ditty 0.7.1 → 0.10.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.env.test +2 -0
- data/.gitignore +3 -0
- data/.pryrc +2 -0
- data/.rubocop.yml +24 -8
- data/.travis.yml +4 -8
- data/CNAME +1 -0
- data/Dockerfile +18 -0
- data/Gemfile.ci +0 -15
- data/Rakefile +5 -4
- data/Readme.md +24 -2
- data/_config.yml +1 -0
- data/config.ru +4 -4
- data/ditty.gemspec +31 -20
- data/docs/CNAME +1 -0
- data/docs/_config.yml +1 -0
- data/docs/index.md +34 -0
- data/exe/ditty +2 -0
- data/lib/ditty.rb +30 -4
- data/lib/ditty/cli.rb +38 -5
- data/lib/ditty/components/ditty.rb +82 -0
- data/lib/ditty/controllers/application_controller.rb +267 -0
- data/lib/ditty/controllers/{audit_logs.rb → audit_logs_controller.rb} +5 -7
- data/lib/ditty/controllers/{auth.rb → auth_controller.rb} +56 -32
- data/lib/ditty/controllers/{component.rb → component_controller.rb} +35 -24
- data/lib/ditty/controllers/{main.rb → main_controller.rb} +7 -7
- data/lib/ditty/controllers/roles_controller.rb +23 -0
- data/lib/ditty/controllers/user_login_traits_controller.rb +46 -0
- data/lib/ditty/controllers/{users.rb → users_controller.rb} +17 -20
- data/lib/ditty/db.rb +9 -5
- data/lib/ditty/emails/base.rb +48 -34
- data/lib/ditty/generators/crud_generator.rb +114 -0
- data/lib/ditty/generators/migration_generator.rb +26 -0
- data/lib/ditty/generators/project_generator.rb +52 -0
- data/lib/ditty/helpers/authentication.rb +6 -5
- data/lib/ditty/helpers/component.rb +11 -2
- data/lib/ditty/helpers/pundit.rb +24 -8
- data/lib/ditty/helpers/response.rb +38 -15
- data/lib/ditty/helpers/views.rb +48 -6
- data/lib/ditty/listener.rb +44 -14
- data/lib/ditty/memcached.rb +8 -0
- data/lib/ditty/middleware/accept_extension.rb +4 -2
- data/lib/ditty/middleware/error_catchall.rb +4 -2
- data/lib/ditty/models/audit_log.rb +1 -0
- data/lib/ditty/models/base.rb +13 -0
- data/lib/ditty/models/identity.rb +10 -7
- data/lib/ditty/models/role.rb +2 -0
- data/lib/ditty/models/user.rb +40 -3
- data/lib/ditty/models/user_login_trait.rb +17 -0
- data/lib/ditty/policies/audit_log_policy.rb +6 -6
- data/lib/ditty/policies/role_policy.rb +3 -3
- data/lib/ditty/policies/user_login_trait_policy.rb +45 -0
- data/lib/ditty/policies/user_policy.rb +3 -3
- data/lib/ditty/rubocop.rb +3 -0
- data/lib/ditty/seed.rb +2 -0
- data/lib/ditty/services/authentication.rb +31 -15
- data/lib/ditty/services/email.rb +22 -12
- data/lib/ditty/services/logger.rb +30 -13
- data/lib/ditty/services/pagination_wrapper.rb +9 -5
- data/lib/ditty/services/settings.rb +19 -7
- data/lib/ditty/tasks/ditty.rake +127 -0
- data/lib/ditty/tasks/omniauth-ldap.rake +43 -0
- data/lib/ditty/templates/.gitignore +5 -0
- data/lib/ditty/templates/.rspec +2 -0
- data/lib/ditty/templates/.rubocop.yml +7 -0
- data/lib/ditty/templates/Rakefile +12 -0
- data/lib/ditty/templates/application.rb +12 -0
- data/lib/ditty/templates/config.ru +37 -0
- data/lib/ditty/templates/controller.rb.erb +64 -0
- data/lib/ditty/templates/env.example +4 -0
- data/lib/ditty/templates/lib/project.rb.erb +5 -0
- data/lib/ditty/templates/migration.rb.erb +7 -0
- data/lib/ditty/templates/model.rb.erb +26 -0
- data/lib/ditty/templates/pids/.empty_directory +0 -0
- data/lib/ditty/templates/policy.rb.erb +48 -0
- data/{public → lib/ditty/templates/public}/browserconfig.xml +0 -0
- data/lib/ditty/templates/public/css/sb-admin-2.min.css +10 -0
- data/lib/ditty/templates/public/css/styles.css +13 -0
- data/lib/ditty/templates/public/favicon.ico +0 -0
- data/{public → lib/ditty/templates/public}/images/apple-icon.png +0 -0
- data/{public → lib/ditty/templates/public}/images/favicon-16x16.png +0 -0
- data/{public → lib/ditty/templates/public}/images/favicon-32x32.png +0 -0
- data/{public → lib/ditty/templates/public}/images/launcher-icon-1x.png +0 -0
- data/{public → lib/ditty/templates/public}/images/launcher-icon-2x.png +0 -0
- data/{public → lib/ditty/templates/public}/images/launcher-icon-4x.png +0 -0
- data/{public → lib/ditty/templates/public}/images/mstile-150x150.png +0 -0
- data/{public → lib/ditty/templates/public}/images/safari-pinned-tab.svg +0 -0
- data/lib/ditty/templates/public/js/sb-admin-2.min.js +7 -0
- data/lib/ditty/templates/public/js/scripts.js +1 -0
- data/{public/manifest.json → lib/ditty/templates/public/manifest.json.erb} +2 -2
- data/lib/ditty/templates/settings.yml.erb +19 -0
- data/lib/ditty/templates/sidekiq.rb +18 -0
- data/lib/ditty/templates/sidekiq.yml +9 -0
- data/lib/ditty/templates/spec_helper.rb +43 -0
- data/lib/ditty/templates/type.rb.erb +21 -0
- data/lib/ditty/templates/views/display.haml.tt +20 -0
- data/lib/ditty/templates/views/edit.haml.tt +10 -0
- data/lib/ditty/templates/views/form.haml.tt +11 -0
- data/lib/ditty/templates/views/index.haml.tt +29 -0
- data/lib/ditty/templates/views/new.haml.tt +10 -0
- data/lib/ditty/version.rb +1 -1
- data/lib/rubocop/cop/ditty/call_services_directly.rb +42 -0
- data/migrate/20181209_add_user_login_traits.rb +16 -0
- data/migrate/20181209_extend_audit_log.rb +12 -0
- data/migrate/20190220_add_parent_id_to_roles.rb +9 -0
- data/spec/ditty/api_spec.rb +51 -0
- data/spec/ditty/controllers/roles_spec.rb +67 -0
- data/spec/ditty/controllers/user_login_traits_spec.rb +72 -0
- data/spec/ditty/controllers/users_spec.rb +72 -0
- data/spec/ditty/emails/base_spec.rb +76 -0
- data/spec/ditty/emails/forgot_password_spec.rb +20 -0
- data/spec/ditty/helpers/component_spec.rb +85 -0
- data/spec/ditty/models/user_spec.rb +36 -0
- data/spec/ditty/services/email_spec.rb +36 -0
- data/spec/ditty/services/logger_spec.rb +68 -0
- data/spec/ditty/services/settings_spec.rb +63 -0
- data/spec/ditty_spec.rb +9 -0
- data/spec/factories.rb +46 -0
- data/spec/fixtures/logger.yml +17 -0
- data/spec/fixtures/section.yml +3 -0
- data/spec/fixtures/settings.yml +8 -0
- data/spec/spec_helper.rb +51 -0
- data/spec/support/api_shared_examples.rb +250 -0
- data/spec/support/crud_shared_examples.rb +145 -0
- data/views/403.haml +2 -0
- data/views/404.haml +2 -4
- data/views/500.haml +11 -0
- data/views/audit_logs/index.haml +32 -28
- data/views/auth/forgot_password.haml +32 -16
- data/views/auth/identity.haml +14 -13
- data/views/auth/ldap.haml +17 -0
- data/views/auth/login.haml +23 -17
- data/views/auth/register.haml +20 -18
- data/views/auth/register_identity.haml +27 -12
- data/views/auth/reset_password.haml +36 -19
- data/views/blank.haml +43 -0
- data/views/emails/forgot_password.haml +1 -1
- data/views/emails/layouts/action.haml +10 -6
- data/views/emails/layouts/alert.haml +2 -1
- data/views/emails/layouts/billing.haml +2 -1
- data/views/embedded.haml +17 -11
- data/views/error.haml +8 -3
- data/views/index.haml +1 -1
- data/views/layout.haml +45 -30
- data/views/partials/actions.haml +15 -14
- data/views/partials/content_tag.haml +0 -0
- data/views/partials/delete_form.haml +1 -1
- data/views/partials/filter_control.haml +2 -2
- data/views/partials/footer.haml +13 -5
- data/views/partials/form_control.haml +30 -19
- data/views/partials/form_tag.haml +1 -1
- data/views/partials/navitems.haml +42 -0
- data/views/partials/notifications.haml +12 -8
- data/views/partials/pager.haml +44 -25
- data/views/partials/search.haml +15 -11
- data/views/partials/sidebar.haml +15 -37
- data/views/partials/sort_ui.haml +2 -0
- data/views/partials/timespan_selector.haml +64 -0
- data/views/partials/topbar.haml +53 -0
- data/views/partials/user_associations.haml +32 -0
- data/views/quick_start.haml +23 -0
- data/views/roles/display.haml +27 -6
- data/views/roles/edit.haml +3 -3
- data/views/roles/form.haml +1 -0
- data/views/roles/index.haml +23 -14
- data/views/roles/new.haml +2 -2
- data/views/user_login_traits/display.haml +32 -0
- data/views/user_login_traits/edit.haml +10 -0
- data/views/user_login_traits/form.haml +5 -0
- data/views/user_login_traits/index.haml +28 -0
- data/views/user_login_traits/new.haml +10 -0
- data/views/users/display.haml +15 -16
- data/views/users/edit.haml +3 -3
- data/views/users/form.haml +0 -0
- data/views/users/index.haml +31 -24
- data/views/users/login_traits.haml +25 -0
- data/views/users/new.haml +2 -2
- data/views/users/profile.haml +17 -15
- data/views/users/user.haml +1 -1
- metadata +314 -76
- data/lib/ditty/components/app.rb +0 -77
- data/lib/ditty/controllers/application.rb +0 -175
- data/lib/ditty/controllers/roles.rb +0 -16
- data/lib/ditty/rake_tasks.rb +0 -102
- data/views/partials/navbar.haml +0 -23
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Ditty
|
|
2
4
|
module Middleware
|
|
3
5
|
# Allow requests to be responded to in JSON if the URL has .json at the end.
|
|
@@ -6,7 +8,7 @@ module Ditty
|
|
|
6
8
|
class AcceptExtension
|
|
7
9
|
attr_reader :env, :regex, :content_type
|
|
8
10
|
|
|
9
|
-
def initialize(app, regex =
|
|
11
|
+
def initialize(app, regex = %r{\A(.*)\.json(/?)\Z}, content_type = 'application/json')
|
|
10
12
|
# @mutex = Mutex.new
|
|
11
13
|
@app = app
|
|
12
14
|
@regex = regex
|
|
@@ -17,7 +19,7 @@ module Ditty
|
|
|
17
19
|
@env = env
|
|
18
20
|
|
|
19
21
|
request = Rack::Request.new(env)
|
|
20
|
-
if request.path
|
|
22
|
+
if request.path&.match?(regex)
|
|
21
23
|
request.path_info = request.path_info.gsub(regex, '\1\2')
|
|
22
24
|
env = request.env
|
|
23
25
|
env['ACCEPT'] = content_type
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'ditty/services/logger'
|
|
2
4
|
|
|
3
5
|
module Ditty
|
|
@@ -14,8 +16,8 @@ module Ditty
|
|
|
14
16
|
begin
|
|
15
17
|
@app.call env
|
|
16
18
|
rescue StandardError => e
|
|
17
|
-
::Ditty::Services::Logger.
|
|
18
|
-
::Ditty::Services::Logger.
|
|
19
|
+
::Ditty::Services::Logger.error "Ditty Catchall: #{e.class}"
|
|
20
|
+
::Ditty::Services::Logger.error e
|
|
19
21
|
[500, {}, ['Unknown Error']]
|
|
20
22
|
end
|
|
21
23
|
end
|
data/lib/ditty/models/base.rb
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'digest/sha2'
|
|
1
4
|
require 'sequel'
|
|
2
5
|
|
|
3
6
|
module Ditty
|
|
@@ -5,5 +8,15 @@ module Ditty
|
|
|
5
8
|
def for_json
|
|
6
9
|
values
|
|
7
10
|
end
|
|
11
|
+
|
|
12
|
+
def display_id
|
|
13
|
+
self[:slug] || self[:guid] || self[:id]
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def etag
|
|
17
|
+
Digest::SHA2.hexdigest values.to_json
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
alias for_csv for_json
|
|
8
21
|
end
|
|
9
22
|
end
|
|
@@ -22,6 +22,7 @@ module Ditty
|
|
|
22
22
|
|
|
23
23
|
def authenticate(unencrypted)
|
|
24
24
|
return false if crypted_password.blank?
|
|
25
|
+
|
|
25
26
|
self if ::BCrypt::Password.new(crypted_password) == unencrypted
|
|
26
27
|
end
|
|
27
28
|
|
|
@@ -38,6 +39,7 @@ module Ditty
|
|
|
38
39
|
|
|
39
40
|
# Validation
|
|
40
41
|
def validate
|
|
42
|
+
super
|
|
41
43
|
validates_presence :username
|
|
42
44
|
unless username.blank?
|
|
43
45
|
validates_unique :username
|
|
@@ -53,7 +55,7 @@ module Ditty
|
|
|
53
55
|
# 1 Special Character
|
|
54
56
|
# 1 Number
|
|
55
57
|
# At least 8 characters
|
|
56
|
-
%r[\A(?=.*[A-Z])(?=.*[a-z])(?=.*[!@#&$*)(}{%^=_+|\\:";'
|
|
58
|
+
%r[\A(?=.*[A-Z])(?=.*[a-z])(?=.*[!@#&$*)(}{%^=_+|\\:";'<>,.\-/?\[\]])(?=.*[0-9]).{8,}\Z],
|
|
57
59
|
:password,
|
|
58
60
|
message: 'is not strong enough'
|
|
59
61
|
)
|
|
@@ -64,17 +66,18 @@ module Ditty
|
|
|
64
66
|
|
|
65
67
|
# Callbacks
|
|
66
68
|
def before_save
|
|
69
|
+
super
|
|
67
70
|
encrypt_password unless password == '' || password.nil?
|
|
68
71
|
end
|
|
69
72
|
|
|
70
73
|
private
|
|
71
74
|
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
+
def encrypt_password
|
|
76
|
+
self.crypted_password = ::BCrypt::Password.create(password)
|
|
77
|
+
end
|
|
75
78
|
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
+
def password_required
|
|
80
|
+
crypted_password.blank? || !password.blank?
|
|
81
|
+
end
|
|
79
82
|
end
|
|
80
83
|
end
|
data/lib/ditty/models/role.rb
CHANGED
data/lib/ditty/models/user.rb
CHANGED
|
@@ -13,14 +13,24 @@ module Ditty
|
|
|
13
13
|
one_to_many :identity
|
|
14
14
|
many_to_many :roles
|
|
15
15
|
one_to_many :audit_logs
|
|
16
|
+
one_to_many :user_login_traits
|
|
16
17
|
|
|
17
18
|
def role?(check)
|
|
18
19
|
@roles ||= Hash.new do |h, k|
|
|
19
|
-
|
|
20
|
+
role_or_descendant = roles.find do |role|
|
|
21
|
+
role.name == k || role.descendants.map(&:name).include?(k)
|
|
22
|
+
end
|
|
23
|
+
h[k] = !role_or_descendant.nil?
|
|
20
24
|
end
|
|
21
25
|
@roles[check]
|
|
22
26
|
end
|
|
23
27
|
|
|
28
|
+
def all_roles
|
|
29
|
+
roles.inject([]) do |memo, role|
|
|
30
|
+
memo + [role] + role.descendants
|
|
31
|
+
end.uniq
|
|
32
|
+
end
|
|
33
|
+
|
|
24
34
|
def method_missing(method_sym, *arguments, &block)
|
|
25
35
|
if respond_to_missing?(method_sym)
|
|
26
36
|
role?(method_sym[0..-2])
|
|
@@ -30,7 +40,9 @@ module Ditty
|
|
|
30
40
|
end
|
|
31
41
|
|
|
32
42
|
def respond_to_missing?(name, _include_private = false)
|
|
33
|
-
name[-1] == '?'
|
|
43
|
+
return true if name[-1] == '?'
|
|
44
|
+
|
|
45
|
+
super
|
|
34
46
|
end
|
|
35
47
|
|
|
36
48
|
def gravatar
|
|
@@ -39,25 +51,42 @@ module Ditty
|
|
|
39
51
|
end
|
|
40
52
|
|
|
41
53
|
def validate
|
|
54
|
+
super
|
|
42
55
|
validates_presence :email
|
|
43
56
|
return if email.blank?
|
|
57
|
+
|
|
44
58
|
validates_unique :email
|
|
45
59
|
validates_format(/\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :email)
|
|
46
60
|
end
|
|
47
61
|
|
|
62
|
+
def before_save
|
|
63
|
+
super
|
|
64
|
+
self.name = nil if name.blank?
|
|
65
|
+
self.surname = nil if surname.blank?
|
|
66
|
+
end
|
|
67
|
+
|
|
48
68
|
# Add the basic roles and identity
|
|
49
69
|
def after_create
|
|
70
|
+
super
|
|
50
71
|
check_roles
|
|
51
72
|
end
|
|
52
73
|
|
|
53
74
|
def check_roles
|
|
54
75
|
return if roles_dataset.first(name: 'anonymous')
|
|
55
76
|
return if roles_dataset.first(name: 'user')
|
|
77
|
+
|
|
56
78
|
add_role Role.find_or_create(name: 'user')
|
|
57
79
|
end
|
|
58
80
|
|
|
59
81
|
def username
|
|
60
|
-
identity_dataset.first
|
|
82
|
+
identity = identity_dataset.first
|
|
83
|
+
return identity.username if identity
|
|
84
|
+
|
|
85
|
+
email
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
def display_name
|
|
89
|
+
name || username
|
|
61
90
|
end
|
|
62
91
|
|
|
63
92
|
class << self
|
|
@@ -65,6 +94,14 @@ module Ditty
|
|
|
65
94
|
role = ::Ditty::Role.find_or_create(name: 'anonymous')
|
|
66
95
|
::Ditty::User.where(roles: role).first
|
|
67
96
|
end
|
|
97
|
+
|
|
98
|
+
def create_anonymous_user(email = 'anonymous@ditty.io')
|
|
99
|
+
return if anonymous_user
|
|
100
|
+
|
|
101
|
+
user = ::Ditty::User.find_or_create(email: email)
|
|
102
|
+
user.remove_role ::Ditty::Role.find_or_create(name: 'user')
|
|
103
|
+
user.add_role ::Ditty::Role.find_or_create(name: 'anonymous') unless user.role?('anonymous')
|
|
104
|
+
end
|
|
68
105
|
end
|
|
69
106
|
end
|
|
70
107
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ditty/models/base'
|
|
4
|
+
|
|
5
|
+
# Why not store this in Elasticsearch?
|
|
6
|
+
module Ditty
|
|
7
|
+
class UserLoginTrait < ::Sequel::Model
|
|
8
|
+
include ::Ditty::Base
|
|
9
|
+
|
|
10
|
+
many_to_one :user
|
|
11
|
+
|
|
12
|
+
def validate
|
|
13
|
+
super
|
|
14
|
+
validates_presence :user_id
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -5,23 +5,23 @@ require 'ditty/policies/application_policy'
|
|
|
5
5
|
module Ditty
|
|
6
6
|
class AuditLogPolicy < ApplicationPolicy
|
|
7
7
|
def create?
|
|
8
|
-
|
|
8
|
+
false
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def list?
|
|
12
|
-
|
|
12
|
+
user&.super_admin?
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def read?
|
|
16
|
-
|
|
16
|
+
user&.super_admin?
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def update?
|
|
20
|
-
|
|
20
|
+
false
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
def delete?
|
|
24
|
-
|
|
24
|
+
false
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
def permitted_attributes
|
|
@@ -30,7 +30,7 @@ module Ditty
|
|
|
30
30
|
|
|
31
31
|
class Scope < ApplicationPolicy::Scope
|
|
32
32
|
def resolve
|
|
33
|
-
if user
|
|
33
|
+
if user&.super_admin?
|
|
34
34
|
scope
|
|
35
35
|
else
|
|
36
36
|
scope.where(id: -1)
|
|
@@ -5,7 +5,7 @@ require 'ditty/policies/application_policy'
|
|
|
5
5
|
module Ditty
|
|
6
6
|
class RolePolicy < ApplicationPolicy
|
|
7
7
|
def create?
|
|
8
|
-
user
|
|
8
|
+
user&.super_admin?
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def list?
|
|
@@ -25,12 +25,12 @@ module Ditty
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
def permitted_attributes
|
|
28
|
-
[
|
|
28
|
+
%i[parent_id name]
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
class Scope < ApplicationPolicy::Scope
|
|
32
32
|
def resolve
|
|
33
|
-
if user
|
|
33
|
+
if user&.super_admin?
|
|
34
34
|
scope
|
|
35
35
|
else
|
|
36
36
|
scope.where(id: -1)
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ditty/policies/application_policy'
|
|
4
|
+
|
|
5
|
+
module Ditty
|
|
6
|
+
class UserLoginTraitPolicy < ApplicationPolicy
|
|
7
|
+
def create?
|
|
8
|
+
user&.super_admin?
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def list?
|
|
12
|
+
!!user
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def read?
|
|
16
|
+
user && (record.user_id == user.id || user.super_admin?)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def update?
|
|
20
|
+
user&.super_admin?
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def delete?
|
|
24
|
+
user&.super_admin?
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def permitted_attributes
|
|
28
|
+
attribs = %i[ip_address os browser]
|
|
29
|
+
attribs << :user_id if user.super_admin?
|
|
30
|
+
attribs
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
class Scope < ApplicationPolicy::Scope
|
|
34
|
+
def resolve
|
|
35
|
+
if user&.super_admin?
|
|
36
|
+
scope
|
|
37
|
+
elsif user
|
|
38
|
+
scope.where(user_id: user.id)
|
|
39
|
+
else
|
|
40
|
+
scope.where(id: -1)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
@@ -10,7 +10,7 @@ module Ditty
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def create?
|
|
13
|
-
user
|
|
13
|
+
user&.super_admin?
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def list?
|
|
@@ -26,7 +26,7 @@ module Ditty
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
def delete?
|
|
29
|
-
create?
|
|
29
|
+
create? && record&.super_admin? == false
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
def permitted_attributes
|
|
@@ -37,7 +37,7 @@ module Ditty
|
|
|
37
37
|
|
|
38
38
|
class Scope < ApplicationPolicy::Scope
|
|
39
39
|
def resolve
|
|
40
|
-
if user
|
|
40
|
+
if user&.super_admin?
|
|
41
41
|
scope
|
|
42
42
|
elsif user
|
|
43
43
|
scope.where(id: user.id)
|
data/lib/ditty/seed.rb
CHANGED
|
@@ -1,13 +1,15 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ditty/controllers/application_controller'
|
|
3
4
|
require 'ditty/services/settings'
|
|
4
5
|
require 'ditty/services/logger'
|
|
5
6
|
|
|
6
7
|
require 'omniauth'
|
|
7
|
-
OmniAuth.config.logger = Ditty::Services::Logger
|
|
8
|
-
OmniAuth.config.path_prefix = "#{Ditty::
|
|
8
|
+
OmniAuth.config.logger = ::Ditty::Services::Logger
|
|
9
|
+
OmniAuth.config.path_prefix = "#{::Ditty::ApplicationController.map_path}/auth"
|
|
9
10
|
OmniAuth.config.on_failure = proc { |env|
|
|
10
11
|
next [400, {}, []] if env['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'
|
|
12
|
+
|
|
11
13
|
OmniAuth::FailureEndpoint.new(env).redirect_to_failure
|
|
12
14
|
}
|
|
13
15
|
|
|
@@ -20,36 +22,50 @@ module Ditty
|
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
def providers
|
|
23
|
-
config.compact.keys
|
|
25
|
+
config.compact.keys.select { |e| config[e][:available] && config[e][:enabled] != false }
|
|
24
26
|
end
|
|
25
27
|
|
|
26
28
|
def setup
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
29
|
+
config.compact.each_key do |provider|
|
|
30
|
+
::Ditty::Services::Logger.debug "Loading authentication provider #{provider}"
|
|
31
|
+
req = if config.dig(provider, :require)
|
|
32
|
+
[config[provider][:require]]
|
|
33
|
+
else
|
|
34
|
+
["omniauth/#{provider}", "omniauth-#{provider}"]
|
|
35
|
+
end
|
|
36
|
+
req.find do |e|
|
|
37
|
+
require e
|
|
38
|
+
config[provider][:available] = true
|
|
39
|
+
true
|
|
30
40
|
rescue LoadError
|
|
31
|
-
|
|
41
|
+
::Ditty::Services::Logger.warn "Could not load authentication provider #{provider} using #{e}"
|
|
42
|
+
config[provider][:available] = false
|
|
43
|
+
false
|
|
32
44
|
end
|
|
33
45
|
end
|
|
34
46
|
end
|
|
35
47
|
|
|
36
48
|
def config
|
|
37
|
-
default.merge
|
|
49
|
+
@config ||= default.merge(::Ditty::Services::Settings.values(:authentication) || {})
|
|
38
50
|
end
|
|
39
51
|
|
|
40
52
|
def provides?(provider)
|
|
41
|
-
|
|
53
|
+
provider = provider.to_sym
|
|
54
|
+
providers.include?(provider) && config[provider][:available] && config.dig(provider, :enabled) != false
|
|
42
55
|
end
|
|
43
56
|
|
|
44
57
|
def default
|
|
58
|
+
require 'ditty/models/identity'
|
|
59
|
+
require 'ditty/controllers/auth_controller'
|
|
45
60
|
{
|
|
46
61
|
identity: {
|
|
62
|
+
available: true,
|
|
47
63
|
arguments: [
|
|
48
64
|
{
|
|
49
65
|
fields: [:username],
|
|
50
|
-
model: Ditty::Identity,
|
|
51
|
-
on_login: Ditty::
|
|
52
|
-
on_registration: Ditty::
|
|
66
|
+
model: ::Ditty::Identity,
|
|
67
|
+
on_login: ::Ditty::AuthController,
|
|
68
|
+
on_registration: ::Ditty::AuthController,
|
|
53
69
|
locate_conditions: ->(req) { { username: req['username'] } }
|
|
54
70
|
}
|
|
55
71
|
]
|
|
@@ -61,4 +77,4 @@ module Ditty
|
|
|
61
77
|
end
|
|
62
78
|
end
|
|
63
79
|
|
|
64
|
-
Ditty::Services::Authentication.setup
|
|
80
|
+
::Ditty::Services::Authentication.setup
|