the_role 2.1.1 → 2.3

data/spec/dummy_app/db/schema.rb

@@ -0,0 +1,59 @@
+# encoding: UTF-8
+# This file is auto-generated from the current state of the database. Instead
+# of editing this file, please use the migrations feature of Active Record to
+# incrementally modify your database, and then regenerate this schema definition.
+#
+# Note that this schema.rb definition is the authoritative source for your
+# database schema. If you need to create the application database on another
+# system, you should be using db:schema:load, not running all the migrations
+# from scratch. The latter is a flawed and unsustainable approach (the more migrations
+# you'll amass, the slower it'll run and the greater likelihood for issues).
+#
+# It's strongly recommended that you check this file into your version control system.
+
+ActiveRecord::Schema.define(version: 20120314061307) do
+
+  create_table "pages", force: true do |t|
+    t.integer  "user_id"
+    t.integer  "person_id"
+    t.string   "title"
+    t.text     "content"
+    t.string   "state",      default: "draft"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  create_table "roles", force: true do |t|
+    t.string   "name"
+    t.string   "title"
+    t.text     "description"
+    t.text     "the_role"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  create_table "users", force: true do |t|
+    t.string   "name"
+    t.string   "company"
+    t.string   "address"
+    t.string   "some_protected_field",   default: "should_not_be_changed"
+    t.string   "email",                  default: "",                      null: false
+    t.string   "encrypted_password",     default: "",                      null: false
+    t.string   "password",               default: "",                      null: false
+    t.string   "reset_password_token"
+    t.datetime "reset_password_sent_at"
+    t.integer  "role_id"
+    t.datetime "remember_created_at"
+    t.integer  "sign_in_count",          default: 0
+    t.datetime "current_sign_in_at"
+    t.datetime "last_sign_in_at"
+    t.string   "current_sign_in_ip"
+    t.string   "last_sign_in_ip"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "users", ["email"], name: "index_users_on_email", unique: true
+  add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
+
+end

data/spec/dummy_app/db/seeds.rb

@@ -0,0 +1,85 @@
+##############################
+# Roles
+##############################
+Role.create!(
+  name: :user,
+  title: :role_for_users,
+  description: :user_can_edit_his_pages,
+  the_role: {
+    pages: {
+      index:   true,
+      show:    true,
+      new:     true,
+      create:  true,
+      edit:    true,
+      update:  true,
+      destroy: true,
+      my:      true,
+      secret:  false
+    }
+  }
+)
+
+Role.create!(
+  name: :pages_moderator,
+  title: :pages_moderator,
+  description: :can_do_anything_with_pages,
+  the_role: { moderator: { pages: true } }
+)
+
+TheRole.create_admin_role!
+
+p "Roles created"
+
+##############################
+# Users
+##############################
+User.create!(
+  email: 'admin@site.com',
+  name:  Faker::Name.name,
+  company: Faker::Company.name,
+  address: Faker::Address.street_address,
+  password: 'qwerty',
+  password_confirmation: 'qwerty',
+  role: Role.with_name(:admin)
+)
+
+User.create!(
+  email: Faker::Internet.email,
+  name:  Faker::Name.name,
+  company: Faker::Company.name,
+  address: Faker::Address.street_address,
+  password: 'qwerty',
+  password_confirmation: 'qwerty',
+  role: Role.with_name(:pages_moderator)
+)
+
+5.times do
+  User.create!(
+    email: Faker::Internet.email,
+    name:  Faker::Name.name,
+    company: Faker::Company.name,
+    address: Faker::Address.street_address,
+    password: 'qwerty',
+    password_confirmation: 'qwerty',
+    role: Role.with_name(:user)
+  )
+end
+
+p "Users created"
+
+##############################
+# Pages
+##############################
+
+User.all.each do |user|
+  10.times do 
+    user.pages.create!(
+      title:   Faker::Lorem.sentence,
+      content: Faker::Lorem.paragraphs(3).join,
+      state: %w[draft published].sample
+    )
+  end
+end
+
+p "Pages created"

data/spec/dummy_app/lib/tasks/assets.rake

@@ -0,0 +1,15 @@
+namespace :assets do
+  # rake assets:drop
+  desc "Drop assets"
+  task drop: :environment do
+    Rake::Task["assets:clean"].invoke
+    Rake::Task["assets:clobber"].invoke
+  end
+
+  # rake assets:build
+  desc "Precompile assets"
+  task build: :environment do
+    Rake::Task["assets:drop"].invoke
+    Rake::Task["assets:precompile"].invoke
+  end
+end

data/spec/dummy_app/lib/tasks/db_bootstrap.rake

@@ -0,0 +1,16 @@
+namespace :db do
+  # rake db:bootstrap
+  desc "Reset DB"
+  task bootstrap: :environment do
+    Rake::Task["db:drop"].invoke
+    Rake::Task["db:create"].invoke
+    Rake::Task["db:migrate"].invoke
+  end
+
+  # rake db:bootstrap_and_seed
+  desc "Reset DB and seed"
+  task bootstrap_and_seed: :environment do
+    Rake::Task["db:bootstrap"].invoke
+    Rake::Task["db:seed"].invoke
+  end
+end

data/spec/dummy_app/public/404.html

@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The page you were looking for doesn't exist (404)</title>
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+  }
+
+  div.dialog {
+    width: 25em;
+    margin: 4em auto 0 auto;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 4em 0 4em;
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  body > p {
+    width: 33em;
+    margin: 0 auto 1em;
+    padding: 1em 0;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/404.html -->
+  <div class="dialog">
+    <h1>The page you were looking for doesn't exist.</h1>
+    <p>You may have mistyped the address or the page may have moved.</p>
+  </div>
+  <p>If you are the application owner check the logs for more information.</p>
+</body>
+</html>

data/spec/dummy_app/public/422.html

@@ -0,0 +1,58 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>The change you wanted was rejected (422)</title>
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+  }
+
+  div.dialog {
+    width: 25em;
+    margin: 4em auto 0 auto;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 4em 0 4em;
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  body > p {
+    width: 33em;
+    margin: 0 auto 1em;
+    padding: 1em 0;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/422.html -->
+  <div class="dialog">
+    <h1>The change you wanted was rejected.</h1>
+    <p>Maybe you tried to change something you didn't have access to.</p>
+  </div>
+  <p>If you are the application owner check the logs for more information.</p>
+</body>
+</html>

data/spec/dummy_app/public/500.html

@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>We're sorry, but something went wrong (500)</title>
+  <style>
+  body {
+    background-color: #EFEFEF;
+    color: #2E2F30;
+    text-align: center;
+    font-family: arial, sans-serif;
+  }
+
+  div.dialog {
+    width: 25em;
+    margin: 4em auto 0 auto;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-left-color: #999;
+    border-bottom-color: #BBB;
+    border-top: #B00100 solid 4px;
+    border-top-left-radius: 9px;
+    border-top-right-radius: 9px;
+    background-color: white;
+    padding: 7px 4em 0 4em;
+  }
+
+  h1 {
+    font-size: 100%;
+    color: #730E15;
+    line-height: 1.5em;
+  }
+
+  body > p {
+    width: 33em;
+    margin: 0 auto 1em;
+    padding: 1em 0;
+    background-color: #F7F7F7;
+    border: 1px solid #CCC;
+    border-right-color: #999;
+    border-bottom-color: #999;
+    border-bottom-left-radius: 4px;
+    border-bottom-right-radius: 4px;
+    border-top-color: #DADADA;
+    color: #666;
+    box-shadow:0 3px 8px rgba(50, 50, 50, 0.17);
+  }
+  </style>
+</head>
+
+<body>
+  <!-- This file lives in public/500.html -->
+  <div class="dialog">
+    <h1>We're sorry, but something went wrong.</h1>
+  </div>
+  <p>If you are the application owner check the logs for more information.</p>
+</body>
+</html>

data/spec/dummy_app/public/robots.txt

@@ -0,0 +1,5 @@
+# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
+#
+# To ban all spiders from the entire site uncomment the next two lines:
+# User-agent: *
+# Disallow: /

data/spec/dummy_app/spec/controllers/admin_roles_controller_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+describe Admin::RolesController do
+  describe "Admin Section" do
+    describe 'Unauthorized' do
+      before(:each) do
+        @request.env['HTTP_REFERER'] = '/'
+        @role = FactoryGirl.create(:role_user)
+      end
+
+      %w{ index new }.each do |action|
+        it action.upcase do
+          get action
+          response.should redirect_to new_user_session_path
+        end
+      end
+
+      %w{ edit update create destroy }.each do |action|
+        it action.upcase do
+          get action, { id: @role.id }
+          response.should redirect_to new_user_session_path
+        end
+      end
+    end
+
+    describe "Authorized / Regular user" do
+      describe "Can't do something with Roles" do
+        before(:each) do
+          @request.env['HTTP_REFERER'] = '/'
+          @user = FactoryGirl.create(:user)
+          @role = FactoryGirl.create(:role_user)
+          sign_in @user
+        end
+
+        %w{ index new }.each do |action|
+          it action.upcase do
+            get action
+            response.body.should match access_denied_match
+          end
+        end
+
+        %w{ edit update create destroy }.each do |action|
+          it action.upcase do
+            get action, { id: @role.id }
+            response.body.should match access_denied_match
+          end
+        end
+      end
+    end
+
+  end
+end

data/spec/dummy_app/spec/controllers/pages_controller_spec.rb

@@ -0,0 +1,141 @@
+require 'spec_helper'
+
+describe PagesController do
+  def valid_page_attrs
+    {
+      title:   Faker::Lorem.sentence,
+      content: Faker::Lorem.sentence,
+      state:   :published
+    }
+  end
+
+  def valid_page_for user
+    valid_page_attrs.merge(user_id: user.id)
+  end
+
+  before(:each) do
+    @role           = FactoryGirl.create(:role_user)
+    @moderator_role = FactoryGirl.create(:role_moderator)
+
+    @owner     = FactoryGirl.create(:user, role: @role)
+    @hacker    = FactoryGirl.create(:user, role: @role)
+    @moderator = FactoryGirl.create(:user, role: @moderator_role)
+    
+    @owner.pages.create! valid_page_for(@owner)
+  end
+
+  describe "Guest" do
+    describe 'NOT AUTORIZED/NO ROLE/NOT OWNER' do
+      it "CREATE / but should be redirected" do
+        post :create, { page: { fake: true } }
+        response.should redirect_to new_user_session_path
+      end
+    end
+  end
+
+  describe "User" do
+    describe 'AUTORIZED/HAS ROLE/OWNER' do
+      before(:each) { sign_in @owner }
+
+      context "CREATE" do
+        it "valid" do
+          expect {
+            post :create , { page: valid_page_for(@owner) }
+          }.to change(Page, :count).by(1)
+        end
+
+        it "invalid params" do
+          expect {
+            post :create, { page: { fake: true } }
+          }.to_not change(Page, :count)
+
+          response.should render_template :new
+        end
+
+        it "valid, no errors" do
+          post :create , { page: valid_page_for(@owner) }
+          assigns(:page).errors.should be_empty
+        end
+
+        it "valid, redirect to SHOW" do
+          post :create, { page: valid_page_for(@owner) }
+          response.should redirect_to page_path assigns(:page)
+        end
+      end
+
+      context "UPDATE" do
+        before(:each) do
+          sign_in @owner
+          @page = @owner.pages.last
+        end
+
+        it "users should has rules" do
+          @owner.has_role?(:pages, :update).should  be_true
+          @hacker.has_role?(:pages, :update).should be_true
+        end
+
+        it "page should be updated" do
+          old_title = @page.title
+          new_title = "test_title"
+
+          expect {
+            patch :update, id: @page, page: { title: new_title }
+            @page.reload  
+          }.to change(@page, :title).from(old_title).to(new_title)
+        end
+      end
+    end
+
+    describe 'AUTORIZED/HAS ROLE/NOT OWNER' do
+      before(:each) { @page = @owner.pages.last }
+
+      it "hacker should be blocked" do
+        sign_in @hacker
+        @request.env['HTTP_REFERER'] = '/'
+        patch :update, id: @page, page: { title: "test_title" }
+        response.body.should match access_denied_match
+      end
+    end
+  end
+
+  describe "Moderator" do
+    before(:each) do
+      @page = @owner.pages.last
+
+      @old_title = @page.title
+      @new_title = Faker::Lorem.sentence
+    end
+
+    it "Owner can update page" do
+      sign_in @owner
+
+      expect {
+        patch :update, id: @page, page: { title: @new_title }
+        @page.reload  
+      }.to change(@page, :title).from(@old_title).to(@new_title)
+    end
+
+    it "Moderator can update page" do
+      sign_in @moderator
+
+      expect {
+        patch :update, id: @page, page: { title: @new_title }
+        @page.reload 
+      }.to change(@page, :title).from(@old_title).to(@new_title)
+    end
+
+    it "Hacker cant update page" do
+      sign_in @hacker
+      @request.env['HTTP_REFERER'] = '/'
+
+      expect {
+        patch :update, id: @page, page: { title: @new_title }
+        @page.reload  
+      }.to_not change(@page, :title).from(@old_title).to(@new_title)
+    end
+  end
+end
+
+# assigns(:page).should eq @page
+# response.should render_template :manage
+# response.should redirect_to new_user_session_path

data/spec/dummy_app/spec/controllers/welcome_controller_spec.rb

@@ -0,0 +1,66 @@
+require 'spec_helper'
+
+describe WelcomeController do
+  describe "GET for GUESTS" do
+    it "*INDEX* test *subject* object" do
+      get 'index'
+      subject.class.should == WelcomeController
+    end
+
+    it "*INDEX* returns http success" do
+      get 'index'
+      response.should be_success
+    end
+
+    it "*INDEX* render :index page" do
+      get 'index'
+      response.should render_template :index
+    end
+
+    it "*INDEX* *current_user* should be nil" do
+      get 'index'
+      subject.current_user.should be_nil
+    end
+    
+    it "*PROFILE* will be redirect" do
+      get 'profile'
+      response.should be_redirect
+    end
+
+    it "*PROFILE* will be redirect to new_user_session_path page" do
+      get 'profile'
+      response.should redirect_to new_user_session_path
+    end
+  end
+
+  describe "GET for LOGGED_IN users" do
+    before(:each) do
+      @user = FactoryGirl.create(:user)
+      sign_in @user
+    end
+
+    after(:each) do
+      User.destroy_all
+    end
+
+    it "One user should be exists" do
+      User.count.should be 1
+    end
+
+    it "*PROFILE* should render :profile page" do
+      get 'profile'
+      response.should render_template :profile
+    end
+
+    it "*PROFILE* should not to be redirect" do
+      get 'profile'
+      response.should_not be_redirect
+    end
+
+    it "*PROFILE* *current_user* helper should return user" do
+      get 'profile'
+      subject.current_user.should == @user
+    end
+  end
+
+end

data/spec/dummy_app/spec/factories/page.rb

@@ -0,0 +1,6 @@
+FactoryGirl.define do
+  factory :page, class: Page do
+    sequence(:title)   { Faker::Lorem.sentence           }
+    sequence(:content) { Faker::Lorem.paragraphs(3).join }
+  end
+end

data/spec/dummy_app/spec/factories/role.rb

@@ -0,0 +1,55 @@
+#############################################
+# EMPTY role
+#############################################
+FactoryGirl.define do
+  factory :role_without_rules, class: Role do
+    name        'user'
+    title       'User role'
+    description 'Default Role for users'
+  end
+end
+
+#############################################
+# USER role
+#############################################
+role_user = {
+  pages: {
+    index:   true,
+    show:    true,
+    new:     true,
+    create:  true,
+    edit:    true,
+    update:  true,
+    destroy: true,
+    my:      true,
+    secret:  false
+  }
+}
+
+FactoryGirl.define do
+  factory :role_user, class: Role do
+    name        'user'
+    title       'User role'
+    description 'Default Role for users'
+    the_role     role_user
+  end
+end
+
+#############################################
+# MODERATOR role
+#############################################
+
+role_moderator = {
+  moderator: {
+    pages: true
+  }
+}
+
+FactoryGirl.define do
+  factory :role_moderator, class: Role do
+    name        'pages_moderator'
+    title       'Pages moderator'
+    description 'Can do anything with pages'
+    the_role     role_moderator
+  end
+end