goldberg_generator 0.2.2

data/templates/vendor/plugins/goldberg/lib/goldberg/model.rb

@@ -0,0 +1,110 @@
+require 'active_record/connection_adapters/postgresql_adapter'
+
+# Set the appropriate table prefix using AR's "set_table_name" 
+
+# This module is included in all Goldberg's model classes.  On load it
+# adds the prefix "goldberg." to all table names if the connection is
+# to PostgreSQL; otherwise it adds the prefix "g_".
+
+module Goldberg
+  module Model
+
+    def self.included(base)
+      base.class_eval do
+        
+        def self.prefix
+          if not @prefix
+            if self.connection.class.to_s == 
+                'ActiveRecord::ConnectionAdapters::PostgreSQLAdapter'
+              @prefix = 'goldberg.'
+            else
+              @prefix = 'goldberg_'
+            end
+          end
+          @prefix
+        end
+        
+        (table_name =~ /goldberg/) ||
+          (set_table_name "#{self.prefix}#{self.table_name}")
+      end
+    end
+    
+  end
+
+
+  # Fixes the "pk_and_sequence_for" method in the PostgreSQL adapter, to
+  # include namespace support.
+
+  module PostgreSQL
+    def self.included(base)
+      base.class_eval do
+        alias_method :pk_and_sequence_for_without_goldberg, :pk_and_sequence_for
+        alias_method :pk_and_sequence_for, :pk_and_sequence_for_with_goldberg
+      end
+    end
+
+    # (From
+    # vendor/rails/activerecord/lib/active_record/connection_adapters/
+    # postgresql_adapter.rb)  
+
+    def pk_and_sequence_for_with_goldberg(table)
+      # First try looking for a sequence with a dependency on the
+      # given table's primary key.
+      result = query(<<-end_sql, 'PK and serial sequence')[0]
+          SELECT attr.attname, name.nspname, seq.relname
+          FROM pg_class      seq,
+               pg_attribute  attr,
+               pg_depend     dep,
+               pg_namespace  name,
+               pg_constraint cons
+          WHERE seq.oid           = dep.objid
+            AND seq.relnamespace  = name.oid
+            AND seq.relkind       = 'S'
+            AND attr.attrelid     = dep.refobjid
+            AND attr.attnum       = dep.refobjsubid
+            AND attr.attrelid     = cons.conrelid
+            AND attr.attnum       = cons.conkey[1]
+            AND cons.contype      = 'p'
+            AND dep.refobjid      = '#{table}'::regclass
+    end_sql
+
+      if result.nil? or result.empty?
+        # If that fails, try parsing the primary key's default value.
+        # Support the 7.x and 8.0 nextval('foo'::text) as well as
+        # the 8.1+ nextval('foo'::regclass).
+        # TODO: assumes sequence is in same schema as table.
+        result = query(<<-end_sql, 'PK and custom sequence')[0]
+        SELECT attr.attname, name.nspname, split_part(def.adsrc, '''', 2)
+        FROM pg_class       t
+        JOIN pg_namespace   name ON (t.relnamespace = name.oid)
+        JOIN pg_attribute   attr ON (t.oid = attrelid)
+        JOIN pg_attrdef     def  ON (adrelid = attrelid AND adnum = attnum)
+        JOIN pg_constraint  cons ON (conrelid = adrelid AND adnum = conkey[1])
+        WHERE t.oid = '#{table}'::regclass
+          AND cons.contype = 'p'
+          AND def.adsrc ~* 'nextval'
+      end_sql
+      end
+      # check for existence of . in sequence name as in public.foo_sequence.  if it does not exist, return unqualified sequence
+      # We cannot qualify unqualified sequences, as rails doesn't qualify any table access, using the search path
+      # Commented out (DN):
+      # [result.first, result.last]
+
+      # Added (DN):
+      # The above consideration is irrelevant.  PostgreSQL
+      # databases always have tables in schemas, so specifying a schema
+      # (even if it is "public") is valid; and in the case where schemas
+      # *are* in use (using 'set_table_name' to set a schema on a model)
+      # the schema path is *required*, otherwise INSERTs are broken.
+
+      [ result[0], "#{result[1]}.#{result[2]}" ]
+    rescue
+      nil
+    end
+    
+  end
+end
+
+ActiveRecord::ConnectionAdapters::PostgreSQLAdapter.class_eval do
+  include Goldberg::PostgreSQL
+end

data/templates/vendor/plugins/goldberg/lib/goldberg/routes.rb

@@ -0,0 +1,49 @@
+
+module Goldberg
+  module Routes
+    def self.included(base)
+      base.class_eval do
+        alias_method :draw_without_goldberg_routes, :draw
+        alias_method :draw, :draw_with_goldberg_routes
+      end
+    end
+
+    def draw_with_goldberg_routes(&block)
+      
+      draw_without_goldberg_routes do |map|
+        block.call map 
+      end
+
+      routes = [ 
+                ['', 
+                 {:controller => "goldberg/content_pages",
+                   :action => "view_default"}],
+
+                ['menu/*name', 
+                 {:controller => 'goldberg/menu_items', :action => 'link'}],
+
+                ['*page_name', 
+                 {:controller => "goldberg/content_pages", :action => "view"}]
+               ]
+
+      route_method = ActionController::Routing::Routes.respond_to?(:add_route)? 
+      :add_route : :connect
+
+      for route in routes do
+        ActionController::Routing::Routes.send(route_method, *route)
+      end
+
+      # Install the new routes (Rails 1.1 only)
+      if ActionController::Routing::Routes.respond_to? :write_generation and
+          ActionController::Routing::Routes.respond_to? :write_recognition
+        ActionController::Routing::Routes.write_generation
+        ActionController::Routing::Routes.write_recognition
+      end 
+    end
+
+  end
+end
+
+ActionController::Routing::RouteSet.class_eval do
+  include Goldberg::Routes
+end

data/templates/vendor/plugins/goldberg/lib/goldberg/test_helper.rb

@@ -0,0 +1,82 @@
+module Goldberg
+  # Goldberg's TestHelper module loads Goldberg's bootstrap
+  # environment for use in functional and integration testing.  It
+  # also provides some methods for logging a user in and out.
+  #
+  # The fixtures are loaded from
+  # RAILS_ROOT/vendor/plugins/goldberg/db.  By default this contains
+  # the bootstrap that came with Goldberg.  However you can configure
+  # your system (create roles, permissions, users, controllers/actions
+  # and a menu) then dump a bootstrap that represents your
+  # configuration using the Rake task:
+  #
+  #   rake goldberg:dump_bootstrap
+  #
+  # This offers an arguably more realistic approach than conventional
+  # fixtures: tests are performed using a real Goldberg setup.
+  # Furthermore dumping a bootstrap from your configured site allows
+  # you to test your security in functional and integration tests: you
+  # can log in and perform actions in your tests, and ensure that
+  # actions and/or pages are appropriately allowed or forbidden based
+  # on the security you have defined.
+  module TestHelper
+
+    def self.included(klass)
+      # The first time this is included make sure the database is
+      # up-to-date (especially applicable for PostgreSQL, for which the
+      # schema is not dumped properly), then load Goldberg's fixtures.
+      unless @already_done
+        begin
+          verbosity = ActiveRecord::Migration.verbose
+          ActiveRecord::Migration.verbose = false
+          Goldberg::Migrator.plugin_name = 'goldberg'
+          Goldberg::Migrator.migrate
+        rescue ActiveRecord::StatementInvalid
+          # Must already exist.  Continue...
+        ensure
+          ActiveRecord::Migration.verbose = verbosity
+        end
+
+        fixture_path = File.dirname(__FILE__) + '/../../db'  # default
+        # Goldberg prefers to use fixtures from its own test/fixtures dir
+        if ( (caller.first =~ %r<vendor/plugins/goldberg/test>) &&
+             File.exists?(File.dirname(__FILE__) + '/../../test/fixtures') )
+          fixture_path = File.dirname(__FILE__) + '/../../test/fixtures'
+        end
+        # Load Goldberg's bootstrap data
+        puts "Loading fixtures from '#{fixture_path}'..."
+        klasses ||= Goldberg::Migration.goldberg_classes
+        klasses.each do |klass|
+          klass.delete_all
+          Goldberg::Migration.load_for_class(klass, fixture_path)
+        end
+        puts "Done loading fixtures."
+      else
+        # Do nothing...
+      end
+      @already_done = true
+    end
+
+    # Set logged-in user (for functional testing)
+    def login_user(user_name)
+      user = Goldberg::User.find_by_name(user_name)
+      @request.session[:goldberg] = {:user_id => (user ? user.id : nil)}
+      Goldberg::AuthController.set_user(@request.session)
+      @request.session[:last_time] = Time.now
+    end
+
+    # Form-based login (for integration testing)
+    def form_login(user, password)
+      post '/goldberg/auth/login', :login => {
+        :name => user,
+        :password => password
+      }
+    end
+
+    # Form-based logout (for integration testing)
+    def form_logout
+      post '/goldberg/auth/logout'
+    end
+
+  end
+end

data/templates/vendor/plugins/goldberg/tasks/goldberg_tasks.rake

@@ -0,0 +1,47 @@
+namespace :goldberg do
+
+  desc "Dump standard Goldberg tables to files in db/"
+  task :dump_bootstrap => :environment do
+    Goldberg::Migration.dump_bootstrap
+  end
+
+  desc "Migrate Goldberg"
+  task :migrate => :environment do
+    Goldberg::Migrator.plugin_name = 'goldberg'
+    Goldberg::Migrator.migrate(ENV['VERSION'])
+  end
+  
+  desc "Load standard Goldberg tables from files in db/"
+  task :load_bootstrap => :migrate do
+    Goldberg::Migration.load_bootstrap
+  end
+
+  desc "Install Goldberg"
+  task :install => :load_bootstrap do
+    index = "#{RAILS_ROOT}/public/index.html"
+    FileTest.exists?(index) and File.delete(index)
+  end
+
+  desc "Upgrade Goldberg"
+  task :upgrade => :migrate do
+  end
+  
+  desc "Flush cached data out of sessions and Roles"
+  task :flush => :environment do
+    puts "Deleting any Rails session files"
+    Dir["#{RAILS_ROOT}/tmp/sessions/ruby_sess*"].each do |fname|
+      File.delete fname
+    end
+    
+    puts "Deleting any ActiveRecord sessions, and resetting the Role cache"
+    conn = ActiveRecord::Base.connection
+    begin  # Capture error if sessions table doesn't exist
+      conn.execute "delete from sessions"
+    rescue
+      nil
+    end
+    # conn.execute "update roles set cache = NULL"
+    Goldberg::Role.rebuild_cache
+  end
+
+end

data/templates/vendor/plugins/goldberg/test/functional/content_pages_controller_test.rb

@@ -0,0 +1,31 @@
+require File.dirname(__FILE__) + '/../test_helper.rb'
+require 'goldberg/content_pages_controller'
+require 'goldberg/auth_controller'
+
+# Re-raise errors caught by the controller.
+class Goldberg::ContentPagesController; def rescue_action(e) raise e end; end
+
+class ContentPagesControllerTest < Test::Unit::TestCase
+  include Goldberg::TestHelper
+
+  def setup
+    @controller = Goldberg::ContentPagesController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+  
+  def test_get_public_page
+    get :view, :page_name => ['home']
+    assert_response :success
+  end
+
+  def test_get_admin_page
+    get :view, {:page_name => ['admin']}
+    assert_response :redirect
+
+    login_user('admin')
+    get :view, {:page_name => ['admin']}
+    assert_response :success
+  end
+
+end

data/templates/vendor/plugins/goldberg/test/integration/security_test.rb

@@ -0,0 +1,134 @@
+require "#{File.dirname(__FILE__)}/../test_helper"
+
+
+# (Also need to test for pending registration confirmation, and for
+# session expiry.)
+
+class SecurityTest < ActionController::IntegrationTest
+  include Goldberg::TestHelper
+
+  # Public user can execute public actions, but when they try
+  # executing an administrator action they are redirected to login.
+  def test_action_security
+    # A public action
+    get '/goldberg/auth/login'
+    assert_response :success
+    # An administrator action
+    get '/goldberg/users/list'
+    assert_redirected_to_login
+
+    form_login('admin', 'admin')
+
+    get '/goldberg/users/list'
+    assert_response :success
+
+    form_logout
+
+    get '/goldberg/users/list'
+    assert_redirected_to_login
+  end
+
+  # When a user with insufficient rights tries to access a page or
+  # action they don't get redirected to login: they get redirected to
+  # the "denied" page.
+  def test_insufficient_security
+    old_count = Goldberg::User.count
+    form_login('admin', 'admin')
+    post '/goldberg/users/create', :user => {
+      :name => 'fred',
+      :fullname => 'Fred Bloggs',
+      :role_id => '2',  # "Member"
+      :clear_password => 'fred',
+      :confirm_password => 'fred',
+    }
+    # User was created OK
+    assert_equal (old_count + 1), Goldberg::User.count
+
+    # Logout, then login as new user
+    form_logout
+    form_login('fred', 'fred')
+    assert_not_nil session[:goldberg][:user_id]
+
+    # An administrator action: denied
+    get '/goldberg/users/list'
+    assert_redirected_to :permission_denied_page
+    # An administrator page: denied
+    get '/admin'
+    assert_redirected_to :permission_denied_page
+  end
+  
+  # Public user can view public pages, but when they try accessing an
+  # administrator page they are redirected to login.
+  def test_page_security
+    # A public page
+    get '/home'
+    assert_response :success
+    # An administrator page
+    get '/admin'
+    assert_redirected_to_login
+
+    form_login('admin', 'admin')
+    
+    get '/admin'
+    assert_response :success
+
+    form_logout
+
+    get '/admin'
+    assert_redirected_to_login
+  end
+
+  # If a public user tries to access a resource for which they lack
+  # authorisation, after logging in they should be redirected to that
+  # resource.
+  def test_pending_request
+    get '/goldberg/users/list'
+    assert_redirected_to_login
+
+    form_login('admin', 'admin')
+    assert_match /goldberg\/users\/list/, response.redirected_to
+  end
+
+  # User should be redirected to the session expired page if they
+  # remain inactive longer than the session timeout in System
+  # Settings.
+  def test_session_expiry
+    # Set the timeout really short
+    settings = Goldberg::SystemSettings.find :first
+    settings.session_timeout = 3  # Three seconds should be ample
+    settings.save!
+
+    form_login('admin', 'admin')
+    get '/site_admin'
+    assert_response :success
+
+    # Wait longer than the timeout
+    sleep 4
+    get '/site_admin'
+    assert_redirected_to :session_expired_page
+  end
+  
+  # User is not logged in if password is wrong
+  def test_wrong_password
+    form_login('admin', 'foobar')
+    assert_nil session[:goldberg][:user_id]
+  end
+  
+  protected
+
+  # A user who was not logged in was redirected to the login page
+  # because they tried accessing an action or page for which they
+  # lacked authorisation.
+  def assert_redirected_to_login
+    assert_equal({ :controller => 'goldberg/auth',
+                   :action => 'login' },
+                 response.redirected_to)
+  end    
+
+  # User was redirected to one of the standard Goldberg pages, as
+  # specified by :page_name.
+  def assert_redirected_to(page_name)
+    assert_match(/#{Goldberg.settings.send(page_name).url}$/,
+                 response.redirected_to)
+  end
+end