active_scaffold 3.3.3 → 3.4.0

data/lib/active_scaffold/actions/show.rb

@@ -19,15 +19,15 @@ module ActiveScaffold::Actions
     protected
 
     def show_respond_to_json
-      render :text => response_object.to_json(:only => active_scaffold_config.show.columns.names), :content_type => Mime::JSON, :status => response_status
+      render :text => response_object.to_json(:only => show_columns_names + [active_scaffold_config.model.primary_key], :include => association_columns(show_columns_names), :methods => virtual_columns(show_columns_names)), :content_type => Mime::JSON, :status => response_status
     end
 
     def show_respond_to_yaml
-      render :text => Hash.from_xml(response_object.to_xml(:only => active_scaffold_config.show.columns.names)).to_yaml, :content_type => Mime::YAML, :status => response_status
+      render :text => Hash.from_xml(response_object.to_xml(:only => show_columns_names + [active_scaffold_config.model.primary_key], :include => association_columns(show_columns_names), :methods => virtual_columns(show_columns_names))).to_yaml, :content_type => Mime::YAML, :status => response_status
     end
 
     def show_respond_to_xml
-      render :xml => response_object.to_xml(:only => active_scaffold_config.show.columns.names), :content_type => Mime::XML, :status => response_status
+      render :xml => response_object.to_xml(:only => show_columns_names + [active_scaffold_config.model.primary_key], :include => association_columns(show_columns_names), :methods => virtual_columns(show_columns_names)), :content_type => Mime::XML, :status => response_status
     end
 
     def show_respond_to_js
@@ -37,11 +37,16 @@ module ActiveScaffold::Actions
     def show_respond_to_html
       render :action => 'show'
     end
+
+    def show_columns_names
+      active_scaffold_config.show.columns.names
+    end
+
     # A simple method to retrieve and prepare a record for showing.
     # May be overridden to customize show routine
     def do_show
       set_includes_for_columns(:show) if active_scaffold_config.actions.include? :list
-      klass = beginning_of_chain.includes(active_scaffold_includes)
+      klass = beginning_of_chain.preload(active_scaffold_preload)
       @record = find_if_allowed(params[:id], :read, klass)
     end
 

data/lib/active_scaffold/actions/subform.rb

@@ -14,7 +14,7 @@ module ActiveScaffold::Actions
 
       # NOTE: we don't check whether the user is allowed to update this record, because if not, we'll still let them associate the record. we'll just refuse to do more than associate, is all.
       @record = @column.association.klass.find(params[:associated_id]) if params[:associated_id]
-      @record ||= build_associated(@column, @parent_record)
+      @record ||= build_associated(@column.association, @parent_record)
       @scope = params[:scope]
     end
 

data/lib/active_scaffold/actions/update.rb

@@ -34,14 +34,20 @@ module ActiveScaffold::Actions
     end
     def update_respond_to_html
       if params[:iframe]=='true' # was this an iframe post ?
-        do_refresh_list if successful? && active_scaffold_config.create.refresh_list && !render_parent?
+        do_refresh_list if successful? && active_scaffold_config.update.refresh_list && !render_parent?
         responds_to_parent do
           render :action => 'on_update', :formats => [:js], :layout => false
         end
       else # just a regular post
         if successful?
-          flash[:info] = as_(:updated_model, :model => @record.to_label)
-          return_to_main
+          message = as_(:updated_model, :model => @record.to_label)
+	  if params[:dont_close]
+	    flash.now[:info] = message
+	    render(:action => 'update')
+	  else
+	    flash[:info] = message
+	    return_to_main
+	  end
         else
           render(:action => 'update')
         end
@@ -63,13 +69,17 @@ module ActiveScaffold::Actions
       render :action => 'on_update'
     end
     def update_respond_to_xml
-      render :xml => response_object.to_xml(:only => active_scaffold_config.update.columns.names), :content_type => Mime::XML, :status => response_status
+      render :xml => response_object.to_xml(:only => update_columns_names + [active_scaffold_config.model.primary_key], :include => association_columns(update_columns_names), :methods => virtual_columns(update_columns_names)), :content_type => Mime::XML, :status => response_status
     end
     def update_respond_to_json
-      render :text => response_object.to_json(:only => active_scaffold_config.update.columns.names), :content_type => Mime::JSON, :status => response_status
+      render :text => response_object.to_json(:only => update_columns_names + [active_scaffold_config.model.primary_key], :include => association_columns(update_columns_names), :methods => virtual_columns(update_columns_names)), :content_type => Mime::JSON, :status => response_status
     end
     def update_respond_to_yaml
-      render :text => Hash.from_xml(response_object.to_xml(:only => active_scaffold_config.update.columns.names)).to_yaml, :content_type => Mime::YAML, :status => response_status
+      render :text => Hash.from_xml(response_object.to_xml(:only => update_columns_names + [active_scaffold_config.model.primary_key], :include => association_columns(update_columns_names), :methods => virtual_columns(update_columns_names))).to_yaml, :content_type => Mime::YAML, :status => response_status
+    end
+
+    def update_columns_names
+      active_scaffold_config.update.columns.names
     end
 
     # A simple method to find and prepare a record for editing
@@ -104,7 +114,12 @@ module ActiveScaffold::Actions
       rescue ActiveRecord::StaleObjectError
         @record.errors.add(:base, as_(:version_inconsistency))
         self.successful = false
-      rescue ActiveRecord::RecordNotSaved
+      rescue ActiveRecord::RecordNotSaved => exception
+        logger.warn {
+          "\n\n#{exception.class} (#{exception.message}):\n    " +
+          Rails.backtrace_cleaner.clean(exception.backtrace).join("\n    ") +
+          "\n\n"
+        }
         @record.errors.add(:base, as_(:record_not_saved)) if @record.errors.empty?
         self.successful = false
       rescue ActiveRecord::ActiveRecordError => ex

data/lib/active_scaffold/active_record_permissions.rb

@@ -9,143 +9,150 @@
 # Your methods should allow for the following special cases:
 #   * cron scripts
 #   * guest users (or nil current_user objects)
-module ActiveRecordPermissions
-  # ActiveRecordPermissions needs to know what method on your ApplicationController will return the current user,
-  # if available. This defaults to the :current_user method. You may configure this in your environment.rb if you
-  # have a different setup.
-  def self.current_user_method=(v); @@current_user_method = v; end
-  def self.current_user_method; @@current_user_method; end
-  @@current_user_method = :current_user
-
-  # Whether the default permission is permissive or not
-  # If set to true, then everything's allowed until configured otherwise
-  def self.default_permission=(v); @@default_permission = v; end
-  def self.default_permission; @@default_permission; end
-  @@default_permission = true
-
-  # This is a module aimed at making the current_user available to ActiveRecord models for permissions.
-  module ModelUserAccess
-    module Controller
-      def self.included(base)
-        base.prepend_before_filter :assign_current_user_to_models
-      end
+module ActiveScaffold
+  module ActiveRecordPermissions
+    # ActiveRecordPermissions needs to know what method on your ApplicationController will return the current user,
+    # if available. This defaults to the :current_user method. You may configure this in your environment.rb if you
+    # have a different setup.
+    def self.current_user_method=(v); @@current_user_method = v; end
+    def self.current_user_method; @@current_user_method; end
+    @@current_user_method = :current_user
+
+    # Whether the default permission is permissive or not
+    # If set to true, then everything's allowed until configured otherwise
+    def self.default_permission=(v); @@default_permission = v; end
+    def self.default_permission; @@default_permission; end
+    @@default_permission = true
+
+    # This is a module aimed at making the current_user available to ActiveRecord models for permissions.
+    module ModelUserAccess
+      module Controller
+        def self.included(base)
+          base.prepend_before_filter :assign_current_user_to_models
+        end
 
-      # We need to give the ActiveRecord classes a handle to the current user. We don't want to just pass the object,
-      # because the object may change (someone may log in or out). So we give ActiveRecord a proc that ties to the
-      # current_user_method on this ApplicationController.
-      def assign_current_user_to_models
-        ActiveRecord::Base.current_user_proc = proc {send(ActiveRecordPermissions.current_user_method)}
+        # We need to give the ActiveRecord classes a handle to the current user. We don't want to just pass the object,
+        # because the object may change (someone may log in or out). So we give ActiveRecord a proc that ties to the
+        # current_user_method on this ApplicationController.
+        def assign_current_user_to_models
+          ActiveRecord::Base.current_user_proc = proc {send(ActiveRecordPermissions.current_user_method)}
+        end
       end
-    end
 
-    module Model
-      def self.included(base)
-        base.extend ClassMethods
-        base.send :include, ActiveRecordPermissions::Permissions
-      end
+      module Model
+        def self.included(base)
+          base.extend ClassMethods
+          base.send :include, ActiveRecordPermissions::Permissions
+        end
 
-      module ClassMethods
-        # The proc to call that retrieves the current_user from the ApplicationController.
-        attr_accessor :current_user_proc
+        module ClassMethods
+          # The proc to call that retrieves the current_user from the ApplicationController.
+          def current_user_proc
+            Thread.current[:current_user_proc]
+          end
+          def current_user_proc=(proc_value)
+            Thread.current[:current_user_proc] = proc_value
+          end
+
+          # Class-level access to the current user
+          def current_user
+            ActiveRecord::Base.current_user_proc.call if ActiveRecord::Base.current_user_proc
+          end
+        end
 
-        # Class-level access to the current user
+        # Instance-level access to the current user
         def current_user
-          ActiveRecord::Base.current_user_proc.call if ActiveRecord::Base.current_user_proc
+          self.class.current_user
         end
       end
-
-      # Instance-level access to the current user
-      def current_user
-        self.class.current_user
-      end
     end
-  end
 
-  module Permissions
-    def self.included(base)
-      base.extend SecurityMethods
-      base.send :include, SecurityMethods
-      class << base
-        attr_accessor :class_security_methods
-        attr_accessor :instance_security_methods
+    module Permissions
+      def self.included(base)
+        base.extend SecurityMethods
+        base.send :include, SecurityMethods
+        class << base
+          attr_accessor :class_security_methods
+          attr_accessor :instance_security_methods
+        end
       end
-    end
 
-    # Because any class-level queries get delegated to the instance level via a new record,
-    # it's useful to know when the authorization query is meant for a specific record or not.
-    # But using new_record? is confusing, even though accurate. So this is basically just a wrapper.
-    def existing_record_check?
-      !new_record?
-    end
-
-    module SecurityMethods
-      # A generic authorization query. This is what will be called programatically, since
-      # the actual permission methods can't be guaranteed to exist. And because we want to
-      # intelligently combine multiple applicable methods.
-      #
-      # options[:crud_type] should be a CRUD verb (:create, :read, :update, :destroy)
-      # options[:column] should be the name of a model attribute
-      # options[:action] is the name of a method
-      def authorized_for?(options = {})
-        raise ArgumentError, "unknown crud type #{options[:crud_type]}" if options[:crud_type] and ![:create, :read, :update, :delete].include?(options[:crud_type])
-
-        # collect other possibly-related methods that actually exist
-        methods = cached_authorized_for_methods(options)
-        return ActiveRecordPermissions.default_permission if methods.empty?
-        return send(methods.first) if methods.one?
-
-        # if any method returns false, then return false
-        return false if methods.any? {|m| !send(m)}
-        true
+      # Because any class-level queries get delegated to the instance level via a new record,
+      # it's useful to know when the authorization query is meant for a specific record or not.
+      # But using new_record? is confusing, even though accurate. So this is basically just a wrapper.
+      def existing_record_check?
+        !new_record?
       end
-      
-      def cached_authorized_for_methods(options)
-        key = "#{options[:crud_type]}##{options[:column]}##{options[:action]}"
-        if self.is_a? Class
-          self.class_security_methods ||= {}
-          self.class_security_methods[key] ||= authorized_for_methods(options)
-        else
-          self.class.instance_security_methods ||= {}
-          self.class.instance_security_methods[key] ||= authorized_for_methods(options)
+
+      module SecurityMethods
+        # A generic authorization query. This is what will be called programatically, since
+        # the actual permission methods can't be guaranteed to exist. And because we want to
+        # intelligently combine multiple applicable methods.
+        #
+        # options[:crud_type] should be a CRUD verb (:create, :read, :update, :destroy)
+        # options[:column] should be the name of a model attribute
+        # options[:action] is the name of a method
+        def authorized_for?(options = {})
+          raise ArgumentError, "unknown crud type #{options[:crud_type]}" if options[:crud_type] and ![:create, :read, :update, :delete].include?(options[:crud_type])
+
+          # collect other possibly-related methods that actually exist
+          methods = cached_authorized_for_methods(options)
+          return ActiveRecordPermissions.default_permission if methods.empty?
+          return send(methods.first) if methods.one?
+
+          # if any method returns false, then return false
+          return false if methods.any? {|m| !send(m)}
+          true
+        end
+        
+        def cached_authorized_for_methods(options)
+          key = "#{options[:crud_type]}##{options[:column]}##{options[:action]}"
+          if self.is_a? Class
+            self.class_security_methods ||= {}
+            self.class_security_methods[key] ||= authorized_for_methods(options)
+          else
+            self.class.instance_security_methods ||= {}
+            self.class.instance_security_methods[key] ||= authorized_for_methods(options)
+          end
         end
-      end
 
-      def authorized_for_methods(options)
-        # column_authorized_for_crud_type? has the highest priority over other methods,
-        # you can disable a crud verb and enable that verb for a column
-        # (for example, disable update and enable inplace_edit in a column)
-        method = column_and_crud_type_security_method(options[:column], options[:crud_type])
-        return [method] if method and respond_to?(method)
-
-        # authorized_for_action? has higher priority than other methods,
-        # you can disable a crud verb and enable an action with that crud verb
-        # (for example, disable update and enable an action with update as crud type)
-        method = action_security_method(options[:action])
-        return [method] if method and respond_to?(method)
-
-        # collect other possibly-related methods that actually exist
-        methods = [
-          column_security_method(options[:column]),
-          crud_type_security_method(options[:crud_type]),
-        ].compact.select {|m| respond_to?(m)}
-      end
-      
-      private
+        def authorized_for_methods(options)
+          # column_authorized_for_crud_type? has the highest priority over other methods,
+          # you can disable a crud verb and enable that verb for a column
+          # (for example, disable update and enable inplace_edit in a column)
+          method = column_and_crud_type_security_method(options[:column], options[:crud_type])
+          return [method] if method and respond_to?(method)
+
+          # authorized_for_action? has higher priority than other methods,
+          # you can disable a crud verb and enable an action with that crud verb
+          # (for example, disable update and enable an action with update as crud type)
+          method = action_security_method(options[:action])
+          return [method] if method and respond_to?(method)
+
+          # collect other possibly-related methods that actually exist
+          methods = [
+            column_security_method(options[:column]),
+            crud_type_security_method(options[:crud_type]),
+          ].compact.select {|m| respond_to?(m)}
+        end
+        
+        private
 
-      def column_security_method(column)
-        "#{column}_authorized?" if column
-      end
+        def column_security_method(column)
+          "#{column}_authorized?" if column
+        end
 
-      def crud_type_security_method(crud_type)
-        "authorized_for_#{crud_type}?" if crud_type
-      end
+        def crud_type_security_method(crud_type)
+          "authorized_for_#{crud_type}?" if crud_type
+        end
 
-      def action_security_method(action)
-        "authorized_for_#{action}?" if action
-      end
+        def action_security_method(action)
+          "authorized_for_#{action}?" if action
+        end
 
-      def column_and_crud_type_security_method(column, crud_type)
-        "#{column}_authorized_for_#{crud_type}?" if column and crud_type
+        def column_and_crud_type_security_method(column, crud_type)
+          "#{column}_authorized_for_#{crud_type}?" if column and crud_type
+        end
       end
     end
   end

data/lib/active_scaffold/attribute_params.rb

@@ -8,6 +8,8 @@ module ActiveScaffold
   #     'name' => 'John',
   #     # a plural association hash
   #     'roles' => {
+  #       # hack to be able to clear roles
+  #       '0' => ''
   #       # associate with an existing role
   #       '5' => {'id' => 5}
   #       # associate with an existing role and edit it
@@ -35,59 +37,52 @@ module ActiveScaffold
     #
     # This is a secure way to apply params to a record, because it's based on a loop over the columns
     # set. The columns set will not yield unauthorized columns, and it will not yield unregistered columns.
-    def update_record_from_params(parent_record, columns, attributes)
+    def update_record_from_params(parent_record, columns, attributes, avoid_changes = false)
       crud_type = parent_record.new_record? ? :create : :update
       return parent_record unless parent_record.authorized_for?(:crud_type => crud_type)
 
       multi_parameter_attributes = {}
       attributes.each do |k, v|
         next unless k.include? '('
-        column_name = k.split('(').first.to_sym
+        column_name = k.split('(').first
         multi_parameter_attributes[column_name] ||= []
         multi_parameter_attributes[column_name] << [k, v]
       end
 
       columns.each :for => parent_record, :crud_type => crud_type, :flatten => true do |column|
-        # Set any passthrough parameters that may be associated with this column (ie, file column "keep" and "temp" attributes)
-        unless column.params.empty?
-          column.params.each{|p| parent_record.send("#{p}=", attributes[p]) if attributes.has_key? p}
-        end
+        begin
+          # Set any passthrough parameters that may be associated with this column (ie, file column "keep" and "temp" attributes)
+          unless column.params.empty?
+            column.params.each{|p| parent_record.send("#{p}=", attributes[p]) if attributes.has_key? p}
+          end
 
-        if multi_parameter_attributes.has_key? column.name
-          parent_record.send(:assign_multiparameter_attributes, multi_parameter_attributes[column.name])
-        elsif attributes.has_key? column.name
-          value = column_value_from_param_value(parent_record, column, attributes[column.name]) 
-          parent_record.send("#{column.name}=", value)
+          if multi_parameter_attributes.has_key? column.name.to_s
+            parent_record.send(:assign_multiparameter_attributes, multi_parameter_attributes[column.name.to_s])
+          elsif attributes.has_key? column.name
+            value = column_value_from_param_value(parent_record, column, attributes[column.name])
+            if avoid_changes && column.plural_association?
+              parent_record.association(column.name).target = value
+            else
+              begin
+                parent_record.send "#{column.name}=", value
+              rescue ActiveRecord::RecordNotSaved
+                parent_record.association(column.name).target = value
+              end
+            end
+            if column.association && [:has_one, :has_many].include?(column.association.macro) && column.association.reverse
+              Array(value).each { |v| v.send("#{column.association.reverse}=", parent_record) if v.new_record? }
+            end
+          end
+        rescue
+          logger.error "#{$!.class.name}: #{$!.message} -- on the ActiveScaffold column = :#{column.name} for #{parent_record.inspect}#{" with value #{value}" if value}"
+          raise
         end
       end
 
-      if parent_record.new_record?
-        parent_record.class.reflect_on_all_associations.each do |a|
-          next unless [:has_one, :has_many].include?(a.macro) and not (a.options[:through] || a.options[:finder_sql])
-          next unless (association_proxy = parent_record.send(a.name)).present?
-
-          raise ActiveScaffold::ReverseAssociationRequired, "Association #{a.name} in class #{parent_record.class.name}: In order to support :has_one and :has_many where the parent record is new and the child record(s) validate the presence of the parent, ActiveScaffold requires the reverse association (the belongs_to)." unless a.reverse
-
-          association_proxy = [association_proxy] if a.macro == :has_one
-          association_proxy.each { |record| record.send("#{a.reverse}=", parent_record) }
-        end
-      end
-    
       flash[:warning] = parent_record.errors.to_a.join("\n") if parent_record.errors.present?
       parent_record
     end
-    
-    def manage_nested_record_from_params(parent_record, column, attributes)
-      record = find_or_create_for_params(attributes, column, parent_record)
-      if record
-        record_columns = active_scaffold_config_for(column.association.klass).subform.columns
-        record_columns.constraint_columns = [column.association.reverse]
-        update_record_from_params(record, record_columns, attributes)
-        record.unsaved = true
-      end
-      record
-    end
-    
+
     def column_value_from_param_value(parent_record, column, value)
       # convert the value, possibly by instantiating associated objects
       form_ui = column.form_ui || column.column.try(:type)
@@ -109,7 +104,7 @@ module ActiveScaffold
     end
     
     def column_value_for_datetime_type(parent_record, column, value)
-      new_value = self.class.condition_value_for_datetime(column, value, self.class.datetime_conversion_for_condition(column))
+      new_value = self.class.condition_value_for_datetime(column, value, self.datetime_conversion_for_value(column))
       if new_value.nil? && value.present?
         parent_record.errors.add column.name, :invalid
       end
@@ -145,54 +140,77 @@ module ActiveScaffold
       if value and not value.empty?
         ids = value.select {|id| id.present?}
         ids.empty? ? [] : column.association.klass.find(ids)
+      else
+        []
       end
     end
 
     def column_value_from_param_hash_value(parent_record, column, value)
-      # this is just for backwards compatibility. we should clean this up in 2.0.
-      if column.form_ui == :select
-        ids = if column.singular_association?
-          value[:id]
-        else
-          value.values.collect {|hash| hash[:id]}
-        end
-        (ids and not ids.empty?) ? column.association.klass.find(ids) : nil
-
-      elsif column.singular_association?
+      if column.singular_association?
         manage_nested_record_from_params(parent_record, column, value)
       elsif column.plural_association?
+        value = value.sort if RUBY_VERSION < '1.9'
         # HACK to be able to delete all associated records, hash will include "0" => ""
-        value.sort.collect {|key, value| manage_nested_record_from_params(parent_record, column, value) unless value == ""}.compact
+        value.collect {|key, value| manage_nested_record_from_params(parent_record, column, value) unless value == ""}.compact
       else
         value
       end
     end
+    
+    def manage_nested_record_from_params(parent_record, column, attributes)
+      return nil unless build_record_from_params(attributes, column, parent_record)
+      record = find_or_create_for_params(attributes, column, parent_record)
+      if record
+        record_columns = active_scaffold_config_for(column.association.klass).subform.columns
+        record_columns.constraint_columns = [column.association.reverse]
+        update_record_from_params(record, record_columns, attributes)
+        record.unsaved = true
+      end
+      record
+    end
 
-   # Attempts to create or find an instance of klass (which must be an ActiveRecord object) from the
-    # request parameters given. If params[:id] exists it will attempt to find an existing object
+    def build_record_from_params(params, column, record)
+      current = record.send(column.name)
+      klass = column.association.klass
+      (column.plural_association? && !column.show_blank_record?(current)) || !attributes_hash_is_empty?(params, klass)
+    end
+
+    # Attempts to create or find an instance of the klass of the association in parent_column from the
+    # request parameters given. If params[primary_key] exists it will attempt to find an existing object
     # otherwise it will build a new one.
     def find_or_create_for_params(params, parent_column, parent_record)
       current = parent_record.send(parent_column.name)
       klass = parent_column.association.klass
-      pk = klass.primary_key.to_sym
-      return nil if parent_column.show_blank_record?(current) and attributes_hash_is_empty?(params, klass)
-
-      if params.has_key? pk
-        # modifying the current object of a singular association
-        pk_val = params[pk] 
-        if current and current.is_a? ActiveRecord::Base and current.id.to_s == pk_val
-          current
-        # modifying one of the current objects in a plural association
-        elsif current and current.respond_to?(:any?) and current.any? {|o| o.id.to_s == pk_val}
-          current.detect {|o| o.id.to_s == pk_val}
-        # attaching an existing but not-current object
-        else
-          klass.find(pk_val)
-        end
-      else
-        build_associated(parent_column, parent_record) if klass.authorized_for?(:crud_type => :create)
+      if params.has_key? klass.primary_key
+        record_from_current_or_find(klass, params[klass.primary_key], current)
+      elsif klass.authorized_for?(:crud_type => :create)
+        parent_column.association.klass.new
+      end
+    end
+
+    # Attempts to find an instance of klass (which must be an ActiveRecord object) with id primary key
+    # Returns record from current if it's included or find from DB
+    def record_from_current_or_find(klass, id, current)
+      if current and current.is_a? ActiveRecord::Base and current.id.to_s == id
+      # modifying the current object of a singular association
+        current
+      elsif current and current.respond_to?(:any?) and current.any? {|o| o.id.to_s == id}
+      # modifying one of the current objects in a plural association
+        current.detect {|o| o.id.to_s == id}
+      else # attaching an existing but not-current object
+        klass.find(id)
+      end
+    end
+
+    def save_record_to_association(record, association_name, value)
+      association = record.class.reflect_on_association(association_name) if association_name
+      if association.try(:collection?)
+        record.send(association_name) << value
+      elsif association
+        record.send("#{association_name}=", value)
       end
     end
+
     # Determines whether the given attributes hash is "empty".
     # This isn't a literal emptiness - it's an attempt to discern whether the user intended it to be empty or not.
     def attributes_hash_is_empty?(hash, klass)