has_roles 0.0.2 → 0.3.0

data/lib/has_roles/url_helper.rb

@@ -0,0 +1,38 @@
+module HasRoles
+  # Provides helper methods for conditionally making links depending on
+  # whether the current user is authorized to access the url being linked to.
+  # 
+  # In order to determine who the "current user" is, the helper methods
+  # assume that a +current_user+ helper has been defined.  An example of an
+  # implementation of +current_user+ could be:
+  # 
+  #   class ApplicationController < ActionController::Base
+  #     ...
+  #     
+  #     protected
+  #       def current_user
+  #         @current_user ||= session[:user_id] ? User.find_by_id(session[:user_id]) : nil
+  #       end
+  #       helper_method :current_user
+  #   end
+  module UrlHelper
+    # Only link to the url if the current user is authorized to access it.  In
+    # addition to the options normally available in +link_to+, the following
+    # options can be specified:
+    # * +show_text+ - If set to true, will only display the text if the user
+    #   is not authorized for the link. (Default is +false+).
+    def link_to_if_authorized(name, options = {}, html_options = {}, &block)
+      text_on_no_authorization = html_options.delete(:show_text) ? name : ''
+      
+      if authorized_for?(options)
+        link_to(name, options, html_options, &block)
+      else
+        text_on_no_authorization
+      end
+    end
+  end
+end
+
+ActionController::Base.class_eval do
+  helper HasRoles::UrlHelper
+end

data/lib/has_roles.rb

@@ -1,65 +1,38 @@
 require 'has_roles/authorization_helper'
+require 'has_roles/url_helper'
 
-module PluginAWeek #:nodoc:
-  module Has #:nodoc:
-    # Provides dead simple role management
-    module Roles
-      def self.included(base) #:nodoc:
-        base.extend(MacroMethods)
-      end
+# Adds a generic implementation for dealing with role management
+module HasRoles
+  module MacroMethods
+    # Indicates that the model has roles. This will create the following
+    # associations:
+    # * +role_assignments+ - The join association for roles that have been
+    #   assigned to a record in this model
+    # * +roles+ - The actual roles through the join association
+    def has_roles
+      has_many :role_assignments, :class_name => 'RoleAssignment', :as => :assignee, :dependent => :destroy
+      has_many :roles, :through => :role_assignments
       
-      module MacroMethods
-        # Indicates that the model has roles
-        def has_roles
-          has_many  :role_assignments,
-                      :class_name => 'RoleAssignment',
-                      :as => :assignee,
-                      :dependent => :destroy
-          has_many  :roles,
-                      :through => :role_assignments
-          
-          include PluginAWeek::Has::Roles::InstanceMethods
-        end
-      end
-      
-      module InstanceMethods
-        # Checks whether this user is authorized to access the given url.
-        # Caching of authorizations is baked into the method.  So long as the
-        # same user object is used, an authorization for the same path will be
-        # cached and returned.
-        # 
-        # See <tt>Controller#recognize_path</tt> for more information about the possible
-        # options that can be used.
-        def authorized_for?(options = '')
-          @authorizations ||= {}
-          
-          controller_path, action = Controller.recognize_path(options)
-          options = {:controller => controller_path, :action => action}
-          @authorizations["#{controller_path}/#{action}"] ||= Permission.restricts?(options) ? roles.find_all_authorized_for(options).any? : true
-        end
-        
-        # Gets the ids of all roles associated with this user
-        def role_ids
-          roles.map(&:id)
-        end
-        
-        # Sets the topics to associate with this fact.
-        def role_ids=(ids)
-          removed_ids = role_ids - ids
-          new_ids = ids - role_ids
-          
-          transaction do
-            role_assignments.delete(role_assignments.select {|assignment| removed_ids.include?(assignment.role_id)})
-            new_ids.each {|id| role_assignments.create!(:role_id => id)}
-          end
-          
-          roles.reload
-        end
-      end
+      include HasRoles::InstanceMethods
+    end
+  end
+  
+  module InstanceMethods
+    # Checks whether this user is authorized to access the given url.
+    # 
+    # == Examples
+    # 
+    #   user = User.find(1)
+    #   user.authorized_for?(:controller => 'admin/messages')
+    #   user.authorized_for?(:controller => 'admin/messages', :action => 'destroy')
+    #   user.authorized_for?('admin/messages')
+    #   user.authorized_for?('http://localhost:3000/admin/messages')
+    def authorized_for?(options = '')
+      !Permission.restricts?(options) || roles.authorized_for(options).exists?
     end
   end
 end
 
 ActiveRecord::Base.class_eval do
-  include PluginAWeek::Has::Roles
+  extend HasRoles::MacroMethods
 end

data/test/app_root/app/controllers/admin/base_controller.rb

@@ -0,0 +1,2 @@
+class Admin::BaseController < ApplicationController
+end

data/test/app_root/app/controllers/admin/users_controller.rb

@@ -1,2 +1,11 @@
-class Admin::UsersController < ApplicationController
+class Admin::UsersController < Admin::BaseController
+  before_filter :authorization_required, :only => :destroy
+  
+  def index
+    render :text => 'Welcome!'
+  end
+  
+  def destroy
+    render :text => 'Destroyed!'
+  end
 end

data/test/app_root/app/controllers/application_controller.rb

@@ -0,0 +1,7 @@
+class ApplicationController < ActionController::Base
+  protected
+    def current_user
+      @current_user ||= session[:user_id] ? User.find_by_id(session[:user_id]) : nil
+    end
+    helper_method :current_user
+end

data/test/app_root/config/environment.rb

@@ -1,25 +1,12 @@
 require 'config/boot'
 
-$:.unshift("#{RAILS_ROOT}/../../../../../rails/plugin_dependencies/lib")
-begin
-  require 'plugin_dependencies'
-rescue Exception => e
-end
-
 Rails::Initializer.run do |config|
-  config.plugin_paths.concat([
-    "#{RAILS_ROOT}/../../..",
-    "#{RAILS_ROOT}/../../../../migrations",
-    "#{RAILS_ROOT}/../../../../../rails",
-    "#{RAILS_ROOT}/../../../../../test"
-  ])
-  config.plugins = [
-    'loaded_plugins',
-    'appable_plugins',
-    'plugin_migrations',
-    File.basename(File.expand_path("#{RAILS_ROOT}/../..")),
-    'dry_validity_assertions'
-  ]
+  config.plugin_paths << '..'
+  config.plugins = %w(enumerate_by has_roles)
   config.cache_classes = false
   config.whiny_nils = true
+  config.action_controller.session = {:key => 'rails_session', :secret => 'd229e4d22437432705ab3985d4d246'}
+  config.after_initialize do
+    EnumerateBy.perform_caching = false
+  end
 end

data/test/app_root/config/routes.rb

@@ -1,3 +1,4 @@
 ActionController::Routing::Routes.draw do |map|
+  map.connect '', :controller => 'home', :action => 'index'
   map.connect ':controller/:action/:id'
 end

data/test/app_root/db/migrate/001_create_users.rb

@@ -1,7 +1,7 @@
 class CreateUsers < ActiveRecord::Migration
   def self.up
     create_table :users do |t|
-      t.column :login, :string, :null => false
+      t.string :login, :null => false
     end
   end
 

data/test/app_root/db/migrate/002_migrate_has_roles_to_version_4.rb

@@ -0,0 +1,13 @@
+class MigrateHasRolesToVersion4 < ActiveRecord::Migration
+  def self.up
+    ActiveRecord::Migrator.new(:up, "#{Rails.root}/../../db/migrate", 0).migrations.each do |migration|
+      migration.migrate(:up)
+    end
+  end
+  
+  def self.down
+    ActiveRecord::Migrator.new(:up, "#{Rails.root}/../../db/migrate", 0).migrations.each do |migration|
+      migration.migrate(:down)
+    end
+  end
+end

data/test/factory.rb

@@ -0,0 +1,63 @@
+module Factory
+  # Build actions for the model
+  def self.build(model, &block)
+    name = model.to_s.underscore
+    
+    define_method("#{name}_attributes", block)
+    define_method("valid_#{name}_attributes") {|*args| valid_attributes_for(model, *args)}
+    define_method("new_#{name}")              {|*args| new_record(model, *args)}
+    define_method("create_#{name}")           {|*args| create_record(model, *args)}
+  end
+  
+  # Get valid attributes for the model
+  def valid_attributes_for(model, attributes = {})
+    name = model.to_s.underscore
+    send("#{name}_attributes", attributes)
+    attributes.stringify_keys!
+    attributes
+  end
+  
+  # Build an unsaved record
+  def new_record(model, *args)
+    attributes = valid_attributes_for(model, *args)
+    record = model.new(attributes)
+    attributes.each {|attr, value| record.send("#{attr}=", value) if model.accessible_attributes && !model.accessible_attributes.include?(attr) || model.protected_attributes && model.protected_attributes.include?(attr)}
+    record
+  end
+  
+  # Build and save/reload a record
+  def create_record(model, *args)
+    record = new_record(model, *args)
+    record.save!
+    record.reload
+    record
+  end
+  
+  build Permission do |attributes|
+    attributes.reverse_merge!(
+      :controller => 'admin/users'
+    )
+  end
+  
+  build Role do |attributes|
+    attributes.reverse_merge!(
+      :name => 'developer'
+    )
+  end
+  
+  build RoleAssignment do |attributes|
+    attributes[:role] = create_role unless attributes.include?(:role)
+    attributes[:assignee] = create_user unless attributes.include?(:assignee)
+  end
+  
+  build RolePermission do |attributes|
+    attributes[:permission] = create_permission unless attributes.include?(:permission)
+    attributes[:role] = create_role unless attributes.include?(:role)
+  end
+  
+  build User do |attributes|
+    attributes.reverse_merge!(
+      :login => 'admin'
+    )
+  end
+end

data/test/functional/application_controller_test.rb

@@ -0,0 +1,45 @@
+require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
+
+class ControllerLoggedOutTest < ActionController::TestCase
+  tests Admin::UsersController
+  
+  attr_reader :session
+  
+  def setup
+    @request.session[:user_id] = nil
+    
+    post :destroy, :id => 1
+  end
+  
+  def test_should_not_be_successful
+    assert_equal '401', @response.code
+  end
+end
+
+class ControllerLoggedInTest < ActionController::TestCase
+  tests Admin::UsersController
+  
+  attr_reader :session
+  
+  def setup
+    @user = create_user
+    @request.session[:user_id] = @user.id
+    
+    @role = create_role(:name => 'developer')
+    create_role_permission(:role => @role, :permission => create_permission(:controller => 'admin/users'))
+  end
+  
+  def test_should_be_successful_if_authorized
+    create_role_assignment(:role => @role, :assignee => @user)
+    
+    post :destroy, :id => 1
+    
+    assert_response :success
+  end
+  
+  def test_should_not_be_successful_if_unauthorized
+    post :destroy, :id => 1
+    
+    assert_equal '401', @response.code
+  end
+end

data/test/functional/has_roles_test.rb

@@ -0,0 +1,68 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UserAfterBeingCreatedTest < ActiveRecord::TestCase
+  def setup
+    @user = create_user
+  end
+  
+  def test_should_not_have_any_role_assignments
+    assert @user.role_assignments.empty?
+  end
+  
+  def test_should_not_have_any_roles
+    assert @user.roles.empty?
+  end
+end
+
+class UserWithoutRoleAssignmentsTest < ActiveRecord::TestCase
+  def setup
+    @user = create_user
+  end
+  
+  def test_should_be_authorized_if_path_is_not_permissioned
+    assert @user.authorized_for?('/users/create')
+  end
+  
+  def test_should_not_be_authorized_if_path_is_permissioned
+    create_permission(:controller => 'users', :action => 'create')
+    assert !@user.authorized_for?('/users/create')
+  end
+end
+
+class UserWithRoleAssignmentsTest < ActiveRecord::TestCase
+  def setup
+    @user = create_user
+    @administrator = create_role(:name => 'administrator')
+    create_role_permission(:role => @administrator, :permission => create_permission(:controller => 'admin/users'))
+    create_role_assignment(:assignee => @user, :role => @administrator)
+  end
+  
+  def test_should_have_roles
+    assert_equal [@administrator], @user.roles
+  end
+  
+  def test_should_be_authorized_if_path_is_not_permissioned
+    assert @user.authorized_for?('')
+  end
+  
+  def test_should_be_authorized_if_role_has_permission
+    assert @user.authorized_for?('/admin/users')
+  end
+  
+  def test_should_not_be_authorized_if_no_roles_have_permission
+    create_permission(:controller => 'users')
+    assert !@user.authorized_for?('/users')
+  end
+end
+
+class UserAfterBeingDestroyedTest < ActiveRecord::TestCase
+  def setup
+    @user = create_user
+    @administrator = create_role_assignment(:assignee => @user)
+    @user.destroy
+  end
+  
+  def test_should_destroy_associated_role_assignments
+    assert_nil RoleAssignment.find_by_id(@administrator.id)
+  end
+end

data/test/helpers/authorization_helper_test.rb

@@ -0,0 +1,92 @@
+require File.expand_path(File.dirname(__FILE__) + '/../test_helper')
+
+class AuthorizationHelperTest < ActionController::TestCase
+  tests Admin::UsersController
+  
+  include ActionController::Base.master_helper_module
+  
+  def test_should_respond_to_authorized?
+    assert respond_to?(:authorized?)
+  end
+  
+  def test_should_respond_to_authorized_for?
+    assert respond_to?(:authorized_for?)
+  end
+end
+
+class AuthorizationHelperLoggedOutTest < ActionController::TestCase
+  tests Admin::UsersController
+  
+  include ActionController::Base.master_helper_module
+  
+  attr_reader :controller, :session
+  
+  def setup
+    @session = @controller.session = ActionController::TestSession.new
+    session[:user_id] = nil
+  end
+  
+  def test_should_not_be_authorized_for_current_page
+    assert !authorized?
+  end
+  
+  def test_should_not_be_authorized_for_custom_url
+    assert !authorized_for?('admin/users/destroy')
+  end
+end
+
+class AuthorizationHelperWithoutPermissionsTest < ActionController::TestCase
+  tests Admin::UsersController
+  
+  include ActionController::Base.master_helper_module
+  
+  attr_reader :controller, :session
+  
+  def setup
+    get :index
+    
+    @session = @controller.session = ActionController::TestSession.new
+    
+    @user = create_user
+    session[:user_id] = @user.id
+    
+    create_permission(:controller => 'admin/users')
+  end
+  
+  def test_should_not_be_authorized_for_current_page
+    assert !authorized?
+  end
+  
+  def test_should_not_be_authorized_for_custom_url
+    assert !authorized_for?('/admin/users/destroy/1')
+  end
+end
+
+class AuthorizationHelperWithPermissionsTest < ActionController::TestCase
+  tests Admin::UsersController
+  
+  include ActionController::Base.master_helper_module
+  
+  attr_reader :controller, :session
+  
+  def setup
+    get :index
+    
+    @session = @controller.session = ActionController::TestSession.new
+    
+    @user = create_user
+    session[:user_id] = @user.id
+    
+    role = create_role(:name => 'developer')
+    create_role_permission(:role => role, :permission => create_permission(:controller => 'admin/users'))
+    create_role_assignment(:role => role, :assignee => @user)
+  end
+  
+  def test_should_be_authorized_for_current_page_if_user_has_proper_permissions
+    assert authorized?
+  end
+  
+  def test_should_be_authorized_for_custom_url_if_user_has_proper_permissions
+    assert authorized_for?('/admin/users/destroy/1')
+  end
+end

data/test/helpers/url_helper_test.rb

@@ -0,0 +1,35 @@
+require File.dirname(__FILE__) + '/../test_helper'
+
+class UrlHelperUnauthorizedTest < ActionView::TestCase
+  tests HasRoles::UrlHelper
+  
+  def test_should_link_to_nothing_if_not_showing_text
+    assert_equal '', link_to_if_authorized('Destroy User', '/admin/users/destroy', :show_text => false)
+  end
+  
+  def test_should_display_text_if_showing_text
+    assert_equal 'Destroy User', link_to_if_authorized('Destroy User', '/admin/users/destroy', :show_text => true)
+  end
+  
+  private
+    def authorized_for?(url)
+      false
+    end
+end
+
+class UrlHelperAuthorizedTest < ActionView::TestCase
+  tests HasRoles::UrlHelper
+  
+  def setup
+    @controller = ActionView::TestCase::TestController.new
+  end
+  
+  def test_should_link_to_url
+    assert_equal '<a href="/admin/users/destroy">Destroy User</a>', link_to_if_authorized('Destroy User', '/admin/users/destroy', :show_text => false)
+  end
+  
+  private
+    def authorized_for?(url)
+      true
+    end
+end

data/test/test_helper.rb

@@ -1,9 +1,18 @@
 # Load the plugin testing framework
-$:.unshift("#{File.dirname(__FILE__)}/../../../../test/plugin_test_helper/lib")
+$:.unshift("#{File.dirname(__FILE__)}/../../plugin_test_helper/lib")
 require 'rubygems'
 require 'plugin_test_helper'
 
-PluginAWeek::PluginMigrations.migrate('has_roles')
-
 # Run the migrations
-ActiveRecord::Migrator.migrate("#{RAILS_ROOT}/db/migrate")
+ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate")
+
+# Mixin the factory helper
+require File.expand_path("#{File.dirname(__FILE__)}/factory")
+Test::Unit::TestCase.class_eval do
+  include Factory
+end
+
+# Remove defaults for testing
+RolePermission.delete_all
+Permission.delete_all
+Role.delete_all