== Welcome to the "Shopping demo" This is a demonstration application for the Smartguard permissioning plugin. See the slide presentation at http://dev.smartleaf.com/permissioning/brg2007_slides/perm_present.html for an overview, and the rdoc for details. The code is current with Rails 2.0.2, and should work on edge. The demo controllers require two plugins from Argument From Design (though the core permissioning code does not), so to make it operate: $ script/plugin install http://svn.ardes.com/rails_plugins/resources_controller/ $ script/plugin install http://svn.ardes.com/rails_plugins/inherit_views/ Also, after instantiating the schema as usual with $ rake db:migrate you'll need to create the initial user and roles with $ ruby script/bootstrap_perms Take note of the password of the initial user as reported by the script; you'll need it to log in. (I'm doing things this way to avoid creating a well-known user/password combination, a la "scott/tiger" on more than half the Oracle installations on the planet). The core permissioning code mostly resides in the 'lib' directory. However, certain models, particularly Role, User, RoleAssignment, and (of course) Permission also contain core functionality; these are in the app/models directory, as usual, and model layer tests reside in test/unit. (Also included is a small plugin that provides support for foreign key constraints, based in part on earlier work by bubbleware.com and atmos.org). These files are, right now, embedded in a demo application which presents a rather elaborate "shopping" scenario, in which the following objects exist and have various access rights: * Products --- items that may be offered for sale * Stores --- storefronts that offer Products for sale to the public * Offers --- a record that a particular store has a given product on sale, perhaps at a discount. * Firms --- companies that might have Products or Stores, and which also have user affiliations. * Orders and LineItems --- the obvious components of customer shopping carts. (As to what this might actually _be_ in real life, consider, say, booksite.com, which actually does offer a common back end for multiple independent bookshops, and could conceivably also offer publishers the right to maintain their lists on the system; both publishers and store owners would be firms, with disparate sets of access rights. In fact, publishing for real is probably _more_ complicated, due to the involvement of large-scale distributors like Ingram... but I digress). This version of the code has been tested on Postgres and should also work on Mysql.