Feature/whitelist

app/controllers/projects_controller.rb

@@ -2,6 +2,7 @@ class ProjectsController < ApplicationController
   before_action :set_project, only: [:show, :edit, :update, :destroy]
   before_action :authenticate_user!
 
+
   # GET /projects
   # GET /projects.json
   def index

app/controllers/users/confirmations_controller.rb

@@ -0,0 +1,28 @@
+class Users::ConfirmationsController < Devise::ConfirmationsController
+  # GET /resource/confirmation/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/confirmation
+  # def create
+  #   super
+  # end
+
+  # GET /resource/confirmation?confirmation_token=abcdef
+  # def show
+  #   super
+  # end
+
+  # protected
+
+  # The path used after resending confirmation instructions.
+  # def after_resending_confirmation_instructions_path_for(resource_name)
+  #   super(resource_name)
+  # end
+
+  # The path used after confirmation.
+  # def after_confirmation_path_for(resource_name, resource)
+  #   super(resource_name, resource)
+  # end
+end

app/controllers/users/passwords_controller.rb

@@ -0,0 +1,32 @@
+class Users::PasswordsController < Devise::PasswordsController
+  # GET /resource/password/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/password
+  # def create
+  #   super
+  # end
+
+  # GET /resource/password/edit?reset_password_token=abcdef
+  # def edit
+  #   super
+  # end
+
+  # PUT /resource/password
+  # def update
+  #   super
+  # end
+
+  # protected
+
+  # def after_resetting_password_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after sending reset password instructions
+  # def after_sending_reset_password_instructions_path_for(resource_name)
+  #   super(resource_name)
+  # end
+end

app/controllers/users/registrations_controller.rb

@@ -0,0 +1,60 @@
+class Users::RegistrationsController < Devise::RegistrationsController
+# before_action :configure_sign_up_params, only: [:create]
+# before_action :configure_account_update_params, only: [:update]
+
+  # GET /resource/sign_up
+  # def new
+  #   super
+  # end
+
+  # POST /resource
+  # def create
+  #   super
+  # end
+
+  # GET /resource/edit
+  # def edit
+  #   super
+  # end
+
+  # PUT /resource
+  # def update
+  #   super
+  # end
+
+  # DELETE /resource
+  # def destroy
+  #   super
+  # end
+
+  # GET /resource/cancel
+  # Forces the session data which is usually expired after sign
+  # in to be expired now. This is useful if the user wants to
+  # cancel oauth signing in/up in the middle of the process,
+  # removing all OAuth session data.
+  # def cancel
+  #   super
+  # end
+
+  # protected
+
+  # If you have extra params to permit, append them to the sanitizer.
+  # def configure_sign_up_params
+  #   devise_parameter_sanitizer.permit(:sign_up, keys: [:attribute])
+  # end
+
+  # If you have extra params to permit, append them to the sanitizer.
+  # def configure_account_update_params
+  #   devise_parameter_sanitizer.permit(:account_update, keys: [:attribute])
+  # end
+
+  # The path used after sign up.
+  # def after_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after sign up for inactive accounts.
+  # def after_inactive_sign_up_path_for(resource)
+  #   super(resource)
+  # end
+end

app/controllers/users/sessions_controller.rb

@@ -0,0 +1,25 @@
+class Users::SessionsController < Devise::SessionsController
+# before_action :configure_sign_in_params, only: [:create]
+
+  # GET /resource/sign_in
+  # def new
+  #   super
+  # end
+
+  # POST /resource/sign_in
+  # def create
+  #   super
+  # end
+
+  # DELETE /resource/sign_out
+  # def destroy
+  #   super
+  # end
+
+  # protected
+
+  # If you have extra params to permit, append them to the sanitizer.
+  # def configure_sign_in_params
+  #   devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
+  # end
+end

app/controllers/users/unlocks_controller.rb

@@ -0,0 +1,28 @@
+class Users::UnlocksController < Devise::UnlocksController
+  # GET /resource/unlock/new
+  # def new
+  #   super
+  # end
+
+  # POST /resource/unlock
+  # def create
+  #   super
+  # end
+
+  # GET /resource/unlock?unlock_token=abcdef
+  # def show
+  #   super
+  # end
+
+  # protected
+
+  # The path used after sending unlock password instructions
+  # def after_sending_unlock_instructions_path_for(resource)
+  #   super(resource)
+  # end
+
+  # The path used after unlocking the resource
+  # def after_unlock_path_for(resource)
+  #   super(resource)
+  # end
+end

app/controllers/whitelists_controller.rb

@@ -0,0 +1,45 @@
+class WhitelistsController < ApplicationController
+  before_action :check_if_in_whitelist
+
+  # GET /whitelists
+  def index
+    @permitted_users = Whitelist.all 
+  end
+
+  # GET /whitelists/new
+  def new
+    @authorized_user = Whitelist.new
+  end
+
+  # POST /whitelists/
+  def create
+    username = params[:username]
+    if Whitelist.has_username?(username)
+      flash[:notice] = "User #{username} already exists in whitelist. "
+    else
+      begin
+        Whitelist.create!(username: username)
+        flash[:notice] = "Add user #{username} successfully."
+      rescue ActiveRecord::RecordInvalid
+        flash[:notice] = "Invalid username format."
+      end
+    end
+    redirect_to whitelists_path
+  end
+
+  # DELETE /whitelists/
+  def destroy
+    user = Whitelist.find(params[:id])
+    user.destroy!
+    flash[:notice] = "User is deleted successfully. "
+    redirect_to whitelists_path
+  end
+
+  def check_if_in_whitelist
+    unless Whitelist.has_username?(current_user.provider_username)
+       flash[:notice] = "You are not authorized to manipulate whitelist."
+       redirect_to projects_url
+    end
+  end
+
+end

app/models/user.rb

@@ -32,7 +32,7 @@ class User < ActiveRecord::Base
   def self.from_omniauth(auth)
     email = auth.info.email.nil? ? auth.extra.raw_info.email : auth.info.email
     login = auth.extra.raw_info.login
-    unless login.nil?
+    unless login.nil? or !Whitelist.has_username?(login)
     	User.where(provider: auth.provider, provider_username: login).first_or_create do |user|
     		user.provider = auth.provider
     		user.uid = auth.uid

app/models/whitelist.rb

@@ -0,0 +1,19 @@
+# == Schema Information
+#
+# Table name: whitelists
+#
+#  id       :integer          not null, primary key
+#  username :string
+#
+
+class Whitelist < ActiveRecord::Base
+  validates_format_of :username,:with => /\A[a-z0-9\-_]+\z/i
+
+  def self.has_username?(username)
+    if Whitelist.find_by_username(username).nil?
+      return false
+    else
+      return true
+    end
+  end
+end

app/views/devise/sessions/new.html.erb

@@ -6,6 +6,7 @@
         <h2><strong>Welcome to ProjectScope</strong></h2>
       </div>
       <div class="panel-body">
+
         <%= render "devise/shared/links" %>
       </div>
     </div>

app/views/devise/shared/_links.html.erb

@@ -12,6 +12,7 @@
   <%= link_to "Sign up", new_registration_path(resource_name) %><br />
 <% end -%>
 
+
 <%- if devise_mapping.confirmable? && controller_name != 'confirmations' %>
   <%= link_to "Didn't receive confirmation instructions?", new_confirmation_path(resource_name) %><br />
 <% end -%>

app/views/projects/index.html.haml

@@ -21,3 +21,7 @@
 %br/
 
 = link_to 'New Project', new_project_path
+
+%br/
+
+= link_to 'Whitelist', whitelists_path

app/views/whitelists/_add.html.haml

@@ -0,0 +1,5 @@
+= form_tag whitelists_path do
+  = field_set_tag do
+    = label_tag :username, 'GitHub username'
+    = text_field_tag :username
+    = submit_tag 'Add'

app/views/whitelists/index.html.haml

@@ -0,0 +1,23 @@
+%h1 Whitelist
+
+%table
+  %thead
+    %tr
+      %th Authorized Users
+      %th Action
+
+  %tbody
+    - @permitted_users.each do |user|
+      %tr
+        %td= user.username
+        %td= link_to "Delete", whitelist_path(user), :method => :delete, data: { confirm: "Do you want to delete user #{user.username} from the whitelist?" }, :user => user
+
+%br/
+
+= link_to 'Back to project page', projects_url
+
+%br/
+
+= link_to 'Add user to whitelist', new_whitelist_path
+
+

app/views/whitelists/new.html.erb

@@ -0,0 +1,6 @@
+<h1>Authorize Users to have access to ProjectScope</h1>
+
+<%= render 'add' %>
+
+<input name="authenticity_token" value="<%= form_authenticity_token %>" type="hidden">
+<%= link_to 'Back', whitelists_path %>

config/routes.rb

@@ -2,4 +2,6 @@
   devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" }, :skip => [:password]
   resources :projects
   root 'projects#index'
+  resources :whitelists
+
 end

db/migrate/20161019233104_devise_create_users.rb

@@ -35,7 +35,10 @@ def change
       t.timestamps null: false
     end
 
+<<<<<<< HEAD
+=======
     add_index :users, :provider_username,    unique: true
+>>>>>>> bd78074f0cf5bfc8c5de0a81a4ecd57b3da8472f
     add_index :users, :email,                unique: true
     add_index :users, :reset_password_token, unique: true
     # add_index :users, :confirmation_token,   unique: true

db/migrate/20161022053537_create_whitelists.rb

@@ -0,0 +1,9 @@
+class CreateWhitelists < ActiveRecord::Migration
+  def change
+    create_table :whitelists, :force => true  do |t|
+      t.string :username                  # default: "",      null: false
+    end
+    add_index :whitelists, :username
+  end
+end
+

db/migrate/20161022053828_create_authorized_user.rb

@@ -0,0 +1,11 @@
+class CreateAuthorizedUser < ActiveRecord::Migration
+  def up
+  	Whitelist.create!(username: "DrakeW")
+  	Whitelist.create!(username: "armandofox")
+  end
+
+  def down
+  	Whitelist.where(username: "DrakeW").first.destroy
+  	Whitelist.where(username: "armandofox").first.destroy
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20161020040440) do
+ActiveRecord::Schema.define(version: 20161022053828) do
 
   create_table "configs", force: :cascade do |t|
     t.integer  "project_id"
@@ -69,4 +69,10 @@
   add_index "users", ["provider_username"], name: "index_users_on_provider_username", unique: true
   add_index "users", ["reset_password_token"], name: "index_users_on_reset_password_token", unique: true
 
+  create_table "whitelists", force: :cascade do |t|
+    t.string "username"
+  end
+
+  add_index "whitelists", ["username"], name: "index_whitelists_on_username"
+
 end

db/seeds.rb

@@ -12,4 +12,5 @@
   ])
 
 
+