active_scaffold 3.0.12 → 3.0.21

data/lib/active_scaffold/actions/show.rb

@@ -18,7 +18,7 @@ module ActiveScaffold::Actions
     end
 
     protected
-
+    
     def show_respond_to_json
       render :text => response_object.to_json(:only => active_scaffold_config.show.columns.names), :content_type => Mime::JSON, :status => response_status
     end
@@ -49,7 +49,7 @@ module ActiveScaffold::Actions
     def show_authorized?(record = nil)
       authorized_for?(:crud_type => :read)
     end
-    private
+    private 
     def show_authorized_filter
       link = active_scaffold_config.show.link || active_scaffold_config.show.class.link
       raise ActiveScaffold::ActionNotAllowed unless self.send(link.security_method)

data/lib/active_scaffold/actions/subform.rb

@@ -1,20 +1,27 @@
 module ActiveScaffold::Actions
   module Subform
     def edit_associated
-      @parent_record = params[:id].nil? ? active_scaffold_config.model.new : find_if_allowed(params[:id], :update)
+      do_edit_associated
+      render :action => 'edit_associated.js'
+    end
+
+    protected
+
+    def do_edit_associated
+      @parent_record = params[:id].nil? ? new_model : find_if_allowed(params[:id], :update)
       @column = active_scaffold_config.columns[params[:association]]
 
-      # NOTE: we don't check whether the user is allowed to update
-      # this record, because if not, we'll still let them associate
-      # the record. we'll just refuse to do more than associate, is
-      # all.
+      # NOTE: we don't check whether the user is allowed to update this record, because if not, we'll still let them associate the record. we'll just refuse to do more than associate, is all.
       @record = @column.association.klass.find(params[:associated_id]) if params[:associated_id]
-      @record ||= @column.association.klass.new
+      @record ||= if @column.singular_association?
+        @parent_record.send("build_#{@column.name}".to_sym)
+      else
+        @parent_record.send(@column.name).build
+      end
 
       @scope = "[#{@column.name}]"
       @scope += (@record.new_record?) ? "[#{(Time.now.to_f*1000).to_i.to_s}]" : "[#{@record.id}]" if @column.plural_association?
-
-      render :action => 'edit_associated'
     end
+
   end
 end

data/lib/active_scaffold/actions/update.rb

@@ -5,6 +5,7 @@ module ActiveScaffold::Actions
       base.verify :method => [:post, :put],
                   :only => :update,
                   :redirect_to => { :action => :index }
+      base.helper_method :update_refresh_list?
     end
 
     def edit
@@ -34,7 +35,7 @@ module ActiveScaffold::Actions
     def edit_respond_to_js
       render(:partial => 'update_form')
     end
-    def update_respond_to_html
+    def update_respond_to_html  
       if params[:iframe]=='true' # was this an iframe post ?
         responds_to_parent do
           render :action => 'on_update.js', :layout => false
@@ -49,7 +50,7 @@ module ActiveScaffold::Actions
       end
     end
     def update_respond_to_js
-      if successful? && active_scaffold_config.update.refresh_list && !render_parent?
+      if successful? && update_refresh_list? && !render_parent?
         do_search if respond_to? :do_search
         do_list
       end
@@ -75,18 +76,22 @@ module ActiveScaffold::Actions
     # If you want to customize this algorithm, consider using the +before_update_save+ callback
     def do_update
       do_edit
-      @record = update_record_from_params(@record, active_scaffold_config.update.columns, params[:record])
       update_save
     end
 
-    def update_save
+    def update_save(options = {})
       begin
         active_scaffold_config.model.transaction do
+          @record = update_record_from_params(@record, active_scaffold_config.update.columns, params[:record]) unless options[:no_record_param_update]
           before_update_save(@record)
           self.successful = [@record.valid?, @record.associated_valid?].all? {|v| v == true} # this syntax avoids a short-circuit
           if successful?
             @record.save! and @record.save_associated!
             after_update_save(@record)
+          else
+            # some associations such as habtm are saved before saved is called on parent object
+            # we have to revert these changes if validation fails
+            raise ActiveRecord::Rollback, "don't save habtm associations unless record is valid"
           end
         end
       rescue ActiveRecord::RecordInvalid
@@ -121,6 +126,11 @@ module ActiveScaffold::Actions
     # override this method if you want to do something after the save
     def after_update_save(record); end
 
+    # should we refresh whole list after update operation
+    def update_refresh_list?
+      active_scaffold_config.update.refresh_list
+    end
+
     # The default security delegates to ActiveRecordPermissions.
     # You may override the method to customize.
     def update_authorized?(record = nil)

data/lib/active_scaffold/attribute_params.rb

@@ -39,6 +39,7 @@ module ActiveScaffold
       crud_type = parent_record.new_record? ? :create : :update
       return parent_record unless parent_record.authorized_for?(:crud_type => crud_type)
 
+      attributes = {} unless attributes.is_a?(Hash)
       multi_parameter_attributes = {}
       attributes.each do |k, v|
         next unless k.include? '('
@@ -56,11 +57,11 @@ module ActiveScaffold
         if multi_parameter_attributes.has_key? column.name
           parent_record.send(:assign_multiparameter_attributes, multi_parameter_attributes[column.name])
         elsif attributes.has_key? column.name
-          value = column_value_from_param_value(parent_record, column, attributes[column.name])
+          value = column_value_from_param_value(parent_record, column, attributes[column.name]) 
 
           # we avoid assigning a value that already exists because otherwise has_one associations will break (AR bug in has_one_association.rb#replace)
           parent_record.send("#{column.name}=", value) unless parent_record.send(column.name) == value
-
+          
         # plural associations may not actually appear in the params if all of the options have been unselected or cleared away.
         # the "form_ui" check is necessary, becuase without it we have problems
         # with subforms. the UI cuts out deep associations, which means they're not present in the
@@ -85,7 +86,7 @@ module ActiveScaffold
 
       parent_record
     end
-
+    
     def manage_nested_record_from_params(parent_record, column, attributes)
       record = find_or_create_for_params(attributes, column, parent_record)
       if record
@@ -95,7 +96,7 @@ module ActiveScaffold
       end
       record
     end
-
+    
     def column_value_from_param_value(parent_record, column, value)
       # convert the value, possibly by instantiating associated objects
       if value.is_a?(Hash)
@@ -110,12 +111,8 @@ module ActiveScaffold
         # it's a single id
         column.association.klass.find(value) if value and not value.empty?
       elsif column.plural_association?
-        # it's an array of ids
-        if value and not value.empty?
-          ids = value.select {|id| id.respond_to?(:empty?) ? !id.empty? : true}
-          ids.empty? ? [] : column.association.klass.find(ids)
-        end
-      elsif column.column && column.column.number? && [:i18n_number, :currency].include?(column.options[:format])
+        column_plural_assocation_value_from_value(column, value)
+      elsif column.column && column.number? && [:i18n_number, :currency].include?(column.options[:format])
         self.class.i18n_number_to_native_format(value)
       else
         # convert empty strings into nil. this works better with 'null => true' columns (and validations),
@@ -126,6 +123,14 @@ module ActiveScaffold
       end
     end
 
+    def column_plural_assocation_value_from_value(column, value)
+      # it's an array of ids
+      if value and not value.empty?
+        ids = value.select {|id| id.respond_to?(:empty?) ? !id.empty? : true}
+        ids.empty? ? [] : column.association.klass.find(ids)
+      end
+    end
+
     def column_value_from_param_hash_value(parent_record, column, value)
       # this is just for backwards compatibility. we should clean this up in 2.0.
       if column.form_ui == :select

data/lib/active_scaffold/bridges/bridge.rb

@@ -3,42 +3,45 @@ module ActiveScaffold
     def self.bridge(name, &block)
       ActiveScaffold::Bridges::Bridge.new(name, &block)
     end
-
+    
     class Bridge
       attr_accessor :name
       cattr_accessor :bridges
       cattr_accessor :bridges_run
       self.bridges = []
-
+      
       def initialize(name, &block)
         self.name = name
         @install = nil
         # by convention and default, use the bridge name as the required constant for installation
         @install_if = lambda { Object.const_defined?(name) }
         self.instance_eval(&block)
-
+        
         ActiveScaffold::Bridges::Bridge.bridges << self
       end
-
+      
       # Set the install block
       def install(&block)
         @install = block
       end
-
+      
       # Set the install_if block (to check to see whether or not to install the block)
       def install?(&block)
         @install_if = block
       end
-
-
+      
+      
       def run
         raise(ArgumentError, "install and install? not defined for bridge #{name}" ) unless @install && @install_if
         @install.call if @install_if.call
       end
-
+      
       def self.run_all
-        self.bridges.each(&:run) unless self.bridges_run
-        self.bridges_run = true
+        return false if self.bridges_run
+        ActiveScaffold::Bridges::Bridge.bridges.each{|bridge|
+          bridge.run
+        }
+        self.bridges_run=true
       end
     end
   end
@@ -46,5 +49,11 @@ end
 
 require File.join(File.dirname(__FILE__), 'shared', 'date_bridge.rb')
 Dir[File.join(File.dirname(__FILE__), "*/bridge.rb")].each{|bridge_require|
-  require bridge_require
-}
+  load_bridge = true
+  unless ActiveScaffold.exclude_bridges.empty?
+    match = bridge_require.match('bridges\/(.*)\/bridge.rb')
+    bridge_name = match[1] ? match[1] : nil
+    load_bridge = ActiveScaffold.exclude_bridges.exclude?(bridge_name.to_sym) if bridge_name
+  end
+  require bridge_require if load_bridge == true
+} 

data/lib/active_scaffold/bridges/calendar_date_select/bridge.rb

@@ -2,14 +2,14 @@ ActiveScaffold::Bridges.bridge "CalendarDateSelect" do
   install do
     # check to see if the old bridge was installed.  If so, warn them
     # we can detect this by checking to see if the bridge was installed before calling this code
-
+       
     if ActiveScaffold::Config::Core.instance_methods.include?("initialize_with_calendar_date_select")
       raise RuntimeError, "We've detected that you have active_scaffold_calendar_date_select_bridge installed.  This plugin has been moved to core.  Please remove active_scaffold_calendar_date_select_bridge to prevent any conflicts"
     end
-
+    
     require File.join(File.dirname(__FILE__), "lib/as_cds_bridge.rb")
   end
-
+  
   install? do
     Object.const_defined?(name) && ActiveScaffold.js_framework == :prototype
   end

data/lib/active_scaffold/bridges/cancan/bridge.rb

@@ -0,0 +1,12 @@
+ActiveScaffold::Bridges.bridge "CanCan" do
+  install do
+    require File.join(File.dirname(__FILE__), "lib", "cancan_bridge.rb")
+
+    ActiveScaffold::ClassMethods.send :include, ActiveScaffold::CancanBridge::ClassMethods
+    ActiveScaffold::Actions::Core.send :include, ActiveScaffold::CancanBridge::Actions::Core
+    ActiveScaffold::Actions::Nested.send :include, ActiveScaffold::CancanBridge::Actions::Core
+    ActionController::Base.send :include, ActiveScaffold::CancanBridge::ModelUserAccess::Controller
+    ActiveRecord::Base.send :include, ActiveScaffold::CancanBridge::ModelUserAccess::Model
+    ActiveRecord::Base.send :include, ActiveScaffold::CancanBridge::ActiveRecord
+  end
+end

data/lib/active_scaffold/bridges/cancan/lib/cancan_bridge.rb

@@ -0,0 +1,107 @@
+module ActiveScaffold
+  module CancanBridge
+
+    # controller level authorization
+    # As already has callbacks to ensure authorization at controller method via "authorization_method"
+    # but let's include this too, just in case, no sure how performance is affected tough :TODO benchmark
+    module ClassMethods
+      extend ActiveSupport::Concern
+      included do
+        alias_method_chain :active_scaffold, :cancan
+      end
+
+      def active_scaffold_with_cancan(model_id = nil, &block)
+        active_scaffold_without_cancan(model_id, &block)
+        authorize_resource(
+          :class => active_scaffold_config.model,
+          :instance => :record
+        )
+      end
+    end
+
+    # beginning of chain integration
+    module Actions
+      module Core
+        extend ActiveSupport::Concern
+        included do
+          alias_method_chain :beginning_of_chain, :cancan
+        end
+        # :TODO can this be expanded more ?
+        def beginning_of_chain_with_cancan
+          beginning_of_chain_without_cancan.accessible_by(current_ability)
+        end
+      end
+    end
+
+    # This is a module aimed at making the current_ability available to ActiveRecord models for permissions.
+    module ModelUserAccess
+      module Controller
+        extend ActiveSupport::Concern
+        included do
+          prepend_before_filter :assign_current_ability_to_models
+        end
+
+        # We need to give the ActiveRecord classes a handle to the current ability. We don't want to just pass the object,
+        # because the object may change (someone may log in or out). So we give ActiveRecord a proc that ties to the
+        # current_ability_method on this ApplicationController.
+        def assign_current_ability_to_models
+          ::ActiveRecord::Base.current_ability_proc = proc {send(:current_ability)}
+        end
+      end
+
+      module Model
+        extend ActiveSupport::Concern
+
+        module ClassMethods
+          # The proc to call that retrieves the current_ability from the ApplicationController.
+          attr_accessor :current_ability_proc
+
+          # Class-level access to the current ability
+          def current_ability
+            ::ActiveRecord::Base.current_ability_proc.call if ::ActiveRecord::Base.current_ability_proc
+          end
+        end
+
+        # Instance-level access to the current ability
+        def current_ability; self.class.current_ability end
+      end
+    end
+
+
+    # plug into AS#authorized_for calls
+    module ActiveRecord
+      extend ActiveSupport::Concern
+      included do
+        extend SecurityMethods
+        include SecurityMethods
+        alias_method_chain :authorized_for?, :cancan
+        class << self
+          alias_method_chain :authorized_for?, :cancan
+        end
+      end
+
+      module SecurityMethods
+        class InvalidArgument < StandardError; end
+
+        # is usually called with :crud_type and :column, or :action
+        #     {:crud_type=>:update, :column=>"some_colum_name"}
+        #     {:action=>"edit"}
+        # to allow access cancan must allow both :crud_type and :action
+        # if cancan says "no", it delegates to default AS behavior
+        def authorized_for_with_cancan?(options = {})
+          raise InvalidArgument if options[:crud_type].blank? and options[:action].blank?
+          if current_ability.present?
+            crud_type_result = options[:crud_type].nil? ? true : current_ability.can?(options[:crud_type], self)
+            action_result = options[:action].nil? ? true : current_ability.can?(options[:action].to_sym, self)
+          else
+            crud_type_result, action_result = false, false
+          end
+          default_result = authorized_for_without_cancan?(options)
+          result = (crud_type_result && action_result) || default_result
+          return result
+        end
+      end
+    end
+
+  end
+end

data/lib/active_scaffold/bridges/carrierwave/bridge.rb

@@ -6,4 +6,4 @@ ActiveScaffold::Bridges.bridge "CarrierWave" do
     require File.join(File.dirname(__FILE__), "lib/carrierwave_bridge")
     ActiveScaffold::Config::Core.send :include, ActiveScaffold::Bridges::Carrierwave::Lib::CarrierwaveBridge
   end
-end
+end

data/lib/active_scaffold/bridges/carrierwave/lib/carrierwave_bridge.rb

@@ -12,8 +12,6 @@ module ActiveScaffold
       
             self.model.uploaders.keys.each do |field|
               configure_carrierwave_field(field.to_sym)
-              # define the "delete" helper for use with active scaffold, unless it's already defined
-              ActiveScaffold::Bridges::Carrierwave::Lib::CarrierwaveBridgeHelpers.generate_delete_helper(self.model, field)
             end
           end
       
@@ -24,12 +22,9 @@ module ActiveScaffold
           private
           def configure_carrierwave_field(field)
             self.columns << field
-            self.columns[field].form_ui ||= :carrierwave
-            self.columns[field].params.add "delete_#{field}"
-      
-#            [:file_name, :content_type, :file_size, :updated_at].each do |f|
-#              self.columns.exclude("#{field}_#{f}".to_sym)
-#            end
+            self.columns[field].form_ui ||= :carrierwave # :TODO thumbnail
+            self.columns[field].params.add "#{field}_cache"
+            self.columns[field].params.add "remove_#{field}"
           end
         end
       end

data/lib/active_scaffold/bridges/carrierwave/lib/carrierwave_bridge_helpers.rb

@@ -5,22 +5,8 @@ module ActiveScaffold
         module CarrierwaveBridgeHelpers
           mattr_accessor :thumbnail_style
           self.thumbnail_style = :thumbnail
-        
-          def self.generate_delete_helper(klass, field)
-            klass.class_eval <<-EOF, __FILE__, __LINE__ + 1 unless klass.methods.include?("delete_#{field}=")
-              attr_reader :delete_#{field}
-        
-              def delete_#{field}=(value)
-                value = (value == "true") if String === value
-                return unless value
-        
-                # passing nil to the file column causes the file to be deleted. Don't delete if we just uploaded a file!
-                self.remove_#{field}! unless new_record?
-              end
-            EOF
-          end
         end
       end
     end
   end
-end
+end