g5_authenticatable 0.4.2 → 0.5.0

data/spec/requests/default_role_authorization_spec.rb

@@ -0,0 +1,169 @@
+require 'spec_helper'
+
+describe 'Default role-based authorization API' do
+  let(:json) { JSON.parse(response.body) }
+
+  describe 'GET /posts', :auth_request do
+    subject(:get_posts) { get posts_path, format: :json }
+
+    let!(:post) { FactoryGirl.create(:post, author: user) }
+    let!(:other_post) { FactoryGirl.create(:post) }
+
+    before { get_posts }
+
+    context 'when user is a super_admin' do
+      let(:user) { FactoryGirl.create(:g5_authenticatable_super_admin) }
+
+      it 'returns ok' do
+        expect(response).to be_ok
+      end
+
+      it 'includes all posts' do
+        expect(json).to contain_exactly(
+          hash_including('id' => post.id,
+                         'author_id' => post.author.id,
+                         'content' => post.content),
+          hash_including('id' => other_post.id,
+                         'author_id' => other_post.author.id,
+                         'content' => other_post.content)
+        )
+      end
+    end
+
+    context 'when user is not a super_admin' do
+      it 'returns forbidden' do
+        expect(response).to be_forbidden
+      end
+    end
+  end
+
+  describe 'GET /posts/:id', :auth_request do
+    subject(:show_post) { get post_path(post.id), format: :json }
+
+    let(:post) { FactoryGirl.create(:post, author: user) }
+
+    before { show_post }
+
+    context 'when user is a super_admin' do
+      let(:user) { FactoryGirl.create(:g5_authenticatable_super_admin) }
+
+      it 'returns ok' do
+        expect(response).to be_ok
+      end
+
+      it 'returns the post' do
+        expect(json).to include('id' => post.id,
+                                'author_id' => post.author.id,
+                                'content' => post.content)
+      end
+    end
+
+    context 'when user is not a super_admin' do
+      let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+      it 'returns forbidden' do
+        expect(response).to be_forbidden
+      end
+    end
+  end
+
+  describe 'POST /posts', :auth_request do
+    subject(:create_post) { post posts_path, post: post_params, format: :json }
+
+    let(:post_params) do
+      {content: post_obj.content, author_id: post_obj.author.id}
+    end
+    let(:post_obj) { FactoryGirl.build(:post, author: user) }
+
+    context 'when user is a super_admin' do
+      let(:user) { FactoryGirl.create(:g5_authenticatable_super_admin) }
+
+      it 'returns ok' do
+        create_post
+        expect(response).to be_created
+      end
+
+      it 'creates a post' do
+        expect { create_post }.to change { Post.count }.by(1)
+      end
+    end
+
+    context 'when user is not a super_admin' do
+      it 'returns forbidden' do
+        create_post
+        expect(response).to be_forbidden
+      end
+
+      it 'does not create a post' do
+        expect { create_post }.to_not change { Post.count }
+      end
+    end
+  end
+
+  describe 'PUT /posts/:id', :auth_request do
+    subject(:update_post) do
+      put post_path(post.id), post: post_params, format: :json
+    end
+
+    let(:post_params) do
+      {content: 'some brand new content', author_id: post.author.id}
+    end
+    let(:post) { FactoryGirl.create(:post, author: user) }
+
+    context 'when user is a super_admin' do
+      let(:user) { FactoryGirl.create(:g5_authenticatable_super_admin) }
+
+      it 'returns ok' do
+        update_post
+        expect(response).to be_http_no_content
+      end
+
+      it 'updates the post' do
+        expect { update_post }.to change { post.reload.content }
+      end
+    end
+
+    context 'when user is not a super_admin' do
+      it 'returns forbidden' do
+        update_post
+        expect(response).to be_forbidden
+      end
+
+      it 'does not update the post' do
+        expect { update_post }.to_not change { post.reload.content }
+      end
+    end
+  end
+
+  describe 'DELETE /posts/:id', :auth_request do
+    subject(:delete_post) do
+      delete post_path(post.id), format: :json
+    end
+
+    let!(:post) { FactoryGirl.create(:post, author: user) }
+
+    context 'when user is a super_admin' do
+      let(:user) { FactoryGirl.create(:g5_authenticatable_super_admin) }
+
+      it 'returns ok' do
+        delete_post
+        expect(response).to be_http_no_content
+      end
+
+      it 'deletes the post' do
+        expect { delete_post }.to change { Post.count }.by(-1)
+      end
+    end
+
+    context 'when user is not a super_admin' do
+      it 'returns forbidden' do
+        delete_post
+        expect(response).to be_forbidden
+      end
+
+      it 'does not delete the post' do
+        expect { delete_post }.to_not change { Post.count }
+      end
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -9,7 +9,6 @@ ENV["RAILS_ENV"] ||= 'test'
 require File.expand_path("../dummy/config/environment", __FILE__)
 
 require 'rspec/rails'
-require 'rspec/autorun'
 require 'capybara/rspec'
 require 'webmock/rspec'
 require 'g5_authenticatable/rspec'
@@ -46,8 +45,6 @@ RSpec.configure do |config|
   #     --seed 1234
   config.order = 'random'
 
-  config.treat_symbols_as_metadata_keys_with_true_values = true
-
   config.infer_spec_type_from_file_location!
 
   config.after(:suite) { WebMock.disable! }

data/spec/support/shared_examples/super_admin_authorizer.rb

@@ -0,0 +1,33 @@
+shared_examples_for 'a super_admin authorizer' do
+  context 'when user is an admin' do
+    let(:user) { FactoryGirl.create(:g5_authenticatable_admin) }
+
+    it 'denies access' do
+      expect(policy).to_not permit(user, record)
+    end
+  end
+
+  context 'when user is an editor' do
+    let(:user) { FactoryGirl.create(:g5_authenticatable_editor) }
+
+    it 'denies access' do
+      expect(policy).to_not permit(user, record)
+    end
+  end
+
+  context 'when user is a viewer' do
+    let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+
+    it 'denies access' do
+      expect(policy).to_not permit(user, record)
+    end
+  end
+
+  context 'when user has super_admin role' do
+    let(:user) { FactoryGirl.create(:g5_authenticatable_super_admin) }
+
+    it 'permits access' do
+      expect(policy).to permit(user, record)
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: g5_authenticatable
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.0
 platform: ruby
 authors:
 - maeve
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-11 00:00:00.000000000 Z
+date: 2015-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise_g5_authenticatable
@@ -24,6 +24,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: omniauth-g5
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
 - !ruby/object:Gem::Dependency
   name: g5_authenticatable_api
   requirement: !ruby/object:Gem::Requirement
@@ -38,6 +52,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.3.1
+- !ruby/object:Gem::Dependency
+  name: rolify
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: pundit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: |-
   An engine that provides a basic User model,
                             authentication logic, and remote credential
@@ -52,6 +94,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".ruby-version"
+- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE
@@ -60,16 +103,19 @@ files:
 - app/assets/images/g5_authenticatable/.gitkeep
 - app/assets/javascripts/g5_authenticatable/application.js
 - app/assets/stylesheets/g5_authenticatable/application.css
+- app/controllers/concerns/g5_authenticatable/authorization.rb
 - app/controllers/g5_authenticatable/application_controller.rb
 - app/controllers/g5_authenticatable/error_controller.rb
 - app/controllers/g5_authenticatable/failure_app.rb
 - app/controllers/g5_authenticatable/sessions_controller.rb
 - app/helpers/g5_authenticatable/application_helper.rb
+- app/models/g5_authenticatable/role.rb
 - app/models/g5_authenticatable/user.rb
+- app/policies/g5_authenticatable/base_policy.rb
 - app/views/g5_authenticatable/error/auth_error.html.erb
 - app/views/layouts/g5_authenticatable/application.html.erb
-- circle.yml
 - config/initializers/devise.rb
+- config/initializers/rolify.rb
 - config/locales/devise.en.yml
 - config/routes.rb
 - g5_authenticatable.gemspec
@@ -85,27 +131,45 @@ files:
 - lib/g5_authenticatable/version.rb
 - lib/generators/g5_authenticatable/install/USAGE
 - lib/generators/g5_authenticatable/install/install_generator.rb
-- lib/generators/g5_authenticatable/install/templates/create_g5_authenticatable_users.rb
-- lib/generators/g5_authenticatable/install/templates/g5_authenticatable.rb
+- lib/generators/g5_authenticatable/install/templates/403.html
+- lib/generators/g5_authenticatable/install/templates/application_policy.rb
+- lib/generators/g5_authenticatable/install/templates/initializer.rb
+- lib/generators/g5_authenticatable/install/templates/migrate/add_g5_authenticatable_users_contact_info.rb
+- lib/generators/g5_authenticatable/install/templates/migrate/create_g5_authenticatable_roles.rb
+- lib/generators/g5_authenticatable/install/templates/migrate/create_g5_authenticatable_users.rb
 - lib/tasks/g5_authenticatable/purge_users.rake
 - script/rails
 - spec/config/application_spec.rb
 - spec/controllers/.gitkeep
 - spec/controllers/application_controller_spec.rb
+- spec/controllers/concerns/g5_authenticatable/authorization.rb
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
 - spec/dummy/app/api/secure_api.rb
 - spec/dummy/app/assets/javascripts/application.js
+- spec/dummy/app/assets/javascripts/posts.js
 - spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/assets/stylesheets/posts.css
+- spec/dummy/app/assets/stylesheets/scaffold.css
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/controllers/home_controller.rb
+- spec/dummy/app/controllers/posts_controller.rb
 - spec/dummy/app/controllers/rails_api/secure_resources_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
+- spec/dummy/app/helpers/posts_helper.rb
 - spec/dummy/app/mailers/.gitkeep
 - spec/dummy/app/models/.gitkeep
+- spec/dummy/app/models/post.rb
+- spec/dummy/app/policies/application_policy.rb
+- spec/dummy/app/policies/post_policy.rb
 - spec/dummy/app/views/home/index.html.erb
 - spec/dummy/app/views/home/show.html.erb
 - spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/app/views/posts/_form.html.erb
+- spec/dummy/app/views/posts/edit.html.erb
+- spec/dummy/app/views/posts/index.html.erb
+- spec/dummy/app/views/posts/new.html.erb
+- spec/dummy/app/views/posts/show.html.erb
 - spec/dummy/app/views/rails_api/secure_resources/show.html.erb
 - spec/dummy/config.ru
 - spec/dummy/config/application.rb
@@ -117,6 +181,7 @@ files:
 - spec/dummy/config/environments/production.rb
 - spec/dummy/config/environments/test.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
+- spec/dummy/config/initializers/g5_authenticatable.rb
 - spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/secret_token.rb
@@ -125,21 +190,32 @@ files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/db/migrate/20140206070137_create_g5_authenticatable_users.rb
+- spec/dummy/db/migrate/20150428182339_add_g5_authenticatable_users_contact_info.rb
+- spec/dummy/db/migrate/20150429212919_create_g5_authenticatable_roles.rb
+- spec/dummy/db/migrate/20150509061150_create_posts.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.gitkeep
 - spec/dummy/log/.gitkeep
+- spec/dummy/public/403.html
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
 - spec/dummy/script/rails
+- spec/factories/post.rb
 - spec/features/auth_error_path_spec.rb
+- spec/features/default_role_authorization_spec.rb
 - spec/features/sign_in_spec.rb
 - spec/features/token_validation_spec.rb
 - spec/g5_authenticatable/version_spec.rb
 - spec/lib/generators/g5_authenticatable/install_generator_spec.rb
 - spec/models/.gitkeep
+- spec/models/g5_authenticatable/role_spec.rb
 - spec/models/g5_authenticatable/user_spec.rb
+- spec/models/post_spec.rb
+- spec/policies/application_policy_spec.rb
+- spec/policies/post_policy_spec.rb
+- spec/requests/default_role_authorization_spec.rb
 - spec/requests/grape_api_spec.rb
 - spec/requests/rails_api_spec.rb
 - spec/requests/sign_out_spec.rb
@@ -149,6 +225,7 @@ files:
 - spec/spec_helper.rb
 - spec/support/devise.rb
 - spec/support/shared_contexts/rake.rb
+- spec/support/shared_examples/super_admin_authorizer.rb
 - spec/support/token_validation.rb
 - spec/tasks/purge_users_spec.rb
 homepage: https://github.com/G5/g5_authenticatable
@@ -179,20 +256,34 @@ test_files:
 - spec/config/application_spec.rb
 - spec/controllers/.gitkeep
 - spec/controllers/application_controller_spec.rb
+- spec/controllers/concerns/g5_authenticatable/authorization.rb
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
 - spec/dummy/app/api/secure_api.rb
 - spec/dummy/app/assets/javascripts/application.js
+- spec/dummy/app/assets/javascripts/posts.js
 - spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/assets/stylesheets/posts.css
+- spec/dummy/app/assets/stylesheets/scaffold.css
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/controllers/home_controller.rb
+- spec/dummy/app/controllers/posts_controller.rb
 - spec/dummy/app/controllers/rails_api/secure_resources_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
+- spec/dummy/app/helpers/posts_helper.rb
 - spec/dummy/app/mailers/.gitkeep
 - spec/dummy/app/models/.gitkeep
+- spec/dummy/app/models/post.rb
+- spec/dummy/app/policies/application_policy.rb
+- spec/dummy/app/policies/post_policy.rb
 - spec/dummy/app/views/home/index.html.erb
 - spec/dummy/app/views/home/show.html.erb
 - spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/app/views/posts/_form.html.erb
+- spec/dummy/app/views/posts/edit.html.erb
+- spec/dummy/app/views/posts/index.html.erb
+- spec/dummy/app/views/posts/new.html.erb
+- spec/dummy/app/views/posts/show.html.erb
 - spec/dummy/app/views/rails_api/secure_resources/show.html.erb
 - spec/dummy/config.ru
 - spec/dummy/config/application.rb
@@ -204,6 +295,7 @@ test_files:
 - spec/dummy/config/environments/production.rb
 - spec/dummy/config/environments/test.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
+- spec/dummy/config/initializers/g5_authenticatable.rb
 - spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/secret_token.rb
@@ -212,21 +304,32 @@ test_files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/db/migrate/20140206070137_create_g5_authenticatable_users.rb
+- spec/dummy/db/migrate/20150428182339_add_g5_authenticatable_users_contact_info.rb
+- spec/dummy/db/migrate/20150429212919_create_g5_authenticatable_roles.rb
+- spec/dummy/db/migrate/20150509061150_create_posts.rb
 - spec/dummy/db/schema.rb
 - spec/dummy/lib/assets/.gitkeep
 - spec/dummy/log/.gitkeep
+- spec/dummy/public/403.html
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
 - spec/dummy/script/rails
+- spec/factories/post.rb
 - spec/features/auth_error_path_spec.rb
+- spec/features/default_role_authorization_spec.rb
 - spec/features/sign_in_spec.rb
 - spec/features/token_validation_spec.rb
 - spec/g5_authenticatable/version_spec.rb
 - spec/lib/generators/g5_authenticatable/install_generator_spec.rb
 - spec/models/.gitkeep
+- spec/models/g5_authenticatable/role_spec.rb
 - spec/models/g5_authenticatable/user_spec.rb
+- spec/models/post_spec.rb
+- spec/policies/application_policy_spec.rb
+- spec/policies/post_policy_spec.rb
+- spec/requests/default_role_authorization_spec.rb
 - spec/requests/grape_api_spec.rb
 - spec/requests/rails_api_spec.rb
 - spec/requests/sign_out_spec.rb
@@ -236,5 +339,6 @@ test_files:
 - spec/spec_helper.rb
 - spec/support/devise.rb
 - spec/support/shared_contexts/rake.rb
+- spec/support/shared_examples/super_admin_authorizer.rb
 - spec/support/token_validation.rb
 - spec/tasks/purge_users_spec.rb

data/circle.yml

@@ -1,4 +0,0 @@
-database:
-  override:
-    - cp spec/dummy/config/database.yml.ci spec/dummy/config/database.yml
-    - RAILS_ENV=test bundle exec rake app:db:setup