opro 0.0.1.pre1.0.2 → 0.0.1

data/Gemfile

@@ -7,6 +7,7 @@ gem "rails"         , ">= 3.0.7"
 gem 'bluecloth'
 
 group :development, :test do
+  gem 'mocha'
   gem 'jeweler',  "~> 1.6.4"
   gem "bundler",  ">= 1.1.3"
 

data/Gemfile.lock

@@ -64,7 +64,10 @@ GEM
       i18n (>= 0.4.0)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
+    metaclass (0.0.1)
     mime-types (1.18)
+    mocha (0.11.4)
+      metaclass (~> 0.0.1)
     multi_json (1.2.0)
     nokogiri (1.5.2)
     orm_adapter (0.0.7)
@@ -132,6 +135,7 @@ DEPENDENCIES
   devise
   jeweler (~> 1.6.4)
   launchy
+  mocha
   rails (>= 3.0.7)
   rcov
   simplecov

data/app/controllers/oauth/auth_controller.rb

@@ -6,12 +6,15 @@ class Oauth::AuthController < ApplicationController
   def new
     @redirect_uri = params[:redirect_uri]
     @client_app   = Oauth::ClientApplication.find_by_app_id(params[:client_id])
+    @scopes       = scope_from_params(params)
   end
 
   def authorize
     application  =   Oauth::ClientApplication.find_by_app_id(params[:client_id])
+    permissions  =   params[:permissions]
     access_grant =   Oauth::AccessGrant.where( :user_id => current_user.id, :application_id => application.id).first
     access_grant ||= Oauth::AccessGrant.create(:user => current_user,       :application => application)
+    access_grant.update_attributes(:permissions => permissions) if access_grant.permissions != permissions
     redirect_to access_grant.redirect_uri_for(params[:redirect_uri])
   end
 
@@ -57,6 +60,13 @@ class Oauth::AuthController < ApplicationController
     Oauth::AccessGrant.where(:application_id => @client_app.id, :user_id => user.id).present?
   end
 
+  def scope_from_params(params)
+    requested_scope = (params[:scope]||[]).map(&:downcase)
+    default_scope   = ::Opro.request_permissions.map(&:to_s).map(&:downcase)
+    return default_scope if requested_scope.blank?
+    requested_scope & default_scope
+  end
+
 
   # We're verifying that a post was made from our own site, indicating a user confirmed via form
   def user_authorizes_the_request?(request)

data/app/controllers/oauth/tests_controller.rb

@@ -23,6 +23,23 @@ class Oauth::TestsController < ApplicationController
     end
   end
 
+  def create
+    result = if valid_oauth?
+      {:status => 200, :message => 'OAuth Worked!!', :params => params, :user_id => oauth_user.id }
+    else
+      {:status => 401, :message => "OAuth Did not Work D:  #{generate_oauth_error_message!}", :params => params}
+    end
+
+    respond_to do |format|
+      format.html do
+        render :text => result.to_json,   :status => result[:status], :layout => true
+      end
+      format.json do
+        render :json => result, :status => result[:status]
+      end
+    end
+  end
+
   def destroy
     result = if valid_oauth?
       {:status => 200, :message => 'OHNO!!! OAuth is Disabled on this Action, this is bad', :params => params}
@@ -44,9 +61,20 @@ class Oauth::TestsController < ApplicationController
 
   def generate_oauth_error_message!
     msg = ""
-    msg << ' - No OAuth Token Provided!'  if params[:access_token].blank?
-    msg << ' - Allow OAuth set to false!' if allow_oauth? == false
-    msg << ' - OAuth user not found!'     if oauth_user.blank?
+    msg << ' - No OAuth Token Provided!'    if params[:access_token].blank?
+    msg << ' - Allow OAuth set to false!'   if allow_oauth? == false
+    msg << ' - OAuth user not found!'       if oauth_user.blank?
+    generate_oauth_permissions_error_message!(msg)
+    msg
+  end
+
+  def generate_oauth_permissions_error_message!(msg = '')
+    if !oauth_client_has_permissions?
+      msg << ' - OAuth client not permitted'
+      oauth_required_permissions.each do |permission|
+        msg << "- #{permission} permission required;" unless oauth_client_has_permission?(permission)
+      end
+    end
     msg
   end
 

data/app/controllers/opro_application_controller.rb

@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
 
   # Any code that would/should go into ApplicationController is
-  # no in lib/opro/conrollers/application_controller_helper.rb
+  # now in lib/opro/conrollers/application_controller_helper.rb
   # it is loaded into ApplicationController in lib/opro/engine.rb
   # thanks for visiting, come back soon
 

data/app/models/oauth/access_grant.rb

@@ -12,13 +12,23 @@ class Oauth::AccessGrant < ActiveRecord::Base
 
   alias_attribute :token, :access_token
 
+  serialize :permissions, Hash
+
+  def can?(value)
+    permissions[value.to_s]
+  end
+
   def self.prune!
     # UPDATEME
     # delete_all(["created_at < ?", 3.days.ago])
   end
 
+  def self.find_for_token(token)
+    self.where(:access_token => token).includes(:user, :client_application).first
+  end
+
   def self.find_user_for_token(token)
-    self.where(:access_token => token).first.try(:user)
+    find_app_for_token.try(:user)
   end
 
   def self.authenticate(code, application_id)

data/app/models/oauth/client_application.rb

@@ -10,6 +10,10 @@ class Oauth::ClientApplication < ActiveRecord::Base
   alias_attribute :client_secret, :app_secret
   alias_attribute :secret,        :app_secret
 
+  serialize :permissions, Hash
+
+
+
   def self.authenticate(app_id, app_secret)
     where(["app_id = ? AND app_secret = ?", app_id, app_secret]).first
   end

data/app/views/oauth/auth/new.html.erb

@@ -1,8 +1,28 @@
-<h2><%= @client_app.name %> Would like to access your Data</h2>
-Do not accept if you do not know them or you would not like to authorize this url: <%= @redirect_uri %>
+<h2>Authorization Request</h2>
+
+
+<p>
+<%= @client_app.name %>  would like to access your Data. Only accept if you know them, you will then be redirected back to: "<%= @redirect_uri %>".
+</p>
 
 <%= form_for @client_app, :url => oauth_authorize_path(:client_id => @client_app.client_id, :redirect_uri => @redirect_uri), :method => :post do |f| %>
-  <%= f.submit 'I Authorize This Application', :id => 'oauthAuthorize' %>
+
+
+I Authorize <%= @client_app.name %> to:
+
+
+  <ul>
+
+    <li><%= check_box_tag 'permissions[read]', 1, true, {:disabled => true} %> Read</li>
+
+    <% @scopes.each do |permission| %>
+      <% is_checked =  @client_app.permissions.key?(permission) ? @client_app.permissions[permission] : true %>
+      <li><%= check_box_tag "permissions[#{permission}]", 1, is_checked %> <%= permission.capitalize %></li>
+    <% end %>
+  </ul>
+
+  <%= f.submit 'Authorize This Application', :id => 'oauthAuthorize' %>
 <%- end -%>
 
-<%= button_to 'I Do Not Authorize This Application', request.referrer, :id => 'oauthNoAuthorize' %>
+<%= button_to 'Decline this Request', request.referrer, :id => 'oauthNoAuthorize' %>
+

data/app/views/oauth/tests/index.html.erb

@@ -15,7 +15,7 @@
 <h2>Test OAuth Disallow</h2>
 <p>
   If you send a valid OAuth request using the 'DELETE' HTTP method to <%=  oauth_test_path(:show_me_the_money) %> you should see a response like below.</p>
-  <%= button_to oauth_test_path(:show_me_the_money), oauth_test_path(:show_me_the_money), :method => :delete %>
+  <%= button_to oauth_test_path(:show_me_the_money), oauth_test_path(:show_me_the_money), :method => :delete, :id => 'deleteButton' %>
   <pre><code><%= {:status => 401, :message => 'Oauth is Disabled on this Action, this is the correct result!', :params => {:id => 'show_me_the_money', :access_token => '3948fuAlo10gnsu'}}.to_json %></code></pre>
 
 <p>

data/lib/generators/active_record/templates/access_grants.rb

@@ -1,12 +1,13 @@
 class CreateOproAccessGrants < ActiveRecord::Migration
   def change
-    create_table :opro_access_grants do |t|
-      t.string   :code
-      t.string   :access_token
-      t.string   :refresh_token
-      t.datetime :access_token_expires_at
-      t.integer  :user_id
-      t.integer  :application_id
+    create_table  :opro_access_grants do |t|
+      t.string    :code
+      t.string    :access_token
+      t.string    :refresh_token
+      t.text      :permissions
+      t.datetime  :access_token_expires_at
+      t.integer   :user_id
+      t.integer   :application_id
 
       t.timestamps
     end

data/lib/generators/active_record/templates/client_applications.rb

@@ -4,6 +4,7 @@ class CreateOproClientApplications < ActiveRecord::Migration
       t.string  :name
       t.string  :app_id
       t.string  :app_secret
+      t.text    :permissions
       t.integer :user_id
       t.timestamps
     end

data/lib/generators/templates/opro.rb

@@ -1,4 +1,10 @@
 Opro.setup do |config|
-  ## Uncomment to configure devise
-  # config.auth_strategy = :devise
+  ## Configure the auth_strategy or use set :login_method, :logout_method, & :authenticate_user_method
+  config.auth_strategy = :devise
+
+  ## Add or remove application permissions
+    # Read permission is turned on by default (any request with [GET])
+    # Write permission is requestable by default (any request other than [GET])
+    # Custom permissions can be configured by adding them to the request_permissions Array and configuring require_oauth_permissions in the controller
+  config.request_permissions = [:write]
 end

data/lib/opro.rb

@@ -1,7 +1,9 @@
 module Opro
-
   module Controllers
+    module Concerns
+    end
   end
+
   # Include helpers in the given scope to AC and AV.
   def self.include_helpers(scope)
     ActiveSupport.on_load(:action_controller) do
@@ -39,7 +41,7 @@ module Opro
     logout_method.call(*args)
   end
 
-
+  # Used by set_login_logout_methods to pre-define login, logout, and authenticate methods
   def self.auth_strategy(auth_strategy = nil)
     if auth_strategy.present?
       @auth_strategy = auth_strategy
@@ -61,6 +63,14 @@ module Opro
     end
   end
 
+  def self.request_permissions=(permissions)
+    @request_permissions = permissions
+  end
+
+  def self.request_permissions
+    @request_permissions || []
+  end
+
 
   def self.logout_method(&block)
     if block.present?
@@ -79,8 +89,7 @@ module Opro
   end
 end
 
-# require 'opro/controller/concerns/render_redirect'
-# require 'opro/controller/concerns/steps'
-# require 'opro/controller/concerns/path'
+require 'opro/controllers/concerns/error_messages'
+require 'opro/controllers/concerns/permissions'
 require 'opro/controllers/application_controller_helper'
 require 'opro/engine'

data/lib/opro/controllers/application_controller_helper.rb

@@ -5,6 +5,9 @@ module Opro
     module ApplicationControllerHelper
       extend ActiveSupport::Concern
 
+      include Opro::Controllers::Concerns::Permissions
+      include Opro::Controllers::Concerns::ErrorMessages
+
       included do
         around_filter      :oauth_auth!
         skip_before_filter :verify_authenticity_token, :if => :valid_oauth?
@@ -23,6 +26,7 @@ module Opro
           prepend_before_filter :disallow_oauth,  options
           skip_before_filter    :allow_oauth,     options
         end
+
       end
 
       protected
@@ -31,6 +35,11 @@ module Opro
         @use_oauth ||= false
       end
 
+      # returns boolean if oauth request
+      def valid_oauth?
+        oauth? && oauth_user.present? && oauth_client_has_permissions?
+      end
+
       def disallow_oauth
         @use_oauth = false
       end
@@ -43,12 +52,16 @@ module Opro
         allow_oauth? && params[:access_token].present?
       end
 
-      def oauth_user
-        @oauth_user ||= Oauth::AccessGrant.find_user_for_token(params[:access_token])
+      def oauth_access_grant
+        @oauth_access_grant ||= Oauth::AccessGrant.find_for_token(params[:access_token])
       end
 
-      def valid_oauth?
-        oauth? && oauth_user.present?
+      def oauth_client_app
+        @oauth_client_app   ||= oauth_access_grant.client_application
+      end
+
+      def oauth_user
+        @oauth_user         ||= oauth_access_grant.user
       end
 
       def oauth_auth!

data/lib/opro/controllers/concerns/error_messages.rb

@@ -0,0 +1,23 @@
+module Opro::Controllers::Concerns::ErrorMessages
+  extend ActiveSupport::Concern
+
+  def generate_oauth_error_message!
+    msg = ""
+    msg << ' - No OAuth Token Provided!'    if params[:access_token].blank?
+    msg << ' - Allow OAuth set to false!'   if allow_oauth? == false
+    msg << ' - OAuth user not found!'       if oauth_user.blank?
+    msg = generate_oauth_permissions_error_message!(msg)
+    msg
+  end
+
+  def generate_oauth_permissions_error_message!(msg = '')
+    if !oauth_client_has_permissions?
+      msg << ' - OAuth client not permitted'
+      oauth_required_permissions.each do |permission|
+        msg << "- #{permission} permission required;" unless oauth_client_has_permission?(permission)
+      end
+    end
+    msg
+  end
+
+end

data/lib/opro/controllers/concerns/permissions.rb

@@ -0,0 +1,89 @@
+module Opro::Controllers::Concerns::Permissions
+  extend ActiveSupport::Concern
+
+  # By default :write permission is required if included in Opro.request_permissions
+  # returns Array
+  def global_oauth_required_permissions
+     [:write] & Opro.request_permissions
+  end
+
+  # returns Array of permissions required for controller action
+  def oauth_required_permissions
+    (@oauth_required_permissions || global_oauth_required_permissions) - skip_oauth_required_permissions
+  end
+
+  def skip_oauth_required_permissions
+    @skip_oauth_required_permissions ||= []
+  end
+
+  def skip_oauth_required_permission(permission)
+    @skip_oauth_required_permissions << permission
+    @skip_oauth_required_permissions
+  end
+
+  def add_oauth_required_permission(permission)
+    @oauth_required_permissions ||= global_oauth_required_permissions
+    @oauth_required_permissions << permission
+  end
+
+  # Checks to make sure client has given permission
+  # permission checks can be extended by creating methods
+  # oauth_client_can_:method? so to over-write a default check for
+  # :write permission, you would need to define oauth_client_can_write?
+  def oauth_client_has_permissions?
+    permissions_valid_array = []
+    oauth_required_permissions.each do |permission|
+      permissions_valid_array << oauth_client_has_permission?(permission)
+    end
+
+    return true unless permissions_valid_array.include?(false)
+    false
+  end
+
+  def oauth_client_has_permission?(permission)
+    oauth_permission_method = "oauth_client_can_#{permission}?".to_sym
+    if respond_to?(oauth_permission_method)
+      has_permission = method(oauth_permission_method).call
+    else
+      has_permission = oauth_access_grant.can?(permission.to_sym)
+    end
+    has_permission
+  end
+
+  # Returns boolean
+  # if client has been granted write permissions or request is a 'GET' returns true
+  def oauth_client_can_write?
+    return true if env['REQUEST_METHOD'] == 'GET'
+    return true if oauth_access_grant.can?(:write)
+    false
+  end
+
+
+  module ClassMethods
+
+    def skip_oauth_permissions(*args)
+      options     = args.last.is_a?(Hash) ? callbacks.pop : {}
+      permissions = args
+      prepend_before_filter(options) do
+        permissions.each do |permission|
+          controller.skip_oauth_required_permission(permission)
+        end
+      end
+    end
+    alias :skip_oauth_permission :skip_oauth_permissions
+
+    # pass in array of permissions to be validated, add options to pass to filter
+    def require_oauth_permissions(*args)
+      options     = args.last.is_a?(Hash) ? args.pop : {}
+      permissions = args
+      prepend_before_filter(options) do
+        permissions.each do |permission|
+          raise "You must add #{permission.inspect} to the Opro request_permissions in an initializer" unless Opro.request_permissions.include?(permission)
+          controller.add_oauth_required_permission(permission)
+        end
+      end
+    end
+    alias :require_oauth_permission :require_oauth_permissions
+  end
+
+end

data/opro.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "opro"
-  s.version = "0.0.1.pre1.0.2"
+  s.version = "0.0.1"
 
-  s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["schneems"]
-  s.date = "2012-04-13"
+  s.date = "2012-06-14"
   s.description = " Enable OAuth clients (iphone, android, web sites, etc.) to access and use your Rails application, what you do with it is up to you"
   s.email = "richard.schneeman@gmail.com"
   s.extra_rdoc_files = [
@@ -48,15 +48,20 @@ Gem::Specification.new do |s|
     "lib/generators/templates/opro.rb",
     "lib/opro.rb",
     "lib/opro/controllers/application_controller_helper.rb",
+    "lib/opro/controllers/concerns/error_messages.rb",
+    "lib/opro/controllers/concerns/permissions.rb",
     "lib/opro/engine.rb",
     "opro.gemspec",
+    "test/controllers/permissions_test.rb",
     "test/dummy/Rakefile",
     "test/dummy/app/controllers/application_controller.rb",
     "test/dummy/app/controllers/pages_controller.rb",
+    "test/dummy/app/controllers/products_controller.rb",
     "test/dummy/app/helpers/application_helper.rb",
     "test/dummy/app/models/user.rb",
     "test/dummy/app/views/layouts/application.html.erb",
     "test/dummy/app/views/pages/index.html.erb",
+    "test/dummy/app/views/products/create.html.erb",
     "test/dummy/config.ru",
     "test/dummy/config/application.rb",
     "test/dummy/config/boot.rb",
@@ -76,8 +81,8 @@ Gem::Specification.new do |s|
     "test/dummy/config/locales/en.yml",
     "test/dummy/config/routes.rb",
     "test/dummy/db/migrate/20120408163038_devise_create_users.rb",
-    "test/dummy/db/migrate/20120408165729_create_opro_access_grants.rb",
-    "test/dummy/db/migrate/20120408165730_create_opro_client_applications.rb",
+    "test/dummy/db/migrate/20120514060322_create_opro_access_grants.rb",
+    "test/dummy/db/migrate/20120514060323_create_opro_client_applications.rb",
     "test/dummy/db/schema.rb",
     "test/dummy/public/404.html",
     "test/dummy/public/422.html",
@@ -112,6 +117,7 @@ Gem::Specification.new do |s|
       s.add_runtime_dependency(%q<activesupport>, [">= 3.0.7"])
       s.add_runtime_dependency(%q<rails>, [">= 3.0.7"])
       s.add_runtime_dependency(%q<bluecloth>, [">= 0"])
+      s.add_development_dependency(%q<mocha>, [">= 0"])
       s.add_development_dependency(%q<jeweler>, ["~> 1.6.4"])
       s.add_development_dependency(%q<bundler>, [">= 1.1.3"])
       s.add_development_dependency(%q<capybara>, [">= 0.4.0"])
@@ -124,6 +130,7 @@ Gem::Specification.new do |s|
       s.add_dependency(%q<activesupport>, [">= 3.0.7"])
       s.add_dependency(%q<rails>, [">= 3.0.7"])
       s.add_dependency(%q<bluecloth>, [">= 0"])
+      s.add_dependency(%q<mocha>, [">= 0"])
       s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
       s.add_dependency(%q<bundler>, [">= 1.1.3"])
       s.add_dependency(%q<capybara>, [">= 0.4.0"])
@@ -137,6 +144,7 @@ Gem::Specification.new do |s|
     s.add_dependency(%q<activesupport>, [">= 3.0.7"])
     s.add_dependency(%q<rails>, [">= 3.0.7"])
     s.add_dependency(%q<bluecloth>, [">= 0"])
+    s.add_dependency(%q<mocha>, [">= 0"])
     s.add_dependency(%q<jeweler>, ["~> 1.6.4"])
     s.add_dependency(%q<bundler>, [">= 1.1.3"])
     s.add_dependency(%q<capybara>, [">= 0.4.0"])

data/test/controllers/permissions_test.rb

@@ -0,0 +1,27 @@
+require 'test_helper'
+
+class Oauth::TestsControllerTest < ActionController::TestCase
+  tests Oauth::TestsController
+  include Devise::TestHelpers
+
+  setup do
+    @user         = create_user
+    @auth_grant   = create_auth_grant_for_user(@user)
+  end
+
+  test "access_token with write ability can :POST" do
+    permissions = {'write' => true}
+    @auth_grant.update_attributes(:permissions => permissions)
+
+    post :create, access_token: @auth_grant.access_token, format: :json
+    assert_response :success
+  end
+
+
+  test "access_token with NO write ability can NOT POST" do
+    permissions = {:write => false}
+    @auth_grant.update_attributes(:permissions => permissions)
+    post :create, access_token: @auth_grant.access_token, format: :json
+    assert_response 401
+  end
+end

data/test/dummy/app/controllers/products_controller.rb

@@ -0,0 +1,8 @@
+class ProductsController < ApplicationController
+  protect_from_forgery
+
+  def create
+    # stub route
+  end
+
+end

data/test/dummy/app/views/pages/index.html.erb

@@ -1 +1,2 @@
-Home
+Home
+

data/test/dummy/app/views/products/create.html.erb

@@ -0,0 +1 @@
+Worked

data/test/dummy/config/initializers/opro.rb

@@ -1,4 +1,10 @@
 Opro.setup do |config|
-  ## Uncomment to configure devise
+  ## Configure the auth_strategy or use set :login_method, :logout_method, & :authenticate_user_method
   config.auth_strategy = :devise
+
+  ## Add or remove application permissions
+    # Read permission is turned on by default (any request with [GET])
+    # Write permission is requestable by default (any request other than [GET])
+    # Custom permissions can be configured by adding them to the request_permissions Array and configuring require_oauth_permissions in the controller
+  config.request_permissions = [:write]
 end

data/test/dummy/config/routes.rb

@@ -4,6 +4,8 @@ Dummy::Application.routes.draw do
   resources :foo
   resources :bar
 
+  resources :products
+
   # The priority is based upon order of creation:
   # first created -> highest priority.
 

data/test/dummy/db/migrate/20120514060322_create_opro_access_grants.rb

@@ -0,0 +1,15 @@
+class CreateOproAccessGrants < ActiveRecord::Migration
+  def change
+    create_table  :opro_access_grants do |t|
+      t.string    :code
+      t.string    :access_token
+      t.string    :refresh_token
+      t.text      :permissions
+      t.datetime  :access_token_expires_at
+      t.integer   :user_id
+      t.integer   :application_id
+
+      t.timestamps
+    end
+  end
+end

data/test/dummy/db/migrate/{20120408165730_create_opro_client_applications.rb → 20120514060323_create_opro_client_applications.rb}

@@ -4,6 +4,7 @@ class CreateOproClientApplications < ActiveRecord::Migration
       t.string  :name
       t.string  :app_id
       t.string  :app_secret
+      t.text    :permissions
       t.integer :user_id
       t.timestamps
     end

data/test/dummy/db/schema.rb

@@ -11,12 +11,13 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20120408165730) do
+ActiveRecord::Schema.define(:version => 20120514060323) do
 
   create_table "opro_access_grants", :force => true do |t|
     t.string   "code"
     t.string   "access_token"
     t.string   "refresh_token"
+    t.text     "permissions"
     t.datetime "access_token_expires_at"
     t.integer  "user_id"
     t.integer  "application_id"
@@ -28,9 +29,10 @@ ActiveRecord::Schema.define(:version => 20120408165730) do
     t.string   "name"
     t.string   "app_id"
     t.string   "app_secret"
+    t.text     "permissions"
     t.integer  "user_id"
-    t.datetime "created_at", :null => false
-    t.datetime "updated_at", :null => false
+    t.datetime "created_at",  :null => false
+    t.datetime "updated_at",  :null => false
   end
 
   create_table "users", :force => true do |t|

data/test/integration/auth_controller_test.rb

@@ -2,22 +2,36 @@ require 'test_helper'
 
 class AuthControllerTest < ActiveSupport::IntegrationCase
 
+  setup do
+    @app           = create_client_app
+    @user          = create_user
+    @redirect_uri  = '/'
+  end
+
   test 'auth entry point should not be accessable to logged OUT users' do
-    visit oauth_new_path
+    visit oauth_new_path(:client_id => @app.client_id, :redirect_uri => '/')
     assert_equal '/users/sign_in', current_path
   end
 
-  test 'auth entry point is accessable to logged IN users' do
-    app           = create_client_app
-    user          = create_user
-    redirect_uri  = '/'
+  test 'auth entry point is accessible to logged IN users' do
 
-    as_user(user).visit oauth_new_path(:client_id => app.client_id, :redirect_uri => redirect_uri)
+    as_user(@user).visit oauth_new_path(:client_id => @app.client_id, :redirect_uri => @redirect_uri)
 
     assert_equal '/oauth/new', current_path
 
     click_button 'oauthAuthorize'
-    assert_equal '/', current_path
-    assert Oauth::AccessGrant.where(:user_id => user.id, :application_id => app.id).present?
+    access_grant = Oauth::AccessGrant.where(:user_id => @user.id, :application_id => @app.id).first
+    assert_equal @redirect_uri, current_path
+    assert access_grant.present?
+    assert access_grant.can?(:write) # write access is checked by default
+  end
+
+  test 'user can remove permissions' do
+    as_user(@user).visit oauth_new_path(:client_id => @app.client_id, :redirect_uri => @redirect_uri)
+
+    uncheck('permissions_write') # uncheck write access
+    click_button 'oauthAuthorize'
+    access_grant = Oauth::AccessGrant.where(:user_id => @user.id, :application_id => @app.id).first
+    refute access_grant.can?(:write)
   end
 end

data/test/test_helper.rb

@@ -2,13 +2,11 @@
 ENV["RAILS_ENV"] = "test"
 
 
-
 ENGINE_RAILS_ROOT=File.join(File.dirname(__FILE__), '../')
 require File.expand_path("../dummy/config/environment.rb",  __FILE__)
 require "rails/test_help"
 
-
-
+require 'mocha'
 
 ActionMailer::Base.delivery_method = :test
 ActionMailer::Base.perform_deliveries = true

metadata

@@ -1,19 +1,19 @@
 --- !ruby/object:Gem::Specification
 name: opro
 version: !ruby/object:Gem::Version
-  version: 0.0.1.pre1.0.2
-  prerelease: 6
+  version: 0.0.1
+  prerelease: 
 platform: ruby
 authors:
 - schneems
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-13 00:00:00.000000000Z
+date: 2012-06-14 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: &70160889026080 !ruby/object:Gem::Requirement
+  requirement: &70350386690460 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
         version: 3.0.7
   type: :runtime
   prerelease: false
-  version_requirements: *70160889026080
+  version_requirements: *70350386690460
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70160889025500 !ruby/object:Gem::Requirement
+  requirement: &70350386683340 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: 3.0.7
   type: :runtime
   prerelease: false
-  version_requirements: *70160889025500
+  version_requirements: *70350386683340
 - !ruby/object:Gem::Dependency
   name: bluecloth
-  requirement: &70160889024900 !ruby/object:Gem::Requirement
+  requirement: &70350386682740 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +43,21 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70160889024900
+  version_requirements: *70350386682740
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: &70350386682120 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70350386682120
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &70160889024280 !ruby/object:Gem::Requirement
+  requirement: &70350386681480 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -54,10 +65,10 @@ dependencies:
         version: 1.6.4
   type: :development
   prerelease: false
-  version_requirements: *70160889024280
+  version_requirements: *70350386681480
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &70160889023620 !ruby/object:Gem::Requirement
+  requirement: &70350386680760 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +76,10 @@ dependencies:
         version: 1.1.3
   type: :development
   prerelease: false
-  version_requirements: *70160889023620
+  version_requirements: *70350386680760
 - !ruby/object:Gem::Dependency
   name: capybara
-  requirement: &70160889023000 !ruby/object:Gem::Requirement
+  requirement: &70350386679900 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -76,10 +87,10 @@ dependencies:
         version: 0.4.0
   type: :development
   prerelease: false
-  version_requirements: *70160889023000
+  version_requirements: *70350386679900
 - !ruby/object:Gem::Dependency
   name: sqlite3
-  requirement: &70160889003480 !ruby/object:Gem::Requirement
+  requirement: &70350386678780 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,10 +98,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70160889003480
+  version_requirements: *70350386678780
 - !ruby/object:Gem::Dependency
   name: launchy
-  requirement: &70160889002560 !ruby/object:Gem::Requirement
+  requirement: &70350386678200 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -98,10 +109,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70160889002560
+  version_requirements: *70350386678200
 - !ruby/object:Gem::Dependency
   name: devise
-  requirement: &70160889001680 !ruby/object:Gem::Requirement
+  requirement: &70350386677300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -109,10 +120,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70160889001680
+  version_requirements: *70350386677300
 - !ruby/object:Gem::Dependency
   name: rcov
-  requirement: &70160889000620 !ruby/object:Gem::Requirement
+  requirement: &70350386676560 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -120,10 +131,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70160889000620
+  version_requirements: *70350386676560
 - !ruby/object:Gem::Dependency
   name: simplecov
-  requirement: &70160888999860 !ruby/object:Gem::Requirement
+  requirement: &70350386675920 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -131,7 +142,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70160888999860
+  version_requirements: *70350386675920
 description: ! ' Enable OAuth clients (iphone, android, web sites, etc.) to access
   and use your Rails application, what you do with it is up to you'
 email: richard.schneeman@gmail.com
@@ -172,15 +183,20 @@ files:
 - lib/generators/templates/opro.rb
 - lib/opro.rb
 - lib/opro/controllers/application_controller_helper.rb
+- lib/opro/controllers/concerns/error_messages.rb
+- lib/opro/controllers/concerns/permissions.rb
 - lib/opro/engine.rb
 - opro.gemspec
+- test/controllers/permissions_test.rb
 - test/dummy/Rakefile
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/controllers/pages_controller.rb
+- test/dummy/app/controllers/products_controller.rb
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/models/user.rb
 - test/dummy/app/views/layouts/application.html.erb
 - test/dummy/app/views/pages/index.html.erb
+- test/dummy/app/views/products/create.html.erb
 - test/dummy/config.ru
 - test/dummy/config/application.rb
 - test/dummy/config/boot.rb
@@ -200,8 +216,8 @@ files:
 - test/dummy/config/locales/en.yml
 - test/dummy/config/routes.rb
 - test/dummy/db/migrate/20120408163038_devise_create_users.rb
-- test/dummy/db/migrate/20120408165729_create_opro_access_grants.rb
-- test/dummy/db/migrate/20120408165730_create_opro_client_applications.rb
+- test/dummy/db/migrate/20120514060322_create_opro_access_grants.rb
+- test/dummy/db/migrate/20120514060323_create_opro_client_applications.rb
 - test/dummy/db/schema.rb
 - test/dummy/public/404.html
 - test/dummy/public/422.html
@@ -237,13 +253,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -3455292628874218809
+      hash: -2087592437685873043
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ! '>'
+  - - ! '>='
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.10

data/test/dummy/db/migrate/20120408165729_create_opro_access_grants.rb

@@ -1,14 +0,0 @@
-class CreateOproAccessGrants < ActiveRecord::Migration
-  def change
-    create_table :opro_access_grants do |t|
-      t.string   :code
-      t.string   :access_token
-      t.string   :refresh_token
-      t.datetime :access_token_expires_at
-      t.integer  :user_id
-      t.integer  :application_id
-
-      t.timestamps
-    end
-  end
-end