invitational 1.1.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 17a5a124a390f4503a9ee874522e80f511c03664
+  data.tar.gz: fc524576ad2faf67f5d8fa8d3901c0211a38d09d
+SHA512:
+  metadata.gz: 67ebd517377d4256a47063e18f97739b94d74f9b73061b4c0a5a7abd41e0709b00da020fec4ca15c4bdcbd53b3150b6736c3daa20f8803a878f7f7414cd12b3a
+  data.tar.gz: 6a8a893f60048c60d765c08e1ddcc60b6cd2673d6e1cab718a0baa889cd5a5165fc254ba9343fe6dd97335b296cdcf30d6cd44b557a37e3f81b6ea43ad7f59e0

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,215 @@
+#Overview
+
+The purpose of Invitational is to eliminate the tight coupling between user identity/authentication and application authorization.  It is a common pattern in multi-user systems that in order to grant access to someone else, an existing administrator must create a user account, providing a username and password, and then grant permissions to that account.  The administrator then needs to communicate the username and password to the individual, often via email.  The complexity of this process is compounded in multi-account based systems where a single user might wind up with mutiple user accounts with various usernames and passwords.
+
+Inspired by 37Signals' single sign-on process for Basecamp, Invitational provides an intermediate layer between an identity model (i.e. User) and some entity to which authorization is given.  This intermediate layer, an Invitation, represents a granted role for a given entity.  These roles can then be leveraged by the application's functional authorization system.
+
+Invitational supplies a custom DSL on top of the CanCan gem to provide an easy implementation of role-based functional authorization.  This DSL supports the hierarchical model common in many systems.  Permissions can be esablished for a child based upon an invitation to its parent (or grandparent, etc).
+
+An invitation is initially created in an un-claimed state.  The invitation is associated with an email address, but can be claimed by any user who has the unique claim hash.  The Invitational library allows for this delegation of authority, though it is fully possible for a host application to implement a requirement that the user claiming an invitation must match the email for which the invitation was created.  Once claimed, an invitation may not be claimed again by any other user.
+
+
+#Getting Started
+Invitational works with Rails 4.0 and up.  You can add it to your Gemfile with:
+
+```
+gem 'invitational', git: 'git@github.com:d-i/invitational.git'
+```
+
+Run the bundle command to install it.
+
+After you install the gem, you need to run the generator:
+
+```
+rails generate invitational:install MODEL
+```
+
+Replace MODEL with the class name of your identity class.  Since this is very frequently `User`, the
+generator defaults to that class name, thus you can omit it if that is how your application is built:
+
+```
+rails generate invitational:install
+```
+
+The generator will add a database migration you will need to run:
+
+```
+rake db:migrate
+```
+
+#Implementation
+
+##invited_to
+The generator will setup your identity model (`User`) to include the `Invitational::InvitedTo` module.  As part of the Invitational 
+functionality it provides, the `invited_to` method is added to your user class along with the foundational has_many relationship to 
+Invitation.  This method accepts a list of the entity classes (as symbols) 
+to which a user can be invited:
+
+```
+invited_to :customer, :vendor, :supplier
+```
+
+This will setup has_many :through relationships for each entity:
+
+```
+user.companies
+user.vendors
+user.suppliers
+```
+
+##accepts_invitation_for
+To configure an entity as able to accept invitations, use the `make_invitable` generator:
+
+```
+rails generate invitational:make_invitable MODEL, ROLE1, ROLE2...
+```
+
+Here, replace MODEL with the name of the entity class you are making invitable.  Replace, ROLE1, ROLE2 with the 
+list of roles which are valid to this model, for example User, Admin.  The generator will include the `Invitational::AcceptsInvitationAs`
+module, and will pre-populate the call to the `accepts_invitation_as` method with the list of roles supplied:
+
+```
+accepts_invitation_as :user, :admin
+```
+
+As with your identity class, a foundational has_many relationship is established with Invitation.  The `accepts_invitation_as`
+method also sets up has_many :through relationships to user for each role identified:
+
+```
+entity.users
+entity.admins
+```
+
+You can then add this entity to the list of invitable classes on the `invited_to` call in your identity class.
+
+#Usage
+##Creating Invitations
+To create an invitation to a given model:
+
+```
+entity = Entity.find(1)
+
+entity.invite "foo@bar.com", :admin
+```
+
+The method will return the Invitation.  In the event that the email has already been invited to that entity, 
+an `Invitational::AlreadyInvitedError` will be raised.  If the passed role is not valid for the given entity (based on its 
+`accepts_invitation_as` call), an `Invitational::InvalidRoleError` will be raised.
+
+###Immediately Claimed Invitations
+
+In some situations it is preferable to have an invitation created that is immediately claimed by an existing user.
+For example, if the current user is creating an invitable entity, they would likely want to have immediate administrative
+authority to that entity.  In such situations, you can pass a user object (an instance of your identity class) to
+the invite method instead of an email.  The invitation that is created will be immedately claimed by that user:
+
+```
+entity = Entity.create(...)
+
+entity.invite current_user, :admin
+```
+
+##Claiming Invitations
+
+Invitations can be claimed by passing their hash and the claiming user to the `claim` class method on Invitation:
+
+```
+Invitation.claim claim_hash, current_user
+```
+
+The method will return the claimed Invitation. In the event that the hash does match an existing invitation, 
+an `Invitational::InvitationNotFoundError` will be raised.  If the hash is found, but the invitation has already 
+been claimed, an `Invitational::AlreadyClaimedError` will be raised.
+
+##Checking for Invitations
+
+The `invited_to?` instance method that Invitational adds to your identity class provides an easy interface to 
+check if a user has an accepted invitation to a specific entity.  Your query can be general (invited in any role) or 
+specifically for a supplied role:
+
+```
+current_user.invited_to? entity
+```
+
+Will return true if the current user has accepted an invitation in any role to the entity.
+
+```
+current_user.invited_to? entity, :admin
+```
+
+Will only return true if the current user has accepted an invitation as an Admin to the entity.
+
+##UberAdmin
+
+Invitational provides a special, system-wide, invitation and role called `:uberadmin`.  A user that has
+claimed an UberAdmin invitation will always indicate they have been invited to a given role for a given entity.  
+In other words, every call to `invited_to?` for an UberAdmin will return true.  
+
+To create an UberAdmin invitation:
+
+```
+Invitation.invite_uberadmin "foo@bar.com"
+```
+
+As with creating standard invitations, you can pass a user instead of an email to have the invitation
+claimed immediately by that user:
+
+```
+Invitation.invite_uberadmin current_user
+```
+
+The process to claim an UberAdmin invitation is the same as any other invitation.
+
+To make getting started with a brand new Invitational based environment easier, a rake task is provided to 
+create a new UberAdmin invitation.
+
+```
+rake invitational:create_uberadmin
+```
+
+This will output the claim hash for a new UberAdmin invitation.
+
+You can test to see if the a user is an uberadmin through:
+
+```
+current_user.uberadmin?
+```
+
+##CanCan
+
+Invitational adds a new condition key to CanCan's abilities, `:role`. This allows you to define the role(s)
+that a user must be invited into for a specific entity in order to perform the specified action.  For example, 
+to indicate that a user invited to a parent entity in an admin role can manage the parent entity, but a user 
+invited to a staff role can only read the parent entity, in your `ability.rb` file:
+
+```
+can :manage, Parent, roles: [:admin]
+can :read, Parent, roles: [:staff]
+```
+
+###Invitation to a parent
+To idenfitify abilities based upon invitations to a parent entity, add a hash as an element to the roles array, 
+supplying the parent attribute name as a key, and an allowed roles array as the value:
+
+```
+can :manage, Child, roles[ {parent: [:admin, :staff]}]
+```
+
+The parent invitation can be used recursively too, to specify grand-parent (or above) relationships:
+
+```
+can :manage, Child, roles[ {parent: {grand_parent: [:admin, :staff]}}]
+```
+
+To specify child and parent invitations, you can combine them on one line:
+
+```
+can :manage, Child, roles[:child_admin, {parent: [:admin, :staff]}]
+```
+
+However, it is recommended to specify them on separate lines:
+
+```
+can :manage, Child, roles[:child_admin]
+can :manage, Child, roles[ {parent: [:admin, :staff]}]
+```

data/Rakefile

@@ -0,0 +1,38 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+require "bundler/gem_tasks"
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Invitational'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+Bundler::GemHelper.install_tasks
+
+require 'rake/testtask'
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.libs << 'test'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+
+task :default => :test

data/app/assets/javascripts/invitational/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/app/assets/stylesheets/invitational/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+ */

data/app/controllers/invitational/application_controller.rb

@@ -0,0 +1,4 @@
+module Invitational
+  class ApplicationController < ActionController::Base
+  end
+end

data/app/helpers/invitational/application_helper.rb

@@ -0,0 +1,4 @@
+module Invitational
+  module ApplicationHelper
+  end
+end

data/app/modules/invitational/accepts_invitation_as.rb

@@ -0,0 +1,37 @@
+module Invitational
+  module AcceptsInvitationAs
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :invitations, :as => :invitable, dependent: :destroy
+
+      @roles = Array.new
+
+      def self.roles
+        @roles
+      end
+    end
+
+    module ClassMethods
+
+      def accepts_invitation_as *args
+        args.each do |role|
+          relation = role.to_s.pluralize.to_sym
+
+          has_many relation, -> {where "invitations.role = '#{role.to_s}'"}, through: :invitations, source: :user
+
+          self.roles << role
+        end
+      end
+    end
+
+    def invite target, role
+      unless self.class.roles.include? role
+        raise Invitational::InvalidRoleError.new
+      end
+
+      Invitational::CreatesInvitation.for self, target, role
+    end
+
+  end
+end

data/app/modules/invitational/invitation_core.rb

@@ -0,0 +1,97 @@
+module Invitational
+  module InvitationCore
+    extend ActiveSupport::Concern
+
+    included do
+      belongs_to :invitable, :polymorphic => true
+
+      before_create :setup_hash
+
+      validates :email,  :presence => true
+      validates :role,  :presence => true
+      validates :invitable,  :presence => true, :if => :standard_role?
+
+      scope :uberadmin, lambda {
+        where("invitable_id IS NULL AND role = 'uberadmin'")
+      }
+
+      scope :for_email, lambda {|email|
+        where('email = ?', email)
+      }
+
+      scope :pending_for, lambda {|email|
+        where('email = ? AND user_id IS NULL', email)
+      }
+
+      scope :for_claim_hash, lambda {|claim_hash|
+        where('claim_hash = ?', claim_hash)
+      }
+
+      scope :for_invitable, lambda {|type, id|
+        where('invitable_type = ? AND invitable_id = ?', type, id)
+      }
+
+      scope :by_role, lambda {|role|
+        where('role = ?', role.to_s)
+      }
+
+      scope :pending, lambda { where('user_id IS NULL') }
+      scope :claimed, lambda { where('user_id IS NOT NULL') }
+    end
+
+    module ClassMethods
+      def claim claim_hash, user
+        Invitational::ClaimsInvitation.for claim_hash, user
+      end
+
+      def claim_all_for user
+        Invitational::ClaimsAllInvitations.for user
+      end
+
+      def invite_uberadmin target
+        Invitational::CreatesUberAdminInvitation.for target
+      end
+
+    end
+
+    def setup_hash
+      self.date_sent = DateTime.now
+      self.claim_hash = Digest::SHA1.hexdigest(email + date_sent.to_s)
+    end
+
+    def standard_role?
+      role != :uberadmin
+    end
+
+    def role
+      unless super.nil?
+        super.to_sym
+      end
+    end
+
+    def role=(value)
+      super(value.to_sym)
+      role
+    end
+
+    def role_title
+      if uberadmin?
+        "Uber Admin"
+      else
+        role.to_s.titleize
+      end
+    end
+
+    def uberadmin?
+      invitable.nil? == true && role == :uberadmin
+    end
+
+    def claimed?
+      date_accepted.nil? == false
+    end
+
+    def unclaimed?
+      !claimed?
+    end
+  end
+end

data/app/modules/invitational/invited_to.rb

@@ -0,0 +1,29 @@
+module Invitational
+  module InvitedTo
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :invitations, dependent: :destroy
+    end
+
+    module ClassMethods
+      def invited_to *args
+        args.each do |entity|
+          relation = entity.to_s.pluralize.to_sym
+          type = entity.to_s.camelize
+
+          has_many relation, through: :invitations, source: :invitable, source_type: type
+        end
+      end
+    end
+
+    def uberadmin?
+      invitations.uberadmin.count > 0
+    end
+
+    def invited_to? entity, role=nil
+      Invitational::ChecksForInvitation.for self, entity,role
+    end
+
+  end
+end

data/app/services/invitational/checks_for_invitation.rb

@@ -0,0 +1,35 @@
+module Invitational
+  class ChecksForInvitation
+
+    def self.for user, invitable, roles=nil
+      self.uberadmin?(user) || self.specific_invite?(user, invitable, roles)
+    end
+
+private 
+
+    def self.uberadmin? user
+      user.invitations.uberadmin.count == 1
+    end
+
+    def self.specific_invite? user, invitable, roles
+      invites = user.invitations.for_invitable(invitable.class.name, invitable.id)
+
+      if invites.count > 0
+        unless roles.nil?
+          self.role_check invites.first, roles
+        else
+          true
+        end
+      end
+    end
+
+    def self.role_check invitation, roles
+      if roles.respond_to? :map
+        roles.include? invitation.role
+      else
+        invitation.role == roles
+      end
+    end
+
+  end
+end

data/app/services/invitational/claims_all_invitations.rb

@@ -0,0 +1,14 @@
+module Invitational
+  class ClaimsAllInvitations
+
+    def self.for user
+      pending_invitations = ::Invitation.pending_for(user.email)
+
+      pending_invitations.each do |invitation|
+        invitation.user = user
+        invitation.date_accepted = DateTime.now
+        invitation.save
+      end
+    end
+  end
+end

data/app/services/invitational/claims_invitation.rb

@@ -0,0 +1,22 @@
+module Invitational
+  class ClaimsInvitation
+
+    def self.for claim_hash, user
+      invitation = Invitation.for_claim_hash(claim_hash).first
+
+      if invitation.nil?
+        raise Invitational::InvitationNotFoundError.new
+      end
+
+      if invitation.claimed?
+        raise Invitational::AlreadyClaimedError.new
+      end
+
+      invitation.user = user
+      invitation.date_accepted = DateTime.now
+      invitation.save
+
+      invitation
+    end
+  end
+end

data/app/services/invitational/creates_invitation.rb

@@ -0,0 +1,32 @@
+module Invitational
+  class CreatesInvitation
+
+    def self.for invitable, target, role
+      if target.is_a? String
+        email = target
+
+        if invitable.invitations.for_email(email).count > 0
+          raise Invitational::AlreadyInvitedError
+        end
+
+      else
+        user = target
+        email = user.email
+
+        if user.invitations.for_invitable(invitable.class, invitable.id).count > 0
+          raise Invitational::AlreadyInvitedError
+        end
+      end
+
+      invitation = ::Invitation.new(invitable: invitable, role: role, email: email)
+      if user
+        invitation.user = user
+        invitation.date_accepted = DateTime.now
+      end
+      invitation.save
+
+      invitation
+    end
+
+  end
+end

data/app/services/invitational/creates_uber_admin_invitation.rb

@@ -0,0 +1,33 @@
+module Invitational
+  class CreatesUberAdminInvitation
+    attr_reader :success,
+                :invitation
+
+    def self.for target
+      if target.is_a? String
+        email = target
+
+        if Invitation.uberadmin.for_email(email).count > 0
+          raise Invitational::AlreadyInvitedError.new
+        end
+      else
+        user = target
+        email = user.email
+
+        if user.uberadmin?
+          raise Invitational::AlreadyInvitedError.new
+        end
+      end
+
+      invitation = ::Invitation.new(role: :uberadmin, email: email)
+      if user
+        invitation.user = user
+        invitation.date_accepted = DateTime.now
+      end 
+      invitation.save
+
+      invitation
+    end
+
+  end
+end

data/app/views/layouts/invitational/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Invitational</title>
+  <%= stylesheet_link_tag    "invitational/application", :media => "all" %>
+  <%= javascript_include_tag "invitational/application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/config/routes.rb

@@ -0,0 +1,2 @@
+Invitational::Engine.routes.draw do
+end

data/db/migrate/20130528220144_create_invitations.rb

@@ -0,0 +1,19 @@
+class CreateInvitations < ActiveRecord::Migration
+  def change
+    create_table :invitations do |t|
+      t.string :email
+      t.string :role
+      t.references :invitable, polymorphic: true
+      t.integer :user_id
+      t.datetime :date_sent
+      t.datetime :date_accepted
+      t.string :claim_hash
+
+      t.timestamps
+    end
+
+    add_index :invitations, :invitable_id
+    add_index :invitations, :invitable_type
+    add_index :invitations, :user_id
+  end
+end

data/lib/generators/invitational/install/USAGE

@@ -0,0 +1,15 @@
+Description:
+    This generator installs the necessary components for the Invitational gem, and provides the initial relatoinship
+    to your identiy class 
+
+Example:
+    rails generate invitational User
+
+    This will create:
+      app/model/ability.rb
+      app/model/invitation.rb
+      db/migrate/XXXX_create_invitations.invitational_engine.rb
+
+    This will update:
+      app/model/user.rb
+      Gemfile

data/lib/generators/invitational/install/install_generator.rb

@@ -0,0 +1,39 @@
+module Invitational
+  module Generators
+    class InstallGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      argument :identity_class, type: :string, default: "User", banner: "Class name of identity model (e.g. User)"
+
+      def invitation_model
+        @identity_class = identity_class.gsub(/\,/,"").camelize
+
+        if  @identity_class != "User"
+          @custom_user_class = ", :class_name => '#{@identity_class}'"
+        else
+          @custom_user_class = ""
+        end
+
+        template "invitation.rb", "app/models/invitation.rb"
+      end
+
+      def ability_model
+        @identity_model = @identity_class.underscore
+        template "ability.rb", "app/models/ability.rb"
+      end
+
+      def link_to_identity_model
+        path = "app/models/#{@identity_model}.rb"
+        content = "  include Invitational::InvitedTo\n"
+
+        inject_into_class path, @identity_class.constantize, content
+      end
+
+      def install_migration
+        rake("invitational_engine:install:migrations")
+      end
+
+    end
+
+  end
+end

data/lib/generators/invitational/install/templates/ability.rb

@@ -0,0 +1,19 @@
+require 'invitational/cancan'
+
+class Ability
+  include CanCan::Ability
+  include Invitational::CanCan::Ability
+
+  attr_reader :role_mappings, :<%= @identity_model %>
+
+  def initialize(<%= @identity_model %>)
+
+    @role_mappings = {}
+    @<%= @identity_model %> = <%= @identity_model %>
+
+    # Example:
+    # can :manage, Entity, roles: [:admin]
+
+  end
+
+end

data/lib/generators/invitational/install/templates/initializer.rb

@@ -0,0 +1,3 @@
+Invitational.user_class = "<%= @identity_class %>"
+
+Invitational.define_roles <%= @role_list %>

data/lib/generators/invitational/install/templates/invitation.rb

@@ -0,0 +1,7 @@
+class Invitation < ActiveRecord::Base
+  include ActiveModel::ForbiddenAttributesProtection
+  include Invitational::InvitationCore
+
+  belongs_to :user<%= @custom_user_class %>
+
+end

data/lib/generators/invitational/make_invitable/make_invitable_generator.rb

@@ -0,0 +1,22 @@
+module Invitational
+  module Generators
+    class MakeInvitableGenerator < Rails::Generators::Base
+      source_root File.expand_path('../templates', __FILE__)
+
+      argument :entity_class, type: :string, banner: "Class name of entity class to which users will be invited"
+      argument :roles, type: :array, default: ["role"], banner: "List of Valid Roles"
+
+      def add_invitational_reference
+        @entity_class = entity_class.gsub(/\,/,"").camelize
+        @entity_model = @entity_class.underscore
+        @path = "app/models/#{@entity_model}.rb"
+        @role_list = roles.map{|role| ":" + role.gsub(/\,/,"")}.join(", ")
+
+        content = "  include Invitational::AcceptsInvitationAs\n  accepts_invitation_as #{@role_list}\n"
+
+        inject_into_class @path, @entity_class.constantize, content
+      end
+
+    end
+  end
+end

data/lib/invitational.rb

@@ -0,0 +1,2 @@
+require "invitational/engine"
+require "invitational/exceptions"

data/lib/invitational/cancan.rb

@@ -0,0 +1,63 @@
+module Invitational
+  module CanCan
+    module Ability
+
+      def can(action = nil, subject = nil, conditions = nil, &block)
+        if conditions && conditions.has_key?(:roles)
+          roles = conditions.delete(:roles) if conditions
+          conditions = nil if conditions and conditions.empty?
+
+          block ||= setup_role_based_block_for roles, subject, action
+        end
+
+        rules << ::CanCan::Rule.new(true, action, subject, conditions, block)
+      end
+
+      def setup_role_based_block_for roles, subject, action
+        key = subject.name.underscore + action.to_s
+
+        if roles.respond_to? :values
+          role_type, roles  = [roles.keys.first, roles.values.first]
+        else
+          role_type = subject
+        end
+
+        role_mappings[key] = roles
+
+        block = ->(model){
+          roles = role_mappings[key]
+          check_permission_for model, user, roles
+        }
+
+        block
+      end
+
+      def check_permission_for model, user, in_roles
+
+        in_roles.reduce(false) do |result,role|
+          result || if role.respond_to? :values
+            method = role.keys.first
+            related = model.send(method)
+
+            if related.respond_to? :any?
+              related.any? do |model|
+                check_permission_for model, user, role.values.flatten
+              end
+            else
+              check_permission_for related, user, role.values.flatten
+            end
+
+          else
+            Invitational::ChecksForInvitation.for(user, model, role)
+          end
+        end
+
+      end
+
+      def attribute_roles attribute, roles
+        {attribute => roles}
+      end
+
+    end
+  end
+end

data/lib/invitational/engine.rb

@@ -0,0 +1,4 @@
+module Invitational
+  class Engine < ::Rails::Engine
+  end
+end

data/lib/invitational/exceptions.rb

@@ -0,0 +1,9 @@
+module Invitational
+  class InvitationalError < StandardError; end
+
+  class InvalidRoleError < InvitationalError; end
+  class AlreadyInvitedError < InvitationalError; end
+
+  class InvitationNotFoundError < InvitationalError; end
+  class AlreadyClaimedError < InvitationalError; end
+end

data/lib/invitational/version.rb

@@ -0,0 +1,3 @@
+module Invitational
+  VERSION = "1.1.5"
+end

data/lib/tasks/invitational_tasks.rake

@@ -0,0 +1,12 @@
+namespace :invitational do
+  desc "Creates an Uberadmin User"
+  task :create_uberadmin => [:environment] do
+    email = Digest::SHA1.hexdigest(DateTime.now.to_s) + "@localhost"
+
+    creator = Invitational::CreatesUberAdminInvitation.for email
+    invitation = creator.invitation
+
+    puts "Your uberadmin invitation claim hash is: #{invitation.claim_hash}"
+    puts "Visit your claim URL with this hash to claim the invitation."
+  end
+end

metadata

@@ -0,0 +1,187 @@
+--- !ruby/object:Gem::Specification
+name: invitational
+version: !ruby/object:Gem::Version
+  version: 1.1.5
+platform: ruby
+authors:
+- Dave Goerlich
+- Joe Fiorini
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-03-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0
+- !ruby/object:Gem::Dependency
+  name: cancancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: capybara
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.0.2
+- !ruby/object:Gem::Dependency
+  name: combustion
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+- !ruby/object:Gem::Dependency
+  name: rspec-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.12.0
+- !ruby/object:Gem::Dependency
+  name: rspec-given
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+description: See summary
+email:
+- dave@d-i.co
+- joe@d-i.co
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/javascripts/invitational/application.js
+- app/assets/stylesheets/invitational/application.css
+- app/controllers/invitational/application_controller.rb
+- app/helpers/invitational/application_helper.rb
+- app/modules/invitational/accepts_invitation_as.rb
+- app/modules/invitational/invitation_core.rb
+- app/modules/invitational/invited_to.rb
+- app/services/invitational/checks_for_invitation.rb
+- app/services/invitational/claims_all_invitations.rb
+- app/services/invitational/claims_invitation.rb
+- app/services/invitational/creates_invitation.rb
+- app/services/invitational/creates_uber_admin_invitation.rb
+- app/views/layouts/invitational/application.html.erb
+- config/routes.rb
+- db/migrate/20130528220144_create_invitations.rb
+- lib/generators/invitational/install/USAGE
+- lib/generators/invitational/install/install_generator.rb
+- lib/generators/invitational/install/templates/ability.rb
+- lib/generators/invitational/install/templates/initializer.rb
+- lib/generators/invitational/install/templates/invitation.rb
+- lib/generators/invitational/make_invitable/make_invitable_generator.rb
+- lib/invitational.rb
+- lib/invitational/cancan.rb
+- lib/invitational/engine.rb
+- lib/invitational/exceptions.rb
+- lib/invitational/version.rb
+- lib/tasks/invitational_tasks.rake
+homepage: http://github.com/d-i/invitational
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.0
+signing_key: 
+specification_version: 4
+summary: Manage users and the objects they belong to
+test_files: []