devisable 0.1.0

data/lib/generators/devisable/templates/cucumber/step_definitions/generic_steps.rb

@@ -0,0 +1,23 @@
+When(/^I sleep for ([^"]*) second[s]?$/) do |time|
+  sleep(time.to_i)
+end
+
+When(/^I output the page source$/) do
+  puts source
+end
+
+When(/^I fill in the following checkboxes with categories:$/) do |permissions_table|
+  permissions_table.hashes.each do |perm|
+    And %{I check "permission_#{perm['category']}_#{perm['permission']}"} 
+  end
+end
+
+When(/^I debug$/) do
+  # only works if you include the ruby-debug gem
+  debugger
+end
+
+Then /^I should see a span with the title "([^"]*)"$/ do |title|
+  page.should have_xpath("//span[@title='#{title}']")
+end
+

data/lib/generators/devisable/templates/cucumber/step_definitions/role_steps.rb

@@ -0,0 +1,32 @@
+Given /^there are no roles in the system$/ do
+  @roles = Role.all
+  @roles.each { |role| role.delete }
+end
+
+Given /^there is only the "([^"]*)" role in the system$/ do |role_name|
+  @roles = Role.all
+  @roles.each { |role| role.delete unless role.name == role_name }
+end
+
+
+Given /^the "([^"]*)" role has been added to the system$/ do |arg1|
+  r = Role.create(:name => arg1)
+  r.save
+end
+
+Given /^I have the default roles$/ do
+  Given "the \"SuperAdmin\" role has been added to the system"
+  Given "the \"Admin\" role has been added to the system"
+  Given "the \"GeneralUser\" role has been added to the system"
+end
+
+
+
+# step specificlly for deleting a unique feature
+# could theoretically also be used for any role and any controller action
+# but the code will get messy
+# the user steps has a similar function
+When /^I follow "Destroy" for "([^"]*)"$/ do |name|
+  id = Role.first(:conditions => {:name => name}).id
+  find(:xpath, "//table/tr/td/a[@href = '/roles/#{id}' and @data-method='delete']").click
+end

data/lib/generators/devisable/templates/cucumber/step_definitions/user_steps.rb

@@ -0,0 +1,30 @@
+Given /^there are no users in the system$/ do
+  @users = User.all
+  @users.each { |user| user.delete! }
+end
+
+When /^I delete the other user$/ do
+  id = User.last.id
+  find(:xpath, "//table/tr/td/a[@href='/users/#{id}' and @data-method='delete']").click
+  #find("table tr td a[@href = '/users/#{id}']").click
+end
+
+Given /^there are users in the system$/ do
+  @generated_user = User.create!(
+    :email => 'generated_user@cloudspace.com',
+    :password => 'password',
+    :password_confirmation => 'password'
+  )
+  @generated_user.save
+end
+
+
+Then /^I should have the role "([^"]*)"$/ do |role|
+  unless @current_user
+    @current_user = User.last
+  end
+  @current_user.role?(role)
+end
+
+
+

data/lib/generators/devisable/templates/cucumber/support/_env_partial.rb

@@ -0,0 +1,57 @@
+# IMPORTANT: This file is generated by cucumber-rails - edit at your own peril.
+# It is recommended to regenerate this file in the future when you upgrade to a 
+# newer version of cucumber-rails. Consider adding your own code to a new file 
+# instead of editing this one. Cucumber will automatically load all features/**/*.rb
+# files.
+
+ENV["RAILS_ENV"] ||= "test"
+require File.expand_path(File.dirname(__FILE__) + '/../../config/environment')
+
+require 'cucumber/formatter/unicode' # Remove this line if you don't want Cucumber Unicode support
+require 'cucumber/rails/world'
+require 'cucumber/rails/active_record'
+require 'cucumber/web/tableish'
+
+require 'capybara/rails'
+require 'capybara/cucumber'
+require 'capybara/session'
+#require 'cucumber/rails/capybara_javascript_emulation' # Lets you click links with onclick javascript handlers without using @culerity or @javascript
+# Capybara defaults to XPath selectors rather than Webrat's default of CSS3. In
+# order to ease the transition to Capybara we set the default here. If you'd
+# prefer to use XPath just remove this line and adjust any selectors in your
+# steps to use the XPath syntax.
+Capybara.default_selector = :css
+
+# If you set this to false, any error raised from within your app will bubble 
+# up to your step definition and out to cucumber unless you catch it somewhere
+# on the way. You can make Rails rescue errors and render error pages on a
+# per-scenario basis by tagging a scenario or feature with the @allow-rescue tag.
+#
+# If you set this to true, Rails will rescue all errors and render error
+# pages, more or less in the same way your application would behave in the
+# default production environment. It's not recommended to do this for all
+# of your scenarios, as this makes it hard to discover errors in your application.
+ActionController::Base.allow_rescue = false
+
+# If you set this to true, each scenario will run in a database transaction.
+# You can still turn off transactions on a per-scenario basis, simply tagging 
+# a feature or scenario with the @no-txn tag. If you are using Capybara,
+# tagging with @culerity or @javascript will also turn transactions off.
+#
+# If you set this to false, transactions will be off for all scenarios,
+# regardless of whether you use @no-txn or not.
+#
+# Beware that turning transactions off will leave data in your database 
+# after each scenario, which can lead to hard-to-debug failures in 
+# subsequent scenarios. If you do this, we recommend you create a Before
+# block that will explicitly put your database in a known state.
+Cucumber::Rails::World.use_transactional_fixtures = true
+# How to clean your database when transactions are turned off. See
+# http://github.com/bmabey/database_cleaner for more info.
+if defined?(ActiveRecord::Base)
+  begin
+    require 'database_cleaner'
+    DatabaseCleaner.strategy = :truncation
+  rescue LoadError => ignore_if_database_cleaner_not_present
+  end
+end

data/lib/generators/devisable/templates/cucumber/support/_paths_partial.rb

@@ -0,0 +1,20 @@
+when /the sign up page/
+  new_user_registration_path
+when /the sign in page/
+  new_user_session_path
+when /the sign out page/
+  #should be destory_user_session_path
+  '/users/sign_out'
+when /the forgot password page/
+  '/users/password/new'
+when /the forgot password submitted page/
+  '/users/password'
+when /the users page/
+  users_path
+when /the other user's edit page/
+  edit_user_path(User.last)
+when /that role's view page/
+  role_path(Role.last)
+when /that user's view page/
+  user_path(User.last)
+

data/lib/generators/devisable/templates/cucumber/user.feature

@@ -0,0 +1,45 @@
+Feature: Manage users
+
+  Scenario: Managing Users as a SuperAdmin
+    Given I am signed in as "user@cloudspace.com"
+    And I only have the role "SuperAdmin"
+    When I go to the users page
+    Then I should see "user@cloudspace.com"
+    And I should see "SuperAdmin"
+    And I should see "Edit"
+    And I should see "Delete"
+
+  Scenario: Managing Users as a GenericUser
+    Given I am signed in as "user@cloudspace.com"
+    And I only have the role "GeneralUser"
+    When I go to the users page
+    When I should be on the home page
+    And I should see "You are not authorized to access this page."
+
+  Scenario: Editing a User
+    Given I am signed in as "user@cloudspace.com"
+    And I have the role "SuperAdmin"
+    And there are users in the system
+    When I go to the other user's edit page
+    And I check "GeneralUser"
+    And I fill in "password" for "Password"
+    And I fill in "password" for "Password confirmation"
+    And I press "Submit"
+    Then I should be on that user's view page
+    And I should see "The account has been updated"
+
+  Scenario: Deleting a User
+    Given I am signed in as "user@cloudspace.com"
+    And I have the role "SuperAdmin"
+    And there are users in the system
+    And I am on the users page
+    When I delete the other user
+    Then I should be on the users page
+    And I should see "The account has been deleted"
+
+  Scenario: Deleting Self
+    Given I am signed in as "user@cloudspace.com"
+    And there is only the "SuperAdmin" role in the system
+    And I have the role "SuperAdmin"
+    And I am on the users page
+    Then I should see a span with the title "Can NOT delete the last SuperAdmin user"

data/lib/generators/devisable/templates/partials/_ability_class.rb

@@ -0,0 +1,53 @@
+# Model for storing cancan permissions
+class Ability
+  include CanCan::Ability
+  
+    # When a user is created, setup permissions based on the role and permission models
+    # If the user has the super admin role, give access to all actions on all controllers
+    #
+    # @param user Optionally pass the user.  A new user is created if no user is supplied
+    def initialize(user)
+    user ||= User.new # guest user
+    user.roles.each do |role|
+      role.permissions.each do |permission|
+        can permission.ability.downcase.to_sym, Object::const_get(permission.model)
+        if permission.ability.to_s == 'manage'
+          ['view','edit','delete','add'].each do |action|
+            can action.to_sym, Object::const_get(permission.model)
+          end
+        end
+      end
+    end
+
+    if user.role? :super_admin
+      can :manage, :all
+    end
+		#examples of some ways to have certain roles manage certain controllers
+		#please see the user views on how to check for the permissions
+		#if user.role? :super_admin
+		#  can :manage, :all
+		#elsif user.role? :product_admin
+		#  can [:read, :update, :create, :destroy], [Product, Asset, Issue]
+		#elsif user.role? :product_team
+		#  can :read, [Product, Asset]
+		#  # manage products, assets he owns
+		#  can :manage, Product do |product|
+		#  can :read, Product, :active => true, :user_id => user.id
+		#  can :read, Project, :category => { :visible => true }
+		#  can :read, Project, :priority => 1..3
+		#end
+		#can :manage, Asset do |asset|
+		#  asset.assetable.try(:owner) == user
+		#end
+		#end
+		##If you want to add a permissions scaffold to replace the roles_users
+		#def initialize(user)
+		#  can do |action, subject_class, subject|
+		#    user.permissions.find_all_by_action(action).any do |permission|
+		#      permission.subject_class == subject_class.to_s &&
+		#      (subject.nil? || permission.subject_id.nil? || permission.subject_id == subject.id)
+		#    end
+		#  end
+		#end
+  end
+end

data/lib/generators/devisable/templates/partials/_access_denied_flash.rb

@@ -0,0 +1,4 @@
+rescue_from CanCan::AccessDenied do |exception|
+  flash[:error] = exception.message
+  redirect_to root_url
+end

data/lib/generators/devisable/templates/partials/_accessible_permissions_controller.rb

@@ -0,0 +1,8 @@
+  # Get roles accessible by the current user #----------------------------------------------------
+  # Role.reflect_on_all_associations(:has_and_belongs_to_many).first.class_name
+  # => "User" 
+  #ruby-1.8.7-p302 > Role.reflect_on_all_associations(:has_many).first.class_name
+  def accessible_permissions
+    @accessible_permissions = Role.accessible_permissions
+  end
+end

data/lib/generators/devisable/templates/partials/_accessible_permissions_model.rb

@@ -0,0 +1,43 @@
+# Get roles accessible by the current user 
+# Usage:
+#   Role.reflect_on_all_associations(:has_and_belongs_to_many).first.class_name => "User" 
+#   Role.reflect_on_all_associations(:has_many).first.class_name
+# @return [Array] Array of permissions for the current user
+def self.accessible_permissions
+  @accessible_permissions = []
+  controllers = Dir.new("#{RAILS_ROOT}/app/controllers").entries
+  controllers = controllers.map { |controller|  controller.downcase.gsub("_controller.rb","").singularize if controller =~ /_controller/ }.compact
+  models = Dir.new("#{RAILS_ROOT}/app/models").entries
+  models.each do |model|
+    mod = model.downcase.gsub(".rb","")
+    if controllers.include?(mod)
+      @accessible_permissions <<  mod.camelize.pluralize
+    end
+  end
+  @accessible_permissions
+end
+
+  # Save permissions all permissions for a single role
+  # First deletes all permissions for the role, then loops through the input and saves new permissions
+  #
+  # @param role Role To reset permisisons on
+  # @param role_ids A list of permissions to apply to the role
+  def save_permissions(role_ids)
+    permissions.map{|perm|  perm.delete } unless permissions.nil?
+    unless role_ids.nil?
+      role_ids.each do |permission|  
+        p = Permission.new(JSON.parse(permission))
+        (p.class.reflect_on_all_associations(:has_many) & p.class.reflect_on_all_associations(:has_and_belongs_to_many)).each { |association|
+          permissions << Permission.new(
+            :role_id => id,
+            :controller => association.class_name.singularize,
+            :ability => p.ability
+          )
+        }
+        permissions << p
+      end
+    end
+  end
+  
+end
+

data/lib/generators/devisable/templates/partials/_application_controller_methods.erb

@@ -0,0 +1,3 @@
+def mailer_set_url_options
+  ActionMailer::Base.default_url_options[:host] = request.host_with_port
+end

data/lib/generators/devisable/templates/partials/_application_controller_methods2.erb

@@ -0,0 +1,11 @@
+  # Redirect user to root unless the return to attribute is set
+  # @param resource takes the model through which the sign in is occuring
+  def after_sign_in_path_for(resource)
+    (session[:"user.return_to"].nil?) ? "/" : session[:"user.return_to"].to_s
+  end
+
+  # When a user doesn't have permission to the page, redirect to root and display error message
+  rescue_from CanCan::AccessDenied do |exception|
+    flash[:notice] = exception.message
+    redirect_to root_url
+  end

data/lib/generators/devisable/templates/partials/_application_current_tab.rb

@@ -0,0 +1,8 @@
+# Determines whether the given controller is the current controller
+# 
+# @param Name of the controller to check against
+# @return [Boolean] True if the controller_name parameter matches the current controller nam
+def current_tab?(controller_name)
+  controller.controller_name == controller_name
+end
+

data/lib/generators/devisable/templates/partials/_application_flash.html.erb

@@ -0,0 +1,4 @@
+<%% flash.each do |index, message|  %>
+  <div id='flash_message' class='<%%= index.to_s %>'><%%= message %></div>
+<%% end  %>
+

data/lib/generators/devisable/templates/partials/_environments_development.erb

@@ -0,0 +1,10 @@
+TWITTER_CONSUMER_KEY = '<%= @twitter_key %>'
+TWITTER_CONSUMER_SECRET = '<%= @twitter_secret %>'
+
+
+FACEBOOK_CONSUMER_KEY = '<%= @facebook_key %>'
+FACEBOOK_CONSUMER_SECRET = '<%= @facebook_secret %>'
+FACEBOOK_CLIENT_ID = '<%= @facebook_client_id %>'
+
+
+BASE_URL = '<%= @url %>'

data/lib/generators/devisable/templates/partials/_login_links.erb

@@ -0,0 +1,18 @@
+<ul id='generated_login_links'>
+  <%% if !current_user %>
+  <% if @has_facebook_oauth %>
+    <li><%%= link_to('Login With Facebook', users_path(:warden_oauth2_provider => 'facebook')) %></li>
+  <% end %>
+  <% if @has_twitter_oauth %>
+    <li><%%= link_to('Login With Twitter', users_path(:warden_oauth_provider => 'twitter')) %></li>
+  <% end %>
+  <% if @has_standard_authentication %>
+    <li><%%= link_to('Login', user_session_path()) %></li>
+    <li><%%= link_to('Register', new_user_registration_path()) %></li>
+  <% end %>
+  <%% else %>
+    <li>Welcome <%%= current_user.display_name %></li>
+    <li><%%= link_to('Logout', destroy_user_session_path()) %></li>
+  <%% end %>
+</ul>
+<%%= render 'shared/admin_nav' %>

data/lib/generators/devisable/templates/partials/_migration_down.rb

@@ -0,0 +1,2 @@
+drop_table :roles_users
+execute "delete from roles"

data/lib/generators/devisable/templates/partials/_migration_up.rb

@@ -0,0 +1,7 @@
+create_table :roles_users, :id => false do |t|
+    t.references :role, :user
+end
+execute "insert into roles (name) values ('SuperAdmin')"
+execute "insert into roles (name) values ('Admin')"
+execute "insert into roles (name) values ('GeneralUser')"
+execute "insert into roles_users values ('1','1')"

data/lib/generators/devisable/templates/partials/_oauth_user_table_fields.erb

@@ -0,0 +1 @@
+      t.string "default_provider"

data/lib/generators/devisable/templates/partials/_permission_equals.rb

@@ -0,0 +1,8 @@
+# Equality check based on the role id, controller, and ability
+# 
+# @param another_permission The permission to compare against
+# @return [Boolean] True if the permissions match role id, controller and ability
+def ==(another_permission)
+  self.role_id == another_permission.role_id && self.model == another_permission.model && self.ability == another_permission.ability ? true : false
+end
+

data/lib/generators/devisable/templates/partials/_permission_manage.js

@@ -0,0 +1,18 @@
+document.observe("dom:loaded", function() {
+  $$('.permission_manage').each(function(pm) {
+    pm.observe('click', function(event) {  
+      use_permission_clicked(event.element())
+    });
+    use_permission_clicked(pm)
+  });
+
+  function use_permission_clicked(obj) {
+    var controller = obj.id.split('_')[1]
+    var disabled_val = obj.checked ? 'disabled' : false;
+    $('permission_' + controller + '_read').disabled = disabled_val;
+    $('permission_' + controller + '_create').disabled = disabled_val;
+    $('permission_' + controller + '_update').disabled = disabled_val;
+    $('permission_' + controller + '_destroy').disabled = disabled_val;
+  }
+});
+

data/lib/generators/devisable/templates/partials/_role_permission.rb

@@ -0,0 +1,72 @@
+# Creates checkboxes for a has and belongs to many relationship between ?
+#
+# @param obj An instance of a model with the specified field
+# @param column The attribute of the obj parameter used to determine if the assignment_object is assigned to the obj parameter
+# @param assignment_objects A list of objects with a habtm relationship with the obj parameter
+# @param assignment_object_display_column The field on the assignment_objects used to create the label for the checkboxes
+# @return [String] An html string of checkboxes for the relationship between the obj and assignment_objects
+def habtm_checkboxes(obj, column, assignment_objects, assignment_object_display_column)
+  obj_to_s = obj.class.to_s.split("::").last.underscore
+  field_name = "#{obj_to_s}[#{column}][]"
+
+  html = hidden_field_tag(field_name, "")
+  assignment_objects.each do |assignment_obj|
+    cbx_id = "#{obj_to_s}_#{column}_#{assignment_obj.id}"
+    html += check_box_tag field_name, assignment_obj.id, obj.send(column).include?(assignment_obj.id), :id => cbx_id
+    html += label_tag cbx_id, h(assignment_obj.send(assignment_object_display_column))
+    html += content_tag(:br)
+  end
+  html
+end
+
+# Creates permission checkboxes for each type of permission and permission category.
+# Permission types include manage, read, create, update, and destroy.  They are hardcoded in this method.
+#
+# @param obj An instance of the Role model or any model with a habtm relationship with Permission
+# @param column Not used
+# @param controllers A list of controllers that can have permissions applied to them
+# @param role_id Id that corresponds to an instance of the role model.  Should refer to the same object as the obj parameter.
+# @return [String] Html safe string of permissions checkboxes for each controller and action
+def permissions_checkboxes(obj, column, controllers, role_id)
+  perms =  obj.permissions
+  html = ""
+  abilities = ['manage','read','create','update','destroy']
+  html += content_tag(:table) do
+    html_table = ""
+    controllers.each do |controller|
+      controller.strip!
+      html_table += content_tag(:tr) do
+        html_tr = ""
+        html_tr += content_tag(:th, controller)
+        html_tr += content_tag(:th, "Use")
+        html_tr += content_tag(:th, "View")
+        html_tr += content_tag(:th, "Add")
+        html_tr += content_tag(:th, "Edit")
+        html_tr += content_tag(:th, "Delete")
+        html_tr.html_safe
+      end
+      html_table += content_tag(:tr) do 
+        html_tr = ""
+        html_tr += content_tag(:td," ")
+        abilities.each do |ability|
+          p = {
+            :role_id => role_id,
+            :model => controller.singularize,
+            :ability => ability
+          }
+
+          perm = Permission.new(p)
+          checked = perms.include?(perm)
+          #checked = false
+          html_tr += content_tag(:td) do
+            check_box_tag 'role_ids[]',p.to_json,checked, {:id => "permission_#{controller}_#{ability}", :class => "permission_#{ability}"}
+          end
+        end
+        html_tr.html_safe
+      end
+    end
+    html_table.html_safe
+  end
+  html.html_safe
+end
+