active_scaffold 3.0.0

data/lib/active_record_permissions.rb

@@ -0,0 +1,134 @@
+# This module attempts to create permissions conventions for your ActiveRecord models. It supports english-based
+# methods that let you restrict access per-model, per-record, per-column, per-action, and per-user. All at once.
+#
+# You may define instance methods in the following formats:
+#  def #{column}_authorized_for_#{action}?
+#  def #{column}_authorized?
+#  def authorized_for_#{action}?
+#
+# Your methods should allow for the following special cases:
+#   * cron scripts
+#   * guest users (or nil current_user objects)
+module ActiveRecordPermissions
+  # ActiveRecordPermissions needs to know what method on your ApplicationController will return the current user,
+  # if available. This defaults to the :current_user method. You may configure this in your environment.rb if you
+  # have a different setup.
+  def self.current_user_method=(v); @@current_user_method = v; end
+  def self.current_user_method; @@current_user_method; end
+  @@current_user_method = :current_user
+
+  # Whether the default permission is permissive or not
+  # If set to true, then everything's allowed until configured otherwise
+  def self.default_permission=(v); @@default_permission = v; end
+  def self.default_permission; @@default_permission; end
+  @@default_permission = true
+
+  # This is a module aimed at making the current_user available to ActiveRecord models for permissions.
+  module ModelUserAccess
+    module Controller
+      def self.included(base)
+        base.prepend_before_filter :assign_current_user_to_models
+      end
+
+      # We need to give the ActiveRecord classes a handle to the current user. We don't want to just pass the object,
+      # because the object may change (someone may log in or out). So we give ActiveRecord a proc that ties to the
+      # current_user_method on this ApplicationController.
+      def assign_current_user_to_models
+        ActiveRecord::Base.current_user_proc = proc {send(ActiveRecordPermissions.current_user_method)}
+      end
+    end
+
+    module Model
+      def self.included(base)
+        base.extend ClassMethods
+      end
+
+      module ClassMethods
+        # The proc to call that retrieves the current_user from the ApplicationController.
+        attr_accessor :current_user_proc
+
+        # Class-level access to the current user
+        def current_user
+          ActiveRecord::Base.current_user_proc.call if ActiveRecord::Base.current_user_proc
+        end
+      end
+
+      # Instance-level access to the current user
+      def current_user
+        self.class.current_user
+      end
+    end
+  end
+
+  module Permissions
+    def self.included(base)
+      base.extend SecurityMethods
+      base.send :include, SecurityMethods
+    end
+
+    # Because any class-level queries get delegated to the instance level via a new record,
+    # it's useful to know when the authorization query is meant for a specific record or not.
+    # But using new_record? is confusing, even though accurate. So this is basically just a wrapper.
+    def existing_record_check?
+      !new_record?
+    end
+
+    module SecurityMethods
+      # A generic authorization query. This is what will be called programatically, since
+      # the actual permission methods can't be guaranteed to exist. And because we want to
+      # intelligently combine multiple applicable methods.
+      #
+      # options[:crud_type] should be a CRUD verb (:create, :read, :update, :destroy)
+      # options[:column] should be the name of a model attribute
+      # options[:action] is the name of a method
+      def authorized_for?(options = {})
+        raise ArgumentError, "unknown crud type #{options[:crud_type]}" if options[:crud_type] and ![:create, :read, :update, :delete].include?(options[:crud_type])
+
+        # column_authorized_for_crud_type? has the highest priority over other methods,
+        # you can disable a crud verb and enable that verb for a column
+        # (for example, disable update and enable inplace_edit in a column)
+        method = column_and_crud_type_security_method(options[:column], options[:crud_type])
+        return send(method) if method and respond_to?(method)
+
+        # authorized_for_action? has higher priority than other methods,
+        # you can disable a crud verb and enable an action with that crud verb
+        # (for example, disable update and enable an action with update as crud type)
+        method = action_security_method(options[:action])
+        return send(method) if method and respond_to?(method)
+
+        # collect other possibly-related methods that actually exist
+        methods = [
+          column_security_method(options[:column]),
+          crud_type_security_method(options[:crud_type]),
+        ].compact.select {|m| respond_to?(m)}
+
+        # if any method returns false, then return false
+        return false if methods.any? {|m| !send(m)}
+
+        # if any method actually exists then it must've returned true, so return true
+        return true unless methods.empty?
+
+        # if no method exists, return the default permission
+        return ActiveRecordPermissions.default_permission
+      end
+
+      private
+
+      def column_security_method(column)
+        "#{column}_authorized?" if column
+      end
+
+      def crud_type_security_method(crud_type)
+        "authorized_for_#{crud_type}?" if crud_type
+      end
+
+      def action_security_method(action)
+        "authorized_for_#{action}?" if action
+      end
+
+      def column_and_crud_type_security_method(column, crud_type)
+        "#{column}_authorized_for_#{crud_type}?" if column and crud_type
+      end
+    end
+  end
+end

data/lib/active_scaffold.rb

@@ -0,0 +1,279 @@
+require 'active_record_permissions'
+require 'dhtml_confirm'
+require 'paginator'
+require 'responds_to_parent'
+require 'active_scaffold/attribute_params'
+require 'active_scaffold/configurable'
+require 'active_scaffold/constraints'
+require 'active_scaffold/finder'
+require 'active_scaffold/marked_model'
+require 'active_scaffold/config/base'
+require 'active_scaffold/data_structures/column'
+require 'active_scaffold/data_structures/actions'
+require 'active_scaffold/data_structures/action_links'
+require 'active_scaffold/config/form'
+
+module ActiveScaffold
+  class ControllerNotFound < RuntimeError; end
+  class DependencyFailure < RuntimeError; end
+  class MalformedConstraint < RuntimeError; end
+  class RecordNotAllowed < SecurityError; end
+  class ActionNotAllowed < SecurityError; end
+  class ReverseAssociationRequired < RuntimeError; end
+
+  def self.included(base)
+    base.extend(ClassMethods)
+    base.module_eval do
+      # TODO: these should be in actions/core
+      before_filter :handle_user_settings
+    end
+  end
+
+  def self.set_defaults(&block)
+    ActiveScaffold::Config::Core.configure &block
+  end
+
+  def active_scaffold_config
+    self.class.active_scaffold_config
+  end
+
+  def active_scaffold_config_for(klass)
+    self.class.active_scaffold_config_for(klass)
+  end
+
+  def active_scaffold_session_storage
+    id = params[:eid] || params[:controller]
+    session_index = "as:#{id}"
+    session[session_index] ||= {}
+    session[session_index]
+  end
+
+  # at some point we need to pass the session and params into config. we'll just take care of that before any particular action occurs by passing those hashes off to the UserSettings class of each action.
+  def handle_user_settings
+    if self.class.uses_active_scaffold?
+      active_scaffold_config.actions.each do |action_name|
+        conf_instance = active_scaffold_config.send(action_name) rescue next
+        next if conf_instance.class::UserSettings == ActiveScaffold::Config::Base::UserSettings # if it hasn't been extended, skip it
+        active_scaffold_session_storage[action_name] ||= {}
+        conf_instance.user = conf_instance.class::UserSettings.new(conf_instance, active_scaffold_session_storage[action_name], params)
+      end
+    end
+  end
+
+  def self.js_framework=(framework)
+    @@js_framework = framework
+  end
+
+  def self.js_framework
+    @@js_framework ||= :prototype
+  end
+
+  module ClassMethods
+    def active_scaffold(model_id = nil, &block)
+      # initialize bridges here
+      ActiveScaffold::Bridges::Bridge.run_all
+
+      # converts Foo::BarController to 'bar' and FooBarsController to 'foo_bar' and AddressController to 'address'
+      model_id = self.to_s.split('::').last.sub(/Controller$/, '').pluralize.singularize.underscore unless model_id
+
+      # run the configuration
+      @active_scaffold_config = ActiveScaffold::Config::Core.new(model_id)
+      @active_scaffold_config_block = block
+      self.links_for_associations
+
+      @active_scaffold_overrides = []
+      ActionController::Base.view_paths.each do |dir|
+        active_scaffold_overrides_dir = File.join(dir.to_s,"active_scaffold_overrides")
+        @active_scaffold_overrides << active_scaffold_overrides_dir if File.exists?(active_scaffold_overrides_dir)
+      end
+      @active_scaffold_overrides.uniq! # Fix rails duplicating some view_paths
+      @active_scaffold_frontends = []
+      if active_scaffold_config.frontend.to_sym != :default
+        active_scaffold_custom_frontend_path = File.join(ActiveScaffold::Config::Core.plugin_directory, 'frontends', active_scaffold_config.frontend.to_s , 'views')
+        @active_scaffold_frontends << active_scaffold_custom_frontend_path
+      end
+      active_scaffold_default_frontend_path = File.join(ActiveScaffold::Config::Core.plugin_directory, 'frontends', 'default' , 'views')
+      @active_scaffold_frontends << active_scaffold_default_frontend_path
+      @active_scaffold_custom_paths = []
+
+      self.active_scaffold_superclasses_blocks.each {|superblock| self.active_scaffold_config.configure &superblock}
+      self.active_scaffold_config.configure &block if block_given?
+      self.active_scaffold_config._configure_sti unless self.active_scaffold_config.sti_children.nil?
+      self.active_scaffold_config._load_action_columns
+
+      # defines the attribute read methods on the model, so record.send() doesn't find protected/private methods instead
+      klass = self.active_scaffold_config.model
+      klass.define_attribute_methods unless klass.attribute_methods_generated?
+      # include the rest of the code into the controller: the action core and the included actions
+      module_eval do
+        include ActiveScaffold::Finder
+        include ActiveScaffold::Constraints
+        include ActiveScaffold::AttributeParams
+        include ActiveScaffold::Actions::Core
+        active_scaffold_config.actions.each do |mod|
+          name = mod.to_s.camelize
+          include "ActiveScaffold::Actions::#{name}".constantize
+
+          # sneak the action links from the actions into the main set
+          if link = active_scaffold_config.send(mod).link rescue nil
+            active_scaffold_config.action_links << link
+          end
+        end
+      end
+      active_scaffold_paths.each do |path|
+        self.append_view_path(ActionView::ActiveScaffoldResolver.new(path))
+      end
+      self.active_scaffold_config._add_sti_create_links if self.active_scaffold_config.add_sti_create_links?
+    end
+
+    # Create the automatic column links. Note that this has to happen when configuration is *done*, because otherwise the Nested module could be disabled. Actually, it could still be disabled later, couldn't it?
+    def links_for_associations
+      return unless active_scaffold_config.actions.include? :list and active_scaffold_config.actions.include? :nested
+      active_scaffold_config.columns.each do |column|
+        next unless column.link.nil? and column.autolink?
+        action_link = link_for_association(column)
+        column.set_link(action_link) unless action_link.nil?
+      end
+    end
+
+    def link_for_association(column, options = {})
+      begin
+        controller = column.polymorphic_association? ? :polymorph : active_scaffold_controller_for(column.association.klass)
+      rescue ActiveScaffold::ControllerNotFound
+        controller = nil
+      end
+
+      unless controller.nil?
+        options.reverse_merge! :label => column.label, :position => :after, :type => :member, :controller => (controller == :polymorph ? controller : controller.controller_path), :column => column
+        options[:parameters] ||= {}
+        options[:parameters].reverse_merge! :parent_model => column.active_record_class.to_s.underscore, :association => column.association.name
+        if column.plural_association?
+          # note: we can't create nested scaffolds on :through associations because there's no reverse association.
+
+          ActiveScaffold::DataStructures::ActionLink.new('index', options) #unless column.through_association?
+        else
+          actions = [:create, :update, :show]
+          actions = controller.active_scaffold_config.actions unless controller == :polymorph
+          column.actions_for_association_links.delete :new unless actions.include? :create
+          column.actions_for_association_links.delete :edit unless actions.include? :update
+          column.actions_for_association_links.delete :show unless actions.include? :show
+          ActiveScaffold::DataStructures::ActionLink.new(:none, options.merge({:crud_type => nil, :html_options => {:class => column.name}}))
+        end
+      end
+    end
+
+    def link_for_association_as_scope(scope, options = {})
+      options.reverse_merge! :label => scope, :position => :after, :type => :member, :controller => controller_path
+      options[:parameters] ||= {}
+      options[:parameters].reverse_merge! :parent_model => active_scaffold_config.model.to_s.underscore, :named_scope => scope
+      ActiveScaffold::DataStructures::ActionLink.new('index', options)
+    end
+
+    def add_active_scaffold_path(path)
+      @active_scaffold_paths = nil # Force active_scaffold_paths to rebuild
+      @active_scaffold_custom_paths << path
+    end
+
+    def add_active_scaffold_override_path(path)
+      @active_scaffold_paths = nil # Force active_scaffold_paths to rebuild
+      @active_scaffold_overrides.unshift path
+    end
+
+    def active_scaffold_paths
+      return @active_scaffold_paths unless @active_scaffold_paths.nil?
+
+      #@active_scaffold_paths = ActionView::PathSet.new
+      @active_scaffold_paths = []
+      @active_scaffold_paths.concat @active_scaffold_overrides unless @active_scaffold_overrides.nil?
+      @active_scaffold_paths.concat @active_scaffold_custom_paths unless @active_scaffold_custom_paths.nil?
+      @active_scaffold_paths.concat @active_scaffold_frontends unless @active_scaffold_frontends.nil?
+      @active_scaffold_paths
+    end
+
+    def active_scaffold_config
+      if @active_scaffold_config.nil?
+        self.superclass.active_scaffold_config if self.superclass.respond_to? :active_scaffold_config
+      else
+        @active_scaffold_config
+      end
+    end
+
+    def active_scaffold_config_block
+      @active_scaffold_config_block
+    end
+
+    def active_scaffold_superclasses_blocks
+      blocks = []
+      klass = self.superclass
+      while klass.respond_to? :active_scaffold_superclasses_blocks
+        blocks << klass.active_scaffold_config_block
+        klass = klass.superclass
+      end
+      blocks.compact.reverse
+    end
+
+    def active_scaffold_config_for(klass)
+      begin
+        controller = active_scaffold_controller_for(klass)
+      rescue ActiveScaffold::ControllerNotFound
+        config = ActiveScaffold::Config::Core.new(klass)
+        config._load_action_columns
+        config
+      else
+        controller.active_scaffold_config
+      end
+    end
+
+    # Tries to find a controller for the given ActiveRecord model.
+    # Searches in the namespace of the current controller for singular and plural versions of the conventional "#{model}Controller" syntax.
+    # You may override this method to customize the search routine.
+    def active_scaffold_controller_for(klass)
+      controller_namespace = self.to_s.split('::')[0...-1].join('::') + '::'
+      error_message = []
+      [controller_namespace, ''].each do |namespace|
+        ["#{klass.to_s.underscore.pluralize}", "#{klass.to_s.underscore.pluralize.singularize}"].each do |controller_name|
+          begin
+            controller = "#{namespace}#{controller_name.camelize}Controller".constantize
+          rescue NameError => error
+            # Only rescue NameError associated with the controller constant not existing - not other compile errors
+            if error.message["uninitialized constant #{controller}"]
+              error_message << "#{namespace}#{controller_name.camelize}Controller"
+              next
+            else
+              raise
+            end
+          end
+          raise ActiveScaffold::ControllerNotFound, "#{controller} missing ActiveScaffold", caller unless controller.uses_active_scaffold?
+          raise ActiveScaffold::ControllerNotFound, "ActiveScaffold on #{controller} is not for #{klass} model.", caller unless controller.active_scaffold_config.model == klass
+          return controller
+        end
+      end
+      raise ActiveScaffold::ControllerNotFound, "Could not find " + error_message.join(" or "), caller
+    end
+
+    def uses_active_scaffold?
+      !active_scaffold_config.nil?
+    end
+  end
+end
+
+##
+## Initialize the environment
+##
+unless Rails::VERSION::MAJOR == 3 && Rails::VERSION::MINOR >= 0
+  raise "This version of ActiveScaffold requires Rails 3.0 or higher.  Please use an earlier version."
+end
+
+require File.dirname(__FILE__) + '/../environment'
+
+##
+## Run the install assets script, too, just to make sure
+## But at least rescue the action in production
+##
+Rails::Application.initializer("active_scaffold_install_assets") do
+  begin
+    require File.dirname(__FILE__) + '/../install_assets'
+  rescue
+    raise $! unless Rails.env == 'production'
+  end
+end

data/lib/active_scaffold/actions/common_search.rb

@@ -0,0 +1,22 @@
+module ActiveScaffold::Actions
+  module CommonSearch
+    protected
+    def store_search_params_into_session
+      active_scaffold_session_storage[:search] = params.delete :search if params[:search]
+    end
+
+    def search_params
+      active_scaffold_session_storage[:search]
+    end
+
+    def search_ignore?
+      active_scaffold_config.list.always_show_search
+    end
+
+    # The default security delegates to ActiveRecordPermissions.
+    # You may override the method to customize.
+    def search_authorized?
+      authorized_for?(:crud_type => :read)
+    end
+  end
+end

data/lib/active_scaffold/actions/core.rb

@@ -0,0 +1,150 @@
+module ActiveScaffold::Actions
+  module Core
+    def self.included(base)
+      base.class_eval do
+        after_filter :clear_flashes
+      end
+      base.helper_method :nested?
+      base.helper_method :beginning_of_chain
+    end
+    def render_field
+      @record ||= if params[:in_place_editing]
+        active_scaffold_config.model.find params[:id]
+      else
+        active_scaffold_config.model.new
+      end
+      column = active_scaffold_config.columns[params[:column]]
+      if params[:in_place_editing]
+        render :inline => "<%= active_scaffold_input_for(active_scaffold_config.columns[params[:update_column].to_sym]) %>"
+      elsif !column.nil?
+        value = column_value_from_param_value(@record, column, params[:value])
+        @record.send "#{column.name}=", value
+        after_render_field(@record, column)
+        render :partial => "render_field", :collection => Array(params[:update_columns]), :content_type => 'text/javascript'
+      end
+    end
+
+    protected
+
+    def nested?
+      false
+    end
+
+    # override this method if you want to do something after render_field
+    def after_render_field(record, column); end
+
+    def authorized_for?(options = {})
+      active_scaffold_config.model.authorized_for?(options)
+    end
+
+    def clear_flashes
+      if request.xhr?
+        flash.keys.each do |flash_key|
+          flash[flash_key] = nil
+        end
+      end
+    end
+
+    def default_formats
+      [:html, :js, :json, :xml, :yaml]
+    end
+    # Returns true if the client accepts one of the MIME types passed to it
+    # ex: accepts? :html, :xml
+    def accepts?(*types)
+      for priority in request.accepts.compact
+        if priority == Mime::ALL
+          # Because IE always sends */* in the accepts header and we assume
+          # that if you really wanted XML or something else you would say so
+          # explicitly, we will assume */* to only ask for :html
+          return types.include?(:html)
+        elsif types.include?(priority.to_sym)
+          return true
+        end
+      end
+      false
+    end
+
+    def response_status
+      if successful?
+        action_name == 'create' ? 201 : 200
+      else
+        422
+      end
+    end
+
+    # API response object that will be converted to XML/YAML/JSON using to_xxx
+    def response_object
+      @response_object = successful? ? (@record || @records) : @record.errors
+    end
+
+    # Success is the existence of certain variables and the absence of errors (when applicable).
+    # Success can also be defined.
+    def successful?
+      if @successful.nil?
+        @records or (@record and @record.errors.count == 0 and @record.no_errors_in_associated?)
+      else
+        @successful
+      end
+    end
+
+    def successful=(val)
+      @successful = (val) ? true : false
+    end
+
+    # Redirect to the main page (override if the ActiveScaffold is used as a component on another controllers page) for Javascript degradation
+    def return_to_main
+      redirect_to main_path_to_return
+    end
+
+    # Override this method on your controller to define conditions to be used when querying a recordset (e.g. for List). The return of this method should be any format compatible with the :conditions clause of ActiveRecord::Base's find.
+    def conditions_for_collection
+    end
+
+    # Override this method on your controller to define joins to be used when querying a recordset (e.g. for List).  The return of this method should be any format compatible with the :joins clause of ActiveRecord::Base's find.
+    def joins_for_collection
+    end
+
+    # Override this method on your controller to provide custom finder options to the find() call. The return of this method should be a hash.
+    def custom_finder_options
+      {}
+    end
+
+    #Overide this method on your controller to provide model with named scopes
+    def beginning_of_chain
+      active_scaffold_config.model
+    end
+
+    # Builds search conditions by search params for column names. This allows urls like "contacts/list?company_id=5".
+    def conditions_from_params
+      conditions = nil
+      params.reject {|key, value| [:controller, :action, :id, :page, :sort, :sort_direction].include?(key.to_sym)}.each do |key, value|
+        next unless active_scaffold_config.model.column_names.include?(key)
+        if value.is_a?(Array)
+          conditions = merge_conditions(conditions, ["#{active_scaffold_config.model.table_name}.#{key.to_s} in (?)", value])
+        else
+          conditions = merge_conditions(conditions, ["#{active_scaffold_config.model.table_name}.#{key.to_s} = ?", value])
+        end
+      end
+      conditions
+    end
+    private
+    def respond_to_action(action)
+      respond_to do |type|
+        send("#{action}_formats").each do |format|
+          type.send(format){ send("#{action}_respond_to_#{format}") }
+        end
+      end
+    end
+
+    def response_code_for_rescue(exception)
+      case exception
+        when ActiveScaffold::RecordNotAllowed
+          "403 Record Not Allowed"
+        when ActiveScaffold::ActionNotAllowed
+          "403 Action Not Allowed"
+        else
+          super
+      end
+    end
+  end
+end