ditty 0.2.0

data/lib/ditty/controllers/main.rb

@@ -0,0 +1,86 @@
+# frozen_string_literal: true
+
+require 'ditty/controllers/application'
+
+module Ditty
+  class Main < Application
+    def find_template(views, name, engine, &block)
+      super(views, name, engine, &block) # Root
+      super(::Ditty::App.view_folder, name, engine, &block) # Basic Plugin
+    end
+
+    # Home Page
+    get '/' do
+      authenticate!
+      haml :index, locals: { title: 'Home' }
+    end
+
+    # OmniAuth Identity Stuff
+    # Log in Page
+    get '/auth/identity' do
+      haml :'identity/login', locals: { title: 'Log In' }
+    end
+
+    get '/auth/failure' do
+      broadcast(:identity_failed_login)
+      flash[:warning] = 'Invalid credentials. Please try again.'
+      redirect "#{settings.map_path}/auth/identity"
+    end
+
+    post '/auth/identity/callback' do
+      if env['omniauth.auth']
+        # Successful Login
+        user = User.find(email: env['omniauth.auth']['info']['email'])
+        self.current_user = user
+        log_action(:identity_login, user: user)
+        flash[:success] = 'Logged In'
+        redirect "#{settings.map_path}/"
+      else
+        # Failed Login
+        broadcast(:identity_failed_login)
+        flash[:warning] = 'Invalid credentials. Please try again.'
+        redirect "#{settings.map_path}/auth/identity"
+      end
+    end
+
+    # Register Page
+    get '/auth/identity/register' do
+      identity = Identity.new
+      haml :'identity/register', locals: { title: 'Register', identity: identity }
+    end
+
+    # Register Action
+    post '/auth/identity/new' do
+      identity = Identity.new(params['identity'])
+      if identity.valid? && identity.save
+        user = User.find_or_create(email: identity.username)
+        user.add_identity identity
+
+        # Create the SA user if none is present
+        sa = Role.find_or_create(name: 'super_admin')
+        user.add_role sa if User.where(roles: sa).count == 0
+
+        log_action(:identity_register, user: user)
+        flash[:info] = 'Successfully Registered. Please log in'
+        redirect "#{settings.map_path}/auth/identity"
+      else
+        flash.now[:warning] = 'Could not complete the registration. Please try again.'
+        haml :'identity/register', locals: { identity: identity }
+      end
+    end
+
+    # Logout Action
+    delete '/auth/identity' do
+      log_action(:identity_logout)
+      logout
+      flash[:info] = 'Logged Out'
+
+      redirect "#{settings.map_path}/"
+    end
+
+    # Unauthenticated
+    get '/unauthenticated' do
+      redirect "#{settings.map_path}/auth/identity"
+    end
+  end
+end

data/lib/ditty/controllers/roles.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'ditty/controllers/component'
+require 'ditty/models/role'
+require 'ditty/policies/role_policy'
+
+module Ditty
+  class Roles < Ditty::Component
+    set model_class: Role
+
+    def find_template(views, name, engine, &block)
+      super(views, name, engine, &block) # Root
+      super(::Ditty::App.view_folder, name, engine, &block) # Ditty
+    end
+  end
+end

data/lib/ditty/controllers/users.rb

@@ -0,0 +1,183 @@
+# frozen_string_literal: true
+
+require 'ditty/controllers/component'
+require 'ditty/models/user'
+require 'ditty/policies/user_policy'
+require 'ditty/models/identity'
+require 'ditty/policies/identity_policy'
+
+module Ditty
+  class Users < Ditty::Component
+    set model_class: User
+    set track_actions: true
+
+    def find_template(views, name, engine, &block)
+      super(views, name, engine, &block) # Root
+      super(::Ditty::App.view_folder, name, engine, &block) # Ditty
+    end
+
+    # New
+    get '/new' do
+      authorize settings.model_class, :create
+
+      locals = {
+        title: heading(:new),
+        entity: User.new,
+        identity: Identity.new
+      }
+      haml :"#{view_location}/new", locals: locals
+    end
+
+    # Create
+    post '/' do
+      authorize settings.model_class, :create
+
+      locals = { title: heading(:new) }
+
+      user_params = permitted_attributes(User, :create)
+      identity_params = permitted_attributes(Identity, :create)
+      user_params['email'] = identity_params['username']
+      roles = user_params.delete('role_id')
+
+      user     = locals[:user]     = User.new(user_params)
+      identity = locals[:identity] = Identity.new(identity_params)
+
+      if identity.valid? && user.valid?
+        DB.transaction(isolation: :serializable) do
+          identity.save
+          user.save
+          user.add_identity identity
+          if roles
+            roles.each do |role_id|
+              user.add_role(role_id) unless user.roles.map(&:id).include? role_id.to_i
+            end
+          end
+          user.check_roles
+        end
+
+        log_action("#{dehumanized}_create".to_sym) if settings.track_actions
+        respond_to do |format|
+          format.html do
+            flash[:success] = 'User created'
+            redirect "/users/#{user.id}"
+          end
+          format.json do
+            headers 'Content-Type' => 'application/json'
+            redirect "/users/#{user.id}", 201
+          end
+        end
+      else
+        respond_to do |format|
+          format.html do
+            flash.now[:danger] = 'Could not create the user'
+            locals[:entity] = user
+            locals[:identity] = identity
+            haml :"#{view_location}/new", locals: locals
+          end
+          format.json do
+            headers \
+              'Content-Type' => 'application/json',
+              'Content-Location' => "#{view_location}/new"
+            body ''
+            status 402
+          end
+        end
+      end
+    end
+
+    # Update
+    put '/:id' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :update
+
+      values = permitted_attributes(settings.model_class, :update)
+      roles  = values.delete('role_id')
+      entity.set values
+      if entity.valid? && entity.save
+        entity.remove_all_roles
+        roles.each { |role_id| entity.add_role(role_id) } if roles
+        entity.check_roles
+        log_action("#{dehumanized}_update".to_sym) if settings.track_actions
+        respond_to do |format|
+          format.html do
+            flash[:success] = "#{heading} Updated"
+            redirect "/users/#{entity.id}"
+          end
+          format.json do
+            content_type 'application/json'
+            headers 'Location' => "/users/#{entity.id}"
+            body entity.to_hash.to_json
+            status 200
+          end
+        end
+      else
+        haml :"#{view_location}/edit", locals: { entity: entity, title: heading(:edit) }
+      end
+    end
+
+    put '/:id/identity' do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :update
+
+      identity = entity.identity.first
+      identity_params = params['identity']
+
+      unless identity_params['password'] == identity_params['password_confirmation']
+        flash[:warning] = 'Password didn\'t match'
+        return redirect back
+      end
+
+      unless current_user.super_admin? || identity.authenticate(identity_params['old_password'])
+        log_action("#{dehumanized}_update_password_failed".to_sym) if settings.track_actions
+        flash[:danger] = 'Old Password didn\'t match'
+        return redirect back
+      end
+
+      values = permitted_attributes(Identity, :create)
+      identity.set values
+      if identity.valid? && identity.save
+        log_action("#{dehumanized}_update_password".to_sym) if settings.track_actions
+        flash[:success] = 'Password Updated'
+        redirect "#{base_path}/#{entity.id}"
+      elsif current_user.super_admin?
+        haml :"#{view_location}/display", locals: { entity: entity, identity: identity, title: heading }
+      else
+        haml :"#{view_location}/profile", locals: { entity: entity, identity: identity, title: heading }
+      end
+    end
+
+    # Delete
+    delete '/:id', provides: %i[html json] do |id|
+      entity = dataset[id.to_i]
+      halt 404 unless entity
+      authorize entity, :delete
+
+      entity.remove_all_identity
+      entity.remove_all_roles
+      entity.destroy
+
+      log_action("#{dehumanized}_delete".to_sym) if settings.track_actions
+      respond_to do |format|
+        format.html do
+          flash[:success] = "#{heading} Deleted"
+          redirect '/users'
+        end
+        format.json do
+          content_type 'application/json'
+          headers 'Location' => '/users'
+          status 204
+        end
+      end
+    end
+
+    # Profile
+    get '/profile' do
+      entity = current_user
+      authorize entity, :read
+
+      haml :"#{view_location}/profile", locals: { entity: entity, identity: entity.identity.first, title: 'My Account' }
+    end
+  end
+end

data/lib/ditty/db.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require 'sequel'
+require 'ditty/services/logger'
+
+# Delete DATABASE_URL from the environment, so it isn't accidently
+# passed to subprocesses.  DATABASE_URL may contain passwords.
+DB = Sequel.connect(ENV['RACK_ENV'] == 'production' ? ENV.delete('DATABASE_URL') : ENV['DATABASE_URL'])
+
+log_level = (ENV['SEQUEL_LOGGING_LEVEL'] || :debug).to_sym
+DB.sql_log_level = log_level
+DB.loggers << Ditty::Services::Logger.instance

data/lib/ditty/helpers/authentication.rb

@@ -0,0 +1,58 @@
+# frozen_string_literal: true
+
+module Ditty
+  module Helpers
+    module Authentication
+      def current_user
+        if env['rack.session'].nil? || env['rack.session']['user_id'].nil?
+          self.current_user = anonymous_user
+        end
+        @users ||= Hash.new { |h, k| h[k] = User[k] }
+        @users[env['rack.session']['user_id']]
+      end
+
+      def current_user=(user)
+        env['rack.session'] = {} if env['rack.session'].nil?
+        env['rack.session']['user_id'] = user.id if user
+      end
+
+      def authenticate
+        authenticated?
+      end
+
+      def authenticated?
+        current_user && !current_user.role?('anonymous')
+      end
+
+      def authenticate!
+        raise NotAuthenticated unless authenticated?
+        true
+      end
+
+      def logout
+        env['rack.session'].delete('user_id')
+      end
+
+      def check_basic(request)
+        auth = Rack::Auth::Basic::Request.new(request.env)
+        return false unless auth.provided? && auth.basic?
+
+        identity = ::Ditty::Identity.find(username: auth.credentials[0])
+        identity ||= ::Ditty::Identity.find(username: CGI.unescape(auth.credentials[0]))
+        return false unless identity
+        self.current_user = identity.user if identity.authenticate(auth.credentials[1])
+      end
+
+      def anonymous_user
+        return @anonymous_user if defined? @anonymous_user
+        @anonymous_user ||= begin
+          role = ::Ditty::Role.where(name: 'anonymous').first
+          ::Ditty::User.where(roles: role).first unless role.nil?
+        end
+      end
+    end
+
+    class NotAuthenticated < StandardError
+    end
+  end
+end

data/lib/ditty/helpers/component.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+require 'active_support'
+require 'active_support/inflector'
+
+module Ditty
+  module Helpers
+    module Component
+      include ActiveSupport::Inflector
+
+      def dataset
+        filtered(policy_scope(settings.model_class))
+      end
+
+      def list
+        params['count'] ||= 10
+        params['page'] ||= 1
+
+        dataset.select.paginate(params['page'].to_i, params['count'].to_i)
+      end
+
+      def heading(action = nil)
+        @headings ||= begin
+          heading = titleize(demodulize(settings.model_class))
+          h = Hash.new(heading)
+          h[:new] = "New #{heading}"
+          h[:list] = pluralize heading
+          h[:edit] = "Edit #{heading}"
+          h
+        end
+        @headings[action]
+      end
+
+      def dehumanized
+        settings.dehumanized || underscore(heading)
+      end
+
+      def base_path
+        settings.base_path || "#{settings.map_path}/#{dasherize(view_location)}"
+      end
+
+      def filters
+        self.class.const_defined?('FILTERS') ? self.class::FILTERS : []
+      end
+
+      def filtered(dataset)
+        filters.each do |filter|
+          next unless params[filter[:name].to_s]
+          filter[:field] ||= filter[:name]
+          dataset = apply_filter(dataset, filter)
+        end
+        dataset
+      end
+
+      def apply_filter(dataset, filter)
+        value = params[filter[:name].to_s]
+        return dataset if value == '' || value.nil?
+        value = value.send(filter[:modifier]) if filter[:modifier]
+        dataset.where(filter[:field].to_sym => value)
+      end
+    end
+  end
+end

data/lib/ditty/helpers/pundit.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require 'pundit'
+
+module Ditty
+  module Helpers
+    module Pundit
+      include ::Pundit
+
+      def authorize(record, query)
+        query = :"#{query}?" unless query[-1] == '?'
+        super
+      end
+
+      def permitted_attributes(record, action)
+        param_key = PolicyFinder.new(record).param_key
+        policy = policy(record)
+        method_name = if policy.respond_to?("permitted_attributes_for_#{action}")
+                        "permitted_attributes_for_#{action}"
+                      else
+                        'permitted_attributes'
+                      end
+
+        request.params.fetch(param_key, {}).select do |key, _value|
+          policy.public_send(method_name).include? key.to_sym
+        end
+      end
+
+      def pundit_user
+        current_user
+      end
+    end
+  end
+end

data/lib/ditty/helpers/views.rb

@@ -0,0 +1,50 @@
+# frozen_string_literal: true
+
+module Ditty
+  module Helpers
+    module Views
+      def form_control(name, model, opts = {})
+        label = opts.delete(:label) || name.to_s.titlecase
+        klass = opts.delete(:class) || 'form-control' unless opts[:type] == 'file'
+        group = opts.delete(:group) || model.class.to_s.demodulize.underscore
+        field = opts.delete(:field) || name
+        default = opts.delete(:default) || nil
+
+        attributes = { type: 'text', id: name, name: "#{group}[#{name}]", class: klass }.merge(opts)
+        haml :'partials/form_control', locals: {
+          model: model,
+          label: label,
+          attributes: attributes,
+          name: name,
+          group: group,
+          field: field,
+          default: default
+        }
+      end
+
+      def flash_messages(key = :flash)
+        return '' if flash(key).empty?
+        id = (key == :flash ? 'flash' : "flash_#{key}")
+        messages = flash(key).collect do |message|
+          "  <div class='alert alert-#{message[0]} alert-dismissable' role='alert'>#{message[1]}</div>\n"
+        end
+        "<div id='#{id}'>\n" + messages.join + '</div>'
+      end
+
+      def delete_form(entity, label = 'Delete')
+        locals = { delete_label: label, entity: entity }
+        haml :'partials/delete_form', locals: locals
+      end
+
+      def pagination(list, base_path)
+        locals = {
+          next_link: list.last_page? ? '#' : "#{base_path}?page=#{list.next_page}&count=#{list.page_size}",
+          prev_link: list.first_page? ? '#' : "#{base_path}?page=#{list.prev_page}&count=#{list.page_size}",
+          base_path: base_path,
+          list: list
+        }
+        haml :'partials/pager', locals: locals
+      end
+    end
+  end
+end

data/lib/ditty/helpers/wisper.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'wisper'
+
+module Ditty
+  module Helpers
+    module Wisper
+      def log_action(action, args = {})
+        args[:user] ||= current_user
+        broadcast(action, args)
+      end
+    end
+  end
+end

data/lib/ditty/listener.rb

@@ -0,0 +1,23 @@
+require 'wisper'
+
+module Ditty
+  class Listener
+    def initialize
+      @mutex = Mutex.new
+    end
+
+    def method_missing(method, *args)
+      vals = { action: method }
+      return unless args[0].is_a? Hash
+      vals[:user] = args[0][:user] if args[0] && args[0].key?(:user)
+      vals[:details] = args[0][:details] if args[0] && args[0].key?(:details)
+      @mutex.synchronize { AuditLog.create vals }
+    end
+
+    def respond_to_missing?(_method, _include_private = false)
+      true
+    end
+  end
+end
+
+Wisper.subscribe(Ditty::Listener.new)

data/lib/ditty/models/audit_log.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+require 'ditty/models/base'
+
+module Ditty
+  class AuditLog < Sequel::Model
+    include ::Ditty::Base
+    many_to_one :user
+
+    def validate
+      validates_presence [:action]
+    end
+  end
+end

data/lib/ditty/models/base.rb

@@ -0,0 +1,7 @@
+module Ditty
+  module Base
+    def for_json
+      values
+    end
+  end
+end

data/lib/ditty/models/identity.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require 'bcrypt'
+require 'ditty/models/base'
+require 'omniauth-identity'
+require 'active_support'
+require 'active_support/core_ext/object/blank'
+
+module Ditty
+  class Identity < Sequel::Model
+    include ::Ditty::Base
+    many_to_one :user
+
+    attr_accessor :password, :password_confirmation
+
+    # OmniAuth Related
+    include OmniAuth::Identity::Model
+
+    def self.locate(conditions)
+      where(conditions).first
+    end
+
+    def authenticate(unencrypted)
+      self if ::BCrypt::Password.new(crypted_password) == unencrypted
+    end
+
+    def persisted?
+      !new? && @destroyed != true
+    end
+
+    # Return whatever we want to pass to the omniauth hash here
+    def info
+      {
+        email: username
+      }
+    end
+
+    # Validation
+    def validate
+      validates_presence :username
+      unless username.blank?
+        validates_unique :username
+        validates_format(/\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :username)
+      end
+
+      if password_required
+        validates_presence :password
+        validates_presence :password_confirmation
+        validates_min_length 8, :password
+      end
+
+      errors.add(:password_confirmation, 'must match password') if !password.blank? && password != password_confirmation
+    end
+
+    # Callbacks
+    def before_save
+      encrypt_password unless password == '' || password.nil?
+    end
+
+    private
+
+    def encrypt_password
+      self.crypted_password = ::BCrypt::Password.create(password)
+    end
+
+    def password_required
+      crypted_password.blank? || !password.blank?
+    end
+  end
+end

data/lib/ditty/models/role.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+require 'ditty/models/base'
+
+module Ditty
+  class Role < Sequel::Model
+    include ::Ditty::Base
+
+    many_to_many :users
+
+    def validate
+      validates_presence [:name]
+      validates_unique [:name]
+    end
+  end
+end