erp_tech_svcs 3.0.10 → 3.0.11

data/app/models/attribute_type.rb

@@ -1,7 +1,7 @@
 class AttributeType < ActiveRecord::Base
   has_many :attribute_values, :dependent => :destroy
 
-  validates_uniqueness_of :internal_identifier
+  validates_uniqueness_of :internal_identifier, :case_sensitive => false
   validates :description, :presence => true
 
   before_save :update_iid

data/app/models/capability.rb

@@ -1,8 +1,60 @@
 class Capability < ActiveRecord::Base
-  has_roles
 
+  belongs_to :scope_type
   belongs_to :capability_type
-  has_and_belongs_to_many :capable_models
+  belongs_to :capability_resource, :polymorphic => true
+  has_many :capability_accessors, :dependent => :destroy
 
   alias :type :capability_type
+
+  after_create :update_description
+
+  def update_description
+    if description.blank?
+      desc = "#{capability_type.description} #{capability_resource_type}"
+      case scope_type 
+      when ScopeType.find_by_internal_identifier('class')
+        self.description = "#{desc}"
+      when ScopeType.find_by_internal_identifier('instance')
+        self.description = "#{desc} Instance"
+      when ScopeType.find_by_internal_identifier('query')
+        self.description = "#{desc} Scope"
+      end
+      self.save
+    end
+  end
+
+  def roles_not
+    SecurityRole.joins("LEFT JOIN capability_accessors ON capability_accessors.capability_id = #{self.id}
+                        AND capability_accessors.capability_accessor_record_type = 'SecurityRole' 
+                        AND capability_accessors.capability_accessor_record_id = security_roles.id").
+                where("capability_accessors.id IS NULL")
+  end
+
+  def roles
+    SecurityRole.joins(:capability_accessors).where(:capability_accessors => {:capability_id => self.id })
+  end
+
+  def users_not
+    User.joins("LEFT JOIN capability_accessors ON capability_accessors.capability_id = #{self.id}
+                        AND capability_accessors.capability_accessor_record_type = 'User' 
+                        AND capability_accessors.capability_accessor_record_id = users.id").
+        where("capability_accessors.id IS NULL")
+  end
+
+  def users
+    User.joins(:capability_accessors).where(:capability_accessors => {:capability_id => self.id })
+  end
+
+  def groups_not
+    Group.joins("LEFT JOIN capability_accessors ON capability_accessors.capability_id = #{self.id}
+                        AND capability_accessors.capability_accessor_record_type = 'Group' 
+                        AND capability_accessors.capability_accessor_record_id = groups.id").
+          where("capability_accessors.id IS NULL")
+  end
+
+  def groups
+    Group.joins(:capability_accessors).where(:capability_accessors => {:capability_id => self.id })
+  end
+
 end

data/app/models/capability_accessor.rb

@@ -0,0 +1,4 @@
+class CapabilityAccessor < ActiveRecord::Base
+  belongs_to :capability_accessor_record, :polymorphic => true
+  belongs_to :capability
+end

data/app/models/extensions/party.rb

@@ -1,3 +1,4 @@
 Party.class_eval do
+  has_security_roles
   has_one :user, :dependent => :destroy
 end

data/app/models/file_asset.rb

@@ -43,7 +43,7 @@ class FileAsset < ActiveRecord::Base
   belongs_to :file_asset_holder, :polymorphic => true
   instantiates_with_sti
 
-  has_capabilities
+  protected_with_capabilities
   
   #paperclip
   has_attached_file :data,
@@ -64,7 +64,7 @@ class FileAsset < ActiveRecord::Base
   validates_attachment_size :data, :less_than => ErpTechSvcs::Config.max_file_size_in_mb.megabytes
 
   validates :name, :presence => {:message => 'Name can not be blank'}
-  validates_uniqueness_of :name, :scope => [:directory]
+  validates_uniqueness_of :name, :scope => [:directory], :case_sensitive => false
   validates_each :directory, :name do |record, attr, value|
     record.errors.add attr, 'may not contain consequtive dots' if value =~ /\.\./
   end
@@ -108,7 +108,7 @@ class FileAsset < ActiveRecord::Base
     end
   end
 
-  def initialize(attributes = {}, options)
+  def initialize(attributes = {}, options={})
     attributes ||= {}
 
     base_path = attributes.delete(:base_path)
@@ -127,6 +127,10 @@ class FileAsset < ActiveRecord::Base
     super attributes.merge(:directory => directory, :name => name, :data => data)
   end
 
+  def is_secured?
+    self.protected_with_capability?('download')
+  end
+
   # compass file download url
   def url
     "/download/#{self.name}?#{self.directory}"
@@ -139,7 +143,7 @@ class FileAsset < ActiveRecord::Base
     if ErpTechSvcs::Config.file_storage == :s3
       file_path = File.join(self.directory,self.name).sub(%r{^/},'')
       options = {}
-      options[:expires] = ErpTechSvcs::Config.s3_url_expires_in_seconds if self.has_capabilities?
+      options[:expires] = ErpTechSvcs::Config.s3_url_expires_in_seconds if self.is_secured?
       return file_support.bucket.objects[file_path].url_for(:read, options).to_s
     else
       return File.join(Rails.root, self.directory, self.name)
@@ -187,7 +191,7 @@ class FileAsset < ActiveRecord::Base
 
   def get_contents
     file_support = ErpTechSvcs::FileSupport::Base.new(:storage => ErpTechSvcs::Config.file_storage)
-    file_support.get_contents(File.join(self.directory,self.data_file_name))
+    file_support.get_contents(File.join(file_support.root, self.directory, self.data_file_name))
   end
 
   def move(new_parent_path)
@@ -256,6 +260,12 @@ class HtmlFile < TextFile
   self.valid_extensions = %w(.html .HTML)
 end
 
+class XmlFile < TextFile
+  self.file_type = :xml
+  self.content_type = 'text/plain'
+  self.valid_extensions = %w(.xml .XML)
+end
+
 class Pdf < TextFile
   self.file_type = :pdf
   self.content_type = 'application/pdf'

data/app/models/group.rb

@@ -0,0 +1,149 @@
+# Security Group
+class Group < ActiveRecord::Base
+  has_capability_accessors
+
+  after_create  :create_party
+  after_save    :save_party
+  after_destroy :destroy_party_relationships, :destroy_party
+  
+  has_one :party, :as => :business_party
+
+  validates_uniqueness_of :description, :case_sensitive => false
+
+  def self.add(description)
+    Group.create(:description => description)
+  end
+
+  # roles this group does NOT have
+  def roles_not
+    party.roles_not
+  end
+
+  # roles this group has
+  def roles
+    party.security_roles
+  end
+
+  def has_role?(role)
+    role = role.is_a?(SecurityRole) ? role : SecurityRole.find_by_internal_identifier(role.to_s)
+    all_roles.include?(role)
+  end
+
+  def add_role(role)
+    party.add_role(role)
+  end
+
+  def remove_role(role)
+    party.remove_role(role)
+  end
+
+  def remove_all_roles
+    party.remove_all_roles
+  end
+
+  def create_party
+    pty = Party.new
+    pty.description = self.description
+    pty.business_party = self
+    
+    pty.save
+    self.save
+  end
+    
+  def save_party
+    self.party.description = self.description
+    self.party.save
+  end
+
+  def destroy_party
+    if self.party
+      self.party.destroy
+    end
+  end
+ 
+  def destroy_party_relationships
+    party_relationships.destroy_all
+  end
+
+  # group lives on TO side of relationship
+  def party_relationships
+    PartyRelationship.where(:party_id_to => self.party.id)
+  end
+
+  def join_party_relationships
+    role_type = RoleType.find_by_internal_identifier('group')
+    "party_relationships ON party_id_to = #{self.party.id} AND party_id_from = parties.id AND role_type_id_to=#{role_type.id}"
+  end
+
+  def members
+    Party.joins("JOIN #{join_party_relationships}")
+  end
+  
+  # get users in this group
+  def users
+    User.joins(:party).joins("JOIN #{join_party_relationships}")
+  end
+
+  # get users not in this group
+  def users_not
+    User.joins(:party).joins("LEFT JOIN #{join_party_relationships}").where("party_relationships.id IS NULL")
+  end
+
+  # add user to group
+  def add_user(user)
+    add_party(user.party)
+  end
+
+  # remove user from group
+  def remove_user(user)
+    remove_party(user.party)
+  end
+
+  def get_relationship(a_party)
+    role_type = RoleType.find_by_internal_identifier('group')
+    PartyRelationship.where(:party_id_to => self.party.id, :party_id_from => a_party.id, :role_type_id_to => role_type.id)
+  end
+
+  # add party to group
+  # group lives on TO side of relationship
+  def add_party(a_party)
+    # check and see if party is already a member of this group
+    rel = get_relationship(a_party).first
+    unless rel.nil?
+      # if so, return relationship
+      return rel 
+    else
+      # if not then build party_relationship
+      rt = RelationshipType.find_by_internal_identifier('group_membership')
+      pr = PartyRelationship.new
+      pr.description = rt.description
+      pr.relationship_type = rt
+      pr.from_role = RoleType.find_by_internal_identifier('group_member')
+      pr.to_role = RoleType.find_by_internal_identifier('group')
+      pr.from_party = a_party
+      pr.to_party = self.party
+      pr.save
+      return pr
+    end
+  end
+
+  # remove party from group
+  # group lives on TO side of relationship
+  def remove_party(a_party)
+    begin
+      get_relationship(a_party).first.destroy
+    rescue Exception => e
+      Rails.logger.error e.message
+      return nil
+    end
+  end
+
+  def class_capabilities_to_hash
+    class_capabilities.map {|capability| 
+      { :capability_type_iid => capability.capability_type.internal_identifier, 
+        :capability_resource_type => capability.capability_resource_type 
+      }
+    }.compact
+  end
+
+end

data/app/models/scope_type.rb

@@ -0,0 +1,5 @@
+class ScopeType < ActiveRecord::Base
+
+  has_many :capabilities
+
+end

data/app/models/security_role.rb

@@ -0,0 +1,46 @@
+class SecurityRole < ActiveRecord::Base
+  acts_as_erp_type
+  has_capability_accessors
+  has_and_belongs_to_many :parties
+
+  validates :description, :presence => {:message => 'Description cannot be blank'}
+  validates :internal_identifier, :presence => {:message => 'Internal identifier cannot be blank'}
+  validates_uniqueness_of :internal_identifier, :case_sensitive => false
+  validates_length_of     :internal_identifier, :within => 3..100
+
+	def to_xml(options = {})
+		default_only = []
+  	options[:only] = (options[:only] || []) + default_only
+  	super(options)
+  end
+
+  # creating method because we only want a getter, not a setter for iid
+  def iid
+    self.internal_identifier
+  end
+
+  def join_parties_security_roles
+    "parties_security_roles ON parties_security_roles.party_id=parties.id AND parties_security_roles.security_role_id=#{self.id}"
+  end
+
+  # users with this role
+  def users
+    User.joins(:party).joins("JOIN #{join_parties_security_roles}")
+  end
+
+  # users without this role
+  def users_not
+    User.joins(:party).joins("LEFT JOIN #{join_parties_security_roles}").where("parties_security_roles.security_role_id IS NULL")
+  end
+
+  # groups with this role
+  def groups
+    Group.joins(:party).joins("JOIN #{join_parties_security_roles}")
+  end
+
+  # groups without this role
+  def groups_not
+    Group.joins(:party).joins("LEFT JOIN #{join_parties_security_roles}").where("parties_security_roles.security_role_id IS NULL")
+  end
+
+end

data/app/models/user.rb

@@ -1,26 +1,25 @@
 class User < ActiveRecord::Base
+  include ErpTechSvcs::Utils::CompassAccessNegotiator
   include ActiveModel::Validations
 
   attr_accessor :password_validator
 
-  has_roles
-  include ErpTechSvcs::Utils::CompassAccessNegotiator
-
   belongs_to :party
 
   attr_accessible :email, :password, :password_confirmation
   authenticates_with_sorcery!
+  has_capability_accessors
 
   #password validations
   validates_confirmation_of :password, :message => "should match confirmation", :if => :password
   validates :password, :presence => true, :password_strength => true, :if => :password
 
   #email validations
-  validates :email, :presence => {:message => 'Email cannot be blank'}, :uniqueness => true
+  validates :email, :presence => {:message => 'Email cannot be blank'}, :uniqueness => {:case_sensitive => false}
   validates_format_of :email, :with => /\b[A-Z0-9._%a-z\-]+@(?:[A-Z0-9a-z\-]+\.)+[A-Za-z]{2,4}\z/
 
   #username validations
-  validates :username, :presence => {:message => 'Username cannot be blank'}, :uniqueness => true
+  validates :username, :presence => {:message => 'Username cannot be blank'}, :uniqueness => {:case_sensitive => false}
 
   #these two methods allow us to assign instance level attributes that are not persisted.  These are used for mailers
   def instance_attributes
@@ -32,4 +31,99 @@ class User < ActiveRecord::Base
     @instance_attrs[k] = v
   end
 
+  # roles this user does NOT have
+  def roles_not
+    party.roles_not
+  end
+
+  # roles this user has
+  def roles
+    party.security_roles
+  end
+
+  def has_role?(role)
+    role = role.is_a?(SecurityRole) ? role : SecurityRole.find_by_internal_identifier(role.to_s)
+    all_roles.include?(role)
+  end
+
+  def add_role(role)
+    party.add_role(role)
+  end
+
+  def remove_role(role)
+    party.remove_role(role)
+  end
+
+  def remove_all_roles
+    party.remove_all_roles
+  end
+
+  # user lives on FROM side of relationship
+  def group_relationships
+    role_type = RoleType.find_by_internal_identifier('group_member')
+    PartyRelationship.where(:party_id_from => self.party.id, :role_type_id_from => role_type.id)
+  end
+
+  def join_party_relationships
+    role_type = RoleType.find_by_internal_identifier('group_member')
+    "party_relationships ON party_id_from = #{self.party.id} AND party_id_to = parties.id AND role_type_id_from=#{role_type.id}"
+  end
+
+  # party records for the groups this user belongs to
+  def group_parties
+    Party.joins("JOIN #{join_party_relationships}")
+  end
+
+  # groups this user belongs to
+  def groups
+    Group.joins(:party).joins("JOIN #{join_party_relationships}")
+  end
+
+  # groups this user does NOT belong to
+  def groups_not
+    Group.joins(:party).joins("LEFT JOIN #{join_party_relationships}").where("party_relationships.id IS NULL")
+  end
+
+  # roles assigned to the groups this user belongs to
+  def group_roles
+    groups.collect{|g| g.roles }.flatten.uniq
+  end
+
+  # composite roles for this user
+  def all_roles
+    (group_roles + roles).uniq
+  end
+
+  def group_capabilities
+    groups.collect{|r| r.capabilities }.flatten.uniq.compact
+  end
+
+  def role_capabilities
+    all_roles.collect{|r| r.capabilities }.flatten.compact
+  end
+
+  def all_capabilities
+    (role_capabilities + group_capabilities + capabilities).uniq
+  end
+
+  def group_class_capabilities
+    groups.collect{|g| g.class_capabilities }.flatten.uniq.compact
+  end
+
+  def role_class_capabilities
+    all_roles.collect{|r| r.class_capabilities }.flatten.uniq.compact
+  end
+
+  def all_class_capabilities
+    (role_class_capabilities + group_class_capabilities + class_capabilities).uniq
+  end
+
+  def class_capabilities_to_hash
+    all_class_capabilities.map {|capability| 
+      { :capability_type_iid => capability.capability_type.internal_identifier, 
+        :capability_resource_type => capability.capability_resource_type 
+      }
+    }.compact
+  end
+
 end

data/db/data_migrations/20110109173616_create_capability_scope_types.rb

@@ -0,0 +1,14 @@
+class CreateCapabilityScopeTypes
+  
+  def self.up
+    CapabilityType.create(:internal_identifier => 'download', :description => 'Download') if CapabilityType.where("internal_identifier = 'download'").first.nil?
+
+    ScopeType.create(:description => 'Instance', :internal_identifier => 'instance') if ScopeType.where("internal_identifier = 'instance'").first.nil?
+    ScopeType.create(:description => 'Class', :internal_identifier => 'class') if ScopeType.where("internal_identifier = 'class'").first.nil?
+    ScopeType.create(:description => 'Query', :internal_identifier => 'query') if ScopeType.where("internal_identifier = 'query'").first.nil?
+  end
+  
+  def self.down
+  end
+
+end

data/db/data_migrations/20121116155018_create_group_relationship_and_role_types.rb

@@ -0,0 +1,19 @@
+class CreateGroupRelationshipAndRoleTypes
+  
+  def self.up
+    #insert data here
+    to_role = RoleType.create(:description => 'Security Group', :internal_identifier => 'group')
+    from_role = RoleType.create(:description => 'Security Group Member', :internal_identifier => 'group_member')
+    RelationshipType.create(:description => 'Security Group Membership', 
+                            :name => 'Group Membership', 
+                            :internal_identifier => 'group_membership',
+                            :valid_from_role => from_role,
+                            :valid_to_role => to_role
+                          )
+  end
+  
+  def self.down
+    #remove data here
+  end
+
+end

data/db/data_migrations/20121130212146_note_capabilities.rb

@@ -0,0 +1,23 @@
+class NoteCapabilities
+  
+  def self.up
+    #insert data here
+    admin = SecurityRole.find_by_internal_identifier('admin')
+    employee = SecurityRole.find_by_internal_identifier('employee')
+
+    admin.add_capability('create', 'Note')
+    admin.add_capability('delete', 'Note')
+    admin.add_capability('edit', 'Note')
+    admin.add_capability('view', 'Note')
+
+    employee.add_capability('create', 'Note')
+    employee.add_capability('delete', 'Note')
+    employee.add_capability('edit', 'Note')
+    employee.add_capability('view', 'Note')
+  end
+  
+  def self.down
+    #remove data here
+  end
+
+end

data/db/migrate/20080805000010_base_tech_services.rb

@@ -49,9 +49,16 @@ class BaseTechServices < ActiveRecord::Migration
     
     end
 
-    unless table_exists?(:roles)
+    unless table_exists?(:groups)
+      create_table :groups do |t|
+        t.column :description, :string
+        t.timestamps
+      end
+    end
+
+    unless table_exists?(:security_roles)
       # create the roles table
-      create_table :roles do |t|
+      create_table :security_roles do |t|
         t.column :description, :string
         t.column :internal_identifier, :string
         t.column :external_identifier, :string
@@ -139,26 +146,6 @@ class BaseTechServices < ActiveRecord::Migration
       end
     end
     
-    unless table_exists?(:secured_models)
-      create_table :secured_models do |t|
-        t.references :secured_record, :polymorphic => true
-        
-        t.timestamps
-      end
-      add_index :secured_models, [:secured_record_id, :secured_record_type], :name => 'secured_record_idx'
-    end
-
-    unless table_exists?(:roles_secured_models)
-      create_table :roles_secured_models, :id => false do |t|
-        t.references :secured_model
-        t.references :role
-
-        t.timestamps
-      end
-      add_index :roles_secured_models, :secured_model_id
-      add_index :roles_secured_models, :role_id
-    end
-
     unless table_exists?(:file_assets)
       create_table :file_assets do |t|
         t.references :file_asset_holder, :polymorphic => true
@@ -219,31 +206,57 @@ class BaseTechServices < ActiveRecord::Migration
     unless table_exists?(:capabilities)
       # create the roles table
       create_table :capabilities do |t|
-        t.string :resource
+        t.string :description
         t.references :capability_type
+        t.string :capability_resource_type
+        t.integer :capability_resource_id
+        t.integer :scope_type_id
+        t.text :scope_query  
         t.timestamps
       end
 
       add_index :capabilities, :capability_type_id
+      add_index :capabilities, :scope_type_id
+      add_index :capabilities, [:capability_resource_id, :capability_resource_type], :name => 'capability_resource_index'
     end
 
-    unless table_exists?(:capabilities_capable_models)
-      # create the roles table
-      create_table :capabilities_capable_models, :id => false do |t|
-        t.references :capable_model
-        t.references :capability
+    unless table_exists?(:capability_accessors)
+      create_table :capability_accessors do |t|
+        t.string :capability_accessor_record_type
+        t.integer :capability_accessor_record_id
+        t.integer :capability_id
+        t.timestamps
+      end
+
+      add_index :capability_accessors, :capability_id
+      add_index :capability_accessors, [:capability_accessor_record_id, :capability_accessor_record_type], :name => 'capability_accessor_record_index'
+    end
+
+    unless table_exists?(:scope_types)
+      create_table :scope_types do |t|
+        t.string :description
+        t.string :internal_identifier
         t.timestamps
       end
 
-      add_index :capabilities_capable_models, :capable_model_id
-      add_index :capabilities_capable_models, :capability_id
+      add_index :scope_types, :internal_identifier
+    end
+
+    unless table_exists?(:parties_security_roles)
+      create_table :parties_security_roles, :id => false do |t|
+        t.integer :party_id
+        t.integer :security_role_id
+      end
+
+      add_index :parties_security_roles, :party_id
+      add_index :parties_security_roles, :security_role_id
     end
 
   end
 
   def self.down
     # check that each table exists before trying to delete it.
-    [
+    [ :groups,
       :audit_logs, :sessions, :simple_captcha_data,
       :capable_models, :capability_types, :capabilities,:capabilities_capable_models,
       :roles_users, :roles, :audit_log_items, :audit_log_item_types,

data/db/migrate/20121116151510_create_groups.rb

@@ -0,0 +1,18 @@
+class CreateGroups < ActiveRecord::Migration
+  def self.up
+    unless table_exists?(:groups)
+      create_table :groups do |t|
+        t.column :description, :string
+        t.timestamps
+      end
+    end
+  end
+
+  def self.down
+    [ :groups ].each do |tbl|
+      if table_exists?(tbl)
+        drop_table tbl
+      end
+    end
+  end
+end