biovision-base 0.39.190804.1 → 0.41.190905.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9d5f8617a8dff7ad9626d48a7f1e22cc8f08c2593b217c6c27841ab5aa921d6c
-  data.tar.gz: 01c40c0839b5f499a4230ff5c66ca3b0eda1e5366004f9191d019788eb33262a
+  metadata.gz: d07b344a9bc96d622dd67d169153fe9ee451c41cac3c035cac596c097aa88437
+  data.tar.gz: 0b7da0cff70e2f6d32c04c7e4367f8a4620e1fde75185b47ff4640c39ef2112f
 SHA512:
-  metadata.gz: bf4038b7bddff5695f12bbe5a98f146a3f2ac6ebbabfa34c35a4f1b3cd66d2b575a04c2b47806638cd6d85110ce0d38f90fecb4ea3bfaa46cc94244edf25b7a1
-  data.tar.gz: 5f506ea490fb45a7e3eb072d9494e66360370b037cdd8605f570108def672749ff4f462946b0e9f9363b889d103edd22ff76e9d207cb75c445a2dbb7ea40d861
+  metadata.gz: 93d2908f0237a274f9631f620efb6b63594fdc1ecfb7bff47467991bdf4830138a25bf6b39577b1e81d061e25d26b08f12b314604ed97999c303df66fc504bf3
+  data.tar.gz: 2e8f2feb382ef4653ccb8f7c4a2bfefd032a4c5244b782e156f88a420f4248a724c229db30825a972b0a5d6f473722bdabe7e50fe0bd575937f70a192086e717

data/app/assets/images/biovision/base/icons/key.svg

@@ -0,0 +1,16 @@
+<svg version="1.1" viewBox="0 0 24 24" width="24px" height="24px" xmlns="http://www.w3.org/2000/svg">
+  <title>Key</title>
+  <defs>
+    <style type="text/css">
+      * { stroke: #ada33d; stroke-width: 1.5; }
+      line { stroke-linecap: round; }
+    </style>
+  </defs>
+  <g>
+    <circle cx="4" cy="20" r="3" fill="none"/>
+    <line x1="6" y1="18" x2="20" y2="4"/>
+    <line x1="19" y1="5" x2="21" y2="7"/>
+    <line x1="17" y1="7" x2="20" y2="10"/>
+    <line x1="14" y1="8" x2="16" y2="10"/>
+  </g>
+</svg>

data/app/assets/javascripts/biovision/base/biovision.js

@@ -189,6 +189,16 @@ const Biovision = {
         } else {
             console.log('Cannot find element with id ' + formId)
         }
+    },
+    execute: function (name, context) {
+        const args = Array.prototype.slice.call(arguments, 2);
+        const namespaces = name.split(".");
+        const func = namespaces.pop();
+        for(let i = 0; i < namespaces.length; i++) {
+            context = context[namespaces[i]];
+        }
+
+        return context[func].apply(context, args);
     }
 };
 
@@ -757,8 +767,8 @@ Biovision.components.userSearch = {
             const response = JSON.parse(this.responseText);
             const results = container.querySelector('.results');
 
-            if (response.hasOwnProperty('data')) {
-                results.innerHTML = response['data']['html'];
+            if (response.hasOwnProperty('meta')) {
+                results.innerHTML = response['meta']['html'];
 
                 results.querySelectorAll('li').forEach(function (li) {
                     li.addEventListener('click', function (event) {
@@ -775,6 +785,125 @@ Biovision.components.userSearch = {
     }
 };
 
+Biovision.components.adminUserSearch = {
+    initialized: false,
+    selector: ".js-admin-user-search",
+    url: undefined,
+    button: undefined,
+    input: undefined,
+    resultsContainer: undefined,
+    callbackName: undefined,
+    init: function () {
+        const container = document.querySelector(this.selector);
+        if (container) {
+            const component = this;
+            this.url = container.getAttribute("data-url");
+            this.button = container.querySelector("button");
+            this.input = container.querySelector("input");
+            this.resultsContainer = container.querySelector("select");
+            this.callbackName = container.getAttribute("data-callback");
+
+            this.input.addEventListener("input", component.changeInput);
+            this.button.addEventListener("click", component.clickButton);
+            this.resultsContainer.addEventListener("change", component.changeSelect);
+            this.initialized = true;
+        }
+    },
+    changeInput: function (event) {
+        const component = Biovision.components.adminUserSearch;
+        const input = event.target;
+        component.button.disabled = input.value.length < 1;
+    },
+    clickButton: function (event) {
+        const component = Biovision.components.adminUserSearch;
+        const url = component.url + "?q=" + encodeURIComponent(component.input.value);
+        Biovision.jsonAjaxRequest("get", url, component.showResults).send();
+    },
+    changeSelect: function (event) {
+        const component = Biovision.components.adminUserSearch;
+        const select = event.target;
+        const option = select.options[select.selectedIndex];
+        const id = parseInt(option.value);
+
+        if (id > 0 && component.callbackName) {
+            Biovision.execute(component.callbackName, window, id);
+            option.disabled = true;
+        }
+    },
+    showResults: function () {
+        const component = Biovision.components.adminUserSearch;
+        const response = JSON.parse(this.responseText);
+        component.resultsContainer.innerHTML = "";
+
+        const option = document.createElement("option");
+        option.innerHTML = response["meta"]["count"];
+        option.value = "";
+        component.resultsContainer.append(option);
+
+        if (response.hasOwnProperty("data")) {
+            response.data.forEach(function (item) {
+                const option = document.createElement("option");
+                option.setAttribute("value", item.id);
+                option.innerHTML = item["attributes"]["slug"] + " (" + item["meta"]["name"] + ")";
+
+                component.resultsContainer.append(option);
+            });
+        }
+    }
+};
+
+Biovision.components.userPrivilege = {
+    initialized: false,
+    selector: ".js-component-added-users",
+    list: undefined,
+    url: undefined,
+    init: function () {
+        this.list = document.querySelector(this.selector);
+        if (this.list) {
+            this.url = this.list.getAttribute("data-url");
+            this.initialized = true;
+        }
+    },
+    addUser: function (id) {
+        const component = Biovision.components.userPrivilege;
+        if (component.url) {
+            const data = {
+                "user_id": id
+            };
+            const request = Biovision.jsonAjaxRequest("patch", component.url, component.processAddResponse);
+
+            request.send(JSON.stringify(data));
+        } else {
+            console.log("URL is not set for userPrivilege component")
+        }
+    },
+    processAddResponse: function () {
+        const component = Biovision.components.userPrivilege;
+        if (component.list) {
+            const response = JSON.parse(this.responseText);
+            if (response.hasOwnProperty("data")) {
+                const data = response["data"];
+                const li = document.createElement("li");
+                const user = data["relationships"]["user"]["data"];
+                const div = document.createElement("div");
+                div.innerHTML = user["attributes"]["screen_name"] + " (" + user["meta"]["full_name"] + ")";
+                li.append(div);
+
+                const linkData = data["attributes"]["data"];
+                if (Object.keys(linkData).length > 0) {
+                    const details = document.createElement("div");
+                    details.innerHTML = JSON.stringify(linkData);
+                    li.append(details);
+                }
+
+                component.list.append(li);
+            }
+        } else {
+            console.log("List is not defined for userPrivilege component");
+        }
+    }
+};
+
 /**
  * Hide popups when clicking outside
  *
@@ -949,6 +1078,8 @@ Biovision.components.newComponentParameter = {
     }
 };
 
+window.Biovision = Biovision;
+
 document.addEventListener('DOMContentLoaded', function () {
     Biovision.init();
 

data/app/assets/stylesheets/biovision/base/admin/components.scss

@@ -2,6 +2,7 @@ $text-color-secondary: #777 !default;
 $block-shadow: .2rem .2rem .4rem .2rem rgba(0, 0, 0, .125) !default;
 $row-background-even: hsl(0, 0%, 95%) !default;
 $row-background-odd: hsl(0, 0%, 98%) !default;
+$font-family-heading: serif !default;
 
 #biovision-component-parameters {
   margin: var(--spacer-s) 0;
@@ -105,7 +106,14 @@ $row-background-odd: hsl(0, 0%, 98%) !default;
 
   .settings {
     background: image_url('biovision/base/icons/settings.svg') no-repeat center left / 2rem 2rem;
-    display: inline-block;
+    display: block;
+    margin: 0 0 var(--spacer-xs);
+    padding-left: 2.4rem;
+  }
+
+  .privileges {
+    background: image_url('biovision/base/icons/key.svg') no-repeat center left / 2rem 2rem;
+    display: block;
     margin: 0 0 var(--spacer-xs);
     padding-left: 2.4rem;
   }
@@ -129,3 +137,34 @@ $row-background-odd: hsl(0, 0%, 98%) !default;
     }
   }
 }
+
+.js-admin-user-search {
+  select {
+    &:empty {
+      display: none;
+    }
+  }
+}
+
+.js-component-added-users {
+  list-style: none;
+  margin: var(--spacer-s) 0;
+  padding: 0;
+
+  &::before {
+    content: attr(aria-label);
+    display: block;
+    font: 400 var(--font-size-increased) $font-family-heading;
+    transition: .25s;
+  }
+
+  &:empty::before {
+    opacity: 0;
+  }
+
+  li {
+    box-shadow: 0 0 .4rem rgba(0, 0, 0, .25);
+    margin: var(--spacer-xs) 0;
+    padding: var(--spacer-xs);
+  }
+}

data/app/assets/stylesheets/biovision/base/biovision.scss

@@ -27,7 +27,6 @@
 
 html {
   font: 400 10px $font-family-main;
-  height: 100%;
   margin: 0;
   padding: 0;
   -webkit-text-size-adjust: none;
@@ -555,4 +554,4 @@ input.control:not(:checked) + * {
     object-fit: contain;
     width: 100%;
   }
-}
+}

data/app/controllers/admin/codes_controller.rb

@@ -1,3 +1,6 @@
+# frozen_string_literal: true
+
+# Handling user codes
 class Admin::CodesController < AdminController
   before_action :set_entity, except: [:index]
 
@@ -12,8 +15,13 @@ class Admin::CodesController < AdminController
 
   protected
 
+  def component_slug
+    Biovision::Components::UsersComponent::SLUG
+  end
+
   def restrict_access
-    require_privilege :administrator
+    error = 'Managing codes is not allowed'
+    handle_http_401(error) unless component_handler.allow?('manage_codes')
   end
 
   def set_entity

data/app/controllers/admin/components_controller.rb

@@ -11,35 +11,105 @@ class Admin::ComponentsController < AdminController
 
   # get /admin/components/:slug
   def show
-    handle_http_401('Viewing component is not allowed') unless @handler.allow?
+    error = 'Viewing component is not allowed'
+    handle_http_401(error) unless @handler.allow?
   end
 
   # get /admin/components/:slug/settings
   def settings
+    error = 'Viewing settings is not allowed'
+    handle_http_401(error) unless @handler.allow?('settings')
   end
 
   # patch /admin/components/:slug/settings
   def update_settings
-    new_settings = params.dig(:component, :settings).permit!
-    @handler.settings = new_settings.to_h
-    flash[:notice] = t('admin.components.update_settings.success')
-    redirect_to(admin_component_settings_path(slug: params[:slug]))
+    if @handler.allow('settings')
+      new_settings = params.dig(:component, :settings).permit!
+      @handler.settings = new_settings.to_h
+      flash[:notice] = t('admin.components.update_settings.success')
+      redirect_to(admin_component_settings_path(slug: params[:slug]))
+    else
+      handle_http_401('Changing settings is not allowed')
+    end
   end
 
   # patch /admin/components/:slug/parameters
   def update_parameter
-    slug = param_from_request(:key, :slug).downcase
-    value = param_from_request(:key, :value)
+    if @handler.allow('settings')
+      slug = param_from_request(:key, :slug).downcase
+      value = param_from_request(:key, :value)
 
-    @handler[slug] = value
+      @handler[slug] = value
+    end
 
     head :no_content
   end
 
   # delete /admin/components/:slug/parameters/:parameter_slug
   def delete_parameter
-    @handler.component.parameters.delete(params[:parameter_slug])
-    @handler.component.save
+    if @handler.allow('settings')
+      @handler.component.parameters.delete(params[:parameter_slug])
+      @handler.component.save
+    end
+
+    head :no_content
+  end
+
+  # get /admin/components/:slug/privileges
+  def privileges
+    error = 'Viewing privileges is not allowed'
+    handle_http_401(error) unless @handler.administrator?
+  end
+
+  # patch /admin/components/:slug/privileges
+  def update_privileges
+    if @handler.administrator?
+      user = User.find_by(id: params[:user_id])
+
+      if user.nil?
+        handle_http_404('Cannot find user') if user.nil?
+      else
+        @entity = @handler.update_privileges(user)
+      end
+    else
+      handle_http_401('Updating privileges is not allowed')
+    end
+  end
+
+  # put /admin/components/:slug/administrators/:user_id
+  def add_administrator
+    if @handler.administrator?
+      @handler.component.add_administrator(User.find_by(id: params[:user_id]))
+    end
+
+    head :no_content
+  end
+
+  # put /admin/components/:slug/administrators/:user_id
+  def remove_administrator
+    if @handler.administrator?
+      @handler.component.remove_administrator(User.find_by(id: params[:user_id]))
+    end
+
+    head :no_content
+  end
+
+  # put /admin/components/:slug/users/:user_id/privileges/:privilege_slug
+  def add_privilege
+    if @handler.administrator?
+      user = User.find_by(id: params[:user_id])
+      @handler.component.add_privilege(user, params[:privilege_slug])
+    end
+
+    head :no_content
+  end
+
+  # put /admin/components/:slug/users/:user_id/privileges/:privilege_slug
+  def remove_privilege
+    if @handler.administrator?
+      user = User.find_by(id: params[:user_id])
+      @handler.component.remove_privilege(user, params[:privilege_slug])
+    end
 
     head :no_content
   end

data/app/controllers/admin/editable_pages_controller.rb

@@ -18,8 +18,13 @@ class Admin::EditablePagesController < AdminController
 
   private
 
+  def component_slug
+    Biovision::Components::ContentComponent::SLUG
+  end
+
   def restrict_access
-    require_privilege :content_manager
+    error = 'Managing content is not allowed'
+    handle_http_401(error) unless component_handler.allow?('content_manager')
   end
 
   def set_entity

data/app/controllers/admin/feedback_requests_controller.rb

@@ -1,7 +1,10 @@
+# frozen_string_literal: true
+
+# Handling feedback requests
 class Admin::FeedbackRequestsController < AdminController
   include ToggleableEntity
 
-  before_action :set_entity, except: [:index]
+  before_action :set_entity, except: :index
 
   # get /admin/feedback_requests
   def index
@@ -10,8 +13,13 @@ class Admin::FeedbackRequestsController < AdminController
 
   private
 
+  def component_slug
+    Biovision::Components::ContactComponent::SLUG
+  end
+
   def restrict_access
-    require_privilege :feedback_manager
+    error = 'Managing feedback requests is not allowed'
+    handle_http_401(error) unless component_handler.allow?('feedback_manager')
   end
 
   def set_entity

data/app/controllers/admin/foreign_users_controller.rb

@@ -1,3 +1,6 @@
+# frozen_string_literal: true
+
+# Handling foreign users
 class Admin::ForeignUsersController < AdminController
   before_action :set_entity, except: :index
 
@@ -12,14 +15,17 @@ class Admin::ForeignUsersController < AdminController
 
   protected
 
+  def component_slug
+    Biovision::Components::UsersComponent::SLUG
+  end
+
   def restrict_access
-    require_privilege :administrator
+    error = 'Managing foreign users is not allowed'
+    handle_http_401(error) unless component_handler.allow?('view', 'edit')
   end
 
   def set_entity
     @entity = ForeignUser.find_by(id: params[:id])
-    if @entity.nil?
-      handle_http_404('Cannot find foreign_user')
-    end
+    handle_http_404('Cannot find foreign_user') if @entity.nil?
   end
 end