spontaneous 0.1.0.alpha1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (556) hide show
  1. data/Gemfile +49 -0
  2. data/Gemfile.lock +146 -0
  3. data/LICENSE +0 -0
  4. data/README +0 -0
  5. data/Rakefile +284 -0
  6. data/Readme.markdown +7 -0
  7. data/application/css/add_alias_dialogue.scss +27 -0
  8. data/application/css/definitions.scss +249 -0
  9. data/application/css/developer.scss +9 -0
  10. data/application/css/editing.scss +649 -0
  11. data/application/css/login.scss +91 -0
  12. data/application/css/min/54ee0ed3c7fac7632bd5c020d69e9a2503e0c88c.css +1 -0
  13. data/application/css/min/c256adc144e2bdd0b0539356b04eb62db01e1dc3.css +1 -0
  14. data/application/css/popover.scss +335 -0
  15. data/application/css/schema_error.scss +90 -0
  16. data/application/css/spontaneous.scss +111 -0
  17. data/application/css/unsupported.scss +16 -0
  18. data/application/css/v2.scss +1606 -0
  19. data/application/css/variables.scss +80 -0
  20. data/application/js/add_alias_dialogue.js +59 -0
  21. data/application/js/add_home_dialogue.js +59 -0
  22. data/application/js/ajax.js +99 -0
  23. data/application/js/authentication.js +22 -0
  24. data/application/js/box.js +104 -0
  25. data/application/js/box_container.js +82 -0
  26. data/application/js/compatibility.js +132 -0
  27. data/application/js/conflicted_field_dialogue.js +92 -0
  28. data/application/js/content.js +224 -0
  29. data/application/js/content_area.js +44 -0
  30. data/application/js/dialogue.js +196 -0
  31. data/application/js/dom.js +71 -0
  32. data/application/js/edit_dialogue.js +137 -0
  33. data/application/js/edit_panel.js +232 -0
  34. data/application/js/editing.js +42 -0
  35. data/application/js/entry.js +13 -0
  36. data/application/js/extensions.js +104 -0
  37. data/application/js/field.js +4 -0
  38. data/application/js/field_preview.js +55 -0
  39. data/application/js/field_types/date_field.js +16 -0
  40. data/application/js/field_types/file_field.js +71 -0
  41. data/application/js/field_types/image_field.js +358 -0
  42. data/application/js/field_types/markdown_field.js +656 -0
  43. data/application/js/field_types/string_field.js +185 -0
  44. data/application/js/image.js +72 -0
  45. data/application/js/init.js +34 -0
  46. data/application/js/load.js +4 -0
  47. data/application/js/location.js +157 -0
  48. data/application/js/login.js +53 -0
  49. data/application/js/min/492a209de8ee955fa9c729a765377495001e11b1.js +17 -0
  50. data/application/js/min/80f684d77c940887a1d4a63e3a96102e993baa98.js +88 -0
  51. data/application/js/min/b8abf302a824c35385ff517b34111e1710ff3b37.js +2 -0
  52. data/application/js/min/c7140ec9475e5bf868b901e0621338d7d162358b.js +3 -0
  53. data/application/js/min/f07f2bd6630ee31e1c2288ec223383d8f0658ba6.js +2 -0
  54. data/application/js/page.js +43 -0
  55. data/application/js/page_browser.js +147 -0
  56. data/application/js/page_entry.js +47 -0
  57. data/application/js/popover.js +99 -0
  58. data/application/js/popover_view.js +56 -0
  59. data/application/js/preview.js +64 -0
  60. data/application/js/progress.js +358 -0
  61. data/application/js/properties.js +90 -0
  62. data/application/js/publish.js +187 -0
  63. data/application/js/require.js +129 -0
  64. data/application/js/sharded_upload.js +206 -0
  65. data/application/js/side_bar.js +30 -0
  66. data/application/js/spontaneous.js +6 -0
  67. data/application/js/state.js +64 -0
  68. data/application/js/status_bar.js +47 -0
  69. data/application/js/top_bar.js +368 -0
  70. data/application/js/types.js +98 -0
  71. data/application/js/upload.js +88 -0
  72. data/application/js/upload_manager.js +319 -0
  73. data/application/js/user.js +37 -0
  74. data/application/js/vendor/.DS_Store +0 -0
  75. data/application/js/vendor/JS.Class-2.1.5/CHANGELOG +283 -0
  76. data/application/js/vendor/JS.Class-2.1.5/MIT-LICENSE +30 -0
  77. data/application/js/vendor/JS.Class-2.1.5/README +30 -0
  78. data/application/js/vendor/JS.Class-2.1.5/min/command.js +1 -0
  79. data/application/js/vendor/JS.Class-2.1.5/min/comparable.js +1 -0
  80. data/application/js/vendor/JS.Class-2.1.5/min/constant_scope.js +1 -0
  81. data/application/js/vendor/JS.Class-2.1.5/min/core.js +1 -0
  82. data/application/js/vendor/JS.Class-2.1.5/min/decorator.js +1 -0
  83. data/application/js/vendor/JS.Class-2.1.5/min/enumerable.js +1 -0
  84. data/application/js/vendor/JS.Class-2.1.5/min/forwardable.js +1 -0
  85. data/application/js/vendor/JS.Class-2.1.5/min/hash.js +1 -0
  86. data/application/js/vendor/JS.Class-2.1.5/min/linked_list.js +1 -0
  87. data/application/js/vendor/JS.Class-2.1.5/min/loader.js +1 -0
  88. data/application/js/vendor/JS.Class-2.1.5/min/method_chain.js +1 -0
  89. data/application/js/vendor/JS.Class-2.1.5/min/observable.js +1 -0
  90. data/application/js/vendor/JS.Class-2.1.5/min/package.js +1 -0
  91. data/application/js/vendor/JS.Class-2.1.5/min/proxy.js +1 -0
  92. data/application/js/vendor/JS.Class-2.1.5/min/ruby.js +1 -0
  93. data/application/js/vendor/JS.Class-2.1.5/min/set.js +1 -0
  94. data/application/js/vendor/JS.Class-2.1.5/min/stack_trace.js +1 -0
  95. data/application/js/vendor/JS.Class-2.1.5/min/state.js +1 -0
  96. data/application/js/vendor/JS.Class-2.1.5/min/stdlib.js +16 -0
  97. data/application/js/vendor/JS.Class-2.1.5/src/command.js +93 -0
  98. data/application/js/vendor/JS.Class-2.1.5/src/comparable.js +37 -0
  99. data/application/js/vendor/JS.Class-2.1.5/src/constant_scope.js +48 -0
  100. data/application/js/vendor/JS.Class-2.1.5/src/core.js +1060 -0
  101. data/application/js/vendor/JS.Class-2.1.5/src/decorator.js +50 -0
  102. data/application/js/vendor/JS.Class-2.1.5/src/enumerable.js +505 -0
  103. data/application/js/vendor/JS.Class-2.1.5/src/forwardable.js +22 -0
  104. data/application/js/vendor/JS.Class-2.1.5/src/hash.js +334 -0
  105. data/application/js/vendor/JS.Class-2.1.5/src/linked_list.js +114 -0
  106. data/application/js/vendor/JS.Class-2.1.5/src/loader.js +553 -0
  107. data/application/js/vendor/JS.Class-2.1.5/src/method_chain.js +172 -0
  108. data/application/js/vendor/JS.Class-2.1.5/src/observable.js +55 -0
  109. data/application/js/vendor/JS.Class-2.1.5/src/package.js +472 -0
  110. data/application/js/vendor/JS.Class-2.1.5/src/proxy.js +58 -0
  111. data/application/js/vendor/JS.Class-2.1.5/src/ruby.js +44 -0
  112. data/application/js/vendor/JS.Class-2.1.5/src/set.js +332 -0
  113. data/application/js/vendor/JS.Class-2.1.5/src/stack_trace.js +151 -0
  114. data/application/js/vendor/JS.Class-2.1.5/src/state.js +95 -0
  115. data/application/js/vendor/JS.Class-2.1.5/src/stdlib.js +2612 -0
  116. data/application/js/vendor/crypto-2.3.0-crypto.js +160 -0
  117. data/application/js/vendor/crypto-2.3.0-sha1.js +91 -0
  118. data/application/js/vendor/diff_match_patch.js +2153 -0
  119. data/application/js/vendor/jquery-1.4.2.min.js +154 -0
  120. data/application/js/vendor/jquery-1.4.3.min.js +166 -0
  121. data/application/js/vendor/jquery-1.5.1.min.js +16 -0
  122. data/application/js/vendor/jquery-1.5.1rc1.min.js +24 -0
  123. data/application/js/vendor/jquery-1.6.2.min.js +18 -0
  124. data/application/js/vendor/jquery-ui-1.8.6.custom.min.js +265 -0
  125. data/application/js/vendor/jquery-ui-1.8.9.custom.min.js +415 -0
  126. data/application/js/vendor/jquery-ui-1.8.custom.min.js +106 -0
  127. data/application/js/vendor/jquery.hotkeys-0.7.9.js +248 -0
  128. data/application/js/vendor/jquery.hotkeys-0.7.9.min.js +19 -0
  129. data/application/js/vendor/jsdiff.js +169 -0
  130. data/application/js/views/box_view.js +229 -0
  131. data/application/js/views/page_piece_view.js +45 -0
  132. data/application/js/views/page_view.js +238 -0
  133. data/application/js/views/piece_view.js +178 -0
  134. data/application/js/views.js +110 -0
  135. data/application/static/editing-0-noise.png +0 -0
  136. data/application/static/editing-1-noise.png +0 -0
  137. data/application/static/editing-texture-1.png +0 -0
  138. data/application/static/editing-texture.png +0 -0
  139. data/application/static/editing-toolbar-shadow-bottom.png +0 -0
  140. data/application/static/editing-toolbar-shadow-top.png +0 -0
  141. data/application/static/favicon.ico +0 -0
  142. data/application/static/inner-glow.png +0 -0
  143. data/application/static/item-buttons.png +0 -0
  144. data/application/static/location-arrow.png +0 -0
  145. data/application/static/logo-400px-transparent.png +0 -0
  146. data/application/static/missing.png +0 -0
  147. data/application/static/orange-down-arrow.png +0 -0
  148. data/application/static/page-browser-next.png +0 -0
  149. data/application/static/paper-texture-dark.png +0 -0
  150. data/application/static/px.gif +0 -0
  151. data/application/static/select-arrow-root.png +0 -0
  152. data/application/static/select-arrow.png +0 -0
  153. data/application/static/slot-down-arrow.png +0 -0
  154. data/application/static/splash.png +0 -0
  155. data/application/static/spontaneous.png +0 -0
  156. data/application/static/spot.png +0 -0
  157. data/application/static/spot.svg +40 -0
  158. data/application/static/texture.png +0 -0
  159. data/application/views/index.erubis +46 -0
  160. data/application/views/login.erubis +69 -0
  161. data/application/views/schema_modification_error.html.erb +61 -0
  162. data/application/views/unsupported.erubis +23 -0
  163. data/bin/limit-upload +5 -0
  164. data/bin/spot +10 -0
  165. data/bin/unlimit-upload +3 -0
  166. data/config/nginx.conf +60 -0
  167. data/db/migrations/20100610142136_init.rb +66 -0
  168. data/db/migrations/20101130104334_timestamps.rb +44 -0
  169. data/db/migrations/20101202113205_site_publishing_flags.rb +12 -0
  170. data/db/migrations/20101206124543_aliases.rb +16 -0
  171. data/db/migrations/20110201133550_visibility.rb +27 -0
  172. data/db/migrations/20110209152710_users_and_groups.rb +58 -0
  173. data/db/migrations/20110215133910_boxes.rb +25 -0
  174. data/db/migrations/20110521114145_remove_slots_and_entries.rb +21 -0
  175. data/db/migrations/20110604192145_rename_schema_id_columns.rb +22 -0
  176. data/db/migrations/20110805141925_rename_site_to_state.rb +11 -0
  177. data/lib/cutaneous/context_helper.rb +82 -0
  178. data/lib/cutaneous/first_pass_parser.rb +23 -0
  179. data/lib/cutaneous/first_pass_renderer.rb +18 -0
  180. data/lib/cutaneous/parser_core.rb +18 -0
  181. data/lib/cutaneous/preview_context.rb +31 -0
  182. data/lib/cutaneous/preview_renderer.rb +15 -0
  183. data/lib/cutaneous/publish_context.rb +9 -0
  184. data/lib/cutaneous/renderer.rb +122 -0
  185. data/lib/cutaneous/request_context.rb +8 -0
  186. data/lib/cutaneous/second_pass_parser.rb +23 -0
  187. data/lib/cutaneous/second_pass_renderer.rb +18 -0
  188. data/lib/cutaneous.rb +47 -0
  189. data/lib/sequel/plugins/content_table_inheritance.rb +196 -0
  190. data/lib/sequel/plugins/yajl_serialization.rb +154 -0
  191. data/lib/spontaneous/application/feature.rb +9 -0
  192. data/lib/spontaneous/application/plugin.rb +13 -0
  193. data/lib/spontaneous/application.rb +8 -0
  194. data/lib/spontaneous/box.rb +232 -0
  195. data/lib/spontaneous/box_style.rb +64 -0
  196. data/lib/spontaneous/change.rb +107 -0
  197. data/lib/spontaneous/cli/adapter.rb +13 -0
  198. data/lib/spontaneous/cli/base.rb +184 -0
  199. data/lib/spontaneous/cli/console.rb +0 -0
  200. data/lib/spontaneous/cli/media.rb +13 -0
  201. data/lib/spontaneous/cli/server.rb +50 -0
  202. data/lib/spontaneous/cli/site.rb +46 -0
  203. data/lib/spontaneous/cli/sync.rb +42 -0
  204. data/lib/spontaneous/cli/tasks.rb +9 -0
  205. data/lib/spontaneous/cli.rb +83 -0
  206. data/lib/spontaneous/collections/box_set.rb +56 -0
  207. data/lib/spontaneous/collections/change_set.rb +43 -0
  208. data/lib/spontaneous/collections/entry_set.rb +83 -0
  209. data/lib/spontaneous/collections/field_set.rb +53 -0
  210. data/lib/spontaneous/collections/prototype_set.rb +131 -0
  211. data/lib/spontaneous/collections/style_set.rb +13 -0
  212. data/lib/spontaneous/config.rb +156 -0
  213. data/lib/spontaneous/constants.rb +24 -0
  214. data/lib/spontaneous/content.rb +113 -0
  215. data/lib/spontaneous/content_query.rb +17 -0
  216. data/lib/spontaneous/errors.rb +48 -0
  217. data/lib/spontaneous/extensions/array.rb +18 -0
  218. data/lib/spontaneous/extensions/class.rb +17 -0
  219. data/lib/spontaneous/extensions/hash.rb +18 -0
  220. data/lib/spontaneous/extensions/json.rb +26 -0
  221. data/lib/spontaneous/extensions/kernel.rb +7 -0
  222. data/lib/spontaneous/extensions/object.rb +30 -0
  223. data/lib/spontaneous/extensions/object_space.rb +12 -0
  224. data/lib/spontaneous/extensions/string.rb +44 -0
  225. data/lib/spontaneous/facet.rb +47 -0
  226. data/lib/spontaneous/field_types/date_field.rb +12 -0
  227. data/lib/spontaneous/field_types/field.rb +252 -0
  228. data/lib/spontaneous/field_types/image_field.rb +329 -0
  229. data/lib/spontaneous/field_types/markdown_field.rb +37 -0
  230. data/lib/spontaneous/field_types/string_field.rb +14 -0
  231. data/lib/spontaneous/field_types.rb +40 -0
  232. data/lib/spontaneous/generators/page/inline.html.cut +1 -0
  233. data/lib/spontaneous/generators/page/page.html.cut.tt +4 -0
  234. data/lib/spontaneous/generators/page/page.rb.tt +9 -0
  235. data/lib/spontaneous/generators/page.rb +38 -0
  236. data/lib/spontaneous/generators/site/.gitignore +4 -0
  237. data/lib/spontaneous/generators/site/Gemfile.tt +31 -0
  238. data/lib/spontaneous/generators/site/Rakefile.tt +6 -0
  239. data/lib/spontaneous/generators/site/config/back.ru +7 -0
  240. data/lib/spontaneous/generators/site/config/boot.rb +19 -0
  241. data/lib/spontaneous/generators/site/config/database.yml.tt +21 -0
  242. data/lib/spontaneous/generators/site/config/deploy.rb.tt +0 -0
  243. data/lib/spontaneous/generators/site/config/environment.rb.tt +8 -0
  244. data/lib/spontaneous/generators/site/config/environments/development.rb.tt +15 -0
  245. data/lib/spontaneous/generators/site/config/environments/production.rb.tt +5 -0
  246. data/lib/spontaneous/generators/site/config/front.ru +8 -0
  247. data/lib/spontaneous/generators/site/config/user_levels.yml +22 -0
  248. data/lib/spontaneous/generators/site/lib/site.rb.tt +4 -0
  249. data/lib/spontaneous/generators/site/lib/tasks/site.rake.tt +8 -0
  250. data/lib/spontaneous/generators/site/public/css/site.css +0 -0
  251. data/lib/spontaneous/generators/site/public/favicon.ico +0 -0
  252. data/lib/spontaneous/generators/site/public/js/.empty_directory +0 -0
  253. data/lib/spontaneous/generators/site/public/js/site.js +0 -0
  254. data/lib/spontaneous/generators/site/public/robots.txt +0 -0
  255. data/lib/spontaneous/generators/site/schema/.map +1 -0
  256. data/lib/spontaneous/generators/site/schema/page.rb.tt +8 -0
  257. data/lib/spontaneous/generators/site/schema/piece.rb.tt +4 -0
  258. data/lib/spontaneous/generators/site/templates/layouts/standard.html.cut.tt +13 -0
  259. data/lib/spontaneous/generators/site.rb +77 -0
  260. data/lib/spontaneous/generators.rb +23 -0
  261. data/lib/spontaneous/image_size.rb +117 -0
  262. data/lib/spontaneous/json.rb +33 -0
  263. data/lib/spontaneous/layout.rb +15 -0
  264. data/lib/spontaneous/loader.rb +280 -0
  265. data/lib/spontaneous/logger.rb +369 -0
  266. data/lib/spontaneous/media.rb +84 -0
  267. data/lib/spontaneous/page.rb +92 -0
  268. data/lib/spontaneous/page_controller.rb +18 -0
  269. data/lib/spontaneous/page_piece.rb +77 -0
  270. data/lib/spontaneous/paths.rb +30 -0
  271. data/lib/spontaneous/permissions/access_group.rb +50 -0
  272. data/lib/spontaneous/permissions/access_key.rb +35 -0
  273. data/lib/spontaneous/permissions/user.rb +167 -0
  274. data/lib/spontaneous/permissions/user_level.rb +177 -0
  275. data/lib/spontaneous/permissions.rb +55 -0
  276. data/lib/spontaneous/piece.rb +30 -0
  277. data/lib/spontaneous/plugins/aliases.rb +128 -0
  278. data/lib/spontaneous/plugins/allowed_types.rb +173 -0
  279. data/lib/spontaneous/plugins/application/facets.rb +25 -0
  280. data/lib/spontaneous/plugins/application/paths.rb +137 -0
  281. data/lib/spontaneous/plugins/application/render.rb +29 -0
  282. data/lib/spontaneous/plugins/application/serialisation.rb +16 -0
  283. data/lib/spontaneous/plugins/application/state.rb +86 -0
  284. data/lib/spontaneous/plugins/boxes.rb +84 -0
  285. data/lib/spontaneous/plugins/controllers.rb +52 -0
  286. data/lib/spontaneous/plugins/entries.rb +193 -0
  287. data/lib/spontaneous/plugins/entry.rb +51 -0
  288. data/lib/spontaneous/plugins/fields.rb +103 -0
  289. data/lib/spontaneous/plugins/instance_code.rb +18 -0
  290. data/lib/spontaneous/plugins/layouts.rb +87 -0
  291. data/lib/spontaneous/plugins/media.rb +41 -0
  292. data/lib/spontaneous/plugins/page/formats.rb +67 -0
  293. data/lib/spontaneous/plugins/page/request.rb +89 -0
  294. data/lib/spontaneous/plugins/page_search.rb +64 -0
  295. data/lib/spontaneous/plugins/page_tree.rb +25 -0
  296. data/lib/spontaneous/plugins/paths.rb +125 -0
  297. data/lib/spontaneous/plugins/permissions.rb +63 -0
  298. data/lib/spontaneous/plugins/prototypes.rb +84 -0
  299. data/lib/spontaneous/plugins/publishing.rb +255 -0
  300. data/lib/spontaneous/plugins/render.rb +24 -0
  301. data/lib/spontaneous/plugins/schema_hierarchy.rb +76 -0
  302. data/lib/spontaneous/plugins/schema_id.rb +60 -0
  303. data/lib/spontaneous/plugins/schema_title.rb +33 -0
  304. data/lib/spontaneous/plugins/serialisation.rb +67 -0
  305. data/lib/spontaneous/plugins/site/instance.rb +22 -0
  306. data/lib/spontaneous/plugins/site/map.rb +19 -0
  307. data/lib/spontaneous/plugins/site/publishing.rb +74 -0
  308. data/lib/spontaneous/plugins/site/revisions.rb +28 -0
  309. data/lib/spontaneous/plugins/site/selectors.rb +41 -0
  310. data/lib/spontaneous/plugins/site_map.rb +34 -0
  311. data/lib/spontaneous/plugins/styles.rb +119 -0
  312. data/lib/spontaneous/plugins/supertype.rb +11 -0
  313. data/lib/spontaneous/plugins/visibility.rb +151 -0
  314. data/lib/spontaneous/plugins.rb +20 -0
  315. data/lib/spontaneous/prototypes/box_prototype.rb +168 -0
  316. data/lib/spontaneous/prototypes/field_prototype.rb +112 -0
  317. data/lib/spontaneous/prototypes/layout_prototype.rb +17 -0
  318. data/lib/spontaneous/prototypes/style_prototype.rb +42 -0
  319. data/lib/spontaneous/proxy_object.rb +12 -0
  320. data/lib/spontaneous/publishing/fire_and_forget.rb +57 -0
  321. data/lib/spontaneous/publishing/immediate.rb +197 -0
  322. data/lib/spontaneous/publishing/threaded.rb +25 -0
  323. data/lib/spontaneous/publishing.rb +10 -0
  324. data/lib/spontaneous/rack/around_back.rb +44 -0
  325. data/lib/spontaneous/rack/around_front.rb +29 -0
  326. data/lib/spontaneous/rack/around_preview.rb +26 -0
  327. data/lib/spontaneous/rack/assets.rb +98 -0
  328. data/lib/spontaneous/rack/back.rb +729 -0
  329. data/lib/spontaneous/rack/front.rb +41 -0
  330. data/lib/spontaneous/rack/http.rb +18 -0
  331. data/lib/spontaneous/rack/media.rb +29 -0
  332. data/lib/spontaneous/rack/public.rb +232 -0
  333. data/lib/spontaneous/rack/reloader.rb +42 -0
  334. data/lib/spontaneous/rack/static.rb +25 -0
  335. data/lib/spontaneous/rack.rb +55 -0
  336. data/lib/spontaneous/render/context.rb +100 -0
  337. data/lib/spontaneous/render/development_renderer.rb +14 -0
  338. data/lib/spontaneous/render/engine.rb +19 -0
  339. data/lib/spontaneous/render/format/html.rb +5 -0
  340. data/lib/spontaneous/render/format.rb +70 -0
  341. data/lib/spontaneous/render/preview_renderer.rb +18 -0
  342. data/lib/spontaneous/render/published_renderer.rb +54 -0
  343. data/lib/spontaneous/render/publishing_renderer.rb +13 -0
  344. data/lib/spontaneous/render/renderer.rb +46 -0
  345. data/lib/spontaneous/render.rb +173 -0
  346. data/lib/spontaneous/revision.rb +7 -0
  347. data/lib/spontaneous/schema/schema_modification.rb +260 -0
  348. data/lib/spontaneous/schema/uid.rb +221 -0
  349. data/lib/spontaneous/schema.rb +295 -0
  350. data/lib/spontaneous/server.rb +65 -0
  351. data/lib/spontaneous/site.rb +87 -0
  352. data/lib/spontaneous/state.rb +53 -0
  353. data/lib/spontaneous/style.rb +144 -0
  354. data/lib/spontaneous/tasks/database.rake +9 -0
  355. data/lib/spontaneous/tasks.rb +5 -0
  356. data/lib/spontaneous/version.rb +6 -0
  357. data/lib/spontaneous.rb +179 -0
  358. data/spontaneous.gemspec.tmpl +66 -0
  359. data/test/disabled/test_slots.rb +287 -0
  360. data/test/experimental/test_formats.rb +92 -0
  361. data/test/experimental/test_plugins.rb +64 -0
  362. data/test/fixtures/application/css/test.less +5 -0
  363. data/test/fixtures/application/js/test.js +1 -0
  364. data/test/fixtures/application/static/favicon.ico +1 -0
  365. data/test/fixtures/application/static/test.html +1 -0
  366. data/test/fixtures/application/views/index.erubis +1 -0
  367. data/test/fixtures/back/public/test.html +1 -0
  368. data/test/fixtures/back/templates/layouts/standard.html.cut +1 -0
  369. data/test/fixtures/config/config/environment.rb +4 -0
  370. data/test/fixtures/config/config/environments/development.rb +13 -0
  371. data/test/fixtures/config/config/environments/production.rb +22 -0
  372. data/test/fixtures/config/config/environments/staging.rb +2 -0
  373. data/test/fixtures/example_application/Gemfile +6 -0
  374. data/test/fixtures/example_application/Gemfile.lock +76 -0
  375. data/test/fixtures/example_application/Rakefile +6 -0
  376. data/test/fixtures/example_application/config/back.rb +15 -0
  377. data/test/fixtures/example_application/config/back.ru +8 -0
  378. data/test/fixtures/example_application/config/back.yml +8 -0
  379. data/test/fixtures/example_application/config/boot.rb +16 -0
  380. data/test/fixtures/example_application/config/database.yml +24 -0
  381. data/test/fixtures/example_application/config/environment.rb +4 -0
  382. data/test/fixtures/example_application/config/environments/development.rb +16 -0
  383. data/test/fixtures/example_application/config/environments/production.rb +21 -0
  384. data/test/fixtures/example_application/config/environments/staging.rb +1 -0
  385. data/test/fixtures/example_application/config/front.rb +8 -0
  386. data/test/fixtures/example_application/config/front.ru +8 -0
  387. data/test/fixtures/example_application/config/front.yml +8 -0
  388. data/test/fixtures/example_application/config/schema.yml +48 -0
  389. data/test/fixtures/example_application/config/unicorn.rb +1 -0
  390. data/test/fixtures/example_application/config/user_levels.yml +19 -0
  391. data/test/fixtures/example_application/public/css/test.css +0 -0
  392. data/test/fixtures/example_application/public/favicon.ico +1 -0
  393. data/test/fixtures/example_application/public/js/test.js +0 -0
  394. data/test/fixtures/example_application/public/test.html +1 -0
  395. data/test/fixtures/example_application/schema/client_project.rb +18 -0
  396. data/test/fixtures/example_application/schema/client_projects.rb +8 -0
  397. data/test/fixtures/example_application/schema/home_page.rb +22 -0
  398. data/test/fixtures/example_application/schema/info_page.rb +13 -0
  399. data/test/fixtures/example_application/schema/inline_image.rb +11 -0
  400. data/test/fixtures/example_application/schema/page.rb +4 -0
  401. data/test/fixtures/example_application/schema/piece.rb +3 -0
  402. data/test/fixtures/example_application/schema/project.rb +21 -0
  403. data/test/fixtures/example_application/schema/project_image.rb +18 -0
  404. data/test/fixtures/example_application/schema/projects_page.rb +12 -0
  405. data/test/fixtures/example_application/schema/text.rb +8 -0
  406. data/test/fixtures/example_application/templates/client_project/images.html.cut +1 -0
  407. data/test/fixtures/example_application/templates/client_project.html.cut +4 -0
  408. data/test/fixtures/example_application/templates/client_projects.html.cut +6 -0
  409. data/test/fixtures/example_application/templates/info_page/inline.html.cut +0 -0
  410. data/test/fixtures/example_application/templates/inline_image.html.cut +1 -0
  411. data/test/fixtures/example_application/templates/layouts/home.html.cut +15 -0
  412. data/test/fixtures/example_application/templates/layouts/info.html.cut +3 -0
  413. data/test/fixtures/example_application/templates/layouts/project.html.cut +13 -0
  414. data/test/fixtures/example_application/templates/layouts/projects.html.cut +11 -0
  415. data/test/fixtures/example_application/templates/layouts/standard.html.cut +0 -0
  416. data/test/fixtures/example_application/templates/project/inline.html.cut +5 -0
  417. data/test/fixtures/example_application/templates/project.html.cut +5 -0
  418. data/test/fixtures/example_application/templates/project_image.html.cut +1 -0
  419. data/test/fixtures/example_application/templates/text.html.cut +1 -0
  420. data/test/fixtures/images/rose.greyscale.jpg +0 -0
  421. data/test/fixtures/images/rose.jpg +0 -0
  422. data/test/fixtures/images/size.gif +0 -0
  423. data/test/fixtures/images/size.jpg +0 -0
  424. data/test/fixtures/images/size.png24 +0 -0
  425. data/test/fixtures/images/size.png8 +0 -0
  426. data/test/fixtures/layouts/layouts/custom1.html.cut +1 -0
  427. data/test/fixtures/layouts/layouts/custom1.pdf.cut +0 -0
  428. data/test/fixtures/layouts/layouts/custom1.xml.cut +0 -0
  429. data/test/fixtures/layouts/layouts/custom2.html.cut +1 -0
  430. data/test/fixtures/layouts/layouts/custom3.html.cut +0 -0
  431. data/test/fixtures/layouts/layouts/standard.html.cut +1 -0
  432. data/test/fixtures/media/101/003/rose.jpg +0 -0
  433. data/test/fixtures/permissions/config/user_levels.yml +9 -0
  434. data/test/fixtures/permissions/media/image.jpg +0 -0
  435. data/test/fixtures/plugins/schema_plugin/init.rb +1 -0
  436. data/test/fixtures/plugins/schema_plugin/schema/external.rb +5 -0
  437. data/test/fixtures/plugins/schema_plugin/templates/external.html.cut +1 -0
  438. data/test/fixtures/plugins/schema_plugin/templates/from_plugin.html.cut +0 -0
  439. data/test/fixtures/plugins/schema_plugin/templates/layouts/from_plugin.html.cut +0 -0
  440. data/test/fixtures/public/templates/layouts/default.html.cut +1 -0
  441. data/test/fixtures/public/templates/layouts/default.pdf.cut +1 -0
  442. data/test/fixtures/public/templates/layouts/default.rss.cut +1 -0
  443. data/test/fixtures/public/templates/layouts/dynamic.html.cut +1 -0
  444. data/test/fixtures/public/templates/layouts/standard.html.cut +0 -0
  445. data/test/fixtures/schema/before.yml +24 -0
  446. data/test/fixtures/schema/resolvable.yml +12 -0
  447. data/test/fixtures/schema/schema.yml +7 -0
  448. data/test/fixtures/serialisation/class_hash.yaml.erb +53 -0
  449. data/test/fixtures/serialisation/root_hash.yaml.erb +184 -0
  450. data/test/fixtures/sharding/rose.jpg +0 -0
  451. data/test/fixtures/sharding/xaa +0 -0
  452. data/test/fixtures/sharding/xab +0 -0
  453. data/test/fixtures/sharding/xac +0 -0
  454. data/test/fixtures/sharding/xad +0 -0
  455. data/test/fixtures/sharding/xae +0 -0
  456. data/test/fixtures/sharding/xaf +0 -0
  457. data/test/fixtures/sharding/xag +0 -0
  458. data/test/fixtures/styles/box_a/runny.html.cut +0 -0
  459. data/test/fixtures/styles/box_a.html.cut +1 -0
  460. data/test/fixtures/styles/named2.html.cut +1 -0
  461. data/test/fixtures/styles/orange/apple.html.cut +1 -0
  462. data/test/fixtures/styles/template_class/named1.html.cut +1 -0
  463. data/test/fixtures/styles/template_class/results.html.cut +1 -0
  464. data/test/fixtures/styles/template_class/walky.html.cut +0 -0
  465. data/test/fixtures/styles/template_class.epub.cut +0 -0
  466. data/test/fixtures/styles/template_class.html.cut +1 -0
  467. data/test/fixtures/styles/template_class.pdf.cut +0 -0
  468. data/test/fixtures/styles/template_sub_class1.html.cut +1 -0
  469. data/test/fixtures/templates/aliases/a/a_style.html.cut +0 -0
  470. data/test/fixtures/templates/aliases/a/page.html.cut +0 -0
  471. data/test/fixtures/templates/aliases/a_alias/a_alias_style.html.cut +0 -0
  472. data/test/fixtures/templates/aliases/layouts/b.html.cut +1 -0
  473. data/test/fixtures/templates/aliases/layouts/b_alias.html.cut +1 -0
  474. data/test/fixtures/templates/aliases/layouts/c_alias.html.cut +1 -0
  475. data/test/fixtures/templates/boxes/blank_content/things.html.cut +1 -0
  476. data/test/fixtures/templates/boxes/my_box_class/christy.html.cut +1 -0
  477. data/test/fixtures/templates/boxes/thangs.html.cut +1 -0
  478. data/test/fixtures/templates/boxes/with_template_box.html.cut +1 -0
  479. data/test/fixtures/templates/content/include.html.cut +1 -0
  480. data/test/fixtures/templates/content/include_dir.html.cut +1 -0
  481. data/test/fixtures/templates/content/included.epub.cut +1 -0
  482. data/test/fixtures/templates/content/included.html.cut +1 -0
  483. data/test/fixtures/templates/content/partial/included.html.cut +1 -0
  484. data/test/fixtures/templates/content/preprocess.html.cut +1 -0
  485. data/test/fixtures/templates/content/second.html.cut +1 -0
  486. data/test/fixtures/templates/content/template.epub.cut +1 -0
  487. data/test/fixtures/templates/content/template.html.cut +1 -0
  488. data/test/fixtures/templates/default_style_class.html.cut +1 -0
  489. data/test/fixtures/templates/direct.html.cut +1 -0
  490. data/test/fixtures/templates/extended/grandparent.html.cut +10 -0
  491. data/test/fixtures/templates/extended/main.html.cut +6 -0
  492. data/test/fixtures/templates/extended/parent.html.cut +10 -0
  493. data/test/fixtures/templates/layouts/entries.html.cut +7 -0
  494. data/test/fixtures/templates/layouts/page_style.html.cut +1 -0
  495. data/test/fixtures/templates/layouts/params.html.cut +1 -0
  496. data/test/fixtures/templates/layouts/preview_render.html.cut +2 -0
  497. data/test/fixtures/templates/layouts/standard_page.html.cut +1 -0
  498. data/test/fixtures/templates/layouts/subdir_style.html.cut +1 -0
  499. data/test/fixtures/templates/layouts/template_params.html.cut +1 -0
  500. data/test/fixtures/templates/page_class/inline_style.html.cut +1 -0
  501. data/test/fixtures/templates/preview_render/inline.html.cut +0 -0
  502. data/test/fixtures/templates/publishing/layouts/dynamic.html.cut +1 -0
  503. data/test/fixtures/templates/publishing/layouts/static.html.cut +1 -0
  504. data/test/fixtures/templates/template_class/anonymous_style.html.cut +4 -0
  505. data/test/fixtures/templates/template_class/another_template.html.cut +0 -0
  506. data/test/fixtures/templates/template_class/complex_template.html.cut +6 -0
  507. data/test/fixtures/templates/template_class/complex_template.pdf.cut +6 -0
  508. data/test/fixtures/templates/template_class/default_template_style.html.cut +4 -0
  509. data/test/fixtures/templates/template_class/images_with_template.html.cut +5 -0
  510. data/test/fixtures/templates/template_class/slots_template.html.cut +5 -0
  511. data/test/fixtures/templates/template_class/slots_template.pdf.cut +5 -0
  512. data/test/fixtures/templates/template_class/this_template.epub.cut +1 -0
  513. data/test/fixtures/templates/template_class/this_template.html.cut +1 -0
  514. data/test/fixtures/templates/template_class/this_template.pdf.cut +1 -0
  515. data/test/fixtures/templates/with_default_style_class.html.cut +1 -0
  516. data/test/functional/test_application.rb +176 -0
  517. data/test/functional/test_back.rb +902 -0
  518. data/test/functional/test_front.rb +571 -0
  519. data/test/javascript/test_dom.rb +94 -0
  520. data/test/javascript/test_markdown.rb +97 -0
  521. data/test/slow/test_publishing.rb +987 -0
  522. data/test/slow/test_visibility.rb +250 -0
  523. data/test/support/custom_matchers.rb +77 -0
  524. data/test/support/timing.rb +23 -0
  525. data/test/test_helper.rb +164 -0
  526. data/test/test_javascript.rb +34 -0
  527. data/test/ui/test_page_editing.rb +167 -0
  528. data/test/ui_helper.rb +114 -0
  529. data/test/unit/test_alias.rb +254 -0
  530. data/test/unit/test_authentication.rb +510 -0
  531. data/test/unit/test_boxes.rb +497 -0
  532. data/test/unit/test_config.rb +156 -0
  533. data/test/unit/test_content.rb +221 -0
  534. data/test/unit/test_content_inheritance.rb +103 -0
  535. data/test/unit/test_extensions.rb +14 -0
  536. data/test/unit/test_fields.rb +392 -0
  537. data/test/unit/test_generators.rb +97 -0
  538. data/test/unit/test_image_size.rb +25 -0
  539. data/test/unit/test_images.rb +265 -0
  540. data/test/unit/test_layouts.rb +111 -0
  541. data/test/unit/test_logger.rb +80 -0
  542. data/test/unit/test_media.rb +70 -0
  543. data/test/unit/test_page.rb +244 -0
  544. data/test/unit/test_permissions.rb +834 -0
  545. data/test/unit/test_piece.rb +80 -0
  546. data/test/unit/test_prototype_set.rb +192 -0
  547. data/test/unit/test_prototypes.rb +102 -0
  548. data/test/unit/test_render.rb +359 -0
  549. data/test/unit/test_schema.rb +1009 -0
  550. data/test/unit/test_serialisation.rb +215 -0
  551. data/test/unit/test_site.rb +145 -0
  552. data/test/unit/test_structure.rb +85 -0
  553. data/test/unit/test_styles.rb +417 -0
  554. data/test/unit/test_templates.rb +224 -0
  555. data/test/unit/test_type_hierarchy.rb +28 -0
  556. metadata +1017 -0
@@ -0,0 +1,510 @@
1
+ # encoding: UTF-8
2
+
3
+ require 'test_helper'
4
+
5
+ # set :environment, :test
6
+
7
+
8
+ class AuthenticationTest < MiniTest::Spec
9
+ include ::Rack::Test::Methods
10
+
11
+
12
+ def self.startup
13
+ end
14
+
15
+ def create_user(name, level)
16
+ user = Permissions::User.create({
17
+ :name => "#{name.capitalize}",
18
+ :email => "#{name}@example.org",
19
+ :login => name,
20
+ :password => "#{name}_password",
21
+ :password_confirmation => "#{name}_password"
22
+ })
23
+ user.update(:level => level)
24
+ user
25
+ end
26
+
27
+ def self.shutdown
28
+ end
29
+
30
+ @@version = 0
31
+
32
+ def version
33
+ @@version += 1
34
+ end
35
+
36
+ def app
37
+ Spontaneous::Rack::Back.application
38
+ end
39
+
40
+ def root
41
+ @root
42
+ end
43
+
44
+ def about
45
+ @about
46
+ end
47
+
48
+ def root_user
49
+ @root_user
50
+ end
51
+
52
+ def admin_user
53
+ @admin_user
54
+ end
55
+
56
+ def editor_user
57
+ @editor_user
58
+ end
59
+
60
+ def guest_user
61
+ @guest_user
62
+ end
63
+
64
+ def disabled_user
65
+ @disabled_user
66
+ end
67
+
68
+ def login_user(user)
69
+ post "/@spontaneous/login", "user[login]" => user.login, "user[password]" => user.password
70
+ @user = user
71
+ end
72
+
73
+ def auth_post(path, params={})
74
+ key = @user.access_keys.first
75
+ post(path, params.merge("__key" => key.key_id))
76
+ end
77
+ def auth_get(path, params={})
78
+ key = @user.access_keys.first
79
+ get(path, params.merge("__key" => key.key_id))
80
+ end
81
+
82
+ def setup
83
+ instance = Spontaneous::Site.instantiate(Spontaneous.root, :test, :back)
84
+ Site.config.publishing_delay nil
85
+ Site.database = DB
86
+ Site.instance.paths.add :templates, File.expand_path("../../fixtures/public/templates", __FILE__)
87
+ # see http://benprew.posterous.com/testing-sessions-with-sinatra
88
+ app.send(:set, :sessions, false)
89
+ Spontaneous.media_dir = File.expand_path('../../fixtures/permissions/media', __FILE__)
90
+ end
91
+
92
+ def assert_login_page(path = nil, method = "GET")
93
+ assert last_response.status == 401, "#{method} #{path} should have status 401 but has #{last_response.status}"
94
+ last_response.body.should =~ %r{<form.+action="/@spontaneous/login"}
95
+ last_response.body.should =~ %r{<form.+method="post"}
96
+ last_response.body.should =~ %r{<input.+name="user\[login\]"}
97
+ last_response.body.should =~ %r{<input.+name="user\[password\]"}
98
+ end
99
+
100
+ def post_paths
101
+ %(/save/#{root.id} /savebox/#{root.id}/#{root.boxes[:editor_level].schema_id} /content/#{root.id}/position/0 /file/upload/#{root.id} /file/replace/#{root.id} /file/wrap/#{root.id}/#{root.boxes[:pages].schema_id} /add/#{root.id}/#{root.boxes[:pages].schema_id}/#{SitePage.schema_id} /destroy/#{root.id} /slug/#{root.id} /slug/#{root.id}/unavailable /toggle/#{root.id} /schema/delete /schema/rename)
102
+ end
103
+
104
+ def get_paths
105
+ %(/root /page/#{root.id} /types /map /map/#{root.id} /location/about /user)
106
+ end
107
+
108
+ context "Authentication:" do
109
+ setup do
110
+ Spontaneous::Schema.reset!
111
+
112
+ class C < Spontaneous::Piece
113
+ field :photo, :image, :write_level => :root
114
+ end
115
+ class D < Spontaneous::Piece; end
116
+
117
+ class SitePage < Spontaneous::Page
118
+ # page_style :default
119
+ field :editor_level, :user_level => :editor
120
+ field :admin_level, :user_level => :admin
121
+ field :root_level, :user_level => :root
122
+ field :mixed_level, :read_level => :editor, :write_level => :root
123
+ field :default_level
124
+
125
+ box :pages
126
+
127
+ box :editor_level, :user_level => :editor do
128
+ field :editor_level, :user_level => :editor
129
+ field :admin_level, :user_level => :admin
130
+ field :root_level, :user_level => :root
131
+ field :mixed_level, :read_level => :editor, :write_level => :root
132
+ field :default_level
133
+
134
+ allow :'AuthenticationTest::D', :user_level => :editor
135
+ allow :'AuthenticationTest::C', :user_level => :root
136
+ end
137
+
138
+ box :admin_level, :user_level => :admin do
139
+ field :editor_level, :user_level => :editor
140
+ field :admin_level, :user_level => :admin
141
+ field :root_level, :user_level => :root
142
+ field :mixed_level, :read_level => :editor, :write_level => :root
143
+ field :default_level
144
+
145
+ allow :'AuthenticationTest::C', :user_level => :admin
146
+ allow :'AuthenticationTest::D', :user_level => :root
147
+ end
148
+
149
+ box :root_level, :user_level => :root do
150
+ field :editor_level, :user_level => :editor
151
+ field :admin_level, :user_level => :admin
152
+ field :root_level, :user_level => :root
153
+ field :mixed_level, :read_level => :editor, :write_level => :root
154
+ field :default_level
155
+
156
+ allow :'AuthenticationTest::C', :user_level => :root
157
+ end
158
+
159
+ box :mixed_level, :read_level => :editor, :write_level => :root do
160
+ field :editor_level, :user_level => :editor
161
+ field :admin_level, :user_level => :admin
162
+ field :root_level, :user_level => :root
163
+ field :mixed_level, :read_level => :editor, :write_level => :root
164
+ field :default_level
165
+
166
+ allow :'AuthenticationTest::C', :user_level => :editor
167
+ end
168
+
169
+ box :default_level do
170
+ field :editor_level, :user_level => :editor
171
+ field :admin_level, :user_level => :admin
172
+ field :root_level, :user_level => :root
173
+ field :mixed_level, :read_level => :editor, :write_level => :root
174
+ field :default_level
175
+
176
+ allow :'AuthenticationTest::C'
177
+ end
178
+ end
179
+ Content.delete
180
+ Permissions::User.delete
181
+ Permissions::AccessKey.delete
182
+ Spontaneous.environment = :test
183
+ Permissions::UserLevel.level_file = File.expand_path('../../fixtures/permissions', __FILE__) / 'config/user_levels.yml'
184
+
185
+ @saved_root = Spontaneous.root
186
+ Spontaneous.root = File.expand_path('../../fixtures/example_application', __FILE__)
187
+
188
+ # Spontaneous.template_root = File.expand_path("../../fixtures/public/templates", __FILE__)
189
+
190
+ @root = SitePage.create
191
+ @root.save
192
+
193
+ @about = SitePage.create(:uid => 'about', :slug => "about")
194
+ @root.pages << @about
195
+ piece = C.new
196
+ @root.boxes[:root_level] << piece
197
+ piece = C.new
198
+ @root.boxes[:root_level] << piece
199
+ @root.save
200
+
201
+ @root_user = create_user('root', Permissions::UserLevel.root)
202
+ @admin_user = create_user('admin', Permissions::UserLevel.admin)
203
+ @editor_user = create_user('editor', Permissions::UserLevel.editor)
204
+ @guest_user = create_user('guest', Permissions::UserLevel.none)
205
+ @disabled_user = create_user('disabled', Permissions::UserLevel.admin)
206
+ @disabled_user.update(:disabled => true)
207
+ end
208
+
209
+ teardown do
210
+ [:C, :D, :SitePage].each { |k| AuthenticationTest.send(:remove_const, k)}
211
+ Content.delete
212
+ Permissions::User.delete
213
+ Permissions::AccessKey.delete
214
+ Spontaneous.root = @saved_root
215
+ end
216
+
217
+ context "Unauthorised sessions" do
218
+ should "redirect / to /@spontaneous" do
219
+ get "/"
220
+ assert last_response.status == 302
221
+ last_response.headers["Location"].should =~ %r{/@spontaneous$}
222
+ end
223
+
224
+ should "redirect /* to /@spontaneous" do
225
+ get "/about"
226
+ assert last_response.status == 302
227
+ last_response.headers["Location"].should =~ %r{/@spontaneous$}
228
+ end
229
+
230
+ should "see a login page at /@spontaneous" do
231
+ get "/@spontaneous"
232
+ assert_login_page
233
+ end
234
+
235
+ should "see a login page for all GETs" do
236
+ get_paths.split.each do |path|
237
+ get "/@spontaneous#{path}"
238
+ assert_login_page path
239
+ end
240
+ end
241
+
242
+ should "see a login page for all POSTs" do
243
+ post_paths.split.each do |path|
244
+ post "/@spontaneous#{path}"
245
+ assert_login_page(path, "POST")
246
+ end
247
+ end
248
+
249
+ should "get access to static files" do
250
+ get "/@spontaneous/static/favicon.ico"
251
+ assert last_response.status == 200
252
+ end
253
+
254
+ should "get access to Javascript files" do
255
+ get "/@spontaneous/js/init.js"
256
+ assert last_response.status == 200
257
+ end
258
+
259
+ should "get access to CSS files" do
260
+ get "/@spontaneous/css/v2.css"
261
+ assert last_response.status == 200
262
+ end
263
+
264
+ should "get access to media files" do
265
+ get '/media/image.jpg'
266
+ assert last_response.status == 200
267
+ end
268
+
269
+ context "Logging in" do
270
+ should "fail unless provided with a login & password" do
271
+ post "/@spontaneous/login", "user[login]" => "", "user[password]" => ""
272
+ assert_login_page("/@spontaneous/login", "POST")
273
+ end
274
+
275
+ should "fail for invalid login names" do
276
+ post "/@spontaneous/login", "user[login]" => "noone", "user[password]" => "wrong"
277
+ assert_login_page("/@spontaneous/login", "POST")
278
+ end
279
+
280
+ should "fail for invalid passwords" do
281
+ post "/@spontaneous/login", "user[login]" => "editor", "user[password]" => "wrong"
282
+ assert_login_page("/@spontaneous/login", "POST")
283
+ end
284
+
285
+ should "fail for disabled users" do
286
+ post "/@spontaneous/login", "user[login]" => "disabled", "user[password]" => "disabled_password"
287
+ assert_login_page("/@spontaneous/login", "POST")
288
+ end
289
+
290
+ should "succeed and redirect to /@spontaneous for correct login & password" do
291
+ # post "/@spontaneous/login", "user[login]" => "admin", "user[password]" => "admin_password"
292
+ login_user(@admin_user)
293
+ assert last_response.status == 302, "Status was #{last_response.status} not 302"
294
+ last_response.headers["Location"].should =~ %r{/@spontaneous$}
295
+ end
296
+
297
+ should "succeed and return an api key value for correct login over XHR" do
298
+ key = Spontaneous::Permissions::AccessKey.new
299
+ Spontaneous::Permissions::AccessKey.expects(:new).returns(key)
300
+ post "/@spontaneous/login", { "user[login]" => "admin", "user[password]" => "admin_password" }, {"HTTP_X_REQUESTED_WITH" => "XMLHttpRequest"}
301
+ assert last_response.status == 200, "Status was #{last_response.status} not 200"
302
+ result = Spot::JSON.parse(last_response.body)
303
+ result[:key].should == key.key_id
304
+ result[:redirect].should == "/@spontaneous"
305
+ end
306
+
307
+ should "accept a valid API key for re-authentication" do
308
+ key = @admin_user.logged_in!
309
+ post "/@spontaneous/reauthenticate", "api_key" => key.key_id
310
+ assert last_response.status == 302, "Status was #{last_response.status} not 302"
311
+ last_response.headers["Location"].should =~ %r{/@spontaneous$}
312
+ end
313
+
314
+ should "reject invalid API key" do
315
+ post "/@spontaneous/reauthenticate", "key" => "invalid"
316
+ assert_login_page("/@spontaneous/reauthenticate", "POST")
317
+ end
318
+ end
319
+
320
+ context "Logged in users" do
321
+ setup do
322
+ login_user(@editor_user)
323
+ end
324
+
325
+ teardown do
326
+ clear_cookies
327
+ end
328
+
329
+ should "need to supply API key in params for all POSTs" do
330
+ post_paths.split.each do |path|
331
+ post "/@spontaneous#{path}"
332
+ assert_login_page(path, "POST")
333
+ end
334
+ end
335
+
336
+ should "need to supply API key in params for all GETs" do
337
+ get_paths.split.each do |path|
338
+ get "/@spontaneous#{path}"
339
+ assert_login_page path
340
+ end
341
+ end
342
+
343
+ should "be able to view the preview" do
344
+ get "/"
345
+ assert last_response.ok?
346
+ end
347
+
348
+ should "be able to view the editing interface" do
349
+ get "/@spontaneous"
350
+ assert last_response.ok?, "Expected 200 but got #{last_response.status}"
351
+ end
352
+
353
+ # context "providing an API key in the request" do
354
+ # should "be able to see previously forbidden fruit" do
355
+ # get "/@spontaneous/root"
356
+ # assert last_response.ok?
357
+ # end
358
+
359
+ # should "be able to load info about themselves" do
360
+ # get "/@spontaneous/user"
361
+ # assert last_response.ok?
362
+ # Spot::JSON.parse(last_response.body).should == @editor_user.export
363
+ # end
364
+ # end
365
+ end
366
+
367
+ end
368
+
369
+ context "User levels" do
370
+ context "Root access" do
371
+ setup do
372
+ login_user(@root_user)
373
+ end
374
+
375
+ teardown do
376
+ clear_cookies
377
+ end
378
+
379
+ should "be able to update root level fields" do
380
+ field = root.fields.root_level
381
+ auth_post "/@spontaneous/save/#{root.id}", "field[#{field.schema_id}][unprocessed_value]" => "Updated"
382
+ assert last_response.ok?
383
+ root.reload.fields[:root_level].value.should == "Updated"
384
+ end
385
+
386
+ should "be able to add to root level box" do
387
+ klass = AuthenticationTest::C
388
+ auth_post "/@spontaneous/add/#{root.id}/#{root.boxes[:root_level].schema_id}/#{klass.schema_id}"
389
+ assert last_response.ok?
390
+ end
391
+ end
392
+ context "Admin access" do
393
+ setup do
394
+ @root_copy = root
395
+ login_user(@admin_user)
396
+ end
397
+
398
+ teardown do
399
+ clear_cookies
400
+ end
401
+
402
+ should "not be able to update root level fields" do
403
+ value = "Updated #{version}"
404
+ field = root.fields[:root_level]
405
+ auth_post "/@spontaneous/save/#{root.id}", "field[#{field.schema_id}][unprocessed_value]" => value
406
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
407
+ root.reload.fields[:root_level].value.should == @root_copy.root_level.value
408
+ end
409
+
410
+ should "be able to update admin level fields" do
411
+ value = "Updated #{version}"
412
+ field = root.fields[:admin_level]
413
+ auth_post "/@spontaneous/save/#{root.id}", "field[#{field.schema_id}][unprocessed_value]" => value
414
+ assert last_response.ok?
415
+ root.reload.fields[:admin_level].value.should == value
416
+ end
417
+
418
+ should "not be able to add to root level box" do
419
+ auth_post "/@spontaneous/add/#{root.id}/#{root.boxes[:root_level].schema_id}/#{AuthenticationTest::C.schema_id}"
420
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
421
+ end
422
+
423
+ should "not be able to add root level types to admin level box" do
424
+ auth_post "/@spontaneous/add/#{root.id}/#{root.boxes[:admin_level].schema_id}/#{AuthenticationTest::D.schema_id}"
425
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
426
+ end
427
+
428
+ should "be able to add to admin level box" do
429
+ auth_post "/@spontaneous/add/#{root.id}/#{root.boxes[:admin_level].schema_id}/#{AuthenticationTest::C.schema_id}"
430
+ # post "/@spontaneous/add/#{root.id}/admin_level/AuthenticationTest::C"
431
+ assert last_response.ok?
432
+ end
433
+ should "not be able to update fields from root level box" do
434
+ value = "Updated #{version}"
435
+ field = root.fields[:editor_level]
436
+ auth_post "/@spontaneous/savebox/#{root.id}/#{root.boxes[:root_level].schema_id}", "field[#{field.schema_id}][unprocessed_value]" => value
437
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
438
+ end
439
+
440
+ should "not be able to update root level fields from admin level box" do
441
+ value = "Updated #{version}"
442
+ field = root.boxes[:admin_level].fields[:root_level]
443
+ auth_post "/@spontaneous/savebox/#{root.id}/#{root.boxes[:admin_level].schema_id}", "field[#{field.schema_id}][unprocessed_value]" => value
444
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
445
+ end
446
+
447
+ should "not be able to delete from root level box" do
448
+ piece = root.boxes[:root_level].pieces.first
449
+ pieces = root.reload.boxes[:root_level].pieces.length
450
+ auth_post "/@spontaneous/destroy/#{piece.id}"
451
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
452
+ root.reload.boxes[:root_level].pieces.length.should == pieces
453
+ end
454
+ should "not be able to wrap files in root level box" do
455
+ src_file = File.expand_path("../../fixtures/images/rose.jpg", __FILE__)
456
+ auth_post "/@spontaneous/file/wrap/#{root.id}/#{root.boxes[:root_level].schema_id}", "file" => ::Rack::Test::UploadedFile.new(src_file, "image/jpeg")
457
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
458
+ end
459
+ should "not be able to wrap files in box if allow permissions don't permit it" do
460
+ src_file = File.expand_path("../../fixtures/images/rose.jpg", __FILE__)
461
+ # only type with an image field is C
462
+ # editor_level box allows addition of type C but only by root
463
+ # so the following should throw a perms error:
464
+ auth_post "/@spontaneous/file/wrap/#{root.id}/#{root.boxes[:editor_level].schema_id}", "file" => ::Rack::Test::UploadedFile.new(src_file, "image/jpeg")
465
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
466
+ end
467
+ should "not be able to re-order pieces in root level box" do
468
+ piece = root.boxes[:root_level].pieces.last
469
+ auth_post "/@spontaneous/content/#{piece.id}/position/0"
470
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
471
+ root.reload.boxes[:root_level].pieces.last.id.should == piece.id
472
+ end
473
+
474
+ should "not be able to replace root level fields" do
475
+ piece = root.boxes[:root_level].pieces.first
476
+ src_file = File.expand_path("../../fixtures/images/rose.jpg", __FILE__)
477
+ field = piece.fields[:photo]
478
+ auth_post "/@spontaneous/file/replace/#{piece.id}", "file" => ::Rack::Test::UploadedFile.new(src_file, "image/jpeg"), "field" => field.schema_id
479
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
480
+ end
481
+
482
+ should "not be able to hide entries in root-level boxes" do
483
+ piece = root.boxes[:root_level].pieces.first
484
+ auth_post "/@spontaneous/toggle/#{piece.id}"
485
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
486
+ end
487
+
488
+ should "not be allowed to update path of pages without permission"
489
+ end
490
+ context "Editor access" do
491
+ setup do
492
+ @root_copy = root
493
+ login_user(@editor_user)
494
+ end
495
+
496
+ teardown do
497
+ clear_cookies
498
+ end
499
+
500
+ should "not be able to retrieve the list of changes" do
501
+ Change.delete
502
+ get "/@spontaneous/publish/changes"
503
+ assert last_response.status == 401, "Should have a permissions error 401 not #{last_response.status}"
504
+ end
505
+ end
506
+ end
507
+
508
+ end
509
+ end
510
+