erp_tech_svcs 3.0.10 → 3.0.11

data/db/migrate/20121126171612_upgrade_security.rb

@@ -0,0 +1,53 @@
+class UpgradeSecurity < ActiveRecord::Migration
+
+  def self.up
+    unless table_exists?(:capability_accessors)
+      create_table :capability_accessors do |t|
+        t.string :capability_accessor_record_type
+        t.integer :capability_accessor_record_id
+        t.integer :capability_id
+        t.timestamps
+      end
+
+      add_index :capability_accessors, :capability_id
+      add_index :capability_accessors, [:capability_accessor_record_id, :capability_accessor_record_type], :name => 'capability_accessor_record_index'
+    end
+
+    unless columns(:capabilities).collect {|c| c.name}.include?('scope_query')
+      add_column :capabilities, :description, :string
+      add_column :capabilities, :capability_resource_type, :string
+      add_column :capabilities, :capability_resource_id, :integer
+      add_column :capabilities, :scope_type_id, :integer
+      add_column :capabilities, :scope_query, :text
+
+      add_index :capabilities, :scope_type_id
+      add_index :capabilities, [:capability_resource_id, :capability_resource_type], :name => 'capability_resource_index'
+    end
+
+    unless table_exists?(:scope_types)
+      create_table :scope_types do |t|
+        t.string :description
+        t.string :internal_identifier
+        t.timestamps
+      end
+
+      add_index :scope_types, :internal_identifier
+    end
+
+    unless table_exists?(:parties_security_roles)
+      create_table :parties_security_roles, :id => false do |t|
+        t.integer :party_id
+        t.integer :security_role_id
+      end
+
+      add_index :parties_security_roles, :party_id
+      add_index :parties_security_roles, :security_role_id
+    end
+
+    rename_table :roles, :security_roles unless table_exists?(:security_roles)
+
+  end
+
+  def self.down
+  end
+end

data/db/migrate/20121126173506_upgrade_security2.rb

@@ -0,0 +1,274 @@
+class UpgradeSecurity2 < ActiveRecord::Migration
+  def self.up
+    if table_exists?(:secured_models)
+      Website.all.each do |w|
+        old_role_iid = "website_#{w.name.underscore.gsub("'","").gsub(",","")}_access"
+
+        r = SecurityRole.find_by_internal_identifier(old_role_iid)
+        unless r.nil?
+          r.internal_identifier = w.website_role_iid
+          r.save      
+        end
+      end
+      instance = ScopeType.create(:description => 'Instance', :internal_identifier => 'instance')
+      class_scope_type = ScopeType.create(:description => 'Class', :internal_identifier => 'class')
+      ScopeType.create(:description => 'Query', :internal_identifier => 'query')
+
+      execute('BEGIN TRANSACTION') 
+      puts "populating parties_security_roles"
+      sql = 
+        "INSERT INTO parties_security_roles (
+          party_id,
+          security_role_id
+        )
+        SELECT
+          u.party_id AS party_id,
+          rsm.role_id AS security_role_id
+        FROM secured_models sm 
+        JOIN roles_secured_models rsm ON sm.id=rsm.secured_model_id
+        JOIN users u ON sm.secured_record_id=u.id
+        WHERE sm.secured_record_type='User'"
+        
+      execute(sql)
+      execute('COMMIT')
+
+      execute('BEGIN TRANSACTION') 
+      puts "populating capabilities with secure File Assets"
+      sql = 
+        "INSERT INTO capabilities (
+          capability_type_id,
+          capability_resource_type,
+          capability_resource_id,
+          scope_type_id
+        )
+        SELECT
+          c.capability_type_id AS capability_type_id,
+          'FileAsset' AS capability_resource_type,
+          cm.capable_model_record_id AS capability_resource_id,
+          #{instance.id} AS scope_type_id
+        FROM capable_models AS cm
+        JOIN capabilities_capable_models AS ccm ON ccm.capable_model_id = cm.id
+        JOIN capabilities AS c ON ccm.capability_id = c.id
+        JOIN secured_models AS sm ON sm.secured_record_id = c.id AND sm.secured_record_type = 'Capability'
+        JOIN roles_secured_models AS rsm ON rsm.secured_model_id = sm.id
+        JOIN security_roles AS r ON r.id = rsm.role_id
+        WHERE cm.capable_model_record_type = 'FileAsset'"
+        
+      execute(sql)
+      execute('COMMIT')
+
+      view = CapabilityType.find_by_internal_identifier('view')
+
+      execute('BEGIN TRANSACTION') 
+      puts "populating capabilities with secure Website Sections"
+      sql = 
+        "INSERT INTO capabilities (
+          capability_type_id,
+          capability_resource_type,
+          capability_resource_id,
+          scope_type_id
+        )
+        SELECT
+          #{view.id} AS capability_type_id,
+          'WebsiteSection' AS capability_resource_type,
+          ws.id AS capability_resource_id,
+          #{instance.id} AS scope_type_id
+        FROM secured_models sm 
+        JOIN roles_secured_models rsm ON sm.id=rsm.secured_model_id
+        JOIN website_sections ws ON sm.secured_record_id=ws.id
+        WHERE sm.secured_record_type='WebsiteSection'"
+        
+      execute(sql)
+      execute('COMMIT')
+
+      execute('BEGIN TRANSACTION') 
+      puts "populating capabilities with secure Website Nav Items"
+      sql = 
+        "INSERT INTO capabilities (
+          capability_type_id,
+          capability_resource_type,
+          capability_resource_id,
+          scope_type_id
+        )
+        SELECT
+          #{view.id} AS capability_type_id,
+          'WebsiteNavItem' AS capability_resource_type,
+          ws.id AS capability_resource_id,
+          #{instance.id} AS scope_type_id
+        FROM secured_models sm 
+        JOIN roles_secured_models rsm ON sm.id=rsm.secured_model_id
+        JOIN website_sections ws ON sm.secured_record_id=ws.id
+        WHERE sm.secured_record_type='WebsiteNavItem'"
+        
+      execute(sql)
+      execute('COMMIT')
+
+      # delete obsolete records: Application, Widget, dupes?
+      Capability.where("capability_resource_type IS NULL").delete_all
+
+      admin = SecurityRole.find_by_internal_identifier('admin')
+      website_author = SecurityRole.find_by_internal_identifier('website_author')
+      layout_author = SecurityRole.find_by_internal_identifier('layout_author')
+      content_author = SecurityRole.find_by_internal_identifier('content_author')
+      designer = SecurityRole.find_by_internal_identifier('designer')
+      publisher = SecurityRole.find_by_internal_identifier('publisher')
+
+      # add instance capabilities to roles
+      instance_capabilities = Capability.where(:scope_type_id => instance.id).all
+      instance_capabilities.each do |c|
+        case c.capability_resource_type
+        when 'FileAsset'
+          admin.add_capability(c)
+          website_author.add_capability(c)
+          content_author.add_capability(c)
+          if c.capability_resource.file_asset_holder_type == 'Website'
+            website_role = c.capability_resource.file_asset_holder.role
+            website_role.add_capability(c)
+          end
+        when 'WebsiteSection'
+          admin.add_capability(c)
+          website_author.add_capability(c)
+          website_role = c.capability_resource.website.role
+          website_role.add_capability(c)
+        when 'WebsiteNavItem'
+          admin.add_capability(c)
+          website_author.add_capability(c)
+          website_role = c.capability_resource.website_nav.website.role
+          website_role.add_capability(c)
+        end
+      end
+
+      # adding user mgmt capabilities to admin role
+      admin.add_capability('create', 'User')
+      admin.add_capability('delete', 'User')
+      admin.add_capability('edit', 'User')
+
+      # add knitkit class capabilities to roles
+      admin.add_capability('create', 'WebsiteNav')
+      admin.add_capability('delete', 'WebsiteNav')
+      admin.add_capability('edit', 'WebsiteNav')
+
+      website_author.add_capability('create', 'WebsiteNav')
+      website_author.add_capability('delete', 'WebsiteNav')
+      website_author.add_capability('edit', 'WebsiteNav')
+
+      admin.add_capability('create', 'Website')
+      admin.add_capability('delete', 'Website')
+      admin.add_capability('edit', 'Website')
+      admin.add_capability('import', 'Website')
+      admin.add_capability('publish', 'Website')
+      admin.add_capability('activate', 'Website')
+
+      website_author.add_capability('create', 'Website')
+      website_author.add_capability('delete', 'Website')
+      website_author.add_capability('edit', 'Website')
+      website_author.add_capability('import', 'Website')
+      publisher.add_capability('publish', 'Website')
+      publisher.add_capability('activate', 'Website')
+
+      admin.add_capability('create', 'WebsiteHost')
+      admin.add_capability('delete', 'WebsiteHost')
+      admin.add_capability('edit', 'WebsiteHost')
+
+      website_author.add_capability('create', 'WebsiteHost')
+      website_author.add_capability('delete', 'WebsiteHost')
+      website_author.add_capability('edit', 'WebsiteHost')
+
+      admin.add_capability('create', 'WebsiteSection')
+      admin.add_capability('delete', 'WebsiteSection')
+      admin.add_capability('edit', 'WebsiteSection')
+      admin.add_capability('secure', 'WebsiteSection')
+      admin.add_capability('unsecure', 'WebsiteSection')
+
+      website_author.add_capability('create', 'WebsiteSection')
+      website_author.add_capability('delete', 'WebsiteSection')
+      website_author.add_capability('edit', 'WebsiteSection')
+      website_author.add_capability('secure', 'WebsiteSection')
+      website_author.add_capability('unsecure', 'WebsiteSection')
+
+      admin.add_capability('create', 'WebsiteSectionLayout')
+      admin.add_capability('edit', 'WebsiteSectionLayout')
+
+      layout_author.add_capability('create', 'WebsiteSectionLayout')
+      layout_author.add_capability('edit', 'WebsiteSectionLayout')
+
+      admin.add_capability('create', 'Content')
+      admin.add_capability('delete', 'Content')
+      admin.add_capability('edit', 'Content')
+      admin.add_capability('publish', 'Content')
+      admin.add_capability('revert_version', 'Content')
+      admin.add_capability('add_existing', 'Content')
+      admin.add_capability('edit_html', 'Content')
+      admin.add_capability('edit_excerpt', 'Content')
+
+      content_author.add_capability('create', 'Content')
+      content_author.add_capability('delete', 'Content')
+      content_author.add_capability('edit', 'Content')
+      content_author.add_capability('publish', 'Content')
+      content_author.add_capability('revert_version', 'Content')
+      content_author.add_capability('add_existing', 'Content')
+      content_author.add_capability('edit_html', 'Content')
+      content_author.add_capability('edit_excerpt', 'Content')
+
+      admin.add_capability('create', 'WebsiteNavItem')
+      admin.add_capability('delete', 'WebsiteNavItem')
+      admin.add_capability('edit', 'WebsiteNavItem')
+      admin.add_capability('secure', 'WebsiteNavItem')
+      admin.add_capability('unsecure', 'WebsiteNavItem')
+
+      website_author.add_capability('create', 'WebsiteNavItem')
+      website_author.add_capability('delete', 'WebsiteNavItem')
+      website_author.add_capability('edit', 'WebsiteNavItem')
+      website_author.add_capability('secure', 'WebsiteNavItem')
+      website_author.add_capability('unsecure', 'WebsiteNavItem')
+
+      admin.add_capability('view', 'Theme')
+      designer.add_capability('view', 'Theme')
+
+      admin.add_capability('view', 'SiteImageAsset')
+      website_author.add_capability('view', 'SiteImageAsset')
+      content_author.add_capability('view', 'SiteImageAsset')
+
+      content_author.add_capability('view', 'GlobalImageAsset')
+
+      admin.add_capability('view', 'GlobalImageAsset')
+      admin.add_capability('upload', 'GlobalImageAsset')
+      admin.add_capability('delete', 'GlobalImageAsset')
+
+      website_author.add_capability('view', 'GlobalImageAsset')
+      website_author.add_capability('upload', 'GlobalImageAsset')
+      website_author.add_capability('delete', 'GlobalImageAsset')
+
+      admin.add_capability('view', 'SiteFileAsset')
+      website_author.add_capability('view', 'SiteFileAsset')
+      content_author.add_capability('view', 'SiteFileAsset')
+
+      content_author.add_capability('view', 'GlobalFileAsset')
+
+      admin.add_capability('view', 'GlobalFileAsset')
+      admin.add_capability('upload', 'GlobalFileAsset')
+      admin.add_capability('delete', 'GlobalFileAsset')
+
+      website_author.add_capability('view', 'GlobalFileAsset')
+      website_author.add_capability('upload', 'GlobalFileAsset')
+      website_author.add_capability('delete', 'GlobalFileAsset')
+
+      admin.add_capability('drag_item', 'WebsiteTree')
+      website_author.add_capability('drag_item', 'WebsiteTree')
+
+      # update capability descriptions
+      Capability.all.each do |c|
+        c.update_description
+      end
+
+      drop_table :capable_models
+      drop_table :capabilities_capable_models
+      drop_table :secured_models
+      drop_table :roles_secured_models
+      remove_column :capabilities, :resource
+    end
+  end
+
+  def self.down
+  end
+end

data/lib/erp_tech_svcs/engine.rb

@@ -3,18 +3,18 @@ module ErpTechSvcs
     config.erp_tech_svcs = ErpTechSvcs::Config
 
     isolate_namespace ErpTechSvcs
-	
+
+    Mime::Type.register "application/pdf", :pdf
+
 	  ActiveSupport.on_load(:active_record) do
-      include ErpTechSvcs::Extensions::ActiveRecord::HasRoles
+      include ErpTechSvcs::Extensions::ActiveRecord::HasSecurityRoles
       include ErpTechSvcs::Extensions::ActiveRecord::HasFileAssets
-      include ErpTechSvcs::Extensions::ActiveRecord::HasCapabilities
+      include ErpTechSvcs::Extensions::ActiveRecord::ProtectedByCapabilities
+      include ErpTechSvcs::Extensions::ActiveRecord::HasCapabilityAccessors
       include ErpTechSvcs::Extensions::ActiveRecord::HasRelationalDynamicAttributes
     end
 
-    engine = self
-    config.to_prepare do
-      ErpBaseErpSvcs.register_compass_ae_engine(engine)
-    end
+    ErpBaseErpSvcs.register_as_compass_ae_engine(config, self)
     
   end
 end

data/lib/erp_tech_svcs/extensions/active_record/base.rb

@@ -0,0 +1,17 @@
+::ActiveRecord::Base.class_eval do
+
+  # class method to get superclass of ActiveRecord model
+  def self.get_superclass(class_name)
+    klass = Module.const_get(class_name)
+    while klass.superclass != ::ActiveRecord::Base do
+      klass = klass.superclass
+    end
+    return klass.name
+  end
+
+  # instance method to get superclass of ActiveRecord model
+  def get_superclass
+    self.class.get_superclass(self.class.name)
+  end
+
+end

data/lib/erp_tech_svcs/extensions/active_record/has_capability_accessors.rb

@@ -0,0 +1,131 @@
+module ErpTechSvcs
+  module Extensions
+    module ActiveRecord
+      module HasCapabilityAccessors
+
+        def self.included(base)
+          base.extend(ClassMethods)
+        end
+
+        module ClassMethods
+
+          def has_capability_accessors
+            extend HasCapabilityAccessors::SingletonMethods
+            include HasCapabilityAccessors::InstanceMethods
+            
+            has_many :capability_accessors, :as => :capability_accessor_record
+          end
+
+        end
+        
+        module SingletonMethods
+          
+        end
+
+        module InstanceMethods        
+
+          # method to get capabilities this instance does NOT have
+          def capabilities_not
+            Capability.joins(:capability_type).
+                      joins("LEFT JOIN capability_accessors ON capability_accessors.capability_id = capabilities.id AND capability_accessors.capability_accessor_record_type = '#{self.class.name}' AND capability_accessors.capability_accessor_record_id = #{self.id}").
+                      where("capability_accessors.id IS NULL")
+          end
+
+          def scope_capabilities_not(scope_type_iid)
+            scope_type = ScopeType.find_by_internal_identifier(scope_type_iid)
+            capabilities_not.where(:scope_type_id => scope_type.id)
+          end
+
+          # method to get only class capabilities this instance does NOT have
+          def class_capabilities_not
+            scope_capabilities_not('class')
+          end
+
+          def query_capabilities_not
+            scope_capabilities_not('query')
+          end
+
+          def capabilities
+            Capability.joins(:capability_type).joins(:capability_accessors).
+                      where(:capability_accessors => { :capability_accessor_record_type => self.class.name, :capability_accessor_record_id => self.id })
+          end
+
+          def scope_capabilities(scope_type_iid)
+            scope_type = ScopeType.find_by_internal_identifier(scope_type_iid)
+            capabilities.where(:scope_type_id => scope_type.id)
+          end
+
+          # method to get all capabilities for this model
+          def all_capabilities
+            capabilities
+          end
+
+          # method to get only class capabilities for this model
+          def class_capabilities
+            scope_capabilities('class')
+          end
+
+          # method to get only query capabilities for this model
+          def query_capabilities
+            scope_capabilities('query')
+          end
+
+          # method to get only instance capabilities for this model
+          def instance_capabilities
+            scope_capabilities('instance')
+          end
+
+          # pass in (capability_type_iid, klass) or (capability) object
+          def add_capability(*capability)
+            capability = capability.first.is_a?(String) ? get_or_create_capability(capability.first, capability.second) : capability.first
+            ca = CapabilityAccessor.find_or_create_by_capability_accessor_record_type_and_capability_accessor_record_id_and_capability_id(get_superclass, self.id, capability.id)
+            self.reload
+            ca
+          end
+
+          def grant_capability(*capability)
+            add_capability(*capability)
+          end
+
+          def get_or_create_capability(capability_type_iid, klass)
+            capability_type = convert_capability_type(capability_type_iid)
+            scope_type = ScopeType.find_by_internal_identifier('class')
+            Capability.find_or_create_by_capability_resource_type_and_capability_type_id_and_scope_type_id(klass, capability_type.id, scope_type.id)
+          end
+
+          def get_capability(capability_type_iid, klass)
+            capability_type = convert_capability_type(capability_type_iid)
+            scope_type = ScopeType.find_by_internal_identifier('class')
+            Capability.find_by_capability_resource_type_and_capability_type_id_and_scope_type_id(klass, capability_type.id, scope_type.id)
+          end
+
+          # pass in (capability_type_iid, klass) or (capability) object
+          def remove_capability(*capability)
+            capability = capability.first.is_a?(String) ? get_or_create_capability(capability.first, capability.second) : capability.first
+            ca = capability_accessors.where(:capability_accessor_record_type => get_superclass, :capability_accessor_record_id => self.id, :capability_id => capability.id).first
+            ca.destroy unless ca.nil?
+            self.reload
+            ca
+          end
+
+          def revoke_capability(*capability)
+            remove_capability(*capability)
+          end
+
+          def has_capabilities?
+            !capability_accessors.empty?
+          end
+
+          private
+          def convert_capability_type(type)
+            return type if type.is_a?(CapabilityType)
+            return nil unless (type.is_a?(String) || type.is_a?(Symbol))
+            ct = CapabilityType.find_by_internal_identifier(type.to_s)
+            return ct unless ct.nil?
+            CapabilityType.create(:internal_identifier => type.to_s, :description => type.to_s.titleize)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/erp_tech_svcs/extensions/active_record/has_file_assets.rb

@@ -12,7 +12,7 @@ module ErpTechSvcs
 						extend HasFileAssets::SingletonMethods
 						include HasFileAssets::InstanceMethods
 						
-						has_many :files, :as => :file_asset_holder, :class_name => 'FileAsset', :dependent => :delete_all, :include => :capabilities
+						has_many :files, :as => :file_asset_holder, :class_name => 'FileAsset', :dependent => :destroy, :include => :capabilities
 					end
 				end
   		
@@ -45,6 +45,14 @@ module ErpTechSvcs
           def templates
 						self.files.where('type = ?', 'Template')
           end
+
+          def pdfs
+            self.files.where('type = ?', 'Pdf')
+          end
+
+          def xmls
+            self.files.where('type = ?', 'XmlFile')
+          end
           
 				end
 			end

data/lib/erp_tech_svcs/extensions/active_record/has_security_roles.rb

@@ -0,0 +1,89 @@
+module ErpTechSvcs
+	module Extensions
+		module ActiveRecord
+			module HasSecurityRoles
+
+        module Errors
+          exceptions = %w[UserDoesNotHaveAccess]
+          exceptions.each { |e| const_set(e, Class.new(StandardError)) }
+        end
+
+				def self.included(base)
+					base.extend(ClassMethods)  	        	      	
+				end
+
+				module ClassMethods
+				  def has_security_roles
+				    extend HasSecurityRoles::SingletonMethods
+    				include HasSecurityRoles::InstanceMethods
+				  end
+				end
+				
+				module SingletonMethods			
+				end
+						
+				module InstanceMethods
+
+          def join_parties_security_roles
+            "parties_security_roles ON parties_security_roles.security_role_id=security_roles.id"
+          end
+
+          def roles_not
+            SecurityRole.joins("LEFT JOIN #{join_parties_security_roles}").where("parties_security_roles.party_id IS NULL")
+          end
+
+				  def roles
+					  self.security_roles
+				  end
+
+				  def add_role(role)
+					  role = role.is_a?(SecurityRole) ? role : SecurityRole.find_by_internal_identifier(role.to_s)
+            unless self.has_role?(role)
+  					  self.security_roles << role
+  					  self.save
+  					end
+				  end
+
+          def add_roles(*passed_roles)
+            passed_roles.flatten!
+            passed_roles = passed_roles.first if passed_roles.first.is_a? Array
+            passed_roles.each do |role|
+              self.add_role(role)
+            end
+          end
+
+          def remove_role(role)
+            role = role.is_a?(SecurityRole) ? role : SecurityRole.find_by_internal_identifier(role.to_s)
+            self.security_roles.delete(role) if has_role?(role)
+				  end
+
+          def remove_roles(*passed_roles)
+            passed_roles.flatten!
+            passed_roles.each do |role|
+              self.remove_role(role)
+            end
+				  end
+
+          def remove_all_roles
+            self.security_roles = []
+            self.save
+          end
+
+          def has_role?(*passed_roles)
+            result = false
+            passed_roles.flatten!
+            passed_roles.each do |role|
+              role_iid = role.is_a?(SecurityRole) ?  role.internal_identifier : role.to_s
+              self.security_roles.each do |this_role|
+                result = true if (this_role.internal_identifier == role_iid)
+                break if result
+              end
+              break if result
+            end
+            result
+          end
+				end  
+      end #HasSecurityRoles
+    end #ActiveRecord
+  end #Extensions
+end #ErpTechSvcs