active_scaffold 3.0.23 → 3.0.24

data/lib/active_scaffold/constraints.rb~

@@ -0,0 +1,186 @@
+module ActiveScaffold
+  module Constraints
+
+    protected
+
+    # Returns the current constraints
+    def active_scaffold_constraints
+      @active_scaffold_constraints ||= active_scaffold_session_storage[:constraints] || {}
+    end
+
+    def set_active_scaffold_constraints
+      associations_by_params = {}
+      active_scaffold_config.model.reflect_on_all_associations.each do |association|
+        associations_by_params[association.klass.name.foreign_key] = association.name unless association.options[:polymorphic]
+      end
+      params.each do |key, value|
+        active_scaffold_constraints[associations_by_params[key]] = value if associations_by_params.include? key
+      end
+    end
+
+    # For each enabled action, adds the constrained columns to the ActionColumns object (if it exists).
+    # This lets the ActionColumns object skip constrained columns.
+    #
+    # If the constraint value is a Hash, then we assume the constraint is a multi-level association constraint (the reverse of a has_many :through) and we do NOT register the constraint column.
+    def register_constraints_with_action_columns(association_constrained_fields = [], exclude_actions = [])
+      debugger
+      constrained_fields = active_scaffold_constraints.reject{|k, v| v.is_a? Hash}.keys.collect{|k| k.to_sym}
+      constrained_fields = constrained_fields | association_constrained_fields
+      if self.class.uses_active_scaffold?
+        # we actually want to do this whether constrained_fields exist or not, so that we can reset the array when they don't
+        active_scaffold_config.actions.each do |action_name|
+          next if exclude_actions.include?(action_name)
+          action = active_scaffold_config.send(action_name)
+          next unless action.respond_to? :columns
+          action.columns.constraint_columns = constrained_fields
+        end
+      end
+    end
+
+    # Returns search conditions based on the current scaffold constraints.
+    #
+    # Supports constraints based on either a column name (in which case it checks for an association
+    # or just uses the search_sql) or a database field name.
+    #
+    # All of this work is primarily to support nested scaffolds in a manner generally useful for other
+    # embedded scaffolds.
+    def conditions_from_constraints
+      conditions = nil
+      debugger
+      active_scaffold_constraints.each do |k, v|
+        column = active_scaffold_config.columns[k]
+        constraint_condition = if column
+          # Assume this is a multi-level association constraint.
+          # example:
+          #   data model: Park -> Den -> Bear
+          #   constraint: :den => {:park => 5}
+          if v.is_a? Hash
+            far_association = column.association.klass.reflect_on_association(v.keys.first)
+            field = far_association.klass.primary_key
+            table = far_association.table_name
+
+            active_scaffold_includes.concat([{k => v.keys.first}]) # e.g. {:den => :park}
+            constraint_condition_for("#{table}.#{field}", v.values.first)
+
+          # association column constraint
+          elsif column.association
+            if column.association.macro == :has_and_belongs_to_many
+              active_scaffold_habtm_joins.concat column.includes
+            else
+              active_scaffold_includes.concat column.includes
+            end
+            condition_from_association_constraint(column.association, v)
+
+          # regular column constraints
+          elsif column.searchable?
+            active_scaffold_includes.concat column.includes
+            constraint_condition_for(column.search_sql, v)
+          end
+        # unknown-to-activescaffold-but-real-database-column constraint
+        elsif active_scaffold_config.model.column_names.include? k.to_s
+          constraint_condition_for(k.to_s, v)
+        else
+          raise ActiveScaffold::MalformedConstraint, constraint_error(active_scaffold_config.model, k), caller
+        end
+
+        conditions = merge_conditions(conditions, constraint_condition)
+      end
+
+      conditions
+    end
+
+    # We do NOT want to use .search_sql. If anything, search_sql will refer
+    # to a human-searchable value on the associated record.
+    def condition_from_association_constraint(association, value)
+      # when the reverse association is a :belongs_to, the id for the associated object only exists as
+      # the primary_key on the other table. so for :has_one and :has_many (when the reverse is :belongs_to),
+      # we have to use the other model's primary_key.
+      #
+      # please see the relevant tests for concrete examples.
+      field = if [:has_one, :has_many].include?(association.macro)
+        association.klass.primary_key
+      elsif [:has_and_belongs_to_many].include?(association.macro)
+        association.association_foreign_key
+      else
+        association.options[:foreign_key] || association.name.to_s.foreign_key
+      end
+
+      table = case association.macro
+        when :has_and_belongs_to_many
+        association.options[:join_table]
+
+        when :belongs_to
+        active_scaffold_config.model.table_name
+
+        else
+        association.table_name
+      end
+
+      if association.options[:primary_key]
+        value = association.klass.find(value).send(association.options[:primary_key])
+      end
+
+      condition = constraint_condition_for("#{table}.#{field}", value)
+      if association.options[:polymorphic]
+        begin
+          parent_scaffold = "#{session_info[:parent_scaffold].to_s.camelize}Controller".constantize
+          condition = merge_conditions(
+            condition,
+            constraint_condition_for("#{table}.#{association.name}_type", parent_scaffold.active_scaffold_config.model_id.to_s)
+          )
+        rescue ActiveScaffold::ControllerNotFound
+          nil
+        end
+      end
+
+      condition
+    end
+
+    def constraint_error(klass, column_name)
+      "Malformed constraint `#{klass}##{column_name}'. If it's a legitimate column, and you are using a nested scaffold, please specify or double-check the reverse association name."
+    end
+
+    # Applies constraints to the given record.
+    #
+    # Searches through the known columns for association columns. If the given constraint is an association,
+    # it assumes that the constraint value is an id. It then does a association.klass.find with the value
+    # and adds the associated object to the record.
+    #
+    # For some operations ActiveRecord will automatically update the database. That's not always ok.
+    # If it *is* ok (e.g. you're in a transaction), then set :allow_autosave to true.
+    def apply_constraints_to_record(record, options = {})
+      options[:allow_autosave] = false if options[:allow_autosave].nil?
+
+      active_scaffold_constraints.each do |k, v|
+        column = active_scaffold_config.columns[k]
+        if column and column.association
+          if column.plural_association?
+            record.send("#{k}").send(:<<, column.association.klass.find(v))
+          elsif column.association.options[:polymorphic]
+            record.send("#{k}=", params[:parent_model].constantize.find(v))
+          else # regular singular association
+            record.send("#{k}=", column.association.klass.find(v))
+
+            # setting the belongs_to side of a has_one isn't safe. if the has_one was already
+            # specified, rails won't automatically clear out the previous associated record.
+            #
+            # note that we can't take the extra step to correct this unless we're permitted to
+            # run operations where activerecord auto-saves the object.
+            reverse = column.association.klass.reflect_on_association(column.association.reverse)
+            if reverse.macro == :has_one and options[:allow_autosave]
+              record.send(k).send("#{column.association.reverse}=", record)
+            end
+          end
+        else
+          record.send("#{k}=", v)
+        end
+      end
+    end
+
+    private
+
+    def constraint_condition_for(sql, value)
+      value.nil? ? "#{sql} IS NULL" : ["#{sql} = ?", value]
+    end
+  end
+end

data/lib/active_scaffold/data_structures/action_columns.rb~

@@ -0,0 +1,140 @@
+module ActiveScaffold::DataStructures
+  # A set of columns. These structures can be nested for organization.
+  class ActionColumns < ActiveScaffold::DataStructures::Set
+    include ActiveScaffold::Configurable
+
+    # this lets us refer back to the action responsible for this link, if it exists.
+    # the immediate need here is to get the crud_type so we can dynamically filter columns from the set.
+    attr_accessor :action
+
+    # labels are useful for the Create/Update forms, when we display columns in a grouped fashion and want to name them separately
+    attr_writer :label
+    def label
+      as_(@label) if @label
+    end
+    def name
+      @label
+    end
+
+    # Whether this column set is collapsed by default in contexts where collapsing is supported
+    attr_accessor :collapsed
+    
+    # nests a subgroup in the column set
+    def add_subgroup(label, &proc)
+      columns = ActiveScaffold::DataStructures::ActionColumns.new
+      columns.label = label
+      columns.action = self.action
+      columns.configure &proc
+      self.exclude columns.collect_columns
+      self.add columns
+    end
+
+    def include?(item)
+      @set.each do |c|
+        return true if !c.is_a? Symbol and c.include? item
+        return true if c == item.to_sym
+      end
+      return false
+    end
+
+    def names
+      self.collect(&:name)
+    end
+
+    def names_without_auth_check
+      Array(@set)
+    end
+
+    protected
+
+    def collect_columns
+      @set.collect {|col| col.is_a?(ActiveScaffold::DataStructures::ActionColumns) ? col.collect_columns : col}
+    end
+
+    # called during clone or dup. makes the clone/dup deeper.
+    def initialize_copy(from)
+      @set = from.instance_variable_get('@set').clone
+    end
+
+    # A package of stuff to add after the configuration block. This is an attempt at making a certain level of functionality inaccessible during configuration, to reduce possible breakage from misuse.
+    # The bulk of the package is a means of connecting the referential column set (ActionColumns) with the actual column objects (Columns). This lets us iterate over the set and yield real column objects.
+    module AfterConfiguration
+      # Redefine the each method to yield actual Column objects.
+      # It will skip constrained and unauthorized columns.
+      #
+      # Options:
+      #  * :flatten - whether to recursively iterate on nested sets. default is false.
+      #  * :for - the record (or class) being iterated over. used for column-level security. default is the class.
+      def each(options = {}, &proc)
+        options[:for] ||= @columns.active_record_class
+        self.unauthorized_columns = []
+        @set.each do |item|
+          unless item.is_a? ActiveScaffold::DataStructures::ActionColumns
+            item = (@columns[item] || ActiveScaffold::DataStructures::Column.new(item.to_sym, @columns.active_record_class))
+            next if self.skip_column?(item, options)
+          end
+          if item.is_a? ActiveScaffold::DataStructures::ActionColumns and options.has_key?(:flatten) and options[:flatten]
+            item.each(options, &proc)
+          else
+            yield item
+          end
+        end
+      end
+      
+      def collect_visible(options = {}, &proc)
+        columns = []
+        options[:for] ||= @columns.active_record_class
+        self.unauthorized_columns = []
+        @set.each do |item|
+          unless item.is_a? ActiveScaffold::DataStructures::ActionColumns
+            item = (@columns[item] || ActiveScaffold::DataStructures::Column.new(item.to_sym, @columns.active_record_class))
+            next if self.skip_column?(item, options)
+          end
+          if item.is_a? ActiveScaffold::DataStructures::ActionColumns and options.has_key?(:flatten) and options[:flatten]
+            columns = columns + item.collect(options, &proc)
+          else
+            columns << item
+          end
+        end
+        columns
+      end      
+      
+      def skip_column?(column, options)
+        result = false
+        # skip if this matches a constrained column
+        result = true if constraint_columns.include?(column.name.to_sym)
+        # skip if this matches the field_name of a constrained column
+        result = true if column.field_name and constraint_columns.include?(column.field_name.to_sym)
+        # skip this field if it's not authorized
+        unless options[:for].authorized_for?(:action => options[:action], :crud_type => options[:crud_type] || self.action.crud_type, :column => column.name)
+          self.unauthorized_columns << column.name.to_sym
+          result = true
+        end
+        return result
+      end
+
+      # registers a set of column objects (recursively, for all nested ActionColumns)
+      def set_columns(columns)
+        @columns = columns
+        # iterate over @set instead of self to avoid dealing with security queries
+        @set.each do |item|
+          item.set_columns(columns) if item.respond_to? :set_columns
+        end
+      end
+
+      attr_writer :constraint_columns
+      def constraint_columns
+        @constraint_columns ||= []
+      end
+      
+      attr_writer :unauthorized_columns
+      def unauthorized_columns
+        @unauthorized_columns ||= []
+      end
+      
+      def length
+        ((@set - self.constraint_columns) - self.unauthorized_columns).length
+      end
+    end
+  end
+end

data/lib/active_scaffold/data_structures/action_link.rb

@@ -3,15 +3,15 @@ module ActiveScaffold::DataStructures
     # provides a quick way to set any property of the object from a hash
     def initialize(action, options = {})
       # set defaults
-      self.action = action.to_s
+      self.action = action
       self.label = action
       self.confirm = false
       self.type = :collection
       self.inline = true
       self.method = :get
-      self.crud_type = :delete if [:destroy].include?(action.to_sym)
-      self.crud_type = :create if [:create, :new].include?(action.to_sym)
-      self.crud_type = :update if [:edit, :update].include?(action.to_sym)
+      self.crud_type = :delete if [:destroy].include?(action.try(:to_sym))
+      self.crud_type = :create if [:create, :new].include?(action.try(:to_sym))
+      self.crud_type = :update if [:edit, :update].include?(action.try(:to_sym))
       self.crud_type ||= :read
       self.parameters = {}
       self.html_options = {}

data/lib/active_scaffold/data_structures/action_link.rb~

@@ -0,0 +1,179 @@
+module ActiveScaffold::DataStructures
+  class ActionLink
+    # provides a quick way to set any property of the object from a hash
+    def initialize(action, options = {})
+      # set defaults
+      self.action = action.to_s
+      self.label = action
+      self.confirm = false
+      self.type = :collection
+      self.inline = true
+      self.method = :get
+      self.crud_type = :delete if [:destroy].include?(action.try(:to_sym))
+      self.crud_type = :create if [:create, :new].include?(action.try(:to_sym))
+      self.crud_type = :update if [:edit, :update].include?(action.try(:to_sym))
+      self.crud_type ||= :read
+      self.parameters = {}
+      self.html_options = {}
+      self.column = nil
+      self.image = nil
+      self.dynamic_parameters = nil
+
+      # apply quick properties
+      options.each_pair do |k, v|
+        setter = "#{k}="
+        self.send(setter, v) if self.respond_to? setter
+      end
+    end
+
+    # the action-path for this link. what page to request? this is required!
+    attr_accessor :action
+    
+    # the controller for this action link. if nil, the current controller should be assumed.
+    attr_writer :controller
+
+    def controller
+      @controller = @controller.call if @controller.is_a?(Proc)
+      @controller
+    end
+
+    def static_controller?
+      !(@controller.is_a?(Proc) || (@controller == :polymorph))
+    end
+
+    # a hash of request parameters
+    attr_accessor :parameters
+
+    # a block for dynamic_parameters
+    attr_accessor :dynamic_parameters
+
+    # the RESTful method
+    attr_accessor :method
+
+    # what string to use to represent this action
+    attr_writer :label
+    def label
+      @label.is_a?(Symbol) ? as_(@label) : @label
+    end
+    
+    # image to use {:name => 'arrow.png', :size => '16x16'}
+    attr_accessor :image
+
+    # if the action requires confirmation
+    def confirm=(value)
+      @dhtml_confirm = nil if value
+      @confirm = value
+    end
+    def confirm(label = '')
+      @confirm.is_a?(String) ? @confirm : as_(@confirm, :label => label)
+    end
+    def confirm?
+      !!@confirm
+    end
+    
+    # if the action uses a DHTML based (i.e. 2-phase) confirmation
+    attr_accessor :dhtml_confirm
+    def dhtml_confirm=(value)
+      @confirm = nil if value
+      @dhtml_confirm = value
+    end
+    def dhtml_confirm?
+      !!@dhtml_confirm
+    end
+
+    # what method to call on the controller to see if this action_link should be visible
+    # note that this is only the UI part of the security. to prevent URL hax0rz, you also need security on requests (e.g. don't execute update method unless authorized).
+    attr_writer :security_method
+    def security_method
+      @security_method || "#{self.action}_authorized?"
+    end
+
+    def security_method_set?
+      !!@security_method
+    end
+    
+    attr_accessor :ignore_method
+    
+    # the crud type of the (eventual?) action. different than :method, because this crud action may not be imminent.
+    # this is used to determine record-level authorization (e.g. record.authorized_for?(:crud_type => link.crud_type).
+    # options are :create, :read, :update, and :delete
+    attr_accessor :crud_type
+
+    # an "inline" link is inserted into the existing page
+    # exclusive with popup? and page?
+    def inline=(val)
+      @inline = (val == true)
+      self.popup = self.page = false if @inline
+    end
+    def inline?; @inline end
+
+    # a "popup" link displays in a separate (browser?) window. this will eventually take arguments.
+    # exclusive with inline? and page?
+    def popup=(val)
+      @popup = (val == true)
+      if @popup
+        self.inline = self.page = false
+
+        # the :method parameter doesn't mix with the :popup parameter
+        # when/if we start using DHTML popups, we can bring :method back
+        self.method = nil
+      end
+    end
+    def popup?; @popup end
+
+    # a "page" link displays by reloading the current page
+    # exclusive with inline? and popup?
+    def page=(val)
+      @page = (val == true)
+      if @page
+        self.inline = self.popup = false
+
+        # when :method is defined, ActionView adds an onclick to use a form ...
+        # so it's best to just empty out :method whenever possible.
+        # we only ever need to know @method = :get for things that default to POST.
+        # the only things that default to POST are forms and ajax calls.
+        # when @page = true, we don't use ajax.
+        self.method = nil if method == :get
+      end
+    end
+    def page?; @page end
+
+    # where the result of this action should insert in the display.
+    # for :type => :collection, supported values are:
+    #   :top
+    #   :bottom
+    #   :replace (for updating the entire table)
+    #   false (no attempt at positioning)
+    # for :type => :member, supported values are:
+    #   :before
+    #   :replace
+    #   :after
+    #   false (no attempt at positioning)
+    attr_writer :position
+    def position
+      return @position unless @position.nil? or @position == true
+      return :replace if self.type == :member
+      return :top if self.type == :collection
+      raise "what should the default position be for #{self.type}?"
+    end
+
+    # what type of link this is. currently supported values are :collection and :member.
+    attr_accessor :type
+
+    # html options for the link
+    attr_accessor :html_options
+    
+    # nested action_links are referencing a column
+    attr_accessor :column
+    
+    # indicates that this a nested_link
+    def nested_link?
+      @column || (parameters && parameters[:named_scope])
+    end
+    
+    # Internal use: generated eid for this action_link
+    attr_accessor :eid
+    
+    
+  end
+end

data/lib/active_scaffold/data_structures/nested_info.rb~

@@ -0,0 +1,124 @@
+module ActiveScaffold::DataStructures
+  class NestedInfo
+    def self.get(model, session_storage)
+      if session_storage[:nested].nil? 
+        nil
+      else
+        session_info = session_storage[:nested].clone
+        begin
+          debugger
+          session_info[:parent_scaffold] = "#{session_info[:parent_scaffold].to_s.camelize}Controller".constantize
+          session_info[:parent_model] = session_info[:parent_scaffold].active_scaffold_config.model
+          session_info[:association] = session_info[:parent_model].reflect_on_association(session_info[:name])
+          unless session_info[:association].nil?
+            ActiveScaffold::DataStructures::NestedInfoAssociation.new(model, session_info)
+          else
+            ActiveScaffold::DataStructures::NestedInfoScope.new(model, session_info)
+          end
+        rescue ActiveScaffold::ControllerNotFound
+          nil
+        end
+      end
+    end
+    
+    attr_accessor :association, :child_association, :parent_model, :parent_scaffold, :parent_id, :constrained_fields, :scope
+        
+    def initialize(model, session_info)
+      @parent_model = session_info[:parent_model]
+      @parent_id = session_info[:parent_id]
+      @parent_scaffold = session_info[:parent_scaffold]
+    end
+    
+    def new_instance?
+      result = @new_instance.nil?
+      @new_instance = false
+      result
+    end
+    
+    def parent_scope
+      parent_model.find(parent_id)
+    end
+    
+    def habtm?
+      false 
+    end
+    
+    def belongs_to?
+      false
+    end
+
+    def has_one?
+      false
+    end
+    
+    def readonly?
+      false
+    end
+
+    def sorted?
+      false
+    end
+  end
+  
+  class NestedInfoAssociation < NestedInfo
+    def initialize(model, session_info)
+      super(model, session_info)
+      @association = session_info[:association]
+      iterate_model_associations(model)
+    end
+    
+    def habtm?
+      association.macro == :has_and_belongs_to_many 
+    end
+    
+    def belongs_to?
+      association.belongs_to?
+    end
+
+    def has_one?
+      association.macro == :has_one
+    end
+    
+    def readonly?
+      if association.options.has_key? :readonly
+        association.options[:readonly]
+      else
+        association.options.has_key? :through
+      end
+    end
+
+    def sorted?
+      association.options.has_key? :order
+    end
+
+    def default_sorting
+      association.options[:order]
+    end
+    
+    protected
+    
+    def iterate_model_associations(model)
+      @constrained_fields = [] 
+      @constrained_fields << association.foreign_key.to_sym unless association.belongs_to?
+      model.reflect_on_all_associations.each do |current|
+        if !current.belongs_to? && association.foreign_key == current.association_foreign_key
+          constrained_fields << current.name.to_sym
+          @child_association = current if current.klass == @parent_model
+        end
+        if association.foreign_key == current.foreign_key
+          # show columns for has_many and has_one child associationes
+          constrained_fields << current.name.to_sym if current.belongs_to? 
+          @child_association = current
+        end
+      end
+    end
+  end
+  
+  class NestedInfoScope < NestedInfo
+    def initialize(model, session_info)
+      super(model, session_info)
+      @scope = session_info[:name]
+      @constrained_fields = [] 
+    end
+  end
+end

data/lib/active_scaffold/extensions/action_controller_rendering.rb~

@@ -0,0 +1,22 @@
+# wrap the action rendering for ActiveScaffold controllers
+module ActionController #:nodoc:
+  class Base
+    def render_with_active_scaffold(*args, &block)
+      if self.class.uses_active_scaffold? and params[:adapter] and @rendering_adapter.nil?
+        @rendering_adapter = true # recursion control
+        # if we need an adapter, then we render the actual stuff to a string and insert it into the adapter template
+        opts = args.blank? ? Hash.new : args.first
+        render :partial => params[:adapter][1..-1],
+        :locals => {:payload => render_to_string(opts.merge(:layout => false), &block).html_safe},
+               :use_full_path => true, :layout => false
+        @rendering_adapter = nil # recursion control
+      else
+        render_without_active_scaffold(*args, &block)
+      end
+    end
+    alias_method_chain :render, :active_scaffold
+
+    # Rails 2.x implementation is post-initialization on :active_scaffold method
+  end
+end
+