double_auth_engine 0.0.1

data/spec/dummy/public/javascripts/rails.js

@@ -0,0 +1,175 @@
+(function() {
+  // Technique from Juriy Zaytsev
+  // http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
+  function isEventSupported(eventName) {
+    var el = document.createElement('div');
+    eventName = 'on' + eventName;
+    var isSupported = (eventName in el);
+    if (!isSupported) {
+      el.setAttribute(eventName, 'return;');
+      isSupported = typeof el[eventName] == 'function';
+    }
+    el = null;
+    return isSupported;
+  }
+
+  function isForm(element) {
+    return Object.isElement(element) && element.nodeName.toUpperCase() == 'FORM'
+  }
+
+  function isInput(element) {
+    if (Object.isElement(element)) {
+      var name = element.nodeName.toUpperCase()
+      return name == 'INPUT' || name == 'SELECT' || name == 'TEXTAREA'
+    }
+    else return false
+  }
+
+  var submitBubbles = isEventSupported('submit'),
+      changeBubbles = isEventSupported('change')
+
+  if (!submitBubbles || !changeBubbles) {
+    // augment the Event.Handler class to observe custom events when needed
+    Event.Handler.prototype.initialize = Event.Handler.prototype.initialize.wrap(
+      function(init, element, eventName, selector, callback) {
+        init(element, eventName, selector, callback)
+        // is the handler being attached to an element that doesn't support this event?
+        if ( (!submitBubbles && this.eventName == 'submit' && !isForm(this.element)) ||
+             (!changeBubbles && this.eventName == 'change' && !isInput(this.element)) ) {
+          // "submit" => "emulated:submit"
+          this.eventName = 'emulated:' + this.eventName
+        }
+      }
+    )
+  }
+
+  if (!submitBubbles) {
+    // discover forms on the page by observing focus events which always bubble
+    document.on('focusin', 'form', function(focusEvent, form) {
+      // special handler for the real "submit" event (one-time operation)
+      if (!form.retrieve('emulated:submit')) {
+        form.on('submit', function(submitEvent) {
+          var emulated = form.fire('emulated:submit', submitEvent, true)
+          // if custom event received preventDefault, cancel the real one too
+          if (emulated.returnValue === false) submitEvent.preventDefault()
+        })
+        form.store('emulated:submit', true)
+      }
+    })
+  }
+
+  if (!changeBubbles) {
+    // discover form inputs on the page
+    document.on('focusin', 'input, select, texarea', function(focusEvent, input) {
+      // special handler for real "change" events
+      if (!input.retrieve('emulated:change')) {
+        input.on('change', function(changeEvent) {
+          input.fire('emulated:change', changeEvent, true)
+        })
+        input.store('emulated:change', true)
+      }
+    })
+  }
+
+  function handleRemote(element) {
+    var method, url, params;
+
+    var event = element.fire("ajax:before");
+    if (event.stopped) return false;
+
+    if (element.tagName.toLowerCase() === 'form') {
+      method = element.readAttribute('method') || 'post';
+      url    = element.readAttribute('action');
+      params = element.serialize();
+    } else {
+      method = element.readAttribute('data-method') || 'get';
+      url    = element.readAttribute('href');
+      params = {};
+    }
+
+    new Ajax.Request(url, {
+      method: method,
+      parameters: params,
+      evalScripts: true,
+
+      onComplete:    function(request) { element.fire("ajax:complete", request); },
+      onSuccess:     function(request) { element.fire("ajax:success",  request); },
+      onFailure:     function(request) { element.fire("ajax:failure",  request); }
+    });
+
+    element.fire("ajax:after");
+  }
+
+  function handleMethod(element) {
+    var method = element.readAttribute('data-method'),
+        url = element.readAttribute('href'),
+        csrf_param = $$('meta[name=csrf-param]')[0],
+        csrf_token = $$('meta[name=csrf-token]')[0];
+
+    var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
+    element.parentNode.insert(form);
+
+    if (method !== 'post') {
+      var field = new Element('input', { type: 'hidden', name: '_method', value: method });
+      form.insert(field);
+    }
+
+    if (csrf_param) {
+      var param = csrf_param.readAttribute('content'),
+          token = csrf_token.readAttribute('content'),
+          field = new Element('input', { type: 'hidden', name: param, value: token });
+      form.insert(field);
+    }
+
+    form.submit();
+  }
+
+
+  document.on("click", "*[data-confirm]", function(event, element) {
+    var message = element.readAttribute('data-confirm');
+    if (!confirm(message)) event.stop();
+  });
+
+  document.on("click", "a[data-remote]", function(event, element) {
+    if (event.stopped) return;
+    handleRemote(element);
+    event.stop();
+  });
+
+  document.on("click", "a[data-method]", function(event, element) {
+    if (event.stopped) return;
+    handleMethod(element);
+    event.stop();
+  });
+
+  document.on("submit", function(event) {
+    var element = event.findElement(),
+        message = element.readAttribute('data-confirm');
+    if (message && !confirm(message)) {
+      event.stop();
+      return false;
+    }
+
+    var inputs = element.select("input[type=submit][data-disable-with]");
+    inputs.each(function(input) {
+      input.disabled = true;
+      input.writeAttribute('data-original-value', input.value);
+      input.value = input.readAttribute('data-disable-with');
+    });
+
+    var element = event.findElement("form[data-remote]");
+    if (element) {
+      handleRemote(element);
+      event.stop();
+    }
+  });
+
+  document.on("ajax:after", "form", function(event, element) {
+    var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
+    inputs.each(function(input) {
+      input.value = input.readAttribute('data-original-value');
+      input.removeAttribute('data-original-value');
+      input.disabled = false;
+    });
+  });
+})();

data/spec/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/dummy/spec/authorizations/user_spec.rb

@@ -0,0 +1,104 @@
+require 'spec_helper'
+
+describe "User Authorizations" do
+  describe "a 'guest' role" do
+    before do
+      @user                      = User.create(:name => Faker::Name.name,
+                                               :password => 'testing',
+                                               :password_confirmation => "testing",
+                                               :email => Faker::Internet.email)
+      Authorization.current_user = @user
+    end
+
+    describe "should be allowed" do
+      it "to access the 'index' action" do
+        should_be_allowed_to(:index, :users)
+      end
+
+      it "to access the 'show' action" do
+        should_be_allowed_to(:show, :users)
+      end
+
+      it "to access the 'new' action" do
+        should_be_allowed_to(:new, :users)
+      end
+
+      it "to access the 'create' action" do
+        should_be_allowed_to(:create, :users)
+      end
+
+      it "to access the 'edit' action" do
+        should_be_allowed_to(:edit, @user)
+      end
+
+      it "to access the 'update' action" do
+        should_be_allowed_to(:update, @user)
+      end
+
+      it "to access the 'destroy' action" do
+        should_be_allowed_to(:destroy, @user)
+      end
+    end
+
+    describe "should not be allowed" do
+      before do
+        @alt_user = User.create(:name => Faker::Name.name,
+                                :password => 'testing',
+                                :password_confirmation => "testing",
+                                :email => Faker::Internet.email)
+      end
+      it "to access the 'edit' action for another user" do
+        should_not_be_allowed_to(:edit, @alt_user)
+      end
+
+      it "to access the 'update' action for another user" do
+        should_not_be_allowed_to(:update, @alt_user)
+      end
+
+      it "to access the 'destroy' action for another user" do
+        should_not_be_allowed_to(:update, @alt_user)
+      end
+    end
+  end
+
+  describe "an 'admin' role" do
+    before do
+      @user = User.create(:name => Faker::Name.name,
+                          :password => 'testing',
+                          :password_confirmation => "testing",
+                          :email => Faker::Internet.email)
+      @user.roles << Role.create(:name => 'admin')
+      Authorization.current_user = @user
+    end
+
+    describe "should be allowed" do
+      it "to access the 'index' action" do
+        should_be_allowed_to(:index, :users)
+      end
+
+      it "to access the 'show' action" do
+        should_be_allowed_to(:show, :users)
+      end
+
+      it "to access the 'new' action" do
+        should_be_allowed_to(:new, :users)
+      end
+
+      it "to access the 'create' action" do
+        should_be_allowed_to(:create, :users)
+      end
+
+      it "to access the 'edit' action" do
+        should_be_allowed_to(:edit, :users)
+      end
+
+      it "to access the 'update' action" do
+        should_be_allowed_to(:update, :users)
+      end
+
+      it "to access the 'destroy' action" do
+        should_be_allowed_to(:destroy, :users)
+      end
+    end
+  end
+end

data/spec/dummy/spec/controllers/user_sessions_controller_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe UserSessionsController do
+  def mock_user_session(stubs={})
+    @mock_user_session ||= mock(UserSession, stubs.update(:login_field => 'email')).as_null_object
+  end
+
+  describe "GET new" do
+    it "assigns a new user_session as @user_session" do
+      UserSession.stub(:new) { mock_user_session }
+      get :new
+      assigns(:user_session).should be(mock_user_session)
+    end
+  end
+
+  describe "POST create" do
+    describe "with valid params" do
+      it "redirects to the dashboard page" do
+        UserSession.stub(:new) { mock_user_session(:save => true) }
+        post :create, :user_session => {}
+        response.should redirect_to(root_url)
+      end
+    end
+
+    describe "with invalid params" do
+      it "re-renders the 'new' template" do
+        UserSession.stub(:new) { mock_user_session(:save => false) }
+        post :create, :user_session => {}
+        response.should render_template "user_sessions/new"
+      end
+    end
+  end
+
+  #Special case for session control to use GET /logout and not DELETE /logout
+  describe "GET destroy" do
+    it "destroys the requested user_session" do
+      UserSession.stub(:find) { mock_user_session }
+      mock_user_session.should_receive(:destroy)
+      get :destroy
+    end
+
+    it "redirects to the user_sessions list" do
+      UserSession.stub(:find) { mock_user_session }
+      get :destroy, :id => "1"
+      response.should redirect_to(root_url)
+    end
+  end
+end

data/spec/dummy/spec/controllers/users_controller_spec.rb

@@ -0,0 +1,125 @@
+require 'spec_helper'
+
+describe UsersController do
+  before do
+    login
+    controller.stub!(:filter_access_to).and_return(true)
+  end
+
+  describe "GET 'show'" do
+    before do
+      User.stub(:find).and_return(@user = stub_model(User))
+      get :show, :id => @user.id
+    end
+
+    it "should render the 'show' template" do
+      response.should render_template("show")
+    end
+
+    it "exposes the requested User as @user" do
+      assigns[:user].should == @user
+    end
+
+    it '@user object should not be a new record' do
+      assigns[:user].should_not be_new_record
+    end
+  end
+
+  describe "GET 'new'" do
+    it "should render the 'new' template" do
+      get :new
+      response.should render_template("new")
+    end
+  end
+
+  describe "POST 'create'" do
+    before :each do
+      @user = stub_model(User)
+      User.should_receive(:new).and_return(@user)
+    end
+
+    it 'should set a @user instance' do
+      @user.should_receive(:save).and_return(true)
+      post :create, :user => { }
+      assigns(:user).should_not be_nil
+    end
+
+    it 'should set flash on successful create' do
+      @user.should_receive(:save).and_return(true)
+      post :create, :user => { }
+      flash[:notice].should eq("User successfully created")
+    end
+
+    it "should render 'show' template on successful create" do
+      @user.should_receive(:save).and_return(true)
+      post :create, :user => { }
+      response.should redirect_to(user_url(@user))
+    end
+
+    it "should render 'new' action on unsuccessful update" do
+      @user.should_receive(:save).and_return(false)
+      post :create, :user => { }
+      response.should render_template("new")
+    end
+  end
+
+  describe "GET edit" do
+    before do
+      User.stub(:find).and_return(@user = stub_model(User))
+      get :edit, :id => @user.id
+    end
+
+    it "exposes the requested User as @user" do
+      assigns[:user].should == @user
+    end
+
+    it "renders the 'edit' template" do
+      response.should render_template("edit")
+    end
+
+    it '@user object should not be a new record' do
+      assigns[:user].should_not be_new_record
+    end
+  end
+
+  describe "POST update" do
+    before do
+      User.stub(:find).and_return(@user = stub_model(User))
+    end
+
+    it "should render 'show'" do
+      @user.stub!(:update_attributes).and_return(true)
+      put :update, :id => @user.id, :user => { }
+      response.should redirect_to(user_path(@user))
+    end
+
+    it "re-renders the 'edit' template" do
+      @user.stub!(:update_attributes).and_return(false)
+      put :update, :id => @user.id, :user => { }
+      response.should render_template("edit")
+    end
+
+    it "should set flash message on successful update" do
+      @user.stub!(:update_attributes).and_return(true)
+      put :update, :id => @user.id, :user => { }
+      flash[:notice].should eq("User successfully updated")
+    end
+  end
+
+  describe "GET 'index'" do
+    it "should render 'index' template" do
+      get :index
+      response.should render_template("index")
+    end
+
+    it "should return with a 200 status code" do
+      get :index
+      response.status.should == 200
+    end
+
+    it 'should assign @users' do
+      get :index
+      assigns[:users].should_not be_nil
+    end
+  end
+end

data/spec/dummy/spec/models/user_spec.rb

@@ -0,0 +1,65 @@
+require 'spec_helper'
+
+describe User do
+  before do
+    @valid_attributes = { :name => Faker::Name.name,
+                          :password => 'testing',
+                          :password_confirmation => "testing",
+                          :email => Faker::Internet.email }
+  end
+
+  context "validations" do
+    it "should not create a new object with without an email" do
+      user = User.new(@valid_attributes.update(:email => ""))
+      user.valid?.should be_false
+      user.errors[:email].include?("can't be blank").should be_true
+    end
+
+    it "should not create a new object with an email less than 6 characters" do
+      user = User.new(@valid_attributes.update(:email => "t@m.m"))
+      user.valid?.should be_false
+      user.errors[:email].include?("is too short (minimum is 6 characters)").should be_true
+    end
+
+    it "should not create a new object with an email that does not look like an email" do
+      user = User.new(@valid_attributes.update(:email => "testing"))
+      user.valid?.should be_false
+      user.errors[:email].include?("should look like an email address.").should be_true
+    end
+
+    it "should not create a new object without name" do
+      user = User.new(@valid_attributes.update(:name => ""))
+      user.valid?.should be_false
+      user.errors[:name].include?("can't be blank").should be_true
+    end
+
+#    it "should not create a new object without role" do
+#      user = User.new(@valid_attributes.update(:role => nil))
+#      user.valid?.should be_false
+#      user.errors[:role_id].include?("can't be blank").should be_true
+#    end
+
+    it "should not create a new object with a non-unique email address" do
+      User.create(@valid_attributes)
+      user = User.new(@valid_attributes)
+      user.valid?.should be_false
+      user.errors[:email].include?("has already been taken").should be_true
+    end
+  end
+
+  context "methods" do
+    describe "email=(value)" do
+      it "should downcase the email attribute" do
+        user = User.create(@valid_attributes.update(:email => "AdMiN@EXAMPLE.com"))
+        user.email.should == "admin@example.com"
+      end
+    end
+
+#    describe "role_symbols" do
+#      it "should return administrator for an administrator" do
+#        user = User.make(:administrator)
+#        user.role_symbols.should == [:administrator]
+#      end
+#    end
+  end
+end

data/spec/integration/navigation_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe "Navigation" do
+  include Capybara
+
+  it "should be a valid app" do
+    ::Rails.application.should be_a(Dummy::Application)
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,42 @@
+# Configure Rails Environment
+ENV["RAILS_ENV"] = "test"
+
+# Declarative Authorization
+AUTH_DSL_FILES = File.expand_path("../dummy/config/authorization_rules.rb", __FILE__)
+
+require File.expand_path("../dummy/config/environment.rb", __FILE__)
+require "rails/test_help"
+require "rspec/rails"
+require 'ffaker'
+
+# Authlogic
+require 'authlogic/test_case'
+include Authlogic::TestCase
+
+
+ActionMailer::Base.delivery_method = :test
+ActionMailer::Base.perform_deliveries         = true
+ActionMailer::Base.default_url_options[:host] = "test.com"
+
+Rails.backtrace_cleaner.remove_silencers!
+
+# Configure capybara for integration testing
+require "capybara/rails"
+Capybara.default_driver   = :rack_test
+Capybara.default_selector = :css
+
+# Run any available migration
+ActiveRecord::Migrator.migrate File.expand_path("../dummy/db/migrate/", __FILE__)
+
+# Load support files
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+
+RSpec.configure do |config|
+  # Remove this line if you don't want RSpec's should and should_not
+  # methods or matchers
+  require 'rspec/expectations'
+  config.include RSpec::Matchers
+
+  # == Mock Framework
+  config.mock_with :rspec
+end

data/spec/support/user_authentication.rb

@@ -0,0 +1,14 @@
+def login
+  activate_authlogic
+  @current_user = User.create({ :name => Faker::Name.name,
+                                :email => Faker::Internet.email,
+                                :password => 'testing',
+                                :password_confirmation => "testing" })
+  @current_user
+  @current_user.roles << Role.create(:name => 'admin')
+
+  UserSession.create!(@current_user)
+  controller.stub!(:current_user).and_return(@current_user)
+  ApplicationController.send(:public, :current_user)
+  view.stub!(:current_user).and_return(@current_user) if respond_to?(:view)
+end

data/spec/support/user_authorization.rb

@@ -0,0 +1,17 @@
+def should_be_allowed_to(privilege, object_or_context, object=nil)
+  options                                                       = {}
+  options[object_or_context.is_a?(Symbol) ? :context : :object] = object_or_context
+  options[:object] = object unless object.blank?
+  lambda {
+    Authorization::Engine.instance.permit! privilege, options
+  }.should_not raise_error
+end
+
+def should_not_be_allowed_to(privilege, object_or_context, object=nil)
+  options                                                       = {}
+  options[object_or_context.is_a?(Symbol) ? :context : :object] = object_or_context
+  options[:object] = object unless object.blank?
+  lambda { Authorization::Engine.instance.permit! privilege, options }.should raise_error() do |e|
+    Authorization::NotAuthorized.ancestors.include?(e)
+  end
+end