g5_authenticatable 0.7.5 → 0.8.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f142dd669e579e19da73640813174a82fbceaacc
-  data.tar.gz: 752c1819dc61cac39ff7f4257e02ef4e48f22a56
+  metadata.gz: e740b6fbbb4a9876775c1e76db296562d6283bd6
+  data.tar.gz: 8c9d75eb84818206367591faeac2f675f2616769
 SHA512:
-  metadata.gz: 2d0c22f0f2458f4363e7efa62cdd056fed29552df626c9dd086a2e0254a0c51bb71779665e5b479edaf4843f0bddddc332f2fea345277f996186dd32bfdab4d1
-  data.tar.gz: c651ab589af2ce695285a1c81fecea2c0e631302fe393007350a1f91697d41689502c53c512218b88f7084314a36bdc93ef8bf37a2ee1a08f35c969904d40457
+  metadata.gz: fdd634b6c2ed9e3f7dfd75a0d11e4a9ea8deac800f88a154a8e76651650c75e776e0ccc9f7b13a39941ede01c44201987aea1450605bc3569e1739cf9d1696d7
+  data.tar.gz: f1a47879f8b0d9f5af31a53f5740b14bb016a1849ff65f30fbe08ee70466c1882fd2cb304c8d1debdfc40cafccc292dcac650be2d2207d01facbfb054cab1573

data/app/models/g5_authenticatable/user.rb

@@ -37,10 +37,18 @@ module G5Authenticatable
       end
     end
 
+    def selectable_clients
+      G5Updatable::SelectableClientPolicy::Scope.new(self, G5Updatable::Client).resolve
+    end
+
     def clients
       G5Updatable::ClientPolicy::Scope.new(self, G5Updatable::Client).resolve
     end
 
+    def locations
+      G5Updatable::LocationPolicy::Scope.new(self, G5Updatable::Location).resolve
+    end
+
     private
 
     def self.extended_auth_attributes(auth_data)

data/app/policies/g5_authenticatable/base_policy.rb

@@ -1,7 +1,7 @@
 class G5Authenticatable::BasePolicy
   attr_reader :user, :record
 
-  def initialize(user, record)
+  def initialize(user, record=nil)
     @user = user
     @record = record
   end
@@ -53,6 +53,10 @@ class G5Authenticatable::BasePolicy
         scope.none
       end
     end
+
+    def has_global_role?
+      G5Authenticatable::BasePolicy.new(user, G5Updatable::Client).has_global_role?
+    end
   end
 
   def super_admin?

data/app/policies/g5_updatable/client_policy.rb

@@ -1,22 +1,23 @@
+# Clients defined by this policy are ones for whom the user has access at the client level. This means that either
+# they have a global role or that have a specific client role.
 module G5Updatable
   class ClientPolicy < G5Authenticatable::BasePolicy
     class Scope < G5Authenticatable::BasePolicy::BaseScope
 
       def resolve
         return scope.all if has_global_role?
-        scope.where(id: client_roles.map(&:resource_id))
+        client_with_roles
       end
 
-      def client_roles
-        G5Authenticatable::Role
-          .joins('INNER JOIN g5_updatable_clients ON g5_updatable_clients.id = g5_authenticatable_roles.resource_id')
-          .joins('INNER JOIN g5_authenticatable_users_roles ON g5_authenticatable_roles.id = g5_authenticatable_users_roles.role_id')
-          .where('g5_authenticatable_roles.resource_type = ? and g5_authenticatable_users_roles.user_id = ?', G5Updatable::Client.name, user.id)
-      end
+      private
 
-      def has_global_role?
-        G5Authenticatable::BasePolicy.new(user, G5Updatable::Client).has_global_role?
+      def client_with_roles
+        G5Updatable::Client
+          .joins('INNER JOIN g5_authenticatable_roles as r ON r.resource_id = g5_updatable_clients.id')
+          .joins('INNER JOIN g5_authenticatable_users_roles as ur ON r.id = ur.role_id')
+          .where('r.resource_type = ? and ur.user_id = ?', G5Updatable::Client.name, user.id)
       end
+
     end
 
   end

data/app/policies/g5_updatable/location_policy.rb

@@ -0,0 +1,40 @@
+# The policy will resolve to all locations that a user has access. This includes locations that a user has roles for
+# but also those locations for which a user has a client role.  Global roles grant access to ALL locations.
+module G5Updatable
+  class LocationPolicy < G5Authenticatable::BasePolicy
+    class Scope < G5Authenticatable::BasePolicy::BaseScope
+
+      def resolve
+        locations_from_client_location_roles
+      end
+
+      private
+
+      def location_roles
+        G5Authenticatable::Role
+          .joins('INNER JOIN g5_updatable_locations as l ON l.id = g5_authenticatable_roles.resource_id')
+          .joins('INNER JOIN g5_authenticatable_users_roles as ur ON g5_authenticatable_roles.id = ur.role_id')
+          .where('g5_authenticatable_roles.resource_type = ? and ur.user_id = ?',
+                 G5Updatable::Location.name, user.id)
+      end
+
+      def locations_from_client_roles
+        G5Updatable::Location
+          .joins('INNER JOIN g5_updatable_clients as c on g5_updatable_locations.client_uid=c.uid')
+          .joins('INNER JOIN g5_authenticatable_roles as r on r.resource_id=c.id')
+          .joins('INNER JOIN g5_authenticatable_users_roles as ur on r.id=ur.role_id')
+          .where('ur.user_id=?',user.id)
+          .where('r.resource_type=?', G5Updatable::Client.name)
+      end
+
+
+      def locations_from_client_location_roles
+        return scope.all if has_global_role?
+        location_ids = locations_from_client_roles.map(&:id) | location_roles.map(&:resource_id)
+        G5Updatable::Location.where(id: location_ids)
+      end
+
+    end
+
+  end
+end

data/app/policies/g5_updatable/selectable_client_policy.rb

@@ -0,0 +1,38 @@
+# Policy to define which clients are show to users to select. This includes all clients for whom a user only
+# has a location scoped role.  Clients defined by this policy are not necessarily granted view permissions at the client
+# level.
+module G5Updatable
+  class SelectableClientPolicy < G5Authenticatable::BasePolicy
+    class Scope < G5Authenticatable::BasePolicy::BaseScope
+
+      def resolve
+        return clients_from_client_and_location_roles
+      end
+
+      def client_roles
+        G5Authenticatable::Role
+          .joins('INNER JOIN g5_updatable_clients as c ON c.id = g5_authenticatable_roles.resource_id')
+          .joins('INNER JOIN g5_authenticatable_users_roles as ur ON g5_authenticatable_roles.id = ur.role_id')
+          .where('g5_authenticatable_roles.resource_type = ? and ur.user_id = ?', G5Updatable::Client.name, user.id)
+      end
+
+      def clients_from_client_and_location_roles
+        return scope.all if has_global_role?
+        client_ids = clients_from_location_roles.map(&:id) | client_roles.map(&:resource_id)
+        G5Updatable::Client.where(id: client_ids)
+      end
+
+      def clients_from_location_roles
+        G5Updatable::Client
+          .joins('INNER JOIN g5_updatable_locations as l on l.client_uid=g5_updatable_clients.uid')
+          .joins('INNER JOIN g5_authenticatable_roles as r on l.id=r.resource_id')
+          .joins('INNER JOIN g5_authenticatable_users_roles as ur on r.id=ur.role_id')
+          .where('r.resource_type = ? and ur.user_id = ?',
+                 G5Updatable::Location.name, user.id)
+          .group('g5_updatable_clients.id')
+      end
+
+    end
+
+  end
+end

data/lib/g5_authenticatable/version.rb

@@ -1,3 +1,3 @@
 module G5Authenticatable
-  VERSION = '0.7.5'
+  VERSION = '0.8.0.beta1'
 end

data/spec/dummy/config/application.rb

@@ -58,6 +58,8 @@ module Dummy
 
     config.paths.add "app/api", glob: "**/*.rb"
     config.autoload_paths += Dir["#{Rails.root}/app/api/*"]
+
+    config.web_console.development_only = false
   end
 end
 

data/spec/policies/client_policy_spec.rb

@@ -16,44 +16,46 @@ describe G5Updatable::ClientPolicy do
   let!(:client_2) { FactoryGirl.create(:g5_updatable_client) }
   let!(:client_3) { FactoryGirl.create(:g5_updatable_client) }
 
-  subject { G5Updatable::ClientPolicy::Scope.new(user, G5Updatable::Client).resolve }
-
-  context 'with global role' do
-    before { user.add_role :admin }
-    it 'returns all clients' do
-      expect(subject.length).to eq(3)
-      expect(subject).to include(client_1)
-      expect(subject).to include(client_2)
-      expect(subject).to include(client_3)
+  describe '.resolve' do
+
+    subject { G5Updatable::ClientPolicy::Scope.new(user, G5Updatable::Client).resolve }
+
+    context 'with global role' do
+      before { user.add_role :admin }
+      it 'returns all clients' do
+        expect(subject.length).to eq(3)
+        expect(subject).to include(client_1)
+        expect(subject).to include(client_2)
+        expect(subject).to include(client_3)
+      end
     end
-  end
 
-  context 'with client role' do
-    before { user.add_role(:admin, client_1) }
-    it 'returns a single client' do
-      expect(subject.length).to eq(1)
-      expect(subject).to include(client_1)
+    context 'with client role' do
+      before { user.add_role(:admin, client_1) }
+      it 'returns a single client' do
+        expect(subject.length).to eq(1)
+        expect(subject).to include(client_1)
+      end
     end
-  end
 
-  context 'with many client roles'  do
-    before do
-      user.add_role(:admin, client_1)
-      user.add_role(:admin, client_2)
-      user.add_role(:admin, client_3)
-    end
-    it 'returns all assigned clients' do
-      expect(subject.length).to eq(3)
-      expect(subject).to include(client_1)
-      expect(subject).to include(client_2)
-      expect(subject).to include(client_3)
+    context 'with many client roles'  do
+      before do
+        user.add_role(:admin, client_1)
+        user.add_role(:admin, client_2)
+        user.add_role(:admin, client_3)
+      end
+      it 'returns all assigned clients' do
+        expect(subject.length).to eq(3)
+        expect(subject).to include(client_1)
+        expect(subject).to include(client_2)
+        expect(subject).to include(client_3)
+      end
     end
-  end
 
-  context 'with no role' do
-    it 'returns no clients' do
-      expect(subject.length).to eq(0)
+    context 'with no role' do
+      it 'returns no clients' do
+        expect(subject.length).to eq(0)
+      end
     end
   end
-
 end

data/spec/policies/location_policy_spec.rb

@@ -0,0 +1,65 @@
+require 'spec_helper'
+
+describe G5Updatable::LocationPolicy do
+  subject(:policy) { described_class }
+
+  let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+  let(:user2) { FactoryGirl.create(:g5_authenticatable_user) }
+
+  let!(:client_1) { FactoryGirl.create(:g5_updatable_client) }
+  let!(:client_2) { FactoryGirl.create(:g5_updatable_client) }
+
+  let!(:location_1) { FactoryGirl.create(:g5_updatable_location, client: client_1) }
+  let!(:location_2) { FactoryGirl.create(:g5_updatable_location, client: client_1) }
+
+  let!(:location_3) { FactoryGirl.create(:g5_updatable_location, client: client_2) }
+  let!(:location_4) { FactoryGirl.create(:g5_updatable_location, client: client_2) }
+
+  before do
+    user.roles = []
+    user.save!
+    user2.add_role(:viewer, location_1)
+  end
+
+  describe '.resolve' do
+    subject { G5Updatable::LocationPolicy::Scope.new(user, G5Updatable::Location).resolve }
+
+    context 'with global role' do
+      before { user.add_role :admin }
+      it 'returns all locations' do
+        expect(subject.length).to eq(4)
+        expect(subject).to include(location_1)
+        expect(subject).to include(location_2)
+        expect(subject).to include(location_3)
+      end
+    end
+
+    context 'with location role' do
+      before { user.add_role(:admin, location_1) }
+      it 'returns a single location' do
+        expect(subject.length).to eq(1)
+        expect(subject).to include(location_1)
+      end
+    end
+
+    context 'with many client roles'  do
+      before do
+        user.add_role(:admin, location_1)
+        user.add_role(:admin, location_2)
+        user.add_role(:admin, location_3)
+      end
+      it 'returns all assigned clients' do
+        expect(subject.length).to eq(3)
+        expect(subject).to include(location_1)
+        expect(subject).to include(location_2)
+        expect(subject).to include(location_3)
+      end
+    end
+
+    context 'with no role' do
+      it 'returns no locations' do
+        expect(subject.length).to eq(0)
+      end
+    end
+  end
+end

data/spec/policies/selectable_client_policy_spec.rb

@@ -0,0 +1,82 @@
+require 'spec_helper'
+
+describe G5Updatable::SelectableClientPolicy do
+  subject(:policy) { described_class }
+
+  let(:user) { FactoryGirl.create(:g5_authenticatable_user) }
+  let(:user2) { FactoryGirl.create(:g5_authenticatable_user) }
+
+  before do
+    user.roles = []
+    user.save!
+    user2.add_role(:viewer, client_1)
+  end
+
+  let!(:client_1) { FactoryGirl.create(:g5_updatable_client) }
+  let!(:client_2) { FactoryGirl.create(:g5_updatable_client) }
+  let!(:client_3) { FactoryGirl.create(:g5_updatable_client) }
+
+  describe '.resolve' do
+    subject { G5Updatable::SelectableClientPolicy::Scope.new(user, G5Updatable::Client).resolve }
+
+    let!(:location_1) { FactoryGirl.create(:g5_updatable_location, client: client_1) }
+    let!(:location_2) { FactoryGirl.create(:g5_updatable_location, client: client_1) }
+
+    let!(:location_3) { FactoryGirl.create(:g5_updatable_location, client: client_2) }
+    let!(:location_4) { FactoryGirl.create(:g5_updatable_location, client: client_2) }
+
+    context 'with global role' do
+      before { user.add_role :admin }
+      it 'returns all clients' do
+        expect(subject.length).to eq(3)
+        expect(subject).to include(client_1)
+        expect(subject).to include(client_2)
+        expect(subject).to include(client_3)
+      end
+    end
+
+    context 'with role for location and for client that location belongs to' do
+      before do
+        user.add_role :admin, location_1
+        user.add_role :admin, client_1
+      end
+      it 'returns 1 client' do
+        expect(subject.length).to eq(1)
+        expect(subject).to include(client_1)
+      end
+    end
+
+    context 'with role for location and client that location does not belong to' do
+      before do
+        user.add_role :admin, location_1
+        user.add_role :admin, client_2
+      end
+      it 'returns 1 client' do
+        expect(subject.length).to eq(2)
+        expect(subject).to include(client_1)
+        expect(subject).to include(client_2)
+      end
+    end
+
+    context 'with a client role' do
+      before do
+        user.add_role :admin, client_2
+      end
+      it 'returns 1 client' do
+        expect(subject.length).to eq(1)
+        expect(subject).to include(client_2)
+      end
+    end
+
+    context 'with a location role' do
+      before do
+        user.add_role :admin, location_1
+      end
+      it 'returns 1 client' do
+        expect(subject.length).to eq(1)
+        expect(subject).to include(client_1)
+      end
+    end
+  end
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: g5_authenticatable
 version: !ruby/object:Gem::Version
-  version: 0.7.5
+  version: 0.8.0.beta1
 platform: ruby
 authors:
 - maeve
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-22 00:00:00.000000000 Z
+date: 2016-02-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: devise_g5_authenticatable
@@ -126,6 +126,8 @@ files:
 - app/models/g5_authenticatable/user.rb
 - app/policies/g5_authenticatable/base_policy.rb
 - app/policies/g5_updatable/client_policy.rb
+- app/policies/g5_updatable/location_policy.rb
+- app/policies/g5_updatable/selectable_client_policy.rb
 - app/services/g5_authenticatable/impersonate_sessionable.rb
 - app/views/g5_authenticatable/error/auth_error.html.erb
 - app/views/layouts/g5_authenticatable/application.html.erb
@@ -236,7 +238,8 @@ files:
 - spec/models/post_spec.rb
 - spec/policies/application_policy_spec.rb
 - spec/policies/client_policy_spec.rb
-- spec/policies/post_policy_spec.rb
+- spec/policies/location_policy_spec.rb
+- spec/policies/selectable_client_policy_spec.rb
 - spec/requests/default_role_authorization_spec.rb
 - spec/requests/grape_api_spec.rb
 - spec/requests/rails_api_spec.rb
@@ -266,9 +269,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.2.2
@@ -357,7 +360,8 @@ test_files:
 - spec/models/post_spec.rb
 - spec/policies/application_policy_spec.rb
 - spec/policies/client_policy_spec.rb
-- spec/policies/post_policy_spec.rb
+- spec/policies/location_policy_spec.rb
+- spec/policies/selectable_client_policy_spec.rb
 - spec/requests/default_role_authorization_spec.rb
 - spec/requests/grape_api_spec.rb
 - spec/requests/rails_api_spec.rb

data/spec/policies/post_policy_spec.rb

@@ -1,35 +0,0 @@
-require 'spec_helper'
-
-describe PostPolicy do
-  subject(:policy) { described_class }
-
-  let(:record) { FactoryGirl.create(:post) }
-
-  permissions :index? do
-    it_behaves_like 'a super_admin authorizer'
-  end
-
-  permissions :show? do
-    it_behaves_like 'a super_admin authorizer'
-  end
-
-  permissions :new? do
-    it_behaves_like 'a super_admin authorizer'
-  end
-
-  permissions :create? do
-    it_behaves_like 'a super_admin authorizer'
-  end
-
-  permissions :edit? do
-    it_behaves_like 'a super_admin authorizer'
-  end
-
-  permissions :update? do
-    it_behaves_like 'a super_admin authorizer'
-  end
-
-  permissions :destroy? do
-    it_behaves_like 'a super_admin authorizer'
-  end
-end