wordjelly-auth 0.0.1

data/app/controllers/auth/concerns/shopping/discount_controller_concern.rb

@@ -0,0 +1,97 @@
+module Auth::Concerns::Shopping::DiscountControllerConcern
+
+  extend ActiveSupport::Concern
+
+  included do
+   	 
+  end
+
+  def initialize_vars
+  
+    instantiate_shopping_classes
+
+   
+    @auth_shopping_discount_params = permitted_params.fetch(:discount,{})
+    
+    @auth_shopping_discount = params[:id] ? @auth_shopping_discount_class.find(params[:id]) : @auth_shopping_discount_class.new(@auth_shopping_discount_params)
+  
+  end
+
+  ##########################################################
+  ##
+  ##
+  ## ACTIONS.
+  ##
+  ##
+  ##########################################################
+    
+  ##expects the product id, resource_id is the logged in resource, and quantity 
+  def create
+    ##ensure that the cart item is new
+   
+    check_for_create(@auth_shopping_discount)
+    @auth_shopping_discount = add_owner_and_signed_in_resource(@auth_shopping_discount)
+     
+    @auth_shopping_discount.save
+
+    respond_with @auth_shopping_discount
+  end
+
+  ##only permits the quantity to be changed, transaction id is internally assigned and can never be changed by the external world.
+  def update
+
+    check_for_update(@auth_shopping_discount)
+    
+    @auth_shopping_discount.assign_attributes(@auth_shopping_discount_params)
+    @auth_shopping_discount = add_owner_and_signed_in_resource(@auth_shopping_discount)  
+
+    
+    @auth_shopping_discount.save
+    respond_with @auth_shopping_discount
+  end
+
+  def show
+    instantiate_shopping_classes
+    @auth_shopping_discount = @auth_shopping_discount_class.find(params[:id])
+    respond_with @auth_shopping_discount 
+  end
+
+  ##should show those cart items which do not have a parent_id.
+  ##since these are the pending cart items.
+  ##all remaining cart items have already been assigned to carts
+  def index
+    @auth_shopping_discounts = @auth_shopping_discount_class.where({:resource_id => lookup_resource.id.to_s})
+    respond_with @auth_shopping_discounts
+  end
+
+
+  ##can be removed.
+  ##responds with 204, and empty response body, if all is ok.
+  def destroy
+    not_found if @auth_shopping_discount.nil?
+    @auth_shopping_discount.destroy
+    respond_with @auth_shopping_discount
+  end
+
+  
+
+  private
+
+
+  def permitted_params
+
+    params_list = [:discount_amount,:discount_percentage,:cart_id, :requires_verification]
+
+    params_list << :count if (current_signed_in_resource && current_signed_in_resource.is_admin?)
+
+    ## if its an update, we can allow the add_verified_ids and the add_declined_ids.
+    if action_name.to_s == "update"
+      params_list << [{:add_verified_ids => []}, {:add_declined_ids => []}]
+    end
+
+    params.permit({discount: params_list},:id)
+
+  end
+
+
+end

data/app/controllers/auth/concerns/shopping/pay_u_money_controller_concern.rb

@@ -0,0 +1,38 @@
+module Auth::Concerns::Shopping::PayUMoneyControllerConcern
+
+  extend ActiveSupport::Concern
+
+
+  included do
+
+  	protect_from_forgery :except => [:update]
+
+  end
+
+
+  ## This includes the params sent back in the payumoney callback + 
+  ## PLUS the params that we send to the payumoney endpoint[:amount,:txnid,:surl,:furl,:productinfo,:firstname,:email,:phone]
+  ## => of these, [firstname, email, phone, amount and txnid] are also sent back in the payumoney callback.
+  ## PLUS the params that are native to the payment concern [:payment_type, :cart_id]
+  ## Everywhere txnid, and :id is the same thing.
+  def payumoney_params
+  	[:txnid, :surl, :furl, :productinfo, :firstname, :email, :phone, :gateway_payment_initiated]
+  end
+
+  ##note that the payumoney callback makes a POST requet to whatever url you specifiy.
+  ##This does not suit our puprose, since we want it to make a PUT request to the update_url.
+  ##for this purpose a route has been added to the dummy apps routes file, that maps a POST request to the update path for the 
+
+  ## permits the original parameters defined in the payment_controller_concern and the additional params that are defined here as "payumoney_params, alongwith id."
+  def permitted_params
+    
+    payment_controller_params = []
+
+    if super["payment"]
+      payment_controller_params = super["payment"].keys.map{|c| c = c.to_sym}
+    end
+    pp = payumoney_params + payment_controller_params
+    params.permit({payment: pp},:id)
+  end
+
+end

data/app/controllers/auth/concerns/shopping/payment_controller_concern.rb

@@ -0,0 +1,101 @@
+module Auth::Concerns::Shopping::PaymentControllerConcern
+
+  extend ActiveSupport::Concern
+
+  included do
+    include Auth::Shopping::Payments::PaymentsHelper
+  end
+
+  def initialize_vars
+   
+    instantiate_shopping_classes
+    @auth_shopping_payment_params = permitted_params.fetch(:payment,{})
+   
+    @auth_shopping_payment = params[:id] ? @auth_shopping_payment_class.find_self(params[:id],current_signed_in_resource) : @auth_shopping_payment_class.new(@auth_shopping_payment_params)
+  end
+
+  def show
+    @auth_shopping_payment = add_signed_in_resource(@auth_shopping_payment)
+    @auth_shopping_payment.set_payment_receipt
+    respond_with @auth_shopping_payment
+  end
+
+  def index
+    ## need to find all the payments
+    @auth_shopping_payments = @auth_shopping_payment_class.where(:resource_id => lookup_resource.id.to_s)
+    respond_with @auth_shopping_payments
+  end
+
+  def new
+    @auth_shopping_payment = add_owner_and_signed_in_resource(@auth_shopping_payment)
+    ## so simply render the new action anyways.
+  end
+
+  def edit
+
+  end
+
+  def create
+   
+    check_for_create(@auth_shopping_payment)
+   
+    @auth_shopping_payment.payment_params = params
+    
+   
+
+    @auth_shopping_payment = add_owner_and_signed_in_resource(@auth_shopping_payment)
+   
+    resp = @auth_shopping_payment.save
+    
+       
+   
+    respond_with @auth_shopping_payment
+  end
+
+  ##in the normal process of making a cash payment
+  ##we render a cash form, then we create a payment and then we should in the show screen,to confirm and commit the payment which finally brings it here.
+  ##validations in the create call should look into whether there is a picture/cash/cheque whatever requirements are there.
+  def update
+    #puts "params coming to update are:"
+    #puts params.to_s
+    check_for_update(@auth_shopping_payment)
+    
+    @auth_shopping_payment.assign_attributes(@auth_shopping_payment_params)
+    
+    @auth_shopping_payment = add_owner_and_signed_in_resource(@auth_shopping_payment)
+    
+    ##note that params and not permitted_params is called, here because the gateway sends back all the params as a naked hash, and that is used directly to verify the authenticity, in the gateway functions.
+    #puts "these are the attributes assigned in the update action."
+    #puts @auth_shopping_payment.attributes.to_s
+    @auth_shopping_payment.payment_params = params
+    #puts "assigned params."
+    save_response = @auth_shopping_payment.save
+    
+    ## if save successfull then otherwise, respond_with edit.
+    respond_with @auth_shopping_payment, location: (save_response == true ? payment_path(@auth_shopping_payment) : edit_payment_path(@auth_shopping_payment))
+  
+  end
+
+  def destroy
+     @auth_shopping_payment = add_signed_in_resource(@auth_shopping_payment)
+     if @auth_shopping_payment.signed_in_resource.is_admin?
+        @auth_shopping_payment.delete
+     end
+     respond_with @auth_shopping_payment
+  end
+
+
+  def permitted_params
+    payment_params = [:payment_type, :amount, :cart_id,:payment_ack_proof, :refund, :payment_status, :is_verify_payment,:discount_id]
+
+    if !current_signed_in_resource.is_admin?
+      payment_params.delete(:payment_status)
+      if action_name.to_s == "update"
+        payment_params = [:is_verify_payment]
+      end
+    end
+    params.permit({payment: payment_params},:id)
+    
+  end
+
+end

data/app/controllers/auth/concerns/shopping/product_controller_concern.rb

@@ -0,0 +1,68 @@
+module Auth::Concerns::Shopping::ProductControllerConcern
+
+  extend ActiveSupport::Concern
+
+  included do
+    
+    include Auth::Shopping::Products::ProductsHelper
+
+  end
+
+  def initialize_vars
+  	instantiate_shopping_classes
+    @auth_shopping_product_params = permitted_params.fetch(:product,{})
+    @auth_shopping_product = params[:id] ? @auth_shopping_product_class.find_self(params[:id],current_signed_in_resource) : @auth_shopping_product_class.new(@auth_shopping_product_params)
+  end
+
+  
+
+  def create
+    check_for_create(@auth_shopping_product)
+    @auth_shopping_product = add_owner_and_signed_in_resource(@auth_shopping_product,{:owner_is_current_resource => true})
+  	
+    @auth_shopping_product.save
+    respond_with @auth_shopping_product
+    
+  end
+
+  def update
+    check_for_update(@auth_shopping_product)
+    @auth_shopping_product = add_owner_and_signed_in_resource(@auth_shopping_product,{:owner_is_current_resource => true})
+    @auth_shopping_product.assign_attributes(@auth_shopping_product_params)
+    @auth_shopping_product.save
+    respond_with @auth_shopping_product
+    
+  end
+
+  def index
+    instantiate_shopping_classes
+    @auth_shopping_products = @auth_shopping_product_class.all
+  end
+
+  def show
+    instantiate_shopping_classes
+    @auth_shopping_product = @auth_shopping_product_class.find(params[:id])
+    ## will render show.json.erb if its a json request.
+  end
+
+  def destroy
+    check_for_destroy(@auth_shopping_product)
+    @auth_shopping_product.delete
+    respond_with @auth_shopping_product
+  end
+
+  def new
+    
+  end
+
+  def edit
+
+  end
+
+  def permitted_params
+  	params.permit({:product => [:name,:price]})
+  end
+
+end
+
+## how to handle situation where the resource_id and resource_class is 

data/app/controllers/auth/concerns/token_concern.rb

@@ -0,0 +1,187 @@
+module Auth::Concerns::TokenConcern
+
+  extend ActiveSupport::Concern
+  
+  included do 
+  	
+    attr_accessor :authentication_done
+
+  	## adds simple_token_authentication to whichever controller implements this concern.
+    ## the models have alredy been made token_authenticatable in the lib/auth/omniauth.rb file
+    ## logic implemented here is that it iterates the auth_resources one at a time, and as long as the previous one is not already signed in , will add the 'acts_as_token_authentication_handler_for' the current resource_type.
+    ## merges in the entire hash for the current resource_type, from the configuration preinitializer file.
+    ## it then merges in any controller level configuration options
+    ## for this purpose, the controller should add a class method called 'token_authentication_conditions', which should return a hash of options. Refer to models/auth/shopping/cart_concern.rb and model/auth/shopping/cart_item_concern.rb to see how this has been implemented. Only options supported by simple_token_authentication can be set in the hash. 
+
+    ### Example how to add it in the controller
+
+=begin
+    ### in this case, the token authentication will be done on all actions defined below.
+    ### so it won't be done on "show"
+    
+=end
+
+    ### Example ends
+
+    ## POINT B:
+    ## so as per documentation of simple-token-authentication, if multiple models are to be handled for token auth then all but the last must have a fallback of :none in case of authentication failure.
+    ## this is so that it doesnt fail on the first model.
+    ## and at least tries all the remaining models.
+    ## So if there is only one model : then its fallback is default.
+    ## if there is more than one model : all but the last will have a fallback of :none.
+    ## 
+
+    TCONDITIONS = {} unless defined? TCONDITIONS
+
+
+    if Auth.configuration.enable_token_auth
+        
+      ## conditions can be defined at the controller level .
+      ## include a constant called TCONDITIONS, before the line 
+      ## include Auth::Concerns::TokenConcern
+      ## refer to Auth::RegistrationsController or implementation.
+      
+      
+
+
+      ## how many models are defined in the preinitializer
+      auth_resources_count = Auth.configuration.auth_resources.size
+
+            
+
+      ## if we have more than one auth resource model.
+      if auth_resources_count > 1
+          ## take all of them except the last, and add the fallback as none to them.
+          ## also merge the controller level conditions defined above.
+         
+          Auth.configuration.auth_resources.keys.slice(0,auth_resources_count - 1).each do |res|
+
+            acts_as_token_authentication_handler_for(res.constantize,Auth.configuration.auth_resources[res].merge({:fallback => :none}).merge(self::TCONDITIONS))
+
+            
+           
+          end
+          ## for the last one, just dont add the fallback as none, other conditions are the same.
+          res = Auth.configuration.auth_resources.keys[-1]
+         
+          acts_as_token_authentication_handler_for(res.constantize,Auth.configuration.auth_resources[res].merge(self::TCONDITIONS || {}))
+          
+
+      else
+        ## in case there is only one authentication resource, then the conditions are like the last one in case there are multiple(like above.)
+        res = Auth.configuration.auth_resources.keys[0]
+       
+        acts_as_token_authentication_handler_for(res.constantize,Auth.configuration.auth_resources[res].merge(self::TCONDITIONS || {}))
+
+      end
+    
+    end
+
+    before_filter :set_resource
+
+    ## made this a helper so that it can be used in views as well.
+    helper_method :lookup_resource
+
+    helper_method :current_signed_in_resource
+  end
+
+  ## iterates all the authentication resources in the config.
+  ## tries to see if we have a current_resource for any of them
+  ## if yes, sets the resource to the first encoutered such key and breaks the iteration
+  ## basically a convenience method to set @resource variable, since when we have more than one model that is being authenticated with Devise, there is no way to know which one to call.
+  def set_resource
+    
+
+    Auth.configuration.auth_resources.keys.each do |resource|
+      break if @resource = self.send("current_#{resource.downcase}") 
+    end
+
+    #puts "do we have a resource"
+    #puts @resource.to_s
+
+    ## devise in registrations_controller#destroy assumes the existence of an 'resource' variable, so we set that here.
+    if devise_controller?
+      self.resource = @resource
+    end
+
+    puts "we have a resource as: #{@resource}"
+    
+  end
+
+
+  
+  def lookup_resource 
+    ## if the current signed in resource si not an admin, just return it, because the concept of proxy arises only if the current_signed in resource is an admin.
+    return current_signed_in_resource unless current_signed_in_resource.is_admin?
+    
+    ## else.
+    
+    ## first check the session or the params for a proxy resource.
+    proxy_resource_id = params[:proxy_resource_id] || session[:proxy_resource_id]
+    proxy_resource_class = params[:proxy_resource_class] || session[:proxy_resource_class]
+    
+    ## if these are not provided or set, and if the resource is an admin, then the admin becomes the proxy_resource
+    proxy_resource_id = current_signed_in_resource.id.to_s if (current_signed_in_resource.is_admin? && proxy_resource_id.nil?)
+
+    proxy_resource_class = current_signed_in_resource.class.to_s if (current_signed_in_resource.is_admin? && proxy_resource_class.nil?)
+
+    ## now return nil if the proxy resource is still nil.
+    return nil unless (proxy_resource_class && proxy_resource_id)
+    return nil unless (Auth.configuration.auth_resources.include? proxy_resource_class.capitalize)
+
+    proxy_resource_class = proxy_resource_class.capitalize.constantize
+    begin
+      proxy_resource = proxy_resource_class.find(proxy_resource_id)
+      proxy_resource
+    rescue Mongoid::Errors::DocumentNotFound => error
+      nil
+    end
+    
+  end  
+
+  ## the current signed in resource.
+  def current_signed_in_resource
+    @resource
+  end
+
+
+  ## convenience method to add the current signed in resource to the model instance.
+  ## the object instance passed in MUST implement the owner concern
+  ## @param[Object] : instance of any object that implements the OwnerConcern.
+  ## @return : the object passed in.
+  def add_signed_in_resource(obj,options={})
+        if obj.respond_to? :signed_in_resource
+          obj.signed_in_resource = current_signed_in_resource
+        end
+        return obj
+  end
+
+  ## only adds the owner resource if its not already present, implying that once the owner resource is set, it should never change.
+  def add_owner_resource(obj,options={})
+      if (obj.respond_to? :resource_id) && (obj.respond_to? :resource_class)
+        if options[:owner_is_current_resource]
+          obj.resource_id = current_signed_in_resource.id.to_s if obj.resource_id.nil?
+          obj.resource_class = current_signed_in_resource.class.name.to_s if obj.resource_class.nil?
+        else
+          obj.resource_id = lookup_resource.id.to_s if obj.resource_id.nil?
+          obj.resource_class = lookup_resource.class.name.to_s if obj.resource_class.nil?
+        end
+      end
+      return obj
+  end
+
+  ## @param[Object] obj: the object whose owner is to be defined.
+  ## @param[Hash] options: possible options include:
+  ## :owner_is_current_resource => if this option exists, the resource_id and resource_class is set to the current resource
+  def add_owner_and_signed_in_resource(obj,options={})
+    obj = add_owner_resource(obj,options)
+    obj = add_signed_in_resource(obj,options)
+    obj
+  end
+
+  ## this is used as a before_filter.
+  def is_admin_user
+    not_found("You don't have sufficient privileges to complete that action") if !current_signed_in_resource.is_admin?
+  end
+
+end