admin_data 1.0.2 → 1.0.3

data/History.txt

@@ -1,3 +1,13 @@
+=== 2010-08-17 v1.0.3
+* added more tests 
+* fixed a bug related to :is_allowed_to_view_klass
+
+
+=== 2010-08-16
+* released as a gem
+* version 1.0.2
+* only works with rails3
+
 === 2010-04-14
 
 * JavaScript code refactoring

data/app/controllers/admin_data/base_controller.rb

@@ -8,10 +8,9 @@ class AdminData::BaseController < ApplicationController
 
   include AdminData::Chelper
 
-  before_filter :rails3_hack, :build_klasses, :build_drop_down_for_klasses, :check_page_parameter, :prepare_drop_down_klasses
+  before_filter :build_klasses, :build_drop_down_for_klasses, :check_page_parameter, :prepare_drop_down_klasses
 
-  attr_reader :klass
-  attr_reader :model
+  attr_reader :klass, :model
 
   private
 
@@ -24,8 +23,8 @@ class AdminData::BaseController < ApplicationController
     render :text => '<h2>not authorized</h2>', :status => :unauthorized unless admin_data_is_allowed_to_view?
   end
 
-  def ensure_is_allowed_to_view_model
-    render :text => 'not authorized', :status => :unauthorized unless admin_data_is_allowed_to_view_model?
+  def ensure_is_allowed_to_view_klass
+    render :text => 'not authorized', :status => :unauthorized unless admin_data_is_allowed_to_view_klass?
   end
 
   def ensure_is_allowed_to_update
@@ -58,20 +57,18 @@ class AdminData::BaseController < ApplicationController
       model_names = Dir.chdir(model_dir) { Dir["**/*.rb"] }
       klasses = get_klass_names(model_names)
       filtered_klasses = remove_klasses_without_table(klasses).sort_by {|r| r.name.underscore}
-      klasses_with_security_clearance = filtered_klasses.select do |klass_local|
+      klasses_with_security_clearance = filtered_klasses.compact.select do |klass_local|
         @klass = klass_local
-        admin_data_is_allowed_to_view_model?
+        admin_data_is_allowed_to_view_klass?
       end
       #TODO remove global constant. it is not thread safe
       $admin_data_klasses = klasses_with_security_clearance
-      puts $admin_data_klasses.inspect
     end
     @klasses = $admin_data_klasses
   end
 
   def remove_klasses_without_table(klasses)
-    klasses.select { |k| k.ancestors.include?(ActiveRecord::Base) &&
-    k.connection.table_exists?(k.table_name) }
+    klasses.select { |k| k.ancestors.include?(ActiveRecord::Base) && k.connection.table_exists?(k.table_name) }
   end
 
   def get_klass_names(model_names)
@@ -98,7 +95,8 @@ class AdminData::BaseController < ApplicationController
   end
 
   def check_page_parameter
-    # Got hoptoad error because of url like http://localhost:3000/admin_data/User/advance_search?page=http://201.134.249.164/intranet/on.txt?
+    # Got hoptoad error because of url like 
+    # http://localhost:3000/admin_data/User/advance_search?page=http://201.134.249.164/intranet/on.txt?
     if params[:page].blank? || (params[:page] =~ /\A\d+\z/)
       # proceed
     else
@@ -106,9 +104,4 @@ class AdminData::BaseController < ApplicationController
     end
   end
 
-  def rails3_hack
-    #require_dependency File.join(Rails.root, 'vendor', 'plugins', 'admin_data', 'lib', 'admin_data', 'settings.rb')
-    #AdminData::Config.initialize_defaults
-  end
-
 end

data/app/controllers/admin_data/feed_controller.rb

@@ -5,7 +5,7 @@ class AdminData::FeedController < AdminData::BaseController
   before_filter :ensure_is_allowed_to_view_feed
 
   def index
-    render :text => "usage: http://localhost:3000/admin_data/feed/user" and return if params[:klasss].blank?
+    render :text => "Usage: http://localhost:3000/admin_data/feed/<model name>" and return if params[:klasss].blank?
 
     begin
       @klass = AdminData::Util.camelize_constantize(params[:klasss])

data/app/controllers/admin_data/main_controller.rb

@@ -8,7 +8,7 @@ class AdminData::MainController  < AdminData::BaseController
 
   before_filter :get_model_and_verify_it, :only => [:destroy, :del, :edit, :update, :show]
 
-  before_filter :ensure_is_allowed_to_view_model, :except => [:all_models, :index]
+  before_filter :ensure_is_allowed_to_view_klass, :except => [:all_models, :index]
 
   before_filter :ensure_is_allowed_to_update, :only => [:destroy, :del, :edit, :update, :create]
 
@@ -110,13 +110,9 @@ class AdminData::MainController  < AdminData::BaseController
     conditional_id = params[:id] =~ /^(\d+)-.*/ ? params[:id].to_i : params[:id]
     condition = {primary_key => conditional_id}
 
-    # http://neerajdotname.github.com/admin_data/#override_find_condition
-    find_conditions_proc = AdminData::Config.setting[:find_conditions] ?  AdminData::Config.setting[:find_conditions][@klass.name] : nil
-    if find_conditions_proc && find_conditions = find_conditions_proc.call(params)
-
-      if find_conditions.has_key?(:conditions)
-        condition = find_conditions.fetch(:conditions)
-      end
+    _proc = AdminData::Config.setting[:find_conditions] ?  AdminData::Config.setting[:find_conditions][@klass.name] : nil
+    if _proc && find_conditions = _proc.call(params)
+      condition = find_conditions.fetch(:conditions) if find_conditions.has_key?(:conditions)
     end
 
     @model = @klass.send('find', :first, :conditions => condition)

data/app/controllers/admin_data/search_controller.rb

@@ -8,7 +8,7 @@ class AdminData::SearchController  < AdminData::BaseController
 
   before_filter :get_class_from_params
   before_filter :ensure_is_allowed_to_view
-  before_filter :ensure_is_allowed_to_view_model
+  before_filter :ensure_is_allowed_to_view_klass
   before_filter :ensure_valid_children_klass, :only => [:quick_search]
   before_filter :ensure_is_authorized_for_update_opration, :only => [:advance_search]
   before_filter :set_collection_of_columns, :only => [:advance_search]

data/app/views/admin_data/main/new.html.erb

@@ -13,7 +13,9 @@
     <div class="content rounded">          
       <div class="inner umbrella">
         <h1>Create a new record</h1>
-        <%= form_for @model, :as => @klass.name.underscore.to_sym, :url  => admin_data_on_k_index_path(:klass => @klass.name), :html => {:class => 'form', :method => :post} do |f| %>
+        <%= form_for @model,  :as => @klass.name.underscore.to_sym, 
+                              :url  => admin_data_on_k_index_path(:klass => @klass.name), 
+                              :html => {:class => 'form', :method => :post} do |f| %>
           <%= render 'admin_data/shared/flash_message', :model => @model %>
           <%= render 'admin_data/main/misc/form', :klass => @klass, :f => f %>
         <% end %>

data/app/views/admin_data/search/search/_errors.html.erb

@@ -1,5 +1,5 @@
 <div>
-   <% errors.each do |error| %>
-      <p class='error'><%= error %></p>
-   <% end %>   
+  <% errors.each do |error| %>
+    <p class='error'><%= error %></p>
+  <% end %>   
 </div>   

data/app/views/admin_data/search/search/_listing.html.erb

@@ -37,4 +37,3 @@
 </div>
 
 <div class='clear'></div>
-

data/lib/admin_data/chelper.rb

@@ -9,9 +9,9 @@ module AdminData::Chelper
     AdminData::Config.setting[:is_allowed_to_view].call(self)
   end
 
-  def admin_data_is_allowed_to_view_model?
+  def admin_data_is_allowed_to_view_klass?
     return true if Rails.env.development?
-    AdminData::Config.setting[:is_allowed_to_view_model].call(self)
+    AdminData::Config.setting[:is_allowed_to_view_klass].call(self)
   end
 
   def admin_data_is_allowed_to_update?

data/lib/admin_data/railtie.rb

@@ -14,8 +14,7 @@ module AdminData
     end
     
     rake_tasks do
-      load 'tasks/admin_data_tasks.rake'
-      load 'tasks/validate_models_bg.rake'
+      #
     end
   end
-end
+end

data/lib/admin_data/settings.rb

@@ -12,7 +12,7 @@ class AdminData::Config
     is_allowed_to_view_feed
     feed_authentication_user_id
     feed_authentication_password
-    is_allowed_to_view_model
+    is_allowed_to_view_klass
     is_allowed_to_update
     is_allowed_to_update_model
     column_settings
@@ -49,7 +49,7 @@ class AdminData::Config
 
       :is_allowed_to_update         => lambda {|controller| return true if Rails.env.development? },
 
-      :is_allowed_to_view_model     => lambda {|controller| return true  },
+      :is_allowed_to_view_klass     => lambda {|controller| return true  },
 
       :is_allowed_to_update_model   => lambda {|controller| return true  },
 

data/lib/admin_data/version.rb

@@ -1,3 +1,3 @@
 module AdminData
-  VERSION = '1.0.2'
+  VERSION = '1.0.3'
 end

data/lib/admin_data.rb

@@ -23,7 +23,9 @@ else
   raise "Please see documentation at http://neerajdotname.github.com/admin_data to find out how to use this plugin with rails 2.3"
 end
 
+# move date_validation to inside admin_data
 require 'admin_data_date_validation'
+
 require 'admin_data/helpers'
 require 'admin_data/chelper'
 require 'admin_data/compatibility'

data/test/functional/main_controller_authorization_test.rb

@@ -0,0 +1,96 @@
+require 'test_helper'
+
+pwd = File.dirname(__FILE__)
+f = File.join(pwd, '..', '..', 'app', 'views')
+AdminData::MainController.prepend_view_path(f)
+
+class AdminData::MainControllerAuthorizationTest < ActionController::TestCase
+
+  def setup
+    @controller = AdminData::MainController.new
+    @request = ActionController::TestRequest.new
+    @response = ActionController::TestResponse.new
+    @article = Factory(:article)
+    @car = Factory(:car, :year => 2000, :brand => 'bmw')
+    grant_read_only_access
+    grant_update_access
+  end
+
+  context 'is not allowed to view' do
+    setup do
+      revoke_read_only_access
+      get :table_structure, {:klass => Article.name.underscore}
+    end
+    should_respond_with(401)
+    should 'have text index' do
+      assert_tag(:content => 'not authorized')
+    end
+  end
+
+  context 'is allowed to view klass' do
+    context 'negative case' do
+      setup do
+        AdminData::Config.set = {
+          :is_allowed_to_view_klass => lambda {|controller| controller.instance_variable_get('@klass').name != 'Article' }
+        }
+        get :show, {:id => @article.id, :klass => Article.name.underscore }
+      end
+      should_respond_with(401)
+      should 'have text index' do
+        assert_tag(:content => 'not authorized')
+      end
+    end
+    context 'positive case' do
+      setup do
+        AdminData::Config.set = {
+          :is_allowed_to_view_klass => lambda {|controller| controller.instance_variable_get('@klass').name == 'Article' }
+        }
+        get :show, {:id => @article.id, :klass => Article.name.underscore }
+      end
+      should_respond_with :success
+    end
+  end
+
+  context 'is allowed to update' do
+    context 'for edit' do
+      setup do
+        AdminData::Config.set = { :is_allowed_to_update => lambda {|controller| false } }
+        get :edit, {:id => @article.id, :klass => @article.class.name, :attr => 'title', :data => 'Hello World' }
+      end
+      should_respond_with(401)
+    end
+
+    context 'for destroy' do
+      setup do
+        AdminData::Config.set = { :is_allowed_to_update => lambda {|controller| false } }
+        delete :destroy, {:id => @article.id, :klass => @article.class.name.underscore}
+      end
+      should_respond_with(401)
+    end
+
+    context 'for delete' do
+      setup do
+        AdminData::Config.set = { :is_allowed_to_update => lambda {|controller| false } }
+        delete :del, {:id => @article.id, :klass => @article.class.name.underscore }
+      end
+      should_respond_with(401)
+    end
+
+    context 'for update' do
+      setup do
+        AdminData::Config.set = { :is_allowed_to_update => lambda {|controller| false } }
+        post :update, { :klass => Article.name.underscore, :id => @article, :article => {:title => 'new title'}}
+      end
+      should_respond_with(401)
+    end
+
+    context 'for create' do
+      setup do
+        AdminData::Config.set = { :is_allowed_to_update => lambda {|controller| false } }
+        post :create, { :klass => Article.name.underscore, 'article' => {:title => 'hello', :body => 'hello world'}}
+      end
+      should_respond_with(401)
+    end
+  end
+
+end

data/test/functional/main_controller_test.rb

@@ -16,8 +16,6 @@ class AdminData::MainControllerTest < ActionController::TestCase
     grant_update_access
   end
 
-  #TODO write tests for all before filters
-
   context 'get table_structure' do
     setup do
       get :table_structure, {:klass => Article.name.underscore}