spree_auth 0.70.7 → 1.0.0.rc1

metadata

@@ -1,13 +1,15 @@
 --- !ruby/object:Gem::Specification 
 name: spree_auth
 version: !ruby/object:Gem::Version 
-  hash: 265
-  prerelease: 
+  hash: 15424055
+  prerelease: 6
   segments: 
+  - 1
   - 0
-  - 70
-  - 7
-  version: 0.70.7
+  - 0
+  - rc
+  - 1
+  version: 1.0.0.rc1
 platform: ruby
 authors: 
 - Sean Schofield
@@ -15,7 +17,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-07-08 00:00:00 Z
+date: 2011-12-23 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   version_requirements: &id001 !ruby/object:Gem::Requirement 
@@ -23,12 +25,14 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 265
+        hash: 15424055
         segments: 
+        - 1
         - 0
-        - 70
-        - 7
-        version: 0.70.7
+        - 0
+        - rc
+        - 1
+        version: 1.0.0.rc1
   requirement: *id001
   type: :runtime
   prerelease: false
@@ -39,12 +43,12 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 9
+        hash: 23
         segments: 
         - 1
         - 4
-        - 7
-        version: 1.4.7
+        - 8
+        version: 1.4.8
   requirement: *id002
   type: :runtime
   prerelease: false
@@ -55,12 +59,12 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 5
+        hash: 1
         segments: 
         - 1
         - 6
-        - 5
-        version: 1.6.5
+        - 7
+        version: 1.6.7
   requirement: *id003
   type: :runtime
   prerelease: false
@@ -80,47 +84,47 @@ files:
 - app/assets/javascripts/store/spree_auth.js
 - app/assets/stylesheets/admin/spree_auth.css
 - app/assets/stylesheets/store/spree_auth.css
-- app/controllers/admin_controller_decorator.rb
-- app/controllers/admin_orders_controller_decorator.rb
-- app/controllers/admin_resource_controller_decorator.rb
-- app/controllers/checkout_controller_decorator.rb
-- app/controllers/orders_controller_decorator.rb
 - app/controllers/resource_controller_decorator.rb
+- app/controllers/spree/admin/admin_controller_decorator.rb
+- app/controllers/spree/admin/admin_orders_controller_decorator.rb
+- app/controllers/spree/admin/admin_resource_controller_decorator.rb
 - app/controllers/spree/base_controller_decorator.rb
-- app/controllers/user_passwords_controller.rb
-- app/controllers/user_registrations_controller.rb
-- app/controllers/user_sessions_controller.rb
-- app/controllers/users_controller.rb
-- app/helpers/users_helper.rb
-- app/models/ability.rb
-- app/models/order_decorator.rb
-- app/models/spree_auth_configuration.rb
-- app/models/spree_current_order_decorator.rb
-- app/models/tokenized_permission.rb
-- app/models/user.rb
-- app/models/user_mailer.rb
+- app/controllers/spree/checkout_controller_decorator.rb
+- app/controllers/spree/orders_controller_decorator.rb
+- app/controllers/spree/user_passwords_controller.rb
+- app/controllers/spree/user_registrations_controller.rb
+- app/controllers/spree/user_sessions_controller.rb
+- app/controllers/spree/users_controller.rb
+- app/helpers/spree/users_helper.rb
+- app/mailers/spree/user_mailer.rb
+- app/models/spree/ability.rb
+- app/models/spree/auth_configuration.rb
+- app/models/spree/current_order_decorator.rb
+- app/models/spree/order_decorator.rb
+- app/models/spree/tokenized_permission.rb
+- app/models/spree/user.rb
 - app/overrides/auth_admin_login_navigation_bar.rb
 - app/overrides/auth_shared_login_bar.rb
-- app/views/checkout/registration.html.erb
-- app/views/layouts/admin/_login_nav.html.erb
-- app/views/shared/_flashes.html.erb
-- app/views/shared/_login.html.erb
-- app/views/shared/_login_bar.html.erb
-- app/views/shared/_user_form.html.erb
-- app/views/shared/unauthorized.html.erb
-- app/views/user_mailer/reset_password_instructions.text.erb
-- app/views/user_passwords/edit.html.erb
-- app/views/user_passwords/new.html.erb
-- app/views/user_registrations/new.html.erb
-- app/views/user_sessions/authorization_failure.html.erb
-- app/views/user_sessions/new.html.erb
-- app/views/users/edit.html.erb
-- app/views/users/show.html.erb
-- config/cucumber.yml
+- app/views/spree/checkout/registration.html.erb
+- app/views/spree/layouts/admin/_login_nav.html.erb
+- app/views/spree/shared/_flashes.html.erb
+- app/views/spree/shared/_login.html.erb
+- app/views/spree/shared/_login_bar.html.erb
+- app/views/spree/shared/_user_form.html.erb
+- app/views/spree/shared/unauthorized.html.erb
+- app/views/spree/user_mailer/reset_password_instructions.text.erb
+- app/views/spree/user_passwords/edit.html.erb
+- app/views/spree/user_passwords/new.html.erb
+- app/views/spree/user_registrations/new.html.erb
+- app/views/spree/user_sessions/authorization_failure.html.erb
+- app/views/spree/user_sessions/new.html.erb
+- app/views/spree/users/edit.html.erb
+- app/views/spree/users/show.html.erb
 - config/initializers/devise.rb
 - config/locales/en.yml
 - config/routes.rb
-- lib/spree/auth/config.rb
+- lib/spree/auth/engine.rb
+- lib/spree/auth.rb
 - lib/spree/token_resource.rb
 - lib/spree_auth.rb
 - lib/tasks/auth.rake
@@ -129,6 +133,8 @@ files:
 - db/migrate/20101214150824_convert_user_remember_field.rb
 - db/migrate/20101217012656_create_tokenized_permissions.rb
 - db/migrate/20101219201531_tokens_for_legacy_orders.rb
+- db/migrate/20111007143030_namespace_tokenized_permission.rb
+- db/migrate/20111206075712_migrate_tokenized_permissions.rb
 - db/seeds.rb
 homepage: http://spreecommerce.com
 licenses: []
@@ -152,15 +158,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version 
-      hash: 3
+      hash: 25
       segments: 
-      - 0
-      version: "0"
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
 requirements: 
 - none
-rubyforge_project: spree_auth
+rubyforge_project: 
 rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3

data/app/controllers/admin_controller_decorator.rb

@@ -1,13 +0,0 @@
-Admin::BaseController.class_eval do
-  before_filter :authorize_admin
-
-  def authorize_admin
-    begin
-      model = controller_name.classify.constantize
-    rescue
-      model = Object
-    end
-    authorize! :admin, model
-    authorize! params[:action].to_sym, model
-  end
-end

data/app/controllers/admin_orders_controller_decorator.rb

@@ -1,15 +0,0 @@
-Admin::OrdersController.class_eval do
-  before_filter :check_authorization
-
-  private
-
-  def check_authorization
-    load_order
-    session[:access_token] ||= params[:token]
-
-    resource = @order || Order
-    action = params[:action].to_sym
-
-    authorize! action, resource, session[:access_token]
-  end
-end

data/app/controllers/admin_resource_controller_decorator.rb

@@ -1,3 +0,0 @@
-Admin::ResourceController.class_eval do
-  authorize_resource
-end

data/app/controllers/checkout_controller_decorator.rb

@@ -1,42 +0,0 @@
-CheckoutController.class_eval do
-  before_filter :check_authorization
-  before_filter :check_registration, :except => [:registration, :update_registration]
-
-  helper :users
-
-  def registration
-    @user = User.new
-  end
-
-  def update_registration
-    # hack - temporarily change the state to something other than cart so we can validate the order email address
-    current_order.state = "address"
-    if current_order.update_attributes(params[:order])
-      redirect_to checkout_path
-    else
-      @user = User.new
-      render 'registration'
-    end
-  end
-
-  private
-  def check_authorization
-    authorize!(:edit, current_order, session[:access_token])
-  end
-
-  # Introduces a registration step whenever the +registration_step+ preference is true.
-  def check_registration
-    return unless Spree::Auth::Config[:registration_step]
-    return if current_user or current_order.email
-    store_location
-    redirect_to checkout_registration_path
-  end
-
-  # Overrides the equivalent method defined in spree_core.  This variation of the method will ensure that users
-  # are redirected to the tokenized order url unless authenticated as a registered user.
-  def completion_route
-    return order_path(@order) if current_user
-    token_order_path(@order, @order.token)
-  end
-
-end

data/app/controllers/orders_controller_decorator.rb

@@ -1,17 +0,0 @@
-OrdersController.class_eval do
-  before_filter :check_authorization
-
-  private
-
-  def check_authorization
-    session[:access_token] ||= params[:token]
-    order = Order.find_by_number(params[:id]) || current_order
-
-    if order
-      authorize! :edit, order, session[:access_token]
-    else
-      authorize! :create, Order
-    end
-  end
-
-end

data/app/helpers/users_helper.rb

@@ -1,13 +0,0 @@
-module UsersHelper
-  def password_style(user)
-    ActiveSupport::Deprecation.warn "[SPREE] Password style has be depreciated due to the removal of OpenID from the Auth Gem. "
-      "Please install the spree_social gem to regain this functionality and more."
-    ""
-  end
-  def openid_style(user)
-    ActiveSupport::Deprecation.warn "[SPREE] Password style has be depreciated due to the removal of OpenID from the Auth Gem. "
-      "Please install the spree_social gem to regain this functionality and more."
-    "display:none"
-  end
-
-end

data/app/models/ability.rb

@@ -1,64 +0,0 @@
-# Implementation class for Cancan gem.  Instead of overriding this class, consider adding new permissions
-# using the special +register_ability+ method which allows extensions to add their own abilities.
-#
-# See http://github.com/ryanb/cancan for more details on cancan.
-class Ability
-  include CanCan::Ability
-
-  class_attribute :abilities
-  self.abilities = Set.new
-
-  # Allows us to go beyond the standard cancan initialize method which makes it difficult for engines to
-  # modify the default +Ability+ of an application.  The +ability+ argument must be a class that includes
-  # the +CanCan::Ability+ module.  The registered ability should behave properly as a stand-alone class
-  # and therefore should be easy to test in isolation.
-  def self.register_ability(ability)
-    self.abilities.add(ability)
-  end
-
-  def initialize(user)
-    self.clear_aliased_actions
-
-    # override cancan default aliasing (we don't want to differentiate between read and index)
-    alias_action :edit, :to => :update
-    alias_action :new, :to => :create
-    alias_action :new_action, :to => :create
-    alias_action :show, :to => :read
-
-    user ||= User.new
-    if user.has_role? 'admin'
-      can :manage, :all
-    else
-      #############################
-      can :read, User do |resource|
-        resource == user
-      end
-      can :update, User do |resource|
-        resource == user
-      end
-      can :create, User
-      #############################
-      can :read, Order do |order, token|
-        order.user == user || order.token && token == order.token
-      end
-      can :update, Order do |order, token|
-        order.user == user || order.token && token == order.token
-      end
-      can :create, Order
-      #############################
-      can :read, Product
-      can :index, Product
-      #############################
-      can :read, Taxon
-      can :index, Taxon
-      #############################
-    end
-
-    #include any abilities registered by extensions, etc.
-    Ability.abilities.each do |clazz|
-      ability = clazz.send(:new, user)
-      @rules = rules + ability.send(:rules)
-    end
-
-  end
-end

data/app/models/spree_auth_configuration.rb

@@ -1,4 +0,0 @@
-class SpreeAuthConfiguration < Configuration
-  preference :registration_step, :boolean, :default => true
-  preference :signout_after_password_change, :boolean, :default => true
-end

data/app/models/tokenized_permission.rb

@@ -1,3 +0,0 @@
-class TokenizedPermission < ActiveRecord::Base
-  belongs_to :permissable, :polymorphic => true
-end

data/app/models/user.rb

@@ -1,85 +0,0 @@
-class User < ActiveRecord::Base
-
-  devise :database_authenticatable, :token_authenticatable, :registerable, :recoverable,
-         :rememberable, :trackable, :validatable, :encryptable, :encryptor => "authlogic_sha512"
-
-  has_many :orders
-  has_and_belongs_to_many :roles
-  belongs_to :ship_address, :foreign_key => "ship_address_id", :class_name => "Address"
-  belongs_to :bill_address, :foreign_key => "bill_address_id", :class_name => "Address"
-
-  before_save :check_admin
-  before_validation :set_login
-
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me, :persistence_token
-
-  scope :admin, lambda { includes(:roles).where("roles.name" => "admin") }
-  scope :registered, where("users.email NOT LIKE ?", "%@example.net")
-
-  # has_role? simply needs to return true or false whether a user has a role or not.
-  def has_role?(role_in_question)
-    roles.any? { |role| role.name == role_in_question.to_s }
-  end
-
-  # Creates an anonymous user.  An anonymous user is basically an auto-generated +User+ account that is created for the customer
-  # behind the scenes and its completely transparently to the customer.  All +Orders+ must have a +User+ so this is necessary
-  # when adding to the "cart" (which is really an order) and before the customer has a chance to provide an email or to register.
-  def self.anonymous!
-    token = User.generate_token(:persistence_token)
-    User.create(:email => "#{token}@example.net", :password => token, :password_confirmation => token, :persistence_token => token)
-  end
-
-  def self.admin_created?
-    User.admin.count > 0
-  end
-
-  def anonymous?
-    email =~ /@example.net$/
-  end
-
-  def send_reset_password_instructions
-    generate_reset_password_token!
-    UserMailer.reset_password_instructions(self).deliver
-  end
-
-  protected
-  def password_required?
-    !persisted? || password.present? || password_confirmation.present?
-  end
-
-  private
-
-  def check_admin
-    return if self.class.admin_created?
-    admin_role = Role.find_or_create_by_name "admin"
-    self.roles << admin_role
-  end
-
-  def set_login
-    # for now force login to be same as email, eventually we will make this configurable, etc.
-    self.login ||= self.email if self.email
-  end
-
-  # Generate a friendly string randomically to be used as token.
-  def self.friendly_token
-    SecureRandom.base64(15).tr('+/=', '-_ ').strip.delete("\n")
-  end
-
-  # Generate a token by looping and ensuring does not already exist.
-  def self.generate_token(column)
-    loop do
-      token = friendly_token
-      break token unless find(:first, :conditions => { column => token })
-    end
-  end
-
-  def self.current
-    Thread.current[:user]
-  end
-
-  def self.current=(user)
-    Thread.current[:user] = user
-  end
-
-end

data/app/models/user_mailer.rb

@@ -1,13 +0,0 @@
-class UserMailer < ActionMailer::Base
-
-  def reset_password_instructions(user)
-    default_url_options[:host] = Spree::Config[:site_url]
-
-    @edit_password_reset_url = edit_user_password_url(:reset_password_token => user.reset_password_token)
-
-    mail(:to => user.email,
-         :subject => Spree::Config[:site_name] + ' ' + I18n.t("password_reset_instructions"))
-  end
-
-end
-

data/app/views/checkout/registration.html.erb

@@ -1,20 +0,0 @@
-<%= render 'shared/error_messages', :target => @user %>
-<h2><%= t(:registration)%></h2>
-<div id="registration">
-  <div id="account">
-    <%= render :file => 'user_sessions/new' %>
-  </div>
-  <% if Spree::Config[:allow_guest_checkout] %>
-    <div id="guest_checkout">
-      <%= render 'shared/error_messages', :target => @order %>
-      <h2><%= t(:guest_user_account) %></h2>
-      <%= form_for @order, :url => update_checkout_registration_path, :html => { :method => :put, :id => 'checkout_form_registration'} do |f| %>
-        <p>
-          <%= f.label :email, t(:email) %><br />
-          <%= f.text_field :email, :class => 'title'  %>
-        </p>
-        <p><%= f.submit t(:continue), :class => 'button primary' %></p>
-      <% end %>
-    </div>
-  <% end %>
-</div>

data/app/views/layouts/admin/_login_nav.html.erb

@@ -1,8 +0,0 @@
-<% if current_user %>
-  <ul id="login-nav">
-    <li><%= t(:logged_in_as) %>: <%= current_user.email %></li>
-    <li><%= link_to t(:account), edit_user_path(current_user) %></li>
-    <li><%= link_to t(:logout), destroy_user_session_path %></li>
-    <li><%= link_to t(:store), products_path %></li>
-  </ul>
-<% end %>

data/app/views/shared/_login_bar.html.erb

@@ -1,6 +0,0 @@
-<% if current_user %>
-  <li><%= link_to t(:my_account), account_path %></li>
-  <li><%= link_to t(:logout), destroy_user_session_path %></li>
-<% else %>
-  <li><%= link_to t(:log_in), login_path %></li>
-<% end %>

data/app/views/user_passwords/edit.html.erb

@@ -1,15 +0,0 @@
-<%= render 'shared/error_messages', :target => @user %>
-<h1><%= t(:change_my_password) %></h1>
-
-<%= form_for @user, :url => user_password_path, :html => {:method => :put} do |f| %>
-  <p>
-    <%= f.label :password %><br />
-    <%= f.password_field :password %><br />
-  </p>
-  <p>
-    <%= f.label :password_confirmation %><br />
-    <%= f.password_field :password_confirmation %><br />
-  </p>
-  <%= f.hidden_field :reset_password_token %>
-  <%= f.submit t(:update_password) %>
-<% end %>

data/app/views/user_passwords/new.html.erb

@@ -1,13 +0,0 @@
-<h1><%= t(:forgot_password) %></h1>
-
-<p><%= t(:instructions_to_reset_password) %></p>
-
-<%= form_for User.new, :as => :user, :url => user_password_path do |f| %>
-  <p>
-    <%= f.label :email, t(:email) %>:<br />
-    <%= f.email_field :email %>
-  </p>
-  <p>
-    <%= f.submit t(:reset_password) %>
-  </p>
-<% end %>

data/app/views/user_registrations/new.html.erb

@@ -1,22 +0,0 @@
-<% @body_id = 'signup' %>
-
-<%= render 'shared/error_messages', :target => @user %>
-
-<div id="new-customer">
-  <h2><%= t(:new_customer) %></h2>
-
-  <div data-hook="signup">
-
-    <%= form_for :user, :url => registration_path(@user) do |f| %>
-      <div data-hook="signup_inside_form"%>
-        <%= render 'shared/user_form', :f => f %>
-        <p><%= f.submit t(:create), :class => 'button primary' %></p>
-      </div>
-    <% end %>
-    <%= t(:or) %> <%= link_to t(:login_as_existing), login_path %>
-
-  </div>
-
-</div>
-
-<div data-hook="login_extras"></div>

data/app/views/users/edit.html.erb

@@ -1,11 +0,0 @@
-<%= render 'shared/error_messages', :target => @user %>
-
-<h1><%= t(:editing_user) %></h1>
-
-<%= form_for @user, :html => { :method => :put } do |f| %>
-  <%= render 'shared/user_form', :f => f %>
-  <p>
-    <%= f.submit t(:update) %>
-  </p>
-<% end %>
-

data/config/cucumber.yml

@@ -1,10 +0,0 @@
-<%
-rerun = File.file?('rerun.txt') ? IO.read('rerun.txt') : ""
-rerun_opts = rerun.to_s.strip.empty? ? "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} features" : "--format #{ENV['CUCUMBER_FORMAT'] || 'pretty'} #{rerun}"
-std_opts = "--format #{ENV['CUCUMBER_FORMAT'] || 'progress'} --strict --tags ~@wip"
-ci_opts = "--format progress --strict"
-%>
-default: <%= std_opts %> features
-wip: --tags @wip:3 --wip features
-ci: <%= ci_opts %> features CI=true
-rerun: <%= rerun_opts %> --format rerun --out rerun.txt --strict --tags ~@wip

data/lib/spree/auth/config.rb

@@ -1,22 +0,0 @@
-module Spree
-  module Auth
-    # Singleton class to access the shipping configuration object (ActiveShippingConfiguration.first by default) and it's preferences.
-    #
-    # Usage:
-    #   Spree::Auth::Config[:foo]                  # Returns the foo preference
-    #   Spree::Auth::Config[]                      # Returns a Hash with all the tax preferences
-    #   Spree::Auth::Config.instance               # Returns the configuration object (AuthConfiguration.first)
-    #   Spree::Auth::Config.set(preferences_hash)  # Set the spree auth preferences as especified in +preference_hash+
-    class Config
-      include Singleton
-      include Spree::PreferenceAccess
-
-      class << self
-        def instance
-          return nil unless ActiveRecord::Base.connection.tables.include?('configurations')
-          SpreeAuthConfiguration.find_or_create_by_name("Default spree_auth configuration")
-        end
-      end
-    end
-  end
-end