incubator-blur-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cr...@apache.org
Subject [29/53] [partial] Initial commit of console v2. Sorry for the large commit
Date Mon, 17 Feb 2014 16:07:05 GMT
http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/active_record_adapter.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/active_record_adapter.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/active_record_adapter.rb
new file mode 100755
index 0000000..f20da17
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/active_record_adapter.rb
@@ -0,0 +1,170 @@
+module CanCan
+  module ModelAdapters
+    class ActiveRecordAdapter < AbstractAdapter
+      def self.for_class?(model_class)
+        model_class <= ActiveRecord::Base
+      end
+
+      def self.override_condition_matching?(subject, name, value)
+        name.kind_of?(MetaWhere::Column) if defined? MetaWhere
+      end
+
+      def self.matches_condition?(subject, name, value)
+        subject_value = subject.send(name.column)
+        if name.method.to_s.ends_with? "_any"
+          value.any? { |v| meta_where_match? subject_value, name.method.to_s.sub("_any", ""), v }
+        elsif name.method.to_s.ends_with? "_all"
+          value.all? { |v| meta_where_match? subject_value, name.method.to_s.sub("_all", ""), v }
+        else
+          meta_where_match? subject_value, name.method, value
+        end
+      end
+
+      def self.meta_where_match?(subject_value, method, value)
+        case method.to_sym
+        when :eq      then subject_value == value
+        when :not_eq  then subject_value != value
+        when :in      then value.include?(subject_value)
+        when :not_in  then !value.include?(subject_value)
+        when :lt      then subject_value < value
+        when :lteq    then subject_value <= value
+        when :gt      then subject_value > value
+        when :gteq    then subject_value >= value
+        when :matches then subject_value =~ Regexp.new("^" + Regexp.escape(value).gsub("%", ".*") + "$", true)
+        when :does_not_match then !meta_where_match?(subject_value, :matches, value)
+        else raise NotImplemented, "The #{method} MetaWhere condition is not supported."
+        end
+      end
+
+      # Returns conditions intended to be used inside a database query. Normally you will not call this
+      # method directly, but instead go through ModelAdditions#accessible_by.
+      #
+      # If there is only one "can" definition, a hash of conditions will be returned matching the one defined.
+      #
+      #   can :manage, User, :id => 1
+      #   query(:manage, User).conditions # => { :id => 1 }
+      #
+      # If there are multiple "can" definitions, a SQL string will be returned to handle complex cases.
+      #
+      #   can :manage, User, :id => 1
+      #   can :manage, User, :manager_id => 1
+      #   cannot :manage, User, :self_managed => true
+      #   query(:manage, User).conditions # => "not (self_managed = 't') AND ((manager_id = 1) OR (id = 1))"
+      #
+      def conditions
+        if @rules.size == 1 && @rules.first.base_behavior
+          # Return the conditions directly if there's just one definition
+          tableized_conditions(@rules.first.conditions).dup
+        else
+          @rules.reverse.inject(false_sql) do |sql, rule|
+            merge_conditions(sql, tableized_conditions(rule.conditions).dup, rule.base_behavior)
+          end
+        end
+      end
+
+      def tableized_conditions(conditions, model_class = @model_class)
+        return conditions unless conditions.kind_of? Hash
+        conditions.inject({}) do |result_hash, (name, value)|
+          if value.kind_of? Hash
+            association_class = model_class.reflect_on_association(name).class_name.constantize
+            name = model_class.reflect_on_association(name).table_name.to_sym
+            value = tableized_conditions(value, association_class)
+          end
+          result_hash[name] = value
+          result_hash
+        end
+      end
+
+      # Returns the associations used in conditions for the :joins option of a search.
+      # See ModelAdditions#accessible_by
+      def joins
+        joins_hash = {}
+        @rules.each do |rule|
+          merge_joins(joins_hash, rule.associations_hash)
+        end
+        clean_joins(joins_hash) unless joins_hash.empty?
+      end
+
+      def database_records
+        if override_scope
+          @model_class.scoped.merge(override_scope)
+        elsif @model_class.respond_to?(:where) && @model_class.respond_to?(:joins)
+          mergeable_conditions = @rules.select {|rule| rule.unmergeable? }.blank?
+          if mergeable_conditions
+            @model_class.where(conditions).joins(joins)
+          else
+            @model_class.where(*(@rules.map(&:conditions))).joins(joins)
+          end
+        else
+          @model_class.scoped(:conditions => conditions, :joins => joins)
+        end
+      end
+
+      private
+
+      def override_scope
+        conditions = @rules.map(&:conditions).compact
+        if defined?(ActiveRecord::Relation) && conditions.any? { |c| c.kind_of?(ActiveRecord::Relation) }
+          if conditions.size == 1
+            conditions.first
+          else
+            rule = @rules.detect { |rule| rule.conditions.kind_of?(ActiveRecord::Relation) }
+            raise Error, "Unable to merge an Active Record scope with other conditions. Instead use a hash or SQL for #{rule.actions.first} #{rule.subjects.first} ability."
+          end
+        end
+      end
+
+      def merge_conditions(sql, conditions_hash, behavior)
+        if conditions_hash.blank?
+          behavior ? true_sql : false_sql
+        else
+          conditions = sanitize_sql(conditions_hash)
+          case sql
+          when true_sql
+            behavior ? true_sql : "not (#{conditions})"
+          when false_sql
+            behavior ? conditions : false_sql
+          else
+            behavior ? "(#{conditions}) OR (#{sql})" : "not (#{conditions}) AND (#{sql})"
+          end
+        end
+      end
+
+      def false_sql
+        sanitize_sql(['?=?', true, false])
+      end
+
+      def true_sql
+        sanitize_sql(['?=?', true, true])
+      end
+
+      def sanitize_sql(conditions)
+        @model_class.send(:sanitize_sql, conditions)
+      end
+
+      # Takes two hashes and does a deep merge.
+      def merge_joins(base, add)
+        add.each do |name, nested|
+          if base[name].is_a?(Hash) && !nested.empty?
+            merge_joins(base[name], nested)
+          else
+            base[name] = nested
+          end
+        end
+      end
+
+      # Removes empty hashes and moves everything into arrays.
+      def clean_joins(joins_hash)
+        joins = []
+        joins_hash.each do |name, nested|
+          joins << (nested.empty? ? name : {name => clean_joins(nested)})
+        end
+        joins
+      end
+    end
+  end
+end
+
+ActiveRecord::Base.class_eval do
+  include CanCan::ModelAdditions
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/data_mapper_adapter.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/data_mapper_adapter.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/data_mapper_adapter.rb
new file mode 100755
index 0000000..e53081a
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/data_mapper_adapter.rb
@@ -0,0 +1,34 @@
+module CanCan
+  module ModelAdapters
+    class DataMapperAdapter < AbstractAdapter
+      def self.for_class?(model_class)
+        model_class <= DataMapper::Resource
+      end
+
+      def self.find(model_class, id)
+        model_class.get(id)
+      end
+
+      def self.override_conditions_hash_matching?(subject, conditions)
+        conditions.any? { |k,v| !k.kind_of?(Symbol) }
+      end
+
+      def self.matches_conditions_hash?(subject, conditions)
+        collection = DataMapper::Collection.new(subject.query, [ subject ])
+        !!collection.first(conditions)
+      end
+
+      def database_records
+        scope = @model_class.all(:conditions => ["0 = 1"])
+        cans, cannots = @rules.partition { |r| r.base_behavior }
+        return scope if cans.empty?
+        # apply unions first, then differences. this mean cannot overrides can
+        cans.each    { |r| scope += @model_class.all(:conditions => r.conditions) }
+        cannots.each { |r| scope -= @model_class.all(:conditions => r.conditions) }
+        scope
+      end
+    end # class DataMapper
+  end # module ModelAdapters
+end # module CanCan
+
+DataMapper::Model.append_extensions(CanCan::ModelAdditions::ClassMethods)

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/default_adapter.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/default_adapter.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/default_adapter.rb
new file mode 100755
index 0000000..d76d87f
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/default_adapter.rb
@@ -0,0 +1,7 @@
+module CanCan
+  module ModelAdapters
+    class DefaultAdapter < AbstractAdapter
+      # This adapter is used when no matching adapter is found
+    end
+  end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/mongoid_adapter.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/mongoid_adapter.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/mongoid_adapter.rb
new file mode 100755
index 0000000..6c7f37d
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_adapters/mongoid_adapter.rb
@@ -0,0 +1,54 @@
+module CanCan
+  module ModelAdapters
+    class MongoidAdapter < AbstractAdapter
+      def self.for_class?(model_class)
+        model_class <= Mongoid::Document
+      end
+
+      def self.override_conditions_hash_matching?(subject, conditions)
+        conditions.any? do |k,v|
+          key_is_not_symbol = lambda { !k.kind_of?(Symbol) }
+          subject_value_is_array = lambda do
+            subject.respond_to?(k) && subject.send(k).is_a?(Array)
+          end
+
+          key_is_not_symbol.call || subject_value_is_array.call
+        end
+      end
+
+      def self.matches_conditions_hash?(subject, conditions)
+        # To avoid hitting the db, retrieve the raw Mongo selector from
+        # the Mongoid Criteria and use Mongoid::Matchers#matches?
+        subject.matches?( subject.class.where(conditions).selector )
+      end
+
+      def database_records
+        if @rules.size == 0
+          @model_class.where(:_id => {'$exists' => false, '$type' => 7}) # return no records in Mongoid
+        elsif @rules.size == 1 && @rules[0].conditions.is_a?(Mongoid::Criteria)
+          @rules[0].conditions
+        else
+          # we only need to process can rules if
+          # there are no rules with empty conditions
+          rules = @rules.reject { |rule| rule.conditions.empty? && rule.base_behavior }
+          process_can_rules = @rules.count == rules.count
+
+          rules.inject(@model_class.all) do |records, rule|
+            if process_can_rules && rule.base_behavior
+              records.or rule.conditions
+            elsif !rule.base_behavior
+              records.excludes rule.conditions
+            else
+              records
+            end
+          end
+        end
+      end
+    end
+  end
+end
+
+# simplest way to add `accessible_by` to all Mongoid Documents
+module Mongoid::Document::ClassMethods
+  include CanCan::ModelAdditions::ClassMethods
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_additions.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_additions.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_additions.rb
new file mode 100755
index 0000000..0f32d36
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/model_additions.rb
@@ -0,0 +1,31 @@
+module CanCan
+
+  # This module adds the accessible_by class method to a model. It is included in the model adapters.
+  module ModelAdditions
+    module ClassMethods
+      # Returns a scope which fetches only the records that the passed ability
+      # can perform a given action on. The action defaults to :index. This
+      # is usually called from a controller and passed the +current_ability+.
+      #
+      #   @articles = Article.accessible_by(current_ability)
+      #
+      # Here only the articles which the user is able to read will be returned.
+      # If the user does not have permission to read any articles then an empty
+      # result is returned. Since this is a scope it can be combined with any
+      # other scopes or pagination.
+      #
+      # An alternative action can optionally be passed as a second argument.
+      #
+      #   @articles = Article.accessible_by(current_ability, :update)
+      #
+      # Here only the articles which the user can update are returned.
+      def accessible_by(ability, action = :index)
+        ability.model_adapter(self, action).database_records
+      end
+    end
+
+    def self.included(base)
+      base.extend ClassMethods
+    end
+  end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/rule.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/rule.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/rule.rb
new file mode 100755
index 0000000..a3c86ef
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/cancan/rule.rb
@@ -0,0 +1,178 @@
+module CanCan
+  # This class is used internally and should only be called through Ability.
+  # it holds the information about a "can" call made on Ability and provides
+  # helpful methods to determine permission checking and conditions hash generation.
+  class Rule # :nodoc:
+    attr_reader :base_behavior, :subjects, :actions, :conditions
+    attr_writer :expanded_actions, :expanded_subjects
+
+    # The first argument when initializing is the base_behavior which is a true/false
+    # value. True for "can" and false for "cannot". The next two arguments are the action
+    # and subject respectively (such as :read, @project). The third argument is a hash
+    # of conditions and the last one is the block passed to the "can" call.
+    def initialize(base_behavior, action = nil, subject = nil, *extra_args, &block)
+      @match_all = action.nil? && subject.nil?
+      @base_behavior = base_behavior
+      @actions = [action].flatten
+      @subjects = [subject].flatten
+      @attributes = [extra_args.shift].flatten if extra_args.first.kind_of?(Symbol) || extra_args.first.kind_of?(Array) && extra_args.first.first.kind_of?(Symbol)
+      raise Error, "You are not able to supply a block with a hash of conditions in #{action} #{subject} ability. Use either one." if extra_args.first.kind_of?(Hash) && !block.nil?
+      @conditions = extra_args.first || {}
+      @block = block
+    end
+
+    # Matches the subject, action, and given attribute. Conditions are not checked here.
+    def relevant?(action, subject, attribute)
+      subject = subject.values.first if subject.class == Hash
+      @match_all || (matches_action?(action) && matches_subject?(subject) && matches_attribute?(attribute))
+    end
+
+    # Matches the block or conditions hash
+    def matches_conditions?(action, subject, attribute)
+      if @match_all
+        call_block_with_all(action, subject, attribute)
+      elsif @block && subject_object?(subject)
+        @block.arity == 1 ? @block.call(subject) : @block.call(subject, attribute)
+      elsif @conditions.kind_of?(Hash) && subject.class == Hash
+        nested_subject_matches_conditions?(subject)
+      elsif @conditions.kind_of?(Hash) && subject_object?(subject)
+        matches_conditions_hash?(subject)
+      else
+        # Don't stop at "cannot" definitions when there are conditions.
+        @conditions.empty? ? true : @base_behavior
+      end
+    end
+
+    def only_block?
+      !conditions? && !@block.nil?
+    end
+
+    def only_raw_sql?
+      @block.nil? && conditions? && !@conditions.kind_of?(Hash)
+    end
+
+    def attributes?
+      @attributes.present?
+    end
+
+    def conditions?
+      @conditions.present?
+    end
+
+    def instance_conditions?
+      @block || conditions?
+    end
+
+    def unmergeable?
+      @conditions.respond_to?(:keys) && (! @conditions.keys.first.kind_of? Symbol)
+    end
+
+    def associations_hash(conditions = @conditions)
+      hash = {}
+      conditions.map do |name, value|
+        hash[name] = associations_hash(value) if value.kind_of? Hash
+      end if conditions.kind_of? Hash
+      hash
+    end
+
+    def attributes_from_conditions
+      attributes = {}
+      @conditions.each do |key, value|
+        attributes[key] = value unless [Array, Range, Hash].include? value.class
+      end if @conditions.kind_of? Hash
+      attributes
+    end
+
+    def specificity
+      specificity = 1
+      specificity += 1 if attributes? || conditions?
+      specificity += 2 unless base_behavior
+      specificity
+    end
+
+    private
+
+    def subject_object?(subject)
+      # klass = (subject.kind_of?(Hash) ? subject.values.first : subject).class
+      # klass == Class || klass == Module
+      !subject.kind_of?(Symbol) && !subject.kind_of?(String)
+    end
+
+    def matches_action?(action)
+      @expanded_actions.include?(:access) || @expanded_actions.include?(action.to_sym)
+    end
+
+    def matches_subject?(subject)
+      subject = subject_name(subject) if subject_object? subject
+      @expanded_subjects.include?(:all) || @expanded_subjects.include?(subject.to_sym) || @expanded_subjects.include?(subject) # || matches_subject_class?(subject)
+    end
+
+    def matches_attribute?(attribute)
+      # don't consider attributes in a cannot clause when not matching - this can probably be refactored
+      if !@base_behavior && @attributes && attribute.nil?
+        false
+      else
+        @attributes.nil? || attribute.nil? || @attributes.include?(attribute.to_sym)
+      end
+    end
+
+    # TODO deperecate this
+    def matches_subject_class?(subject)
+      @expanded_subjects.any? { |sub| sub.kind_of?(Module) && (subject.kind_of?(sub) || subject.class.to_s == sub.to_s || subject.kind_of?(Module) && subject.ancestors.include?(sub)) }
+    end
+
+    # Checks if the given subject matches the given conditions hash.
+    # This behavior can be overriden by a model adapter by defining two class methods:
+    # override_matching_for_conditions?(subject, conditions) and
+    # matches_conditions_hash?(subject, conditions)
+    def matches_conditions_hash?(subject, conditions = @conditions)
+      if conditions.empty?
+        true
+      else
+        if model_adapter(subject).override_conditions_hash_matching? subject, conditions
+          model_adapter(subject).matches_conditions_hash? subject, conditions
+        else
+          conditions.all? do |name, value|
+            if model_adapter(subject).override_condition_matching? subject, name, value
+              model_adapter(subject).matches_condition? subject, name, value
+            else
+              attribute = subject.send(name)
+              if value.kind_of?(Hash)
+                if attribute.kind_of? Array
+                  attribute.any? { |element| matches_conditions_hash? element, value }
+                else
+                  attribute && matches_conditions_hash?(attribute, value)
+                end
+              elsif value.kind_of?(Enumerable)
+                value.include? attribute
+              else
+                attribute == value
+              end
+            end
+          end
+        end
+      end
+    end
+
+    def nested_subject_matches_conditions?(subject_hash)
+      parent, child = subject_hash.first
+      matches_conditions_hash?(parent, @conditions[parent.class.name.downcase.to_sym] || {})
+    end
+
+    def call_block_with_all(action, subject, attribute)
+      if subject_object? subject
+        @block.call(action, subject_name(subject), subject, attribute)
+      else
+        @block.call(action, subject, nil, attribute)
+      end
+    end
+
+    def subject_name(subject)
+      subject.class.to_s.underscore.pluralize.to_sym
+    end
+
+    def model_adapter(subject)
+      CanCan::ModelAdapters::AbstractAdapter.adapter_class(subject_object?(subject) ? subject.class : subject)
+    end
+  end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/USAGE
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/USAGE b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/USAGE
new file mode 100755
index 0000000..692d6e9
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/USAGE
@@ -0,0 +1,5 @@
+Description:
+  The cancan:ability generator creates an Ability class in the models
+  directory. You can move this file anywhere you want as long as it
+  is in the load path. A test/spec file is also generated depending
+  on if a spec directory exists.

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/ability_generator.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/ability_generator.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/ability_generator.rb
new file mode 100755
index 0000000..226b72f
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/ability_generator.rb
@@ -0,0 +1,16 @@
+module Cancan
+  module Generators
+    class AbilityGenerator < Rails::Generators::Base
+      source_root File.expand_path("../templates", __FILE__)
+
+      def generate_ability
+        copy_file "ability.rb", "app/models/ability.rb"
+        if File.exist?(File.join(destination_root, "spec"))
+          copy_file "ability_spec.rb", "spec/models/ability_spec.rb"
+        else
+          copy_file "ability_test.rb", "test/unit/ability_test.rb"
+        end
+      end
+    end
+  end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability.rb
new file mode 100755
index 0000000..306e78d
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability.rb
@@ -0,0 +1,24 @@
+class Ability
+  include CanCan::Ability
+
+  def initialize(user)
+    # Define abilities for the passed in (current) user. For example:
+    #
+    #   if user
+    #     can :access, :all
+    #   else
+    #     can :access, :home
+    #     can :create, [:users, :sessions]
+    #   end
+    #
+    # Here if there is a user he will be able to perform any action on any controller.
+    # If someone is not logged in he can only access the home, users, and sessions controllers.
+    #
+    # The first argument to `can` is the action the user can perform. The second argument
+    # is the controller name they can perform that action on. You can pass :access and :all
+    # to represent any action and controller respectively. Passing an array to either of
+    # these will grant permission on each item in the array.
+    #
+    # See the wiki for details: https://github.com/ryanb/cancan/wiki/Defining-Abilities
+  end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability_spec.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability_spec.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability_spec.rb
new file mode 100755
index 0000000..c4579f4
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability_spec.rb
@@ -0,0 +1,16 @@
+require "spec_helper"
+require "cancan/matchers"
+
+describe Ability do
+  describe "as guest" do
+    before(:each) do
+      @ability = Ability.new(nil)
+    end
+
+    it "can only create a user" do
+      # Define what a guest can and cannot do
+      # @ability.should be_able_to(:create, :users)
+      # @ability.should_not be_able_to(:update, :users)
+    end
+  end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability_test.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability_test.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability_test.rb
new file mode 100755
index 0000000..f0a558c
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/lib/generators/cancan/ability/templates/ability_test.rb
@@ -0,0 +1,10 @@
+require "test_helper"
+
+class AbilityTest < ActiveSupport::TestCase
+  def guest_can_only_create_user
+    ability = Ability.new(nil)
+    # Define what a guest can and cannot do
+    # assert ability.can?(:create, :users)
+    # assert ability.cannot?(:update, :users)
+  end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/README.rdoc
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/README.rdoc b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/README.rdoc
new file mode 100755
index 0000000..760750e
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/README.rdoc
@@ -0,0 +1,28 @@
+= CanCan Specs
+
+== Running the specs
+
+To run the specs first run the +bundle+ command to install the necessary gems and the +rake+ command to run the specs.
+
+  bundle
+  rake
+
+The specs currently require Ruby 1.8.7. Ruby 1.9.2 support will be coming soon.
+
+
+== Model Adapters
+
+CanCan offers separate specs for different model adapters (such as Mongoid and Data Mapper). By default it will use Active Record but you can change this by setting the +MODEL_ADAPTER+ environment variable before running. You can run the +bundle+ command with this as well to ensure you have the installed gems.
+
+  MODEL_ADAPTER=data_mapper bundle
+  MODEL_ADAPTER=data_mapper rake
+
+The different model adapters you can specify are:
+
+* active_record (default)
+* data_mapper
+* mongoid
+
+You can also run the +spec_all+ rake task to run specs for each adapter.
+
+  rake spec_all

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/ability_spec.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/ability_spec.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/ability_spec.rb
new file mode 100755
index 0000000..7204678
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/ability_spec.rb
@@ -0,0 +1,541 @@
+require "spec_helper"
+
+describe CanCan::Ability do
+  before(:each) do
+    @ability = Object.new
+    @ability.extend(CanCan::Ability)
+  end
+
+
+  # Basic Action & Subject
+
+  it "allows access to only what is defined" do
+    @ability.can?(:paint, :fences).should be_false
+    @ability.can :paint, :fences
+    @ability.can?(:paint, :fences).should be_true
+    @ability.can?(:wax, :fences).should be_false
+    @ability.can?(:paint, :cars).should be_false
+  end
+
+  it "allows access to everything when :access, :all is used" do
+    @ability.can?(:paint, :fences).should be_false
+    @ability.can :access, :all
+    @ability.can?(:paint, :fences).should be_true
+    @ability.can?(:wax, :fences).should be_true
+    @ability.can?(:paint, :cars).should be_true
+  end
+
+  it "allows access to multiple actions and subjects" do
+    @ability.can [:paint, :sand], [:fences, :decks]
+    @ability.can?(:paint, :fences).should be_true
+    @ability.can?(:sand, :fences).should be_true
+    @ability.can?(:paint, :decks).should be_true
+    @ability.can?(:sand, :decks).should be_true
+    @ability.can?(:wax, :fences).should be_false
+    @ability.can?(:paint, :cars).should be_false
+  end
+
+  it "allows strings instead of symbols in ability check" do
+    @ability.can :paint, :fences
+    @ability.can?("paint", "fences").should be_true
+  end
+
+
+  # Aliases
+
+  it "has default index, show, new, update, delete aliases" do
+    @ability.can :read, :projects
+    @ability.can?(:index, :projects).should be_true
+    @ability.can?(:show, :projects).should be_true
+    @ability.can :create, :projects
+    @ability.can?(:new, :projects).should be_true
+    @ability.can :update, :projects
+    @ability.can?(:edit, :projects).should be_true
+    @ability.can :destroy, :projects
+    @ability.can?(:delete, :projects).should be_true
+  end
+
+  it "follows deep action aliases" do
+    @ability.alias_action :update, :destroy, :to => :modify
+    @ability.can :modify, :projects
+    @ability.can?(:update, :projects).should be_true
+    @ability.can?(:destroy, :projects).should be_true
+    @ability.can?(:edit, :projects).should be_true
+  end
+
+  it "adds up action aliases" do
+    @ability.alias_action :update, :to => :modify
+    @ability.alias_action :destroy, :to => :modify
+    @ability.can :modify, :projects
+    @ability.can?(:update, :projects).should be_true
+    @ability.can?(:destroy, :projects).should be_true
+  end
+
+  it "follows deep subject aliases" do
+    @ability.alias_subject :mammals, :to => :animals
+    @ability.alias_subject :cats, :to => :mammals
+    @ability.can :pet, :animals
+    @ability.can?(:pet, :mammals).should be_true
+  end
+
+  it "clears current and default aliases" do
+    @ability.alias_action :update, :destroy, :to => :modify
+    @ability.clear_aliases
+    @ability.can :modify, :projects
+    @ability.can?(:update, :projects).should be_false
+    @ability.can :read, :projects
+    @ability.can?(:show, :projects).should be_false
+  end
+
+
+  # Hash Conditions
+
+  it "maps object to pluralized subject name" do
+    @ability.can :read, :ranges
+    @ability.can?(:read, :ranges).should be_true
+    @ability.can?(:read, 1..3).should be_true
+    @ability.can?(:read, 123).should be_false
+  end
+
+  it "checks conditions hash on instances only" do
+    @ability.can :read, :ranges, :begin => 1
+    @ability.can?(:read, :ranges).should be_true
+    @ability.can?(:read, 1..3).should be_true
+    @ability.can?(:read, 2..4).should be_false
+  end
+
+  it "checks conditions on both rules and matches either one" do
+    @ability.can :read, :ranges, :begin => 1
+    @ability.can :read, :ranges, :begin => 2
+    @ability.can?(:read, 1..3).should be_true
+    @ability.can?(:read, 2..4).should be_true
+    @ability.can?(:read, 3..5).should be_false
+  end
+
+  it "checks an array of options in conditions hash" do
+    @ability.can :read, :ranges, :begin => [1, 3, 5]
+    @ability.can?(:read, 1..3).should be_true
+    @ability.can?(:read, 2..4).should be_false
+    @ability.can?(:read, 3..5).should be_true
+  end
+
+  it "checks a range of options in conditions hash" do
+    @ability.can :read, :ranges, :begin => 1..3
+    @ability.can?(:read, 1..10).should be_true
+    @ability.can?(:read, 3..30).should be_true
+    @ability.can?(:read, 4..40).should be_false
+  end
+
+  it "checks nested conditions hash" do
+    @ability.can :read, :ranges, :begin => { :to_i => 5 }
+    @ability.can?(:read, 5..7).should be_true
+    @ability.can?(:read, 6..8).should be_false
+  end
+
+  it "matches any element passed in to nesting if it's an array (for has_many associations)" do
+    @ability.can :read, :ranges, :to_a => { :to_i => 3 }
+    @ability.can?(:read, 1..5).should be_true
+    @ability.can?(:read, 4..6).should be_false
+  end
+
+  it "takes presedence over rule defined without a condition" do
+    @ability.can :read, :ranges
+    @ability.can :read, :ranges, :begin => 1
+    @ability.can?(:read, 1..5).should be_true
+    @ability.can?(:read, 4..6).should be_false
+  end
+
+
+  # Block Conditions
+
+  it "executes block passing object only when instance is used" do
+    @ability.can :read, :ranges do |range|
+      range.begin == 5
+    end
+    @ability.can?(:read, :ranges).should be_true
+    @ability.can?(:read, 5..7).should be_true
+    @ability.can?(:read, 6..8).should be_false
+  end
+
+  it "returns true when other object is returned in block" do
+    @ability.can :read, :ranges do |range|
+      "foo"
+    end
+    @ability.can?(:read, 5..7).should be_true
+  end
+
+  it "passes to previous rule when block returns false" do
+    @ability.can :read, :fixnums do |i|
+      i < 5
+    end
+    @ability.can :read, :fixnums do |i|
+      i > 10
+    end
+    @ability.can?(:read, 11).should be_true
+    @ability.can?(:read, 1).should be_true
+    @ability.can?(:read, 6).should be_false
+  end
+
+  it "calls block passing arguments when no arguments are given to can" do
+    @ability.can do |action, subject, object|
+      action.should == :read
+      subject.should == :ranges
+      object.should == (2..4)
+      @block_called = true
+    end
+    @ability.can?(:read, 2..4)
+    @block_called.should be_true
+  end
+
+  it "raises an error when attempting to use a block with a hash condition since it's not likely what they want" do
+    lambda {
+      @ability.can :read, :ranges, :published => true do
+        false
+      end
+    }.should raise_error(CanCan::Error, "You are not able to supply a block with a hash of conditions in read ranges ability. Use either one.")
+  end
+
+  it "does not raise an error when attempting to use a block with an array of SQL conditions" do
+    lambda {
+      @ability.can :read, :ranges, ["published = ?", true] do
+        false
+      end
+    }.should_not raise_error(CanCan::Error)
+  end
+
+
+  # Attributes
+
+  it "allows permission on attributes" do
+    @ability.can :update, :users, :name
+    @ability.can :update, :users, [:email, :age]
+    @ability.can?(:update, :users, :name).should be_true
+    @ability.can?(:update, :users, :email).should be_true
+    @ability.can?(:update, :users, :password).should be_false
+  end
+
+  it "allows permission on all attributes when none are given" do
+    @ability.can :update, :users
+    @ability.can?(:update, :users, :password).should be_true
+  end
+
+  it "allows strings when chekcing attributes" do
+    @ability.can :update, :users, :name
+    @ability.can?(:update, :users, "name").should be_true
+  end
+
+  it "combines attribute check with conditions hash" do
+    @ability.can :update, :ranges, :begin => 1
+    @ability.can :update, :ranges, :name, :begin => 2
+    @ability.can?(:update, 1..3, :foobar).should be_true
+    @ability.can?(:update, 2..4, :foobar).should be_false
+    @ability.can?(:update, 2..4, :name).should be_true
+    @ability.can?(:update, 3..5, :name).should be_false
+  end
+
+  it "passes attribute to block and nil if no attribute checked" do
+    @ability.can :update, :ranges do |range, attribute|
+      attribute == :name
+    end
+    @ability.can?(:update, 1..3, :name).should be_true
+    @ability.can?(:update, 2..4).should be_false
+  end
+
+  it "passes attribute to block for global can definition" do
+    @ability.can do |action, subject, object, attribute|
+      attribute == :name
+    end
+    @ability.can?(:update, 1..3, :name).should be_true
+    @ability.can?(:update, 2..4).should be_false
+  end
+
+
+  # Checking if Fully Authorized
+
+  it "is not fully authorized when no authorize! call is made" do
+    @ability.can :update, :ranges, :begin => 1
+    @ability.can?(:update, :ranges).should be_true
+    @ability.should_not be_fully_authorized(:update, :ranges)
+  end
+
+  it "is fully authorized when calling authorize! with a matching action and subject" do
+    @ability.can :update, :ranges
+    @ability.authorize! :update, :ranges
+    @ability.should be_fully_authorized(:update, :ranges)
+    @ability.should_not be_fully_authorized(:create, :ranges)
+  end
+
+  it "is fully authorized when marking action and subject as such" do
+    @ability.fully_authorized! :update, :ranges
+    @ability.should be_fully_authorized(:update, :ranges)
+  end
+
+  it "is not fully authorized when a conditions hash exists but no instance is used" do
+    @ability.can :update, :ranges, :begin => 1
+    @ability.authorize! :update, :ranges
+    @ability.should_not be_fully_authorized(:update, :ranges)
+    @ability.authorize! "update", "ranges"
+    @ability.should_not be_fully_authorized(:update, :ranges)
+    @ability.authorize! :update, 1..3
+    @ability.should be_fully_authorized(:update, :ranges)
+  end
+
+  it "is not fully authorized when a block exists but no instance is used" do
+    @ability.can :update, :ranges do |range|
+      range.begin == 1
+    end
+    @ability.authorize! :update, :ranges
+    @ability.should_not be_fully_authorized(:update, :ranges)
+    @ability.authorize! :update, 1..3
+    @ability.should be_fully_authorized(:update, :ranges)
+  end
+
+  it "should accept a set as a condition value" do
+    object_with_foo_2 = Object.new
+    object_with_foo_2.should_receive(:foo) { 2 }
+    object_with_foo_3 = Object.new
+    object_with_foo_3.should_receive(:foo) { 3 }
+    @ability.can :read, :objects, :foo => [1, 2, 5].to_set
+    @ability.can?(:read, object_with_foo_2).should be_true
+    @ability.can?(:read, object_with_foo_3).should be_false
+  end
+
+  it "does not match subjects return nil for methods that must match nested a nested conditions hash" do
+    object_with_foo = Object.new
+    object_with_foo.should_receive(:foo) { :bar }
+    @ability.can :read, :arrays, :first => { :foo => :bar }
+    @ability.can?(:read, [object_with_foo]).should be_true
+    @ability.can?(:read, []).should be_false
+  end
+
+  it "is not fully authorized when attributes are required but not checked in update/create actions" do
+    @ability.can :access, :users, :name
+    @ability.authorize! :update, :users
+    @ability.should_not be_fully_authorized(:update, :users)
+    @ability.authorize! :create, :users
+    @ability.should_not be_fully_authorized(:create, :users)
+    @ability.authorize! :create, :users, :name
+    @ability.should be_fully_authorized(:create, :users)
+    @ability.authorize! :destroy, :users
+    @ability.should be_fully_authorized(:destroy, :users)
+  end
+
+  it "marks as fully authorized when authorizing with strings instead of symbols" do
+    @ability.fully_authorized! "update", "ranges"
+    @ability.should be_fully_authorized(:update, :ranges)
+    @ability.should be_fully_authorized("update", "ranges")
+    @ability.can :update, :users
+    @ability.authorize! "update", "users"
+    @ability.should be_fully_authorized(:update, :users)
+  end
+
+
+  # Cannot
+
+  it "offers cannot? method which inverts can?" do
+    @ability.cannot?(:wax, :cars).should be_true
+  end
+
+  it "supports 'cannot' method to define what user cannot do" do
+    @ability.can :read, :all
+    @ability.cannot :read, :ranges
+    @ability.can?(:read, :books).should be_true
+    @ability.can?(:read, 1..3).should be_false
+    @ability.can?(:read, :ranges).should be_false
+  end
+
+  it "passes to previous rule if cannot check returns false" do
+    @ability.can :read, :all
+    @ability.cannot :read, :ranges, :begin => 3
+    @ability.cannot :read, :ranges do |range|
+      range.begin == 5
+    end
+    @ability.can?(:read, :books).should be_true
+    @ability.can?(:read, 2..4).should be_true
+    @ability.can?(:read, 3..7).should be_false
+    @ability.can?(:read, 5..9).should be_false
+  end
+
+  it "rejects permission only to a given attribute" do
+    @ability.can :update, :books
+    @ability.cannot :update, :books, :author
+    @ability.can?(:update, :books).should be_true
+    @ability.can?(:update, :books, :author).should be_false
+  end
+
+  # Hash Association
+
+  it "checks permission through association when hash is passed as subject" do
+    @ability.can :read, :books, :range => {:begin => 3}
+    @ability.can?(:read, (1..4) => :books).should be_false
+    @ability.can?(:read, (3..5) => :books).should be_true
+    @ability.can?(:read, 123 => :books).should be_true
+  end
+
+  it "checks permissions on association hash with multiple rules" do
+    @ability.can :read, :books, :range => {:begin => 3}
+    @ability.can :read, :books, :range => {:end => 6}
+    @ability.can?(:read, (1..4) => :books).should be_false
+    @ability.can?(:read, (3..5) => :books).should be_true
+    @ability.can?(:read, (1..6) => :books).should be_true
+    @ability.can?(:read, 123 => :books).should be_true
+  end
+
+  it "checks ability on hash subclass" do
+    class Container < Hash; end
+    @ability.can :read, :containers
+    @ability.can?(:read, Container.new).should be_true
+  end
+
+
+  # Initial Attributes
+
+  it "has initial attributes based on hash conditions for a given action" do
+    @ability.can :access, :ranges, :foo => "foo", :hash => {:skip => "hashes"}
+    @ability.can :create, :ranges, :bar => 123, :array => %w[skip arrays]
+    @ability.can :new, :ranges, :baz => "baz", :range => 1..3
+    @ability.cannot :new, :ranges, :ignore => "me"
+    @ability.attributes_for(:new, :ranges).should == {:foo => "foo", :bar => 123, :baz => "baz"}
+  end
+
+
+  # Unauthorized Exception
+
+  it "raises CanCan::Unauthorized when calling authorize! on unauthorized action" do
+    begin
+      @ability.authorize! :read, :books, :message => "Access denied!"
+    rescue CanCan::Unauthorized => e
+      e.message.should == "Access denied!"
+      e.action.should == :read
+      e.subject.should == :books
+    else
+      fail "Expected CanCan::Unauthorized exception to be raised"
+    end
+  end
+
+  it "does not raise access denied exception if ability is authorized to perform an action and return subject" do
+    @ability.can :read, :foo
+    lambda {
+      @ability.authorize!(:read, :foo).should == :foo
+    }.should_not raise_error
+  end
+
+  it "knows when block is used in conditions" do
+    @ability.can :read, :foo
+    @ability.should_not have_block(:read, :foo)
+    @ability.can :read, :foo do |foo|
+      false
+    end
+    @ability.should have_block(:read, :foo)
+  end
+
+  it "knows when raw sql is used in conditions" do
+    @ability.can :read, :foo
+    @ability.should_not have_raw_sql(:read, :foo)
+    @ability.can :read, :foo, 'false'
+    @ability.should have_raw_sql(:read, :foo)
+  end
+
+  it "raises access denied exception with default message if not specified" do
+    begin
+      @ability.authorize! :read, :books
+    rescue CanCan::Unauthorized => e
+      e.default_message = "Access denied!"
+      e.message.should == "Access denied!"
+    else
+      fail "Expected CanCan::Unauthorized exception to be raised"
+    end
+  end
+
+  it "does not raise access denied exception if ability is authorized to perform an action and return subject" do
+    @ability.can :read, :books
+    lambda {
+      @ability.authorize!(:read, :books).should == :books
+    }.should_not raise_error
+  end
+
+
+  # Determining Kind of Conditions
+
+  it "knows when a block is used for conditions" do
+    @ability.can :read, :books
+    @ability.should_not have_block(:read, :books)
+    @ability.can :read, :books do |foo|
+      false
+    end
+    @ability.should have_block(:read, :books)
+  end
+
+  it "knows when raw sql is used for conditions" do
+    @ability.can :read, :books
+    @ability.should_not have_raw_sql(:read, :books)
+    @ability.can :read, :books, 'false'
+    @ability.should have_raw_sql(:read, :books)
+  end
+
+  it "determines model adapter class by asking AbstractAdapter" do
+    model_class = Object.new
+    adapter_class = Object.new
+    CanCan::ModelAdapters::AbstractAdapter.stub(:adapter_class).with(model_class) { adapter_class }
+    adapter_class.stub(:new).with(model_class, []) { :adapter_instance }
+    @ability.model_adapter(model_class, :read).should == :adapter_instance
+  end
+
+
+  # Unauthorized I18n Message
+
+  describe "unauthorized message" do
+    after(:each) do
+      I18n.backend = nil
+    end
+
+    it "uses action/subject in i18n" do
+      I18n.backend.store_translations :en, :unauthorized => {:update => {:ranges => "update ranges"}}
+      @ability.unauthorized_message(:update, :ranges).should == "update ranges"
+      @ability.unauthorized_message(:update, 2..4).should == "update ranges"
+      @ability.unauthorized_message(:update, :missing).should be_nil
+    end
+
+    it "uses symbol as subject directly" do
+      I18n.backend.store_translations :en, :unauthorized => {:has => {:cheezburger => "Nom nom nom. I eated it."}}
+      @ability.unauthorized_message(:has, :cheezburger).should == "Nom nom nom. I eated it."
+    end
+
+    it "falls back to 'access' and 'all'" do
+      I18n.backend.store_translations :en, :unauthorized => {
+        :access => {:all => "access all", :ranges => "access ranges"},
+        :update => {:all => "update all", :ranges => "update ranges"}
+      }
+      @ability.unauthorized_message(:update, :ranges).should == "update ranges"
+      @ability.unauthorized_message(:update, :hashes).should == "update all"
+      @ability.unauthorized_message(:create, :ranges).should == "access ranges"
+      @ability.unauthorized_message(:create, :hashes).should == "access all"
+    end
+
+    it "follows aliases" do
+      I18n.backend.store_translations :en, :unauthorized => {:modify => {:ranges => "modify ranges"}}
+      @ability.alias_action :update, :to => :modify
+      @ability.alias_subject :areas, :to => :ranges
+      @ability.unauthorized_message(:update, :areas).should == "modify ranges"
+      @ability.unauthorized_message(:edit, :ranges).should == "modify ranges"
+    end
+
+    it "has variables for action and subject" do
+      I18n.backend.store_translations :en, :unauthorized => {:access => {:all => "%{action} %{subject}"}} # old syntax for now in case testing with old I18n
+      @ability.unauthorized_message(:update, :ranges).should == "update ranges"
+      @ability.unauthorized_message(:edit, 1..3).should == "edit ranges"
+      # @ability.unauthorized_message(:update, ArgumentError).should == "update argument error"
+    end
+  end
+
+  it "merges the rules from another ability" do
+    @ability.can :use, :tools
+    another_ability = Object.new
+    another_ability.extend(CanCan::Ability)
+    another_ability.can :use, :search
+
+    @ability.merge(another_ability)
+    @ability.can?(:use, :search).should be_true
+    @ability.send(:rules).size.should == 2
+  end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/controller_additions_spec.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/controller_additions_spec.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/controller_additions_spec.rb
new file mode 100755
index 0000000..4b9e326
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/controller_additions_spec.rb
@@ -0,0 +1,118 @@
+require "spec_helper"
+
+describe CanCan::ControllerAdditions do
+  before(:each) do
+    @params = HashWithIndifferentAccess.new
+    @controller_class = Class.new
+    @controller = @controller_class.new
+    @controller.stub(:params) { @params }
+    @controller.stub(:current_user) { :current_user }
+    @controller_class.should_receive(:helper_method).with(:can?, :cannot?, :current_ability)
+    @controller_class.send(:include, CanCan::ControllerAdditions)
+  end
+
+  it "raises ImplementationRemoved when attempting to call load/authorize/skip/check calls on a controller" do
+    lambda { @controller_class.load_resource }.should raise_error(CanCan::ImplementationRemoved)
+    lambda { @controller_class.authorize_resource }.should raise_error(CanCan::ImplementationRemoved)
+    lambda { @controller_class.skip_load_resource }.should raise_error(CanCan::ImplementationRemoved)
+    lambda { @controller_class.skip_authorize_resource }.should raise_error(CanCan::ImplementationRemoved)
+    lambda { @controller_class.check_authorization }.should raise_error(CanCan::ImplementationRemoved)
+    lambda { @controller_class.skip_authorization_check }.should raise_error(CanCan::ImplementationRemoved)
+    lambda { @controller_class.cancan_skipper }.should raise_error(CanCan::ImplementationRemoved)
+  end
+
+  it "authorize! should pass args to current ability" do
+    @controller.current_ability.should_receive(:authorize!).with(:foo, :bar)
+    @controller.authorize!(:foo, :bar)
+  end
+
+  it "provides a can? and cannot? methods which go through the current ability" do
+    @controller.current_ability.should be_kind_of(Ability)
+    @controller.can?(:foo, :bar).should be_false
+    @controller.cannot?(:foo, :bar).should be_true
+  end
+
+  it "load_and_authorize_resource adds a before filter which passes call to ControllerResource" do
+    controller_resource = double("controller_resource")
+    controller_resource.should_receive(:process)
+    CanCan::ControllerResource.stub(:new).with(@controller, nil, :load => true, :authorize => true, :foo => :bar) { controller_resource }
+    @controller_class.should_receive(:before_filter).with({}).and_yield(@controller)
+    @controller_class.load_and_authorize_resource :foo => :bar
+  end
+
+  it "load_and_authorize_resource passes first argument as the resource name" do
+    controller_resource = double("controller_resource")
+    controller_resource.should_receive(:process)
+    CanCan::ControllerResource.stub(:new).with(@controller, :project, :load => true, :authorize => true, :foo => :bar) { controller_resource }
+    @controller_class.should_receive(:before_filter).with({}).and_yield(@controller)
+    @controller_class.load_and_authorize_resource :project, :foo => :bar
+  end
+
+  it "load_and_authorize_resource passes :only, :except, :if, :unless options to before filter" do
+    controller_resource = double("controller_resource")
+    controller_resource.should_receive(:process)
+    CanCan::ControllerResource.stub(:new).with(@controller, nil, :load => true, :authorize => true) { controller_resource }
+    @controller_class.should_receive(:before_filter).with(:only => 1, :except => 2, :if => 3, :unless => 4).and_yield(@controller)
+    @controller_class.load_and_authorize_resource :only => 1, :except => 2, :if => 3, :unless => 4
+  end
+
+  it "load_and_authorize_resource with :prepend prepends the before filter" do
+    @controller_class.should_receive(:prepend_before_filter).with({})
+    @controller_class.load_and_authorize_resource :foo => :bar, :prepend => true
+  end
+
+  it "cancan_resource_class should be ControllerResource by default" do
+    @controller.class.cancan_resource_class.should == CanCan::ControllerResource
+  end
+
+  it "cancan_resource_class should be InheritedResource when class includes InheritedResources::Actions" do
+    @controller.class.stub(:ancestors) { ["InheritedResources::Actions"] }
+    @controller.class.cancan_resource_class.should == CanCan::InheritedResource
+  end
+
+  it "enable_authorization should call authorize! with controller and action name" do
+    @params.merge!(:controller => "projects", :action => "create")
+    @controller.should_receive(:authorize!).with("create", "projects")
+    @controller_class.stub(:before_filter).with(:only => :foo, :except => :bar).and_yield(@controller)
+    @controller_class.stub(:after_filter).with(:only => :foo, :except => :bar)
+    @controller_class.enable_authorization(:only => :foo, :except => :bar)
+  end
+
+  it "enable_authorization should raise InsufficientAuthorizationCheck when not fully authoried" do
+    @params.merge!(:controller => "projects", :action => "create")
+    @controller_class.stub(:before_filter).with(:only => :foo, :except => :bar)
+    @controller_class.stub(:after_filter).with(:only => :foo, :except => :bar).and_yield(@controller)
+    lambda {
+      @controller_class.enable_authorization(:only => :foo, :except => :bar)
+    }.should raise_error(CanCan::InsufficientAuthorizationCheck)
+  end
+
+  it "enable_authorization should not call authorize! when :if is false" do
+    @authorize_called = false
+    @controller.stub(:authorize?) { false }
+    @controller.stub(:authorize!) { @authorize_called = true }
+    @controller_class.should_receive(:before_filter).with({}).and_yield(@controller)
+    @controller_class.should_receive(:after_filter).with({}).and_yield(@controller)
+    @controller_class.enable_authorization(:if => :authorize?)
+    @authorize_called.should be_false
+  end
+
+  it "enable_authorization should not call authorize! when :unless is true" do
+    @authorize_called = false
+    @controller.stub(:engine_controller?) { true }
+    @controller.stub(:authorize!) { @authorize_called = true }
+    @controller_class.should_receive(:before_filter).with({}).and_yield(@controller)
+    @controller_class.should_receive(:after_filter).with({}).and_yield(@controller)
+    @controller_class.enable_authorization(:unless => :engine_controller?)
+    @authorize_called.should be_false
+  end
+
+  it "enable_authorization should pass block to rescue_from CanCan::Unauthorized call" do
+    @block_called = false
+    @controller_class.should_receive(:before_filter).with({})
+    @controller_class.should_receive(:after_filter).with({})
+    @controller_class.should_receive(:rescue_from).with(CanCan::Unauthorized).and_yield(:exception)
+    @controller_class.enable_authorization { |e| @block_called = (e == :exception) }
+    @block_called.should be_true
+  end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/controller_resource_spec.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/controller_resource_spec.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/controller_resource_spec.rb
new file mode 100755
index 0000000..70d6bcc
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/controller_resource_spec.rb
@@ -0,0 +1,535 @@
+require "spec_helper"
+
+describe CanCan::ControllerResource do
+  before(:each) do
+    Project.delete_all
+    Category.delete_all
+    @params = HashWithIndifferentAccess.new(:controller => "projects")
+    @controller_class = Class.new
+    @controller = @controller_class.new
+    @ability = Ability.new(nil)
+    @controller.stub(:params) { @params }
+    @controller.stub(:current_ability) { @ability }
+    @controller.stub(:authorize!) { |*args| @ability.authorize!(*args) }
+    # @controller_class.stub(:cancan_skipper) { {:authorize => {}, :load => {}} }
+  end
+
+  it "loads the resource into an instance variable if params[:id] is specified" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "does not load resource into an instance variable if already set" do
+    @params.merge!(:action => "show", :id => 123)
+    @controller.instance_variable_set(:@project, :some_project)
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "loads resource for namespaced controller" do
+    project = Project.create!
+    @params.merge!(:controller => "admin/projects", :action => "show", :id => project.id)
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "attempts to load a resource with the same namespace as the controller when using :: for namespace" do
+    module SomeEngine
+      class Project < ::Project; end
+    end
+    project = SomeEngine::Project.create!
+    @params.merge!(:controller => "SomeEngine::ProjectsController", :action => "show", :id => project.id)
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  # Rails includes namespace in params, see issue #349
+  it "creates through the namespaced params" do
+    module SomeEngine
+      class Project < ::Project; end
+    end
+    @params.merge!(:controller => "SomeEngine::ProjectsController", :action => "create", :some_engine_project => {:name => "foobar"})
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+  end
+
+  it "loads resource for namespaced controller when using '::' for namespace" do
+    project = Project.create!
+    @params.merge!(:controller => "Admin::ProjectsController", :action => "show", :id => project.id)
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "has the specified nested resource_class when using / for namespace" do
+    module Admin
+      class Dashboard; end
+    end
+    @ability.can(:index, "admin/dashboard")
+    @params.merge!(:controller => "admin/dashboard", :action => "index")
+    @controller.authorize!(:index, "admin/dashboard")
+    resource = CanCan::ControllerResource.new(@controller, :authorize => true)
+    resource.send(:resource_class).should == Admin::Dashboard
+  end
+
+  it "builds a new resource with hash if params[:id] is not specified and authorize on each attribute" do
+    @params.merge!(:action => "create", :project => {:name => "foobar"})
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+  end
+
+  it "builds a new resource for namespaced model with hash if params[:id] is not specified" do
+    module SomeEngine
+      class Project < ::Project; end
+    end
+    @params.merge!(:action => "create", :some_engine_project => {:name => "foobar"})
+    CanCan::ControllerResource.new(@controller, :load => true, :class => SomeEngine::Project).process
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+  end
+
+  it "builds a new resource with attributes from current ability" do
+    @params.merge!(:action => "new")
+    @ability.can(:create, :projects, :name => "from conditions")
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).name.should == "from conditions"
+  end
+
+  it "overrides initial attributes with params" do
+    @params.merge!(:action => "new", :project => {:name => "from params"})
+    @ability.can(:create, :projects, :name => "from conditions")
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).name.should == "from params"
+  end
+
+  it "builds a collection when on index action when class responds to accessible_by and mark ability as fully authorized" do
+    Project.stub(:accessible_by).with(@ability, :index) { :found_projects }
+    @params[:action] = "index"
+    CanCan::ControllerResource.new(@controller, :project, :load => true).process
+    @controller.instance_variable_get(:@project).should be_nil
+    @controller.instance_variable_get(:@projects).should == :found_projects
+    @ability.should be_fully_authorized(:index, :projects)
+  end
+
+  it "does not build a collection when on index action when class does not respond to accessible_by and not mark ability as fully authorized" do
+    class CustomModel
+    end
+    @params[:controller] = "custom_models"
+    @params[:action] = "index"
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should be_nil
+    @controller.instance_variable_defined?(:@projects).should be_false
+    @ability.should_not be_fully_authorized(:index, :projects)
+  end
+
+  it "does not use accessible_by when defining abilities through a block" do
+    Project.stub(:accessible_by).with(@ability) { :found_projects }
+    @params[:action] = "index"
+    @ability.can(:read, :projects) { |p| false }
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should be_nil
+    @controller.instance_variable_defined?(:@projects).should be_false
+  end
+
+  it "does not authorize resource in collection action" do
+    @params[:action] = "index"
+    @controller.instance_variable_set(:@project, :some_project)
+    @controller.stub(:authorize!).with(:index, :projects) { raise CanCan::Unauthorized }
+    resource = CanCan::ControllerResource.new(@controller, :authorize => true)
+    lambda { resource.process }.should_not raise_error(CanCan::Unauthorized)
+  end
+
+  it "authorizes parent resource in collection action" do
+    @params[:action] = "index"
+    @controller.instance_variable_set(:@category, :some_category)
+    @controller.stub(:authorize!).with(:show, :some_category) { raise CanCan::Unauthorized }
+    resource = CanCan::ControllerResource.new(@controller, :category, :parent => true, :authorize => true)
+    lambda { resource.process }.should raise_error(CanCan::Unauthorized)
+  end
+
+  it "performs authorization using controller action and loaded model" do
+    @params.merge!(:action => "show", :id => 123)
+    @controller.instance_variable_set(:@project, :some_project)
+    @controller.stub(:authorize!).with(:show, :some_project) { raise CanCan::Unauthorized }
+    resource = CanCan::ControllerResource.new(@controller, :authorize => true)
+    lambda { resource.process }.should raise_error(CanCan::Unauthorized)
+  end
+
+  it "does not perform authorization using controller action when no loaded model" do
+    @params.merge!(:action => "show", :id => 123)
+    @controller.stub(:authorize!).with(:show, :projects) { raise CanCan::Unauthorized }
+    resource = CanCan::ControllerResource.new(@controller, :authorize => true)
+    lambda { resource.process }.should_not raise_error(CanCan::Unauthorized)
+  end
+
+  it "does not build a single resource when on custom collection action even with id" do
+    @params.merge!(:action => "sort", :id => 123)
+    CanCan::ControllerResource.new(@controller, :load => true, :collection => [:sort, :list]).process
+    @controller.instance_variable_get(:@project).should be_nil
+  end
+
+  it "loads a collection resource when on custom action with no id param" do
+    Project.stub(:accessible_by).with(@ability, :sort) { :found_projects }
+    @params[:action] = "sort"
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should be_nil
+    @controller.instance_variable_get(:@projects).should == :found_projects
+  end
+
+  it "builds a resource when on custom new action even when params[:id] exists" do
+    @params.merge!(:action => "build", :id => 123)
+    Project.stub(:new) { :some_project }
+    CanCan::ControllerResource.new(@controller, :load => true, :new => :build).process
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "does not try to load resource for other action if params[:id] is undefined" do
+    @params[:action] = "list"
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should be_nil
+  end
+
+  it "is a parent resource when name is provided which doesn't match controller" do
+    resource = CanCan::ControllerResource.new(@controller, :category)
+    resource.should be_parent
+  end
+
+  it "does not be a parent resource when name is provided which matches controller" do
+    resource = CanCan::ControllerResource.new(@controller, :project)
+    resource.should_not be_parent
+  end
+
+  it "is parent if specified in options" do
+    resource = CanCan::ControllerResource.new(@controller, :project, {:parent => true})
+    resource.should be_parent
+  end
+
+  it "does not be parent if specified in options" do
+    resource = CanCan::ControllerResource.new(@controller, :category, {:parent => false})
+    resource.should_not be_parent
+  end
+
+  it "has the specified resource_class if name is passed to load_resource" do
+    resource = CanCan::ControllerResource.new(@controller, :category)
+    resource.send(:resource_class).should == Category
+  end
+
+  it "loads parent resource through proper id parameter" do
+    project = Project.create!
+    @params.merge!(:action => "index", :project_id => project.id)
+    CanCan::ControllerResource.new(@controller, :project, :load => true, :parent => true).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "loads resource through the association of another parent resource using instance variable" do
+    @params.merge!(:action => "show", :id => 123)
+    category = double("category", :projects => double("projects"))
+    category.projects.stub(:find).with(123) { :some_project }
+    @controller.instance_variable_set(:@category, category)
+    CanCan::ControllerResource.new(@controller, :load => true, :through => :category).process
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "loads resource through the custom association name" do
+    @params.merge!(:action => "show", :id => 123)
+    category = double("category", :custom_projects => double("custom_projects"))
+    category.custom_projects.stub(:find).with(123) { :some_project }
+    @controller.instance_variable_set(:@category, category)
+    CanCan::ControllerResource.new(@controller, :load => true, :through => :category, :through_association => :custom_projects).process
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "loads resource through the association of another parent resource using method" do
+    @params.merge!(:action => "show", :id => 123)
+    category = double("category", :projects => double("projects"))
+    @controller.stub(:category) { category }
+    category.projects.stub(:find).with(123) { :some_project }
+    CanCan::ControllerResource.new(@controller, :load => true, :through => :category).process
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "does not load through parent resource if instance isn't loaded when shallow" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    CanCan::ControllerResource.new(@controller, :load => true, :through => :category, :shallow => true).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "raises Unauthorized when attempting to load resource through nil" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    resource = CanCan::ControllerResource.new(@controller, :load => true, :through => :category)
+    lambda {
+      resource.process
+    }.should raise_error(CanCan::Unauthorized) { |exception|
+      exception.action.should == :show
+      exception.subject.should == :projects
+    }
+    @controller.instance_variable_get(:@project).should be_nil
+  end
+
+  it "named resources should be loaded independently of the controller name" do
+    category = Category.create!
+    @params.merge!(:action => "new", :category_id => category.id)
+    CanCan::ControllerResource.new(@controller, :category, :load => true).process
+    CanCan::ControllerResource.new(@controller, :project, :load => true, :through => :category).process
+    @controller.instance_variable_get(:@category).should eq(category)
+    project = @controller.instance_variable_get(:@project)
+    project.category.should eq(category)
+  end
+
+  it "parent resources shouldn't be altered" do
+    category = Category.create!
+    @params.merge!(:action => "create", :category_id => category.id, :project => { :name => 'foo' })
+    CanCan::ControllerResource.new(@controller, :category, :load => true).process
+    CanCan::ControllerResource.new(@controller, :project, :load => true, :through => :category).process
+    project = @controller.instance_variable_get(:@project)
+    project.new_record?.should eq(true)
+    project.name.should eq('foo')
+  end
+
+  it "authorizes nested resource through parent association on index action" do
+    pending
+    @params.merge!(:action => "index")
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    @controller.stub(:authorize!).with(:index, category => :projects) { raise CanCan::Unauthorized }
+    resource = CanCan::ControllerResource.new(@controller, :authorize => true, :through => :category)
+    lambda { resource.process }.should raise_error(CanCan::Unauthorized)
+  end
+
+  it "loads through first matching if multiple are given" do
+    @params.merge!(:action => "show", :id => 123)
+    category = double("category", :projects => double("projects"))
+    category.projects.stub(:find).with(123) { :some_project }
+    @controller.instance_variable_set(:@category, category)
+    CanCan::ControllerResource.new(@controller, :load => true, :through => [:category, :user]).process
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "finds record through has_one association with :singleton option without id param" do
+    @params.merge!(:action => "show", :id => nil)
+    category = Object.new
+    @controller.instance_variable_set(:@category, category)
+    category.stub(:project) { :some_project }
+    CanCan::ControllerResource.new(@controller, :load => true, :through => :category, :singleton => true).process
+    @controller.instance_variable_get(:@project).should == :some_project
+  end
+
+  it "does not build record through has_one association with :singleton option because it can cause it to delete it in the database" do
+    @params.merge!(:action => "create", :project => {:name => "foobar"})
+    category = Category.new
+    @controller.instance_variable_set(:@category, category)
+    CanCan::ControllerResource.new(@controller, :load => true, :through => :category, :singleton => true).process
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+    @controller.instance_variable_get(:@project).category.should == category
+  end
+
+  it "finds record through has_one association with :singleton and :shallow options" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    CanCan::ControllerResource.new(@controller, :load => true, :through => :category, :singleton => true, :shallow => true).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "builds record through has_one association with :singleton and :shallow options" do
+    @params.merge!(:action => "create", :project => {:name => "foobar"})
+    CanCan::ControllerResource.new(@controller, :load => true, :through => :category, :singleton => true, :shallow => true).process
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+  end
+
+  it "only authorizes :show action on parent resource" do
+    project = Project.create!
+    @params.merge!(:action => "new", :project_id => project.id)
+    @controller.stub(:authorize!).with(:show, project) { raise CanCan::Unauthorized }
+    resource = CanCan::ControllerResource.new(@controller, :project, :load => true, :authorize => true, :parent => true)
+    lambda { resource.process }.should raise_error(CanCan::Unauthorized)
+  end
+
+  it "authorizes update action before setting attributes" do
+    @ability.can :update, :projects, :name => "bar"
+    project = Project.create!(:name => "foo")
+    @params.merge!(:action => "update", :id => project.id, :project => {:name => "bar"})
+    resource = CanCan::ControllerResource.new(@controller, :project, :load => true, :authorize => true)
+    lambda { resource.process }.should raise_error(CanCan::Unauthorized)
+  end
+
+  it "authorizes update action after setting attributes" do
+    @ability.can :update, :projects, :name => "foo"
+    project = Project.create!(:name => "foo")
+    @params.merge!(:action => "update", :id => project.id, :project => {:name => "bar"})
+    resource = CanCan::ControllerResource.new(@controller, :project, :load => true, :authorize => true)
+    lambda { resource.process }.should raise_error(CanCan::Unauthorized)
+  end
+
+  it "loads the model using a custom class" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    CanCan::ControllerResource.new(@controller, :load => true, :class => Project).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "loads the model using a custom namespaced class" do
+    module SomeEngine
+      class Project < ::Project; end
+    end
+    project = SomeEngine::Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    CanCan::ControllerResource.new(@controller, :load => true, :class => SomeEngine::Project).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "does not authorize based on resource name if class is false because we don't do class level authorization anymore" do
+    @params.merge!(:action => "show", :id => 123)
+    @controller.stub(:authorize!).with(:show, :projects) { raise CanCan::Unauthorized }
+    resource = CanCan::ControllerResource.new(@controller, :authorize => true, :class => false)
+    lambda { resource.process }.should_not raise_error(CanCan::Unauthorized)
+  end
+
+  it "loads and authorize using custom instance name" do
+    project = Project.create!
+    @params.merge!(:action => "show", :id => project.id)
+    @controller.stub(:authorize!).with(:show, project) { raise CanCan::Unauthorized }
+    resource = CanCan::ControllerResource.new(@controller, :load => true, :authorize => true, :instance_name => :custom_project)
+    lambda { resource.process }.should raise_error(CanCan::Unauthorized)
+    @controller.instance_variable_get(:@custom_project).should == project
+  end
+
+  it "loads resource using custom ID param" do
+    project = Project.create!
+    @params.merge!(:action => "show", :the_project => project.id)
+    resource = CanCan::ControllerResource.new(@controller, :id_param => :the_project, :load => true)
+    resource.process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "loads resource using custom find_by attribute" do
+    project = Project.create!(:name => "foo")
+    @params.merge!(:action => "show", :id => "foo")
+    CanCan::ControllerResource.new(@controller, :load => true, :find_by => :name).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "authorizes each new attribute in the create action" do
+    @params.merge!(:action => "create", :project => {:name => "foo"})
+    @controller.instance_variable_set(:@project, :some_project)
+    @ability.should_receive(:authorize!).with(:create, :some_project, :name)
+    CanCan::ControllerResource.new(@controller, :authorize => true).process
+  end
+
+  it "allows full find method to be passed into find_by option" do
+    project = Project.create!(:name => "foo")
+    @params.merge!(:action => "show", :id => "foo")
+    CanCan::ControllerResource.new(@controller, :find_by => :find_by_name, :load => true).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  it "authorizes each new attribute in the update action" do
+    @params.merge!(:action => "update", :id => 123, :project => {:name => "foo"})
+    @controller.instance_variable_set(:@project, :some_project)
+    @ability.should_receive(:authorize!).with(:update, :some_project, :name)
+    CanCan::ControllerResource.new(@controller, :authorize => true).process
+  end
+
+  it "fetches member through method when instance variable is not provided" do
+    @controller.stub(:project) { :some_project }
+    @params.merge!(:action => "show", :id => 123)
+    @controller.stub(:authorize!).with(:show, :some_project) { raise CanCan::Unauthorized }
+    resource = CanCan::ControllerResource.new(@controller, :authorize => true)
+    lambda { resource.process }.should raise_error(CanCan::Unauthorized)
+  end
+
+  it "attempts to load a resource with the same namespace as the controller when using :: for namespace" do
+    module Namespaced
+      class Project < ::Project; end
+    end
+    project = Namespaced::Project.create!
+    @params.merge!(:controller => "Namespaced::ProjectsController", :action => "show", :id => project.id)
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should == project
+  end
+
+  # Rails includes namespace in params, see issue #349
+  it "creates through namespaced params" do
+    module Namespaced
+      class Project < ::Project; end
+    end
+    @params.merge!(:controller => "Namespaced::ProjectsController", :action => "create", :namespaced_project => {:name => "foobar"})
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).name.should == "foobar"
+  end
+
+  it "should properly authorize resource for namespaced controller" do
+    @ability.can(:index, "admin/dashboard")
+    @params.merge!(:controller => "admin/dashboard", :action => "index")
+    @controller.authorize!(:index, "admin/dashboard")
+    resource = CanCan::ControllerResource.new(@controller, :authorize => true).process
+    lambda { resource.process }.should_not raise_error(CanCan::Unauthorized)
+  end
+
+  # it "raises ImplementationRemoved when adding :name option" do
+  #   lambda {
+  #     CanCan::ControllerResource.new(@controller, :name => :foo)
+  #   }.should raise_error(CanCan::ImplementationRemoved)
+  # end
+  #
+  # it "raises ImplementationRemoved exception when specifying :resource option since it is no longer used" do
+  #   lambda {
+  #     CanCan::ControllerResource.new(@controller, :resource => Project)
+  #   }.should raise_error(CanCan::ImplementationRemoved)
+  # end
+  #
+  # it "raises ImplementationRemoved exception when passing :nested option" do
+  #   lambda {
+  #     CanCan::ControllerResource.new(@controller, :nested => :project)
+  #   }.should raise_error(CanCan::ImplementationRemoved)
+  # end
+
+  # it "skips resource behavior for :only actions in array" do
+  #   @controller_class.stub(:cancan_skipper) { {:load => {nil => {:only => [:index, :show]}}} }
+  #   @params.merge!(:action => "index")
+  #   CanCan::ControllerResource.new(@controller).skip?(:load).should be_true
+  #   CanCan::ControllerResource.new(@controller, :some_resource).skip?(:load).should be_false
+  #   @params.merge!(:action => "show")
+  #   CanCan::ControllerResource.new(@controller).skip?(:load).should be_true
+  #   @params.merge!(:action => "other_action")
+  #   CanCan::ControllerResource.new(@controller).skip?(:load).should be_false
+  # end
+  #
+  # it "skips resource behavior for :only one action on resource" do
+  #   @controller_class.stub(:cancan_skipper) { {:authorize => {:project => {:only => :index}}} }
+  #   @params.merge!(:action => "index")
+  #   CanCan::ControllerResource.new(@controller).skip?(:authorize).should be_false
+  #   CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_true
+  #   @params.merge!(:action => "other_action")
+  #   CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_false
+  # end
+  #
+  # it "skips resource behavior :except actions in array" do
+  #   @controller_class.stub(:cancan_skipper) { {:load => {nil => {:except => [:index, :show]}}} }
+  #   @params.merge!(:action => "index")
+  #   CanCan::ControllerResource.new(@controller).skip?(:load).should be_false
+  #   @params.merge!(:action => "show")
+  #   CanCan::ControllerResource.new(@controller).skip?(:load).should be_false
+  #   @params.merge!(:action => "other_action")
+  #   CanCan::ControllerResource.new(@controller).skip?(:load).should be_true
+  #   CanCan::ControllerResource.new(@controller, :some_resource).skip?(:load).should be_false
+  # end
+  #
+  # it "skips resource behavior :except one action on resource" do
+  #   @controller_class.stub(:cancan_skipper) { {:authorize => {:project => {:except => :index}}} }
+  #   @params.merge!(:action => "index")
+  #   CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_false
+  #   @params.merge!(:action => "other_action")
+  #   CanCan::ControllerResource.new(@controller).skip?(:authorize).should be_false
+  #   CanCan::ControllerResource.new(@controller, :project).skip?(:authorize).should be_true
+  # end
+  #
+  # it "skips loading and authorization" do
+  #   @controller_class.stub(:cancan_skipper) { {:authorize => {nil => {}}, :load => {nil => {}}} }
+  #   @params.merge!(:action => "new")
+  #   resource = CanCan::ControllerResource.new(@controller)
+  #   lambda { resource.load_and_authorize_resource }.should_not raise_error
+  #   @controller.instance_variable_get(:@project).should be_nil
+  # end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/exceptions_spec.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/exceptions_spec.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/exceptions_spec.rb
new file mode 100755
index 0000000..03cc158
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/exceptions_spec.rb
@@ -0,0 +1,58 @@
+require "spec_helper"
+
+describe CanCan::Unauthorized do
+  describe "with action and subject" do
+    before(:each) do
+      @exception = CanCan::Unauthorized.new(nil, :some_action, :some_subject)
+    end
+
+    it "has action and subject accessors" do
+      @exception.action.should == :some_action
+      @exception.subject.should == :some_subject
+    end
+
+    it "has a changable default message" do
+      @exception.message.should == "You are not authorized to access this page."
+      @exception.default_message = "Unauthorized!"
+      @exception.message.should == "Unauthorized!"
+    end
+  end
+
+  describe "with only a message" do
+    before(:each) do
+      @exception = CanCan::Unauthorized.new("Access denied!")
+    end
+
+    it "has nil action and subject" do
+      @exception.action.should be_nil
+      @exception.subject.should be_nil
+    end
+
+    it "has passed message" do
+      @exception.message.should == "Access denied!"
+    end
+  end
+
+  describe "i18n in the default message" do
+    after(:each) do
+      I18n.backend = nil
+    end
+
+    it "uses i18n for the default message" do
+      I18n.backend.store_translations :en, :unauthorized => {:default => "This is a different message"}
+      @exception = CanCan::Unauthorized.new
+      @exception.message.should == "This is a different message"
+    end
+
+    it "defaults to a nice message" do
+      @exception = CanCan::Unauthorized.new
+      @exception.message.should == "You are not authorized to access this page."
+    end
+
+    it "does not use translation if a message is given" do
+      @exception = CanCan::Unauthorized.new("Hey! You're not welcome here")
+      @exception.message.should == "Hey! You're not welcome here"
+      @exception.message.should_not == "You are not authorized to access this page."
+    end
+  end
+end

http://git-wip-us.apache.org/repos/asf/incubator-blur/blob/11a2529a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/inherited_resource_spec.rb
----------------------------------------------------------------------
diff --git a/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/inherited_resource_spec.rb b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/inherited_resource_spec.rb
new file mode 100755
index 0000000..12739df
--- /dev/null
+++ b/contrib/blur-console-v1/blur-admin/vendor/gems/cancan/spec/cancan/inherited_resource_spec.rb
@@ -0,0 +1,58 @@
+require "spec_helper"
+
+describe CanCan::InheritedResource do
+  before(:each) do
+    @params = HashWithIndifferentAccess.new(:controller => "projects")
+    @controller_class = Class.new
+    @controller = @controller_class.new
+    @ability = Ability.new(nil)
+    @controller.stub(:params) { @params }
+    @controller.stub(:current_ability) { @ability }
+    # @controller_class.stub(:cancan_skipper) { {:authorize => {}, :load => {}} }
+  end
+
+  it "show should load resource through @controller.resource" do
+    @params.merge!(:action => "show", :id => 123)
+    @controller.stub(:resource) { :project_resource }
+    CanCan::InheritedResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should == :project_resource
+  end
+
+  it "new should load through @controller.build_resource" do
+    @params[:action] = "new"
+    @controller.stub(:build_resource) { :project_resource }
+    CanCan::InheritedResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).should == :project_resource
+  end
+
+  it "index should load through @controller.association_chain when parent" do
+    @params[:action] = "index"
+    @controller.stub(:association_chain) { @controller.instance_variable_set(:@project, :project_resource) }
+    CanCan::InheritedResource.new(@controller, :load => true, :parent => true).process
+    @controller.instance_variable_get(:@project).should == :project_resource
+  end
+
+  it "index should load through @controller.end_of_association_chain" do
+    @params[:action] = "index"
+    Project.stub(:accessible_by).with(@ability, :index) { :projects }
+    @controller.stub(:end_of_association_chain) { Project }
+    CanCan::InheritedResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@projects).should == :projects
+  end
+
+  it "should build a new resource with attributes from current ability" do
+    @params[:action] = "new"
+    @ability.can(:create, :projects, :name => "from conditions")
+    @controller.stub(:build_resource) { Struct.new(:name).new }
+    CanCan::InheritedResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).name.should == "from conditions"
+  end
+
+  it "should override initial attributes with params" do
+    @params.merge!(:action => "new", :project => {:name => "from params"})
+    @ability.can(:create, :projects, :name => "from conditions")
+    @controller.stub(:build_resource) { Struct.new(:name).new }
+    CanCan::ControllerResource.new(@controller, :load => true).process
+    @controller.instance_variable_get(:@project).name.should == "from params"
+  end
+end


Mime
View raw message