esp-auth 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/MIT-LICENSE +20 -0
- data/README.rdoc +28 -0
- data/Rakefile +28 -0
- data/app/assets/images/esp_auth/gh_icons.png +0 -0
- data/app/assets/images/esp_auth/inline_error_arrow.png +0 -0
- data/app/assets/images/esp_auth/wood.jpg +0 -0
- data/app/assets/javascripts/esp_auth/application.js +4 -0
- data/app/assets/javascripts/esp_auth/jquery.noisy.min.js +3 -0
- data/app/assets/javascripts/esp_auth/permissions.js +62 -0
- data/app/assets/stylesheets/esp_auth/application.css +11 -0
- data/app/assets/stylesheets/esp_auth/buttons.sass +300 -0
- data/app/assets/stylesheets/esp_auth/jquery_ui.sass +1493 -0
- data/app/assets/stylesheets/esp_auth/pagination.sass +19 -0
- data/app/assets/stylesheets/esp_auth/permissions.sass +150 -0
- data/app/assets/stylesheets/esp_auth/shared.sass +84 -0
- data/app/controllers/esp_auth/application_controller.rb +11 -0
- data/app/controllers/esp_auth/omniauth_callbacks_controller.rb +11 -0
- data/app/controllers/esp_auth/permissions_controller.rb +13 -0
- data/app/controllers/esp_auth/sessions_controller.rb +16 -0
- data/app/controllers/esp_auth/users_controller.rb +24 -0
- data/app/models/user_search.rb +13 -0
- data/app/views/esp_auth/permissions/new.html.erb +23 -0
- data/app/views/esp_auth/shared/_footer.html.erb +12 -0
- data/app/views/esp_auth/shared/_header.html.erb +24 -0
- data/app/views/esp_auth/users/index.html.erb +53 -0
- data/app/views/layouts/esp_auth/application.html.erb +18 -0
- data/config/initializers/devise.rb +223 -0
- data/config/locales/ru.yml +35 -0
- data/config/routes.rb +25 -0
- data/lib/esp-auth.rb +19 -0
- data/lib/esp_auth/engine.rb +41 -0
- data/lib/esp_auth/spec_helper.rb +68 -0
- data/lib/esp_auth/version.rb +3 -0
- data/lib/generators/esp_auth/install/install_generator.rb +49 -0
- data/lib/generators/esp_auth/install/templates/app/controllers/manage/application_controller.rb +3 -0
- data/lib/generators/esp_auth/install/templates/app/models/ability.rb +41 -0
- data/lib/generators/esp_auth/install/templates/app/models/context.rb +27 -0
- data/lib/generators/esp_auth/install/templates/app/models/permission.rb +69 -0
- data/lib/generators/esp_auth/install/templates/app/models/subcontext.rb +21 -0
- data/lib/generators/esp_auth/install/templates/app/models/user.rb +67 -0
- data/lib/generators/esp_auth/install/templates/config/locales/permissions_enum.ru.yml +6 -0
- data/lib/generators/esp_auth/install/templates/config/schedule.rb +5 -0
- data/lib/generators/esp_auth/install/templates/db/migrate/esp_auth_create_contexts.rb +12 -0
- data/lib/generators/esp_auth/install/templates/db/migrate/esp_auth_create_permissions.rb +11 -0
- data/lib/generators/esp_auth/install/templates/db/migrate/esp_auth_create_subcontexts.rb +9 -0
- data/lib/generators/esp_auth/install/templates/db/migrate/esp_auth_create_users.rb +29 -0
- data/lib/generators/esp_auth/install/templates/db/seeds.rb +4 -0
- data/lib/generators/esp_auth/install/templates/spec/models/ability_spec.rb +83 -0
- data/lib/omniauth/strategies/identity.rb +15 -0
- data/lib/tasks/sync.rake +17 -0
- metadata +453 -0
@@ -0,0 +1,67 @@
|
|
1
|
+
class User < ActiveRecord::Base
|
2
|
+
attr_accessible :name, :email, :nickname, :name, :first_name, :last_name, :location, :description, :image, :phone, :urls, :raw_info, :uid
|
3
|
+
|
4
|
+
validates_presence_of :uid
|
5
|
+
|
6
|
+
has_many :permissions
|
7
|
+
|
8
|
+
default_value_for :sign_in_count, 0
|
9
|
+
|
10
|
+
devise :omniauthable, :trackable, :timeoutable
|
11
|
+
|
12
|
+
searchable do
|
13
|
+
integer :uid
|
14
|
+
text :term do [name, email, nickname].join(' ') end
|
15
|
+
integer :permissions_count do permissions.count end
|
16
|
+
end
|
17
|
+
|
18
|
+
Permission.enums[:role].each do | role |
|
19
|
+
define_method "#{role}_of?" do |context|
|
20
|
+
permissions.for_role(role).for_context_and_ancestors(context).exists?
|
21
|
+
end
|
22
|
+
define_method "#{role}?" do
|
23
|
+
permissions.for_role(role).exists?
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
def contexts
|
28
|
+
permissions.map(&:context).uniq
|
29
|
+
end
|
30
|
+
|
31
|
+
def contexts_tree
|
32
|
+
contexts.flat_map{|c| c.respond_to?(:subtree) ? c.subtree : c}
|
33
|
+
.uniq
|
34
|
+
.flat_map{|c| c.respond_to?(:subcontexts) ? [c] + c.subcontexts : c }
|
35
|
+
.uniq
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
39
|
+
|
40
|
+
|
41
|
+
|
42
|
+
# == Schema Information
|
43
|
+
#
|
44
|
+
# Table name: users
|
45
|
+
#
|
46
|
+
# id :integer not null, primary key
|
47
|
+
# uid :string(255)
|
48
|
+
# name :text
|
49
|
+
# email :text
|
50
|
+
# nickname :text
|
51
|
+
# first_name :text
|
52
|
+
# last_name :text
|
53
|
+
# location :text
|
54
|
+
# description :text
|
55
|
+
# image :text
|
56
|
+
# phone :text
|
57
|
+
# urls :text
|
58
|
+
# raw_info :text
|
59
|
+
# sign_in_count :integer default(0)
|
60
|
+
# current_sign_in_at :datetime
|
61
|
+
# last_sign_in_at :datetime
|
62
|
+
# current_sign_in_ip :string(255)
|
63
|
+
# last_sign_in_ip :string(255)
|
64
|
+
# created_at :datetime not null
|
65
|
+
# updated_at :datetime not null
|
66
|
+
#
|
67
|
+
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class EspAuthCreatePermissions < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :permissions do |t|
|
4
|
+
t.references :user
|
5
|
+
t.references :context, :polymorphic => true
|
6
|
+
t.string :role
|
7
|
+
t.timestamps
|
8
|
+
end
|
9
|
+
add_index :permissions, [:user_id, :role, :context_id, :context_type], :name => 'by_user_and_role_and_context'
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
class EspAuthCreateUsers < ActiveRecord::Migration
|
2
|
+
def change
|
3
|
+
create_table :users do | t |
|
4
|
+
t.string :uid # omniauth[:uid]
|
5
|
+
t.text :name, # omniauth[:info]
|
6
|
+
:email,
|
7
|
+
:nickname,
|
8
|
+
:first_name,
|
9
|
+
:last_name,
|
10
|
+
:location,
|
11
|
+
:description,
|
12
|
+
:image,
|
13
|
+
:phone,
|
14
|
+
:urls
|
15
|
+
t.text :raw_info # omniauth[:extra]
|
16
|
+
|
17
|
+
# Trackable
|
18
|
+
t.integer :sign_in_count
|
19
|
+
t.datetime :current_sign_in_at
|
20
|
+
t.datetime :last_sign_in_at
|
21
|
+
t.string :current_sign_in_ip
|
22
|
+
t.string :last_sign_in_ip
|
23
|
+
|
24
|
+
t.timestamps
|
25
|
+
end
|
26
|
+
|
27
|
+
add_index :users, :uid
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,83 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
require 'spec_helper'
|
4
|
+
|
5
|
+
describe Ability do
|
6
|
+
context 'менеджер' do
|
7
|
+
context 'корневого контекста' do
|
8
|
+
subject { ability_for(manager_of(root)) }
|
9
|
+
|
10
|
+
context 'управление контекстами' do
|
11
|
+
it { should be_able_to(:manage, root) }
|
12
|
+
it { should be_able_to(:manage, child_1) }
|
13
|
+
it { should be_able_to(:manage, child_1_1) }
|
14
|
+
it { should be_able_to(:manage, child_2) }
|
15
|
+
end
|
16
|
+
|
17
|
+
context 'управление подконтекстами' do
|
18
|
+
it { should be_able_to(:manage, subcontext(root)) }
|
19
|
+
it { should be_able_to(:manage, subcontext(child_1)) }
|
20
|
+
it { should be_able_to(:manage, subcontext(child_1_1)) }
|
21
|
+
it { should be_able_to(:manage, subcontext(child_2)) }
|
22
|
+
end
|
23
|
+
|
24
|
+
context 'управление правами доступа' do
|
25
|
+
it { should be_able_to(:manage, another_manager_of(root).permissions.first) }
|
26
|
+
it { should be_able_to(:manage, another_manager_of(child_1).permissions.first) }
|
27
|
+
it { should be_able_to(:manage, another_manager_of(child_1_1).permissions.first) }
|
28
|
+
it { should be_able_to(:manage, another_manager_of(child_2).permissions.first) }
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
context 'вложенного контекста' do
|
33
|
+
subject { ability_for(manager_of(child_1)) }
|
34
|
+
|
35
|
+
context 'управление контекстами' do
|
36
|
+
it { should_not be_able_to(:manage, root) }
|
37
|
+
it { should be_able_to(:manage, child_1) }
|
38
|
+
it { should be_able_to(:manage, child_1_1) }
|
39
|
+
it { should_not be_able_to(:manage, child_2) }
|
40
|
+
end
|
41
|
+
|
42
|
+
context 'управление подконтекстами' do
|
43
|
+
it { should_not be_able_to(:manage, subcontext(root)) }
|
44
|
+
it { should be_able_to(:manage, subcontext(child_1)) }
|
45
|
+
it { should be_able_to(:manage, subcontext(child_1_1)) }
|
46
|
+
it { should_not be_able_to(:manage, subcontext(child_2)) }
|
47
|
+
end
|
48
|
+
|
49
|
+
context 'управление правами доступа' do
|
50
|
+
it { should_not be_able_to(:manage, another_manager_of(root).permissions.first) }
|
51
|
+
it { should be_able_to(:manage, another_manager_of(child_1).permissions.first) }
|
52
|
+
it { should be_able_to(:manage, another_manager_of(child_1_1).permissions.first) }
|
53
|
+
it { should_not be_able_to(:manage, another_manager_of(child_2).permissions.first) }
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
context 'подконтеста' do
|
58
|
+
subject { ability_for(manager_of(subcontext(child_1)))}
|
59
|
+
|
60
|
+
context 'управление контекстами' do
|
61
|
+
it { should_not be_able_to(:manage, root) }
|
62
|
+
it { should_not be_able_to(:manage, child_1) }
|
63
|
+
it { should_not be_able_to(:manage, child_1_1) }
|
64
|
+
it { should_not be_able_to(:manage, child_2) }
|
65
|
+
end
|
66
|
+
|
67
|
+
context 'управление подконтекстами' do
|
68
|
+
it { should_not be_able_to(:manage, another_subcontext(root)) }
|
69
|
+
it { should_not be_able_to(:manage, another_subcontext(child_1)) }
|
70
|
+
it { should_not be_able_to(:manage, another_subcontext(child_1_1)) }
|
71
|
+
it { should_not be_able_to(:manage, another_subcontext(child_2)) }
|
72
|
+
it { should be_able_to(:manage, subcontext(child_1)) }
|
73
|
+
end
|
74
|
+
|
75
|
+
context 'управление правами доступа' do
|
76
|
+
it { should_not be_able_to(:manage, another_manager_of(root).permissions.first) }
|
77
|
+
it { should_not be_able_to(:manage, another_manager_of(child_1).permissions.first) }
|
78
|
+
it { should_not be_able_to(:manage, another_manager_of(child_1_1).permissions.first) }
|
79
|
+
it { should_not be_able_to(:manage, another_manager_of(child_2).permissions.first) }
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require 'omniauth/strategies/oauth2'
|
2
|
+
|
3
|
+
module OmniAuth
|
4
|
+
module Strategies
|
5
|
+
class Identity < OmniAuth::Strategies::OAuth2
|
6
|
+
uid { raw_info['uid'] }
|
7
|
+
info { raw_info['info'] }
|
8
|
+
extra { {:raw_info => raw_info} }
|
9
|
+
|
10
|
+
def raw_info
|
11
|
+
@raw_info ||= access_token.get("/oauth/user.json?oauth_token=#{access_token.token}").parsed
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
data/lib/tasks/sync.rake
ADDED
@@ -0,0 +1,17 @@
|
|
1
|
+
require 'curb'
|
2
|
+
require 'progress_bar'
|
3
|
+
|
4
|
+
desc "Syncronize blue-pages tree"
|
5
|
+
|
6
|
+
namespace :esp_auth do
|
7
|
+
task :sync => :environment do
|
8
|
+
remotes = JSON.parse(Curl::Easy.http_get("#{Settings['blue-pages.url']}/categories/2.json?sync=true").body_str)
|
9
|
+
bar = ProgressBar.new(remotes.count)
|
10
|
+
remotes.each do | remote |
|
11
|
+
(Context.find_by_id(remote['id']) || Context.new).tap do | context |
|
12
|
+
context.update_attributes! remote
|
13
|
+
end
|
14
|
+
bar.increment!
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|