easy-admin-rails 0.1.0

data/lib/generators/easy_admin/rbac/rbac_generator.rb

@@ -0,0 +1,244 @@
+require 'rails/generators'
+require 'rails/generators/migration'
+
+module EasyAdmin
+  module Generators
+    class RbacGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      
+      source_root File.expand_path('../templates', __FILE__)
+      
+      desc 'Generate EasyAdmin Role-Based Access Control setup'
+      
+      def self.next_migration_number(path)
+        Time.current.utc.strftime("%Y%m%d%H%M%S")
+      end
+      
+      def copy_migration
+        migration_template(
+          'add_rbac_to_admin_users.rb',
+          'db/migrate/add_rbac_to_admin_users.rb',
+          migration_version: migration_version
+        )
+      end
+      
+      def create_role_models
+        template 'super_admin.rb', 'app/models/easy_admin/super_admin.rb'
+        template 'admin.rb', 'app/models/easy_admin/admin.rb'
+        template 'editor.rb', 'app/models/easy_admin/editor.rb'
+        template 'viewer.rb', 'app/models/easy_admin/viewer.rb'
+      end
+      
+      def update_admin_user_model
+        inject_into_file 'app/models/easy_admin/admin_user.rb', after: "self.table_name = \"easy_admin_admin_users\"\n" do
+          <<-RUBY
+    
+    # STI configuration for role-based access
+    self.inheritance_column = :type
+    
+    # Associations
+    has_many :audit_logs, class_name: 'EasyAdmin::AuditLog', foreign_key: :admin_user_id, dependent: :destroy
+    
+    # Scopes
+    scope :by_role, ->(role) { where(type: "EasyAdmin::\#{role}") }
+    
+    # Cache permissions per request
+    def permissions_cache
+      @permissions_cache ||= {}
+    end
+    
+    # Core authorization methods (to be overridden by subclasses)
+    def can_access_resource?(resource_name)
+      accessible_resources.include?(resource_name.to_s)
+    end
+    
+    def can_perform_action?(resource_name, action)
+      return false unless can_access_resource?(resource_name)
+      allowed_actions_for(resource_name).include?(action.to_s)
+    end
+    
+    def can_access_field?(resource_name, field_name, action = :read)
+      return false unless can_access_resource?(resource_name)
+      !restricted_fields_for(resource_name, action).include?(field_name.to_s)
+    end
+    
+    # Override in subclasses
+    def accessible_resources
+      []
+    end
+    
+    def allowed_actions_for(resource_name)
+      [:index, :show]
+    end
+    
+    def restricted_fields_for(resource_name, action)
+      []
+    end
+    
+    def apply_resource_scope(resource_name, scope)
+      scope
+    end
+    
+    # Helper for caching expensive operations
+    def cached_permission(key, &block)
+      permissions_cache[key] ||= block.call
+    end
+          RUBY
+        end
+      end
+      
+      def create_permission_cache
+        template 'permission_cache.rb', 'lib/easy_admin/permission_cache.rb'
+      end
+      
+      def create_audit_log_model
+        template 'audit_log.rb', 'app/models/easy_admin/audit_log.rb'
+        
+        migration_template(
+          'create_audit_logs.rb',
+          'db/migrate/create_easy_admin_audit_logs.rb',
+          migration_version: migration_version
+        )
+      end
+      
+      def update_application_controller
+        inject_into_file 'app/controllers/easy_admin/application_controller.rb', 
+                        before: "include Pagy::Backend" do
+          <<-RUBY
+    class UnauthorizedError < StandardError; end
+    
+          RUBY
+        end
+        
+        inject_into_file 'app/controllers/easy_admin/application_controller.rb',
+                        after: "before_action :authenticate_easy_admin_admin_user!\n" do
+          <<-RUBY
+    before_action :check_resource_access!, except: [:index]
+    
+    rescue_from UnauthorizedError do |exception|
+      respond_to do |format|
+        format.html { redirect_to easy_admin.root_path, alert: 'You are not authorized to access this resource.' }
+        format.turbo_stream do 
+          render turbo_stream: turbo_stream.replace("notifications", 
+            EasyAdmin::NotificationComponent.new(
+              message: 'You are not authorized to access this resource', 
+              type: :error
+            ).call
+          )
+        end
+      end
+    end
+          RUBY
+        end
+        
+        inject_into_file 'app/controllers/easy_admin/application_controller.rb',
+                        before: "def authenticate_admin_user!" do
+          <<-RUBY
+    def check_resource_access!
+      return unless defined?(@resource_class)
+      
+      unless current_admin_user.can_access_resource?(@resource_class.resource_name)
+        raise UnauthorizedError, "Access denied to \#{@resource_class.resource_name}"
+      end
+      
+      check_action_permission!
+    end
+    
+    def check_action_permission!
+      action_map = {
+        'index' => :index,
+        'show' => :show,
+        'new' => :new,
+        'create' => :create,
+        'edit' => :edit,
+        'update' => :update,
+        'destroy' => :destroy,
+        'execute' => :batch_action
+      }
+      
+      mapped_action = action_map[action_name] || action_name.to_sym
+      
+      unless current_admin_user.can_perform_action?(@resource_class.resource_name, mapped_action)
+        raise UnauthorizedError, "Cannot perform \#{mapped_action} on \#{@resource_class.resource_name}"
+      end
+    end
+    
+    def apply_role_scoping(scope)
+      current_admin_user.apply_resource_scope(@resource_class.resource_name, scope)
+    end
+    
+    def permission_cache
+      @permission_cache ||= EasyAdmin::PermissionCache.new(current_admin_user)
+    end
+    
+          RUBY
+        end
+        
+        inject_into_file 'app/controllers/easy_admin/application_controller.rb',
+                        after: "helper_method :current_admin_user, :admin_user_signed_in?" do
+          ", :permission_cache"
+        end
+      end
+      
+      def create_seeds
+        create_file 'db/seeds/easy_admin_rbac.rb', <<~RUBY
+          # Create default admin users with different roles
+          if Rails.env.development?
+            # Super Admin - full access
+            EasyAdmin::SuperAdmin.find_or_create_by(email: 'super@example.com') do |admin|
+              admin.password = 'password'
+              admin.password_confirmation = 'password'
+              admin.first_name = 'Super'
+              admin.last_name = 'Admin'
+              admin.confirmed_at = Time.current
+            end
+            
+            # Standard Admin - most access except system settings
+            EasyAdmin::Admin.find_or_create_by(email: 'admin@example.com') do |admin|
+              admin.password = 'password'
+              admin.password_confirmation = 'password'
+              admin.first_name = 'Admin'
+              admin.last_name = 'User'
+              admin.confirmed_at = Time.current
+            end
+            
+            # Editor - content management only
+            EasyAdmin::Editor.find_or_create_by(email: 'editor@example.com') do |admin|
+              admin.password = 'password'
+              admin.password_confirmation = 'password'
+              admin.first_name = 'Content'
+              admin.last_name = 'Editor'
+              admin.confirmed_at = Time.current
+            end
+            
+            # Viewer - read-only access
+            EasyAdmin::Viewer.find_or_create_by(email: 'viewer@example.com') do |admin|
+              admin.password = 'password'
+              admin.password_confirmation = 'password'
+              admin.first_name = 'Read'
+              admin.last_name = 'Only'
+              admin.confirmed_at = Time.current
+            end
+            
+            puts "EasyAdmin RBAC users created!"
+            puts "Roles available:"
+            puts "  SuperAdmin - super@example.com / password (full access)"
+            puts "  Admin - admin@example.com / password (standard admin)"
+            puts "  Editor - editor@example.com / password (content only)"
+            puts "  Viewer - viewer@example.com / password (read-only)"
+          end
+        RUBY
+      end
+      
+      def show_readme
+        readme 'RBAC_README'
+      end
+      
+      private
+      
+      def migration_version
+        "[#{ActiveRecord::VERSION::MAJOR}.#{ActiveRecord::VERSION::MINOR}]"
+      end
+    end
+  end
+end

data/lib/generators/easy_admin/rbac/templates/add_rbac_to_admin_users.rb

@@ -0,0 +1,23 @@
+class AddRbacToAdminUsers < ActiveRecord::Migration<%= migration_version %>
+  def change
+    # Add type column for STI
+    add_column :easy_admin_admin_users, :type, :string
+    add_column :easy_admin_admin_users, :permissions, :json, default: {}
+    add_column :easy_admin_admin_users, :resource_access, :json, default: {}
+    
+    # Add indexes for performance
+    add_index :easy_admin_admin_users, :type
+    add_index :easy_admin_admin_users, [:type, :locked_at]
+    
+    # Migrate existing users to Admin type
+    reversible do |dir|
+      dir.up do
+        execute <<-SQL
+          UPDATE easy_admin_admin_users 
+          SET type = 'EasyAdmin::Admin' 
+          WHERE type IS NULL
+        SQL
+      end
+    end
+  end
+end

data/lib/generators/easy_admin/rbac/templates/super_admin.rb

@@ -0,0 +1,34 @@
+module EasyAdmin
+  class SuperAdmin < AdminUser
+    def accessible_resources
+      cached_permission(:resources) do
+        EasyAdmin::ResourceRegistry.all_resources.map(&:resource_name)
+      end
+    end
+    
+    def allowed_actions_for(resource_name)
+      [:index, :show, :new, :create, :edit, :update, :destroy, :batch_action, :row_action].map(&:to_s)
+    end
+    
+    def restricted_fields_for(resource_name, action)
+      [] # No restrictions for super admin
+    end
+    
+    def apply_resource_scope(resource_name, scope)
+      scope # No filtering for super admin
+    end
+    
+    # Super admin specific methods
+    def super_admin?
+      true
+    end
+    
+    def role_name
+      'Super Admin'
+    end
+    
+    def role_badge_color
+      'red'
+    end
+  end
+end

data/lib/generators/easy_admin/resource_generator.rb

@@ -0,0 +1,43 @@
+module EasyAdmin
+  module Generators
+    class ResourceGenerator < Rails::Generators::NamedBase
+      desc "Creates EasyAdmin resource for a model"
+      
+      def self.source_root
+        @source_root ||= File.expand_path("templates", __dir__)
+      end
+
+      def create_resource
+        template "resource.rb", "app/easy_admin/resources/#{file_name}_resource.rb"
+      end
+
+      def show_usage
+        say "\nResource created! Add it to your EasyAdmin configuration:", :green
+        say "\n  # config/initializers/easy_admin.rb"
+        say "  EasyAdmin.configure do |config|"
+        say "    config.sidebar do"
+        say "      item \"#{human_name.pluralize}\", easy_admin.#{route_key}_path, icon: \"📄\""
+        say "    end"
+        say "  end\n"
+      end
+
+      private
+
+      def model_class_name
+        class_name
+      end
+
+      def route_key
+        file_name.pluralize
+      end
+
+      def resource_class_name
+        "#{class_name}Resource"
+      end
+
+      def human_name
+        class_name.humanize
+      end
+    end
+  end
+end

data/lib/generators/easy_admin/templates/AUTH_README

@@ -0,0 +1,35 @@
+===============================================================================
+
+                    EasyAdmin Authentication Setup Complete!
+
+===============================================================================
+
+The EasyAdmin authentication system has been successfully installed.
+
+What was added:
+  - Admin users migration (creates easy_admin_admin_users table)
+  - Devise configuration for EasyAdmin (config/initializers/easy_admin_devise.rb)
+  - EasyAdmin routes mounted at /admin
+  - Default admin user seeds (db/seeds/easy_admin.rb)
+
+Next steps:
+
+  1. Run the migration:
+     rails db:migrate
+
+  2. Load the default admin user:
+     rails db:seed
+
+  3. Start your server and visit:
+     http://localhost:3000/admin
+
+  4. Sign in with the default credentials:
+     Email:    admin@example.com
+     Password: password
+
+  5. (Optional) Configure email settings in config/initializers/easy_admin_devise.rb
+     for password reset functionality.
+
+For more information, visit: https://github.com/your-username/easy_admin
+
+===============================================================================

data/lib/generators/easy_admin/templates/README

@@ -0,0 +1,27 @@
+===============================================================================
+
+EasyAdmin has been installed! 🎉
+
+Next steps:
+
+1. Configure your sidebar navigation in config/initializers/easy_admin.rb
+2. Build the JavaScript assets: npm run build:js
+3. Visit /easy_admin in your browser
+
+Documentation:
+- Sidebar DSL: Use `item` for navigation links and `group` for expandable sections
+- Icons: Use emoji or any text-based icons
+- Paths: Relative paths will be prefixed with your app's base URL
+
+Example configuration:
+
+  config.sidebar do
+    item "Dashboard", dashboard_path, icon: "📊", active: current_page?(dashboard_path)
+    
+    group "Content", icon: "📝" do
+      item "Posts", posts_path, icon: "📄"
+      item "Categories", categories_path, icon: "🏷️"
+    end
+  end
+
+===============================================================================

data/lib/generators/easy_admin/templates/create_easy_admin_admin_users.rb

@@ -0,0 +1,45 @@
+class CreateEasyAdminAdminUsers < ActiveRecord::Migration<%= migration_version %>
+  def change
+    create_table :easy_admin_admin_users do |t|
+      ## Database authenticatable
+      t.string :email,              null: false, default: ""
+      t.string :encrypted_password, null: false, default: ""
+
+      ## Personal Info
+      t.string :first_name
+      t.string :last_name
+
+      ## Recoverable
+      t.string   :reset_password_token
+      t.datetime :reset_password_sent_at
+
+      ## Rememberable
+      t.datetime :remember_created_at
+
+      ## Trackable
+      t.integer  :sign_in_count, default: 0, null: false
+      t.datetime :current_sign_in_at
+      t.datetime :last_sign_in_at
+      t.string   :current_sign_in_ip
+      t.string   :last_sign_in_ip
+
+      ## Confirmable
+      t.string   :confirmation_token
+      t.datetime :confirmed_at
+      t.datetime :confirmation_sent_at
+      t.string   :unconfirmed_email # Only if using reconfirmable
+
+      ## Lockable
+      t.integer  :failed_attempts, default: 0, null: false # Only if lock strategy is :failed_attempts
+      t.string   :unlock_token # Only if unlock strategy is :email or :both
+      t.datetime :locked_at
+
+      t.timestamps null: false
+    end
+
+    add_index :easy_admin_admin_users, :email,                unique: true
+    add_index :easy_admin_admin_users, :reset_password_token, unique: true
+    add_index :easy_admin_admin_users, :confirmation_token,   unique: true
+    add_index :easy_admin_admin_users, :unlock_token,         unique: true
+  end
+end