trax_controller 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: bdbaf7390613351761a1a3babb39b491bcdf7b1d
-  data.tar.gz: ea407ce95d7f6a417606e8ea8a022bc4f49ce392
+  metadata.gz: 0e4adb200e79b39ccad802b45128fa422f496406
+  data.tar.gz: fb0dcf577b599ad791f87fc840875c94a156d2a4
 SHA512:
-  metadata.gz: 98358ac5bc8959c7abd30f3c8a80b1eeeeba40a25944997ee70e70a864940b4d6a35bd61b8304be3b3c730b740cbb7f6e7a209a04ed6313e9d63b1f040b3ff49
-  data.tar.gz: 821754fbed325e38de212341e8b6b6bbd583a248debf91b75edf3278fef22d7754a2fc8824243b10de9dec1c165da376c748f8be44999269987b7c155d8f3653
+  metadata.gz: 33bc80d31708005d6e42b77a0a6b4805b986e147dfee728db9e63a6b80fd735cfcb64123d41876b6c38b7addb9aa87e716f695ee7bcf54532c701eeb90a8a04b
+  data.tar.gz: ae5aa8a93e9aa0408b6e6a6d2c10da94500123f209ddd9f40108427489bc649c2a344d53e338fdb984f3257fe74d6f10d2660a3185c84c537fdcfdff3e226da7

data/Gemfile

@@ -7,5 +7,5 @@ gem 'active_model_serializers', :github => 'rails-api/active_model_serializers',
 
 group :test do
   gem 'activerecord'
-  gem 'rspec-rails'
+  gem 'rspec-rails', '~> 3.1'
 end

data/Rakefile

@@ -1,2 +1 @@
 require "bundler/gem_tasks"
-

data/lib/trax/controller/actions.rb

@@ -99,7 +99,7 @@ module Trax
       end
 
       def render_errors(status = :unprocessable_entity, error_messages_hash:{}, **options)
-        errors = error_messages_hash.merge(resource_error_messages(**options))
+        errors = error_messages_hash.merge(resource_error_messages(**options) || {})
         render json: { meta: { errors: errors } }, status: status, serializer: nil
       end
 

data/lib/trax/controller/authorization/pundit/actions/create.rb

@@ -0,0 +1,18 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        module Actions
+          module Create
+            extend ::ActiveSupport::Concern
+
+            def create_resource(object)
+              authorize(object)
+              super(object)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization/pundit/actions/destroy.rb

@@ -0,0 +1,18 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        module Actions
+          module Destroy
+            extend ::ActiveSupport::Concern
+
+            def destroy_resource(object)
+              authorize(object)
+              super(object)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization/pundit/actions/index.rb

@@ -0,0 +1,18 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        module Actions
+          module Index
+            extend ::ActiveSupport::Concern
+
+            def index(*args, **options)
+              authorize(collection)
+              super(*args, **options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization/pundit/actions/new.rb

@@ -0,0 +1,18 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        module Actions
+          module New
+            extend ::ActiveSupport::Concern
+
+            def new(*args, *options)
+              authorize(build_resource)
+              super(*args, *options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization/pundit/actions/read.rb

@@ -0,0 +1,16 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        module Actions
+          module Read
+            extend ::ActiveSupport::Concern
+
+            include ::Trax::Controller::Authorization::Pundit::Actions::Index
+            include ::Trax::Controller::Authorization::Pundit::Actions::Show
+            include ::Trax::Controller::Authorization::Pundit::Actions::Search
+          end
+        end
+      end
+    end
+  end

data/lib/trax/controller/authorization/pundit/actions/search.rb

@@ -0,0 +1,18 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        module Actions
+          module Search
+            extend ::ActiveSupport::Concern
+
+            def search(*args, **options)
+              authorize(collection)
+              super(*args, **options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization/pundit/actions/show.rb

@@ -0,0 +1,18 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        module Actions
+          module Show
+            extend ::ActiveSupport::Concern
+
+            def show(*args, **options)
+              authorize(resource)
+              super(*args, **options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization/pundit/actions/update.rb

@@ -0,0 +1,19 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        module Actions
+          module Update
+            extend ::ActiveSupport::Concern
+
+            def update_resource(object, attributes={})
+              object.assign_attributes(*attributes)
+              authorize(object)
+              super(object, attributes)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization/pundit/actions.rb

@@ -0,0 +1,20 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        module Actions
+          extend ::ActiveSupport::Autoload
+
+          autoload :Create
+          autoload :Destroy
+          autoload :Index
+          autoload :New
+          autoload :Read
+          autoload :Search
+          autoload :Show
+          autoload :Update
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization/pundit/adapter.rb

@@ -0,0 +1,43 @@
+require 'pundit'
+
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        module Adapter
+          extend ::ActiveSupport::Concern
+
+          include ::Pundit
+
+          included do
+            rescue_from ::Pundit::NotAuthorizedError, :with => :render_pundit_errors
+            class_attribute :_policy_class
+          end
+
+          def render_pundit_errors
+            render_errors(:forbidden, error_messages_hash: { :not_authorized => 'You are not authorized to perform this action' } )
+          end
+
+          def policy(record)
+            self.class._policy_class.new(current_user, record)
+          end
+
+          #not included into controller
+          def self.authorization_action_for(action_name)
+            "::Trax::Controller::Authorization::Pundit::Actions::#{action_name.to_s.camelize}".safe_constantize
+          end
+
+          module ClassMethods
+            def policy_class(klass)
+              self._policy_class = klass
+            end
+
+            def policy!(user, record)
+              _policy_class.new(user, record)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization/pundit/base_policy.rb

@@ -0,0 +1,18 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        class BasePolicy
+          attr_accessor :user, :resource, :result
+
+          #Result is set to true by default because it makes chaining easy with &&=
+          def initialize(user, resource)
+            @user = user
+            @resource = resource
+            @result = true
+          end
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization/pundit.rb

@@ -0,0 +1,13 @@
+module Trax
+  module Controller
+    module Authorization
+      module Pundit
+        extend ::ActiveSupport::Autoload
+
+        autoload :Actions
+        autoload :Adapter
+        autoload :BasePolicy
+      end
+    end
+  end
+end

data/lib/trax/controller/authorization.rb

@@ -0,0 +1,9 @@
+module Trax
+  module Controller
+    module Authorization
+      extend ::ActiveSupport::Autoload
+
+      autoload :Pundit
+    end
+  end
+end

data/lib/trax/controller/authorize.rb

@@ -0,0 +1,24 @@
+module Trax
+  module Controller
+    module Authorize
+      extend ::ActiveSupport::Concern
+
+      include ::Trax::Controller.config.authorization_adapter
+
+      STANDARD_ACTIONS = [ :index, :search, :show, :destroy, :update, :create, :new ]
+
+      module ClassMethods
+        def actions_to_authorize(*_actions, all:false, except:false, only:false)
+          _actions += (all || except) ? STANDARD_ACTIONS.dup : []
+          _actions += only if only
+          _actions.reject!{ |_action| except.include?(_action) } if except
+
+          _actions.each do |action|
+            action_module = ::Trax::Controller.config.authorization_adapter.authorization_action_for(action)
+            include action_module if action_module
+          end
+        end
+      end
+    end
+  end
+end

data/lib/trax/controller/config.rb

@@ -0,0 +1,13 @@
+require 'active_support/ordered_options'
+
+module Trax
+  module Controller
+    class Config < ::ActiveSupport::InheritableOptions
+      def initialize(*args)
+        super(*args)
+
+        self[:authorization_adapter] = false
+      end
+    end
+  end
+end

data/lib/trax/controller/serialization/adapters/json.rb

@@ -8,35 +8,33 @@ module Trax
       module Adapters
         class Json < ActiveModel::Serializer::Adapter::Json
           def serializable_hash(options={})
-            is_collection? ? collection_serializable_hash(options) : resource_serializable_hash(options)
+            result = is_collection? ? collection_serializable_hash(options) : resource_serializable_hash(options)
+            @options[:nested] ? result : { root =>  result }
           end
 
           private
 
-          def collection_result
-            @collection_result ||= []
+          def get_hash(serializer, options={})
+            self.class.new(serializer, :nested => true).serializable_hash(options)
           end
 
           def collection_serializable_hash(options={})
-            _result = collection_result + serializer.map { |s| FlattenJson.new(s).serializable_hash(options) }
-            { root =>  _result }
+            serializer.map { |s| get_hash(s, options) }
           end
 
           def is_collection?
             serializer.respond_to?(:each)
           end
 
-          def resource_result
-            @resource_result ||= {}
-          end
-
           def resource_serializable_hash(options={})
-            cache_check(serializer){ resource_result.merge!(serializer.attributes(options)) }
-            serialize_resource_associations
-            { root => resource_result }
+            cached = cache_check(serializer){ serializer.attributes(options) }
+            resource_result = serialize_resource_associations
+            cached.merge(resource_result)
           end
 
           def serialize_resource_associations
+            resource_result = {}
+
             serializer.associations.each do |association|
               association_serializer = association.serializer
               association_options = association.options
@@ -45,16 +43,18 @@ module Trax
                 array_serializer = association_serializer
 
                 resource_result[association.key] = array_serializer.map do |item|
-                  cache_check(item) { FlattenJson.new(item).serializable_hash }
+                  cache_check(item) { get_hash(item) }
                 end
               else
                 resource_result[association.key] = if association_serializer && association_serializer.object
-                  cache_check(association_serializer) { FlattenJson.new(association_serializer).serializable_hash }
+                  cache_check(association_serializer) { get_hash(association_serializer) }
                 elsif association_options[:virtual_value]
                   association_options[:virtual_value]
                 end
               end
             end
+
+            resource_result
           end
         end
       end

data/lib/trax/controller.rb

@@ -16,19 +16,32 @@ module Trax
     end
 
     autoload :Actions
+    autoload :Authorize
+    autoload :Authorization
+    autoload :Config
     autoload :Collection
     autoload :Engine
     autoload :Resource
     autoload :InheritResources
     autoload :ActionTypes
-    autoload :Engine
     autoload :Serialization
 
+    @configuration ||= ::Trax::Controller::Config.new
+
+    def self.configure(&block)
+      block.call(config)
+    end
+
     include ::Trax::Controller::InheritResources
     include ::Trax::Controller::Collection::Base
     include ::Trax::Controller::Resource::Base
     include ::Trax::Controller::Actions
     include ::Trax::Controller::ActionTypes
+
+    class << self
+      attr_accessor :configuration
+      alias_method :config, :configuration
+    end
   end
 end
 

data/lib/trax_controller/version.rb

@@ -1,3 +1,3 @@
 module TraxController
-  VERSION = "0.0.3"
+  VERSION = "0.0.4"
 end

data/spec/internal/app/controllers/widgets_controller.rb

@@ -0,0 +1,22 @@
+class WidgetsController < ::ApplicationController
+  include ::Trax::Controller
+  include ::Trax::Controller::Collection::Pageable
+
+  defaults :resource_class => ::Widget
+
+  has_scope :by_id
+
+  actions :index, :show, :create, :update, :destroy
+
+  def widget_params
+    params.require(:widget).permit(:name, :quantity)
+  end
+
+  def user_email
+    params[:user_email]
+  end
+
+  def current_user
+    @current_user ||= ::User.find_by(:email => user_email)
+  end
+end

data/spec/internal/app/models/category.rb

@@ -2,4 +2,7 @@ class Category < ::ActiveRecord::Base
   validates :name, :length => { :minimum => 5 }
 
   has_many :products
+
+  belongs_to :parent, :class_name => self.name, :foreign_key => :parent_id
+  has_many :subcategories, :class_name => self.name, :foreign_key => :parent_id
 end

data/spec/internal/app/models/user.rb

@@ -0,0 +1,3 @@
+class User < ::ActiveRecord::Base
+
+end

data/spec/internal/app/policies/widget_policy.rb

@@ -0,0 +1,26 @@
+class WidgetPolicy < Trax::Controller::Authorization::Pundit::BasePolicy
+  def initialize(*args)
+    super(*args)
+  end
+
+  def index?
+    true
+  end
+
+  def create?
+    @result &&= user.can_create_widgets
+  end
+
+  def show?
+    @result &&= user.can_read_widgets
+  end
+
+  def update?
+    @result &&= user.can_update_widgets
+  end
+
+  def destroy?
+    @result &&= user.can_destroy_widgets
+    @result &&= user.is_admin
+  end
+end

data/spec/internal/config/routes.rb

@@ -1,5 +1,6 @@
 Rails.application.routes.draw do
   resources :products, :defaults => { :format => :json }
+  resources :widgets, :defaults => { :format => :json }
   resources :categories, :defaults => { :format => :json } do
     collection do
       post 'create_with_modified_response_codes'

data/spec/internal/db/schema.rb

@@ -13,6 +13,7 @@
 
   create_table "categories", :force => true do |t|
     t.string   "name"
+    t.integer  "parent_id"
     t.datetime "created_at",        :null => false
     t.datetime "updated_at",        :null => false
   end
@@ -21,6 +22,11 @@
     t.string   "first_name"
     t.string   "last_name"
     t.string   "email"
+    t.boolean "can_destroy_widgets"
+    t.boolean "can_create_widgets"
+    t.boolean "can_read_widgets"
+    t.boolean "can_update_widgets"
+    t.boolean "is_admin"
     t.datetime "created_at",        :null => false
     t.datetime "updated_at",        :null => false
   end
@@ -31,7 +37,8 @@
     t.string  "subdomain"
     t.string  "website"
     t.integer  "status"
-    t.integer  "quantity"    
+    t.integer  "quantity"
+    t.boolean "is_read_only"
     t.datetime "created_at",        :null => false
     t.datetime "updated_at",        :null => false
   end

data/spec/spec_helper.rb

@@ -18,6 +18,13 @@ end
 
 ::RSpec.configure do |config|
   config.include RSpec::Rails::RequestExampleGroup, type: :feature
+
+  config.before(:all) do
+    ::Trax::Controller.config.authorization_adapter = ::Trax::Controller::Authorization::Pundit::Adapter
+  end
+
+  config.filter_run :focus => true
+  config.run_all_when_everything_filtered = true
 end
 
 ::Bundler.require(:default, :development, :test)

data/spec/trax/controller/authorization/pundit/base_policy_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+::RSpec.describe ::Trax::Controller::Authorization::Pundit::BasePolicy do
+  let(:widget_policy_class) { ::WidgetPolicy }
+
+  let!(:widget) { ::Widget.create(:name => "Haterade", :is_read_only => true) }
+  subject { WidgetPolicy.new(user, widget) }
+
+  context "user with permissions" do
+    let!(:user) {
+      ::User.create(
+        :can_read_widgets => true,
+        :can_update_widgets => true,
+        :can_create_widgets => true,
+        :can_destroy_widgets => true,
+        :is_admin => false
+      )
+    }
+
+    it { expect(subject.show?).to be true }
+    it { expect(subject.update?).to be true }
+    it { expect(subject.create?).to be true }
+    it { expect(subject.destroy?).to be false }
+  end
+
+  context "user without permissions" do
+    let!(:user) {
+      ::User.create(
+        :can_read_widgets => false,
+        :can_update_widgets => false,
+        :can_create_widgets => false,
+        :can_destroy_widgets => false,
+        :is_admin => false
+      )
+    }
+    subject { WidgetPolicy.new(user, widget) }
+
+    it { expect(subject.show?).to be false }
+    it { expect(subject.update?).to be false }
+    it { expect(subject.create?).to be false }
+    it { expect(subject.destroy?).to be false }
+  end
+end

data/spec/trax/controller/authorization/pundit_spec.rb

@@ -0,0 +1,179 @@
+require 'spec_helper'
+
+::RSpec.describe WidgetsController do
+  before(:all) do
+    ::Trax::Controller.config.authorization_adapter = ::Trax::Controller::Authorization::Pundit::Adapter
+
+    ::WidgetsController.class_eval do
+      include ::Trax::Controller::Authorize
+      actions_to_authorize :index, :show, :create, :update, :destroy
+      policy_class ::WidgetPolicy
+    end
+  end
+
+  context "WidgetsController" do
+    context "Unit Test" do
+      context ".actions_to_authorize" do
+        {
+          :index => Trax::Controller::Authorization::Pundit::Actions::Index,
+          :create => Trax::Controller::Authorization::Pundit::Actions::Create,
+          :show => Trax::Controller::Authorization::Pundit::Actions::Show,
+          :destroy => Trax::Controller::Authorization::Pundit::Actions::Destroy,
+          :update => Trax::Controller::Authorization::Pundit::Actions::Update
+        }.each_pair do |k,v|
+          it "includes the pundit action for #{k}" do
+            expect(subject.class.ancestors).to include(v)
+          end
+        end
+      end
+    end
+
+    describe "WidgetsController", :type => :controller do
+      let!(:user1) {
+        ::User.create(
+          :email => 'kanyewest@theleatherjoggingpants.com',
+          :can_read_widgets => true,
+          :can_update_widgets => true,
+          :can_create_widgets => true,
+          :can_destroy_widgets => true,
+          :is_admin => false
+        )
+      }
+
+      let!(:user2) {
+        ::User.create(
+          :email => 'kanyewest@waterbottledesign.com',
+          :can_read_widgets => false,
+          :can_update_widgets => false,
+          :can_create_widgets => false,
+          :can_destroy_widgets => false,
+          :is_admin => true
+        )
+      }
+
+      let(:user_who_can) {
+        {
+          :read_widgets => user1,
+          :update_widgets => user1,
+          :create_widgets => user1,
+          :destroy_widgets => user1
+        }
+      }
+
+      let(:user_who_cannot) {
+        {
+          :read_widgets => user2,
+          :update_widgets => user2,
+          :create_widgets => user2,
+          :destroy_widgets => user2
+        }
+      }
+
+      let(:common_params) { {:user_email => current_user.email} }
+      let!(:widget) { ::Widget.create(:name => "Water Bottle", :is_read_only => true, :quantity => 5) }
+
+      let(:unauthorized_result_expectations) {
+        lambda { |json|
+          expect(json).to have_key("meta")
+          expect(json["meta"]).to have_key("errors")
+          expect(json["meta"]["errors"]).to have_key("not_authorized")
+        }
+      }
+
+      describe '#show' do
+        context 'user can read widgets' do
+          let(:current_user) { user_who_can[:read_widgets] }
+
+          it 'is authorized' do
+            get :show, common_params.merge!(id: widget.id)
+            expect(response).to be_ok
+            json = JSON.parse response.body
+            expect(json).to have_key('widget')
+          end
+        end
+
+        context 'user cannot read widgets' do
+          let(:current_user) { user_who_cannot[:read_widgets] }
+
+          it do
+            get :show, common_params.merge!(id: widget.id)
+            expect(response).to_not be_ok
+            json = JSON.parse response.body
+            unauthorized_result_expectations.call(json)
+          end
+        end
+      end
+
+      describe '#create' do
+        context "user can create widgets" do
+          let(:current_user) { user_who_can[:create_widgets] }
+          let(:widget_name) { 'Kanyes water bottle' }
+          let(:params){ {
+            :format => :json,
+            :widget => widget_params
+          }}
+          let(:widget_params) { { :name => 'Marble Conference Table', :quantity => 1 } }
+          before { post :create, common_params.merge(params) }
+
+          it { expect(response).to be_successful }
+        end
+
+        context "user cannot create widgets" do
+          let(:current_user) { user_who_cannot[:create_widgets] }
+          let(:params){ {
+            :format => :json,
+            :widget => widget_params
+          }}
+          let(:widget_params) { { :name => 'Marble Conference Table', :quantity => 1  } }
+          before { post :create, common_params.merge(params) }
+
+          it {
+            expect(response).to_not be_ok
+            json = JSON.parse response.body
+            unauthorized_result_expectations.call(json)
+          }
+        end
+      end
+
+      describe '#update' do
+        context "user cannot update widgets" do
+          let(:current_user) { user_who_cannot[:update_widgets] }
+          let(:updated_widget_name) { 'Kanyes water bottle' }
+          let(:params){ {
+            :format => :json,
+            :id => widget.id,
+            :widget => widget_params
+          }}
+          let(:widget_params) { { :name => updated_widget_name, :quantity => 1  } }
+
+          before { put :update, common_params.merge(params) }
+
+          it { expect(response).to_not be_successful }
+          it { expect(response.status).to eq 403 }
+          it {
+            expect(response).to_not be_ok
+            json = JSON.parse response.body
+            unauthorized_result_expectations.call(json)
+          }
+        end
+
+        context "user can update widgets" do
+          let(:current_user) { user_who_can[:update_widgets] }
+          let(:updated_widget_name) { 'Kanyes water bottle' }
+          let(:params){ {
+            :format => :json,
+            :id => widget.id,
+            :widget => widget_params
+          }}
+          let(:widget_params) { { :name => updated_widget_name, :quantity => 1  } }
+          let(:request_params) { common_params.merge(params) }
+
+          before { put :update, request_params }
+
+          it { expect(response).to be_successful }
+          it { expect(response).to be_ok }
+        end
+      end
+    end
+  end
+end

data/spec/trax/controllers/products_controller_spec.rb

@@ -23,8 +23,6 @@ require 'spec_helper'
           expect(json["meta"]["pagination"]).to have_key(k)
         }
       end
-
-
     end
   end
 

data/spec/trax/serialization/adapters/json_spec.rb

@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+class NameCategorySerializer < ::ActiveModel::Serializer
+  attributes :name
+  has_many :subcategories, :serializer => NameCategorySerializer
+end
+
+class NameProductSerializer < ::ActiveModel::Serializer
+  attributes :name
+  has_one :category, :serializer => NameCategorySerializer
+end
+
+describe Trax::Controller::Serialization::Adapters::Json do
+  let(:category_flat_heads){ ::Category.new(:name => "flat heads") }
+  let(:category_screwdrivers){ ::Category.new(:name => "screwdrivers", :subcategories => [category_flat_heads]) }
+  let(:category_knives){ ::Category.new(:name => "knives") }
+  let(:category_tools){ ::Category.new(:name => "tools", :subcategories => [category_screwdrivers, category_knives]) }
+  let(:product_tool){ ::Product.new(:name => "Generics Multi-Purpose Tool", :category => category_tools) }
+  let(:root_key){ 'root_key' }
+  let(:serializer){ ::NameProductSerializer.new(product_tool, :root => root_key) }
+  let!(:expected_root_key){ root_key.to_sym }
+  let!(:expected_tool_hash){ {
+    :name => product_tool.name,
+    :category => {
+      :name => category_tools.name,
+      :subcategories => [
+        { :name => category_screwdrivers.name,
+          :subcategories => [{:name => category_flat_heads.name, :subcategories => []}]
+        },
+        {:name => category_knives.name, :subcategories => []}
+      ]
+    }
+  }}
+
+  subject(:serialized){ described_class.new(serializer).serializable_hash }
+
+  it { expect(serialized).to eq(expected_root_key => expected_tool_hash) }
+
+  context "collection" do
+    let(:category_cookware){ ::Category.new(:name => "cookware") }
+    let(:product_pot){ ::Product.new(:name => "Pot", :category => category_cookware) }
+    let(:collection){ [product_tool, product_pot] }
+    let!(:expected_root_key){ root_key.pluralize.to_sym }
+    let!(:expected_pot_hash){ {
+      :name => product_pot.name,
+      :category => {
+        :name => category_cookware.name,
+        :subcategories => []
+      }
+    }}
+    let(:serializer){ ::ActiveModel::Serializer::ArraySerializer.new(collection, :root => root_key, :serializer => ::NameProductSerializer) }
+
+    it { expect(serialized).to eq(expected_root_key => [expected_tool_hash, expected_pot_hash]) }
+  end
+end

data/trax_controller.gemspec

@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "will_paginate"
   spec.add_dependency "has_scope"
   spec.add_development_dependency "rails"
-  spec.add_development_dependency "inherited_resources"
+  spec.add_development_dependency "inherited_resources", "~> 1.5.1"
   spec.add_development_dependency 'combustion', '~> 0.5.3'
   spec.add_development_dependency "bundler", "~> 1.6"
   spec.add_development_dependency "rake"
@@ -34,9 +34,8 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec-its', '~> 1'
   spec.add_development_dependency 'rspec-collection_matchers', '~> 1'
   spec.add_development_dependency 'guard', '~> 2'
-  spec.add_development_dependency 'guard-rspec', '~> 4'
   spec.add_development_dependency 'guard-bundler', '~> 2'
   spec.add_development_dependency 'rb-fsevent'
   spec.add_development_dependency 'terminal-notifier-guard'
-
+  spec.add_development_dependency 'pundit'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: trax_controller
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Jason Ayre
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-10-28 00:00:00.000000000 Z
+date: 2016-04-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: trax_core
@@ -70,16 +70,16 @@ dependencies:
   name: inherited_resources
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.5.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.5.1
 - !ruby/object:Gem::Dependency
   name: combustion
   requirement: !ruby/object:Gem::Requirement
@@ -235,35 +235,35 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2'
 - !ruby/object:Gem::Dependency
-  name: guard-rspec
+  name: guard-bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4'
+        version: '2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4'
+        version: '2'
 - !ruby/object:Gem::Dependency
-  name: guard-bundler
+  name: rb-fsevent
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '2'
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rb-fsevent
+  name: terminal-notifier-guard
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -277,7 +277,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: terminal-notifier-guard
+  name: pundit
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -311,11 +311,26 @@ files:
 - lib/trax/controller.rb
 - lib/trax/controller/action_types.rb
 - lib/trax/controller/actions.rb
+- lib/trax/controller/authorization.rb
+- lib/trax/controller/authorization/pundit.rb
+- lib/trax/controller/authorization/pundit/actions.rb
+- lib/trax/controller/authorization/pundit/actions/create.rb
+- lib/trax/controller/authorization/pundit/actions/destroy.rb
+- lib/trax/controller/authorization/pundit/actions/index.rb
+- lib/trax/controller/authorization/pundit/actions/new.rb
+- lib/trax/controller/authorization/pundit/actions/read.rb
+- lib/trax/controller/authorization/pundit/actions/search.rb
+- lib/trax/controller/authorization/pundit/actions/show.rb
+- lib/trax/controller/authorization/pundit/actions/update.rb
+- lib/trax/controller/authorization/pundit/adapter.rb
+- lib/trax/controller/authorization/pundit/base_policy.rb
+- lib/trax/controller/authorize.rb
 - lib/trax/controller/collection.rb
 - lib/trax/controller/collection/base.rb
 - lib/trax/controller/collection/pageable.rb
 - lib/trax/controller/collection/response_meta.rb
 - lib/trax/controller/collection/searchable.rb
+- lib/trax/controller/config.rb
 - lib/trax/controller/engine.rb
 - lib/trax/controller/inherit_resources.rb
 - lib/trax/controller/resource.rb
@@ -329,9 +344,12 @@ files:
 - spec/internal/app/controllers/application_controller.rb
 - spec/internal/app/controllers/categories_controller.rb
 - spec/internal/app/controllers/products_controller.rb
+- spec/internal/app/controllers/widgets_controller.rb
 - spec/internal/app/models/category.rb
 - spec/internal/app/models/product.rb
+- spec/internal/app/models/user.rb
 - spec/internal/app/models/widget.rb
+- spec/internal/app/policies/widget_policy.rb
 - spec/internal/app/serializers/categories_serializer.rb
 - spec/internal/app/serializers/category_serializer.rb
 - spec/internal/app/serializers/product_serializer.rb
@@ -343,9 +361,12 @@ files:
 - spec/internal/log/.gitignore
 - spec/internal/public/favicon.ico
 - spec/spec_helper.rb
+- spec/trax/controller/authorization/pundit/base_policy_spec.rb
+- spec/trax/controller/authorization/pundit_spec.rb
 - spec/trax/controller_spec.rb
 - spec/trax/controllers/categories_controller_spec.rb
 - spec/trax/controllers/products_controller_spec.rb
+- spec/trax/serialization/adapters/json_spec.rb
 - trax_controller.gemspec
 homepage: http://www.github.com/jasonayre
 licenses:
@@ -367,7 +388,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Resourceful, standardized controllers
@@ -375,9 +396,12 @@ test_files:
 - spec/internal/app/controllers/application_controller.rb
 - spec/internal/app/controllers/categories_controller.rb
 - spec/internal/app/controllers/products_controller.rb
+- spec/internal/app/controllers/widgets_controller.rb
 - spec/internal/app/models/category.rb
 - spec/internal/app/models/product.rb
+- spec/internal/app/models/user.rb
 - spec/internal/app/models/widget.rb
+- spec/internal/app/policies/widget_policy.rb
 - spec/internal/app/serializers/categories_serializer.rb
 - spec/internal/app/serializers/category_serializer.rb
 - spec/internal/app/serializers/product_serializer.rb
@@ -389,6 +413,9 @@ test_files:
 - spec/internal/log/.gitignore
 - spec/internal/public/favicon.ico
 - spec/spec_helper.rb
+- spec/trax/controller/authorization/pundit/base_policy_spec.rb
+- spec/trax/controller/authorization/pundit_spec.rb
 - spec/trax/controller_spec.rb
 - spec/trax/controllers/categories_controller_spec.rb
 - spec/trax/controllers/products_controller_spec.rb
+- spec/trax/serialization/adapters/json_spec.rb