active_scaffold 3.2.17 → 3.2.18

data/lib/active_scaffold/actions/search.rb

@@ -1,48 +0,0 @@
-module ActiveScaffold::Actions
-  module Search
-    include ActiveScaffold::Actions::CommonSearch
-    def self.included(base)
-      base.before_filter :search_authorized_filter, :only => :show_search
-      base.before_filter :store_search_params_into_session, :only => [:index]
-      base.before_filter :do_search, :only => [:index]
-      base.helper_method :search_params
-    end
-
-    def show_search
-      respond_to_action(:search)
-    end
-
-    protected
-    def search_respond_to_html
-      render(:action => "search")
-    end
-    def search_respond_to_js
-      render(:partial => "search")
-    end
-    def do_search
-      query = search_params.to_s.strip rescue ''
-      unless query.empty?
-        columns = active_scaffold_config.search.columns
-        text_search = active_scaffold_config.search.text_search
-        query = query.split(active_scaffold_config.search.split_terms) if active_scaffold_config.search.split_terms
-        search_conditions = self.class.create_conditions_for_columns(query, columns, text_search)
-        @filtered = !search_conditions.blank?
-        self.active_scaffold_conditions.concat search_conditions if @filtered
-
-        includes_for_search_columns = columns.collect{ |column| column.includes}.flatten.uniq.compact
-        self.active_scaffold_includes.concat includes_for_search_columns
-
-        active_scaffold_config.list.user.page = nil
-      end
-    end
-
-    private
-    def search_authorized_filter
-      link = active_scaffold_config.search.link || active_scaffold_config.search.class.link
-      raise ActiveScaffold::ActionNotAllowed unless self.send(link.security_method)
-    end
-    def search_formats
-      (default_formats + active_scaffold_config.formats + active_scaffold_config.search.formats).uniq
-    end
-  end
-end

data/lib/active_scaffold/actions/show.rb

@@ -1,61 +0,0 @@
-module ActiveScaffold::Actions
-  module Show
-    def self.included(base)
-      base.before_filter :show_authorized_filter, :only => :show
-    end
-
-    def show
-      # rest destroy falls back to rest show in case of disabled javascript
-      # just render action_confirmation message for destroy
-      unless params.delete :destroy_action
-        do_show
-        successful?
-        respond_to_action(:show)
-      else
-        @record = find_if_allowed(params[:id], :read) if params[:id] && params[:id] && params[:id].to_i > 0
-        action_confirmation_respond_to_html(:destroy)
-      end
-    end
-
-    protected
-    
-    def show_respond_to_json
-      render :text => response_object.to_json(:only => active_scaffold_config.show.columns.names), :content_type => Mime::JSON, :status => response_status
-    end
-
-    def show_respond_to_yaml
-      render :text => Hash.from_xml(response_object.to_xml(:only => active_scaffold_config.show.columns.names)).to_yaml, :content_type => Mime::YAML, :status => response_status
-    end
-
-    def show_respond_to_xml
-      render :xml => response_object.to_xml(:only => active_scaffold_config.show.columns.names), :content_type => Mime::XML, :status => response_status
-    end
-
-    def show_respond_to_js
-      render :partial => 'show'
-    end
-
-    def show_respond_to_html
-      render :action => 'show'
-    end
-    # A simple method to retrieve and prepare a record for showing.
-    # May be overridden to customize show routine
-    def do_show
-      @record = find_if_allowed(params[:id], :read)
-    end
-
-    # The default security delegates to ActiveRecordPermissions.
-    # You may override the method to customize.
-    def show_authorized?(record = nil)
-      (record || self).send(:authorized_for?, :crud_type => :read)
-    end
-    private 
-    def show_authorized_filter
-      link = active_scaffold_config.show.link || active_scaffold_config.show.class.link
-      raise ActiveScaffold::ActionNotAllowed unless self.send(link.security_method)
-    end
-    def show_formats
-      (default_formats + active_scaffold_config.formats + active_scaffold_config.show.formats).uniq
-    end
-  end
-end

data/lib/active_scaffold/actions/subform.rb

@@ -1,23 +0,0 @@
-module ActiveScaffold::Actions
-  module Subform
-    def edit_associated
-      do_edit_associated
-      render :action => 'edit_associated', :formats => [:js]
-    end
-
-    protected
-
-    def do_edit_associated
-      @parent_record = params[:id].nil? ? new_model : find_if_allowed(params[:id], :update)
-      @column = active_scaffold_config.columns[params[:child_association]]
-
-      # NOTE: we don't check whether the user is allowed to update this record, because if not, we'll still let them associate the record. we'll just refuse to do more than associate, is all.
-      @record = @column.association.klass.find(params[:associated_id]) if params[:associated_id]
-      @record ||= build_associated(@column, @parent_record)
-
-      @scope = "#{params[:scope]}[#{@column.name}]"
-      @scope += (@record.new_record?) ? "[#{(Time.now.to_f*1000).to_i.to_s}]" : "[#{@record.id}]" if @column.plural_association?
-    end
-
-  end
-end

data/lib/active_scaffold/actions/update.rb

@@ -1,156 +0,0 @@
-module ActiveScaffold::Actions
-  module Update
-    def self.included(base)
-      base.before_filter :update_authorized_filter, :only => [:edit, :update]
-      base.helper_method :update_refresh_list?
-    end
-
-    def edit
-      do_edit
-      respond_to_action(:edit)
-    end
-
-    def update
-      do_update
-      respond_to_action(:update)
-    end
-
-    # for inline (inlist) editing
-    def update_column
-      do_update_column
-      @column_span_id = params[:editor_id] || params[:editorId]
-    end
-
-    protected
-    def edit_respond_to_html
-      if successful?
-        render(:action => 'update')
-      else
-        return_to_main
-      end
-    end
-    def edit_respond_to_js
-      render(:partial => 'update_form')
-    end
-    def update_respond_to_html
-      if params[:iframe]=='true' # was this an iframe post ?
-        responds_to_parent do
-          render :action => 'on_update', :formats => [:js], :layout => false
-        end
-      else # just a regular post
-        if successful?
-          flash[:info] = as_(:updated_model, :model => @record.to_label)
-          return_to_main
-        else
-          render(:action => 'update')
-        end
-      end
-    end
-    def update_respond_to_js
-      if successful?
-        do_refresh_list if update_refresh_list? && !render_parent?
-        flash.now[:info] = as_(:updated_model, :model => @record.to_label) if active_scaffold_config.update.persistent
-      end
-      render :action => 'on_update'
-    end
-    def update_respond_to_xml
-      render :xml => response_object.to_xml(:only => active_scaffold_config.update.columns.names), :content_type => Mime::XML, :status => response_status
-    end
-    def update_respond_to_json
-      render :text => response_object.to_json(:only => active_scaffold_config.update.columns.names), :content_type => Mime::JSON, :status => response_status
-    end
-    def update_respond_to_yaml
-      render :text => Hash.from_xml(response_object.to_xml(:only => active_scaffold_config.update.columns.names)).to_yaml, :content_type => Mime::YAML, :status => response_status
-    end
-    # A simple method to find and prepare a record for editing
-    # May be overridden to customize the record (set default values, etc.)
-    def do_edit
-      @record = find_if_allowed(params[:id], :update)
-    end
-
-    # A complex method to update a record. The complexity comes from the support for subforms, and saving associated records.
-    # If you want to customize this algorithm, consider using the +before_update_save+ callback
-    def do_update
-      do_edit
-      update_save
-    end
-
-    def update_save(options = {})
-      attributes = options[:attributes] || params[:record]
-      begin
-        active_scaffold_config.model.transaction do
-          @record = update_record_from_params(@record, active_scaffold_config.update.columns, attributes) unless options[:no_record_param_update]
-          before_update_save(@record)
-          self.successful = [@record.valid?, @record.associated_valid?].all? {|v| v == true} # this syntax avoids a short-circuit
-          if successful?
-            @record.save! and @record.save_associated!
-            after_update_save(@record)
-          else
-            # some associations such as habtm are saved before saved is called on parent object
-            # we have to revert these changes if validation fails
-            raise ActiveRecord::Rollback, "don't save habtm associations unless record is valid"
-          end
-        end
-      rescue ActiveRecord::StaleObjectError
-        @record.errors.add(:base, as_(:version_inconsistency))
-        self.successful = false
-      rescue ActiveRecord::RecordNotSaved
-        @record.errors.add(:base, as_(:record_not_saved)) if @record.errors.empty?
-        self.successful = false
-      rescue ActiveRecord::ActiveRecordError => ex
-        flash[:error] = ex.message
-        self.successful = false
-      end
-    end
-
-    def do_update_column
-      @record = active_scaffold_config.model.find(params[:id])
-      if @record.authorized_for?(:crud_type => :update, :column => params[:column])
-        column = active_scaffold_config.columns[params[:column].to_sym]
-        unless @record.column_for_attribute(params[:column]).nil? || @record.column_for_attribute(params[:column]).null
-          if @record.column_for_attribute(params[:column]).default == true
-            params[:value] ||= false
-          else
-            params[:value] ||= @record.column_for_attribute(params[:column]).default
-          end
-        end
-        unless column.nil?
-          params[:value] = column_value_from_param_value(@record, column, params[:value])
-          params[:value] = [] if params[:value].nil? && column.form_ui && column.plural_association?
-        end
-        @record.send("#{params[:column]}=", params[:value])
-        before_update_save(@record)
-        @record.save
-        after_update_save(@record)
-      end
-    end
-
-    # override this method if you want to inject data in the record (or its associated objects) before the save
-    def before_update_save(record); end
-
-    # override this method if you want to do something after the save
-    def after_update_save(record); end
-
-    # should we refresh whole list after update operation
-    def update_refresh_list?
-      active_scaffold_config.update.refresh_list
-    end
-
-    # The default security delegates to ActiveRecordPermissions.
-    # You may override the method to customize.
-    def update_authorized?(record = nil)
-      (!nested? || !nested.readonly?) && (record || self).send(:authorized_for?, :crud_type => :update)
-    end
-    private
-    def update_authorized_filter
-      link = active_scaffold_config.update.link || active_scaffold_config.update.class.link
-      raise ActiveScaffold::ActionNotAllowed unless self.send(link.security_method)
-    end
-    def edit_formats
-      (default_formats + active_scaffold_config.formats).uniq
-    end
-    def update_formats
-      (default_formats + active_scaffold_config.formats + active_scaffold_config.update.formats).uniq
-    end
-  end
-end

data/lib/active_scaffold/active_record_permissions.rb

@@ -1,135 +0,0 @@
-# This module attempts to create permissions conventions for your ActiveRecord models. It supports english-based
-# methods that let you restrict access per-model, per-record, per-column, per-action, and per-user. All at once.
-#
-# You may define instance methods in the following formats:
-#  def #{column}_authorized_for_#{action}?
-#  def #{column}_authorized?
-#  def authorized_for_#{action}?
-#
-# Your methods should allow for the following special cases:
-#   * cron scripts
-#   * guest users (or nil current_user objects)
-module ActiveRecordPermissions
-  # ActiveRecordPermissions needs to know what method on your ApplicationController will return the current user,
-  # if available. This defaults to the :current_user method. You may configure this in your environment.rb if you
-  # have a different setup.
-  def self.current_user_method=(v); @@current_user_method = v; end
-  def self.current_user_method; @@current_user_method; end
-  @@current_user_method = :current_user
-
-  # Whether the default permission is permissive or not
-  # If set to true, then everything's allowed until configured otherwise
-  def self.default_permission=(v); @@default_permission = v; end
-  def self.default_permission; @@default_permission; end
-  @@default_permission = true
-
-  # This is a module aimed at making the current_user available to ActiveRecord models for permissions.
-  module ModelUserAccess
-    module Controller
-      def self.included(base)
-        base.prepend_before_filter :assign_current_user_to_models
-      end
-
-      # We need to give the ActiveRecord classes a handle to the current user. We don't want to just pass the object,
-      # because the object may change (someone may log in or out). So we give ActiveRecord a proc that ties to the
-      # current_user_method on this ApplicationController.
-      def assign_current_user_to_models
-        ActiveRecord::Base.current_user_proc = proc {send(ActiveRecordPermissions.current_user_method)}
-      end
-    end
-
-    module Model
-      def self.included(base)
-        base.extend ClassMethods
-        base.send :include, ActiveRecordPermissions::Permissions
-      end
-
-      module ClassMethods
-        # The proc to call that retrieves the current_user from the ApplicationController.
-        attr_accessor :current_user_proc
-
-        # Class-level access to the current user
-        def current_user
-          ActiveRecord::Base.current_user_proc.call if ActiveRecord::Base.current_user_proc
-        end
-      end
-
-      # Instance-level access to the current user
-      def current_user
-        self.class.current_user
-      end
-    end
-  end
-
-  module Permissions
-    def self.included(base)
-      base.extend SecurityMethods
-      base.send :include, SecurityMethods
-    end
-
-    # Because any class-level queries get delegated to the instance level via a new record,
-    # it's useful to know when the authorization query is meant for a specific record or not.
-    # But using new_record? is confusing, even though accurate. So this is basically just a wrapper.
-    def existing_record_check?
-      !new_record?
-    end
-
-    module SecurityMethods
-      # A generic authorization query. This is what will be called programatically, since
-      # the actual permission methods can't be guaranteed to exist. And because we want to
-      # intelligently combine multiple applicable methods.
-      #
-      # options[:crud_type] should be a CRUD verb (:create, :read, :update, :destroy)
-      # options[:column] should be the name of a model attribute
-      # options[:action] is the name of a method
-      def authorized_for?(options = {})
-        raise ArgumentError, "unknown crud type #{options[:crud_type]}" if options[:crud_type] and ![:create, :read, :update, :delete].include?(options[:crud_type])
-
-        # column_authorized_for_crud_type? has the highest priority over other methods,
-        # you can disable a crud verb and enable that verb for a column
-        # (for example, disable update and enable inplace_edit in a column)
-        method = column_and_crud_type_security_method(options[:column], options[:crud_type])
-        return send(method) if method and respond_to?(method)
-
-        # authorized_for_action? has higher priority than other methods,
-        # you can disable a crud verb and enable an action with that crud verb
-        # (for example, disable update and enable an action with update as crud type)
-        method = action_security_method(options[:action])
-        return send(method) if method and respond_to?(method)
-
-        # collect other possibly-related methods that actually exist
-        methods = [
-          column_security_method(options[:column]),
-          crud_type_security_method(options[:crud_type]),
-        ].compact.select {|m| respond_to?(m)}
-
-        # if any method returns false, then return false
-        return false if methods.any? {|m| !send(m)}
-
-        # if any method actually exists then it must've returned true, so return true
-        return true unless methods.empty?
-
-        # if no method exists, return the default permission
-        return ActiveRecordPermissions.default_permission
-      end
-
-      private
-
-      def column_security_method(column)
-        "#{column}_authorized?" if column
-      end
-
-      def crud_type_security_method(crud_type)
-        "authorized_for_#{crud_type}?" if crud_type
-      end
-
-      def action_security_method(action)
-        "authorized_for_#{action}?" if action
-      end
-
-      def column_and_crud_type_security_method(column, crud_type)
-        "#{column}_authorized_for_#{crud_type}?" if column and crud_type
-      end
-    end
-  end
-end

data/lib/active_scaffold/attribute_params.rb

@@ -1,200 +0,0 @@
-module ActiveScaffold
-  # Provides support for param hashes assumed to be model attributes.
-  # Support is primarily needed for creating/editing associated records using a nested hash structure.
-  #
-  # Paradigm Params Hash (should write unit tests on this):
-  #   params[:record] = {
-  #     # a simple record attribute
-  #     'name' => 'John',
-  #     # a plural association hash
-  #     'roles' => {
-  #       # associate with an existing role
-  #       '5' => {'id' => 5}
-  #       # associate with an existing role and edit it
-  #       '6' => {'id' => 6, 'name' => 'designer'}
-  #       # create and associate a new role
-  #       '124521' => {'name' => 'marketer'}
-  #     }
-  #     # a singular association hash
-  #     'location' => {'id' => 12, 'city' => 'New York'}
-  #   }
-  #
-  # Simpler association structures are also supported, like:
-  #   params[:record] = {
-  #     # a simple record attribute
-  #     'name' => 'John',
-  #     # a plural association ... all ids refer to existing records
-  #     'roles' => ['5', '6'],
-  #     # a singular association ... all ids refer to existing records
-  #     'location' => '12'
-  # }
-  module AttributeParams
-    protected
-    # Takes attributes (as from params[:record]) and applies them to the parent_record. Also looks for
-    # association attributes and attempts to instantiate them as associated objects.
-    #
-    # This is a secure way to apply params to a record, because it's based on a loop over the columns
-    # set. The columns set will not yield unauthorized columns, and it will not yield unregistered columns.
-    def update_record_from_params(parent_record, columns, attributes)
-      crud_type = parent_record.new_record? ? :create : :update
-      return parent_record unless parent_record.authorized_for?(:crud_type => crud_type)
-
-      multi_parameter_attributes = {}
-      attributes.each do |k, v|
-        next unless k.include? '('
-        column_name = k.split('(').first.to_sym
-        multi_parameter_attributes[column_name] ||= []
-        multi_parameter_attributes[column_name] << [k, v]
-      end
-
-      columns.each :for => parent_record, :crud_type => crud_type, :flatten => true do |column|
-        # Set any passthrough parameters that may be associated with this column (ie, file column "keep" and "temp" attributes)
-        unless column.params.empty?
-          column.params.each{|p| parent_record.send("#{p}=", attributes[p]) if attributes.has_key? p}
-        end
-
-        if multi_parameter_attributes.has_key? column.name
-          parent_record.send(:assign_multiparameter_attributes, multi_parameter_attributes[column.name])
-        elsif attributes.has_key? column.name
-          value = column_value_from_param_value(parent_record, column, attributes[column.name]) 
-
-          # we avoid assigning a value that already exists because otherwise has_one associations will break (AR bug in has_one_association.rb#replace)
-          parent_record.send("#{column.name}=", value) unless parent_record.send(column.name) == value
-        end
-      end
-
-      if parent_record.new_record?
-        parent_record.class.reflect_on_all_associations.each do |a|
-          next unless [:has_one, :has_many].include?(a.macro) and not (a.options[:through] || a.options[:finder_sql])
-          next unless association_proxy = parent_record.send(a.name)
-
-          raise ActiveScaffold::ReverseAssociationRequired, "Association #{a.name} in class #{parent_record.class.name}: In order to support :has_one and :has_many where the parent record is new and the child record(s) validate the presence of the parent, ActiveScaffold requires the reverse association (the belongs_to)." unless a.reverse
-
-          association_proxy = [association_proxy] if a.macro == :has_one
-          association_proxy.each { |record| record.send("#{a.reverse}=", parent_record) }
-        end
-      end
-
-      parent_record
-    end
-    
-    def manage_nested_record_from_params(parent_record, column, attributes)
-      record = find_or_create_for_params(attributes, column, parent_record)
-      if record
-        record_columns = active_scaffold_config_for(column.association.klass).subform.columns
-        record_columns.constraint_columns = [column.association.reverse]
-        update_record_from_params(record, record_columns, attributes)
-        record.unsaved = true
-      end
-      record
-    end
-    
-    def column_value_from_param_value(parent_record, column, value)
-      # convert the value, possibly by instantiating associated objects
-      if value.is_a?(Hash)
-        column_value_from_param_hash_value(parent_record, column, value)
-      else
-        column_value_from_param_simple_value(parent_record, column, value)
-      end
-    end
-
-    def column_value_from_param_simple_value(parent_record, column, value)
-      if column.singular_association?
-        # it's a single id
-        column.association.klass.find(value) if value and not value.empty?
-      elsif column.plural_association?
-        column_plural_assocation_value_from_value(column, Array(value))
-      elsif column.number? && [:i18n_number, :currency].include?(column.options[:format])
-        self.class.i18n_number_to_native_format(value)
-      else
-        # convert empty strings into nil. this works better with 'null => true' columns (and validations),
-        # and 'null => false' columns should just convert back to an empty string.
-        # ... but we can at least check the ConnectionAdapter::Column object to see if nulls are allowed
-        value = nil if value.is_a? String and value.empty? and !column.column.nil? and column.column.null
-        value
-      end
-    end
-
-    def column_plural_assocation_value_from_value(column, value)
-      # it's an array of ids
-      if value and not value.empty?
-        ids = value.select {|id| id.respond_to?(:empty?) ? !id.empty? : true}
-        ids.empty? ? [] : column.association.klass.find(ids)
-      end
-    end
-
-    def column_value_from_param_hash_value(parent_record, column, value)
-      # this is just for backwards compatibility. we should clean this up in 2.0.
-      if column.form_ui == :select
-        ids = if column.singular_association?
-          value[:id]
-        else
-          value.values.collect {|hash| hash[:id]}
-        end
-        (ids and not ids.empty?) ? column.association.klass.find(ids) : nil
-
-      elsif column.singular_association?
-        manage_nested_record_from_params(parent_record, column, value)
-      elsif column.plural_association?
-        # HACK to be able to delete all associated records, hash will include "0" => ""
-        value.collect {|key, value| manage_nested_record_from_params(parent_record, column, value) unless value == ""}.compact
-      else
-        value
-      end
-    end
-
-   # Attempts to create or find an instance of klass (which must be an ActiveRecord object) from the
-    # request parameters given. If params[:id] exists it will attempt to find an existing object
-    # otherwise it will build a new one.
-    def find_or_create_for_params(params, parent_column, parent_record)
-      current = parent_record.send(parent_column.name)
-      klass = parent_column.association.klass
-      pk = klass.primary_key.to_sym
-      return nil if parent_column.show_blank_record?(current) and attributes_hash_is_empty?(params, klass)
-
-      if params.has_key? pk
-        # modifying the current object of a singular association
-        pk_val = params[pk] 
-        if current and current.is_a? ActiveRecord::Base and current.id.to_s == pk_val
-          current
-        # modifying one of the current objects in a plural association
-        elsif current and current.respond_to?(:any?) and current.any? {|o| o.id.to_s == pk_val}
-          current.detect {|o| o.id.to_s == pk_val}
-        # attaching an existing but not-current object
-        else
-          klass.find(pk_val)
-        end
-      else
-        build_associated(parent_column, parent_record) if klass.authorized_for?(:crud_type => :create)
-      end
-    end
-    # Determines whether the given attributes hash is "empty".
-    # This isn't a literal emptiness - it's an attempt to discern whether the user intended it to be empty or not.
-    def attributes_hash_is_empty?(hash, klass)
-      ignore_column_types = [:boolean]
-      hash.all? do |key,value|
-        # convert any possible multi-parameter attributes like 'created_at(5i)' to simply 'created_at'
-        parts = key.to_s.split('(')
-        #old style date form management... ignore them too
-        ignore_column_types = [:boolean, :datetime, :date, :time] if parts.length > 1
-        column_name = parts.first
-        column = klass.columns_hash[column_name]
-
-        # booleans and datetimes will always have a value. so we ignore them when checking whether the hash is empty.
-        # this could be a bad idea. but the current situation (excess record entry) seems worse.
-        next true if column and ignore_column_types.include?(column.type)
-
-        # defaults are pre-filled on the form. we can't use them to determine if the user intends a new row.
-        next true if column and value == column.default.to_s
-
-        if value.is_a?(Hash)
-          attributes_hash_is_empty?(value, klass)
-        elsif value.is_a?(Array)
-          value.any? {|id| id.respond_to?(:empty?) ? !id.empty? : true}
-        else
-          value.respond_to?(:empty?) ? value.empty? : false
-        end
-      end
-    end
-  end
-end