hippo-fw 0.9.1

data/docs/todo-example-part-1.md

@@ -0,0 +1,69 @@
+---
+title: TODO MVC Example
+position_after: command
+---
+
+As is required by all new frameworks, this is an example of creating a TODO application using the Hippo framework.
+
+First install Hippo via Rubygems.  `gem install hippo`
+
+As always when using Hippo, the first thing you'll need to do is generate your application.  We will name this app simply as `todo`
+
+{% highlight bash %}
+hippo new todo
+{% endhighlight %}
+
+This will create a new directory with a skeleton Hippo application.  Read more about the directories and what their purposes are at {% doc_link command heading:'hippo new' %}.
+
+[Our example app at this point](https://github.com/argosity/hippo-todo-demo/tree/c5ee64a5e932055470bf2d13d417f118b89114d6)
+
+# Setup
+
+A sample database configuration file is located in `config/database.yml` which will use a postgresql database named todo_dev.  For the purposes of this example, we'll just create a new postgresql database that matches the configuration: `createdb todo_dev`
+
+Fire up the hippo testing server: `hippo serve`.  The test server will start the app and you can view it at: `http://localhost:8888/`.   You should see a simple "Todo" message.  You can also view the Jasmine specs at `http://localhost:8888/spec`
+
+Next we'll create a data model `hippo generate model task title:string{80} completed:boolean` [commit](https://github.com/argosity/hippo-todo-demo/commit/e22d058d49c482f9be0167068adab1e37be868bc)
+
+Since a task should default to being non-completed, we'll edit the migration to default that field to `false` and add a validation to the model [commit](https://github.com/argosity/hippo-todo-demo/commit/4fda061c13d399062850173eff7bb616563a82bf)
+
+Hippo uses the concept of **Screens** to dynamically load a React component and all it's dependencies.  In this case, the Todo app will have only one screen which we can create by running: `hippo generate screen main` [commit](https://github.com/argosity/hippo-todo-demo/commit/f8614fd7d2e29987639ed7c6141e35c5e51e035f)
+
+Looking at the Todo app, it has four distinct areas. A `sidebar`, `header`, `footer` and `listing` components. We can create views for them by executing `hippo generate component <name>`, where '< name >' is the view to create. [commit](https://github.com/argosity/hippo-todo-demo/commit/cdd63af42efada9d3c9a05658337e44141a0500a)
+
+We'll copy the styles from the [TodoMVC template](https://github.com/tastejs/todomvc/tree/master/template).
+
+First we take the TodoMVC html template and break it apart into sections and copy them to each view.  We're then able to plug each component's into the Screen. [commit](https://github.com/argosity/hippo-todo-demo/commit/cb2651fc3c7bfc0d2f093023056241b93c9b0597)
+
+Run migration: `hippo db migrate`
+
+We'll also create a TaskSummary model that is in charge of summarizing the state of the tasks.  It will listen to the tasks collection and perform calculations when events occur. [commit](https://github.com/argosity/hippo-todo-demo/commit/61a9cb6a6101816becf7f0aa556dd6506f9ffed4)
+
+# Data and events
+
+## Header
+It's responsible for interaction with the "What needs to be done?" input.  When text is present and the "enter" key is pressed, it should save a record and add it to the collection.  We're able to do so in [just a few lines of code](https://github.com/argosity/hippo-todo-demo/commit/bbdf8c8a95ddea8285615d4a7898d9054b22c4b4)
+
+## Listing
+This component is a bit more complex.  It's split into two components, a parent which handles toggling all todo's between being complete and pending, and a collection of task components that model each individual task. [Listing](https://github.com/argosity/hippo-todo-demo/blob/master/client/todo/components/Listing.cjsx)
+
+Each Task component is responsible for handling it's own editing state and saving value to it's model. [TaskComponent](https://github.com/argosity/hippo-todo-demo/blob/master/client/todo/components/Task.cjsx)
+
+## Footer
+The only action this component takes is to delete any tasks that are marked as complete when the "Clear Completed" button is clicked.  It also displays quite a few values from our TasksSummary.  Lane's data-bindings make these easy to wire up. [Footer](https://github.com/argosity/hippo-todo-demo/blob/master/client/todo/components/Footer.cjsx)
+
+You might notice that Hippo makes it super easy to batch update or delete a collection.  The footer simply calls destroyAll on the "completed" sub-collection provided by the TaskSummary.  Since that sub-collection filters the main collection to only contain "completed" tasks, it's safe to just destroy all the model's in one go.
+
+# Routing
+
+For a simple app like the this one, it's easiest to just allow the URL change to trigger what the filtered collection is displaying. [Routing](https://github.com/argosity/hippo-todo-demo/blob/master/client/todo/Routes.cjsx)
+
+# Deploying
+
+For the example we'll host it on Heroku.  Other deployments should be similar to deploying a Rails application.
+
+Simply commit the source and add a remote per Heroku's instructions: [https://devcenter.heroku.com/articles/git](https://devcenter.heroku.com/articles/git)
+
+When you `git push heroku`, Heroku will notice that Hippo uses sprockets and will automatically run `rake assets:precompile`, and then run the application using the puma webserver.
+
+On first deploy and when your db schema has changed, you will have to provision and migrate the database on Heroku by running: `heroku run rake db:migrate`

data/hippo-fw.gemspec

@@ -0,0 +1,79 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'hippo/version'
+
+Gem::Specification.new do |spec|
+
+    spec.name          = "hippo-fw"
+    spec.version       = Hippo::VERSION
+    spec.authors       = ["Nathan Stitt"]
+    spec.email         = ["nathan@argosity.com"]
+
+    spec.summary       = %q{Hippo is a framework for easily writing single page web applications}
+    spec.description   = %q{Hippo is a framework for writing single page web applications.  It's a full stack framework that contains  both server and client.}
+
+    spec.homepage      = "https://github.com/argosity/hippo"
+
+    spec.license       = "MIT"
+
+    spec.files         = `git ls-files`.split($/)
+    spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+    spec.test_files    = spec.files.grep(%r{^test/})
+    spec.require_paths = ["lib"]
+
+    spec.required_ruby_version = ">= 2.0"
+
+    spec.add_dependency "activejob",              "~> 5.0.0"
+    spec.add_dependency "activerecord",           "~> 5.0.0"
+    spec.add_dependency "actioncable",            "~> 5.0.0"
+    spec.add_dependency "mail",                   "~> 2.6"
+    spec.add_dependency "liquid",                 "~> 4.0"
+    spec.add_dependency 'erb_latex',              "~> 1.0"
+    spec.add_dependency 'shrine-memory',          "~> 0.2"
+    spec.add_dependency 'factory_girl',           "~> 4.8"
+    spec.add_dependency 'faker',                  "~> 1.7"
+    spec.add_dependency 'webmock',                "~> 3.0"
+    spec.add_dependency "database_cleaner",       "~> 1.3"
+    spec.add_dependency 'vcr',                    "~> 3.0"
+    spec.add_dependency "sinatra",                "~> 2.0.0.rc2"
+    spec.add_dependency "rack-protection",        "~> 2.0.0.rc2"
+    spec.add_dependency "rack",                   "~> 2.0"
+
+    spec.add_dependency "rack-cors",              "~> 0.4"
+    spec.add_dependency "rack-test",              "~> 0.6"
+
+    spec.add_dependency "bcrypt",                 "~> 3.1"
+    spec.add_dependency "shrine",                 "~> 2.4"
+    spec.add_dependency "image_processing",       "~> 0.4"
+
+    spec.add_dependency "execjs",                 "~> 2.6"
+    spec.add_dependency "fastimage",              "~> 2.0"
+    spec.add_dependency "guard",                  "~> 2.13"
+
+    spec.add_dependency "rspec-rails",            "~> 3.5"
+
+    spec.add_dependency "guard-jest",             "~> 0.1"
+    spec.add_dependency "guard-rspec",            "~> 4.7"
+    spec.add_dependency "hashie",                 "~> 3.3"
+
+    spec.add_dependency "jobba",                  "~> 1.4"
+    spec.add_dependency "jwt",                    "~> 1.5"
+    spec.add_dependency "mini_magick",            "~> 4.3"
+
+    spec.add_dependency "oj",                     "~> 2.1"
+    spec.add_dependency "pg",                     "~> 0.8"
+    spec.add_dependency "rake",                   "~> 12.0"
+    spec.add_dependency "require_all",            "~> 1.3"
+    spec.add_dependency "resque",                 "~> 1.27"
+    spec.add_dependency "sanitize",               "~> 3.0"
+    spec.add_dependency "webpack_driver",         "~> 0.2"
+    spec.add_dependency "knitter",                "~> 0.2.2"
+
+    spec.add_dependency "thor",                   "~> 0.19"
+
+    spec.add_development_dependency "bundler",    "~> 1.5"
+    spec.add_development_dependency "diffy",      "~> 3.0"
+    spec.add_development_dependency "growl",      "~> 1.0"
+    spec.add_development_dependency "shrine-memory", "~> 0.2"
+end

data/lib/generators/hippo/migrations/install_generator.rb

@@ -0,0 +1,42 @@
+require 'hippo/db/migrations'
+
+module Hippo
+
+    module Migrations
+
+        class InstallGenerator < Rails::Generators::Base
+            include Rails::Generators::Migration
+
+            source_root Hippo::DB::Migrations.paths.first
+
+            Hippo::DB::Migrations.paths.slice(1..-1).each do | source_path |
+                source_paths << source_path
+            end
+
+            desc "Install Stockor migrations"
+            def self.next_migration_number(path)
+                unless @prev_migration_nr
+                    @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+                else
+                    @prev_migration_nr += 1
+                end
+                @prev_migration_nr.to_s
+            end
+
+            def copy_migrations
+                Hippo::DB::Migrations.paths.each do | source_path |
+
+                    Pathname.glob( source_path.join('*') ).each do | migration |
+                        from = File.basename( migration )
+                        dest = from.gsub(/^\d+_(.*).rb$/,'\\1.rb')
+                        if self.class.migration_exists?("db/migrate", "#{dest}")
+                            say_status("skipped", "Migration #{dest} already exists")
+                        else
+                            migration_template( from, "db/migrate/#{dest}" )
+                        end
+                    end
+                end
+            end
+        end
+    end
+end

data/lib/hippo-fw.rb

@@ -0,0 +1 @@
+require_relative './hippo'

data/lib/hippo.rb

@@ -0,0 +1,34 @@
+require 'active_record'
+require 'pathname'
+
+module Hippo
+    ROOT_PATH = Pathname.new(__FILE__).dirname.join('..')
+end
+
+require_relative "hippo/version"
+require_relative "hippo/environment"
+require_relative "hippo/configuration"
+require_relative "hippo/redis"
+require_relative "hippo/logger"
+if defined?(::Rails)
+    require_relative "hippo/rails_engine"
+end
+require_relative "hippo/db"
+require_relative "hippo/strings"
+require_relative "hippo/numbers"
+require_relative "hippo/concerns/all"
+require_relative "hippo/validators/all"
+require_relative "hippo/model"
+require_relative "hippo/system_settings"
+require_relative "hippo/asset"
+require_relative "hippo/extension"
+require_relative "hippo/screen"
+require_relative "hippo/job"
+require_relative "hippo/job/failure_logger"
+require_relative "hippo/templates/base"
+require_relative "hippo/templates/latex"
+require_relative "hippo/templates/liquid"
+require_relative "hippo/mailer"
+require_relative 'hippo/user'
+require_relative "hippo/access"
+require_relative "hippo/workspace"

data/lib/hippo/access.rb

@@ -0,0 +1,49 @@
+require_relative 'workspace'
+
+module Hippo
+
+    module Access
+
+        class << self
+
+            def type_to_client(klass)
+                klass.to_s.sub(/^(\w+).*?(\w+)$/,'\1.Models.\2')
+            end
+
+            def type_to_client_id(klass)
+                ( klass.is_a?(Class) ? klass : klass.class ).to_s.demodulize.underscore
+            end
+
+            def for_user( user )
+                {
+                    :roles => user.roles.map{ | role |
+                        {
+                            type: type_to_client_id(role),
+                            read: role.read_types.map{ |klass| type_to_client(klass) },
+                            write: role.write_types.map{ |klass| type_to_client(klass) },
+                            delete: role.delete_types.map{ |klass| type_to_client(klass) }
+                        }
+                    },
+                    :locked_fields => LockedFields.definitions.map{ | klass, locks |
+                        {
+                            type: type_to_client(klass),
+                            locks: locks.each_with_object({}) do |(field, grants), result|
+                                result[field] = grants.map do |grant|
+                                    { role: type_to_client_id(grant[:role]), only: grant[:only] }
+                                end
+                            end
+                        }
+                    }
+                }
+            end
+
+        end
+    end
+
+end
+
+require_relative 'access/authentication_provider'
+require_relative 'access/locked_fields'
+require_relative 'access/role'
+require_relative 'access/role_collection'
+require_relative 'access/track_modifications'

data/lib/hippo/access/authentication_provider.rb

@@ -0,0 +1,79 @@
+module Hippo
+    module API
+        class AuthenticationProvider
+
+            def self.user_for_request(request)
+                token = request.params['jwt']
+                token ? User.for_jwt_token(token) : nil
+            end
+
+            attr_reader :request
+
+            def initialize(request)
+                @request=request
+            end
+
+            def current_user
+                @current_user ||= AuthenticationProvider.user_for_request(request)
+            end
+
+            def error_message
+                current_user ? "User not found" : error_message_for_access
+            end
+
+            def error_message_for_access
+                return "Unable to " + case request.request_method
+                                      when 'GET' then "read"
+                                      when 'POST','PATCH','PUT' then "write"
+                                      when 'DELETE' then "delete"
+                                      else
+                                          "perform action"
+                                      end
+            end
+
+            def allowed_access_to?(klass, options = {})
+                return true if options[:public] == true and current_user.nil?
+                return false if current_user.nil?
+                case request.request_method
+                when 'GET'
+                    klass.can_read_attributes?(request.params, current_user)
+                when 'POST', 'PATCH', 'PUT'
+                    klass.can_write_attributes?(request.params, current_user)
+                when 'DELETE'
+                    klass.can_delete_attributes?(request.params, current_user)
+                else
+                    false
+                end
+            end
+
+            def wrap_request(req)
+                if current_user
+                    ::Hippo::User.scoped_to(current_user) do | user |
+                        yield
+                    end
+                else
+                    fail_request(req)
+                end
+            end
+
+            def wrap_model_access(model, req, options = {})
+                if allowed_access_to?(model, options)
+                    ::Hippo::User.scoped_to(current_user) do | user |
+                        yield
+                    end
+                else
+                    fail_request(req)
+                end
+            end
+
+            def fail_request(req)
+                Hippo.logger.warn request.env['HTTP_X_TESTING_USER']
+                Hippo.logger.warn "Unauthorized access attempted to #{req.url}"
+                req.halt( 401, Oj.dump({
+                    success:false, errors: {user: "Access Denied"}, message: "Access Denied"
+                }))
+            end
+        end
+
+    end
+end

data/lib/hippo/access/config/database.yml

@@ -0,0 +1,9 @@
+development:
+  adapter: postgresql
+  database: hippo_dev
+  host: /tmp
+
+test:
+  adapter: postgresql
+  database: hippo_dev
+  host: /tmp

data/lib/hippo/access/config/routes.rb

@@ -0,0 +1,20 @@
+require_relative '../user'
+require_relative '../../api/handlers/user_session'
+
+module Hippo
+    Hippo::API.routes.for_extension 'hippo-access' do
+
+        post "user-sessions.json", &API::Handlers::UserSession.create
+
+        get "user-sessions/test.json", &API::Handlers::UserSession.check
+
+        delete "user-sessions/:id.json" do
+            wrap_reply do
+                { success: true, message: "Logout succeeded", data: {}, token: '' }
+            end
+        end
+
+        resources User
+
+    end
+end

data/lib/hippo/access/locked_fields.rb

@@ -0,0 +1,43 @@
+module Hippo
+    module Access
+
+        class LockedFields
+
+            @definitions = Hash.new{ |fields,klass|
+                fields[klass] = Hash.new{ |grants,field| grants[field] = [] }
+            }
+            class << self
+
+                # @param klass [Hippo::Model]
+                # @param field [Symbol]
+                # @param access_type [:read, :write]
+                # @return [Array<Role>] Roles that are allowed to access the field.
+                # An empty array indicates that the field is not locked and the Model
+                # should be used for determining access
+                def roles_needed_for(klass, attribute, access_type)
+                    if @definitions.has_key?(klass) && @definitions[klass].has_key?(attribute)
+                        @definitions[klass][attribute].each_with_object([]) do | grant, result |
+                            result.push(grant[:role]) if grant[:only].nil? || grant[:only] == access_type
+                        end
+                    else
+                        []
+                    end
+                end
+
+                # Lock a given class and attribute to a given role
+                # @param klass [Hippo::Model]
+                # @param field [Symbol]
+                # @param only [:read, :write]
+                def lock(klass, field, role, only=nil)
+                    @definitions[klass][field] << { role: role, only: only }
+                end
+
+                def definitions
+                    @definitions
+                end
+            end
+
+        end
+
+    end
+end