RubyGems - devisable - Versions diffs - 0.1.0 - Mend

devisable 0.1.0

Files changed (66) hide show

data/lib/generators/devisable/templates/app/controllers/registrations_controller.erb ADDED

@@ -0,0 +1,19 @@
+class RegistrationsController < Devise::RegistrationsController
+  self.view_paths = ['app/views/devise','app/views']
+  # Overiding the create controller because we are assigning the General User role to every user
+  # POST /resource/sign_up
+  def create
+    build_resource
+    if resource.save
+      resource.roles << Role.find_by_name('GeneralUser') unless User.count() == 1
+      resource.save
+      set_flash_message :notice, :signed_up
+      sign_in_and_redirect(resource_name, resource)
+    else
+      clean_up_passwords(resource)
+      render_with_scope :new
+    end
+  end
+end

data/lib/generators/devisable/templates/app/controllers/users_controller.erb ADDED

@@ -0,0 +1,152 @@
+class UsersController < ApplicationController
+  before_filter :get_user, :only => [:index,:new,:edit]
+  before_filter :accessible_roles, :only => [:new, :edit, :show, :update, :create]
+  #load and authorize resource is cancan's way of filtering controllers.
+  load_and_authorize_resource
+  # GET /users
+  # GET /users.xml
+  # GET /users.json                                       HTML and AJAX
+  #-----------------------------------------------------------------------
+  def index
+    @super_admins = User.superadmins
+    @super_admin_role = Role.find_by_name('SuperAdmin');
+    @users = User.accessible_by(current_ability, :index).limit(20)
+    respond_to do |format|
+      format.json { render :json => @users }
+      format.xml  { render :xml => @users }
+      format.html
+    end
+  end
+  # GET /users/new
+  # GET /users/new.xml
+  # GET /users/new.json                                    HTML AND AJAX
+  #-------------------------------------------------------------------
+  def new
+    respond_to do |format|
+      format.json { render :json => @user }
+      format.xml  { render :xml => @user }
+      format.html
+    end
+  end
+  # GET /users/1
+  # GET /users/1.xml
+  # GET /users/1.json                                     HTML AND AJAX
+  #-------------------------------------------------------------------
+  def show
+    respond_to do |format|
+      format.json { render :json => @user }
+      format.xml  { render :xml => @user }
+      format.html
+    end
+  rescue ActiveRecord::RecordNotFound
+    respond_to_not_found(:json, :xml, :html)
+  end
+  # GET /users/1/edit
+  # GET /users/1/edit.xml
+  # GET /users/1/edit.json                                HTML AND AJAX
+  #-------------------------------------------------------------------
+  def edit
+    respond_to do |format|
+      format.json { render :json => @user }
+      format.xml  { render :xml => @user }
+      format.html
+    end
+  rescue ActiveRecord::RecordNotFound
+    respond_to_not_found(:json, :xml, :html)
+  end
+  # DELETE /users/1
+  # DELETE /users/1.xml
+  # DELETE /users/1.json                                  HTML AND AJAX
+  #-------------------------------------------------------------------
+  def destroy
+    @user.destroy
+    respond_to do |format|
+      format.json { render :json => "Ok" }
+      format.xml  { head :ok }
+      format.html { redirect_to( users_path, :notice => "The account has been deleted." ) }
+    end
+  rescue ActiveRecord::RecordNotFound
+    respond_to_not_found(:json, :xml, :html)
+  end
+  # POST /users
+  # POST /users.xml
+  # POST /users.json                                      HTML AND AJAX
+  #-----------------------------------------------------------------
+  def create
+    @user = User.new(params[:user])
+    if @user.save
+      respond_to do |format|
+        format.json { render :json => @user.to_json, :status => 200 }
+        format.xml  { head :ok }
+        format.html { redirect_to :action => :index }
+      end
+    else
+      respond_to do |format|
+        format.json { render :text => "Could not create user", :status => :unprocessable_entity } # placeholder
+        format.xml  { head :ok }
+        format.html { render :action => :new, :status => :unprocessable_entity }
+      end
+    end
+  end
+  # Get roles accessible by the current user
+  #----------------------------------------------------
+  def accessible_roles
+    @accessible_roles = Role.accessible_by(current_ability,:read)
+  end
+  # Make the current user object available to views
+  #----------------------------------------
+  def get_user
+    @current_user = current_user
+  end
+  # PUT /users/1
+  # PUT /users/1.xml
+  # PUT /users/1.json                                            HTML AND AJAX
+  #----------------------------------------------------------------------------
+  def update
+    if params[:user][:password].blank? && params[:user][:password_confirmation].blank?
+      [:password,:password_confirmation,:current_password].collect{|p| params[:user].delete(p) }
+    else
+      @user.errors[:base] << "Your passwords don't match" unless params[:user][:password] == params[:user][:password_confirmation]
+      #the following can be used if you have an update profile page.
+      #@user.errors[:base] << "The password you entered is incorrect" unless @user.valid_password?(params[:user][:current_password])
+    end
+    respond_to do |format|
+      if @user.errors[:base].empty? and @user.update_attributes(params[:user])
+        @user.roles = []
+        params[:user]['role_ids'].each do |role_id|
+          if role_id != ''
+            @user.roles << Role.find_by_id(role_id)
+          end
+        end
+        @user.save
+        flash[:notice] = "The account has been updated"
+        format.json { render :json => @user.to_json, :status => 200 }
+        format.xml  { head :ok }
+        format.html { render :action => :show }
+      else
+        format.json { render :text => "Could not update user", :status => :unprocessable_entity } #placeholder
+        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
+        format.html { render :action => :edit, :status => :unprocessable_entity }
+      end
+    end
+  rescue ActiveRecord::RecordNotFound
+    respond_to_not_found(:js, :xml, :html)
+  end
+end

data/lib/generators/devisable/templates/app/controllers/welcome_controller.erb ADDED

@@ -0,0 +1,11 @@
+class WelcomeController < ApplicationController
+  before_filter :authenticate_user!, :except => [:index]
+  # GET /
+  # GET /welcome.html
+  # GET /welcome.xml
+  # GET /welcome.json                                       HTML and AJAX
+  #-----------------------------------------------------------------------
+  def index
+  end
+end

data/lib/generators/devisable/templates/app/helpers/roles_helper.erb ADDED

@@ -0,0 +1,63 @@
+module RolesHelper
+      def habtm_checkboxes(obj, column, assignment_objects, assignment_object_display_column)
+        obj_to_s = obj.class.to_s.split("::").last.underscore
+        field_name = "#{obj_to_s}[#{column}][]"
+        html = hidden_field_tag(field_name, "")
+        assignment_objects.each do |assignment_obj|
+          cbx_id = "#{obj_to_s}_#{column}_#{assignment_obj.id}"
+          html += check_box_tag field_name, assignment_obj.id, obj.send(column).include?(assignment_obj.id), :id => cbx_id
+          html += label_tag cbx_id, h(assignment_obj.send(assignment_object_display_column))
+          html += content_tag(:br)
+        end
+        html
+      end
+      def permissions_checkboxes(obj, column, controllers, role_id)
+        perms =  obj.permissions
+        html = ""
+        abilities = ['manage','read','create','update','destroy']
+        html += content_tag(:table) do
+          html_table = ""
+          controllers.each do |controller|
+            controller.strip!
+            html_table += content_tag(:tr) do
+              html_tr = ""
+              html_tr += content_tag(:th, controller)
+              html_tr += content_tag(:th, "Use")
+              html_tr += content_tag(:th, "View")
+              html_tr += content_tag(:th, "Add")
+              html_tr += content_tag(:th, "Edit")
+              html_tr += content_tag(:th, "Delete")
+            end
+            html_table += content_tag(:tr) do
+              html_tr = ""
+              html_tr += content_tag(:td," ")
+              abilities.each do |ability|
+                # p = Permission.new
+                #
+                #             p.role_id = role_id
+                #             p.controller = controller
+                #             p.ability = ability
+                p = {
+                  :role_id => role_id,
+                  :controller => controller.singularize,
+                  :ability => ability
+                }
+                perm = Permission.new(p)
+                checked = perms.include?(perm)
+                #checked = false
+                html_tr += content_tag(:td) do
+                  check_box_tag 'role_ids[]',p.to_json,checked, {:id => "permission_#{controller}_#{ability}", :class => "permission_#{ability}"}
+                end
+              end
+              html_tr
+            end
+          end
+          html_table
+        end
+        html.html_safe
+      end
+end

data/lib/generators/devisable/templates/app/models/permission.erb ADDED

@@ -0,0 +1,12 @@
+# Stores all Cancan permissions
+class Permission < ActiveRecord::Base
+  belongs_to :role
+  # Equality check based on the role id, controller, and ability
+  #
+  # @param another_permission The permission to compare against
+  # @return [Boolean] True if the permissions match role id, controller and ability
+  def ==(another_permission)
+    self.role_id == another_permission.role_id && self.controller == another_permission.controller && self.ability == another_permission.ability ? true : false
+  end
+end

data/lib/generators/devisable/templates/app/models/role.erb ADDED

@@ -0,0 +1,5 @@
+# Stores groups of permissions and their relationships to users
+class Role < ActiveRecord::Base
+  has_and_belongs_to_many :users
+  has_many :permissions
+end

data/lib/generators/devisable/templates/app/views/roles/_form.erb ADDED

@@ -0,0 +1,29 @@
+<%= form_for(@role) do |f| %>
+  <% if @role.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(@role.errors.count, "error") %> prohibited this role from being saved:</h2>
+      <ul>
+      <% @role.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div class="field">
+    <%= f.label :name %><br />
+    <%= f.text_field :name %>
+  </div>
+  <% if can? :read, Permission %>
+  	<p><%= f.label :permission %></p>
+  	<ul class="no-pad no-bullets">
+  		<%= permissions_checkboxes(@role, :permission_ids, @accessible_permissions, @role.id) %>
+  	</ul>
+  <% end %>
+  <div class="actions">
+    <%= f.submit %>
+  </div>
+<% end %>

data/lib/generators/devisable/templates/app/views/roles/edit.erb ADDED

@@ -0,0 +1,6 @@
+<h1>Editing role</h1>
+<%= render 'form' %>
+<%= link_to 'Show', @role %> |
+<%= link_to 'Back', roles_path %>

data/lib/generators/devisable/templates/app/views/roles/index.erb ADDED

@@ -0,0 +1,28 @@
+<h1>Listing roles</h1>
+<table>
+  <tr>
+    <th>Name</th>
+    <th></th>
+    <th></th>
+    <th></th>
+  </tr>
+<% @roles.each do |role| %>
+  <tr>
+    <td><%= role.name %></td>
+    <td><%= link_to 'Show', role %></td>
+    <td><%= link_to_if(can?(:edit, Role), 'Edit', edit_role_path(role)) %></td>
+    <td>
+      <% if role.users.length > 0 %>
+        <span title="Roles with associated users cannot be deleted">Delete</span>
+      <% else %>
+        <%= link_to_if(can?(:delete, Role), 'Destroy', role, :confirm => 'Are you sure?', :method => :delete) %></td>
+      <% end %>
+  </tr>
+<% end %>
+</table>
+<br />
+<%= link_to 'New Role', new_role_path %>

data/lib/generators/devisable/templates/app/views/roles/new.erb ADDED

@@ -0,0 +1,5 @@
+<h1>New role</h1>
+<%= render 'form' %>
+<%= link_to 'Back', roles_path %>

data/lib/generators/devisable/templates/app/views/roles/show.erb ADDED

@@ -0,0 +1,10 @@
+<p id="notice"><%= notice %></p>
+<p>
+  <b>Name:</b>
+  <%= @role.name %>
+</p>
+<%= link_to_if(can?(:edit, Role), 'Edit', edit_role_path(@role)) %> |
+<%= link_to 'Back', roles_path %>

data/lib/generators/devisable/templates/app/views/shared/_admin_nav.erb ADDED

@@ -0,0 +1,7 @@
+<ul id="navigation">
+  <%% if can?(:view, Role) || can?(:view, User) %>
+    <li><%%= link_to_if(can?(:view, User), 'Users', users_path, :class => ( "on" if current_tab?('users') )) %></li>
+    <li><%%= link_to_if(can?(:view, Role), 'Roles', roles_path, :class => ( "on" if current_tab?('roles') )) %></li>
+  <%% end %>
+</ul>
+<div class="clear">&nbsp;</div>

data/lib/generators/devisable/templates/app/views/users/_form.erb ADDED

@@ -0,0 +1,23 @@
+<%%= form_for(@user) do |f| %>
+  <!-- extra fields go here -->
+  <p><%%= f.label :email %></p>
+  <p><%%= f.text_field :email %></p>
+  <%% if can? :read, Role %>
+  	<p><%%= f.label :role %></p>
+  	<ul class="no-pad no-bullets">
+  		<%%= habtm_checkboxes(@user, :role_ids, @accessible_roles, :name) %>
+  	</ul>
+  <%% end %>
+  <% if @show_password %>
+  <p><%%= f.label :password %> <i>(leave blank if you don't want to change it)</i></p>
+  <p><%%= f.password_field :password %></p>
+  <p><%%= f.label :password_confirmation %></p>
+  <p><%%= f.password_field :password_confirmation %></p>
+  <% end %>
+  <p><%%= f.submit "Submit" %></p>
+<%% end %>

data/lib/generators/devisable/templates/app/views/users/edit.erb ADDED

@@ -0,0 +1,6 @@
+<h3><%%= @user == @current_user ? "Your Account Settings" : "Edit User" %></h3>
+<%%= render 'form' %>
+<%%= link_to 'Show', @user %> |
+<%%= link_to 'Back', user_path %>

data/lib/generators/devisable/templates/app/views/users/index.erb ADDED

@@ -0,0 +1,27 @@
+<h1>Listing Users</h1>
+<table>
+  <tr>
+    <th>Email</th>
+    <th>Roles</th>
+    <th></th>
+    <th></th>
+  </tr>
+  <!-- table header stuff here -->
+  <%% @users.each do |u| %>
+    <tr>
+      <td><%%= "#{u.email}" %></td>
+      <td><%%= "#{u.roles.collect{|r| r.name}}" %></td>
+      <td><%%= link_to 'Show', user_path(u.id) %></td>
+      <td><%%= link_to_if(can?(:edit, User), 'Edit', edit_user_path(u.id)) {} %></td>
+      <%% if !(@super_admins.count == 1 && u.roles.include?(@super_admin_role)) %>
+        <td><%%= link_to_if(can?(:delete, u), 'Delete', u, :confirm => "Are you sure?", :method => :delete) {} %></td>
+      <%% else %>
+        <td><span title="Can NOT delete the last SuperAdmin user">Delete</span></td>
+      <%% end %>
+    </tr>
+  <%% end %>
+</table>
+<br />

data/lib/generators/devisable/templates/app/views/users/new.erb ADDED

@@ -0,0 +1,5 @@
+<h1>New User</h1>
+<%%= render 'form' %>
+<%%= link_to 'Back', user_index_path %>

data/lib/generators/devisable/templates/app/views/users/show.erb ADDED

@@ -0,0 +1,55 @@
+<h3><%%= @user.email %></h3>
+<%%= link_to_if(can?(:update,@user), "Edit", edit_user_path(@user)) %> |
+<%%= link_to_if(can?(:delete, @user), "Delete", user_path(@user), :confirm => "Are you sure?", :method => :delete) {} %>
+<table class="one-column-emphasis">
+	<tbody>
+		<tr>
+			<td class="oce-first">Email:</td>
+			<td><%%= @user.email %></td>
+		</tr>
+		<tr>
+			<td class="oce-first">Username:</td>
+			<td><%%= @user.username %></td>
+		</tr>
+		<tr>
+			<td class="oce-first">Role:</td>
+			<td><%%= @user.roles.first.name %></td>
+		</tr>
+	<%% if can?(:see_timestamps,User) %>
+		<tr>
+			<td class="oce-first">Created at:</td>
+			<td><%%= @user.created_at %></td>
+		</tr>
+		<tr>
+			<td class="oce-first">Last Sign In:</td>
+			<td><%%= @user.last_sign_in_at %></td>
+		</tr>
+		<tr>
+			<td class="oce-first">Sign In Count:</td>
+			<td><%%= @user.sign_in_count %></td>
+		</tr>
+	<%% end %>
+	<%% if @user.respond_to?(:oauth_profiles) %>
+  	<%% @user.oauth_profiles.each do |profile| %>
+  	  <tr>
+  			<td class="oce-first"><%%= profile.provider %> username:</td>
+  			<td><%%= profile.username %></td>
+  		</tr>
+  		<tr>
+  			<td class="oce-first"><%%= profile.provider %> email:</td>
+  			<td><%%= profile.email %></td>
+  		</tr>
+  		<tr>
+  			<td class="oce-first"><%%= profile.provider %> name:</td>
+  			<td><%%= profile.name %></td>
+  		</tr>
+  		<tr>
+  			<td class="oce-first"><%%= profile.provider %> image:</td>
+  			<td><img src='<%%= profile.img_url %>' /></td>
+  		</tr>
+  	<%% end %>
+  <%% end %>
+	</tbody>
+</table>