devise user and role management foundation

Gemfile

@@ -49,6 +49,9 @@ gem 'marmotta'
 gem 'passenger'
 gem 'jettywrapper'
 
+gem 'devise'
+gem 'cancan'
+
 group :development do
   gem 'spring-commands-rspec'
   gem 'capistrano', '~> 2.0'

Gemfile.lock

@@ -84,6 +84,7 @@ GEM
     awesome_print (1.2.0)
     bcp47 (0.3.3)
       i18n
+    bcrypt (3.1.11)
     binding_of_caller (0.7.2)
       debug_inspector (>= 0.0.1)
     bootstrap-sass (3.3.1.0)
@@ -92,6 +93,7 @@ GEM
     byebug (2.7.0)
       columnize (~> 0.3)
       debugger-linecache (~> 1.2)
+    cancan (1.6.10)
     capistrano (2.15.5)
       highline
       net-scp (>= 1.0.0)
@@ -137,6 +139,13 @@ GEM
     debugger-linecache (1.2.0)
     deprecation (0.2.2)
       activesupport
+    devise (3.5.6)
+      bcrypt (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (>= 3.2.6, < 5)
+      responders
+      thread_safe (~> 0.1)
+      warden (~> 1.2.3)
     diff-lcs (1.2.5)
     diffy (3.0.7)
     docile (1.1.5)
@@ -242,6 +251,7 @@ GEM
       mini_portile2 (~> 2.0.0.rc2)
     octokit (3.7.0)
       sawyer (~> 0.6.0, >= 0.5.3)
+    orm_adapter (0.5.0)
     passenger (5.0.7)
       rack
       rake (>= 0.8.1)
@@ -347,6 +357,8 @@ GEM
       rdf (~> 1.1, >= 1.1.9)
     rdoc (4.2.0)
       json (~> 1.4)
+    responders (1.1.2)
+      railties (>= 3.2, < 4.2)
     rest-client (1.7.2)
       mime-types (>= 1.16, < 3.0)
       netrc (~> 0.7)
@@ -458,12 +470,14 @@ DEPENDENCIES
   autoprefixer-rails
   awesome_print
   bootstrap-sass (~> 3.3.1)
+  cancan
   capistrano (~> 2.0)
   capybara
   capybara-screenshot
   coffee-rails (~> 4.0.0)
   coveralls
   database_cleaner
+  devise
   dotenv-rails
   factory_girl_rails
   formulaic
@@ -495,3 +509,6 @@ DEPENDENCIES
   warden-github-rails
   warden-rspec-rails!
   webmock
+
+BUNDLED WITH
+   1.11.2

app/controllers/application_controller.rb

@@ -2,15 +2,10 @@ class ApplicationController < ActionController::Base
   # Prevent CSRF attacks by raising an exception.
   # For APIs, you may want to use :null_session instead.
   protect_from_forgery with: :exception
-  before_filter :check_auth
+  before_filter :authenticate_user!
 
-  private
-
-  def check_auth
-    if session[:authorized] != true
-      session[:user_route] = request.env['PATH_INFO']
-      redirect_to '/login'
-    end
+  rescue_from CanCan::AccessDenied do |exception|
+    flash[:error] = exception.message
+    redirect_to root_url
   end
-
 end

app/controllers/home_controller.rb

@@ -1,5 +1,6 @@
 class HomeController < ApplicationController
-  skip_before_filter :check_auth
+  skip_before_filter :authenticate_user!
+
   def index
   end
 end

app/controllers/registrations_controller.rb

@@ -0,0 +1,28 @@
+class RegistrationsController < Devise::RegistrationsController 
+
+  def create
+    build_resource
+    resource.role = "user"
+
+    if resource.save
+      if resource.active?
+        set_flash_message :notice, :signed_up
+        sign_in_and_redirect(resource_name, resource)
+      else
+        set_flash_message :notice, :inactive_signed_up, :reason => resource.inactive_message.to_s
+        expire_session_data_after_sign_in!
+        redirect_to after_inactive_sign_up_path_for(resource)
+      end
+    else
+      clean_up_passwords(resource)
+      render_with_scope :new
+    end
+  end
+
+  def token
+    #@user = User.where(:id => params[:user_id]).first
+    #@user.reset_authentication_token!
+    redirect_to edit_user_registration_path(@user)
+  end
+
+end

app/controllers/users_controller.rb

@@ -0,0 +1,45 @@
+class UserController < ApplicationController
+  load_and_authorize_resource
+
+  def index
+    @users = User.excludes(:id => current_user.id)
+  end
+
+  def new
+    @user = User.new
+  end
+
+  def create
+    @user = User.new(params[:user])
+    if @user.save
+      flash[:notice] = "Successfully created User."
+      redirect_to root_path
+    else
+      render :action => 'new'
+    end
+  end
+
+  def edit
+    @user = User.find(params[:id])
+  end
+
+  def update
+    @user = User.find(params[:id])
+    params[:user].delete(:password) if params[:user][:password].blank?
+    params[:user].delete(:password_confirmation) if params[:user][:password].blank? and params[:user][:password_confirmation].blank?
+    if @user.update_attributes(params[:user])
+      flash[:notice] = "Successfully updated User."
+      redirect_to root_path
+    else
+      render :action => 'edit'
+    end
+  end
+
+  def destroy
+    @user = User.find(params[:id])
+    if @user.destroy
+      flash[:notice] = "Successfully deleted User."
+      redirect_to root_path
+    end
+  end
+end

app/models/ability.rb

@@ -0,0 +1,18 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    # Define abilities for the passed in user here. For example:
+    #
+    user ||= User.new # guest user (not logged in)
+    if user.is_admin?
+      can :administrate, :all
+    elsif user.is_reviewer?
+      can :review, :all
+    elsif user.is_submitter?
+      can :submit, :all
+    else
+      can :read, :all
+    end
+  end
+end

app/models/user.rb

@@ -0,0 +1,22 @@
+class User < ActiveRecord::Base
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :trackable, :validatable
+
+  ROLES = {
+    :admin => 'admin',
+    :reviewer => 'reviewer',
+    :submitter => 'submitter'
+  }
+
+  def is_admin?
+    roles.include?(ROLES[:admin])
+  end
+  def is_reviewer?
+    roles.include?(ROLES[:reviewer])
+  end
+  def is_sumitter?
+    roles.include?(ROLES[:submitter])
+  end
+end

app/views/registrations/edit.html.erb

@@ -0,0 +1,44 @@
+<h2>Edit <%= resource_name.to_s.humanize %></h2>
+
+<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name), :html => { :method => :put }) do |f| %>
+  <%= devise_error_messages! %>
+
+  <p><%= f.label :name %><br />
+  <%= f.text_field :name %></p>
+
+  <p><%= f.label :email %><br />
+  <%= f.text_field :email %></p>
+
+  <p><%= f.label :password %> <i>(leave blank if you don't want to change it)</i><br />
+  <%= f.password_field :password %></p>
+
+  <p><%= f.label :password_confirmation %><br />
+  <%= f.password_field :password_confirmation %></p>
+
+  <p><%= f.label :current_password %> <i>(we need your current password to confirm your changes)</i><br />
+  <%= f.password_field :current_password %></p>
+
+  <p><%= f.label :token_authentication_key %><br />
+  <%= resource.authentication_token.blank? ? "Token Empty" : resource.authentication_token %></p>
+
+  <p><%= link_to "Generate Token", token_authentications_path(:user_id => resource.id), :method => :post, :confirm => "Are you sure?"  %>
+  <%= link_to "Delete Token", token_authentication_path(resource), :method => :delete, :confirm => "Are you sure?"  %></p>
+
+  <% if resource.authentication_token %>
+    <p>You can use this url to login<br />
+    <%= link_to "http://localhost:3000#{root_path(:auth_token => resource.authentication_token)}", root_path(:auth_token => resource.authentication_token)  %></p>
+  <% end %>
+  
+  <% if can? :manage, @users %>
+  <p><%= f.label :role %>: <%= f.collection_select :role, User::ROLES, :to_s, :humanize, {:include_blank => true} %></p>
+  <% end %>
+
+  <p><%= f.submit "Update" %></p>
+<% end %>
+
+<h3>Cancel my account</h3>
+
+<p>Unhappy? <%= link_to "Cancel my account", registration_path(resource_name), :confirm => "Are you sure?", :method => :delete %>.</p>
+
+<%= link_to "Back", :back %>
+

app/views/registrations/new.html.erb

@@ -0,0 +1,22 @@
+<h2>Sign up</h2>
+
+<%= form_for(resource, :as => resource_name, :url => registration_path(resource_name)) do |f| %>
+  <%= devise_error_messages! %>
+
+  <p><%= f.label :name %><br />
+  <%= f.text_field :name %></p>
+
+
+  <p><%= f.label :email %><br />
+  <%= f.text_field :email %></p>
+
+  <p><%= f.label :password %><br />
+  <%= f.password_field :password %></p>
+
+  <p><%= f.label :password_confirmation %><br />
+  <%= f.password_field :password_confirmation %></p>
+
+  <p><%= f.submit "Sign up" %></p>
+<% end %>
+
+<%= render :partial => "devise/shared/links" %>

app/views/shared/_navbar.html.erb

@@ -1,23 +1,25 @@
-  <nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
-    <div class="container">
-      <div class="navbar-header">
-        <%= link_to "opaquenamespace.org", '/', class: "navbar-brand"%>
-      </div>
-      <div id="navbar" class="collapse navbar-collapse">
-        <ul class="nav navbar-nav">
-          <li><%= link_to "Home", '/' %></li>
-          <li><%= link_to "Vocabularies", vocabularies_path %></li>
-
-          <li><%= link_to "Predicates", predicates_path %></li>
-
-          <%- if session[:authorized] == true  %>
-            <li><%= link_to "Import External RDF", import_rdf_path %></li>
-            <li><%= link_to "Logout", '/login/auth' %></li>
-          <%- else -%>
-            <li><%= link_to "Login", '/login/auth' %></li>
-          <%- end -%>
-        </ul>
-      </div><!--/.nav-collapse -->
+<nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
+  <div class="container">
+    <div class="navbar-header">
+      <%= link_to "opaquenamespace.org", '/', class: "navbar-brand"%>
     </div>
-  </nav>
+    <div id="navbar" class="collapse navbar-collapse">
+      <ul class="nav navbar-nav">
+        <li><%= link_to "Home", '/' %></li>
+        <li><%= link_to "Vocabularies", vocabularies_path %></li>
+        <li><%= link_to "Predicates", predicates_path %></li>
+
+        <%- if session[:authorized] == true  %>
+          <% if can? :administrate %>
+            <li><%= link_to "Users", users_path %></li>
+          <% end %>
+          <li><%= link_to "Import External RDF", import_rdf_path %></li>
+          <li><%= link_to "Logout", logout_path %></li>
+        <%- else -%>
+          <li><%= link_to "Login", login_path %></li>
+        <%- end -%>
+      </ul>
+    </div><!--/.nav-collapse -->
+  </div>
+</nav>