adva 0.1.3 → 0.2.0

data/lib/adva/authenticate_user.rb

@@ -0,0 +1,193 @@
+module Adva
+  module AuthenticateUser
+    def self.included(target)
+      target.extend(ClassMethods)
+      target.helper_method(:current_user, :logged_in?, :authenticated?)
+    end
+
+    # Methods available as macro-style methods on any controller
+    module ClassMethods
+      # Sets up the controller so that authentication is required. If
+      # the user is not authenticated then they will be redirected to
+      # the login screen.
+      #
+      # The page requested will be saved so that once the login has
+      # occured they will be sent back to the page they first
+      # requested. If no page was requested (they went to the login
+      # page directly) then they will be directed to profiles/home
+      # after login which is a placeholder for the app to override.
+      #
+      # Options given are passed directly to the before_action method
+      # so feel free to provide :only and :except options.
+      def authentication_required
+        before_action :require_authentication
+      end
+
+      # Will remove authentication from certain actions. Options given
+      # are passed directly to skip_before_action so feel free to use
+      # :only and :except options.
+      #
+      # This method is useful in cases where you have locked down the
+      # entire application by putting authentication_required in your
+      # ApplicationController but then want to open an action back up
+      # in a specific controller.
+      def no_authentication_required
+        skip_before_action :require_authentication
+      end
+    end
+
+    def authenticate_user(credentials)
+      User.authenticate(credentials).tap do |user|
+        if user
+          # prevent session hijacking - unnecessary according to http://dev.rubyonrails.org/ticket/10108
+          # reset_session_except :return_location
+          session[:uid] = user.id
+          set_user_cookie!(user)
+        end
+      end
+    end
+
+    # Will retrieve the current_user. Will not force a login but
+    # simply load the current user if a person is logged in. If
+    # you need the user object loaded with extra options (such as
+    # eager loading) then create a private method called
+    # "user_find_options" on your controller that returns a hash
+    # of the find options you want.
+    #
+    # This method will also inform the models of the current user
+    # if the current user is logged in and the "User" class responds
+    # to the class method current_user=. This is a nice way to
+    # communciate the current user down to the model level for
+    # model-level security. This means you will want to call this
+    # method at least once before using the model-level security.
+    # Usually you will call it in a before filter. This method is
+    # called automatically when authentication_required is applied to
+    # an action.
+    def current_user
+      @current_user ||= begin
+        # Check for session[:uid] here? That would mean that for token auth the
+        # user always needs to be logged out (e.g. in UserController#create).
+        # Looks a bit more robust this way:
+        try_login
+        if session && session[:uid]
+          user = find_current_user
+          set_user_cookie!(user)
+          user
+        else
+          User.anonymous
+        end
+      end
+    end
+
+    def authenticated?
+      !current_user.anonymous?
+    end
+    alias :logged_in? :authenticated?
+
+    # killed this because it's just the wrong way to do it
+    #
+    # # Will store the current params so that we can return here on
+    # # successful login. If you want to redirect to the login yourself
+    # # (perhaps you are applying your own security instead of just
+    # # determining if the user is logged in) then you will want to
+    # # call this before issuing your redirect to the login screen.
+    # def store_return_location
+    #   session[:return_location] = params
+    # end
+
+    private
+
+    # Will actually test to see if the user is authorized
+    def require_authentication
+      # No matter what the app does a user can always login, forgot
+      # password and register. The controllers provided by this
+      # plugin alreaddy have these controllers/actions on an
+      # exception list but this prevents a mistake an overridden
+      # controller from preventing the normal login behavior.
+      %w(session password user).each do |c|
+            %w(new create).each do |a|
+          return if (controller_name == c) && (action_name == a)
+        end
+          end
+
+      # If we cannot get the current user store the requested page
+      # and send them to the login page.
+      if current_user.anonymous?
+        redirect_to login_url(:return_to => request.url) and false
+      end
+    end
+
+    def logout
+      reset_session
+      forget_me!
+    end
+
+    def forget_me!
+      cookies[:remember_me] = nil
+      cookies[:uid] = nil
+      cookies[:uname] = nil
+    end
+
+    def remember_me!
+      token = current_user.assign_token!('remember me')
+      cookies[:remember_me] = { :value => "#{current_user.id};#{token}", :expires => 10.years.from_now }
+    end
+
+    def set_user_cookie!(user = current_user)
+      unless user.anonymous?
+        cookies[:uid] = user.id.to_s
+        cookies[:uname] = user.name
+      end
+    end
+
+    # There are a few ways that a user can login without going through
+    # a login screen. These methods all rely on authenticating with
+    # the information given in the request. If any of these methods
+    # are successful then session[:uid] will be set with the current
+    # user id and current_user will return the current user
+    def try_login
+      if user = http_auth_login || validation_login || remember_me_login
+        session[:uid] = user.id
+      end
+    end
+
+    # Will attempt to authenticate with HTTP Auth. HTTP Auth will not
+    # be required. We are just checking if it is provided mainly for
+    # RESTful requests.
+    def http_auth_login
+      # FIXME: Implement
+    end
+
+    # Will use the URL param :token to see if we can do a token
+    # authentication.
+    def validation_login
+      validate_token User, params[:token]
+    end
+
+    # Will check for a :remember_me cookie for a token that will
+    # authenticate the user.
+    def remember_me_login
+      validate_token User, cookies[:remember_me]
+    end
+
+    # The tokens are stored in various places as id;token. This method
+    # will split that out and validate it. If everything is successful
+    # then the user object is returned. Otherwise nil is returned.
+    # The full token should be passed in.
+    def validate_token(klass, token, options = {})
+      return nil if token.blank?
+      return nil unless token =~ /\;/
+
+      uid, token = token.split ';'
+      if object = klass.find_by_id(uid)
+        return object if object.authenticate(token)
+      end
+      nil
+    end
+
+    def find_current_user
+      User.find_by_id(session[:uid])
+    end
+  end
+end
+

data/lib/{active_record → adva}/belongs_to_author.rb

@@ -1,13 +1,13 @@
-require "active_record/belongs_to_cacheable"
+require "belongs_to_cacheable"
 
-module ActiveRecord
+module Adva
   module BelongsToAuthor
     def self.included(base)
       base.include BelongsToCacheable
-      base.extend ActMacro
+      base.extend ClassMethods
     end
 
-    module ActMacro
+    module ClassMethods
       def belongs_to_user(*args)
         options = args.extract_options!
         args = (args.empty? ? [:user] : args)

data/lib/adva/event.rb

@@ -0,0 +1,34 @@
+module Adva
+  class Event
+    cattr_accessor :observers
+    @@observers = []
+
+    attr_reader :type        # what happened
+    attr_reader :object      # the object that the event is about, e.g. payment
+    attr_reader :source      # the origin or the event, e.g. payment processor
+    attr_reader :options     # optional options for the event
+
+    def self.trigger(type, object, source, options = {})
+      event = new(type, object, source, options)
+      observers.each do |observer|
+        observer = observer.constantize if observer.is_a?(String)
+        callback = :"handle_#{event.type}!"
+
+        if observer.respond_to?(callback)
+          observer.send(callback, event)
+        elsif observer.respond_to?(:handle_event!)
+          observer.handle_event!(event)
+        end
+      end
+    end
+
+    def initialize(type, object, source, options = {})
+      @type, @object, @source, @options = type, object, source, options
+    end
+
+    def method_missing(name, *args)
+      return @options[name] if @options.has_key?(name)
+      super
+    end
+  end
+end

data/lib/adva/extensible_forms.rb

@@ -0,0 +1,285 @@
+require 'action_view'
+require 'action_view/helpers'
+require 'action_view/helpers/form_helper'
+
+module ActionView
+  module Helpers
+    module FormHelper
+      def field_set(object_name, name, content = nil, options = {}, &block)
+        options.delete(:object)
+        options[:name] ||= name
+        options[:id] ||= name
+        content ||= self.capture(&block) if block_given?
+        content_tag("fieldset", raw(content), options).html_safe
+      end
+
+      protected
+
+      def singular_class_name(name)
+        ActiveModel::Naming.singular(name)
+      end
+
+      def pick_form_builder(name)
+        name = "#{name.to_s.classify}FormBuilder"
+        name.constantize
+      rescue NameError
+        Object.const_set(name, Class.new(ActionView::Base.default_form_builder)) rescue ActionView::Base.default_form_builder
+      end
+    end
+  end
+end
+
+module Adva
+  class ExtensibleFormBuilder < ActionView::Helpers::FormBuilder
+    class_attribute :callbacks
+    self.callbacks = { :before => {}, :after => {} }
+
+    class_attribute :tabs
+    self.tabs = []
+
+    class_attribute :options
+    self.options = { :labels => false, :wrap => false, :default_class_names => {} }
+
+    class << self
+      [:labels, :wrap].each do |option|
+        define_method(:"#{option}=") { |value| self.options[option] = value }
+      end
+
+      def default_class_names(type = nil)
+        if type
+          self.options[:default_class_names][type] ||= []
+        else
+          self.options[:default_class_names]
+        end
+      end
+
+      def before(object_name, method, string = nil, &block)
+        add_callback(:before, object_name, method, string || block)
+      end
+
+      def after(object_name, method, string = nil, &block)
+        add_callback(:after, object_name, method, string || block)
+      end
+
+      def tab(name, options = {}, &block)
+        self.tabs.reject! { |n, b| name == n }
+        self.tabs += [[name, block]]
+      end
+
+      protected
+
+        def add_callback(stage, object_name, method, callback)
+          method = method.to_sym
+          callbacks[stage][object_name] ||= { }
+          callbacks[stage][object_name][method] ||= []
+          callbacks[stage][object_name][method] << callback
+        end
+    end
+
+    helpers = field_helpers + %w(select date_select datetime_select time_select time_zone_select collection_select) -
+                              %w(hidden_field label fields_for apply_form_for_options!)
+
+    helpers.each do |method_name|
+      class_eval <<-src, __FILE__, __LINE__
+        def #{method_name}(*args, &block)
+          type = #{method_name.to_sym.inspect}
+
+          options = args.extract_options!
+          options = add_default_class_names(options, type)
+          # options = add_tabindex(options, type)
+
+          label, wrap, hint = options.delete(:label), options.delete(:wrap), options.delete(:hint)
+          name = args.first
+
+          hint = I18n.t(hint) if hint.is_a?(Symbol)
+          options[:title] = hint
+
+          with_callbacks(name) do
+            tag = super(*(args << options), &block)
+            # remember_tabindex(tag, options)
+            tag = labelize(type, tag, name, label) if label || self.options[:labels]
+            tag = wrap(tag) if wrap || self.options[:wrap]
+            tag
+          end
+        end
+      src
+    end
+
+    def field_set(*args, &block)
+      options = args.extract_options!
+      options = add_default_class_names(options, :field_set)
+
+      name    = args.first
+      name ||= :default_fields
+
+      @template.concat with_callbacks(name) {
+        legend = options.delete(:legend) || ''
+        legend = @template.content_tag('legend', legend) unless legend.blank?
+        @template.field_set(@object_name, name, nil, objectify_options(options)) do
+          legend.to_s + (block ? block.call.to_s : '')
+        end
+      }
+    end
+
+    def tabs
+      yield if block_given?
+      assign_ivars!
+      @template.content_tag(:div, :class => 'tabs') {
+        self.class.tabs.map.with_index { |(name, _), index|
+          active = self.class.tabs.first.first == name
+          %(<input type="radio" id="adva_current_tab_#{index}" name="adva_current_tab" #{"checked" if active}>)
+        }.join.html_safe +
+
+        @template.content_tag(:ul) {
+          self.class.tabs.map.with_index { |(name, _), index|
+            @template.content_tag(:li) {
+              title = I18n.t(name, :scope => :'adva.titles')
+              %(<label for="adva_current_tab_#{index}">#{title}</label>).html_safe
+            }
+          }.join.html_safe
+        } +
+
+        self.class.tabs.map.with_index { |(name, block), index|
+          klass = self.class.tabs.first.first == name ? 'tab active' : 'tab'
+          @template.content_tag 'fieldset', block.call(self), id: "tab_#{name}", class: klass, for: "adva_current_tab_#{index}"
+        }.join.html_safe
+      }.html_safe
+    end
+
+    def tab(name, &block)
+      with_callbacks(:"tab_#{name}") {
+        self.class.tab(name, &block)
+      }
+    end
+
+    def buttons(name = :submit_buttons, &block)
+      @template.concat with_callbacks(name) {
+        @template.capture { @template.buttons(&block) }
+      }
+    end
+
+    def render(*args)
+      @template.send(:render, *args)
+    end
+
+    protected
+
+    def labelize(type, tag, method, label = nil)
+      label = case label
+      when String then label
+      when Symbol then I18n.t(label)
+      when TrueClass then
+        scope = [:activerecord, :attributes] + object.class.to_s.underscore.split('/')
+        string = I18n.t(method, :scope => scope)
+        string.is_a?(String) ? string : method.to_s.titleize
+      else nil
+      end
+
+      case type
+      when :check_box, :radio_button
+        tag + self.label(method, label, :class => 'inline light', :for => extract_id(tag), :id => "#{extract_id(tag)}_label")
+      else
+        self.label(method, label) + tag
+      end
+    end
+
+    def wrap(tag)
+      @template.content_tag(:p, tag)
+    end
+
+    def hint(tag, hint)
+      tag + @template.content_tag(:span, "", title: hint, class: 'hint', for: extract_id(tag))
+    end
+
+    def add_default_class_names(options, type)
+      options[:class] = (Array(options[:class]) + self.class.default_class_names(type)).join(' ')
+      options.delete(:class) if options[:class].blank?
+      options
+    end
+
+    def tabindex_increment!
+      @tabindex_count ||= 0
+      @tabindex_count += 1
+    end
+
+    def set_tabindex_position(index = nil, position = nil)
+      position = case position
+      when :after  then tabindexes[index] + 1
+      when :before then tabindexes[index] - 1
+      when :same   then tabindexes[index]
+      else tabindex_increment!
+      end
+      position
+    end
+
+    def add_tabindex(options, type)
+      index = options[:tabindex]
+
+      if index.is_a?(Hash)
+        key = index.keys.first
+        options[:tabindex] = set_tabindex_position(index[key], key)
+      elsif index.is_a?(Symbol)
+        options[:tabindex] = set_tabindex_position(index, :same)
+      elsif index.blank?
+        options[:tabindex] = set_tabindex_position
+      end
+
+      options
+    end
+
+    def tabindexes
+      @tabindexes ||= {}
+    end
+
+    def remember_tabindex(tag, options)
+      id = extract_id(tag)
+      tabindexes[:"#{id}"] = options[:tabindex] unless id.blank?
+    end
+
+    def with_callbacks(method, &block)
+      result = ''
+      result += run_callbacks(:before, method) if method
+      result += yield.to_s
+      result += run_callbacks(:after, method) if method
+      result.html_safe
+    end
+
+    def run_callbacks(stage, method)
+      if callbacks = callbacks_for(stage, method.to_sym)
+        callbacks.inject('') do |result, callback|
+          result + case callback
+            when Proc
+              assign_ivars!
+              instance_eval(&callback)
+            else
+              callback
+          end.to_s
+        end
+      end || ''
+    end
+
+    def callbacks_for(stage, method)
+      object_name = @object_name.try(:to_sym)
+      self.callbacks[stage][object_name] and
+      self.callbacks[stage][object_name][method.to_sym]
+    end
+
+    def assign_ivars!
+      unless @ivars_assigned
+        @template.assigns.each { |key, value| instance_variable_set("@#{key}", value) }
+        vars = @template.controller.instance_variable_names
+        vars.each { |name| instance_variable_set(name, @template.controller.instance_variable_get(name)) }
+        @ivars_assigned = true
+      end
+    end
+
+    # yep, we gotta do this crap because there doesn't seem to be a sane way
+    # to hook into actionview's form_helper methods
+    def extract_id(tag)
+      tag =~ /id="([^"]+)"/
+      $1
+    end
+  end
+end
+
+ActionView::Base.default_form_builder = Adva::ExtensibleFormBuilder

data/lib/{has_options.rb → adva/has_options.rb}

@@ -1,12 +1,9 @@
-# TODO allow a :type option and typecast the value
-
-module HasOptions
-  class << self
-    def included(base)
+module Adva
+  module HasOptions
+    def self.included(base)
       base.class_eval do
         extend ClassMethods
-        class_attribute :option_definitions
-        self.option_definitions = {}
+        class_attribute :option_definitions, default: {}
         serialize :options
       end
     end
@@ -46,3 +43,4 @@ module HasOptions
     end
   end
 end
+

data/lib/adva/has_permalink.rb

@@ -0,0 +1,36 @@
+require "friendly_id"
+
+module Adva
+  module HasPermalink
+    def self.included(base)
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+      def has_permalink column, options={}
+        extend FriendlyId
+
+        friendly_id column do |config|
+          config.use :slugged, :finders
+          if options[:scope]
+            config.use :scoped
+            config.scope = options[:scope]
+          end
+          config.slug_column = options[:url_attribute]
+        end
+
+        self.class_eval do
+          def should_generate_new_friendly_id?
+            permalink.blank?
+          end
+        end
+
+        define_method :"#{options[:url_attribute]}=" do |value|
+          value = value.parameterize if value
+          super value
+        end
+      end
+    end
+  end
+end
+

data/lib/adva/version.rb

@@ -1,3 +1,3 @@
 module Adva
-  VERSION = "0.1.3"
+  VERSION = "0.2.0"
 end

data/lib/adva.rb

@@ -1,66 +1,40 @@
-# require "adva_cms/version"
 require "rails"
 require "will_paginate"
 require "awesome_nested_set"
 require "actionpack/page_caching"
-
-require 'extensible_forms'
-require 'time_hacks'
-require 'core_ext'
-require 'rails_ext'
 require "rails-observers"
+require "jquery-rails"
 
-# require 'menu'
-# require 'event'    # need to force these to be loaded now, so Rails won't
-# require 'registry' # reload them between requests (FIXME ... this doesn't seem to happen?)
+require "rails_ext"
 
-# config.to_prepare do
-#   Registry.set :redirect, {
-#     :login        => lambda { |c| c.send(:admin_sites_url) },
-#     :verify       => '/',
-#     :site_deleted => lambda { |c| c.send(:admin_sites_url) }
-#   }
-# end 
 # load vendored gems
-Dir["#{File.expand_path("#{File.dirname(__FILE__)}/../vendor/gems")}/**/lib"].each do |vendored_gem_path|
+Dir["#{File.expand_path("#{__dir__}/../vendor/gems")}/**/lib"].each do |vendored_gem_path|
   $: << vendored_gem_path
 end
 
-require "has_counter"
 require "belongs_to_cacheable"
+require "cacheable_flash"
 require "filtered_column"
-require "has_filter"
 require "simple_taggable"
 require "tags"
 require "table_builder"
-require "xss_terminate"
 require "authentication"
+require "adva/event"
+require "adva/extensible_forms"
 
 module Adva
   class Engine < Rails::Engine
     initializer "add assets to precompilation list" do |app|
-      app.config.assets.precompile += %w(adva_cms/application.js)
-      app.config.assets.precompile += %w(adva_cms/admin.css adva_cms/admin/activities.css)
+      app.config.assets.precompile += %w(adva_cms.js)
+      app.config.assets.precompile += %w(adva_cms/admin.css)
       app.config.assets.precompile += %w(admin.css admin.js)
-    end
 
-    initializer "setup xss_terminate" do
-      XssTerminate.untaint_after_find = true
+      app.config.assets.precompile += %w(adva_cms/icons/tick.png adva_cms/icons/cross.png)
     end
 
     initializer "adva_user.init" do
-      ActionController::Base.send :include, ActionController::AuthenticateUser
-      ActionController::Base.send :include, ActionController::AuthenticateAnonymous
-      ActiveRecord::Base.send :include, ActiveRecord::BelongsToAuthor
-      ActionView::Base.send :include, Login::HelperIntegration
-
-      Event.observers << 'PasswordMailer'
+      Adva::Event.observers << 'PasswordMailer'
     end
   end
 end
 
-require "action_controller/authenticate_user"
-require "action_controller/authenticate_anonymous"
-require "active_record/belongs_to_author"
-require "login/helper_integration"
-

data/lib/rails_ext/action_controller/event_helper.rb

@@ -10,7 +10,7 @@ module ActionController
     
     def trigger_event(object, change = nil, options = {})
       type = :"#{object.class.name.underscore}_#{change}"
-      Event.trigger type, object, self, options
+      Adva::Event.trigger type, object, self, options
     end
   end
 end

data/lib/rails_ext.rb

@@ -1,14 +1,5 @@
-require 'rails_ext/action_controller/cacheable_flash'
 require 'rails_ext/action_controller/default_params'
 require 'rails_ext/action_controller/event_helper'
-require 'rails_ext/action_controller/page_caching'
-require 'rails_ext/action_controller/content_for_assignments'
-require 'rails_ext/action_controller/responds_to_parent'
 require 'rails_ext/action_controller/render_with_error_proc'
 require 'rails_ext/action_controller/url_for_returning'
 
-require 'rails_ext/active_record/sti_instantiation'
-require 'rails_ext/active_record/sticky_changes'
-
-require 'rails_ext/railties/plugin_configuration'
-