Add pundit for user roles

Gemfile

@@ -34,8 +34,9 @@ gem 'jquery-rails'
 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
 gem 'jbuilder', '~> 2.5'
 
-# User authentication
+# User authentication and roles
 gem 'devise', '~> 4.3'
+gem 'pundit'
 
 # Geocoding addresses to lat/long
 gem 'geocoder', '~> 1.4'

Gemfile.lock

@@ -158,6 +158,8 @@ GEM
       pry (>= 0.10.4)
     public_suffix (2.0.5)
     puma (3.8.2)
+    pundit (1.1.0)
+      activesupport (>= 3.0.0)
     rack (2.0.2)
     rack-test (0.6.3)
       rack (>= 1.0)
@@ -298,6 +300,7 @@ DEPENDENCIES
   pry-byebug
   pry-rails
   puma (~> 3.7)
+  pundit
   rails (~> 5.1.1)
   refills
   rspec-rails

app/controllers/application_controller.rb

@@ -1,4 +1,5 @@
 class ApplicationController < ActionController::Base
+  include Pundit
   protect_from_forgery with: :exception
   before_action :configure_permitted_parameters, if: :devise_controller?
 

app/models/assignment.rb

@@ -0,0 +1,6 @@
+class Assignment < ApplicationRecord
+  belongs_to :user
+  belongs_to :role
+
+  validates_presence_of :user_id, :role_id
+end

app/models/role.rb

@@ -0,0 +1,6 @@
+class Role < ApplicationRecord
+  has_many :assignments
+  has_many :users, through: :assignments
+
+  validates :name, presence: true, uniqueness: true
+end

app/models/user.rb

@@ -45,13 +45,20 @@ class User < ApplicationRecord
   has_many :organization_users
   has_many :organizations, through: :organization_users
 
+  has_many :assignments
+  has_many :roles, through: :assignments
+
   geocoded_by :full_street_address
   after_validation :geocode, if: ->(user){ user.full_street_address.present? and user.full_street_address_changed? }
 
   def name
     "#{first_name} #{last_name}"
   end
 
+  def role?(role)
+    roles.any? { |r| r.name.underscore.to_sym == role }
+  end
+
   # TODO: Add support for multiple interests
   scope :search_by_interest, (lambda { |interest|
       joins(:interests).merge(Interest.where("interest ILIKE ?", interest)) if interest.present? })

app/policies/application_policy.rb

@@ -0,0 +1,53 @@
+class ApplicationPolicy
+  attr_reader :user, :record
+
+  def initialize(user, record)
+    @user = user
+    @record = record
+  end
+
+  def index?
+    false
+  end
+
+  def show?
+    scope.where(:id => record.id).exists?
+  end
+
+  def create?
+    false
+  end
+
+  def new?
+    create?
+  end
+
+  def update?
+    false
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    false
+  end
+
+  def scope
+    Pundit.policy_scope!(user, record.class)
+  end
+
+  class Scope
+    attr_reader :user, :scope
+
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      scope
+    end
+  end
+end

db/migrate/20171016210855_create_roles.rb

@@ -0,0 +1,9 @@
+class CreateRoles < ActiveRecord::Migration[5.1]
+  def change
+    create_table :roles do |t|
+      t.string :name
+
+      t.timestamps
+    end
+  end
+end

db/migrate/20171016211209_create_assignments.rb

@@ -0,0 +1,10 @@
+class CreateAssignments < ActiveRecord::Migration[5.1]
+  def change
+    create_table :assignments do |t|
+      t.references :user, foreign_key: true
+      t.references :role, foreign_key: true
+
+      t.timestamps
+    end
+  end
+end

db/schema.rb

@@ -10,11 +10,20 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20171008224623) do
+ActiveRecord::Schema.define(version: 20171016211209) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
 
+  create_table "assignments", force: :cascade do |t|
+    t.bigint "user_id"
+    t.bigint "role_id"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+    t.index ["role_id"], name: "index_assignments_on_role_id"
+    t.index ["user_id"], name: "index_assignments_on_user_id"
+  end
+
   create_table "interests", force: :cascade do |t|
     t.string "interest"
     t.datetime "created_at", null: false
@@ -75,6 +84,12 @@
     t.datetime "updated_at", null: false
   end
 
+  create_table "roles", force: :cascade do |t|
+    t.string "name"
+    t.datetime "created_at", null: false
+    t.datetime "updated_at", null: false
+  end
+
   create_table "skills", force: :cascade do |t|
     t.string "skill", null: false
     t.datetime "created_at", null: false
@@ -117,4 +132,14 @@
     t.index ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
   end
 
+  create_table "users_roles", id: false, force: :cascade do |t|
+    t.bigint "user_id"
+    t.bigint "role_id"
+    t.index ["role_id"], name: "index_users_roles_on_role_id"
+    t.index ["user_id", "role_id"], name: "index_users_roles_on_user_id_and_role_id"
+    t.index ["user_id"], name: "index_users_roles_on_user_id"
+  end
+
+  add_foreign_key "assignments", "roles"
+  add_foreign_key "assignments", "users"
 end

db/seeds.rb

@@ -30,6 +30,12 @@
     password:   'password',
 ))
 
+puts "Populating roles..."
+Role.destroy_all
+ROLES = ['admin', 
+         'organization owner'
+].map { |role| Role.create(name: role) }
+
 puts "Populating skills..."
 Skill.destroy_all
 SKILLS = [

spec/factories/assignments.rb

@@ -0,0 +1,6 @@
+FactoryGirl.define do
+  factory :assignment do
+    user nil
+    role nil
+  end
+end

spec/factories/roles.rb

@@ -0,0 +1,5 @@
+FactoryGirl.define do
+  factory :role do
+    name "Role"
+  end
+end

spec/models/assignment_spec.rb

@@ -0,0 +1,19 @@
+require 'rails_helper'
+
+RSpec.describe Assignment, type: :model do
+  let(:user) { FactoryGirl.create :user }
+  let(:role) { FactoryGirl.create :role }
+  let(:assignment) { FactoryGirl.build_stubbed(:assignment, user_id: user.id, role_id: role.id) }
+
+  describe "validations" do
+    it "is valid with valid attributes" do
+      expect(assignment).to be_valid
+    end
+    it "is not valid without a user" do
+      expect(FactoryGirl.build_stubbed(:assignment, user_id: nil, role_id: role.id)).to_not be_valid
+    end
+    it "is not valid without a role" do
+      expect(FactoryGirl.build_stubbed(:assignment, user_id: user.id, role_id: nil)).to_not be_valid
+    end
+  end
+end

spec/models/role_spec.rb

@@ -0,0 +1,14 @@
+require 'rails_helper'
+
+RSpec.describe Role, type: :model do
+  let(:role) { FactoryGirl.build_stubbed :role }
+
+  describe "validations" do
+    it "is valid with valid attributes" do
+      expect(role).to be_valid
+    end
+    it "is not valid without a name" do
+      expect(FactoryGirl.build_stubbed(:role, name: nil)).to_not be_valid
+    end
+  end
+end

spec/policies/application_policy_spec.rb

@@ -0,0 +1,5 @@
+require "rails_helper" 
+
+describe ApplicationPolicy do
+  it "is not implemented"
+end

spec/spec_helper.rb

@@ -1,3 +1,5 @@
+require "pundit/rspec"
+
 # This file was generated by the `rails generate rspec:install` command. Conventionally, all
 # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
 # The generated `.rspec` file contains `--require spec_helper` which will cause