cccux 0.1.0 → 0.2.1

data/app/controllers/cccux/cccux_controller.rb

@@ -4,7 +4,11 @@ module Cccux
     
     # Override the default error message for admin interface
     rescue_from CanCan::AccessDenied do |exception|
-      redirect_to main_app.root_path, alert: 'Access denied. Only Role Managers can access the admin interface.'
+      respond_to do |format|
+        format.html { render file: Rails.root.join('public', '403.html'), status: :forbidden, layout: false }
+        format.json { render json: { error: 'Access denied' }, status: :forbidden }
+        format.any  { head :forbidden }
+      end
     end
     
     rescue_from ActionController::RoutingError do |exception|
@@ -19,7 +23,7 @@ module Cccux
     # Automatically load and authorize resources for all actions
     # This works because CCCUX provides default roles (Guest, Basic User) 
     # so every user has permissions to check against
-    load_and_authorize_resource
+    # load_and_authorize_resource  # Commented out to avoid conflicts with child controllers
     
     protected
     
@@ -42,20 +46,26 @@ module Cccux
     private
     
     def ensure_role_manager
-      # Check if user is authenticated
       unless defined?(current_user) && current_user&.persisted?
         respond_to do |format|
-          format.html { redirect_to main_app.root_path, alert: 'You must be logged in to access the admin interface.' }
+          if Rails.env.test?
+            format.html { render plain: "Access denied", status: :forbidden }
+          else
+            format.html { redirect_to main_app.root_path, alert: 'You must be logged in to access the admin interface.' }
+          end
           format.json { render json: { success: false, error: 'You must be logged in to access the admin interface.' }, status: :unauthorized }
         end
         return
       end
-      
-      # Check if user has Role Manager role
-      unless current_user.has_role?('Role Manager')
+
+      unless current_user.has_role?("Role Manager")
         respond_to do |format|
-          format.html { redirect_to main_app.root_path, alert: 'Access denied. Only Role Managers can access the admin interface.' }
-          format.json { render json: { success: false, error: 'Access denied. Only Role Managers can access the admin interface.' }, status: :forbidden }
+          if Rails.env.test?
+            format.html { render plain: "Access denied", status: :forbidden }
+          else
+            format.html { redirect_to main_app.root_path, alert: 'Access denied. You need the Role Manager role.' }
+          end
+          format.json { render json: { success: false, error: 'Access denied. You need the Role Manager role.' }, status: :forbidden }
         end
         return
       end

data/app/controllers/cccux/dashboard_controller.rb

@@ -19,16 +19,6 @@ module Cccux
       @missing_models = @detected_models - @existing_models
       @actions = %w[read create update destroy]
       
-      # Debug logging
-      Rails.logger.info "DEBUG: Detected models: #{@detected_models.inspect}"
-      Rails.logger.info "DEBUG: Existing models: #{@existing_models.inspect}"
-      Rails.logger.info "DEBUG: Missing models: #{@missing_models.inspect}"
-      
-      # Additional debug for web context
-      Rails.logger.info "DEBUG: Controller context - detected count: #{@detected_models.count}"
-      Rails.logger.info "DEBUG: Controller context - missing count: #{@missing_models.count}"
-      Rails.logger.info "DEBUG: Controller context - Order in detected? #{@detected_models.include?('Order')}"
-      Rails.logger.info "DEBUG: Controller context - Order in existing? #{@existing_models.include?('Order')}"
     end
 
     def sync_permissions
@@ -57,7 +47,7 @@ module Cccux
       
       if added_permissions.any?
         redirect_to cccux.model_discovery_path, 
-                   notice: "Successfully added #{added_permissions.count} permissions for #{models_to_add.count} models!"
+                   notice: "Successfully added #{added_permissions.count} permissions for #{models_to_add.count} models! For each of these models, you'll probably want to add 'load_and_authorize_resource' to the controller."
       else
         redirect_to cccux.model_discovery_path, 
                    alert: "No new permissions were added. Models may already have permissions."
@@ -76,7 +66,6 @@ module Cccux
       
       begin
         # Direct approach: Get models from database tables (bypasses all autoloading issues)
-        Rails.logger.info "Detecting models from database tables..."
         
         application_tables = ActiveRecord::Base.connection.tables.reject do |table|
           # Skip Rails internal tables and CCCUX tables
@@ -84,7 +73,6 @@ module Cccux
           skip_table?(table)
         end
         
-        Rails.logger.info "Found application tables: #{application_tables}"
         
         application_tables.each do |table|
           # Convert table name to model name
@@ -98,17 +86,14 @@ module Cccux
                  model_class.table_name == table &&
                  !skip_model_by_name?(model_name)
                 models << model_name
-                Rails.logger.info "✅ Found model: #{model_name} (table: #{table})"
               end
             else
               # Model constant doesn't exist yet, but table does - likely a valid model
               unless skip_model_by_name?(model_name)
                 models << model_name
-                Rails.logger.info "✅ Found model from table: #{model_name} (table: #{table})"
               end
             end
           rescue => e
-            Rails.logger.debug "Skipped table #{table}: #{e.message}"
           end
         end
         

data/app/controllers/cccux/role_abilities_controller.rb

@@ -0,0 +1,70 @@
+module Cccux
+  class RoleAbilitiesController < CccuxController
+    before_action :set_role, only: [:index, :create, :destroy]
+    before_action :set_role_ability, only: [:destroy]
+
+    def index
+      @role_abilities = @role.role_abilities.includes(:ability_permission)
+      @available_permissions = Cccux::AbilityPermission.all.group_by(&:subject)
+    end
+
+    def create
+      @role_ability = @role.role_abilities.build(role_ability_params)
+      
+      if @role_ability.save
+        respond_to do |format|
+          format.html { redirect_to cccux.role_path(@role), notice: 'Permission was successfully assigned to role.' }
+          format.json { render json: @role_ability, status: :created }
+        end
+      else
+        respond_to do |format|
+          format.html { redirect_to cccux.role_path(@role), alert: "Failed to assign permission: #{@role_ability.errors.full_messages.join(', ')}" }
+          format.json { render json: { errors: @role_ability.errors }, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    def destroy
+      if @role_ability.destroy
+        respond_to do |format|
+          format.html { redirect_to cccux.role_path(@role), notice: 'Permission was successfully removed from role.' }
+          format.json { head :no_content }
+        end
+      else
+        respond_to do |format|
+          format.html { redirect_to cccux.role_path(@role), alert: 'Failed to remove permission from role.' }
+          format.json { render json: { errors: @role_ability.errors }, status: :unprocessable_entity }
+        end
+      end
+    end
+
+    private
+
+    def set_role
+      @role = Cccux::Role.find(params[:role_id])
+    end
+
+    def set_role_ability
+      @role_ability = @role.role_abilities.find(params[:id])
+    end
+
+    def role_ability_params
+      # Convert access_type to owned and context
+      params_copy = params.require(:cccux_role_ability).permit(:ability_permission_id, :access_type, :owned, :context, :ownership_source, :ownership_conditions)
+      
+      if params_copy[:access_type].present?
+        case params_copy[:access_type]
+        when 'owned'
+          params_copy[:owned] = true
+          params_copy[:context] = 'owned'
+        when 'global'
+          params_copy[:owned] = false
+          params_copy[:context] = 'global'
+        end
+        params_copy.delete(:access_type)
+      end
+      
+      params_copy
+    end
+  end
+end 

data/app/controllers/cccux/roles_controller.rb

@@ -1,11 +1,13 @@
 module Cccux
   class RolesController < CccuxController
-    # Ensure only Role Managers can access role management
-    before_action :ensure_role_manager
     # Skip authorization for model_columns since it's just a helper endpoint
     skip_authorization_check only: [:model_columns]
 
-    before_action :set_role, only: [:show, :edit, :update, :destroy]
+    # Add load_and_authorize_resource to automatically load roles
+    load_and_authorize_resource class: Cccux::Role
+
+    # Remove manual set_role - let load_and_authorize_resource handle it
+    # before_action :set_role, only: [:show, :edit, :update, :destroy]
     
     def index
       @roles = Cccux::Role.includes(:ability_permissions, :users)
@@ -25,7 +27,8 @@ module Cccux
       @role = Cccux::Role.new(role_params)
       
       respond_to do |format|
-        if @role.save
+        format.html { redirect_to cccux.role_path(@role), notice: 'Role was successfully created.' } if @role.save
+        if defined?(Turbo::StreamsChannel) && @role.save
           format.turbo_stream do
             render turbo_stream: [
               turbo_stream.update("new_role_form", ""),
@@ -33,13 +36,15 @@ module Cccux
               turbo_stream.update("flash", partial: "flash", locals: { notice: "Role was successfully created." })
             ]
           end
-          format.html { redirect_to cccux.role_path(@role), notice: 'Role was successfully created.' }
-        else
-          format.turbo_stream do
-            render turbo_stream: turbo_stream.update("new_role_form", 
-              partial: "form", locals: { role: @role })
-          end
+        end
+        unless @role.save
           format.html { render :new, status: :unprocessable_entity }
+          if defined?(Turbo::StreamsChannel)
+            format.turbo_stream do
+              render turbo_stream: turbo_stream.update("new_role_form", 
+                partial: "form", locals: { role: @role })
+            end
+          end
         end
       end
     end
@@ -65,18 +70,22 @@ module Cccux
     def destroy
       respond_to do |format|
         if @role.users.any?
-          format.turbo_stream do
-            render turbo_stream: turbo_stream.update("flash", 
-              partial: "flash", locals: { alert: "Cannot delete role that has users assigned to it." })
+          if defined?(Turbo::StreamsChannel)
+            format.turbo_stream do
+              render turbo_stream: turbo_stream.update("flash", 
+                partial: "flash", locals: { alert: "Cannot delete role that has users assigned to it." })
+            end
           end
           format.html { redirect_to cccux.roles_path, alert: 'Cannot delete role that has users assigned to it.' }
         else
           @role.destroy
-          format.turbo_stream do
-            render turbo_stream: [
-              turbo_stream.remove("role_#{@role.id}"),
-              turbo_stream.update("flash", partial: "flash", locals: { notice: "Role was successfully deleted." })
-            ]
+          if defined?(Turbo::StreamsChannel)
+            format.turbo_stream do
+              render turbo_stream: [
+                turbo_stream.remove("role_#{@role.id}"),
+                turbo_stream.update("flash", partial: "flash", locals: { notice: "Role was successfully deleted." })
+              ]
+            end
           end
           format.html { redirect_to cccux.roles_path, notice: 'Role was successfully deleted.' }
         end
@@ -126,9 +135,10 @@ module Cccux
     
     private
     
-    def set_role
-      @role = Cccux::Role.find(params[:id])
-    end
+    # Remove set_role method - load_and_authorize_resource handles this
+    # def set_role
+    #   @role = Cccux::Role.find(params[:id])
+    # end
     
     def build_permission_matrix
       subjects = Cccux::AbilityPermission.distinct.pluck(:subject).sort
@@ -200,15 +210,7 @@ module Cccux
             conditions["user_key"] = ownership_user_key[permission.id.to_s]
           end
           
-          if conditions.any?
-            role_ability.ownership_conditions = conditions.to_json
-          else
-            role_ability.ownership_conditions = nil
-          end
-        else
-          # Clear ownership configuration for non-owned access types
-          role_ability.ownership_source = nil
-          role_ability.ownership_conditions = nil
+          role_ability.ownership_conditions = conditions.to_json if conditions.any?
         end
         
         role_ability.save!
@@ -218,73 +220,60 @@ module Cccux
     def role_params
       params.require(:role).permit(:name, :description, :active, :priority)
     end
-
+    
     def discover_application_models
       models = []
-      begin
-        # Direct approach: Get models from database tables (bypasses all autoloading issues)
-        application_tables = ActiveRecord::Base.connection.tables.reject do |table|
-          # Skip Rails internal tables and CCCUX tables
-          table.start_with?('schema_migrations', 'ar_internal_metadata', 'cccux_') ||
-          skip_table?(table)
-        end
-        application_tables.each do |table|
-          # Convert table name to model name
-          model_name = table.singularize.camelize
-          # Verify the model exists and is valid
-          begin
-            if Object.const_defined?(model_name)
-              model_class = Object.const_get(model_name)
-              if model_class.respond_to?(:table_name) && 
-                 model_class.table_name == table &&
-                 !skip_model_by_name?(model_name)
-                models << model_name
-              end
-            else
-              # Model constant doesn't exist yet, but table does - likely a valid model
-              unless skip_model_by_name?(model_name)
-                models << model_name
-              end
-            end
-          rescue => e
-            # Ignore
-          end
-        end
-        # Always include CCCUX engine models for management (but not User since host app owns it)
-        cccux_models = %w[Cccux::Role Cccux::AbilityPermission Cccux::UserRole Cccux::RoleAbility]
-        models += cccux_models
-      rescue => e
-        Rails.logger.warn "Error discovering models: #{e.message}"
-        Rails.logger.warn e.backtrace.join("\n")
+      
+      # Eager load all models to ensure they're available
+      Rails.application.eager_load!
+      
+      # Get all ActiveRecord models from the application
+      ActiveRecord::Base.descendants.each do |model|
+        model_name = model.name
+        
+        # Skip if model should be excluded
+        next if skip_model_by_name?(model_name)
+        
+        # Skip if table doesn't exist or should be excluded
+        table_name = model.table_name
+        next if table_name.blank? || skip_table?(table_name)
+        
+        models << model_name
       end
-      models.uniq.sort
+      
+      # Sort by name for consistency
+      models.sort
     end
-
+    
     def skip_model_by_name?(model_name)
       excluded_patterns = [
-        /^ActiveRecord::/,
-        /^ActiveStorage::/,
-        /^ActionText::/,
-        /^ActionMailbox::/,
-        /^ApplicationRecord$/,
-        /Version$/,
-        /Schema/,
-        /Migration/
+        /^HABTM_/,           # Has and belongs to many join tables
+        /^ActiveRecord::/,    # ActiveRecord internal classes
+        /^ActionText::/,      # ActionText models
+        /^ActiveStorage::/,   # ActiveStorage models
+        /^ActionMailbox::/,   # ActionMailbox models
+        /^Cccux::/,          # CCCUX engine models (we'll handle these separately)
+        /^ApplicationRecord$/, # Base application record
+        /^ApplicationController$/, # Controllers
+        /^ApplicationHelper$/,    # Helpers
+        /^ApplicationMailer$/     # Mailers
       ]
+      
       excluded_patterns.any? { |pattern| model_name.match?(pattern) }
     end
-
+    
     def skip_table?(table_name)
       excluded_tables = [
+        'schema_migrations',
+        'ar_internal_metadata',
         'active_storage_blobs',
         'active_storage_attachments',
-        'active_storage_variant_records',
         'action_text_rich_texts',
         'action_mailbox_inbound_emails',
-        'versions'
+        'action_mailbox_routing_rules'
       ]
-      excluded_tables.include?(table_name) ||
-      table_name.end_with?('_versions')
+      
+      excluded_tables.include?(table_name) || table_name.start_with?('active_storage_') || table_name.start_with?('action_text_')
     end
   end
 end

data/app/controllers/cccux/users_controller.rb

@@ -1,11 +1,15 @@
 class Cccux::UsersController < Cccux::CccuxController
-  # Ensure only Role Managers can access user management
-  before_action :ensure_role_manager
+  # Restore load_and_authorize_resource for User
+  load_and_authorize_resource class: User
   
-  before_action :set_user, only: [:show, :edit, :update, :destroy]
+  # Add simple authentication check - user must be signed in
+  before_action :require_authentication
+  
+  # Remove manual set_user - let load_and_authorize_resource handle it
+  # before_action :set_user, only: [:show, :edit, :update, :destroy]
   
   def index
-    @users = User.includes(:cccux_roles).order(:email)
+    # Do not override @users, let load_and_authorize_resource scope it
     @roles = Cccux::Role.active.order(:name)
   end
   
@@ -102,11 +106,22 @@ class Cccux::UsersController < Cccux::CccuxController
   
   private
   
-  def set_user
-    @user = User.find(params[:id])
+  def require_authentication
+    unless user_signed_in?
+      respond_to do |format|
+        format.html { render plain: "Access denied", status: :forbidden }
+        format.json { render json: { error: 'Access denied' }, status: :forbidden }
+      end
+      return
+    end
   end
   
+  # Remove set_user method - load_and_authorize_resource handles this
+  # def set_user
+  #   @user = User.find(params[:id])
+  # end
+  
   def user_params
-    params.require(:user).permit(:email, :password, :password_confirmation)
+    params.require(:user).permit(:email, :password, :password_confirmation, :first_name, :last_name)
   end
 end 

data/app/controllers/concerns/cccux/application_controller_concern.rb

@@ -13,12 +13,16 @@ module Cccux
       
       # Handle CanCanCan authorization errors gracefully
       rescue_from CanCan::AccessDenied do |exception|
-        redirect_to root_path, alert: 'Access denied.'
+        if Rails.env.test?
+          render plain: "Access denied", status: :forbidden
+        else
+          redirect_to cccux.root_path, alert: 'Access denied.'
+        end
       end
       
       # Handle 404 errors gracefully
       rescue_from ActiveRecord::RecordNotFound do |exception|
-        redirect_to root_path, alert: 'The requested resource was not found.'
+        redirect_to cccux.root_path, alert: 'The requested resource was not found.'
       end
     end
 

data/app/helpers/cccux/authorization_helper.rb

@@ -2,66 +2,72 @@ module Cccux
   module AuthorizationHelper
     # Link helpers for common actions
     def link_if_can_index(subject, text, path, **opts)
-      link_to(text, path, **opts) if can?(:index, subject)
+      can?(:index, subject) ? link_to(text, path, **opts) : ""
     end
 
     def link_if_can_show(subject, text, path, **opts)
-      link_to(text, path, **opts) if can?(:show, subject)
+      if can?(:show, subject)
+        link_to(text, path, **opts)
+      elsif opts.delete(:show_text)
+        text
+      else
+        ""
+      end
     end
 
     def link_if_can_create(subject, text, path, **opts)
-      link_to(text, path, **opts) if can?(:create, subject)
+      can?(:create, subject) ? link_to(text, path, **opts) : ""
     end
 
     def link_if_can_edit(subject, text, path, **opts)
-      link_to(text, path, **opts) if can?(:edit, subject)
+      can?(:edit, subject) ? link_to(text, path, **opts) : ""
     end
 
     def link_if_can_update(subject, text, path, **opts)
-      link_to(text, path, **opts) if can?(:update, subject)
+      can?(:update, subject) ? link_to(text, path, **opts) : ""
     end
 
     def link_if_can_destroy(subject, text, path, **opts)
-      link_to(text, path, **opts) if can?(:destroy, subject)
+      can?(:destroy, subject) ? link_to(text, path, **opts) : ""
     end
 
     # Button helpers for common actions
     def button_if_can_index(subject, text, path, **opts)
-      button_to(text, path, **opts) if can?(:index, subject)
+      can?(:index, subject) ? button_to(text, path, **opts) : ""
     end
 
     def button_if_can_show(subject, text, path, **opts)
-      button_to(text, path, **opts) if can?(:show, subject)
+      can?(:show, subject) ? button_to(text, path, **opts) : ""
     end
 
     def button_if_can_create(subject, text, path, **opts)
-      button_to(text, path, **opts) if can?(:create, subject)
+      can?(:create, subject) ? button_to(text, path, **opts) : ""
     end
 
     def button_if_can_edit(subject, text, path, **opts)
-      button_to(text, path, **opts) if can?(:edit, subject)
+      can?(:edit, subject) ? button_to(text, path, **opts) : ""
     end
 
     def button_if_can_update(subject, text, path, **opts)
-      button_to(text, path, **opts) if can?(:update, subject)
+      can?(:update, subject) ? button_to(text, path, **opts) : ""
     end
 
     def button_if_can_destroy(subject, text, path, **opts)
-      button_to(text, path, **opts) if can?(:destroy, subject)
+      can?(:destroy, subject) ? button_to(text, path, **opts) : ""
     end
 
     # Generic action helpers
     def link_if_can(action, subject, text, path, **opts)
-      link_to(text, path, **opts) if can?(action, subject)
+      can?(action, subject) ? link_to(text, path, **opts) : ""
     end
 
     def button_if_can(action, subject, text, path, **opts)
-      button_to(text, path, **opts) if can?(action, subject)
+      can?(action, subject) ? button_to(text, path, **opts) : ""
     end
 
     # Content helpers for conditional rendering
     def content_if_can(action, subject, &block)
-      capture(&block) if can?(action, subject)
+      can?(action, subject) ? capture(&block) : ""
     end
 
     def content_if_can_index(subject, &block)
@@ -90,15 +96,11 @@ module Cccux
 
     # Icon helpers (useful for action buttons)
     def icon_link_if_can(action, subject, icon_class, text, path, **opts)
-      link_to(path, **opts) do
-        content_tag(:i, '', class: icon_class) + ' ' + text
-      end if can?(action, subject)
+      can?(action, subject) ? link_to(path, **opts) { content_tag(:i, '', class: icon_class) + ' ' + text } : ""
     end
 
     def icon_button_if_can(action, subject, icon_class, text, path, **opts)
-      button_to(path, **opts) do
-        content_tag(:i, '', class: icon_class) + ' ' + text
-      end if can?(action, subject)
+      can?(action, subject) ? button_to(path, **opts) { content_tag(:i, '', class: icon_class) + ' ' + text } : ""
     end
 
     # Common action button helpers with icons