[obs-commits] [PATCH] the initial import. We will update this repository again next week and use it as working repository from than on.

From: Adrian Schröter --- src/README.devel | 105 ++ src/TODO | 102 ++ src/api/README | 153 ++ src/api/README_LOGIN | 119 ++ src/api/Rakefile | 10 + src/api/app/controllers/about_controller.rb | 7 + src/api/app/controllers/admin_controller.rb | 29 + src/api/app/controllers/apidocs_controller.rb | 29 + src/api/app/controllers/application.rb | 143 ++ src/api/app/controllers/main_controller.rb | 5 + src/api/app/controllers/person_controller.rb | 99 ++ src/api/app/controllers/platform_controller.rb | 60 + src/api/app/controllers/result_controller.rb | 107 ++ src/api/app/controllers/rpm_controller.rb | 28 + src/api/app/controllers/source_controller.rb | 188 ++ src/api/app/helpers/about_helper.rb | 2 + src/api/app/helpers/admin_helper.rb | 2 + src/api/app/helpers/apidocs_helper.rb | 2 + src/api/app/helpers/application_helper.rb | 4 + src/api/app/helpers/main_helper.rb | 2 + src/api/app/helpers/person_helper.rb | 2 + src/api/app/helpers/platform_helper.rb | 2 + src/api/app/helpers/result_helper.rb | 2 + src/api/app/helpers/rpm_helper.rb | 2 + src/api/app/helpers/source_helper.rb | 2 + src/api/app/models/watched_project.rb | 3 + src/api/app/views/about/index.rxml | 6 + src/api/app/views/admin/index.rhtml | 11 + src/api/app/views/admin/list_sources.rhtml | 5 + src/api/app/views/admin/say_hello.rhtml | 1 + src/api/app/views/error.rxml | 16 + src/api/app/views/layouts/html.rhtml | 36 + src/api/app/views/main/index.rhtml | 19 + src/api/app/views/person/userinfo.rxml | 23 + src/api/app/views/result/packageresult.rxml | 16 + src/api/app/views/result/projectresult.rxml | 18 + src/api/app/views/source/_meta.rhtml | 10 + src/api/app/views/source/package_meta.rxml | 10 + src/api/components/active_rbac/CHANGELOG | 27 + .../components/active_rbac/component_controller.rb | 24 + src/api/components/active_rbac/configuration.rb | 57 + src/api/components/active_rbac/db/create.mssql.sql | 374 ++++ src/api/components/active_rbac/db/create.mysql.sql | 130 ++ .../active_rbac/db/create.postgresql.sql | 147 ++ src/api/components/active_rbac/exceptions.rb | 15 + src/api/components/active_rbac/group.rb | 135 ++ src/api/components/active_rbac/group/_form.rhtml | 44 + src/api/components/active_rbac/group/delete.rhtml | 13 + src/api/components/active_rbac/group/edit.rhtml | 9 + src/api/components/active_rbac/group/list.rhtml | 23 + src/api/components/active_rbac/group/new.rhtml | 8 + src/api/components/active_rbac/group/show.rhtml | 71 + src/api/components/active_rbac/group_controller.rb | 150 ++ .../components/active_rbac/helpers/rbac_helper.rb | 104 ++ .../components/active_rbac/layouts/_password.rhtml | 17 + .../components/active_rbac/layouts/confirm.rhtml | 10 + .../active_rbac/layouts/confirm_failure.rhtml | 5 + .../active_rbac/layouts/confirm_success.rhtml | 6 + .../active_rbac/layouts/lostpassword.rhtml | 38 + .../active_rbac/layouts/lostpassword_success.rhtml | 7 + .../components/active_rbac/layouts/register.rhtml | 28 + .../active_rbac/layouts/register_success.rhtml | 10 + .../active_rbac/login/already_logged_in.rhtml | 7 + src/api/components/active_rbac/login/login.rhtml | 27 + .../active_rbac/login/login_success.rhtml | 5 + src/api/components/active_rbac/login/logout.rhtml | 6 + .../active_rbac/login/logout_success.rhtml | 5 + src/api/components/active_rbac/login_controller.rb | 89 + .../active_rbac/registration/_password.rhtml | 17 + .../active_rbac/registration/confirm.rhtml | 10 + .../active_rbac/registration/confirm_failure.rhtml | 5 + .../active_rbac/registration/confirm_success.rhtml | 6 + .../active_rbac/registration/lostpassword.rhtml | 38 + .../registration/lostpassword_success.rhtml | 7 + .../active_rbac/registration/register.rhtml | 28 + .../registration/register_success.rhtml | 10 + .../active_rbac/registration_controller.rb | 126 ++ .../components/active_rbac/registration_mailer.rb | 65 + .../registration_mailer/confirm_registration.rhtml | 6 + .../registration_mailer/lost_password.rhtml | 13 + src/api/components/active_rbac/role.rb | 141 ++ src/api/components/active_rbac/role/_form.rhtml | 57 + src/api/components/active_rbac/role/delete.rhtml | 12 + src/api/components/active_rbac/role/edit.rhtml | 9 + src/api/components/active_rbac/role/list.rhtml | 22 + src/api/components/active_rbac/role/new.rhtml | 8 + src/api/components/active_rbac/role/show.rhtml | 110 ++ src/api/components/active_rbac/role_controller.rb | 152 ++ .../active_rbac/shared/_pagination.rhtml | 19 + .../components/active_rbac/static_permission.rb | 34 + .../active_rbac/static_permission/_form.rhtml | 10 + .../active_rbac/static_permission/delete.rhtml | 13 + .../active_rbac/static_permission/edit.rhtml | 9 + .../active_rbac/static_permission/list.rhtml | 30 + .../active_rbac/static_permission/new.rhtml | 8 + .../active_rbac/static_permission/show.rhtml | 43 + .../active_rbac/static_permission_controller.rb | 128 ++ .../active_rbac/test/fixtures/groups.yml | 80 + .../active_rbac/test/fixtures/groups_roles.yml | 23 + .../active_rbac/test/fixtures/groups_users.yml | 29 + .../registration_mailer/confirm_registration | 6 + .../fixtures/registration_mailer/lost_password | 13 + .../components/active_rbac/test/fixtures/roles.yml | 56 + .../test/fixtures/roles_static_permissions.yml | 14 + .../active_rbac/test/fixtures/roles_users.yml | 11 + .../test/fixtures/static_permissions.yml | 17 + .../test/fixtures/user_registrations.yml | 18 + .../components/active_rbac/test/fixtures/users.yml | 199 +++ .../test/functional/group_controller_test.rb | 263 +++ .../test/functional/login_controller_test.rb | 149 ++ .../functional/registration_controller_test.rb | 396 +++++ .../test/functional/role_controller_test.rb | 262 +++ .../static_permission_controller_test.rb | 95 ++ .../test/functional/user_controller_test.rb | 445 +++++ src/api/components/active_rbac/test/test_helper.rb | 26 + .../components/active_rbac/test/unit/group_test.rb | 535 ++++++ .../test/unit/registration_mailer_test.rb | 61 + .../components/active_rbac/test/unit/role_test.rb | 351 ++++ .../test/unit/static_permission_test.rb | 535 ++++++ .../test/unit/user_registration_test.rb | 47 + .../components/active_rbac/test/unit/user_test.rb | 821 +++++++++ src/api/components/active_rbac/user.rb | 409 +++++ src/api/components/active_rbac/user/_form.rhtml | 53 + .../components/active_rbac/user/_password.rhtml | 19 + src/api/components/active_rbac/user/delete.rhtml | 13 + src/api/components/active_rbac/user/edit.rhtml | 10 + src/api/components/active_rbac/user/list.rhtml | 49 + src/api/components/active_rbac/user/new.rhtml | 9 + src/api/components/active_rbac/user/show.rhtml | 75 + src/api/components/active_rbac/user_controller.rb | 163 ++ .../components/active_rbac/user_registration.rb | 32 + src/api/config/active_rbac_config.rb | 3 + src/api/config/boot.rb | 19 + src/api/config/database.yml | 88 + src/api/config/deploy.rb | 103 ++ src/api/config/environment.rb | 61 + src/api/config/environments/development.rb | 38 + src/api/config/environments/production.rb | 28 + src/api/config/environments/test.rb | 29 + src/api/config/routes.rb | 89 + src/api/db/create_mysql.sql | 215 +++ src/api/doc/README_FOR_APP | 2 + src/api/files/specfiletemplate | 26 + src/api/lib/login_system.rb | 88 + src/api/lib/opensuse/backend.rb | 300 ++++ src/api/lib/opensuse/permission.rb | 108 ++ src/api/lib/opensuse/validator.rb | 141 ++ src/api/lib/tasks/switchtower.rake | 48 + src/api/public/.htaccess | 40 + src/api/public/404.html | 8 + src/api/public/500.html | 8 + src/api/public/dispatch.cgi | 10 + src/api/public/dispatch.fcgi | 24 + src/api/public/dispatch.rb | 10 + src/api/public/images/opensuse.gif | Bin 0 -> 1474 bytes src/api/public/images/rails.png | Bin 0 -> 1787 bytes src/api/public/javascripts/controls.js | 750 ++++++++ src/api/public/javascripts/dragdrop.js | 539 ++++++ src/api/public/javascripts/effects.js | 904 ++++++++++ src/api/public/javascripts/prototype.js | 1768 +++++++++++++++++++ src/api/public/robots.txt | 1 + src/api/public/stylesheets/opensuse.css | 69 + src/api/script/about | 3 + src/api/script/breakpointer | 3 + src/api/script/console | 3 + src/api/script/destroy | 3 + src/api/script/generate | 3 + src/api/script/performance/benchmarker | 3 + src/api/script/performance/profiler | 3 + src/api/script/plugin | 3 + src/api/script/process/reaper | 3 + src/api/script/process/spawner | 3 + src/api/script/process/spinner | 3 + src/api/script/runner | 3 + src/api/script/server | 5 + src/api/test/fixtures/roles.yml | 6 + src/api/test/fixtures/roles_static_permissions.yml | 19 + src/api/test/fixtures/roles_users.yml | 5 + src/api/test/fixtures/static_permissions.yml | 23 + src/api/test/fixtures/users.yml | 39 + src/api/test/fixtures/watched_projects.yml | 9 + src/api/test/functional/about_controller_test.rb | 15 + src/api/test/functional/admin_controller_test.rb | 15 + src/api/test/functional/apidocs_controller_test.rb | 15 + src/api/test/functional/main_controller_test.rb | 15 + src/api/test/functional/person_controller_test.rb | 72 + .../test/functional/platform_controller_test.rb | 33 + src/api/test/functional/result_controller_test.rb | 15 + src/api/test/functional/rpm_controller_test.rb | 15 + src/api/test/functional/source_controller_test.rb | 436 +++++ src/api/test/test_helper.rb | 66 + src/api/test/unit/watched_project_test.rb | 11 + src/api/vendor/plugins/railfix/init.rb | 34 + src/backend-dummy/README | 153 ++ src/backend-dummy/Rakefile | 10 + .../app/controllers/admin_controller.rb | 27 + src/backend-dummy/app/controllers/application.rb | 25 + .../app/controllers/platform_controller.rb | 47 + .../app/controllers/result_controller.rb | 58 + .../app/controllers/rpm_controller.rb | 29 + .../app/controllers/source_controller.rb | 101 ++ src/backend-dummy/app/helpers/admin_helper.rb | 2 + .../app/helpers/application_helper.rb | 3 + src/backend-dummy/app/helpers/platform_helper.rb | 2 + src/backend-dummy/app/helpers/result_helper.rb | 2 + src/backend-dummy/app/helpers/rpm_helper.rb | 2 + src/backend-dummy/app/helpers/source_helper.rb | 2 + src/backend-dummy/app/views/admin/index.rhtml | 3 + .../app/views/admin/list_sources.rhtml | 5 + src/backend-dummy/app/views/admin/say_hello.rhtml | 1 + src/backend-dummy/app/views/error.rxml | 16 + src/backend-dummy/app/views/layouts/admin.rhtml | 10 + src/backend-dummy/app/views/platform/index.rxml | 5 + src/backend-dummy/app/views/source/_meta.rhtml | 10 + src/backend-dummy/app/views/source/index.rxml | 5 + src/backend-dummy/config/boot.rb | 19 + src/backend-dummy/config/database.yml | 85 + src/backend-dummy/config/deploy.rb | 69 + src/backend-dummy/config/environment.rb | 55 + .../config/environments/development.rb | 21 + .../config/environments/production.rb | 21 + src/backend-dummy/config/environments/test.rb | 21 + src/backend-dummy/config/routes.rb | 50 + .../data_test/platform/SUSE-10.0/superkde | 37 + .../data_test/platform/SUSE-10.0/suselinux-10.0 | 37 + .../data_test/platform/SUSE10.1/Debian-Etch | 37 + .../data_test/platform/SUSE10.1/superkde | 37 + .../data_test/platform/SUSE10.1/suselinux-10.0 | 37 + src/backend-dummy/data_test/source/kde4/_meta | 21 + .../data_test/source/kde4/kdebase/_meta | 5 + .../data_test/source/kde4/kdelibs/_meta | 24 + .../data_test/source/kde4/kdelibs/kdelibs.tar.gz | 1 + .../source/kde4/kdelibs/make_it_cool.patch | 1 + .../data_test/source/kde4/kdelibs/my_patch.diff | 1 + src/backend-dummy/doc/README_FOR_APP | 2 + src/backend-dummy/lib/dummy_builder.rb | 163 ++ src/backend-dummy/lib/tasks/switchtower.rake | 48 + src/backend-dummy/public/.htaccess | 40 + src/backend-dummy/public/404.html | 8 + src/backend-dummy/public/500.html | 8 + src/backend-dummy/public/dispatch.cgi | 10 + src/backend-dummy/public/dispatch.fcgi | 24 + src/backend-dummy/public/dispatch.rb | 10 + src/backend-dummy/public/images/rails.png | Bin 0 -> 1787 bytes src/backend-dummy/public/index.html | 277 +++ src/backend-dummy/public/javascripts/controls.js | 750 ++++++++ src/backend-dummy/public/javascripts/dragdrop.js | 539 ++++++ src/backend-dummy/public/javascripts/effects.js | 904 ++++++++++ src/backend-dummy/public/javascripts/prototype.js | 1768 +++++++++++++++++++ src/backend-dummy/public/robots.txt | 1 + src/backend-dummy/script/about | 3 + src/backend-dummy/script/breakpointer | 3 + src/backend-dummy/script/console | 3 + src/backend-dummy/script/destroy | 3 + src/backend-dummy/script/generate | 3 + src/backend-dummy/script/performance/benchmarker | 3 + src/backend-dummy/script/performance/profiler | 3 + src/backend-dummy/script/plugin | 3 + src/backend-dummy/script/process/reaper | 3 + src/backend-dummy/script/process/spawner | 3 + src/backend-dummy/script/process/spinner | 3 + src/backend-dummy/script/runner | 3 + src/backend-dummy/script/server | 5 + .../test/functional/admin_controller_test.rb | 18 + .../test/functional/platform_controller_test.rb | 18 + .../test/functional/result_controller_test.rb | 18 + .../test/functional/rpm_controller_test.rb | 18 + .../test/functional/source_controller_test.rb | 18 + src/backend-dummy/test/test_helper.rb | 28 + src/debug | 28 + src/deploy | 7 + src/start | 38 + src/start_buildsystem.sh | 31 + src/webui/README | 153 ++ src/webui/Rakefile | 10 + src/webui/app/controllers/application.rb | 94 + src/webui/app/controllers/home_controller.rb | 14 + src/webui/app/controllers/main_controller.rb | 2 + src/webui/app/controllers/package_controller.rb | 274 +++ src/webui/app/controllers/platform_controller.rb | 101 ++ src/webui/app/controllers/project_controller.rb | 282 +++ src/webui/app/controllers/user_controller.rb | 80 + src/webui/app/helpers/application_helper.rb | 9 + src/webui/app/helpers/home_helper.rb | 2 + src/webui/app/helpers/main_helper.rb | 2 + src/webui/app/helpers/package_helper.rb | 13 + src/webui/app/helpers/platform_helper.rb | 13 + src/webui/app/helpers/project_helper.rb | 37 + src/webui/app/helpers/user_helper.rb | 2 + src/webui/app/models/package.rb | 100 ++ src/webui/app/models/person.rb | 27 + src/webui/app/models/platform.rb | 12 + src/webui/app/models/project.rb | 90 + src/webui/app/models/result.rb | 4 + src/webui/app/views/error.rhtml | 24 + src/webui/app/views/home/index.rhtml | 33 + src/webui/app/views/layouts/application.rhtml | 69 + src/webui/app/views/main/about.rhtml | 5 + src/webui/app/views/main/index.rhtml | 20 + .../app/views/package/_update_build_log.rhtml | 11 + src/webui/app/views/package/add_file.rhtml | 13 + src/webui/app/views/package/add_person.rhtml | 10 + src/webui/app/views/package/edit.rhtml | 12 + src/webui/app/views/package/edit_spec.rhtml | 9 + src/webui/app/views/package/live_build_log.rhtml | 33 + src/webui/app/views/package/new.rhtml | 13 + src/webui/app/views/package/save.rhtml | 5 + src/webui/app/views/package/show.rhtml | 100 ++ src/webui/app/views/platform/edit.rhtml | 11 + src/webui/app/views/platform/list_all.rhtml | 19 + src/webui/app/views/platform/new.rhtml | 14 + src/webui/app/views/platform/show.rhtml | 35 + src/webui/app/views/project/_watch_link.rhtml | 4 + src/webui/app/views/project/add_person.rhtml | 10 + src/webui/app/views/project/add_target.rhtml | 14 + src/webui/app/views/project/edit.rhtml | 10 + src/webui/app/views/project/list_all.rhtml | 9 + src/webui/app/views/project/list_my.rhtml | 12 + src/webui/app/views/project/monitor.rhtml | 50 + src/webui/app/views/project/new.rhtml | 12 + src/webui/app/views/project/refresh_monitor.rhtml | 15 + src/webui/app/views/project/show.rhtml | 124 ++ src/webui/app/views/user/edit.rhtml | 50 + src/webui/app/views/user/login.rhtml | 23 + src/webui/app/views/user/logout.rhtml | 10 + src/webui/app/views/user/newaccount.rhtml | 22 + src/webui/config/boot.rb | 19 + src/webui/config/database.yml | 85 + src/webui/config/deploy.rb | 59 + src/webui/config/environment.rb | 63 + src/webui/config/environments/development.rb | 23 + src/webui/config/environments/production.rb | 24 + src/webui/config/environments/test.rb | 22 + src/webui/config/routes.rb | 14 + src/webui/doc/README_FOR_APP | 2 + src/webui/lib/tasks/switchtower.rake | 48 + src/webui/public/.htaccess | 40 + src/webui/public/404.html | 8 + src/webui/public/500.html | 8 + src/webui/public/dispatch.cgi | 10 + src/webui/public/dispatch.fcgi | 24 + src/webui/public/dispatch.rb | 10 + src/webui/public/images/accent.png | Bin 0 -> 3534 bytes src/webui/public/images/bg-gradient.png | Bin 0 -> 414 bytes src/webui/public/images/logo-buildservice.png | Bin 0 -> 5156 bytes src/webui/public/images/opensuse.gif | Bin 0 -> 1474 bytes src/webui/public/images/rails.png | Bin 0 -> 1787 bytes src/webui/public/javascripts/controls.js | 750 ++++++++ src/webui/public/javascripts/dragdrop.js | 584 +++++++ src/webui/public/javascripts/effects.js | 854 ++++++++++ src/webui/public/javascripts/prototype.js | 1785 ++++++++++++++++++++ src/webui/public/robots.txt | 1 + src/webui/public/stylesheets/opensuse.css | 257 +++ src/webui/script/about | 3 + src/webui/script/breakpointer | 3 + src/webui/script/console | 3 + src/webui/script/destroy | 3 + src/webui/script/generate | 3 + src/webui/script/performance/benchmarker | 3 + src/webui/script/performance/profiler | 3 + src/webui/script/plugin | 3 + src/webui/script/process/reaper | 3 + src/webui/script/process/spawner | 3 + src/webui/script/process/spinner | 3 + src/webui/script/runner | 3 + src/webui/script/server | 3 + src/webui/test/fixtures/platforms.yml | 5 + src/webui/test/fixtures/users.yml | 5 + src/webui/test/functional/home_controller_test.rb | 18 + src/webui/test/functional/main_controller_test.rb | 18 + .../test/functional/package_controller_test.rb | 20 + .../test/functional/platform_controller_test.rb | 18 + .../test/functional/project_controller_test.rb | 51 + src/webui/test/test_helper.rb | 28 + src/xml_bindings.txt | 40 + 375 files changed, 28758 insertions(+), 0 deletions(-) create mode 100644 src/README.devel create mode 100644 src/TODO create mode 100644 src/api/README create mode 100644 src/api/README_LOGIN create mode 100644 src/api/Rakefile create mode 100644 src/api/app/controllers/about_controller.rb create mode 100644 src/api/app/controllers/admin_controller.rb create mode 100644 src/api/app/controllers/apidocs_controller.rb create mode 100644 src/api/app/controllers/application.rb create mode 100644 src/api/app/controllers/main_controller.rb create mode 100644 src/api/app/controllers/person_controller.rb create mode 100644 src/api/app/controllers/platform_controller.rb create mode 100644 src/api/app/controllers/result_controller.rb create mode 100644 src/api/app/controllers/rpm_controller.rb create mode 100644 src/api/app/controllers/source_controller.rb create mode 100644 src/api/app/helpers/about_helper.rb create mode 100644 src/api/app/helpers/admin_helper.rb create mode 100644 src/api/app/helpers/apidocs_helper.rb create mode 100644 src/api/app/helpers/application_helper.rb create mode 100644 src/api/app/helpers/main_helper.rb create mode 100644 src/api/app/helpers/person_helper.rb create mode 100644 src/api/app/helpers/platform_helper.rb create mode 100644 src/api/app/helpers/result_helper.rb create mode 100644 src/api/app/helpers/rpm_helper.rb create mode 100644 src/api/app/helpers/source_helper.rb create mode 100644 src/api/app/models/watched_project.rb create mode 100644 src/api/app/views/about/index.rxml create mode 100644 src/api/app/views/admin/index.rhtml create mode 100644 src/api/app/views/admin/list_sources.rhtml create mode 100644 src/api/app/views/admin/say_hello.rhtml create mode 100644 src/api/app/views/error.rxml create mode 100644 src/api/app/views/layouts/html.rhtml create mode 100644 src/api/app/views/main/index.rhtml create mode 100644 src/api/app/views/person/userinfo.rxml create mode 100644 src/api/app/views/result/packageresult.rxml create mode 100644 src/api/app/views/result/projectresult.rxml create mode 100644 src/api/app/views/source/_meta.rhtml create mode 100644 src/api/app/views/source/package_meta.rxml create mode 100644 src/api/components/active_rbac/CHANGELOG create mode 100644 src/api/components/active_rbac/component_controller.rb create mode 100644 src/api/components/active_rbac/configuration.rb create mode 100644 src/api/components/active_rbac/db/create.mssql.sql create mode 100644 src/api/components/active_rbac/db/create.mysql.sql create mode 100644 src/api/components/active_rbac/db/create.postgresql.sql create mode 100644 src/api/components/active_rbac/exceptions.rb create mode 100644 src/api/components/active_rbac/group.rb create mode 100644 src/api/components/active_rbac/group/_form.rhtml create mode 100644 src/api/components/active_rbac/group/delete.rhtml create mode 100644 src/api/components/active_rbac/group/edit.rhtml create mode 100644 src/api/components/active_rbac/group/list.rhtml create mode 100644 src/api/components/active_rbac/group/new.rhtml create mode 100644 src/api/components/active_rbac/group/show.rhtml create mode 100644 src/api/components/active_rbac/group_controller.rb create mode 100644 src/api/components/active_rbac/helpers/rbac_helper.rb create mode 100644 src/api/components/active_rbac/layouts/_password.rhtml create mode 100644 src/api/components/active_rbac/layouts/confirm.rhtml create mode 100644 src/api/components/active_rbac/layouts/confirm_failure.rhtml create mode 100644 src/api/components/active_rbac/layouts/confirm_success.rhtml create mode 100644 src/api/components/active_rbac/layouts/lostpassword.rhtml create mode 100644 src/api/components/active_rbac/layouts/lostpassword_success.rhtml create mode 100644 src/api/components/active_rbac/layouts/register.rhtml create mode 100644 src/api/components/active_rbac/layouts/register_success.rhtml create mode 100644 src/api/components/active_rbac/login/already_logged_in.rhtml create mode 100644 src/api/components/active_rbac/login/login.rhtml create mode 100644 src/api/components/active_rbac/login/login_success.rhtml create mode 100644 src/api/components/active_rbac/login/logout.rhtml create mode 100644 src/api/components/active_rbac/login/logout_success.rhtml create mode 100644 src/api/components/active_rbac/login_controller.rb create mode 100644 src/api/components/active_rbac/registration/_password.rhtml create mode 100644 src/api/components/active_rbac/registration/confirm.rhtml create mode 100644 src/api/components/active_rbac/registration/confirm_failure.rhtml create mode 100644 src/api/components/active_rbac/registration/confirm_success.rhtml create mode 100644 src/api/components/active_rbac/registration/lostpassword.rhtml create mode 100644 src/api/components/active_rbac/registration/lostpassword_success.rhtml create mode 100644 src/api/components/active_rbac/registration/register.rhtml create mode 100644 src/api/components/active_rbac/registration/register_success.rhtml create mode 100644 src/api/components/active_rbac/registration_controller.rb create mode 100644 src/api/components/active_rbac/registration_mailer.rb create mode 100644 src/api/components/active_rbac/registration_mailer/confirm_registration.rhtml create mode 100644 src/api/components/active_rbac/registration_mailer/lost_password.rhtml create mode 100644 src/api/components/active_rbac/role.rb create mode 100644 src/api/components/active_rbac/role/_form.rhtml create mode 100644 src/api/components/active_rbac/role/delete.rhtml create mode 100644 src/api/components/active_rbac/role/edit.rhtml create mode 100644 src/api/components/active_rbac/role/list.rhtml create mode 100644 src/api/components/active_rbac/role/new.rhtml create mode 100644 src/api/components/active_rbac/role/show.rhtml create mode 100644 src/api/components/active_rbac/role_controller.rb create mode 100644 src/api/components/active_rbac/shared/_pagination.rhtml create mode 100644 src/api/components/active_rbac/static_permission.rb create mode 100644 src/api/components/active_rbac/static_permission/_form.rhtml create mode 100644 src/api/components/active_rbac/static_permission/delete.rhtml create mode 100644 src/api/components/active_rbac/static_permission/edit.rhtml create mode 100644 src/api/components/active_rbac/static_permission/list.rhtml create mode 100644 src/api/components/active_rbac/static_permission/new.rhtml create mode 100644 src/api/components/active_rbac/static_permission/show.rhtml create mode 100644 src/api/components/active_rbac/static_permission_controller.rb create mode 100644 src/api/components/active_rbac/test/fixtures/groups.yml create mode 100644 src/api/components/active_rbac/test/fixtures/groups_roles.yml create mode 100644 src/api/components/active_rbac/test/fixtures/groups_users.yml create mode 100644 src/api/components/active_rbac/test/fixtures/registration_mailer/confirm_registration create mode 100644 src/api/components/active_rbac/test/fixtures/registration_mailer/lost_password create mode 100644 src/api/components/active_rbac/test/fixtures/roles.yml create mode 100644 src/api/components/active_rbac/test/fixtures/roles_static_permissions.yml create mode 100644 src/api/components/active_rbac/test/fixtures/roles_users.yml create mode 100644 src/api/components/active_rbac/test/fixtures/static_permissions.yml create mode 100644 src/api/components/active_rbac/test/fixtures/user_registrations.yml create mode 100644 src/api/components/active_rbac/test/fixtures/users.yml create mode 100644 src/api/components/active_rbac/test/functional/group_controller_test.rb create mode 100644 src/api/components/active_rbac/test/functional/login_controller_test.rb create mode 100644 src/api/components/active_rbac/test/functional/registration_controller_test.rb create mode 100644 src/api/components/active_rbac/test/functional/role_controller_test.rb create mode 100644 src/api/components/active_rbac/test/functional/static_permission_controller_test.rb create mode 100644 src/api/components/active_rbac/test/functional/user_controller_test.rb create mode 100644 src/api/components/active_rbac/test/test_helper.rb create mode 100644 src/api/components/active_rbac/test/unit/group_test.rb create mode 100644 src/api/components/active_rbac/test/unit/registration_mailer_test.rb create mode 100644 src/api/components/active_rbac/test/unit/role_test.rb create mode 100644 src/api/components/active_rbac/test/unit/static_permission_test.rb create mode 100644 src/api/components/active_rbac/test/unit/user_registration_test.rb create mode 100644 src/api/components/active_rbac/test/unit/user_test.rb create mode 100644 src/api/components/active_rbac/user.rb create mode 100644 src/api/components/active_rbac/user/_form.rhtml create mode 100644 src/api/components/active_rbac/user/_password.rhtml create mode 100644 src/api/components/active_rbac/user/delete.rhtml create mode 100644 src/api/components/active_rbac/user/edit.rhtml create mode 100644 src/api/components/active_rbac/user/list.rhtml create mode 100644 src/api/components/active_rbac/user/new.rhtml create mode 100644 src/api/components/active_rbac/user/show.rhtml create mode 100644 src/api/components/active_rbac/user_controller.rb create mode 100644 src/api/components/active_rbac/user_registration.rb create mode 100644 src/api/config/active_rbac_config.rb create mode 100644 src/api/config/boot.rb create mode 100644 src/api/config/database.yml create mode 100644 src/api/config/deploy.rb create mode 100644 src/api/config/environment.rb create mode 100644 src/api/config/environments/development.rb create mode 100644 src/api/config/environments/production.rb create mode 100644 src/api/config/environments/test.rb create mode 100644 src/api/config/routes.rb create mode 100644 src/api/db/create_mysql.sql create mode 100644 src/api/doc/README_FOR_APP create mode 100644 src/api/files/specfiletemplate create mode 100644 src/api/lib/login_system.rb create mode 100644 src/api/lib/opensuse/backend.rb create mode 100644 src/api/lib/opensuse/permission.rb create mode 100644 src/api/lib/opensuse/validator.rb create mode 100644 src/api/lib/tasks/switchtower.rake create mode 100644 src/api/public/.htaccess create mode 100644 src/api/public/404.html create mode 100644 src/api/public/500.html create mode 100755 src/api/public/dispatch.cgi create mode 100755 src/api/public/dispatch.fcgi create mode 100755 src/api/public/dispatch.rb create mode 100644 src/api/public/favicon.ico create mode 100644 src/api/public/images/opensuse.gif create mode 100644 src/api/public/images/rails.png create mode 100644 src/api/public/javascripts/controls.js create mode 100644 src/api/public/javascripts/dragdrop.js create mode 100644 src/api/public/javascripts/effects.js create mode 100644 src/api/public/javascripts/prototype.js create mode 100644 src/api/public/robots.txt create mode 100644 src/api/public/stylesheets/opensuse.css create mode 100755 src/api/script/about create mode 100755 src/api/script/breakpointer create mode 100755 src/api/script/console create mode 100755 src/api/script/destroy create mode 100755 src/api/script/generate create mode 100755 src/api/script/performance/benchmarker create mode 100755 src/api/script/performance/profiler create mode 100755 src/api/script/plugin create mode 100755 src/api/script/process/reaper create mode 100755 src/api/script/process/spawner create mode 100755 src/api/script/process/spinner create mode 100755 src/api/script/runner create mode 100755 src/api/script/server create mode 100644 src/api/test/fixtures/roles.yml create mode 100644 src/api/test/fixtures/roles_static_permissions.yml create mode 100644 src/api/test/fixtures/roles_users.yml create mode 100644 src/api/test/fixtures/static_permissions.yml create mode 100644 src/api/test/fixtures/users.yml create mode 100644 src/api/test/fixtures/watched_projects.yml create mode 100644 src/api/test/functional/about_controller_test.rb create mode 100644 src/api/test/functional/admin_controller_test.rb create mode 100644 src/api/test/functional/apidocs_controller_test.rb create mode 100644 src/api/test/functional/main_controller_test.rb create mode 100644 src/api/test/functional/person_controller_test.rb create mode 100644 src/api/test/functional/platform_controller_test.rb create mode 100644 src/api/test/functional/result_controller_test.rb create mode 100644 src/api/test/functional/rpm_controller_test.rb create mode 100644 src/api/test/functional/source_controller_test.rb create mode 100644 src/api/test/test_helper.rb create mode 100644 src/api/test/unit/watched_project_test.rb create mode 100644 src/api/vendor/plugins/railfix/init.rb create mode 100644 src/backend-dummy/README create mode 100644 src/backend-dummy/Rakefile create mode 100644 src/backend-dummy/app/controllers/admin_controller.rb create mode 100644 src/backend-dummy/app/controllers/application.rb create mode 100644 src/backend-dummy/app/controllers/platform_controller.rb create mode 100644 src/backend-dummy/app/controllers/result_controller.rb create mode 100644 src/backend-dummy/app/controllers/rpm_controller.rb create mode 100644 src/backend-dummy/app/controllers/source_controller.rb create mode 100644 src/backend-dummy/app/helpers/admin_helper.rb create mode 100644 src/backend-dummy/app/helpers/application_helper.rb create mode 100644 src/backend-dummy/app/helpers/platform_helper.rb create mode 100644 src/backend-dummy/app/helpers/result_helper.rb create mode 100644 src/backend-dummy/app/helpers/rpm_helper.rb create mode 100644 src/backend-dummy/app/helpers/source_helper.rb create mode 100644 src/backend-dummy/app/views/admin/index.rhtml create mode 100644 src/backend-dummy/app/views/admin/list_sources.rhtml create mode 100644 src/backend-dummy/app/views/admin/say_hello.rhtml create mode 100644 src/backend-dummy/app/views/error.rxml create mode 100644 src/backend-dummy/app/views/layouts/admin.rhtml create mode 100644 src/backend-dummy/app/views/platform/index.rxml create mode 100644 src/backend-dummy/app/views/source/_meta.rhtml create mode 100644 src/backend-dummy/app/views/source/index.rxml create mode 100644 src/backend-dummy/config/boot.rb create mode 100644 src/backend-dummy/config/database.yml create mode 100644 src/backend-dummy/config/deploy.rb create mode 100644 src/backend-dummy/config/environment.rb create mode 100644 src/backend-dummy/config/environments/development.rb create mode 100644 src/backend-dummy/config/environments/production.rb create mode 100644 src/backend-dummy/config/environments/test.rb create mode 100644 src/backend-dummy/config/routes.rb create mode 100644 src/backend-dummy/data_test/platform/SUSE-10.0/superkde create mode 100644 src/backend-dummy/data_test/platform/SUSE-10.0/suselinux-10.0 create mode 100644 src/backend-dummy/data_test/platform/SUSE10.1/Debian-Etch create mode 100644 src/backend-dummy/data_test/platform/SUSE10.1/superkde create mode 100644 src/backend-dummy/data_test/platform/SUSE10.1/suselinux-10.0 create mode 100644 src/backend-dummy/data_test/source/kde4/_meta create mode 100644 src/backend-dummy/data_test/source/kde4/kdebase/_meta create mode 100644 src/backend-dummy/data_test/source/kde4/kdelibs/_meta create mode 100644 src/backend-dummy/data_test/source/kde4/kdelibs/kdelibs.tar.gz create mode 100644 src/backend-dummy/data_test/source/kde4/kdelibs/make_it_cool.patch create mode 100644 src/backend-dummy/data_test/source/kde4/kdelibs/my_patch.diff create mode 100644 src/backend-dummy/db/development_structure.sql create mode 100644 src/backend-dummy/doc/README_FOR_APP create mode 100644 src/backend-dummy/lib/dummy_builder.rb create mode 100644 src/backend-dummy/lib/tasks/switchtower.rake create mode 100644 src/backend-dummy/public/.htaccess create mode 100644 src/backend-dummy/public/404.html create mode 100644 src/backend-dummy/public/500.html create mode 100755 src/backend-dummy/public/dispatch.cgi create mode 100755 src/backend-dummy/public/dispatch.fcgi create mode 100755 src/backend-dummy/public/dispatch.rb create mode 100644 src/backend-dummy/public/favicon.ico create mode 100644 src/backend-dummy/public/images/rails.png create mode 100644 src/backend-dummy/public/index.html create mode 100644 src/backend-dummy/public/javascripts/controls.js create mode 100644 src/backend-dummy/public/javascripts/dragdrop.js create mode 100644 src/backend-dummy/public/javascripts/effects.js create mode 100644 src/backend-dummy/public/javascripts/prototype.js create mode 100644 src/backend-dummy/public/robots.txt create mode 100755 src/backend-dummy/script/about create mode 100755 src/backend-dummy/script/breakpointer create mode 100755 src/backend-dummy/script/console create mode 100755 src/backend-dummy/script/destroy create mode 100755 src/backend-dummy/script/generate create mode 100755 src/backend-dummy/script/performance/benchmarker create mode 100755 src/backend-dummy/script/performance/profiler create mode 100755 src/backend-dummy/script/plugin create mode 100755 src/backend-dummy/script/process/reaper create mode 100755 src/backend-dummy/script/process/spawner create mode 100755 src/backend-dummy/script/process/spinner create mode 100755 src/backend-dummy/script/runner create mode 100755 src/backend-dummy/script/server create mode 100644 src/backend-dummy/test/functional/admin_controller_test.rb create mode 100644 src/backend-dummy/test/functional/platform_controller_test.rb create mode 100644 src/backend-dummy/test/functional/result_controller_test.rb create mode 100644 src/backend-dummy/test/functional/rpm_controller_test.rb create mode 100644 src/backend-dummy/test/functional/source_controller_test.rb create mode 100644 src/backend-dummy/test/test_helper.rb create mode 100755 src/debug create mode 100755 src/deploy create mode 100755 src/start create mode 100755 src/start_buildsystem.sh create mode 100644 src/webui/README create mode 100644 src/webui/Rakefile create mode 100644 src/webui/app/controllers/application.rb create mode 100644 src/webui/app/controllers/home_controller.rb create mode 100644 src/webui/app/controllers/main_controller.rb create mode 100644 src/webui/app/controllers/package_controller.rb create mode 100644 src/webui/app/controllers/platform_controller.rb create mode 100644 src/webui/app/controllers/project_controller.rb create mode 100644 src/webui/app/controllers/user_controller.rb create mode 100644 src/webui/app/helpers/application_helper.rb create mode 100644 src/webui/app/helpers/home_helper.rb create mode 100644 src/webui/app/helpers/main_helper.rb create mode 100644 src/webui/app/helpers/package_helper.rb create mode 100644 src/webui/app/helpers/platform_helper.rb create mode 100644 src/webui/app/helpers/project_helper.rb create mode 100644 src/webui/app/helpers/user_helper.rb create mode 100644 src/webui/app/models/package.rb create mode 100644 src/webui/app/models/person.rb create mode 100644 src/webui/app/models/platform.rb create mode 100644 src/webui/app/models/project.rb create mode 100644 src/webui/app/models/result.rb create mode 100644 src/webui/app/views/error.rhtml create mode 100644 src/webui/app/views/home/index.rhtml create mode 100644 src/webui/app/views/layouts/application.rhtml create mode 100644 src/webui/app/views/main/about.rhtml create mode 100644 src/webui/app/views/main/index.rhtml create mode 100644 src/webui/app/views/package/_update_build_log.rhtml create mode 100644 src/webui/app/views/package/add_file.rhtml create mode 100644 src/webui/app/views/package/add_person.rhtml create mode 100644 src/webui/app/views/package/edit.rhtml create mode 100644 src/webui/app/views/package/edit_spec.rhtml create mode 100644 src/webui/app/views/package/live_build_log.rhtml create mode 100644 src/webui/app/views/package/new.rhtml create mode 100644 src/webui/app/views/package/save.rhtml create mode 100644 src/webui/app/views/package/show.rhtml create mode 100644 src/webui/app/views/platform/edit.rhtml create mode 100644 src/webui/app/views/platform/list_all.rhtml create mode 100644 src/webui/app/views/platform/new.rhtml create mode 100644 src/webui/app/views/platform/show.rhtml create mode 100644 src/webui/app/views/project/_watch_link.rhtml create mode 100644 src/webui/app/views/project/add_person.rhtml create mode 100644 src/webui/app/views/project/add_target.rhtml create mode 100644 src/webui/app/views/project/edit.rhtml create mode 100644 src/webui/app/views/project/list_all.rhtml create mode 100644 src/webui/app/views/project/list_my.rhtml create mode 100644 src/webui/app/views/project/monitor.rhtml create mode 100644 src/webui/app/views/project/new.rhtml create mode 100644 src/webui/app/views/project/refresh_monitor.rhtml create mode 100644 src/webui/app/views/project/show.rhtml create mode 100644 src/webui/app/views/user/edit.rhtml create mode 100644 src/webui/app/views/user/login.rhtml create mode 100644 src/webui/app/views/user/logout.rhtml create mode 100644 src/webui/app/views/user/newaccount.rhtml create mode 100644 src/webui/config/boot.rb create mode 100644 src/webui/config/database.yml create mode 100644 src/webui/config/deploy.rb create mode 100644 src/webui/config/environment.rb create mode 100644 src/webui/config/environments/development.rb create mode 100644 src/webui/config/environments/production.rb create mode 100644 src/webui/config/environments/test.rb create mode 100644 src/webui/config/routes.rb create mode 100644 src/webui/doc/README_FOR_APP create mode 100644 src/webui/lib/tasks/switchtower.rake create mode 100644 src/webui/public/.htaccess create mode 100644 src/webui/public/404.html create mode 100644 src/webui/public/500.html create mode 100755 src/webui/public/dispatch.cgi create mode 100755 src/webui/public/dispatch.fcgi create mode 100755 src/webui/public/dispatch.rb create mode 100644 src/webui/public/favicon.ico create mode 100644 src/webui/public/images/accent.png create mode 100644 src/webui/public/images/bg-gradient.png create mode 100644 src/webui/public/images/logo-buildservice.png create mode 100644 src/webui/public/images/opensuse.gif create mode 100644 src/webui/public/images/rails.png create mode 100644 src/webui/public/javascripts/controls.js create mode 100644 src/webui/public/javascripts/dragdrop.js create mode 100644 src/webui/public/javascripts/effects.js create mode 100644 src/webui/public/javascripts/prototype.js create mode 100644 src/webui/public/robots.txt create mode 100644 src/webui/public/stylesheets/opensuse.css create mode 100755 src/webui/script/about create mode 100755 src/webui/script/breakpointer create mode 100755 src/webui/script/console create mode 100755 src/webui/script/destroy create mode 100755 src/webui/script/generate create mode 100755 src/webui/script/performance/benchmarker create mode 100755 src/webui/script/performance/profiler create mode 100755 src/webui/script/plugin create mode 100755 src/webui/script/process/reaper create mode 100755 src/webui/script/process/spawner create mode 100755 src/webui/script/process/spinner create mode 100755 src/webui/script/runner create mode 100755 src/webui/script/server create mode 100644 src/webui/test/fixtures/platforms.yml create mode 100644 src/webui/test/fixtures/users.yml create mode 100644 src/webui/test/functional/home_controller_test.rb create mode 100644 src/webui/test/functional/main_controller_test.rb create mode 100644 src/webui/test/functional/package_controller_test.rb create mode 100644 src/webui/test/functional/platform_controller_test.rb create mode 100644 src/webui/test/functional/project_controller_test.rb create mode 100644 src/webui/test/test_helper.rb create mode 100644 src/xml_bindings.txt diff --git a/src/README.devel b/src/README.devel new file mode 100644 index 0000000..5f58e8c --- /dev/null +++ b/src/README.devel @@ -0,0 +1,105 @@ + + + Setting up a development environment +-------------------------------- +To install ruby-on-rails, please install the rubygems package and +run: "gem install -y rails" to install the rails libs on your system. + +The frontend uses a MySQl backend. Please add the database +"frontend_development" with the scheme from frontend/config/db/create_mysql.sql +The database credentials can be set in frontend/config/database.yml +To run the frontends test framework, please add an empty database "frontend_test". + +There are 2 scripts in trunk/buildservice/src named 'start' and +'debug'. They need one parameter, which is one of (back|back_test|front|web). +'start' starts a WEBrick server, 'debug' starts the debugger +for the selected buildservice component. The scripts are there so +the lazy developers don't have to remember the correct ports for +server and debugger. + + + Generating the frontends API documentation +-------------------- +To generate the docu you need the ruby builder lib. +It can be installed with: "gem install builder" +The docu then can be generated with the command: + docs/architecture/rest_doc --html api.txt + + + + Using the debugger +-------------------- + +The debugger waits for connections from the corresponding application. +Such a connection is established as soon as the method 'breakpoint' is +called from within the application. The breakpoint method suspends +application flow and transfers control to the debugger, which opens +an irb shell in the context of the breakpoint call. For more information +on the debugger, see + +http://api.rubyonrails.com/classes/Breakpoint.html#M000833 + + + + Deployment +------------ + +Deploy locations: + +- backend + + +- backend-dummy + + server: buildservice.suse.de + path: /srv/www/opensuse/backend-dummy/ + + +- frontend + + server: buildservice.suse.de (internal), api.opensuse.org (external) + path: /srv/www/opensuse/frontend/ + + +- webclient + + server: buildservice.suse.de (internal), build.opensuse.org (external) + path: /srv/www/opensuse/webclient/ + + + +Prerequisites: + +Your public RSA key has to be in the authorized_keys file of user opensuse on +all servers (currently only api.opensuse.org). + +The buildservice uses Switchtower (http://manuals.rubyonrails.com/read/book/17) +for deployment. Before using the deploy scripts, the switchtower gem has to be +installed: + +%> gem install switchtower + + + +Preparing a server for the first deploy: + +In the four directories trunk/buildservice/srv/(backend-dummy|frontend|webclient|current), call: + +%> rake remote_exec ACTION=setup + + + +Deploying: + +If the frontend database schema has not changed since the last +deploy, just execute the 'deploy' script in trunk/buildservice/src. + +If the database schema has changed, use ./deploy as usual. After that, ssh to +buildserviceapi.suse.de and change the database. The schema is in the directory +/srv/www/opensuse/frontend/current/db. + +After the database is updated, restart the FastCGI processes: + +%> cd /srv/www/opensuse/frontend/current +%> script/process/reaper -d /srv/www/opensuse/frontend/current/public/dispatch.fcgi + diff --git a/src/TODO b/src/TODO new file mode 100644 index 0000000..804f7ba --- /dev/null +++ b/src/TODO @@ -0,0 +1,102 @@ +openSUSE Build Service Todo List +================================ + ++: High priority +o: Medium priority +-: Low priority + +Web Client +---------- + ++ Tests (tom) ++ Hide "new project" action for non-admin users ++ Don't show links to RPMs, if there are no RPMs built yet ++ Properly show build results (abauer) ++ Visual design (garrett) ++ Switch to migrations for database updates ++ Reenable platform editing +o Split packages in project display page to multiple pages +o Show projects of user and his role in the projects on user's hp +o Move user management for project/package/platform to partial (or component?) +o Editing project targets list +o Merge add_package and edit_package? +o Show build status per target +o Prevent new project names with spaces +o Handle error when backend can't be reached. +o Show titles in platform/projects lists. +o Show global news +o Show project news +- Editor spec file +- Edit persons for platforms + +Command Line Client +------------------- + ++ checkin, checkout (cwh) ++ show build status (cwh) +o local build + +Frontend +-------- + ++ Tests (tom) ++ Check permissions (freitag) ++ Adapt result handling to backend (cschum) ++ Tool to check API against specification (cschum) ++ Prevent project, package and platform names containing spaces, slashes or + colons ++ Escaping of paths ++ Caching of backend data (freitag) + + Query for projects per user ++ Fix error which makes frontend hang ++ Write useful logs + + apache-logs for every access (including user) (abauer) ++ Make sure that the API version is only defined at one place. ++ Store additional information for platforms ++ Get file list from directory listing +o Notification system +o Get permissions for a given user +o RSS feed for project news (newly built packages) +o Global RSS feed for all project news +- Load balancing for rpm downloads +- Admin interface for rpm load balancing +- New user invitation system + +Dummy Backend +------------- + + +Schemas +------- + +o Make types more specific (e.g. dates) +o Add documentation for attributes +o Add lists of possible values for build result error codes +o Add lists of possible values for build result status codes + + +Big Features +------------ + ++ Building additional packages for existing platforms +o Transfer changes and packages between projects +o Trust system +o Platform creation +o Link sources +o Add patches to linked sources + + +Deployment +---------- + ++ Make sure that the revision number in the about page reflects the global + revision of the web app. + + +Production Servers +------------------ + ++ move database to storage.opensuse.org ++ setup logrotate for server and debug logs ++ setup cronjob to remove session files +o different session storage? (database or memcached) diff --git a/src/api/README b/src/api/README new file mode 100644 index 0000000..cd9d0ff --- /dev/null +++ b/src/api/README @@ -0,0 +1,153 @@ +== Welcome to Rails + +Rails is a web-application and persistence framework that includes everything +needed to create database-backed web-applications according to the +Model-View-Control pattern of separation. This pattern splits the view (also +called the presentation) into "dumb" templates that are primarily responsible +for inserting pre-built data in between HTML tags. The model contains the +"smart" domain objects (such as Account, Product, Person, Post) that holds all +the business logic and knows how to persist themselves to a database. The +controller handles the incoming requests (such as Save New Account, Update +Product, Show Post) by manipulating the model and directing data to the view. + +In Rails, the model is handled by what's called an object-relational mapping +layer entitled Active Record. This layer allows you to present the data from +database rows as objects and embellish these data objects with business logic +methods. You can read more about Active Record in +link:files/vendor/rails/activerecord/README.html. + +The controller and view are handled by the Action Pack, which handles both +layers by its two parts: Action View and Action Controller. These two layers +are bundled in a single package due to their heavy interdependence. This is +unlike the relationship between the Active Record and Action Pack that is much +more separate. Each of these packages can be used independently outside of +Rails. You can read more about Action Pack in +link:files/vendor/rails/actionpack/README.html. + + +== Getting started + +1. Run the WEBrick servlet: <tt>ruby script/server</tt> (run with --help for options) + ...or if you have lighttpd installed: <tt>ruby script/lighttpd</tt> (it's faster) +2. Go to http://localhost:3000/ and get "Congratulations, you've put Ruby on Rails!" +3. Follow the guidelines on the "Congratulations, you've put Ruby on Rails!" screen + + +== Example for Apache conf + + + ServerName rails + DocumentRoot /path/application/public/ + ErrorLog /path/application/log/server.log + + + Options ExecCGI FollowSymLinks + AllowOverride all + Allow from all + Order allow,deny + </Directory> + </VirtualHost> + +NOTE: Be sure that CGIs can be executed in that directory as well. So ExecCGI +should be on and ".cgi" should respond. All requests from 127.0.0.1 go +through CGI, so no Apache restart is necessary for changes. All other requests +go through FCGI (or mod_ruby), which requires a restart to show changes. + + +== Debugging Rails + +Have "tail -f" commands running on both the server.log, production.log, and +test.log files. Rails will automatically display debugging and runtime +information to these files. Debugging info will also be shown in the browser +on requests from 127.0.0.1. + + +== Breakpoints + +Breakpoint support is available through the script/breakpointer client. This +means that you can break out of execution at any point in the code, investigate +and change the model, AND then resume execution! Example: + + class WeblogController < ActionController::Base + def index + @posts = Post.find_all + breakpoint "Breaking out from the list" + end + end + +So the controller will accept the action, run the first line, then present you +with a IRB prompt in the breakpointer window. Here you can do things like: + +Executing breakpoint "Breaking out from the list" at .../webrick_server.rb:16 in 'breakpoint' + + >> @posts.inspect + => "[#nil, \"body\"=>nil, \"id\"=>\"1\"}>, + #\"Rails you know!\", \"body\"=>\"Only ten..\", \"id\"=>\"2\"}>]" + >> @posts.first.title = "hello from a breakpoint" + => "hello from a breakpoint" + +...and even better is that you can examine how your runtime objects actually work: + + >> f = @posts.first + => #nil, "body"=>nil, "id"=>"1"}> + >> f. + Display all 152 possibilities? (y or n) + +Finally, when you're ready to resume execution, you press CTRL-D + + +== Console + +You can interact with the domain model by starting the console through script/console. +Here you'll have all parts of the application configured, just like it is when the +application is running. You can inspect domain models, change values, and save to the +database. Starting the script without arguments will launch it in the development environment. +Passing an argument will specify a different environment, like <tt>console production</tt>. + + +== Description of contents + +app + Holds all the code that's specific to this particular application. + +app/controllers + Holds controllers that should be named like weblog_controller.rb for + automated URL mapping. All controllers should descend from + ActionController::Base. + +app/models + Holds models that should be named like post.rb. + Most models will descend from ActiveRecord::Base. + +app/views + Holds the template files for the view that should be named like + weblog/index.rhtml for the WeblogController#index action. All views use eRuby + syntax. This directory can also be used to keep stylesheets, images, and so on + that can be symlinked to public. + +app/helpers + Holds view helpers that should be named like weblog_helper.rb. + +config + Configuration files for the Rails environment, the routing map, the database, and other dependencies. + +components + Self-contained mini-applications that can bundle together controllers, models, and views. + +lib + Application specific libraries. Basically, any kind of custom code that doesn't + belong under controllers, models, or helpers. This directory is in the load path. + +public + The directory available for the web server. Contains subdirectories for images, stylesheets, + and javascripts. Also contains the dispatchers and the default HTML files. + +script + Helper scripts for automation and generation. + +test + Unit and functional tests along with fixtures. + +vendor + External libraries that the application depends on. Also includes the plugins subdirectory. + This directory is in the load path. diff --git a/src/api/README_LOGIN b/src/api/README_LOGIN new file mode 100644 index 0000000..265259c --- /dev/null +++ b/src/api/README_LOGIN @@ -0,0 +1,119 @@ +== Installation + +Done generating the login system. but there are still a few things you have to +do manually. First open your application.rb and add + + require_dependency "login_system" + +to the top of the file and include the login system with + + include LoginSystem + +The beginning of your ApplicationController. +It should look something like this : + + require_dependency "login_system" + + class ApplicationController < ActionController::Base + include LoginSystem + model :user + +After you have done the modifications the the AbstractController you can import +the user model into the database. This model is meant as an example and you +should extend it. If you just want to get things up and running you can find +some create table syntax in db/user_model.sql. + +The model :user is required when you are hitting problems to the degree of +"Session could not be restored becuase not all items in it are known" + +== Requirements + +You need a database table corresponding to the User model. + + mysql syntax: + CREATE TABLE users ( + id int(11) NOT NULL auto_increment, + login varchar(80) default NULL, + password varchar(40) default NULL, + PRIMARY KEY (id) + ); +  + postgres : + CREATE TABLE "users" ( +  "id" SERIAL NOT NULL UNIQUE, +  "login" VARCHAR(80), +  "password" VARCHAR, +  PRIMARY KEY("id") + ) WITH OIDS; + + + sqlite: + CREATE TABLE 'users' ( + 'id' INTEGER PRIMARY KEY NOT NULL, + 'user' VARCHAR(80) DEFAULT NULL, + 'password' VARCHAR(40) DEFAULT NULL + ); + +Of course your user model can have any amount of extra fields. This is just a +starting point + +== How to use it + +Now you can go around and happily add "before_filter :login_required" to the +controllers which you would like to protect. + +After integrating the login system with your rails application navigate to your +new controller's signup method. There you can create a new account. After you +are done you should have a look at your DB. Your freshly created user will be +there but the password will be a sha1 hashed 40 digit mess. I find this should +be the minimum of security which every page offering login&password should give +its customers. Now you can move to one of those controllers which you protected +with the before_filter :login_required snippet. You will automatically be re- +directed to your freshly created login controller and you are asked for a +password. After entering valid account data you will be taken back to the +controller which you requested earlier. Simple huh? + +== Tips & Tricks + +How do I... + + ... access the user who is currently logged in + + A: You can get the user object from the session using @session['user'] + Example: + Welcome <%= @session[:user].name %> + + ... restrict access to only a few methods? + + A: Use before_filters build in scoping. + Example: + before_filter :login_required, :only => [:myaccount, :changepassword] + before_filter :login_required, :except => [:index] + + ... check if a user is logged-in in my views? + + A: @session[:user] will tell you. Here is an example helper which you can use to make this more pretty: + Example: + def user? + !@session[:user].nil? + end + + ... return a user to the page they came from before logging in? + + A: The user will be send back to the last url which called the method "store_location" + Example: + User was at /articles/show/1, wants to log in. + in articles_controller.rb, add store_location to the show function and send the user + to the login form. + After he logs in he will be send back to /articles/show/1 + + +You can find more help at http://wiki.rubyonrails.com/rails/show/LoginGenerator + +== Changelog + +1.1.0 Major security bugfix and modernisation +1.0.5 Bugfix in generator code +1.0.2 Updated the readme with more tips&tricks +1.0.1 Fixed problem in the readme +1.0.0 First gem release \ No newline at end of file diff --git a/src/api/Rakefile b/src/api/Rakefile new file mode 100644 index 0000000..cffd19f --- /dev/null +++ b/src/api/Rakefile @@ -0,0 +1,10 @@ +# Add your own tasks in files placed in lib/tasks ending in .rake, +# for example lib/tasks/switchtower.rake, and they will automatically be available to Rake. + +require(File.join(File.dirname(__FILE__), 'config', 'boot')) + +require 'rake' +require 'rake/testtask' +require 'rake/rdoctask' + +require 'tasks/rails' \ No newline at end of file diff --git a/src/api/app/controllers/about_controller.rb b/src/api/app/controllers/about_controller.rb new file mode 100644 index 0000000..594f3e6 --- /dev/null +++ b/src/api/app/controllers/about_controller.rb @@ -0,0 +1,7 @@ +class AboutController < ApplicationController + + def index + @api_revision = "0.1" + end + +end diff --git a/src/api/app/controllers/admin_controller.rb b/src/api/app/controllers/admin_controller.rb new file mode 100644 index 0000000..2a47544 --- /dev/null +++ b/src/api/app/controllers/admin_controller.rb @@ -0,0 +1,29 @@ +class AdminController < ApplicationController + + layout "html" + + def list_sources + @files = [] + read_dir( "data" ) + end + + hide_action :read_dir + def read_dir( dir ) + d = Dir.new( dir ) + d.each { |entry| + if ( entry == "." || entry == ".." ) + next + end + path = dir + "/" + entry + @files.push path + if File.directory?( path ) + read_dir( path ) + end + } + end + + def say_hello + render( :layout => false ) + end + +end diff --git a/src/api/app/controllers/apidocs_controller.rb b/src/api/app/controllers/apidocs_controller.rb new file mode 100644 index 0000000..1ce7e51 --- /dev/null +++ b/src/api/app/controllers/apidocs_controller.rb @@ -0,0 +1,29 @@ +class ApidocsController < ApplicationController + + @@apidocsbase = File.expand_path(APIDOCS_LOCATION)+"/" + + def index + logger.debug "PATH: #{request.path}" + if ( request.path !~ /\/$/ ) + redirect_to "/apidocs/" + else + filename = @@apidocsbase + "index.html" + if ( !File.exist?( filename ) ) + render_text "Error" + else + render( :file => filename, :layout => "html" ) + end + end + end + + def method_missing symbol, *args + file = symbol.id2name + if ( file =~ /\.(xml|xsd)$/ ) + send_file( @@apidocsbase + file, :type => "text/xml", + :disposition => "inline" ) + else + super symbol, *args + end + end + +end diff --git a/src/api/app/controllers/application.rb b/src/api/app/controllers/application.rb new file mode 100644 index 0000000..17ec2f4 --- /dev/null +++ b/src/api/app/controllers/application.rb @@ -0,0 +1,143 @@ +# Filters added to this controller will be run for all controllers in the application. +# Likewise, all the methods added will be available for all controllers. + +# RAILS_ROOT is not working directory when running under lighttpd, so it has +# to be added to load path +$LOAD_PATH.unshift RAILS_ROOT +require 'components/active_rbac/helpers/rbac_helper' +require_dependency 'opensuse/permission' +require_dependency 'opensuse/backend' +require_dependency 'opensuse/validator' + +class ApplicationController < ActionController::Base + # Do never use a layout here since that has impact on every + # controller in frontend. + + session_options[:prefix] = "ruby_frontend_sess." + session_options[:session_key] = "opensuse_frontend_session" + @user_permissions = nil + + helper RbacHelper + + before_filter :extract_user, :setup_backend, :validate + + def extract_user + @http_user = nil; + + authorization = request.env[ "HTTP_AUTHORIZATION" ] + + logger.debug( "AUTH: #{authorization}" ) + + if authorization and authorization =~ /^\s*Basic / + authorization.sub!( /^\s*Basic /, '' ) + # logger.debug( "AUTH2: #{authorization}" ) + + userpass = Base64.decode64( authorization ).split(/:/) + if userpass + login = userpass[0] + passwd = userpass[1] + end + else + logger.debug "no authentication string was sent" + render_error( :message => "Authentication required", :status => 401 ) and return false + end + + if login + @http_user = User.find_with_credentials login, passwd + if @http_user.nil? + render_error( :message => "Unknown user: #{login}\n", :status => 401 ) and return false + else + logger.debug "USER found: #{@http_user.login}" + @user_permissions = Suse::Permission.new( @http_user ) + end + end + end + + def setup_backend + if @http_user + logger.debug "User for source backend config: <#{@http_user.source_host}>" + if @http_user.source_host && !@http_user.source_host.empty? + Suse::Backend.source_host = @http_user.source_host + end + + if @http_user.source_port + Suse::Backend.source_port = @http_user.source_port + end + + logger.debug "User for rpm backend config: <#{@http_user.rpm_host}>" + if @http_user.rpm_host && !@http_user.rpm_host.empty? + Suse::Backend.rpm_host = @http_user.rpm_host + end + + if @http_user.rpm_port + Suse::Backend.rpm_port = @http_user.rpm_port + end + + logger.debug "SETUP_SOURCE_BACKEND #{@http_user.source_host}:#{@http_user.source_port}" + logger.debug "SETUP_RPM_BACKEND #{@http_user.source_host}:#{@http_user.source_port}" + end + end + + def validate + return true unless request.put? + Suse::Validator.new(params).validate(request.raw_post) + true + end + + def forward_data( path, opt={} ) + response = Suse::Backend.get( path, opt ) + send_data( response.body, :type => response.fetch( "content-type" ), + :disposition => "inline" ) + end + + def rescue_action_in_public( exception ) + #FIXME: not all exceptions are caught by this method + case exception + when ::Suse::Backend::HTTPError + response = exception.message + case response + when Net::HTTPForbidden + message = "Permission Denied" + else + message = "Backend Error: #{response.code}" + end + render_error :message => message, :status => response.code + return true + end + render_error :exception => exception + end + + def local_request? + false + end + + def permissions + return @user_permissions + end + + def render_error( opt = {} ) + @errorcode = 500 + + if opt[:status] + @errorcode = opt[:status] + if @errorcode.to_i == 401 + response.headers["WWW-Authenticate"] = 'basic realm="Frontend login"' + end + end + + @summary = "Internal Server Error" + if opt[:message] + @summary = opt[:message] + end + + if opt[:exception] + @exception = opt[:exception ] + end + + render :template => 'error', :status => @errorcode + end + + def render_ok + render :nothing => true + end +end diff --git a/src/api/app/controllers/main_controller.rb b/src/api/app/controllers/main_controller.rb new file mode 100644 index 0000000..305e82c --- /dev/null +++ b/src/api/app/controllers/main_controller.rb @@ -0,0 +1,5 @@ +class MainController < ApplicationController + + layout "html" + +end diff --git a/src/api/app/controllers/person_controller.rb b/src/api/app/controllers/person_controller.rb new file mode 100644 index 0000000..75c41f2 --- /dev/null +++ b/src/api/app/controllers/person_controller.rb @@ -0,0 +1,99 @@ +class PersonController < ApplicationController + + def userinfo + if !@http_user + logger.debug "No user logged in, permission to userinfo denied" + @errorcode = 401 + @summary = "No user logged in, permission to userinfo denied" + render :template => 'error', :status => 401 + else + if request.get? + if params[:login] + logger.debug "Generating for user from parameter #{params[:login]}" + @render_user = User.find_by_login( params[:login] ) + if ! @render_user + logger.debug "User is not valid!" + #FIXME: proper error returnage needed + @errorcode = 442 + @summary = "Unknown user: #{params[:login]}" + render :template => 'error', :status => 442 + end + else + logger.debug "Generating user info for logged in user #{@http_user.login}" + @render_user = @http_user + end + # see the corresponding view users.rxml that generates a xml + # response for the caller. + + elsif request.put? + user = @http_user + if params[:login] + user = User.find_by_login( params[:login] ) + if user.login != @http_user.login + # TODO: check permission to update someone elses info + if @http_user.has_permission "Userinfo_Admin" + # ok, may update user info + else + logger.debug "User has no permission to change userinfo" + @errorcode = 442 + @summary = "no permission to change userinfo for user #{user.login}" + render :template => 'error', :status => 401 + end + end + end + + if user + xml = REXML::Document.new( request.raw_post ) + + logger.debug( "XML: #{request.raw_post}" ) + + realname = xml.elements["/person/realname"] + user.realname = realname.text + + e = xml.elements["/person/source_backend"] + if ( e ) + user.source_host = e.elements['host'].text + user.source_port = e.elements['port'].text + end + + e = xml.elements["/person/rpm_backend"] + if ( e ) + user.rpm_host = e.elements['host'].text + user.rpm_port = e.elements['port'].text + end + + update_watchlist( user, xml ) + + user.save + @render_user = user + else + logger.debug "No valid user object" + end + end + end + end + + def update_watchlist( user, xml ) + new_watchlist = [] + old_watchlist = [] + + xml.elements.each("/person/watchlist/project") do |e| + new_watchlist << e.attributes['name'] + end + + user.watched_projects.each do |wp| + old_watchlist << wp.name + end + add_to_watchlist = new_watchlist.collect {|i| old_watchlist.include?(i) ? nil : i}.compact + remove_from_watchlist = old_watchlist.collect {|i| new_watchlist.include?(i) ? nil : i}.compact + + remove_from_watchlist.each do |name| + WatchedProject.find_by_name( name, :conditions => "user_id = #{user.id}" ).destroy + end + + add_to_watchlist.each do |name| + user.watched_projects << WatchedProject.new( :name => name ) + end + true + end +end diff --git a/src/api/app/controllers/platform_controller.rb b/src/api/app/controllers/platform_controller.rb new file mode 100644 index 0000000..294ed91 --- /dev/null +++ b/src/api/app/controllers/platform_controller.rb @@ -0,0 +1,60 @@ +require 'opensuse/backend' + +class PlatformController < ApplicationController + + def index + s = "" + out = Builder::XmlMarkup.new( :target => s ) + out.directory do + response = Suse::Backend.get( "/platform/" ) + directory = REXML::Document.new( response.body ) + directory.elements.each( "/directory/entry" ) do |entry| + project_name = entry.attributes[ "name" ] + if ( project_name ) + entry_response = Suse::Backend.get( "/platform/" + project_name ) + entry = REXML::Document.new( entry_response.body ) + entry.elements.each( "/directory/entry" ) do |e| + repository_name = e.attributes[ "name" ] + if ( repository_name ) + out.entry( "name" => project_name + "/" + repository_name ) + end + end + end + end + end + + send_data( s, :type => "text/xml", :disposition => "inline" ) + end + + def project + forward_data( "/platform/" + params[:project] ) + end + + def repository + repository = params[ :repository ] + project = params[ :project ] + + if ( !repository || !project ) + redirect_to :index + return + else + path = "/platform/" + project + "/" + repository + + if request.get? + forward_data( path ) + return + elsif request.put? + response = Suse::Backend.put( path, request.raw_post ) + case response + when Net::HTTPSuccess, Net::HTTPRedirection + render_text( "Ok" ) + return + else + render_text( "Error: " + response.error! ) + return + end + end + end + end + +end diff --git a/src/api/app/controllers/result_controller.rb b/src/api/app/controllers/result_controller.rb new file mode 100644 index 0000000..288bb44 --- /dev/null +++ b/src/api/app/controllers/result_controller.rb @@ -0,0 +1,107 @@ +require 'rexml/document' + +class ResultController < ApplicationController + + def index + render_text( "Results Index" ) + end + + def projectresult + @project = params[:project] + + response = Suse::Backend.get_project_result( @project ) + + @repository_status = Hash.new + + result = REXML::Document.new( response.body ).root + result.elements["/statussumlist"].elements.each do |s| + status = s.attributes["status"] + if status + arch_name = s.attributes["name"] + arch_name =~ /.*\/(.*)\/(.*)/ + repository = $1 + arch = $2 + if ( repository != ":all" ) + @arch_status = @repository_status[ repository ] + if ( !@arch_status ) + @arch_status = Hash.new + end + @arch_status[ arch ] = status + @repository_status[ repository ] = @arch_status + end + + if( repository == ":all" && arch == ":all" ) + @succeeded = s.attributes["succeeded"] + @rpms = s.attributes["rpms"] + @building = s.attributes["building"] + @delayed = s.attributes["delayed"] + @status = status + end + end + end + + end + + def packageresult + @project = params[:project] + @repository = params[:platform] + @package = params[:package] + + response = Suse::Backend.get_package_result( @project, @repository, @package ) + + @arch_status = Hash.new + @arch_rpms = Hash.new + + result = REXML::Document.new( response.body ).root + result.elements["/statussumlist"].elements.each do |s| + status = s.attributes["status"] + if status + arch_name = s.attributes["name"] + arch_name =~ /.*\/.*\/(.*)/ + arch = $1 + @arch_status[ arch ] = status + + rpm_response = Suse::Backend.get_rpmlist( @project, @repository, + @package, arch ) + rpms = Array.new + rpm_result = REXML::Document.new( rpm_response.body ).root + rpm_result.elements["/rpmlist"].elements.each do |r| + rpms.push r.attributes["filename"] + end + + @arch_rpms[ arch ] = rpms + + else + @succeeded = s.attributes["succeeded"] + @failed = s.attributes["failed"] + end + end + + if @failed == "0" + @status = "suceeded" + elsif @succeeded == "0" + @status = "failed" + else + @status = "partiallyfailed" + end + + end + + def log + @project = params[:project] + @repository = params[:platform] + @package = params[:package] + @arch = params[:arch] + + if( params[:nostream] ) + start = params[:start] or 0 + response = Suse::Backend.get_log_chunk( @project, @repository, @package, @arch, start ) + else + response = Suse::Backend.get_log( @project, @repository, @package, @arch ) + end + send_data( response.body, :type => "text/plain", + :disposition => "inline" ) + + end + +end diff --git a/src/api/app/controllers/rpm_controller.rb b/src/api/app/controllers/rpm_controller.rb new file mode 100644 index 0000000..b92c3ce --- /dev/null +++ b/src/api/app/controllers/rpm_controller.rb @@ -0,0 +1,28 @@ +class RpmController < ApplicationController + + def index + render_text( "RPMs Index" ) + end + + def file + repository = params[ :repository ] + project = params[ :project ] + arch = params[ :arch ] + package = params[ :package ] + file = params[ :file ] + + if ( !repository || !project || !file || !arch ) + render_text( "Error in URL to RPM" ) + return + end + + path = "/rpm/" + project + "/" + repository + "/" + arch + "/" + package + + "/" + file + if request.get? + response = Suse::Backend.get_rpm( path ) + send_data( response.body, :type => response.fetch( "content-type" ), + :disposition => "inline" ) + end + end + +end diff --git a/src/api/app/controllers/source_controller.rb b/src/api/app/controllers/source_controller.rb new file mode 100644 index 0000000..234a436 --- /dev/null +++ b/src/api/app/controllers/source_controller.rb @@ -0,0 +1,188 @@ +require "rexml/document" + +class SourceController < ApplicationController + #TODO: nearly all validations fail, uncomment lines to activate validation + #validate_action :index => :directory, :packagelist => :directory, :filelist => :directory + #validate_action :project_meta => :project, :package_meta => :package + + + def index + projectlist + end + + def projectlist + forward_data "/source" + end + + def index_project + project = params[:project] + forward_data "/source/#{project}" + end + + def index_package + project = params[:project] + package = params[:package] + if request.get? + forward_data "/source/#{project}/#{package}" + elsif request.post? + specfile_path = "/source/#{project}/#{package}/#{package}.spec" + begin + Suse::Backend.get( specfile_path ) + render_error "status" => 403, "summary" => "SPEC file already exists." + rescue Suse::Backend::NotFoundError + specfile = File.read "#{RAILS_ROOT}/files/specfiletemplate" + Suse::Backend.put_source( specfile_path, specfile ) + end + render_ok + end + end + + def project_meta + project = params[:project] + path = "/source/#{project}/_meta" + + request_data = request.raw_post + + if request.get? + forward_data path + elsif request.put? + # Need permission + logger.debug "Checking permission for the put" + allowed = false + begin + # Try to fetch the project to see if it already exists + response = Suse::Backend.get( path ) + + # Being here means that the project already exists + allowed = permissions.project_change? project + rescue Suse::Backend::NotFoundError + # Ok, the project is new + allowed = permissions.global_project_create + + if allowed + # This is a new project. Add the logged in user as maintainer + request_data = check_and_add_maintainer request_data, "project" + logger.debug "Added maintainer to new project, xml is now #{request_data}" + else + # User is not allowed by global permission. + logger.debug "Not allowed to create new packages" + end + end + + logger.debug response + + if allowed + response = Suse::Backend.put_source path, request_data + render_ok + else + logger.debug "No permissions to PUT on #{path}" + render_error( :message => "Permission Denied", :status => 403 ) + end + else + #neither put nor post + #TODO: return correct error code + render_error :message => "Illegal request: POST #{path}", :status => 500 + end + end + + def package_meta + project = params[:project] + package = params[:package] + path = "/source/#{project}/#{package}/_meta" + + if request.get? + response = Suse::Backend.get( path ) + + result = REXML::Document.new( response.body ).root + package_element = result.elements["/package"] + @name = package_element.attributes["name"] + @description = package_element.elements["description"].text + @title = package_element.elements["title"].text + + @persons = Array.new + result.each_element('person') do |p| + person = Hash.new + person[ "userid" ] = p.attributes["userid"] + person[ "role" ] = p.attributes["role"] + @persons.push person + end + + @files = Array.new + result.each_element('file') do |p| + file = Hash.new + file[ "filetype" ] = p.attributes["filetype"] + file[ "filename" ] = p.attributes["filename"] + @files.push file + end + elsif request.put? + allowed = false + request_data = request.raw_post + begin + # Try to fetch the package to see if it already exists + response = Suse::Backend.get( path ) + + # Being here means that the project already exists + allowed = permissions.package_change? project, package + rescue Suse::Backend::NotFoundError + # Ok, the project is new + allowed = permissions.package_create?( project ) + + if allowed + request_data = check_and_add_maintainer request_data, "package" + else + # User is not allowed by global permission. + logger.debug "Not allowed to create new packages" + end + end + + if allowed + Suse::Backend.put_source path, request_data + render_ok + else + logger.debug "No permission to PUT on #{path}" + render_error( :message => "Permission Denied on package", :status => 403 ) + end + else + # neither put nor post + #TODO: return correct error code + render_error :message => "Illegal request: POST #{path}", :status => 500 + end + end + + def file + project = params[ :project ] + package = params[ :package ] + file = params[ :file ] + + path = "/source/#{project}/#{package}/#{file}" + + if request.get? + forward_data path + elsif request.put? + allowed = permissions.package_change? project, package + if allowed + Suse::Backend.put_source path, request.raw_post + render_ok + else + render_error :message => "Permission denied on package write file", :status => 403 + end + end + end + + private + + def check_and_add_maintainer( data, topelem ) + doc = REXML::Document.new( data ) + # logger.debug "The XML Document: " + doc.to_s + root = doc.root + elem = doc.elements["#{topelem}/person[@role='maintainer']"] + + unless elem + person_elem = doc.elements[topelem].add_element "person" + + person_elem.attributes["userid"] = @http_user.login + person_elem.attributes["role"] = "maintainer" + end + return doc.to_s + end +end diff --git a/src/api/app/helpers/about_helper.rb b/src/api/app/helpers/about_helper.rb new file mode 100644 index 0000000..68e69ae --- /dev/null +++ b/src/api/app/helpers/about_helper.rb @@ -0,0 +1,2 @@ +module AboutHelper +end diff --git a/src/api/app/helpers/admin_helper.rb b/src/api/app/helpers/admin_helper.rb new file mode 100644 index 0000000..d5c6d35 --- /dev/null +++ b/src/api/app/helpers/admin_helper.rb @@ -0,0 +1,2 @@ +module AdminHelper +end diff --git a/src/api/app/helpers/apidocs_helper.rb b/src/api/app/helpers/apidocs_helper.rb new file mode 100644 index 0000000..f7e8190 --- /dev/null +++ b/src/api/app/helpers/apidocs_helper.rb @@ -0,0 +1,2 @@ +module ApidocsHelper +end diff --git a/src/api/app/helpers/application_helper.rb b/src/api/app/helpers/application_helper.rb new file mode 100644 index 0000000..0403584 --- /dev/null +++ b/src/api/app/helpers/application_helper.rb @@ -0,0 +1,4 @@ +# Methods added to this helper will be available to all templates in the application. +module ApplicationHelper + +end diff --git a/src/api/app/helpers/main_helper.rb b/src/api/app/helpers/main_helper.rb new file mode 100644 index 0000000..826effe --- /dev/null +++ b/src/api/app/helpers/main_helper.rb @@ -0,0 +1,2 @@ +module MainHelper +end diff --git a/src/api/app/helpers/person_helper.rb b/src/api/app/helpers/person_helper.rb new file mode 100644 index 0000000..f5c74cd --- /dev/null +++ b/src/api/app/helpers/person_helper.rb @@ -0,0 +1,2 @@ +module PersonHelper +end diff --git a/src/api/app/helpers/platform_helper.rb b/src/api/app/helpers/platform_helper.rb new file mode 100644 index 0000000..20396a1 --- /dev/null +++ b/src/api/app/helpers/platform_helper.rb @@ -0,0 +1,2 @@ +module PlatformHelper +end diff --git a/src/api/app/helpers/result_helper.rb b/src/api/app/helpers/result_helper.rb new file mode 100644 index 0000000..70e46e6 --- /dev/null +++ b/src/api/app/helpers/result_helper.rb @@ -0,0 +1,2 @@ +module ResultHelper +end diff --git a/src/api/app/helpers/rpm_helper.rb b/src/api/app/helpers/rpm_helper.rb new file mode 100644 index 0000000..36e7daf --- /dev/null +++ b/src/api/app/helpers/rpm_helper.rb @@ -0,0 +1,2 @@ +module RpmHelper +end diff --git a/src/api/app/helpers/source_helper.rb b/src/api/app/helpers/source_helper.rb new file mode 100644 index 0000000..2f7efc3 --- /dev/null +++ b/src/api/app/helpers/source_helper.rb @@ -0,0 +1,2 @@ +module SourceHelper +end diff --git a/src/api/app/models/watched_project.rb b/src/api/app/models/watched_project.rb new file mode 100644 index 0000000..d472b5e --- /dev/null +++ b/src/api/app/models/watched_project.rb @@ -0,0 +1,3 @@ +class WatchedProject < ActiveRecord::Base + belongs_to :user +end diff --git a/src/api/app/views/about/index.rxml b/src/api/app/views/about/index.rxml new file mode 100644 index 0000000..ecd8e14 --- /dev/null +++ b/src/api/app/views/about/index.rxml @@ -0,0 +1,6 @@ +xml.about do + xml.title "openSUSE API" + xml.description "API to the openSUSE Build Service" + xml.revision @api_revision + xml.documentation :type => "text/html", :url => apidocs_url( :controller => "apidocs" ) +end diff --git a/src/api/app/views/admin/index.rhtml b/src/api/app/views/admin/index.rhtml new file mode 100644 index 0000000..5c87bb6 --- /dev/null +++ b/src/api/app/views/admin/index.rhtml @@ -0,0 +1,11 @@ +<h2>Administrator Tasks</h2> + + + <ul style="list-style: none; border: 1px solid #e0e0e0; padding: 1em; background: #f0f0f0;"> + <li><%= link_to 'User Management', :controller => '/active_rbac/user' %></li> + <li><%= link_to 'Group Management', :controller => '/active_rbac/group' %></li> + <li><%= link_to 'Role Management', :controller => '/active_rbac/role' %></li> + <li><%= link_to 'Permission Management', :controller => '/active_rbac/static_permission' %></li> + </ul> + + diff --git a/src/api/app/views/admin/list_sources.rhtml b/src/api/app/views/admin/list_sources.rhtml new file mode 100644 index 0000000..b870aa5 --- /dev/null +++ b/src/api/app/views/admin/list_sources.rhtml @@ -0,0 +1,5 @@ +<h2>All Sources</h2> + +<% for file in @files %> +<%= file %>
+<% end %> diff --git a/src/api/app/views/admin/say_hello.rhtml b/src/api/app/views/admin/say_hello.rhtml new file mode 100644 index 0000000..8006044 --- /dev/null +++ b/src/api/app/views/admin/say_hello.rhtml @@ -0,0 +1 @@ +<em>Hello from Ajax!</em> (Session ID is <%= session.session_id %>) diff --git a/src/api/app/views/error.rxml b/src/api/app/views/error.rxml new file mode 100644 index 0000000..3656c92 --- /dev/null +++ b/src/api/app/views/error.rxml @@ -0,0 +1,16 @@ +xml.instruct! +xml.error do + xml.code( @errorcode ) + xml.summary( @summary ) + if( @exception ) + xml.exception do + xml.type( @exception.class.name ) + xml.message( @exception.message ) + xml.backtrace do + @exception.backtrace.each do |line| + xml.line( line ) + end + end + end + end +end diff --git a/src/api/app/views/layouts/html.rhtml b/src/api/app/views/layouts/html.rhtml new file mode 100644 index 0000000..06134ac --- /dev/null +++ b/src/api/app/views/layouts/html.rhtml @@ -0,0 +1,36 @@ +<html> +<head> + <title>openSUSE Build Service Frontend</title> + <%= stylesheet_link_tag "opensuse", :media => "all" %> +</head> +<body> +<div id="banner"> + <div id="innerbanner"> + <div id="logo"><img src="/images/opensuse.gif"/></div> + <div id="title">Frontend</div> + </div> +</div> + + <div id="main"> + <% if flash[:note] %> + <div id="notice"><%= flash[:note] %></div> + <% end %> + <% if flash[:error] %> + <div id="error"><%= flash[:error] %></div> + <% end %> + <%= @content_for_layout %> + </div> + <div id="bottom"> + <a href="http://build.opensuse.org">Build Service Web Client</a> | + <%= link_to "Frontend Startpage", :controller => "main", + :action => "index" %> | + <a href="http://www.opensuse.org">openSUSE Home</a> + <br/> + Logged in as <%= current_user.login %> + <% if current_user.login == "Anonymous" %> + <%= link_to "Login", :controller => "login", :action => "login" %> + <% else %> + <%= link_to "Logout", :controller => "login", :action => "logout" %> + <% end %> + + </div> diff --git a/src/api/app/views/main/index.rhtml b/src/api/app/views/main/index.rhtml new file mode 100644 index 0000000..eebda96 --- /dev/null +++ b/src/api/app/views/main/index.rhtml @@ -0,0 +1,19 @@ +<p> +<%= link_to "openSUSE API Documentation", { :controller => "apidocs" } %> +</p> + +<% if current_user.has_permission( "Permission_Admin" ) %> +<p> + <%= link_to "Admin Interface", { :controller => "admin" } %> +</p> +<% end %> + +<p> +<% if current_user.login == "Anonymous" %> + <%= link_to "Create Account", { :controller => "register" } %> +<% else %> + <%= link_to "User Management", { :controller => "arbac/user", :action => "list" } %> +<% end %> +</p> + +<p><a href="http://build.opensuse.org">Go back to openSUSE Build Service web client</a></p> diff --git a/src/api/app/views/person/userinfo.rxml b/src/api/app/views/person/userinfo.rxml new file mode 100644 index 0000000..ffd817b --- /dev/null +++ b/src/api/app/views/person/userinfo.rxml @@ -0,0 +1,23 @@ +xml.person do + xml.login @render_user.login + xml.email @render_user.email + xml.realname @render_user.realname + + xml.source_backend do + xml.host @render_user.source_host + xml.port @render_user.source_port + end + + xml.rpm_backend do + xml.host @render_user.rpm_host + xml.port @render_user.rpm_port + end + + if( @render_user.watched_projects.count > 0 ) + xml.watchlist do + @render_user.watched_projects.each do |wp| + xml.project :name => wp.name + end + end + end +end diff --git a/src/api/app/views/result/packageresult.rxml b/src/api/app/views/result/packageresult.rxml new file mode 100644 index 0000000..6d5a370 --- /dev/null +++ b/src/api/app/views/result/packageresult.rxml @@ -0,0 +1,16 @@ +xml.packageresult( "project" => @project, "repository" => @repository, + "package" => @package ) do + xml.date( Time.now ) + xml.status( "code" => @status ) do + xml.packagecount( @succeeded, "state" => "succeeded" ) + xml.packagecount( @failed, "state" => "failed" ) + end + @arch_status.each do | a, s | + xml.archresult( "arch" => a ) do + xml.status( "code" => s ) + @arch_rpms[ a ].each do |r| + xml.rpm( "filename" => r ) + end + end + end +end diff --git a/src/api/app/views/result/projectresult.rxml b/src/api/app/views/result/projectresult.rxml new file mode 100644 index 0000000..f4d1167 --- /dev/null +++ b/src/api/app/views/result/projectresult.rxml @@ -0,0 +1,18 @@ +xml.projectresult( "project" => @project ) do + xml.date( Time.now ) + xml.status( "code" => @status ) do + xml.packagecount( @succeeded, "state" => "succeeded" ) + xml.packagecount( @rpms, "state" => "rpms" ) + xml.packagecount( @building, "state" => "building" ) + xml.packagecount( @delayed, "state" => "delayed" ) + end + @repository_status.each do | r, arch_status | + xml.repositoryresult( "name" => r ) do + arch_status.each do | a, s | + xml.archresult( "arch" => a ) do + xml.status( "code" => s ) + end + end + end + end +end diff --git a/src/api/app/views/source/_meta.rhtml b/src/api/app/views/source/_meta.rhtml new file mode 100644 index 0000000..66c4f95 --- /dev/null +++ b/src/api/app/views/source/_meta.rhtml @@ -0,0 +1,10 @@ +<body bgcolor="a00000"> +<h1>Meta</h1> +Request: <%= request.method %> +<br/> +Parameters: <%= debug(params) %> +<br/> +Path: <%= request.path %> +<br/> +Project: <%= params['project'] %> +</body> diff --git a/src/api/app/views/source/package_meta.rxml b/src/api/app/views/source/package_meta.rxml new file mode 100644 index 0000000..324093f --- /dev/null +++ b/src/api/app/views/source/package_meta.rxml @@ -0,0 +1,10 @@ +xml.package( "name" => @name ) do + xml.title @title + xml.description @description + @persons.each do |p| + xml.person( "userid" => p["userid"], "role" => p["role"] ) + end + @files.each do |f| + xml.file( "filetype" => f["filetype"], "filename" => f["filename"] ) + end +end diff --git a/src/api/components/active_rbac/CHANGELOG b/src/api/components/active_rbac/CHANGELOG new file mode 100644 index 0000000..5c064cf --- /dev/null +++ b/src/api/components/active_rbac/CHANGELOG @@ -0,0 +1,27 @@ +*SVN* + +*0.2.1* + +* Fixing documentation error (#81) +* Fixing documentation of the ImportCmsSchema migration (#67) + +*0.2* + +* Adding "salt" to the user table and passwords are salted now. +* Changing fixtures to use "--- !omap" instead of "--- !!omap" which seems to make them workw ith 0.14.2 RoR. +* Fixing a bug related to custom "parent=" methods in Role and Group. +* Making active_rbac compatible to RoR 0.14.2 (1.0RC3) +* Adding ComponentController that solves the "configuration vanishes after reload" issue and makes configuration handling more consistent. +* Merged the GET/POST differentiation of RegistrationController and LoginController. The actions available are now: login, logout for LoginController and register, lostpassword and confirm for RegistrationController. +* Using Unicode explicitely in the creation SQL scripts for MySQL now. +* We are using transactional fixtures now. +* Renamed UserTest in user_registration_test.rb to UserRegistrationTest.rb. "rake test_components" works now properly. +* Adding HOWTO: How To Allow User Login With Other States +* Developers can now override User.state_allows_login?(state) to implement their own login logic. +* Adding HOWTO: How To Change The State Workflow +* Adding HOWTO: How To Add Fields To The Registration Form +* Adding HOWTO file +* Adding support for additional fields to the configuration class. +* Moving constant User::STATES.states to the method User.states + +*0.1* diff --git a/src/api/components/active_rbac/component_controller.rb b/src/api/components/active_rbac/component_controller.rb new file mode 100644 index 0000000..a66c2ad --- /dev/null +++ b/src/api/components/active_rbac/component_controller.rb @@ -0,0 +1,24 @@ +require_dependency 'active_rbac/configuration' + +# All controllers in ActiveRBAC extend this controller. Currently, it only +# provides the method config to access ActiveRBAC's configuration. +class ActiveRbac::ComponentController < ApplicationController + + protected + + # This method returns the config class. See this + # class' documentation about the details of the various configuration + # options. + # + # Example: + # + # class ActiveRbac::GroupController < ActiveRbac::ComponentController + # layout config.controller[:layout] + # end + def self.config + ActiveRbac::Configuration + end + + # An alias to self.config + def config; self.class.config; end +end \ No newline at end of file diff --git a/src/api/components/active_rbac/configuration.rb b/src/api/components/active_rbac/configuration.rb new file mode 100644 index 0000000..e2cfe67 --- /dev/null +++ b/src/api/components/active_rbac/configuration.rb @@ -0,0 +1,57 @@ +# This class is a container for the ActiveRBAC components configuration setup. +# There is an accessor method for each "aspect" of this component that returns a +# hash representing a tree. You can access the following values. +# +# * mailer The configuration hash for the mailer classes. +# * mailer[:template_root] The template path the mailer will look in. +# * mailer[:subjects] A hash of the subjects to use. Currently used: _confirm_registration_, _lost_password_ +# * mailer[:headers] A hash with additional headers to set in the emails. +# * controller The configuration for the controllers. +# * controller[:layout] The path to the layout to use. Defaults to '../app/views/layouts/application'. +# +# == Configuration +# +# If you want to change the configuration, you have to put it into +# "config/active_rbac_config.rb". An example: +# +# ActiveRbac::Configuration.mailer[:from] = 'foo ' +class ActiveRbac::Configuration + @@mailer = {} + + @@mailer[:template_root] = 'components' + @@mailer[:from] = 'ActiveRBAC ' + + @@mailer[:subjects] = {} + @@mailer[:subjects][:confirm_registration] = 'Please confirm your registration' + @@mailer[:subjects][:lost_password] = 'Your new password' + + # Additional headers to set besides Subject: and To: + @@mailer[:headers] = {} + + @@controller = {} + @@controller[:layout] = '../app/views/layouts/html' + @@controller[:registration] = {} + @@controller[:registration][:signup_fields] = [] + + @@model = {} + @@model[:default_hash_type] = 'md5' + + @@signup_fields = [] + + class << self + def mailer # :nodoc: + @@mailer + end + + def controller # :nodoc: + @@controller + end + + def model # :nodoc: + @@model + end + end +end + +# Require the configuration for the active_rbac component +require_dependency 'config/active_rbac_config' diff --git a/src/api/components/active_rbac/db/create.mssql.sql b/src/api/components/active_rbac/db/create.mssql.sql new file mode 100644 index 0000000..0c9fbe6 --- /dev/null +++ b/src/api/components/active_rbac/db/create.mssql.sql @@ -0,0 +1,374 @@ +-- [ActiveRBAC 0.1] + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_groups_groups_parent]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[groups] DROP CONSTRAINT FK_groups_groups_parent +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_groups_roles_groups]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[groups_roles] DROP CONSTRAINT FK_groups_roles_groups +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_groups_users_groups]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[groups_users] DROP CONSTRAINT FK_groups_users_groups +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_groups_roles_roles]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[groups_roles] DROP CONSTRAINT FK_groups_roles_roles +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_roles_roles_parent]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[roles] DROP CONSTRAINT FK_roles_roles_parent +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_roles_static_permissions_roles]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[roles_static_permissions] DROP CONSTRAINT FK_roles_static_permissions_roles +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_roles_users_roles]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[roles_users] DROP CONSTRAINT FK_roles_users_roles +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_roles_static_permissions_static_permissions]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[roles_static_permissions] DROP CONSTRAINT FK_roles_static_permissions_static_permissions +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_groups_users_users]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[groups_users] DROP CONSTRAINT FK_groups_users_users +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_roles_users_users]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[roles_users] DROP CONSTRAINT FK_roles_users_users +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[FK_user_registrations_users]') and OBJECTPROPERTY(id, N'IsForeignKey') = 1) +ALTER TABLE [dbo].[user_registrations] DROP CONSTRAINT FK_user_registrations_users +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[groups]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) +drop table [dbo].[groups] +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[groups_roles]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) +drop table [dbo].[groups_roles] +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[groups_users]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) +drop table [dbo].[groups_users] +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[roles]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) +drop table [dbo].[roles] +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[roles_static_permissions]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) +drop table [dbo].[roles_static_permissions] +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[roles_users]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) +drop table [dbo].[roles_users] +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[static_permissions]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) +drop table [dbo].[static_permissions] +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[user_registrations]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) +drop table [dbo].[user_registrations] +GO + +if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[users]') and OBJECTPROPERTY(id, N'IsUserTable') = 1) +drop table [dbo].[users] +GO + +CREATE TABLE [dbo].[groups] ( + [id] [int] IDENTITY (1, 1) NOT NULL , + [created_at] [datetime] NOT NULL , + [updated_at] [datetime] NOT NULL , + [title] [varchar] (200) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , + [parent_id] [int] NULL +) ON [PRIMARY] +GO + +CREATE TABLE [dbo].[groups_roles] ( + [group_id] [int] NOT NULL , + [role_id] [int] NOT NULL , + [created_at] [datetime] NOT NULL +) ON [PRIMARY] +GO + +CREATE TABLE [dbo].[groups_users] ( + [group_id] [int] NULL , + [user_id] [int] NULL , + [created_at] [datetime] NULL +) ON [PRIMARY] +GO + +CREATE TABLE [dbo].[roles] ( + [id] [int] IDENTITY (1, 1) NOT NULL , + [created_at] [datetime] NOT NULL , + [updated_at] [datetime] NOT NULL , + [title] [varchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , + [parent_id] [int] NULL +) ON [PRIMARY] +GO + +CREATE TABLE [dbo].[roles_static_permissions] ( + [static_permission_id] [int] NOT NULL , + [role_id] [int] NOT NULL , + [created_at] [datetime] NOT NULL +) ON [PRIMARY] +GO + +CREATE TABLE [dbo].[roles_users] ( + [user_id] [int] NOT NULL , + [role_id] [int] NOT NULL , + [created_at] [datetime] NOT NULL +) ON [PRIMARY] +GO + +CREATE TABLE [dbo].[static_permissions] ( + [id] [int] IDENTITY (1, 1) NOT NULL , + [title] [varchar] (200) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , + [created_at] [datetime] NOT NULL , + [updated_at] [datetime] NOT NULL +) ON [PRIMARY] +GO + +CREATE TABLE [dbo].[user_registrations] ( + [id] [int] IDENTITY (1, 1) NOT NULL , + [user_id] [int] NOT NULL , + [token] [text] COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , + [created_at] [datetime] NOT NULL , + [expires_at] [datetime] NOT NULL +) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY] +GO + +CREATE TABLE [dbo].[users] ( + [id] [int] IDENTITY (1, 1) NOT NULL , + [created_at] [datetime] NOT NULL , + [updated_at] [datetime] NOT NULL , + [last_logged_in_at] [datetime] NOT NULL , + [login_failure_count] [int] NOT NULL , + [login] [varchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , + [email] [varchar] (200) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , + [password] [varchar] (100) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , + [password_hash_type] [varchar] (20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , + [password_salt] [char] (10) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL , + [state] [int] NOT NULL +) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[groups] WITH NOCHECK ADD + CONSTRAINT [PK_groups] PRIMARY KEY CLUSTERED + ( + [id] + ) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[roles] WITH NOCHECK ADD + CONSTRAINT [PK_roles] PRIMARY KEY CLUSTERED + ( + [id] + ) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[static_permissions] WITH NOCHECK ADD + CONSTRAINT [PK_static_permissions] PRIMARY KEY CLUSTERED + ( + [id] + ) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[user_registrations] WITH NOCHECK ADD + CONSTRAINT [PK_user_registrations] PRIMARY KEY CLUSTERED + ( + [id] + ) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[users] WITH NOCHECK ADD + CONSTRAINT [PK_users] PRIMARY KEY CLUSTERED + ( + [id] + ) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[groups] ADD + CONSTRAINT [UC_groups_title] UNIQUE NONCLUSTERED + ( + [title] + ) ON [PRIMARY] +GO + + CREATE INDEX [IX_groups_parent_id] ON [dbo].[groups]([parent_id]) ON [PRIMARY] +GO + + CREATE UNIQUE INDEX [IX_groups_roles_all] ON [dbo].[groups_roles]([group_id], [role_id]) ON [PRIMARY] +GO + + CREATE INDEX [IX_groups_users_all] ON [dbo].[groups_users]([group_id], [user_id]) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[roles] ADD + CONSTRAINT [UC_roles_title] UNIQUE NONCLUSTERED + ( + [title] + ) ON [PRIMARY] +GO + + CREATE INDEX [IX_roles_parent_id] ON [dbo].[roles]([parent_id]) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[roles_static_permissions] ADD + CONSTRAINT [UC_roles_static_permissions_roles] UNIQUE NONCLUSTERED + ( + [static_permission_id], + [role_id] + ) ON [PRIMARY] +GO + + CREATE UNIQUE INDEX [IX_roles_static_permissions_roles] ON [dbo].[roles_static_permissions]([static_permission_id], [role_id]) ON [PRIMARY] +GO + + CREATE INDEX [IX_roles_static_permissions] ON [dbo].[roles_static_permissions]([static_permission_id]) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[roles_users] ADD + CONSTRAINT [UC_roles_users] UNIQUE NONCLUSTERED + ( + [user_id], + [role_id] + ) ON [PRIMARY] +GO + + CREATE INDEX [IX_roles_users_all] ON [dbo].[roles_users]([user_id], [role_id]) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[static_permissions] ADD + CONSTRAINT [UC_static_permissions_title] UNIQUE NONCLUSTERED + ( + [title] + ) ON [PRIMARY] +GO + + CREATE UNIQUE INDEX [IX_static_permissions_title] ON [dbo].[static_permissions]([title]) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[user_registrations] ADD + CONSTRAINT [UC_user_registrations_user_id] UNIQUE NONCLUSTERED + ( + [user_id] + ) ON [PRIMARY] +GO + + CREATE INDEX [IX_user_registrations_user_id] ON [dbo].[user_registrations]([user_id]) ON [PRIMARY] +GO + + CREATE INDEX [IX_user_registrations_expires_at] ON [dbo].[user_registrations]([expires_at]) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[users] ADD + CONSTRAINT [DF_users_login_failure_count] DEFAULT (0) FOR [login_failure_count], + CONSTRAINT [DF_users_state] DEFAULT (1) FOR [state], + CONSTRAINT [UC_users_login] UNIQUE NONCLUSTERED + ( + [login] + ) ON [PRIMARY] +GO + + CREATE INDEX [IX_users_login] ON [dbo].[users]([login]) ON [PRIMARY] +GO + + CREATE INDEX [IX_users_password] ON [dbo].[users]([password]) ON [PRIMARY] +GO + +ALTER TABLE [dbo].[groups] ADD + CONSTRAINT [FK_groups_groups_parent] FOREIGN KEY + ( + [parent_id] + ) REFERENCES [dbo].[groups] ( + [id] + ) +GO + +ALTER TABLE [dbo].[groups_roles] ADD + CONSTRAINT [FK_groups_roles_groups] FOREIGN KEY + ( + [group_id] + ) REFERENCES [dbo].[groups] ( + [id] + ) ON DELETE CASCADE , + CONSTRAINT [FK_groups_roles_roles] FOREIGN KEY + ( + [role_id] + ) REFERENCES [dbo].[roles] ( + [id] + ) ON DELETE CASCADE +GO + +ALTER TABLE [dbo].[groups_users] ADD + CONSTRAINT [FK_groups_users_groups] FOREIGN KEY + ( + [group_id] + ) REFERENCES [dbo].[groups] ( + [id] + ) ON DELETE CASCADE , + CONSTRAINT [FK_groups_users_users] FOREIGN KEY + ( + [user_id] + ) REFERENCES [dbo].[users] ( + [id] + ) ON DELETE CASCADE +GO + +ALTER TABLE [dbo].[roles] ADD + CONSTRAINT [FK_roles_roles_parent] FOREIGN KEY + ( + [parent_id] + ) REFERENCES [dbo].[roles] ( + [id] + ) NOT FOR REPLICATION +GO + +alter table [dbo].[roles] nocheck constraint [FK_roles_roles_parent] +GO + +ALTER TABLE [dbo].[roles_static_permissions] ADD + CONSTRAINT [FK_roles_static_permissions_roles] FOREIGN KEY + ( + [role_id] + ) REFERENCES [dbo].[roles] ( + [id] + ) ON DELETE CASCADE , + CONSTRAINT [FK_roles_static_permissions_static_permissions] FOREIGN KEY + ( + [static_permission_id] + ) REFERENCES [dbo].[static_permissions] ( + [id] + ) ON DELETE CASCADE +GO + +ALTER TABLE [dbo].[roles_users] ADD + CONSTRAINT [FK_roles_users_roles] FOREIGN KEY + ( + [role_id] + ) REFERENCES [dbo].[roles] ( + [id] + ) ON DELETE CASCADE , + CONSTRAINT [FK_roles_users_users] FOREIGN KEY + ( + [user_id] + ) REFERENCES [dbo].[users] ( + [id] + ) ON DELETE CASCADE +GO + +ALTER TABLE [dbo].[user_registrations] ADD + CONSTRAINT [FK_user_registrations_users] FOREIGN KEY + ( + [user_id] + ) REFERENCES [dbo].[users] ( + [id] + ) ON DELETE CASCADE ON UPDATE CASCADE +GO + diff --git a/src/api/components/active_rbac/db/create.mysql.sql b/src/api/components/active_rbac/db/create.mysql.sql new file mode 100644 index 0000000..2ae02c6 --- /dev/null +++ b/src/api/components/active_rbac/db/create.mysql.sql @@ -0,0 +1,130 @@ +# [ActiveRBAC 0.1] + +# This is database creation SQL script in MySQL dialect. + +#---------------------------- +# Table structure for groups +#---------------------------- +CREATE TABLE `groups` ( + `id` int(10) unsigned NOT NULL auto_increment, + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `updated_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `title` varchar(200) NOT NULL default '', + `parent_id` int(10) unsigned default NULL, + PRIMARY KEY (`id`), + KEY `groups_parent_id_index` (`parent_id`), + CONSTRAINT `groups_ibfk_1` FOREIGN KEY (`parent_id`) REFERENCES `groups` (`id`) ON UPDATE NO ACTION +) ENGINE=InnoDB CHARACTER SET utf8; + +#---------------------------- +# Table structure for roles +#---------------------------- +CREATE TABLE `roles` ( + `id` int(10) unsigned NOT NULL auto_increment, + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `updated_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `title` varchar(100) NOT NULL default '', + `parent_id` int(10) unsigned default NULL, + PRIMARY KEY (`id`), + KEY `roles_parent_id_index` (`parent_id`), + CONSTRAINT `roles_ibfk_1` FOREIGN KEY (`parent_id`) REFERENCES `roles` (`id`) ON UPDATE NO ACTION +) ENGINE=InnoDB CHARACTER SET utf8; + +#---------------------------- +# Table structure for static_permissions +#---------------------------- +CREATE TABLE `static_permissions` ( + `id` int(10) unsigned NOT NULL auto_increment, + `title` varchar(200) NOT NULL default '', + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `updated_at` timestamp NOT NULL default '0000-00-00 00:00:00', + PRIMARY KEY (`id`), + UNIQUE KEY `static_permissions_title_index` (`title`) +) ENGINE=InnoDB CHARACTER SET utf8; + +#---------------------------- +# Table structure for users +#---------------------------- +CREATE TABLE `users` ( + `id` int(10) unsigned NOT NULL auto_increment, + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `updated_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `last_logged_in_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `login_failure_count` int(10) unsigned NOT NULL default '0', + `login` varchar(100) NOT NULL default '', + `email` varchar(200) NOT NULL default '', + `password` varchar(100) NOT NULL default '', + `password_hash_type` varchar(20) NOT NULL default '', + `password_salt` char(10) NOT NULL default '1234512345', + `state` int(10) unsigned NOT NULL default '1', + PRIMARY KEY (`id`), + UNIQUE KEY `users_login_index` (`login`), + KEY `users_password_index` (`password`) +) ENGINE=InnoDB CHARACTER SET utf8; + +#---------------------------- +# Table structure for groups_roles +#---------------------------- +CREATE TABLE `groups_roles` ( + `group_id` int(10) unsigned NOT NULL default '0', + `role_id` int(10) unsigned NOT NULL default '0', + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + UNIQUE KEY `groups_roles_all_index` (`group_id`,`role_id`), + KEY `role_id` (`role_id`), + CONSTRAINT `groups_roles_ibfk_1` FOREIGN KEY (`group_id`) REFERENCES `groups` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `groups_roles_ibfk_2` FOREIGN KEY (`role_id`) REFERENCES `roles` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB CHARACTER SET utf8; + +#---------------------------- +# Table structure for groups_users +#---------------------------- +CREATE TABLE `groups_users` ( + `group_id` int(10) unsigned NOT NULL default '0', + `user_id` int(10) unsigned NOT NULL default '0', + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + PRIMARY KEY (`group_id`,`user_id`), + UNIQUE KEY `groups_users_all_index` (`group_id`,`user_id`), + KEY `user_id` (`user_id`), + CONSTRAINT `groups_users_ibfk_1` FOREIGN KEY (`group_id`) REFERENCES `groups` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `groups_users_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB CHARACTER SET utf8; + +#---------------------------- +# Table structure for roles_static_permissions +#---------------------------- +CREATE TABLE `roles_static_permissions` ( + `role_id` int(10) unsigned NOT NULL default '0', + `static_permission_id` int(10) unsigned NOT NULL default '0', + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + UNIQUE KEY `roles_static_permissions_all_index` (`static_permission_id`,`role_id`), + KEY `role_id` (`role_id`), + CONSTRAINT `roles_static_permissions_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `roles` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `roles_static_permissions_ibfk_2` FOREIGN KEY (`static_permission_id`) REFERENCES `static_permissions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB CHARACTER SET utf8; + +#---------------------------- +# Table structure for roles_users +#---------------------------- +CREATE TABLE `roles_users` ( + `user_id` int(10) unsigned NOT NULL default '0', + `role_id` int(10) unsigned NOT NULL default '0', + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + UNIQUE KEY `roles_users_all_index` (`user_id`,`role_id`), + KEY `role_id` (`role_id`), + CONSTRAINT `roles_users_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `roles` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB CHARACTER SET utf8; + +#---------------------------- +# Table structure for user_registrations +#---------------------------- +CREATE TABLE `user_registrations` ( + `id` int(10) unsigned NOT NULL auto_increment, + `user_id` int(10) unsigned NOT NULL default '0', + `token` text NOT NULL, + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `expires_at` timestamp NOT NULL default '0000-00-00 00:00:00', + PRIMARY KEY (`id`), + UNIQUE KEY `user_registrations_user_id_index` (`user_id`), + KEY `user_registrations_expires_at_index` (`expires_at`), + CONSTRAINT `user_registrations_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB CHARACTER SET utf8; \ No newline at end of file diff --git a/src/api/components/active_rbac/db/create.postgresql.sql b/src/api/components/active_rbac/db/create.postgresql.sql new file mode 100644 index 0000000..9173d9e --- /dev/null +++ b/src/api/components/active_rbac/db/create.postgresql.sql @@ -0,0 +1,147 @@ +-- [ActiveRBAC 0.1] + +-- This is the database creation SQL script in PostgreSQL dialect. It +-- has been tested with PostgreSQL 7.4. + +CREATE TABLE users ( + id BIGSERIAL NOT NULL, + -- Some statistics about the user data + created_at TIMESTAMP NOT NULL, + updated_at TIMESTAMP NOT NULL, + last_logged_in_at TIMESTAMP NOT NULL, + login_failure_count INT NOT NULL, + -- Important information: login name, email and encrypted password + login CHARACTER VARYING (100) NOT NULL, + email CHARACTER VARYING (200) NOT NULL, + password CHARACTER VARYING (100) NOT NULL, + -- What hashing method did we use to hash the password? SHA-1, MD5, etc.? + password_hash_type CHARACTER VARYING (20) NOT NULL, + -- The salt used for this password + password_salt CHARACTER (10) NOT NULL, + + -- The account's state. The stock types are "1: unconfirmed", "2: confirmed" + -- "3: locked", "4: deleted", "4: confirmed, lost password" + state INTEGER NOT NULL DEFAULT 1, + + PRIMARY KEY (id), + UNIQUE (login) +); + +CREATE INDEX users_login_index ON users (login); +CREATE INDEX users_password_index ON users (password); + + +-- This table holds the "user registration" data, i.e. the token the +-- user needs to know to confirm his registration. +CREATE TABLE user_registrations ( + id BIGSERIAL NOT NULL, -- superflous, but AR needs it + user_id BIGINT NOT NULL, + token TEXT NOT NULL, + created_at TIMESTAMP NOT NULL, + expires_at TIMESTAMP NOT NULL, + + PRIMARY KEY (id), + FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE, + UNIQUE (user_id) +); + +CREATE INDEX user_registrations_user_id_index ON user_registrations (user_id); +CREATE INDEX user_registration_expires_at_index ON user_registrations (expires_at); + + +CREATE TABLE roles ( + id BIGSERIAL NOT NULL, + created_at TIMESTAMP NOT NULL, + updated_at TIMESTAMP NOT NULL, + title CHARACTER VARYING (100) NOT NULL, + parent_id BIGINT NULL, + + PRIMARY KEY (id), + UNIQUE(title), + FOREIGN KEY (parent_id) REFERENCES roles (id) ON DELETE RESTRICT +); + +CREATE INDEX roles_parent_index ON roles (parent_id); + + +CREATE TABLE roles_users ( + user_id BIGINT NOT NULL, + role_id BIGINT NOT NULL, + created_at TIMESTAMP NOT NULL, + + FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE, + FOREIGN KEY (role_id) REFERENCES roles (id) ON DELETE CASCADE, + + UNIQUE (user_id, role_id) +); + +CREATE INDEX roles_users_all_index ON roles_users (user_id, role_id); + + +CREATE TABLE groups ( + id BIGSERIAL NOT NULL, + created_at TIMESTAMP NOT NULL, + updated_at TIMESTAMP NOT NULL, + title CHARACTER VARYING NOT NULL, + parent_id BIGINT NULL, + + PRIMARY KEY (id), + UNIQUE (title), + FOREIGN KEY (parent_id) REFERENCES groups (id) ON DELETE RESTRICT +); + +CREATE INDEX groups_parent_index ON groups (parent_id); + +CREATE TABLE groups_users ( + group_id BIGINT NOT NULL, + user_id BIGINT NOT NULL, + created_at TIMESTAMP NOT NULL, + + FOREIGN KEY (group_id) REFERENCES groups (id) ON DELETE CASCADE, + FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE, + + UNIQUE (group_id, user_id) +); + +CREATE INDEX groups_users_all_index ON groups_users (group_id, user_id); + + +CREATE TABLE groups_roles ( + group_id BIGINT NOT NULL, + role_id BIGINT NOT NULL, + created_at TIMESTAMP NOT NULL, + + FOREIGN KEY (group_id) REFERENCES groups (id) ON DELETE CASCADE, + FOREIGN KEY (role_id) REFERENCES roles (id) ON DELETE CASCADE, + + UNIQUE (group_id, role_id) +); + +CREATE INDEX groups_roles_all_index ON groups_roles (group_id, role_id); + + +CREATE TABLE static_permissions ( + id BIGSERIAL NOT NULL, + title VARCHAR(200) NOT NULL, + created_at TIMESTAMP NOT NULL, + updated_at TIMESTAMP NOT NULL, + + PRIMARY KEY (id), + UNIQUE (title) +); + +CREATE INDEX static_permissions_title_index ON static_permissions (title); + + +CREATE TABLE roles_static_permissions ( + static_permission_id BIGINT NOT NULL, + role_id BIGINT NOT NULL, + created_at TIMESTAMP NOT NULL, + + FOREIGN KEY (static_permission_id) REFERENCES static_permissions (id) ON DELETE CASCADE, + FOREIGN KEY (role_id) REFERENCES roles (id) ON DELETE CASCADE, + + UNIQUE (static_permission_id, role_id) +); + +CREATE INDEX roles_static_permissions_all_index ON roles_static_permissions (static_permission_id, role_id); \ No newline at end of file diff --git a/src/api/components/active_rbac/exceptions.rb b/src/api/components/active_rbac/exceptions.rb new file mode 100644 index 0000000..69741ca --- /dev/null +++ b/src/api/components/active_rbac/exceptions.rb @@ -0,0 +1,15 @@ +# The RecursionInTree exception is thrown when a group's or role's descendant +# is assigned as parent. +class RecursionInTree < ActiveRecord::ActiveRecordError +end + +# The CantDeleteWithChildren exception is thrown when a group or role +# that still has children is to be destroyed. +class CantDeleteWithChildren < ActiveRecord::ActiveRecordError +end + +# The MultipleRegistration exception is thrown when create_user_registration +# is called on a User instance that already has a user_registration record +# assigned. +class MultipleRegistrationTokens < ActiveRecord::ActiveRecordError +end \ No newline at end of file diff --git a/src/api/components/active_rbac/group.rb b/src/api/components/active_rbac/group.rb new file mode 100644 index 0000000..dc67c82 --- /dev/null +++ b/src/api/components/active_rbac/group.rb @@ -0,0 +1,135 @@ +require 'exceptions' + +# The Group class represents a group record in the database and thus a group +# in the ActiveRbac model. Groups are arranged in trees and have a title. +# Groups have an arbitrary number of roles and users assigned to them. Child +# groups inherit all roles from their parents. +class Group < ActiveRecord::Base + # groups are arranged in a tree + acts_as_tree :order => 'title' + # groups have a n:m relation to user + has_and_belongs_to_many :users, :uniq => true + # groups have a n:m relation to groups + has_and_belongs_to_many :roles, :uniq => true + # we want to protect the parent and user attribute from bulk assigning + attr_protected :parent, :users, :roles + + # This method returns the whole inheritance tree upwards, i.e. this group + # and all parents as a list. + def ancestors_and_self + result = [self] + + if parent != nil + result << parent.ancestors_and_self + end + + return result.flatten + end + + # This method returns itself, all children and all children of its children + # in a flat list. + def descendants_and_self + result = [self] + + for child in children + result << child.descendants_and_self + end + + return result.flatten + end + + # This method returns all roles assigned to this group or any of its + # ancessors. + def all_roles + result = [] + + self.roles.each do |role| + result << role.ancestors_and_self + end + + result << parent.all_roles unless parent.nil? + + result.flatten! + result.uniq! + + return result + end + + # This method returns all users that have been assigned to this role. It + # will all users directly assigned to this group and all users assigned to + # children of this group. + def all_users + result = [] + + self.descendants_and_self.each { |group| result << group.users } + + result.flatten! + result.uniq! + + return result + end + + # This method returns all permission granted to this group by its roles or + # its parents. + def all_static_permissions + result = [] + + self.all_roles.each { |role| result << role.all_static_permissions } + + result.flatten! + result.uniq! + + return result + end + + # We're overriding "parent=" below. So we alias the one from the acts_as_tree + # mixin to "old_parent=". + alias_method :old_parent=, :parent= + + # We protect the parent attribute here. If a group is given as a parent, that + # is a descendant from this group, we raise a RecursionInTree error and stop + # assignment. + def parent=(value) + if descendants_and_self.include?(value) + raise RecursionInTree, "Trying to set parent to descendant", caller + else + self.old_parent = value + end + end + + # This method blocks destroying a role if it still has children. This method + # raises a CantDeleteWithChildren exception if this error occurs. It is an + # ActiveRecord event hook. + def before_destroy + raise CantDeleteWithChildren unless children.empty? + end + + # Overriding this method to make "title" visible as "Name". This is called in + # forms to create error messages. + def human_attribute_name (attr) + return case attr + when 'title' then 'Name' + else super.human_attribute_name attr + end + end + + protected + + # We want to validate a group's title pretty thoroughly. + validates_uniqueness_of :title, + :message => 'is the name of an already existing group.' + validates_format_of :title, + :with => %r{^[\w \$\^\-\.#\*\+&'"]*$}, + :message => 'must not contain invalid characters.' + validates_length_of :title, + :in => 2..100, :allow_nil => true, + :too_long => 'must have less than 100 characters.', + :too_short => 'must have more than two characters.', + :allow_nil => false + + # Implement ActiveRecords' validate method here to enforce that parents in + # tree are actually groups. + def validate + errors.add(:parent, "must be a valid group.") unless parent.instance_of? Group or parent.nil? + end +end diff --git a/src/api/components/active_rbac/group/_form.rhtml b/src/api/components/active_rbac/group/_form.rhtml new file mode 100644 index 0000000..8914cfd --- /dev/null +++ b/src/api/components/active_rbac/group/_form.rhtml @@ -0,0 +1,44 @@ +<%= error_messages_for 'group' %> + +<!--[form:group]--> +<dl> + <dt><label for="group_title">Group's Name</label></dt> + <dd><%= text_field 'group', 'title' %></dd> + + <dt><label>Group's Parent</label></dt> + <dd> + <% unless @group.errors[:parent].nil? %><div class="fieldWithErrors"><% end %> + <ul class="groupTree"> + <li> + <% if @group.parent.nil? %> + <input id="group_parent_self" type="radio" name="group[parent]" value="" checked="checked" /> + <% else %> + <input id="group_parent_self" type="radio" name="group[parent]" value="" /> + <% end %> + <label for="group_parent_self">no parent (direct root child)</label> + <%= groups = Group.find_all + groups.delete_if { |r| @group.descendants_and_self.include?(r) } + node_tree(groups) do |group| + result = " " if @group.parent == group + result = " " if @group.parent != group + + result += "#{group.title}</label> " + result + end %> + </li> + </ul> + <% unless @group.errors[:parent].nil? %></div><% end %> + </dd> + + <dt><label for="group_roles">Roles</label></dt> + <dd> + <%= node_tree(Role.find_all) do |role| + result = " " if @group.roles.include? role + result = " " unless @group.roles.include? role + result += "#{role.title}</label> " + result + end %> + </dd> +</dl> +<!--[eoform:group]--> + diff --git a/src/api/components/active_rbac/group/delete.rhtml b/src/api/components/active_rbac/group/delete.rhtml new file mode 100644 index 0000000..0793cdb --- /dev/null +++ b/src/api/components/active_rbac/group/delete.rhtml @@ -0,0 +1,13 @@ + +<h2>Deleting Group "<%= @group.title %>"</h2> + +<p> +Are you sure you want to delete the group with the name "<%= @group.title %>"? +All users will be unassigned from this group and all permissions will be revoked from +it. <strong>This action cannot be reverted</strong>. +</p> + +<%= start_form_tag :action => 'destroy', :id => @group %> + <%= submit_tag 'Yes', :name => 'yes' %> + <%= submit_tag 'No', :name => 'no' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/group/edit.rhtml b/src/api/components/active_rbac/group/edit.rhtml new file mode 100644 index 0000000..d70f3fb --- /dev/null +++ b/src/api/components/active_rbac/group/edit.rhtml @@ -0,0 +1,9 @@ +<h2>Editing group</h2> + +<%= start_form_tag :action => 'update', :id => @group %> + <%= render_partial 'form' %> + <%= submit_tag 'Apply Changes' %> +<%= end_form_tag %> + +<%= link_to 'Show', :action => 'show', :id => @group %> | +<%= link_to 'Back', :action => 'list' %> diff --git a/src/api/components/active_rbac/group/list.rhtml b/src/api/components/active_rbac/group/list.rhtml new file mode 100644 index 0000000..269c21a --- /dev/null +++ b/src/api/components/active_rbac/group/list.rhtml @@ -0,0 +1,23 @@ +<h2>Listing Groups</h2> + +<p> +Below is a complete tree of all groups known to the system. +</p> + +<div class="commands"> +<%= link_to 'New group', :action => 'new' %> +</div> + +<%= node_tree @groups do |group| + result = link_to(group.title, { :action => 'show', :id => group }) + " " + result += "[" + group.users.length.to_s + '/' + group.all_users.length.to_s + " users, " + result += group.roles.length.to_s + '/' + group.all_roles.length.to_s + " roles]" + result += "(" + link_to('S', { :action => 'show', :id => group }, :title => 'Show') + " " + result += link_to('E', { :action => 'edit', :id => group }, :title => 'Edit') + " " + result += link_to('D', { :action => 'delete', :id => group }, :title => 'Delete') + ")" + end + %> + +<div class="commands"> +<%= link_to 'New group', :action => 'new' %> +</div> diff --git a/src/api/components/active_rbac/group/new.rhtml b/src/api/components/active_rbac/group/new.rhtml new file mode 100644 index 0000000..9c54038 --- /dev/null +++ b/src/api/components/active_rbac/group/new.rhtml @@ -0,0 +1,8 @@ +<h2>New group</h2> + +<%= start_form_tag :action => 'create' %> + <%= render_partial 'form' %> + <%= submit_tag "Create Group" %> +<%= end_form_tag %> + +<%= link_to 'Back', :action => 'list' %> diff --git a/src/api/components/active_rbac/group/show.rhtml b/src/api/components/active_rbac/group/show.rhtml new file mode 100644 index 0000000..3a05cd2 --- /dev/null +++ b/src/api/components/active_rbac/group/show.rhtml @@ -0,0 +1,71 @@ +<h2>Details for Group "<%=h @group.title %>"</h2> + +<div class="commands"> +<%= link_to 'Delete', :action => 'delete', :id => @group %> +<%= link_to 'Edit', :action => 'edit', :id => @group %> +<%= link_to 'Back to List', :action => 'list' %> +</div> + +<dl> + <dt>Name:</dt> + <dd><%=h @group.title %></dd> + + <dt>Parent:</dt> + <% if @group.parent == nil %> + <dd>No parent, this group is a root group</dd> + <% else %> + <dd><%= link_to @group.parent.title, { :action => 'show', :id => @group.parent } %></dd> + <% end %> + + <dt>Children:</dt> + <% if @group.children.empty? %> + <dd>No Children</dd> + <% else %> + <dd><%= node_tree(@group.children) { |group| result = link_to(group.title, { :action => 'show', :id => group }) } %></dd> + <% end %> + + <dt>Roles:</dt> + <% if @group.roles.empty? %> + <dd>No Role</dd> + <% else %> + <dd><%= node_tree(@group.roles) { |role| result = link_to(role.title, { :controller => 'role', :action => 'show', :id => role }) } %></dd> + <% end %> +</dl> + +<div class="commands"> +<%= link_to 'Delete', :action => 'delete', :id => @group %> +<%= link_to 'Edit', :action => 'edit', :id => @group %> +<%= link_to 'Back to List', :action => 'list' %> +</div> + +<h3>Directly Assigned Users</h3> + +<% if @group.users.length == 0 %> +<p>None</p> +<% else %> +<ul> + <% for user in @group.users %> + <li><%= link_to user.login, { :controller => 'user', :action => 'show', :id => user } %></li> + <% end %> +</ul> +<% end %> + +<h3>All Assigned Users</h3> + +<% if @group.all_users.length == 0 %> +<p>None</p> +<% else %> +<ul> + <% for user in @group.all_users %> + <li><%= link_to user.login, { :controller => 'user', :action => 'show', :id => user } %></li> + <% end %> +</ul> +<% end %> + +<h3>All Assigned Roles</h3> + +<% if @group.all_roles.length == 0 %> +<p>None</p> +<% else %> +<%= node_tree(@group.all_roles) { |role| result = link_to(role.title, { :controller => 'role', :action => 'show', :id => role }) } %> +<% end %> diff --git a/src/api/components/active_rbac/group_controller.rb b/src/api/components/active_rbac/group_controller.rb new file mode 100644 index 0000000..866b1b0 --- /dev/null +++ b/src/api/components/active_rbac/group_controller.rb @@ -0,0 +1,150 @@ +require_dependency 'active_rbac/helpers/rbac_helper' + +# This is the controller that provides CRUD functionality for the Group model. +class ActiveRbac::GroupController < ActiveRbac::ComponentController + uses_component_template_root + + # The RbacHelper allows us to render +acts_as_tree+ AR elegantly + helper RbacHelper + + # The layout this controller uses is configured in the + # Configuration class + layout config.controller[:layout] + + # We force users to use POST on the state changing actions. + verify :method => :post, + :only => [ :create, :update, :destroy ], + :redirect_to => { :action => 'list' }, + :add_flash => { :error => 'You sent an invalid request!' } + + # We force users to use GET on all other methods, though. + verify :method => :get, + :only => [ :index, :list, :show, :new, :delete ], + :redirect_to => { :action => 'list' }, + :add_flash => { :error => 'You sent an invalid request!' } + + # Simply redirects to #list + def index + redirect_to :action => 'list' + end + + # Displays a tree of all groups. + def list + @groups = Group.find_all + end + + # Show a group identified by the +:id+ path fragment in the URL. + def show + @group = Group.find(params[:id].to_i) + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'This group could not be found.' + redirect_to :action => 'list' + end + + # Displays a form to create a new group. Posts to the #create action. + def new + @group = Group.new + end + + # Creates a new group. +create+ is only accessible via POST and renders + # the same form as #new on validation errors. + def create + @group = Group.new(params[:group]) + + # get an array of roles and set the role associations + params[:group][:roles] = [] if params[:group][:roles].nil? + roles = params[:group][:roles].collect { |i| Role.find(i) } + @group.roles = roles + + # set parent manually + @group.parent = Group.find(params[:group][:parent]) unless params[:group][:parent].to_s.empty? + + # assign properties to group + if @group.save + flash[:notice] = 'The group has been created successfully.' + redirect_to :action => 'show', :id => @group + else + render :action => 'new' + end + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'You sent an invalid request.' + redirect_to :action => 'list' + end + + # Loads the group identified by the :id parameter from the url fragment from + # the database and displays an edit form with the group. + def edit + @group = Group.find(params[:id].to_i) + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'This group could not be found.' + redirect_to :action => 'list' + end + + # Updates a group record in the database. +update+ is only accessible via + # POST and renders the same form as #edit on validation errors. + def update + @group = Group.find(params[:id].to_i) + + # get an array of roles and set the role associations + params[:group][:roles] = [] if params[:group][:roles].nil? + roles = params[:group][:roles].collect { |i| Role.find(i) } + @group.roles = roles + + # set parent manually + if params[:group][:parent].to_s.empty? + @group.parent = nil + else + @group.parent = Group.find(params[:group][:parent]) + end + + # Bulk-Assign the other attributes from the form. + if @group.update_attributes(params[:group]) + flash[:notice] = 'Group has been updated successfully.' + redirect_to :action => 'show', :id => @group.to_param + else + render :action => 'edit' + end + + rescue RecursionInTree + @role.errors.add :parent, "must not be a descendant of itself" + render :action => 'edit' + rescue ActiveRecord::RecordNotFound + flash[:error] = 'You sent an invalid request.' + redirect_to :action => 'list' + end + + # Loads the group specified by the :id parameters from the url fragment from + # the database and displays a "Do you really want to delete it?" form. It + # posts to #destroy. + def delete + @group = Group.find(params[:id].to_i) + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'This group could not be found.' + redirect_to :action => 'list' + end + + # Removes a group record from the database. +destroy+ is only accessible + # via POST. If the answer to the form in #delete has not been "Yes", it + # redirects to the #show action with the selected's group's ID. + def destroy + if not params[:yes].nil? + Group.find(params[:id].to_i).destroy + flash[:notice] = 'The group has been deleted successfully.' + redirect_to :action => 'list' + else + flash[:notice] = 'The group has not been deleted.' + redirect_to :action => 'show', :id => params[:id] + end + + rescue CantDeleteWithChildren + flash[:error] = "You have to delete or move the group's children before attempting to delete the group itself." + redirect_to :action => 'show', :id => params[:id] + rescue ActiveRecord::RecordNotFound + flash[:error] = 'This group could not be found.' + redirect_to :action => 'list' + end +end \ No newline at end of file diff --git a/src/api/components/active_rbac/helpers/rbac_helper.rb b/src/api/components/active_rbac/helpers/rbac_helper.rb new file mode 100644 index 0000000..5344a60 --- /dev/null +++ b/src/api/components/active_rbac/helpers/rbac_helper.rb @@ -0,0 +1,104 @@ +# TODO: Escape node titles with the equivalent of RoR's h() +module RbacHelper + # This method helps the rbac/* controller to render a ActiveRecord tree. + # that uses "acts_as_tree". You only pass the record array with the nodes + # to display and optionally a block to format the node output. + def node_tree(nodes, &block) + + nodes = nodes.dup + printed_nodes = [] + + result = "<ul>" + + # top level nodes first, then others + for node in nodes + next unless node.parent == nil + printed_nodes << node + result += "<li>" + + if block_given? + result += yield node + else + result += node.title + end + + children = node.children.dup + children.delete_if { |r| not nodes.include?(r) } + if not children.empty? + result += node_tree_help(children, nodes, printed_nodes, &block) + end + + result += "</li>" + end + + # TODO: Add depth counting here to get a minimum of trees + for node in nodes + next if printed_nodes.include? node + printed_nodes << node + + result += "<li>" + + if block_given? + result += yield node + else + result += node.title + end + + children = node.children.dup + children.delete_if { |r| not nodes.include?(r) } + + if not children.empty? + result += node_tree_help(children, nodes, printed_nodes, &block) + end + + result += "</li>" + end + + result += '</ul>' + + return result + end + + # This method returns the User model of the currently logged in user or + # the anonymous user if no user has been logged in yet. + def current_user + if session[:rbac_user].nil? + return User.anonymous_user + else + return session[:rbac_user] + end + end + + protected + def node_tree_help(children, nodes, printed_nodes, &block) # :nodoc: + result = '<ul>' + for child in children + next if printed_nodes.include?(child) + printed_nodes << child + + result += '<li>' + + if block_given? + result += yield child + else + result += child.title + end + + children2 = child.children.dup + children2.delete_if { |r| not nodes.include?(r) } + if not children2.empty? + result += node_tree_help(children2, nodes, printed_nodes, &block) + end + + result += '</li>' + end + + result += '</ul>' + end + + def level_count(node) # :nodoc: + counts = [0] + node.children.each { |n| counts << 1 + level_count(n) } + return counts.max + end +end diff --git a/src/api/components/active_rbac/layouts/_password.rhtml b/src/api/components/active_rbac/layouts/_password.rhtml new file mode 100644 index 0000000..03af7ab --- /dev/null +++ b/src/api/components/active_rbac/layouts/_password.rhtml @@ -0,0 +1,17 @@ +<% if @user.errors.on(:password) %> +<dt><label for="password">Password</label></dt> +<dd> + <div class="fieldWithErrors"><%= password_field_tag 'password', nil, { :size => 30, :id => 'password' } %></div> +</dd> + +<dt><label for="password_confirmation">Password Confirmation</label></dt> +<dd><div class="fieldWithErrors"><%= password_field_tag 'password_confirmation', nil, { :size => 30, :id => 'password_confirmation' } %></div></dd> +<% else %> +<dt><label for="password">Password</label></dt> +<dd> + <div><%= password_field_tag 'password', nil, { :size => 30, :id => 'password' } %></div> +</dd> + +<dt><label for="password_confirmation">Password Confirmation</label></dt> +<dd><%= password_field_tag 'password_confirmation', nil, { :size => 30, :id => 'password_confirmation' } %></dd> +<% end %> diff --git a/src/api/components/active_rbac/layouts/confirm.rhtml b/src/api/components/active_rbac/layouts/confirm.rhtml new file mode 100644 index 0000000..668299e --- /dev/null +++ b/src/api/components/active_rbac/layouts/confirm.rhtml @@ -0,0 +1,10 @@ +<h2>Confirm Registration</h2> + +<p> +Do you want to confirm your registration? +</p> + +<%= start_form_tag :action => 'confirm', :user => @user, :token => @token %> + <%= submit_tag 'Yes', :name => 'yes' %> + <%= submit_tag 'No', :name => 'no' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/layouts/confirm_failure.rhtml b/src/api/components/active_rbac/layouts/confirm_failure.rhtml new file mode 100644 index 0000000..9373d1f --- /dev/null +++ b/src/api/components/active_rbac/layouts/confirm_failure.rhtml @@ -0,0 +1,5 @@ +<h2>Confirm Failure</h2> + +<p> +Your confirmation information is invalid. You can signup <%= link_to 'here', :action => 'register' %>. +</p> \ No newline at end of file diff --git a/src/api/components/active_rbac/layouts/confirm_success.rhtml b/src/api/components/active_rbac/layouts/confirm_success.rhtml new file mode 100644 index 0000000..cdc7bf8 --- /dev/null +++ b/src/api/components/active_rbac/layouts/confirm_success.rhtml @@ -0,0 +1,6 @@ +<h2>Registration Successfully Confirmed</h2> + +<p> +Hi <%= @user.login %>. Your account has been confirmed successfully. You can +now login <%= link_to 'following this link', :controller => 'login', :action => 'login' %>. +</p> \ No newline at end of file diff --git a/src/api/components/active_rbac/layouts/lostpassword.rhtml b/src/api/components/active_rbac/layouts/lostpassword.rhtml new file mode 100644 index 0000000..51f18b3 --- /dev/null +++ b/src/api/components/active_rbac/layouts/lostpassword.rhtml @@ -0,0 +1,38 @@ +<h2>Lost Password Form</h2> + +<p> +If you have lost your password, you can fill out the form below +and a new generated password will be sent to you via email. +</p> + +<p> +Please note that password retrieval will fail if you have not confirmed +your registration first. +</p> + +<%= start_form_tag :action => 'lostpassword' %> + +<% unless @errors.empty?%> +<div class="errorExplanation"> + <ul> + <% @errors.each do |error| %> + <li><%= error %></li> + <% end %> + </ul> +</div> +<% end %> + +<dl class="form"> + <dt><label for="user_login">Your User Name</label></dt> + <dd><input type="text" id="user_login" name="login" size="30" /></dd> + + <dt><label for="user_email">Your Email</label></dt> + <dd> + <input type="text" id="user_email" name="email" size="30" /> + <div class="hint">An email will be sent to this address you need to + receive to complete the registration process.</div> + </dd> +</dl> + +<%= submit_tag 'Send Me A New Password' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/layouts/lostpassword_success.rhtml b/src/api/components/active_rbac/layouts/lostpassword_success.rhtml new file mode 100644 index 0000000..2d1f2dd --- /dev/null +++ b/src/api/components/active_rbac/layouts/lostpassword_success.rhtml @@ -0,0 +1,7 @@ +<h3>Successfully Generated New Password</h3> + +<p> +Dear <em><%=h @user.login %></em>, the password has been sent to your email +adress <em><%=h @user.email %></em>. Please follow the instruction in this +email. +</p> diff --git a/src/api/components/active_rbac/layouts/register.rhtml b/src/api/components/active_rbac/layouts/register.rhtml new file mode 100644 index 0000000..dbca541 --- /dev/null +++ b/src/api/components/active_rbac/layouts/register.rhtml @@ -0,0 +1,28 @@ +<h2>Register</h2> + +<%= error_messages_for 'user' %> + +<%= start_form_tag :action => 'register' %> + +<dl class="form"> + <dt><label for="user_login">Desired User Name</label></dt> + <dd><%= text_field 'user', 'login' %></dd> + + <dt><label for="user_email">Your Email</label></dt> + <dd> + <%= text_field 'user', 'email' %> + <div class="hint">An email will be sent to this address you need to + receive to complete the registration process.</div> + </dd> + + <%= render :partial => 'password' %> + + <% # include the additional form fields + for template_path in @additional_partials do %> + <%= render :partial => template_path %> + <% end %> +</dl> + + +<%= submit_tag 'Sign Up' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/layouts/register_success.rhtml b/src/api/components/active_rbac/layouts/register_success.rhtml new file mode 100644 index 0000000..1e2e635 --- /dev/null +++ b/src/api/components/active_rbac/layouts/register_success.rhtml @@ -0,0 +1,10 @@ +<h2>Registration Succeeded</h2> + +<p> +Thanks, <em><%= @user.login %></em> for signining up. There is just one more +step to do. We sent you an email which describes the required steps. +</p> + +<p> +The websites's team. Bla Bla. +</p> \ No newline at end of file diff --git a/src/api/components/active_rbac/login/already_logged_in.rhtml b/src/api/components/active_rbac/login/already_logged_in.rhtml new file mode 100644 index 0000000..4730438 --- /dev/null +++ b/src/api/components/active_rbac/login/already_logged_in.rhtml @@ -0,0 +1,7 @@ +<h2>Already Logged In</h2> + +<p> +You have already logged in. You have to log out before being able to +log in again. <%= link_to 'Click here', :action => 'logout' %> to log +out again. +</p> \ No newline at end of file diff --git a/src/api/components/active_rbac/login/login.rhtml b/src/api/components/active_rbac/login/login.rhtml new file mode 100644 index 0000000..a879e5e --- /dev/null +++ b/src/api/components/active_rbac/login/login.rhtml @@ -0,0 +1,27 @@ +<h2>Login</h2> + +<% if @errors and not @errors.empty? %> +<ul class="errors"> + <% for error in @errors %> + <li><%=h error %></li> + <% end %> +</ul> +<% end %> + +<%= start_form_tag :action => 'login' %> + +<dl class="loginForm"> + <dt><label for="login_login">User Name</label></dt> + <dd><%= text_field_tag :login, @params[:login], :size => 30 %></dd> + + <dt><label for="login_password">Password</label></dt> + <dd><%= password_field_tag :password, @params[:password], :size => 30 %></dd> +</dl> + +<%= submit_tag 'Log In' %> + +<%= end_form_tag %> + +<p> +Lost your password? <%= link_to 'Request a new one here.', :controller => 'registration', :action => 'lostpassword' %> +</p> diff --git a/src/api/components/active_rbac/login/login_success.rhtml b/src/api/components/active_rbac/login/login_success.rhtml new file mode 100644 index 0000000..2dec4df --- /dev/null +++ b/src/api/components/active_rbac/login/login_success.rhtml @@ -0,0 +1,5 @@ +<h3>Success!</h3> + +<p> +Welcome <%=h session[:rbac_user].login %>, you have successfully been logged in. +</p> \ No newline at end of file diff --git a/src/api/components/active_rbac/login/logout.rhtml b/src/api/components/active_rbac/login/logout.rhtml new file mode 100644 index 0000000..fe6826e --- /dev/null +++ b/src/api/components/active_rbac/login/logout.rhtml @@ -0,0 +1,6 @@ +<h3>Do you really want to log out?</h3> + +<%= start_form_tag :action => 'logout' %> + <%= submit_tag 'Yes', :name => 'yes' %> + <%= submit_tag 'No', :name => 'no' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/login/logout_success.rhtml b/src/api/components/active_rbac/login/logout_success.rhtml new file mode 100644 index 0000000..adfb93f --- /dev/null +++ b/src/api/components/active_rbac/login/logout_success.rhtml @@ -0,0 +1,5 @@ +<h3>Logout Success</h3> + +<p> +You have successfully been logged out. +</p> \ No newline at end of file diff --git a/src/api/components/active_rbac/login_controller.rb b/src/api/components/active_rbac/login_controller.rb new file mode 100644 index 0000000..c38b483 --- /dev/null +++ b/src/api/components/active_rbac/login_controller.rb @@ -0,0 +1,89 @@ +# This controller provides actions to log a user in and out. + +class ActiveRbac::LoginController < ActiveRbac::ComponentController + uses_component_template_root + + # The layout this controller uses is configured in the + # Configuration class + layout config.controller[:layout] + + # The user cannot access the logout pages when he is logged in. + verify :session => :rbac_user, + :redirect_to => '/', + :only => [ :logout ], + :add_flash => { :notice => 'You can only log out when you have logged in.' } + + # Redirects to #login + def index + redirect_to :action => 'login' + end + + # Displays the login form on GET and performs the login on POST. Expects the + # Expects the "login" and "password" parameters to be set. Displays the #login + # form on errors. The user must not be logged in. + def login + # Check that the use is not already logged in + unless session[:rbac_user].nil? + render :template => 'active_rbac/login/already_logged_in' + return + end + # Simply render the login form on everything but POST. + return unless request.method == :post + + # Handle the login request otherwise. + @errors = Array.new + + # If login or password is missing, we can stop processing right away. + raise ActiveRecord::RecordNotFound if params[:login].to_s.empty? or params[:password].to_s.empty? + + # Try to log the user in. + user = User.find_with_credentials(params[:login], params[:password]) + + # Check whether a user with these credentials could be found. + raise ActiveRecord::RecordNotFound unless not user.nil? + + # Check that the user has the correct state + raise ActiveRecord::RecordNotFound unless User.state_allows_login?(user.state) + + # Write the user into the session object. + write_user_to_session(user) + + render :template => 'active_rbac/login/login_success' + rescue ActiveRecord::RecordNotFound + # Add an error and let the action render normally. + @errors << 'Invalid user name or password!' + end + + # Displays the logout confirmation form on GET and performs the logout on + # POST. Expects the "yes" parameter to be set. If this is the case, the + # user's authentication state is clear. If it is not the case, the use will + # be redirected to '/'. User must be logged in + def logout + # Note: The check for the user to be logged in is in a verify above. + # Simply render the login form on everything but POST. + return unless request.method == :post + + # Do not log out if the user did not press the "Yes" button + if params[:yes].nil? + redirect_to '/' + return + end + + # Otherwise delete the user from the session + self.remove_user_from_session! + + # Render success template. + render :template => 'active_rbac/login/logout_success' + end + + protected + # Store the given user into :rbac_user sesion_variable + def write_user_to_session(user) + session[:rbac_user] = user + end + + # Remove the given user from teh :rbac_user session variable. + def remove_user_from_session! + session[:rbac_user] = nil + end +end diff --git a/src/api/components/active_rbac/registration/_password.rhtml b/src/api/components/active_rbac/registration/_password.rhtml new file mode 100644 index 0000000..03af7ab --- /dev/null +++ b/src/api/components/active_rbac/registration/_password.rhtml @@ -0,0 +1,17 @@ +<% if @user.errors.on(:password) %> +<dt><label for="password">Password</label></dt> +<dd> + <div class="fieldWithErrors"><%= password_field_tag 'password', nil, { :size => 30, :id => 'password' } %></div> +</dd> + +<dt><label for="password_confirmation">Password Confirmation</label></dt> +<dd><div class="fieldWithErrors"><%= password_field_tag 'password_confirmation', nil, { :size => 30, :id => 'password_confirmation' } %></div></dd> +<% else %> +<dt><label for="password">Password</label></dt> +<dd> + <div><%= password_field_tag 'password', nil, { :size => 30, :id => 'password' } %></div> +</dd> + +<dt><label for="password_confirmation">Password Confirmation</label></dt> +<dd><%= password_field_tag 'password_confirmation', nil, { :size => 30, :id => 'password_confirmation' } %></dd> +<% end %> diff --git a/src/api/components/active_rbac/registration/confirm.rhtml b/src/api/components/active_rbac/registration/confirm.rhtml new file mode 100644 index 0000000..668299e --- /dev/null +++ b/src/api/components/active_rbac/registration/confirm.rhtml @@ -0,0 +1,10 @@ +<h2>Confirm Registration</h2> + +<p> +Do you want to confirm your registration? +</p> + +<%= start_form_tag :action => 'confirm', :user => @user, :token => @token %> + <%= submit_tag 'Yes', :name => 'yes' %> + <%= submit_tag 'No', :name => 'no' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/registration/confirm_failure.rhtml b/src/api/components/active_rbac/registration/confirm_failure.rhtml new file mode 100644 index 0000000..9373d1f --- /dev/null +++ b/src/api/components/active_rbac/registration/confirm_failure.rhtml @@ -0,0 +1,5 @@ +<h2>Confirm Failure</h2> + +<p> +Your confirmation information is invalid. You can signup <%= link_to 'here', :action => 'register' %>. +</p> \ No newline at end of file diff --git a/src/api/components/active_rbac/registration/confirm_success.rhtml b/src/api/components/active_rbac/registration/confirm_success.rhtml new file mode 100644 index 0000000..cdc7bf8 --- /dev/null +++ b/src/api/components/active_rbac/registration/confirm_success.rhtml @@ -0,0 +1,6 @@ +<h2>Registration Successfully Confirmed</h2> + +<p> +Hi <%= @user.login %>. Your account has been confirmed successfully. You can +now login <%= link_to 'following this link', :controller => 'login', :action => 'login' %>. +</p> \ No newline at end of file diff --git a/src/api/components/active_rbac/registration/lostpassword.rhtml b/src/api/components/active_rbac/registration/lostpassword.rhtml new file mode 100644 index 0000000..51f18b3 --- /dev/null +++ b/src/api/components/active_rbac/registration/lostpassword.rhtml @@ -0,0 +1,38 @@ +<h2>Lost Password Form</h2> + +<p> +If you have lost your password, you can fill out the form below +and a new generated password will be sent to you via email. +</p> + +<p> +Please note that password retrieval will fail if you have not confirmed +your registration first. +</p> + +<%= start_form_tag :action => 'lostpassword' %> + +<% unless @errors.empty?%> +<div class="errorExplanation"> + <ul> + <% @errors.each do |error| %> + <li><%= error %></li> + <% end %> + </ul> +</div> +<% end %> + +<dl class="form"> + <dt><label for="user_login">Your User Name</label></dt> + <dd><input type="text" id="user_login" name="login" size="30" /></dd> + + <dt><label for="user_email">Your Email</label></dt> + <dd> + <input type="text" id="user_email" name="email" size="30" /> + <div class="hint">An email will be sent to this address you need to + receive to complete the registration process.</div> + </dd> +</dl> + +<%= submit_tag 'Send Me A New Password' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/registration/lostpassword_success.rhtml b/src/api/components/active_rbac/registration/lostpassword_success.rhtml new file mode 100644 index 0000000..2d1f2dd --- /dev/null +++ b/src/api/components/active_rbac/registration/lostpassword_success.rhtml @@ -0,0 +1,7 @@ +<h3>Successfully Generated New Password</h3> + +<p> +Dear <em><%=h @user.login %></em>, the password has been sent to your email +adress <em><%=h @user.email %></em>. Please follow the instruction in this +email. +</p> diff --git a/src/api/components/active_rbac/registration/register.rhtml b/src/api/components/active_rbac/registration/register.rhtml new file mode 100644 index 0000000..dbca541 --- /dev/null +++ b/src/api/components/active_rbac/registration/register.rhtml @@ -0,0 +1,28 @@ +<h2>Register</h2> + +<%= error_messages_for 'user' %> + +<%= start_form_tag :action => 'register' %> + +<dl class="form"> + <dt><label for="user_login">Desired User Name</label></dt> + <dd><%= text_field 'user', 'login' %></dd> + + <dt><label for="user_email">Your Email</label></dt> + <dd> + <%= text_field 'user', 'email' %> + <div class="hint">An email will be sent to this address you need to + receive to complete the registration process.</div> + </dd> + + <%= render :partial => 'password' %> + + <% # include the additional form fields + for template_path in @additional_partials do %> + <%= render :partial => template_path %> + <% end %> +</dl> + + +<%= submit_tag 'Sign Up' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/registration/register_success.rhtml b/src/api/components/active_rbac/registration/register_success.rhtml new file mode 100644 index 0000000..1e2e635 --- /dev/null +++ b/src/api/components/active_rbac/registration/register_success.rhtml @@ -0,0 +1,10 @@ +<h2>Registration Succeeded</h2> + +<p> +Thanks, <em><%= @user.login %></em> for signining up. There is just one more +step to do. We sent you an email which describes the required steps. +</p> + +<p> +The websites's team. Bla Bla. +</p> \ No newline at end of file diff --git a/src/api/components/active_rbac/registration_controller.rb b/src/api/components/active_rbac/registration_controller.rb new file mode 100644 index 0000000..e665002 --- /dev/null +++ b/src/api/components/active_rbac/registration_controller.rb @@ -0,0 +1,126 @@ +# This controller provides actions for users to register with the system +# and retrieve lost passwords +class ActiveRbac::RegistrationController < ActiveRbac::ComponentController + uses_component_template_root + + # The layout this controller uses is configured in the + # Configuration class + layout config.controller[:layout] + + # Redirect to signup page + def index + redirect_to :action => 'register' + end + + # Displays a "registration" form on GET and tries to register a user on POST. + def register + if request.method != :post + # On anything but POST, we simply initialize @user with a new User object + # for the form. + @user = User.new + else + # On POST we try to register the user. + + # Set password and password_confirmation into [:user] parameters + params[:user] = Hash.new if params[:user].nil? + params[:user][:password] = params[:password] + params[:user][:password_confirmation] = params[:password_confirmation] + + # Execute the blocks given for the signup_fields configuration settings. + # These will add validation functions to the User model. + config.controller[:registration][:signup_fields].each { |field| field[:validation_proc].call } + + @user = User.new(params[:user]) + @user.password_hash_type = config.model[:default_hash_type] + + if @user.save then + @user.create_user_registration + + # The confirm_url should be set in the mailer, but seemingly the url methods + # hooked up with the routing are not available there. + confirm_url = url_for(:controller => 'registration', + :action => 'confirm', + :user => @user.id, + :token => @user.user_registration.token) + RegistrationMailer.deliver_confirm_registration(@user, confirm_url) + + render 'active_rbac/registration/register_success' + return + end + end + + # Set the additional partials to render within the form into the template + @additional_partials = config.controller[:registration][:signup_fields].collect { |field| field[:template_path] } + end + + # Displays a "do you really want to confirm registration" form on GET and + # tries to confirm the user's registration on POST. + def confirm + if request.method != :post + # Show the confirmation form on anything but GET + @user = User.find(params[:user]) + + unless !@user.user_registration.nil? and @user.user_registration.token == params[:token] + # moo, just to get into the right rescue below + raise ActiveRecord::RecordNotFound + end + + @token = params[:token] + else + # Handle the confirmation on POST. + if params[:yes].nil? + # User said "no" + flash[:notice] = 'Your registration has not been confirmed.' + redirect_to '/' + end + + @user = User.find(params[:user]) + + unless !@user.user_registration.nil? and @user.user_registration.token == params[:token] + # moo, just to get into the right rescue below + raise ActiveRecord::RecordNotFound + end + + # Delete UserRegistration for good + @user.state = User.states['confirmed'] + @user.save + UserRegistration.delete @user.user_registration.id + + render 'active_rbac/registration/confirm_success' + end + rescue ActiveRecord::RecordNotFound + render 'active_rbac/registration/confirm_failure' + end + + # Displays "lost password form" on GET and tries to send a new one on POST. + def lostpassword + @errors = Array.new + + if request.method == :post + # Try to find the user with the given login and email adress + @user = User.find :first, + :conditions => [ 'login = ? AND email = ?', params[:login], params[:email]] + + + # We raise this here manually to have error handling in one place only + raise ActiveRecord::RecordNotFound if @user.nil? + + # A bit abusive to raise this exception here, but it is the same + # error that is visible to users. + raise ActiveRecord::RecordNotFound unless @user.state == User.states['confirmed'] + + # Change the user's password to a random one + password = Digest::MD5.hexdigest((rand 1000).to_s + Time.now.to_s).slice(1,10) + @user.update_password password + @user.save + + # Deliver lost password email + RegistrationMailer.deliver_lost_password(@user, password) + + # Render a success page + render 'active_rbac/registration/lostpassword_success' + end + rescue ActiveRecord::RecordNotFound + @errors << 'You have entered an invalid user name or an invalid email address.' + end +end \ No newline at end of file diff --git a/src/api/components/active_rbac/registration_mailer.rb b/src/api/components/active_rbac/registration_mailer.rb new file mode 100644 index 0000000..ffd60c8 --- /dev/null +++ b/src/api/components/active_rbac/registration_mailer.rb @@ -0,0 +1,65 @@ +require_dependency 'active_rbac/configuration' + +# We have to modifiy the ActionMailer::Base class a bit to add a +# uses_component_template_root function. +# +# TODO: Move this to the "general fixup" directory +module ActionMailer # :nodoc: + class Base # :nodoc: + def Base::uses_component_template_root # :nodoc: + path_of_calling_mailer = File.dirname(caller[0].split(/:\d+:/).first) + self.template_root = path_of_calling_mailer + end + end +end + +# This ActionMailer sends the mails and is used by the RegistrationController. +# Currently, only two kinds of email can be sent. +# +# * confirm_registration - is sent on users' registrations. It contains a link +# to the confirmation URL. +# * lost_password - is sent on "password lost" requests of users. It contains +# the new one-time password. +class RegistrationMailer < ActionMailer::Base + uses_component_template_root + + helper ActionView::Helpers::UrlHelper + + # The mail method for the confirmation email. + def confirm_registration(user, confirm_url) + @subject = config.mailer[:subjects][:confirm_registration] + @recipients = [user.email] + @from = config.mailer[:from] + @sent_on = Time.now + @headers = config.mailer[:headers] + + @body = { + :user => user, + :confirm_url => confirm_url + } + end + + # The mail method for the "password lost" email. + def lost_password(user, password) + @subject = config.mailer[:subjects][:lost_password] + @recipients = [user.email] + @from = config.mailer[:from] + @sent_on = Time.now + @headers = config.mailer[:headers] + + + @body = { + :user => user, + :password => password + } + end + + protected + + # An alias to self.config + def config; self.class.config; end + + def self.config + ActiveRbac::Configuration + end +end \ No newline at end of file diff --git a/src/api/components/active_rbac/registration_mailer/confirm_registration.rhtml b/src/api/components/active_rbac/registration_mailer/confirm_registration.rhtml new file mode 100644 index 0000000..0f78d53 --- /dev/null +++ b/src/api/components/active_rbac/registration_mailer/confirm_registration.rhtml @@ -0,0 +1,6 @@ +Hello <%= @user.login %> + +You (or someone who used your email address) has applied for an account at +our website. Confirm this application by visiting the following website: + + <%= @confirm_url %> diff --git a/src/api/components/active_rbac/registration_mailer/lost_password.rhtml b/src/api/components/active_rbac/registration_mailer/lost_password.rhtml new file mode 100644 index 0000000..5b30ebb --- /dev/null +++ b/src/api/components/active_rbac/registration_mailer/lost_password.rhtml @@ -0,0 +1,13 @@ +Hi <%= @user.login %> + +You (or someone else) has filed a request for a new password. Your new +password is: + + <%= @password %> + +Please go to our website and log in with this password. You will be +prompted to enter a new password when you have logged in successfully. + +Regards + +The ActiveRBAC service \ No newline at end of file diff --git a/src/api/components/active_rbac/role.rb b/src/api/components/active_rbac/role.rb new file mode 100644 index 0000000..b0b8197 --- /dev/null +++ b/src/api/components/active_rbac/role.rb @@ -0,0 +1,141 @@ +require 'exceptions' + +# The Role class represents a role in the database. Roles can have permissions +# associated with themselves. Roles can assigned be to roles and groups. +class Role < ActiveRecord::Base + # roles are arranged in a tree + acts_as_tree :order => 'title' + # roles have n:m relations for users + has_and_belongs_to_many :users, :uniq => true + # roles have n:m relations to groups + has_and_belongs_to_many :groups, :uniq => true + # roles have n:m relations to permissions + has_and_belongs_to_many :static_permissions, :uniq => true + # protect users and groups from mass assigning - we want to do those + # manually + attr_protected :users, :parent, :static_permissions + + # This method returns the whole inheritance tree upwards, i.e. this role + # and all parents as a list. + def ancestors_and_self + result = [self] + + if parent != nil + result << parent.ancestors_and_self + end + + result.flatten! + result.uniq! + + return result + end + + # This method returns itself, all children and all children of its children + # in a flat list. + def descendants_and_self + result = [self] + + children.each { |child| result << child.descendants_and_self } + + result.flatten! + + return result + end + + # This method returns all users assigned to this role, its children + # or any users assigned this role has been assigned through their roles. + def all_users + result = [] + + self.descendants_and_self.each do |role| + if role == self + result << role.users + else + result << role.all_users + end + end + self.all_groups.each { |group| result << group.all_users } + + result.flatten! + result.uniq! + + return result + end + + # This method returns all groups this role has been assigned to and + # all of their children. + def all_groups + result = [] + + self.groups.each { |group| result << group.descendants_and_self } + + result.flatten! + result.uniq! + + return result + end + + # This method returns all permissions granted to this role and all + # of its parents. + def all_static_permissions + result = [] + + ancestors_and_self.each { |role| result << role.static_permissions } + + result.flatten! + result.uniq! + + return result + end + + # We're overriding "parent=" below. So we alias the one from the acts_as_tree + # mixin to "old_parent=". + alias_method :old_parent=, :parent= + + # We protect the parent attribute here. If a group is given as a parent, that + # is a descendant from this group, we raise a RecursionInTree error and stop + # assignment. + def parent=(value) + if descendants_and_self.include?(value) + raise RecursionInTree, "Trying to set parent to descendant", caller + else + self.old_parent = value + end + end + + # This method blocks destroying a role if it still has children. This method + # raises a CantDeleteWithChildren exception if this error occurs. It is an + # ActiveRecord event hook. + def before_destroy + raise CantDeleteWithChildren unless children.empty? + end + + # Overriding this method to make "title" visible as "Name". This is called in + # forms to create error messages. + def human_attribute_name (attr) + return case attr + when 'title' then 'Name' + else super.human_attribute_name attr + end + end + + protected + + # We want to validate a role's title pretty thoroughly. + validates_uniqueness_of :title, + :message => 'is the name of an already existing role.' + validates_format_of :title, + :with => %r{^[\w \$\^\-\.#\*\+&'"]*$}, + :message => 'must not contain invalid characters.' + validates_length_of :title, + :in => 2..100, :allow_nil => true, + :too_long => 'must have less than 100 characters.', + :too_short => 'must have more than two characters.', + :allow_nil => false + + # Implement ActiveRecords' validate method here to enforce that parents in + # tree are actually roles. + def validate + errors.add(:parent, "must be a valid role.") unless parent.instance_of? Role or parent.nil? + end +end diff --git a/src/api/components/active_rbac/role/_form.rhtml b/src/api/components/active_rbac/role/_form.rhtml new file mode 100644 index 0000000..70980ab --- /dev/null +++ b/src/api/components/active_rbac/role/_form.rhtml @@ -0,0 +1,57 @@ +<%= error_messages_for 'role' %> + +<!--[form:role]--> +<dl> + <dt><label for="role_title">Role's Name</label></dt> + <dd><%= text_field 'role', 'title' %></dd> + + <dt><label>Role's Parent</label></dt> + <dd> + <% unless @role.errors[:parent].nil? %><div class="fieldWithErrors"><% end %> + <ul class="roleTree"> + <li> + <% if @role.parent.nil? %> + <input id="role_parent_self" type="radio" name="role[parent]" value="" checked="checked" /> + <% else %> + <input id="role_parent_self" type="radio" name="role[parent]" value="" /> + <% end %> + <label for="role_parent_self">no parent (direct root child)</label> + <%= roles = Role.find_all + roles.delete_if { |r| @role.descendants_and_self.include?(r) } + node_tree(roles) do |role| + result = " " if @role.parent == role + result = " " if @role.parent != role + + result += "#{role.title}</label> " + result + end %> + </li> + </ul> + <% unless @role.errors[:parent].nil? %></div><% end %> + </dd> + + <dt><label>Static Permissions</label></dt> + <dd> + <ul> + <% for permission in StaticPermission.find :all do %> + <% if @role.static_permissions.include? permission %> + <li> + + <label for="role_static_permission_<%= permission.id%>"><%= permission.title %></label> + </li> + <% else %> + <li> + + <label for="role_static_permission_<%= permission.id%>"><%= permission.title %></label> + </li> + <% end %> + <% end %> + </ul> +</dl> +<!--[eoform:role]--> + diff --git a/src/api/components/active_rbac/role/delete.rhtml b/src/api/components/active_rbac/role/delete.rhtml new file mode 100644 index 0000000..589f62c --- /dev/null +++ b/src/api/components/active_rbac/role/delete.rhtml @@ -0,0 +1,12 @@ +<h2>Deleting Role "<%= @role.title %>"</h2> + +<p> +Are you sure you want to delete the role with the name "<%= @role.title %>"? +All users will be unassigned from this role and all permissions will be revoked from +it. <strong>This action cannot be reverted</strong>. +</p> + +<%= start_form_tag :action => 'destroy', :id => @role %> + <%= submit_tag 'Yes', :name => 'yes' %> + <%= submit_tag 'No', :name => 'no' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/role/edit.rhtml b/src/api/components/active_rbac/role/edit.rhtml new file mode 100644 index 0000000..027ce60 --- /dev/null +++ b/src/api/components/active_rbac/role/edit.rhtml @@ -0,0 +1,9 @@ +<h2>Editing role <%= @role.title %></h2> + +<%= start_form_tag :action => 'update', :id => @role %> + <%= render_partial 'form' %> + <%= submit_tag 'Apply Changes' %> +<%= end_form_tag %> + +<%= link_to 'Show', :action => 'show', :id => @role %> | +<%= link_to 'Back', :action => 'list' %> diff --git a/src/api/components/active_rbac/role/list.rhtml b/src/api/components/active_rbac/role/list.rhtml new file mode 100644 index 0000000..42df2f6 --- /dev/null +++ b/src/api/components/active_rbac/role/list.rhtml @@ -0,0 +1,22 @@ +<h2>Listing Roles</h2> + +<p> +Below is a complete tree of all roles known to the system. +</p> + +<div class="commands"> +<%= link_to 'New role', :action => 'new' %> +</div> + +<%= node_tree @roles do |role| + result = link_to(role.title, { :action => 'show', :id => role }) + " " + result += "[" + role.users.length.to_s + "/" + role.all_users.length.to_s + " users, " + result += role.groups.length.to_s + "/" + role.all_groups.length.to_s + " groups]" + result += "(" + link_to('S', { :action => 'show', :id => role }, :title => 'Show') + " " + result += link_to('E', { :action => 'edit', :id => role }, :title => 'Edit') + " " + result += link_to('D', { :action => 'delete', :id => role }, :title => 'Delete') + ")" + end %> + +<div class="commands"> +<%= link_to 'New role', :action => 'new' %> +</div> diff --git a/src/api/components/active_rbac/role/new.rhtml b/src/api/components/active_rbac/role/new.rhtml new file mode 100644 index 0000000..a781b4c --- /dev/null +++ b/src/api/components/active_rbac/role/new.rhtml @@ -0,0 +1,8 @@ +<h2>New role</h2> + +<%= start_form_tag :action => 'create' %> + <%= render_partial 'form' %> + <%= submit_tag "Create Role" %> +<%= end_form_tag %> + +<%= link_to 'Back', :action => 'list' %> diff --git a/src/api/components/active_rbac/role/show.rhtml b/src/api/components/active_rbac/role/show.rhtml new file mode 100644 index 0000000..433f890 --- /dev/null +++ b/src/api/components/active_rbac/role/show.rhtml @@ -0,0 +1,110 @@ +<h2>Details for Role "<%=h @role.title %>"</h2> + +<div class="commands"> +<%= link_to 'Delete', :action => 'delete', :id => @role %> +<%= link_to 'Edit', :action => 'edit', :id => @role %> +<%= link_to 'Back to List', :action => 'list' %> +</div> + +<dl> + <dt>Name:</dt> + <dd><%=h @role.title %></dd> + + <dt>Parent:</dt> + <% if @role.parent == nil %> + <dd>No parent, this role is a root role</dd> + <% else %> + <dd><%= link_to @role.parent.title, { :action => 'show', :id => @role.parent } %></dd> + <% end %> + + <dt>Created At</dt> + <dd><%= @role.created_at.to_formatted_s(:long) %></dd> + + <dt>Updated At</dt> + <dd><%= @role.updated_at.to_formatted_s(:long) %></dd> + + <dt>Children:</dt> + <% if @role.children.empty? %> + <dd>No Children</dd> + <% else %> + <dd><%= node_tree(@role.children) { |role| result = link_to(role.title, { :action => 'show', :id => role }) } %></dd> + <% end %> +</dl> + +<div class="commands"> +<%= link_to 'Delete', :action => 'delete', :id => @role %> +<%= link_to 'Edit', :action => 'edit', :id => @role %> +<%= link_to 'Back to List', :action => 'list' %> +</div> + +<h3>Directly Assigned Users</h3> + +<% if @role.users.length == 0 %> +<p>None</p> +<% else %> +<ul> + <% for user in @role.users %> + <li><%= link_to user.login, { :controller => 'user', :action => 'show', :id => user } %></li> + <% end %> +</ul> +<% end %> + +<h3>All Assigned Users</h3> + +<% if @role.all_users.length == 0 %> +<p>None</p> +<% else %> +<ul> + <% for user in @role.all_users %> + <li><%= link_to user.login, { :controller => 'user', :action => 'show', :id => user } %></li> + <% end %> +</ul> +<% end %> + +<h3>Directly Assigned Groups</h3> + +<% if @role.groups.length == 0 %> +<p>None</p> +<% else %> +<ul> + <% for group in @role.groups %> + <li><%= link_to group.title, { :controller => 'group', :action => 'show', :id => group } %></li> + <% end %> +</ul> +<% end %> + +<h3>All Assigned Groups</h3> + +<% if @role.all_groups.length == 0 %> +<p>None</p> +<% else %> +<ul> + <% for group in @role.all_groups %> + <li><%= link_to group.title, { :controller => 'group', :action => 'show', :id => group } %></li> + <% end %> +</ul> +<% end %> + +<h3>Directly Assigned Permissions</h3> + +<% if @role.static_permissions.empty? %> +<p>No permissions</p> +<% else %> +<ul> + <% for permission in @role.static_permissions do %> + <li><%= link_to permission.title, { :controller => 'static_permission', :action => 'show', :id => permission }%></li> + <% end %> +</ul> +<% end %> + +<h3>All Assigned Permissions</h3> + +<% if @role.all_static_permissions.empty? %> +<p>No permissions</p> +<% else %> +<ul> + <% for permission in @role.all_static_permissions do %> + <li><%= link_to permission.title, { :controller => 'static_permission', :action => 'show', :id => permission }%></li> + <% end %> +</ul> +<% end %> diff --git a/src/api/components/active_rbac/role_controller.rb b/src/api/components/active_rbac/role_controller.rb new file mode 100644 index 0000000..9119d89 --- /dev/null +++ b/src/api/components/active_rbac/role_controller.rb @@ -0,0 +1,152 @@ +require_dependency 'active_rbac/helpers/rbac_helper' + +class ActiveRbac::RoleController < ActiveRbac::ComponentController + uses_component_template_root + + # The RbacHelper allows us to render +acts_as_tree+ AR elegantly + helper RbacHelper + + # The layout this controller uses is configured in the + # Configuration class + layout config.controller[:layout] + + # We force users to use POST on the state changing actions. + verify :method => :post, + :only => [ :create, :update, :destroy ], + :redirect_to => { :action => 'list' }, + :add_flash => { :error => 'You sent an invalid request!' } + + # We force users to use GET on all other methods, though. + verify :method => :get, + :only => [ :index, :list, :show, :new, :delete ], + :redirect_to => { :action => 'list' }, + :add_flash => { :error => 'You sent an invalid request!' } + + # Simply redirects to #list. + def index + redirect_to :action => 'list' + end + + # Displays all roles known to the system as trees. + def list + # We don't use pagination here since we want to display the roles in a + # nice tree. Additionally, there won't be more than ~100 roles in a + # normal scenario anyway - far less! + @roles = Role.find_all + end + + # Show a role identified by the +:id+ path fragment in the URL. + def show + @role = Role.find(params[:id]) + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'The role could not be found' + redirect_to :action => 'list' + end + + # Displays a form to create a new role. Posts to the #create action. + def new + @role = Role.new + end + + # Creates a new role. +create+ is only accessible via POST and renders + # the same form as #new on validation errors. + def create + @role = Role.new(params[:role]) + + # get an array of static permissions and set the permission associations + params[:role][:static_permissions] = [] if params[:role][:static_permissions].nil? + permissions = params[:role][:static_permissions].collect { |i| StaticPermission.find(i) } + @role.static_permissions = permissions + + # assign parent role + if not params[:role][:parent].to_s.empty? + @role.parent = Role.find(params[:role][:parent].to_i) + end + + if @role.save + flash[:notice] = 'Role has been created successfully.' + redirect_to :action => 'show', :id => @role.id + else + render :action => 'new' + end + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'You sent an invalid request.' + redirect_to :action => 'list' + end + + # Loads the role identified by the :id parameter from the url fragment from + # the database and displays an edit form with the role's data. + def edit + @role = Role.find(params[:id].to_i) + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'This role could not be found.' + redirect_to :action => 'list' + end + + # Updates a role record in the database. +update+ is only accessible via + # POST and renders the same form as #edit on validation errors. + def update + @role = Role.find(params[:id].to_i) + + # set parent role + if not params[:role][:parent].to_s.empty? + @role.parent = Role.find(params[:role][:parent]) + else + @role.parent = nil + end + + # get an array of static permissions and set the permission associations + params[:role][:static_permissions] = [] if params[:role][:static_permissions].nil? + permissions = params[:role][:static_permissions].collect { |i| StaticPermission.find(i) } + @role.static_permissions = permissions + + if @role.update_attributes(params[:role]) + flash[:notice] = 'Role has been updated successfully.' + redirect_to :action => 'show', :id => @role + else + render :action => 'edit' + end + + rescue RecursionInTree + @role.errors.add :parent, "must not be a descendant of itself" + render :action => 'edit' + rescue ActiveRecord::RecordNotFound + flash[:error] = 'You sent an invalid request.' + redirect_to :action => 'list' + end + + # Loads the role specified by the :id parameters from the url fragment from + # the database and displays a "Do you really want to delete it?" form. It + # posts to #destroy. + def delete + @role = Role.find(params[:id]) + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'This role could not be found.' + redirect_to :action => 'list' + end + + # Removes a role record from the database. +destroy+ is only accessible + # via POST. If the answer to the form in #delete has not been "Yes", it + # redirects to the #show action with the selected's role's ID. + def destroy + if not params[:yes].nil? + Role.find(params[:id].to_i).destroy + flash[:notice] = 'The role has been deleted successfully.' + redirect_to :action => 'list' + else + flash[:notice] = 'The role has not been deleted.' + redirect_to :action => 'show', :id => params[:id] + end + + rescue CantDeleteWithChildren + flash[:error] = "You have to delete or move the role's children before attempting to delete the role itself." + redirect_to :action => 'show', :id => params[:id] + rescue ActiveRecord::RecordNotFound + flash[:error] = 'This role could not be found.' + redirect_to :action => 'list' + end +end diff --git a/src/api/components/active_rbac/shared/_pagination.rhtml b/src/api/components/active_rbac/shared/_pagination.rhtml new file mode 100644 index 0000000..ffcad62 --- /dev/null +++ b/src/api/components/active_rbac/shared/_pagination.rhtml @@ -0,0 +1,19 @@ +<div class="pagerNavigation"> + <em>go to page:</em> + <%= link_to 'first', { :page => pages.first }, { :title => 'first' } %> + <%= link_to 'previous', { :page => pages.current.previous }, { :title => 'go to previous page' } if pages.current.previous %> + <% if pages.current.to_i - 3 > 1 %>…<% end %> + <% 3.downto 1 do |i| %> + <% index = pages.current.to_i - i %> + <%= link_to(pages[index].to_i, { :page => index}) if pages.has_page_number? index %> + <% end %> + <%= pages.current.to_i %> + <% for i in 1..3 do %> + <% index = pages.current.to_i + i %> + <%= link_to(pages[index].to_i, { :page => index}) if pages.has_page_number? index %> + <% end %> + <% if pages.length > pages.current.to_i + 3 %>…<% end %> + <%= link_to 'next', { :page => pages.current.next }, { :title => 'go to next page' } if pages.current.next %> + <%= link_to 'last', { :page => pages.last }, { :title => 'go to last page' } %> + <em>total: <%= pages.length %></em> +</div> diff --git a/src/api/components/active_rbac/static_permission.rb b/src/api/components/active_rbac/static_permission.rb new file mode 100644 index 0000000..a8a259b --- /dev/null +++ b/src/api/components/active_rbac/static_permission.rb @@ -0,0 +1,34 @@ +# This class represents a "static permission" dataset in the database. A +# static permission basically only is a string that can be attached to a +# role. You can then check for it being assigned to a role in your application +# code. +class StaticPermission < ActiveRecord::Base + # static permissions have n:m relations to roles + has_and_belongs_to_many :roles, :uniq => true + + # This method returns all roles this permission has been granted + # to and all of their children. + def all_roles + result = [] + + self.roles.each { |role| result << role.descendants_and_self } + + result.flatten! + result.uniq! + + return result + end + + # We want to validate a static permission's title pretty thoroughly. + validates_uniqueness_of :title, + :message => 'is the name of an already existing static permission.' + validates_presence_of :title, + :message => 'must be given.' + validates_format_of :title, + :with => %r{^[\w \$\^\-\.#\*\+&'"]*$}, + :message => 'must not contain invalid characters.' + validates_length_of :title, + :in => 2..100, :allow_nil => true, + :too_long => 'must have less than 100 characters.', + :too_short => 'must have more than two characters.' +end diff --git a/src/api/components/active_rbac/static_permission/_form.rhtml b/src/api/components/active_rbac/static_permission/_form.rhtml new file mode 100644 index 0000000..fbb230c --- /dev/null +++ b/src/api/components/active_rbac/static_permission/_form.rhtml @@ -0,0 +1,10 @@ +<%= error_messages_for 'permission' %> + +<!--[form:permission]--> +<dl> + <dt><label for="permission_title">Title</label></dt> + <dd> + <%= text_field 'permission', 'title' %> + </dt> +</dl> +<!--[eoform:permission]--> diff --git a/src/api/components/active_rbac/static_permission/delete.rhtml b/src/api/components/active_rbac/static_permission/delete.rhtml new file mode 100644 index 0000000..64fd31f --- /dev/null +++ b/src/api/components/active_rbac/static_permission/delete.rhtml @@ -0,0 +1,13 @@ +<h2>Deleting Permission "<%= @permission.title %>"</h2> + +<p> +Are you sure you want to delete the permission with the name +"<%= @permission.title %>"? All roles that currently +have this permission granted to them will have this permission revoked +from them. <strong>This action cannot be reverted</strong>. +</p> + +<%= start_form_tag :action => 'destroy', :id => @permission %> + <%= submit_tag 'Yes', :name => 'yes' %> + <%= submit_tag 'No', :name => 'no' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/static_permission/edit.rhtml b/src/api/components/active_rbac/static_permission/edit.rhtml new file mode 100644 index 0000000..874343e --- /dev/null +++ b/src/api/components/active_rbac/static_permission/edit.rhtml @@ -0,0 +1,9 @@ +<h2>Editing Permission</h2> + +<%= start_form_tag :action => 'update', :id => @permission %> + <%= render_partial 'form' %> + <%= submit_tag 'Apply Changes' %> +<%= end_form_tag %> + +<%= link_to 'show', :action => 'show', :id => @permission %> | +<%= link_to 'back to list', :action => 'list' %> diff --git a/src/api/components/active_rbac/static_permission/list.rhtml b/src/api/components/active_rbac/static_permission/list.rhtml new file mode 100644 index 0000000..eb4cefe --- /dev/null +++ b/src/api/components/active_rbac/static_permission/list.rhtml @@ -0,0 +1,30 @@ +<h2>Listing Permissions</h2> + +<%= render :partial => '/active_rbac/shared/pagination', :locals => { :pages => @permission_pages } %> + +<table> + <thead> + <tr> + <th>ID</th> + <th>Title</th> + <th>Operations</th> + </tr> + </thead> + <tbody> + <% for permission in @permissions %> + <tr> + <td><%=h permission.id %></td> + <td><%=h permission.title %></td> + + <td> + <%= link_to 'S', :action => 'show', :id => permission %> + <%= link_to 'E', :action => 'edit', :id => permission %> + <%= link_to 'D', :action => 'delete', :id => permission %></td> + </tr> + <% end %> + </tbody> +</table> + +<%= render :partial => '/active_rbac/shared/pagination', :locals => { :pages => @permission_pages } %> + +<%= link_to 'New permission', :action => 'new' %> diff --git a/src/api/components/active_rbac/static_permission/new.rhtml b/src/api/components/active_rbac/static_permission/new.rhtml new file mode 100644 index 0000000..888071a --- /dev/null +++ b/src/api/components/active_rbac/static_permission/new.rhtml @@ -0,0 +1,8 @@ +<h2>New Permission</h2> + +<%= start_form_tag :action => 'create' %> + <%= render_partial 'form' %> + <%= submit_tag "Create New Permission" %> +<%= end_form_tag %> + +<%= link_to 'back to list', :action => 'list' %> diff --git a/src/api/components/active_rbac/static_permission/show.rhtml b/src/api/components/active_rbac/static_permission/show.rhtml new file mode 100644 index 0000000..ec66505 --- /dev/null +++ b/src/api/components/active_rbac/static_permission/show.rhtml @@ -0,0 +1,43 @@ +<h2>Details for Permission "<%=h @permission.title %>"</h2> + +<div class="commands"> +<%= link_to 'Delete', :action => 'delete', :id => @permission %> +<%= link_to 'Edit', :action => 'edit', :id => @permission %> +<%= link_to 'Back to List', :action => 'list' %> +</div> + +<dl> + <dt>Name:</dt> + <dd><%=h @permission.title %></dd> + + <dt>Created At:</dt> + <dd><%= @permission.created_at.to_formatted_s(:long) %></dd> + + <dt>Updated At:</dt> + <dd><%= @permission.updated_at.to_formatted_s(:long) %></dd> +</dl> + +<div class="commands"> +<%= link_to 'Delete', :action => 'delete', :id => @permission %> +<%= link_to 'Edit', :action => 'edit', :id => @permission %> +<%= link_to 'Back to List', :action => 'list' %> +</div> + +<h3>Assigned Roles</h3> + +<% if @permission.roles.empty? %> +<p>No roles</p> +<% else %> +<ul> + <% for role in @permission.roles do %> + <li><%= link_to role.title, { :controller => 'role', :action => 'show', :id => role }%></li> + <% end %> +</ul> +<% end %> + +<h3>All Assigned Roles</h3> +<% if @permission.all_roles.empty? %> +<p>No roles</p> +<% else %> +<%= node_tree(@permission.all_roles) { |role| result = link_to(role.title, { :controller => 'role', :action => 'show', :id => role }) } %> +<% end %> diff --git a/src/api/components/active_rbac/static_permission_controller.rb b/src/api/components/active_rbac/static_permission_controller.rb new file mode 100644 index 0000000..900c651 --- /dev/null +++ b/src/api/components/active_rbac/static_permission_controller.rb @@ -0,0 +1,128 @@ +require_dependency 'active_rbac/helpers/rbac_helper' + +# This is the controller that provides CRUD functionality for the +# StaticPermission model. +class ActiveRbac::StaticPermissionController < ActiveRbac::ComponentController + uses_component_template_root + + # The RbacHelper allows us to render +acts_as_tree+ AR elegantly + helper RbacHelper + + # The layout this controller uses is configured in the + # Configuration class + layout config.controller[:layout] + + # We force users to use POST on the state changing actions. + verify :method => :post, + :only => [ :create, :update, :destroy ], + :redirect_to => { :action => 'list' }, + :add_flash => { :error => 'You sent an invalid request!' } + + # We force users to use GET on all other methods, though. + verify :method => :get, + :only => [ :index, :list, :show, :new, :delete ], + :redirect_to => { :action => 'list' }, + :add_flash => { :error => 'You sent an invalid request!' } + + # Simply redirects to #list + def index + redirect_to :action => 'list' + end + + # Displays a tree of all static permission. + def list + @permission_pages, @permissions = paginate :static_permission, :per_page => 20 + end + + # Show a static permission identified by the +:id+ path fragment in the URL. + def show + @permission = StaticPermission.find(params[:id]) + + rescue ActiveRecord::RecordNotFound + flash[:notice] = 'This permission could not be found.' + redirect_to :action => 'list' + end + + # Displays a form to create a new static permission. Posts to the #create + # action. + def new + @permission = StaticPermission.new + end + + # Creates a new static permission. +create+ is only accessible via POST and + # renders the same form as #new on validation errors. + def create + @permission = StaticPermission.new(params[:permission]) + + # assign properties to group + if @permission.save + flash[:notice] = 'The permission has been created successfully.' + redirect_to :action => 'show', :id => @permission.id + else + render :action => 'new' + end + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'You sent an invalid request.' + redirect_to :action => 'list' + end + + # Loads the static permission identified by the :id parameter from the url + # fragment from the database and displays an edit form with the static + # permission. + def edit + @permission = StaticPermission.find(params[:id]) + rescue + flash[:notice] = 'Invalid permission given!' + redirect_to :action => 'list' + end + + # Updates a static permission record in the database. +update+ is only + # accessible via POST and renders the same form as #edit on validation + # errors. + def update + @permission = StaticPermission.find(params[:id]) + + # Bulk-Assign the other attributes from the form. + if @permission.update_attributes(params[:permission]) + flash[:notice] = 'Permission has been updated successfully.' + redirect_to :action => 'show', :id => @permission.to_param + else + render :action => 'edit' + end + + rescue ActiveRecord::RecordNotFound + flash[:notice] = 'This permission could not be found!' + redirect_to :action => 'list' + end + + # Loads the static permission specified by the :id parameters from the url + # fragment from the database and displays a "Do you really want to delete + # it?" form. It posts to #destroy. + def delete + @permission = StaticPermission.find(params[:id]) + + rescue ActiveRecord::RecordNotFound + flash[:notice] = 'This permission could not be found!' + redirect_to :action => 'list' + end + + # Removes a static permission record from the database. +destroy+ is only + # accessible via POST. If the answer to the form in #delete has not been + # "Yes", it redirects to the #show action with the selected's permission's + # ID. + def destroy + if not params[:yes].nil? + StaticPermission.find(params[:id]).destroy + flash[:notice] = 'The permission has been deleted successfully' + redirect_to :action => 'list' + else + flash[:notice] = 'The permission has not been deleted.' + redirect_to :action => 'show', :id => params[:id] + end + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'This group could not be found.' + redirect_to :action => 'list' + end +end diff --git a/src/api/components/active_rbac/test/fixtures/groups.yml b/src/api/components/active_rbac/test/fixtures/groups.yml new file mode 100644 index 0000000..3ad2513 --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/groups.yml @@ -0,0 +1,80 @@ +--- !omap +- heroes_group: + id: 1 + parent_id: NULL + title: Heroes + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- greeks_group: + id: 2 + parent_id: NULL + title: Greeks + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- cretes_group: + id: 3 + parent_id: 2 + title: Cretes + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- greek_heroes_group: + id: 4 + parent_id: NULL + title: "Greek Heroes" + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- greek_kings_group: + id: 5 + parent_id: 2 + title: "Greek Kings" + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- gods_group: + id: 6 + parent_id: NULL + title: "Gods" + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- gods_not_in_olymp_group: + id: 7 + parent_id: 6 + title: "Gods not in Olymp" + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- greek_warriors_group: + id: 8 + parent_id: NULL + title: "Greek Warriors" + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- troys_besiegers_group: + id: 9 + parent_id: 8 + title: "Troy's Besiegers" + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- punished_heroes_group: + id: 10 + parent_id: NULL + title: "Punished Heroes" + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +#<% 100.times do |i| %> +#- dummy_group_<%= i %>: +# id: <%= 100 + i %> +# parent_id: NULL +# title: Dummy Group No. <%= i %> +# created_at: 2005-08-02 14:52:12 +# updated_at: 2005-08-02 14:52:12 +# +#<% end %> \ No newline at end of file diff --git a/src/api/components/active_rbac/test/fixtures/groups_roles.yml b/src/api/components/active_rbac/test/fixtures/groups_roles.yml new file mode 100644 index 0000000..f49e4cc --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/groups_roles.yml @@ -0,0 +1,23 @@ +# simple assignment of role to group. +greek_heroes_group_has_greek_heroes_role: + group_id: 4 + role_id: 3 + created_at: 2005-08-02 14:52:12 + +# assignment of role through role hierarchy to group +greek_kings_group_has_greek_kings_role: + group_id: 5 + role_id: 5 + created_at: 2005-08-02 14:52:12 + +# simple assignment of role to group hierarchy +gods_not_in_olymp_group_has_god_of_death_role: + group_id: 7 + role_id: 6 + created_at: 2005-08-02 14:52:12 + +# assignment of role through role hierarchy through group hierarchy +troys_besiegers_group_has_greek_warriors_role: + group_id: 9 + role_id: 8 + created_at: 2005-08-02 14:52:12 \ No newline at end of file diff --git a/src/api/components/active_rbac/test/fixtures/groups_users.yml b/src/api/components/active_rbac/test/fixtures/groups_users.yml new file mode 100644 index 0000000..c4bb97d --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/groups_users.yml @@ -0,0 +1,29 @@ +odysseus_is_in_punished_heroes_group: + group_id: 10 + user_id: 11 + created_at: 2005-08-02 14:52:12 + +ariadne_is_in_cretes_group: + group_id: 3 + user_id: 2 + created_at: 2005-08-02 14:52:12 + +perseus_is_in_greek_heroes_group: + group_id: 4 + user_id: 12 + created_at: 2005-08-02 14:52:12 + +minos_is_in_greek_kings_group: + group_id: 5 + user_id: 10 + created_at: 2005-08-02 14:52:12 + +hades_is_in_gods_not_in_olymp_group: + group_id: 7 + user_id: 5 + created_at: 2005-08-02 14:52:12 + +agamemnon_is_in_troys_besiegers_group: + group_id: 9 + user_id: 1 + created_at: 2005-08-02 14:52:12 diff --git a/src/api/components/active_rbac/test/fixtures/registration_mailer/confirm_registration b/src/api/components/active_rbac/test/fixtures/registration_mailer/confirm_registration new file mode 100644 index 0000000..87e8e46 --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/registration_mailer/confirm_registration @@ -0,0 +1,6 @@ +Hello test login + +You (or someone who used your email address) has applied for an account at +our website. Confirm this application by visiting the following website: + + http://www.example.com diff --git a/src/api/components/active_rbac/test/fixtures/registration_mailer/lost_password b/src/api/components/active_rbac/test/fixtures/registration_mailer/lost_password new file mode 100644 index 0000000..5db3d13 --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/registration_mailer/lost_password @@ -0,0 +1,13 @@ +Hi USER LOGIN + +You (or someone else) has filed a request for a new password. Your new +password is: + + NEW PASSWORD + +Please go to our website and log in with this password. You will be +prompted to enter a new password when you have logged in successfully. + +Regards + +The ActiveRBAC service \ No newline at end of file diff --git a/src/api/components/active_rbac/test/fixtures/roles.yml b/src/api/components/active_rbac/test/fixtures/roles.yml new file mode 100644 index 0000000..f08bd5a --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/roles.yml @@ -0,0 +1,56 @@ +--- !omap +- gods_role: + id: 1 + parent_id: NULL + title: Gods + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- major_gods_role: + id: 2 + parent_id: 1 + title: Major Gods + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- greek_heroes_role: + id: 3 + parent_id: NULL + title: "Greek Heroes" + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- greek_men_role: + id: 4 + parent_id: NULL + title: Greek Men + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- greek_kings_role: + id: 5 + parent_id: 4 + title: Greek Kings + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- god_of_death_role: + id: 6 + parent_id: NULL + title: God Of Death + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- greeks_role: + id: 7 + parent_id: NULL + title: Greeks + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 + +- greek_warriors_role: + id: 8 + parent_id: 7 + title: Greek Warriors + created_at: 2005-08-02 14:52:12 + updated_at: 2005-08-02 14:52:12 diff --git a/src/api/components/active_rbac/test/fixtures/roles_static_permissions.yml b/src/api/components/active_rbac/test/fixtures/roles_static_permissions.yml new file mode 100644 index 0000000..dee6429 --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/roles_static_permissions.yml @@ -0,0 +1,14 @@ +gods_may_access_olymp: + role_id: 1 + static_permission_id: 1 + created_at: 2005-08-11 14:41:21 + +greek_kings_may_sit_on_throne: + role_id: 5 + static_permission_id: 2 + created_at: 2005-08-11 14:41:21 + +greek_heroes_may_slay_monsters: + role_id: 3 + static_permission_id: 3 + created_at: 2005-08-11 14:41:21 diff --git a/src/api/components/active_rbac/test/fixtures/roles_users.yml b/src/api/components/active_rbac/test/fixtures/roles_users.yml new file mode 100644 index 0000000..bbe04fd --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/roles_users.yml @@ -0,0 +1,11 @@ +# Direct role assignment: God -> Hermes +hermes_has_role_gods: + user_id: 7 + role_id: 1 + created_at: 2005-08-02 14:52:12 + +# Indirect role assignment: God -> Major God -> Zeus +zeus_has_role_major_gods: + user_id: 13 + role_id: 2 + created_at: 2005-08-02 14:52:12 \ No newline at end of file diff --git a/src/api/components/active_rbac/test/fixtures/static_permissions.yml b/src/api/components/active_rbac/test/fixtures/static_permissions.yml new file mode 100644 index 0000000..b012bf5 --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/static_permissions.yml @@ -0,0 +1,17 @@ +access_olymp_permission: + id: 1 + created_at: 2005-08-11 13:45:18 + updated_at: 2005-08-11 13:45:18 + title: Access Olymp + +sit_on_throne_permission: + id: 2 + created_at: 2005-08-11 13:45:18 + updated_at: 2005-08-11 13:45:18 + title: Sit On Throne + +slay_monsters_permission: + id: 3 + created_at: 2005-08-11 13:45:18 + updated_at: 2005-08-11 13:45:18 + title: Slay Monsters diff --git a/src/api/components/active_rbac/test/fixtures/user_registrations.yml b/src/api/components/active_rbac/test/fixtures/user_registrations.yml new file mode 100644 index 0000000..1177653 --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/user_registrations.yml @@ -0,0 +1,18 @@ +# Create a never-expired user_registration for Hephaestus. This should +# never be deleted in User.purge_users_with_expired_registration +hephaestus_registration: + id: 1 + user_id: 6 + created_at: <%= Time.now.to_formatted_s :db %> + expires_at: <%= Time.now.in(1.day).to_formatted_s :db %> + token: hephaestus + +# Create an alwas-expired user_registration for Dionysus. This should +# always be deleted in User.purge_users_with_expired_registration +dionysus_registration: + id: 2 + user_id: 4 + created_at: <%= Time.now.ago(8.day).to_formatted_s :db %> + expires_at: <%= Time.now.ago(7.day).to_formatted_s :db %> + token: dionysus + \ No newline at end of file diff --git a/src/api/components/active_rbac/test/fixtures/users.yml b/src/api/components/active_rbac/test/fixtures/users.yml new file mode 100644 index 0000000..a8cb40e --- /dev/null +++ b/src/api/components/active_rbac/test/fixtures/users.yml @@ -0,0 +1,199 @@ +# Test for assigning a role through role inheritance and group inheritance: +# +# Role: Greek -> Role: Warrior -> Group: Greek Warriors -> +# Group: Troy's Besieger -> Agamemnon +--- !omap +- agamemnon_user: + id: 1 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Agamemnon + email: agamemnon@olymp + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 2 + +# Test for assigning a group through group inheritance: +# +# Group: Greek -> Group: Crete -> Ariadne +- ariadne_user: + id: 2 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Ariadne + email: ariadne@crete + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 2 + +# Test for states: Daidalos has his state set to "locked" +- daidalos_user: + id: 3 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 10 + login: Daidalos + email: daidalos@crete + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 3 + +# Test for expired user_registration field and state "unconfirmed". +- dionysus_user: + id: 4 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Dionysus + email: dionysus@olymp + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 1 + +# Test for assigning a role through a group hierarchy: +# +# Role: God Of Death -> Group God -> Group -> Gods not in Olymp -> User: Hades +- hades_user: + id: 5 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Hades + email: hades@hades + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 1 + +# Hephaestus is a test for the state "unconfirmed", but his user_registration +# has not expired yet. +- hephaestus_user: + id: 6 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Hephaestus + email: hephaestus@olymp + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 1 + +# Test for simple role assignment: +# +# Role: God -> User: Hermes +- hermes_user: + id: 7 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Hermes + email: hermes@olymp + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 2 + +# Test for group assignment: No groups assigned to icarus. +- icarus_user: + id: 8 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Icarus + email: icarus@crete + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 2 + +# Test for state: Medusa has the state set to deleted. +- medusa_user: + id: 9 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Medusa + email: medusa@monsters + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 4 + +# Test for assigning a role through role inheritance and over a simple +# group assignment: +# +# Role: Greek Man -> Role: Greek King -> Group: Kings -> User: Minos +- minos_user: + id: 10 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Minos + email: minos@crete + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 2 + +# Simple group assignment +- odysseus_user: + id: 11 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Odysseus + email: odysseus@illiads + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 2 + +# Simple role assignment through a simple group assignment: +# +# Role: Hero -> Group: Greek Heroes -> User: Perseus +- perseus_user: + id: 12 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Perseus + email: perseus@seriphos + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 2 + +# Role assignment through role inheritance to a user: +# +# Role: God -> Role: Major Gods -> User: Zeus +- zeus_user: + id: 13 + created_at: 2005-08-03 10:52:26 + updated_at: 2005-08-03 10:52:26 + last_logged_in_at: 2005-08-03 10:52:26 + login_failure_count: 0 + login: Zeus + email: zeus@olymp + password: bf5d921d2f18ee3077683d6e3d407afb + password_hash_type: md5 + password_salt: 0123456789 + state: 2 diff --git a/src/api/components/active_rbac/test/functional/group_controller_test.rb b/src/api/components/active_rbac/test/functional/group_controller_test.rb new file mode 100644 index 0000000..11948ee --- /dev/null +++ b/src/api/components/active_rbac/test/functional/group_controller_test.rb @@ -0,0 +1,263 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'group_controller' + +# Re-raise errors caught by the controller. +class ActiveRbac::GroupController; def rescue_action(e) raise e end; end + +class ActiveRbac::GroupControllerTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles, :static_permissions, :roles_static_permissions + + def setup + @controller = ActiveRbac::GroupController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + end + + def test_should_redirect_to_list_on_index_get + get :index + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_display_list_on_list_get + get :list + + assert_response :success + assert_template 'list' + end + + def test_should_display_new_form_on_new_get + get :new + + assert_response :success + assert_template 'new' + end + + def test_should_create_new_group_on_create_post_with_valid_data_with_parent + old_count = Group.count + + group = { + 'title' => 'My New Group', + 'roles' => [ @major_gods_role.id, @gods_role.id ], + 'parent' => @heroes_group.id + } + + post :create, :group => group + + assert_response :redirect + assert_redirected_to :action => 'show', :id => Group.count + + assert_equal(old_count, Group.count - 1) + + group = Group.find(:first, :order => 'id DESC') + assert_kind_of Group, group + assert_equal Group.find(@heroes_group.id), group.parent + assert_equal 'My New Group', group.title + assert_equal 2, group.roles.length + end + + def test_should_create_new_group_on_create_post_with_valid_data_without_parent + old_count = Group.count + + group = { + 'title' => 'My New Group', + 'roles' => [ @major_gods_role.id, @gods_role.id ], + 'parent' => '' + } + + post :create, :group => group + + assert_equal(old_count, Group.count - 1) + + group = Group.find(:first, :order => 'id DESC') + assert_kind_of Group, group + assert_equal nil, group.parent + assert_equal 'My New Group', group.title + assert_equal 2, group.roles.length + end + + def test_should_redirect_to_new_on_create_get + get :create + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_display_form_and_errors_on_create_post_with_invalid_title + invalid_chars = [ '†', '†', '¢', '∆', 'ƒ' ] + + for char in invalid_chars + old_count = Group.count + + group = { + 'title' => 'Invalid Role Title: ' + char, + 'roles' => [ @major_gods_role.id, @gods_role.id ] + } + + post :create, :group => group + + assert_response :success + assert_template 'new' + + assert_tag :tag => 'li', :content => 'Title must not contain invalid characters' + + assert_equal(old_count, Group.count) + end + end + + def test_should_display_edit_form_on_edit_get_with_valid_group_id + get :edit, :id => @heroes_group.id + + assert_response :success + assert_template 'edit' + end + + def test_should_redirect_to_list_on_edit_get_with_nonnumeric_group_id + get :edit, :id => 'nonnumeric' + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_redirect_to_list_on_edit_get_with_invalid_group_id + get :edit, :id => Group.count + 1 + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_change_group_on_update_post_with_valid_data_parent_not_nil + group = { + 'title' => 'New Role Title', + 'roles' => [ @major_gods_role.id, @gods_role.id ], + 'parent' => @heroes_group.id + } + + post :update, :id => @greek_kings_group.id, :group => group + + assert_response :redirect + assert_redirected_to :action => 'show', :id => @greek_kings_group.id + + group = Group.find(@greek_kings_group.id) + assert_equal 'New Role Title', group.title + assert_equal @heroes_group, group.parent + assert_equal 2, group.roles.length + assert_equal [ @major_gods_role, @gods_role ].sort {|a,b| a.id <=> b.id}, group.roles.sort {|a,b| a.id <=> b.id} + end + + def test_should_change_group_on_update_post_with_valid_data_parent_to_nil + group = { + 'title' => 'New Role Title', + 'roles' => [ @major_gods_role.id, @gods_role.id ], + 'parent' => '' + } + + post :update, :id => @greek_kings_group.id, :group => group + + assert_response :redirect + assert_redirected_to :action => 'show', :id => @greek_kings_group.id + + assert_equal flash[:notice], 'Group has been updated successfully.' + + group = Group.find(@greek_kings_group.id) + assert_equal 'New Role Title', group.title + assert_equal nil, group.parent + assert_equal 2, group.roles.length + assert_equal [ @major_gods_role, @gods_role ].sort {|a,b| a.id <=> b.id}, group.roles.sort {|a,b| a.id <=> b.id} + end + + def test_should_redirect_to_list_on_update_post_with_nonnumeric_group_id + post :update, :id => 'nonnumeric' + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_redirect_to_list_on_update_post_with_invalid_group_id + post :update, :id => Group.count + 1 + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_display_form_and_errors_on_update_post_with_invalid_title + invalid_chars = [ '†', '¢', '∆', 'ƒ' ] + + for char in invalid_chars + group = { + 'title' => 'Invalid Role Title: ' + char, + 'roles' => [ @major_gods_role.id, @gods_role.id ] + } + + post :update, :id => @heroes_group.id, :group => group + + assert_response :success + assert_template 'edit' + + assert_tag :tag => 'li', :content => 'Title must not contain invalid characters' + + assert_equal @heroes_group.title, Group.find(@heroes_group.id).title + end + end + + def test_should_display_confirmation_form_on_delete_get_with_valid_group_id + get :delete, :id => @heroes_group.id + + assert_response :success + assert_template 'delete' + end + + def test_should_redirect_to_delete_on_destroy_get + old_count = Group.count + + get :destroy, :id => @heroes_group.id, :yes => 'Yes' + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_nothing_raised { Group.find(@heroes_group.id) } + assert_equal old_count, Group.count + end + + def test_should_redirect_to_list_on_destroy_post_with_invalid_group_id + old_count = Group.count + + post :destroy, :id => (Group.count + 1), :yes => 'Yes' + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_equal old_count, Group.count + end + + def test_should_redirect_to_list_on_destroy_post_with_nonumerical_group_id + old_count = Group.count + + post :destroy, :id => 'nonnumeric', :yes => 'Yes' + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_equal old_count, Group.count + end + + def test_should_destroy_group_on_destroy_post_with_answer_yes_and_valid_group_id + post :destroy, :id => @heroes_group.id, :yes => 'Yes' + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_raise(ActiveRecord::RecordNotFound) { Group.find(@heroes_group.id) } + end + + def test_should_redirect_to_list_on_destroy_post_with_answer_no_and_valid_group_id + old_count = Group.count + + post :destroy, :id => @heroes_group.id, :no => 'No' + + assert_response :redirect + assert_redirected_to :action => 'show', :id => @heroes_group.id.to_s + + assert_equal old_count, Group.count + end +end \ No newline at end of file diff --git a/src/api/components/active_rbac/test/functional/login_controller_test.rb b/src/api/components/active_rbac/test/functional/login_controller_test.rb new file mode 100644 index 0000000..7c4a735 --- /dev/null +++ b/src/api/components/active_rbac/test/functional/login_controller_test.rb @@ -0,0 +1,149 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'login_controller' + +# Re-raise errors caught by the controller. +class ActiveRbac::LoginController; def rescue_action(e) raise e end; end + +class ActiveRbac::LoginControllerTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles, :static_permissions, :roles_static_permissions + + def setup + @controller = ActiveRbac::LoginController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + + @valid_data = { + :login => @ariadne_user.login, + :password => 'password' + } + @invalid_login_data = { + :login => @ariadne_user.login + 'invalid', + :password => 'password' + } + @invalid_password_data = { + :login => @ariadne_user.login, + :password => 'password' + 'invalid' + } + end + + def test_should_redirect_to_login_on_index + get :index + + assert_redirected_to :action => 'login' + end + + def test_should_display_login_form_on_login + get :login + + assert_response :success + assert_template 'login' + end + + def test_should_allow_post_to_login_with_valid_user_data + post :login, :login => @valid_data[:login], :password => @valid_data[:password] + + assert_response :success + assert_template 'login_success' + + assert_equal @ariadne_user, session[:rbac_user] + end + + def test_should_not_allow_post_to_login_with_invalid_user_login + post :login, :login => @invalid_login_data[:login], :password => @invalid_login_data[:password] + + assert_response :success + assert_template 'login' + + assert_nil session[:rbac_user] + end + + def test_should_not_allow_post_to_login_with_invalid_password + post :login, :login => @invalid_password_data[:login], :password => @invalid_password_data[:password] + + assert_response :success + assert_template 'login' + + assert_nil session[:rbac_user] + end + + def test_should_not_allow_post_to_login_with_invalid_states + invalid_states_for_login = [ User.states['unconfirmed'], + User.states['locked'], + User.states['deleted'] ] + + for state in invalid_states_for_login + user = User.new + user.login = "My Test User #{state}" + user.email = 'user@localhost' + user.password = 'password' + user.password_confirmation = 'password' + user.password_hash_type = User.password_hash_types[0] + + user.state = state + assert user.save + + user.reload + assert_equal state, user.state + + post 'login', :login => 'My Test User', :password => 'password' + + assert_response :success + assert_template 'login' + + assert_nil session[:rbac_user] + end + end + + def test_should_display_confirmation_form_on_logout + # first do a valid login + test_should_allow_post_to_login_with_valid_user_data + + # then request logout form + get :logout + + assert_response :success + assert_template 'logout' + + assert_equal @ariadne_user, session[:rbac_user] + end + + def test_should_perform_logout_when_logged_in_by_post_with_yes + # first do a valid login + test_should_allow_post_to_login_with_valid_user_data + + # then try to logout + post :logout, :yes => 'Yes' + + assert_response :success + assert_template 'logout_success' + + assert_nil session[:rbac_user] + end + + def test_should_not_perform_logout_when_logged_in_by_post_with_no + # first do a valid login + test_should_allow_post_to_login_with_valid_user_data + + # then try to logout + post :logout, :no => 'No' + + assert_response :redirect + assert_redirected_to '/' + + assert_equal @ariadne_user, session[:rbac_user] + end + + def test_should_redirect_on_logout_when_not_logged_in + get :logout + + assert_response :redirect + assert_redirected_to '/' + end + + def test_should_redirect_on_perform_logout_when_not_logged_in + post :logout, :yes => 'Yes' + + assert_response :redirect + assert_redirected_to '/' + end +end \ No newline at end of file diff --git a/src/api/components/active_rbac/test/functional/registration_controller_test.rb b/src/api/components/active_rbac/test/functional/registration_controller_test.rb new file mode 100644 index 0000000..26b8e1b --- /dev/null +++ b/src/api/components/active_rbac/test/functional/registration_controller_test.rb @@ -0,0 +1,396 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'registration_controller' + +# Re-raise errors caught by the controller. +class ActiveRbac::RegistrationController; def rescue_action(e) raise e end; end + +class ActiveRbac::RegistrationControllerTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles, :static_permissions, :roles_static_permissions + + def setup + @controller = ActiveRbac::RegistrationController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + + @valid_registration_data = { + :password => 'MyPasswordIsNice', + :password_confirmation => 'MyPasswordIsNice', + :user => { + :login => 'Test Login', + :email => 'test@localhost' + } + } + @valid_confirmation_data = {} # This is set in send_registration request if successful + @valid_lost_password_data = { + :login => 'Test Login', + :email => 'test@localhost' + } + + @emails = ActionMailer::Base.deliveries + @emails.clear + end + + # + # Request sending methods. + # + + # This method simulates a registration request to the controller. It also + # sets the corresponding @valid_confirmation_data for the just created user. + def send_registration_request(data) + post 'register', :user => data[:user], :password => data[:password], :password_confirmation => data[:password_confirmation] + unless data[:user][:login].nil? + user = User.find_by_login(data[:user][:login]) + unless user.nil? or user.user_registration.nil? + @valid_confirmation_data = { :user => user.id, :token => user.user_registration.token } + end + end + rescue ActiveRecord::RecordNotFound + # Rescue only here when trying to build the @valid_confirmation_data + data[:user][:login] = "<<NOT SET>>" if data[:user][:login].nil? + end + + # This method simulates a registration request for a registration appliance + # to the server. + def send_confirm_get_request(data) + get 'confirm', :user => data[:user], :token => data[:token] + end + + # This method sends a valid "lost password" request to the server + def send_lost_password_request(data) + post 'lostpassword', :login => data[:login], :email => data[:email] + end + + # This method sends a valid "confirm" request via POST to the server. + def send_confirm_post_requests(data, yes=true) + if yes + post 'confirm', :user => data[:user], :token => data[:token], :yes => 'Yes' + else + post 'confirm', :user => data[:user], :token => data[:token], :no => 'No' + end + end + + # + # Actual tests + # + + def test_should_display_registration_form_on_get_register + get 'register' + + assert_response :success + assert_template 'register' + end + + def test_should_add_correct_user_record_on_valid_post_to_register + send_registration_request @valid_registration_data + + assert_response :success + assert_template 'register_success' + + user = nil + assert_nothing_raised { user = User.find_by_login @valid_registration_data[:user][:login] } + assert_not_nil user + assert_equal @valid_registration_data[:user][:login], user.login + assert_equal @valid_registration_data[:user][:email], user.email + end + + def test_should_add_correct_registration_record_on_valid_post_to_register + send_registration_request @valid_registration_data + + user = User.find_by_login @valid_registration_data[:user][:login] + + assert_not_nil user.user_registration + assert_in_delta user.user_registration.created_at, Time.now, 10 + assert_in_delta user.user_registration.expires_at, user.user_registration.created_at + (60*60*24), 2 + end + + def test_should_send_registration_email_on_valid_post_to_register + send_registration_request @valid_registration_data + + user = User.find_by_login @valid_registration_data[:user][:login] + + assert_equal 1, @emails.length + email = @emails.first + assert_equal ActiveRbac::Configuration.mailer[:subjects][:confirm_registration], email.subject + assert_equal [ 'activerbac@localhost' ].sort {|a,b| a.id <=> b.id}, email.from.sort {|a,b| a.id <=> b.id} + assert_equal = user.email, email.to.first + re = Regexp.new "registration/confirm/#{user.id}/#{user.user_registration.token}" + assert_match re, email.body + re = Regexp.new "#{user.login}" + assert_match re, email.body + end + + def test_should_succeed_on_valid_confirm_post_request + send_registration_request @valid_registration_data + send_confirm_get_request @valid_confirmation_data + send_confirm_post_requests @valid_confirmation_data + + assert_response :success + assert_template 'confirm_success' + + @user = User.find @valid_confirmation_data[:user] + assert @user.user_registration.nil? + end + + def test_should_succeed_on_valid_confirm_post_request + send_registration_request @valid_registration_data + send_confirm_get_request @valid_confirmation_data + send_confirm_post_requests @valid_confirmation_data, true + + assert_response :success + assert_template 'confirm_success' + + @user = User.find @valid_confirmation_data[:user] + assert @user.user_registration.nil? + end + + def test_should_remove_user_registration_record_on_valid_confirm_post_request + send_registration_request @valid_registration_data + send_confirm_get_request @valid_confirmation_data + send_confirm_post_requests @valid_confirmation_data + + user = User.find_by_login @valid_registration_data[:user][:login] + assert_nil user.user_registration + end + + def test_should_change_state_on_valid_confirm_post_request + send_registration_request @valid_registration_data + send_confirm_get_request @valid_confirmation_data + send_confirm_post_requests @valid_confirmation_data + + user = User.find_by_login @valid_registration_data[:user][:login] + + assert_equal User.states['confirmed'], user.state + end + + def test_should_display_form_on_lost_password_request + get 'lostpassword' + + assert_response :success + assert_template 'lostpassword' + end + + def test_should_succeed_on_valid_new_password_request + send_registration_request @valid_registration_data + send_confirm_get_request @valid_confirmation_data + send_confirm_post_requests @valid_confirmation_data + send_lost_password_request @valid_lost_password_data + + user = User.find_by_login @valid_registration_data[:user][:login] + + assert_response :success + assert_template 'lostpassword_success' + assert_tag :tag => 'p', :content => Regexp.new("#{user.login}") + end + + def test_should_change_password_on_valid_new_password_request + send_registration_request @valid_registration_data + + assert_response :success + assert_template 'register_success' + + user = User.find_by_login @valid_registration_data[:user][:login] + password = user.password + + send_confirm_post_requests @valid_confirmation_data + + assert_response :success + assert_template 'confirm_success' + + send_lost_password_request @valid_lost_password_data + + assert_response :success + assert_template 'lostpassword_success' + + user.reload + assert_not_equal password, user.password + end + + def test_should_change_user_state_on_valid_new_password_request + send_registration_request @valid_registration_data + + user = User.find_by_login @valid_registration_data[:user][:login] + state = user.state, 'This is a known error: https://activerbac.turingstudio.com/trac/ticket/50' + + send_confirm_get_request @valid_confirmation_data + send_lost_password_request @valid_lost_password_data + + user.reload + assert_not_equal state, user.state + end + + def test_should_send_changed_password_email_on_valid_new_password_request + send_registration_request @valid_registration_data + send_confirm_get_request @valid_confirmation_data + send_confirm_post_requests @valid_confirmation_data + + @emails.clear # clear out the confirmation email + + send_lost_password_request @valid_lost_password_data + assert_response :success + assert_template 'lostpassword_success' + + user = User.find_by_login @valid_registration_data[:user][:login] + + assert_equal 1, @emails.length + email = @emails.first + assert_equal ActiveRbac::Configuration.mailer[:subjects][:lost_password], email.subject + assert_equal [ 'activerbac@localhost' ].sort {|a,b| a.id <=> b.id}, email.from.sort {|a,b| a.id <=> b.id} + assert_match Regexp.new("#{user.login}"), email.body + # TODO: Add login URL here. + end + + def test_should_fail_on_empty_registration_request + post 'register' + + assert_response :success + assert_template 'register' + + assert_tag :tag => 'li', :content => "Password must be given" + assert_tag :tag => 'li', :content => "User name must be given" + assert_tag :tag => 'li', :content => "Email must be a valid email address" + assert_tag :tag => 'li', :content => "Email must be given" + end + + def test_should_fail_on_invalid_registration_request_with_invalid_chars_in_login + invalid_registration_data = @valid_registration_data + invalid_registration_data[:user][:login] = 'I used evil chars#~.+*' + send_registration_request invalid_registration_data + + assert_response :success + assert_template 'register' + assert_tag :tag => 'li', :content => 'User name must not contain invalid characters.' + end + + def test_should_fail_on_invalid_registration_request_with_too_long_login + invalid_registration_data = @valid_registration_data + invalid_registration_data[:user][:login] = 'e' * 101 + send_registration_request invalid_registration_data + + assert_response :success + assert_template 'register' + assert_tag :tag => 'li', :content => 'User name must have less than 100 characters.' + end + + def test_should_fail_on_invalid_registration_request_with_too_short_login + invalid_registration_data = @valid_registration_data + invalid_registration_data[:user][:login] = 'e' + send_registration_request invalid_registration_data + + assert_response :success + assert_template 'register' + assert_tag :tag => 'li', :content => 'User name must have more than two characters.' + end + + def test_should_fail_on_invalid_registration_request_with_duplicate_login + invalid_registration_data = @valid_registration_data + invalid_registration_data[:user][:login] = @icarus_user.login + send_registration_request invalid_registration_data + + assert_response :success + assert_template 'register' + assert_tag :tag => 'li', :content => 'User name is the name of an already existing user.' + end + + def test_should_fail_on_invalid_registration_request_with_no_password + invalid_registration_data = @valid_registration_data + invalid_registration_data[:password] = nil + invalid_registration_data[:password_confirmation] = nil + send_registration_request invalid_registration_data + + assert_response :success + assert_tag :tag => 'li', :content => 'Password must be given' + end + + def test_should_fail_on_invalid_registration_request_with_too_short_password + invalid_registration_data = @valid_registration_data + invalid_registration_data[:password] = 'short' + invalid_registration_data[:password_confirmation] = 'short' + send_registration_request invalid_registration_data + + assert_response :success + assert_tag :tag => 'li', :content => 'Password must have between 6 and 64 characters' + end + + def test_should_fail_on_invalid_registration_request_with_too_long_password + invalid_registration_data = @valid_registration_data + invalid_registration_data[:password] = 'e' * 101 + invalid_registration_data[:password_confirmation] = 'e' * 101 + send_registration_request invalid_registration_data + + assert_response :success + assert_tag :tag => 'li', :content => 'Password must have between 6 and 64 characters' + end + + def test_should_fail_on_invalid_registration_request_with_unmatching_password + invalid_registration_data = @valid_registration_data + invalid_registration_data[:password] = 'These Passwords' + invalid_registration_data[:password_confirmation] = 'Don\'t Match' + send_registration_request invalid_registration_data + + assert_response :success + assert_tag :tag => 'li', :content => 'Password must match the confirmation.' + end + + def test_should_fail_on_invalid_confirmation_request_with_invalid_user + send_registration_request @valid_registration_data + invalid_confirmation_data = @valid_confirmation_data + invalid_confirmation_data[:user] = -1 + send_confirm_get_request invalid_confirmation_data + + assert_response :success + assert_template 'confirm_failure' + end + + def test_should_fail_on_invalid_confirm_post_request_with_invalid_token + send_registration_request @valid_registration_data + invalid_confirmation_data = @valid_confirmation_data + invalid_confirmation_data[:token] = invalid_confirmation_data[:token] + 'INVALID' + send_confirm_post_requests invalid_confirmation_data + + assert_response :success + assert_template 'confirm_failure' + end + + def test_should_fail_on_invalid_lost_password_post_request_with_unknown_user + send_registration_request @valid_registration_data + send_confirm_get_request @valid_confirmation_data + + invalid_lost_password_data = @valid_lost_password_data + invalid_lost_password_data[:login] = invalid_lost_password_data[:login].to_s + 'INVALID' + + send_lost_password_request invalid_lost_password_data + + assert_response :success + assert_template 'lostpassword' + assert_tag :tag => 'li', :content => 'You have entered an invalid user name or an invalid email address.' + end + + def test_should_fail_on_invalid_lost_password_post_request_with_wrong_email_address + send_registration_request @valid_registration_data + send_confirm_get_request @valid_confirmation_data + invalid_lost_password_data = @valid_lost_password_data + invalid_lost_password_data[:email] = invalid_lost_password_data[:email] + 'INVALID' + send_lost_password_request invalid_lost_password_data + + assert_response :success + assert_template 'lostpassword' + assert_tag :tag => 'li', :content => 'You have entered an invalid user name or an invalid email address.' + end + + def test_should_fail_on_invalid_lost_password_post_request_with_not_confirmed_user_state + send_registration_request @valid_registration_data + # Note: No confirmation request here on purpose! + send_lost_password_request @valid_lost_password_data + + assert_response :success + assert_template 'lostpassword' + assert_tag :tag => 'li', :content => 'You have entered an invalid user name or an invalid email address.' + end + + def test_should_redirect_to_register_on_index + get 'index' + + assert_response :redirect + assert_redirected_to :action => 'register' + end +end diff --git a/src/api/components/active_rbac/test/functional/role_controller_test.rb b/src/api/components/active_rbac/test/functional/role_controller_test.rb new file mode 100644 index 0000000..ac9015e --- /dev/null +++ b/src/api/components/active_rbac/test/functional/role_controller_test.rb @@ -0,0 +1,262 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'role_controller' + +# Re-raise errors caught by the controller. +class ActiveRbac::RoleController; def rescue_action(e) raise e end; end + +class ActiveRbac::RoleControllerTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles, :static_permissions, :roles_static_permissions + + def setup + @controller = ActiveRbac::RoleController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + end + + def test_should_redirect_to_list_on_index_get + get :index + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_display_list_on_list_get + get :list + + assert_response :success + assert_template 'list' + end + + def test_should_display_new_form_on_new_get + get :new + + assert_response :success + assert_template 'new' + end + + def test_should_create_new_role_on_create_post_with_valid_data_with_parent + old_count = Role.count + + role = { + 'title' => 'My New Role', + 'static_permissions' => [ @slay_monsters_permission.id, @sit_on_throne_permission.id ], + 'parent' => @greek_heroes_role.id + } + + post :create, :role => role + + assert_equal(old_count, Role.count - 1) + + role = Role.find(Role.count) + assert_kind_of Role, role + assert_equal Role.find(@greek_heroes_role.id), role.parent + assert_equal 'My New Role', role.title + assert_equal 2, role.static_permissions.length + end + + def test_should_create_new_role_on_create_post_with_valid_data_without_parent + old_count = Role.count + + role = { + 'title' => 'My New Role', + 'static_permissions' => [ @slay_monsters_permission.id, @sit_on_throne_permission.id ], + 'parent' => '' + } + + post :create, :role => role + assert_redirected_to :action => 'show', :id => Role.find(:first, :order => 'id DESC').id + + assert_equal(old_count, Role.count - 1) + + role = Role.find(:first, :order => 'id DESC') + assert_kind_of Role, role + assert_equal nil, role.parent + assert_equal 'My New Role', role.title + assert_equal 2, role.static_permissions.length + end + + def test_should_redirect_to_new_on_create_get + get :create + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_display_form_and_errors_on_create_post_with_invalid_title + invalid_chars = [ '†', '†', '¢', '∆', 'ƒ' ] + + for char in invalid_chars + old_count = Role.count + + role = { + 'title' => 'Invalid Role Title: ' + char, + 'static_permissions' => [ @slay_monsters_permission.id, @sit_on_throne_permission.id ], + } + + post :create, :role => role + + assert_response :success + assert_template 'new' + + assert_tag :tag => 'li', :content => 'Title must not contain invalid characters' + + assert_equal(old_count, Role.count) + end + end + + def test_should_display_edit_form_on_edit_get_with_valid_role_id + get :edit, :id => @greek_kings_role.id + + assert_response :success + assert_template 'edit' + end + + def test_should_redirect_to_list_on_edit_get_with_nonnumeric_role_id + get :edit, :id => 'nonnumeric' + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_redirect_to_list_on_edit_get_with_invalid_role_id + get :edit, :id => Role.count + 1 + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_change_role_on_update_post_with_valid_data_parent_not_nil + role = { + 'title' => 'New Role Title', + 'static_permissions' => [ @slay_monsters_permission.id, @sit_on_throne_permission.id ], + 'parent' => @greek_heroes_role.id + } + + post :update, :id => @greek_kings_role.id, :role => role + + assert_response :redirect + assert_redirected_to :action => 'show', :id => @greek_kings_role.id + + role = Role.find(@greek_kings_role.id) + assert_equal 'New Role Title', role.title + assert_equal @greek_heroes_role, role.parent + assert_equal 2, role.static_permissions.length + assert_equal [ @sit_on_throne_permission, @slay_monsters_permission ].sort {|a,b| a.id <=> b.id}, role.static_permissions.sort {|a,b| a.id <=> b.id} + end + + def test_should_change_role_on_update_post_with_valid_data_parent_to_nil + role = { + 'title' => 'New Role Title', + 'static_permissions' => [ @slay_monsters_permission.id, @sit_on_throne_permission.id ], + 'parent' => '' + } + + post :update, :id => @greek_kings_role.id, :role => role + + assert_response :redirect + assert_redirected_to :action => 'show', :id => @greek_kings_role.id + + assert_equal flash[:notice], 'Role has been updated successfully.' + + role = Role.find(@greek_kings_role.id) + assert_equal 'New Role Title', role.title + assert_nil role.parent + assert_equal 2, role.static_permissions.length + assert_equal [ @sit_on_throne_permission, @slay_monsters_permission ].sort {|a,b| a.id <=> b.id}, role.static_permissions.sort {|a,b| a.id <=> b.id} + end + + def test_should_redirect_to_list_on_update_post_with_nonnumeric_role_id + post :update, :id => 'nonnumeric' + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_redirect_to_list_on_update_post_with_invalid_role_id + post :update, :id => Role.count + 1 + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_display_form_and_errors_on_update_post_with_invalid_title + invalid_chars = [ '†', '¢', '∆', 'ƒ' ] + + for char in invalid_chars + role = { + 'title' => 'Invalid Role Title: ' + char, + 'static_permissions' => [ @slay_monsters_permission.id, @sit_on_throne_permission.id ], + } + + post :update, :id => @greek_kings_role.id, :role => role + + assert_response :success + assert_template 'edit' + + assert_tag :tag => 'li', :content => 'Title must not contain invalid characters' + + assert_equal @greek_kings_role.title, Role.find(@greek_kings_role.id).title + end + end + + def test_should_display_confirmation_form_on_delete_get_with_valid_role_id + get :delete, :id => @greek_kings_role.id + + assert_response :success + assert_template 'delete' + end + + def test_should_redirect_to_list_on_destroy_get + old_count = Role.count + + get :destroy, :id => @greek_kings_role.id, :yes => 'Yes' + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_nothing_raised { Role.find(@greek_kings_role.id) } + assert_equal old_count, Role.count + end + + def test_should_redirect_to_list_on_destroy_post_with_invalid_role_id + old_count = Role.count + + post :destroy, :id => (Role.count + 1), :yes => 'Yes' + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_equal old_count, Role.count + end + + def test_should_redirect_to_list_on_destroy_post_with_nonumerical_role_id + old_count = Role.count + + post :destroy, :id => 'nonnumeric', :yes => 'Yes' + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_equal old_count, Role.count + end + + def test_should_destroy_role_on_destroy_post_with_answer_yes_and_valid_role_id + post :destroy, :id => @greek_kings_role.id, :yes => 'Yes' + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_raise(ActiveRecord::RecordNotFound) { Role.find(@greek_kings_role.id) } + end + + def test_should_redirect_to_list_on_destroy_post_with_answer_no_and_valid_role_id + old_count = Role.count + + post :destroy, :id => @greek_kings_role.id, :no => 'No' + + assert_response :redirect + assert_redirected_to :action => 'show', :id => @greek_kings_role.id.to_s + + assert_kind_of Role, Role.find(@greek_kings_role.id) + assert_equal old_count, Role.count + end +end diff --git a/src/api/components/active_rbac/test/functional/static_permission_controller_test.rb b/src/api/components/active_rbac/test/functional/static_permission_controller_test.rb new file mode 100644 index 0000000..1b11a68 --- /dev/null +++ b/src/api/components/active_rbac/test/functional/static_permission_controller_test.rb @@ -0,0 +1,95 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'static_permission_controller' + +# Re-raise errors caught by the controller. +class ActiveRbac::StaticPermissionController; def rescue_action(e) raise e end; end + +class ActiveRbac::StaticPermissionControllerTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles, :static_permissions, :roles_static_permissions + + def setup + @controller = ActiveRbac::StaticPermissionController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + end + + def test_delete + get :delete, :id => @sit_on_throne_permission.id + + assert_response :success + assert_template 'delete' + end + + def test_index + get :index + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_list + get :list + + assert_response :success + assert_template 'list' + + assert_not_nil assigns(:permissions) + end + + def test_show + get :show, :id => 1 + + assert_response :success + assert_template 'show' + + assert_not_nil assigns(:permission) + assert assigns(:permission).valid? + end + + def test_new + get :new + + assert_response :success + assert_template 'new' + + assert_not_nil assigns(:permission) + end + + def test_create + num_permissions = StaticPermission.count + + post :create, :permission => { 'title' => 'Nice Permission' } + + assert_response :redirect + assert_redirected_to :action => 'show', :id => num_permissions + 1 + + assert_equal num_permissions + 1, StaticPermission.count + end + + def test_edit + get :edit, :id => 1 + + assert_response :success + assert_template 'edit' + + assert_not_nil assigns(:permission) + assert assigns(:permission).valid? + end + + def test_update + post :update, :id => 1 + assert_response :redirect + assert_redirected_to :action => 'show', :id => 1 + end + + def test_destroy + assert_not_nil StaticPermission.find(1) + + post :destroy, :id => 1, :yes => 'Yes' + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_raise(ActiveRecord::RecordNotFound) { + StaticPermission.find(1) + } + end +end diff --git a/src/api/components/active_rbac/test/functional/user_controller_test.rb b/src/api/components/active_rbac/test/functional/user_controller_test.rb new file mode 100644 index 0000000..78274ee --- /dev/null +++ b/src/api/components/active_rbac/test/functional/user_controller_test.rb @@ -0,0 +1,445 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'user_controller' + +# Re-raise errors caught by the controller. +class ActiveRbac::UserController; def rescue_action(e) raise e end; end + +class ActiveRbac::UserControllerTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles + + def setup + @icarus = User.find @icarus_user.id + + @controller = ActiveRbac::UserController.new + @request = ActionController::TestRequest.new + @response = ActionController::TestResponse.new + end + + def test_should_display_list_on_get_index + get :index + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_should_display_list_on_get_list + get :list + + assert_response :success + assert_template 'list' + + assert_not_nil assigns(:users) + end + + def test_should_display_user_on_get_show_with_valid_id + users = [ @agamemnon_user, @ariadne_user, @daidalos_user, @dionysus_user, + @hades_user, @hephaestus_user, @hermes_user, @icarus_user, @medusa_user, + @minos_user, @odysseus_user, @perseus_user, @zeus_user ] + for fixture_user in users + get :show, :id => fixture_user.id + + db_user = User.find fixture_user.id + + assert_response :success + assert_template 'show' + + # do data tests + user = assigns(:user) + assert_not_nil user + assert_equal db_user.id, user.id + assert_equal db_user.login, user.login + assert_equal db_user.password, user.password + assert_equal db_user.email, user.email + + # do output matching tests + assert_tag :tag => 'dd', :content => db_user.id.to_s + assert_tag :tag => 'dd', :content => db_user.created_at.to_formatted_s(:long) + assert_tag :tag => 'dd', :content => db_user.updated_at.to_formatted_s(:long) + assert_tag :tag => 'dd', :content => db_user.last_logged_in_at.to_formatted_s(:long) + assert_tag :tag => 'dd', :content => db_user.login + assert_tag :tag => 'dd', :content => db_user.password_hash_type + assert_tag :tag => 'dd', :content => User.states.invert[db_user.state] + + # Check that roles display correctly + if db_user.roles.empty? + assert_tag :tag => 'p', :content => 'No Roles', + :after => { :tag => 'h3', :content => 'Directly Assigned Roles' }, + :before => { :tag => 'h3', :content => 'All Assigned Roles' } + else + for role in db_user.roles + ancestor_conditions = { :tag => 'ul', + :after => { :tag => 'h3', :content => 'Directly Assigned Roles' }, + :before => { :tag => 'h3', :content => 'All Assigned Roles' } } + assert_tag :tag => 'li', :content => role.title, :ancestor => ancestor_conditions + assert_tag :tag => 'a', :attributes => { 'href' => %r{role\/show\/#{role.id}} }, :ancestor => ancestor_conditions + end + end + + # Check that all_roles display correctly + if db_user.all_roles.empty? + assert_tag :tag => 'p', :content => 'No Roles', + :after => { :tag => 'h3', :content => 'All Assigned Roles' } + else + for role in db_user.all_roles + ancestor_conditions = { :tag => 'ul', :after => { :tag => 'h3', :content => 'All Assigned Roles' } } + assert_tag :tag => 'li', :content => role.title, :ancestor => ancestor_conditions + assert_tag :tag => 'a', :attributes => { 'href' => %r{role\/show\/#{role.id}} }, :ancestor => ancestor_conditions + end + end + + # Check that groups display correctly + if db_user.groups.empty? + assert_tag :tag => 'p', :content => 'No Groups', + :after => { :tag => 'h3', :content => 'Directly Assigned Groups' }, + :before => { :tag => 'h3', :content => 'All Assigned Groups' } + else + for group in db_user.groups + ancestor_conditions = { :tag => 'ul', + :after => { :tag => 'h3', :content => 'Directly Assigned Groups' }, + :before => { :tag => 'h3', :content => 'All Assigned Groups' } } + assert_tag :tag => 'li', :content => group.title, :ancestor => ancestor_conditions + assert_tag :tag => 'a', :attributes => { 'href' => %r{group\/show\/#{group.id}} }, :ancestor => ancestor_conditions + end + end + + # Check that all_groups display correctly + if db_user.all_groups.empty? + assert_tag :tag => 'p', :content => 'No Groups', + :after => { :tag => 'h3', :content => 'All Assigned Groups' } + else + for group in db_user.all_groups + ancestor_conditions = { :tag => 'ul', :after => { :tag => 'h3', :content => 'All Assigned Groups' } } + assert_tag :tag => 'li', :content => group.title, :ancestor => ancestor_conditions + assert_tag :tag => 'a', :attributes => { 'href' => %r{group\/show\/#{group.id}} }, :ancestor => ancestor_conditions + end + end + end + end + + def test_should_redirect_to_list_on_get_show_without_id + get :show + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_equal 'This user could not be found.', flash[:notice] + end + + def test_should_redirect_to_list_on_get_show_with_invalid_numeric_id + id = User.count + 1 + assert_raises(ActiveRecord::RecordNotFound) { User.find(id) } + get :show, :id => id + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_equal 'This user could not be found.', flash[:notice] + end + + def test_should_redirect_to_list_on_get_show_with_invalid_nonnumeric_id + get :show, :id => 'invalid' + + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_equal 'This user could not be found.', flash[:notice] + end + + def test_should_create_new_nonsaved_record_and_display_form_on_get_new + get :new + + assert_response :success + assert_template 'new' + + # test that the template values have been correctly assigned + assert_not_nil assigns(:user) + assert_equal true, assigns(:user).new_record? + + # test form output + assert_tag :tag => 'form', :attributes => { :action => %r{user/create}, :method => 'post' } + + assert_tag :tag => 'input', :attributes => { :id => 'user_login', :name => 'user[login]', :type => 'text' } + assert_tag :tag => 'input', :attributes => { :id => 'user_email', :name => 'user[email]', :type => 'text' } + assert_tag :tag => 'input', :attributes => { :id => 'password', :name => 'password', :type => 'password' } + assert_tag :tag => 'input', :attributes => { :id => 'password_confirmation', :name => 'password_confirmation', :type => 'password' } + assert_tag :tag => 'select', + :attributes => { :id => 'user_password_hash_type', :name => 'user[password_hash_type]' }, + :children => { :count => 1 } + assert_tag :tag => 'select', :attributes => { :id => 'user_state', :name => 'user[state]'}, + :children => { :greater_than => 0 } + end + + # We want to be redirected if we try a GET on create - dangerous actions are + # POST only! + def test_create_redirect_on_get + get :create, :id => 1 + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_create_with_valid_data_submit_create + num_users = User.count + + userdata = { + 'login' => 'This is my name', + 'state' => User.states['unconfirmed'], + 'email' => 'email@foobar.com', + 'roles' => [1.to_s, '2'], + 'password_hash_type' => 'md5', + } + post :create, :user => userdata, :submit => { 'create' => 'Create' }, + 'password' => 'My Nice Password', 'password_confirmation' => 'My Nice Password' + + assert_response :redirect + assert_redirected_to :action => 'show'#, :id => num_users + 1 + + assert_equal num_users + 1, User.count + end + + def test_create_with_valid_data_submit_preview + num_users = User.count + + userdata = { + 'login' => 'This is my name', + 'state' => User.states['unconfirmed'], + 'email' => 'email@foobar.com', + 'roles' => [1.to_s, '2'], + 'password_hash_type' => 'md5', + } + post :create, :user => userdata, :submit => { 'preview' => 'Preview' }, + 'password' => 'My Nice Password', 'password_confirmation' => 'My Nice Password' + + assert_response :success, "Previews don't work at the moment. This is a known bug: https://activerbac.turingstudio.com/trac/ticket/29" + assert_template 'new' + + assert_no_tag :tag => 'h2', + :content => 'errors prohibited this user from being saved' + + assert_equal num_users, User.count + end + + def test_should_ignore_unknown_post_variable_on_create_submit_create + # This fails and displays the default error page in production. + # How can I really test this? +# invalid_data = { 'foo' => 'bar' } +# post :create, :user => invalid_data +# +# assert_response :success +# assert_template 'new' + end + + def test_create_emptypost_failure_submit_create + num_users = User.count + + post :create, :user => {} + + assert_response :success + assert_template 'new' + + # TODO: Somehow make that error displaying configureable. h2 is *bad* for that + assert_tag :tag => 'h2', :content => 'errors prohibited this user from being saved' + assert_equal num_users, User.count + end + + def test_edit + get :edit, :id => @icarus_user.id + + assert_response :success + assert_template 'edit' + + assert_not_nil assigns(:user) + + user = assigns(:user) + assert_equal @icarus_user.id, user.id + assert_equal @icarus_user.login, user.login + assert_equal @icarus_user.email, user.email + assert_equal @icarus_user.password, user.password + assert_equal @icarus_user.state, user.state + end + + # We want to be redirected if we try a GET on update - dangerous actions are + # POST only! + def test_update_reject_on_get + get :update, :id => 1 + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_update_success_submit_update + assert_equal @icarus.id, @icarus_user.id + assert_equal @icarus.login, @icarus_user.login + assert_equal @icarus.state, @icarus_user.state + assert_equal @icarus.email, @icarus_user.email + assert_equal @icarus.password, @icarus_user.password + assert_equal @icarus.password_hash_type, @icarus_user.password_hash_type + + user = { + 'login' => 'daedalus', + 'state' => User.states['locked'], + 'email' => 'daedalus@crete', + 'password_hash_type' => 'md5', + } + + post :update, :id => 1, :user => user, 'password' => 'leafleaf', 'password_confirmation' => 'leafleaf', :submit => { 'update' => 'Update' } + + assert_response :redirect + assert_redirected_to :action => 'show', :id => 1 + + user = User.find(1) + assert_equal 'daedalus', user.login + assert_equal User.states['locked'], user.state + assert_equal 'daedalus@crete', user.email + assert_equal 0, user.roles.length + assert user.password_equals?('leafleaf') + assert_equal 'md5', user.password_hash_type + end + + def test_update_success_submit_preview + # icarus comes from setup + assert_equal @icarus.id, @icarus_user.id + assert_equal @icarus.login, @icarus_user.login + assert_equal @icarus.state, @icarus_user.state + assert_equal @icarus.email, @icarus_user.email + assert_equal @icarus.password, @icarus_user.password + assert_equal @icarus.password_hash_type, @icarus_user.password_hash_type + + user = { + 'login' => 'daedalus', + 'state' => User.states['unconfirmed'], + 'email' => 'daedalus@crete', + 'password_hash_type' => 'md5', + } + + post :update, :id => 1, :user => user, 'password' => 'leafleaf', 'password_confirmation' => 'leafleaf', :submit => { 'preview' => 'Preview' } + + assert_response :success + assert_template 'edit' + + assert_equal @icarus.id, @icarus_user.id + assert_equal @icarus.login, @icarus_user.login + assert_equal @icarus.state, @icarus_user.state + assert_equal @icarus.email, @icarus_user.email + assert_equal @icarus.password, @icarus_user.password + assert_equal @icarus.password_hash_type, @icarus_user.password_hash_type + end + + def test_update_no_password_change_submit_update + assert_equal @icarus.id, @icarus_user.id + assert_equal @icarus.login, @icarus_user.login + assert_equal @icarus.state, @icarus_user.state + assert_equal @icarus.email, @icarus_user.email + assert_equal @icarus.password, @icarus_user.password + assert_equal @icarus.password_hash_type, @icarus_user.password_hash_type + + user = { + 'login' => 'minotaurus', + 'state' => User.states['locked'], + 'email' => 'minotaurus@labyrinth', + 'password_hash_type' => 'md5', + } + + post :update, :id => @icarus_user.id, :user => user, 'password' => '', 'password_confirmation' => '', :submit => { 'update' => 'Update' } + + assert_response :redirect + assert_redirected_to :action => 'show', :id => @icarus_user.id + + user = User.find(@icarus_user.id) + assert_equal 'minotaurus', user.login + assert_equal User.states['locked'], user.state + assert_equal 'minotaurus@labyrinth', user.email + assert_equal 0, user.roles.length + assert user.password_equals?('password') + assert_equal 'md5', user.password_hash_type + end + + def test_revoke_multiple_roles_submit_update + icarus_user = User.find @icarus_user.id + icarus_user.roles << Role.find(@gods_role.id) << Role.find(@greeks_role.id) + assert icarus_user.save + assert_equal 2, icarus_user.roles.length + assert_equal [ Role.find(@gods_role.id), Role.find(@greeks_role.id) ].sort {|a,b| a.id <=> b.id}, icarus_user.roles.sort {|a,b| a.id <=> b.id} + + user = { + 'login' => @icarus_user.login, + 'email' => @icarus_user.email, + 'password_hash_type' => @icarus_user.password_hash_type, + 'state' => @icarus_user.state, + } + + post :update, :id => @icarus_user.id, :user => user, :submit => { 'update' => 'Update' } + + assert_response :redirect + assert_redirected_to :action => 'show', :id => @icarus_user.id + + user = User.find(@icarus_user.id) + assert_equal 0, user.roles.length + end + + def test_should_display_edit_form_on_invalid_state_transition + assert_equal @icarus.id, @icarus_user.id + assert_equal @icarus.login, @icarus_user.login + assert_equal @icarus.state, @icarus_user.state + assert_equal @icarus.email, @icarus_user.email + assert_equal @icarus.password, @icarus_user.password + assert_equal @icarus.password_hash_type, @icarus_user.password_hash_type + + user = { + 'login' => 'daedalus', + 'state' => User.states['unconfirmed'], + 'email' => 'daedalus@crete', + 'password_hash_type' => 'md5', + } + + post :update, :id => @icarus.id, :user => user, 'password' => 'leafleaf', 'password_confirmation' => 'leafleaf', :submit => { 'update' => 'Update' } + + assert_response :success + assert_template 'edit' + + user = User.find(@icarus.id) + assert_equal @icarus_user.id, user.id + assert_equal @icarus_user.login, user.login + assert_equal @icarus_user.state, user.state + assert_equal @icarus_user.email, user.email + assert_equal @icarus_user.password, user.password + assert_equal @icarus_user.password_hash_type, user.password_hash_type + end + + def test_delete + get :delete, :id => 1 + + assert_response :success + assert_template 'delete' + end + + # We want to be redirected if we try a GET on destroy - dangerous + # actions are POST only! + def test_destroy_reject_on_get + get :destroy, :id => 1 + + assert_response :redirect + assert_redirected_to :action => 'list' + end + + def test_destroy_say_yes + assert_not_nil User.find(@zeus_user.id) + + post :destroy, :id => @zeus_user.id, :yes => 'Yes' + assert_response :redirect + assert_redirected_to :action => 'list' + + assert_raise(ActiveRecord::RecordNotFound) { + User.find(@zeus_user.id) + } + end + + def test_destroy_say_no + assert_not_nil User.find(@zeus_user.id) + + post :destroy, :id => @zeus_user.id + assert_response :redirect + assert_redirected_to :action => 'show', :id => @zeus_user.id.to_s + + assert_kind_of User, User.find(@zeus_user.id) + end +end diff --git a/src/api/components/active_rbac/test/test_helper.rb b/src/api/components/active_rbac/test/test_helper.rb new file mode 100644 index 0000000..b1aaa75 --- /dev/null +++ b/src/api/components/active_rbac/test/test_helper.rb @@ -0,0 +1,26 @@ +ENV["RAILS_ENV"] = "test" + +# Expand the path to environment so that Ruby does not load it multiple times +# File.expand_path can be removed if Ruby 1.9 is in use. +require File.expand_path(File.dirname(__FILE__) + "/../../../config/environment") +require 'application' + +require 'test/unit' +require 'active_record/fixtures' +require 'action_controller/test_process' +require 'action_web_service/test_invoke' +require 'breakpoint' + +Test::Unit::TestCase.fixture_path = File.dirname(__FILE__) + "/fixtures/" + +class Test::Unit::TestCase + # Turn these on to use transactional fixtures with table_name(:fixture_name) instantiation of fixtures + # self.use_transactional_fixtures = true + # self.use_instantiated_fixtures = false + + def create_fixtures(*table_names) + Fixtures.create_fixtures(File.dirname(__FILE__) + "/fixtures", table_names) + end + + # Add more helper methods to be used by all tests here... +end \ No newline at end of file diff --git a/src/api/components/active_rbac/test/unit/group_test.rb b/src/api/components/active_rbac/test/unit/group_test.rb new file mode 100644 index 0000000..b60c50a --- /dev/null +++ b/src/api/components/active_rbac/test/unit/group_test.rb @@ -0,0 +1,535 @@ +require File.dirname(__FILE__) + '/../test_helper' + +class GroupTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles + + def setup + end + + # + # The tests + # + + def test_groups_from_fixtures_should_be_correct + fixture_groups = [ @heroes_group, @greeks_group, @cretes_group, + @greek_heroes_group, @greek_kings_group, @gods_group, + @gods_not_in_olymp_group, @greek_warriors_group, + @troys_besiegers_group, @punished_heroes_group ] + + for fixture_group in fixture_groups do + queried_group = Group.find fixture_group.id + + assert_kind_of Group, queried_group + + assert_equal queried_group.id, fixture_group.id + assert_equal queried_group.parent, fixture_group.parent + assert_equal queried_group.created_at, fixture_group.created_at + assert_equal queried_group.updated_at, fixture_group.updated_at + assert_equal queried_group.title, fixture_group.title + end + end + + def test_users_on_fixture_groups_should_be_correct + group = Group.find @greek_heroes_group.id + assert_equal 1, group.users.length + assert_equal [@perseus_user].sort {|a,b| a.id <=> b.id}, group.users.sort {|a,b| a.id <=> b.id} + + group = Group.find @gods_not_in_olymp_group.id + assert_equal 1, group.users.length + assert_equal [@hades_user].sort {|a,b| a.id <=> b.id}, group.users.sort {|a,b| a.id <=> b.id} + + group = Group.find @troys_besiegers_group.id + assert_equal 1, group.users.length + assert_equal [@agamemnon_user].sort {|a,b| a.id <=> b.id}, group.users.sort {|a,b| a.id <=> b.id} + + group = Group.find @punished_heroes_group.id + assert_equal 1, group.users.length + assert_equal [@odysseus_user].sort {|a,b| a.id <=> b.id}, group.users.sort {|a,b| a.id <=> b.id} + + group = Group.find @cretes_group.id + assert_equal 1, group.users.length + assert_equal [@ariadne_user].sort {|a,b| a.id <=> b.id}, group.users.sort {|a,b| a.id <=> b.id} + + group = Group.find @greek_kings_group.id + assert_equal 1, group.users.length + assert_equal [@minos_user].sort {|a,b| a.id <=> b.id}, group.users.sort {|a,b| a.id <=> b.id} + + no_user_groups = [ @heroes_group, @greeks_group, @gods_group, + @greek_warriors_group ] + + for no_user_group in no_user_groups do + queried_group = Group.find no_user_group.id + + assert_equal 0, queried_group.users.length + end + end + + def test_all_users_on_fixture_groups_should_be_correct + group = Group.find @greek_heroes_group.id + assert_equal 1, group.all_users.length + assert_equal [@perseus_user].sort {|a,b| a.id <=> b.id}, group.all_users.sort {|a,b| a.id <=> b.id} + + group = Group.find @gods_not_in_olymp_group.id + assert_equal 1, group.all_users.length + assert_equal [@hades_user].sort {|a,b| a.id <=> b.id}, group.all_users.sort {|a,b| a.id <=> b.id} + + group = Group.find @troys_besiegers_group.id + assert_equal 1, group.all_users.length + assert_equal [@agamemnon_user].sort {|a,b| a.id <=> b.id}, group.all_users.sort {|a,b| a.id <=> b.id} + + group = Group.find @punished_heroes_group.id + assert_equal 1, group.all_users.length + assert_equal [@odysseus_user].sort {|a,b| a.id <=> b.id}, group.all_users.sort {|a,b| a.id <=> b.id} + + group = Group.find @cretes_group.id + assert_equal 1, group.all_users.length + assert_equal [@ariadne_user].sort {|a,b| a.id <=> b.id}, group.all_users.sort {|a,b| a.id <=> b.id} + + group = Group.find @greek_kings_group.id + assert_equal 1, group.all_users.length + assert_equal [@minos_user].sort {|a,b| a.id <=> b.id}, group.all_users.sort {|a,b| a.id <=> b.id} + + group = Group.find @gods_group.id + assert_equal 1, group.all_users.length + assert_equal [@hades_user].sort {|a,b| a.id <=> b.id}, group.all_users.sort {|a,b| a.id <=> b.id} + + group = Group.find @greeks_group.id + assert_equal 2, group.all_users.length + assert_equal [@ariadne_user, @minos_user].sort {|a,b| a.id <=> b.id}, group.all_users.sort {|a,b| a.id <=> b.id} + + group = Group.find @greek_warriors_group.id + assert_equal 1, group.all_users.length + assert_equal [@agamemnon_user].sort {|a,b| a.id <=> b.id}, group.all_users.sort {|a,b| a.id <=> b.id} + + no_all_user_groups = [ @heroes_group ] + + for no_user_group in no_all_user_groups do + queried_group = Group.find no_user_group.id + + assert_equal 0, queried_group.all_users.length + end + end + + def test_roles_on_fixture_groups_should_be_correct + group = Group.find @greek_heroes_group.id + assert_equal 1, group.roles.length + assert_equal [@greek_heroes_role].sort {|a,b| a.id <=> b.id}, group.roles.sort {|a,b| a.id <=> b.id} + + group = Group.find @gods_not_in_olymp_group.id + assert_equal 1, group.roles.length + assert_equal [@god_of_death_role].sort {|a,b| a.id <=> b.id}, group.roles.sort {|a,b| a.id <=> b.id} + + group = Group.find @troys_besiegers_group.id + assert_equal 1, group.roles.length + assert_equal [@greek_warriors_role].sort {|a,b| a.id <=> b.id}, group.roles.sort {|a,b| a.id <=> b.id} + + group = Group.find @greek_kings_group.id + assert_equal 1, group.roles.length + assert_equal [@greek_kings_role].sort {|a,b| a.id <=> b.id}, group.roles.sort {|a,b| a.id <=> b.id} + + no_roles_groups = [ @heroes_group, @gods_group, @greek_warriors_group, + @punished_heroes_group, @greeks_group, @cretes_group] + + for no_role_group in no_roles_groups do + queried_group = Group.find no_role_group.id + + assert_equal 0, queried_group.roles.length + end + end + + def test_all_roles_on_fixture_groups_should_be_correct + group = Group.find @greek_heroes_group.id + assert_equal 1, group.all_roles.length + assert_equal [@greek_heroes_role].sort {|a,b| a.id <=> b.id}, group.all_roles.sort {|a,b| a.id <=> b.id} + + group = Group.find @gods_not_in_olymp_group.id + assert_equal 1, group.all_roles.length + assert_equal [@god_of_death_role].sort {|a,b| a.id <=> b.id}, group.all_roles.sort {|a,b| a.id <=> b.id} + + group = Group.find @troys_besiegers_group.id + assert_equal 2, group.all_roles.length + assert_equal [@greek_warriors_role, @greeks_role].sort {|a,b| a.id <=> b.id}, group.all_roles.sort {|a,b| a.id <=> b.id} + + group = Group.find @greek_kings_group.id + assert_equal 2, group.all_roles.length + assert_equal [@greek_kings_role, @greek_men_role].sort {|a,b| a.id <=> b.id}, group.all_roles.sort {|a,b| a.id <=> b.id} + + no_all_roles_groups = [ @heroes_group, @gods_group, @greek_warriors_group, + @punished_heroes_group, @greeks_group, @cretes_group] + + for no_all_roles_group in no_all_roles_groups do + queried_group = Group.find no_all_roles_group.id + + assert_equal 0, queried_group.roles.length + end + end + + def test_changing_fixture_groups_title_to_valid_value_should_work + group = Group.find @heroes_group.id + group.title = 'New Group Title' + + assert group.save + group.reload + + assert_equal 'New Group Title', group.title + end + + def test_changing_fixture_groups_parent_to_nil_should_work + group = Group.find @greek_kings_group.id + group.parent = nil + + assert group.save + group.reload + + assert_nil group.parent + end + + def test_changing_fixture_groups_parent_to_valid_group_should_work + group = Group.find @greek_kings_group.id + group.parent = Group.find(@greek_heroes_group.id) + + assert group.save + group.reload + + assert_equal Group.find(@greek_heroes_group.id), group.parent + end + + def test_creating_group_without_parent_should_work + group = Group.new + group.title = 'Valid Group Title' + + assert group.save + group.reload + + assert_equal 'Valid Group Title', group.title + end + + def test_creating_group_with_parent_should_work + group = Group.new + group.title = 'Valid Group Title' + group.parent = Group.find(@greek_heroes_group.id) + + assert group.save + group.reload + + assert_equal 'Valid Group Title', group.title + assert_equal Group.find(@greek_heroes_group.id), group.parent + end + + def test_assigning_one_role_to_group_should_work + # @hero_group is a good dummy because it has no roles, user, parents + group = Group.find @heroes_group.id + role = Role.find @greek_heroes_role.id + + group.roles << role + + assert group.save + group.reload + + assert_equal 1, group.roles.length + assert_equal [role].sort {|a,b| a.id <=> b.id}, group.roles.sort {|a,b| a.id <=> b.id} + end + + def test_deassigning_one_role_from_group_should_work + # @hero_group is a good dummy because it has no roles, user, parents + group = Group.find @gods_not_in_olymp_group.id + role = Role.find @god_of_death_role.id + + group.roles.delete role + + assert group.save + group.reload + + assert_equal 0, group.roles.length + end + + def test_assigning_multiple_roles_to_group_should_work + # @hero_group is a good dummy because it has no roles, user, parents + group = Group.find @heroes_group.id + role1 = Role.find @greek_heroes_role.id + role2 = Role.find @greek_kings_role.id + + group.roles << role1 << role2 + + assert group.save + group.reload + + assert_equal 2, group.roles.length + assert_equal [role1, role2].sort {|a,b| a.id <=> b.id}, group.roles.sort {|a,b| a.id <=> b.id} + end + + def test_deassigning_multiple_roles_from_group_should_work + test_assigning_multiple_roles_to_group_should_work + + group = Group.find @heroes_group.id + role1 = Role.find @greek_heroes_role.id + role2 = Role.find @greek_kings_role.id + + group.roles.delete role1 + group.roles.delete role2 + + assert_equal 0, group.roles.length + end + + def test_deassigning_all_roles_from_group_should_work + test_assigning_multiple_roles_to_group_should_work + + group = Group.find @heroes_group.id + + group.roles.clear + + assert_equal 0, group.roles.length + end + + def test_assigning_one_group_to_one_user_should_work + group = Group.find @heroes_group.id + user = User.find @odysseus_user.id + + group.users << user + assert group.save + group.reload + + assert_equal 1, group.users.length + assert_equal [user].sort {|a,b| a.id <=> b.id}, group.users.sort {|a,b| a.id <=> b.id} + end + + def test_assigning_one_group_to_multiple_users_should_work + group = Group.find @heroes_group.id + user1 = User.find @odysseus_user.id + user2 = User.find @perseus_user.id + + group.users << user1 << user2 + assert group.save + group.reload + + assert_equal 2, group.users.length + assert_equal [user1, user2].sort {|a,b| a.id <=> b.id}, group.users.sort {|a,b| a.id <=> b.id} + end + + def test_deassigning_multiple_users_from_one_group_should_work + test_assigning_one_group_to_one_user_should_work + + group = Group.find @heroes_group.id + user = User.find @odysseus_user.id + + group.users.delete user + + assert group.save + group.reload + + assert_equal 0, group.users.length + end + + def test_deassigning_one_user_from_one_group_should_work + test_assigning_one_group_to_multiple_users_should_work + + group = Group.find @heroes_group.id + user1 = User.find @odysseus_user.id + user2 = User.find @perseus_user.id + + group.users.delete user1 + group.users.delete user2 + + assert group.save + group.reload + + assert_equal 0, group.users.length + end + + def test_deassigning_all_users_from_one_group_should_work + test_assigning_one_group_to_multiple_users_should_work + + group = Group.find @heroes_group.id + + group.users.clear + + assert group.save + group.reload + + assert_equal 0, group.users.length + end + + def test_should_inherit_one_role_from_parent_group + # add role + greeks = Group.find@greeks_group.id + greeks.roles << Role.find(@greeks_role.id) + assert greeks.save + + cretes = Group.find @cretes_group.id + assert_equal 0, cretes.roles.length + assert_equal 1, cretes.all_roles.length + assert_equal [@greeks_role].sort {|a,b| a.id <=> b.id}, cretes.all_roles.sort {|a,b| a.id <=> b.id} + end + + def test_should_inherit_multiple_roles_from_parent_group + # add roles + greeks = Group.find @greeks_group.id + greeks.roles << Role.find(@greeks_role.id) << Role.find(@greek_heroes_role.id) + assert greeks.save + + cretes = Group.find @cretes_group.id + assert_equal 0, cretes.roles.length + assert_equal 2, cretes.all_roles.length + assert_equal [@greeks_role, @greek_heroes_role].sort {|a,b| a.id <=> b.id}, cretes.all_roles.sort {|a,b| a.id <=> b.id} + end + + def test_destroy_on_group_without_parent_should_work + heroes = Group.find @heroes_group.id + assert heroes.destroy + + assert heroes.frozen? + assert_raise(ActiveRecord::RecordNotFound) { Group.find @heroes_group.id } + end + + def test_destroy_on_group_with_parent_should_work + cretes = Group.find @cretes_group.id + assert cretes.destroy + + assert cretes.frozen? + assert_raise(ActiveRecord::RecordNotFound) { Group.find @cretes_group.id } + end + + def test_should_block_empty_group_title_on_creation + group = Group.new + + assert !group.save + + assert_equal 1, group.errors.count + assert_equal 'must have more than two characters.', group.errors['title'] + end + + def test_should_block_too_short_group_title_on_creation + group = Group.new + group.title = '1' + + assert !group.save + + assert_equal 1, group.errors.count + assert_equal 'must have more than two characters.', group.errors['title'] + end + + def test_should_block_too_long_group_title_on_creation + group = Group.new + group.title = 'long ' * 100 + + assert !group.save + + assert_equal 1, group.errors.count + assert_equal 'must have less than 100 characters.', group.errors['title'] + end + + def test_should_block_invalid_characters_in_group_title_on_creation + invalid_chars = [ '%', '§', '†', '∆', '¥', '≈', 'ç', '∂', 'ƒ', '©', 'ª', 'º', '∆', '«' ] + + for char in invalid_chars do + group = Group.new + group.title = "invalid char: #{char}" + + assert !group.save + + assert_equal 1, group.errors.count + assert_equal "must not contain invalid characters.", group.errors["title"] + end + end + + def test_should_block_non_unique_group_title_on_creation + group = Group.new + group.title = @gods_role.title + + assert !group.save + assert_equal 1, group.errors.count + assert_equal "is the name of an already existing group.", group.errors["title"] + end + + def test_should_block_empty_group_title_on_edit + group = Group.find @greek_heroes_group.id + group.title = nil + + assert !group.save + + assert_equal 1, group.errors.count, 'Fails because of an error in RoR. See http://dev.rubyonrails.org/ticket/2022 for details.' + assert_equal 'must have more than two characters.', group.errors['title'] + end + + def test_should_block_too_short_group_title_on_edit + group = Group.find @greek_heroes_group.id + group.title = '1' + + assert !group.save + + assert_equal 1, group.errors.count + assert_equal 'must have more than two characters.', group.errors['title'] + end + + def test_should_block_too_long_group_title_on_edit + group = Group.find @greek_heroes_group.id + group.title = 'long ' * 100 + + assert !group.save + + assert_equal 1, group.errors.count + assert_equal 'must have less than 100 characters.', group.errors['title'] + end + + def test_should_block_invalid_characters_in_group_title_on_edit + invalid_chars = [ '%', '§', '†', '∆', '¥', '≈', 'ç', '∂', 'ƒ', '©', 'ª', 'º', '∆', '«' ] + + for char in invalid_chars do + group = Group.find @greek_heroes_group.id + group.title = "invalid char: #{char}" + + assert !group.save + + assert_equal 1, group.errors.count + assert_equal "must not contain invalid characters.", group.errors["title"] + end + end + + def test_should_block_non_unique_group_title_on_edit + group = Group.find @gods_group.id + group.title = @greek_heroes_group.title + + assert !group.save + assert_equal 1, group.errors.count + assert_equal "is the name of an already existing group.", group.errors["title"] + end + + # No counterpart for edit since it can only happen with existing groups. + def test_should_block_recursion_in_tree + group = Group.find @greeks_group.id + + assert_raises(RecursionInTree) { group.parent = Group.find @cretes_group.id } + end + + def test_should_block_destroy_group_with_children + group = Group.find @greeks_group.id + assert_raises(CantDeleteWithChildren) { group.destroy } + end + + def test_descendants_and_self_should_work_with_one_child + group = Group.find @gods_group.id + + assert_equal 2, group.descendants_and_self.length + assert_equal [@gods_group, @gods_not_in_olymp_group].sort {|a,b| a.id <=> b.id}, group.descendants_and_self.sort {|a,b| a.id <=> b.id} + end + + def test_descendants_and_self_should_work_with_multiple_children_in_one_level + group = Group.find @greeks_group.id + assert_equal 3, group.descendants_and_self.length + assert_equal [@greeks_group, @cretes_group, @greek_kings_group].sort {|a,b| a.id <=> b.id}, group.descendants_and_self.sort {|a,b| a.id <=> b.id} + end + + def test_ancestors_and_self_should_work_with_no_ancestor + group = Group.find @gods_group.id + + assert_equal 1, group.ancestors_and_self.length + assert_equal [group].sort {|a,b| a.id <=> b.id}, group.ancestors_and_self.sort {|a,b| a.id <=> b.id} + end + + def test_ancestors_and_self_should_work_with_one_ancestor + group = Group.find @gods_not_in_olymp_group.id + + assert_equal 2, group.ancestors_and_self.length + assert_equal [group, @gods_group].sort {|a,b| a.id <=> b.id}, group.ancestors_and_self.sort {|a,b| a.id <=> b.id} + end +end \ No newline at end of file diff --git a/src/api/components/active_rbac/test/unit/registration_mailer_test.rb b/src/api/components/active_rbac/test/unit/registration_mailer_test.rb new file mode 100644 index 0000000..ee47a1f --- /dev/null +++ b/src/api/components/active_rbac/test/unit/registration_mailer_test.rb @@ -0,0 +1,61 @@ +require File.dirname(__FILE__) + '/../test_helper' +require 'registration_mailer' + +class RegistrationMailerTest < Test::Unit::TestCase + FIXTURES_PATH = File.dirname(__FILE__) + '/../fixtures' + CHARSET = "utf-8" + + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles + + include ActionMailer::Quoting + + def setup + ActionMailer::Base.delivery_method = :test + ActionMailer::Base.perform_deliveries = true + ActionMailer::Base.deliveries = [] + + @expected = TMail::Mail.new + @expected.set_content_type "text", "plain", { "charset" => CHARSET } + end + + def test_confirm_registration + @expected.from = ActiveRbac::Configuration.mailer[:from] + @expected.to = 'root@localhost' + @expected.subject = ActiveRbac::Configuration.mailer[:subjects][:confirm_registration] + @expected.body = read_fixture('confirm_registration') + @expected.date = Time.now + + user = User.new + user.login = 'test login' + user.email = 'root@localhost' + user.update_password 'test_password' + user.save + user.create_user_registration + + assert_equal(@expected.encoded, RegistrationMailer.create_confirm_registration(user, 'http://www.example.com').encoded) + end + + def test_lost_password + @expected.from = ActiveRbac::Configuration.mailer[:from] + @expected.subject = ActiveRbac::Configuration.mailer[:subjects][:lost_password] + @expected.to = 'root@localhost' + @expected.body = read_fixture('lost_password') + @expected.date = Time.now + + user = User.new + user.email = 'root@localhost' + user.login = 'USER LOGIN' + password = 'NEW PASSWORD' + + assert_equal @expected.encoded, RegistrationMailer.create_lost_password(user, password).encoded + end + + private + def read_fixture(action) + IO.readlines("#{FIXTURES_PATH}/registration_mailer/#{action}") + end + + def encode(subject) + quoted_printable(subject, CHARSET) + end +end \ No newline at end of file diff --git a/src/api/components/active_rbac/test/unit/role_test.rb b/src/api/components/active_rbac/test/unit/role_test.rb new file mode 100644 index 0000000..f75ab51 --- /dev/null +++ b/src/api/components/active_rbac/test/unit/role_test.rb @@ -0,0 +1,351 @@ +require File.dirname(__FILE__) + '/../test_helper' + +class RoleTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles + + def setup + end + + # + # The tests + # + + def test_roles_from_fixtures_should_be_correct + fixture_roles = [ @gods_role, @major_gods_role, @greek_heroes_role, + @greek_men_role, @greek_kings_role, @god_of_death_role, + @greeks_role, @greek_warriors_role ] + + for fixture_role in fixture_roles do + queried_role = Role.find fixture_role.id + + assert_equal queried_role.id, fixture_role.id + assert_equal queried_role.parent, fixture_role.parent + assert_equal queried_role.created_at, fixture_role.created_at + assert_equal queried_role.updated_at, fixture_role.updated_at + assert_equal queried_role.title, fixture_role.title + end + end + + def test_users_on_fixture_roles_should_work + role = Role.find @gods_role.id + assert_equal 1, role.users.length + assert_equal [@hermes_user].sort {|a,b| a.id <=> b.id}, role.users.sort {|a,b| a.id <=> b.id} + + role = Role.find @major_gods_role.id + assert_equal 1, role.users.length + assert_equal [@zeus_user].sort {|a,b| a.id <=> b.id}, role.users.sort {|a,b| a.id <=> b.id} + + no_users_roles = [ @greek_heroes_role, @greek_men_role, @greek_kings_role, + @god_of_death_role, @greeks_role, @greek_warriors_role ] + no_users_roles.each do |r| + role = Role.find r.id + assert_equal 0, role.users.length + assert_equal [].sort {|a,b| a.id <=> b.id}, role.users.sort {|a,b| a.id <=> b.id} + end + end + + def test_all_users_on_fixture_roles_should_work + role = Role.find @gods_role.id + assert_equal 2, role.all_users.length + assert_equal [@hermes_user, @zeus_user].sort {|a,b| a.id <=> b.id}, role.all_users.sort {|a,b| a.id <=> b.id} + + role = Role.find @major_gods_role.id + assert_equal 1, role.all_users.length + assert_equal [@zeus_user].sort {|a,b| a.id <=> b.id}, role.all_users.sort {|a,b| a.id <=> b.id} + + role = Role.find @greek_heroes_role.id + assert_equal 1, role.all_users.length + assert_equal [@perseus_user].sort {|a,b| a.id <=> b.id}, role.all_users.sort {|a,b| a.id <=> b.id} + + role = Role.find @god_of_death_role.id + assert_equal 1, role.all_users.length + assert_equal [@hades_user].sort {|a,b| a.id <=> b.id}, role.all_users.sort {|a,b| a.id <=> b.id} + + role = Role.find @greek_kings_role.id + assert_equal 1, role.all_users.length + assert_equal [@minos_user].sort {|a,b| a.id <=> b.id}, role.all_users.sort {|a,b| a.id <=> b.id} + + role = Role.find @greek_warriors_role.id + assert_equal 1, role.all_users.length + assert_equal [@agamemnon_user].sort {|a,b| a.id <=> b.id}, role.all_users.sort {|a,b| a.id <=> b.id} + + role = Role.find @greek_men_role.id + assert_equal 1, role.all_users.length + assert_equal [@minos_user].sort {|a,b| a.id <=> b.id}, role.all_users.sort {|a,b| a.id <=> b.id} + + role = Role.find @greeks_role.id + assert_equal 1, role.all_users.length + assert_equal [@agamemnon_user].sort {|a,b| a.id <=> b.id}, role.all_users.sort {|a,b| a.id <=> b.id} + end + + def test_groups_on_fixture_roles_should_work + role = Role.find @greek_heroes_role.id + assert_equal 1, role.groups.length + assert_equal [@greek_heroes_group].sort {|a,b| a.id <=> b.id}, role.groups.sort {|a,b| a.id <=> b.id} + + role = Role.find @god_of_death_role.id + assert_equal 1, role.groups.length + assert_equal [@gods_not_in_olymp_group].sort {|a,b| a.id <=> b.id}, role.groups.sort {|a,b| a.id <=> b.id} + + role = Role.find @greek_kings_role.id + assert_equal 1, role.groups.length + assert_equal [@greek_kings_group].sort {|a,b| a.id <=> b.id}, role.groups.sort {|a,b| a.id <=> b.id} + + role = Role.find @greek_warriors_role.id + assert_equal 1, role.groups.length + assert_equal [@troys_besiegers_group].sort {|a,b| a.id <=> b.id}, role.groups.sort {|a,b| a.id <=> b.id} + + no_groups_roles = [ @gods_role, @major_gods_role, @greek_men_role, @greeks_role ] + no_groups_roles.each do |r| + role = Role.find r.id + assert_equal 0, role.groups.length + assert_equal [].sort {|a,b| a.id <=> b.id}, role.groups.sort {|a,b| a.id <=> b.id} + end + end + + def test_all_groups_on_fixture_roles_should_work + role = Role.find @greek_heroes_role.id + assert_equal 1, role.all_groups.length + assert_equal [@greek_heroes_group].sort {|a,b| a.id <=> b.id}, role.all_groups.sort {|a,b| a.id <=> b.id} + + role = Role.find @god_of_death_role.id + assert_equal 1, role.all_groups.length + assert_equal [@gods_not_in_olymp_group].sort {|a,b| a.id <=> b.id}, role.all_groups.sort {|a,b| a.id <=> b.id} + + role = Role.find @greek_kings_role.id + assert_equal 1, role.all_groups.length + assert_equal [@greek_kings_group].sort {|a,b| a.id <=> b.id}, role.all_groups.sort {|a,b| a.id <=> b.id} + + role = Role.find @greek_warriors_role.id + assert_equal 1, role.all_groups.length + assert_equal [@troys_besiegers_group].sort {|a,b| a.id <=> b.id}, role.all_groups.sort {|a,b| a.id <=> b.id} + + no_all_groups_roles = [ @gods_role, @major_gods_role, @greek_men_role, @greeks_role ] + no_all_groups_roles.each do |r| + role = Role.find r.id + assert_equal 0, role.all_groups.length + assert_equal [].sort {|a,b| a.id <=> b.id}, role.all_groups.sort {|a,b| a.id <=> b.id} + end + end + + def test_allow_changing_fixtures_roles_title_to_valid_value_should_work + role = Role.find @god_of_death_role.id + role.title = 'Nice Role Title' + + assert role.save + role.reload + + assert_equal 'Nice Role Title', role.title + end + + def test_changing_fixtures_roles_parent_to_nil_should_work + role = Role.find @major_gods_role.id + role.parent = nil + + assert role.save + role.reload + + assert_nil role.parent + end + + def test_changing_fixtures_roles_parent_to_valid_role_should_work + role = Role.find @major_gods_role.id + role.parent = Role.find @god_of_death_role.id + + assert role.save + role.reload + + assert_equal Role.find(@god_of_death_role.id), role.parent + end + + def test_creating_role_without_parent_should_work + role = Role.new + role.title = 'Nice New Role' + + assert role.save + role.reload + + assert_equal 'Nice New Role', role.title + assert_nil role.parent + end + + def test_creating_role_with_parent_should_work + role = Role.new + role.title = 'Nice New Role' + role.parent = Role.find @major_gods_role.id + + assert role.save + role.reload + + assert_equal 'Nice New Role', role.title + assert_equal Role.find(@major_gods_role.id), role.parent + end + + def test_destroy_on_role_without_parent_should_work + role = Role.find @god_of_death_role.id + assert role.destroy + + assert_raise(ActiveRecord::RecordNotFound) { Role.find @god_of_death_role.id } + end + + def test_destroy_on_role_with_parent_should_work + role = Role.find @major_gods_role.id + assert role.destroy + + assert_raise(ActiveRecord::RecordNotFound) { Role.find @major_gods_role.id } + + role = Role.find @gods_role.id + assert_equal 0, role.children.length + end + + def test_should_block_empty_role_title_on_creation + role = Role.new + role.title == nil + + assert !role.save + + assert_equal 1, role.errors.count + assert_equal 'must have more than two characters.', role.errors['title'] + end + + def test_should_block_too_short_role_title_on_creation + role = Role.new + role.title = '1' + + assert !role.save + + assert_equal 1, role.errors.count + assert_equal 'must have more than two characters.', role.errors['title'] + end + + def test_should_block_too_long_role_title_on_creation + role = Role.new + role.title = 'long ' * 100 + + assert !role.save + + assert_equal 1, role.errors.count + assert_equal 'must have less than 100 characters.', role.errors['title'] + end + + def test_should_block_invalid_characters_in_role_title_on_creation + invalid_chars = [ '%', '§', '†', '∆', '¥', '≈', 'ç', '∂', 'ƒ', '©', 'ª', 'º', '∆', '«' ] + + for char in invalid_chars do + role = Role.new + role.title = "invalid char: #{char}" + + assert !role.save + + assert_equal 1, role.errors.count + assert_equal "must not contain invalid characters.", role.errors["title"] + end + end + + def test_should_block_non_unique_role_title_on_creation + role = Role.new + role.title = @major_gods_role.title + + assert !role.save + assert_equal 1, role.errors.count + assert_equal "is the name of an already existing role.", role.errors["title"] + end + + def test_should_block_empty_role_title_on_edit + role = Role.find @major_gods_role.id + role.title = nil + + assert !role.save + + assert_equal 1, role.errors.count, 'Fails because of an error in RoR. See http://dev.rubyonrails.org/ticket/2022 for details.' + assert_equal 'must have more than two characters.', role.errors['title'] + end + + def test_should_block_too_short_role_title_on_edit + role = Role.find @major_gods_role.id + role.title = '1' + + assert !role.save + + assert_equal 1, role.errors.count + assert_equal 'must have more than two characters.', role.errors['title'] + end + + def test_should_block_too_long_role_title_on_edit + role = Role.find @major_gods_role.id + role.title = 'long ' * 100 + + assert !role.save + + assert_equal 1, role.errors.count + assert_equal 'must have less than 100 characters.', role.errors['title'] + end + + def test_should_block_invalid_characters_in_role_title_on_edit + invalid_chars = [ '%', '§', '†', '∆', '¥', '≈', 'ç', '∂', 'ƒ', '©', 'ª', 'º', '∆', '«' ] + + for char in invalid_chars do + role = Role.find @major_gods_role.id + role.title = "invalid char: #{char}" + + assert !role.save + + assert_equal 1, role.errors.count + assert_equal "must not contain invalid characters.", role.errors["title"] + end + end + + def test_should_block_non_unique_role_title_on_edit + role = Role.find @gods_role.id + role.title = @major_gods_role.title + + assert !role.save + assert_equal 1, role.errors.count + assert_equal "is the name of an already existing role.", role.errors["title"] + end + + # No counterpart for edit since it can only happen with existing roles. + def test_should_block_recursion_in_tree + role = Role.find @gods_role.id + + assert_raises(RecursionInTree) { role.parent = Role.find @major_gods_role.id } + end + + def test_should_block_destroy_role_with_children + role = Role.find @gods_role.id + assert_raises(CantDeleteWithChildren) { role.destroy } + end + + def test_descendants_and_self_should_work_with_one_child + role = Role.find @gods_role.id + + assert_equal 2, role.descendants_and_self.length + assert_equal [@gods_role, @major_gods_role].sort {|a,b| a.id <=> b.id}, role.descendants_and_self.sort {|a,b| a.id <=> b.id} + end + + def test_descendants_and_self_should_work_with_multiple_children_in_one_level + child_role = Role.new + child_role.title = 'Test Role #1' + child_role.parent = @gods_role + + assert child_role.save + + role = Role.find @gods_role.id + assert_equal 3, role.descendants_and_self.length + assert_equal [@gods_role, @major_gods_role, child_role].sort {|a,b| a.id <=> b.id}, role.descendants_and_self.sort {|a,b| a.id <=> b.id} + end + + def test_ancestors_and_self_should_work_with_no_ancestor + role = Role.find @gods_role.id + + assert_equal 1, role.ancestors_and_self.length + assert_equal [role].sort {|a,b| a.id <=> b.id}, role.ancestors_and_self.sort {|a,b| a.id <=> b.id} + end + + def test_ancestors_and_self_should_work_with_one_ancestor + role = Role.find @major_gods_role.id + + assert_equal 2, role.ancestors_and_self.length + assert_equal [role, @gods_role].sort {|a,b| a.id <=> b.id}, role.ancestors_and_self.sort {|a,b| a.id <=> b.id} + end +end \ No newline at end of file diff --git a/src/api/components/active_rbac/test/unit/static_permission_test.rb b/src/api/components/active_rbac/test/unit/static_permission_test.rb new file mode 100644 index 0000000..79b135b --- /dev/null +++ b/src/api/components/active_rbac/test/unit/static_permission_test.rb @@ -0,0 +1,535 @@ +require File.dirname(__FILE__) + '/../test_helper' + +class StaticPermissionTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles, :static_permissions, :roles_static_permissions + + def setup + end + + def test_fixture_titles_should_be_correct + fixture_permissions = [ @access_olymp_permission, @sit_on_throne_permission, + @slay_monsters_permission ] + + for permission in fixture_permissions + static_permission = StaticPermission.find permission.id + + assert_equal permission.id, static_permission.id + assert_equal permission.title, static_permission.title + end + end + + def test_fixture_roles_should_be_correct + access_olymp_permission = StaticPermission.find @access_olymp_permission.id + assert_equal 1, access_olymp_permission.roles.length + assert_equal [@gods_role].sort {|a,b| a.id <=> b.id}, access_olymp_permission.roles.sort {|a,b| a.id <=> b.id} + + sit_on_throne_permission = StaticPermission.find @sit_on_throne_permission.id + assert_equal 1, sit_on_throne_permission.roles.length + assert_equal [@greek_kings_role].sort {|a,b| a.id <=> b.id}, sit_on_throne_permission.roles.sort {|a,b| a.id <=> b.id} + + slay_monsters_permission = StaticPermission.find @slay_monsters_permission.id + assert_equal 1, slay_monsters_permission.roles.length + assert_equal [@greek_heroes_role].sort {|a,b| a.id <=> b.id}, slay_monsters_permission.roles.sort {|a,b| a.id <=> b.id} + end + + def test_should_allow_inserting_new_permission_with_valid_data + sit_on_throne_permission = StaticPermission.find @sit_on_throne_permission.id + assert_equal 1, sit_on_throne_permission.all_roles.length + assert_equal [@greek_kings_role].sort {|a,b| a.id <=> b.id}, sit_on_throne_permission.all_roles.sort {|a,b| a.id <=> b.id} + + access_olymp_permission = StaticPermission.find @access_olymp_permission.id + assert_equal 2, access_olymp_permission.all_roles.length + assert_equal [@gods_role, @major_gods_role].sort {|a,b| a.id <=> b.id}, access_olymp_permission.all_roles.sort {|a,b| a.id <=> b.id} + + slay_monsters_permission = StaticPermission.find @slay_monsters_permission.id + assert_equal 1, slay_monsters_permission.all_roles.length + assert_equal [@greek_heroes_role].sort {|a,b| a.id <=> b.id}, slay_monsters_permission.all_roles.sort {|a,b| a.id <=> b.id} + end + + def test_should_allow_creating_with_valid_value + permission = StaticPermission.new + + permission.title = 'New permission\'s title' + + assert permission.save + permission.reload + + assert_equal 'New permission\'s title', permission.title + end + + def test_should_allow_editing_title_with_valid_value + permission = StaticPermission.find @slay_monsters_permission.id + + permission.title = 'Brave New Title' + + assert permission.save + permission.reload + + assert_equal 'Brave New Title', permission.title + end + + def test_should_allow_destroying + permission = StaticPermission.find @slay_monsters_permission.id + + assert permission.destroy + assert permission.frozen? + + assert_raises(ActiveRecord::RecordNotFound) { StaticPermission.find @slay_monsters_permission.id } + end + + def test_should_block_empty_permission_title_on_edit + permission = StaticPermission.find @slay_monsters_permission.id + permission.title = nil + + assert !permission.save + + assert_equal 1, permission.errors.count + assert_equal 'must be given.', permission.errors['title'] + end + + def test_should_block_too_short_permission_title_on_edit + permission = StaticPermission.find @slay_monsters_permission.id + permission.title = '1' + + assert !permission.save + + assert_equal 1, permission.errors.count + assert_equal 'must have more than two characters.', permission.errors['title'] + end + + def test_should_block_too_long_permission_title_on_edit + permission = StaticPermission.find @slay_monsters_permission.id + permission.title = 'long ' * 100 + + assert !permission.save + + assert_equal 1, permission.errors.count + assert_equal 'must have less than 100 characters.', permission.errors['title'] + end + + def test_should_block_invalid_characters_in_permission_title_on_edit + invalid_chars = [ '%', '§', '†', '∆', '¥', '≈', 'ç', '∂', 'ƒ', '©', 'ª', 'º', '∆', '«' ] + + for char in invalid_chars do + permission = StaticPermission.find @slay_monsters_permission.id + permission.title = "invalid char: #{char}" + + assert !permission.save + + assert_equal 1, permission.errors.count + assert_equal "must not contain invalid characters.", permission.errors["title"] + end + end + + def test_should_block_non_unique_permission_title_on_edit + permission = StaticPermission.find @slay_monsters_permission.id + permission.title = @sit_on_throne_permission.title + + assert !permission.save + assert_equal 1, permission.errors.count + assert_equal "is the name of an already existing static permission.", permission.errors["title"] + end + + def test_should_block_empty_permission_title_on_creation + permission = StaticPermission.new + permission.title = nil + + assert !permission.save + + assert_equal 1, permission.errors.count + assert_equal 'must be given.', permission.errors['title'] + end + + def test_should_block_too_short_permission_title_on_creation + permission = StaticPermission.new + permission.title = '1' + + assert !permission.save + + assert_equal 1, permission.errors.count + assert_equal 'must have more than two characters.', permission.errors['title'] + end + + def test_should_block_too_long_permission_title_on_creation + permission = StaticPermission.new + permission.title = 'long ' * 100 + + assert !permission.save + + assert_equal 1, permission.errors.count + assert_equal 'must have less than 100 characters.', permission.errors['title'] + end + + def test_should_block_invalid_characters_in_permission_title_on_creation + invalid_chars = [ '%', '§', '†', '∆', '¥', '≈', 'ç', '∂', 'ƒ', '©', 'ª', 'º', '∆', '«' ] + + for char in invalid_chars do + permission = StaticPermission.new + permission.title = "invalid char: #{char}" + + assert !permission.save + + assert_equal 1, permission.errors.count + assert_equal "must not contain invalid characters.", permission.errors["title"] + end + end + + def test_should_block_non_unique_permission_title_on_creation + permission = StaticPermission.new + permission.title = @sit_on_throne_permission.title + + assert !permission.save + assert_equal 1, permission.errors.count + assert_equal "is the name of an already existing static permission.", permission.errors["title"] + end + + def test_should_allow_assigning_one_permission_to_one_role + role = Role.find @greek_men_role.id + + permission = StaticPermission.new + permission.title = 'My Title' + assert permission.save + + permission.roles << role + + permission.reload + role.reload + + assert_equal 1, permission.roles.length + assert_equal [role].sort {|a,b| a.id <=> b.id}, permission.roles.sort {|a,b| a.id <=> b.id} + + assert_equal 1, role.static_permissions.length + assert_equal [permission].sort {|a,b| a.id <=> b.id}, role.static_permissions.sort {|a,b| a.id <=> b.id} + end + + def test_should_allow_assigning_one_permission_to_multiple_roles + role1 = Role.find @greek_men_role.id + role2 = Role.find @greek_warriors_role.id + + permission = StaticPermission.new + permission.title = 'My Title' + assert permission.save + + permission.roles << role1 << role2 + + permission.reload + role1.reload + role2.reload + + assert_equal 2, permission.roles.length + assert_equal [role1, role2].sort {|a,b| a.id <=> b.id}, permission.roles.sort {|a,b| a.id <=> b.id} + + assert_equal 1, role1.static_permissions.length + assert_equal [permission].sort {|a,b| a.id <=> b.id}, role1.static_permissions.sort {|a,b| a.id <=> b.id} + assert_equal 1, role2.static_permissions.length + assert_equal [permission].sort {|a,b| a.id <=> b.id}, role2.static_permissions.sort {|a,b| a.id <=> b.id} + end + + def test_should_allow_assigning_multiple_permissions_to_one_role + role = Role.find @greek_men_role.id + + permission1 = StaticPermission.new + permission1.title = 'My Title #1' + permission2 = StaticPermission.new + permission2.title = 'My Title #2' + assert permission1.save + assert permission2.save + + permission1.roles << role + permission2.roles << role + + permission1.reload + permission2.reload + role.reload + + assert_equal 1, permission1.roles.length + assert_equal [role].sort {|a,b| a.id <=> b.id}, permission1.roles.sort {|a,b| a.id <=> b.id} + assert_equal 1, permission2.roles.length + assert_equal [role].sort {|a,b| a.id <=> b.id}, permission2.roles.sort {|a,b| a.id <=> b.id} + + assert_equal 2, role.static_permissions.length + assert_equal [permission1, permission2].sort {|a,b| a.id <=> b.id}, role.static_permissions.sort {|a,b| a.id <=> b.id} + end + + def test_should_allow_assigning_multiple_permissions_to_multiple_roles + role1 = Role.find @greek_men_role.id + role2 = Role.find @greek_warriors_role.id + + permission1 = StaticPermission.new + permission1.title = 'My Title #1' + permission2 = StaticPermission.new + permission2.title = 'My Title #2' + assert permission1.save + assert permission2.save + + permission1.roles << role1 << role2 + permission2.roles << role1 << role2 + + permission1.reload + permission2.reload + role1.reload + role2.reload + + assert_equal 2, permission1.roles.length + assert_equal [role1, role2].sort {|a,b| a.id <=> b.id}, permission1.roles.sort {|a,b| a.id <=> b.id} + assert_equal 2, permission2.roles.length + assert_equal [role1, role2].sort {|a,b| a.id <=> b.id}, permission2.roles.sort {|a,b| a.id <=> b.id} + + assert_equal 2, role1.static_permissions.length + assert_equal [permission1, permission2].sort {|a,b| a.id <=> b.id}, role1.static_permissions.sort {|a,b| a.id <=> b.id} + assert_equal 2, role2.static_permissions.length + assert_equal [permission1, permission2].sort {|a,b| a.id <=> b.id}, role2.static_permissions.sort {|a,b| a.id <=> b.id} + end + + def test_should_allow_deassigning_one_permission_from_one_role + # begin copy and paste from above + role = Role.find @greek_men_role.id + + permission1 = StaticPermission.new + permission1.title = 'My Title #1' + permission2 = StaticPermission.new + permission2.title = 'My Title #2' + assert permission1.save + assert permission2.save + + permission1.roles << role + permission2.roles << role + + permission1.reload + permission2.reload + role.reload + + assert_equal 1, permission1.roles.length + assert_equal [role].sort {|a,b| a.id <=> b.id}, permission1.roles.sort {|a,b| a.id <=> b.id} + assert_equal 1, permission2.roles.length + assert_equal [role].sort {|a,b| a.id <=> b.id}, permission2.roles.sort {|a,b| a.id <=> b.id} + + assert_equal 2, role.static_permissions.length + assert_equal [permission1, permission2].sort {|a,b| a.id <=> b.id}, role.static_permissions.sort {|a,b| a.id <=> b.id} + # end copy and paste from above + + permission1.roles.delete role + + assert_equal 0, permission1.roles.length + assert_equal 1, permission2.roles.length + assert_equal [role].sort {|a,b| a.id <=> b.id}, permission2.roles.sort {|a,b| a.id <=> b.id} + end + + def test_should_allow_deassigning_multiple_permissions_from_one_role + # begin copy and paste from above + role = Role.find @greek_men_role.id + + permission1 = StaticPermission.new + permission1.title = 'My Title #1' + permission2 = StaticPermission.new + permission2.title = 'My Title #2' + assert permission1.save + assert permission2.save + + permission1.roles << role + permission2.roles << role + + permission1.reload + permission2.reload + role.reload + + assert_equal 1, permission1.roles.length + assert_equal [role].sort {|a,b| a.id <=> b.id}, permission1.roles.sort {|a,b| a.id <=> b.id} + assert_equal 1, permission2.roles.length + assert_equal [role].sort {|a,b| a.id <=> b.id}, permission2.roles.sort {|a,b| a.id <=> b.id} + + assert_equal 2, role.static_permissions.length + assert_equal [permission1, permission2].sort {|a,b| a.id <=> b.id}, role.static_permissions.sort {|a,b| a.id <=> b.id} + # end copy and paste from above + + permission1.roles.delete role + permission2.roles.delete role + + assert_equal 0, permission1.roles.length + assert_equal 0, permission2.roles.length + end + + def test_should_allow_deassigning_one_permission_from_multiple_roles + # begin copy and paste from above + role1 = Role.find @greek_men_role.id + role2 = Role.find @greek_warriors_role.id + + permission = StaticPermission.new + permission.title = 'My Title' + assert permission.save + + permission.roles << role1 << role2 + + permission.reload + role1.reload + role2.reload + + assert_equal 2, permission.roles.length + assert_equal [role1, role2].sort {|a,b| a.id <=> b.id}, permission.roles.sort {|a,b| a.id <=> b.id} + + assert_equal 1, role1.static_permissions.length + assert_equal [permission].sort {|a,b| a.id <=> b.id}, role1.static_permissions.sort {|a,b| a.id <=> b.id} + assert_equal 1, role2.static_permissions.length + assert_equal [permission].sort {|a,b| a.id <=> b.id}, role2.static_permissions.sort {|a,b| a.id <=> b.id} + # end copy and paste from above + + permission.roles.delete role1 + permission.roles.delete role2 + + assert_equal 0, permission.roles.length + end + + def test_should_allow_deassigning_multiple_permissions_from_multiple_roles + # begin copy and paste from above + role1 = Role.find @greek_men_role.id + role2 = Role.find @greek_warriors_role.id + + permission1 = StaticPermission.new + permission1.title = 'My Title #1' + permission2 = StaticPermission.new + permission2.title = 'My Title #2' + assert permission1.save + assert permission2.save + + permission1.roles << role1 << role2 + permission2.roles << role1 << role2 + + permission1.reload + permission2.reload + role1.reload + role2.reload + + assert_equal 2, permission1.roles.length + assert_equal [role1, role2].sort {|a,b| a.id <=> b.id}, permission1.roles.sort {|a,b| a.id <=> b.id} + assert_equal 2, permission2.roles.length + assert_equal [role1, role2].sort {|a,b| a.id <=> b.id}, permission2.roles.sort {|a,b| a.id <=> b.id} + + assert_equal 2, role1.static_permissions.length + assert_equal [permission1, permission2].sort {|a,b| a.id <=> b.id}, role1.static_permissions.sort {|a,b| a.id <=> b.id} + assert_equal 2, role2.static_permissions.length + assert_equal [permission1, permission2].sort {|a,b| a.id <=> b.id}, role2.static_permissions.sort {|a,b| a.id <=> b.id} + # end copy and paste from above + + permission1.roles.delete role1 + permission1.roles.delete role2 + permission2.roles.delete role1 + permission2.roles.delete role2 + + assert_equal 0, permission1.roles.length + assert_equal 0, permission2.roles.length + end + + def test_should_ignore_double_assigned_roles + permission = StaticPermission.find(@slay_monsters_permission.id) + role = Role.find @greek_heroes_role.id + + permission.roles << role + + assert_equal 1, permission.roles.length + assert_equal [@greek_heroes_role].sort {|a,b| a.id <=> b.id}, permission.roles.sort {|a,b| a.id <=> b.id} + end + + def test_permission_should_be_granted_by_role + role = Role.find @greek_heroes_role.id + + assert role.static_permissions.include?(@slay_monsters_permission) + end + + def test_permission_should_be_granted_by_role_inheritance + role = Role.find @major_gods_role.id + + assert role.all_static_permissions.include?(@access_olymp_permission) + end + + def test_permission_should_be_granted_by_role_through_group + permission = StaticPermission.new + permission.title = 'Test Permission' + assert permission.save + + role = Role.new + role.title = 'Parent Role' + role.static_permissions << permission + assert role.save + + group = Group.new + group.title = 'Test Group' + group.roles << role + assert group.save + + assert group.all_static_permissions.include?(permission) + end + + def test_permission_should_be_granted_by_role_inheritance_through_group + permission = StaticPermission.new + permission.title = 'Test Permission' + assert permission.save + + parent_role = Role.new + parent_role.title = 'Parent Role' + parent_role.static_permissions << permission + assert parent_role.save + + child_role = Role.new + child_role.title = 'Child Role' + parent_role.children << child_role + assert child_role.save + + group = Group.new + group.title = 'Test Group' + group.roles << parent_role + assert group.save + + assert group.all_static_permissions.include?(permission) + end + + def test_permission_should_be_granted_by_role_through_group_inheritance + permission = StaticPermission.new + permission.title = 'Test Permission' + assert permission.save + + parent_role = Role.new + parent_role.title = 'Parent Role' + parent_role.static_permissions << permission + assert parent_role.save + + child_role = Role.new + child_role.parent = parent_role + child_role.title = 'Child Role' + assert child_role.save + + group = Group.new + group.title = 'Test Group' + group.roles << child_role + assert group.save + + assert group.all_static_permissions.include?(permission) + end + + def test_permission_should_be_granted_by_role_inheritance_through_group_inheritance + permission = StaticPermission.new + permission.title = 'Test Permission' + assert permission.save + + parent_role = Role.new + parent_role.title = 'Parent Role' + parent_role.static_permissions << permission + assert parent_role.save + + child_role = Role.new + child_role.parent = parent_role + child_role.title = 'Child Role' + assert child_role.save + + parent_group = Group.new + parent_group.title = 'Parent Group' + parent_group.roles << child_role + assert parent_group.save + + child_group = Group.new + child_group.title = 'Child Group' + child_group.parent = parent_group + assert child_group.save + + assert child_group.all_static_permissions.include?(permission) + end +end diff --git a/src/api/components/active_rbac/test/unit/user_registration_test.rb b/src/api/components/active_rbac/test/unit/user_registration_test.rb new file mode 100644 index 0000000..f9fd8b3 --- /dev/null +++ b/src/api/components/active_rbac/test/unit/user_registration_test.rb @@ -0,0 +1,47 @@ +require File.dirname(__FILE__) + '/../test_helper' + +# TODO: Test timestamps + +class UserRegistrationTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles + + # + # The tests + # + + def setup + @user = User.new + @user.login = 'My New User' + @user.email = 'user@localhost' + @user.update_password 'password' + end + + def test_should_be_createable_by_user_objects + user = @user + + assert user.save + assert user.reload + + user.create_user_registration + + assert_equal User.states['unconfirmed'], user.state + assert_not_nil user.user_registration + assert_kind_of Time, user.user_registration.created_at + assert_kind_of Time, user.user_registration.expires_at + assert_in_delta user.user_registration.created_at + 1.day, user.user_registration.expires_at, 2 + assert_not_nil user.user_registration.token + end + + def test_should_allow_confirmation_with_valid_token + test_should_be_createable_by_user_objects + user = @user + + user.reload + + assert user.confirm_registration(user.user_registration.token) + assert_equal User.states['confirmed'], user.state + assert user.user_registration.frozen? + # user.user_registration won't be nil, but it is frozen so it has been deleted + assert_raise(ActiveRecord::RecordNotFound) { UserRegistration.find user.user_registration.id } + end +end \ No newline at end of file diff --git a/src/api/components/active_rbac/test/unit/user_test.rb b/src/api/components/active_rbac/test/unit/user_test.rb new file mode 100644 index 0000000..d556cd2 --- /dev/null +++ b/src/api/components/active_rbac/test/unit/user_test.rb @@ -0,0 +1,821 @@ +require File.dirname(__FILE__) + '/../test_helper' + +# TODO: Test timestamps + +class UserTest < Test::Unit::TestCase + fixtures :roles, :users, :groups, :roles_users, :user_registrations, :groups_users, :groups_roles, :static_permissions, :roles_static_permissions + + def setup + end + + def create_valid_new_user + user = User.new + user.login = 'New User' + user.email = 'user@localhost' + user.password = 'fine_password' + user.password_confirmation = 'fine_password' + + user.groups << @greek_heroes_group << @cretes_group + user.roles << @gods_role << @greek_kings_role + + return user + end + + # + # The tests + # + def test_users_from_fixtures_should_have_correct_properties + fixture_users = [ @agamemnon_user, @ariadne_user, @daidalos_user, + @dionysus_user, @hades_user, @hephaestus_user, + @hermes_user, @icarus_user, @medusa_user, + @minos_user, @odysseus_user, @perseus_user, + @zeus_user ] + + for fixture_user in fixture_users do + queried_user = User.find fixture_user.id + + assert_equal queried_user.id, fixture_user.id + assert_equal queried_user.created_at, fixture_user.created_at + assert_equal queried_user.updated_at, fixture_user.updated_at + assert_equal queried_user.login, fixture_user.login + assert_equal queried_user.email, fixture_user.email + assert_equal queried_user.password, fixture_user.password + assert_equal queried_user.password_hash_type, fixture_user.password_hash_type + assert_equal queried_user.state, fixture_user.state + end + end + + def test_users_from_fixtures_should_have_correct_groups + agamemnon = User.find @agamemnon_user.id + assert_equal 1, agamemnon.groups.length + assert_equal [@troys_besiegers_group].sort {|a,b| a.id <=> b.id}, agamemnon.groups.sort {|a,b| a.id <=> b.id} + + ariadne = User.find @ariadne_user.id + assert_equal 1, ariadne.groups.length + assert_equal [@cretes_group].sort {|a,b| a.id <=> b.id}, ariadne.groups.sort {|a,b| a.id <=> b.id} + + hades = User.find @hades_user.id + assert_equal 1, hades.groups.length + assert_equal [@gods_not_in_olymp_group].sort {|a,b| a.id <=> b.id}, hades.groups.sort {|a,b| a.id <=> b.id} + + minos = User.find @minos_user.id + assert_equal 1, minos.groups.length + assert_equal [@greek_kings_group].sort {|a,b| a.id <=> b.id}, minos.groups.sort {|a,b| a.id <=> b.id} + + odysseus = User.find @odysseus_user.id + assert_equal 1, odysseus.groups.length + assert_equal [@punished_heroes_group].sort {|a,b| a.id <=> b.id}, odysseus.groups.sort {|a,b| a.id <=> b.id} + + perseus = User.find @perseus_user.id + assert_equal 1, perseus.groups.length + assert_equal [@greek_heroes_group].sort {|a,b| a.id <=> b.id}, perseus.groups.sort {|a,b| a.id <=> b.id} + + no_group_users = [ @daidalos_user, @dionysus_user, @hephaestus_user, + @hermes_user, @icarus_user, @medusa_user, @zeus_user ] + + no_group_users.each do |u| + user = User.find u.id + assert_equal 0, user.groups.length + assert_equal [].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + end + end + + def test_users_from_fixtures_should_have_correct_all_groups + agamemnon = User.find @agamemnon_user.id + assert_equal 2, agamemnon.all_groups.length + assert_equal [@troys_besiegers_group, @greek_warriors_group].sort {|a,b| a.id <=> b.id}, agamemnon.all_groups.sort {|a,b| a.id <=> b.id} + + ariadne = User.find @ariadne_user.id + assert_equal 2, ariadne.all_groups.length + assert_equal [@cretes_group, @greeks_group].sort {|a,b| a.id <=> b.id}, ariadne.all_groups.sort {|a,b| a.id <=> b.id} + + hades = User.find @hades_user.id + assert_equal 2, hades.all_groups.length + assert_equal [@gods_not_in_olymp_group, @gods_group].sort {|a,b| a.id <=> b.id}, hades.all_groups.sort {|a,b| a.id <=> b.id} + + minos = User.find @minos_user.id + assert_equal 2, minos.all_groups.length + assert_equal [@greek_kings_group, @greeks_group].sort {|a,b| a.id <=> b.id}, minos.all_groups.sort {|a,b| a.id <=> b.id} + + odysseus = User.find @odysseus_user.id + assert_equal 1, odysseus.all_groups.length + assert_equal [@punished_heroes_group].sort {|a,b| a.id <=> b.id}, odysseus.all_groups.sort {|a,b| a.id <=> b.id} + + perseus = User.find @perseus_user.id + assert_equal 1, perseus.all_groups.length + assert_equal [@greek_heroes_group].sort {|a,b| a.id <=> b.id}, perseus.all_groups.sort {|a,b| a.id <=> b.id} + + no_all_group_users = [ @daidalos_user, @dionysus_user, @hephaestus_user, + @hermes_user, @icarus_user, @medusa_user, @zeus_user ] + + no_all_group_users.each do |u| + user = User.find u.id + assert_equal 0, user.all_groups.length + assert_equal [].sort {|a,b| a.id <=> b.id}, user.all_groups.sort {|a,b| a.id <=> b.id} + end + end + + def test_users_from_fixtures_should_have_correct_roles + hermes = User.find @hermes_user.id + assert_equal 1, hermes.roles.length + assert_equal [@gods_role].sort {|a,b| a.id <=> b.id}, hermes.roles.sort {|a,b| a.id <=> b.id} + + zeus = User.find @zeus_user.id + assert_equal 1, zeus.roles.length + assert_equal [@major_gods_role].sort {|a,b| a.id <=> b.id}, zeus.roles.sort {|a,b| a.id <=> b.id} + + no_roles_users = [ @agamemnon_user, @ariadne_user, @daidalos_user, + @dionysus_user, @hades_user, @hephaestus_user, + @icarus_user, @medusa_user, @minos_user, + @odysseus_user, @perseus_user ] + + no_roles_users.each do |u| + user = User.find u.id + assert_equal 0, user.roles.length + assert_equal [].sort {|a,b| a.id <=> b.id}, user.roles.sort {|a,b| a.id <=> b.id} + end + end + + def test_users_from_fixtures_should_have_correct_all_roles + agamemnon = User.find @agamemnon_user.id + assert_equal 2, agamemnon.all_roles.length + assert_equal [@greek_warriors_role, @greeks_role].sort {|a,b| a.id <=> b.id}, agamemnon.all_roles.sort {|a,b| a.id <=> b.id} + + hermes = User.find @hermes_user.id + assert_equal 1, hermes.all_roles.length + assert_equal [@gods_role].sort {|a,b| a.id <=> b.id}, hermes.all_roles.sort {|a,b| a.id <=> b.id} + + hades = User.find @hades_user.id + assert_equal 1, hades.all_roles.length + assert_equal [@god_of_death_role].sort {|a,b| a.id <=> b.id}, hades.all_roles.sort {|a,b| a.id <=> b.id} + + minos = User.find @minos_user.id + assert_equal 2, minos.all_roles.length + assert_equal [@greek_kings_role, @greek_men_role].sort {|a,b| a.id <=> b.id}, minos.all_roles.sort {|a,b| a.id <=> b.id} + + perseus = User.find @perseus_user.id + assert_equal 1, perseus.all_roles.length + assert_equal [@greek_heroes_role].sort {|a,b| a.id <=> b.id}, perseus.all_roles.sort {|a,b| a.id <=> b.id} + + zeus = User.find @zeus_user.id + assert_equal 2, zeus.all_roles.length + assert_equal [@major_gods_role, @gods_role].sort {|a,b| a.id <=> b.id}, zeus.all_roles.sort {|a,b| a.id <=> b.id} + + no_all_roles_users = [ @ariadne_user, @daidalos_user, + @dionysus_user, @hephaestus_user, + @icarus_user, @medusa_user, + @odysseus_user ] + + no_all_roles_users.each do |u| + user = User.find u.id + assert_equal 0, user.all_roles.length + assert_equal [].sort {|a,b| a.id <=> b.id}, user.all_roles.sort {|a,b| a.id <=> b.id} + end + end + + def test_add_with_valid_data_should_work + user = self.create_valid_new_user + + assert user.save + user.reload + + assert_equal 'New User', user.login + assert_equal 'user@localhost', user.email + assert_equal Digest::MD5.hexdigest('fine_password' + user.password_salt), user.password + assert_equal 2, user.groups.length + assert_equal [@greek_heroes_group, @cretes_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + assert_equal 2, user.roles.length + assert_equal [@gods_role, @greek_kings_role].sort {|a,b| a.id <=> b.id}, user.roles.sort {|a,b| a.id <=> b.id} + + assert_equal User.states['unconfirmed'], user.state + + # a bit esoterical maybe + assert_in_delta Time.new.to_i, user.created_at.to_i, 10 + assert_in_delta Time.new.to_i, user.updated_at.to_i, 10 + assert_in_delta Time.new.to_i, user.last_logged_in_at.to_i, 10 + end + + def test_edit_existing_with_valid_data_should_work + user = User.find @agamemnon_user.id + + user.login = 'New Login' + user.email = 'email@nowhere.com' + user.password = 'my password' + user.password_confirmation = 'my password' + user.groups.delete @troys_besiegers_group + + assert user.save + user.reload + + assert_equal 'New Login', user.login + assert_equal 'email@nowhere.com', user.email + assert_equal Digest::MD5.hexdigest('my password' + user.password_salt), user.password + assert_equal 0, user.groups.length + assert_equal [].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + assert_equal 0, user.roles.length + assert_equal [].sort {|a,b| a.id <=> b.id}, user.roles.sort {|a,b| a.id <=> b.id} + end + + def test_destroy_should_work + User.destroy @agamemnon_user.id + assert_raise(ActiveRecord::RecordNotFound) { User.find @agamemnon_user.id } + end + + def test_destroy_should_remove_all_role_assignments + User.destroy @zeus_user.id + role = Role.find @major_gods_role.id + assert_equal 0, role.users.length + assert_equal [].sort {|a,b| a.id <=> b.id}, role.users.sort {|a,b| a.id <=> b.id} + end + + def test_destroy_should_remove_all_group_assignments + User.destroy @agamemnon_user.id + group = Group.find @troys_besiegers_group.id + assert_equal 0, group.users.length + assert_equal [].sort {|a,b| a.id <=> b.id}, group.users.sort {|a,b| a.id <=> b.id} + end + + def test_assinging_one_role_should_work + user = User.find @ariadne_user.id + user.roles << @greek_kings_role + + assert user.save + user.reload + + assert_equal 1, user.roles.length + assert_equal [@greek_kings_role].sort {|a,b| a.id <=> b.id}, user.roles.sort {|a,b| a.id <=> b.id} + end + + def test_assigning_multiple_roles_should_work + user = User.find @ariadne_user.id + user.roles << @greek_kings_role << @greek_heroes_role + + assert user.save + user.reload + + assert_equal 2, user.roles.length + assert_equal [@greek_heroes_role, @greek_kings_role].sort {|a,b| a.id <=> b.id}, user.roles.sort {|a,b| a.id <=> b.id} + end + + def test_deassigning_one_role_should_work + # add roles + user = User.find @ariadne_user.id + user.roles << @greek_kings_role << @greek_heroes_role + assert user.save + user.reload + + assert_equal 2, user.roles.length + assert_equal [@greek_kings_role, @greek_heroes_role].sort {|a,b| a.id <=> b.id}, user.roles.sort {|a,b| a.id <=> b.id} + + # remove them again + user = User.find @ariadne_user.id + user.roles.delete @greek_kings_role + user.save + user.reload + + assert_equal 1, user.roles.length + assert_equal [@greek_heroes_role].sort {|a,b| a.id <=> b.id}, user.roles.sort {|a,b| a.id <=> b.id} + end + + def test_deassigning_multiple_roles_should_work + # add roles + user = User.find @ariadne_user.id + user.roles << @greek_kings_role << @greek_heroes_role << @god_of_death_role + + assert user.save + user.reload + + assert_equal 3, user.roles.length + assert_equal [@greek_kings_role, @greek_heroes_role, @god_of_death_role].sort {|a,b| a.id <=> b.id}, user.roles.sort {|a,b| a.id <=> b.id} + + # remove them again + user = User.find @ariadne_user.id + user.roles.delete @greek_kings_role + user.roles.delete @god_of_death_role + + assert user.save + user.reload + + assert_equal 1, user.roles.length + assert_equal [@greek_heroes_role].sort {|a,b| a.id <=> b.id}, user.roles.sort {|a,b| a.id <=> b.id} + end + + def test_assigning_one_group_should_work + user = User.find @icarus_user.id + user.groups << @greek_heroes_group + + assert user.save + user.reload + + assert_equal 1, user.groups.length + assert_equal [@greek_heroes_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + end + + def test_assinging_multiple_groups_should_work + user = User.find @icarus_user.id + user.groups << @greek_heroes_group << @gods_not_in_olymp_group + + assert user.save + user.reload + + assert_equal 2, user.groups.length + assert_equal [@greek_heroes_group, @gods_not_in_olymp_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + end + + def test_deassigning_one_group_should_work + # add the roles + user = User.find @icarus_user.id + user.groups << @greek_heroes_group << @gods_not_in_olymp_group + + assert user.save + user.reload + + assert_equal 2, user.groups.length + assert_equal [@greek_heroes_group, @gods_not_in_olymp_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + + # and remove them again + user.groups.delete @greek_heroes_group + + assert user.save + user.reload + + assert_equal 1, user.groups.length + assert_equal [@gods_not_in_olymp_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + end + + def test_deassinging_multiple_groups_should_work + # add the roles + user = User.find @icarus_user.id + user.groups << @greek_heroes_group << @gods_not_in_olymp_group << @greek_warriors_group + + assert user.save + user.reload + + assert_equal 3, user.groups.length + assert_equal [@greek_heroes_group, @gods_not_in_olymp_group, @greek_warriors_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + + # and remove them again + user.groups.delete @greek_heroes_group + user.groups.delete @greek_warriors_group + + assert user.save + user.reload + + assert_equal 1, user.groups.length + assert_equal [@gods_not_in_olymp_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + end + + def test_should_be_granted_one_role_by_his_groups + # icarus has no roles, so he is a good dummy + user = User.find @icarus_user.id + user.groups << @greek_heroes_group << @punished_heroes_group + + assert user.save + user.reload + + assert_equal 2, user.groups.length + assert_equal [@greek_heroes_group, @punished_heroes_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + + assert_equal 1, user.all_roles.length + assert_equal [@greek_heroes_role].sort {|a,b| a.id <=> b.id}, user.all_roles.sort {|a,b| a.id <=> b.id} + end + + def test_should_be_granted_multiple_roles_by_his_groups + # icarus has no roles, so he is a good dummy + user = User.find @icarus_user.id + user.groups << @greek_kings_group << @punished_heroes_group << @troys_besiegers_group + + assert user.save + user.reload + + assert_equal 3, user.groups.length + assert_equal [@greek_kings_group, @punished_heroes_group, @troys_besiegers_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + + assert_equal 4, user.all_roles.length + assert_equal [@greek_kings_role, @greek_men_role, @greek_warriors_role, @greeks_role].sort {|a,b| a.id <=> b.id}, user.all_roles.sort {|a,b| a.id <=> b.id} + end + + def test_should_ignore_duplicate_role_assignment + # NOTE: This is broken but seemingly because of a bug in RoR + # See http://dev.rubyonrails.org/ticket/2019 for details + + # icarus has no roles, so he is a good dummy + user = User.find @icarus_user.id + user.groups << @greek_kings_group << @punished_heroes_group << @troys_besiegers_group + user.roles << @greek_warriors_role << @greek_warriors_role + + assert user.save + user.reload + + assert_equal 3, user.groups.length + assert_equal [@greek_kings_group, @punished_heroes_group, @troys_besiegers_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + + assert_equal 4, user.all_roles.length + assert_equal [@greek_warriors_role, @greeks_role, @greek_kings_role, @greek_men_role].sort {|a,b| a.id <=> b.id}, user.all_roles.sort {|a,b| a.id <=> b.id} + end + + def test_should_ignore_duplicate_group_assignment + # NOTE: This is broken but seemingly because of a bug in RoR + # See http://dev.rubyonrails.org/ticket/2019 for details + + # icarus has no roles, so he is a good dummy + user = User.find @icarus_user.id + user.groups << @greek_kings_group << @greek_kings_group + + assert user.save + user.reload + + assert_equal 1, user.groups.length + assert_equal [@greek_kings_group].sort {|a,b| a.id <=> b.id}, user.groups.sort {|a,b| a.id <=> b.id} + end + + def test_should_block_creation_with_too_short_login + user = self.create_valid_new_user + user.login = '1' + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal "must have more than two characters.", user.errors["login"] + end + + def test_should_block_creation_with_too_long_login + user = self.create_valid_new_user + user.login = 'long' * 100 + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal "must have less than 100 characters.", user.errors["login"] + end + + def test_should_block_creation_with_login_with_invalid_characters + invalid_chars = [ '%', '§', '†', '∆', '¥', '≈', 'ç', '∂', 'ƒ', '©', 'ª', 'º', '∆', '«' ] + + for char in invalid_chars do + user = self.create_valid_new_user + user.login = "invalid char #{char}" + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal "must not contain invalid characters.", user.errors["login"] + end + end + + def test_should_block_creation_with_invalid_email_address + user = self.create_valid_new_user + user.email = 'invalid address' + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal "must be a valid email address.", user.errors["email"] + end + + def test_should_block_creation_with_too_long_password + user = self.create_valid_new_user + user.update_password('long' * 100) + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal 'must have between 6 and 64 characters.', user.errors["password"] + end + + def test_should_block_creation_with_too_short_password + user = self.create_valid_new_user + user.update_password('short') + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal 'must have between 6 and 64 characters.', user.errors["password"] + end + + def test_should_block_creation_with_invalid_characters_in_password + invalid_chars = [ '%', '§', '†', '∆', '¥', '≈', 'ç', '∂', 'ƒ', '©', 'ª', 'º', '∆', '«' ] + + for char in invalid_chars do + user = self.create_valid_new_user + user.update_password "invalid char #{char}" + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal 'must not contain invalid characters.', user.errors["password"] + end + end + + def test_should_encrypt_password_on_creation_after_save + user = self.create_valid_new_user + + assert user.save + user.reload + + assert user.password_equals?('fine_password') + end + + def test_login_should_work + assert_equal @icarus_user, User.find_with_credentials('Icarus', 'password') + end + + def test_login_should_fail_with_invalid_login + assert_nil User.find_with_credentials('Icarus123', 'password') + end + + def test_login_should_fail_with_invalid_password + assert_nil User.find_with_credentials('Icarus', 'password123') + end + + def test_login_failures_should_be_increased_on_wrong_login + assert_equal 0, User.find(@icarus_user.id).login_failure_count + assert_nil User.find_with_credentials('Icarus', 'password123') + assert_equal 1, User.find(@icarus_user.id).login_failure_count + end + + def test_login_failures_should_be_reset_on_correct_login + # login failure + assert_nil User.find_with_credentials('Icarus', 'password123') + + # login success + assert_kind_of User, User.find_with_credentials('Icarus', 'password') + assert_equal 0, User.find(@icarus_user.id).login_failure_count + end + + def test_should_block_editing_with_too_short_login + user = User.find @icarus_user.id + user.login = '1' + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal "must have more than two characters.", user.errors["login"] + end + + def test_should_block_editing_with_too_long_login + user = User.find @icarus_user.id + user.login = 'long' * 100 + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal "must have less than 100 characters.", user.errors["login"] + end + + def test_should_block_editing_with_login_with_invalid_characters + invalid_chars = [ '%', '§', '†', '∆', '¥', '≈', 'ç', '∂', 'ƒ', '©', 'ª', 'º', '∆', '«' ] + + for char in invalid_chars do + user = User.find @icarus_user.id + user.login = "invalid char #{char}" + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal "must not contain invalid characters.", user.errors["login"] + end + end + + def test_should_block_editing_with_invalid_email_address + user = User.find @icarus_user.id + user.email = 'invalid address' + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal "must be a valid email address.", user.errors["email"] + end + + def test_should_block_editing_with_too_long_password + user = User.find @icarus_user.id + user.update_password('long' * 100) + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal 'must have between 6 and 64 characters.', user.errors["password"] + end + + def test_should_block_editing_with_too_short_password + user = User.find @icarus_user.id + user.update_password('short') + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal 'must have between 6 and 64 characters.', user.errors["password"] + end + + def test_should_block_editing_with_invalid_characters_in_password + invalid_chars = [ '%', '§', '†', '∆', '¥', '≈', 'ç', '∂', 'ƒ', '©', 'ª', 'º', '∆', '«' ] + + for char in invalid_chars do + user = User.find @icarus_user.id + user.update_password "invalid char #{char}" + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal 'must not contain invalid characters.', user.errors["password"] + end + end + + def test_should_block_editing_with_invalid_state + user = User.find @icarus_user.id + user.state = 12345 + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal 'must be in the list of states.', user.errors["state"] + end + + def test_should_block_editing_with_wrong_password_hash_type + user = User.find @icarus_user.id + user.update_password 'new password' + user.password_hash_type = 'INVALID HASH TYPE MWHAHAHAH' + + assert !user.save + + assert_equal 1, user.errors.count + assert_equal 'must be in the list of hash types.', user.errors["password_hash_type"] + end + + def test_should_encrypt_password_on_editing_after_save + user = User.find @icarus_user.id + user.update_password 'My Fine New Password' + + assert user.save + user.reload + + assert user.password_equals?('My Fine New Password') + end + + def test_should_set_update_timestamp_on_editing + user = User.find @icarus_user.id + + old_time = user.updated_at + + assert user.save + + assert((old_time.to_i - user.updated_at.to_i) < 0) + assert_in_delta Time.now.to_i, user.updated_at.to_i, (60) + end + + def test_should_not_set_creation_timestamp_on_editing + user = User.find @icarus_user.id + + old_time = user.created_at + + assert user.save + + assert(old_time.to_i - user.created_at.to_i == 0) + end + + def test_should_allow_editing_state_with_valid_transitions + User.states.each_value do |state| + user = User.find @icarus_user.id + + next unless user.state_transition_allowed?(user.state, state) or (user.state == state) + + user.state = state + + assert user.save + assert_equal 0, user.errors.count + + user.reload + assert_equal state, user.state + end + end + + def test_should_block_editing_states_with_invalid_transitions + User.states.each_value do |state| + user = User.find @icarus_user.id + + next if user.state_transition_allowed?(user.state, state) or (user.state == state) + + user.state = state + + assert !user.save + assert_equal 1, user.errors.count + assert !user.errors[:state].nil? + end + end + + def test_should_allow_editing_login_with_valid_value + user = User.find @icarus_user.id + user.login = 'Not Icarus' + + assert user.save + user.reload + + assert_equal 'Not Icarus', user.login + end + + def test_should_allow_editing_email_with_valid_value + user = User.find @icarus_user.id + user.email = 'root@localhost' + + assert user.save + user.reload + + assert_equal 'root@localhost', user.email + end + + def test_should_allow_editing_password_with_valid_value + user = User.find @icarus_user.id + user.password = 'fine new password' + user.password_confirmation = 'fine new password' + + assert user.save + user.reload + + assert user.password_equals?('fine new password') + end + + def test_should_allow_editing_password_hash_type_with_valid_value_and_password_change + user = User.find @icarus_user.id + user.password = 'fine new password' + user.password_confirmation = 'fine new password' + user.password_hash_type = 'md5' + + assert user.save + assert_equal 0, user.errors.count + end + + def test_should_block_password_hash_type_change_without_password_change + user = User.find @icarus_user.id + user.password_hash_type = 'md5' + + assert !user.save + assert_equal 1, user.errors.count + assert_equal 'cannot be changed unless a new password has been provided.', user.errors["password_hash_type"] + assert user.password_equals?('password') + end + + def test_should_not_change_timestamps_on_valid_login + # Don't change updated_at timestamp on valid logins + user = User.find @icarus_user.id + old_time = user.updated_at + + user = User.find_with_credentials('Icarus', 'password') + user.did_log_in + new_time = user.updated_at + + assert_equal old_time.to_i, new_time.to_i + end + + def test_should_not_change_timestamps_on_invalid_login + # Don't change updated_at timestamp on invalid logins + user = User.find @icarus_user.id + old_time = user.updated_at + + user = User.find_with_credentials('Icarus', 'wrong password') + + user = User.find @icarus_user.id + new_time = user.updated_at + + assert_equal old_time.to_i, new_time.to_i + + # and now reset the login_failure_count on the valid login + self.test_should_not_change_timestamps_on_valid_login + end + + def test_purge_expired_users_should_work + assert_equal 13, User.count + User.purge_users_with_expired_registration + assert_equal 12, User.count + assert_raises(ActiveRecord::RecordNotFound) { User.find @dionysus_user.id } + end + + def test_return_false_on_has_role_if_correct + # user with no role + user = User.find @icarus_user.id + assert !user.has_role(@greek_heroes_role.title) + + # user with another role + user = User.find @agamemnon_user.id + assert !user.has_role(@greek_heroes_role.title) + end + + def test_return_true_on_has_role_if_correct + user = User.find @perseus_user.id + assert user.has_role(@greek_heroes_role.title) + end + + def test_return_false_on_has_permission_if_correct + # user with no permission + user = User.find @icarus_user.id + assert !user.has_permission(@access_olymp_permission.title) + + # user with another permission + user = User.find @agamemnon_user.id + assert !user.has_permission(@access_olymp_permission.title) + end + + def test_return_true_on_has_permission_if_correct + user = User.find @zeus_user.id + assert user.has_permission(@access_olymp_permission.title) + end +end diff --git a/src/api/components/active_rbac/user.rb b/src/api/components/active_rbac/user.rb new file mode 100644 index 0000000..78479e8 --- /dev/null +++ b/src/api/components/active_rbac/user.rb @@ -0,0 +1,409 @@ +# Users wrap the users records in the database and represent users in the +# ActiveRbac model. +# +# Passwords are hashed when the object is written to the database the first +# time. After this, only the hashed password is available. You can check +# whether the record already is in the dabase using +# ActiveRecord::Base.new_record? + +class User < ActiveRecord::Base + # users have a n:m relation to group + has_and_belongs_to_many :groups, :uniq => true + # users have a n:m relation to roles + has_and_belongs_to_many :roles, :uniq => true + # users have 0..1 user_registration records assigned to them + has_one :user_registration + + has_many :watched_projects + + # We don't want to assign things to roles and groups in bulk assigns. + attr_protected :roles, :groups, :created_at, :updated_at, :last_logged_in_at, :login_failure_count, :password_hash_type + + # This hash contains a mapping of user states valid by default + # and their description. + DEFAULT_STATES = { + 'unconfirmed' => 1, + 'confirmed' => 2, + 'locked' => 3, + 'deleted' => 4 + } + + # This method returns a hash with the the available user states. + # By default it returns the private class constant DEFAULT_STATES. + def self.states + DEFAULT_STATES + end + + # This method returns an array with the names of all available + # password hash types supported by this User class. + def self.password_hash_types + DEFAULT_PASSWORD_HASH_TYPES + end + + # This method creates a new not saveable, not changeable "Anonymous" + # user. We'll have to put him into the database somehow later on. + def self.anonymous_user + user = User.new + user.login = 'Anonymous' + user.freeze + + return user + end + + # This arry contains all valid hash types. + DEFAULT_PASSWORD_HASH_TYPES = [ 'md5' ] + + # When a record object is initialized, we set the state, password + # hash type, indicator whether the password has freshly been set + # (@new_password) and the login failure count to + # unconfirmed/false/0 when it has not been set yet. + def initialize (attributes = nil) + super(attributes) + + self.state = User.states['unconfirmed'] if self.state.nil? + self.password_hash_type = 'md5' if self.password_hash_type.to_s == '' + + @new_password = false if @new_password.nil? + @new_hash_type = false if @new_hash_type.nil? + + self.login_failure_count = 0 if self.login_failure_count.nil? + end + + # Set the last login time etc. when the record is created at first. + def before_create + self.last_logged_in_at = Time.now + end + + # Override the accessor for the "password_hash_type" property so it sets + # the "@new_hash_type" private property to signal that the password's + # hash method has been changed. Changing the password hash type is only + # possible if a new password has been provided. + def password_hash_type=(value) + write_attribute(:password_hash_type, value) + @new_hash_type = true + end + + # After saving, we want to set the "@new_hash_type" value set to false + # again. + after_save '@new_hash_type = false' + + # Add accessors for "new_password" property. This boolean property is set + # to true when the password has been set and validation on this password is + # required. + attr_accessor :new_password + + # Generate accessors for the password confirmation property. + attr_accessor :password_confirmation + + # Overriding the default accessor to update @new_password on setting this + # property. + def password=(value) + write_attribute(:password, value) + @new_password = true + end + + # Method to update the password and confirmation at the same time. Call + # this method when you update the password from code and don't need + # password_confirmation - which should really only be used when data + # comes from forms. + # + # A ussage example: + # + # user = User.find(1) + # user.update_password "n1C3s3cUreP4sSw0rD" + # user.save + # + def update_password(pass) + self.password_confirmation = pass + self.password = pass + end + + # After saving the object into the database, the password is not new any more. + after_save '@new_password = false' + + # After validation, the password should be encrypted + after_validation :encrypt_password + + # This method writes the attribute "password" to the hashed version. It is + # called in the after_validation hook set by the "after_validation" command + # above. + # The password is only encrypted when no errors occured on validation, the + # password is new and the password is not nil. + # This method also sets the "password_salt" property's value used in + # User#hash_string. + # After encryption, the password's "new" state is reset and the confirmation + # is cleared. + def encrypt_password + if errors.count == 0 and @new_password and not password.nil? + # generate a new 10-char long hash only Base64 encoded so things are compatible + self.password_salt = [Array.new(10){rand(256).chr}.join].pack("m")[0..9]; + + # write encrypted password to object property + write_attribute(:password_crypted, password.crypt("os")) + write_attribute(:password, hash_string(password)) + + # mark password as "not new" any more + @new_password = false + password_confirmation = nil + end + end + + # This method returns all roles assigned to the given user - including + # the ones he gets by being assigned a child role (i.e. the parents) + # and the one he gets through his groups (inheritance is also considered) + # here. + def all_roles + result = Array.new + + for role in self.roles + result << role.ancestors_and_self + end + + for group in self.groups + result << group.all_roles + end + + result.flatten! + result.uniq! + + return result + end + + # This method returns all groups assigned to the given user - including + # the ones he gets by being assigned a child user. + def all_groups + result = Array.new + + for group in self.groups + result << group.ancestors_and_self + end + + result.flatten! + result.uniq! + + return result + end + + # This method returns true if the user is assigned the role with one of the + # role titles given as parameters. False otherwise. + def has_role(*role_titles) + all_roles.detect do |role| + role_titles.include?(role.title) + end + end + + def logger + RAILS_DEFAULT_LOGGER + end + + # This method returns true if the user is granted the permission with one + # of the given permission titles. + def has_permission(*permission_titles) + all_roles.detect do |role| + role.static_permissions.detect do |permission| + permission_titles.include?(permission.title) + end + end + end + + # This method creates a new registration token for the current user. Raises + # a MultipleRegistrationTokens Exception if the user already has a + # registration token assigned to him. + # + # Use this method instead of creating user_registration objects directly! + def create_user_registration + raise unless user_registration.nil? + + token = UserRegistration.new + self.user_registration = token + end + + # This method expects the token for the current user. If the token is + # correct, the user's state will be set to "confirmed" and the associated + # "user_registration" record will be removed. + # Returns "true" on success and "false" on failure/or the user is already + # confirmed and/or has no "user_registration" record. + def confirm_registration(token) + return false if self.user_registration.nil? + return false if user_registration.token != token + return false unless state_transition_allowed?(state, User.states['confirmed']) + + self.state = User.states['confirmed'] + self.save + user_registration.destroy + + return true + end + + # Returns the default state of new User objects. + def self.default_state + User.states['unconfirmed'] + end + + # Returns true when users with the given state may log in. False otherwise. + # The given parameter must be an integer. + def self.state_allows_login?(state) + state == User.states['confirmed'] + end + + # Overwrite the state setting so it backs up the initial state from + # the database. + def state=(value) + @old_state = state if @old_state.nil? + write_attribute(:state, value) + end + + # Overriding this method to make "login" visible as "User name". This is called in + # forms to create error messages. + def self.human_attribute_name (attr) + return case attr + when 'login' then 'User name' + else attr.humanize + end + end + + # This static method removes all users with state "unconfirmed" and expired + # registration tokens. + def self.purge_users_with_expired_registration + registrations = UserRegistration.find :all, + :conditions => [ 'expires_at < ?', Time.now.ago(2.days) ] + registrations.each do |registration| + registration.user.destroy + end + end + + # This static method tries to find a user with the given login and password + # in the database. Returns the user or nil if he could not be found + def self.find_with_credentials(login, password) + # Find user + user = User.find :first, + :conditions => [ 'login = ?', login ] + + # If the user could be found and the passwords equal then return the user + if not user.nil? and user.password_equals? password + if user.login_failure_count > 0 + user.login_failure_count = 0 + self.execute_without_timestamps { user.save } + end + + return user + end + + # Otherwise increase the login count - if the user could be found - and return nil + if not user.nil? + user.login_failure_count = user.login_failure_count + 1 + self.execute_without_timestamps { user.save } + end + + return nil + end + + # This method checks whether the given value equals the password when + # hashed with this user's password hash type. Returns a boolean. + def password_equals?(value) + return hash_string(value) == self.password + end + + # Sets the last login time and saves the object. Note: Must currently be + # called explicitely! + def did_log_in + self.last_logged_in_at = DateTime.now + self.class.execute_without_timestamps { save } + end + + # Returns true if the the state transition from "from" state to "to" state + # is valid. Returns false otherwise. +new_state+ must be the integer value + # of the state as returned by +User.states['state_name']+. + # + # Note that currently no permission checking is included here; It does not + # matter what permissions the currently logged in user has, only that the + # state transition is legal in principle. + def state_transition_allowed?(from, to) + from = from.to_i + to = to.to_i + + return true if from == to # allow keeping state + + return case from + when User.states['unconfirmed'] + true + when User.states['confirmed'] + (to == User.states['locked']) or (to == User.states['deleted']) + when User.states['locked'] + (to == User.states['confirmed']) or (to == User.states['deleted']) + when User.states['deleted'] + to == User.states['confirmed'] + when 0 + User.states.value?(to) + else + false + end + end + + protected + # This method allows to execute a block while deactivating timestamp + # updating. + def self.execute_without_timestamps + old_state = ActiveRecord::Base.record_timestamps + ActiveRecord::Base.record_timestamps = false + + yield + + ActiveRecord::Base.record_timestamps = old_state + end + + validates_presence_of :login, :email, :password, :password_hash_type, :state, + :message => 'must be given' + + validates_uniqueness_of :login, + :message => 'is the name of an already existing user.' + validates_format_of :login, + :with => %r{^[\w \$\^\-\.#\*\+&'"]*$}, + :message => 'must not contain invalid characters.' + validates_length_of :login, + :in => 2..100, :allow_nil => true, + :too_long => 'must have less than 100 characters.', + :too_short => 'must have more than two characters.' + + # We want a valid email address. Note that the checking done here is very + # rough. Email adresses are hard to validate now domain names may include + # language specific characters and user names can be about anything anyway. + # However, this is not *so* bad since users have to answer on their email + # to confirm their registration. + validates_format_of :email, + :with => %r{^([\w\-\.\#\$%&!?*\'=(){}|~_]+)@([0-9a-zA-Z\-\.\#\$%&!?*\'=(){}|~]+)+$}, + :message => 'must be a valid email address.' + + # Overriding this method to do some more validation: Password equals + # password_confirmation, state an password hash type being in the range + # of allowed values. + def validate + # validate state and password has type to be in the valid range of values + errors.add(:password_hash_type, "must be in the list of hash types.") unless User.password_hash_types.include? password_hash_type + # check that the state transition is valid + errors.add(:state, "must be in the list of states.") unless state_transition_allowed?(@old_state, state) + + # validate the password + if @new_password and not password.nil? + errors.add(:password, 'must have between 6 and 64 characters.') unless password.length >= 6 and password.length <= 64 + errors.add(:password, 'must match the confirmation.') unless password_confirmation == password + errors.add(:password, 'must not contain invalid characters.') unless password =~ %r{^[\w\.\- !?(){}|~*_]+$} + end + + # check that the password hash type has not been set if no new password + # has been provided + if @new_hash_type and not (@new_password or password.nil?) + errors.add(:password_hash_type, 'cannot be changed unless a new password has been provided.') + end + end + + private + + # Hashes the given parameter by the selected hashing method. It uses the + # "password_salt" property's value to make the hashing more secure. + def hash_string(value) + return case password_hash_type + when 'md5' then Digest::MD5.hexdigest(value + self.password_salt) + end + end +end diff --git a/src/api/components/active_rbac/user/_form.rhtml b/src/api/components/active_rbac/user/_form.rhtml new file mode 100644 index 0000000..583365c --- /dev/null +++ b/src/api/components/active_rbac/user/_form.rhtml @@ -0,0 +1,53 @@ +<%= error_messages_for 'user' %> + +<!--[form:user]--> +<dl> + <dt><label for="user_login">Login</label></dt> + <dd><%= text_field 'user', 'login' %></dd> + + <dt><label for="user_realname">Realname</label></dt> + <dd><%= text_field 'user', 'realname' %></dd> + + <dt><label for="user_email">Email</label></dt> + <dd><%= text_field 'user', 'email' %></dd> + + <%= render_partial 'password' %> + + <dt><label for="user_password_hash_type">Password hash type</label></dt> + <dd><%= select 'user', 'password_hash_type', User.password_hash_types %> + + <dt><label for="user_state">State</label></dt> + <dd><%= select 'user', 'state', User.states.reject { |key, value| !@user.state_transition_allowed?(@user.state, value) } %></dd> + + <dt><label for="user_source_host">Source Backend Host</label></dt> + <dd><%= text_field 'user', 'source_host' %></dd> + <dt><label for="user_source_port">Source Backend Port</label></dt> + <dd><%= text_field 'user', 'source_port' %></dd> + + <dt><label for="user_rpm_host">RPM Backend Host</label></dt> + <dd><%= text_field 'user', 'rpm_host' %></dd> + <dt><label for="user_rpm_port">RPM Backend Port</label></dt> + <dd><%= text_field 'user', 'rpm_port' %></dd> + + + <dt><label>Roles</label></dt> + <dd> + <%= node_tree(Role.find_all) do |role| + result = " " if @user.roles.include? role + result = " " unless @user.roles.include? role + result += "#{role.title}</label> " + result + end %> + </dd> + + <dt><label>Groups</label></dt> + <dd> + <%= node_tree(Group.find_all) do |group| + result = " " if @user.groups.include? group + result = " " unless @user.groups.include? group + result += "#{group.title}</label> " + result + end %> + </dd> +</dl> +<!--[eoform:user]--> diff --git a/src/api/components/active_rbac/user/_password.rhtml b/src/api/components/active_rbac/user/_password.rhtml new file mode 100644 index 0000000..ae325d3 --- /dev/null +++ b/src/api/components/active_rbac/user/_password.rhtml @@ -0,0 +1,19 @@ +<% if @user.errors.on(:password) %> +<dt><label for="password">Password</label></dt> +<dd> + <div class="fieldWithErrors"><%= password_field_tag 'password', nil, { :size => 30, :id => 'password' } %></div> + <div class="hint">Leave empty to keep the password unchanged</div> +</dd> + +<dt><label for="password_confirmation">Password Confirmation</label></dt> +<dd><div class="fieldWithErrors"><%= password_field_tag 'password_confirmation', nil, { :size => 30, :id => 'password_confirmation' } %></div></dd> +<% else %> +<dt><label for="password">Password</label></dt> +<dd> + <div><%= password_field_tag 'password', nil, { :size => 30, :id => 'password' } %></div> + <div class="hint">Leave empty to keep the password unchanged</div> +</dd> + +<dt><label for="password_confirmation">Password Confirmation</label></dt> +<dd><%= password_field_tag 'password_confirmation', nil, { :size => 30, :id => 'password_confirmation' } %></dd> +<% end %> diff --git a/src/api/components/active_rbac/user/delete.rhtml b/src/api/components/active_rbac/user/delete.rhtml new file mode 100644 index 0000000..aa82735 --- /dev/null +++ b/src/api/components/active_rbac/user/delete.rhtml @@ -0,0 +1,13 @@ +<h2>Deleting User "<%= @user.login %>"</h2> + +<p> +Are you sure you want to delete the user <%= @user.login %>? All role assignments +will be taken away from this user. There could be problems with other objects +depending on this user (articles, for example). +<strong>This action cannot be reverted!</strong> +</p> + +<%= start_form_tag :action => 'destroy', :id => @user %> + <%= submit_tag 'Yes', :name => 'yes' %> + <%= submit_tag 'No', :name => 'no' %> +<%= end_form_tag %> diff --git a/src/api/components/active_rbac/user/edit.rhtml b/src/api/components/active_rbac/user/edit.rhtml new file mode 100644 index 0000000..043d5c6 --- /dev/null +++ b/src/api/components/active_rbac/user/edit.rhtml @@ -0,0 +1,10 @@ +<h2>Editing User <%=h @user.login %></h2> + +<%= start_form_tag :action => 'update', :id => @user %> + <%= render_partial 'form' %> + + <%= submit_tag "Apply Changes", :name => 'submit[update]' %> +<%= end_form_tag %> + +<%= link_to 'Show', :action => 'show', :id => @user %> | +<%= link_to 'Back', :action => 'list' %> diff --git a/src/api/components/active_rbac/user/list.rhtml b/src/api/components/active_rbac/user/list.rhtml new file mode 100644 index 0000000..dc93ad5 --- /dev/null +++ b/src/api/components/active_rbac/user/list.rhtml @@ -0,0 +1,49 @@ +<h2>Listing Users</h2> + +<div class="commands"> +<%= link_to 'New user', :action => 'new' %> +</div> + +<%= render :partial => '/active_rbac/shared/pagination', :locals => { :pages => @user_pages } %> + +<table> +<thead> + <tr> + <th style="width: 50px;">id</th> + <th style="width: 100px;">login</th> + <th style="width: 100px;">email</th> + <th style="width: 100px;">state</th> + <th style="width: 50px;"> </th> + </tr> +</thead> +<tbody> +<% for user in @users %> + <tr> + <td><%= user.id %></td> + <td><%=h user.login %></td> + <td><%=h user.email %></td> + <td><%= case user.state + when 1 then 'unconfirmed' + when 2 then 'confirmed' + when 3 then 'locked' + when 4 then 'deleted' + end + %></td> + + <td> + (<%= link_to 'S', {:action => 'show', :id => user }, :title => 'Show' %> + <%= link_to 'E', { :action => 'edit', :id => user }, :title => 'Edit' %> + <%= link_to 'D', { :action => 'delete', :id => user}, :title => 'Delete' %>) + </td> + </tr> +<% end %> +</tbody> +</table> + +<%= render :partial => '/active_rbac/shared/pagination', :locals => { :pages => @user_pages } %> + + +<div class="commands"> +<%= link_to 'New user', :action => 'new' %> +</div> + diff --git a/src/api/components/active_rbac/user/new.rhtml b/src/api/components/active_rbac/user/new.rhtml new file mode 100644 index 0000000..b1fe262 --- /dev/null +++ b/src/api/components/active_rbac/user/new.rhtml @@ -0,0 +1,9 @@ +<h2>New user</h2> + +<%= start_form_tag :action => 'create' %> + <%= render_partial 'form' %> + + <%= submit_tag "Create", :name => 'submit[create]' %> +<%= end_form_tag %> + +<%= link_to 'Back', :action => 'list' %> diff --git a/src/api/components/active_rbac/user/show.rhtml b/src/api/components/active_rbac/user/show.rhtml new file mode 100644 index 0000000..4abd0e8 --- /dev/null +++ b/src/api/components/active_rbac/user/show.rhtml @@ -0,0 +1,75 @@ +<h2>User "<%=h @user.login %>", <%=h @user.realname %> <<%=h @user.email %>></h2> + + +<table> +<tr> + <td>ID</td><td><%= @user.id %></td> +</tr> +<tr> + <td>Realname</td><td><%= @user.realname %></td> +</tr> +<tr> + <td>Email</td><td><%= @user.email %></td> +</tr> +<tr> + <td>Created at</td><td><%= @user.created_at.to_formatted_s(:long) %></td> +</tr> +<tr> + <td>Updated at</td><td><%= @user.updated_at.to_formatted_s(:long) %></td> +</tr> +<tr> + <td>Last Login</td><td><%= @user.last_logged_in_at.to_formatted_s(:long) %></td> +</tr> +<tr> + <td>Password Hash Type</td><td><%= @user.password_hash_type %></td> +</tr> +<tr> + <td>State</td><td><%= User.states.invert[@user.state] %></td> +</tr> +</table> + + +<h3>Directly Assigned Roles</h3> + +<% if @user.roles.empty? %> +<p>No Roles</p> +<% else %> +<%= node_tree(@user.roles) { |r| link_to( r.title, { :controller => 'role', :action => 'show', :id => r.id })} %> +<% end %> + +<h3>Directly Assigned Groups</h3> + +<% if @user.groups.empty? %> +<p>No Groups</p> +<% else %> +<%= node_tree(@user.groups) { |g| link_to( g.title, { :controller => 'group', :action => 'show', :id => g.id })} %> +<% end %> + +<h3>All Assigned Roles</h3> + +<!-- TODO Somehow mark which role comes from which source --> + +<p> +Some or all of the following roles might come from role inheritance or they +might be assigned to groups that are assigned to this user. +</p> + +<% if @user.all_roles.empty? %> +<p>No Roles</p> +<% else %> +<%= node_tree(@user.all_roles) { |r| link_to( r.title, { :controller => 'role', :action => 'show', :id => r.id })} %> +<% end %> + +<h3>All Assigned Groups</h3> + +<!-- TODO Somehow mark which group comes from which source --> + +<% if @user.all_groups.empty? %> +<p>No Groups</p> +<% else %> +<%= node_tree(@user.all_groups) { |g| link_to( g.title, { :controller => 'group', :action => 'show', :id => g.id })} %> +<% end %> + + +<%= link_to 'Edit', :action => 'edit', :id => @user %> +<%= link_to 'Back', :action => 'list' %> diff --git a/src/api/components/active_rbac/user_controller.rb b/src/api/components/active_rbac/user_controller.rb new file mode 100644 index 0000000..b749436 --- /dev/null +++ b/src/api/components/active_rbac/user_controller.rb @@ -0,0 +1,163 @@ +require_dependency 'active_rbac/helpers/rbac_helper' + +# This is the controller that provides CRUD functionality for the User model. +class ActiveRbac::UserController < ActiveRbac::ComponentController + uses_component_template_root + + # The RbacHelper allows us to render +acts_as_tree+ AR elegantly + helper RbacHelper + + # The layout this controller uses is configured in the + # Configuration class + layout config.controller[:layout] + + # We force users to use POST on the state changing actions. + verify :method => :post, + :only => [ :create, :update, :destroy ], + :redirect_to => { :action => 'list' }, + :add_flash => { :error => 'You sent an invalid request!' } + + # We force users to use GET on all other methods, though. + verify :method => :get, + :only => [ :index, :list, :show, :new, :delete ], + :redirect_to => { :action => 'list' }, + :add_flash => { :error => 'You sent an invalid request!' } + + + # Simply redirects to #list + def index + redirect_to :action => 'list' + end + + # Displays a paginated table of users. + def list + @user_pages, @users = paginate :user, :per_page => 20 + end + + # Show a user identified by the +:id+ path fragment in the URL. + def show + @user = User.find(params[:id].to_i) + + rescue ActiveRecord::RecordNotFound + flash[:notice] = 'This user could not be found.' + redirect_to :action => 'list' + end + + # Displays a form to create a new user. Posts to the #create action. + def new + @user = User.new + end + + # Creates a new user. +create+ is only accessible via POST and renders + # the same form as #new on validation errors. + def create + # Set password and password_confirmation into [:user] parameters + params[:user][:password] = params[:password] + params[:user][:password_confirmation] = params[:password_confirmation] + + @user = User.new(params[:user]) + + # Set password hash type seperatedly because it is protected + @user.password_hash_type = params[:user][:password_hash_type] + + # get an array of roles and set the role associations + params[:user][:roles] = [] if params[:user][:roles].nil? + roles = params[:user][:roles].collect { |i| Role.find(i) } + @user.roles = roles + + # get an array of groups and set the group associations + params[:user][:groups] = [] if params[:user][:groups].nil? + groups = params[:user][:groups].collect { |i| Group.find(i) } + @user.groups = groups + + # assign properties to user + if @user.save + flash[:notice] = 'User was created successfully.' + redirect_to :action => 'show', :id => @user.to_param + else + render :action => 'new' + end + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'You sent an invalid request.' + redirect_to :action => 'list' + end + + # Loads the user identified by the :id parameter from the url fragment from + # the database and displays an edit form with the user. + def edit + @user = User.find(params[:id]) + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'You sent an invalid request.' + redirect_to :action => 'list' + end + + # Updates a user record in the database. +update+ is only accessible via + # POST and renders the same form as #edit on validation errors. + def update + @user = User.find(params[:id]) + + # get an array of roles and set the role associations + params[:user][:roles] = [] if params[:user][:roles].nil? + roles = params[:user][:roles].collect { |i| Role.find(i) } + @user.roles = roles + + # get an array of groups and set the group associations + params[:user][:groups] = [] if params[:user][:groups].nil? + groups = params[:user][:groups].collect { |i| Group.find(i) } + @user.groups = groups + + # Set password and password_confirmation into [:user] parameters + unless params[:password].to_s == "" + params[:user][:password] = params[:password] + params[:user][:password_confirmation] = params[:password_confirmation] + end + + # Set password hash type seperatedly because it is protected + @user.password_hash_type = params[:user][:password_hash_type] if params[:user][:password_hash_type] != @user.password_hash_type + + # Bulk-Assign the other attributes from the form. + if @user.update_attributes(params[:user]) + flash[:notice] = 'User was successfully updated.' + redirect_to :action => 'show', :id => @user.to_param + else + render :action => 'edit' + end + + rescue InvalidStateTransition # this should really go into User.validate! + flash[:error] = 'You have selected an invalid state.' + redirect_to :action => 'edit', :id => @user + rescue ActiveRecord::RecordNotFound + flash[:error] = 'You sent an invalid request.' + redirect_to :action => 'list' + end + + # Loads the user specified by the :id parameters from the url fragment from + # the database and displays a "Do you really want to delete it?" form. It + # posts to #destroy. + def delete + @user = User.find(params[:id]) + rescue + flash[:notice] = 'Invalid user specified!' + redirect_to :action => 'list' + end + + # Removes a user record from the database. +destroy+ is only accessible + # via POST. If the answer to the form in #delete has not been "Yes", it + # redirects to the #show action with the selected's userp's ID. + def destroy + if not params[:yes].nil? + User.find(params[:id]).destroy + flash[:notice] = 'The user has been deleted successfully' + redirect_to :action => 'list' + else + flash[:notice] = 'The user has not been deleted.' + redirect_to :action => 'show', :id => params[:id] + end + + rescue ActiveRecord::RecordNotFound + flash[:error] = 'This user could not be found.' + redirect_to :action => 'list' + end +end diff --git a/src/api/components/active_rbac/user_registration.rb b/src/api/components/active_rbac/user_registration.rb new file mode 100644 index 0000000..849b24c --- /dev/null +++ b/src/api/components/active_rbac/user_registration.rb @@ -0,0 +1,32 @@ +# UserRegistration objects represent user_registration records in the database. +# They hold a registration confirmation token, an expiry time and are +# associated with users. +# +# Developers must not create them manually, but use +# User.create_user_registration! +class UserRegistration < ActiveRecord::Base + # user_registrations have a n:1 relation to users + belongs_to :user + + # Initialize sets the expires_at and token property. Thus we need no + # validation since everything is set automatically anyway. + def initialize(arguments=nil) + super(arguments) + + self.expires_at = Time.now + (60 * 60 * 24) + self.token = Digest::MD5.hexdigest(expires_at.to_s + '--' + rand.to_s).slice(1,10) + end + + # Returns true if this token has expired. + def expired? + expires_at > Time.now + end + + # We only need to validate the token here. + validates_format_of :token, + :with => %r{^[\w]*$}, + :message => 'must not contain invalid characters.' + validates_length_of :token, + :is => 10, + :too_long => 'must have exactly 10 characters.' +end diff --git a/src/api/config/active_rbac_config.rb b/src/api/config/active_rbac_config.rb new file mode 100644 index 0000000..5e409b2 --- /dev/null +++ b/src/api/config/active_rbac_config.rb @@ -0,0 +1,3 @@ +# +# setup ActiveRBAC's configuration below +# \ No newline at end of file diff --git a/src/api/config/boot.rb b/src/api/config/boot.rb new file mode 100644 index 0000000..9fcd50f --- /dev/null +++ b/src/api/config/boot.rb @@ -0,0 +1,19 @@ +# Don't change this file. Configuration is done in config/environment.rb and config/environments/*.rb + +unless defined?(RAILS_ROOT) + root_path = File.join(File.dirname(__FILE__), '..') + unless RUBY_PLATFORM =~ /mswin32/ + require 'pathname' + root_path = Pathname.new(root_path).cleanpath(true).to_s + end + RAILS_ROOT = root_path +end + +if File.directory?("#{RAILS_ROOT}/vendor/rails") + require "#{RAILS_ROOT}/vendor/rails/railties/lib/initializer" +else + require 'rubygems' + require 'initializer' +end + +Rails::Initializer.run(:set_load_path) diff --git a/src/api/config/database.yml b/src/api/config/database.yml new file mode 100644 index 0000000..a70ea7b --- /dev/null +++ b/src/api/config/database.yml @@ -0,0 +1,88 @@ +# MySQL (default setup). Versions 4.1 and 5.0 are recommended. +# +# Get the fast C bindings: +# gem install mysql +# (on OS X: gem install mysql -- --include=/usr/local/lib) +# And be sure to use new-style password hashing: +# http://dev.mysql.com/doc/refman/5.0/en/old-client.html +development: +# adapter: sqlite +# database: db/users-devel.db + + adapter: mysql + database: frontend_development + username: root + password: + host: 127.0.0.1 + + # Connect on a TCP socket. If omitted, the adapter will connect on the + # domain socket given by socket instead. + #host: localhost + #port: 3306 + +# Warning: The database defined as 'test' will be erased and +# re-generated from your development database when you run 'rake'. +# Do not set this db to the same as development or production. +test: + adapter: mysql + database: frontend_test + username: root + password: + host: 127.0.0.1 + +production: + adapter: mysql + database: frontend_production + username: opensuse + password: + host: 127.0.0.1 + + +# PostgreSQL versions 7.4 - 8.1 +# +# Get the C bindings: +# gem install postgres +# or use the pure-Ruby bindings on Windows: +# gem install postgres-pr +postgresql_example: + adapter: postgresql + database: dummy-backend_development + username: dummy-backend + password: + + # Connect on a TCP socket. Omitted by default since the client uses a + # domain socket that doesn't need configuration. + #host: remote-database + #port: 5432 + + # Schema search path. The server defaults to $user,public + #schema_search_path: myapp,sharedapp,public + + # Character set encoding. The server defaults to sql_ascii. + #encoding: UTF8 + + # Minimum log levels, in increasing order: + # debug5, debug4, debug3, debug2, debug1, + # info, notice, warning, error, log, fatal, or panic + # The server defaults to notice. + #min_messages: warning + + +# SQLite version 2.x +# gem install sqlite-ruby +sqlite_example: + adapter: sqlite + database: db/development.sqlite2 + + +# SQLite version 3.x +# gem install sqlite3-ruby +sqlite3_example: + adapter: sqlite3 + database: db/development.sqlite3 + + +# In-memory SQLite 3 database. Useful for tests. +sqlite3_in_memory_example: + adapter: sqlite3 + database: ":memory:" diff --git a/src/api/config/deploy.rb b/src/api/config/deploy.rb new file mode 100644 index 0000000..de65a4c --- /dev/null +++ b/src/api/config/deploy.rb @@ -0,0 +1,103 @@ + +# ============================================================================= +# REQUIRED VARIABLES +# ============================================================================= +# You must always specify the application and repository for every recipe. The +# repository must be the URL of the repository you want this recipe to +# correspond to. The deploy_to path must be the path on each machine that will +# form the root of the application path. + +set :svnuser, ENV['USER'] +set :application, "frontend" +set :repository, "--username #{svnuser} https://svn.suse.de/svn/opensuse/trunk/buildservice/src/#{application}" + +# ============================================================================= +# ROLES +# ============================================================================= +# You can define any number of roles, each of which contains any number of +# machines. Roles might include such things as :web, or :app, or :db, defining +# what the purpose of each machine is. You can also specify options that can +# be used to single out a specific subset of boxes in a particular role, like +# :primary => true. + +role :web, "buildserviceapi.suse.de" +role :app, "buildserviceapi.suse.de" +role :db, "buildserviceapi.suse.de" +#role :web, "www01.example.com", "www02.example.com" +#role :app, "app01.example.com", "app02.example.com", "app03.example.com" +#role :db, "db01.example.com", :primary => true +#role :db, "db02.example.com", "db03.example.com" + +# ============================================================================= +# OPTIONAL VARIABLES +# ============================================================================= +# set :deploy_to, "/path/to/app" # defaults to "/u/apps/#{application}" +set :deploy_to, "/srv/www/opensuse/#{application}" +set :user, "opensuse" +# set :user, "flippy" # defaults to the currently logged in user +# set :scm, :darcs # defaults to :subversion +# set :svn, "/path/to/svn" # defaults to searching the PATH +# set :darcs, "/path/to/darcs" # defaults to searching the PATH +# set :cvs, "/path/to/cvs" # defaults to searching the PATH +# set :gateway, "gate.host.com" # default to no gateway + +# ============================================================================= +# SSH OPTIONS +# ============================================================================= +# ssh_options[:keys] = %w(/path/to/my/key /path/to/another/key) +# ssh_options[:port] = 25 + +# ============================================================================= +# TASKS +# ============================================================================= +# Define tasks that run on all (or only some) of the machines. You can specify +# a role (or set of roles) that each task should be executed on. You can also +# narrow the set of servers to a subset of a role by specifying options, which +# must match the options given for the servers to select (like :primary => true) + +# use common opensuse tasks +load '../common/lib/switchtower/opensuse.rb' + +task :update_apidocs, :roles => :web do + require 'tmpdir' + apidoctmpdir = "#{Dir.tmpdir}/switchtower-svn-tmp-#{$$}" + apidocrepo = "--username #{svnuser} https://svn.suse.de/svn/opensuse/trunk/buildservice/docs/architecture" + apidoc_tarfile_local = "apidocs.tar.gz" + apidoc_tarfile_remote = "#{current_path}/public/#{apidoc_tarfile_local}" + apidoc_scptarget = "#{user}@buildserviceapi:#{apidoc_tarfile_remote}" + schema_tarfile_local = "schema.tar.gz" + schema_tarfile_remote = "#{current_path}/public/#{schema_tarfile_local}" + schema_scptarget = "#{user}@buildserviceapi:#{schema_tarfile_remote}" + + system <<-CMD + rm -rf #{apidoctmpdir} + mkdir -v #{apidoctmpdir} + cd #{apidoctmpdir} + echo "Checking out from #{apidocrepo}" + svn co -q #{apidocrepo} #{apidoctmpdir} + + #{apidoctmpdir}/restdocker --html #{apidoctmpdir}/api.txt + mkdir -v apidocs + mv html apidocs + tar zcf #{apidoc_tarfile_local} apidocs + scp #{apidoc_tarfile_local} #{apidoc_scptarget} + + mkdir -v schema + cp *.xsd schema + tar zcf #{schema_tarfile_local} schema + scp #{schema_tarfile_local} #{schema_scptarget} + + rm -rf #{apidoctmpdir} + CMD + + run <<-CMD + tar zxf #{apidoc_tarfile_remote} -C #{current_path}/public && + rm -rf #{apidoc_tarfile_remote} && + tar zxf #{schema_tarfile_remote} -C #{current_path}/public && + rm -rf #{schema_tarfile_remote} + CMD +end + +task :after_deploy, :roles => :web do + update_apidocs +end diff --git a/src/api/config/environment.rb b/src/api/config/environment.rb new file mode 100644 index 0000000..6c249bf --- /dev/null +++ b/src/api/config/environment.rb @@ -0,0 +1,61 @@ +# Be sure to restart your web server when you modify this file. + +# Uncomment below to force Rails into production mode when +# you don't control web/app server and can't set it the proper way +# ENV['RAILS_ENV'] ||= 'production' + +# Bootstrap the Rails environment, frameworks, and default configuration +require File.join(File.dirname(__FILE__), 'boot') + +Rails::Initializer.run do |config| + # Settings in config/environments/* take precedence those specified here + + # Skip frameworks you're not going to use + # config.frameworks -= [ :action_web_service, :action_mailer ] + + # Add additional load paths for your own custom dirs + # config.load_paths += %W( #{RAILS_ROOT}/extras ) + if( RAILS_ENV == 'production' ) + config.load_paths << File.expand_path("/srv/www/opensuse/common/current/lib") + else + config.load_paths << File.expand_path("#{RAILS_ROOT}/../common/lib") + end + + # Force all environments to use the same logger level + # (by default production uses :info, the others :debug) + # config.log_level = :debug + + # Use the database for sessions instead of the file system + # (create the session table with 'rake create_sessions_table') + # config.action_controller.session_store = :active_record_store + + # Enable page/fragment caching by setting a file-based store + # (remember to create the caching directory and make it readable to the application) + # config.action_controller.fragment_cache_store = :file_store, "#{RAILS_ROOT}/cache" + + # Activate observers that should always be running + # config.active_record.observers = :cacher, :garbage_collector + + # Make Active Record use UTC-base instead of local time + # config.active_record.default_timezone = :utc + + # Use Active Record's schema dumper instead of SQL when creating the test database + # (enables use of different database adapters for development and test environments) + # config.active_record.schema_format = :ruby + + # See Rails::Configuration for more options +end + +# Add new inflection rules using the following format +# (all these examples are active by default): +# Inflector.inflections do |inflect| +# inflect.plural /^(ox)$/i, '\1en' +# inflect.singular /^(ox)en/i, '\1' +# inflect.irregular 'person', 'people' +# inflect.uncountable %w( fish sheep ) +# end + +# Include your application configuration below + +require 'rails_put_fix' +#require 'custom_dispatcher' diff --git a/src/api/config/environments/development.rb b/src/api/config/environments/development.rb new file mode 100644 index 0000000..b5570d8 --- /dev/null +++ b/src/api/config/environments/development.rb @@ -0,0 +1,38 @@ +# Settings specified here will take precedence over those in config/environment.rb + +# In the development environment your application's code is reloaded on +# every request. This slows down response time but is perfect for development +# since you don't have to restart the webserver when you make code changes. +config.cache_classes = false + +# Log error messages when you accidentally call methods on nil. +config.whiny_nils = true + +# Enable the breakpoint server that script/breakpointer connects to +config.breakpoint_server = true + +# Show full error reports and disable caching +config.action_controller.consider_all_requests_local = false +config.action_controller.perform_caching = false + +# Don't care if the mailer can't send +config.action_mailer.raise_delivery_errors = false + +BREAKPOINT_SERVER_PORT=42532 + +SOURCE_HOST = "buildservice.suse.de" +SOURCE_PORT = 5352 + +RPM_HOST = "buildservice.suse.de" +RPM_PORT = 5252 + +#SOURCE_HOST = "localhost" +#SOURCE_PORT = 3002 + +#RPM_HOST = "localhost" +#RPM_PORT = 3002 + +APIDOCS_LOCATION = "../../docs/architecture/html/" +SCHEMA_LOCATION = File.expand_path("#{RAILS_ROOT}/../../docs/architecture")+"/" + +EXTENDED_BACKEND_LOG = true diff --git a/src/api/config/environments/production.rb b/src/api/config/environments/production.rb new file mode 100644 index 0000000..febf38c --- /dev/null +++ b/src/api/config/environments/production.rb @@ -0,0 +1,28 @@ +# Settings specified here will take precedence over those in config/environment.rb + +# The production environment is meant for finished, "live" apps. +# Code is not reloaded between requests +config.cache_classes = true + +# Use a different logger for distributed setups +# config.logger = SyslogLogger.new +config.log_level = :debug + +# Full error reports are disabled and caching is turned on +config.action_controller.consider_all_requests_local = false +config.action_controller.perform_caching = true + +# Enable serving of images, stylesheets, and javascripts from an asset server +# config.action_controller.asset_host = "http://assets.example.com" + +# Disable delivery errors if you bad email addresses should just be ignored +# config.action_mailer.raise_delivery_errors = false + +SOURCE_HOST = "storage" +SOURCE_PORT = 5352 + +RPM_HOST = "storage" +RPM_PORT = 5252 + +APIDOCS_LOCATION = File.expand_path("#{RAILS_ROOT}/public/apidocs/html")+"/" +SCHEMA_LOCATION = File.expand_path("#{RAILS_ROOT}/public/schema")+"/" diff --git a/src/api/config/environments/test.rb b/src/api/config/environments/test.rb new file mode 100644 index 0000000..568302e --- /dev/null +++ b/src/api/config/environments/test.rb @@ -0,0 +1,29 @@ +# Settings specified here will take precedence over those in config/environment.rb + +# The test environment is used exclusively to run your application's +# test suite. You never need to work with it otherwise. Remember that +# your test database is "scratch space" for the test suite and is wiped +# and recreated between test runs. Don't rely on the data there! +config.cache_classes = true + +# Log error messages when you accidentally call methods on nil. +config.whiny_nils = true + +# Show full error reports and disable caching +# local requests don't trigger the global exception handler -> set to false +config.action_controller.consider_all_requests_local = false +config.action_controller.perform_caching = false + +# Tell ActionMailer not to deliver emails to the real world. +# The :test delivery method accumulates sent emails in the +# ActionMailer::Base.deliveries array. +config.action_mailer.delivery_method = :test + +SOURCE_HOST = "localhost" +SOURCE_PORT = 3003 + +RPM_HOST = "localhost" +RPM_PORT = 3003 + +APIDOCS_LOCATION ="../../docs/architecture/html/" +SCHEMA_LOCATION = File.expand_path("#{RAILS_ROOT}/../../docs/architecture")+"/" diff --git a/src/api/config/routes.rb b/src/api/config/routes.rb new file mode 100644 index 0000000..3d32965 --- /dev/null +++ b/src/api/config/routes.rb @@ -0,0 +1,89 @@ +ActionController::Routing::Routes.draw do |map| + # Add your own custom routes here. + # The priority is based upon order of creation: first created -> highest priority. + + # Here's a sample route: + # map.connect 'products/:id', :controller => 'catalog', :action => 'view' + # Keep in mind you can assign values other than :controller and :action + + # You can have the root of your site routed by hooking up '' + # -- just remember to delete public/index.html. + # map.connect '', :controller => "welcome" + + # Allow downloading Web Service WSDL as a file with an extension + # instead of a file named 'wsdl' + map.connect ':controller/service.wsdl', :action => 'wsdl' + + map.connect '/', :controller => 'main' + + map.connect 'person/:login', :controller => 'person', :action => 'userinfo' + + map.connect 'rpm/:project/:repository/:package/:arch/:file', + :controller => 'rpm', + :action => 'file' + + + map.connect 'result/:project/result', :controller => 'result', + :action => 'projectresult' + map.connect 'result/:project/:platform/result', :controller => 'result', + :action => 'projectresult' + map.connect 'result/:project/:platform/:package/result', :controller => 'result', + :action => 'packageresult' + map.connect 'result/:project/:platform/:package/:arch/log', + :controller => 'result', + :action => 'log' + + + map.connect 'platform/:project/:repository', :controller => 'platform', + :action => 'repository' + map.connect 'platform/:project', :controller => 'platform', + :action => 'project' + + map.connect 'source/:project/_meta', :controller => 'source', + :action => 'project_meta' + map.connect 'source/:project/:package/_meta', :controller => 'source', + :action => 'package_meta' + + map.connect 'source/:project/:package/:file', :controller => "source", + :action => 'file' + + map.connect 'source/:project/:package', :controller => "source", + :action => 'index_package' + map.connect 'source/:project', :controller => "source", + :action => 'index_project' + + + map.apidocs 'apidocs/', :controller => "apidocs" + + # ----------------------------------------------------------------- + # ActiveRBAC routes + + # map the admin stuff into '/admin/' + map.connect '/arbac/group/:action/:id', + :controller => 'active_rbac/group' + map.connect '/arbac/role/:action/:id', + :controller => 'active_rbac/role' + map.connect '/arbac/static_permission/:action/:id', + :controller => 'active_rbac/static_permission' + map.connect '/arbac/user/:action/:id', + :controller => 'active_rbac/user' + + # map the login and registration controller somewhere prettier + map.connect '/login/:action/:id', + :controller => 'active_rbac/login' + map.connect '/register/confirm/:user/:token', + :controller => 'active_rbac/registration', + :action => 'confirm' + map.connect '/register/:action/:id', + :controller => 'active_rbac/registration' + + # hide '/active_rbac/*' + map.connect '/active_rbac/*foo', + :controller => 'main' + # ----------------------------------------------------------------- + + + # Install the default route as the lowest priority. + map.connect ':controller/:action/:id' + +end diff --git a/src/api/db/create_mysql.sql b/src/api/db/create_mysql.sql new file mode 100644 index 0000000..a0265b8 --- /dev/null +++ b/src/api/db/create_mysql.sql @@ -0,0 +1,215 @@ +DROP DATABASE frontend_development; +CREATE DATABASE frontend_development; +USE frontend_development; + +-- +-- Table structure for table `groups` +-- + +DROP TABLE IF EXISTS `groups`; +CREATE TABLE `groups` ( + `id` int(10) unsigned NOT NULL auto_increment, + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `updated_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `title` varchar(200) NOT NULL default '', + `parent_id` int(10) unsigned default NULL, + PRIMARY KEY (`id`), + KEY `groups_parent_id_index` (`parent_id`), + CONSTRAINT `groups_ibfk_1` FOREIGN KEY (`parent_id`) REFERENCES `groups` (`id`) ON UPDATE NO ACTION +) ENGINE=InnoDB; + +-- +-- Table structure for table `roles` +-- + +DROP TABLE IF EXISTS `roles`; +CREATE TABLE `roles` ( + `id` int(10) unsigned NOT NULL auto_increment, + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `updated_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `title` varchar(100) NOT NULL default '', + `parent_id` int(10) unsigned default NULL, + PRIMARY KEY (`id`), + KEY `roles_parent_id_index` (`parent_id`), + CONSTRAINT `roles_ibfk_1` FOREIGN KEY (`parent_id`) REFERENCES `roles` (`id`) ON UPDATE NO ACTION +) ENGINE=InnoDB; + +LOCK TABLES `roles` WRITE; +INSERT INTO `roles` VALUES + (1, now(), now(), 'Admin',NULL), + (2, now(), now(), 'User',NULL); +UNLOCK TABLES; +/*!40000 ALTER TABLE `roles` ENABLE KEYS */; + + +-- +-- Table structure for table `groups_roles` +-- + +DROP TABLE IF EXISTS `groups_roles`; +CREATE TABLE `groups_roles` ( + `group_id` int(10) unsigned NOT NULL default '0', + `role_id` int(10) unsigned NOT NULL default '0', + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + UNIQUE KEY `groups_roles_all_index` (`group_id`,`role_id`), + KEY `role_id` (`role_id`), + CONSTRAINT `groups_roles_ibfk_1` FOREIGN KEY (`group_id`) REFERENCES `groups` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `groups_roles_ibfk_2` FOREIGN KEY (`role_id`) REFERENCES `roles` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB; + + +-- +-- Table structure for table `users` +-- + +DROP TABLE IF EXISTS `users`; +CREATE TABLE `users` ( + `id` int(10) unsigned NOT NULL auto_increment, + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `updated_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `last_logged_in_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `login_failure_count` int(10) unsigned NOT NULL default '0', + `login` varchar(100) NOT NULL default '', + `email` varchar(200) NOT NULL default '', + `realname` varchar(200) NOT NULL default '', + `password` varchar(100) NOT NULL default '', + `password_hash_type` varchar(20) NOT NULL default '', + `password_salt` varchar(10) NOT NULL default '1234512345', + `password_crypted` varchar(64), + `state` int(10) unsigned NOT NULL default '1', + `source_host` varchar(40) default NULL, + `source_port` int(11) default NULL, + `rpm_host` varchar(40) default NULL, + `rpm_port` int(11) default NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `users_login_index` (`login`), + KEY `users_password_index` (`password`) +) ENGINE=InnoDB; + + +DROP TABLE IF EXISTS `watched_projects`; +CREATE TABLE `watched_projects` ( + `id` int(10) unsigned NOT NULL auto_increment, + `user_id` int(10) unsigned NOT NULL, + `name` varchar(100) NOT NULL, + PRIMARY KEY (`id`), + CONSTRAINT `watched_projects_users_fk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB; + +-- +-- Table structure for table `groups_users` +-- + +DROP TABLE IF EXISTS `groups_users`; +CREATE TABLE `groups_users` ( + `group_id` int(10) unsigned NOT NULL default '0', + `user_id` int(10) unsigned NOT NULL default '0', + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + PRIMARY KEY (`group_id`,`user_id`), + UNIQUE KEY `groups_users_all_index` (`group_id`,`user_id`), + KEY `user_id` (`user_id`), + CONSTRAINT `groups_users_ibfk_1` FOREIGN KEY (`group_id`) REFERENCES `groups` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `groups_users_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB; + + +-- +-- Table structure for table `static_permissions` +-- + +DROP TABLE IF EXISTS `static_permissions`; +CREATE TABLE `static_permissions` ( + `id` int(10) unsigned NOT NULL auto_increment, + `title` varchar(200) NOT NULL default '', + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `updated_at` timestamp NOT NULL default '0000-00-00 00:00:00', + PRIMARY KEY (`id`), + UNIQUE KEY `static_permissions_title_index` (`title`) +) ENGINE=InnoDB; + +LOCK TABLES `static_permissions` WRITE; +INSERT INTO `static_permissions` VALUES (1,'global_project_change', NOW(), NOW() ), + (2,'global_project_create', NOW(), NOW() ), + (3,'global_package_change', NOW(), NOW() ), + (4,'global_package_create', NOW(), NOW() ); + +UNLOCK TABLES; + +-- +-- Table structure for table `roles_static_permissions` +-- + +DROP TABLE IF EXISTS `roles_static_permissions`; +CREATE TABLE `roles_static_permissions` ( + `role_id` int(10) unsigned NOT NULL default '0', + `static_permission_id` int(10) unsigned NOT NULL default '0', + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + UNIQUE KEY `roles_static_permissions_all_index` (`static_permission_id`,`role_id`), + KEY `role_id` (`role_id`), + CONSTRAINT `roles_static_permissions_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `roles` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION, + CONSTRAINT `roles_static_permissions_ibfk_2` FOREIGN KEY (`static_permission_id`) REFERENCES `static_permissions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB; + +LOCK TABLES `roles_static_permissions` WRITE; +INSERT INTO `roles_static_permissions` VALUES (1,1,NOW()),(1,2,NOW()),(1,3,NOW()),(1,4,NOW()), (2,2,NOW()) ; +UNLOCK TABLES; + + +-- +-- Table structure for table `roles_users` +-- + +DROP TABLE IF EXISTS `roles_users`; +CREATE TABLE `roles_users` ( + `user_id` int(10) unsigned NOT NULL default '0', + `role_id` int(10) unsigned NOT NULL default '0', + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + UNIQUE KEY `roles_users_all_index` (`user_id`,`role_id`), + KEY `role_id` (`role_id`), + CONSTRAINT `roles_users_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `roles` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB; + +LOCK TABLES `roles_users` WRITE; +INSERT INTO `roles_users` VALUES (1,1,NOW()); +UNLOCK TABLES; + +-- +-- Table structure for table `schema_info` +-- + +DROP TABLE IF EXISTS `schema_info`; +CREATE TABLE `schema_info` ( + `version` int(11) default NULL +) ENGINE=MyISAM DEFAULT CHARSET=latin1; + +-- +-- Dumping data for table `static_permissions` +-- + + +DROP TABLE IF EXISTS `user_registrations`; +CREATE TABLE `user_registrations` ( + `id` int(10) unsigned NOT NULL auto_increment, + `user_id` int(10) unsigned NOT NULL default '0', + `token` text NOT NULL, + `created_at` timestamp NOT NULL default '0000-00-00 00:00:00', + `expires_at` timestamp NOT NULL default '0000-00-00 00:00:00', + PRIMARY KEY (`id`), + UNIQUE KEY `user_registrations_user_id_index` (`user_id`), + KEY `user_registrations_expires_at_index` (`expires_at`), + CONSTRAINT `user_registrations_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `users` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION +) ENGINE=InnoDB; + + +-- +-- Dumping data for table `users` +-- + +/* Create an Admin user. */; +LOCK TABLES `users` WRITE; +INSERT INTO `users` (id, created_at, login, email, password, password_hash_type, password_salt, password_crypted, state) +VALUES (1, now(), 'Admin','root@localhost','07a703993d4b21cabb8c698b30a63616','md5','6+DYjxVSct', '8f//Vir3vAC9s', 2); +UNLOCK TABLES; + + + diff --git a/src/api/doc/README_FOR_APP b/src/api/doc/README_FOR_APP new file mode 100644 index 0000000..ac6c149 --- /dev/null +++ b/src/api/doc/README_FOR_APP @@ -0,0 +1,2 @@ +Use this README file to introduce your application and point to useful places in the API for learning more. +Run "rake appdoc" to generate API documentation for your models and controllers. \ No newline at end of file diff --git a/src/api/files/specfiletemplate b/src/api/files/specfiletemplate new file mode 100644 index 0000000..711398c --- /dev/null +++ b/src/api/files/specfiletemplate @@ -0,0 +1,26 @@ +Name: mydummy +Version: 1.0 +Release: 1 +License: GPL +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Group: Dummy +Summary: My Dummy Package + +%description +My Dummy Package for testing + +%prep + +%build + +%install +dummydir=$RPM_BUILD_ROOT/usr/lib/mydummy +mkdir -p $dummydir +echo "I was here!" >$dummydir/iwashere + +%clean +rm -rf "$RPM_BUILD_ROOT" + +%files +%defattr(-,root,root) +/usr/lib/mydummy/iwashere diff --git a/src/api/lib/login_system.rb b/src/api/lib/login_system.rb new file mode 100644 index 0000000..42b9082 --- /dev/null +++ b/src/api/lib/login_system.rb @@ -0,0 +1,88 @@ +require_dependency "user" + +module LoginSystem + + protected + + # overwrite this if you want to restrict access to only a few actions + # or if you want to check if the user has the correct rights + # example: + # + # # only allow nonbobs + # def authorize?(user) + # user.login != "bob" + # end + def authorize?(user) + true + end + + # overwrite this method if you only want to protect certain actions of the controller + # example: + # + # # don't protect the login and the about method + # def protect?(action) + # if ['action', 'about'].include?(action) + # return false + # else + # return true + # end + # end + def protect?(action) + true + end + + # login_required filter. add + # + # before_filter :login_required + # + # if the controller should be under any rights management. + # for finer access control you can overwrite + # + # def authorize?(user) + # + def login_required + + if not protect?(action_name) + return true + end + + if @session[:user] and authorize?(@session[:user]) + return true + end + + # store current location so that we can + # come back after the user logged in + store_location + + # call overwriteable reaction to unauthorized access + access_denied + return false + end + + # overwrite if you want to have special behavior in case the user is not authorized + # to access the current operation. + # the default action is to redirect to the login screen + # example use : + # a popup window might just close itself for instance + def access_denied +# redirect_to :controller=>"account", :action =>"login" + render :nothing => true, :status => 401 + end + + # store current uri in the session. + # we can return to this location by calling return_location + def store_location + @session[:return_to] = @request.request_uri + end + + # move to the last store_location call or to the passed default one + def redirect_back_or_default(default) + if @session[:return_to].nil? + redirect_to default + else + redirect_to_url @session[:return_to] + @session[:return_to] = nil + end + end + +end \ No newline at end of file diff --git a/src/api/lib/opensuse/backend.rb b/src/api/lib/opensuse/backend.rb new file mode 100644 index 0000000..af395ff --- /dev/null +++ b/src/api/lib/opensuse/backend.rb @@ -0,0 +1,300 @@ +require 'net/http' +require 'tempfile' +require 'rexml/document' + +module Suse + class Backend + + class ValidationError < Exception; end + class HTTPError < Exception; end + class NotFoundError < HTTPError; end + + @source_host = SOURCE_HOST + @source_port = SOURCE_PORT + + @rpm_host = RPM_HOST + @rpm_port = RPM_PORT + + @schema_location = SCHEMA_LOCATION + + @@backend_logger = Logger.new( "#{RAILS_ROOT}/log/backend_access.log" ) + + class << self + + attr_accessor :source_host, :source_port + attr_accessor :rpm_host, :rpm_port + + def host= h + logger.warn "Suse::Backend: warning: using Suse::Backend.host=() is obsolete, use Suse::Backend.source_host=() !" + @source_host = h + end + + def port= p + logger.warn "Suse::Backend: warning: using Suse::Backend.port=() is obsolete, use Suse::Backend.source_port=() !" + @source_port = p + end + + def logger + RAILS_DEFAULT_LOGGER + end + + # next three methods activate global validation. + # Suse::Backend.validate_get -> validate all get requests + # Suse::Backend.validate_put -> validate all put requests + # Suse::Backend.validate_all -> validate get and put requests + # + # by default validation is switched off. + + def validate_get + self.instance_eval do + class << self + alias_method :internal_get, :internal_get_with_validation + end + end + end + + def validate_put + self.instance_eval do + class << self + alias_method :internal_put, :internal_put_with_validation + end + end + end + + def validate_all + validate_get + validate_put + end + + # all get_* and put_* methods take an additional hash used for + # finetuning validation. global validation settings can be overridden by + # adding :validate => (true|false) to the parameters. + # + # Examples: + # + # # validates request regardless of global settings + # Suse::Backend.get_source( '/some/path', :validate => true ) + # + # # activates validation on every request + # Suse::Backend.validate_all + # + # # does not validate even though global validation is activated + # Suse::Backend.put_rpm( '/another/path', @data, :validate => false ) + # + # + # the option hash is also passed to the validate method, for setting + # the schema against which the document is validated. see comment before + # definition of method validate + + def get( path, opt={} ) + logger.debug "GET: #{path}, #{opt.inspect}" + get_source path, opt + end + + def get_source( path, opt={} ) + if opt.has_key? :validate + if opt[:validate] + internal_get_with_validation source_host, source_port, path, opt + else + internal_get_without_validation source_host, source_port, path + end + else + internal_get source_host, source_port, path, opt + end + end + + def get_package_result( project, repository, package ) + path = "/status/#{project}/#{repository}/#{package}" + do_get( source_host, source_port, path ) + end + + def get_project_result( project ) + path = "/status/#{project}/:all/:all" + do_get( source_host, source_port, path ) + end + + def get_log( project, repository, package, arch ) + path = "/rpm/#{project}/#{repository}/#{arch}/#{package}/logfile" + do_get( rpm_host, rpm_port, path ) + end + + def get_log_chunk( project, repository, package, arch, start=0 ) + path = "/rpm/#{project}/#{repository}/#{arch}/#{package}/logfile?nostream=1&start=#{start}" + do_get( rpm_host, rpm_port, path ) + end + + + def get_rpmlist( project, repository, package, arch ) + path = "/rpm/#{project}/#{repository}/#{arch}/#{package}" + do_get( rpm_host, rpm_port, path ) + end + + def get_rpm( path, opt={} ) + if opt.has_key? :validate + if opt[:validate] + internal_get_with_validation rpm_host, rpm_port, path, opt + else + internal_get_without_validation rpm_host, rpm_port, path + end + else + internal_get rpm_host, rpm_port, path, opt + end + end + + def put( path, data, opt={} ) + put_source path, data, opt + end + + def put_source( path, data, opt={} ) + if opt.has_key? :validate + if opt[:validate] + internal_put_with_validation source_host, source_port, path, data, opt + else + internal_put_without_validation source_host, source_port, path, data + end + else + internal_put source_host, source_port, path, data, opt + end + end + + def put_rpm( path, data, opt={} ) + if opt.has_key? :validate + if opt[:validate] + internal_put_with_validation rpm_host, rpm_port, path, data, opt + else + internal_put_without_validation rpm_host, rpm_port, path, data + end + else + internal_put rpm_host, rpm_port, path, data, opt + end + end + + private + + def now + Time.now.strftime "%Y%m%dT%H%M%S" + end + + def do_get( host, port, path ) + response = Net::HTTP.get_response( host, path, port ) + write_backend_log( "GET", host, port, path, response, response.body ) + handle_response response + end + + def internal_get_without_validation( host, port, path, opt={} ) + response = Net::HTTP.get_response( host, path, port ) + write_backend_log( "GET", host, port, path, response, response.body ) + handle_response response + end + alias_method :internal_get, :internal_get_without_validation + + def internal_put_without_validation( host, port, path, data, opt={} ) + backend_request = Net::HTTP::Put.new( path ) + response = Net::HTTP.start( host, port ) do |http| + http.request( backend_request, data ) + end + write_backend_log( "PUT", host, port, path, response, data ) + handle_response response + end + alias_method :internal_put, :internal_put_without_validation + + def write_backend_log method, host, port, path, response, data + @@backend_logger.info( now + " #{method} #{host}:#{port}#{path} #{response.code}" ) + begin + log_xml = EXTENDED_BACKEND_LOG + rescue + end + if ( log_xml ) + if ( data[0,1] == "<" ) + @@backend_logger.info( data ) + else + @@backend_logger.info( "(non-XML data)" ) + end + end + end + + def handle_response( response ) + #logger.debug "server returned #{response.class}" + + case response + when Net::HTTPSuccess, Net::HTTPRedirection + return response + #when Net::HTTPUnauthorized + #raise UnauthorizedError, error_doc( response.read_body ) + #when Net::HTTPForbidden + #raise ForbiddenError, error_doc( response.read_body ) + #when Net::HTTPClientError, Net::HTTPServerError + #raise HTTPError, error_doc( response.read_body ) + when Net::HTTPNotFound + raise NotFoundError, response + end + + raise HTTPError, response + end + + def internal_get_with_validation( host, port, path, opt ) + response = internal_get_without_validation( host, port, path ) + validate response.body + return response + end + + def internal_put_with_validation( host, port, path, data, opt ) + internal_put_without_validation( host, port, path, validate(data, opt) ) + end + + # validates the passed xml string. the correct schema will be determined + # either by the passed option :schema (which can be either + # '<schema>.xsd' or '<schema>'), or if the option is not set, the root tag of the + # passed xml string. + # + # if validation was successful the string is returned, so that the method can be used + # like a filter. + # + # if validation fails or the root tag cannot be extracted (invalid xml), + # a Suse::Backend::ValidationError will be raised. + def validate( xml_string, opt={} ) + if opt[:schema] + schema = add_schema_ext( opt[:schema] ) + else + begin + schema = get_schema_from_xml( xml_string ) + rescue Exception + raise ValidationError, "invalid xml: #{$!.message}" + end + end + + schema = @schema_location + schema + logger.debug "trying to validate against schema '#{schema}'" + + unless File.exist? schema + raise ValidationError, "Unable to validate against schema '#{schema}': file not found" + end + + tmp = Tempfile.new('opensuse_frontend_validator') + tmp.print xml_string + tmp_path = tmp.path + tmp.close + + logger.debug "validation tmpfile: #{tmp_path}" + + out = `/usr/bin/xmllint --noout --schema #{schema} #{tmp_path} 2>&1` + if $?.exitstatus > 0 + logger.debug "xmllint return value: #{$?.exitstatus}" + logger.debug "validation.out: #{out}" + raise ValidationError, "validation failed, output:\n#{out}" + end + logger.debug "validation succeeded" + + xml_string + end + + def add_schema_ext( str ) + str += ".xsd" unless str =~ /\.xsd$/ + end + + def get_schema_from_xml( str ) + REXML::Document.new(str).root.name + ".xsd" + end + end + end +end diff --git a/src/api/lib/opensuse/permission.rb b/src/api/lib/opensuse/permission.rb new file mode 100644 index 0000000..3173522 --- /dev/null +++ b/src/api/lib/opensuse/permission.rb @@ -0,0 +1,108 @@ + +module Suse +require 'components/active_rbac/helpers/rbac_helper' + + class Permission + + def to_s + return "OpenSUSE Permissions for user #{@user.login}" + end + + def initialize( u ) + @user = u + logger.debug "User #{@user.login} initialised" + end + + def project_change?( project = nil ) + # one is project admin if he has the permission Project_Admin or if he + # is the owner of the project + logger.debug "User #{@user.login} wants to change the project" + + if @user.has_permission( "global_project_change" ) + return true + else + val = project_maintainers project + + if val and val.find{ |u| u == @user.login } + logger.debug "Returning true from project_change?" + return true + end + logger.debug "Returning false from project_change?" + return false + end + end + + # One may create a package if he either has the global_package_create + # permission or if he is maintainer of the project. + def package_create?( project ) + logger.debug "User #{@user.login} wants to create a package in #{project}" + + if @user.has_permission( 'global_package_create' ) + return true + else + val = project_maintainers project + logger.debug "Project-Maintainers: #{val}" + if val and val.find{ |u| u == @user.login } + return true + end + end + return false + end + + # One may change a package if he either has the global_package_change + # permission or if he is maintainer of the project + # TODO: or if he is maintainer of the package + def package_change?( project = nil, package = nil ) + logger.debug "User #{@user.login} wants to change the package" + + if @user.has_permission( "global_package_change" ) + return true + else + val = project_maintainers project + if val.find{ |u| u == @user.login } + return true + end + end + return false + end + + def method_missing( perm, *args, &block) + + logger.debug "Dynamic Permission requested: <#{perm}>" + + if @user + if @user.has_permission perm.to_s + logger.debug "User #{@user.login} has permission #{perm}" + return true + else + logger.debug "User #{@user.login} does NOT have permission #{perm}" + return false + end + else + logger.debug "Permission check failed because no user is checked in" + return false + end + end + + def project_maintainers( project ) + val = [] + path = "/source/#{project}/_meta" + + response = Suse::Backend.get( path ) + + doc = REXML::Document.new( response.body ) + logger.debug "The XML Document: " + doc.to_s + root = doc.root + elem = doc.elements["project/person[@role='maintainer']"] + if elem + val = elem.attributes["userid"] + end + return val + end + + + def logger + RAILS_DEFAULT_LOGGER + end + end +end diff --git a/src/api/lib/opensuse/validator.rb b/src/api/lib/opensuse/validator.rb new file mode 100644 index 0000000..1af22ea --- /dev/null +++ b/src/api/lib/opensuse/validator.rb @@ -0,0 +1,141 @@ +require 'tempfile' + +# method for mapping actions in a controller to schemas +# use in controller definition file +# +# Example: +# +# class FooController < ActionController::Base +# +# # data received in a put request in action index will be validated +# # against schema project.xsd +# validate_action :index => :project +# +# def index +# if @request.put? +# # request data has already been validated here +# end +# end +# +# end +# +module ActionController + class Base + class << self + def validate_action( opt ) + controller = self.name.match(/^(.*?)Controller/)[1].downcase + opt.each do |k, v| + Suse::Validator.add_schema_mapping( controller, k, v ) + end + end + end + end +end + +module Suse + class ValidationError < Exception; end + + class Validator + @schema_location = SCHEMA_LOCATION + + class << self + attr_reader :schema_location + + def logger + RAILS_DEFAULT_LOGGER + end + + def add_schema_mapping( controller, action, schema ) + logger.debug "add validation mapping: #{controller.inspect}, #{action.inspect} => #{schema.inspect}" + controller = controller.to_s + action = action.to_s + schema = schema.to_s + + @schema_map ||= Hash.new + @schema_map[controller] ||= Hash.new + @schema_map[controller][action] = schema + end + + def get_schema( opt ) + unless opt.has_key?(:controller) and opt.has_key?(:action) + raise "Suse::Validation.get_schema: option hash needs keys :controller and :action" + end + c = opt[:controller].to_s + a = opt[:action].to_s + + logger.debug "checking schema map for controller '#{c}', action '#{a}'" + + return nil if @schema_map.nil? + return nil unless @schema_map.has_key? c and @schema_map[c].has_key? a + + @schema_map[c][a].to_s + end + + def dump_map + @schema_map.inspect + end + end + + def logger + RAILS_DEFAULT_LOGGER + end + + def initialize( opt ) + case opt + when String, Symbol + schema_file = opt.to_s + when Hash + schema_file = self.class.get_schema(opt) + else + raise "illegal initialization option to Suse::Validator; need: Hash/Symbol/String, seen: #{opt.class.name}" + end + + logger.debug "schema_file: #{schema_file}" + return if schema_file.nil? + + schema_file += ".xsd" unless schema_file =~ /\.xsd$/ + schema_path = self.class.schema_location + schema_file + + unless File.exist? schema_path + raise Suse::ValidationError, "unable to read schema file '#{schema_path}': file not found" + end + + logger.debug "schema_path: #{schema_path}" + @schema_path = schema_path + end + + def validate( document ) + case document + when String + doc_str = document + else + raise ValidationError, "illegal document type '#{document.class.name}'" + end + + if @schema_path.nil? + logger.debug "schema path not set, skipping validation" + return doc_str + end + + logger.debug "trying to validate against schema '#@schema_path'" + + tmp = Tempfile.new('opensuse_frontend_validator') + tmp.print doc_str + tmp_path = tmp.path + tmp.close + + logger.debug "validation tmpfile: #{tmp_path}" + + out = `/usr/bin/xmllint --noout --schema #@schema_path #{tmp_path} 2>&1` + if $?.exitstatus > 0 + logger.debug "xmllint return value: #{$?.exitstatus}" + logger.debug "XML: #{doc_str}" + raise ValidationError, "validation failed, output:\n#{out}" + end + logger.debug "validation succeeded" + + doc_str + + end + end +end diff --git a/src/api/lib/tasks/switchtower.rake b/src/api/lib/tasks/switchtower.rake new file mode 100644 index 0000000..5797669 --- /dev/null +++ b/src/api/lib/tasks/switchtower.rake @@ -0,0 +1,48 @@ +# ============================================================================= +# A set of rake tasks for invoking the SwitchTower automation utility. +# ============================================================================= + +# Invoke the given actions via SwitchTower +def switchtower_invoke(*actions) + begin + require 'rubygems' + rescue LoadError + # no rubygems to load, so we fail silently + end + + require 'switchtower/cli' + + args = %w[-vvvvv -r config/deploy] + args.concat(actions.map { |act| ["-a", act.to_s] }.flatten) + SwitchTower::CLI.new(args).execute! +end + +desc "Push the latest revision into production" +task :deploy do + switchtower_invoke :deploy +end + +desc "Rollback to the release before the current release in production" +task :rollback do + switchtower_invoke :rollback +end + +desc "Describe the differences between HEAD and the last production release" +task :diff_from_last_deploy do + switchtower_invoke :diff_from_last_deploy +end + +desc "Enumerate all available deployment tasks" +task :show_deploy_tasks do + switchtower_invoke :show_tasks +end + +desc "Execute a specific action using switchtower" +task :remote_exec do + unless ENV['ACTION'] + raise "Please specify an action (or comma separated list of actions) via the ACTION environment variable" + end + + actions = ENV['ACTION'].split(",") + switchtower_invoke(*actions) +end diff --git a/src/api/public/.htaccess b/src/api/public/.htaccess new file mode 100644 index 0000000..d3c9983 --- /dev/null +++ b/src/api/public/.htaccess @@ -0,0 +1,40 @@ +# General Apache options +AddHandler fastcgi-script .fcgi +AddHandler cgi-script .cgi +Options +FollowSymLinks +ExecCGI + +# If you don't want Rails to look in certain directories, +# use the following rewrite rules so that Apache won't rewrite certain requests +# +# Example: +# RewriteCond %{REQUEST_URI} ^/notrails.* +# RewriteRule .* - [L] + +# Redirect all requests not available on the filesystem to Rails +# By default the cgi dispatcher is used which is very slow +# +# For better performance replace the dispatcher with the fastcgi one +# +# Example: +# RewriteRule ^(.*)$ dispatch.fcgi [QSA,L] +RewriteEngine On + +# If your Rails application is accessed via an Alias directive, +# then you MUST also set the RewriteBase in this htaccess file. +# +# Example: +# Alias /myrailsapp /path/to/myrailsapp/public +# RewriteBase /myrailsapp + +RewriteRule ^$ index.html [QSA] +RewriteRule ^([^.]+)$ $1.html [QSA] +RewriteCond %{REQUEST_FILENAME} !-f +RewriteRule ^(.*)$ dispatch.cgi [QSA,L] + +# In case Rails experiences terminal errors +# Instead of displaying this message you can supply a file here which will be rendered instead +# +# Example: +# ErrorDocument 500 /500.html + +ErrorDocument 500 "<h2>Application error</h2>Rails application failed to start properly" \ No newline at end of file diff --git a/src/api/public/404.html b/src/api/public/404.html new file mode 100644 index 0000000..0e18456 --- /dev/null +++ b/src/api/public/404.html @@ -0,0 +1,8 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<body> + <h1>File not found</h1> + <p>Change this error message for pages not found in public/404.html</p> +</body> +</html> \ No newline at end of file diff --git a/src/api/public/500.html b/src/api/public/500.html new file mode 100644 index 0000000..a1001a0 --- /dev/null +++ b/src/api/public/500.html @@ -0,0 +1,8 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" + "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<body> + <h1>Application error (Apache)</h1> + <p>Change this error message for exceptions thrown outside of an action (like in Dispatcher setups or broken Ruby code) in public/500.html</p> +</body> +</html> \ No newline at end of file diff --git a/src/api/public/dispatch.cgi b/src/api/public/dispatch.cgi new file mode 100755 index 0000000..9730473 --- /dev/null +++ b/src/api/public/dispatch.cgi @@ -0,0 +1,10 @@ +#!/usr/bin/ruby + +require File.dirname(__FILE__) + "/../config/environment" unless defined?(RAILS_ROOT) + +# If you're using RubyGems and mod_ruby, this require should be changed to an absolute path one, like: +# "/usr/local/lib/ruby/gems/1.8/gems/rails-0.8.0/lib/dispatcher" -- otherwise performance is severely impaired +require "dispatcher" + +ADDITIONAL_LOAD_PATHS.reverse.each { |dir| $:.unshift(dir) if File.directory?(dir) } if defined?(Apache::RubyRun) +Dispatcher.dispatch \ No newline at end of file diff --git a/src/api/public/dispatch.fcgi b/src/api/public/dispatch.fcgi new file mode 100755 index 0000000..f934b30 --- /dev/null +++ b/src/api/public/dispatch.fcgi @@ -0,0 +1,24 @@ +#!/usr/bin/ruby +# +# You may specify the path to the FastCGI crash log (a log of unhandled +# exceptions which forced the FastCGI instance to exit, great for debugging) +# and the number of requests to process before running garbage collection. +# +# By default, the FastCGI crash log is RAILS_ROOT/log/fastcgi.crash.log +# and the GC period is nil (turned off). A reasonable number of requests +# could range from 10-100 depending on the memory footprint of your app. +# +# Example: +# # Default log path, normal GC behavior. +# RailsFCGIHandler.process! +# +# # Default log path, 50 requests between GC. +# RailsFCGIHandler.process! nil, 50 +# +# # Custom log path, normal GC behavior. +# RailsFCGIHandler.process! '/var/log/myapp_fcgi_crash.log' +# +require File.dirname(__FILE__) + "/../config/environment" +require 'fcgi_handler' + +RailsFCGIHandler.process! diff --git a/src/api/public/dispatch.rb b/src/api/public/dispatch.rb new file mode 100755 index 0000000..9730473 --- /dev/null +++ b/src/api/public/dispatch.rb @@ -0,0 +1,10 @@ +#!/usr/bin/ruby + +require File.dirname(__FILE__) + "/../config/environment" unless defined?(RAILS_ROOT) + +# If you're using RubyGems and mod_ruby, this require should be changed to an absolute path one, like: +# "/usr/local/lib/ruby/gems/1.8/gems/rails-0.8.0/lib/dispatcher" -- otherwise performance is severely impaired +require "dispatcher" + +ADDITIONAL_LOAD_PATHS.reverse.each { |dir| $:.unshift(dir) if File.directory?(dir) } if defined?(Apache::RubyRun) +Dispatcher.dispatch \ No newline at end of file diff --git a/src/api/public/favicon.ico b/src/api/public/favicon.ico new file mode 100644 index 0000000..e69de29 diff --git a/src/api/public/images/opensuse.gif b/src/api/public/images/opensuse.gif new file mode 100644 index 0000000000000000000000000000000000000000..fc0904062fa60809bb8f759796ec71164fd84a08 GIT binary patch literal 1474 zcmcJ~jXTo`0KoCzUJWz9nL2M}-U>~R^fp^LTf@jXt|N-Hd0(oVB*KN3xAQXOM3@Sx zJj2oQ7W--QdXLwuc10u#BQGI@-P0d&-+$oqd>tI^$<{13U<14)0?&qXvU_|ID@xyf z?tbylpi^wb>bIq?$*QsT|xQ7Of{tk4rLWp z)oMTc!O)d-EUUVy9G`$zXRC?w#mybXDnzhQSse|sfqZOX=j&KybZ#Ay^(JLN_942@ zPbp0wr^E)YqSGgq0;Ym5&L*{mqt(7_e?s(55R9BuTW?@;O)Ou;72Q!fi!+qG%5+XZ z;ks?>R`10_se~%CPP;%Y1PW$I2Jn~Dh{o6H8BHB{$jQ60lSps-shp``3nfTTAc zXq!nBSIfP9#YiC81eSlh5YC7cJ6oTZ+r}A>Ki*Ic@Q2lAFtOnAp)s%=g}@yfGZhU9 z_NY`eUa5Tu^%~*AUd6hrDvuoK7U_9XWrPHGCcMCrWGpA3z;jNao2G4}Mo@RmE_mFc zmM`OsA!9+ZoDbxbvhk$A-jB!mw<>-=w0!Dj9&xPwqE$(K=>D7}NjQ>=nPYlCpM8he z^uQlHYI4GgGiIsX9gx>5Dn^FnTR%o5vx(aXvca1kM*p}galJFJFf;1M(w0MpeX*|K zPVJ(B;aEEoUjSOCd+<0I5HHZehrRbbiqT=A4HJA=3b6~i&_Tk&nMc?s+UtoN801Por5$}Nx5$K&O|#O#Art=yNzkt4Az`YF~vn?@S|tT&hY8TTmI<**yM56 zy!)wkOM3r`*X=^*E-9ckE)!^btNe=uP(GeMH@*a9XHWuFXt|ai8W7;O`=yx#uCkDH zKPtzoAw8sFJ*tDNeJ&WUd2QywR4Ie3;s}rWW#$tg49GFVBYEbW3OleL!fSv;8h&S* zIp>iuqmjcHT3LAnYI=`B!sgEu2qesMXn2jOR0!1c@4rxm!qz~4^_;U6qY0Q2DO^3= ziFMxr1T1P#Xjbool`WYwlt!1XD`@r81^aAKJHjCV2{8B?Kzt~ER)|`bUxw*a%V7;A z1*&beo7-JDR;@}9gbwoLu&E1Z$?G3Z1QW%dN|d&%J9Jc`#rO3IxQ&)1Dt57T z2YJhIB2U2_ZJ4Zlx>`TH5x}KPGrwJ0=&9x6=o2D!xAjH+37cCVpZn3Eg(j=CO2~23 zWv$E6ALl#A8}5zCDt&1~#q6vQHcq8dV`!+y@)@Xc>WTh_aGB~IwCtPI`L$}dBvC_@Ng@?)hx(8!{C9APU&Bc|> zdJ@42OwjsusNf^mBG|>o^n2!*iVSkE7XEQV;HUd!?da21E|5&$GyqZOkCS+r{;m^k Yga=Hiv2#tTr*Rv+K3D39f&tY30OSsHH2?qr literal 0 HcmV?d00001 diff --git a/src/api/public/images/rails.png b/src/api/public/images/rails.png new file mode 100644 index 0000000000000000000000000000000000000000..b8441f182e06974083cf08f0acaf0e2fd612bd40 GIT binary patch literal 1787 zcmVCLdthj)A!BBmWB&y|X`RY;f`BJ<_ju%@N||NoLFD~mQl$aHGjq>;5dG_D{h(5s}0 z6&=HANU$m__3PuddU(lvR_xWj`}Oho@9EyQt-n!E*P(KhM@X_VFV2l&>deNZJT%y8iwA zoG>u1B`p2=_u9k4v1Mud`1+qvOZoHg#bITJ9U`qBAek?40RR96!AV3xRCwBy*IQ$v zN(=yC9IhRft9V64L`77pqF_Cx@c;kSNoGK)`?Ps*cP(EtGlYZ{D5cxspMQvjKH)Oh6X(pa|J{ zGy1J$Ej7=Z{uvmMfRRsE;v`p;45B~6*ep#hM^ji zl$+7qoWq~}ewG=61uFw0He{tJurMU&4Iv?=B^eR(wAHk!miA)O7p_+YR>lbmU3rmn ze?+ze(+sEd6M3|b0|Gn z+5t#z6*ffSVc6DjpmB2?AAR@@vB!wCK?9Yl;33;Q7^%(401QW|k=R8b!OwtLJPjjm zO9Ia;qCq)rOq!1Ia*6#A%#xb}yDx1P*pWla>9j$bnMn3CBqe4`TRll_Iy29kmG?4fbKuF=XqU|?3b@B zA`&a?KIgZ|KJx5eND_c3Em=WZn@xW8hRJ^G&sY^b(FW?WC9W_sb;+lAPdLTdBaKIK;-f}*h4|1aTjw7qX_k~e{TWO7jqcekERN;Jyh%67)q4rKpL*CEYL;|#GY{B@5 zi52XoC?xsoorJKxsliugF#z38MJqrYCWV(t<=G&f;^Me13&AiI9{3jUZ$ zFM`*L(9qc^VMxkz1oaDH!1pcD^IXp>Z0Jb=_qs?Vsrs{mp<^{$N!EC9o+`CO-(o}E zJ`y{*;9s|wr22-QoJ87y^~;)Q@b%P4UgSSsx>2$o@Vd{%Pk0@4qZ^fhB(vt$c1TG> z*{Ad;foraENbld`=MCNm4?9kvlgK~&J>ialpJ7nua zx0oRzwG5;}Qne)Fg(N3kf?JVmB;}y&5(0+~r*aL$0Zof8fe!AtHWH>A^1Y)@G@GsA zup`R{Qg?{+MaxTq#2n{6w|)c&yaJ7{U4ngAH5v6I)*;@rEBE*ehIPBwKBQU)YKE8F0lR!Sm?sE4Xk-sj&E$|A-9n dP56HS1^^A-61FoN)nxzx002ovPDHLkV1kw_Sd9Px literal 0 HcmV?d00001 diff --git a/src/api/public/javascripts/controls.js b/src/api/public/javascripts/controls.js new file mode 100644 index 0000000..9742b69 --- /dev/null +++ b/src/api/public/javascripts/controls.js @@ -0,0 +1,750 @@ +// Copyright (c) 2005 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us) +// (c) 2005 Ivan Krstic (http://blogs.law.harvard.edu/ivan) +// (c) 2005 Jon Tirsen (http://www.tirsen.com) +// Contributors: +// Richard Livsey +// Rahul Bhargava +// Rob Wills +// +// See scriptaculous.js for full license. + +// Autocompleter.Base handles all the autocompletion functionality +// that's independent of the data source for autocompletion. This +// includes drawing the autocompletion menu, observing keyboard +// and mouse events, and similar. +// +// Specific autocompleters need to provide, at the very least, +// a getUpdatedChoices function that will be invoked every time +// the text inside the monitored textbox changes. This method +// should get the text for which to provide autocompletion by +// invoking this.getToken(), NOT by directly accessing +// this.element.value. This is to allow incremental tokenized +// autocompletion. Specific auto-completion logic (AJAX, etc) +// belongs in getUpdatedChoices. +// +// Tokenized incremental autocompletion is enabled automatically +// when an autocompleter is instantiated with the 'tokens' option +// in the options parameter, e.g.: +// new Ajax.Autocompleter('id','upd', '/url/', { tokens: ',' }); +// will incrementally autocomplete with a comma as the token. +// Additionally, ',' in the above example can be replaced with +// a token array, e.g. { tokens: [',', '\n'] } which +// enables autocompletion on multiple tokens. This is most +// useful when one of the tokens is \n (a newline), as it +// allows smart autocompletion after linebreaks. + +var Autocompleter = {} +Autocompleter.Base = function() {}; +Autocompleter.Base.prototype = { + baseInitialize: function(element, update, options) { + this.element = $(element); + this.update = $(update); + this.hasFocus = false; + this.changed = false; + this.active = false; + this.index = 0; + this.entryCount = 0; + + if (this.setOptions) + this.setOptions(options); + else + this.options = options || {}; + + this.options.paramName = this.options.paramName || this.element.name; + this.options.tokens = this.options.tokens || []; + this.options.frequency = this.options.frequency || 0.4; + this.options.minChars = this.options.minChars || 1; + this.options.onShow = this.options.onShow || + function(element, update){ + if(!update.style.position || update.style.position=='absolute') { + update.style.position = 'absolute'; + Position.clone(element, update, {setHeight: false, offsetTop: element.offsetHeight}); + } + Effect.Appear(update,{duration:0.15}); + }; + this.options.onHide = this.options.onHide || + function(element, update){ new Effect.Fade(update,{duration:0.15}) }; + + if (typeof(this.options.tokens) == 'string') + this.options.tokens = new Array(this.options.tokens); + + this.observer = null; + + this.element.setAttribute('autocomplete','off'); + + Element.hide(this.update); + + Event.observe(this.element, "blur", this.onBlur.bindAsEventListener(this)); + Event.observe(this.element, "keypress", this.onKeyPress.bindAsEventListener(this)); + }, + + show: function() { + if(Element.getStyle(this.update, 'display')=='none') this.options.onShow(this.element, this.update); + if(!this.iefix && + (navigator.appVersion.indexOf('MSIE')>0) && + (navigator.userAgent.indexOf('Opera')<0) && + (Element.getStyle(this.update, 'position')=='absolute')) { + new Insertion.After(this.update, + '