enju_leaf 1.1.0.rc19 → 1.1.0.rc20

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4509e09fc31d795bc5906e2e173243a060a861f3
-  data.tar.gz: c9fcf52a57f873fb796a1d822f13a37431a8a330
+  metadata.gz: 3273d500f23e9cc91fa3e7f5bb4326b487f82ece
+  data.tar.gz: a85ea982da6df34bc0ec54854af71dbd878e271e
 SHA512:
-  metadata.gz: eb3daf7762e866839ed6dcbe080384e7ca3bf84d3d164a5e28419f918d9b1a6a16a814fd525c60d923d185ebe883e826caa6a434c6ea96d71995ed5daf109abc
-  data.tar.gz: 5de411ca22b80c626f276ddf1a72ee1b04962cb5fd448996e1d59c293d4326045f5a21b32689555d7e08d3d3516da78b5c29f66e0b4b257a08c75f13fc5c7db6
+  metadata.gz: 3e49feb51fe8ec0fb8f99c5585f3392b0ec50e96bbee9b9b9593c6ebf0c7cbfa25182a27cc33ab62f9a64b05407e27c286492cfa1b36d3eb6df1c5b0f586e1e9
+  data.tar.gz: 7da97d2101393d48658fc87f380975b90087812e5df3a8075a84aa3325a655d51c185af9d16795d726383212cebfc31fcc10a38b91da719259970b47c51756ee

data/app/assets/stylesheets/enju.css

@@ -361,7 +361,7 @@ input.resource_url{
   width: 40em;
 }
 
-input.resource_isbn_issn, input.resource_identifier, input.resource_user_number, input.resource_user{
+input.resource_isbn_issn, input.resource_identifier, input.resource_user_number, input.resource_user, input.resource_item_identifier{
   width: 10em;
   ime-mode: disabled;
 }

data/app/controllers/page_controller.rb

@@ -12,10 +12,15 @@ class PageController < ApplicationController
       #  redirect_to new_user_agent_url(current_user); return
       #end
       if defined?(EnjuBookmark)
-        @tags = current_user.bookmarks.tag_counts.sort{|a,b| a.count <=> b.count}.reverse
+        @tags = current_user.bookmarks.tag_counts.sort{|a, b|
+          a.count <=> b.count
+        }.reverse
       end
       if current_user.profile
-        @manifestation = Manifestation.pickup(current_user.profile.keyword_list.to_s.split.sort_by{rand}.first, current_user)
+        @manifestation = Manifestation.pickup(
+          current_user.profile.keyword_list.to_s.split.sort_by{rand}.first,
+          current_user
+        )
       else
         @manifestation = nil
       end
@@ -23,7 +28,9 @@ class PageController < ApplicationController
       if defined?(EnjuBookmark)
         # TODO: タグ下限の設定
         #@tags = Tag.all(limit: 50, order: 'taggings_count DESC')
-        @tags = Bookmark.tag_counts.sort{|a,b| a.count <=> b.count}.reverse[0..49]
+        @tags = Bookmark.tag_counts.sort{|a, b|
+          a.count <=> b.count
+        }.reverse[0..49]
       end
       @manifestation = Manifestation.pickup rescue nil
     end
@@ -86,8 +93,7 @@ class PageController < ApplicationController
 
   private
   def check_librarian
-    unless current_user.has_role?('Librarian')
-      access_denied
-    end
+    return true if current_user.has_role?('Librarian')
+    access_denied
   end
 end

data/app/controllers/profiles_controller.rb

@@ -30,6 +30,7 @@ class ProfilesController < ApplicationController
     search = Profile.search
     search.build do
       fulltext query if query
+      with(:required_role_id).less_than_or_equal_to role.id
       order_by sort[:sort_by], sort[:order]
     end
     search.query.paginate(page.to_i, Profile.default_per_page)

data/app/controllers/roles_controller.rb

@@ -1,9 +1,12 @@
 class RolesController < ApplicationController
-  load_and_authorize_resource
+  load_and_authorize_resource except: :index
+  authorize_resource only: :index
 
   # GET /roles
   # GET /roles.json
   def index
+    @roles = Role.order(:position)
+
     respond_to do |format|
       format.html # index.html.erb
       format.json { render json: @roles }

data/app/controllers/user_groups_controller.rb

@@ -6,7 +6,7 @@ class UserGroupsController < ApplicationController
   # GET /user_groups
   # GET /user_groups.json
   def index
-    @user_groups = UserGroup.all
+    @user_groups = UserGroup.order(:position)
 
     respond_to do |format|
       format.html # index.html.erb
@@ -96,7 +96,7 @@ class UserGroupsController < ApplicationController
       # EnjuCirculation
       {:user_group_has_checkout_types_attributes => [
         :id, :checkout_type_id, :checkout_limit, :checkout_period, :checkout_renewal_limit,
-        :reservation_limit, :reservation_expired_period, :set_due_date_before_closing_day,
+        :reservation_limit, :reservation_expired_period, :set_due_date_before_closing_day
       ]},
     )
   end

data/app/controllers/user_import_files_controller.rb

@@ -5,7 +5,7 @@ class UserImportFilesController < ApplicationController
   # GET /user_import_files
   # GET /user_import_files.json
   def index
-    @user_import_files = UserImportFile.page(params[:page])
+    @user_import_files = UserImportFile.order('id DESC').page(params[:page])
 
     respond_to do |format|
       format.html # index.html.erb

data/app/models/enju_leaf/ability.rb

@@ -42,7 +42,21 @@ module EnjuLeaf
           UserImportResult
         ] if LibraryGroup.site_config.network_access_allowed?(ip_address)
       when 'Librarian'
-        can [:read, :create, :update], Profile
+        can :create, Profile
+        can :read, Profile do |profile|
+          profile == user.profile or %w(Librarian User Guest).include?(profile.required_role.name)
+        end
+        can :update, Profile do |profile|
+          if profile == user.profile
+            true
+          else
+            if %w(Librarian User Guest).include?(profile.required_role.name)
+	      unless profile.try(:user).try(:has_role?, 'Administrator')
+                true
+              end
+            end
+	  end
+        end
         can :destroy, Profile do |profile|
           if profile.user
             if profile != user.profile && profile.user.id != 1
@@ -69,7 +83,9 @@ module EnjuLeaf
           UserImportResult
         ] if LibraryGroup.site_config.network_access_allowed?(ip_address)
       when 'User'
-        can :show, Profile
+        can :show, Profile do |profile|
+	  profile == user.profile or %w(User Guest).include?(profile.required_role.name)
+        end
         can :update, Profile do |profile|
           profile == user.profile
         end

data/app/models/profile.rb

@@ -15,8 +15,11 @@ class Profile < ActiveRecord::Base
   validates_associated :user
   validates_presence_of :user_group, :library, :locale #, :user_number
   validates :user_number, uniqueness: true, format: { with: /\A[0-9A-Za-z_]+\Z/ }, allow_blank: true
+  validates :user_id, uniqueness: true, allow_blank: true
   validates :birth_date, format: { with: /\A\d{4}-\d{1,2}-\d{1,2}\Z/ }, allow_blank: true
 
+  normalize_attribute :user_number
+
   attr_accessor :birth_date, :locked
 
   searchable do
@@ -39,6 +42,7 @@ class Profile < ActiveRecord::Base
     boolean :active do
       user.try(:active_for_authentication?)
     end
+    integer :required_role_id
   end
 
   before_validation :set_role_and_agent, on: :create

data/app/models/role.rb

@@ -1,6 +1,5 @@
 class Role < ActiveRecord::Base
   include MasterModel
-  default_scope { order("roles.position") }
   validates :name, presence: true, format: { with: /\A[A-Za-z][a-z_,]*[a-z]\Z/ }
   has_many :user_has_roles
   has_many :users, through: :user_has_roles

data/app/models/user_group.rb

@@ -1,7 +1,6 @@
 # -*- encoding: utf-8 -*-
 class UserGroup < ActiveRecord::Base
   include MasterModel
-  default_scope { order("user_groups.position") }
   has_many :profiles
 
   validates_numericality_of :valid_period_for_new_user,

data/app/models/user_import_file.rb

@@ -135,14 +135,17 @@ class UserImportFile < ActiveRecord::Base
 
       username = row['username']
       new_user = User.where(username: username).first
-      if new_user
-        new_user.assign_attributes(set_user_params(new_user, row), as: :admin)
-        if new_user.save
-          num[:user_updated] += 1
-          import_result.user = new_user
-          import_result.save!
-        else
-          num[:failed] += 1
+      if new_user.try(:profile)
+        new_user.assign_attributes(set_user_params(new_user, row))
+        new_user.profile.assign_attributes(set_profile_params(row))
+        Profile.transaction do
+          if new_user.save and new_user.profile.save
+            num[:user_updated] += 1
+            import_result.user = new_user
+            import_result.save!
+          else
+            num[:failed] += 1
+          end
         end
       else
         num[:user_not_found] += 1
@@ -173,11 +176,11 @@ class UserImportFile < ActiveRecord::Base
     rows.each do |row|
       row_num += 1
       username = row['username'].to_s.strip
-      user = User.where(username: username).first
-      if user
+      remove_user = User.where(username: username).first
+      if remove_user.try(:deletable_by?, user)
         UserImportFile.transaction do
-          user.profile.destroy
-          user.destroy
+          remove_user.destroy
+          remove_user.profile.destroy
         end
       end
     end
@@ -263,9 +266,9 @@ class UserImportFile < ActiveRecord::Base
     end
     params[:required_role_id] = required_role.id if required_role
 
-    params[:user_number] = row['user_number']
-    params[:full_name] = row['full_name']
-    params[:full_name_transcription] = row['full_name_transcription']
+    params[:user_number] = row['user_number'] if row['user_number']
+    params[:full_name] = row['full_name'] if row['full_name']
+    params[:full_name_transcription] = row['full_name_transcription'] if row['full_name_transcription']
 
     if row['expired_at'].present?
       params[:expired_at] = Time.zone.parse(row['expired_at']).end_of_day
@@ -275,7 +278,7 @@ class UserImportFile < ActiveRecord::Base
       params[:keyword_list] = row['keyword_list'].split('//').join("\n")
     end
 
-    params[:note] = row['note']
+    params[:note] = row['note'] if row['note']
 
     if %w(t true).include?(row['locked'].to_s.downcase.strip)
       params[:locked] = true 

data/app/models/user_import_result.rb

@@ -1,5 +1,4 @@
 class UserImportResult < ActiveRecord::Base
-  default_scope { order('user_import_results.id') }
   scope :file_id, proc{ |file_id| where(user_import_file_id: file_id) }
   scope :failed, -> { where(user_id: nil) }
 

data/app/views/devise/passwords/new.html.erb

@@ -1,4 +1,4 @@
-<div id="content_detail" class="ui-corner-all">
+<div id="content_detail" class="ui-corner-all ui-widget-content">
 <h1 class="title"><%= t('user.forgot_your_password') %></h1>
 <div id="content_list">
 
@@ -15,6 +15,5 @@
 </div>
 </div>
 
-<div id="submenu" class="ui-corner-all">
-  <%= render :partial => "devise/shared/links" %>
+<div id="submenu" class="ui-corner-all ui-widget-content">
 </div>

data/app/views/devise/registrations/edit.html.erb

@@ -1,19 +1,19 @@
 <div id="content_detail" class="ui-corner-all ui-widget-content">
-<h2 class="title"><%= t('page.password') %></h2>
+<h2 class="title"><%= t('activerecord.models.registration') %></h2>
 <div id="content_list">
 
 <%= form_for(resource, :as => resource_name, :url => user_registration_path, :html => { :method => :put }) do |f| %>
   <%= devise_error_messages! %>
 
+  <p><%= f.label :current_password %>
+  <p><%= f.password_field :current_password %></p>
+
   <p><%= f.label :password %>
   <p><%= f.password_field :password %></p>
 
   <p><%= f.label :password_confirmation %></p>
   <p><%= f.password_field :password_confirmation %></p>
 
-  <p><%= f.label :current_password %>
-  <p><%= f.password_field :current_password %></p>
-
   <p><%= f.submit t('page.update') %></p>
 <% end %>
 

data/app/views/my_accounts/edit.html.erb

@@ -27,6 +27,6 @@
     <% if current_user.has_role?('Librarian') %>
       <li><%= link_to t('page.listing', model: t('activerecord.models.user')), profiles_path -%></li>
     <% end %>
-    <li><%= link_to t('page.password'), edit_user_registration_path -%></li>
+    <li><%= link_to t('activerecord.models.registration'), edit_user_registration_path -%></li>
   </ul>
 </div>

data/app/views/my_accounts/show.html.erb

@@ -35,7 +35,7 @@
   <% end %>
   <ul>
     <li><%= link_to t('page.edit'), edit_my_account_path -%></li>
-    <li><%= link_to t('page.password'), edit_user_registration_path -%></li>
+    <li><%= link_to t('activerecord.models.registration'), edit_user_registration_path -%></li>
     <%- if can? :destroy, current_user -%>
       <li><%= link_to t('page.destroy'), curent_user, data: {confirm: t('page.are_you_sure')}, method: :delete -%></li>
     <%- end -%>

data/app/views/profiles/_edit_credential.html.erb

@@ -34,9 +34,9 @@
       <%= user_form.label t('activerecord.models.role') -%><br />
       <%= user_form.fields_for :user_has_role do |u| %>
         <%- if current_user.has_role?('Administrator') and current_user != profile.user -%>
-          <%= u.select :role_id, @roles.collect{|r| [r.display_name.localize, r.id]} %>
+          <%= u.select :role_id, @roles.select{|r| r.name != 'Guest' }.collect{|r| [r.display_name.localize, r.id]} %>
         <% else %>
-          <%= u.select(:role_id, @roles.collect{|r| [r.display_name.localize, r.id]}, {}, {disabled: 'disabled'}) -%>
+          <%= u.select :role_id, @roles.select{|r| r.name != 'Guest' }.collect{|r| [r.display_name.localize, r.id]}, {}, {disabled: 'disabled'} %>
         <% end %>
       <% end %>
     </div>

data/app/views/profiles/edit.html.erb

@@ -26,10 +26,8 @@
   <ul>
     <li><%= link_to t('page.show'), @profile -%></li>
     <li><%= link_to t('page.listing', model: t('activerecord.models.profile')), profiles_path -%></li>
-    <%- if current_user.has_role?('Librarian') -%>
-      <%- unless current_user == @profile.user -%>
-        <li><%= link_to t('page.destroy'), @profile, data: {confirm: t('page.are_you_sure')}, method: :delete -%></li>
-      <%- end -%>
+    <%- if can? :destroy, @profile -%>
+      <li><%= link_to t('page.destroy'), @profile, data: {confirm: t('page.are_you_sure')}, method: :delete -%></li>
     <%- end -%>
   </ul>
 </div>

data/app/views/profiles/index.html.erb

@@ -44,7 +44,7 @@
     <td><%= l(profile.created_at) -%></td>
     <td>
       <%= link_to t('page.show'), profile -%>
-      <%= link_to t('page.edit'), edit_profile_path(profile) -%>
+      <%= link_to t('page.edit'), edit_profile_path(profile) if can?(:edit, profile) -%>
     </td>
   </tr>
 <%- end -%>

data/app/views/user_export_files/_form.html.erb

@@ -2,16 +2,6 @@
   <%= f.error_messages %>
 
   <%= f.hidden_field :mode, value: 'export' if @user_export_file.new_record? %><br>
-  <!--
-  <div class="field">
-    <%= f.label :user_id %><br>
-    <%= @user_export_file.user.username %>
-  </div>
-  <div class="field">
-    <%= f.label :user_export %><br>
-    <%= f.text_field :user_export %>
-  </div>
-  -->
   <div class="actions">
     <% if @user_export_file.new_record? %>
       <%= f.submit t('page.export') %>

data/config/locales/en.yml

@@ -105,7 +105,7 @@ en:
       empty: can't be empty
       equal_to: must be equal to %{count}
       even: must be even
-      exclusion: is reserved
+      exclusion: ': This %{attribute} is not allowed'
       greater_than: must be greater than %{count}
       greater_than_or_equal_to: must be greater than or equal to %{count}
       inclusion: is not included in the list

data/config/locales/ja.yml

@@ -105,7 +105,7 @@ ja:
       empty: を入力してください。
       equal_to: は%{count}にしてください。
       even: は偶数にしてください。
-      exclusion: は予約されています。
+      exclusion: ': この%{attribute}は使用できません。'
       greater_than: は%{count}より大きい値にしてください。
       greater_than_or_equal_to: は%{count}以上の値にしてください。
       inclusion: は一覧にありません。

data/config/locales/translation_en.yml

@@ -9,6 +9,7 @@ en:
       user_import_result: User import result
       profile: Profile
       user_export_file: User export
+      registration: Change password
 
     attributes:
       user:
@@ -42,6 +43,7 @@ en:
         locale: Locale
         password_confirmation: Password confirmation
         auto_generated_password: Set auto-generated password
+        friendly_id: Username
       role:
         name: Name
         display_name: Display name
@@ -391,12 +393,6 @@ en:
   picture_file:
     invalid_file: Invalid file. You can upload gif, jpeg, png and svg files.
     all_picture: All pictures
-  accept:
-    item_not_found: "Item not found."
-    enter_item_identifier: "Enter item identifier."
-    already_accepted: "This item is already accepted."
-    accept: "Accept!"
-    successfully_accepted: "This items was successfully accepted."
   user_import_file:
     default_user_group: If "user_group" column is not set in the TSV file, this user group is set to the new user.
     default_library: If "library" column is not set in the TSV file, this library is set to the new user.

data/config/locales/translation_ja.yml

@@ -9,6 +9,7 @@ ja:
       user_import_result: 利用者インポートの結果
       profile: 利用者
       user_export_file: 利用者情報のエクスポート
+      registration: パスワード変更
 
     attributes:
       user:
@@ -42,6 +43,7 @@ ja:
         locale: 言語
         password_confirmation: パスワード（確認）
         auto_generated_password: パスワードの自動生成
+        friendly_id: ユーザ名
       role:
         name: 名前
         display_name: 表示名
@@ -373,12 +375,6 @@ ja:
   picture_file:
     invalid_file: 無効なファイルです。アップロードできるのはgif, jpeg, png, svg形式のファイルです。
     all_picture: すべての画像
-  accept:
-    item_not_found: "資料が見つかりません。"
-    enter_item_identifier: "所蔵情報番号を入力してください。"
-    already_accepted: "この資料はすでに検収されています。"
-    accept: "検収"
-    successfully_accepted: "この資料は正常に検収されました。"
   user_import_file:
     default_user_group: TSVファイルで"user_group"列が指定されていない場合、この利用者グループが登録されます。
     default_library: TSVファイルで"library"列が指定されていない場合、この図書館が登録されます。

data/lib/enju_leaf/user.rb

@@ -170,7 +170,7 @@ module EnjuLeaf
       end
 
       def check_expiration
-        return if self.has_role?('Administrator')
+        return if has_role?('Administrator')
         if expired_at
           if expired_at.beginning_of_day < Time.zone.now.beginning_of_day
             lock_access! if active_for_authentication?
@@ -179,8 +179,10 @@ module EnjuLeaf
       end
 
       def check_role_before_destroy
-        if self.has_role?('Administrator')
-          raise 'This is the last administrator in this system.' if Role.where(name: 'Administrator').first.users.size == 1
+        if has_role?('Administrator')
+          if Role.where(name: 'Administrator').first.users.count == 1
+            raise username + 'This is the last administrator in this system.'
+          end
         end
       end
 
@@ -197,21 +199,22 @@ module EnjuLeaf
       end
 
       def is_admin?
-        true if self.has_role?('Administrator')
+        true if has_role?('Administrator')
       end
 
       def last_librarian?
-        if self.has_role?('Librarian')
+        if has_role?('Librarian')
           role = Role.where(name: 'Librarian').first
           true if role.users.size == 1
         end
       end
 
       def send_confirmation_instructions
-        Devise::Mailer.confirmation_instructions(self).deliver if self.email.present?
+        Devise::Mailer.confirmation_instructions(self).deliver if email.present?
       end
 
       def deletable_by?(current_user)
+        return nil unless current_user
         if defined?(EnjuCirculation)
           # 未返却の資料のあるユーザを削除しようとした
           if checkouts.count > 0
@@ -232,7 +235,7 @@ module EnjuLeaf
 
         # 最後の管理者を削除しようとした
         if has_role?('Administrator')
-          if Role.where(name: 'Administrator').first.users.size == 1
+          if Role.where(name: 'Administrator').first.users.count == 1
             errors[:base] << I18n.t('user.last_administrator')
           end
         end

data/lib/enju_leaf/version.rb

@@ -1,3 +1,3 @@
 module EnjuLeaf
-  VERSION = "1.1.0.rc19"
+  VERSION = "1.1.0.rc20"
 end

data/spec/controllers/profiles_controller_spec.rb

@@ -75,6 +75,17 @@ describe ProfilesController do
         get :show, id: profiles(:librarian1).id
         assigns(:profile).should eq(profiles(:librarian1))
       end
+      it "should not assign the requested user as @admin" do
+        admin = FactoryGirl.create(:admin_profile)
+        get :show, id: admin.id
+        response.should be_forbidden
+      end
+      it "should assign the requested user as @librarian" do
+        librarian = FactoryGirl.create(:librarian_profile)
+        get :show, id: librarian.id
+        response.should_not be_forbidden
+        assigns(:profile).should eq librarian
+      end
     end
 
     describe "When logged in as User" do
@@ -93,7 +104,7 @@ describe ProfilesController do
       it "should show other user's account" do
         get :show, id: profiles(:admin).id
         assigns(:profile).should eq(profiles(:admin))
-        response.should be_success
+        response.should be_forbidden
       end
     end
 
@@ -163,6 +174,29 @@ describe ProfilesController do
         get :edit, id: profile.id
         assigns(:profile).should eq(profile)
       end
+      it "should not get edit page for admin required user" do
+        admin = FactoryGirl.create(:admin_profile)
+        get :edit, id: admin.id
+        response.should be_forbidden
+        #assigns(:profile).should_not eq(admin)
+      end
+      it "should get edit page for other librarian user" do
+        librarian = FactoryGirl.create(:librarian_profile)
+        get :edit, id: librarian.id
+        response.should_not be_forbidden
+        assigns(:profile).should eq librarian
+      end
+      it "should get edit page for other librarian user" do
+        admin = FactoryGirl.create(:admin_profile, required_role_id: Role.where(name: 'Librarian').first.id)
+        get :edit, id: admin.id
+        response.should be_forbidden
+        assigns(:profile).should eq admin
+      end
+      it "should not be able to delete other librarian user" do
+        librarian = FactoryGirl.create(:librarian_profile)
+        ability = EnjuLeaf::Ability.new(@user, "0.0.0.0")
+        ability.should_not be_able_to( :destroy, librarian )
+      end
     end
 
     describe "When logged in as User" do
@@ -355,6 +389,11 @@ describe ProfilesController do
         response.should redirect_to profile_url(assigns(:profile))
       end
 
+      it "should not update other admin" do
+        put :update, id: profiles(:admin).id, profile: {:user_number => '00003', :locale => 'en', :user_group_id => 3, :library_id => 3, :note => 'test'}
+        response.should be_forbidden
+      end
+
       it "should update other user's user_group" do
         put :update, id: profiles(:user1).id, profile: {:user_group_id => 3, :library_id => 3, :locale => 'en'}
         response.should redirect_to profile_url(assigns(:profile))
@@ -475,6 +514,7 @@ describe ProfilesController do
 
       it "destroys the requested user" do
         delete :destroy, id: profiles(:user2).id
+        response.should redirect_to(profiles_url)
       end
 
       it "redirects to the profiles list" do

data/spec/controllers/roles_controller_spec.rb

@@ -9,7 +9,7 @@ describe RolesController do
 
       it "assigns all roles as @roles" do
         get :index
-        expect(assigns(:roles)).to eq(Role.all)
+        expect(assigns(:roles)).to eq(Role.order(:position))
       end
     end
 
@@ -18,7 +18,7 @@ describe RolesController do
 
       it "assigns all roles as @roles" do
         get :index
-        expect(assigns(:roles)).to eq(Role.all)
+        expect(assigns(:roles)).to eq(Role.order(:position))
       end
     end
 
@@ -27,14 +27,14 @@ describe RolesController do
 
       it "assigns all roles as @roles" do
         get :index
-        expect(assigns(:roles)).to be_empty
+        expect(assigns(:roles)).to be_nil
       end
     end
 
     describe "When not logged in" do
       it "assigns all roles as @roles" do
         get :index
-        expect(assigns(:roles)).to be_empty
+        expect(assigns(:roles)).to be_nil
       end
     end
   end