jakewendt-authorized 0.1.4

data/README.rdoc

@@ -0,0 +1,52 @@
+= Authorized
+
+This is a rails app built around a ruby gem for testing.
+
+
+== ToDo
+
+* merge authorized/controller.rb into authorized/permissive_controller.rb
+* perhaps include authorized/resourceful_controller.rb as well
+* remove hard coded :users from Role model
+* build a full development testing app
+
+== Required Gem Sources
+
+== Required Gems
+
+== Other Required
+
+* current_user method
+
+== Installation (as a plugin/engine)
+
+ config.gem "jakewendt-authorized",
+    :lib => "authorized"
+
+
+ class User
+   authorized
+ end
+
+== Testing (as an app)
+
+ rake db:migrate
+ rake db:fixtures:load
+ rake test
+ script/server
+
+== Gemified with Jeweler
+
+ vi Rakefile
+ rake version:write
+
+ rake version:bump:patch
+ rake version:bump:minor
+ rake version:bump:major
+
+ rake gemspec
+
+ rake install
+ rake release
+
+Copyright (c) 2010 [Jake Wendt], released under the MIT license

data/app/controllers/roles_controller.rb

@@ -0,0 +1,38 @@
+class RolesController < ApplicationController
+
+	before_filter :may_assign_roles_required
+	before_filter :user_id_required
+	before_filter :may_not_be_user_required
+	before_filter :id_required
+
+	def update
+		@user.roles << @role
+		flash[:notice] = 'User was successfully updated.'
+		redirect_to @user
+	end
+
+	def destroy
+		@user.roles.delete @role
+		flash[:notice] = 'User was successfully updated.'
+		redirect_to @user
+	end
+
+protected
+
+	def user_id_required
+		if !params[:user_id].blank? and User.exists?(params[:user_id])
+			@user = User.find(params[:user_id])
+		else
+			access_denied("user id required!", users_path)
+		end
+	end
+
+	def id_required
+		if !params[:id].blank? and Role.exists?(:name => params[:id])
+			@role = Role.find_by_name(params[:id])
+		else
+			access_denied("id required!", @user)
+		end
+	end
+
+end

data/app/models/role.rb

@@ -0,0 +1,34 @@
+#	#82 new
+#	Roles and Users
+#	
+#	Reported by Magee | August 9th, 2010 @ 02:11 PM
+#	
+#	Currently we should have four roles (three in 
+#	the system right now). They are effectively as follows:
+#	
+#	1. Reader -- users with login accounts who can 
+#		view contents of sections but not edit anything.
+#	2. Editor -- users with the ability to add or edit 
+#		content to the system. These are the users for 
+#		whom an "edit" button displays on content details 
+#		pages allowing them to make changes 
+#		(or an "add" button as appropriate)
+#	3. Administrator -- users who have administrative 
+#		rights to the system to add users, etc.
+#	4. Superuser -- Magee and Jake
+#	
+#	There may not be any system behaviors defined for 
+#	Superusers. They may strictly be Conceptual Roles 
+#	to describe users who may make backend or other 
+#	changes outside of the scope of normal system 
+#	operations. If necessary, a system role may be 
+#	added in the future to address functions only 
+#	for that group.
+#	
+class Role < ActiveRecord::Base
+	acts_as_list
+	default_scope :order => :position
+	has_and_belongs_to_many :users, :uniq => true
+	validates_presence_of   :name
+	validates_uniqueness_of :name
+end

data/config/routes.rb

@@ -0,0 +1,9 @@
+ActionController::Routing::Routes.draw do |map|
+
+	map.resources :users, :only => [:destroy,:show,:index],
+		:collection => { :menu => :get } do |user|
+#	map.resources :users, :only => [] do |user|
+		user.resources :roles, :only => [:update,:destroy]
+	end
+
+end

data/generators/authorized/authorized_generator.rb

@@ -0,0 +1,66 @@
+class AuthorizedGenerator < Rails::Generator::Base
+
+	def manifest
+		#	See Rails::Generator::Commands::Create
+		#	rails-2.3.10/lib/rails_generator/commands.rb
+		#	for code methods for record (Manifest)
+		record do |m|
+
+			%w( create_roles create_roles_users ).each do |migration|
+				m.migration_template "migrations/#{migration}.rb",
+					'db/migrate', :migration_file_name => migration
+			end
+			dot = File.dirname(__FILE__)
+			m.directory('public/javascripts')
+			Dir["#{dot}/templates/javascripts/*js"].each{|file| 
+				f = file.split('/').slice(-2,2).join('/')
+				m.file(f, "public/javascripts/#{File.basename(file)}")
+			}
+			m.directory('public/stylesheets')
+			Dir["#{dot}/templates/stylesheets/*css"].each{|file| 
+				f = file.split('/').slice(-2,2).join('/')
+				m.file(f, "public/stylesheets/#{File.basename(file)}")
+			}
+			m.directory('test/functional/authorized')
+			Dir["#{dot}/templates/functional/*rb"].each{|file| 
+				f = file.split('/').slice(-2,2).join('/')
+				m.file(f, "test/functional/authorized/#{File.basename(file)}")
+			}
+			m.directory('test/unit/authorized')
+			Dir["#{dot}/templates/unit/*rb"].each{|file| 
+				f = file.split('/').slice(-2,2).join('/')
+				m.file(f, "test/unit/authorized/#{File.basename(file)}")
+			}
+		end
+	end
+
+end
+module Rails::Generator::Commands
+	class Create
+		def migration_template(relative_source, 
+				relative_destination, template_options = {})
+			migration_directory relative_destination
+			migration_file_name = template_options[
+				:migration_file_name] || file_name
+			if migration_exists?(migration_file_name)
+				puts "Another migration is already named #{migration_file_name}: #{existing_migrations(migration_file_name).first}: Skipping" 
+			else
+				template(relative_source, "#{relative_destination}/#{next_migration_string}_#{migration_file_name}.rb", template_options)
+			end
+		end
+	end #	Create
+	class Base
+	protected
+		#	the loop through migrations happens so fast
+		#	that they all have the same timestamp which
+		#	won't work when you actually try to migrate.
+		#	All the timestamps MUST be unique.
+		def next_migration_string(padding = 3)
+			@s = (!@s.nil?)? @s.to_i + 1 : if ActiveRecord::Base.timestamped_migrations
+				Time.now.utc.strftime("%Y%m%d%H%M%S")
+			else
+				"%.#{padding}d" % next_migration_number
+			end
+		end
+	end	#	Base
+end

data/generators/authorized/templates/functional/roles_controller_test.rb

@@ -0,0 +1,142 @@
+require File.dirname(__FILE__) + '/../../test_helper'
+
+class Authorized::RolesControllerTest < ActionController::TestCase
+	tests RolesController
+
+	#	no user_id
+	assert_no_route(:put, :update, :id => 'reader')
+	assert_no_route(:delete, :destroy, :id => 'reader')
+
+%w( super_user admin ).each do |cu|
+
+	test "should update with #{cu} login" do
+		login_as send(cu)
+		u = active_user
+		assert !u.reload.role_names.include?('reader')
+		assert_difference("User.find(#{u.id}).roles.length",1){
+			put :update, :user_id => u.id, :id => 'reader'
+		}
+		assert  u.reload.role_names.include?('reader')
+		assert_not_nil flash[:notice]
+		assert_redirected_to user_path(assigns(:user))
+	end
+
+	test "should destroy with #{cu} login" do
+		login_as send(cu)
+		u = active_user
+		u.roles << Role.find_or_create_by_name('reader')
+		assert  u.reload.role_names.include?('reader')
+		assert_difference("User.find(#{u.id}).roles.length",-1){
+			delete :destroy, :user_id => u.id, :id => 'reader'
+		}
+		assert !u.reload.role_names.include?('reader')
+		assert_not_nil flash[:notice]
+		assert_redirected_to user_path(assigns(:user))
+	end
+
+	test "should NOT update without valid user_id with #{cu} login" do
+		login_as send(cu)
+		put :update, :user_id => 0, :id => 'reader'
+		assert_not_nil flash[:error]
+		assert_redirected_to users_path
+	end
+
+	test "should NOT destroy without valid user_id with #{cu} login" do
+		login_as send(cu)
+		delete :destroy, :user_id => 0, :id => 'reader'
+		assert_not_nil flash[:error]
+		assert_redirected_to users_path
+	end
+
+	test "should NOT update self with #{cu} login" do
+		u = send(cu)
+		login_as u
+		assert_difference("User.find(#{u.id}).roles.length",0){
+			put :update, :user_id => u.id, :id => 'reader'
+		}
+		assert_not_nil flash[:error]
+		assert_equal u, assigns(:user)
+		assert_redirected_to user_path(assigns(:user))
+#		assert_redirected_to root_path
+	end
+
+	test "should NOT destroy self with #{cu} login" do
+		u = send(cu)
+		login_as u
+		assert_difference("User.find(#{u.id}).roles.length",0){
+			delete :destroy, :user_id => u.id, :id => 'reader'
+		}
+		assert_not_nil flash[:error]
+		assert_equal u, assigns(:user)
+		assert_redirected_to user_path(assigns(:user))
+#		assert_redirected_to root_path
+	end
+
+	test "should NOT update without valid role_name with #{cu} login" do
+		login_as send(cu)
+		u = active_user
+		assert_difference("User.find(#{u.id}).roles.length",0){
+			put :update, :user_id => u.id, :id => 'bogus_role_name'
+		}
+		assert_not_nil flash[:error]
+		assert_redirected_to user_path(assigns(:user))
+	end
+
+	test "should NOT destroy without valid role_name with #{cu} login" do
+		login_as send(cu)
+		u = active_user
+		assert_difference("User.find(#{u.id}).roles.length",0){
+			delete :destroy, :user_id => u.id, :id => 'bogus_role_name'
+		}
+		assert_not_nil flash[:error]
+		assert_redirected_to user_path(assigns(:user))
+	end
+
+end
+
+%w( interviewer reader editor active_user ).each do |cu|
+
+	test "should NOT update with #{cu} login" do
+		login_as send(cu)
+		u = active_user
+		assert !u.reload.role_names.include?('administrator')
+		assert_difference("User.find(#{u.id}).roles.length",0){
+			put :update, :user_id => u.id, :id => 'administrator'
+		}
+		assert !u.reload.role_names.include?('administrator')
+		assert_not_nil flash[:error]
+		assert_redirected_to root_path
+	end
+
+	test "should NOT destroy with #{cu} login" do
+		login_as send(cu)
+		u = active_user
+		u.roles << Role.find_or_create_by_name('administrator')
+		assert u.reload.role_names.include?('administrator')
+		assert_difference("User.find(#{u.id}).roles.length",0){
+			delete :destroy, :user_id => u.id, :id => 'administrator'
+		}
+		assert u.reload.role_names.include?('administrator')
+		assert_not_nil flash[:error]
+		assert_redirected_to root_path
+	end
+
+end
+
+	test "should NOT update without login" do
+		u = active_user
+		assert_difference("User.find(#{u.id}).roles.length",0){
+			put :update, :user_id => u.id, :id => 'administrator'
+		}
+		assert_redirected_to_login
+	end
+
+	test "should NOT destroy without login" do
+		u = active_user
+		assert_difference("User.find(#{u.id}).roles.length",0){
+			delete :destroy, :user_id => u.id, :id => 'administrator'
+		}
+		assert_redirected_to_login
+	end
+
+end

data/generators/authorized/templates/migrations/create_roles.rb

@@ -0,0 +1,14 @@
+class CreateRoles < ActiveRecord::Migration
+	def self.up
+		create_table :roles do |t|
+			t.integer :position
+			t.string :name
+			t.timestamps
+		end
+		add_index :roles, :name, :unique => true
+	end
+
+	def self.down
+		drop_table :roles
+	end
+end

data/generators/authorized/templates/migrations/create_roles_users.rb

@@ -0,0 +1,14 @@
+class CreateRolesUsers < ActiveRecord::Migration
+	def self.up
+		create_table :roles_users, :id => false do |t|
+			t.references :role
+			t.references :user
+		end
+		add_index :roles_users, :role_id
+		add_index :roles_users, :user_id
+	end
+
+	def self.down
+		drop_table :roles_users
+	end
+end

data/generators/authorized/templates/unit/role_test.rb

@@ -0,0 +1,29 @@
+require File.dirname(__FILE__) + '/../../test_helper'
+
+class Authorized::RoleTest < ActiveSupport::TestCase
+
+	assert_should_act_as_list(:model => 'Role')
+	assert_should_require(:name,
+		:model => 'Role')
+	assert_should_require_unique(:name,
+		:model => 'Role')
+	assert_should_habtm(:users,
+		:model => 'Role')
+
+	test "should create role" do
+		assert_difference('Role.count',1) do
+			object = create_object
+			assert !object.new_record?, 
+				"#{object.errors.full_messages.to_sentence}"
+		end 
+	end
+
+protected
+
+	def create_object(options = {})
+		record = Factory.build(:role,options)
+		record.save
+		record
+	end
+
+end

data/lib/authorized.rb

@@ -0,0 +1,45 @@
+module Authorized
+#	predefined namespace
+end
+require 'active_support'
+require 'ruby_extension'
+require 'rails_helpers'
+require 'acts_as_list'
+require 'calnet_authenticated'
+
+HTML::WhiteListSanitizer.allowed_attributes.merge(%w(
+	id class style
+))
+
+%w{models controllers}.each do |dir|
+	path = File.expand_path(File.join(File.dirname(__FILE__), '../app', dir))
+	ActiveSupport::Dependencies.autoload_paths << path
+	ActiveSupport::Dependencies.autoload_once_paths << path
+
+	#	I don't know why I have to do this here
+	#	and nowhere else.  Photos can't find 'role'
+	#	when needed?
+#	$: << path
+end
+
+require 'authorized/core_extension'
+require 'authorized/user_model'
+require 'authorized/authorization'
+require 'authorized/helper'
+require 'authorized/controller'
+require 'authorized/resourceful_controller'
+require 'authorized/permissive_controller'
+
+if !defined?(RAILS_ENV) || RAILS_ENV == 'test'
+	require 'active_support/test_case'
+	require 'factory_girl'
+	require 'assert_this_and_that'
+	require 'authorized/factories'
+	require 'authorized/factory_test_helper'
+	require 'authorized/pending'
+end
+
+ActionController::Routing::Routes.add_configuration_file(
+	File.expand_path(
+		File.join(
+			File.dirname(__FILE__), '../config/routes.rb')))