oxen_account 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 84189d5dfafb4e4a94047f813901e9a186888127
+  data.tar.gz: 6c6bba07971fd418c69dd12d15a7f911bf60db2a
+SHA512:
+  metadata.gz: 70590d219402889994ea4c8bd4c0191291e13cdd6cd17b4268dffcf6293c492b803899d44fc19c3464e03874886fded2e25782d821a5970e111c8934498a567d
+  data.tar.gz: e8a60b3c3d0c612ffbd20399594c47d8c736850eea1ee11995a2117a3859aeab62d5a323eafa92ce7e99501cdd910928cc8b4233120afede5e54f6eb76a86955

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.rspec

@@ -0,0 +1,3 @@
+--color
+--require spec_helper
+--format documentation

data/.ruby-version

@@ -0,0 +1 @@
+2.2.1

data/.travis.yml

@@ -0,0 +1,3 @@
+language: ruby
+rvm:
+  - 2.2.1

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,13 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or imagery, derogatory comments or personal attacks, trolling, public or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed from the project team.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http:contributor-covenant.org), version 1.0.0, available at [http://contributor-covenant.org/version/1/0/0/](http://contributor-covenant.org/version/1/0/0/)

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in account.gemspec
+gemspec
+
+gem 'abstracted', path: '../abstracted'

data/Guardfile

@@ -0,0 +1,77 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+## Uncomment and set this to only include directories you want to watch
+# directories %w(app lib config test spec features)
+
+## Uncomment to clear the screen before every task
+# clearing :on
+
+## Guard internally checks for changes in the Guardfile and exits.
+## If you want Guard to automatically start up again, run guard in a
+## shell loop, e.g.:
+##
+##  $ while bundle exec guard; do echo "Restarting Guard..."; done
+##
+## Note: if you are using the `directories` clause above and you are not
+## watching the project directory ('.'), then you will want to move
+## the Guardfile to a watched dir and symlink it back, e.g.
+#
+#  $ mkdir config
+#  $ mv Guardfile config/
+#  $ ln -s config/Guardfile .
+#
+# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
+
+# Note: The cmd option is now required due to the increasing number of ways
+#       rspec may be run, below are examples of the most common uses.
+#  * bundler: 'bundle exec rspec'
+#  * bundler binstubs: 'bin/rspec'
+#  * spring: 'bin/rspec' (This will use spring if running and you have
+#                          installed the spring binstubs per the docs)
+#  * zeus: 'zeus rspec' (requires the server to be started separately)
+#  * 'just' rspec: 'rspec'
+
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # Feel free to open issues for suggestions and improvements
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+
+  # Rails files
+  rails = dsl.rails(view_extensions: %w(erb haml slim))
+  dsl.watch_spec_files_for(rails.app_files)
+  dsl.watch_spec_files_for(rails.views)
+
+  watch(rails.controllers) do |m|
+    [
+      rspec.spec.("routing/#{m[1]}_routing"),
+      rspec.spec.("controllers/#{m[1]}_controller"),
+      rspec.spec.("acceptance/#{m[1]}")
+    ]
+  end
+
+  # Rails config changes
+  watch(rails.spec_helper)     { rspec.spec_dir }
+  watch(rails.routes)          { "#{rspec.spec_dir}/routing" }
+  watch(rails.app_controller)  { "#{rspec.spec_dir}/controllers" }
+
+  # Capybara features specs
+  watch(rails.view_dirs)     { |m| rspec.spec.("features/#{m[1]}") }
+
+  # Turnip features and steps
+  watch(%r{^spec/acceptance/(.+)\.feature$})
+  watch(%r{^spec/acceptance/steps/(.+)_steps\.rb$}) do |m|
+    Dir[File.join("**/#{m[1]}.feature")][0] || "spec/acceptance"
+  end
+end

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2015 Walther H Diechmann
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,39 @@
+# OxenAccount
+
+Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/account`. To experiment with that code, run `bin/console` for an interactive prompt.
+
+TODO: Delete this and the text above, and describe your gem
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'account'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install account
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release` to create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/account/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+
+Dir[File.join(File.dirname(__FILE__), 'tasks/**/*.rake')].each {|f| load f }
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+desc "Run all specs in spec directory (excluding plugin specs)"
+#
+# not working in RoR => 4.1 RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare')
+task :default => :spec

data/app/controllers/accounts_controller.rb

@@ -0,0 +1,90 @@
+class AccountsController < AbstractResourcesController
+
+  # before_filter :authenticate_user!
+  # before_filter :set_parents, only: [ :new, :edit, :show ]
+  # before_action :set_account, only: [:show, :edit, :update, :destroy]
+
+  # GET /accounts
+  # GET /accounts.json
+  # def index
+  #   @accounts = Account.all
+  # end
+  # def index
+  #   @resources = policy_scope(Account)
+  #   authorize Account
+  # end
+
+  # GET /accounts/1
+  # GET /accounts/1.json
+  # def show
+  # end
+
+
+  # GET /accounts/new
+  # def new
+  #   @account = Account.new
+  # end
+
+  # GET /accounts/1/edit
+  # def edit
+  # end
+
+  # POST /accounts
+  # POST /accounts.json
+  # def create
+  #   @account = Account.new(account_params)
+  #
+  #   respond_to do |format|
+  #     if @account.save
+  #       format.html { redirect_to @account, notice: 'Account was successfully created.' }
+  #       format.json { render :show, status: :created, location: @account }
+  #     else
+  #       format.html { render :new }
+  #       format.json { render json: @account.errors, status: :unprocessable_entity }
+  #     end
+  #   end
+  # end
+
+  # PATCH/PUT /accounts/1
+  # PATCH/PUT /accounts/1.json
+  # def update
+  #   respond_to do |format|
+  #     if @account.update(account_params)
+  #       format.html { redirect_to @account, notice: 'Account was successfully updated.' }
+  #       format.json { render :show, status: :ok, location: @account }
+  #     else
+  #       format.html { render :edit }
+  #       format.json { render json: @account.errors, status: :unprocessable_entity }
+  #     end
+  #   end
+  # end
+
+  # DELETE /accounts/1
+  # DELETE /accounts/1.json
+  # def destroy
+  #   @account.destroy
+  #   respond_to do |format|
+  #     format.html { redirect_to accounts_url, notice: 'Account was successfully destroyed.' }
+  #     format.json { head :no_content }
+  #   end
+  # end
+
+  private
+    # Use callbacks to share common setup or constraints between actions.
+    # def set_account
+    #   @account = Account.find(params[:id])
+    # end
+
+    # Never trust parameters from the scary internet, only allow the white list through.
+    # def account_params
+    #   params.require(:account).permit(:name)
+    # end
+
+    def resource_params
+      params.require(:account).permit(:name, :active)
+    end
+
+
+
+
+end

data/app/controllers/users/base/invitations_controller.rb

@@ -0,0 +1,61 @@
+class Users::Base::InvitationsController < Devise::InvitationsController
+
+  #
+  # POST /resource/invitation
+  def create
+    self.resource = invite_resource
+    resource_invited = resource.errors.empty?
+
+    yield resource if block_given?
+    if resource_invited
+      # if is_flashing_format? && self.resource.invitation_sent_at
+      #   set_flash_message :notice, :send_instructions, :email => self.resource.email
+      # end
+      render layout: false, status: 200, locals: { result: true }
+    else
+      render layout: false, status: 301, locals: { result: false }
+    #
+    #   respond_with resource, :location => after_invite_path_for(current_inviter)
+    # else
+    #   respond_with_navigational(resource) { render :new }
+    end
+  end
+
+
+  # def update
+  #   if this
+  #     redirect_to root_path
+  #   else
+  #     super
+  #   end
+  # end
+
+  private
+
+    # this is called when creating invitation
+    # should return an instance of resource class
+    def invite_resource
+      ## skip sending emails on invite
+      resource_class.invite!(resource_params, current_user) do |u|
+        # u.skip_invitation = true
+      end
+    end
+
+    def resource_params
+      {email: params[:user][:email], name: params[:user][:name], account_id: params[:user][:account_id] }
+      # params.permit(user: [:name, :email,:invitation_token, :your_params_here])[:user]
+    end
+
+    # this is called when accepting invitation
+    # should return an instance of resource class
+    def accept_resource
+      resource = resource_class.accept_invitation!(update_resource_params)
+      ## Report accepting invitation to analytics
+      # Analytics.report('invite.accept', resource.id)
+      resource
+    end
+
+    # def after_invite_path_for(usr)
+    # end
+
+end

data/app/controllers/users/base/users_controller.rb

@@ -0,0 +1,68 @@
+class Users::Base::UsersController < AbstractResourcesController
+  # before_filter :authenticate_user!
+  # after_action :verify_authorized
+  before_filter :check_user_permissions, only: :create
+
+  # def index
+  #   @users = User.all
+  #   authorize User
+  # end
+  # def index
+  #   @resources = policy_scope(User)
+  #   authorize User
+  # end
+  #
+  # def show
+  #   @user = User.find(params[:id])
+  #   authorize @user
+  # end
+  #
+  # def update
+  #   @user = User.find(params[:id])
+  #   authorize @user
+  #   if @user.update_attributes(secure_params)
+  #     redirect_to users_path, :notice => "User updated."
+  #   else
+  #     redirect_to users_path, :alert => "Unable to update user."
+  #   end
+  # end
+  #
+  # def destroy
+  #   user = User.find(params[:id])
+  #   authorize user
+  #   user.destroy
+  #   redirect_to users_path, :notice => "User deleted."
+  # end
+
+  def update
+    if params[:user][:password].blank? && params[:user][:password].blank?
+      params[:user].delete :password
+      params[:user].delete :password_confirmation
+    end
+    authorize resource
+    resource.max_role = current_user.role
+    if resource.update_attributes(secure_params)
+      redirect_to users_path, :notice => "User updated."
+    else
+      render :edit, :alert => "Unable to update user."
+    end
+
+    # super
+  end
+
+
+  private
+
+    def resource_params
+      secure_params
+    end
+
+    def secure_params
+      params.require(:user).permit(:role,:name,:email,:active,:account_id, :password, :password_confirmation)
+    end
+
+    def check_user_permissions
+      UserPermission.where(email: params[:user][:email]).count == 1
+    end
+
+end

data/app/helpers/accounts_helper.rb

@@ -0,0 +1,7 @@
+module AccountsHelper
+  def invited_user? user
+    # "blue-grey lighten-2"
+    user.invitation_token.nil? ? "" : "invited_user"
+  end
+
+end

data/app/models/account.rb

@@ -0,0 +1,8 @@
+class Account < AbstractResource
+  has_paper_trail
+
+  has_many :users, dependent: :destroy
+
+
+  validates :name, presence: true
+end

data/app/models/user.rb

@@ -0,0 +1,18 @@
+class User < AbstractResource #< ActiveRecord::Base
+  include Roleable
+
+  has_paper_trail
+
+  belongs_to :account
+  has_many :invitations, :class_name => self.to_s, :as => :invited_by
+
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable and :omniauthable
+  devise :invitable, :database_authenticatable, :registerable, :confirmable,
+         :recoverable, :rememberable, :trackable, :validatable, :zxcvbnable
+
+
+  validates :name, presence: true
+
+
+end

data/app/policies/account_policy.rb

@@ -0,0 +1,43 @@
+class AccountPolicy < AbstractResourcePolicy
+
+    class Scope < Scope
+      def resolve
+        if current_user.admin?
+          scope.all
+        else
+          scope.where(id: current_user.account.id)
+        end
+      end
+    end
+
+
+
+  def new?
+    current_user.admin?
+  end
+
+  def index?
+    @current_user.admin? || @current_user.account_admin?
+  end
+
+  def create?
+    @current_user.admin?
+  end
+
+  def show?
+    @current_user.admin? or @current_user.account==@model
+  end
+
+  def edit?
+    @current_user.admin? or @current_user.account==@model
+  end
+
+  def update?
+    @current_user.admin? or @current_user.account==@model
+  end
+
+  def destroy?
+    @current_user.admin?
+  end
+
+end

data/app/policies/user_policy.rb

@@ -0,0 +1,35 @@
+class UserPolicy < AbstractResourcePolicy
+
+  class Scope < Scope
+    def resolve
+      if current_user.admin?
+        scope.all
+      else
+        scope.where(account_id: current_user.account.id)
+      end
+    end
+  end
+
+
+  def index?
+    current_user.admin? || current_user.account_admin?
+  end
+
+  def show?
+    current_user.admin? or current_user.account_admin? or current_user == model
+  end
+
+  def update?
+    current_user.admin? || current_user.account_admin?
+  end
+
+  def create?
+    current_user.admin? || current_user.account_admin?
+  end
+
+  def destroy?
+    return false if @current_user == model
+    current_user.admin? || current_user.account_admin?
+  end
+
+end

data/app/views/accounts/_form.html.haml

@@ -0,0 +1,32 @@
+
+= simple_form_for(resource, html: {class: 'col sl12'} ) do |f|
+  / - if parent?
+  /   = render @parent
+  = f.error_notification
+
+  .form-inputs
+    .row
+      = f.input :name, class: :validate, disabled: @disabled, autofocus: true
+
+    .row
+      .input-field.col.s12
+        %label{ style: "margin-top: -20px"}= t('.account_active')
+        .switch
+          %label
+            = t(:passive)
+            =f.check_box :active, disabled: @disabled
+            %span.lever
+            = t(:active)
+
+    .row
+      .col.sl12{ style: "margin-bottom: 30px"}
+    %hr
+
+  - unless @disabled
+    .row
+      .form-actions.right-align
+        = f.button :submit, t(".#{params[:action]}.submit")
+
+- if %w{ show edit }.include? params[:action]
+  :coffeescript
+    $('form label').addClass('active')

data/app/views/accounts/index.html.haml

@@ -0,0 +1,37 @@
+
+- content_for :title do
+  = t('.title')
+
+.row
+  .col.s12
+    %h3= t('.title')
+    %form{ class: 'col s12', style: "font-size: 1.5em"}
+      .input-field
+        %input.col.s11{ placeholder: "#{ t('.search')}", autofocus:"autofocus", type: "text", name:"account[q]", id:'account_q'}
+        %i.col.s1.mdi-action-search{ style: "font-size: 2em"}
+
+.row
+  .col.s12
+    %table.responsive-table.hoverable.striped
+      %thead
+        %tr
+          %th{ :"data-field"=>"name"}= t('.name')
+          %th{ :"data-field"=>"active"}= t('.active')
+          %th= t(:delete)
+
+      %tbody
+        - @resources.each do |account|
+          %tr{ id: "tr-#{account.id}"}
+            %td= link_to account.name, account
+            %td
+              - if account.active
+                %i.mdi-action-done.small
+            %td
+              = link_to account, class: 'delete_link', data: { url: '/admin/accounts', name: "#{account.name}", id: "#{account.id}", remove: "#tr-#{account.id}" } do
+                %i.mdi-action-delete.small{ title: "#{t('.delete')}"}
+
+    %br
+
+  .row
+    .right-align
+      = link_to t('.new'), new_account_path, class: 'waves-effect waves-light btn' if policy(resource).new?

data/app/views/accounts/index.json.jbuilder

@@ -0,0 +1,4 @@
+json.array!(@accounts) do |account|
+  json.extract! account, :id, :name
+  json.url account_url(account, format: :json)
+end

data/app/views/accounts/show.html.haml

@@ -0,0 +1,16 @@
+- content_for :title do
+  = t( @resource_class.table_name + '.show.title')
+
+- @disabled = true
+
+%h3= t( @resource_class.table_name + '.show.title')
+
+= render 'form'
+
+.right-align
+  = link_to t( @resource_class.table_name + '.actions.edit'), edit_resource_url, class: 'waves-effect waves-light btn'
+  = link_to t( @resource_class.table_name + '.actions.index'), resources_url, class: 'waves-effect waves-light btn'
+
+- if %w{ show }.include? params[:action]
+  = render partial: 'users/account_users'
+  = render partial: 'users/invitations/new', locals: { account_id: resource.id }

data/app/views/accounts/show.json.jbuilder

@@ -0,0 +1 @@
+json.extract! @account, :id, :name, :created_at, :updated_at

data/app/views/devise/confirmations/new.html.haml

@@ -0,0 +1,13 @@
+%h2= t('resend.confirmation.instructions')
+
+= simple_form_for(resource, as: resource_name, url: confirmation_path(resource_name), html: { method: :post }) do |f|
+  = f.error_notification
+  = f.full_error :confirmation_token
+
+  .form-inputs
+    = f.input :email, required: true, autofocus: true
+
+  .form-actions
+    = f.button :submit, t('resend.confirmation.instructions')
+
+= render "devise/shared/links"

data/app/views/devise/mailer/invitation_instructions.html.erb

@@ -0,0 +1,7 @@
+<p><%= t("devise.mailer.invitation_instructions.hello", email: @resource.email) %></p>
+
+<p><%= t("devise.mailer.invitation_instructions.someone_invited_you", url: root_url) %></p>
+
+<p><%= link_to t("devise.mailer.invitation_instructions.accept"), accept_invitation_url(@resource, :invitation_token => @token) %></p>
+
+<p><%= t("devise.mailer.invitation_instructions.ignore").html_safe %></p>