Switch to devise and allow user invitations

Gemfile

@@ -5,11 +5,15 @@ ruby '1.9.3'
 gem 'rails', '3.2.8'
 gem 'pg'
 gem 'jquery-rails'
-gem 'clearance'
 gem 'thin'
 gem 'simple_form'
 gem 'bourbon'
 gem 'flutie'
+gem 'devise'
+gem 'devise_invitable'
+gem 'high_voltage'
+gem 'strong_parameters'
+gem 'pry'
 
 group :assets do
   gem 'sass-rails',   '~> 3.2.3'
@@ -30,6 +34,7 @@ group :development, :test do
 end
 
 group :test do
+  gem 'email_spec'
   gem 'capybara'
   gem 'capybara-webkit'
   gem 'factory_girl_rails'

Gemfile.lock

@@ -30,6 +30,7 @@ GEM
       multi_json (~> 1.0)
     addressable (2.3.2)
     arel (3.0.2)
+    bcrypt-ruby (3.0.1)
     bootstrap-sass (2.1.1.0)
     bourbon (2.1.2)
       sass (>= 3.2)
@@ -49,9 +50,6 @@ GEM
       json
     childprocess (0.3.6)
       ffi (~> 1.0, >= 1.0.6)
-    clearance (0.16.3)
-      diesel (~> 0.1.5)
-      rails (>= 3.0)
     coderay (1.0.8)
     coffee-rails (3.2.2)
       coffee-script (>= 2.2.0)
@@ -62,9 +60,19 @@ GEM
     coffee-script-source (1.4.0)
     daemons (1.1.9)
     database_cleaner (0.9.1)
-    diesel (0.1.5)
-      railties
+    devise (2.1.2)
+      bcrypt-ruby (~> 3.0)
+      orm_adapter (~> 0.1)
+      railties (~> 3.1)
+      warden (~> 1.2.1)
+    devise_invitable (1.1.2)
+      actionmailer (~> 3.0)
+      devise (>= 2.1.0)
+      railties (~> 3.0)
     diff-lcs (1.1.3)
+    email_spec (1.4.0)
+      launchy (~> 2.1)
+      mail (~> 2.2)
     erubis (2.7.0)
     eventmachine (1.0.0)
     execjs (1.4.0)
@@ -88,6 +96,7 @@ GEM
       guard (>= 1.1)
       spork (>= 0.8.4)
       sys-proctable
+    high_voltage (1.2.1)
     hike (1.2.1)
     i18n (0.6.1)
     journey (1.0.4)
@@ -112,6 +121,7 @@ GEM
       metaclass (~> 0.0.1)
     multi_json (1.3.7)
     nokogiri (1.5.5)
+    orm_adapter (0.4.0)
     pg (0.14.1)
     polyglot (0.3.3)
     pry (0.9.10)
@@ -182,6 +192,10 @@ GEM
       hike (~> 1.2)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
+    strong_parameters (0.1.5)
+      actionpack (~> 3.1)
+      activemodel (~> 3.1)
+      railties (~> 3.1)
     sys-proctable (0.9.2)
     thin (1.5.0)
       daemons (>= 1.0.9)
@@ -197,6 +211,8 @@ GEM
     uglifier (1.3.0)
       execjs (>= 0.3.0)
       multi_json (~> 1.0, >= 1.0.2)
+    warden (1.2.1)
+      rack (>= 1.0)
     xpath (0.1.4)
       nokogiri (~> 1.3)
 
@@ -209,24 +225,29 @@ DEPENDENCIES
   bourne
   capybara
   capybara-webkit
-  clearance
   coffee-rails (~> 3.2.1)
   database_cleaner
+  devise
+  devise_invitable
+  email_spec
   factory_girl_rails
   flutie
   foreman
   guard
   guard-spork
+  high_voltage
   jquery-rails
   launchy
   pg
+  pry
   rails (= 3.2.8)
   rspec-rails
   sass-rails (~> 3.2.3)
   sham_rack
   shoulda-matchers
   simple_form
   simplecov
+  strong_parameters
   thin
   timecop
   uglifier (>= 1.0.3)

README.md

@@ -1,9 +1,45 @@
-You look great in Suspenders
+Campmaster
 ============================
+Project setup
+-------------
 
-Use the following guides for getting things done, programming well, and
-programming in style.
+Get the code.
 
-* [Protocol](http://github.com/thoughtbot/guides/blob/master/protocol)
-* [Best Practices](http://github.com/thoughtbot/guides/blob/master/best-practices)
-* [Style](http://github.com/thoughtbot/guides/blob/master/style)
+    git clone git@github.com:drapergeek/wuzup.git
+
+Set up the project's dependencies.
+
+    cd project
+    rake dev:setup
+
+This will automatically add a heroku remote for staging and production.
+
+Running tests:
+
+    rake
+
+
+Use [Foreman](http://goo.gl/oy4uw) to run the app locally.
+
+    foreman start
+
+It uses your `.env` file and `Procfile` to run processes just like Heroku's
+[Cedar](https://devcenter.heroku.com/articles/cedar/) stack.
+
+Anytime any development data is needed, add it to the dev:prime tasks.  At any
+point you can reset your local development data with:
+
+    rake dev:prime
+
+
+Deploy
+------
+After code is commited to the master branch, it is automatically deployed to
+heroku if all the tests pass.  You can also manually deploy:
+
+    git push staging
+
+Run migrations (if necessary).
+
+    heroku run rake db:migrate --app campmaster-staging
+    heroku restart --app campmaster-staging

app/controllers/application_controller.rb

@@ -1,4 +1,4 @@
 class ApplicationController < ActionController::Base
-  include Clearance::Authentication
   protect_from_forgery
+  before_filter :authenticate_user!
 end

app/controllers/users/invitations_controller.rb

@@ -0,0 +1,21 @@
+class Users::InvitationsController < Devise::InvitationsController
+
+  private
+  def resource_params
+    if params[:user]
+      if action_name == 'update'
+        update_params
+      else
+        create_params
+      end
+    end
+  end
+
+  def create_params
+    params.require(:user).permit(:email, :name, :role)
+  end
+
+  def update_params
+    params.require(:user).permit(:name, :password, :password_confirmation, :invitation_token)
+  end
+end

app/controllers/users_controller.rb

@@ -0,0 +1,5 @@
+class UsersController < ApplicationController
+  def index
+    @users = User.all
+  end
+end

app/models/user.rb

@@ -1,4 +1,7 @@
 class User < ActiveRecord::Base
-  include Clearance::User
-  attr_accessible :email, :password
+  include ActiveModel::ForbiddenAttributesProtection
+  devise :invitable, :database_authenticatable, :recoverable, :rememberable
+
+  validates :name, presence: true
+  validates :role, presence: true
 end

app/views/devise/invitations/edit.html.erb

@@ -0,0 +1,12 @@
+<h2><%= t 'devise.invitations.edit.header' %></h2>
+
+<%= simple_form_for resource, :as => resource_name, :url => invitation_path(resource_name), :html => { :method => :put } do |f| %>
+  <%= devise_error_messages! %>
+  <%= f.hidden_field :invitation_token %>
+
+  <%= f.input :name %>
+  <%= f.input :password %>
+  <%= f.input :password_confirmation %>
+
+  <%= f.submit t("devise.invitations.edit.submit_button") %>
+<% end %>

app/views/devise/invitations/new.html.erb

@@ -0,0 +1,11 @@
+<h2><%= t "devise.invitations.new.header" %></h2>
+
+<%= simple_form_for resource, :as => resource_name, :url => invitation_path(resource_name), :html => {:method => :post} do |f| %>
+  <%= devise_error_messages! %>
+
+  <%= f.input :name %>
+  <%= f.input :email %>
+  <%= f.input :role %>
+
+<%= f.submit t("devise.invitations.new.submit_button") %>
+<% end %>

app/views/devise/mailer/invitation_instructions.html.erb

@@ -0,0 +1,8 @@
+<p>Hello <%= @resource.email %>!</p>
+
+<p>Someone has invited you to <%= root_url %>, you can accept it through the link below.</p>
+
+<p><%= link_to 'Accept invitation', accept_invitation_url(@resource, :invitation_token => @resource.invitation_token) %></p>
+
+<p>If you don't want to accept the invitation, please ignore this email.<br />
+Your account won't be created until you access the link above and set your password.</p>

app/views/layouts/application.html.erb

@@ -15,7 +15,10 @@
         <%= link_to "Campmaster", root_url, class: 'brand' %>
         <div class="nav-collapse">
           <ul class="nav">
-            <li class="active"><a href="#">Not Yet</a></li>
+            <li><%= link_to 'Users', users_path %></li>
+            <% if signed_in? %>
+              <li><%= link_to 'Sign out', destroy_user_session_path, method: :delete %></li>
+            <% end %>
           </ul>
         </div><!--/.nav-collapse -->
       </div>

app/views/pages/home.html.erb

@@ -0,0 +1 @@
+This is the home page

app/views/users/index.html.erb

@@ -0,0 +1,13 @@
+<table class="table table-striped">
+  <tr>
+    <th>Email</th>
+    <th>Role</th>
+  </tr>
+  <% @users.each do |user| %>
+    <tr>
+      <td><%= user.email %></td>
+      <td><%= user.role %></td>
+    </tr>
+  <% end %>
+</table>
+<%= link_to "Invite New User", new_user_invitation_path %>

config/application.rb

@@ -65,7 +65,7 @@ class Application < Rails::Application
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
+    config.active_record.whitelist_attributes = false
 
     # Enable the asset pipeline
     config.assets.enabled = true

config/environments/development.rb

@@ -14,7 +14,7 @@
   config.action_controller.perform_caching = false
 
   # Don't care if the mailer can't send
-  config.action_mailer.raise_delivery_errors = true
+  config.action_mailer.raise_delivery_errors = false
 
   # Print deprecation notices to the Rails logger
   config.active_support.deprecation = :log
@@ -35,5 +35,5 @@
   # Expands the lines which load the assets
   config.assets.debug = true
 
-  config.action_mailer.default_url_options = { :host => 'campmaster.local' }
+  config.action_mailer.default_url_options = { :host => 'localhost:3000' }
 end

config/environments/production.rb

@@ -65,5 +65,5 @@
   # with SQLite, MySQL, and PostgreSQL)
   # config.active_record.auto_explain_threshold_in_seconds = 0.5
 
-  config.action_mailer.default_url_options = { :host => 'campmaster.com' }
+  config.action_mailer.default_url_options = { :host => 'campmaster-production.herokuapp.com' }
 end

config/environments/staging.rb

@@ -66,5 +66,5 @@
   # with SQLite, MySQL, and PostgreSQL)
   # config.active_record.auto_explain_threshold_in_seconds = 0.5
 
-  config.action_mailer.default_url_options = { :host => 'staging.campmaster.com' }
+  config.action_mailer.default_url_options = { :host => 'campmaster-staging.herokuapp.com' }
 end