ditty 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 671a4f94844586df6b6f93e6b52555b4676c5571
-  data.tar.gz: ae067afab7015874c78e682a1ca1cd354860473d
+  metadata.gz: 5c1aeccd30ff2045fdc743913e43590e7cc5ca03
+  data.tar.gz: 5c85c18dfd395210a4c64a11b9d801d8afaf2360
 SHA512:
-  metadata.gz: 2c55cc8ad699496e26a57ed594da2e5779da9208e172119e8dd9df142ff8ed963ea9f06969846990e10ab3303264bc7038c1586d3a09b232723c6d47d0a9e7e1
-  data.tar.gz: 4d7b7e184449f4bac9287ac6588c5b30162617a68e76bf54524a7ad12671c996296fc2bd26c2c3a0ca8f2ca06e9ab7a222ed06f2c60e37c719a550af77b1dd15
+  metadata.gz: 9152764039916756b7c355de8466597f83f64921122e969f5dec13a5376c3310ab4d2c5e95576abf583bc86aa6a0ad0e1a60a7c3fdb0a8cde3b5946523d3fd22
+  data.tar.gz: c1df6170f906e47a460abb59a52ee4054ae5434daa926c6da8062cecda9e1554227efdfb936fd5204a848436cb08af55d1a7bcffa5b8f05870c8fba7fb57513d

data/ditty.gemspec

@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'timecop'
 
   spec.add_dependency 'activesupport', '>= 3'
-  spec.add_dependency 'bcrypt', '~> 3.0'
+  spec.add_dependency 'bcrypt', '~> 3.1'
   spec.add_dependency 'haml', '~> 5.0'
   spec.add_dependency 'logger', '~> 1.0'
   spec.add_dependency 'omniauth', '~> 1.0'

data/lib/ditty/controllers/audit_logs.rb

@@ -8,6 +8,21 @@ module Ditty
   class AuditLogs < Ditty::Component
     set model_class: AuditLog
 
+    FILTERS = [
+      { name: :user, field: 'user.email' },
+      { name: :action }
+    ].freeze
+
+    helpers do
+      def user_options
+        policy_scope(::Ditty::User).as_hash(:email, :email)
+      end
+
+      def action_options
+        policy_scope(::Ditty::AuditLog).as_hash(:action, :action)
+      end
+    end
+
     def find_template(views, name, engine, &block)
       super(views, name, engine, &block) # Root
       super(::Ditty::App.view_folder, name, engine, &block) # Ditty

data/lib/ditty/controllers/main.rb

@@ -45,12 +45,16 @@ module Ditty
 
     # Register Page
     get '/auth/identity/register' do
+      authorize ::Ditty::Identity, :register
+
       identity = Identity.new
       haml :'identity/register', locals: { title: 'Register', identity: identity }
     end
 
     # Register Action
     post '/auth/identity/new' do
+      authorize ::Ditty::Identity, :register
+
       identity = Identity.new(params['identity'])
       if identity.valid? && identity.save
         user = User.find_or_create(email: identity.username)

data/lib/ditty/controllers/users.rb

@@ -95,9 +95,12 @@ module Ditty
       roles  = values.delete('role_id')
       entity.set values
       if entity.valid? && entity.save
-        entity.remove_all_roles
-        roles.each { |role_id| entity.add_role(role_id) } if roles
-        entity.check_roles
+        if roles
+          entity.remove_all_roles
+          roles.each { |role_id| entity.add_role(role_id) }
+          entity.check_roles
+        end
+
         log_action("#{dehumanized}_update".to_sym) if settings.track_actions
         respond_to do |format|
           format.html do
@@ -112,7 +115,14 @@ module Ditty
           end
         end
       else
-        haml :"#{view_location}/edit", locals: { entity: entity, title: heading(:edit) }
+        respond_to do |format|
+          format.html do
+            haml :"#{view_location}/edit", locals: { entity: entity, title: heading(:edit) }
+          end
+          format.json do
+            400
+          end
+        end
       end
     end
 
@@ -140,8 +150,8 @@ module Ditty
       if identity.valid? && identity.save
         log_action("#{dehumanized}_update_password".to_sym) if settings.track_actions
         flash[:success] = 'Password Updated'
-        redirect "#{base_path}/#{entity.id}"
-      elsif current_user.super_admin?
+        redirect back
+      elsif current_user.super_admin? && current_user.id != id
         haml :"#{view_location}/display", locals: { entity: entity, identity: identity, title: heading }
       else
         haml :"#{view_location}/profile", locals: { entity: entity, identity: identity, title: heading }

data/lib/ditty/db.rb

@@ -3,16 +3,18 @@
 require 'sequel'
 require 'ditty/services/logger'
 
-# Delete DATABASE_URL from the environment, so it isn't accidently
-# passed to subprocesses.  DATABASE_URL may contain passwords.
-DB = Sequel.connect(ENV['RACK_ENV'] == 'production' ? ENV.delete('DATABASE_URL') : ENV['DATABASE_URL'])
+if ENV['DATABASE_URL']
+  # Delete DATABASE_URL from the environment, so it isn't accidently
+  # passed to subprocesses.  DATABASE_URL may contain passwords.
+  DB = Sequel.connect(ENV['RACK_ENV'] == 'production' ? ENV.delete('DATABASE_URL') : ENV['DATABASE_URL'])
 
-log_level = (ENV['SEQUEL_LOGGING_LEVEL'] || :debug).to_sym
-DB.sql_log_level = log_level
-DB.loggers << Ditty::Services::Logger.instance
+  DB.sql_log_level = (ENV['SEQUEL_LOGGING_LEVEL'] || :debug).to_sym
+  DB.loggers << Ditty::Services::Logger.instance
+  DB.extension(:pagination)
 
-Sequel::Model.plugin :validation_helpers
-Sequel::Model.plugin :update_or_create
-Sequel::Model.plugin :timestamps, update_on_create: true
-
-DB.extension(:pagination)
+  Sequel::Model.plugin :validation_helpers
+  Sequel::Model.plugin :update_or_create
+  Sequel::Model.plugin :timestamps, update_on_create: true
+else
+  Ditty::Services::Logger.instance.error 'No database connection set up'
+end

data/lib/ditty/helpers/component.rb

@@ -49,23 +49,42 @@ module Ditty
 
       def filtered(dataset)
         filters.each do |filter|
-          next unless params[filter[:name].to_s]
+          next if [nil, ''].include? params[filter[:name].to_s]
           filter[:field] ||= filter[:name]
+          filter[:modifier] ||= :to_s
           dataset = apply_filter(dataset, filter)
         end
         dataset
       end
 
       def apply_filter(dataset, filter)
-        value = params[filter[:name].to_s]
-        return dataset if value == '' || value.nil?
-        value = value.send(filter[:modifier]) if filter[:modifier]
-        dataset.where(filter[:field].to_sym => value)
+        value = params[filter[:name].to_s].send(filter[:modifier])
+        return dataset.where(filter[:field] => value) unless filter[:field].to_s.include? '.'
+
+        dataset.where(filter_field(filter) => filter_value(filter))
+      end
+
+      def filter_field(filter)
+        filter[:field].to_s.split('.').first.to_sym
+      end
+
+      def filter_value(filter)
+        field = filter[:field].to_s.split('.').last.to_sym
+        assoc = filter_association(filter)
+        value = params[filter[:name].to_s].send(filter[:modifier])
+        value = assoc.associated_dataset.first(field => value)
+        value.nil? ? assoc.associated_class.new : value
+      end
+
+      def filter_association(filter)
+        assoc = filter[:field].to_s.split('.').first.to_sym
+        assoc = settings.model_class.association_reflection(assoc)
+        raise "Unknown association #{assoc}" if assoc.nil?
+        assoc
       end
 
       def search(dataset)
-        return dataset if params['q'] == '' || params['q'].nil?
-        return dataset if searchable_fields == []
+        return dataset if ['', nil].include?(params['q']) || searchable_fields == []
 
         filters = searchable_fields.map { |f| Sequel.ilike(f.to_sym, "%#{params[:q]}%") }
         dataset.where Sequel.|(*filters)

data/lib/ditty/helpers/views.rb

@@ -27,7 +27,7 @@ module Ditty
         return unless respond_to? meth
         haml :'partials/filter_control', locals: {
           name: filter[:name],
-          label: opts[:label] || filter[:name].titlecase,
+          label: opts[:label] || filter[:name].to_s.titlecase,
           options: send(meth)
         }
       end

data/lib/ditty/models/identity.rb

@@ -46,7 +46,16 @@ module Ditty
       if password_required
         validates_presence :password
         validates_presence :password_confirmation
-        validates_min_length 8, :password
+        validates_format(
+          # 1 Uppercase
+          # 1 lowercase
+          # 1 Special Character
+          # 1 Number
+          # At least 8 characters
+          %r[\A(?=.*[A-Z])(?=.*[a-z])(?=.*[!@#&$*)(}{%^=_+|\\:";'<>,.\-\/?\[\]])(?=.*[0-9]).{8,}\Z],
+          :password,
+          message: 'is not strong enough'
+        )
       end
 
       errors.add(:password_confirmation, 'must match password') if !password.blank? && password != password_confirmation

data/lib/ditty/policies/identity_policy.rb

@@ -5,7 +5,7 @@ require 'ditty/policies/application_policy'
 module Ditty
   class IdentityPolicy < ApplicationPolicy
     def register?
-      true
+      !['1', 1, 'true', true, 'yes'].include? ENV['DITTY_REGISTERING_DISABLED']
     end
 
     def permitted_attributes

data/lib/ditty/policies/user_policy.rb

@@ -24,10 +24,6 @@ module Ditty
       create?
     end
 
-    def register?
-      true
-    end
-
     def permitted_attributes
       attribs = %i[email name surname]
       attribs << :role_id if user.super_admin?

data/lib/ditty/rake_tasks.rb

@@ -2,6 +2,7 @@
 
 require 'rake'
 require 'rake/tasklib'
+require 'ditty/db'
 
 module Ditty
   class Tasks < ::Rake::TaskLib
@@ -50,35 +51,42 @@ module Ditty
         end
 
         namespace :migrate do
+          require 'logger'
+
           folder = 'migrations'
 
           desc 'Check if the migration is current'
           task :check do
-            require 'sequel'
+            ::DB.loggers << Logger.new($stdout)
             puts 'Running Ditty Migrations check'
             ::Sequel.extension :migration
-            ::Sequel::Migrator.check_current(::DB, folder)
+            begin
+              ::Sequel::Migrator.check_current(::DB, folder)
+              puts 'Migrations up to date'
+            rescue Sequel::Migrator::Error => _e
+              puts 'Migrations NOT up to date'
+            end
           end
 
           desc 'Migrate Ditty database to latest version'
           task :up do
-            require 'sequel'
+            ::DB.loggers << Logger.new($stdout)
             puts 'Running Ditty Migrations up'
             ::Sequel.extension :migration
             ::Sequel::Migrator.apply(::DB, folder)
           end
 
-          desc 'Roll back the Ditty database'
+          desc 'Remove the whole Ditty database. You WILL lose data'
           task :down do
-            require 'sequel'
+            ::DB.loggers << Logger.new($stdout)
             puts 'Running Ditty Migrations down'
             ::Sequel.extension :migration
             ::Sequel::Migrator.apply(::DB, folder, 0)
           end
 
-          desc 'Reset the Ditty database'
+          desc 'Reset the Ditty database. You WILL lose data'
           task :bounce do
-            require 'sequel'
+            ::DB.loggers << Logger.new($stdout)
             puts 'Running Ditty Migrations bounce'
             ::Sequel.extension :migration
             ::Sequel::Migrator.apply(::DB, folder, 0)

data/lib/ditty/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Ditty
-  VERSION = '0.3.0'.freeze
+  VERSION = '0.3.1'.freeze
 end

data/lib/ditty.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'ditty/version'
+require 'ditty/services/logger'
 
 module Ditty
   class ComponentError < StandardError; end
@@ -57,7 +58,7 @@ module Ditty
     #
     #   Ditty::Components.register_component(:component_name, ComponentModule)
     def self.register_component(name, mod)
-      puts "Registering #{mod} as #{name}"
+      Ditty::Services::Logger.instance.info "Registering #{mod} as #{name}"
       @components[name] = mod
     end
 

data/views/audit_logs/index.haml

@@ -1,6 +1,8 @@
 .row
   .col-md-12
     .panel.panel-default
+      .panel-body
+        = haml :'partials/search'
       %table.table.table-striped
         %thead
           %tr

data/views/identity/login.haml

@@ -13,7 +13,8 @@
             %label.control-label Password
             %input.form-control.border-input{ name: 'password', type: 'password' }
           %button.btn.btn-primary{ type: 'submit' } Log In
-          .pull-right
-            No account yet?
-            %a.btn.btn-default{ href: "#{settings.map_path}/auth/identity/register" } Register
+          - if policy(::Ditty::Identity).register?
+            .pull-right
+              No account yet?
+              %a.btn.btn-default{ href: "#{settings.map_path}/auth/identity/register" } Register
   .col-sm-3

data/views/identity/register.haml

@@ -3,10 +3,10 @@
   .col-md-8
     .panel.panel-default
       .panel-heading
-        %h4 Ditty Registration
+        %h4 Register
       .panel-body
         %form.form-horizontal{ method: 'post', action: "#{settings.map_path}/auth/identity/new" }
-          = form_control(:username, identity, label: 'Email', placeholder: 'Your email address')
+          = form_control(:username, identity, label: 'Username', placeholder: 'Your username')
           = form_control(:password, identity, label: 'Password', type: :password)
           = form_control(:password_confirmation, identity, label: 'Confirm Password', type: :password)
 

data/views/partials/sidebar.haml

@@ -30,7 +30,8 @@
         %a{ href: "#{settings.map_path}/auth/identity" }
           %i.fa.fa-user.fa-fw
           Log In
-      %li
-        %a{ href: "#{settings.map_path}/auth/identity/register" }
-          %i.fa.fa-pencil-square-o.fa-fw
-          Register
+      - if policy(::Ditty::Identity).register?
+        %li
+          %a{ href: "#{settings.map_path}/auth/identity/register" }
+            %i.fa.fa-pencil-square-o.fa-fw
+            Register

data/views/users/display.haml

@@ -23,7 +23,8 @@
 
         .row
           .col-md-6
-            %a.btn.btn-default{ href: "#{base_path}/#{entity.id}/edit" } Edit
+            - if policy(entity).update?
+              %a.btn.btn-default{ href: "#{base_path}/#{entity.id}/edit" } Edit
           .col-md-6.text-right
             - if policy(entity).delete?
               %form{ method: 'post', action: "#{base_path}/#{entity.id}" }

data/views/users/profile.haml

@@ -20,6 +20,15 @@
         %p.description
           %label Signed up:
           = entity.created_at.strftime('%Y-%m-%d %H:%M:%S')
+        .row
+          .col-md-6
+            - if policy(entity).update?
+              %a.btn.btn-default{ href: "#{base_path}/#{entity.id}/edit" } Edit
+          .col-md-6.text-right
+            - if policy(entity).delete?
+              %form{ method: 'post', action: "#{base_path}/#{entity.id}" }
+                %input{ name: '_method', value: 'DELETE', type: 'hidden' }
+                %button.btn.btn-warning{ type: 'submit' } Delete
   .col-md-2
 
 .row

data/views/users/user.haml

@@ -1,3 +1,4 @@
 = form_control(:name, user)
 = form_control(:surname, user)
-= form_control(:role_id, user, type: 'select', options: Ditty::Role.as_hash(:id, :name), name: 'user[role_id][]', field: :roles, multiple: true)
+- if policy(user).permitted_attributes.include? :role_id
+  = form_control(:role_id, user, type: 'select', options: Ditty::Role.as_hash(:id, :name), name: 'user[role_id][]', field: :roles, multiple: true)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ditty
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Jurgens du Toit
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-10-14 00:00:00.000000000 Z
+date: 2017-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.1'
 - !ruby/object:Gem::Dependency
   name: haml
   requirement: !ruby/object:Gem::Requirement