esp-auth 1.3.7 → 1.4.0

data/app/assets/javascripts/esp_auth/permissions.js

@@ -30,7 +30,7 @@ $(function(){
   $('#permission_user_search').autocomplete({
     source: function( request, response ) {
       $.ajax({
-        url: '/auth/users/search?term='+$('#permission_user_search').val(),
+        url: '/esp-auth/users/search?term='+$('#permission_user_search').val(),
         dataType: "json",
         data: request.term,
         success: function(data) {

data/app/controllers/esp_auth/audits_controller.rb

@@ -1,7 +1,8 @@
 class EspAuth::AuditsController < ApplicationController
   inherit_resources
-  before_filter :authenticate_user!
-  before_filter :authorize_user_can_view_audits!
+  sso_authenticate_and_authorize
+
+  before_filter :authorize_manage_audits!
 
   defaults :resource_class => Audited::Adapters::ActiveRecord::Audit
 
@@ -10,11 +11,12 @@ class EspAuth::AuditsController < ApplicationController
   layout 'esp_auth/application'
 
   protected
-    def authorize_user_can_view_audits!
-      render :file => "#{Rails.root}/public/403", :formats => [:html], :status => 403, :layout => false unless can?(:manage, :audits)
-    end
 
-    def end_of_association_chain
-      apply_scopes(resource_class.unscoped.order('id desc')).per(20)
-    end
+  def authorize_manage_audits!
+    authorize!(:manage, :audits)
+  end
+
+  def end_of_association_chain
+    apply_scopes(resource_class.unscoped.order('id desc')).per(20)
+  end
 end

data/app/controllers/esp_auth/users_controller.rb

@@ -11,15 +11,16 @@ class EspAuth::UsersController < EspAuth::ApplicationController
   end
 
   protected
-    def collection
-      get_collection_ivar || set_collection_ivar(search_and_paginate_collection)
-    end
 
-    def search_and_paginate_collection
-      search_object = searcher_for(resource_instance_name)
-      search_object.permissions_count_gt = 1
-      search_object.pagination = {:page => params[:page], :per_page => 10}
-      search_object.order_by = 'uid' if search_object.term.blank?
-      search_object.results
-    end
+  def collection
+    get_collection_ivar || set_collection_ivar(search_and_paginate_collection)
+  end
+
+  def search_and_paginate_collection
+    search_object = searcher_for(resource_instance_name)
+    search_object.permissions_count_gt = 1
+    search_object.pagination = {:page => params[:page], :per_page => 10}
+    search_object.order_by = 'uid' if search_object.term.blank?
+    search_object.results
+  end
 end

data/app/models/user_search.rb

@@ -2,6 +2,8 @@ class UserSearch < Search
   column :order_by, :string
   column :term, :text
   column :permissions_count_gt, :integer
+
+  attr_accessible :term
 end
 
 # == Schema Information

data/app/views/esp_auth/permissions/new.html.erb

@@ -12,7 +12,7 @@
     <%= polymorphic_context_tree_for form %>
     <%= form.input :role, :as => :select, :collection => Permission.human_enums[:role].invert, :include_blank => t('commons.not_selected') %>
   <% end %>
-  <%= form.buttons :class => 'button-group' do %>
+  <%= form.actions :class => 'button-group' do %>
     <li><%= button_tag t('permissions.create'), :class => 'button icon approve' %></li>
     <li><%= link_to t('permissions.cancel'), esp_auth.users_path, :class => 'button icon arrowleft'  %></li>
   <% end %>

data/app/views/esp_auth/shared/_header.html.erb

@@ -20,7 +20,7 @@
       </div>
       <div class='auth'>
         <span class='current_user'><%= current_user %></span>
-        <%= link_to('Выход', esp_auth.destroy_user_session_path) %>
+        <%= link_to('Выход', '/sign_out') %>
       </div>
     <% else %>
       <div class='auth'>

data/app/views/esp_auth/users/index.html.erb

@@ -2,7 +2,7 @@
   <%= form.inputs do %>
     <%= form.input :term, :as => :string, :label => false %>
   <% end %>
-  <%= form.buttons do %>
+  <%= form.actions do %>
     <li><%= button_tag t('permissions.search'), :class => 'button icon search' %></li>
   <% end %>
 <% end %>

data/config/routes.rb

@@ -9,19 +9,10 @@ EspAuth::Engine.routes.draw do
 
   match '/users/search' => "users#search"
 
-  get 'sign_out' => 'sessions#destroy', :as => :destroy_user_session
-
   root :to => 'users#index'
 end
 
 Rails.application.routes.draw do
-  devise_for :users, :path => 'auth', controllers: {omniauth_callbacks:'esp_auth/omniauth_callbacks'}, :skip => [:sessions]
-
-  devise_scope :users do
-    get 'sign_in' => redirect('/auth/auth/identity'), :as => :new_user_session
-  end
-
-  mount EspAuth::Engine => '/auth'
-
+  mount EspAuth::Engine => '/esp-auth'
 end rescue NameError
 

data/lib/esp-auth.rb

@@ -13,6 +13,7 @@ require 'has_searcher'
 require 'inherited_resources'
 require 'kaminari'
 require 'sunspot_rails'
+require 'sso-auth'
 
 module EspAuth
 end

data/lib/esp_auth/engine.rb

@@ -1,42 +1,17 @@
 module EspAuth
-  class Engine < Rails::Engine
+  class Engine < ::Rails::Engine
     isolate_namespace EspAuth
 
-    config.after_initialize do
-      begin
-        Settings.resolve!
-      rescue => e
-        puts "WARNING! #{e.message}"
-      end
-    end
-
-    initializer "sso_client.devise", :before => 'devise.omniauth' do |app|
-      require File.expand_path("../../../lib/omniauth/strategies/identity", __FILE__)
-      Devise.setup do |config|
-        config.omniauth :identity, Settings['sso.key'], Settings['sso.secret'], :client_options => {:site => Settings['sso.url']}
-      end
-    end
-
     config.to_prepare do
       ActionController::Base.class_eval do
         helper_method :polymorphic_context_tree_for
 
-        def self.esp_load_and_authorize_resource
-          before_filter :authenticate_user!
-          before_filter :authorize_user_can_manage_application!
+        define_singleton_method :esp_load_and_authorize_resource do
           inherit_resources
-          load_and_authorize_resource
-          skip_load_and_authorize_resource :only => :index
-          rescue_from CanCan::AccessDenied do |exception|
-            render :file => "#{Rails.root}/public/403", :formats => [:html], :status => 403, :layout => false
-          end
+          sso_load_and_authorize_resource
         end
 
         protected
-          def authorize_user_can_manage_application!
-            authorize! :manage, :application
-          end
-
           def polymorphic_context_tree_for(form)
             form.input :polymorphic_context,  :as => :select,
                                               :collection => current_user.context_tree,
@@ -50,15 +25,10 @@ module EspAuth
       end
       ActiveRecord::Base.class_eval do
         def self.esp_auth_user
+          sso_auth_user
 
           attr_accessible :name, :email, :nickname, :name, :first_name, :last_name, :location, :description, :image, :phone, :urls, :raw_info, :uid
 
-          has_many :permissions
-
-          default_value_for :sign_in_count, 0
-
-          devise :omniauthable, :trackable, :timeoutable
-
           validates_presence_of :uid
 
           searchable do
@@ -67,11 +37,16 @@ module EspAuth
             integer :permissions_count do permissions.count end
           end
 
-          Permission.enums[:role].each do | role |
+          Permission.available_roles.each do | role |
+            undef_method "#{role}_of?", "#{role}?"
+
             define_method "#{role}_of?" do |context|
-              permissions.for_role(role).for_context_and_ancestors(context).exists?
+              puts ">>> in #{role}_of?(#{context.inspect}) <<<"
+              p permissions.for_role(role).for_context_and_ancestors(context).exists?
             end
+
             define_method "#{role}?" do
+              puts ">>> in #{role}? <<<"
               permissions.for_role(role).exists?
             end
           end
@@ -82,29 +57,30 @@ module EspAuth
 
           alias_method :have_roles?, :have_permissions?
 
+
           define_method :contexts do
             permissions.map(&:context).uniq
           end
 
           define_method :context_tree do
-            instance_variable_get(:@context_tree) || instance_variable_set(:@context_tree, contexts
-                                                                                          .flat_map{|c| c.respond_to?(:subtree) ? c.subtree : c}
-                                                                                          .uniq
-                                                                                          .flat_map{|c| c.respond_to?(:subcontexts) ? [c] + c.subcontexts : c }
-                                                                                          .uniq)
+            instance_variable_get(:@context_tree) ||
+              instance_variable_set(:@context_tree, contexts
+                                    .flat_map{|c| c.respond_to?(:subtree) ? c.subtree : c}
+                                    .uniq
+                                    .flat_map{|c| c.respond_to?(:subcontexts) ? [c] + c.subcontexts : c }
+                                    .uniq)
           end
 
           define_method :context_tree_of do | klass |
             context_tree.select{|node| node.is_a?(klass)}
           end
 
-          define_method :to_s do
-            email? ? "#{name} <#{email}>" : name
-          end
+          alias_method :to_s, :sso_auth_name
         end
 
         def self.esp_auth_permission
           attr_accessor :user_search, :user_uid, :user_name, :user_email, :polymorphic_context
+          attr_accessible :user_uid, :user_name, :user_email, :polymorphic_context, :role, :user_search
 
           belongs_to :context, :polymorphic => true
           belongs_to :user
@@ -143,6 +119,9 @@ module EspAuth
 
           has_enum :role
 
+          define_singleton_method :available_roles do
+            Permission.enums[:role]
+          end
 
           private
             delegate :index!, :to => :user, :prefix => true

data/lib/esp_auth/version.rb

@@ -1,3 +1,3 @@
 module EspAuth
-  VERSION = "1.3.7"
+  VERSION = "1.4.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: esp-auth
 version: !ruby/object:Gem::Version
-  version: 1.3.7
+  version: 1.4.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-10-26 00:00:00.000000000 Z
+date: 2012-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ancestry
@@ -192,17 +192,17 @@ dependencies:
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - <
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.0.90
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ! '>='
+    - - <
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.0.90
 - !ruby/object:Gem::Dependency
   name: inherited_resources
   requirement: !ruby/object:Gem::Requirement
@@ -299,6 +299,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: sso-auth
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: timecop
   requirement: !ruby/object:Gem::Requirement
@@ -561,9 +577,7 @@ files:
 - app/assets/stylesheets/esp_auth/shared.sass
 - app/controllers/esp_auth/application_controller.rb
 - app/controllers/esp_auth/audits_controller.rb
-- app/controllers/esp_auth/omniauth_callbacks_controller.rb
 - app/controllers/esp_auth/permissions_controller.rb
-- app/controllers/esp_auth/sessions_controller.rb
 - app/controllers/esp_auth/users_controller.rb
 - app/models/user_search.rb
 - app/views/esp_auth/audits/_audit.html.erb
@@ -613,7 +627,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2613979917991867064
+      hash: -4315500223838896339
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -622,7 +636,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2613979917991867064
+      hash: -4315500223838896339
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24

data/app/controllers/esp_auth/omniauth_callbacks_controller.rb

@@ -1,13 +0,0 @@
-# encoding: utf-8
-
-class EspAuth::OmniauthCallbacksController < Devise::OmniauthCallbacksController
-  def identity
-    user = User.find_or_initialize_by_uid(request.env['omniauth.auth']['uid']).tap do |user|
-      user.update_attributes request.env['omniauth.auth']['info']
-    end
-
-    flash[:notice] = I18n.t "devise.omniauth_callbacks.success", :kind => "системы аутентификации"
-    sign_in user, :event => :authentication
-    redirect_to stored_location_for(:user) || main_app.root_path
-  end
-end

data/app/controllers/esp_auth/sessions_controller.rb

@@ -1,16 +0,0 @@
-class EspAuth::SessionsController < ApplicationController
-  def destroy
-    reset_session
-    redirect_to "#{Settings['sso.url']}/users/sign_out?redirect_uri=#{CGI.escape(redirect_uri)}"
-  end
-
-  protected
-
-    def redirect_uri
-      URI.parse(request.url).tap do | uri |
-        uri.path = main_app.root_path
-        uri.query = nil
-      end.to_s
-    end
-
-end