RubyGems - devisable - Versions diffs - 0.1.0 - Mend

devisable 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

data/lib/generators/devisable/templates/app/controllers/registrations_controller.erb ADDED

@@ -0,0 +1,19 @@
+class RegistrationsController < Devise::RegistrationsController
+  self.view_paths = ['app/views/devise','app/views']
+  # Overiding the create controller because we are assigning the General User role to every user
+  # POST /resource/sign_up
+  def create
+    build_resource
+    if resource.save
+      resource.roles << Role.find_by_name('GeneralUser') unless User.count() == 1
+      resource.save
+      set_flash_message :notice, :signed_up
+      sign_in_and_redirect(resource_name, resource)
+    else
+      clean_up_passwords(resource)
+      render_with_scope :new
+    end
+  end
+end

data/lib/generators/devisable/templates/app/controllers/users_controller.erb ADDED

@@ -0,0 +1,152 @@
+class UsersController < ApplicationController
+  before_filter :get_user, :only => [:index,:new,:edit]
+  before_filter :accessible_roles, :only => [:new, :edit, :show, :update, :create]
+  #load and authorize resource is cancan's way of filtering controllers.
+  load_and_authorize_resource
+  # GET /users
+  # GET /users.xml
+  # GET /users.json                                       HTML and AJAX
+  #-----------------------------------------------------------------------
+  def index
+    @super_admins = User.superadmins
+    @super_admin_role = Role.find_by_name('SuperAdmin');
+    @users = User.accessible_by(current_ability, :index).limit(20)
+    respond_to do |format|
+      format.json { render :json => @users }
+      format.xml  { render :xml => @users }
+      format.html
+    end
+  end
+  # GET /users/new
+  # GET /users/new.xml
+  # GET /users/new.json                                    HTML AND AJAX
+  #-------------------------------------------------------------------
+  def new
+    respond_to do |format|
+      format.json { render :json => @user }
+      format.xml  { render :xml => @user }
+      format.html
+    end
+  end
+  # GET /users/1
+  # GET /users/1.xml
+  # GET /users/1.json                                     HTML AND AJAX
+  #-------------------------------------------------------------------
+  def show
+    respond_to do |format|
+      format.json { render :json => @user }
+      format.xml  { render :xml => @user }
+      format.html
+    end
+  rescue ActiveRecord::RecordNotFound
+    respond_to_not_found(:json, :xml, :html)
+  end
+  # GET /users/1/edit
+  # GET /users/1/edit.xml
+  # GET /users/1/edit.json                                HTML AND AJAX
+  #-------------------------------------------------------------------
+  def edit
+    respond_to do |format|
+      format.json { render :json => @user }
+      format.xml  { render :xml => @user }
+      format.html
+    end
+  rescue ActiveRecord::RecordNotFound
+    respond_to_not_found(:json, :xml, :html)
+  end
+  # DELETE /users/1
+  # DELETE /users/1.xml
+  # DELETE /users/1.json                                  HTML AND AJAX
+  #-------------------------------------------------------------------
+  def destroy
+    @user.destroy
+    respond_to do |format|
+      format.json { render :json => "Ok" }
+      format.xml  { head :ok }
+      format.html { redirect_to( users_path, :notice => "The account has been deleted." ) }
+    end
+  rescue ActiveRecord::RecordNotFound
+    respond_to_not_found(:json, :xml, :html)
+  end
+  # POST /users
+  # POST /users.xml
+  # POST /users.json                                      HTML AND AJAX
+  #-----------------------------------------------------------------
+  def create
+    @user = User.new(params[:user])
+    if @user.save
+      respond_to do |format|
+        format.json { render :json => @user.to_json, :status => 200 }
+        format.xml  { head :ok }
+        format.html { redirect_to :action => :index }
+      end
+    else
+      respond_to do |format|
+        format.json { render :text => "Could not create user", :status => :unprocessable_entity } # placeholder
+        format.xml  { head :ok }
+        format.html { render :action => :new, :status => :unprocessable_entity }
+      end
+    end
+  end
+  # Get roles accessible by the current user
+  #----------------------------------------------------
+  def accessible_roles
+    @accessible_roles = Role.accessible_by(current_ability,:read)
+  end
+  # Make the current user object available to views
+  #----------------------------------------
+  def get_user
+    @current_user = current_user
+  end
+  # PUT /users/1
+  # PUT /users/1.xml
+  # PUT /users/1.json                                            HTML AND AJAX
+  #----------------------------------------------------------------------------
+  def update
+    if params[:user][:password].blank? && params[:user][:password_confirmation].blank?
+      [:password,:password_confirmation,:current_password].collect{|p| params[:user].delete(p) }
+    else
+      @user.errors[:base] << "Your passwords don't match" unless params[:user][:password] == params[:user][:password_confirmation]
+      #the following can be used if you have an update profile page.
+      #@user.errors[:base] << "The password you entered is incorrect" unless @user.valid_password?(params[:user][:current_password])
+    end
+    respond_to do |format|
+      if @user.errors[:base].empty? and @user.update_attributes(params[:user])
+        @user.roles = []
+        params[:user]['role_ids'].each do |role_id|
+          if role_id != ''
+            @user.roles << Role.find_by_id(role_id)
+          end
+        end
+        @user.save
+        flash[:notice] = "The account has been updated"
+        format.json { render :json => @user.to_json, :status => 200 }
+        format.xml  { head :ok }
+        format.html { render :action => :show }
+      else
+        format.json { render :text => "Could not update user", :status => :unprocessable_entity } #placeholder
+        format.xml  { render :xml => @user.errors, :status => :unprocessable_entity }
+        format.html { render :action => :edit, :status => :unprocessable_entity }
+      end
+    end
+  rescue ActiveRecord::RecordNotFound
+    respond_to_not_found(:js, :xml, :html)
+  end
+end

data/lib/generators/devisable/templates/app/controllers/welcome_controller.erb ADDED

@@ -0,0 +1,11 @@
+class WelcomeController < ApplicationController
+  before_filter :authenticate_user!, :except => [:index]
+  # GET /
+  # GET /welcome.html
+  # GET /welcome.xml
+  # GET /welcome.json                                       HTML and AJAX
+  #-----------------------------------------------------------------------
+  def index
+  end
+end

data/lib/generators/devisable/templates/app/helpers/roles_helper.erb ADDED

@@ -0,0 +1,63 @@
+module RolesHelper
+      def habtm_checkboxes(obj, column, assignment_objects, assignment_object_display_column)
+        obj_to_s = obj.class.to_s.split("::").last.underscore
+        field_name = "#{obj_to_s}[#{column}][]"
+        html = hidden_field_tag(field_name, "")
+        assignment_objects.each do |assignment_obj|
+          cbx_id = "#{obj_to_s}_#{column}_#{assignment_obj.id}"
+          html += check_box_tag field_name, assignment_obj.id, obj.send(column).include?(assignment_obj.id), :id => cbx_id
+          html += label_tag cbx_id, h(assignment_obj.send(assignment_object_display_column))
+          html += content_tag(:br)
+        end
+        html
+      end
+      def permissions_checkboxes(obj, column, controllers, role_id)
+        perms =  obj.permissions
+        html = ""
+        abilities = ['manage','read','create','update','destroy']
+        html += content_tag(:table) do
+          html_table = ""
+          controllers.each do |controller|
+            controller.strip!
+            html_table += content_tag(:tr) do
+              html_tr = ""
+              html_tr += content_tag(:th, controller)
+              html_tr += content_tag(:th, "Use")
+              html_tr += content_tag(:th, "View")
+              html_tr += content_tag(:th, "Add")
+              html_tr += content_tag(:th, "Edit")
+              html_tr += content_tag(:th, "Delete")
+            end
+            html_table += content_tag(:tr) do
+              html_tr = ""
+              html_tr += content_tag(:td," ")
+              abilities.each do |ability|
+                # p = Permission.new
+                #
+                #             p.role_id = role_id
+                #             p.controller = controller
+                #             p.ability = ability
+                p = {
+                  :role_id => role_id,
+                  :controller => controller.singularize,
+                  :ability => ability
+                }
+                perm = Permission.new(p)
+                checked = perms.include?(perm)
+                #checked = false
+                html_tr += content_tag(:td) do
+                  check_box_tag 'role_ids[]',p.to_json,checked, {:id => "permission_#{controller}_#{ability}", :class => "permission_#{ability}"}
+                end
+              end
+              html_tr
+            end
+          end
+          html_table
+        end
+        html.html_safe
+      end
+end

data/lib/generators/devisable/templates/app/models/permission.erb ADDED

@@ -0,0 +1,12 @@
+# Stores all Cancan permissions
+class Permission < ActiveRecord::Base
+  belongs_to :role
+  # Equality check based on the role id, controller, and ability
+  #
+  # @param another_permission The permission to compare against
+  # @return [Boolean] True if the permissions match role id, controller and ability
+  def ==(another_permission)
+    self.role_id == another_permission.role_id && self.controller == another_permission.controller && self.ability == another_permission.ability ? true : false
+  end
+end

data/lib/generators/devisable/templates/app/models/role.erb ADDED

@@ -0,0 +1,5 @@
+# Stores groups of permissions and their relationships to users
+class Role < ActiveRecord::Base
+  has_and_belongs_to_many :users
+  has_many :permissions
+end

data/lib/generators/devisable/templates/app/views/roles/_form.erb ADDED

@@ -0,0 +1,29 @@
+<%= form_for(@role) do |f| %>
+  <% if @role.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(@role.errors.count, "error") %> prohibited this role from being saved:</h2>
+      <ul>
+      <% @role.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <div class="field">
+    <%= f.label :name %><br />
+    <%= f.text_field :name %>
+  </div>
+  <% if can? :read, Permission %>
+  	<p><%= f.label :permission %></p>
+  	<ul class="no-pad no-bullets">
+  		<%= permissions_checkboxes(@role, :permission_ids, @accessible_permissions, @role.id) %>
+  	</ul>
+  <% end %>
+  <div class="actions">
+    <%= f.submit %>
+  </div>
+<% end %>

data/lib/generators/devisable/templates/app/views/roles/edit.erb ADDED

@@ -0,0 +1,6 @@
+<h1>Editing role</h1>
+<%= render 'form' %>
+<%= link_to 'Show', @role %> |
+<%= link_to 'Back', roles_path %>

data/lib/generators/devisable/templates/app/views/roles/index.erb ADDED

@@ -0,0 +1,28 @@
+<h1>Listing roles</h1>
+<table>
+  <tr>
+    <th>Name</th>
+    <th></th>
+    <th></th>
+    <th></th>
+  </tr>
+<% @roles.each do |role| %>
+  <tr>
+    <td><%= role.name %></td>
+    <td><%= link_to 'Show', role %></td>
+    <td><%= link_to_if(can?(:edit, Role), 'Edit', edit_role_path(role)) %></td>
+    <td>
+      <% if role.users.length > 0 %>
+        <span title="Roles with associated users cannot be deleted">Delete</span>
+      <% else %>
+        <%= link_to_if(can?(:delete, Role), 'Destroy', role, :confirm => 'Are you sure?', :method => :delete) %></td>
+      <% end %>
+  </tr>
+<% end %>
+</table>
+<br />
+<%= link_to 'New Role', new_role_path %>

data/lib/generators/devisable/templates/app/views/roles/new.erb ADDED

@@ -0,0 +1,5 @@
+<h1>New role</h1>
+<%= render 'form' %>
+<%= link_to 'Back', roles_path %>

data/lib/generators/devisable/templates/app/views/roles/show.erb ADDED

@@ -0,0 +1,10 @@
+<p id="notice"><%= notice %></p>
+<p>
+  <b>Name:</b>
+  <%= @role.name %>
+</p>
+<%= link_to_if(can?(:edit, Role), 'Edit', edit_role_path(@role)) %> |
+<%= link_to 'Back', roles_path %>

data/lib/generators/devisable/templates/app/views/shared/_admin_nav.erb ADDED

@@ -0,0 +1,7 @@
+<ul id="navigation">
+  <%% if can?(:view, Role) || can?(:view, User) %>
+    <li><%%= link_to_if(can?(:view, User), 'Users', users_path, :class => ( "on" if current_tab?('users') )) %></li>
+    <li><%%= link_to_if(can?(:view, Role), 'Roles', roles_path, :class => ( "on" if current_tab?('roles') )) %></li>
+  <%% end %>
+</ul>
+<div class="clear">&nbsp;</div>

data/lib/generators/devisable/templates/app/views/users/_form.erb ADDED

@@ -0,0 +1,23 @@
+<%%= form_for(@user) do |f| %>
+  <!-- extra fields go here -->
+  <p><%%= f.label :email %></p>
+  <p><%%= f.text_field :email %></p>
+  <%% if can? :read, Role %>
+  	<p><%%= f.label :role %></p>
+  	<ul class="no-pad no-bullets">
+  		<%%= habtm_checkboxes(@user, :role_ids, @accessible_roles, :name) %>
+  	</ul>
+  <%% end %>
+  <% if @show_password %>
+  <p><%%= f.label :password %> <i>(leave blank if you don't want to change it)</i></p>
+  <p><%%= f.password_field :password %></p>
+  <p><%%= f.label :password_confirmation %></p>
+  <p><%%= f.password_field :password_confirmation %></p>
+  <% end %>
+  <p><%%= f.submit "Submit" %></p>
+<%% end %>

data/lib/generators/devisable/templates/app/views/users/edit.erb ADDED

@@ -0,0 +1,6 @@
+<h3><%%= @user == @current_user ? "Your Account Settings" : "Edit User" %></h3>
+<%%= render 'form' %>
+<%%= link_to 'Show', @user %> |
+<%%= link_to 'Back', user_path %>

data/lib/generators/devisable/templates/app/views/users/index.erb ADDED

@@ -0,0 +1,27 @@
+<h1>Listing Users</h1>
+<table>
+  <tr>
+    <th>Email</th>
+    <th>Roles</th>
+    <th></th>
+    <th></th>
+  </tr>
+  <!-- table header stuff here -->
+  <%% @users.each do |u| %>
+    <tr>
+      <td><%%= "#{u.email}" %></td>
+      <td><%%= "#{u.roles.collect{|r| r.name}}" %></td>
+      <td><%%= link_to 'Show', user_path(u.id) %></td>
+      <td><%%= link_to_if(can?(:edit, User), 'Edit', edit_user_path(u.id)) {} %></td>
+      <%% if !(@super_admins.count == 1 && u.roles.include?(@super_admin_role)) %>
+        <td><%%= link_to_if(can?(:delete, u), 'Delete', u, :confirm => "Are you sure?", :method => :delete) {} %></td>
+      <%% else %>
+        <td><span title="Can NOT delete the last SuperAdmin user">Delete</span></td>
+      <%% end %>
+    </tr>
+  <%% end %>
+</table>
+<br />

data/lib/generators/devisable/templates/app/views/users/new.erb ADDED

@@ -0,0 +1,5 @@
+<h1>New User</h1>
+<%%= render 'form' %>
+<%%= link_to 'Back', user_index_path %>

data/lib/generators/devisable/templates/app/views/users/show.erb ADDED

@@ -0,0 +1,55 @@
+<h3><%%= @user.email %></h3>
+<%%= link_to_if(can?(:update,@user), "Edit", edit_user_path(@user)) %> |
+<%%= link_to_if(can?(:delete, @user), "Delete", user_path(@user), :confirm => "Are you sure?", :method => :delete) {} %>
+<table class="one-column-emphasis">
+	<tbody>
+		<tr>
+			<td class="oce-first">Email:</td>
+			<td><%%= @user.email %></td>
+		</tr>
+		<tr>
+			<td class="oce-first">Username:</td>
+			<td><%%= @user.username %></td>
+		</tr>
+		<tr>
+			<td class="oce-first">Role:</td>
+			<td><%%= @user.roles.first.name %></td>
+		</tr>
+	<%% if can?(:see_timestamps,User) %>
+		<tr>
+			<td class="oce-first">Created at:</td>
+			<td><%%= @user.created_at %></td>
+		</tr>
+		<tr>
+			<td class="oce-first">Last Sign In:</td>
+			<td><%%= @user.last_sign_in_at %></td>
+		</tr>
+		<tr>
+			<td class="oce-first">Sign In Count:</td>
+			<td><%%= @user.sign_in_count %></td>
+		</tr>
+	<%% end %>
+	<%% if @user.respond_to?(:oauth_profiles) %>
+  	<%% @user.oauth_profiles.each do |profile| %>
+  	  <tr>
+  			<td class="oce-first"><%%= profile.provider %> username:</td>
+  			<td><%%= profile.username %></td>
+  		</tr>
+  		<tr>
+  			<td class="oce-first"><%%= profile.provider %> email:</td>
+  			<td><%%= profile.email %></td>
+  		</tr>
+  		<tr>
+  			<td class="oce-first"><%%= profile.provider %> name:</td>
+  			<td><%%= profile.name %></td>
+  		</tr>
+  		<tr>
+  			<td class="oce-first"><%%= profile.provider %> image:</td>
+  			<td><img src='<%%= profile.img_url %>' /></td>
+  		</tr>
+  	<%% end %>
+  <%% end %>
+	</tbody>
+</table>