edgarj 0.01.12

data/app/models/edgarj/search_form.rb

@@ -0,0 +1,255 @@
+module Edgarj
+  # 'SearchForm' instance contains search-conditions entered at search-form as:
+  # 1. search conditions (mainly string, but integers for timestamp)
+  #    for eash attribute of model
+  # 1. operator (=, <, >, ...) for each attribute
+  # 1. parent name for redraw
+  #
+  # Model(ActiveRecord) intance itself (e.g. Customer.new) doesn't satisfy to keep
+  # search condition because:
+  #
+  # 1. id cannot be set because of protection.
+  # 1. search condition may have operator (like '=', '>=')
+  #
+  # This is why SearchForm class is created.
+  #
+  # NOTE: model is stored in SearhForm as model_str.constantize to avoid following error:
+  #   ArgumentError (undefined class/module Customer)
+  #
+  # === Operator
+  # Operator for some search-fields (e.g. integer, date) are initialized
+  # by params[:edgarj_search_form_operator].  For example, when search condition 
+  # for Question screen GUI is:
+  #
+  #   Priority < 3
+  #
+  # then, params[:search] is:
+  #
+  #   :priority=>3, :search_form_operator=>{:priority=>'<'}
+  #
+  # and SearchForm object is built as:
+  #
+  #   s = SearchForm.new(Question, params[:search])
+  #
+  # and finally it generates SQL condition as follows:
+  #
+  #   s.conditions      # ["priority<?", 3]
+  #
+  # === Parent name
+  # In order to hold parent object 'name' value for redraw, _parent[] hash is
+  # used.  It is passed from params[:search_form_parent].
+  #
+  # === BUGS
+  # date-type(e.g. 'created_at(1i)'=2010, 'created_at(2i)'=2, ...) and
+  # datetime-type are not supported now while jQuery datepicker is OK.
+  #
+  class SearchForm < Edgarj::Search
+    attr_accessor   :_operator, :_parent
+    validate        :validate_data_type
+
+    module Dbms
+      MYSQL       = 1
+      ELSE        = 99
+    end
+
+    # Store comparison-operator for each search field
+    class Operator
+      # required at 'fields_for' helper
+      extend ActiveModel::Naming
+      extend ActiveModel::Conversion
+
+      ALLOWED = HashWithIndifferentAccess.new.tap do |a|
+        %w(= <> > >= < <=).each do |op|
+          a[op] = true
+        end
+      end
+
+      # accepts only allowed operators to avoid SQL injection
+      def initialize(attrs = {})
+        @attrs = HashWithIndifferentAccess.new
+
+        for k, v in (attrs || {}) do
+          if ALLOWED[v]
+            @attrs[k] = v
+          end
+        end
+      end
+
+      # generate a part of expression like '=?', ' in(?)', etc.
+      #
+      # When operator contains place-holder '?', it is not appended.
+      def exp(attr)
+        if @attrs[attr]
+          if @attrs[attr].index('?')
+            @attrs[attr]
+          else
+            @attrs[attr] + '?'
+          end
+        else
+          '=?'
+        end
+      end
+
+      def method_missing(method_name, *args)
+        @attrs[method_name.to_sym]
+      end
+    end
+
+    # Build SearchForm object from ActiveRecord 'klass' and attrs.
+    #
+    # === INPUTS
+    # klass:: ActiveRecord
+    # attrs:: hash of key=>value pair
+    def initialize(klass, attrs={})
+      super(klass)
+      @_table_name  = klass.table_name
+      @attrs        = attrs.dup
+      @_operator    = Operator.new(attrs[:edgarj_search_form_operator])
+      @_parent      = attrs[:search_form_parent]
+    end
+
+    # map attribute name to hash entry.
+    # This mechanism is required to be used in 'form_for' helper.
+    #
+    # When column type is integer and has digits value, return integer.
+    # This is required for selection helper.
+    # Even it is integer but has no value, keeps blank.
+    #
+    # When attribute name ends '=', assignment to hash works.
+    #
+    # === EXAMPLE
+    # s = Searchform.new(Product, :name=>'a')
+    # s.name
+    # s.conditions      # ["name=?", "a"]
+    # s.name = 'b'      # method_missing('name=', 'b') is called
+    # s.conditions      # ["name=?", "b"]
+    #
+    def method_missing(method_name, *args)
+      if method_name.to_s =~ /^(.*)=$/
+        @attrs[$1.to_sym] = args[0]
+      else
+        val = @attrs[method_name.to_sym]
+        case column_type(method_name)
+        when :integer
+          if val =~ /^\d+$/
+            val.to_i
+          else
+            val
+          end
+        else
+          val
+        end
+      end
+    end
+
+    DEFAULT_TIMEZONE_FOR_TIMESTAMP_DATE_COMPARISON = '9'
+
+    # Generate search-conditions.
+    # Wildcard search by '*' is supported on string attribute.
+    #
+    # === RETURN
+    # condition_string, value_array:: values for :conditions option on model
+    def conditions
+      return ['1=0'] if !valid?
+
+      conds       = []
+      values      = []
+      for col in @_klass_str.constantize.columns do
+        col_str = col_name(col)
+        val     = @attrs[encode_name(col)]
+        if !val.blank?
+          case col.type
+          when :string, :text
+            if val =~ /\*$/
+              conds   << col_str + ' like ?'
+              values  << val.gsub(/\*$/, '%')
+            else
+              conds   << col_str + '=?'
+              values  << val
+            end
+          when :datetime
+            case is_dbms?
+            when Dbms::MYSQL
+#             conds   << col_str + @_operator.exp(encode_name(col))
+              conds   << sprintf("date(%s)",
+                  col_str) +
+                  @_operator.exp(encode_name(col))
+            else
+              conds   << sprintf("date(timezone('%s',%s))",
+                  DEFAULT_TIMEZONE_FOR_TIMESTAMP_DATE_COMPARISON,
+                  col_str) +
+                  @_operator.exp(encode_name(col))
+            end
+            values  << val.to_s
+          when :boolean
+            case is_dbms?
+            when Dbms::MYSQL
+              conds   << col_str + @_operator.exp(encode_name(col))
+              values  << (val=='true')
+            else
+              conds   << col_str + @_operator.exp(encode_name(col))
+              values  << val
+            end
+          else
+            conds   << col_str + @_operator.exp(encode_name(col))
+            values  << val
+          end
+        end
+      end
+      return [conds.join(' and ')] + values
+    end
+
+  private
+    def is_dbms?
+      @is_dbms ||=
+        if (Edgarj::Sssn.connection.class.to_s =~ /mysql/i)
+          Dbms::MYSQL
+        else
+          Dbms::ELSE
+        end
+    end
+
+    # 'rec.id' is unintentionally interpreted as Object.id rather than
+    # rec.attrs['id'] so encode it to _id.
+    #
+    # 'rec.type' has the same issue so to _type.
+    #
+    # === SEE ALSO
+    # decode_name()
+    def encode_name(col)
+      if col.name == 'id'
+        :_id
+      elsif col.name == 'type'
+        :_type
+      else
+        col.name.to_sym
+      end
+    end
+
+    #
+    # === SEE ALSO
+    # encode_name()
+    def decode_name(col)
+    end
+
+    # generate full-qualified column name.  Example: authors.name
+    def col_name(col)
+      [@_table_name, col.name].join('.')
+    end
+
+    def validate_data_type
+      for col in @_klass_str.constantize.columns do
+        col_str     = col_name(col)
+        encoded_col = encode_name(col)
+        val     = @attrs[encoded_col]
+        case col.type
+        when :integer
+          if val.present? && val !~ /^[\d\.\-]+$/
+            errors.add(encoded_col, :not_an_integer)
+          end
+        else
+        end
+      end
+    end
+  end
+end

data/app/models/edgarj/search_popup.rb

@@ -0,0 +1,44 @@
+module Edgarj
+  # Search condition for popup
+  class SearchPopup < Search
+    attr_accessor :klass_str, :col, :val
+
+    validates_format_of :col, with: /\A[a-zA-Z_0-9\.]+\z/, allow_nil: true
+    validate :validate_integer
+
+    def initialize(klass, hash = nil)
+      super(klass)
+      @col  = hash ? hash[:col] : nil
+      @val  = hash ? hash[:val] : nil
+    end
+
+    # implement to generate search-conditions
+    def conditions
+      return ['1=0'] if !valid?
+
+      if @val.blank?
+        []
+      else
+        # FIXME: assume type is just string
+        op  = '=?'
+        val = @val
+        if val =~ /\*$/
+          op  = ' like ?'
+          val = @val.gsub(/\*/, '%')
+        end
+        ["#{@col}#{op}", val]
+      end
+    end
+
+  private
+    def validate_integer
+      case column_type(col)
+      when :integer
+        if val.present? && val !~ /^[\d\.\-]+$/
+          errors.add(:val, :not_an_integer)
+        end
+      else
+      end
+    end
+  end
+end

data/app/models/edgarj/sssn.rb

@@ -0,0 +1,120 @@
+module Edgarj
+  # Edgarj specific session
+  #
+  # ActiveRecord::SessionStore::Session and Sssn are merged into Sssn because:
+  #
+  # * I could not find the way to build/prepare session for test;-(
+  # * It was verbose to Sync Sssn and Session.
+  #
+  # See ActiveRecord::SessionStore how to do that.
+  class Sssn < ActiveRecord::Base
+    self.table_name = 'edgarj_sssns'
+
+   #has_many        :cart_items,        dependent:  :destroy
+   #has_many        :album_slide_shows, dependent:  :destroy,
+   #                :class_name=>'Album::SlideShow'
+    belongs_to      :user
+    has_many        :page_infos,        dependent:  :destroy, autosave: true
+
+  #-----------------------------------------
+  # implementation section required by Rails
+  #-----------------------------------------
+
+    before_save :marshal_data!
+    before_save :raise_on_session_data_overflow!
+
+    class << self
+      def data_column_size_limit
+        @data_column_size_limit ||= columns_hash['data'].limit
+      end
+
+      def find_by_session_id(session_id)
+        where(session_id: session_id).first
+      end
+
+      def marshal(data)
+        Base64.encode64(Marshal.dump(data)) if data
+      end
+
+      def unmarshal(data)
+        Marshal.load(Base64.decode64(data)) if data
+      end
+    end
+
+=begin
+    def initialize(attributes = nil)
+      @data = nil
+      super
+    end
+=end
+
+    # Lazy-unmarshal session state.
+    def data
+      @data ||= self.class.unmarshal(read_attribute('data')) || {}
+    end
+
+    attr_writer :data
+
+    # Has the session been loaded yet?
+    def loaded?
+      !!@data
+    end
+
+  private
+    def marshal_data!
+      return false unless loaded?
+      write_attribute('data', self.class.marshal(data))
+    end
+
+    # Ensures that the data about to be stored in the database is not
+    # larger than the data storage column. Raises
+    # ActionController::SessionOverflowError.
+    def raise_on_session_data_overflow!
+      return false unless loaded?
+      limit = self.class.data_column_size_limit
+      if limit and read_attribute('data').size > limit
+        raise ActionController::SessionOverflowError
+      end
+    end
+
+  #---------------------------------------------
+  # End implementation section required by Rails
+  #---------------------------------------------
+
+  public
+    # delete stale sessions no longer active than SESSION_TIME_OUT minutes ago
+    #
+    # === INPUTS
+    # dry_run:: dry-run mode (default = true)
+    #
+    def self.delete_stale_sessions(dry_run=true)
+      self.transaction do
+        for s in Sssn.all(
+            :conditions=>['updated_at<?', Edgarj::BaseConfig::SESSION_TIME_OUT.minutes.ago.utc]) do
+          begin
+            session_id = s.session_id
+            s.destroy
+            logger.info("deleting session(#{session_id})")
+          rescue ActiveRecord::RecordNotFound => ex
+            logger.warn("session not found(#{session_id})")
+          end
+        end
+        raise ActiveRecord::Rollback if dry_run
+      end
+    end
+
+    def name
+      user.name + ' session'
+    end
+
+    def before_destroy
+      if Edgarj::Login::ENABLE_LOGGING
+        a         = ActionEntry.new
+        a.user    = self.user
+        a.action  = Action::Login.new(:kind=>Action::Login::Kind::LOGOUT)
+        a.save!
+      end
+      true
+    end
+  end
+end

data/app/models/edgarj/user_group.rb

@@ -0,0 +1,67 @@
+# UserGroup can be used for several types of user group like the followings:
+#
+# * user organization
+# * user role
+module Edgarj
+  class UserGroup < ActiveRecord::Base
+    self.table_name = 'edgarj_user_groups'
+
+    acts_as_nested_set scope: :kind
+
+    has_many  :user_group_users,  dependent: :destroy
+    has_many  :users,             through: :user_group_users
+    has_many  :model_permissions, dependent: :destroy
+
+    # 'Kind' value is to identify what kind of user-group many-to-many
+    # relation is established.  Following two values are reserved:
+    #
+    # ROLE::      controller-permission
+    # USER_ORG::  organization of users
+    #
+    # Any uniq value can be added for application usage.  One example
+    # is in test/dummy/app/decorators/models/edgarj/user_group_decorator.rb
+    module Kind
+      ROLE      =  100
+      USER_ORG  =  200
+    end
+
+    def validate
+      super
+      validate_tree_kind
+    end
+
+    # return true if the role has enough permission on the controller.
+    #
+    # If user role is 'admin' then all operations are permitted.
+    #
+    # Always return false if the user-group is not ROLE.
+    #
+    # if requested_flags is omitted, just checks existence of
+    # model_permissions and doesn't check CRUD level.
+    def permitted?(model_name, requested_flags = 0)
+      return false if self.kind != Kind::ROLE
+      return true  if admin?
+
+      p = self.model_permissions.find_by_model(model_name)
+      if requested_flags == 0
+        p
+      else
+        p && p.permitted?(requested_flags)
+      end
+    end
+
+    def admin?
+      self.kind == Kind::ROLE && name == 'admin'
+    end
+
+  private
+    # USER_ORG's parent must be USER_ORG
+    def validate_tree_kind
+      if parent_id
+        if kind != parent.kind
+          err_on(:kind, 'different_kind_from_parent')
+        end
+      end
+    end
+  end
+end

data/app/models/edgarj/user_group_user.rb

@@ -0,0 +1,18 @@
+# UserGroup - User intersection model
+#
+module Edgarj
+  class UserGroupUser < ActiveRecord::Base
+    self.table_name = 'edgarj_user_group_users'
+
+    belongs_to  :user_group
+    belongs_to  :user
+
+    validates_presence_of   :user_group_id
+    validates_presence_of   :user_id
+    validates_uniqueness_of :user_id, :scope=>:user_group_id
+
+    def name
+      self.user.name + ' of ' + self.user_group.name
+    end
+  end
+end

data/app/models/edgarj.rb

@@ -0,0 +1,5 @@
+module Edgarj
+  def self.table_name_prefix
+    'edgarj_'
+  end
+end

data/app/views/edgarj/edgarj/_form.html.erb

@@ -0,0 +1,25 @@
+<%#
+Form for record detail
+
+= INPUTS
+
+@drawer::    drawer instance
+@record::       form value
+
+= SEE ALSO
+
+_search_form.htm.erb::  search form
+%>
+<div id=edgarj_form>
+  <% if @record.errors.any? %>
+    <div class="error_explanation">
+      <h2><%= t('error.form.title', count: @record.errors.count) %></h2>
+      <ul>
+      <% @record.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <%= @drawer.draw_form(@record) %>
+</div>

data/app/views/edgarj/edgarj/_list.html.erb

@@ -0,0 +1,52 @@
+<%#
+= INPUTS
+
+@list::       model instance list
+@count::      model instance list count
+@page_info::  page_info instance
+%>
+<div id=edgarj_list>           <!-- edgarj/_list.html.erb -->
+  <table width="100%">
+    <tr>
+      <td><%= t('edgarj.default.total_records') % @count %></td>
+      <td>
+          <%= paginate @list,
+                  remote: true,
+                  params: {action: 'index'} %>
+      </td>
+      <td align=right>
+        <%=
+            form_for(@page_info,
+                remote: true,
+                url:    {action: 'page_info_save', id: @page_info.id,
+                         controller: params[:controller]},
+                html:   {id: 'edgarj_form_lines_per_page', method: :put}
+            ) do |f| %>
+          <%= f.select('lines', Edgarj::LINES_PER_PAGE.map{|x| [x,x]}) %>
+          <%= v('records_per_page') %>
+        <% end %>
+      </td>
+      <td>
+        <%= button_to v('csv_download'), {
+                  controller: params[:controller],
+                  action:     'csv_download'},
+                  {method: :get} %>
+      </td>
+    </tr>
+  </table>
+  <%= drawer.draw_list(@list) %>
+
+  <%= javascript_tag do %>
+  $(function(){
+    /* action on changing records/page at the selection in list */
+    $('#edgarj_page_info_lines').change(function(){
+      $("#edgarj_form_lines_per_page").trigger("submit.rails");
+    });
+  
+    /* show detail on clicking a list row */
+    $('._edgarj_list_column').click(function(){
+      $.ajax($(this).attr('data-url'));
+    });
+  });
+  <% end %>
+</div>

data/app/views/edgarj/edgarj/_message_popup.html.erb

@@ -0,0 +1,15 @@
+<!-- edgarj/_message_popup.html.erb -->
+<%#
+message popup template.
+%>
+
+<center>
+  <div id=edgarj_message_error ><%= flash[:error]  || '' %></div>
+  <div id=edgarj_message_notice><%= flash[:notice] || '' %></div>
+  <hr>
+  <%= button_tag t('close'),
+          type:     'button',
+          id:       'edgarj_message_popup_close',
+          onClick:  "$('#edgarj_message_popup').dialog('close');"
+  %>
+</center>

data/app/views/edgarj/edgarj/_search_form.html.erb

@@ -0,0 +1,64 @@
+<%#
+Form for search condition.
+
+= INPUTS
+
+@drawer::             Edgarj::Drawer::Normal object
+@search::             form value
+@notice::             notice message
+@error::              error message
+
+= SEE ALSO
+
+_form.html.erb::      record form
+%>
+
+<div id=edgarj_search_form>              <!-- edgarj/_search_form.html.erb -->
+  <% if @search.errors.any? %>
+    <div class="error_explanation">
+      <h2><%= t('error.search_form.title', count: @search.errors.count) %></h2>
+      <ul>
+      <% @search.errors.full_messages.each do |msg| %>
+        <li><%= msg %></li>
+      <% end %>
+      </ul>
+    </div>
+  <% end %>
+  <%= form_for(@search, url: {action: 'search'}, html: {
+          id:     '_edgarj_search_form',
+          remote: true,
+          method: :get}) do |f| %>
+    <%= f.fields_for(@search._operator) do |o| %>
+      <%= Edgarj::FormDrawer::Search.new(@drawer, @search, f, o).draw() %>
+      <%# to avoid submit on 1-textfield form when hit [ENTER] key: %>
+      <input type="text" name="dummy" style="visibility:hidden" size=0>
+    <% end %>
+  <% end %>
+  <%= draw_search_form_buttons %>
+
+  <%= javascript_tag do %>
+    <% id = 'edgarj_search_operator_selection' %>
+    $('div.search_operator').contextMenu('<%= id -%>', {
+      bindings: {
+        '<%= id + '_eq' %>': function(target){
+          Edgarj.OperatorSelection.on_select(target, '=');
+        },
+        '<%= id + '_ne' %>': function(target){
+          Edgarj.OperatorSelection.on_select(target, '<>');
+        },
+        '<%= id + '_gt' %>': function(target){
+          Edgarj.OperatorSelection.on_select(target, '>');
+        },
+        '<%= id + '_ge' %>': function(target){
+          Edgarj.OperatorSelection.on_select(target, '>=');
+        },
+        '<%= id + '_lt' %>': function(target){
+          Edgarj.OperatorSelection.on_select(target, '<');
+        },
+        '<%= id + '_le' %>': function(target){
+          Edgarj.OperatorSelection.on_select(target, '<=');
+        },
+      }
+    });
+  <% end %>
+</div>

data/app/views/edgarj/edgarj/_search_operator.html.erb

@@ -0,0 +1,17 @@
+<%#
+Template for search_operator() helper.
+
+=== INPUTS
+o::       operator form builder
+method::  attribute name of the object
+%>
+
+<%
+name  = "edgarj_search_form[edgarj_search_form_operator][#{method.to_s}]"
+id    = name.gsub(/\]\[|[^-a-zA-Z0-9:.]/, "_").sub(/_$/, "")
+op    = o.object.send(method).blank? ? '=' : o.object.send(method)
+%>
+<div id='<%= id + "_label" -%>' class='search_operator'>
+  <%= h(op) %>
+</div>
+<%= o.hidden_field method %>