alberich 0.2.0

data/test/dummy/app/controllers/user_groups_controller.rb

@@ -0,0 +1,131 @@
+class UserGroupsController < ApplicationController
+  # GET /user_groups
+  # GET /user_groups.json
+  def index
+    require_privilege(Alberich::Privilege::VIEW, User)
+    @user_groups = UserGroup.all
+
+    respond_to do |format|
+      format.html # index.html.erb
+      format.json { render json: @user_groups }
+    end
+  end
+
+  # GET /user_groups/1
+  # GET /user_groups/1.json
+  def show
+    require_privilege(Alberich::Privilege::VIEW, User)
+    @user_group = UserGroup.find(params[:id])
+    add_profile_permissions_inline(Alberich::Entity.for_target(@user_group))
+
+    respond_to do |format|
+      format.html # show.html.erb
+      format.json { render json: @user_group }
+    end
+  end
+
+  # GET /user_groups/new
+  # GET /user_groups/new.json
+  def new
+    require_privilege(Alberich::Privilege::CREATE, User)
+    @user_group = UserGroup.new
+
+    respond_to do |format|
+      format.html # new.html.erb
+      format.json { render json: @user_group }
+    end
+  end
+
+  # GET /user_groups/1/edit
+  def edit
+    require_privilege(Alberich::Privilege::MODIFY, User)
+    @user_group = UserGroup.find(params[:id])
+  end
+
+  # POST /user_groups
+  # POST /user_groups.json
+  def create
+    require_privilege(Alberich::Privilege::CREATE, User)
+    @user_group = UserGroup.new(params[:user_group])
+
+    respond_to do |format|
+      if @user_group.save
+        format.html { redirect_to @user_group, notice: 'User group was successfully created.' }
+        format.json { render json: @user_group, status: :created, location: @user_group }
+      else
+        format.html { render action: "new" }
+        format.json { render json: @user_group.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # PUT /user_groups/1
+  # PUT /user_groups/1.json
+  def update
+    require_privilege(Alberich::Privilege::MODIFY, User)
+    @user_group = UserGroup.find(params[:id])
+
+    respond_to do |format|
+      if @user_group.update_attributes(params[:user_group])
+        format.html { redirect_to @user_group, notice: 'User group was successfully updated.' }
+        format.json { head :no_content }
+      else
+        format.html { render action: "edit" }
+        format.json { render json: @user_group.errors, status: :unprocessable_entity }
+      end
+    end
+  end
+
+  # DELETE /user_groups/1
+  # DELETE /user_groups/1.json
+  def destroy
+    require_privilege(Alberich::Privilege::MODIFY, User)
+    @user_group = UserGroup.find(params[:id])
+    @user_group.destroy
+
+    respond_to do |format|
+      format.html { redirect_to user_groups_url }
+      format.json { head :no_content }
+    end
+  end
+
+  def add_member
+    require_privilege(Alberich::Privilege::MODIFY, User)
+    @user_group = UserGroup.find(params[:id])
+    member = User.find(params[:user_id])
+    if !@user_group.members.include?(member) and
+        @user_group.members << member
+      flash[:notice] = "Added member: #{member}"
+    else
+      flash[:notice] = "Didn't add member: #{member}"
+    end
+    respond_to do |format|
+      format.html { redirect_to user_group_path(@user_group) }
+    end
+
+  end
+
+  def add_members
+    require_privilege(Alberich::Privilege::MODIFY, User)
+    @user_group = UserGroup.find(params[:id])
+    @users = User.where('users.id not in (?)',
+                        @user_group.members.empty? ?
+                        0 : @user_group.members.map(&:id))
+  end
+
+  def remove_member
+    require_privilege(Alberich::Privilege::MODIFY, User)
+    @user_group = UserGroup.find(params[:id])
+    member = User.find(params[:user_id])
+
+    if @user_group.members.delete member
+      flash[:notice] = "Removed member: #{member}"
+    else
+      flash[:notice] = "Failed to remove member: #{member}"
+    end
+    respond_to do |format|
+      format.html { redirect_to user_group_path(@user_group) }
+    end
+  end
+
+end

data/test/dummy/app/controllers/user_sessions_controller.rb

@@ -0,0 +1,38 @@
+class UserSessionsController < ApplicationController
+  before_filter :require_no_user, :only => [:new, :create]
+  before_filter :require_user, :only => :destroy
+
+  def new
+    @title = "Login"
+  end
+
+  def create
+    authenticate!
+    respond_to do |format|
+      format.html do
+        redirect_to back_or_default_url(root_url)
+      end
+      format.js do
+        render :js => "window.location.href = '#{back_or_default_url root_url}'"
+      end
+    end
+  end
+
+  def unauthenticated
+    Rails.logger.warn "Request is unauthenticated for #{request.remote_ip}"
+
+    respond_to do |format|
+      format.html do
+        flash.now[:warning] = "Login Failed"
+        render :action => :new
+      end
+      format.xml { head :unauthorized }
+      format.js { head :unauthorized }
+    end
+  end
+
+  def destroy
+    logout
+    redirect_to login_url
+  end
+end

data/test/dummy/app/controllers/users_controller.rb

@@ -0,0 +1,87 @@
+class UsersController < ApplicationController
+  before_filter :require_user
+
+  def index
+    require_privilege(Alberich::Privilege::VIEW, User)
+    @title = "Users"
+    @params = params
+    @users = User.all
+    respond_to do |format|
+      format.html
+    end
+  end
+
+  def new
+    require_privilege(Alberich::Privilege::CREATE, User)
+    @title = "New User"
+    @user = User.new
+  end
+
+  def create
+    require_privilege(Alberich::Privilege::CREATE, User)
+    @user = User.new(params[:user])
+    @title = "New User"
+    unless @user.save
+      render :action => 'new' and return
+    end
+
+    if current_user != @user
+      flash[:notice] = "User Registered"
+      redirect_to users_url
+    else
+      flash[:notice] = "You have registered"
+      redirect_to root_url
+    end
+  end
+
+  def show
+    @user = params[:id] ? User.find(params[:id]) : current_user
+    require_privilege(Alberich::Privilege::VIEW, User) unless current_user == @user
+    @title = @user.name.present? ? @user.name : @user.username
+    if current_user == user
+      current_session.update_session_entities(current_user)
+    end
+    @user_groups = @user.all_groups
+    add_profile_permissions_inline(Alberich::Entity.for_target(@user))
+    respond_to do |format|
+      format.html
+    end
+  end
+
+  def edit
+    @user = params[:id] ? User.find(params[:id]) : current_user
+    require_privilege(Alberich::Privilege::MODIFY, User) unless @user == current_user
+    @title = "Edit User"
+  end
+
+  def update
+    @title = "Edit User"
+    @user = params[:id] ? User.find(params[:id]) : current_user
+    require_privilege(Alberich::Privilege::MODIFY, User) unless @user == current_user
+
+    if params[:commit] == "Reset"
+      redirect_to edit_user_url(@user) and return
+    end
+
+    redirect_to root_url and return unless @user
+
+    unless @user.update_attributes(params[:user])
+      render :action => 'edit' and return
+    else
+      flash[:notice] = "User updated"
+      redirect_to user_path(@user)
+    end
+  end
+
+  def destroy
+    require_privilege(Alberich::Privilege::MODIFY, User)
+    user = User.find(params[:id])
+    user.destroy
+    flash[:notice] = "Deleted user"
+
+    respond_to do |format|
+      format.html { redirect_to users_path }
+    end
+  end
+
+end

data/test/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/test/dummy/app/helpers/child_resources_helper.rb

@@ -0,0 +1,2 @@
+module ChildResourcesHelper
+end

data/test/dummy/app/helpers/global_resources_helper.rb

@@ -0,0 +1,2 @@
+module GlobalResourcesHelper
+end

data/test/dummy/app/helpers/parent_resources_helper.rb

@@ -0,0 +1,2 @@
+module ParentResourcesHelper
+end

data/test/dummy/app/helpers/standalone_resources_helper.rb

@@ -0,0 +1,2 @@
+module StandaloneResourcesHelper
+end

data/test/dummy/app/helpers/user_groups_helper.rb

@@ -0,0 +1,2 @@
+module UserGroupsHelper
+end

data/test/dummy/app/helpers/users_helper.rb

@@ -0,0 +1,2 @@
+module UsersHelper
+end

data/test/dummy/app/models/child_resource.rb

@@ -0,0 +1,25 @@
+class ChildResource < ActiveRecord::Base
+  belongs_to :parent_resource
+  attr_accessible :description, :name, :parent_resource_id
+
+  include Alberich::PermissionedObject
+
+  # for objects with a user or owner attribute, owner-level privileges
+  # can automatically be conferred with the following
+  #   after_create "assign_owner_roles(owner)"
+  # otherwise this will need to be handled explicitly in the
+  # controller create action
+
+  # We don't need to override perm_ancestors since this type doesn't
+  # inherit from anything
+  def perm_ancestors
+    super + [parent_resource]
+  end
+
+  # We don't need to override derived_subtree since nothing inherits
+  # from this type
+
+  # We don't need to override additional_privilege_target_types since
+  # there are not other privilege types  that need to be set on this
+  # model's roles
+end

data/test/dummy/app/models/child_resource.rb~

@@ -0,0 +1,4 @@
+class ChildResource < ActiveRecord::Base
+  belongs_to :ParentResource
+  attr_accessible :description, :name
+end

data/test/dummy/app/models/global_resource.rb

@@ -0,0 +1,3 @@
+class GlobalResource < ActiveRecord::Base
+  attr_accessible :description, :name
+end

data/test/dummy/app/models/parent_resource.rb

@@ -0,0 +1,32 @@
+class ParentResource < ActiveRecord::Base
+  has_many :child_resources
+  attr_accessible :description, :name
+
+  include Alberich::PermissionedObject
+
+  # for objects with a user or owner attribute, owner-level privileges
+  # can automatically be conferred with the following
+  #   after_create "assign_owner_roles(owner)"
+  # otherwise this will need to be handled explicitly in the
+  # controller create action
+
+  # We don't need to override perm_ancestors since this type doesn't
+  # inherit from anything
+
+  # We don't need to override derived_subtree since nothing inherits
+  # from this type
+  def derived_subtree(role = nil)
+    subtree = super(role)
+    if (role.nil? || role.privilege_target_match(ChildResource))
+      subtree += child_resources
+    end
+    subtree
+  end
+
+  # Other resource types for which we need to allow privileges at this
+  # level (often objects which sub-resources this type)
+  def self.additional_privilege_target_types
+    [ChildResource]
+  end
+
+end

data/test/dummy/app/models/parent_resource.rb~

@@ -0,0 +1,3 @@
+class ParentResource < ActiveRecord::Base
+  attr_accessible :description, :name
+end

data/test/dummy/app/models/standalone_resource.rb

@@ -0,0 +1,22 @@
+class StandaloneResource < ActiveRecord::Base
+  attr_accessible :description, :name
+
+  include Alberich::PermissionedObject
+
+  # for objects with a user or owner attribute, owner-level privileges
+  # can automatically be conferred with the following
+  #   after_create "assign_owner_roles(owner)"
+  # otherwise this will need to be handled explicitly in the
+  # controller create action
+
+  # We don't need to override perm_ancesstors since this type doesn't
+  # inherit from anything
+
+  # We don't need to override derived_subtree since nothing inherits
+  # from this type
+
+  # We don't need to override additional_privilege_target_types since
+  # there are not other privilege types  that need to be set on this
+  # model's roles
+
+end

data/test/dummy/app/models/standalone_resource.rb~

@@ -0,0 +1,3 @@
+class StandaloneResource < ActiveRecord::Base
+  attr_accessible :description, :name
+end

data/test/dummy/app/models/user.rb

@@ -0,0 +1,80 @@
+require 'password'
+
+class User < ActiveRecord::Base
+  attr_accessible :crypted_password, :current_login_at, :current_login_ip, :email, :failed_login_count, :first_name, :last_login_at, :last_login_ip, :last_name, :last_request_at, :login_count, :username, :password, :password_confirmation
+
+  has_and_belongs_to_many :user_groups, :join_table => "members_user_groups",
+                          :foreign_key => "member_id"
+
+
+  # FIXME: reverse assocs for entity, session_entities
+
+  attr_accessor :password, :password_confirmation
+  before_validation :strip_whitespace
+  before_save :encrypt_password
+  validates :email, :presence => true,
+                    :format => { :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i }
+  validates :username, :presence => true,
+                       :length => { :within => 1..100 },
+                       :uniqueness => true
+  validates :first_name, :length => { :maximum => 255 }
+  validates :last_name, :length => { :maximum => 255 }
+  validates :password, :presence => true,
+                       :length => { :within => 4..255 },
+                       :confirmation => true,
+                       :if => Proc.new { |u| u.check_password? }
+
+  def name
+    "#{first_name} #{last_name}".strip
+  end
+
+  def self.authenticate(username, password, ipaddress)
+    username = username.strip unless username.nil?
+    return unless u = User.find_by_username(username)
+    # FIXME: this is because of tests - encrypted password is submitted,
+    # don't know how to get unencrypted version (from factorygirl)
+    if password.length == 192 and password == u.crypted_password
+      update_login_attributes(u, ipaddress)
+    elsif Password.check(password, u.crypted_password)
+      update_login_attributes(u, ipaddress)
+    else
+      u.failed_login_count += 1
+      u.save!
+      u = nil
+    end
+    u.save! unless u.nil?
+    return u
+  end
+
+  def self.update_login_attributes(u, ipaddress)
+    u.login_count += 1
+    u.last_login_ip = ipaddress
+    u.last_login_at = DateTime.now
+  end
+
+  def check_password?
+    # don't check password if it's a new no-local user (ldap)
+    # or if a user is updated
+    new_record? ? true : (!password.blank? or !password_confirmation.blank?)
+  end
+
+  def all_groups
+    group_list = []
+    group_list += self.user_groups
+    group_list
+  end
+
+  def to_s
+    "#{self.first_name} #{self.last_name} (#{self.username})"
+  end
+
+  private
+
+  def encrypt_password
+    self.crypted_password = Password::update(password) unless password.blank?
+  end
+  def strip_whitespace
+    self.username = self.username.strip unless self.username.nil?
+  end
+
+end