Merge pull request #34 from ZeusWPI/client_roles

Client roles
2017-01-23 17:34:47 +01:00 · 2017-01-23 17:34:47 +01:00 · e63a245f42
parent f1682b1a4e 0a3c949d09
commit e63a245f42
11 changed files with 124 additions and 34 deletions
--- a/1
+++ b/1
@ -96,3 +96,4 @@ gem 'airbrake'

 gem 'bootstrap-sass', '~> 3.3.5'
 gem 'react-rails'
+gem 'rolify'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -223,6 +223,7 @@ GEM
      http-cookie (>= 1.0.2, < 2.0)
      mime-types (>= 1.16, < 3.0)
      netrc (~> 0.7)
+    rolify (5.1.0)
    rspec-core (3.3.2)
      rspec-support (~> 3.3.0)
    rspec-expectations (3.3.1)
@ -326,6 +327,7 @@ DEPENDENCIES
  purecss-rails
  rails (= 4.2.4)
  react-rails
+  rolify
  rspec-rails
  sass-rails (~> 5.0)
  sdoc (~> 0.4.0)
--- a/app/models/client.rb
+++ b/app/models/client.rb
@ -10,6 +10,7 @@
 #

 class Client < ActiveRecord::Base
+  rolify
  has_many :issued_transactions, as: :issuer, class_name: 'Transaction'
  before_create :generate_key

--- a/app/models/client_ability.rb
+++ b/app/models/client_ability.rb
@ -3,6 +3,8 @@ class ClientAbility

  def initialize(client)
    client ||= Client.new # guest user (not logged in)
-    can :manage, :all
+
+    can :create, Transaction if client.has_role? :create_transactions
+    can :create, Request
  end
 end
--- a/app/models/role.rb
+++ b/app/models/role.rb
@ -0,0 +1,12 @@
+class Role < ActiveRecord::Base
+  has_and_belongs_to_many :clients, join_table: :clients_roles
+
+  belongs_to :resource,
+             polymorphic: true
+
+  validates :resource_type,
+            inclusion: { in: Rolify.resource_types },
+            allow_nil: true
+
+  scopify
+end
--- a/config/initializers/rolify.rb
+++ b/config/initializers/rolify.rb
@ -0,0 +1,7 @@
+Rolify.configure do |config|
+  # By default ORM adapter is ActiveRecord. uncomment to use mongoid
+  # config.use_mongoid
+
+  # Dynamic shortcuts for User class (user.is_admin? like methods). Default is: false
+  # config.use_dynamic_shortcuts
+end
--- a/db/migrate/20170123151219_rolify_create_roles.rb
+++ b/db/migrate/20170123151219_rolify_create_roles.rb
@ -0,0 +1,19 @@
+class RolifyCreateRoles < ActiveRecord::Migration
+  def change
+    create_table(:roles) do |t|
+      t.string :name
+      t.references :resource, polymorphic: true
+
+      t.timestamps
+    end
+
+    create_table(:clients_roles, id: false) do |t|
+      t.references :client
+      t.references :role
+    end
+
+    add_index(:roles, :name)
+    add_index(:roles, [ :name, :resource_type, :resource_id ])
+    add_index(:clients_roles, [ :client_id, :role_id ])
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20170109150245) do
+ActiveRecord::Schema.define(version: 20170123151219) do

  create_table "clients", force: :cascade do |t|
    t.string   "name",       null: false
@ -23,6 +23,13 @@ ActiveRecord::Schema.define(version: 20170109150245) do
  add_index "clients", ["key"], name: "index_clients_on_key"
  add_index "clients", ["name"], name: "index_clients_on_name"

+  create_table "clients_roles", id: false, force: :cascade do |t|
+    t.integer "client_id"
+    t.integer "role_id"
+  end
+
+  add_index "clients_roles", ["client_id", "role_id"], name: "index_clients_roles_on_client_id_and_role_id"
+
  create_table "notifications", force: :cascade do |t|
    t.integer  "user_id",                    null: false
    t.string   "message"
@ -49,6 +56,17 @@ ActiveRecord::Schema.define(version: 20170109150245) do
  add_index "requests", ["debtor_id"], name: "index_requests_on_debtor_id"
  add_index "requests", ["issuer_type", "issuer_id"], name: "index_requests_on_issuer_type_and_issuer_id"

+  create_table "roles", force: :cascade do |t|
+    t.string   "name"
+    t.integer  "resource_id"
+    t.string   "resource_type"
+    t.datetime "created_at"
+    t.datetime "updated_at"
+  end
+
+  add_index "roles", ["name", "resource_type", "resource_id"], name: "index_roles_on_name_and_resource_type_and_resource_id"
+  add_index "roles", ["name"], name: "index_roles_on_name"
+
  create_table "transactions", force: :cascade do |t|
    t.integer  "debtor_id",                null: false
    t.integer  "creditor_id",              null: false
--- a/spec/apis/transactions_controller_spec.rb
+++ b/spec/apis/transactions_controller_spec.rb
@ -1,4 +1,9 @@
 describe TransactionsController, type: :api do
+  def post_transaction(extra_attributes = {})
+    post '/transactions', { transaction: @api_attributes.merge(extra_attributes) },
+        { 'HTTP_ACCEPT' => "application/json", "HTTP_AUTHORIZATION" => "Token token=#{@key}" }
+  end
+
  before :each do
    @debtor   = create :user
    @creditor = create :user
@ -14,43 +19,55 @@ describe TransactionsController, type: :api do
    @key = @client.key
  end

-  def post_transaction(extra_attributes = {})
-    post '/transactions', { transaction: @api_attributes.merge(extra_attributes) },
-        { 'HTTP_ACCEPT' => "application/json", "HTTP_AUTHORIZATION" => "Token token=#{@key}" }
-  end
-
-  describe "Authentication" do
-    it "should require a client authentication key" do
-      post '/transactions'
-      expect(last_response.status).to eq(302)
+  describe 'with key' do
+    before :each do
+      @client.add_role :create_transactions
    end

-    it "should work with valid key" do
-      post_transaction
-      expect(last_response.status).to eq(201)
+    def post_transaction(extra_attributes = {})
+      post '/transactions', { transaction: @api_attributes.merge(extra_attributes) },
+          { 'HTTP_ACCEPT' => "application/json", "HTTP_AUTHORIZATION" => "Token token=#{@key}" }
+    end
+
+    describe "Authentication" do
+      it "should require a client authentication key" do
+        post '/transactions'
+        expect(last_response.status).to eq(302)
+      end
+
+      it "should work with valid key" do
+        post_transaction
+        expect(last_response.status).to eq(201)
+      end
+    end
+
+    describe "successfull creating transaction" do
+      it "should create a transaction" do
+        expect { post_transaction }.to change { Transaction.count }.by(1)
+      end
+
+      it "should set issuer" do
+        post_transaction
+        @transaction = Transaction.last
+        expect(@transaction.issuer).to eq(@client)
+      end
+    end
+
+    describe "failed creating transaction" do
+      # it "should create a transaction" do
+        # expect { post_transaction(euros: -5) }.to change { Transaction.count }.by(0)
+      # end
+
+      # it "should give 422 status" do
+        # post_transaction(euros: -4)
+        # expect(last_response.status).to eq(422)
+      # end
    end
  end

-  describe "successfull creating transaction" do
-    it "should create a transaction" do
-      expect { post_transaction }.to change { Transaction.count }.by(1)
+  describe 'without key' do
+    it "should not create a transaction" do
+      expect { post_transaction }.to_not change { Transaction.count }
    end
-
-    it "should set issuer" do
-      post_transaction
-      @transaction = Transaction.last
-      expect(@transaction.issuer).to eq(@client)
-    end
-  end
-
-  describe "failed creating transaction" do
-    # it "should create a transaction" do
-      # expect { post_transaction(euros: -5) }.to change { Transaction.count }.by(0)
-    # end
-
-    # it "should give 422 status" do
-      # post_transaction(euros: -4)
-      # expect(last_response.status).to eq(422)
-    # end
  end
 end
--- a/spec/factories/roles.rb
+++ b/spec/factories/roles.rb
@ -0,0 +1,6 @@
+FactoryGirl.define do
+  factory :role do
+    
+  end
+
+end
--- a/spec/models/role_spec.rb
+++ b/spec/models/role_spec.rb
@ -0,0 +1,5 @@
+require 'rails_helper'
+
+RSpec.describe Role, type: :model do
+  pending "add some examples to (or delete) #{__FILE__}"
+end