authorails 1.0.0

data/dispatches/dispatch.fcgi

@@ -0,0 +1,24 @@
+#!/usr/local/bin/ruby
+#
+# You may specify the path to the FastCGI crash log (a log of unhandled
+# exceptions which forced the FastCGI instance to exit, great for debugging)
+# and the number of requests to process before running garbage collection.
+#
+# By default, the FastCGI crash log is RAILS_ROOT/log/fastcgi.crash.log
+# and the GC period is nil (turned off).  A reasonable number of requests
+# could range from 10-100 depending on the memory footprint of your app.
+#
+# Example:
+#   # Default log path, normal GC behavior.
+#   RailsFCGIHandler.process!
+#
+#   # Default log path, 50 requests between GC.
+#   RailsFCGIHandler.process! nil, 50
+#
+#   # Custom log path, normal GC behavior.
+#   RailsFCGIHandler.process! '/var/log/myapp_fcgi_crash.log'
+#
+require File.dirname(__FILE__) + "/../config/environment"
+require 'fcgi_handler'
+
+RailsFCGIHandler.process!

data/dispatches/dispatch.rb

@@ -0,0 +1,10 @@
+#!/usr/local/bin/ruby
+
+require File.dirname(__FILE__) + "/../config/environment" unless defined?(RAILS_ROOT)
+
+# If you're using RubyGems and mod_ruby, this require should be changed to an absolute path one, like:
+# "/usr/local/lib/ruby/gems/1.8/gems/rails-0.8.0/lib/dispatcher" -- otherwise performance is severely impaired
+require "dispatcher"
+
+ADDITIONAL_LOAD_PATHS.reverse.each { |dir| $:.unshift(dir) if File.directory?(dir) } if defined?(Apache::RubyRun)
+Dispatcher.dispatch

data/dispatches/gateway.cgi

@@ -0,0 +1,97 @@
+#!/usr/local/bin/ruby
+
+require 'drb'
+
+# This file includes an experimental gateway CGI implementation. It will work
+# only on platforms which support both fork and sockets.
+#
+# To enable it edit public/.htaccess and replace dispatch.cgi with gateway.cgi.
+#
+# Next, create the directory log/drb_gateway and grant the apache user rw access
+# to said directory.
+#
+# On the next request to your server, the gateway tracker should start up, along
+# with a few listener processes. This setup should provide you with much better
+# speeds than dispatch.cgi.
+#
+# Keep in mind that the first request made to the server will be slow, as the
+# tracker and listeners will have to load. Also, the tracker and listeners will
+# shutdown after a period if inactivity. You can set this value below -- the
+# default is 90 seconds.
+
+TrackerSocket = File.expand_path(File.join(File.dirname(__FILE__), '../log/drb_gateway/tracker.sock'))
+DieAfter = 90 # Seconds
+Listeners = 3
+
+def message(s)
+  $stderr.puts "gateway.cgi: #{s}" if ENV && ENV["DEBUG_GATEWAY"]
+end
+
+def listener_socket(number)
+  File.expand_path(File.join(File.dirname(__FILE__), "../log/drb_gateway/listener_#{number}.sock"))
+end
+
+unless File.exists? TrackerSocket
+  message "Starting tracker and #{Listeners} listeners"
+  fork do
+    Process.setsid
+    STDIN.reopen "/dev/null"
+    STDOUT.reopen "/dev/null", "a"
+
+    root = File.expand_path(File.dirname(__FILE__) + '/..')
+
+    message "starting tracker"
+    fork do
+      ARGV.clear
+      ARGV << TrackerSocket << Listeners.to_s << DieAfter.to_s
+      load File.join(root, 'script', 'tracker')
+    end
+
+    message "starting listeners"
+    require File.join(root, 'config/environment.rb')
+    Listeners.times do |number|
+      fork do
+        ARGV.clear
+        ARGV << listener_socket(number) << DieAfter.to_s
+        load File.join(root, 'script', 'listener')
+      end
+    end
+  end
+
+  message "waiting for tracker and listener to arise..."
+  ready = false
+  10.times do
+    sleep 0.5
+    break if (ready = File.exists?(TrackerSocket) && File.exists?(listener_socket(0)))
+  end
+
+  if ready
+    message "tracker and listener are ready"
+  else
+    message "Waited 5 seconds, listener and tracker not ready... dropping request"
+    Kernel.exit 1
+  end
+end
+
+DRb.start_service
+
+message "connecting to tracker"
+tracker = DRbObject.new_with_uri("drbunix:#{TrackerSocket}")
+
+input = $stdin.read
+$stdin.close
+
+env = ENV.inspect
+
+output = nil
+tracker.with_listener do |number|
+  message "connecting to listener #{number}"
+  socket = listener_socket(number)
+  listener = DRbObject.new_with_uri("drbunix:#{socket}")
+  output = listener.process(env, input)
+  message "listener #{number} has finished, writing output"
+end
+
+$stdout.write output
+$stdout.flush
+$stdout.close

data/doc/README_FOR_APP

@@ -0,0 +1,2 @@
+Use this README file to introduce your application and point to useful places in the API for learning more.
+Run "rake appdoc" to generate API documentation for your models and controllers.

data/environments/boot.rb

@@ -0,0 +1,45 @@
+# Don't change this file. Configuration is done in config/environment.rb and config/environments/*.rb
+
+unless defined?(RAILS_ROOT)
+  root_path = File.join(File.dirname(__FILE__), '..')
+
+  unless RUBY_PLATFORM =~ /(:?mswin|mingw)/
+    require 'pathname'
+    root_path = Pathname.new(root_path).cleanpath(true).to_s
+  end
+
+  RAILS_ROOT = root_path
+end
+
+unless defined?(Rails::Initializer)
+  if File.directory?("#{RAILS_ROOT}/vendor/authorails")
+    require "#{RAILS_ROOT}/vendor/authorails/railties/lib/initializer"
+  else
+    require 'rubygems'
+
+    environment_without_comments = IO.readlines(File.dirname(__FILE__) + '/environment.rb').reject { |l| l =~ /^#/ }.join
+    environment_without_comments =~ /[^#]AUTHORAILS_GEM_VERSION = '([\d.]+)'/
+    authorails_gem_version = $1
+
+    if version = defined?(AUTHORAILS_GEM_VERSION) ? AUTHORAILS_GEM_VERSION : authorails_gem_version
+      # Asking for 1.1.6 will give you 1.1.6.5206, if available -- makes it easier to use beta gems
+      authorails_gem = Gem.cache.search('authorails', "~>#{version}.0").sort_by { |g| g.version.version }.last
+
+      if authorails_gem
+        gem "authorails", "=#{authorails_gem.version.version}"
+        require authorails_gem.full_gem_path + '/lib/initializer'
+      else
+        STDERR.puts %(Cannot find gem for AuthoRails ~>#{version}.0:
+    Install the missing gem with 'gem install -v=#{version} authorails', or
+    change environment.rb to define AUTHORAILS_GEM_VERSION with your desired version.
+  )
+        exit 1
+      end
+    else
+      gem "authorails"
+      require 'initializer'
+    end
+  end
+
+  Rails::Initializer.run(:set_load_path)
+end

data/environments/development.rb

@@ -0,0 +1,21 @@
+# Settings specified here will take precedence over those in config/environment.rb
+
+# In the development environment your application's code is reloaded on
+# every request.  This slows down response time but is perfect for development
+# since you don't have to restart the webserver when you make code changes.
+config.cache_classes = false
+
+# Log error messages when you accidentally call methods on nil.
+config.whiny_nils = true
+
+# Enable the breakpoint server that script/breakpointer connects to
+config.breakpoint_server = true
+
+# Show full error reports and disable caching
+config.action_controller.consider_all_requests_local = true
+config.action_controller.perform_caching             = false
+config.action_view.cache_template_extensions         = false
+config.action_view.debug_rjs                         = true
+
+# Don't care if the mailer can't send
+config.action_mailer.raise_delivery_errors = false

data/environments/environment.rb

@@ -0,0 +1,63 @@
+# Be sure to restart your web server when you modify this file.
+
+# Uncomment below to force Rails into production mode when 
+# you don't control web/app server and can't set it the proper way
+# ENV['RAILS_ENV'] ||= 'production'
+
+# Specifies gem version of Rails to use when vendor/rails is not present
+AUTHORAILS_GEM_VERSION = '1.0.0' unless defined? AUTHORAILS_GEM_VERSION
+
+# Bootstrap the Rails environment, frameworks, and default configuration
+require File.join(File.dirname(__FILE__), 'boot')
+
+Rails::Initializer.run do |config|
+  # Settings in config/environments/* take precedence over those specified here
+  
+  # Skip frameworks you're not going to use (only works if using vendor/rails)
+  # config.frameworks -= [ :action_web_service, :action_mailer ]
+
+  # Only load the plugins named here, by default all plugins in vendor/plugins are loaded
+  # config.plugins = %W( exception_notification ssl_requirement )
+
+  # Add additional load paths for your own custom dirs
+  # config.load_paths += %W( #{RAILS_ROOT}/extras )
+
+  # Force all environments to use the same logger level 
+  # (by default production uses :info, the others :debug)
+  # config.log_level = :debug
+
+  # Use the database for sessions instead of the file system
+  # (create the session table with 'rake db:sessions:create')
+  # config.action_controller.session_store = :active_record_store
+
+  # Use SQL instead of Active Record's schema dumper when creating the test database.
+  # This is necessary if your schema can't be completely dumped by the schema dumper, 
+  # like if you have constraints or database-specific column types
+  # config.active_record.schema_format = :sql
+
+  # Activate observers that should always be running
+  # config.active_record.observers = :cacher, :garbage_collector
+
+  # Make Active Record use UTC-base instead of local time
+  # config.active_record.default_timezone = :utc
+  
+  # See Rails::Configuration for more options
+end
+
+#Enables input live validation. Switch to false to disable it
+ActionView::live_validations = true
+
+# Add new inflection rules using the following format 
+# (all these examples are active by default):
+# Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register "application/x-mobile", :mobile
+
+# Include your application configuration below

data/environments/production.rb

@@ -0,0 +1,18 @@
+# Settings specified here will take precedence over those in config/environment.rb
+
+# The production environment is meant for finished, "live" apps.
+# Code is not reloaded between requests
+config.cache_classes = true
+
+# Use a different logger for distributed setups
+# config.logger = SyslogLogger.new
+
+# Full error reports are disabled and caching is turned on
+config.action_controller.consider_all_requests_local = false
+config.action_controller.perform_caching             = true
+
+# Enable serving of images, stylesheets, and javascripts from an asset server
+# config.action_controller.asset_host                  = "http://assets.example.com"
+
+# Disable delivery errors, bad email addresses will be ignored
+# config.action_mailer.raise_delivery_errors = false

data/environments/test.rb

@@ -0,0 +1,19 @@
+# Settings specified here will take precedence over those in config/environment.rb
+
+# The test environment is used exclusively to run your application's
+# test suite.  You never need to work with it otherwise.  Remember that
+# your test database is "scratch space" for the test suite and is wiped
+# and recreated between test runs.  Don't rely on the data there!
+config.cache_classes = true
+
+# Log error messages when you accidentally call methods on nil.
+config.whiny_nils = true
+
+# Show full error reports and disable caching
+config.action_controller.consider_all_requests_local = true
+config.action_controller.perform_caching             = false
+
+# Tell ActionMailer not to deliver emails to the real world.
+# The :test delivery method accumulates sent emails in the
+# ActionMailer::Base.deliveries array.
+config.action_mailer.delivery_method = :test

data/fresh_rakefile

@@ -0,0 +1,10 @@
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require(File.join(File.dirname(__FILE__), 'config', 'boot'))
+
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+
+require 'tasks/rails'

data/helpers/application.rb

@@ -0,0 +1,607 @@
+# Filters added to this controller apply to all controllers in the application.
+# Likewise, all the methods added will be available for all controllers.
+
+class ApplicationController < ActionController::Base
+  # Pick a unique cookie name to distinguish our session data from others'
+  session :session_key => '_<%= app_name%>_session_id'
+  
+    
+layout 'general' #all views will share this layout
+  #:authorize checks if the user is logged
+  before_filter :authorize
+  before_filter :find_relations
+  #:initialize loads necessary variables;  :privileges checks all user's privileges
+  before_filter :initialize,:privileges
+  before_filter :find_fkeys,:only => [:new,:create,:edit,:update] 
+  before_filter :privileges_for_create, :only => [:new,:create] #check if the user can create
+  before_filter :privileges_for_destroy, :only => [:destroy] #check if the user can destroy
+  before_filter :check_privileges_for_update, :only => [:update] #against attempting to edit fields without permission
+
+
+  def edit_child
+    @child_table = params[:child_table]
+    @father = controller_name.singularize.camelize.constantize.find(params[:id])
+    if session[:superuser]
+     @all = @child_table.singularize.camelize.constantize.find_all
+    else
+     @all=[]
+     all_rows_of_related_table=[]
+     @child_table.singularize.camelize.constantize.find_all.each {|r| all_rows_of_related_table << r.id}
+     
+     role=Login.find_by_usernameMail(session[:username]).role_id
+     relation=Relation.find_by_sql("SELECT r.id as id
+      FROM relations r,table_fields tf,tables t1,tables t2 
+      WHERE r.table_field_id=tf.id and tf.table_id=t1.id and r.table_id=t2.id and ((t1.name=\"#{controller_name}\" and t2.name=\"#{@child_table}\") or (t2.name=\"#{controller_name}\" and t1.name=\"#{@child_table}\"))")
+      relation=relation[0].id unless relation.empty?
+       
+     #if user can create a relation, he can show the rows not even related with the current element  
+     if RelationPermission.find_by_role_id_and_relation_id_and_action(role,relation,"create")
+      already_defined=[] #rows related with the current element
+      @child_table.singularize.camelize.constantize.find(:all,:conditions => "#{controller_name.singularize.foreign_key}=#{params[:id]}").each {|r| already_defined << r.id}
+      to_show = all_rows_of_related_table - already_defined
+      to_show.each {|r| @all << @child_table.singularize.camelize.constantize.find(r)}
+     end
+     
+     #if user can destroy a relation, he can show the rows related with the current element
+     if RelationPermission.find_by_role_id_and_relation_id_and_action(role,relation,"destroy")
+      @child_table.singularize.camelize.constantize.find(:all,:conditions => "#{controller_name.singularize.foreign_key}=#{params[:id]}").each {|r| @all << @child_table.singularize.camelize.constantize.find(r)}
+     end
+    end
+    render :template => 'shared_views/edit_child'
+  end
+  
+  def update_child
+    @child_table = params[:child_table]
+    @father = controller_name.singularize.camelize.constantize.find(params[:id])
+    @childs= params[@child_table]
+    @child_as_class = @child_table.singularize.camelize.constantize
+    @child_as_class.transaction do 
+     fk_name = controller_name.singularize.foreign_key 
+     
+     unless session[:superuser]
+      role=Login.find_by_usernameMail(session[:username]).role_id
+      relation=Relation.find_by_sql("SELECT r.id as id
+       FROM relations r,table_fields tf,tables t1,tables t2 
+       WHERE r.table_field_id=tf.id and tf.table_id=t1.id and r.table_id=t2.id and ((t1.name=\"#{controller_name}\" and t2.name=\"#{@child_table}\") or (t2.name=\"#{controller_name}\" and t1.name=\"#{@child_table}\"))")[0].id
+     end   
+     if session[:superuser] or RelationPermission.find_by_role_id_and_relation_id_and_action(role,relation,"destroy")
+      #deleting old childs
+      @child_as_class.find(:all, :conditions => "#{fk_name} = #{@father.id}").each {|child| child.update_attribute fk_name, nil}
+     end
+     
+     unless @childs.nil?
+      @childs.each do |one|
+       @child_as_class.find(one).update_attribute fk_name, @father.id
+      end
+     end
+    end
+    flash[:notice] = @child_table.titleize + " succesfully updated."
+    redirect_to :action => 'show', :id => @father
+  end
+  
+  def edit_many
+    @table = params[:table]
+    @join_table = params[:join_table]
+    @current = controller_name.singularize.camelize.constantize.find(params[:id],:include => @childs)
+    if session[:superuser]
+     @all = @table.singularize.camelize.constantize.find_all
+    else
+     @all=[]  
+     all_rows_of_related_table=[]
+     @table.singularize.camelize.constantize.find_all.each {|r| all_rows_of_related_table << r.id}
+     
+     role=Login.find_by_usernameMail(session[:username]).role_id
+     relation=Relation.find_by_sql("SELECT r.id as id
+      FROM relations r,table_fields tf,tables t1,tables t2 
+      WHERE r.table_field_id=tf.id and tf.table_id=t1.id and r.table_id=t2.id and ((t1.name=\"#{controller_name}\" and t2.name=\"#{@table}\") or (t2.name=\"#{controller_name}\" and t1.name=\"#{@table}\"))")
+      relation=relation[0].id unless relation.empty?
+       
+     #if user can create a relation, he can show the rows not even related with the current element  
+     if RelationPermission.find_by_role_id_and_relation_id_and_action(role,relation,"create")
+      already_defined=[] #rows related with the current element
+      @join_table.singularize.camelize.constantize.find(:all,:conditions => "#{controller_name.singularize.foreign_key}=#{params[:id]}").each {|r| already_defined << r.send(@table.singularize.foreign_key)}
+      to_show = all_rows_of_related_table - already_defined
+      to_show.each {|r| @all << @table.singularize.camelize.constantize.find(r)}
+     end
+     
+     #if user can destroy a relation, he can show the rows related with the current element
+     if RelationPermission.find_by_role_id_and_relation_id_and_action(role,relation,"destroy")
+      @join_table.singularize.camelize.constantize.find(:all,:conditions => "#{controller_name.singularize.foreign_key}=#{params[:id]}").each {|r| @all << @table.singularize.camelize.constantize.find(r.send(@table.singularize.foreign_key))}
+     end
+    end 
+    render :template => 'shared_views/edit_many'
+  end
+  
+  def update_many
+    @table = params[:table]
+    @join_table = params[:join_table]
+    @current = controller_name.singularize.camelize.constantize.find(params[:id],:include => @childs)
+    @related = params[@table]
+    @join_table_as_class = @join_table.singularize.camelize.constantize
+    fk_name1 = controller_name.singularize.foreign_key
+    fk_name2 = @table.singularize.foreign_key    
+    @new_ids=[] #list of rows choosed
+   unless @related.nil?
+    @related.each {|r| @new_ids << r.to_i}
+   end
+    @all = [] #list of all related rows already present 
+    @current.send(@join_table).each {|r| @all << r.send(@table.singularize).id.to_i unless r.send(@table.singularize).nil?}#all related rows    
+    @to_insert = @new_ids - @all #new rows that needs to be insert
+    @to_delete = @all - @new_ids #old rows that needs to be erased
+    @join_table_as_class.transaction do 
+      @to_insert.each {|r| @join_table_as_class.create(
+                      fk_name1 => @current.id,
+                      fk_name2 => r
+                      )}
+    
+     unless session[:superuser]
+      role=Login.find_by_usernameMail(session[:username]).role_id
+      relation=Relation.find_by_sql("SELECT r.id as id
+       FROM relations r,table_fields tf,tables t1,tables t2 
+       WHERE r.table_field_id=tf.id and tf.table_id=t1.id and r.table_id=t2.id and ((t1.name=\"#{controller_name}\" and t2.name=\"#{@table}\") or (t2.name=\"#{controller_name}\" and t1.name=\"#{@table}\"))")[0].id
+     end   
+     if session[:superuser] or RelationPermission.find_by_role_id_and_relation_id_and_action(role,relation,"destroy")
+      @to_delete.each {|r| @join_table_as_class.find(:first,:conditions => "#{fk_name1}=#{@current.id} and #{fk_name2}=#{r}").destroy}
+     end
+   end
+    flash[:notice] = @table.titleize + " succesfully updated."
+    redirect_to :action => 'show', :id => @current
+  end  
+  
+  def show_related #for hide/show associated elements from the show action
+   object = controller_name.singularize.camelize.constantize.find(params[:id])
+   case params[:relation]
+    when "one-to-one"
+     render :partial => 'shared_views/one_to_one_elements', :locals => {:one => params[:referenced], :object => object}
+    when "one-to-one-father"
+     render :partial => 'shared_views/one_to_one_father_elements', :locals => {:one => params[:referenced], :object => object}
+    when "one-to-many"
+     render :partial => 'shared_views/father_elements', :locals => {:father => params[:referenced], :object => object}
+    when "one-to-many-child"
+     render :partial => 'shared_views/child_elements', :locals => {:child => params[:referenced], :object => object}
+    when "many-to-many"
+     render :partial => 'shared_views/many_to_many_elements', :locals => {:many => { :join_table => params[:join_table], :name => params[:referenced]}, :object => object}
+   end 
+  end
+
+  private
+  
+  def authorize #action for login
+   if !session[:superuser] #if the user is not the superuser
+    unless @user=Login.find_by_usernameMail(session[:username]) 
+     flash[:notice] = "Please login first!"
+     redirect_to(:controller => "login") and return false
+    end
+   end 
+  end
+  
+  def initialize
+   @tables=Table.find(:all) #application table's list
+   
+  end
+  
+  def privileges
+   unless session[:superuser]
+    @fields_readable={
+    :self => check_field_level_privilege("read",controller_name) #finding readable fields of the current table
+    }
+    #for each father,loading the fields readable
+    @fathers.each {|father| @fields_readable[father] = check_field_level_privilege("read",father.pluralize)}
+    #for each father in a one-to-one relation, loading the fields readable
+    @one_to_one_fathers.each {|one_father| @fields_readable[one_father] = check_field_level_privilege("read",one_father.pluralize)}
+    #for each child in a one-to-one relation, loading the fields readable
+    @one_to_ones.each {|one| @fields_readable[one] = check_field_level_privilege("read",one.pluralize)}
+    @childs.each {|child| @fields_readable[child] = check_field_level_privilege("read",child)}
+    @many_to_manys.each {|many|
+         @fields_readable[many[:name]] = check_field_level_privilege("read",many[:name])
+         @fields_readable[many[:join_table]] = check_field_level_privilege("read",many[:join_table])
+         }
+    
+    editables = check_field_level_privilege("update",controller_name)
+    editables.each {|f|
+    @fields_editable << f.name
+    }
+    
+    @can_create=can?("create")
+    @can_destroy=can?("destroy")
+   end 
+  end
+  
+  def can?(operation)
+   find_role_table_operation(operation)
+   return check_privilege
+  end
+  
+  def find_role_table_operation(op)
+   @role=Login.find_by_usernameMail(session[:username]).role_id
+   @table=Table.find_by_name(controller_name).id
+   @operation=TabOperation.find_by_operation(op).id  
+  end
+  
+  def check_privilege
+   TabPermission.find_by_role_id_and_table_id_and_tab_operation_id(@role,@table,@operation)
+  end
+  
+  def privileges_for_create
+   check_table_level_privilege("create")
+  end
+  
+  def privileges_for_destroy
+   check_table_level_privilege("destroy")
+  end
+  
+  def check_table_level_privilege(op)
+   if !session[:superuser]
+    find_role_table_operation(op)
+    unless check_privilege
+      flash[:notice] = "Not enough privileges for #{op}!"
+      redirect_to(:action => "list")
+    end
+   end 
+  end
+  
+  def check_field_level_privilege(oper,table)
+   begin
+    if !session[:superuser]
+     find_fields(oper,table)
+    end
+   rescue
+     flash[:notice] = "No table fields in database!"
+     redirect_to(:action => "list")   
+   end  
+  end
+  
+  def find_fkeys #helpful for create a select with associated tables
+   @fkeys=Relation.find_by_sql(
+   "SELECT tf.name,t2.name as referenced_table
+   FROM relations r,table_fields tf,tables t1,tables t2 
+   WHERE r.table_field_id=tf.id and tf.table_id=t1.id and r.table_id=t2.id and t1.name=\"#{controller_name}\" and relation_type <> \"many-to-many\"")
+   @rows=[]
+   @fkeys.each {|key|
+   row={ 
+   :name => key.name,
+   :referented_table => key.referenced_table,
+   :object => key.referenced_table.singularize.camelize.constantize.find(:all).map {|u| [columns_of(u,key.referenced_table),u.id] }
+   }
+   @rows << row
+    }
+   @one_to_one_for_select=[]
+   @one_to_ones.each {|one|
+   row={ 
+   :name => one,
+   :object => one.camelize.constantize.find(:all).map {|u| [columns_of(u,one.pluralize),u.id] }
+   }
+   @one_to_one_for_select << row
+    } 
+  end
+  
+  def columns_of(object,ref_table)
+   string=""
+     columns=TableField.find(:all,:include => :table,:conditions => "tables.name=\"#{ref_table}\" and table_fields.name <> \"id\" and table_fields.name not like \"%_id\"")
+     columns.each {|col|
+      if session[:superuser]
+       string += "#{object.send(col.name)} "
+      else
+       unless @fields_readable[ref_table.singularize].empty? 
+       @fields_readable[ref_table.singularize].each do |field|
+        if col.name == field.name 
+         string += "#{object.send(col.name)} "
+        end
+       end 
+       end
+      end
+      }
+   return string  
+  end
+  
+  def find_fields(oper,table)
+     role=Login.find_by_usernameMail(session[:username]).role_id
+     #query for select the field-level privileges
+     return Table.find_by_sql(
+     "SELECT tf.name FROM tables t,table_fields tf,attr_permissions a,attr_operations op 
+     where t.id=tf.table_id and tf.id=a.table_field_id and a.attr_operation_id=op.id 
+     and op.operation=\"#{oper}\" and a.role_id=#{role} and t.name=\"#{table}\""
+     )
+  end
+  
+ def check_privileges_for_update
+  begin
+   if !session[:superuser]
+   unless params[controller_name.singularize].nil?
+    @string=""
+    params[controller_name.singularize].each do |p|
+     permission = false
+      @string=p[0]
+     #we skip the columns that acts as foreign key
+     if p[0] =~ /_id$/
+      permission = true
+     end 
+     @fields_editable.each do |field|
+      if field == p[0] #if user can update the field
+       permission = true
+      end
+      #dates are splitten in date(1i),date(2i),date(3i)
+      if p[0] =~ /#{field}(\(.i\))$/
+       permission = true
+      end
+     end
+     
+     unless permission #se invece non ce l'ha,viene reindirizzato all'azione list
+       flash[:notice] = "Attempting to update a field without permission."
+       redirect_to :action => 'list'+@string and return #return to avoid multiple redirect
+     end
+    end
+   end   
+   end
+   rescue
+     flash[:notice] = "No table fields in database!"
+     redirect_to(:action => "list")   
+   end 
+  end
+  
+  def find_relations
+   unless session[:superuser]
+    @role=Login.find_by_usernameMail(session[:username]).role_id
+   end 
+    @fields_editable = [] #will contain all fields editable
+    @rel_permissions=[] #will contain all relations between tables that user can define
+    @relations_to_create=[] #will contain all relations that user can create
+    @relations_to_destroy=[] #will contain all relations that user can destroy
+    @relations_to_update=[] #will contain all relations that user can update
+    @child_relations=Relation.find(:all,:conditions => "tables.name=\"#{controller_name}\" and relation_type <> \"many-to-many\" and for_join_table <> \"yes\"",:include => :table)
+    @childs=[] #will contain child tables with a one-to-many relation
+    @one_to_ones=[] #will contain child tables with a one-to-one relation
+    @child_relations.each do |child|
+     case child.relation_type
+      when "one-to-one"
+       @one_to_ones << child.table_field.table.name.singularize
+       if session[:superuser] or RelationPermission.find_by_role_id_and_relation_id(@role,child.id)
+        @rel_permissions << child.table_field.table.name
+        unless session[:superuser]
+         @fields_editable << child.table_field.table.name #so we can add a select when editing an element
+         if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,child.id,'create')
+          @relations_to_create << child.table_field.table.name
+         end
+         if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,child.id,'destroy')
+          @relations_to_destroy << child.table_field.table.name
+         end 
+         if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,child.id,'update')
+          @relations_to_update << child.table_field.table.name
+         end         
+        end
+       end 
+      when "one-to-many"
+       @childs << child.table_field.table.name
+       if session[:superuser] or RelationPermission.find_by_role_id_and_relation_id(@role,child.id)
+        @rel_permissions << child.table_field.table.name
+        unless session[:superuser]
+         if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,child.id,'create')
+          @relations_to_create << child.table_field.table.name
+         end
+         if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,child.id,'destroy')
+          @relations_to_destroy << child.table_field.table.name
+         end         
+        end
+       end 
+     end
+    end
+    
+    
+    @father_relations=Relation.find_by_sql(
+    "SELECT r.id as id,t2.name as referenced_table,relation_type
+    FROM relations r,table_fields tf,tables t1,tables t2 
+    where r.table_field_id=tf.id and tf.table_id=t1.id and r.table_id=t2.id and t1.name=\"#{controller_name}\" and relation_type <> \"many-to-many\"")
+    @fathers=[]
+    @one_to_one_fathers=[]
+    @father_relations.each {|father| 
+       if father.relation_type=="one-to-many" 
+        @fathers << father.referenced_table.singularize
+        if session[:superuser] or RelationPermission.find_by_role_id_and_relation_id(@role,father.id)
+         @rel_permissions << father.referenced_table
+         unless session[:superuser]
+          @fields_editable << father.referenced_table
+          if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,father.id,'create')
+           @relations_to_create << father.referenced_table
+          end
+          if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,father.id,'destroy')
+           @relations_to_destroy << father.referenced_table
+          end 
+          if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,father.id,'update')
+           @relations_to_update << father.referenced_table
+          end    
+         end
+        end 
+       end
+       if father.relation_type=="one-to-one"
+        @one_to_one_fathers << father.referenced_table.singularize
+        if session[:superuser] or RelationPermission.find_by_role_id_and_relation_id(@role,father.id)
+         @rel_permissions << father.referenced_table
+         unless session[:superuser]
+          @fields_editable << father.referenced_table
+          if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,father.id,'create')
+           @relations_to_create << father.referenced_table
+          end
+          if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,father.id,'destroy')
+           @relations_to_destroy << father.referenced_table
+          end 
+          if RelationPermission.find_by_role_id_and_relation_id_and_action(@role,father.id,'update')
+           @relations_to_update << father.referenced_table
+          end  
+         end
+        end 
+       end
+        }
+    
+    #many to many associated tables from a verse
+    @many_to_many_relations_1=Relation.find_by_sql("SELECT r.id as id,t1.name as name,join_table
+    FROM relations r,tables t1,tables t2,table_fields tf 
+    WHERE r.table_field_id=tf.id and r.table_id=t1.id and tf.table_id=t2.id and relation_type=\"many-to-many\" and t2.name=\"#{controller_name}\"")
+    @many_to_manys=[]
+    @many_to_many_relations_1.each {|many|
+    row={ 
+    :name => many.name,
+    :join_table => many.join_table 
+        }
+    @many_to_manys << row 
+     if session[:superuser] or RelationPermission.find_by_role_id_and_relation_id(@role,many.id)
+         @rel_permissions << many.name
+         
+     end   
+   }
+     
+    #many to many associated tables from the other verse 
+    @many_to_many_relations_2=Relation.find_by_sql("SELECT r.id as id,t2.name as name,join_table
+    FROM relations r,tables t1,tables t2,table_fields tf 
+    WHERE r.table_field_id=tf.id and r.table_id=t1.id and tf.table_id=t2.id and relation_type=\"many-to-many\" and t1.name=\"#{controller_name}\"")
+    @many_to_many_relations_2.each { |many|
+    row={ 
+    :name => many.name,
+    :join_table => many.join_table 
+        }
+     @many_to_manys << row
+     if session[:superuser] or RelationPermission.find_by_role_id_and_relation_id(@role,many.id)
+         @rel_permissions << many.name
+     end
+        }
+  end
+  
+ def find_related_columns
+  @fathers.each {|f|
+    for column in f.camelize.constantize.content_columns
+     if session[:superuser]
+      @columns << "#{f.camelize.constantize.table_name}.#{column.name}"
+     else
+      @fields_readable[f].each do |field|
+       if column.name == field.name 
+        @columns << "#{f.camelize.constantize.table_name}.#{column.name}"
+       end
+      end 
+     end 
+    end
+  }  
+  @one_to_ones.each {|one|
+    for column in one.camelize.constantize.content_columns
+     if session[:superuser]
+      @columns << "#{one.camelize.constantize.table_name}.#{column.name}"
+     else
+      @fields_readable[one].each do |f|
+       if column.name == f.name 
+        @columns << "#{one.camelize.constantize.table_name}.#{column.name}"
+       end
+      end 
+     end       
+    end
+  }
+  @one_to_one_fathers.each {|one|
+    for column in one.camelize.constantize.content_columns
+     if session[:superuser]
+      @columns << "#{one.camelize.constantize.table_name}.#{column.name}"
+     else
+      @fields_readable[one].each do |f|
+       if column.name == f.name 
+        @columns << "#{one.camelize.constantize.table_name}.#{column.name}"
+       end
+      end 
+     end       
+    end
+  }  
+ end
+ 
+ def find_conditions_for_search
+     if params[:order]==""  
+      @order = "" 
+     else 
+      @order = params[:order] 
+     end
+     @conditions= ""
+     if params[:search_type].nil? or params[:search_type].empty? #if an advanced query isn't done
+      @filter=params[:query]
+      @filter="" if @filter.nil?
+      i=1
+      unless @filter.empty?
+       @conditions_string="Showing rows where each column like '%#{@filter}%'"
+      end 
+      @columns.each {|c|
+       @conditions += "#{c} LIKE :filter" 
+       @conditions += " or " unless i==@columns.length
+       i+=1
+      }
+      @conditions = "true" if @conditions=="" #else an exception will be thrown
+     else #an advanced query is done
+      @query_advanced=params[:query_advanced]
+      @criteria=params[:criteria]
+      @search_type=params[:search_type]
+      @selected_columns=params[:columns]
+      @min=params[:min]
+      @max=params[:max]
+      if params[:columns].is_a?(String)
+       @selected_columns=Array.new
+       params[:columns].split("/").each do |col|
+        @selected_columns << col
+       end
+      end
+      if !@selected_columns.nil? and ((!@query_advanced.nil? and !@query_advanced.empty? and @search_type=="unilateral") or ((!@min.nil? and !@min.empty? and @search_type=="bilateral") or (!@max.nil? and !@max.empty? and @search_type=="bilateral")))
+       @conditions_string="Showing rows where:<br />"
+       i=1
+       if @search_type == "unilateral"
+        unless params[:not_for_unilateral_search].nil? #the checkbox for the negation has been checked
+         case @criteria
+          when "like" then @criteria="not like"
+          when "=" then @criteria="<>"
+          when "<" then @criteria=">="
+          when ">" then @criteria="<="
+         end
+        end 
+        @selected_columns.each do |column|
+         @conditions_string += "- #{column} #{@criteria} '#{@query_advanced}'"
+         @conditions += "#{column} #{@criteria} :filter" 
+         @conditions += " or " unless i==@selected_columns.length
+         @conditions_string += "<br />&nbsp;&nbsp;&nbsp;&nbsp;Or<br />" unless i==@selected_columns.length
+         i+=1
+        end
+       elsif @search_type == "bilateral"
+        @selected_columns.each do |column|
+         if !@min.nil? and !@min.empty? and !@max.nil? and !@max.empty?
+          unless params[:not_for_interval_search].nil? #the checkbox for the negation has been checked
+           @conditions += "(#{column} <= :min or #{column} >= :max)" 
+           @conditions_string += "- #{column} not between [#{@min},#{@max}]"
+          else
+           @conditions += "(#{column} >= :min and #{column} <= :max)"
+           @conditions_string += "- #{column} between [#{@min},#{@max}]"
+          end
+         elsif !@min.nil? and !@min.empty?
+          if params[:not_for_interval_search].nil?
+           @conditions += "(#{column} >= :min)"
+           @conditions_string += "- #{column} between [#{@min},inf]"
+          else
+           @conditions += "(#{column} < :min)"
+           @conditions_string += "- #{column} not between [#{@min},inf]"
+          end 
+         else
+          if params[:not_for_interval_search].nil?
+           @conditions += "(#{column} <= :max)"
+           @conditions_string += "- #{column} between [-inf,#{@max}]"
+          else
+           @conditions += "(#{column} > :max)"
+           @conditions_string += "- #{column} not between [-inf,#{@max}]"
+          end  
+         end 
+         @conditions += " or " unless i==@selected_columns.length
+         @conditions_string += "<br />&nbsp;&nbsp;&nbsp;&nbsp;Or<br />" unless i==@selected_columns.length
+         i+=1
+        end
+       end  
+       @conditions_string += "<br />Search type: #{@search_type}"
+      else
+       if @selected_columns.nil? #if no columns has been selected
+        flash[:notice] = "No columns selected for searching. Showing all rows." 
+       else #if no filter has been written
+        flash[:notice] = "No filter text has been written for #{@search_type} search. Showing all rows."
+       end 
+      end
+      @conditions = "true" if @conditions=="" #else an exception will be thrown
+      
+     end
+ end
+ 
+end