Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add cancan authorization scheme plus experimental rspec testing.

  • Loading branch information...
commit d6bc3bf322d71f5ca3d8840e579aa247671cae4c 1 parent 7e7ecdb
@schof schof authored
View
16 Gemfile
@@ -2,18 +2,18 @@ source 'http://rubygems.org'
gem "spree", :path => File.dirname(__FILE__)
-gem 'mysql'
+# gem 'mysql'
gem 'sqlite3-ruby'
gem 'ruby-debug' if RUBY_VERSION.to_f < 1.9
gem "rdoc", "2.2"
-group :test do
- gem 'shoulda', :git => "git://github.com/thoughtbot/shoulda.git"
- gem 'factory_girl_rails', '>= 1.0.0'
- gem 'spork'
- gem 'test-unit', '~>2.0.5', :require => 'test/unit' if RUBY_VERSION.to_f >= 1.9
- gem 'faker'
-end
+# group :test do
+# gem 'shoulda', :git => "git://github.com/thoughtbot/shoulda.git"
+# gem 'factory_girl_rails', '>= 1.0.0'
+# gem 'spork'
+# gem 'test-unit', '~>2.0.5', :require => 'test/unit' if RUBY_VERSION.to_f >= 1.9
+# gem 'faker'
+# end
# group :cucumber do
# gem 'cucumber-rails', '>=0.2.4', :require => false
View
21 Gemfile.lock
@@ -1,9 +1,3 @@
-GIT
- remote: git://github.com/thoughtbot/shoulda.git
- revision: 15e36eb
- specs:
- shoulda (2.11.3)
-
PATH
remote: .
specs:
@@ -22,6 +16,7 @@ PATH
acts_as_list (>= 0.1.2)
authlogic (>= 2.1.5)
bundler (>= 0.9.26)
+ cancan (>= 1.3.0)
faker (>= 0.3.1)
highline (>= 1.5.1)
less (>= 1.2.20)
@@ -83,18 +78,15 @@ GEM
acts_as_list (0.1.2)
arel (0.4.0)
activesupport (>= 3.0.0.beta)
- authlogic (2.1.5)
+ authlogic (2.1.6)
activesupport
braintree (2.4.0)
builder
builder (2.1.2)
+ cancan (1.3.0)
columnize (0.3.1)
erubis (2.6.6)
abstract (>= 1.0.0)
- factory_girl (1.3.2)
- factory_girl_rails (1.0)
- factory_girl (~> 1.3)
- rails (>= 3.0.0.beta4)
faker (0.3.1)
highline (1.6.1)
i18n (0.4.1)
@@ -108,7 +100,6 @@ GEM
treetop (>= 1.4.5)
mime-types (1.16)
mutter (0.5.3)
- mysql (2.8.1)
paperclip (2.3.3)
activerecord
activesupport
@@ -145,7 +136,6 @@ GEM
ruby-debug-base (~> 0.10.3.0)
ruby-debug-base (0.10.3)
linecache (>= 0.3)
- spork (0.8.4)
sqlite3-ruby (1.3.1)
state_machine (0.9.4)
stringex (1.1.0)
@@ -159,12 +149,7 @@ PLATFORMS
ruby
DEPENDENCIES
- factory_girl_rails (>= 1.0.0)
- faker
- mysql
rdoc (= 2.2)
ruby-debug
- shoulda!
- spork
spree!
sqlite3-ruby
View
18 README.md
@@ -58,10 +58,26 @@ The source code is essentially a collection of gems. Spree is meant to be run w
rake db:bootstrap
-6. Start the server
+6. Prepare the test database (optional - only if you're going to run the tests)
+
+ rake db:test:prepare
+
+7. Start the server
rails server
+Running Tests
+-------------
+
+Once you have the edge source working (see above) you can run the tests as follows
+
+1. Change to the directory containing the engine/gem to test
+
+ cd core
+
+2. Run the tests
+
+ rspec spec
Contributing
============
View
1  core/.rspec
@@ -0,0 +1 @@
+--colour
View
8 core/app/controllers/admin/base_controller.rb
@@ -16,10 +16,10 @@ def render_js_for_destroy
flash.notice = nil
end
- def require_object_editable_by_current_user
- return access_denied unless object.editable_by?(current_user)
- true
- end
+ # def require_object_editable_by_current_user
+ # return access_denied unless object.editable_by?(current_user)
+ # true
+ # end
private
def parse_date_params
View
2  core/app/controllers/admin/orders_controller.rb
@@ -61,7 +61,7 @@ def collection
if params[:search].delete(:completed_at_not_null) == "1"
params[:search][:completed_at_not_null] = true
end
-
+
params[:search][:order] ||= "descend_by_created_at"
@search = Order.searchlogic(params[:search])
View
3  core/app/controllers/spree/base_controller.rb
@@ -11,6 +11,9 @@ class Spree::BaseController < ActionController::Base
include SslRequirement
+ # graceful error handling for cancan authorization exceptions
+ rescue_from CanCan::AccessDenied, :with => :access_denied
+
def admin_created?
User.first(:include => :roles, :conditions => ["roles.name = 'admin'"])
end
View
19 core/app/models/ability.rb
@@ -0,0 +1,19 @@
+class Ability
+ include CanCan::Ability
+
+ def initialize(user)
+ user ||= User.new
+
+ if user.has_role? 'admin'
+ can :manage, :all
+ else
+ can :read, User do |user_resource|
+ user_resource == user
+ end
+ can :update, User do |user_resource|
+ user_resource == user
+ end
+ can :create, User
+ end
+ end
+end
View
1  core/lib/spree_core.rb
@@ -38,6 +38,7 @@
require 'acts_as_list'
require 'resource_controller'
require 'searchlogic'
+require 'cancan'
require 'spree_core/delegate_belongs_to'
require 'spree_core/theme_support'
View
0  core/spec/controllers/orders_controller_spec.rb
No changes.
View
68 core/spec/models/ability_spec.rb
@@ -0,0 +1,68 @@
+require 'spec_helper'
+require 'cancan/matchers'
+
+describe Ability do
+
+ let(:user) { User.new }
+ let(:ability) { Ability.new(user) }
+
+ shared_examples_for "access granted" do
+ it "should allow read" do
+ ability.should be_able_to(:read, resource)
+ end
+ it "should allow create" do
+ ability.should be_able_to(:create, resource)
+ end
+ it "should allow update" do
+ ability.should be_able_to(:update, resource)
+ end
+ end
+
+ shared_examples_for "access denied" do
+ it "should not allow read" do
+ ability.should_not be_able_to(:read, resource)
+ end
+ it "should not allow create" do
+ ability.should_not be_able_to(:create, resource)
+ end
+ it "should not allow update" do
+ ability.should_not be_able_to(:update, resource)
+ end
+ end
+
+ shared_examples_for "create only" do
+ it "should allow create" do
+ ability.should be_able_to(:create, resource)
+ end
+ it "should not allow read" do
+ ability.should_not be_able_to(:read, resource)
+ end
+ it "should not allow update" do
+ ability.should_not be_able_to(:update, resource)
+ end
+ end
+
+
+ context "for general resource" do
+ let(:resource) { Object.new }
+ context "with admin user" do
+ before(:each) { user.stub(:has_role?).and_return(true) }
+ it_should_behave_like "access granted"
+ end
+ context "with customer" do
+ it_should_behave_like "access denied"
+ end
+ end
+
+ context "for User" do
+ context "requested by same user" do
+ let(:resource) { user }
+ it_should_behave_like "access granted"
+ end
+ context "requested by other user" do
+ let(:resource) { User.new }
+ it_should_behave_like "create only"
+ end
+ end
+
+end
View
27 core/spec/spec_helper.rb
@@ -0,0 +1,27 @@
+# This file is copied to ~/spec when you run 'ruby script/generate rspec'
+# from the project root directory.
+ENV["RAILS_ENV"] ||= 'test'
+require File.expand_path("../../../sandbox/config/environment", __FILE__)
+require 'rspec/rails'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+ # == Mock Framework
+ #
+ # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
+ #
+ # config.mock_with :mocha
+ # config.mock_with :flexmock
+ # config.mock_with :rr
+ config.mock_with :rspec
+
+ config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+ # If you're not using ActiveRecord, or you'd prefer not to run each of your
+ # examples within a transaction, comment the following line or assign false
+ # instead of true.
+ config.use_transactional_fixtures = true
+end
View
26 core/spree-core.gemspec
@@ -19,25 +19,23 @@ Gem::Specification.new do |s|
s.has_rdoc = true
- s.add_dependency('acts_as_list', '>= 0.1.2')
- s.add_dependency('rd_awesome_nested_set', '>= 1.4.4')
- s.add_dependency('rd_stump', '>= 0.0.2')
+ s.add_dependency('acts_as_list', '>= 0.1.2')
+ s.add_dependency('rd_awesome_nested_set', '>= 1.4.4')
+ s.add_dependency('rd_stump', '>= 0.0.2')
s.add_dependency('rd_unobtrusive_date_picker', '>= 0.1.0')
- s.add_dependency('bundler', '>= 0.9.26')
- s.add_dependency('rails', '>= 3.0.0.rc')
- s.add_dependency('highline', '>= 1.5.1')
- s.add_dependency('authlogic', '>= 2.1.5')
+ s.add_dependency('bundler', '>= 0.9.26')
+ s.add_dependency('rails', '>= 3.0.0.rc')
+ s.add_dependency('highline', '>= 1.5.1')
+ s.add_dependency('authlogic', '>= 2.1.5')
s.add_dependency('activerecord-tableless', '>= 0.1.0')
s.add_dependency('less', '>= 1.2.20')
- s.add_dependency('stringex', '>= 1.0.3')
- s.add_dependency('state_machine', '>= 0.9.4')
- s.add_dependency('faker', '>= 0.3.1')
- s.add_dependency('paperclip', '>= 2.3.1.1')
+ s.add_dependency('stringex', '>= 1.0.3')
+ s.add_dependency('state_machine', '>= 0.9.4')
+ s.add_dependency('faker', '>= 0.3.1')
+ s.add_dependency('paperclip', '>= 2.3.1.1')
s.add_dependency('rd_resource_controller')
s.add_dependency('rd_searchlogic')
s.add_dependency('activemerchant', '>= 1.7.1')
s.add_dependency('will_paginate', '>= 3.0.pre')
-
- # s.add_dependency('actionpack', version)
- # s.add_dependency('mail', '~> 2.2.3')
+ s.add_dependency('cancan', '>= 1.3.0')
end
Please sign in to comment.
Something went wrong with that request. Please try again.