fine_print 0.1.1 → 1.0.0

data/lib/fine_print.rb~

@@ -1,68 +1,116 @@
-require "fine_print/engine"
-require "fine_print/fine_print_agreement"
+require 'fine_print/engine'
+require 'fine_print/security_transgression'
+require 'fine_print/controller_additions'
 
 module FinePrint
-  ASSET_FILES = %w(dialog.js)
-
   # Attributes
 
   # Can be set in initializer only
   ENGINE_OPTIONS = [
     :current_user_method,
     :user_admin_proc,
-    :redirect_path,
-    :sign_in_path
+    :user_signed_in_proc,
+    :pose_contracts_path,
+    :redirect_path
   ]
 
-  # Can be set in initializer or passed as an option to fine_print_agreement
-  AGREEMENT_OPTIONS = [
-    :agreement_notice,
-    :accept_path,
-    :cancel_path,
-    :use_referers,
-    :use_modal_dialogs
+  # Can be set in initializer or passed as an option to fine_print_get_signatures
+  SIGNATURE_OPTIONS = [
+    :pose_contracts_path
   ]
   
-  (ENGINE_OPTIONS + AGREEMENT_OPTIONS).each do |option|
+  (ENGINE_OPTIONS + SIGNATURE_OPTIONS).each do |option|
     mattr_accessor option
   end
-
-  ActiveSupport.on_load(:before_initialize) do
-    Rails.configuration.assets.precompile += ASSET_FILES
-  end
   
   def self.configure
     yield self
   end
 
-  def self.get_option(options, name)
-    (!options.nil? && !options[name].nil?) ? options[name] : self.send(name)
+  # Gets a contract given either the contract's object, ID or name
+  # If given a name, it returns the latest published version of that contract
+  #
+  def self.get_contract(reference)
+    ref = Integer(reference) rescue reference
+    case ref
+    when Contract
+      ref
+    when Integer
+      Contract.find(ref)
+    when String
+      Contract.where(:name => ref).published.first
+    end
+  end
+
+  # Returns an array of names for the contracts whose latest published
+  # version the given user has not signed.
+  #   - names -- an array of contract names
+  #   - user -- the user in question
+  #
+  def self.get_unsigned_contract_names(names, user)
+    raise_unless_signed_in(user)
+    return [] if names.blank?
+    names_array = names.is_a?(Array) ? names.collect{|name| name.to_s} : [names.to_s]
+
+    signed_contracts = Contract
+      .joins(:signatures)
+      .where({:name => names_array,
+              :fine_print_signatures => {:user_id => user.id,
+                              :user_type => user.class.name}}).latest
+    signed_contract_names = signed_contracts.collect{|c| c.name}
+
+    return names - signed_contract_names
   end
 
-  def self.require_agreements(controller, names, options)
-    user = controller.send current_user_method
-    fine_print_dialog_agreements = []
-    names.each do |name|
-      agreement = Agreement.latest_ready(name)
-      next if agreement.nil? || agreement.accepted_by?(user)
-      if get_option(options, :use_modal_dialogs)
-        fine_print_dialog_agreements << agreement
-      else
-        controller.session[:fine_print_accept_path] = options[:accept_path]
-        if get_option(options, :use_referers)
-          controller.session[:fine_print_request_url] = controller.request.url
-          controller.session[:fine_print_request_ref] = controller.request.referer
-        end
-        controller.redirect_to controller.fine_print.agreement_path(agreement),
-          :notice => get_option(options, :agreement_notice)
-      end
+  # Records that the given user has signed the given contract; the contract
+  # can be a Contract object, a contract ID, or a contract name (string)
+  #
+  def self.sign_contract(contract, user)
+    raise_unless_signed_in(user)
+    contract = get_contract(contract)
+    raise IllegalState, 'Contract not found' if contract.nil?
+
+    sig = Signature.create do |signature|
+      signature.user = user
+      signature.contract = contract
     end
-    controller.instance_variable_set(:@fine_print_dialog_agreements, fine_print_dialog_agreements)
-    controller.instance_variable_set(:@fine_print_user, user)
-    controller.instance_variable_set(:@fine_print_dialog_notice, get_option(options, :agreement_notice))
+  end
+
+  # Returns true iff the given user has signed the given contract; the contract
+  # can be a Contract object, a contract ID, or a contract name (string)
+  #
+  def self.signed_contract?(contract, user)
+    raise_unless_signed_in(user)
+    contract = get_contract(contract)
+
+    !contract.signatures.where(:user_id => user.id,
+                               :user_type => user.class.name).first.nil?
+  end
+
+  # Returns true iff the given user has signed any version of the given contract.
+  #   - contract -- can be a Contract object, its ID, or its name as a String or Symbol
+  def self.signed_any_contract_version?(contract, user)
+    raise_unless_signed_in(user)
+    contract = get_contract(contract)
+    !Signature.joins(:contract)
+              .where(:fine_print_contracts => {:name => contract.name},
+                     :user_type => user.class.name,
+                     :user_id => user.id).first.nil?
+  end
+
+  def self.is_signed_in?(user)
+    user_signed_in_proc.call(user)
   end
 
   def self.is_admin?(user)
-    !user.nil? && user_admin_proc.call(user)
+    is_signed_in?(user) && user_admin_proc.call(user)
+  end
+
+  def self.raise_unless_signed_in(user)
+    raise IllegalState, 'User not signed in' unless is_signed_in?(user)
+  end
+
+  def self.raise_unless_admin(user)
+    raise SecurityTransgression unless is_admin?(user)
   end
 end

data/lib/tasks/fine_print_tasks.rake

@@ -1,8 +1,11 @@
-COPY_TASKS = ['assets/stylesheets', 'assets/javascripts', 'views/layouts', 'views', 'controllers']
+FINE_PRINT_COPY_TASKS = ['assets/stylesheets',
+                         'views/layouts',
+                         'views',
+                         'controllers']
 
 namespace :fine_print do
   namespace :install do
-    desc "Copy initializers from fine_print to application"
+    desc 'Copy initializers from fine_print to application'
     task :initializers do
       Dir.glob(File.expand_path('../../../config/initializers/*.rb', __FILE__)) do |file|
         if File.exists?(File.expand_path(File.basename(file), 'config/initializers'))
@@ -16,7 +19,7 @@ namespace :fine_print do
   end
 
   namespace :copy do
-    COPY_TASKS.each do |path|
+    FINE_PRINT_COPY_TASKS.each do |path|
       name = File.basename(path)
       desc "Copy #{name} from fine_print to application"
       task name.to_sym do
@@ -26,15 +29,15 @@ namespace :fine_print do
     end
   end
   
-  desc "Copy migrations from fine_print to application"
+  desc 'Copy migrations from fine_print to application'
   task :install do
-    Rake::Task["fine_print:install:initializers"].invoke
-    Rake::Task["fine_print:install:migrations"].invoke
+    Rake::Task['fine_print:install:initializers'].invoke
+    Rake::Task['fine_print:install:migrations'].invoke
   end
   
-  desc "Copy assets, layouts, views and controllers from fine_print to application"
+  desc 'Copy assets, layouts, views and controllers from fine_print to application'
   task :copy do
-    COPY_TASKS.each do |path|
+    FINE_PRINT_COPY_TASKS.each do |path|
       Rake::Task["fine_print:copy:#{File.basename(path)}"].invoke
     end
   end

data/spec/controllers/contracts_controller_spec.rb

@@ -0,0 +1,222 @@
+require 'spec_helper'
+
+module FinePrint
+  describe ContractsController do
+    routes { FinePrint::Engine.routes }
+
+    before do
+      setup_controller_spec
+      @contract = FactoryGirl.create(:contract)
+      @contract.reload
+    end
+
+    it "won't get index unless authorized" do
+      get :index, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      
+      sign_in @user
+      get :index, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+    end
+    
+    it 'must get index if authorized' do
+      sign_in @admin
+      get :index, :use_route => :fine_print
+      assert_response :success
+    end
+    
+    it "won't get new unless authorized" do
+      get :new, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      
+      sign_in @user
+      get :new, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+    end
+    
+    it 'must get new if authorized' do
+      sign_in @admin
+      get :new, :use_route => :fine_print
+      assert_response :success
+    end
+    
+    it "won't create unless authorized" do
+      attributes = Hash.new
+      attributes[:name] = 'some_name'
+      attributes[:title] = 'Some title'
+      attributes[:content] = 'Some content'
+      
+      post :create, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(assigns(:contract)).to be_nil
+      
+      sign_in @user
+      post :create, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(assigns(:contract)).to be_nil
+    end
+    
+    it 'must create if authorized' do
+      sign_in @admin
+      attributes = Hash.new
+      attributes[:name] = 'some_name'
+      attributes[:title] = 'Some title'
+      attributes[:content] = 'Some content'
+      
+      post :create, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to assigns(:contract)
+      expect(assigns(:contract).errors).to be_empty
+      expect(assigns(:contract).name).to eq 'some_name'
+      expect(assigns(:contract).title).to eq 'Some title'
+      expect(assigns(:contract).content).to eq 'Some content'
+    end
+    
+    it "won't edit unless authorized" do
+      get :edit, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      
+      sign_in @user
+      get :edit, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+    end
+    
+    it 'must edit if authorized' do
+      sign_in @admin
+      get :edit, :id => @contract.id, :use_route => :fine_print
+      assert_response :success
+    end
+    
+    it "won't update unless authorized" do
+      attributes = Hash.new
+      attributes[:name] = 'some_name'
+      attributes[:title] = 'Some title'
+      attributes[:content] = 'Some content'
+      name = @contract.name
+      title = @contract.title
+      content = @contract.content
+      
+      put :update, :id => @contract.id, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      @contract.reload
+      expect(@contract.name).to eq name
+      expect(@contract.title).to eq title
+      expect(@contract.content).to eq content
+      
+      sign_in @user
+      put :update, :id => @contract.id, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      @contract.reload
+      expect(@contract.name).to eq name
+      expect(@contract.title).to eq title
+      expect(@contract.content).to eq content
+    end
+    
+    it 'must update if authorized' do
+      attributes = Hash.new
+      attributes[:name] = 'some_name'
+      attributes[:title] = 'Some title'
+      attributes[:content] = 'Some content'
+
+      sign_in @admin
+      put :update, :id => @contract.id, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to @contract
+      @contract.reload
+      expect(@contract.errors).to be_empty
+      expect(@contract.name).to eq 'some_name'
+      expect(@contract.title).to eq 'Some title'
+      expect(@contract.content).to eq 'Some content'
+    end
+
+    it "won't destroy unless authorized" do
+      delete :destroy, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(Contract.find(@contract.id)).to eq @contract
+      
+      sign_in @user
+      delete :destroy, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(Contract.find(@contract.id)).to eq @contract
+    end
+    
+    it 'must destroy if authorized' do
+      sign_in @admin
+      delete :destroy, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to contracts_path
+      expect(Contract.find_by_id(@contract.id)).to be_nil
+    end
+
+    it "won't publish unless authorized" do
+      expect(@contract.is_published?).to eq false
+      put :publish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      @contract.reload
+      expect(@contract.is_published?).to eq false
+      
+      sign_in @user
+      put :publish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      @contract.reload
+      expect(@contract.is_published?).to eq false
+    end
+    
+    it 'must publish if authorized' do
+      expect(@contract.is_published?).to eq false
+      sign_in @admin
+
+      put :publish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to contracts_path
+      @contract.reload
+      expect(@contract.is_published?).to eq true
+    end
+
+    it "won't unpublish unless authorized" do
+      @contract.publish
+      expect(@contract.is_published?).to eq true
+      put :unpublish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      @contract.reload
+      expect(@contract.is_published?).to eq true
+      
+      sign_in @user
+      put :unpublish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      @contract.reload
+      expect(@contract.is_published?).to eq true
+    end
+    
+    it 'must unpublish if authorized' do
+      @contract.publish
+      expect(@contract.is_published?).to eq true
+
+      sign_in @admin
+      put :unpublish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to contracts_path
+      @contract.reload
+      expect(@contract.is_published?).to eq false
+    end
+
+    it "won't new_version unless authorized" do
+      @contract.publish
+      expect(@contract.is_published?).to eq true
+      
+      put :new_version, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(assigns(:contract)).to be_nil
+      
+      sign_in @user
+      put :new_version, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(assigns(:contract)).to be_nil
+    end
+    
+    it 'must new_version if authorized' do
+      @contract.publish
+      expect(@contract.is_published?).to eq true
+
+      sign_in @admin
+      put :new_version, :id => @contract.id, :use_route => :fine_print
+      assert_response :success
+      expect(assigns(:contract)).not_to be_nil
+    end
+  end
+end

data/spec/controllers/contracts_controller_spec.rb~

@@ -0,0 +1,224 @@
+require 'spec_helper'
+
+module FinePrint
+  describe ContractsController do
+    routes { FinePrint::Engine.routes }
+
+    before do
+      setup_controller_spec
+      @contract = FactoryGirl.create(:contract)
+      @contract.reload
+    end
+
+    it "won't get index unless authorized" do
+      get :index, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      
+      sign_in @user
+      get :index, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+    end
+    
+    it 'must get index if authorized' do
+      sign_in @admin
+      get :index, :use_route => :fine_print
+      assert_response :success
+    end
+    
+    it "won't get new unless authorized" do
+      get :new, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      
+      sign_in @user
+      get :new, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+    end
+    
+    it 'must get new if authorized' do
+      sign_in @admin
+      get :new, :use_route => :fine_print
+      assert_response :success
+    end
+    
+    it "won't create unless authorized" do
+      attributes = Hash.new
+      attributes[:name] = 'some_name'
+      attributes[:title] = 'Some title'
+      attributes[:content] = 'Some content'
+      
+      post :create, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(assigns(:contract)).to be_nil
+      
+      sign_in @user
+      post :create, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(assigns(:contract)).to be_nil
+    end
+    
+    it 'must create if authorized' do
+      sign_in @admin
+      attributes = Hash.new
+      attributes[:name] = 'some_name'
+      attributes[:title] = 'Some title'
+      attributes[:content] = 'Some content'
+      
+      post :create, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to assigns(:contract)
+      expect(assigns(:contract).errors).to be_empty
+      expect(assigns(:contract).name).to eq 'some_name'
+      expect(assigns(:contract).title).to eq 'Some title'
+      expect(assigns(:contract).content).to eq 'Some content'
+    end
+    
+    it "won't edit unless authorized" do
+      get :edit, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      
+      sign_in @user
+      get :edit, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+    end
+    
+    it 'must edit if authorized' do
+      sign_in @admin
+      get :edit, :id => @contract.id, :use_route => :fine_print
+      assert_response :success
+    end
+    
+    it "won't update unless authorized" do
+      attributes = Hash.new
+      attributes[:name] = 'some_name'
+      attributes[:title] = 'Some title'
+      attributes[:content] = 'Some content'
+      name = @contract.name
+      title = @contract.title
+      content = @contract.content
+      
+      put :update, :id => @contract.id, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(@contract.errors).not_to be_empty
+      @contract.reload
+      expect(@contract.name).to eq name
+      expect(@contract.title).to eq title
+      expect(@contract.content).to eq content
+      
+      sign_in @user
+      put :update, :id => @contract.id, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(@contract.errors).not_to be_empty
+      @contract.reload
+      expect(@contract.name).to eq name
+      expect(@contract.title).to eq title
+      expect(@contract.content).to eq content
+    end
+    
+    it 'must update if authorized' do
+      attributes = Hash.new
+      attributes[:name] = 'some_name'
+      attributes[:title] = 'Some title'
+      attributes[:content] = 'Some content'
+
+      sign_in @admin
+      put :update, :id => @contract.id, :contract => attributes, :use_route => :fine_print
+      assert_redirected_to @contract
+      @contract.reload
+      expect(@contract.errors).to be_empty
+      expect(@contract.name).to eq 'some_name'
+      expect(@contract.title).to eq 'Some title'
+      expect(@contract.content).to eq 'Some content'
+    end
+
+    it "won't destroy unless authorized" do
+      delete :destroy, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(Contract.find(@contract.id)).to eq @contract
+      
+      sign_in @user
+      delete :destroy, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(Contract.find(@contract.id)).to eq @contract
+    end
+    
+    it 'must destroy if authorized' do
+      sign_in @admin
+      delete :destroy, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to contracts_path
+      expect(Contract.find_by_id(@contract.id)).to be_nil
+    end
+
+    it "won't publish unless authorized" do
+      expect(@contract.is_published?).to eq false
+      put :publish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      @contract.reload
+      expect(@contract.is_published?).to eq false
+      
+      sign_in @user
+      put :publish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      @contract.reload
+      expect(@contract.is_published?).to eq false
+    end
+    
+    it 'must publish if authorized' do
+      expect(@contract.is_published?).to eq false
+      sign_in @admin
+
+      put :publish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to contracts_path
+      @contract.reload
+      expect(@contract.is_published?).to eq true
+    end
+
+    it "won't unpublish unless authorized" do
+      @contract.publish
+      expect(@contract.is_published?).to eq true
+      put :unpublish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      @contract.reload
+      expect(@contract.is_published?).to eq true
+      
+      sign_in @user
+      put :unpublish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      @contract.reload
+      expect(@contract.is_published?).to eq true
+    end
+    
+    it 'must unpublish if authorized' do
+      @contract.publish
+      expect(@contract.is_published?).to eq true
+
+      sign_in @admin
+      put :unpublish, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to contracts_path
+      @contract.reload
+      expect(@contract.is_published?).to eq false
+    end
+
+    it "won't new_version unless authorized" do
+      @contract.publish
+      expect(@contract.is_published?).to eq true
+      
+      put :new_version, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(assigns(:contract)).to be_nil
+      
+      sign_in @user
+      put :new_version, :id => @contract.id, :use_route => :fine_print
+      assert_redirected_to FinePrint.redirect_path
+      expect(assigns(:contract)).to be_nil
+    end
+    
+    it 'must new_version if authorized' do
+      @contract.publish
+      expect(@contract.is_published?).to eq true
+
+      sign_in @admin
+      put :new_version, :id => @contract.id, :use_route => :fine_print
+      assert_response :success
+      expect(assigns(:contract)).not_to be_nil
+    end
+  end
+end

data/spec/controllers/home_controller_spec.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+module FinePrint
+  describe HomeController do
+    before do
+      setup_controller_spec
+    end
+
+    it "won't get index unless authorized" do
+      get :index, :use_route => :fine_print
+      assert_response :redirect
+      
+      sign_in @user
+      get :index, :use_route => :fine_print
+      assert_response :redirect
+    end
+    
+    it 'must get index if authorized' do
+      sign_in @user
+      @user.is_admin = true
+      get :index, :use_route => :fine_print
+      assert_response :success
+    end
+  end
+end

data/spec/controllers/home_controller_spec.rb~

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+module FinePrint
+  describe HomeController do
+    before do
+      setup_controller_spec
+    end
+
+    it 'wont get index unless authorized' do
+      get :index, :use_route => :fine_print
+      assert_response :redirect
+      
+      sign_in @user
+      get :index, :use_route => :fine_print
+      assert_response :redirect
+    end
+    
+    it 'must get index if authorized' do
+      sign_in @user
+      @user.is_admin = true
+      get :index, :use_route => :fine_print
+      assert_response :success
+    end
+  end
+end