releaf-permissions 0.2.1

data/app/views/releaf/permissions/sessions/new.html.haml

@@ -0,0 +1,14 @@
+.container
+  .box
+    .logo
+    = form_for resource, as: resource_name, builder: Releaf::Builders::FormBuilder, url: session_path(resource_name), html: {class: "login"} do |f|
+      - if params[:redirect_to]
+        = hidden_field_tag :redirect_to, params[:redirect_to]
+      .field
+        %label{for: :email}= t("Email", scope: 'admin.sessions')
+        = f.email_field :email, autofocus: "autofocus", id: :email, class: "text"
+      .field
+        %label{for: :password}= t("Password", scope: 'admin.sessions')
+        = f.password_field :password, id: :password, class: "text"
+      .field
+        %button.button{type: "submit"}= t("Sign in", scope: 'admin.sessions')

data/lib/releaf-permissions.rb

@@ -0,0 +1,32 @@
+require 'releaf/permissions/engine'
+
+module Releaf::Permissions
+  extend ActiveSupport::Concern
+
+  included do
+    before_filter :authenticate!, :verify_controller_access!, :set_locale
+  end
+
+  # set locale for interface translating from current admin user
+  def set_locale
+    I18n.locale = access_control.user.locale
+  end
+
+  def layout_settings(key)
+    access_control.user.try(:settings).try(:[], key)
+  end
+
+  def authenticate!
+    access_control.authenticate!
+  end
+
+  def verify_controller_access!
+    unless access_control.controller_permitted?(access_control.current_controller_name)
+      raise Releaf::Core::AccessDenied.new(access_control.current_controller_name)
+    end
+  end
+
+  def access_control
+    @access_control ||= Releaf::Permissions::AccessControl.new(controller: self)
+  end
+end

data/lib/releaf/permissions/builders_autoload.rb

@@ -0,0 +1,11 @@
+root_path = File.expand_path('../..', File.dirname(__dir__))
+files = %w(
+  roles/form_builder
+  roles/table_builder
+  users/form_builder
+  users/table_builder
+  profile/form_builder
+)
+files.each do|file|
+ require "#{root_path}/app/builders/releaf/permissions/#{file}"
+end

data/lib/releaf/permissions/devise_component.rb

@@ -0,0 +1,8 @@
+module Releaf::Permissions::DeviseComponent
+  def self.draw_component_routes router
+    router.devise_for Releaf.application.config.devise_for, path: "", controllers: { sessions: "releaf/permissions/sessions" }
+    router.namespace :releaf, path: nil do
+      router.root to: "permissions/home#home", as: :root
+    end
+  end
+end

data/lib/releaf/permissions/engine.rb

@@ -0,0 +1,24 @@
+require 'devise'
+
+module Releaf::Permissions
+  require 'releaf/permissions/devise_component'
+  require 'releaf/permissions/profile_component'
+  require 'releaf/permissions/roles_component'
+  require 'releaf/permissions/users_component'
+  require 'releaf/permissions/builders_autoload'
+
+  class Engine < ::Rails::Engine
+    initializer 'precompile', group: :all do |app|
+      app.config.assets.precompile += %w(releaf/controllers/releaf/permissions/*)
+    end
+  end
+
+  def self.components
+    [
+      Releaf::Permissions::DeviseComponent,
+      Releaf::Permissions::RolesComponent,
+      Releaf::Permissions::UsersComponent,
+      Releaf::Permissions::ProfileComponent
+    ]
+  end
+end

data/lib/releaf/permissions/profile_component.rb

@@ -0,0 +1,9 @@
+module Releaf::Permissions::ProfileComponent
+  def self.draw_component_routes router
+    router.namespace :releaf, path: nil do
+      router.get "profile", to: "permissions/profile#edit", as: :permissions_user_profile
+      router.patch "profile", to: "permissions/profile#update"
+      router.post "profile/settings", to: "permissions/profile#settings", as: :permissions_user_profile_settings
+    end
+  end
+end

data/lib/releaf/permissions/roles_component.rb

@@ -0,0 +1,7 @@
+module Releaf::Permissions::RolesComponent
+  extend Releaf::Core::Component
+
+  def self.draw_component_routes router
+    resource_route(router, :permissions, :roles)
+  end
+end

data/lib/releaf/permissions/users_component.rb

@@ -0,0 +1,7 @@
+module Releaf::Permissions::UsersComponent
+  extend Releaf::Core::Component
+
+  def self.draw_component_routes(router)
+    resource_route(router, :permissions, :users)
+  end
+end

data/releaf-permissions.gemspec

@@ -0,0 +1,19 @@
+require File.expand_path("../../releaf-core/lib/releaf/version.rb", __FILE__)
+
+Gem::Specification.new do |s|
+  s.name        = "releaf-permissions"
+  s.version     = Releaf::VERSION
+
+  s.summary     = "Built-in admin and role support for releaf"
+  s.description = "Admin/role subsystem for releaf"
+  s.authors     = ["CubeSystems"]
+  s.email       = 'info@cubesystems.lv'
+  s.homepage    = 'https://github.com/cubesystems/releaf'
+
+  s.files             = `git ls-files`.split("\n")
+  s.test_files = Dir["spec/**/*"]
+
+  s.add_dependency 'releaf-core', Releaf::VERSION
+  s.add_dependency 'devise'
+
+end

data/spec/builders/profile/form_builder_spec.rb

@@ -0,0 +1,18 @@
+require "rails_helper"
+
+describe Releaf::Permissions::Profile::FormBuilder, type: :class do
+  class FormBuilderTestHelper < ActionView::Base; end
+  let(:template){ FormBuilderTestHelper.new }
+  let(:object){ Releaf::Permissions::User.new }
+  let(:subject){ described_class.new(:resource, object, template, {}) }
+
+  it "inherits Releaf::Permissions::Users::FormBuilder" do
+    expect(described_class.superclass).to eq(Releaf::Permissions::Users::FormBuilder)
+  end
+
+  describe "#field_names" do
+    it "returns name, surname, locale, email, password and password_confirmation as field names array" do
+      expect(subject.field_names).to eq(%w(name surname locale email password password_confirmation))
+    end
+  end
+end

data/spec/builders/roles/form_builder_spec.rb

@@ -0,0 +1,38 @@
+require 'rails_helper'
+
+describe Releaf::Permissions::Roles::FormBuilder, type: :class do
+  class FormBuilderTestHelper < ActionView::Base; end
+  let(:template){ FormBuilderTestHelper.new }
+  let(:object){ Releaf::Permissions::Role.new }
+  let(:subject){ described_class.new(:resource, object, template, {}) }
+
+  describe "#render_default_controller" do
+    it "pass localized controller options to releaf item field" do
+      allow(Releaf.application.config).to receive(:available_controllers)
+        .and_return(["releaf/i18n_database/translations", "releaf/content/nodes"])
+      translated_controllers = {"Releaf/i18n database/translations"=>"releaf/i18n_database/translations", "Releaf/content/nodes"=>"releaf/content/nodes"}
+
+      allow(subject).to receive(:releaf_item_field).with(:default_controller, options: {select_options: translated_controllers}).and_return("x")
+      expect(subject.render_default_controller).to eq("x")
+    end
+  end
+
+  describe "#render_permissions" do
+    it "returns associated set field" do
+      options = {association: {items: "x", field: :permission}}
+      allow(subject).to receive(:permission_items).and_return("x")
+      allow(subject).to receive(:releaf_associated_set_field).with(:permissions, options: options).and_return("y")
+      expect(subject.render_permissions).to eq("y")
+    end
+  end
+
+  describe "#permission_items" do
+    it "returns scoped and translated controller values" do
+      allow(Releaf.application.config).to receive(:available_controllers)
+        .and_return(["releaf/content/nodes", "admin/chapters"])
+      allow(subject).to receive(:t).with("releaf/content/nodes", scope: "admin.controllers").and_return("controller 1")
+      allow(subject).to receive(:t).with("admin/chapters", scope: "admin.controllers").and_return("controller 2")
+      expect(subject.permission_items).to eq("controller.releaf/content/nodes" => "controller 1", "controller.admin/chapters" => "controller 2")
+    end
+  end
+end

data/spec/builders/roles/table_builder_spec.rb

@@ -0,0 +1,29 @@
+require "rails_helper"
+
+describe Releaf::Permissions::Roles::TableBuilder, type: :class do
+  class TableBuilderTestHelper < ActionView::Base; end
+  let(:template){ TableBuilderTestHelper.new }
+  let(:resource_class){ Releaf::Permissions::Role }
+  let(:subject){ described_class.new([], resource_class, template, {}) }
+
+  describe "#column_names" do
+    it "returns name and default_controller as column names array" do
+      expect(subject.column_names).to eq([:name, :default_controller])
+    end
+  end
+
+  describe "#default_controller_content" do
+    context "when default controller is defined for given resource" do
+      it "returns translated value" do
+        allow(I18n).to receive(:t).with("releaf/i18n/database/translations", scope: "admin.controllers").and_return("x")
+        expect(subject.default_controller_content(resource_class.new(default_controller: "releaf/i18n_database/translations"))).to eq("x")
+      end
+    end
+
+    context "when default controller is not defined for given resource" do
+      it "returns dash" do
+        expect(subject.default_controller_content(resource_class.new)).to eq("-")
+      end
+    end
+  end
+end

data/spec/builders/users/form_builder_spec.rb

@@ -0,0 +1,23 @@
+require "rails_helper"
+
+describe Releaf::Permissions::Users::FormBuilder, type: :class do
+  class FormBuilderTestHelper < ActionView::Base; end
+  let(:template){ FormBuilderTestHelper.new }
+  let(:object){ Releaf::Permissions::Role.new }
+  let(:subject){ described_class.new(:resource, object, template, {}) }
+
+  describe "#field_names" do
+    it "returns name, surname, locale, role_id, email, password and password_confirmation as field names array" do
+      expect(subject.field_names).to eq(%w(name surname locale role_id email password password_confirmation))
+    end
+  end
+
+  describe "#render_locale" do
+    it "pass localized controller options to releaf item field" do
+      allow(Releaf.application.config).to receive(:available_admin_locales).and_return(["de", "ze"])
+      allow(subject).to receive(:locale_options).with(["de", "ze"]).and_return(["xx", "yy"])
+      allow(subject).to receive(:releaf_item_field).with(:locale, options: {select_options: ["xx", "yy"]}).and_return("x")
+      expect(subject.render_locale).to eq("x")
+    end
+  end
+end

data/spec/builders/users/table_builder_spec.rb

@@ -0,0 +1,21 @@
+require "rails_helper"
+
+describe Releaf::Permissions::Users::TableBuilder, type: :class do
+  class TableBuilderTestHelper < ActionView::Base; end
+  let(:template){ TableBuilderTestHelper.new }
+  let(:resource_class){ Releaf::Permissions::User }
+  let(:subject){ described_class.new([], resource_class, template, {}) }
+
+  describe "#column_names" do
+    it "returns name, surname, role, email and locale as column names array" do
+      expect(subject.column_names).to eq([:name, :surname, :role, :email, :locale])
+    end
+  end
+
+  describe "#locale_content" do
+    it "returns translated locale" do
+      allow(subject).to receive(:translate_locale).with("de").and_return("deutch")
+      expect(subject.locale_content(resource_class.new(locale: "de"))).to eq("deutch")
+    end
+  end
+end

data/spec/controllers/permissions/home_controller_spec.rb

@@ -0,0 +1,52 @@
+require 'rails_helper'
+
+describe Releaf::Permissions::HomeController do
+
+  describe "GET home" do
+    context "when authorized as user" do
+      login_as_user :user
+
+      before do
+        @role = subject.current_releaf_permissions_user.role
+      end
+
+      it "redirects to users controller" do
+        get :home
+        expect(response).to redirect_to(url_for(action: 'index', controller: @role.default_controller, only_path: true))
+      end
+
+      context "when users default controller doesn't exist" do
+        before do
+          @role.update_attribute(:default_controller, 'non_existing/controllers_name')
+        end
+
+        it "redirects to first available controller" do
+          get :home
+          expect(response).to redirect_to(url_for(action: 'index', controller: "releaf/content/nodes", only_path: true))
+        end
+
+        context "when no releaf controller is available" do
+          before do
+            @role.permissions = []
+            @role.save!
+          end
+
+          it "redirects to root_path" do
+            get :home
+            expect(response).to redirect_to(root_path)
+          end
+        end
+      end
+    end
+
+    context "when authorized as content user" do
+      login_as_user :user
+
+      it "redirects to content controller" do
+        get :home
+        expect(response)
+          .to redirect_to(url_for(action: 'index', controller: subject.current_releaf_permissions_user.role.default_controller, only_path: true))
+      end
+    end
+  end
+end

data/spec/controllers/permissions/profile_controller_spec.rb

@@ -0,0 +1,66 @@
+require 'rails_helper'
+
+describe Releaf::Permissions::ProfileController do
+  let(:another_role){ FactoryGirl.create(:content_role) }
+  let(:user){ subject.current_releaf_permissions_user }
+  login_as_user :user
+
+  describe "#resource_class" do
+    it "returns current releaf user user class" do
+      expect(described_class.new.resource_class).to eq(Releaf::Permissions::User)
+    end
+  end
+
+  describe "PATCH update" do
+    context 'when attributes contain role_id' do
+      it "does not update it" do
+        expect{ patch :update, {resource: {role_id: another_role.id}} }.to_not change{ user.role_id }
+      end
+    end
+
+    context 'with allowed attributes' do
+      it "saves new attributes" do
+        attributes = {
+          "name" => "new name",
+          "surname" => "new surname",
+          "email" => "new.email@example.com",
+          "locale" => "lv"
+        }
+
+        # This is needed in order to get same instance as we expect.
+        # Otherwise we'll get same record, but different instance and test will fail
+        allow( user ).to receive(:becomes).with(Releaf::Permissions::User).and_return(user)
+
+        expect(user).to receive(:update_attributes).with(attributes)
+        patch :update, {resource: attributes}
+      end
+    end
+  end
+
+  describe "PUT settings", db_strategy: :truncation do
+    context 'when params[:settings] is not Hash' do
+      it "has a 422 status code" do
+        put :settings
+        expect(response.status).to eq(422)
+      end
+    end
+
+    context 'when params[:settings] is Hash' do
+      it "has a 200 status code" do
+        put :settings, {settings: {dummy: 'maybe'}}
+        expect(response.status).to eq(200)
+      end
+
+      it "saves given data within current user settings" do
+        put :settings, {settings: {dummy: 'maybe'}}
+        expect(user.settings.dummy).to eq('maybe')
+      end
+
+      it "casts bolean values from strings to booleans" do
+        put :settings, {settings: {be_true: 'true', be_false: 'false'}}
+        expect(user.settings.be_true).to be true
+        expect(user.settings.be_false).to be false
+      end
+    end
+  end
+end

data/spec/controllers/permissions/users_controller_spec.rb

@@ -0,0 +1,28 @@
+require 'rails_helper'
+
+# use Admin::BooksController as it inherit Releaf::BaseController and
+# have no extra methods or overrides
+describe Releaf::Permissions::UsersController do
+  before do
+    sign_in FactoryGirl.create(:user)
+  end
+
+  describe "GET #new" do
+    it "assigns default role" do
+      get :new
+      expect(assigns(:resource).role).to eq(Releaf::Permissions::Role.first)
+    end
+  end
+
+  describe "GET #index" do
+    before do
+      FactoryGirl.create(:content_user, name: "John")
+      FactoryGirl.create(:content_user, name: "Bill", surname: "Green", email: "another@example.com")
+    end
+
+    it "searches by name, surname and email" do
+      get :index, search: "bill green another@example"
+      expect(assigns(:collection).count).to eq(1)
+    end
+  end
+end

data/spec/features/profile_updating_spec.rb

@@ -0,0 +1,35 @@
+require 'rails_helper'
+feature "User profile" do
+  background do
+    auth_as_user(false, FactoryGirl.create(:user, email: "email@example.com"))
+    visit releaf_permissions_user_profile_path
+  end
+
+  scenario "name, surname and locale" do
+    fill_in 'Name',    with: "Edward"
+    fill_in 'Surname', with: "Bat"
+    select "Lv", from: "Locale"
+    click_button 'Save'
+
+    expect(page).to have_css('header .profile .name', text: "Edward Bat")
+  end
+
+  scenario "password and email" do
+    # update
+    fill_in 'Email', with:  "new.email@example.com"
+    fill_in 'Password', with:  "newpassword123", match: :prefer_exact
+    fill_in 'Password confirmation', with:  "newpassword123", match: :prefer_exact
+    click_button 'Save'
+
+    # logout
+    find('body > header form.sign-out button').click
+
+    # login
+    visit releaf_root_path
+    fill_in 'Email',    with:  "new.email@example.com"
+    fill_in 'Password', with:  "newpassword123"
+    click_button 'Sign in'
+
+    expect(page).to have_css('.sign-out')
+  end
+end