jakewendt-authorized 0.1.4

data/lib/authorized/authorization.rb

@@ -0,0 +1,69 @@
+module Authorized
+module Authorization
+
+	module Controller
+		def self.included(base)
+			base.send(:include, InstanceMethods)
+			base.alias_method_chain :method_missing, :authorization
+		end
+
+		module InstanceMethods
+
+			def auth_redirections(permission_name)
+				if respond_to?(:redirections) && 
+					redirections.is_a?(Hash) &&
+					!redirections[permission_name].blank?
+					redirections[permission_name]
+				else
+					HashWithIndifferentAccess.new
+				end
+			end
+
+			def method_missing_with_authorization(symb,*args, &block)
+				method_name = symb.to_s
+		
+				if method_name =~ /^may_(not_)?(.+)_required$/
+					full_permission_name = "#{$1}#{$2}"
+					negate = !!$1		#	double bang converts to boolean
+					permission_name = $2
+					verb,target = permission_name.split(/_/,2)
+		
+					#	using target words where singular == plural won't work here
+					if !target.blank? && target == target.singularize
+						unless permission = current_user.try(
+								"may_#{permission_name}?", 
+								instance_variable_get("@#{target}") 
+							)
+							message = "You don't have permission to " <<
+								"#{verb} this #{target}."
+						end
+					else
+						#	current_user may be nil so must use try and NOT send
+						unless permission = current_user.try("may_#{permission_name}?")
+							message = "You don't have permission to " <<
+								"#{permission_name.gsub(/_/,' ')}."
+						end
+					end
+
+					#	exclusive or
+					unless negate ^ permission
+						#	if message is nil, negate will be true
+						message ||= "Access denied.  May #{(negate)?'not ':''}" <<
+							"#{permission_name.gsub(/_/,' ')}."
+						ar = auth_redirections(full_permission_name)
+						access_denied(
+							(ar[:message]||message),
+							(ar[:redirect_to]||"/")
+						)
+					end
+				else
+					method_missing_without_authorization(symb, *args, &block)
+				end
+			end
+
+		end
+	end
+
+end
+end	#	CclsEngine
+ActionController::Base.send(:include,Authorized::Authorization::Controller)

data/lib/authorized/controller.rb

@@ -0,0 +1,87 @@
+require 'ssl_requirement'
+module Authorized
+module Controller
+
+	def self.included(base)
+		base.extend(ClassMethods)
+		base.send(:include, SslRequirement)
+		#	My ssl_required? overrides SslRequirement so MUST come AFTER!
+		base.send(:include, InstanceMethods)
+		base.class_eval do
+			class << self
+				alias_method_chain :inherited, :ccls_before_filters
+			end
+		end
+	end
+
+	module ClassMethods
+
+	private
+
+		def inherited_with_ccls_before_filters(base)
+			identifier = 'ccls_ensure_proper_protocol'
+			unless filter_chain.select(&:before?).map(&:identifier
+				).include?(identifier)
+				before_filter :ensure_proper_protocol,
+					:identifier => identifier
+			end
+#			identifier = 'ccls_build_menu_js'
+#			unless filter_chain.select(&:before?).map(&:identifier
+#				).include?(identifier)
+#				before_filter :build_menu_js,
+#					:identifier => identifier
+#			end
+			inherited_without_ccls_before_filters(base)
+		end
+
+	end	#	ClassMethods
+
+	module InstanceMethods
+
+	protected
+
+		def ssl_required?
+			# Force https everywhere (that doesn't have ssl_allowed set)
+			true
+		end
+
+		def redirect_to_referer_or_default(default)
+			redirect_to( session[:refer_to] || 
+				request.env["HTTP_REFERER"] || default )
+			session[:refer_to] = nil
+		end
+
+		#	Flash error message and redirect
+		def access_denied( 
+				message="You don't have permission to complete that action.", 
+				default=root_path )
+			session[:return_to] = request.request_uri
+			flash[:error] = message
+			redirect_to default
+		end
+
+#		#	The menu is on every page and this seems as the
+#		#	only way for me to force it into the application
+#		#	layout.
+#		def build_menu_js
+#			js = "" <<
+#				"if ( typeof(translatables) == 'undefined' ){\n" <<
+#				"	var translatables = [];\n" <<
+#				"}\n"
+#			Page.roots.each do |page|
+#				js << "" <<
+#					"tmp={tag:'#menu_#{dom_id(page)}',locales:{}};\n"
+#				%w( en es ).each do |locale|
+#					js << "tmp.locales['#{locale}']='#{page.menu(locale)}'\n"
+#				end
+#				js << "translatables.push(tmp);\n"
+#			end
+#			@template.content_for :head do
+#				@template.javascript_tag js
+#			end
+#		end
+
+	end	#	InstanceMethods
+end	#	Controller
+end	#	CclsEngine
+ActionController::Base.send(:include,Authorized::Controller)

data/lib/authorized/core_extension.rb

@@ -0,0 +1,16 @@
+module Authorized
+module CoreExtension
+
+	def class_exists?(full_class_name)
+		name_spaces = full_class_name.to_s.split('::')
+		class_name = name_spaces.pop
+		name_space = name_spaces.join('::')
+		klass = ((name_space.blank?) ? Module : name_space.constantize).const_get(class_name.to_s)
+		return klass.is_a?(Class)
+	rescue NameError
+		return false
+	end
+
+end	#	CoreExtension
+end	#	Authorized
+include Authorized::CoreExtension

data/lib/authorized/factories.rb

@@ -0,0 +1,15 @@
+Factory.define :role do |f|
+	f.sequence(:name) { |n| "name#{n}" }
+end
+
+Factory.define :user do |f|
+	f.sequence(:uid) { |n| "UID#{n}" }
+#	f.sequence(:username) { |n| "username#{n}" }
+#	f.sequence(:email) { |n| "username#{n}@example.com" }
+#	f.password 'V@1!dP@55w0rd'
+#	f.password_confirmation 'V@1!dP@55w0rd'
+#	f.role_name 'user'
+end
+Factory.define :admin_user, :parent => :user do |f|
+	f.administrator true
+end	#	parent must be defined first

data/lib/authorized/factory_test_helper.rb

@@ -0,0 +1,47 @@
+module Authorized::FactoryTestHelper
+
+	def active_user(options={})
+		u = Factory(:user, options)
+		#	leave this special save here just in case I change things.
+		#	although this would need changed for UCB CAS.
+		#	u.save_without_session_maintenance
+		#	u
+	end
+	alias_method :user, :active_user
+
+	def superuser(options={})
+		u = active_user(options)
+		u.roles << Role.find_or_create_by_name('superuser')
+		u
+	end
+	alias_method :super_user, :superuser
+
+	def admin_user(options={})
+		u = active_user(options)
+		u.roles << Role.find_or_create_by_name('administrator')
+		u
+	end
+	alias_method :admin, :admin_user
+	alias_method :administrator, :admin_user
+
+	def interviewer(options={})
+		u = active_user(options)
+		u.roles << Role.find_or_create_by_name('interviewer')
+		u
+	end
+
+	def reader(options={})
+		u = active_user(options)
+		u.roles << Role.find_or_create_by_name('reader')
+		u
+	end
+#	alias_method :employee, :reader
+
+	def editor(options={})
+		u = active_user(options)
+		u.roles << Role.find_or_create_by_name('editor')
+		u
+	end
+
+end
+ActiveSupport::TestCase.send(:include,Authorized::FactoryTestHelper)

data/lib/authorized/helper.rb

@@ -0,0 +1,28 @@
+module Authorized
+module Helper
+
+	def user_roles
+		s = ''
+		if current_user.may_administrate?
+			s << "<ul>"
+			@roles.each do |role|
+				s << "<li>"
+				if @user.role_names.include?(role.name)
+					s << link_to( "Remove user role of '#{role.name}'", 
+						user_role_path(@user,role.name),
+						:method => :delete )
+				else
+					s << link_to( "Assign user role of '#{role.name}'", 
+						user_role_path(@user,role.name),
+						:method => :put )
+				end
+				s << "</li>\n"
+			end
+			s << "</ul>\n"
+		end
+		s
+	end
+
+end
+end
+ActionView::Base.send(:include, Authorized::Helper)

data/lib/authorized/pending.rb

@@ -0,0 +1,72 @@
+# Some code from jeremymcanally's "pending"
+# http://github.com/jeremymcanally/pending/tree/master
+
+module ActiveSupport
+	module Testing
+		module Pending
+
+			unless defined?(Spec)
+
+				@@pending_cases = []
+				@@at_exit = false
+
+				def pending(description = "", &block)
+					if description.is_a?(Symbol)
+						is_pending = $tags[description]
+						return block.call unless is_pending
+					end
+
+					if block_given?
+						failed = false
+
+						begin
+							block.call
+						rescue Exception
+							failed = true
+						end
+
+						flunk("<#{description}> did not fail.") unless failed 
+					end
+
+					caller[0] =~ (/(.*):(.*):in `(.*)'/)
+#puts caller.inspect
+
+# looks like we lose the name of the 'method' in 1.9.1
+#"/Users/jakewendt/github_repo/jakewendt/ucb_ccls_homex/test/unit/subject_test.rb:145:in `block in <class:SubjectTest>'", 
+
+#					@@pending_cases << "#{$3} at #{$1}, line #{$2}"
+					#	Gotta remember these as the next Regex will overwrite them.
+					filename   = $1
+					linenumber = $2
+#	ruby 1.8.7
+#	Hx/Addresses Controller should NOT create new address with employee login and invalid address:
+#	ruby 1.9.1
+#Hx/Addresses Controller block (2 levels) in <class:AddressesControllerTest>:
+					testmethod = $3
+
+					model  = self.class.to_s.gsub(/Test$/,'').titleize
+					method = testmethod.gsub(/_/,' ').gsub(/^test /,'')
+					@@pending_cases << "#{model} #{method}:\n.\t#{filename} line #{linenumber}"
+#					@@pending_cases << "#{testmethod} at #{filename}, line #{linenumber}"
+					print "P"
+			
+					@@at_exit ||= begin
+						at_exit do
+							#	For some reason, special characters don't always
+							#	print the way you would expect.  Leading white space (tabs)
+							#	and some carriage returns just weren't happening?
+							#	Is this at_exit doing some parsing??
+							puts "\nPending Cases:"
+							@@pending_cases.each do |test_case|
+								puts test_case
+							end
+							puts " \n"
+						end
+					end
+				end
+			end
+			
+		end
+	end
+end
+ActiveSupport::TestCase.send(:include, ActiveSupport::Testing::Pending)

data/lib/authorized/permissive_controller.rb

@@ -0,0 +1,25 @@
+module PermissiveController
+	def self.included(base)
+		base.extend(ClassMethods)
+	end
+	module ClassMethods
+		def permissive(*args)
+			options = args.extract_options!
+			resource = options[:resource] || ActiveSupport::ModelName.new(
+				self.model_name.split('::').last.gsub(/Controller$/,'').singularize)
+
+#	remove NameSpace or create the may*required permission
+
+			before_filter "may_create_#{resource.plural}_required",
+				:only => [:new,:create]
+			before_filter "may_read_#{resource.plural}_required",
+				:only => [:show,:index]
+			before_filter "may_update_#{resource.plural}_required",
+				:only => [:edit,:update]
+			before_filter "may_destroy_#{resource.plural}_required",
+				:only => :destroy
+
+		end
+	end
+end
+ActionController::Base.send(:include,PermissiveController)

data/lib/authorized/resourceful_controller.rb

@@ -0,0 +1,81 @@
+module ResourcefulController
+	def self.included(base)
+		base.extend(ClassMethods)
+	end
+	module ClassMethods
+		def resourceful(*args)
+			options = args.extract_options!
+			resource = options[:resource] || ActiveSupport::ModelName.new(
+				self.model_name.split('::').last.gsub(/Controller$/,'').singularize)
+#				self.model_name.gsub(/Controller$/,'').singularize)
+
+			permissive
+
+			before_filter :valid_id_required, 
+				:only => [:show,:edit,:update,:destroy]
+
+			#	by using before filters, the user
+			#	can still add stuff to the action.
+			before_filter :get_all, :only => :index
+			before_filter :get_new, :only => :new
+
+			define_method :destroy do
+				instance_variable_get("@#{resource.singular}").send(:destroy)
+				redirect_to send("#{resource.plural}_path")
+			end
+
+			define_method :create do
+			begin
+				instance_variable_set("@#{resource.singular}",
+					resource.constantize.send(:new,params[resource.singular]))
+				instance_variable_get("@#{resource.singular}").send(:save!)
+				flash[:notice] = 'Success!'
+				redirect_to instance_variable_get("@#{resource.singular}")
+			rescue ActiveRecord::RecordNotSaved, ActiveRecord::RecordInvalid
+				flash.now[:error] = "There was a problem creating " <<
+					"the #{resource.singular}"
+				render :action => "new"
+			end
+			end 
+
+			define_method :update do
+			begin
+				instance_variable_get("@#{resource.singular}").send(
+					:update_attributes!,params[resource.singular])
+				flash[:notice] = 'Success!'
+				redirect_to send(options[:update_redirect]||
+					"#{resource.plural}_path")
+			rescue ActiveRecord::RecordNotSaved, ActiveRecord::RecordInvalid
+				flash.now[:error] = "There was a problem updating " <<
+					"the #{resource.singular}"
+				render :action => "edit"
+			end
+			end
+
+		protected
+
+			define_method :get_all do
+				instance_variable_set("@#{resource.plural}",
+					resource.constantize.send(:all) )
+			end
+
+			define_method :get_new do
+				instance_variable_set("@#{resource.singular}",
+					resource.constantize.send(:new) )
+			end
+
+			define_method :valid_id_required do
+				if( !params[:id].blank? && 
+						resource.constantize.send(:exists?,params[:id]) )
+					instance_variable_set("@#{resource.singular}",
+						resource.constantize.send(:find,params[:id]) )
+				else
+					access_denied("Valid id required!",
+						send("#{resource.plural}_path") )
+				end
+			end
+		end
+
+	end
+end
+ActionController::Base.send(:include,ResourcefulController)