cccux 0.1.0

data/app/controllers/cccux/ability_permissions_controller.rb

@@ -0,0 +1,271 @@
+module Cccux
+  class AbilityPermissionsController < CccuxController
+    # Ensure only Role Managers can access permission management
+    before_action :ensure_role_manager
+
+    before_action :set_ability_permission, only: [:show, :edit, :update, :destroy]
+
+    def index
+      @ability_permissions = Cccux::AbilityPermission.all.order(:subject, :action)
+      @grouped_permissions = @ability_permissions.group_by(&:subject)
+    end
+
+    def show
+    end
+
+    def new
+      @ability_permission = Cccux::AbilityPermission.new
+      @ability_permission.subject = params[:subject] if params[:subject].present?
+      @available_subjects = get_available_subjects
+      @available_actions = get_available_actions
+      @subject_actions_map = get_subject_actions_map
+    end
+
+    def create
+      # Handle bulk creation if actions is an array
+      if params[:ability_permission][:actions].is_a?(Array)
+        create_bulk_permissions
+      else
+        create_single_permission
+      end
+    end
+
+    def edit
+      @available_subjects = get_available_subjects
+      @available_actions = get_available_actions
+      @subject_actions_map = get_subject_actions_map
+    end
+
+    def update
+      if @ability_permission.update(ability_permission_params)
+        redirect_to cccux.ability_permissions_path, notice: 'Permission was successfully updated.'
+      else
+        @available_subjects = get_available_subjects
+        @available_actions = get_available_actions
+        @subject_actions_map = get_subject_actions_map
+        render :edit
+      end
+    end
+
+    def destroy
+      @ability_permission.destroy
+      redirect_to cccux.ability_permissions_path, notice: 'Permission was successfully deleted.'
+    end
+
+    def actions_for_subject
+      subject = params[:subject]
+      actions = get_actions_for_subject(subject)
+      render json: { actions: actions }
+    end
+
+    private
+
+    def set_ability_permission
+      @ability_permission = Cccux::AbilityPermission.find(params[:id])
+    end
+
+    def ability_permission_params
+      params.require(:ability_permission).permit(:subject, :action, :description, :active)
+    end
+
+    def bulk_permission_params
+      params.require(:ability_permission).permit(:subject, :description, :active, actions: [])
+    end
+
+    def create_bulk_permissions
+      subject = params[:ability_permission][:subject]
+      actions = params[:ability_permission][:actions].reject(&:blank?)
+      description_template = params[:ability_permission][:description]
+      active = params[:ability_permission][:active]
+      
+      created_permissions = []
+      failed_permissions = []
+      
+      actions.each do |action|
+        permission = Cccux::AbilityPermission.new(
+          subject: subject,
+          action: action,
+          description: description_template.present? ? "#{action.capitalize} #{subject.pluralize.downcase}" : "",
+          active: active
+        )
+        
+        if permission.save
+          created_permissions << permission
+        else
+          failed_permissions << { action: action, errors: permission.errors.full_messages }
+        end
+      end
+      
+      if failed_permissions.empty?
+        redirect_to cccux.ability_permissions_path, 
+                    notice: "Successfully created #{created_permissions.count} permissions for #{subject}!"
+      else
+        @ability_permission = Cccux::AbilityPermission.new(subject: subject)
+        @available_subjects = get_available_subjects
+        @available_actions = get_available_actions
+        @subject_actions_map = get_subject_actions_map
+        flash[:alert] = "Some permissions could not be created: #{failed_permissions.map { |f| f[:action] }.join(', ')}"
+        render :new
+      end
+    end
+
+    def create_single_permission
+      @ability_permission = Cccux::AbilityPermission.new(ability_permission_params)
+      
+      if @ability_permission.save
+        redirect_to cccux.ability_permissions_path, notice: 'Permission was successfully created.'
+      else
+        @available_subjects = get_available_subjects
+        @available_actions = get_available_actions
+        @subject_actions_map = get_subject_actions_map
+        render :new
+      end
+    end
+
+    def get_available_subjects
+      # Get existing subjects plus discovered models
+      existing_subjects = Cccux::AbilityPermission.distinct.pluck(:subject).compact
+      discovered_models = discover_application_models
+      (existing_subjects + discovered_models).uniq.sort
+    end
+
+    def get_available_actions
+      # Get existing actions plus common CRUD actions
+      existing_actions = Cccux::AbilityPermission.distinct.pluck(:action).compact
+      common_actions = %w[read create update destroy manage index show new edit]
+      (existing_actions + common_actions).uniq.sort
+    end
+
+    def get_subject_actions_map
+      subjects = get_available_subjects
+      map = {}
+      
+      subjects.each do |subject|
+        map[subject] = get_actions_for_subject(subject)
+      end
+      
+      map
+    end
+
+    def get_actions_for_subject(subject)
+      return [] if subject.blank?
+      
+      # Start with common CRUD actions
+      actions = %w[read create update destroy]
+      
+      # Add route-discovered actions
+      route_actions = discover_actions_for_model(subject)
+      actions += route_actions
+      
+      # Add existing actions for this subject
+      existing_actions = Cccux::AbilityPermission.where(subject: subject).distinct.pluck(:action).compact
+      actions += existing_actions
+      
+      actions.uniq.sort
+    end
+
+    def discover_application_models
+      models = []
+      
+      begin
+        Rails.application.eager_load!
+        
+        # Get all ApplicationRecord descendants from the host app
+        ApplicationRecord.descendants.each do |model_class|
+          next if model_class.abstract_class?
+          next if model_class.name.nil?
+          next if skip_model?(model_class)
+          
+          models << model_class.name
+        end
+        
+        # Also add CCCUX engine models (so they can be managed through permissions)
+        cccux_models = %w[Cccux::Role Cccux::AbilityPermission Cccux::UserRole Cccux::RoleAbility]
+        models += cccux_models
+        
+      rescue => e
+        Rails.logger.warn "Error discovering models: #{e.message}"
+      end
+      
+      models.uniq.sort
+    end
+
+    def discover_actions_for_model(subject)
+      actions = []
+      
+      begin
+        # Convert subject to potential route patterns
+        resource_name = subject.underscore.pluralize
+        
+        # For CCCUX models, also check the engine routes
+        if subject.start_with?('Cccux::')
+          cccux_resource_name = subject.gsub('Cccux::', '').underscore.pluralize
+          
+          # Look through CCCUX engine routes for this resource
+          Cccux::Engine.routes.routes.each do |route|
+            next unless route.path.spec.to_s.include?(cccux_resource_name)
+            
+            # Extract action from route
+            if route.defaults[:action]
+              action = route.defaults[:action]
+              # Map HTTP verbs to standard actions and include custom actions
+              case action
+              when 'index' then actions << 'read'
+              when 'show' then actions << 'read'
+              when 'create' then actions << 'create'
+              when 'update' then actions << 'update'
+              when 'destroy' then actions << 'destroy'
+              when 'edit', 'new' then next # Skip these as they're UI actions
+              else
+                # Custom actions like 'reorder', 'toggle_active', etc.
+                actions << action
+              end
+            end
+          end
+        end
+        
+        # Also look through main Rails routes for this resource
+        Rails.application.routes.routes.each do |route|
+          next unless route.path.spec.to_s.include?(resource_name)
+          
+          # Extract action from route
+          if route.defaults[:action]
+            action = route.defaults[:action]
+            # Map HTTP verbs to standard actions and include custom actions
+            case action
+            when 'index' then actions << 'read'
+            when 'show' then actions << 'read'
+            when 'create' then actions << 'create'
+            when 'update' then actions << 'update'
+            when 'destroy' then actions << 'destroy'
+            when 'edit', 'new' then next # Skip these as they're UI actions
+            else
+              # Custom actions
+              actions << action
+            end
+          end
+        end
+        
+      rescue => e
+        Rails.logger.warn "Error discovering actions for #{subject}: #{e.message}"
+      end
+      
+      actions.uniq
+    end
+
+    def skip_model?(model_class)
+      excluded_patterns = [
+        /^ActiveRecord::/,
+        /^ActiveStorage::/,
+        /^ActionText::/,
+        /^ActionMailbox::/,
+        /^ApplicationRecord$/,
+        /Version$/,
+        /Schema/,
+        /Migration/
+      ]
+      
+      excluded_patterns.any? { |pattern| model_class.name.match?(pattern) }
+    end
+  end
+end

data/app/controllers/cccux/application_controller.rb

@@ -0,0 +1,37 @@
+module Cccux
+  class ApplicationController < ActionController::Base
+    # CanCanCan authorization - shared across all CCCUX controllers
+    include CanCan::ControllerAdditions
+    
+    # Handle CanCan authorization errors gracefully
+    rescue_from CanCan::AccessDenied do |exception|
+      redirect_to main_app.root_path, alert: 'Access denied.'
+    end
+    
+    # Handle 404 errors gracefully
+    rescue_from ActiveRecord::RecordNotFound do |exception|
+      redirect_to main_app.root_path, alert: 'The requested resource was not found.'
+    end
+    
+    before_action :configure_permitted_parameters, if: :devise_controller?
+    before_action :set_current_user
+    
+    protected
+    
+    # Override current_ability to use CCCUX Ability class
+    def current_ability
+      @current_ability ||= Cccux::Ability.new(current_user)
+    end
+    
+    def set_current_user
+      @current_user = current_user if defined?(current_user)
+    end
+    
+    private
+    
+    def configure_permitted_parameters
+      devise_parameter_sanitizer.permit(:sign_up, keys: [:first_name, :last_name])
+      devise_parameter_sanitizer.permit(:account_update, keys: [:first_name, :last_name])
+    end
+  end
+end

data/app/controllers/cccux/authorization_controller.rb

@@ -0,0 +1,10 @@
+module Cccux
+  class AuthorizationController < ApplicationController
+    # Provide CCCUX authorization without forcing a specific layout
+    # This allows host app controllers to use their own layouts
+    layout 'application'
+    
+    # Automatically load and authorize resources for all actions
+    load_and_authorize_resource
+  end
+end 

data/app/controllers/cccux/cccux_controller.rb

@@ -0,0 +1,64 @@
+module Cccux
+  class CccuxController < ApplicationController
+    layout 'cccux/admin'
+    
+    # Override the default error message for admin interface
+    rescue_from CanCan::AccessDenied do |exception|
+      redirect_to main_app.root_path, alert: 'Access denied. Only Role Managers can access the admin interface.'
+    end
+    
+    rescue_from ActionController::RoutingError do |exception|
+      redirect_to main_app.root_path, alert: 'The requested page was not found.'
+    end
+    
+    # Handle parameter errors (like invalid IDs)
+    rescue_from ActionController::ParameterMissing do |exception|
+      redirect_to main_app.root_path, alert: 'Invalid request parameters.'
+    end
+    
+    # Automatically load and authorize resources for all actions
+    # This works because CCCUX provides default roles (Guest, Basic User) 
+    # so every user has permissions to check against
+    load_and_authorize_resource
+    
+    protected
+    
+    # Override resource_class to handle namespaced models
+    def resource_class
+      # For CCCUX controllers, use the namespaced model
+      if self.class.name.start_with?('Cccux::')
+        # Extract the model name from controller name (e.g., RolesController -> Cccux::Role)
+        model_name = self.class.name.gsub('Cccux::', '').gsub('Controller', '').singularize
+        "Cccux::#{model_name}".constantize
+      else
+        # For host app controllers, use the default behavior
+        super
+      end
+    rescue NameError
+      # Fallback to default behavior if constantization fails
+      super
+    end
+    
+    private
+    
+    def ensure_role_manager
+      # Check if user is authenticated
+      unless defined?(current_user) && current_user&.persisted?
+        respond_to do |format|
+          format.html { redirect_to main_app.root_path, alert: 'You must be logged in to access the admin interface.' }
+          format.json { render json: { success: false, error: 'You must be logged in to access the admin interface.' }, status: :unauthorized }
+        end
+        return
+      end
+      
+      # Check if user has Role Manager role
+      unless current_user.has_role?('Role Manager')
+        respond_to do |format|
+          format.html { redirect_to main_app.root_path, alert: 'Access denied. Only Role Managers can access the admin interface.' }
+          format.json { render json: { success: false, error: 'Access denied. Only Role Managers can access the admin interface.' }, status: :forbidden }
+        end
+        return
+      end
+    end
+  end
+end 

data/app/controllers/cccux/dashboard_controller.rb

@@ -0,0 +1,172 @@
+module Cccux
+  class DashboardController < CccuxController
+    # Skip CanCanCan resource loading for dashboard since it doesn't work with a specific model
+    skip_load_and_authorize_resource
+    
+    # Ensure only Role Managers can access the dashboard
+    before_action :ensure_role_manager
+    
+    def index
+      @user_count = User.count
+      @role_count = Cccux::Role.count
+      @permission_count = Cccux::AbilityPermission.count
+      @total_assignments = Cccux::UserRole.count + (Cccux::Role.joins(:ability_permissions).count)
+    end
+
+    def model_discovery
+      @detected_models = detect_application_models
+      @existing_models = get_models_with_permissions
+      @missing_models = @detected_models - @existing_models
+      @actions = %w[read create update destroy]
+      
+      # Debug logging
+      Rails.logger.info "DEBUG: Detected models: #{@detected_models.inspect}"
+      Rails.logger.info "DEBUG: Existing models: #{@existing_models.inspect}"
+      Rails.logger.info "DEBUG: Missing models: #{@missing_models.inspect}"
+      
+      # Additional debug for web context
+      Rails.logger.info "DEBUG: Controller context - detected count: #{@detected_models.count}"
+      Rails.logger.info "DEBUG: Controller context - missing count: #{@missing_models.count}"
+      Rails.logger.info "DEBUG: Controller context - Order in detected? #{@detected_models.include?('Order')}"
+      Rails.logger.info "DEBUG: Controller context - Order in existing? #{@existing_models.include?('Order')}"
+    end
+
+    def sync_permissions
+      models_to_add = params[:models] || []
+      actions = %w[read create update destroy]
+      
+      added_permissions = []
+      
+      models_to_add.each do |model_name|
+        next if model_name.blank?
+        
+        actions.each do |action|
+          permission = Cccux::AbilityPermission.find_or_create_by(
+            action: action,
+            subject: model_name
+          ) do |p|
+            p.description = "#{action.capitalize} #{model_name.pluralize.downcase}"
+            p.active = true
+          end
+          
+          if permission.persisted? && !permission.previously_persisted?
+            added_permissions << permission
+          end
+        end
+      end
+      
+      if added_permissions.any?
+        redirect_to cccux.model_discovery_path, 
+                   notice: "Successfully added #{added_permissions.count} permissions for #{models_to_add.count} models!"
+      else
+        redirect_to cccux.model_discovery_path, 
+                   alert: "No new permissions were added. Models may already have permissions."
+      end
+    end
+    
+    # Handle any unmatched routes in CCCUX - redirect to home
+    def not_found
+      redirect_to main_app.root_path, alert: 'The requested page was not found.'
+    end
+
+    private
+
+    def detect_application_models
+      models = []
+      
+      begin
+        # Direct approach: Get models from database tables (bypasses all autoloading issues)
+        Rails.logger.info "Detecting models from database tables..."
+        
+        application_tables = ActiveRecord::Base.connection.tables.reject do |table|
+          # Skip Rails internal tables and CCCUX tables
+          table.start_with?('schema_migrations', 'ar_internal_metadata', 'cccux_') ||
+          skip_table?(table)
+        end
+        
+        Rails.logger.info "Found application tables: #{application_tables}"
+        
+        application_tables.each do |table|
+          # Convert table name to model name
+          model_name = table.singularize.camelize
+          
+          # Verify the model exists and is valid
+          begin
+            if Object.const_defined?(model_name)
+              model_class = Object.const_get(model_name)
+              if model_class.respond_to?(:table_name) && 
+                 model_class.table_name == table &&
+                 !skip_model_by_name?(model_name)
+                models << model_name
+                Rails.logger.info "✅ Found model: #{model_name} (table: #{table})"
+              end
+            else
+              # Model constant doesn't exist yet, but table does - likely a valid model
+              unless skip_model_by_name?(model_name)
+                models << model_name
+                Rails.logger.info "✅ Found model from table: #{model_name} (table: #{table})"
+              end
+            end
+          rescue => e
+            Rails.logger.debug "Skipped table #{table}: #{e.message}"
+          end
+        end
+        
+      rescue => e
+        Rails.logger.error "Error detecting models from database: #{e.message}"
+        Rails.logger.error e.backtrace.join("\n")
+      end
+      
+      # Always include CCCUX engine models for management (but not User since host app owns it)
+      cccux_models = %w[Cccux::Role Cccux::AbilityPermission Cccux::UserRole Cccux::RoleAbility]
+      models += cccux_models
+      
+      # Debug what we found
+      Rails.logger.info "Model detection summary:"
+      Rails.logger.info "  Total models found: #{models.uniq.count}"
+      Rails.logger.info "  Application models: #{models.reject { |m| m.start_with?('Cccux::') }.join(', ')}"
+      Rails.logger.info "  CCCUX models: #{models.select { |m| m.start_with?('Cccux::') }.join(', ')}"
+      
+      models.uniq.sort
+    end
+
+    def get_models_with_permissions
+      Cccux::AbilityPermission.distinct.pluck(:subject).compact.sort
+    end
+
+    def skip_model?(model_class)
+      skip_model_by_name?(model_class.name)
+    end
+    
+    def skip_model_by_name?(model_name)
+      # Skip models that shouldn't have permissions
+      excluded_patterns = [
+        /^ActiveRecord::/,
+        /^ActiveStorage::/,
+        /^ActionText::/,
+        /^ActionMailbox::/,
+        /^ApplicationRecord$/,
+        /Version$/, # PaperTrail versions
+        /Schema/,
+        /Migration/
+      ]
+      
+      excluded_patterns.any? { |pattern| model_name.match?(pattern) }
+    end
+    
+    def skip_table?(table_name)
+      # Skip tables that are not meant to have corresponding models
+      excluded_tables = [
+        'active_storage_blobs',
+        'active_storage_attachments',
+        'active_storage_variant_records',
+        'action_text_rich_texts',
+        'action_mailbox_inbound_emails',
+        'versions' # PaperTrail
+      ]
+      
+      excluded_tables.include?(table_name) ||
+      table_name.end_with?('_versions') # PaperTrail version tables
+    end
+  end
+end

data/app/controllers/cccux/home_controller.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module Cccux
+  class HomeController < ApplicationController
+    def index
+      # This controller can be used as a fallback root route
+      # It will redirect to the host app's root or show a simple welcome page
+      
+      # Try to redirect to host app's root first
+      # if Rails.application.routes.recognize_path('/', method: :get) rescue false
+      #   redirect_to '/'
+      #   return
+      # end
+      
+      # If no host app root, show a simple welcome page
+      render :index
+    end
+  end
+end