RubyGems - express_access - Versions diffs - 1.0.0.a - Mend

express_access 1.0.0.a

Files changed (123) hide show

checksums.yaml +7 -0
data/README.md +87 -0
data/Rakefile +34 -0
data/app/assets/javascripts/express_access/admin.js +1 -0
data/app/assets/stylesheets/express_access/admin.css +5 -0
data/app/assets/stylesheets/express_access/application.css +15 -0
data/app/assets/stylesheets/express_access/main.sass +3 -0
data/app/assets/stylesheets/express_access/sections/_role_dashboard.sass +29 -0
data/app/assets/stylesheets/express_access.css +4 -0
data/app/controllers/express_access/permissions_controller.rb +4 -0
data/app/controllers/express_access/roles_controller.rb +14 -0
data/app/controllers/express_access/routes_controller.rb +30 -0
data/app/controllers/express_access/users_controller.rb +21 -0
data/app/helpers/express_access/application_helper.rb +4 -0
data/app/helpers/express_access/permissions_helper.rb +4 -0
data/app/helpers/express_access/roles_helper.rb +4 -0
data/app/models/express_access/audit_log.rb +27 -0
data/app/models/express_access/permission.rb +130 -0
data/app/models/express_access/role.rb +75 -0
data/app/models/express_access/role_permission.rb +6 -0
data/app/models/express_access/user_permission.rb +7 -0
data/app/models/express_access/user_role.rb +7 -0
data/app/views/express_access/permissions/index.html.et +13 -0
data/app/views/express_access/permissions/show.html.et +33 -0
data/app/views/express_access/roles/index.html.et +9 -0
data/app/views/express_access/roles/show.html.et +68 -0
data/app/views/express_access/routes/index.html.et +20 -0
data/app/views/express_access/routes/show.html.et +46 -0
data/app/views/express_access/users/index.html.et +26 -0
data/app/views/express_access/users/show.html.et +55 -0
data/app/views/layouts/express_access/admin.html.et +1 -0
data/app/views/layouts/express_access/application.html.erb +14 -0
data/config/initializers/mount_engine.rb +3 -0
data/config/menu.yml +18 -0
data/config/routes.rb +6 -0
data/db/migrate/20141029223053_create_express_access_roles.rb +10 -0
data/db/migrate/20141029223158_create_express_access_permissions.rb +9 -0
data/db/migrate/20141029223233_create_express_access_role_permissions.rb +10 -0
data/db/migrate/20141029223250_create_express_access_user_permissions.rb +10 -0
data/db/migrate/20150528222337_create_express_access_user_roles.rb +9 -0
data/db/migrate/20150609124815_add_description_to_role.rb +5 -0
data/db/migrate/20150914023030_create_express_access_audit_logs.rb +15 -0
data/db/migrate/20150921063153_add_after_sign_in_path_to_role.rb +5 -0
data/lib/express_access/after_sign_in_filter.rb +7 -0
data/lib/express_access/authorization_filter.rb +39 -0
data/lib/express_access/engine.rb +12 -0
data/lib/express_access/route.rb +127 -0
data/lib/express_access/user.rb +79 -0
data/lib/express_access/version.rb +3 -0
data/lib/express_access.rb +51 -0
data/lib/generators/express_access/install/USAGE +8 -0
data/lib/generators/express_access/install/install_generator.rb +10 -0
data/lib/tasks/express_access_tasks.rake +4 -0
data/test/dummy/README.rdoc +28 -0
data/test/dummy/Rakefile +6 -0
data/test/dummy/app/assets/javascripts/application.js +13 -0
data/test/dummy/app/assets/stylesheets/application.css +15 -0
data/test/dummy/app/controllers/application_controller.rb +5 -0
data/test/dummy/app/controllers/posts_controller.rb +4 -0
data/test/dummy/app/helpers/application_helper.rb +2 -0
data/test/dummy/app/models/user.rb +9 -0
data/test/dummy/app/views/layouts/application.html.erb +14 -0
data/test/dummy/app/views/posts/index.html.erb +0 -0
data/test/dummy/bin/bundle +3 -0
data/test/dummy/bin/rails +4 -0
data/test/dummy/bin/rake +4 -0
data/test/dummy/config/application.rb +25 -0
data/test/dummy/config/boot.rb +5 -0
data/test/dummy/config/database.yml +25 -0
data/test/dummy/config/environment.rb +5 -0
data/test/dummy/config/environments/development.rb +37 -0
data/test/dummy/config/environments/production.rb +83 -0
data/test/dummy/config/environments/test.rb +41 -0
data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
data/test/dummy/config/initializers/cookies_serializer.rb +3 -0
data/test/dummy/config/initializers/devise.rb +259 -0
data/test/dummy/config/initializers/express_access.rb +1 -0
data/test/dummy/config/initializers/filter_parameter_logging.rb +4 -0
data/test/dummy/config/initializers/inflections.rb +16 -0
data/test/dummy/config/initializers/mime_types.rb +4 -0
data/test/dummy/config/initializers/session_store.rb +3 -0
data/test/dummy/config/initializers/wrap_parameters.rb +14 -0
data/test/dummy/config/locales/devise.en.yml +60 -0
data/test/dummy/config/locales/en.yml +23 -0
data/test/dummy/config/routes.rb +7 -0
data/test/dummy/config/secrets.yml +22 -0
data/test/dummy/config.ru +4 -0
data/test/dummy/db/migrate/20150525001419_devise_create_users.rb +42 -0
data/test/dummy/db/schema.rb +82 -0
data/test/dummy/public/404.html +67 -0
data/test/dummy/public/422.html +67 -0
data/test/dummy/public/500.html +66 -0
data/test/dummy/public/favicon.ico +0 -0
data/test/dummy/test/fixtures/express_access/permissions.yml +28 -0
data/test/dummy/test/fixtures/express_access/role_permissions.yml +21 -0
data/test/dummy/test/fixtures/express_access/roles.yml +27 -0
data/test/dummy/test/fixtures/express_access/user_permissions.yml +5 -0
data/test/dummy/test/fixtures/express_access/user_roles.yml +15 -0
data/test/dummy/test/fixtures/users.yml +19 -0
data/test/dummy/test/initializer_test.rb +8 -0
data/test/dummy/test/models/user_test.rb +7 -0
data/test/express_access_test.rb +7 -0
data/test/fixtures/express_access/audit_logs.yml +10 -0
data/test/fixtures/express_access/permissions.yml +28 -0
data/test/fixtures/express_access/role_permissions.yml +21 -0
data/test/fixtures/express_access/roles.yml +34 -0
data/test/fixtures/express_access/user_permissions.yml +5 -0
data/test/fixtures/express_access/user_roles.yml +19 -0
data/test/fixtures/users.yml +22 -0
data/test/helpers/express_access/permissions_helper_test.rb +6 -0
data/test/helpers/express_access/roles_helper_test.rb +6 -0
data/test/integration/navigation_test.rb +33 -0
data/test/lib/authorization_filter_test.rb +64 -0
data/test/lib/generators/express_access/install/install_generator_test.rb +16 -0
data/test/models/express_access/audit_log_test.rb +9 -0
data/test/models/express_access/permission_test.rb +50 -0
data/test/models/express_access/role_permission_test.rb +9 -0
data/test/models/express_access/role_test.rb +36 -0
data/test/models/express_access/user_permission_test.rb +9 -0
data/test/models/express_access/user_role_test.rb +9 -0
data/test/models/express_access/user_test.rb +77 -0
data/test/test_helper.rb +19 -0
metadata +375 -0

data/test/fixtures/express_access/roles.yml ADDED Viewed

@@ -0,0 +1,34 @@
+DEFAULTS: &DEFAULTS
+  created_at: <%= Time.now %>
+  updated_at: <%= Time.now %>
+author:
+  name: Author
+  parent:
+  description: An author -- someone who writes.
+  after_sign_in_path: "/posts"
+  <<: *DEFAULTS
+editor:
+  name: Editor
+  parent: author
+  description: Editor - someone who edits.
+  <<: *DEFAULTS
+publisher:
+  name: Publisher
+  parent: author
+  description: Publishers - someone who publishes.
+  <<: *DEFAULTS
+admin:
+  name: Admin
+  parent: publisher
+  description: Keys to the kingdom.
+  <<: *DEFAULTS
+expresser:
+  name: Expresser
+  parent:
+  description: Expresser - someone who manages an appexpress site
+  <<: *DEFAULTS

data/test/fixtures/express_access/user_permissions.yml ADDED Viewed

@@ -0,0 +1,5 @@
+# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html
+editor_specific:
+  user: editor
+  permission: user_specific_permission

data/test/fixtures/express_access/user_roles.yml ADDED Viewed

@@ -0,0 +1,19 @@
+admin_admin:
+  user: admin
+  role: admin
+author_author:
+  user: author
+  role: author
+editor_editor:
+  user: editor
+  role: editor
+publisher_publisher:
+  user: publisher
+  role: publisher
+expresser_expresser:
+  user: expresser
+  role: expresser

data/test/fixtures/users.yml ADDED Viewed

@@ -0,0 +1,22 @@
+admin:
+  email: admin@example.com
+  encrypted_password: "$2a$10$3HSyBlfJ2zY3GPxEe1MmC.N8MKsSNYxv/lQR5yEW/ZsCKEzEjU/Vm"
+author:
+  email: author@example.com
+  encrypted_password: "$2a$10$3HSyBlfJ2zY3GPxEe1MmC.N8MKsSNYxv/lQR5yEW/ZsCKEzEjU/Vm"
+editor:
+  email: editor@example.com
+  encrypted_password: "$2a$10$3HSyBlfJ2zY3GPxEe1MmC.N8MKsSNYxv/lQR5yEW/ZsCKEzEjU/Vm"
+publisher:
+  email: publisher@example.com
+  encrypted_password: "$2a$10$3HSyBlfJ2zY3GPxEe1MmC.N8MKsSNYxv/lQR5yEW/ZsCKEzEjU/Vm"
+nobody:
+  email: nobody@example.com
+  encrypted_password: "$2a$10$3HSyBlfJ2zY3GPxEe1MmC.N8MKsSNYxv/lQR5yEW/ZsCKEzEjU/Vm"
+expresser:
+  email: expresser@example.com

data/test/helpers/express_access/permissions_helper_test.rb ADDED Viewed

@@ -0,0 +1,6 @@
+require 'test_helper'
+module ExpressAccess
+  class PermissionsHelperTest < ActionView::TestCase
+  end
+end

data/test/helpers/express_access/roles_helper_test.rb ADDED Viewed

@@ -0,0 +1,6 @@
+require 'test_helper'
+module ExpressAccess
+  class RolesHelperTest < ActionView::TestCase
+  end
+end

data/test/integration/navigation_test.rb ADDED Viewed

@@ -0,0 +1,33 @@
+require 'test_helper'
+class NavigationTest < ActionDispatch::IntegrationTest
+  fixtures :all
+  test "redirect to login if not logged in" do
+    get '/posts'
+    assert_redirected_to new_user_session_path
+  end
+  test 'current user sees posts if they have permission' do
+    post_via_redirect user_session_path,
+                      "user[email]" => 'editor@example.com',
+                      "user[password]" => 'asdfasdf'
+    assert_equal "/", path
+    get '/posts'
+    assert_response :success
+  end
+  test "current user is redirected to the after_sign_in_path" do
+    post_via_redirect user_session_path,
+                      "user[email]" => "author@example.com",
+                      "user[password]" => "asdfasdf"
+    assert_equal "/posts", path
+  end
+  test "current user is redirected to the root_path if user's after_sign_in_path is nil" do
+    post_via_redirect user_session_path,
+                      "user[email]" => "editor@example.com",
+                      "user[password]" => "asdfasdf"
+    assert_equal "/", path
+  end
+end

data/test/lib/authorization_filter_test.rb ADDED Viewed

@@ -0,0 +1,64 @@
+require 'test_helper'
+module ExpressAccess
+  class AuthorizationFilterTest < ActiveSupport::TestCase
+    def setup
+      ExpressAccess.initialize_user!
+    end
+    def controller(controller, action, path, user)
+      OpenStruct.new( request: OpenStruct.new(
+          params: {
+            controller: controller,
+            action: action,
+            path: path
+          },
+          env: '123.123.123.123'
+        ),
+        current_user: user.nil? ? nil : users(user),
+        "access_authorization_failed!" => nil,
+        "authenticate_user!" => nil,
+      )
+    end
+    test 'if controller has current user and if current user has permission' do
+      assert_nil ExpressAccess::AuthorizationFilter.before(controller("posts", "edit", "posts/1/edit", :editor))
+    end
+    test 'if controller has current user and if current user has no permission' do
+      mock_obj = Minitest::Mock.new
+      mock_obj.expect(:call, nil)
+      c = controller("admin", "index", "admin", :editor)
+      c.stub(:access_authorization_failed!, mock_obj) do
+        ExpressAccess::AuthorizationFilter.before(c)
+      end
+      mock_obj.verify
+    end
+    test 'if controller has no current user and Devise is not defined' do
+      TempDevise = Devise
+      Object.send(:remove_const, :Devise)
+      assert_nil defined?(Devise)
+      mock_obj = Minitest::Mock.new
+      mock_obj.expect(:call, nil)
+      c = controller("admin", "index", "admin", :editor)
+      c.stub(:access_authorization_failed!, mock_obj) do
+        ExpressAccess::AuthorizationFilter.before(c)
+      end
+      mock_obj.verify
+      ::Devise = TempDevise
+      assert_equal 'constant', defined?(Devise)
+    end
+    test 'if controller has no current user and Devise is defined' do
+      assert_equal 'constant', defined?(Devise)
+      mock_obj = Minitest::Mock.new
+      mock_obj.expect(:call, nil)
+      c = controller("admin", "index", "admin", nil)
+      c.stub(:authenticate_user!, mock_obj) do
+        ExpressAccess::AuthorizationFilter.before(c)
+      end
+      mock_obj.verify
+    end
+  end
+end

data/test/lib/generators/express_access/install/install_generator_test.rb ADDED Viewed

@@ -0,0 +1,16 @@
+require 'test_helper'
+require 'generators/express_access/install/install_generator'
+module ExpressAccess
+  class ExpressAccess::InstallGeneratorTest < Rails::Generators::TestCase
+    tests ExpressAccess::InstallGenerator
+    destination Rails.root.join('tmp/generators')
+    setup :prepare_destination
+    # test "generator runs without errors" do
+    #   assert_nothing_raised do
+    #     run_generator ["arguments"]
+    #   end
+    # end
+  end
+end

data/test/models/express_access/audit_log_test.rb ADDED Viewed

@@ -0,0 +1,9 @@
+require 'test_helper'
+module ExpressAccess
+  class AuditLogTest < ActiveSupport::TestCase
+    # test "the truth" do
+    #   assert true
+    # end
+  end
+end

data/test/models/express_access/permission_test.rb ADDED Viewed

@@ -0,0 +1,50 @@
+require 'test_helper'
+module ExpressAccess
+  class PermissionTest < ActiveSupport::TestCase
+    test "Permission.[] looks up permissions" do
+      assert Permission[:admin]
+    end
+    # test '.for returns the most specific applicable permission'
+    def assert_permission(name, is_for: [])
+      named_args = {controller: is_for[0], action: is_for[1], path: is_for[2]}
+      assert_equal Permission[name].name, Permission.for(**named_args).try(:name)
+    end
+    test 'controller#action specific permissions have priority' do
+      assert_permission 'posts#edit', is_for:    ['posts', 'edit', '/admin/posts/123/edit']
+      assert_permission 'posts#edit', is_for:    ['posts', 'edit', '/posts/123/edit']
+      assert_permission 'posts#edit', is_for:    ['posts', 'edit', 'askdjfklasdfhjk']
+      assert_permission 'posts#publish', is_for: ['posts', 'publish', '/admin/posts/123/publish']
+    end
+    test 'resource permission overrides controller#action when path is longer' do
+      assert_permission '/posts/999', is_for: ['posts', 'publish', '/posts/999/publish']
+    end
+    test 'bare controller permission protects a controller regardless of path' do
+      assert_permission 'posts', is_for: ['posts', 'show', '/admin/posts/123']
+      assert_permission 'posts', is_for: ['posts', 'whatever', nil]
+      assert_permission 'posts', is_for: ['posts', 'index', '/']
+    end
+    test 'locked parent path locks sub paths' do
+      assert_permission '/accounting', is_for: ['invoices', 'index', '/accounting/invoices']
+      assert_permission '/accounting', is_for: ['invoices', 'create', '/accounting/invoices']
+    end
+    test 'sub path permission takes precedence over parent path permission' do
+      assert_permission '/accounting/gl', is_for: ['gl/entry', 'index', '/accounting/gl/entries']
+      assert_permission '/accounting/gl', is_for: ['gl/entry', 'create', '/accounting/gl/entries']
+    end
+    test ".for returns nil for requests that have no applicable permission" do
+      assert_nil Permission.for(controller: 'jhasdkfjgha', action: 'index', path: '/asdfkgnqe/')
+    end
+  end
+end

data/test/models/express_access/role_permission_test.rb ADDED Viewed

@@ -0,0 +1,9 @@
+require 'test_helper'
+module ExpressAccess
+  class RolePermissionTest < ActiveSupport::TestCase
+    # test "the truth" do
+    #   assert true
+    # end
+  end
+end

data/test/models/express_access/role_test.rb ADDED Viewed

@@ -0,0 +1,36 @@
+require 'test_helper'
+module ExpressAccess
+  class RoleTest < ActiveSupport::TestCase
+    test "there are 5 roles" do
+      assert_equal 5, Role.count
+    end
+    test "#expressers return users with role of expresser" do
+      assert_equal 1, Role.expressers.count
+    end
+    test "parent relationships are set properly" do
+      assert_equal Role[:author], Role[:editor].parent
+      assert_equal Role[:author], Role[:publisher].parent
+    end
+    test "top_level scope identifies roles without a parent" do
+      [Role[:expresser], Role[:author]].each do |role|
+        assert_includes Role.top_level, role
+      end
+    end
+    test "roles have permissions" do
+      assert_includes Role[:author].permissions, Permission[:posts]
+      assert_not_includes Role[:author].permissions, Permission[:posts_edit]
+      assert_includes Role[:editor].permissions, Permission[:"posts#edit"]
+    end
+    test "roles inherit permissions from parent roles" do
+      assert_includes Role[:editor].permissions, Permission[:posts]
+    end
+  end
+end

data/test/models/express_access/user_permission_test.rb ADDED Viewed

@@ -0,0 +1,9 @@
+require 'test_helper'
+module ExpressAccess
+  class UserPermissionTest < ActiveSupport::TestCase
+    # test "the truth" do
+    #   assert true
+    # end
+  end
+end

data/test/models/express_access/user_role_test.rb ADDED Viewed

@@ -0,0 +1,9 @@
+require 'test_helper'
+module ExpressAccess
+  class UserRoleTest < ActiveSupport::TestCase
+    # test "the truth" do
+    #   assert true
+    # end
+  end
+end

data/test/models/express_access/user_test.rb ADDED Viewed

@@ -0,0 +1,77 @@
+require 'test_helper'
+module ExpressAccess
+  class UserTest < ActiveSupport::TestCase
+    setup do
+      ExpressAccess.initialize_user!
+    end
+    test "ExpressAccess::User included in ::User" do
+      assert_includes ::User.ancestors, ExpressAccess::User
+    end
+    test "user has direct permissions" do
+      assert_includes users(:editor).direct_permissions, Permission[:something_special]
+    end
+    test "user permissions include direct_permissions" do
+      assert users(:editor).direct_permissions.to_set <= users(:editor).permissions
+    end
+    test "#may? is true if a user has that permission" do
+      assert users(:editor).may?(:something_special)
+      assert users(:editor).may_do?(:something_special)
+    end
+    test "user has roles" do
+      assert users(:editor).roles.includes(Role[:editor])
+    end
+    test "user has permissions through role" do
+      assert users(:editor).may_do?("posts#edit")
+    end
+    test "user permissions includes role and direct permissions" do
+      assert users(:editor).direct_permissions.to_set <= users(:editor).permissions
+      assert users(:editor).role_permissions.to_set <= users(:editor).permissions
+    end
+    test "user provides sexy method_missing dsl" do
+      assert users(:editor).may_edit?(:posts)
+    end
+    # that which is not forbidden is permitted
+    test "user may do something if no such permission exists" do
+      assert users(:editor).may_destroy?(:posts)
+    end
+    test "user may not do something if they do not have permission" do
+      assert_not users(:nobody).may_edit?(:posts)
+    end
+    test "user can be assigned direct_permissions" do
+      refute users(:author).may_do?(:something_special)
+      users(:author).direct_permission_ids = [Permission[:something_special].id]
+      assert users(:author).may_do?(:something_special)
+    end
+    test "#after_sign_in_path retrieves after_sign_in_path from roles" do
+      author = users(:author)
+      assert_equal "/posts", author.after_sign_in_path
+    end
+    test "#after_sign_in_path returns nil if any of the user's roles don't have #after_sign_in_path value" do
+      editor = users(:editor)
+      assert_nil editor.after_sign_in_path
+    end
+    test "#after_sign_in_path returns nil if user has no roles" do
+      nobody = users(:nobody)
+      assert_nil nobody.after_sign_in_path
+    end
+  end
+end

data/test/test_helper.rb ADDED Viewed

@@ -0,0 +1,19 @@
+# Configure Rails Environment
+ENV["RAILS_ENV"] = "test"
+require File.expand_path("../dummy/config/environment.rb",  __FILE__)
+require "rails/test_help"
+require 'minitest/rg'
+require 'minitest/mock'
+require 'pry'
+Rails.backtrace_cleaner.remove_silencers!
+# Load support files
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+if ActiveSupport::TestCase.respond_to?(:fixture_path=)
+  ActiveSupport::TestCase.fixture_path = File.expand_path("../fixtures", __FILE__)
+  ActiveSupport::TestCase.fixtures :all
+end