fassets_core 0.2.0

data/db/seeds.rb

@@ -0,0 +1,7 @@
+# This file should contain all the record creation needed to seed the database with its default values.
+# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
+#
+# Examples:
+#
+#   cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }])
+#   Mayor.create(:name => 'Daley', :city => cities.first)

data/lib/acts_as_asset.rb

@@ -0,0 +1,36 @@
+module ActiveRecord
+  module Acts
+    module Asset
+      def self.included(base)
+        base.extend(ClassMethods)  
+      end
+      module ClassMethods
+        def acts_as_asset
+          has_one :asset, :as => :content, :dependent => :destroy, :class_name => "Asset"
+          accepts_nested_attributes_for :asset
+          include ActiveRecord::Acts::Asset::InstanceMethods
+        end
+      end
+      module InstanceMethods
+        def name
+          asset.name
+        end
+        def class_underscore
+          self.class.to_s.underscore
+        end
+        def media_type
+          "generic"
+        end
+        def icon
+          "/images/#{media_type}.png"
+        end
+        protected
+          def put_on_tray
+            tray_positions.create(:user_id => self.user_id)
+          end
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.send(:include, ActiveRecord::Acts::Asset)

data/lib/authenticated_system.rb

@@ -0,0 +1,187 @@
+module AuthenticatedSystem
+  protected
+    # Returns true or false if the user is logged in.
+    # Preloads @current_user with the user model if they're logged in.
+    def logged_in?
+      !!current_user
+    end
+
+    # Accesses the current user from the session.
+    # Future calls avoid the database because nil is not equal to false.
+    def current_user
+      @current_user ||= (login_from_session || login_from_basic_auth || login_from_cookie) unless @current_user == false
+    end
+
+    # Store the given user id in the session.
+    def current_user=(new_user)
+      session[:user_id] = new_user ? new_user.id : nil
+      @current_user = new_user || false
+    end
+
+    # Check if the user is authorized
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorized?
+    #    current_user.login != "bob"
+    #  end
+    #
+    def authorized?(action=nil, resource=nil, *args)
+      user_signed_in??
+    end
+
+    # Filter method to enforce a login requirement.
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      authorized? || access_denied
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |format|
+        format.html do
+          store_location
+          redirect_to new_session_path
+        end
+        # format.any doesn't work in rails version < http://dev.rubyonrails.org/changeset/8987
+        # you may want to change format.any to e.g. format.any(:js, :xml)
+        format.any do
+          request_http_basic_authentication 'Web Password'
+        end
+      end
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location
+      session[:return_to] = request.request_uri
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.  Set an appropriately modified
+    #   after_filter :store_location, :only => [:index, :new, :show, :edit]
+    # for any controller you want to be bounce-backable.
+    def redirect_back_or_default(default)
+      redirect_to(session[:return_to] || default)
+      session[:return_to] = nil
+    end
+
+    # Inclusion hook to make #current_user and #logged_in?
+    # available as ActionView helper methods.
+    def self.included(base)
+      base.send :helper_method, :current_user, :user_signed_in?, :authorized? if base.respond_to? :helper_method
+    end
+
+    #
+    # Login
+    #
+
+    # Called from #current_user.  First attempt to login by the user id stored in the session.
+    def login_from_session
+      self.current_user = User.find_by_id(session[:user_id]) if session[:user_id]
+    end
+
+    # Called from #current_user.  Now, attempt to login by basic authentication information.
+    def login_from_basic_auth
+      authenticate_with_http_basic do |login, password|
+        self.current_user = User.authenticate(login, password)
+      end
+    end
+
+    #
+    # Logout
+    #
+
+    # Called from #current_user.  Finaly, attempt to login by an expiring token in the cookie.
+    # for the paranoid: we _should_ be storing user_token = hash(cookie_token, request IP)
+    def login_from_cookie
+      user = cookies[:auth_token] && User.find_by_remember_token(cookies[:auth_token])
+      if user && user.remember_token?
+        self.current_user = user
+        handle_remember_cookie! false # freshen cookie token (keeping date)
+        self.current_user
+      end
+    end
+
+    # This is ususally what you want; resetting the session willy-nilly wreaks
+    # havoc with forgery protection, and is only strictly necessary on login.
+    # However, **all session state variables should be unset here**.
+    def logout_keeping_session!
+      # Kill server-side auth cookie
+      @current_user.forget_me if @current_user.is_a? User
+      @current_user = false     # not logged in, and don't do it for me
+      kill_remember_cookie!     # Kill client-side auth cookie
+      session[:user_id] = nil   # keeps the session but kill our variable
+      # explicitly kill any other session variables you set
+    end
+
+    # The session should only be reset at the tail end of a form POST --
+    # otherwise the request forgery protection fails. It's only really necessary
+    # when you cross quarantine (logged-out to logged-in).
+    def logout_killing_session!
+      logout_keeping_session!
+      reset_session
+    end
+
+    #
+    # Remember_me Tokens
+    #
+    # Cookies shouldn't be allowed to persist past their freshness date,
+    # and they should be changed at each login
+
+    # Cookies shouldn't be allowed to persist past their freshness date,
+    # and they should be changed at each login
+
+    def valid_remember_cookie?
+      return nil unless @current_user
+      (@current_user.remember_token?) &&
+        (cookies[:auth_token] == @current_user.remember_token)
+    end
+
+    # Refresh the cookie auth token if it exists, create it otherwise
+    def handle_remember_cookie! new_cookie_flag
+      return unless @current_user
+      case
+      when valid_remember_cookie? then @current_user.refresh_token # keeping same expiry date
+      when new_cookie_flag        then @current_user.remember_me
+      else                             @current_user.forget_me
+      end
+      send_remember_cookie!
+    end
+
+    def kill_remember_cookie!
+      cookies.delete :auth_token
+    end
+
+    def send_remember_cookie!
+      cookies[:auth_token] = {
+        :value   => @current_user.remember_token,
+        :expires => @current_user.remember_token_expires_at }
+    end
+
+end

data/lib/authenticated_test_helper.rb

@@ -0,0 +1,20 @@
+module AuthenticatedTestHelper
+  # Sets the current user in the session from the user fixtures.
+  def login_as(user)
+    @request.session[:user_id] = user ? users(user).id : nil
+  end
+
+  def authorize_as(user)
+    @request.env["HTTP_AUTHORIZATION"] = user ? ActionController::HttpAuthentication::Basic.encode_credentials(users(user).login, 'monkey') : nil
+  end
+
+  # rspec
+  def mock_user
+    user = mock_model(User, :id => 1,
+      :login  => 'user_name',
+      :name   => 'U. Surname',
+      :to_xml => "User-in-XML", :to_json => "User-in-JSON",
+      :errors => [])
+    user
+  end
+end

data/lib/fassets_core.rb

@@ -0,0 +1,6 @@
+require "fassets_core/engine"
+require "fassets_core/plugins"
+require "fancybox-rails"
+
+module FassetsCore
+end

data/lib/fassets_core/engine.rb

@@ -0,0 +1,7 @@
+module FassetsCore
+  class Engine < Rails::Engine
+    initializer :assets do |config|
+      Rails.application.config.assets.precompile += %w( flowplayer.js form.js jquery.collapsiblePanel-0.2.0.js jquery.fileupload.js jquery.fileupload-ui.js jquery.iframe-transport.js jquery.tmpl.min.js jquery.ui.widget.js jquery.fileupload-ui.css jquery-ui-theme_base.css)
+    end
+  end
+end

data/lib/fassets_core/plugins.rb

@@ -0,0 +1,13 @@
+module FassetsCore
+  class Plugins
+    def self.register plugin
+      @@my_plugins << plugin
+    end
+
+    def self.all
+      @@my_plugins
+    end
+    private
+    @@my_plugins = []
+  end
+end

data/lib/fassets_core/test_helper.rb

@@ -0,0 +1,3 @@
+require "fassets_core/test_helper/every_assets_controller.rb"
+require "fassets_core/test_helper/every_authenticated_controller.rb"
+

data/lib/fassets_core/test_helper/every_assets_controller.rb

@@ -0,0 +1,161 @@
+require 'rspec' # needed for rcov
+
+shared_examples_for "Every AssetsController" do
+  include_examples "every authenticated controller"
+
+  describe "GET 'new'" do
+    it "should assign content" do
+      get 'new', additional_request_params
+      assigns(:content).class.should == @controller.content_model
+    end
+
+    it "should not assign all asset types" do
+      get 'new', additional_request_params
+      assigns(:asset_types).should be_nil
+    end
+
+    it "should not assign selected_type" do
+      get 'new', additional_request_params
+      assigns(:selected_type).should be_nil
+    end
+
+    context "HTML request" do
+      it "should be successful and render all partials" do
+        get 'new', additional_request_params
+        response.should be_success
+        response.should render_template("assets/new")
+      end
+    end
+  end
+
+  context "actions with assets" do
+    before(:each) do
+      setup_content
+    end
+
+    it "should render the edit template" do
+      get 'edit', additional_request_params.merge({ :id => asset.id })
+      response.should be_success
+      response.should render_template("assets/edit")
+    end
+
+    describe "GET 'show'" do
+      it "should assign content" do
+        get 'show', additional_request_params.merge({ :id => asset.id })
+        assigns(:content).should_not be_nil
+      end
+    end
+
+    describe "DELETE asset" do
+      it "should delete the asset and show a notice" do
+        delete "destroy", additional_request_params.merge({ :id => asset.id })
+        assigns(:content).should respond_to(:destroy).with(0).arguments
+        response.should redirect_to root_path
+        request.flash[:notice].should =~ /^Asset has been deleted!$/
+      end
+    end
+
+    describe "update asset" do
+      it "should show a 'successful' message on success" do
+        controller.stub!(:url_for) { "/asset" }
+        post 'update', additional_request_params.merge({ :id => asset.id })
+        assigns(:content).should_not be_nil
+        assigns(:content).should respond_to(:update_attributes).with(1).argument
+        request.flash[:notice].should =~ /^Succesfully updated asset!$/
+        response.should be_success
+      end
+
+      it "should throw an error when update fails" do
+        controller.instance_eval { @content.stub!(:update_attributes) { false } }
+        post 'update', additional_request_params.merge({ :id => asset.id })
+        assigns(:content).should respond_to(:update_attributes).with(1).argument
+        request.flash[:error].should =~ /^Could not update asset!$/
+        response.should render_template 'assets/edit'
+      end
+    end
+  end
+
+  context "actions without assets" do
+    it "should redirect to root with error message on error" do
+      get 'show', additional_request_params.merge({ :id => asset.id })
+      response.should redirect_to(root_path)
+      request.flash[:error].should =~ /not found$/
+    end
+
+    it "should delete the asset and show a notice" do
+      delete "destroy", additional_request_params.merge({ :id => asset.id })
+      response.should redirect_to(root_path)
+      request.flash[:error].should =~ /not found$/
+    end
+
+    describe "create asset" do
+      after(:each) do
+        assigns(:content).should_not be_nil
+        assigns(:content).asset.name.should eq("Test")
+      end
+
+      let(:meta_data) do
+        {"asset" => {"name" => "Test"},
+         "classification" => {}}
+      end
+
+      context "HTML request" do
+        it "should create a new asset" do
+          p = meta_data.merge(create_params)
+          controller.current_user.stub!(:tray_positions) { double(TrayPosition, :maximum => nil) }
+          post 'create', additional_request_params.merge(p)
+          content = assigns(:content)
+          content.errors.messages.should == {}
+          request.flash[:notice].should =~ /^Created new asset!$/
+          response.should redirect_to controller.url_for(content) + "/edit"
+        end
+
+        it "should fail when asset cannot be saved" do
+          p = meta_data
+          post 'create', additional_request_params.merge(p)
+          response.should render_template 'assets/new'
+        end
+      end
+
+      context "JS request" do
+        it "should create a new asset" do
+          p = meta_data.merge(create_params).merge({:format => :js})
+          post 'create', additional_request_params.merge(p)
+          content = assigns(:content)
+          content.errors.messages.should == {}
+          JSON.parse(response.body).class.should == Hash
+          JSON.parse(response.body)["status"].should == "ok"
+        end
+
+        it "should fail when asset cannot be saved" do
+          p = meta_data
+          post 'create', additional_request_params.merge(p).merge({:format => :js})
+          JSON.parse(response.body)["errors"].should_not be_nil
+        end
+      end
+    end
+  end
+end
+
+module FassetsCore::TestHelpers
+  def setup_content
+    my_a = asset
+    my_a.stub!(:destroy)
+    my_a.stub!(:update_attributes) { true }
+    my_a.stub!(:asset) { double(Asset, :update_attributes => true, :name => "Example Asset") }
+    controller.stub!(:find_content) { }
+    controller.instance_eval { @content = my_a }
+  end
+
+  def root_path
+    "/"
+  end
+
+  def additional_request_params
+    {}
+  end
+end
+
+RSpec.configure do |config|
+  config.include FassetsCore::TestHelpers, :type => :controller
+end