saasy 0.0.1

data/lib/saucy/account_authorization.rb

@@ -0,0 +1,67 @@
+module Saucy
+  module AccountAuthorization
+    extend ActiveSupport::Concern
+
+    included do
+      helper_method :current_account, :current_project, :current_account?, :current_project?
+      include InstanceMethods
+    end
+
+    module InstanceMethods
+      protected
+
+      def current_account
+        ::Account.find_by_keyword!(params[:account_id])
+      end
+
+      def current_project
+        current_account.projects.find_by_keyword!(params[:project_id])
+      end
+
+      def current_project?
+        params[:project_id].present?
+      end
+
+      def current_account?
+        params[:account_id].present?
+      end
+
+      def authorize_admin
+        unless current_user.admin_of?(current_account)
+          deny_access("You must be an admin to access that page.")
+        end
+      end
+
+      def authorize_member
+        unless current_user.member_of?(current_project)
+          deny_access("You do not have permission for this project.")
+        end
+      end
+
+      def ensure_active_account
+        if current_account?
+          if current_account.past_due?
+            redirect_unusable_account account_billing_path(current_account),
+                                      "past_due"
+          end
+          if current_account.expired?
+            redirect_unusable_account edit_account_plan_path(current_account),
+                                      "expired"
+          end
+        end
+      end
+
+      def redirect_unusable_account(path, failure)
+        role = current_user.admin_of?(current_account) ? 'admin' : 'user'
+        flash[:alert] = t("saucy.errors.#{failure}.#{role}")
+        redirect_to path
+      end
+
+      def ensure_account_within_limit(limit_name)
+        if !Limit.can_add_one?(limit_name, current_account)
+          redirect_to :back, :alert => t("saucy.errors.limited", :default => "You are at your limit of %{name} for your current plan.", :name => limit_name)
+        end
+      end
+    end
+  end
+end

data/lib/saucy/configuration.rb

@@ -0,0 +1,29 @@
+require 'saucy/layouts'
+
+module Saucy
+  class Configuration
+    cattr_reader   :layouts
+    cattr_accessor :manager_email_address
+    cattr_accessor :support_email_address
+    cattr_accessor :merchant_account_id
+    cattr_accessor :observers
+
+    def initialize
+      @@manager_email_address = 'manager@example.com'
+      @@support_email_address = 'support@example.com'
+      @@layouts       = Layouts.new
+      @@observers     = []
+    end
+
+    def self.observe(observer)
+      @@observers << observer
+    end
+
+    def self.notify(event, data)
+      @@observers.each do |observer|
+        observer.send(event, data)
+      end
+    end
+  end
+end
+

data/lib/saucy/engine.rb

@@ -0,0 +1,35 @@
+require "saucy"
+require "rails"
+require "braintree"
+
+module Saucy
+  class Engine < Rails::Engine
+    config.saucy = Configuration.new
+
+    initializer :braintree_logger, :after => :initialize_logger do
+      Braintree::Configuration.logger = Rails.logger
+    end
+
+    initializer :filter_credit_card_info do
+      Rails.configuration.filter_parameters += [:password,
+                                                :card_number,
+                                                :cardholder_name,
+                                                :verification_code,
+                                                :expiration_month,
+                                                :expiration_year]
+    end
+
+    initializer 'limits.helper' do |app|
+      ActionView::Base.send :include, LimitsHelper
+    end
+
+    {:short_date => "%x"}.each do |k, v|
+      Time::DATE_FORMATS[k] = v
+    end
+
+    rake_tasks do
+      load "saucy/railties/tasks.rake"
+    end 
+  end
+end
+

data/lib/saucy/fake_braintree.rb

@@ -0,0 +1,134 @@
+require 'braintree'
+
+Braintree::Configuration.environment = :production
+Braintree::Configuration.merchant_id = "xxx"
+Braintree::Configuration.public_key = "xxx"
+Braintree::Configuration.private_key = "xxx"
+
+require 'digest/md5'
+require 'sham_rack'
+
+class FakeBraintree
+  cattr_accessor :customers, :subscriptions, :failures, :transaction
+  @@customers = {}
+  @@subscriptions = {}
+  @@failures = {}
+  @@transaction = {}
+
+  def self.clear!
+    @@customers = {}
+    @@subscriptions = {}
+    @@failures = {}
+    @@transaction = {}
+  end
+
+  def self.failure?(card_number)
+    self.failures.include?(card_number)
+  end
+
+  def self.failure_response(card_number)
+    failure = self.failures[card_number]
+    failure["errors"] ||= { "errors" => [] }
+    { "message" => failure["message"], "verification" => { "status" => failure["status"], "processor_response_text"  => failure["message"], "processor-response-code" => failure["code"], "gateway_rejection_reason" => "cvv", "cvv_response_code" => failure["code"] }, "errors" => failure["errors"], "params" => {}}
+  end
+
+  def self.generated_transaction
+    {"status_history"=>[{"timestamp"=>Time.now, "amount"=>FakeBraintree.transaction[:amount], "transaction_source"=>"CP", "user"=>"copycopter", "status"=>"authorized"}, {"timestamp"=>Time.now, "amount"=>FakeBraintree.transaction[:amount], "transaction_source"=>"CP", "user"=>"copycopter", "status"=>FakeBraintree.transaction[:status]}], "created_at"=>(FakeBraintree.transaction[:created_at] || Time.now), "currency_iso_code"=>"USD", "settlement_batch_id"=>nil, "processor_authorization_code"=>"ZKB4VJ", "avs_postal_code_response_code"=>"I", "order_id"=>nil, "updated_at"=>Time.now, "refunded_transaction_id"=>nil, "amount"=>FakeBraintree.transaction[:amount], "credit_card"=>{"last_4"=>"1111", "card_type"=>"Visa", "token"=>"8yq7", "customer_location"=>"US", "expiration_year"=>"2013", "expiration_month"=>"02", "bin"=>"411111", "cardholder_name"=>"Chad Lee Pytel"}, "refund_id"=>nil, "add_ons"=>[], "shipping"=>{"region"=>nil, "company"=>nil, "country_name"=>nil, "extended_address"=>nil, "postal_code"=>nil, "id"=>nil, "street_address"=>nil, "country_code_numeric"=>nil, "last_name"=>nil, "locality"=>nil, "country_code_alpha2"=>nil, "country_code_alpha3"=>nil, "first_name"=>nil}, "id"=>"49sbx6", "merchant_account_id"=>"Thoughtbot", "type"=>"sale", "cvv_response_code"=>"I", "subscription_id"=>FakeBraintree.transaction[:subscription_id], "custom_fields"=>"\n    ", "discounts"=>[], "billing"=>{"region"=>nil, "company"=>nil, "country_name"=>nil, "extended_address"=>nil, "postal_code"=>nil, "id"=>nil, "street_address"=>nil, "country_code_numeric"=>nil, "last_name"=>nil, "locality"=>nil, "country_code_alpha2"=>nil, "country_code_alpha3"=>nil, "first_name"=>nil}, "processor_response_code"=>"1000", "refund_ids"=>[], "customer"=>{"company"=>nil, "id"=>"108427", "last_name"=>nil, "fax"=>nil, "phone"=>nil, "website"=>nil, "first_name"=>nil, "email"=>"cpytel@thoughtbot.com"}, "avs_error_response_code"=>nil, "processor_response_text"=>"Approved", "avs_street_address_response_code"=>"I", "status"=>FakeBraintree.transaction[:status], "gateway_rejection_reason"=>nil}
+  end
+end
+
+ShamRack.at("www.braintreegateway.com", 443).sinatra do
+  set :show_exceptions, false
+  set :dump_errors, true
+  set :raise_errors, true
+  disable :logging
+
+  post "/merchants/:merchant_id/customers" do
+    customer = Hash.from_xml(request.body).delete("customer")
+    if !FakeBraintree.failure?(customer["credit_card"]["number"])
+      customer["id"] ||= Digest::MD5.hexdigest("#{params[:merchant_id]}#{Time.now.to_f}")
+      customer["merchant-id"] = params[:merchant_id]
+      if customer["credit_card"] && customer["credit_card"].is_a?(Hash)
+        customer["credit_card"].delete("__content__")
+        if !customer["credit_card"].empty?
+          customer["credit_card"]["last_4"] = customer["credit_card"].delete("number")[-4..-1]
+          customer["credit_card"]["token"] = Digest::MD5.hexdigest("#{customer['merchant_id']}#{customer['id']}#{Time.now.to_f}")
+          credit_card = customer.delete("credit_card")
+          customer["credit_cards"] = [credit_card]
+        end
+      end
+      FakeBraintree.customers[customer["id"]] = customer
+      [201, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress(customer.to_xml(:root => 'customer'))]
+    else
+      [422, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress(FakeBraintree.failure_response(customer["credit_card"]["number"]).to_xml(:root => 'api_error_response'))]
+    end
+  end
+
+  get "/merchants/:merchant_id/customers/:id" do
+    customer = FakeBraintree.customers[params[:id]]
+    [200, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress(customer.to_xml(:root => 'customer'))]
+  end
+
+  put "/merchants/:merchant_id/customers/:id" do
+    customer = Hash.from_xml(request.body).delete("customer")
+    if !FakeBraintree.failure?(customer["credit_card"]["number"])
+      customer["id"] = params[:id]
+      customer["merchant-id"] = params[:merchant_id]
+      if customer["credit_card"] && customer["credit_card"].is_a?(Hash)
+        customer["credit_card"].delete("__content__")
+        if !customer["credit_card"].empty?
+          customer["credit_card"]["last_4"] = customer["credit_card"].delete("number")[-4..-1]
+          customer["credit_card"]["token"] = Digest::MD5.hexdigest("#{customer['merchant_id']}#{customer['id']}#{Time.now.to_f}")
+          credit_card = customer.delete("credit_card")
+          customer["credit_cards"] = [credit_card]
+        end
+      end
+      FakeBraintree.customers[params["id"]] = customer
+      [200, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress(customer.to_xml(:root => 'customer'))]
+    else
+      [422, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress(FakeBraintree.failure_response(customer["credit_card"]["number"]).to_xml(:root => 'api_error_response'))]
+    end
+  end
+
+  delete "/merchants/:merchant_id/customers/:id" do
+    FakeBraintree.customers[params["id"]] = nil
+    [200, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress("")]
+  end
+
+  post "/merchants/:merchant_id/subscriptions" do
+    "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<subscription>\n  <plan-id type=\"integer\">2</plan-id>\n  <payment-method-token>b22x</payment-method-token>\n</subscription>\n"
+    subscription = Hash.from_xml(request.body).delete("subscription")
+    subscription["id"] ||= Digest::MD5.hexdigest("#{subscription["payment_method_token"]}#{Time.now.to_f}")
+    subscription["transactions"] = []
+    subscription["add_ons"] = []
+    subscription["discounts"] = []
+    subscription["next_billing_date"] = 1.month.from_now
+    subscription["status"] = Braintree::Subscription::Status::Active
+    FakeBraintree.subscriptions[subscription["id"]] = subscription
+    [201, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress(subscription.to_xml(:root => 'subscription'))]
+  end
+
+  get "/merchants/:merchant_id/subscriptions/:id" do
+    subscription = FakeBraintree.subscriptions[params[:id]]
+    [200, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress(subscription.to_xml(:root => 'subscription'))]
+  end
+
+  put "/merchants/:merchant_id/subscriptions/:id" do
+    subscription = Hash.from_xml(request.body).delete("subscription")
+    subscription["transactions"] = []
+    subscription["add_ons"] = []
+    subscription["discounts"] = []
+    FakeBraintree.subscriptions[params["id"]] = subscription
+    [200, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress(subscription.to_xml(:root => 'subscription'))]
+  end
+
+  post "/merchants/:merchant_id/transactions/advanced_search_ids" do
+    # "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<search>\n  <created-at>\n    <min type=\"datetime\">2011-01-10T14:14:26Z</min>\n  </created-at>\n</search>\n"
+    [200, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress("<search-results>\n  <page-size type=\"integer\">50</page-size>\n  <ids type=\"array\">\n          <item>49sbx6</item>\n      </ids>\n</search-results>\n")]
+  end
+
+  post "/merchants/:merchant_id/transactions/advanced_search" do
+    # "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<search>\n  <ids type=\"array\">\n    <item>49sbx6</item>\n  </ids>\n  <created-at>\n    <min type=\"datetime\">2011-01-10T14:14:26Z</min>\n  </created-at>\n</search>\n"
+    [200, { "Content-Encoding" => "gzip" }, ActiveSupport::Gzip.compress(FakeBraintree.generated_transaction.to_xml)]
+  end
+end

data/lib/saucy/layouts.rb

@@ -0,0 +1,36 @@
+module Saucy
+  class Layouts
+    def initialize
+      @controllers = {}
+    end
+
+    def method_missing(controller_name, *args, &block)
+      @controllers[controller_name.to_s] ||= Controller.new
+    end
+
+    def self.to_proc
+      lambda do |controller|
+        controller_name = controller.controller_name
+        action_name = controller.action_name
+        Saucy::Configuration.layouts.send(controller_name).send(action_name)
+      end
+    end
+
+    private
+
+    class Controller
+      def initialize
+        @actions = {}
+      end
+
+      def method_missing(method_name, *args, &block)
+        action_name = method_name.to_s
+        if action_name.sub!(/=$/, '')
+          @actions[action_name] = args.first
+        else
+          @actions[action_name] ||= "saucy"
+        end
+      end
+    end
+  end
+end

data/lib/saucy/plan.rb

@@ -0,0 +1,54 @@
+module Saucy
+  module Plan
+    extend ActiveSupport::Concern
+
+    included do
+      has_many :accounts
+      has_many :limits
+
+      validates_presence_of :name
+
+      def self.ordered
+        order('price desc')
+      end
+
+      def self.paid_by_price
+        paid.ordered
+      end
+
+      def self.trial
+        free.first
+      end
+
+      def self.paid
+        where('price > 0')
+      end
+
+      def self.free
+        where('price = 0')
+      end
+    end
+
+    module InstanceMethods
+      def free?
+        price.zero?
+      end
+
+      def billed?
+        !free?
+      end
+
+      def can_add_more?(limit, amount)
+        limits.numbered.named(limit).value > amount
+      end
+
+      def allows?(limit)
+        limits.boolean.named(limit).allowed?
+      end
+
+      def limit(limit_name)
+        limits.named(limit_name)
+      end
+    end
+  end
+end

data/lib/saucy/project.rb

@@ -0,0 +1,125 @@
+module Saucy
+  module Project
+    extend ActiveSupport::Concern
+
+    included do
+      belongs_to :account
+      has_many :permissions, :dependent => :destroy
+      has_many :users, :through => :permissions
+
+      validates_presence_of :account_id, :keyword, :name
+
+      validates_uniqueness_of :keyword, :scope => :account_id
+
+      validates_format_of :keyword,
+                          :with    => %r{^[a-z0-9_-]+$},
+                          :message => "must be only lower case letters or underscores."
+
+
+      validate :ensure_account_within_limit, :on => :update
+
+      after_create :setup_memberships
+      after_update :update_memberships
+
+      attr_protected :account, :account_id
+
+      # We have to define these here instead of mixing them in,
+      # because ActiveRecord does the same.
+
+      def user_ids=(new_user_ids)
+        @new_user_ids = new_user_ids.reject { |user_id| user_id.blank? }
+      end
+
+      def users
+        if new_record?
+          permissions.map { |permission| permission.membership.user }
+        else
+          permissions.includes(:user).map { |permission| permission.user }
+        end
+      end
+
+      def user_ids
+        users.map(&:id)
+      end
+    end
+
+    module ClassMethods
+      def visible_to(user)
+        where(['projects.id IN(?)', user.project_ids])
+      end
+
+      def archived
+        where(:archived => true)
+      end
+
+      def active
+        where(:archived => false)
+      end
+
+      def by_name
+        order("projects.name")
+      end
+
+      def build_with_default_permissions
+        new.assign_default_permissions
+      end
+    end
+
+    module InstanceMethods
+      def to_param
+        keyword
+      end
+
+      def has_member?(user)
+        permissions.
+          joins(:membership).
+          exists?(:memberships => { :user_id => user.id })
+      end
+
+      def assign_default_permissions
+        account.memberships.where(:admin => true).each do |membership|
+          self.permissions.build(:membership => membership)
+        end
+        self
+      end
+
+      private
+
+      def setup_memberships
+        @new_user_ids ||= []
+        @new_user_ids += admin_user_ids
+        removed_user_ids = self.user_ids - @new_user_ids
+        added_user_ids = @new_user_ids - self.user_ids
+
+        permissions.where(:user_id => removed_user_ids).destroy_all
+        added_user_ids.each do |added_user_id|
+          membership =
+            account.memberships.where(:user_id => added_user_id).first
+          permissions.create!(:membership => membership)
+        end
+      end
+
+      def update_memberships
+        setup_memberships if @new_user_ids
+      end
+
+      def admin_user_ids
+        account.
+          memberships.
+          where(:admin => true).
+          select(:user_id).
+          map(&:user_id)
+      end
+
+      def ensure_account_within_limit
+        message = "You are at your limit of %{name} for your current plan."
+        if archived_changed? && !archived? && !Limit.can_add_one?("projects", account)
+          errors.add(:archived, I18n.t("saucy.errors.limited", :default => message, :name => 'projects'))
+        end
+        if account_id_changed? && !Limit.can_add_one?("projects", account)
+          errors.add(:account_id, I18n.t("saucy.errors.limited", :default => message, :name => 'projects'))
+        end
+      end
+    end
+  end
+end