ditty 0.7.1 → 0.10.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.env.test +2 -0
- data/.gitignore +3 -0
- data/.pryrc +2 -0
- data/.rubocop.yml +24 -8
- data/.travis.yml +4 -8
- data/CNAME +1 -0
- data/Dockerfile +18 -0
- data/Gemfile.ci +0 -15
- data/Rakefile +5 -4
- data/Readme.md +24 -2
- data/_config.yml +1 -0
- data/config.ru +4 -4
- data/ditty.gemspec +31 -20
- data/docs/CNAME +1 -0
- data/docs/_config.yml +1 -0
- data/docs/index.md +34 -0
- data/exe/ditty +2 -0
- data/lib/ditty.rb +30 -4
- data/lib/ditty/cli.rb +38 -5
- data/lib/ditty/components/ditty.rb +82 -0
- data/lib/ditty/controllers/application_controller.rb +267 -0
- data/lib/ditty/controllers/{audit_logs.rb → audit_logs_controller.rb} +5 -7
- data/lib/ditty/controllers/{auth.rb → auth_controller.rb} +56 -32
- data/lib/ditty/controllers/{component.rb → component_controller.rb} +35 -24
- data/lib/ditty/controllers/{main.rb → main_controller.rb} +7 -7
- data/lib/ditty/controllers/roles_controller.rb +23 -0
- data/lib/ditty/controllers/user_login_traits_controller.rb +46 -0
- data/lib/ditty/controllers/{users.rb → users_controller.rb} +17 -20
- data/lib/ditty/db.rb +9 -5
- data/lib/ditty/emails/base.rb +48 -34
- data/lib/ditty/generators/crud_generator.rb +114 -0
- data/lib/ditty/generators/migration_generator.rb +26 -0
- data/lib/ditty/generators/project_generator.rb +52 -0
- data/lib/ditty/helpers/authentication.rb +6 -5
- data/lib/ditty/helpers/component.rb +11 -2
- data/lib/ditty/helpers/pundit.rb +24 -8
- data/lib/ditty/helpers/response.rb +38 -15
- data/lib/ditty/helpers/views.rb +48 -6
- data/lib/ditty/listener.rb +44 -14
- data/lib/ditty/memcached.rb +8 -0
- data/lib/ditty/middleware/accept_extension.rb +4 -2
- data/lib/ditty/middleware/error_catchall.rb +4 -2
- data/lib/ditty/models/audit_log.rb +1 -0
- data/lib/ditty/models/base.rb +13 -0
- data/lib/ditty/models/identity.rb +10 -7
- data/lib/ditty/models/role.rb +2 -0
- data/lib/ditty/models/user.rb +40 -3
- data/lib/ditty/models/user_login_trait.rb +17 -0
- data/lib/ditty/policies/audit_log_policy.rb +6 -6
- data/lib/ditty/policies/role_policy.rb +3 -3
- data/lib/ditty/policies/user_login_trait_policy.rb +45 -0
- data/lib/ditty/policies/user_policy.rb +3 -3
- data/lib/ditty/rubocop.rb +3 -0
- data/lib/ditty/seed.rb +2 -0
- data/lib/ditty/services/authentication.rb +31 -15
- data/lib/ditty/services/email.rb +22 -12
- data/lib/ditty/services/logger.rb +30 -13
- data/lib/ditty/services/pagination_wrapper.rb +9 -5
- data/lib/ditty/services/settings.rb +19 -7
- data/lib/ditty/tasks/ditty.rake +127 -0
- data/lib/ditty/tasks/omniauth-ldap.rake +43 -0
- data/lib/ditty/templates/.gitignore +5 -0
- data/lib/ditty/templates/.rspec +2 -0
- data/lib/ditty/templates/.rubocop.yml +7 -0
- data/lib/ditty/templates/Rakefile +12 -0
- data/lib/ditty/templates/application.rb +12 -0
- data/lib/ditty/templates/config.ru +37 -0
- data/lib/ditty/templates/controller.rb.erb +64 -0
- data/lib/ditty/templates/env.example +4 -0
- data/lib/ditty/templates/lib/project.rb.erb +5 -0
- data/lib/ditty/templates/migration.rb.erb +7 -0
- data/lib/ditty/templates/model.rb.erb +26 -0
- data/lib/ditty/templates/pids/.empty_directory +0 -0
- data/lib/ditty/templates/policy.rb.erb +48 -0
- data/{public → lib/ditty/templates/public}/browserconfig.xml +0 -0
- data/lib/ditty/templates/public/css/sb-admin-2.min.css +10 -0
- data/lib/ditty/templates/public/css/styles.css +13 -0
- data/lib/ditty/templates/public/favicon.ico +0 -0
- data/{public → lib/ditty/templates/public}/images/apple-icon.png +0 -0
- data/{public → lib/ditty/templates/public}/images/favicon-16x16.png +0 -0
- data/{public → lib/ditty/templates/public}/images/favicon-32x32.png +0 -0
- data/{public → lib/ditty/templates/public}/images/launcher-icon-1x.png +0 -0
- data/{public → lib/ditty/templates/public}/images/launcher-icon-2x.png +0 -0
- data/{public → lib/ditty/templates/public}/images/launcher-icon-4x.png +0 -0
- data/{public → lib/ditty/templates/public}/images/mstile-150x150.png +0 -0
- data/{public → lib/ditty/templates/public}/images/safari-pinned-tab.svg +0 -0
- data/lib/ditty/templates/public/js/sb-admin-2.min.js +7 -0
- data/lib/ditty/templates/public/js/scripts.js +1 -0
- data/{public/manifest.json → lib/ditty/templates/public/manifest.json.erb} +2 -2
- data/lib/ditty/templates/settings.yml.erb +19 -0
- data/lib/ditty/templates/sidekiq.rb +18 -0
- data/lib/ditty/templates/sidekiq.yml +9 -0
- data/lib/ditty/templates/spec_helper.rb +43 -0
- data/lib/ditty/templates/type.rb.erb +21 -0
- data/lib/ditty/templates/views/display.haml.tt +20 -0
- data/lib/ditty/templates/views/edit.haml.tt +10 -0
- data/lib/ditty/templates/views/form.haml.tt +11 -0
- data/lib/ditty/templates/views/index.haml.tt +29 -0
- data/lib/ditty/templates/views/new.haml.tt +10 -0
- data/lib/ditty/version.rb +1 -1
- data/lib/rubocop/cop/ditty/call_services_directly.rb +42 -0
- data/migrate/20181209_add_user_login_traits.rb +16 -0
- data/migrate/20181209_extend_audit_log.rb +12 -0
- data/migrate/20190220_add_parent_id_to_roles.rb +9 -0
- data/spec/ditty/api_spec.rb +51 -0
- data/spec/ditty/controllers/roles_spec.rb +67 -0
- data/spec/ditty/controllers/user_login_traits_spec.rb +72 -0
- data/spec/ditty/controllers/users_spec.rb +72 -0
- data/spec/ditty/emails/base_spec.rb +76 -0
- data/spec/ditty/emails/forgot_password_spec.rb +20 -0
- data/spec/ditty/helpers/component_spec.rb +85 -0
- data/spec/ditty/models/user_spec.rb +36 -0
- data/spec/ditty/services/email_spec.rb +36 -0
- data/spec/ditty/services/logger_spec.rb +68 -0
- data/spec/ditty/services/settings_spec.rb +63 -0
- data/spec/ditty_spec.rb +9 -0
- data/spec/factories.rb +46 -0
- data/spec/fixtures/logger.yml +17 -0
- data/spec/fixtures/section.yml +3 -0
- data/spec/fixtures/settings.yml +8 -0
- data/spec/spec_helper.rb +51 -0
- data/spec/support/api_shared_examples.rb +250 -0
- data/spec/support/crud_shared_examples.rb +145 -0
- data/views/403.haml +2 -0
- data/views/404.haml +2 -4
- data/views/500.haml +11 -0
- data/views/audit_logs/index.haml +32 -28
- data/views/auth/forgot_password.haml +32 -16
- data/views/auth/identity.haml +14 -13
- data/views/auth/ldap.haml +17 -0
- data/views/auth/login.haml +23 -17
- data/views/auth/register.haml +20 -18
- data/views/auth/register_identity.haml +27 -12
- data/views/auth/reset_password.haml +36 -19
- data/views/blank.haml +43 -0
- data/views/emails/forgot_password.haml +1 -1
- data/views/emails/layouts/action.haml +10 -6
- data/views/emails/layouts/alert.haml +2 -1
- data/views/emails/layouts/billing.haml +2 -1
- data/views/embedded.haml +17 -11
- data/views/error.haml +8 -3
- data/views/index.haml +1 -1
- data/views/layout.haml +45 -30
- data/views/partials/actions.haml +15 -14
- data/views/partials/content_tag.haml +0 -0
- data/views/partials/delete_form.haml +1 -1
- data/views/partials/filter_control.haml +2 -2
- data/views/partials/footer.haml +13 -5
- data/views/partials/form_control.haml +30 -19
- data/views/partials/form_tag.haml +1 -1
- data/views/partials/navitems.haml +42 -0
- data/views/partials/notifications.haml +12 -8
- data/views/partials/pager.haml +44 -25
- data/views/partials/search.haml +15 -11
- data/views/partials/sidebar.haml +15 -37
- data/views/partials/sort_ui.haml +2 -0
- data/views/partials/timespan_selector.haml +64 -0
- data/views/partials/topbar.haml +53 -0
- data/views/partials/user_associations.haml +32 -0
- data/views/quick_start.haml +23 -0
- data/views/roles/display.haml +27 -6
- data/views/roles/edit.haml +3 -3
- data/views/roles/form.haml +1 -0
- data/views/roles/index.haml +23 -14
- data/views/roles/new.haml +2 -2
- data/views/user_login_traits/display.haml +32 -0
- data/views/user_login_traits/edit.haml +10 -0
- data/views/user_login_traits/form.haml +5 -0
- data/views/user_login_traits/index.haml +28 -0
- data/views/user_login_traits/new.haml +10 -0
- data/views/users/display.haml +15 -16
- data/views/users/edit.haml +3 -3
- data/views/users/form.haml +0 -0
- data/views/users/index.haml +31 -24
- data/views/users/login_traits.haml +25 -0
- data/views/users/new.haml +2 -2
- data/views/users/profile.haml +17 -15
- data/views/users/user.haml +1 -1
- metadata +314 -76
- data/lib/ditty/components/app.rb +0 -77
- data/lib/ditty/controllers/application.rb +0 -175
- data/lib/ditty/controllers/roles.rb +0 -16
- data/lib/ditty/rake_tasks.rb +0 -102
- data/views/partials/navbar.haml +0 -23
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
module Ditty
|
|
2
4
|
module Middleware
|
|
3
5
|
# Allow requests to be responded to in JSON if the URL has .json at the end.
|
|
@@ -6,7 +8,7 @@ module Ditty
|
|
|
6
8
|
class AcceptExtension
|
|
7
9
|
attr_reader :env, :regex, :content_type
|
|
8
10
|
|
|
9
|
-
def initialize(app, regex =
|
|
11
|
+
def initialize(app, regex = %r{\A(.*)\.json(/?)\Z}, content_type = 'application/json')
|
|
10
12
|
# @mutex = Mutex.new
|
|
11
13
|
@app = app
|
|
12
14
|
@regex = regex
|
|
@@ -17,7 +19,7 @@ module Ditty
|
|
|
17
19
|
@env = env
|
|
18
20
|
|
|
19
21
|
request = Rack::Request.new(env)
|
|
20
|
-
if request.path
|
|
22
|
+
if request.path&.match?(regex)
|
|
21
23
|
request.path_info = request.path_info.gsub(regex, '\1\2')
|
|
22
24
|
env = request.env
|
|
23
25
|
env['ACCEPT'] = content_type
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
1
3
|
require 'ditty/services/logger'
|
|
2
4
|
|
|
3
5
|
module Ditty
|
|
@@ -14,8 +16,8 @@ module Ditty
|
|
|
14
16
|
begin
|
|
15
17
|
@app.call env
|
|
16
18
|
rescue StandardError => e
|
|
17
|
-
::Ditty::Services::Logger.
|
|
18
|
-
::Ditty::Services::Logger.
|
|
19
|
+
::Ditty::Services::Logger.error "Ditty Catchall: #{e.class}"
|
|
20
|
+
::Ditty::Services::Logger.error e
|
|
19
21
|
[500, {}, ['Unknown Error']]
|
|
20
22
|
end
|
|
21
23
|
end
|
data/lib/ditty/models/base.rb
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'digest/sha2'
|
|
1
4
|
require 'sequel'
|
|
2
5
|
|
|
3
6
|
module Ditty
|
|
@@ -5,5 +8,15 @@ module Ditty
|
|
|
5
8
|
def for_json
|
|
6
9
|
values
|
|
7
10
|
end
|
|
11
|
+
|
|
12
|
+
def display_id
|
|
13
|
+
self[:slug] || self[:guid] || self[:id]
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def etag
|
|
17
|
+
Digest::SHA2.hexdigest values.to_json
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
alias for_csv for_json
|
|
8
21
|
end
|
|
9
22
|
end
|
|
@@ -22,6 +22,7 @@ module Ditty
|
|
|
22
22
|
|
|
23
23
|
def authenticate(unencrypted)
|
|
24
24
|
return false if crypted_password.blank?
|
|
25
|
+
|
|
25
26
|
self if ::BCrypt::Password.new(crypted_password) == unencrypted
|
|
26
27
|
end
|
|
27
28
|
|
|
@@ -38,6 +39,7 @@ module Ditty
|
|
|
38
39
|
|
|
39
40
|
# Validation
|
|
40
41
|
def validate
|
|
42
|
+
super
|
|
41
43
|
validates_presence :username
|
|
42
44
|
unless username.blank?
|
|
43
45
|
validates_unique :username
|
|
@@ -53,7 +55,7 @@ module Ditty
|
|
|
53
55
|
# 1 Special Character
|
|
54
56
|
# 1 Number
|
|
55
57
|
# At least 8 characters
|
|
56
|
-
%r[\A(?=.*[A-Z])(?=.*[a-z])(?=.*[!@#&$*)(}{%^=_+|\\:";'
|
|
58
|
+
%r[\A(?=.*[A-Z])(?=.*[a-z])(?=.*[!@#&$*)(}{%^=_+|\\:";'<>,.\-/?\[\]])(?=.*[0-9]).{8,}\Z],
|
|
57
59
|
:password,
|
|
58
60
|
message: 'is not strong enough'
|
|
59
61
|
)
|
|
@@ -64,17 +66,18 @@ module Ditty
|
|
|
64
66
|
|
|
65
67
|
# Callbacks
|
|
66
68
|
def before_save
|
|
69
|
+
super
|
|
67
70
|
encrypt_password unless password == '' || password.nil?
|
|
68
71
|
end
|
|
69
72
|
|
|
70
73
|
private
|
|
71
74
|
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
+
def encrypt_password
|
|
76
|
+
self.crypted_password = ::BCrypt::Password.create(password)
|
|
77
|
+
end
|
|
75
78
|
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
+
def password_required
|
|
80
|
+
crypted_password.blank? || !password.blank?
|
|
81
|
+
end
|
|
79
82
|
end
|
|
80
83
|
end
|
data/lib/ditty/models/role.rb
CHANGED
data/lib/ditty/models/user.rb
CHANGED
|
@@ -13,14 +13,24 @@ module Ditty
|
|
|
13
13
|
one_to_many :identity
|
|
14
14
|
many_to_many :roles
|
|
15
15
|
one_to_many :audit_logs
|
|
16
|
+
one_to_many :user_login_traits
|
|
16
17
|
|
|
17
18
|
def role?(check)
|
|
18
19
|
@roles ||= Hash.new do |h, k|
|
|
19
|
-
|
|
20
|
+
role_or_descendant = roles.find do |role|
|
|
21
|
+
role.name == k || role.descendants.map(&:name).include?(k)
|
|
22
|
+
end
|
|
23
|
+
h[k] = !role_or_descendant.nil?
|
|
20
24
|
end
|
|
21
25
|
@roles[check]
|
|
22
26
|
end
|
|
23
27
|
|
|
28
|
+
def all_roles
|
|
29
|
+
roles.inject([]) do |memo, role|
|
|
30
|
+
memo + [role] + role.descendants
|
|
31
|
+
end.uniq
|
|
32
|
+
end
|
|
33
|
+
|
|
24
34
|
def method_missing(method_sym, *arguments, &block)
|
|
25
35
|
if respond_to_missing?(method_sym)
|
|
26
36
|
role?(method_sym[0..-2])
|
|
@@ -30,7 +40,9 @@ module Ditty
|
|
|
30
40
|
end
|
|
31
41
|
|
|
32
42
|
def respond_to_missing?(name, _include_private = false)
|
|
33
|
-
name[-1] == '?'
|
|
43
|
+
return true if name[-1] == '?'
|
|
44
|
+
|
|
45
|
+
super
|
|
34
46
|
end
|
|
35
47
|
|
|
36
48
|
def gravatar
|
|
@@ -39,25 +51,42 @@ module Ditty
|
|
|
39
51
|
end
|
|
40
52
|
|
|
41
53
|
def validate
|
|
54
|
+
super
|
|
42
55
|
validates_presence :email
|
|
43
56
|
return if email.blank?
|
|
57
|
+
|
|
44
58
|
validates_unique :email
|
|
45
59
|
validates_format(/\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i, :email)
|
|
46
60
|
end
|
|
47
61
|
|
|
62
|
+
def before_save
|
|
63
|
+
super
|
|
64
|
+
self.name = nil if name.blank?
|
|
65
|
+
self.surname = nil if surname.blank?
|
|
66
|
+
end
|
|
67
|
+
|
|
48
68
|
# Add the basic roles and identity
|
|
49
69
|
def after_create
|
|
70
|
+
super
|
|
50
71
|
check_roles
|
|
51
72
|
end
|
|
52
73
|
|
|
53
74
|
def check_roles
|
|
54
75
|
return if roles_dataset.first(name: 'anonymous')
|
|
55
76
|
return if roles_dataset.first(name: 'user')
|
|
77
|
+
|
|
56
78
|
add_role Role.find_or_create(name: 'user')
|
|
57
79
|
end
|
|
58
80
|
|
|
59
81
|
def username
|
|
60
|
-
identity_dataset.first
|
|
82
|
+
identity = identity_dataset.first
|
|
83
|
+
return identity.username if identity
|
|
84
|
+
|
|
85
|
+
email
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
def display_name
|
|
89
|
+
name || username
|
|
61
90
|
end
|
|
62
91
|
|
|
63
92
|
class << self
|
|
@@ -65,6 +94,14 @@ module Ditty
|
|
|
65
94
|
role = ::Ditty::Role.find_or_create(name: 'anonymous')
|
|
66
95
|
::Ditty::User.where(roles: role).first
|
|
67
96
|
end
|
|
97
|
+
|
|
98
|
+
def create_anonymous_user(email = 'anonymous@ditty.io')
|
|
99
|
+
return if anonymous_user
|
|
100
|
+
|
|
101
|
+
user = ::Ditty::User.find_or_create(email: email)
|
|
102
|
+
user.remove_role ::Ditty::Role.find_or_create(name: 'user')
|
|
103
|
+
user.add_role ::Ditty::Role.find_or_create(name: 'anonymous') unless user.role?('anonymous')
|
|
104
|
+
end
|
|
68
105
|
end
|
|
69
106
|
end
|
|
70
107
|
end
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ditty/models/base'
|
|
4
|
+
|
|
5
|
+
# Why not store this in Elasticsearch?
|
|
6
|
+
module Ditty
|
|
7
|
+
class UserLoginTrait < ::Sequel::Model
|
|
8
|
+
include ::Ditty::Base
|
|
9
|
+
|
|
10
|
+
many_to_one :user
|
|
11
|
+
|
|
12
|
+
def validate
|
|
13
|
+
super
|
|
14
|
+
validates_presence :user_id
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -5,23 +5,23 @@ require 'ditty/policies/application_policy'
|
|
|
5
5
|
module Ditty
|
|
6
6
|
class AuditLogPolicy < ApplicationPolicy
|
|
7
7
|
def create?
|
|
8
|
-
|
|
8
|
+
false
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def list?
|
|
12
|
-
|
|
12
|
+
user&.super_admin?
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
def read?
|
|
16
|
-
|
|
16
|
+
user&.super_admin?
|
|
17
17
|
end
|
|
18
18
|
|
|
19
19
|
def update?
|
|
20
|
-
|
|
20
|
+
false
|
|
21
21
|
end
|
|
22
22
|
|
|
23
23
|
def delete?
|
|
24
|
-
|
|
24
|
+
false
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
def permitted_attributes
|
|
@@ -30,7 +30,7 @@ module Ditty
|
|
|
30
30
|
|
|
31
31
|
class Scope < ApplicationPolicy::Scope
|
|
32
32
|
def resolve
|
|
33
|
-
if user
|
|
33
|
+
if user&.super_admin?
|
|
34
34
|
scope
|
|
35
35
|
else
|
|
36
36
|
scope.where(id: -1)
|
|
@@ -5,7 +5,7 @@ require 'ditty/policies/application_policy'
|
|
|
5
5
|
module Ditty
|
|
6
6
|
class RolePolicy < ApplicationPolicy
|
|
7
7
|
def create?
|
|
8
|
-
user
|
|
8
|
+
user&.super_admin?
|
|
9
9
|
end
|
|
10
10
|
|
|
11
11
|
def list?
|
|
@@ -25,12 +25,12 @@ module Ditty
|
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
def permitted_attributes
|
|
28
|
-
[
|
|
28
|
+
%i[parent_id name]
|
|
29
29
|
end
|
|
30
30
|
|
|
31
31
|
class Scope < ApplicationPolicy::Scope
|
|
32
32
|
def resolve
|
|
33
|
-
if user
|
|
33
|
+
if user&.super_admin?
|
|
34
34
|
scope
|
|
35
35
|
else
|
|
36
36
|
scope.where(id: -1)
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ditty/policies/application_policy'
|
|
4
|
+
|
|
5
|
+
module Ditty
|
|
6
|
+
class UserLoginTraitPolicy < ApplicationPolicy
|
|
7
|
+
def create?
|
|
8
|
+
user&.super_admin?
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def list?
|
|
12
|
+
!!user
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def read?
|
|
16
|
+
user && (record.user_id == user.id || user.super_admin?)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def update?
|
|
20
|
+
user&.super_admin?
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def delete?
|
|
24
|
+
user&.super_admin?
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
def permitted_attributes
|
|
28
|
+
attribs = %i[ip_address os browser]
|
|
29
|
+
attribs << :user_id if user.super_admin?
|
|
30
|
+
attribs
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
class Scope < ApplicationPolicy::Scope
|
|
34
|
+
def resolve
|
|
35
|
+
if user&.super_admin?
|
|
36
|
+
scope
|
|
37
|
+
elsif user
|
|
38
|
+
scope.where(user_id: user.id)
|
|
39
|
+
else
|
|
40
|
+
scope.where(id: -1)
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
@@ -10,7 +10,7 @@ module Ditty
|
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
def create?
|
|
13
|
-
user
|
|
13
|
+
user&.super_admin?
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def list?
|
|
@@ -26,7 +26,7 @@ module Ditty
|
|
|
26
26
|
end
|
|
27
27
|
|
|
28
28
|
def delete?
|
|
29
|
-
create?
|
|
29
|
+
create? && record&.super_admin? == false
|
|
30
30
|
end
|
|
31
31
|
|
|
32
32
|
def permitted_attributes
|
|
@@ -37,7 +37,7 @@ module Ditty
|
|
|
37
37
|
|
|
38
38
|
class Scope < ApplicationPolicy::Scope
|
|
39
39
|
def resolve
|
|
40
|
-
if user
|
|
40
|
+
if user&.super_admin?
|
|
41
41
|
scope
|
|
42
42
|
elsif user
|
|
43
43
|
scope.where(id: user.id)
|
data/lib/ditty/seed.rb
CHANGED
|
@@ -1,13 +1,15 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'ditty/controllers/application_controller'
|
|
3
4
|
require 'ditty/services/settings'
|
|
4
5
|
require 'ditty/services/logger'
|
|
5
6
|
|
|
6
7
|
require 'omniauth'
|
|
7
|
-
OmniAuth.config.logger = Ditty::Services::Logger
|
|
8
|
-
OmniAuth.config.path_prefix = "#{Ditty::
|
|
8
|
+
OmniAuth.config.logger = ::Ditty::Services::Logger
|
|
9
|
+
OmniAuth.config.path_prefix = "#{::Ditty::ApplicationController.map_path}/auth"
|
|
9
10
|
OmniAuth.config.on_failure = proc { |env|
|
|
10
11
|
next [400, {}, []] if env['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest'
|
|
12
|
+
|
|
11
13
|
OmniAuth::FailureEndpoint.new(env).redirect_to_failure
|
|
12
14
|
}
|
|
13
15
|
|
|
@@ -20,36 +22,50 @@ module Ditty
|
|
|
20
22
|
end
|
|
21
23
|
|
|
22
24
|
def providers
|
|
23
|
-
config.compact.keys
|
|
25
|
+
config.compact.keys.select { |e| config[e][:available] && config[e][:enabled] != false }
|
|
24
26
|
end
|
|
25
27
|
|
|
26
28
|
def setup
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
29
|
+
config.compact.each_key do |provider|
|
|
30
|
+
::Ditty::Services::Logger.debug "Loading authentication provider #{provider}"
|
|
31
|
+
req = if config.dig(provider, :require)
|
|
32
|
+
[config[provider][:require]]
|
|
33
|
+
else
|
|
34
|
+
["omniauth/#{provider}", "omniauth-#{provider}"]
|
|
35
|
+
end
|
|
36
|
+
req.find do |e|
|
|
37
|
+
require e
|
|
38
|
+
config[provider][:available] = true
|
|
39
|
+
true
|
|
30
40
|
rescue LoadError
|
|
31
|
-
|
|
41
|
+
::Ditty::Services::Logger.warn "Could not load authentication provider #{provider} using #{e}"
|
|
42
|
+
config[provider][:available] = false
|
|
43
|
+
false
|
|
32
44
|
end
|
|
33
45
|
end
|
|
34
46
|
end
|
|
35
47
|
|
|
36
48
|
def config
|
|
37
|
-
default.merge
|
|
49
|
+
@config ||= default.merge(::Ditty::Services::Settings.values(:authentication) || {})
|
|
38
50
|
end
|
|
39
51
|
|
|
40
52
|
def provides?(provider)
|
|
41
|
-
|
|
53
|
+
provider = provider.to_sym
|
|
54
|
+
providers.include?(provider) && config[provider][:available] && config.dig(provider, :enabled) != false
|
|
42
55
|
end
|
|
43
56
|
|
|
44
57
|
def default
|
|
58
|
+
require 'ditty/models/identity'
|
|
59
|
+
require 'ditty/controllers/auth_controller'
|
|
45
60
|
{
|
|
46
61
|
identity: {
|
|
62
|
+
available: true,
|
|
47
63
|
arguments: [
|
|
48
64
|
{
|
|
49
65
|
fields: [:username],
|
|
50
|
-
model: Ditty::Identity,
|
|
51
|
-
on_login: Ditty::
|
|
52
|
-
on_registration: Ditty::
|
|
66
|
+
model: ::Ditty::Identity,
|
|
67
|
+
on_login: ::Ditty::AuthController,
|
|
68
|
+
on_registration: ::Ditty::AuthController,
|
|
53
69
|
locate_conditions: ->(req) { { username: req['username'] } }
|
|
54
70
|
}
|
|
55
71
|
]
|
|
@@ -61,4 +77,4 @@ module Ditty
|
|
|
61
77
|
end
|
|
62
78
|
end
|
|
63
79
|
|
|
64
|
-
Ditty::Services::Authentication.setup
|
|
80
|
+
::Ditty::Services::Authentication.setup
|