walruz-rails 0.0.3

data/examples/rails/public/robots.txt

@@ -0,0 +1,5 @@
+# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
+#
+# To ban all spiders from the entire site uncomment the next two lines:
+# User-Agent: *
+# Disallow: /

data/examples/rails/public/unathorized.html

@@ -0,0 +1,9 @@
+<html>
+  <head>
+    <meta http-equiv="Content-type" content="text/html; charset=utf-8">
+    <title>401 unathorized</title>
+  </head>
+  <body>
+    <h1>401 unauthorized</h1>
+  </body>
+</html>

data/examples/rails/script/about

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+$LOAD_PATH.unshift "#{RAILTIES_PATH}/builtin/rails_info"
+require 'commands/about'

data/examples/rails/script/autospec

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+gem 'test-unit', '1.2.3' if RUBY_VERSION.to_f >= 1.9
+ENV['RSPEC'] = 'true'     # allows autotest to discover rspec
+ENV['AUTOTEST'] = 'true'  # allows autotest to run w/ color on linux
+system((RUBY_PLATFORM =~ /mswin|mingw/ ? 'autotest.bat' : 'autotest'), *ARGV) ||
+  $stderr.puts("Unable to find autotest.  Please install ZenTest or fix your PATH")

data/examples/rails/script/console

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/console'

data/examples/rails/script/dbconsole

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/dbconsole'

data/examples/rails/script/destroy

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/destroy'

data/examples/rails/script/generate

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/generate'

data/examples/rails/script/performance/benchmarker

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../config/boot'
+require 'commands/performance/benchmarker'

data/examples/rails/script/performance/profiler

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../../config/boot'
+require 'commands/performance/profiler'

data/examples/rails/script/plugin

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/plugin'

data/examples/rails/script/runner

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/runner'

data/examples/rails/script/server

@@ -0,0 +1,3 @@
+#!/usr/bin/env ruby
+require File.dirname(__FILE__) + '/../config/boot'
+require 'commands/server'

data/examples/rails/script/spec

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+if ARGV.any? {|arg| %w[--drb -X --generate-options -G --help -h --version -v].include?(arg)}
+  require 'rubygems' unless ENV['NO_RUBYGEMS']
+else
+  gem 'test-unit', '1.2.3' if RUBY_VERSION.to_f >= 1.9
+  ENV["RAILS_ENV"] ||= 'test'
+  require File.expand_path(File.dirname(__FILE__) + "/../config/environment") unless defined?(RAILS_ROOT)
+end
+require 'spec/autorun'
+exit ::Spec::Runner::CommandLine.run

data/examples/rails/script/spec_server

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+gem 'test-unit', '1.2.3' if RUBY_VERSION.to_f >= 1.9
+
+puts "Loading Rails environment"
+ENV["RAILS_ENV"] ||= 'test'
+require File.expand_path(File.dirname(__FILE__) + "/../config/environment") unless defined?(RAILS_ROOT)
+
+require 'optparse'
+require 'spec/rails/spec_server'

data/examples/rails/spec/fixtures/beatles.yml

@@ -0,0 +1,7 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+
+# one:
+#   column: value
+#
+# two:
+#   column: value

data/examples/rails/spec/fixtures/colaborations.yml

@@ -0,0 +1,7 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+
+# one:
+#   column: value
+#
+# two:
+#   column: value

data/examples/rails/spec/fixtures/songs.yml

@@ -0,0 +1,7 @@
+# Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html
+
+# one:
+#   column: value
+#
+# two:
+#   column: value

data/examples/rails/spec/models/beatle_spec.rb

@@ -0,0 +1,47 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe Beatle do
+  
+  before(:all) do
+    @john   = Beatle.create!(:name => 'John Lennon')
+    @paul   = Beatle.create!(:name => 'Paul McCartney')
+    @george = Beatle.create!(:name => 'George Harrison')
+    @ringo  = Beatle.create!(:name => 'Ringo Starr')
+    @john_paul = Colaboration.new
+    @john_paul.beatles << @john
+    @john_paul.beatles << @paul
+    @john_paul.save!
+    @a_day_in_life = Song.create!(:author => @john_paul, :name => 'A Day In Life')
+    @all_you_need_is_love = Song.create!(:author => @john, :name => 'All You Need Is Love')
+    @yesterday = Song.create!(:author => @paul, :name => 'Yesterday')
+  end
+  
+  describe "when wants to sing a song" do
+    
+    it "should be able to do it when he is the author or a colaborator" do
+      @john.sings(@a_day_in_life).should == "I'll need Paul McCartney to perform this properly"
+    end
+    
+    it "should not be able to do it when he is not the author nor the colaborator" do
+      lambda do
+        @john.sings(@yesterday)
+      end.should raise_error(Walruz::NotAuthorized)
+    end
+    
+  end
+  
+  describe "when he wants to sell a song" do
+    
+    it "should be able to do so if he is the only author" do
+      @john.sell(@all_you_need_is_love).should == "Who wants the rights of 'All You Need Is Love'?"
+    end
+    
+    it "should not be able to do so if he is on a colaboration" do
+      lambda do
+        @john.sell(@a_day_in_life)
+      end.should raise_error(Walruz::NotAuthorized)
+    end
+    
+  end
+  
+end

data/examples/rails/spec/models/colaboration_spec.rb

@@ -0,0 +1,4 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe Colaboration do
+end

data/examples/rails/spec/models/song_spec.rb

@@ -0,0 +1,4 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe Song do
+end

data/examples/rails/spec/rcov.opts

@@ -0,0 +1,2 @@
+--exclude "spec/*,gems/*" 
+--rails

data/examples/rails/spec/spec.opts

@@ -0,0 +1,4 @@
+--colour
+--format specdoc
+--loadby mtime
+--reverse

data/examples/rails/spec/spec_helper.rb

@@ -0,0 +1,48 @@
+# This file is copied to ~/spec when you run 'ruby script/generate rspec'
+# from the project root directory.
+ENV["RAILS_ENV"] ||= 'test'
+require File.dirname(__FILE__) + "/../config/environment" unless defined?(RAILS_ROOT)
+require 'spec/autorun'
+require 'spec/rails'
+require 'walruz/policies'
+
+Spec::Runner.configure do |config|
+  # If you're not using ActiveRecord you should remove these
+  # lines, delete config/database.yml and disable :active_record
+  # in your config/boot.rb
+  config.use_transactional_fixtures = true
+  config.use_instantiated_fixtures  = false
+  config.fixture_path = RAILS_ROOT + '/spec/fixtures/'
+
+  # == Fixtures
+  #
+  # You can declare fixtures for each example_group like this:
+  #   describe "...." do
+  #     fixtures :table_a, :table_b
+  #
+  # Alternatively, if you prefer to declare them only once, you can
+  # do so right here. Just uncomment the next line and replace the fixture
+  # names with your fixtures.
+  #
+  # config.global_fixtures = :table_a, :table_b
+  #
+  # If you declare global fixtures, be aware that they will be declared
+  # for all of your examples, even those that don't use them.
+  #
+  # You can also declare which fixtures to use (for example fixtures for test/fixtures):
+  #
+  # config.fixture_path = RAILS_ROOT + '/spec/fixtures/'
+  #
+  # == Mock Framework
+  #
+  # RSpec uses it's own mocking framework by default. If you prefer to
+  # use mocha, flexmock or RR, uncomment the appropriate line:
+  #
+  # config.mock_with :mocha
+  # config.mock_with :flexmock
+  # config.mock_with :rr
+  #
+  # == Notes
+  # 
+  # For more information take a look at Spec::Runner::Configuration and Spec::Runner
+end

data/examples/rails/test/performance/browsing_test.rb

@@ -0,0 +1,9 @@
+require 'test_helper'
+require 'performance_test_help'
+
+# Profiling results for each test method are written to tmp/performance.
+class BrowsingTest < ActionController::PerformanceTest
+  def test_homepage
+    get '/'
+  end
+end

data/examples/rails/test/test_helper.rb

@@ -0,0 +1,38 @@
+ENV["RAILS_ENV"] = "test"
+require File.expand_path(File.dirname(__FILE__) + "/../config/environment")
+require 'test_help'
+
+class ActiveSupport::TestCase
+  # Transactional fixtures accelerate your tests by wrapping each test method
+  # in a transaction that's rolled back on completion.  This ensures that the
+  # test database remains unchanged so your fixtures don't have to be reloaded
+  # between every test method.  Fewer database queries means faster tests.
+  #
+  # Read Mike Clark's excellent walkthrough at
+  #   http://clarkware.com/cgi/blosxom/2005/10/24#Rails10FastTesting
+  #
+  # Every Active Record database supports transactions except MyISAM tables
+  # in MySQL.  Turn off transactional fixtures in this case; however, if you
+  # don't care one way or the other, switching from MyISAM to InnoDB tables
+  # is recommended.
+  #
+  # The only drawback to using transactional fixtures is when you actually 
+  # need to test transactions.  Since your test is bracketed by a transaction,
+  # any transactions started in your code will be automatically rolled back.
+  self.use_transactional_fixtures = true
+
+  # Instantiated fixtures are slow, but give you @david where otherwise you
+  # would need people(:david).  If you don't want to migrate your existing
+  # test cases which use the @david style and don't mind the speed hit (each
+  # instantiated fixtures translates to a database query per test method),
+  # then set this back to true.
+  self.use_instantiated_fixtures  = false
+
+  # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
+  #
+  # Note: You'll currently still have to declare fixtures explicitly in integration tests
+  # -- they do not yet inherit this setting
+  fixtures :all
+
+  # Add more helper methods to be used by all tests here...
+end

data/lib/walruz/controller_mixin.rb

@@ -0,0 +1,107 @@
+module Walruz
+  module ControllerMixin
+    
+    def self.included(base)
+      base.send(:include, InstanceMethods)
+      base.extend ClassMethods
+    end
+    
+    module InstanceMethods
+      
+      def set_policy_params!(params)
+        @_policy_params = params
+      end
+      
+      def policy_params
+        @_policy_params
+      end
+      
+    end
+    
+    module ClassMethods
+      
+      #
+      # Returns a before filter that will check if the actor returned by the method `current_user` can execute the 
+      # given action on the given subject.
+      # 
+      # Requirements:
+      #   - The controller must have a method called `current_user` that returns the authenticated user
+      #
+      # Parameters:
+      #   - action:  Symbol that represents the action wich will be executed on the subject
+      #   - subject: Symbol that indicates an instance variable or method on the controller that
+      #              returns the subject
+      #
+      # Returns:
+      #   A proc that will be executed as a before_filter method
+      #
+      # Example:
+      #
+      #   class UserController < ActionController::Base
+      #     
+      #     before_filter check_authorization!(:create, :user), :only => [:new, :create]
+      #     before_filter check_authorization!(:destroy, :complicated_method_that_returns_a_user), :only => :destroy
+      #
+      #     def complicated_method_that_returns_a_user
+      #       # some complex logic here
+      #       return user
+      #     end
+      #   end
+      #
+      def check_authorization!(action, subject)
+        lambda do |controller|
+          # we get the subject
+          subject_instance = if controller.instance_variable_defined?("@%s" % subject)
+                      controller.instance_variable_get("@%s" % subject)
+                    elsif controller.respond_to?(subject)
+                      controller.send(subject)
+                    else
+                      error_message = "There is neither an instance variable @%s nor a instance method %s on the %s instance context" % [subject, subject, controller.class.name]
+                      raise ArgumentError.new(error_message)
+                    end
+          params = controller.send(:current_user).can!(action, subject_instance)
+          controller.set_policy_params!(params)
+        end
+      end
+      
+      
+      #
+      # Generates dynamically all the before filters needed for authorizations on a CRUD model.
+      # 
+      # Requirements:
+      #  - The controller must have a method called `current_user` that returns the authenticated user
+      #  - The subject must implement the four actions (:create, :read, :update, :destroy) or have a :default action
+      #  
+      # Parameters:
+      #   - subject: Symbol that indicates an instance variable or method on the controller that
+      #              returns the subject
+      #
+      # Example:
+      #
+      #   class CommentController < ActionController::Base
+      #     
+      #     before_check_crud_authorizations_on :@comment
+      #
+      #     # This would be the same as:
+      #     # before_filter check_authorization!(:create, :@comment),  :only => [:new, :create]
+      #     # before_filter check_authorization!(:read, :@comment),    :only => :show
+      #     # before_filter check_authorization!(:update, :@comment),  :only => [:edit, :update]
+      #     # before_filter check_authorization!(:destroy, :@comment), :only => :destroy
+      #   
+      #   end
+      #
+      def before_check_crud_authorizations_on(subject)
+        [
+          [:create, ['new', 'create']],
+          [:read, 'show'],
+          [:update, ['edit', 'update']],
+          [:destroy, 'destroy']
+        ].each do |(actor_action, actions)|
+          before_filter(check_authorization!(actor_action, subject), :only => actions)
+        end
+      end
+      
+    end
+    
+  end
+end

data/lib/walruz_rails.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'walruz'
+require 'active_support'
+require File.dirname(__FILE__) + '/walruz/controller_mixin'
+
+if defined?(Rails)
+  Rails.configuration.after_initialize do
+    ActionController::Base.class_eval { include Walruz::ControllerMixin }
+  end
+end

data/spec/controller_mixin_spec.rb

@@ -0,0 +1,92 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+describe Walruz::ControllerMixin do
+  
+  before(:each) do
+    @controller = SongsController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+  end
+  
+  it "should provide a check_authorization! method" do
+    @controller.class.should respond_to(:check_authorization!)
+  end
+  
+  it "should provide a before_check_crud_authorizations_on method" do
+    @controller.class.should respond_to(:before_check_crud_authorizations_on)
+  end
+  
+  it "should provide a policy_params instance method" do
+    @controller.should respond_to(:policy_params)
+  end
+  
+  describe '#check_authorization!' do
+    
+    describe "with current_user authorized" do
+      
+      before(:each) do
+        @controller.stub!(:current_user).and_return(Beatle::PAUL)
+        post(:sings, :song => 'Yesterday')
+      end
+      
+      it "should invoke the authorization with the current_user successfuly" do
+        @response.body.should == 'Paul is singing Yesterday'
+      end
+      
+      it "should provide the policy return hash on the policy_params instance method" do
+        @controller.policy_params.should_not be_nil
+        @controller.policy_params[:author_policy?].should  == true
+      end
+      
+    end
+
+    describe "when the specified user is not setted on the context" do
+      
+      before(:each) do
+        @controller.stub!(:assign_song)
+      end
+      
+      it "should raise an argument error" do
+        post(:sings, :song => 'Yesterday')
+        @response.body.should =~ /There is neither an instance variable/
+      end
+      
+    end
+
+    describe "with current_user not authorized" do
+      
+      before(:each) do
+        @controller.stub!(:current_user).and_return(Beatle::JOHN)
+      end
+      
+      it "should invoke the authorization with the current_user successfuly" do
+        post(:sings, :song => 'Yesterday')
+        @response.body.should == 'Unauthorized'
+      end
+    
+    end
+
+    
+  end
+  
+  describe '#before_check_crud_authorizations_on' do
+    
+    before(:each) do
+      @controller = PostsController.new
+      @request    = ActionController::TestRequest.new
+      @response   = ActionController::TestResponse.new
+    end
+    
+    it "should generate before filters for each CRUD action" do
+      PostsController.before_filters.should have(5).filters # + 1 of the get_post
+      OtherPostsController.before_filters.should have(5).filters
+    end
+    
+    it "every action should work correctly" do
+      post :destroy, :method => '_delete'
+      @response.body.should =~ /Unauthorized/
+    end
+    
+  end
+  
+end