kojac 0.9.1 → 0.11.0

data/spec/demo/public/500.html

@@ -2,17 +2,48 @@
 <html>
 <head>
   <title>We're sorry, but something went wrong (500)</title>
-  <style type="text/css">
-    body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
-    div.dialog {
-      width: 25em;
-      padding: 0 4em;
-      margin: 4em auto 0 auto;
-      border: 1px solid #ccc;
-      border-right-color: #999;
-      border-bottom-color: #999;
-    }
-    h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+  }
+
+  div.dialog {
+    width: 25em;
+    margin: 4em auto 0 auto;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 4em 0 4em;
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  body > p {
+    width: 33em;
+    margin: 0 auto 1em;
+    padding: 1em 0;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
+  }
   </style>
 </head>
 
@@ -21,5 +52,6 @@
   <div class="dialog">
     <h1>We're sorry, but something went wrong.</h1>
   </div>
+  <p>If you are the application owner check the logs for more information.</p>
 </body>
 </html>

data/spec/demo/public/robots.txt

@@ -0,0 +1,5 @@
+# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
+#
+# To ban all spiders from the entire site uncomment the next two lines:
+# User-agent: *
+# Disallow: /

data/spec/demo/spec/controllers/allowed_fields_spec.rb

@@ -0,0 +1,171 @@
+require 'spec_helper'
+
+describe KojacBaseController do
+
+	#before(:each) do
+	#	#@user = FactoryGirl.create(:user, ring: 3)
+	#	#ApplicationController.any_instance.stub(:current_user).and_return(@user)
+	#end
+
+	it 'user read should return allowed fields' do
+		stub_login_user(ring: USER_RING)
+		@user2 = FactoryGirl.create(:user)
+		read_op = {
+			verb: 'READ',
+			key: @user2.kojac_key
+		}
+		draw_routes do
+			get ":controller/:action"
+		end
+		result = do_op(read_op)
+		result.keys.sort.should == (User::PUBLIC_FIELDS).map(&:to_s).sort
+	end
+
+	it 'admin read should return more allowed fields' do
+		stub_login_user(ring: ADMIN_RING)
+		@user2 = FactoryGirl.create(:user)
+		read_op = {
+			verb: 'READ',
+			key: @user2.kojac_key
+		}
+		draw_routes do
+			get ":controller/:action"
+		end
+		result = do_op(read_op)
+		result.keys.sort.should == (User::PUBLIC_FIELDS + User::PRIVATE_FIELDS + User::ADMIN_FIELDS + User::READ_ONLY_FIELDS).map(&:to_s).sort
+	end
+
+	it "user should not be able to update other's name" do
+		user = stub_login_user(ring: USER_RING)
+		user2 = FactoryGirl.create(:user)
+		original_name = user2.last_name
+		send_op = {
+			verb: 'UPDATE',
+			key: user2.kojac_key,
+			value: {
+				last_name: 'Smithy-Jones'
+			}
+		}
+		draw_routes do
+			get ":controller/:action"
+		end
+		expect { do_op(send_op) }.to raise_exception(Pundit::NotAuthorizedError)
+		user2.reload
+		user2.last_name.should == original_name
+	end
+
+	it 'user should be able to read own PRIVATE_FIELDS' do
+		user = stub_login_user(ring: USER_RING)
+		send_op = {
+			verb: 'READ',
+			key: user.kojac_key
+		}
+		draw_routes do
+			get ":controller/:action"
+		end
+		result = do_op(send_op)
+		result.keys.sort.should == (User::PUBLIC_FIELDS + User::PRIVATE_FIELDS).map(&:to_s).sort
+	end
+
+
+	it 'user should be able to update own name' do
+		user = stub_login_user(ring: USER_RING)
+		send_op = {
+			verb: 'UPDATE',
+			key: user.kojac_key,
+			value: {
+				last_name: 'Smithy-Jones'
+			}
+		}
+		draw_routes do
+			get ":controller/:action"
+		end
+		result = do_op(send_op)
+		result['last_name'].should == send_op.g?('value.last_name')
+		result.keys.sort.should == (User::PUBLIC_FIELDS + User::PRIVATE_FIELDS).map(&:to_s).sort
+	end
+
+	it 'admin user should be able to update user of same owner' do
+		user = stub_login_user(ring: ADMIN_RING, owner_id: 1)
+		user2 = FactoryGirl.create(:user, owner_id: 1)
+		original_name = user2.last_name
+		send_op = {
+			verb: 'UPDATE',
+			key: user2.kojac_key,
+			value: {
+				last_name: 'Smithy-Jones'
+			}
+		}
+		draw_routes do
+			get ":controller/:action"
+		end
+		result = do_op(send_op)
+		result['last_name'].should == send_op.g?('value.last_name')
+		user2.reload
+		user2.last_name.should == send_op.g?('value.last_name')
+		result.keys.sort.should == (User::PUBLIC_FIELDS + User::PRIVATE_FIELDS + User::ADMIN_FIELDS + User::READ_ONLY_FIELDS).map(&:to_s).sort
+	end
+
+	it 'admin user should not be able to update user of different owner' do
+		user = stub_login_user(ring: ADMIN_RING, owner_id: 1)
+		user2 = FactoryGirl.create(:user, owner_id: 2)
+		original_name = user2.last_name
+		send_op = {
+			verb: 'UPDATE',
+			key: user2.kojac_key,
+			value: {
+				last_name: 'Smithy-Jones'
+			}
+		}
+		draw_routes do
+			get ":controller/:action"
+		end
+		expect { do_op(send_op) }.to raise_exception(Pundit::NotAuthorizedError)
+		user2.reload
+		user2.last_name.should == original_name
+	end
+
+	it 'should read users' do
+		@user = stub_login_user(ring: ADMIN_RING)
+		@user2 = FactoryGirl.create(:user)
+		read_op = {
+			verb: 'READ',
+			key: 'users'
+		}
+		content = {
+			options: {},
+			ops: [
+				read_op
+			]
+		}
+		draw_routes do
+			get ":controller/:action"
+		end
+		request.accept = "application/json"
+		post :receive, format: :json, kojac: content
+
+		output = JSON.parse response.body
+		output['ops'].should be_is_a Array
+		output['ops'].length.should == 1
+		op = output['ops'].first
+		op['verb'].should == read_op[:verb]
+		op['key'].should == read_op[:key]
+		op['results'].class.should == Hash
+		user_key = "users__#{@user.id}"
+		user2_key = "users__#{@user2.id}"
+
+		op['results'].keys.sort.should == ["users",user_key,user2_key].sort
+		op['results']['users'].should == [@user.id,@user2.id]
+		op['results'][user_key].filter_include(%w(id first_name last_name)).should == {
+			'id' => @user.id,
+			'first_name' => @user.first_name,
+			'last_name' => @user.last_name
+		}
+		op['results'][user2_key].filter_include(%w(id first_name last_name)).should == {
+			'id' => @user2.id,
+			'first_name' => @user2.first_name,
+			'last_name' => @user2.last_name
+		}
+		op['result'].should_not be
+	end
+end

data/spec/demo/spec/factories/users.rb

@@ -0,0 +1,9 @@
+FactoryGirl.define do
+  factory :user do
+	  ring { USER_RING }
+
+	  first_name    { Faker::Name.first_name }
+		last_name     { Faker::Name.last_name }
+	  email { Faker::Internet.email }
+  end
+end

data/spec/demo/spec/features/concentric_spec.rb

@@ -0,0 +1,63 @@
+require 'spec_helper'
+
+describe "ConcentricTestModel" do
+
+	before(:all) do
+		@original_config = Concentric.config
+		Concentric.config = {
+			ring_names: {
+				master: 0,
+				boss: 10,
+				pleb: 30,
+				anyone: 100
+			}
+		}
+	end
+
+	after(:all) do
+		Concentric.config = @original_config
+	end
+
+	it "attributes described should be available in outer rings" do
+		class ConcentricTestModel < ActiveRecord::Base
+			include Concentric::Model
+
+			ring :pleb, read: [:name,:address]
+			ring :pleb, read: [:dob]
+			ring :boss, read: [:next_of_kin]
+
+			ring :boss, transmogrify: []
+			ring :boss, eliminate: :this
+
+			ring :pleb, [:cough,:sneeze] => [:desk,:outside]
+		end
+
+		ConcentricTestModel.permitted(:pleb,:read).should == [:address,:dob,:name]
+		ConcentricTestModel.permitted(:master,:read).should == [:address,:dob,:name,:next_of_kin]
+		ConcentricTestModel.permitted(:anyone,:read).should == []
+		ConcentricTestModel.ring_can?(:pleb,:read).should == true
+		ConcentricTestModel.ring_can?(:master,:read).should == true
+		ConcentricTestModel.ring_can?(:anyone,:read).should == false
+
+		ConcentricTestModel.ring_can?(:pleb,:transmogrify).should == false
+		ConcentricTestModel.ring_can?(:boss,:transmogrify).should == false
+		ConcentricTestModel.ring_can?(:master,:transmogrify).should == false
+
+		ConcentricTestModel.ring_can?(:pleb,:eliminate).should == false
+		ConcentricTestModel.ring_can?(:boss,:eliminate).should == true
+		ConcentricTestModel.ring_can?(:master,:eliminate).should == true
+
+		ConcentricTestModel.ring_can?(:pleb,:cough).should == true
+		ConcentricTestModel.ring_can?(:pleb,:sneeze).should == true
+		ConcentricTestModel.ring_can?(:boss,:cough).should == true
+		ConcentricTestModel.ring_can?(:boss,:sneeze).should == true
+		ConcentricTestModel.ring_can?(:pleb,:cough,:outside).should == true
+		ConcentricTestModel.ring_can?(:pleb,:cough,:desk).should == true
+		ConcentricTestModel.ring_can?(:pleb,:cough,[:desk,:outside]).should == true
+		ConcentricTestModel.ring_can?(:pleb,:cough,:lunch_room).should == false
+
+		ConcentricTestModel.permitted(:pleb,:cough).should == [:desk,:outside]
+		ConcentricTestModel.permitted(:pleb,:sneeze).should == [:desk,:outside]
+	end
+
+end

data/spec/demo/spec/features/serialization_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+describe "serialization" do
+
+	it "should serialize array" do
+		user = FactoryGirl.create(:user)
+		jsons = KojacUtils.to_json([1,2,3],scope: user)
+		jsons.should == '[1,2,3]'
+	end
+
+	it "should serialize number" do
+		user = FactoryGirl.create(:user)
+		jsons = KojacUtils.to_json(5,scope: user)
+		jsons.should == '5'
+	end
+
+	it "should serialize object" do
+		user = FactoryGirl.create(:user)
+		jsons = KojacUtils.to_json({a: 1, b: 2},scope: user)
+		jsons.should == '{"a":1,"b":2}'
+	end
+
+	#it "should serialize Deal" do
+	#	user = FactoryGirl.create(:user)
+	#	deal = FactoryGirl.create(:deal, user: user)
+	#	jsons = KojacUtils.to_json(deal,scope: user)
+	#	jsono = JSON.parse jsons
+	#	jsono['trade_in_price'].should be > 0
+	#	jsono['cash_deposit'].should be > 0
+	#	jsono['other_cost'].should be > 0
+	#end
+
+	it "to_jsono should convert embedded model to a hash" do
+		user = FactoryGirl.create(:user)
+		user2 = FactoryGirl.create(:user)
+
+		embed = {user: user2}
+		jsono =  KojacUtils.to_jsono(embed,scope: user)
+		jsono['user'].class.should == Hash
+	end
+
+	it "model serialized inside a hash should give the same fields as when serialized directly" do
+		user = FactoryGirl.create(:user)
+		user2 = FactoryGirl.create(:user)
+
+		embed = {user: user2}
+		embed_jsons = KojacUtils.to_json(embed,scope: user)
+		embed_jsono = JSON.parse embed_jsons
+
+		direct_jsons = KojacUtils.to_json(user2,scope: user)
+		direct_jsono = JSON.parse direct_jsons
+
+		embed_jsono['user'].should == direct_jsono
+	end
+
+	#it "model serialized deeply inside a structure should give the same fields as when serialized directly" do
+	#	user = FactoryGirl.create(:user)
+	#	user2 = FactoryGirl.create(:user)
+	#
+	#	embed = {user: user2}
+	#	embed_jsons = KojacUtils.to_json(embed,scope: user)
+	#	embed_jsono = JSON.parse embed_jsons
+	#
+	#	direct_jsons = KojacUtils.to_json(user2,scope: user)
+	#	direct_jsono = JSON.parse direct_jsons
+	#
+	#	embed_jsono['user'].should == direct_jsono
+	#end
+
+	it "should test models embedded in an Array" do
+		user = FactoryGirl.create(:user)
+		user2 = FactoryGirl.create(:user)
+
+		embed = [user2]
+		embed_jsons = KojacUtils.to_json(embed,scope: user)
+		embed_jsono = JSON.parse embed_jsons
+
+		direct_jsons = KojacUtils.to_json(user2,scope: user)
+		direct_jsono = JSON.parse direct_jsons
+
+		embed_jsono[0].should == direct_jsono
+	end
+
+	it "should test models embedded in an HashWithIndifferentAccess"
+
+end

data/spec/demo/spec/spec_helper.rb

@@ -0,0 +1,133 @@
+# This file is copied to spec/ when you run 'rails generate rspec:install'
+ENV["RAILS_ENV"] ||= 'test'
+require File.expand_path("../../config/environment", __FILE__)
+require 'rspec/rails'
+#require 'capybara/rspec'
+require 'rspec/autorun'
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
+
+#Capybara.run_server = true #Whether start server when testing
+#Capybara.server_port = 8200
+#Capybara.default_selector = :css #:xpath #default selector , you can change to :css
+#Capybara.default_wait_time = 5 #When we testing AJAX, we can set a default wait time
+#Capybara.ignore_hidden_elements = false #Ignore hidden elements when testing, make helpful when you hide or show elements using javascript
+#Capybara.javascript_driver = :selenium #default driver when you using @javascript tag
+
+#require 'capybara/poltergeist'
+#Capybara.javascript_driver = :poltergeist
+#Capybara.register_driver :poltergeist do |app|
+#	options = {
+#		:js_errors => true,
+#		:timeout => 120,
+#		:debug => true,
+#		:phantomjs_options => ['--load-images=no', '--disk-cache=false'],
+#		:inspector => true,
+#  }
+#  Capybara::Poltergeist::Driver.new(app, options)
+#end
+
+#Post-install message from capybara:
+#IMPORTANT! Some of the defaults have changed in Capybara 2.1. If you're experiencing failures,
+#please revert to the old behaviour by setting:
+#
+#    Capybara.configure do |config|
+#      config.match = :one
+#      config.exact_options = true
+#      config.ignore_hidden_elements = true
+#      config.visible_text_only = true
+#    end
+#
+#If you're migrating from Capybara 1.x, try:
+#
+#    Capybara.configure do |config|
+#      config.match = :prefer_exact
+#      config.ignore_hidden_elements = false
+#    end
+#
+#Details here: http://www.elabs.se/blog/60-introducing-capybara-2-1
+#
+
+
+
+RSpec.configure do |config|
+  config.color_enabled = true
+  config.tty = true
+
+  # ## Mock Framework
+  #
+  # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
+  #
+  # config.mock_with :mocha
+  # config.mock_with :flexmock
+  # config.mock_with :rr
+
+  # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
+  #config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+  # If you're not using ActiveRecord, or you'd prefer not to run each of your
+  # examples within a transaction, remove the following line or assign false
+  # instead of true.
+  config.use_transactional_fixtures = true # false # should be false when using Database Cleaner https://www.relishapp.com/rspec/rspec-rails/docs/transactions
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  #config.order = "random"
+
+  # see http://devblog.avdi.org/2012/08/31/configuring-database_cleaner-with-rails-rspec-capybara-and-selenium/
+  #config.before(:suite) do      # once only, before set of specs run
+  #  DatabaseCleaner.clean_with(:truncation)
+  #end
+  #
+  #config.before :each do
+  #  #if Capybara.current_driver == :rack_test
+  #    DatabaseCleaner.strategy = :transaction
+  #  #else
+  #  #  DatabaseCleaner.strategy = :truncation
+  #  #end
+  #  DatabaseCleaner.start
+  #  ActionMailer::Base.deliveries.clear
+  #end
+  #
+  #config.after(:each) do
+  #  DatabaseCleaner.clean
+  #end
+
+  #config.before(:all) do
+  #  DeferredGarbageCollection.start
+  #end
+  #
+  #config.after(:all) do
+  #  DeferredGarbageCollection.reconsider
+  #end
+
+  #config.include ShowMeTheCookies#, :type => :feature
+  #
+  ##config.include ProductsHelper
+  #config.include ActionView::Helpers::TextHelper
+  #
+  #config.include(EmailSpec::Helpers)
+  #config.include(EmailSpec::Matchers)
+
+	#config.treat_symbols_as_metadata_keys_with_true_values = true
+	#config.filter_run_excluding :requires_elasticsearch unless CONFIG[:elasticsearch_available]
+end
+
+# Capybara operations normally happen on another thread and connection, and so transactional database cleaning won't work.
+# This hack makes all operations share a common connection, and so transactional database cleaning works even for capybara tests
+# Also see https://gist.github.com/josevalim/470808 and http://stackoverflow.com/questions/8774227/why-not-use-shared-activerecord-connections-for-rspec-selenium
+#class ActiveRecord::Base
+#  mattr_accessor :shared_connection
+#  @@shared_connection = nil
+#
+#  def self.connection
+#    @@shared_connection || retrieve_connection
+#  end
+#end
+#ActiveRecord::Base.shared_connection = ActiveRecord::Base.connection
+#
+require 'spec_utils'