles
|
15
|
+
|
16
|
+
Currently role groups are not supported. Feel free to provide an add-on to support this or integrate with an existing 'role group' solution.
|
17
|
+
|
18
|
+
Example usage:
|
19
|
+
|
20
|
+
<pre>$ rails g cream:config --strategy admin_field</pre>
|
21
|
+
|
data/wiki/DESIGN.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
# Design and plans for the future...
|
2
|
+
|
3
|
+
1) Specs for generators
|
4
|
+
Currently there are a few generators. I have found some good examples of how to write generator tests (using test_unit) in the rails3-generators project.
|
5
|
+
I am porting this to RSpec 2 and will then write generator specs next.
|
6
|
+
|
7
|
+
2) New hook-in approach for controller and view methods
|
8
|
+
I will change how the methods are added to Rails controllers and views using a new approach I found and used in the Netzke project.
|
9
|
+
|
10
|
+
3) Create specs for the custom methods
|
11
|
+
4) Create cucumber features for various Role scenarios
|
12
|
+
5) Add Mongoid and Mongo Mapper ORM support
|
13
|
+
Mongoid currently supported by Devise, and Mongo Mapper will be supported after Rails 3 release I think (have heard?)
|
14
|
+
|
15
|
+
6) Add Data Mapper support
|
16
|
+
dm-devise project almost done by jm81 as per. July 9, 2010
|
17
|
+
|
18
|
+
7) Add support for Canable (jnunemaker), an even simpler permission system alternative to CanCan.
|
19
|
+
I already added generators and specs to this gem.
|
20
|
+
|
21
|
+
Feel free to suggest other improvements etc ;)
|
data/wiki/PERMITS.txt
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
Authorization is setup by designing permits for each can of role to do certain actions.
|
2
|
+
The config generator generates a default permits.rb file in /lib
|
3
|
+
|
4
|
+
Please see "cancan 1.3 wiki":http://wiki.github.com/ryanb/cancan/upgrading-to-13 for more options
|
5
|
+
you can use in designing your Permits. The 'owns' convenience method provided, now uses the new hash option so it
|
6
|
+
is also available in the controller using fx:
|
7
|
+
|
8
|
+
<pre>Book.accessible_by(current_ability)</pre>
|
9
|
+
|
10
|
+
The user can manage any Comment instance if 'user' field on instance points to the user, marking ownership
|
11
|
+
<pre>user.owns(Comment)</pre>
|
12
|
+
|
13
|
+
Override default 'user_id' field used by owns, to instead use 'author' as ownership key (foreign key) pointing to the user (user.id).
|
14
|
+
<pre>user.owns(Book, :author)</pre>
|
15
|
+
|
16
|
+
Example:
|
17
|
+
<pre>module RolePermit
|
18
|
+
class Moderator
|
19
|
+
def initialize(ability)
|
20
|
+
super
|
21
|
+
end
|
22
|
+
|
23
|
+
def permit?(user)
|
24
|
+
super
|
25
|
+
return if !user.role?(:moderator)
|
26
|
+
can :read, :all
|
27
|
+
|
28
|
+
user.owns(Comment)
|
29
|
+
user.owns(Book, :author)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end</pre>
|
@@ -0,0 +1,40 @@
|
|
1
|
+
*Auth assistant* supports single and multiple role strategies. Currently groups are not supported.
|
2
|
+
|
3
|
+
Note: Maybe roles support could be integrated in the future using an existing solution for roles and groups?
|
4
|
+
|
5
|
+
h2. Single role per user
|
6
|
+
|
7
|
+
* admin_field
|
8
|
+
* role_field (role : string in users table)
|
9
|
+
* role_assignment (role_id -> role.id)
|
10
|
+
|
11
|
+
h3. admin_field
|
12
|
+
Uses the field *admin : boolean* in the _users_ table
|
13
|
+
|
14
|
+
h3. role_field
|
15
|
+
Uses the field *role : string* in the _users_ table
|
16
|
+
|
17
|
+
h3. role_assignment
|
18
|
+
Uses the field *role_id :integer* in the _users_ table.
|
19
|
+
A _roles_ table has id and name fields, where name is the name of the role.
|
20
|
+
`users.role_id` points to `role.id` in a 1-M relation.
|
21
|
+
|
22
|
+
Many (M) users can have the same (1) role. Any user can however only have a single role.
|
23
|
+
|
24
|
+
h2. Multiple roles per user
|
25
|
+
* roles mask
|
26
|
+
* roles_field
|
27
|
+
* multi_role_assignment
|
28
|
+
|
29
|
+
h3. roles mask
|
30
|
+
Uses the field *role_masks : integer* in the _users_ table.
|
31
|
+
Each bit of the integer matches a given role.
|
32
|
+
|
33
|
+
h3. roles_field
|
34
|
+
Uses the field *roles : string* in the _users_ table.
|
35
|
+
Currently "experimental".
|
36
|
+
|
37
|
+
h3. multi_role_assignment
|
38
|
+
Uses the field *role_assignment_id : integer* in the _users_ table.
|
39
|
+
A _roles_ table has id and name fields, where name is the name of the role.
|
40
|
+
A _role_assignments_ table has _role_id_ and _user_id_ fields, linking the assignment to a user in the users table and a role in the roles table.
|