fine_print 1.4.1 → 2.0.0

data/db/migrate/0_install_fine_print.rb

@@ -18,10 +18,9 @@ class InstallFinePrint < ActiveRecord::Migration
       t.timestamps
     end
 
-    add_index :fine_print_signatures, :contract_id
-    add_index :fine_print_signatures,
-              [:user_id, :user_type, :contract_id],
+    add_index :fine_print_signatures, [:user_id, :user_type, :contract_id],
               :name => 'index_fine_print_s_on_u_id_and_u_type_and_c_id',
               :unique => true
+    add_index :fine_print_signatures, :contract_id
   end
 end

data/lib/fine_print/controller_includes.rb

@@ -4,106 +4,80 @@ module FinePrint
       base.extend(ClassMethods)
     end
 
-    # For the following methods, names passed as Symbols are converted to Strings.
-
-    # Accepts an array of contract names
-    # Returns nil if the array is blank or the current user cannot sign contracts
-    # Otherwise, returns the contract names that the user hasn't signed yet
-    def fine_print_get_unsigned_contract_names(*contract_names)
-      # Convert names to an array of Strings
-      names = contract_names.flatten.collect{|n| n.to_s}
-
-      user = FinePrint.current_user_proc.call(self)
-      
-      # If the user isn't signed in, they can't sign a contract
-      # Since there may be some pages that both logged in and non-logged in users
-      # can visit, we just return quietly instead of raising an exception
-      return nil if names.blank? || !FinePrint.can_sign?(user)
-
-      # Ignore contracts that don't yet exist or aren't yet published (happens 
-      # when adding code that requires a new contract but before that contract 
-      # has been added and published)
-      FinePrint.get_unsigned_contract_names(user, names)
-               .reject{|name| FinePrint.get_contract(name).blank?}
-    end
-
-    # Accepts an array of unsigned contract names and an options hash
-    # Unless the array of unsigned contract names is blank or the request url is
-    # already the contract_redirect_path, it saves the current request path and
-    # redirects the user to the `contract_redirect_path`, with
-    # `contract_param_name` containing the unsigned contract names
-    def fine_print_redirect(*args)
+    # Accepts a user, an array of contract ids to be signed and an options hash
+    # Calls the sign_proc with the given parameters
+    def fine_print_sign(user, *args)
       options = args.last.is_a?(Hash) ? args.pop : {}
-      unsigned_contract_names = args.flatten
-      return if unsigned_contract_names.nil? ||\
-                unsigned_contract_names.all? { |n| n.blank? }
-
-      path = options[:contract_redirect_path] || FinePrint.contract_redirect_path
-      param_name = options[:contract_param_name] || FinePrint.contract_param_name
+      contract_ids = args.flatten.collect{|n| n.to_s}
 
-      # http://stackoverflow.com/a/6561953
-      redirect_path = path + (path.include?('?') ? '&' : '?') +\
-                      {param_name.to_sym => unsigned_contract_names}.to_query
+      blk = options[:must_sign_proc] || FinePrint.must_sign_proc
 
-      # Prevent redirect loop
-      return if view_context.current_page?(redirect_path)
-
-      # http://stackoverflow.com/a/2165727/1664216
-      session[:fine_print_return_to] = "#{request.protocol}#{request.host_with_port}#{request.fullpath}"
-      redirect_to redirect_path
+      # Use action_interceptor to save the current url
+      with_interceptor { instance_exec user, contract_ids, &blk }
     end
 
     # Accepts no arguments
-    # Redirects the user to the path saved by either
-    # `fine_print_get_signatures` or `fine_print_redirect`
+    # Redirects the user back to the url they were at before
+    # one of FinePrint's procs redirected them
     def fine_print_return
-      redirect_to session.delete(:fine_print_return_to) || root_path
+      redirect_back
     end
-    
+
     protected
 
-    def fine_print_skipped_contract_names
-      @fine_print_skipped_contract_names ||= []
+    def fine_print_skipped_contract_ids
+      @fine_print_skipped_contract_ids ||= []
     end
 
     module ClassMethods
+      # For the following methods, names passed as Symbols are converted to Strings.
+
       # Accepts an array of contract names and an options hash
       # Adds a before_filter to the current controller that will check if the
-      # current user has signed the given contracts and redirect them to
-      # `contract_redirect_path` if appropriate
-      # Options relevant to FinePrint are passed to fine_print_redirect, while
+      # current user has signed the given contracts and call the sign_proc if appropriate
+      # Options relevant to FinePrint are passed to fine_print_sign, while
       # other options are passed to the before_filter
-      def fine_print_get_signatures(*args)
+      def fine_print_require(*args)
         options = args.last.is_a?(Hash) ? args.pop : {}
 
-        filter_options = options.except(*FinePrint::CONTRACT_OPTIONS)
-        fine_print_options = options.slice(*FinePrint::CONTRACT_OPTIONS)
+        filter_options = options.except(*FinePrint::CONTROLLER_OPTIONS)
+        fine_print_options = options.slice(*FinePrint::CONTROLLER_OPTIONS)
 
         # Convert names to an array of Strings
-        contract_names = args.flatten.collect{|n| n.to_s}
+        contract_ids = FinePrint.contract_names_to_ids(args).flatten
 
         class_eval do
           before_filter(filter_options) do |controller|
-            controller.fine_print_redirect(
-              controller.fine_print_get_unsigned_contract_names(contract_names - controller.fine_print_skipped_contract_names),
-              fine_print_options)
+            skipped_contract_ids = controller.fine_print_skipped_contract_ids
+            unskipped_contract_ids = contract_ids - skipped_contract_ids
+
+            # Return quietly if all contracts skipped
+            next if unskipped_contract_ids.blank?
+
+            user = instance_exec &FinePrint.current_user_proc
+
+            unsigned_contract_ids = FinePrint.get_unsigned_contract_ids(
+                                      user, unskipped_contract_ids)
+
+            # Return quietly if no contracts left to sign
+            next if unsigned_contract_ids.blank?
+
+            controller.fine_print_sign(user, unsigned_contract_ids, fine_print_options)
           end
         end
       end
 
       # Accepts an array of contract names and an options hash
-      # Excludes the given contracts from the `fine_print_get_signatures` check for
-      # this controller and subclasses
+      # Excludes the given contracts from the `fine_print_require`
+      # check for this controller and subclasses
       # Options are passed to prepend_before_filter
-      def fine_print_skip_signatures(*args)
+      def fine_print_skip(*args)
         options = args.last.is_a?(Hash) ? args.pop : {}
 
-        # Convert all names to string
-        names = args.flatten.collect{|n| n.to_s}
-
         class_eval do
           prepend_before_filter(options) do |controller|
-            controller.fine_print_skipped_contract_names.push(*names)
+            contract_ids = FinePrint.contract_names_to_ids(args).flatten
+            controller.fine_print_skipped_contract_ids.push(*contract_ids)
           end
         end
       end

data/lib/fine_print/engine.rb

@@ -1,3 +1,6 @@
+require 'action_interceptor'
+require 'squeel'
+
 module FinePrint
   class Engine < ::Rails::Engine
     isolate_namespace FinePrint

data/lib/fine_print/version.rb

@@ -1,3 +1,3 @@
 module FinePrint
-  VERSION = '1.4.1'
+  VERSION = '2.0.0'
 end

data/lib/fine_print.rb

@@ -1,5 +1,4 @@
 require 'fine_print/engine'
-require 'fine_print/security_transgression'
 require 'fine_print/controller_includes'
 
 module FinePrint
@@ -8,18 +7,17 @@ module FinePrint
   # Can be set in initializer only
   ENGINE_OPTIONS = [
     :current_user_proc,
-    :user_admin_proc,
-    :user_can_sign_proc
+    :can_manage_proc,
+    :can_sign_proc
   ]
 
-  # Can be set in initializer or passed as an argument to either
-  # `fine_print_get_signatures` or `fine_print_redirect`
-  CONTRACT_OPTIONS = [
-    :contract_param_name,
-    :contract_redirect_path
+  # Can be set in initializer or passed as an argument
+  # to FinePrint controller methods
+  CONTROLLER_OPTIONS = [
+    :must_sign_proc
   ]
   
-  (ENGINE_OPTIONS + CONTRACT_OPTIONS).each do |option|
+  (ENGINE_OPTIONS + CONTROLLER_OPTIONS).each do |option|
     mattr_accessor option
   end
   
@@ -27,28 +25,23 @@ module FinePrint
     yield self
   end
 
-  # Gets a contract, given either the contract's object, ID or name
+  # Gets a contract, given either the contract object, ID or name
   # If given a name, it returns the latest published version of that contract
   #   - contract - can be a Contract object, its ID, or its name (String/Symbol)
   def self.get_contract(reference)
-    ref = Integer(reference) rescue reference
-    case ref
-    when Contract
-      ref
-    when Integer
-      Contract.find(ref)
-    when String, Symbol
-      Contract.where(:name => ref.to_s).published.first
-    end
+    return reference if reference.is_a? Contract
+    num = Integer(reference) rescue nil
+    return Contract.find(num) if num
+    contract = Contract.where(:name => reference.to_s).published.first
+    return contract if contract
+    raise ActiveRecord::RecordNotFound, "Couldn't find Contract with 'name'=#{reference.to_s}"
   end
 
   # Records that the given user has signed the given contract
   #   - user - the user in question
   #   - contract - can be a Contract object, its ID, or its name (String/Symbol)
   def self.sign_contract(user, contract)
-    raise_unless_can_sign(user)
     contract = get_contract(contract)
-    raise IllegalState, 'Contract not found' if contract.nil?
 
     Signature.create do |signature|
       signature.user = user
@@ -60,57 +53,55 @@ module FinePrint
   #   - user - the user in question
   #   - contract - can be a Contract object, its ID, or its name (String/Symbol)
   def self.signed_contract?(user, contract)
-    raise_unless_can_sign(user)
     contract = get_contract(contract)
 
-    !contract.signatures.where(:user_id => user.id,
-                               :user_type => user.class.name).first.nil?
+    contract.signatures.where(:user_id => user.id,
+                              :user_type => user.class.name).exists?
   end
 
   # Returns true iff the given user has signed any version of the given contract
   #   - user - the user in question
   #   - contract - can be a Contract object, its ID, or its name (String/Symbol)
-  def self.signed_any_contract_version?(user, contract)
-    raise_unless_can_sign(user)
+  def self.signed_any_version_of_contract?(user, contract)
     contract = get_contract(contract)
-    !Signature.joins(:contract)
-              .where(:fine_print_contracts => {:name => contract.name},
-                     :user_type => user.class.name,
-                     :user_id => user.id).first.nil?
-  end
 
-  # Returns an array of names for the contracts whose latest published
-  # version the given user has not signed.
-  #   - user - the user in question
-  #   - names - contract names to check
-  def self.get_unsigned_contract_names(user, *names)
-    raise_unless_can_sign(user)
-    names = names.flatten.collect{|name| name.to_s}
-    return [] if names.blank?
-
-    signed_contracts = Contract
-      .joins(:signatures)
-      .where({:name => names,
-              :fine_print_signatures => {:user_id => user.id,
-                                         :user_type => user.class.name}}).latest
-    signed_contract_names = signed_contracts.to_a.collect{|c| c.name}
-
-    return names - signed_contract_names
+    contract.same_name.includes(:signatures).any? do |c|
+      c.signatures.where(:user_id => user.id,
+                         :user_type => user.class.name).exists?
+    end
   end
 
-  def self.can_sign?(user)
-    user_can_sign_proc.call(user)
+  # Converts an array of contract names into an array containing
+  # the latest contract id for each given name.
+  def self.contract_names_to_ids(*contract_names)
+    names = contract_names.flatten
+    Contract.latest.where(:name => names).pluck(:id)
   end
 
-  def self.is_admin?(user)
-    !user.nil? && user_admin_proc.call(user)
+  # Returns an array of ids for the contracts among those given
+  # whose latest published version the user has signed.
+  #   - user - the user in question
+  #   - contract_ids - contract ids to check
+  # If no contract ids are provided, all latest contracts are checked
+  def self.get_signed_contract_ids(user, *contract_ids)
+    ids = contract_ids.flatten
+    ids = Contract.published.latest.pluck(:id) if ids.blank?
+
+    Signature.where(:user_id => user.id,
+                    :user_type => user.class.name,
+                    :contract_id => ids).pluck(:contract_id)
   end
 
-  def self.raise_unless_can_sign(user)
-    raise IllegalState, 'User cannot sign contracts' unless can_sign?(user)
-  end
+  # Returns an array of ids for the contracts among those given
+  # whose latest published version the user has not signed.
+  #   - user - the user in question
+  #   - contract_ids - contract ids to check
+  # If no contract ids are provided, all latest contracts are checked
+  def self.get_unsigned_contract_ids(user, *contract_ids)
+    ids = contract_ids.flatten
+    ids = Contract.published.latest.pluck(:id) if ids.blank?
 
-  def self.raise_unless_admin(user)
-    raise SecurityTransgression unless is_admin?(user)
+    ids - get_signed_contract_ids(user, ids)
   end
+
 end

data/spec/controllers/contracts_controller_spec.rb

@@ -1,43 +1,43 @@
 require 'spec_helper'
 
 module FinePrint
-  describe ContractsController do
+  describe ContractsController, :type => :controller do
     routes { FinePrint::Engine.routes }
 
-    before do
+    before(:each) do
       setup_controller_spec
-      @contract = FactoryGirl.create(:contract)
-      @contract.reload
     end
 
+    let!(:contract) { FactoryGirl.create(:contract) }
+
     it "won't get index unless authorized" do
       expect { get :index, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
+             .to raise_error(ActionController::RoutingError)
       
       sign_in @user
       expect { get :index, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
+             .to raise_error(ActionController::RoutingError)
     end
     
     it 'must get index if authorized' do
       sign_in @admin
       get :index, :use_route => :fine_print
-      assert_response :success
+      expect(response.status).to eq 200
     end
     
     it "won't get new unless authorized" do
       expect { get :new, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
+             .to raise_error(ActionController::RoutingError)
       
       sign_in @user
       expect { get :new, :use_route => :fine_print }
-      .to raise_error(FinePrint::SecurityTransgression)
+      .to raise_error(ActionController::RoutingError)
     end
     
     it 'must get new if authorized' do
       sign_in @admin
       get :new, :use_route => :fine_print
-      assert_response :success
+      expect(response.status).to eq 200
     end
     
     it "won't create unless authorized" do
@@ -47,12 +47,12 @@ module FinePrint
       attributes[:content] = 'Some content'
       
       expect { post :create, :contract => :attributes, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
+             .to raise_error(ActionController::RoutingError)
       expect(assigns(:contract)).to be_nil
       
       sign_in @user
       expect { post :create, :contract => :attributes, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
+             .to raise_error(ActionController::RoutingError)
       expect(assigns(:contract)).to be_nil
     end
     
@@ -64,7 +64,7 @@ module FinePrint
       attributes[:content] = 'Some content'
       
       post :create, :contract => attributes, :use_route => :fine_print
-      assert_redirected_to assigns(:contract)
+      expect(response).to redirect_to assigns(:contract)
       expect(assigns(:contract).errors).to be_empty
       expect(assigns(:contract).name).to eq 'some_name'
       expect(assigns(:contract).title).to eq 'Some title'
@@ -72,152 +72,152 @@ module FinePrint
     end
     
     it "won't edit unless authorized" do
-      expect { get :edit, :id => @contract.id, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
+      expect { get :edit, :id => contract.id, :use_route => :fine_print }
+             .to raise_error(ActionController::RoutingError)
       
       sign_in @user
-      expect { get :edit, :id => @contract.id, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
+      expect { get :edit, :id => contract.id, :use_route => :fine_print }
+             .to raise_error(ActionController::RoutingError)
     end
     
     it 'must edit if authorized' do
       sign_in @admin
-      get :edit, :id => @contract.id, :use_route => :fine_print
-      assert_response :success
+      get :edit, :id => contract.id, :use_route => :fine_print
+      expect(response.status).to eq 200
     end
     
     it "won't update unless authorized" do
       attributes = Hash.new
-      attributes[:name] = 'some_name'
-      attributes[:title] = 'Some title'
-      attributes[:content] = 'Some content'
-      name = @contract.name
-      title = @contract.title
-      content = @contract.content
+      attributes[:name] = 'another_name'
+      attributes[:title] = 'Another title'
+      attributes[:content] = 'Another content'
+      name = contract.name
+      title = contract.title
+      content = contract.content
       
-      expect { post :update, :id => @contract.id,
+      expect { post :update, :id => contract.id,
                     :contract => attributes, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
-      @contract.reload
-      expect(@contract.name).to eq name
-      expect(@contract.title).to eq title
-      expect(@contract.content).to eq content
+             .to raise_error(ActionController::RoutingError)
+      contract.reload
+      expect(contract.name).to eq name
+      expect(contract.title).to eq title
+      expect(contract.content).to eq content
       
       sign_in @user
-      expect { post :update, :id => @contract.id,
+      expect { post :update, :id => contract.id,
         :contract => attributes, :use_route => :fine_print }
-      .to raise_error(FinePrint::SecurityTransgression)
-      @contract.reload
-      expect(@contract.name).to eq name
-      expect(@contract.title).to eq title
-      expect(@contract.content).to eq content
+      .to raise_error(ActionController::RoutingError)
+      contract.reload
+      expect(contract.name).to eq name
+      expect(contract.title).to eq title
+      expect(contract.content).to eq content
     end
     
     it 'must update if authorized' do
       attributes = Hash.new
-      attributes[:name] = 'some_name'
-      attributes[:title] = 'Some title'
-      attributes[:content] = 'Some content'
+      attributes[:name] = 'another_name'
+      attributes[:title] = 'Another title'
+      attributes[:content] = 'Another content'
 
       sign_in @admin
-      put :update, :id => @contract.id, :contract => attributes, :use_route => :fine_print
-      assert_redirected_to @contract
-      @contract.reload
-      expect(@contract.errors).to be_empty
-      expect(@contract.name).to eq 'some_name'
-      expect(@contract.title).to eq 'Some title'
-      expect(@contract.content).to eq 'Some content'
+      put :update, :id => contract.id, :contract => attributes, :use_route => :fine_print
+      expect(response).to redirect_to contract
+      contract.reload
+      expect(contract.errors).to be_empty
+      expect(contract.name).to eq 'another_name'
+      expect(contract.title).to eq 'Another title'
+      expect(contract.content).to eq 'Another content'
     end
 
     it "won't destroy unless authorized" do
-      expect { delete :destroy, :id => @contract.id, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
-      expect(Contract.find(@contract.id)).to eq @contract
+      expect { delete :destroy, :id => contract.id, :use_route => :fine_print }
+             .to raise_error(ActionController::RoutingError)
+      expect(Contract.find(contract.id)).to eq contract
       
       sign_in @user
-      expect { delete :destroy, :id => @contract.id, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
-      expect(Contract.find(@contract.id)).to eq @contract
+      expect { delete :destroy, :id => contract.id, :use_route => :fine_print }
+             .to raise_error(ActionController::RoutingError)
+      expect(Contract.find(contract.id)).to eq contract
     end
     
     it 'must destroy if authorized' do
       sign_in @admin
-      delete :destroy, :id => @contract.id, :use_route => :fine_print
-      assert_redirected_to contracts_path
-      expect(Contract.find_by_id(@contract.id)).to be_nil
+      delete :destroy, :id => contract.id, :use_route => :fine_print
+      expect(response).to redirect_to contracts_path
+      expect(Contract.find_by_id(contract.id)).to be_nil
     end
 
     it "won't publish unless authorized" do
-      expect(@contract.is_published?).to eq false
-      expect { put :publish, :id => @contract.id, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
-      @contract.reload
-      expect(@contract.is_published?).to eq false
+      expect(contract.is_published?).to eq false
+      expect { put :publish, :id => contract.id, :use_route => :fine_print }
+             .to raise_error(ActionController::RoutingError)
+      contract.reload
+      expect(contract.is_published?).to eq false
       
       sign_in @user
-      expect { put :publish, :id => @contract.id, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
-      @contract.reload
-      expect(@contract.is_published?).to eq false
+      expect { put :publish, :id => contract.id, :use_route => :fine_print }
+             .to raise_error(ActionController::RoutingError)
+      contract.reload
+      expect(contract.is_published?).to eq false
     end
     
     it 'must publish if authorized' do
-      expect(@contract.is_published?).to eq false
+      expect(contract.is_published?).to eq false
       sign_in @admin
 
-      put :publish, :id => @contract.id, :use_route => :fine_print
-      assert_redirected_to contracts_path
-      @contract.reload
-      expect(@contract.is_published?).to eq true
+      put :publish, :id => contract.id, :use_route => :fine_print
+      expect(response).to redirect_to contracts_path
+      contract.reload
+      expect(contract.is_published?).to eq true
     end
 
     it "won't unpublish unless authorized" do
-      @contract.publish
-      expect(@contract.is_published?).to eq true
-      expect { put :unpublish, :id => @contract.id, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
-      @contract.reload
-      expect(@contract.is_published?).to eq true
+      contract.publish
+      expect(contract.is_published?).to eq true
+      expect { put :unpublish, :id => contract.id, :use_route => :fine_print }
+             .to raise_error(ActionController::RoutingError)
+      contract.reload
+      expect(contract.is_published?).to eq true
       
       sign_in @user
-      expect { put :unpublish, :id => @contract.id, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
-      @contract.reload
-      expect(@contract.is_published?).to eq true
+      expect { put :unpublish, :id => contract.id, :use_route => :fine_print }
+             .to raise_error(ActionController::RoutingError)
+      contract.reload
+      expect(contract.is_published?).to eq true
     end
     
     it 'must unpublish if authorized' do
-      @contract.publish
-      expect(@contract.is_published?).to eq true
+      contract.publish
+      expect(contract.is_published?).to eq true
 
       sign_in @admin
-      put :unpublish, :id => @contract.id, :use_route => :fine_print
-      assert_redirected_to contracts_path
-      @contract.reload
-      expect(@contract.is_published?).to eq false
+      put :unpublish, :id => contract.id, :use_route => :fine_print
+      expect(response).to redirect_to contracts_path
+      contract.reload
+      expect(contract.is_published?).to eq false
     end
 
-    it "won't new_version unless authorized" do
-      @contract.publish
-      expect(@contract.is_published?).to eq true
+    it "won't create new_version unless authorized" do
+      contract.publish
+      expect(contract.is_published?).to eq true
       
-      expect { put :new_version, :id => @contract.id, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
+      expect { put :new_version, :id => contract.id, :use_route => :fine_print }
+             .to raise_error(ActionController::RoutingError)
       expect(assigns(:contract)).to be_nil
       
       sign_in @user
-      expect { put :new_version, :id => @contract.id, :use_route => :fine_print }
-             .to raise_error(FinePrint::SecurityTransgression)
+      expect { put :new_version, :id => contract.id, :use_route => :fine_print }
+             .to raise_error(ActionController::RoutingError)
       expect(assigns(:contract)).to be_nil
     end
     
-    it 'must new_version if authorized' do
-      @contract.publish
-      expect(@contract.is_published?).to eq true
+    it 'must create new_version if authorized' do
+      contract.publish
+      expect(contract.is_published?).to eq true
 
       sign_in @admin
-      put :new_version, :id => @contract.id, :use_route => :fine_print
-      assert_response :success
+      put :new_version, :id => contract.id, :use_route => :fine_print
+      expect(response.status).to eq 200
       expect(assigns(:contract)).not_to be_nil
     end
   end