wobauth 3.4.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 493a4e3df5e29ffb7a98829d5b3ef40ade384f0d
+  data.tar.gz: b9b53c1b9b7ee643151caf805aa9d763eee3e3d7
+SHA512:
+  metadata.gz: bddbfd66597d8ce2d21fcaa3e1ae30784fd1b8e9b996353c327f48399f7c769fc1b05fb5b5031e45f5b1dff03430e85c3bf979cd437f9e19f6279db8c9bcd393
+  data.tar.gz: f2a3b3b33f8c23d14e73aa505609957368acd59307dedb1cbaf3d77575d488dcec6970b22a41241a87b2ddf0b803f6a6236ea1ceead12c1f31e271a521788da9

data/README.md

@@ -0,0 +1,165 @@
+wobauth
+=======
+
+Rails engine providing MVCs for Users, Roles, Groups, Authorities and Memberships
+to support authorization of the main application.
+
+The User model is mostly coupled with your application, so Wobauth::User is open classed.
+You should overwrite it depending on your needs. See 
+test/dummy/app/models/wobauth/user.rb for an example.
+
+You have to build your own concrete authorization logic with cancancan or
+something similiar. The basic principle
+is always the same. A subject (user or group) has some rights (the role) on
+concret objects. The objects may be organizational units, sites, categories
+or something else whatever your application provides. The object may be nil
+if your application doesn't need this feature. The role define the rights
+dependent on your logic, mostly likely read, create, update and destroy.
+
+Roles are intended to be set from migration or seed and not to be edited by
+an admin, the logic is mostly hardcoded if based on cancan(can). Users can be
+members of group. Memberships are separate model here (not only an plain
+many-to-many association) to allow both manual memberships and
+automatically created memberships during the login process.
+
+Versions
+--------
+
+wobauth 1.x is for Rails 4, wobauth 2.x will support Rails 5.
+wobauth 3.x uses bootstrap v4 and font-awesome, starting with Rails 5.1 
+(may work with Rails 5.0, but not tested)
+
+Requirements
+------------
+
+| branch     | rails | ruby   | bootstrap | icons           | wobapphelpers |
+|------------|-------|--------|-----------|-----------------|---------------|
+| master     | >=5.1 | >= 2.3 |  v4       | fontawesome 4.7 | master        |
+| 2-0-stable |  5.0  | >= 2.2 |  v3       | glyphicons      | 2-0-stable    |
+| 1-0-stable |  4.2  | >= 2.0 |  v3       | glyphicons      | 1-0-stable    |
+
+
+* simple_form >= 3.3
+
+Installation
+------------
+Add wobauth to your Gemfile:
+
+```ruby
+gem 'wobauth', git: 'https://github.com/swobspace/wobauth.git', branch: 'master'
+gem 'wobauth', git: 'https://github.com/swobspace/wobauth.git', branch: '2-0-stable'
+gem 'wobauth', git: 'https://github.com/swobspace/wobauth.git', branch: '1-0-stable'
+```
+Run
+
+```ruby
+rails g wobauth:install
+```
+to create an example configuration in ''config/initializers/wobauth.rb''
+
+```ruby
+rake wobauth:install:migrations
+```
+copies wobauth migration files wobauth to your application. Do this before you
+create your own migration files if possible. If you upgrade from an older wobauth
+version rerun it. There might be new migration files added.
+
+Configuration
+-------------
+
+### User model
+
+To customize the user model to your needs, create app/models/wobauth/users.rb in
+your application:
+
+```ruby
+# main_app/app/models/wobauth/user.rb
+
+class Wobauth::User < ActiveRecord::Base
+  include Wobauth::Concerns::Models::User
+
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable
+
+  ... add your associations and methods ...
+end
+```
+**DO NOT USE :validatable**, since wobauth uses :username as authentication key
+(devise default :email, will be required if you use :validatable). 
+
+### Views
+
+Helpers for bootstrap navbar:
+
+* `navigation_account_links` : navigation partial for login/userprofile/logout
+* `navigation_admin_links` : navigation partial for user/roles/authorities ...
+
+### Authorized_for types
+
+If you have objects for which wobauth should provide authority configuration, 
+set your models in the initializer (created by ```rails g wobauth:install```). 
+In this example we will use Category from your main application:
+
+```ruby
+Wobauth.setup do |config|
+  #
+  # Configuration for Authorization
+  # 1. Subject: Authorizable
+  # do not change it unless you know exactly what you are doing
+  #
+  # config.authorizable_types = [ "Wobauth::User", "Wobauth::Group" ]
+  #
+  # 2. Object: Authorized_for
+  # depends on your application ...
+  # default: []
+   
+  config.authorized_for_types = [ "Category" ]
+   
+end
+```
+
+You can create and delete authority records within wobauth, but you have to build
+your own authorization with cancan(can) in your main application.
+
+### Routes
+Mount the rails engine:
+
+```ruby
+# config/routes.rb
+Rails.application.routes.draw do
+  ...
+  mount Wobauth::Engine, at: '/auth'
+end
+```
+
+With rails 5.1 there are some problems with engine routing in engines.
+Add the `mount` statement at the bottom of `Rails.application.routes.draw` and
+use always a suburl for mount like `/auth`. Don't use `/`.
+
+Using datatables
+--------------------------
+
+Wobauth comes with support for datatables. To select the tables, use the
+following jQuery selector:
+
+```ruby
+$('table[role="wobauth_datatable"]')
+```
+
+`$('dataTable')` may be removed in a future release.
+
+Applications using wobauth
+--------------------------
+If you are looking for examples using wobauth, have a look at
+[boskop](https://github.com/swobspace/boskop). 
+
+Another simple example is the [test/dummy](test/dummy) application
+included in this rails engine.
+
+Licence
+-------
+
+wobauth Copyright (C) 2014-2018  Wolfgang Barth
+
+MIT license, see [LICENSE](LICENSE)
+

data/Rakefile

@@ -0,0 +1,30 @@
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+
+require 'rdoc/task'
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Wobauth'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+load 'rails/tasks/engine.rake'
+
+Bundler::GemHelper.install_tasks
+
+# require 'rake/testtask'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec) do |t| 
+  t.pattern = Dir.glob('spec/**/*_spec.rb')
+  # t.rspec_opts = '--format documentation'
+end
+
+task default: [:spec]

data/app/assets/javascripts/wobauth/admin.js

@@ -0,0 +1,13 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// compiled file.
+//
+// Read Sprockets README (https://github.com/sstephenson/sprockets#sprockets-directives) for details
+// about supported directives.
+//
+//= require wobauth/authorities

data/app/assets/javascripts/wobauth/authorities.js.coffee

@@ -0,0 +1,31 @@
+#
+# authorizable
+#
+
+# - start with given values
+auth_types = $('#authority_authorizable_type').find("option:selected").val()
+$('#authority_authorizable_id optgroup').find('option').addBack().hide()
+$("#authority_authorizable_id optgroup[label=\"#{auth_types}\"]").find('option').addBack().show()
+
+# - redisplay on change
+$(document).on('click', '#authority_authorizable_type', ->
+  type = $(this).find("option:selected").val()
+  $('#authority_authorizable_id optgroup').find('option').addBack().hide()
+  $("#authority_authorizable_id optgroup[label=\"#{type}\"]").find('option').addBack().show()
+)
+
+#
+# authorized_for
+#
+
+# - start with given values
+authfor_type = $('#authority_authorized_for_type').find("option:selected").val()
+$('#authority_authorized_for_id optgroup').find('option').addBack().hide()
+$("#authority_authorized_for_id optgroup[label=\"#{authfor_type}\"]").find('option').addBack().show()
+
+# - redisplay on change
+$(document).on('click', '#authority_authorized_for_type', ->
+  type = $(this).find("option:selected").val()
+  $('#authority_authorized_for_id optgroup').find('option').addBack().hide()
+  $("#authority_authorized_for_id optgroup[label=\"#{type}\"]").find('option').addBack().show()
+)

data/app/assets/javascripts/wobauth/groups.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/javascripts/wobauth/memberships.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/javascripts/wobauth/roles.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/stylesheets/wobauth/application.css

@@ -0,0 +1,15 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the bottom of the
+ * compiled file so the styles you add here take precedence over styles defined in any styles
+ * defined in the other CSS/SCSS files in this directory. It is generally better to create a new
+ * file per style scope.
+ *
+ *= require_tree .
+ *= require_self
+ */

data/app/assets/stylesheets/wobauth/authorities.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/wobauth/groups.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/wobauth/memberships.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/assets/stylesheets/wobauth/roles.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/controllers/wobauth/ad_users_controller.rb

@@ -0,0 +1,24 @@
+require_dependency "wobauth/application_controller"
+
+module Wobauth
+  class AdUsersController < ApplicationController
+    def index
+      if search_params.present?
+	result = SearchAdUserService.new(search_params.to_h).call
+	unless result.success?
+	  flash[:error] = result.error_messages.join(", ")
+	end
+	@ad_users = result.ad_users
+      else
+	@ad_users = []
+      end
+      respond_with(@ad_users)
+    end
+
+  private
+
+    def search_params
+      params.permit(:query, :utf8, :authenticity_token, :bci).slice(:query)
+    end
+  end
+end

data/app/controllers/wobauth/application_controller.rb

@@ -0,0 +1,25 @@
+module Wobauth
+  class ApplicationController < ActionController::Base
+    # -- use the application default layout
+    layout "application"
+
+    # -- devise
+    before_action :authenticate_user!, :unless => :devise_controller?
+    # -- cancan
+    load_and_authorize_resource unless: :devise_controller?
+
+    # -- breadcrumbs
+    include Wobapphelpers::Breadcrumbs
+    before_action :add_breadcrumb_index, only: [:index]
+
+    # -- flash responder
+    self.responder = Wobapphelpers::Responders
+    respond_to :html, :json
+
+
+    # -- cancan ability for wobauth
+    def current_ability
+      @current_ability ||= Wobauth::AdminAbility.new(current_user)
+    end
+  end
+end

data/app/controllers/wobauth/authorities_controller.rb

@@ -0,0 +1,88 @@
+require_dependency "wobauth/application_controller"
+
+module Wobauth
+  class AuthoritiesController < ApplicationController
+    skip_load_and_authorize_resource
+    load_and_authorize_resource class: Wobauth::Authority
+
+    before_action :set_authority, only: [:show, :edit, :update, :destroy]
+    before_action :add_breadcrumb_show, only: [:show]
+
+    # GET /authorities
+    def index
+      @authorities = Authority.accessible_by(current_ability, :read)
+      respond_with(@authorities)
+    end
+
+    # GET /authorities/1
+    def show
+      respond_with(@authority)
+    end
+
+    # GET /authorities/new
+    def new
+      if @authorizable.present?
+        @authority = @authorizable.authorities.new(authorized_for_params)
+      else
+        @authority = Authority.new(authorized_for_params)
+      end
+      respond_with(@authority)
+    end
+
+    # GET /authorities/1/edit
+    def edit
+    end
+
+    # POST /authorities
+    def create
+      myparams = authorized_for_params.merge(authority_params)
+      if @authorizable.present?
+        @authority = @authorizable.authorities.new(myparams)
+      else
+        @authority = Authority.new(myparams)
+      end
+
+      @authority.save
+      respond_with(@authority, location: location)
+    end
+
+    # PATCH/PUT /authorities/1
+    def update
+      @authority.update(authority_params)
+      respond_with(@authority, location: location)
+    end
+
+    # DELETE /authorities/1
+    def destroy
+      @authority.destroy
+      respond_with(@authority, location: location)
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_authority
+        @authority = Authority.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def authority_params
+        params.require(:authority).permit(:authorizable_id, :authorizable_type, :role_id, :authorized_for_id, :authorized_for_type, :valid_from, :valid_until)
+      end
+
+      def authorized_for_params
+        { 
+          authorized_for_id: @authorized_for&.id, 
+          authorized_for_type: @authorized_for&.model_name
+        }
+      end
+
+    # if @authorizable exist: authorizable/authorizable_id#authority
+    # else authority/authority_id
+    #
+    def location
+      polymorphic_path(
+        (@authorizable || @authorized_for || @authority), 
+        anchor: ('authorities' if @authorizable || @authorized_for))
+    end
+  end
+end

data/app/controllers/wobauth/groups/authorities_controller.rb

@@ -0,0 +1,11 @@
+module Wobauth
+  class Groups::AuthoritiesController < AuthoritiesController
+    before_action :set_authorizable
+
+  private
+
+    def set_authorizable
+      @authorizable = Group.find(params[:group_id])
+    end
+  end
+end

data/app/controllers/wobauth/groups/memberships_controller.rb

@@ -0,0 +1,11 @@
+module Wobauth
+  class Groups::MembershipsController < MembershipsController
+    before_action :set_membershipable
+
+  private
+
+    def set_membershipable
+      @membershipable = Group.find(params[:group_id])
+    end
+  end
+end

data/app/controllers/wobauth/groups_controller.rb

@@ -0,0 +1,60 @@
+require_dependency "wobauth/application_controller"
+
+module Wobauth
+  class GroupsController < ApplicationController
+    before_action :set_group, only: [:show, :edit, :update, :destroy]
+    before_action :add_breadcrumb_show, only: [:show]
+
+    # GET /groups
+    def index
+      @groups = Group.all
+      respond_with(@groups)
+    end
+
+    # GET /groups/1
+    def show
+      respond_with(@group)
+    end
+
+    # GET /groups/new
+    def new
+      @group = Group.new
+      respond_with(@group)
+    end
+
+    # GET /groups/1/edit
+    def edit
+    end
+
+    # POST /groups
+    def create
+      @group = Group.new(group_params)
+
+      @group.save
+      respond_with(@group)
+    end
+
+    # PATCH/PUT /groups/1
+    def update
+      @group.update(group_params)
+      respond_with(@group)
+    end
+
+    # DELETE /groups/1
+    def destroy
+      @group.destroy
+      respond_with(@group)
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_group
+        @group = Group.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def group_params
+        params.require(:group).permit(:name, :description)
+      end
+  end
+end

data/app/controllers/wobauth/login_controller.rb

@@ -0,0 +1,10 @@
+require_dependency "wobauth/application_controller"
+
+module Wobauth
+  class LoginController < ApplicationController
+    skip_load_and_authorize_resource
+    def login
+      redirect_to main_app.root_path
+    end
+  end
+end

data/app/controllers/wobauth/memberships_controller.rb

@@ -0,0 +1,79 @@
+require_dependency "wobauth/application_controller"
+
+module Wobauth
+  class MembershipsController < ApplicationController
+    skip_load_and_authorize_resource
+    load_and_authorize_resource class: Wobauth::Authority
+
+    before_action :set_membership, only: [:show, :edit, :update, :destroy]
+    before_action :add_breadcrumb_show, only: [:show]
+
+    # GET /memberships
+    def index
+      @memberships = Membership.accessible_by(current_ability, :read)
+      respond_with(@memberships)
+    end
+
+    # GET /memberships/1
+    def show
+      respond_with(@membership)
+    end
+
+    # GET /memberships/new
+    def new
+      if @membershipable.present?
+        @membership = @membershipable.memberships.new
+      else
+        @membership = Membership.new
+      end
+      respond_with(@membership)
+    end
+
+    # GET /memberships/1/edit
+    def edit
+    end
+
+    # POST /memberships
+    def create
+      if @membershipable.present?
+        @membership = @membershipable.memberships.new(membership_params)
+      else
+        @membership = Membership.new(membership_params)
+      end
+
+      @membership.save
+      respond_with(@membership, location: location)
+    end
+
+    # PATCH/PUT /memberships/1
+    def update
+      @membership.update(membership_params)
+      respond_with(@membership, location: location)
+    end
+
+    # DELETE /memberships/1
+    def destroy
+      @membership.destroy
+      respond_with(@membership, location: location)
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_membership
+        @membership = Membership.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def membership_params
+        params.require(:membership).permit(:user_id, :group_id)
+      end
+
+    # if @membershipable exist: membershipable/membershipable_id#authority
+    # else authority/authority_id
+    #
+    def location
+      polymorphic_path((@membershipable || @membership), anchor: ('memberships' if @membershipable))
+    end
+
+  end
+end

data/app/controllers/wobauth/registrations_controller.rb

@@ -0,0 +1,26 @@
+module Wobauth
+  class RegistrationsController < Devise::RegistrationsController
+   
+    protected
+
+    def after_sign_up_path_for(resource)
+      main_app.root_path
+    end
+
+    def after_update_path_for(resource)
+      main_app.root_path
+    end
+   
+    def after_inactive_sign_up_path_for(resource)
+      main_app.root_path
+    end
+   
+    def sign_up_params
+      params.require(:user).permit(:username, :email, :password, :password_confirmation)
+    end
+   
+    def account_update_params
+      params.require(:user).permit(:username, :email, :password, :password_confirmation, :current_password)
+    end
+  end
+end

data/app/controllers/wobauth/roles_controller.rb

@@ -0,0 +1,30 @@
+require_dependency "wobauth/application_controller"
+
+module Wobauth
+  class RolesController < ApplicationController
+    before_action :set_role, only: [:show, :edit, :update, :destroy]
+    before_action :add_breadcrumb_show, only: [:show]
+
+    # GET /roles
+    def index
+      @roles = Role.all
+      respond_with(@roles)
+    end
+
+    # GET /roles/1
+    def show
+      respond_with(@role)
+    end
+
+    private
+      # Use callbacks to share common setup or constraints between actions.
+      def set_role
+        @role = Role.find(params[:id])
+      end
+
+      # Only allow a trusted parameter "white list" through.
+      def role_params
+        params.require(:role).permit(:name)
+      end
+  end
+end