gb_mapfish_appserver 0.8.7 → 0.9.0

data/app/controllers/application_controller.rb

@@ -6,6 +6,11 @@ class ApplicationController < ActionController::Base
   before_filter :set_zone
   before_filter :set_locale
 
+  # This is our new function that comes before Devise's one
+  before_filter :authenticate_user_from_token!
+  # This is Devise's authentication
+  # before_filter :authenticate_user!
+
   protected
 
   #Zone 'intranet' or 'internet' depending on host name
@@ -70,4 +75,25 @@ class ApplicationController < ActionController::Base
     end
   end
 
+# With a token setup, all you need to do is override
+# your application controller to also consider token
+# lookups:
+
+  
+  # For this example, we are simply using token authentication
+  # via parameters. However, anyone could use Rails's token
+  # authentication features to get the token from a header.
+  def authenticate_user_from_token!
+    user_token = params[:USER_TOKEN].presence
+    user       = user_token && User.find_by_authentication_token(user_token.to_s)
+
+   if user
+      # Notice we are passing store false, so the user is not
+      # actually stored in the session and a token is needed
+      # for every request. If you want the token to work as a
+      # sign in token, you can simply remove store: false.
+      sign_in user, :store => false
+    end
+  end
+
 end

data/app/controllers/apps_controller.rb

@@ -4,6 +4,10 @@ class AppsController < ApplicationController
     @current_roles = current_roles.roles.collect(&:name)
 
     @topic_name = params['topic'] || DEFAULT_TOPIC[@zone].name
+
+    @back_topic_name = params['back'].nil? ? nil : params['back']
+    @over_topic_name = params['over'].blank? ? '[]' : params['over'].split(',').to_json
+
     @main_default_topic = DEFAULT_TOPIC[@zone].name
     @offlayers = params['offlayers'].blank? ? [] : params['offlayers'].split(',')
 
@@ -11,6 +15,9 @@ class AppsController < ApplicationController
     @x = params['x'].nil? ? DEFAULT_X : params['x'].to_f
     @y = params['y'].nil? ? DEFAULT_Y : params['y'].to_f
 
+    @zoom = params['zoom'].nil? ? DEFAULT_ZOOM : params['zoom'].to_i # for mobile
+    @gbapp = params['gbapp'].nil? ? 'default' : params['gbapp'] # for mobile
+
     @seltopic = params['seltopic']
     @sellayer = params['sellayer']
     @selproperty = params['selproperty']

data/app/controllers/print_controller.rb

@@ -78,6 +78,11 @@ class PrintController < ApplicationController
             layer["customParams"].delete("DPI")
             layer["customParams"]["map_resolution"] = request.parameters["dpi"]
           end
+
+          topic = Topic.find_by_name(topic_name)
+          add_sld_body(topic, layer)
+          add_filter(topic, layer)
+
           # For permission check in WMS controller: pass session as WMS request parameter
           #layer["customParams"]["session"] =
         else
@@ -199,6 +204,41 @@ class PrintController < ApplicationController
     end
   end
 
+  def add_sld_body(topic, layer)
+    # add SLD for selection
+    unless layer["customParams"]["SELECTION[LAYER]"].blank?
+      sld_body = Wms.sld_selection(topic,
+        layer["customParams"]["SELECTION[LAYER]"],
+        layer["customParams"]["SELECTION[PROPERTY]"],
+        layer["customParams"]["SELECTION[VALUES]"].split(',')
+      )
+
+      unless sld_body.nil?
+        # add serverside SLD for selection
+        layer["customParams"]["SLD_BODY"] = sld_body
+      else
+        logger.info "Selection layer '#{layer["customParams"]["SELECTION[LAYER]"]}' not found in topic '#{topic.name}'"
+      end
+
+      # remove non-WMS params
+      layer["customParams"].delete("SELECTION[LAYER]")
+      layer["customParams"].delete("SELECTION[PROPERTY]")
+      layer["customParams"].delete("SELECTION[VALUES]")
+    end
+  end
+
+  def add_filter(topic, layer)
+    filters = Wms.access_filters(current_ability, current_user, topic, layer["layers"])
+    if filters.any?
+      filters.each do |key, value|
+        # remove existing filter
+        layer["customParams"].delete(key)
+        # add serverside filter
+        layer["customParams"][key] = value
+      end
+    end
+  end
+
   protected
 
   def rewrite_wms_uri(url, use_cgi)

data/app/controllers/token_authentications_controller.rb

@@ -0,0 +1,20 @@
+# token_authentications_controller.rb
+
+class TokenAuthenticationsController < ApplicationController 
+
+  def create
+    #@user = User.criteria.id(params[:user_id]).first
+    @user = User.find(params[:user_id])
+    @user.reset_authentication_token!
+    redirect_to edit_user_registration_path(@user)
+  end
+
+  def destroy
+    #@user = User.criteria.id(params[:id]).first
+    @user = User.find(params[:id])
+    @user.authentication_token = nil
+    @user.save
+    redirect_to edit_user_registration_path(@user)
+  end
+
+end

data/app/controllers/users_controller.rb

@@ -0,0 +1,50 @@
+class UsersController < ApplicationController
+
+  before_filter :authenticate_user!
+  before_filter :accessible_user, :except => [:find]
+
+  def edit
+  end
+
+  def update
+    unless params[:user][:app_infos].blank?
+      @user.merge_app_infos(params[:user][:app_infos])
+      params[:user].delete(:app_infos)
+    end
+    if @user.update_attributes(params[:user])
+      redirect_to groups_users_url, :notice => 'Benutzer wurde erfolgreich gespeichert.'
+    else
+      render :action => "edit"
+    end
+  end
+
+  # find users by email for autocomplete
+  def find
+    users = User.where("email ILIKE ?", "#{params[:term]}%").order(:email).pluck(:email)
+
+    render :json => users
+  end
+
+  private
+
+  # FIXME: use ability -> User.accessible_by(current_ability)
+  def accessible_user
+    @user = User.find(params[:id])
+
+    user_accessible = (@user.id == current_user.id) # can edit self
+    unless user_accessible
+      # check if user is in accessible group
+      groups = Group.accessible_by(current_ability)
+      @user.groups_users.each do |groups_user|
+        if groups.include?(groups_user.group)
+          user_accessible = true
+          break
+        end
+      end
+    end
+    unless user_accessible
+      raise CanCan::AccessDenied.new("Permission error")
+    end
+  end
+
+end

data/app/controllers/wfs_controller.rb

@@ -4,7 +4,7 @@ require 'uri'
 class WfsController < ApplicationController
 
   def show
-    logger.info "----> WMS call with user '#{current_user.try(:login)}'"
+    logger.info "----> WFS call with user '#{current_user.try(:login)}'"
 
     #Send redirect for public services
     #if public?(params[:service], host_zone(request.host))
@@ -14,16 +14,17 @@ class WfsController < ApplicationController
     #  return
     #end
 
-    topic = Topic.where(:name => params[:service]).first
-    topic_accessible = topic && can?(:show, topic)
-    wfs_accessible = can?(:show, Wfs.new(params[:service]))
-    if !topic_accessible && !wfs_accessible
-      logger.info "----> Topic/WFS '#{params[:service]}' not accessible with roles #{current_roles.roles.collect(&:name).join('+')}!"
-      log_user_permissions(:show, topic) if topic
-      log_user_permissions(:show, Wfs.new(params[:service]))
+    topic_name = params[:service]
+    wfs_accessible = can?(:show, Wfs.new(topic_name))
+    unless wfs_accessible
+      logger.info "----> WFS '#{topic_name}' not accessible with roles #{current_roles.roles.collect(&:name).join('+')}!"
+      log_user_permissions(:show, Wfs.new(topic_name))
       request_http_basic_authentication('Secure WFS Login')
       return
     end
+
+    add_filter(topic_name)
+
     call_wfs(request)
   end
 
@@ -76,7 +77,11 @@ class WfsController < ApplicationController
       render :nothing => true
       return
     end
-    send_data response.body, :status => response.code, :type => response.content_type, :disposition => 'inline'
+    if (params[:format] == 'json')
+      send_data Hash.from_xml(response.body).to_json, :status => response.code, :type => {'Content-Type' => 'application/json'}, :disposition => 'inline'
+    else
+      send_data response.body, :status => response.code, :type => response.content_type, :disposition => 'inline'
+    end
   end
 
   #Public accessible WFS
@@ -90,5 +95,29 @@ class WfsController < ApplicationController
     end
   end
 
+  def add_filter(topic_name)
+    if !topic_name.blank? && params[:REQUEST] == "GetFeature" && !params[:TYPENAME].blank?
+      # get access filters for requested layers
+      access_filters = {}
+      params[:TYPENAME].split(',').each do |layer|
+        access_filter = current_ability.access_filter("WFS", topic_name, layer)
+        unless access_filter.nil?
+          access_filter.each do |key, value|
+            access_filter[key] = AccessFilter.user_value(current_user, value)
+          end
+          access_filters.merge!(access_filter)
+        end
+      end
+
+      if access_filters.any?
+        # remove existing filters
+        access_filters.each do |key, value|
+          request.env["QUERY_STRING"].gsub!(/(^|&)#{key}=.+?(?=(&|$))/, '')
+        end
+        # add serverside filters
+        request.env["QUERY_STRING"] += "&#{access_filters.to_query}"
+      end
+    end
+  end
 
 end

data/app/controllers/wms_controller.rb

@@ -6,29 +6,32 @@ class WmsController < ApplicationController
   def show
     logger.debug "----> WMS call with user '#{current_user.try(:login)}'"
 
-    topic = Topic.where(:name => params[:service]).first
+    topic_name = params[:service]
+    topic = Topic.where(:name => topic_name).first
     add_sld_body(topic)
+    add_filter(topic_name)
 
     #Send redirect for public services
-    if request.get? && public?(params[:service], host_zone(request.host))
+    if request.get? && public?(topic_name, host_zone(request.host))
       url, path = mapserv_request_url(request)
-      #expires_in 2.minutes, :public => true #FIXME: cache_path "wms-public-#{params[:service]}-#{host_zone(request.host)}"
+      #expires_in 2.minutes, :public => true #FIXME: cache_path "wms-public-#{topic_name}-#{host_zone(request.host)}"
       redirect_to "#{url.scheme}://#{url.host}#{path}"
       return
     end
 
     topic_accessible = topic && can?(:show, topic)
-    wms_accessible = can?(:show, Wms.new(params[:service]))
+    wms_accessible = can?(:show, Wms.new(topic_name))
+
     if topic_accessible && !wms_accessible
       topic_accessible = session_ok?
       if !topic_accessible
-        logger.info "----> WMS '#{params[:service]}' not accessible without valid session!"
+        logger.info "----> WMS '#{topic_name}' not accessible without valid session!"
       end
     end
     if !topic_accessible && !wms_accessible && !print_request? # allow all topics for print servlet
-      logger.info "----> Topic/WMS '#{params[:service]}' not accessible with roles #{current_roles.roles.collect(&:name).join('+')}!"
+      logger.info "----> Topic/WMS '#{topic_name}' not accessible with roles #{current_roles.roles.collect(&:name).join('+')}!"
       log_user_permissions(:show, topic) if topic
-      log_user_permissions(:show, Wms.new(params[:service]))
+      log_user_permissions(:show, Wms.new(topic_name))
       request_http_basic_authentication('Secure WMS Login')
       return
     end
@@ -114,11 +117,11 @@ class WmsController < ApplicationController
         logger.info "Selection layer '#{params[:SELECTION][:LAYER]}' not found in topic '#{topic.name}'"
         return
       end
-      # add serverside SLD for selection
-      request.env["QUERY_STRING"] += "&SLD_BODY=" + URI.escape(
-        sld_selection(layer, params[:SELECTION][:PROPERTY], params[:SELECTION][:VALUES].split(',')))
+      sld_body = sld_selection(layer, params[:SELECTION][:PROPERTY], params[:SELECTION][:VALUES].split(','))
       # Remove non-WMS params
-      request.env["QUERY_STRING"].gsub!(/&SELECTION.+?(?=&)/, '')
+      request.env["QUERY_STRING"].gsub!(/(^|&)SELECTION.+?(?=(&|$))/, '')
+      # add serverside SLD for selection
+      request.env["QUERY_STRING"] += "&SLD_BODY=" + URI.escape(sld_body)
       params.delete[:SELECTION]
     end
   end
@@ -155,6 +158,36 @@ class WmsController < ApplicationController
     sld
   end
 
+  def add_filter(topic_name)
+    unless params[:LAYERS].blank?
+      filters = access_filters(topic_name, params[:LAYERS].split(','))
+      if filters.any?
+        # remove existing filters
+        filters.each do |key, value|
+          request.env["QUERY_STRING"].gsub!(/(^|&)#{key}=.+?(?=(&|$))/, '')
+        end
+        # add serverside filters
+        request.env["QUERY_STRING"] += "&#{filters.to_query}"
+      end
+    end
+  end
+
+  def access_filters(topic_name, layers)
+    access_filters = {}
+    unless topic_name.blank?
+      layers.each do |layer|
+        access_filter = current_ability.access_filter("WMS", topic_name, layer)
+        unless access_filter.nil?
+          access_filter.each do |key, value|
+            access_filter[key] = AccessFilter.user_value(current_user, value)
+          end
+          access_filters.merge!(access_filter)
+        end
+      end
+    end
+    access_filters
+  end
+
   #Public accessible WMS
   #REMARK: permission change needs restart!
   def public?(name, zone)

data/app/models/ability.rb

@@ -120,10 +120,12 @@ class Ability
     def layer_topics_lookup
       #Build a lookup hash for all layer -> topic relations
       @layer_topics ||= begin
-        layer_topics = resources.all.inject({}) {|hsh,l| hsh[l.id] = []; hsh }        
-        # layer_topics = resources.inject({}) {|hsh,l| hsh[l.id] = []; hsh }
-        all_topics = Topic.select("topics.id,topics.name,layers.id,layers.name").includes(:layers)
-        all_topics.each {|t| t.layers.each {|l| layer_topics[l.id] << t.name} }
+        layer_topics = resources.all.inject({}) {|hsh,l| hsh[l.id] = []; hsh }
+
+        # NOTE: query without includes(:layers) is about 5 times faster
+        all_topics = Topic.select("id,name")
+        all_topics.each {|t| t.layers.select("layers.id,layers.name").each {|l| layer_topics[l.id] << t.name} }
+
         layer_topics
       end
     end
@@ -267,6 +269,8 @@ class Ability
     alias_action :index, :show, :legend, :query, :to => :edit #Edit implies index and show permissions
     alias_action :legend, :query, :to => :show #Show implies legend and query permissions
 
+    @access_filters = {}
+
     @ability_roles = ability_roles
     if @ability_roles.has_role?(:admin)
       can :manage, :all
@@ -296,16 +300,23 @@ class Ability
 
       #Attribute permissions
       ToolResourceType.new.add_ability(self, roles)
-    end
 
-    #Access filters: { resource_type => { resource => filter } }
-    #@access_filters = {}
-    #AccessFilter.for_roles(roles).each do |access_filter|
-    #  @access_filters[access_filter.resource_type] ||= {}
-    #  rtaf = @access_filters[access_filter.resource_type]
-    #  res = access_filter.resource.split('/').last
-    #  rtaf[res] = access_filter.condition
-    #end
+      #Access filters:
+      # {
+      #   resource_type => {
+      #     topic => {
+      #       layer => condition
+      #     }
+      #   }
+      # }
+      AccessFilter.for_roles(roles).each do |access_filter|
+        @access_filters[access_filter.resource_type] ||= {}
+
+        topic, layer = access_filter.resource.split('/')
+        @access_filters[access_filter.resource_type][topic] ||= {}
+        @access_filters[access_filter.resource_type][topic][layer] = access_filter.parse_condition
+      end
+    end
   end
 
   def roles
@@ -317,9 +328,22 @@ class Ability
     resource_type.roles_permissions(roles, action, resource)
   end
 
-  #def resource_access_filter(resource)
-  #  rtaf = @access_filters[resource.class.to_s]
-  #  return nil if rtaf.nil?
-  #  rtaf[resource.table]
-  #end
+  # specific topic/layer takes precedence over "*" wildcard
+  # priorities: topic/layer > topic/* > */layer > */*
+  def access_filter(resource_type, topic, layer)
+    filter = nil
+    unless @access_filters[resource_type].nil?
+      unless @access_filters[resource_type][topic].nil?
+        # topic/layer or topic/*
+        filter = @access_filters[resource_type][topic][layer] || @access_filters[resource_type][topic]["*"]
+      end
+
+      if filter.nil? && !@access_filters[resource_type]["*"].nil?
+        # */layer or */*
+        filter = @access_filters[resource_type]["*"][layer] || @access_filters[resource_type]["*"]["*"]
+      end
+    end
+    filter
+  end
+
 end

data/app/models/access_filter.rb

@@ -1,3 +1,5 @@
+# NOTE: mark user values with "$user.<attribute>$", e.g. "$user.bfsnr$"
+
 class AccessFilter < ActiveRecord::Base
   belongs_to :role
 
@@ -5,4 +7,38 @@ class AccessFilter < ActiveRecord::Base
 
   scope :for_roles, lambda { |roles| where(:role_id => roles.collect(&:id)) }
 
+  def parse_condition
+    if ["WMS", "WFS"].include?(resource_type)
+      wms_condition = condition
+      begin
+        # try to parse as JSON
+        wms_condition = JSON.parse(wms_condition)
+      rescue => err
+        Rails.logger.info "Could not parse #{resource_type} condition for #{role.name} #{resource} as JSON: #{err}"
+      end
+      wms_condition
+    else
+      condition
+    end
+  end
+
+  def self.user_value(user, value)
+    # replace "$user.<attribute>$" placeholders with user.app_infos[<attribute>] values
+    user_attributes = value.to_s.scan(/\$user\.(\w+)\$/).flatten
+    unless user_attributes.empty?
+      if user.nil?
+        # empty values if no user
+        value.sub(/\$user\.(\w+)\$/, '')
+      else
+        user_attributes.each do |key|
+          # replace placeholder with value from user.app_infos
+          value.sub!(/\$user\.#{key}\$/, user.app_infos[key] || '')
+        end
+        value
+      end
+    else
+      value
+    end
+  end
+
 end

data/app/models/layer.rb

@@ -103,10 +103,6 @@ EOS
     #logger.info "************************* Attribute for name '#{name}': #{@attrs[name].inspect}"
   end
 
-  #def filtered(ability)
-  #  feature_class.where(ability.resource_access_filter(self))
-  #end
-
   def query_fields(ability)
     return '' if feature_class.nil?
     ([pkey]+ident_fields_for(ability)+[feature_class.extent_field, feature_class.area_field]).join(',')

data/app/models/permission.rb

@@ -47,7 +47,7 @@ class Permission < ActiveRecord::Base
     def role_can?(role_id, action, resource)
       ActiveRecord::Base.silence do
         can = if has_resource_list?
-          permitted_resources(role_id, action).include?(resource)
+          permitted_resources(role_id, action, resources).include?(resource)
         else
           permitted?(resource, permissions(role_id, action))
         end
@@ -67,6 +67,7 @@ class Permission < ActiveRecord::Base
     end
 
     def roles_can?(roles, action, resource)
+      # find first permitted role if any
       roles.find { |role| role_can?(role.id, action, resource) }
     end
 
@@ -74,6 +75,7 @@ class Permission < ActiveRecord::Base
       ActiveRecord::Base.silence do
         actions.each do |action|
           if has_resource_list?
+            # use Rails cache
             ids = Rails.cache.fetch("permitted_resource_ids-#{action}-#{@resource_type_name}-roles-#{roles.collect(&:id).join(',')}") do
               permitted_resource_ids(roles, action)
             end
@@ -90,10 +92,12 @@ class Permission < ActiveRecord::Base
 
     protected
 
+    # higher sequence takes precedence
     def permitted?(resource, permissions)
       allow = false
       permissions.each do |permission|
         if permission.deny
+          # NOTE: permissions with higher sequence will override this, so deny permissions should have highest sequence
           allow = false if compare(resource, permission.resource)
         else
           allow ||= compare(resource, permission.resource)
@@ -102,10 +106,10 @@ class Permission < ActiveRecord::Base
       allow
     end
 
-    #All resource permissionsfor a given role_id + action
-    def permitted_resources(role_id, action)
+    #All resource permissions for a given role_id + action
+    def permitted_resources(role_id, action, resources_list)
       permissions = permissions(role_id, action)
-      resources.select do |r|
+      resources_list.select do |r|
         permitted?(r, permissions)
       end
     end
@@ -114,11 +118,12 @@ class Permission < ActiveRecord::Base
     def permitted_resource_ids(roles, action)
       ids = []
       return ids if !has_resource_list?
-      roles.each { |role| ids += permitted_resources(role.id, action).collect(&:id) }
+      resources_list = resources.all # load resources here to optimize loop below
+      roles.each { |role| ids += permitted_resources(role.id, action, resources_list).collect(&:id) }
       ids.sort.uniq
     end
 
-    #All permissions for a given role_id + action
+    #All permissions for a given role_id + action, ordered by sequence
     def permissions(role_id, action)
       Permission.where(:role_id => role_id,
         :resource_type => @resource_type_name, :action => action).order(

data/app/models/topic.rb

@@ -42,8 +42,9 @@ class Topic < ActiveRecord::Base
       app.gbapplications_categories.includes(:category).each do |gbapplications_category|
         category = gbapplications_category.category
         unless category.nil?
-          category_topics = category.topics.accessible_by(current_ability).select(
-            'topics.*,categories_topics.sort AS categories_topics_sort')
+          category_topics = category.topics.accessible_by(current_ability)
+          category_topics = category_topics.includes(:organisation).includes(:bg_topic).includes(:overlay_topics) # optimize query performance
+          category_topics.select('topics.*,categories_topics.sort AS categories_topics_sort')
           topics += category_topics.collect do |topic|
             subtopics = category_topics.select{|t| t.parent_id == topic.id}.collect do |subtopic|
               {
@@ -188,8 +189,10 @@ class Topic < ActiveRecord::Base
   end
 
   def query_layers(ability, active_layers) #TODO: 0.5s
-    layers.accessible_by(ability).where('topics_layers.queryable').order('topics_layers.leg_sort DESC').find_all do |layer|
-      active_layers.include?(layer.name)
+    ActiveRecord::Base.silence do
+      layers.accessible_by(ability).where('topics_layers.queryable').order('topics_layers.leg_sort DESC').find_all do |layer|
+        active_layers.include?(layer.name)
+      end
     end
   end
 

data/app/views/groups_users/_form.html.erb

@@ -17,12 +17,24 @@
       <%= @groups_user.group.name %>
     </div>
   </div>
+  <div class="row">
+    <%= f.label 'Login name' %>
+    <div class="input uneditable-input">
+      <%= @groups_user.user.login %>
+    </div>
+  </div>
   <div class="row">
     <%= f.label 'User' %>
     <div class="input uneditable-input">
       <%= @groups_user.user.name %>
     </div>
   </div>
+  <div class="row">
+    <%= f.label 'Email' %>
+    <div class="input uneditable-input">
+      <a href="mailto:<%= @groups_user.user.email %>?Subject=Best&auml;tigung&Body=<%= render @mail_body %>"><%= @groups_user.user.email %></a>
+    </div>
+  </div>
   <div class="row">
     <%= f.label :granted %>
     <div class="input">

data/app/views/groups_users/index.html.erb

@@ -1,24 +1,34 @@
+<% if @groups.any? || @groups_users.any? %>
 <h1>Usergruppen Verwaltung</h1>
+<% end %>
 
+<% if @groups.any? %>
 <table>
   <tr>
     <th>Group</th>
     <th>Signup-Link</th>
+    <th></th>
   </tr>
 
 <% @groups.each do |group| %>
   <tr>
     <td><%= group.name %></td>
     <td><%= link_to new_user_registration_url(:group => group.name), new_user_registration_path(:group => group.name) %></td>
+    <td><%= link_to 'User hinzufügen', new_groups_user_path({:group => group}) %></td>
   </tr>
 <% end %>
 </table>
+<% end %>
 
+<% if @groups_users.any? %>
 <table>
   <tr>
     <th>Group</th>
+    <th>Login</th>
     <th>User</th>
+    <th>EMail</th>
     <th>Granted</th>
+    <th>Info</th>
     <th></th>
     <th></th>
   </tr>
@@ -26,14 +36,35 @@
 <% @groups_users.each do |groups_user| %>
   <tr>
     <td><%= groups_user.group.name %></td>
+    <td><%= link_to groups_user.user.login, edit_user_path(groups_user.user) %></td>
     <td><%= groups_user.user.name %></td>
-    <td><%= groups_user.granted %></td>
-    <td><%= link_to 'Edit', edit_groups_user_path(groups_user) %></td>
-    <td><%= link_to 'Destroy', groups_user, :confirm => 'Are you sure?', :method => :delete %></td>
+    <td><%= groups_user.user.email %></td>
+    <td><%= link_to groups_user.granted.to_s, edit_groups_user_path(groups_user) %></td>
+    <td>
+      <% unless groups_user.user.app_infos.nil? %>
+        <% groups_user.user.app_infos.each do |key, value| %>
+          <i><%= key %></i>: <%= value %><br/>
+        <% end %>
+      <% end %>
+    </td>
+    <td><%= link_to 'Bearbeiten', edit_user_path(groups_user.user) %></td>
+    <td><%= link_to 'Entfernen', groups_user, :confirm => 'Benutzer aus Gruppe entfernen?', :method => :delete %></td>
   </tr>
 <% end %>
 </table>
+<% end %>
 
-<br />
+<h1>Eigene Gruppen</h1>
 
-<%= link_to 'New Groups user', new_groups_user_path %>
+<table>
+  <tr>
+    <th>Gruppe</th>
+    <th>Freigeschaltet</th>
+  </tr>
+<% current_user.groups_users.each do |groups_user| %>
+  <tr>
+    <td><%= groups_user.group.name %></td>
+    <td><%= groups_user.granted ? "ja" : "nein" %></td>
+  </tr>
+<% end %>
+</table>

data/app/views/groups_users/new.html.erb

@@ -1,5 +1,44 @@
-<h1>New groups_user</h1>
+<% content_for :head do %>
+<script type="text/javascript">
+  $(function() {
+    $('#user_email').autocomplete({
+      source: '/users/find.json',
+      minLength: 3
+    });
+  });
+</script>
+<% end %>
 
-<%= render 'form' %>
+<h1>Benutzer zu Gruppe hinzufügen</h1>
 
-<%= link_to 'Index', groups_users_path %>
+<%= form_for(@groups_user) do |f| %>
+  <% if @groups_user.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(@groups_user.errors.count, "error") %> prohibited this groups_user from being saved:</h2>
+
+      <ul>
+        <% @groups_user.errors.full_messages.each do |msg| %>
+          <li><%= msg %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <%= f.hidden_field :group_id, :value => @group.id %>
+  <div class="row">
+    <%= f.label 'Gruppe' %>
+    <div class="input uneditable-input">
+      <%= @groups_user.group.name %>
+    </div>
+  </div>
+  <div class="row">
+    <%= f.label :user_email, 'Benutzer E-Mail' %>
+    <%= text_field_tag :user_email %>
+  </div>
+
+  <div class="actions">
+    <%= f.submit "Benutzer hinzufügen" %>
+  </div>
+<% end %>
+
+<%= link_to 'Zurück', groups_users_path %>

data/app/views/layouts/application.html.erb

@@ -2,15 +2,30 @@
 <html>
 	<head>
 		<title>GIS-Browser Admin</title>
-		<%#= stylesheet_link_tag :application, :media => "all" %>
+		<%= stylesheet_link_tag :application, :media => "all" %>
 		<% if HOST_ZONE[request.host] == 'intranet' %>
 		<%= stylesheet_link_tag 'http://www.intranet.ktzh.ch/css/global.css' %>
 		<%= stylesheet_link_tag 'http://www.intranet.ktzh.ch/css/intranet.css' %>
 		<% else %>
 		<%= stylesheet_link_tag 'http://www.zh.ch/css/global.css' %>
 		<% end %>
+                <style type="text/css">
+                    div.alert-message {
+                        background-color: #F2FBF2;
+                        border: 2px solid #23C123;
+                        color: #23C123;
+                        margin-bottom: 30px;
+                        padding: 5px 51px 5px 10px;
+                    }
+                    div.alert-message.error {
+                        background-color: #FBF2F2;
+                        border: 2px solid #C12323;
+                        color: #C12323;
+                    }
+                </style>
 		<%= javascript_include_tag :application %>
 		<%= csrf_meta_tags %>
+		<%= yield :head %>
 	</head>
 
 	<body>
@@ -26,34 +41,38 @@
 			<div id="nav-meta" role="navigation">
 				<ul>
 					<% if user_signed_in? %>
-					<li><%= link_to current_user.login, edit_user_registration_path(current_user) %></li>
+                                        <li><%= link_to current_user.login, edit_user_path(current_user) %></li>
 					<li><%= link_to('Usergruppen', groups_users_path) %></li>
 					<% else %>
 					<li><%= link_to "Anmelden", new_user_session_path %></li>
 					<% end%>
 					<li><%= link_to "Karte", root_path %></li>
+                                        <% if user_signed_in? %>
+					<li><%= link_to "Abmelden", destroy_user_session_path %></li>
+                                        <% end %>
 				</ul>
 			</div>
 
 			<div id="main-area">
+			<div id="content-column">
+
 
 				<% if flash.present? %>
-				<div class="error-required-box">
-					<% flash.each do |key, value| %>
-					<div class='alert-message <%= key %>'>
-						<p>
-							<%= value %>
-						</p>
-					</div>
-					<% end %>
-					<br/>
-				</div>
+                                    <% flash.each do |key, value| %>
+                                    <div class='<%= key == :alert ? 'error-required-box' : "alert-message #{key}" %>'>
+                                            <p>
+                                                    <%= value %>
+                                            </p>
+                                            <br/>
+                                    </div>
+                                    <% end %>
 				<% end %>
 
 				<%= yield %>
 
 				<hr />
 			</div>
+			</div>
 
 			<div id="footer" role="complementary">
 
@@ -61,13 +80,13 @@
 
 				<ul>
 					<li class="copyright">
-						&copy; 2012 Kanton Zürich
+						&copy; 2013 Kanton Zürich
 					</li>
 					<li >
-						<a href="http://www.zh.ch/internet/de/service/nav/footer/nutzungsregelungen.html">Nutzungsregelungen</a>
+						<a href="http://www.zh.ch/internet/de/service/nav/footer/nutzungsregelungen.html" target="_blank">Nutzungsregelungen</a>
 					</li>
 					<li >
-						<a href="http://www.zh.ch/internet/de/service/nav/footer/impressum.html">Impressum</a>
+						<a href="http://www.zh.ch/internet/de/service/nav/footer/impressum.html" target="_blank">Impressum</a>
 					</li>
 				</ul>
 				<div class="clear"></div>

data/app/views/registrations/edit.html.erb

@@ -31,4 +31,25 @@
 	<div class="row">
 		<%= f.submit "Update" %>
 	</div>
+
+	<div class="row">
+		<%= f.label :token_authentication_key %>
+	  	<p><%= resource.authentication_token.blank? ? "Token Empty" : resource.authentication_token %></p>
+	</div>
+
+	<div class="row">
+  		<%= link_to "Generate Token", token_authentications_path(:user_id => resource.id), :method => :post, :confirm => "Are you sure?"  %>
+  		<%= link_to "Delete Token", token_authentication_path(resource), :method => :delete, :confirm => "Are you sure?"  %>
+	</div>
+
+	<div class="row">
+		<% if resource.authentication_token %>
+			<p>You can use this url to login<br />
+			<%= link_to "http://maps.zh.ch#{root_path(:user_token => resource.authentication_token)}", root_path(:user_token => resource.authentication_token)  %></p>
+		<% end %>
+	</div>
+
+
+
+
 <% end %>

data/app/views/registrations/new.html.erb

@@ -37,7 +37,7 @@
 	</div>
 	
 	<div class="row">
-		<%= f.submit "Sign up", :class => 'big-submit' %>
+		<%= f.submit "Registrieren", :class => 'big-submit' %>
 	</div>
 <% end %>
 

data/app/views/users/edit.html.erb

@@ -0,0 +1,63 @@
+<h2>Benutzer bearbeiten</h2>
+
+<%= form_for @user do |f| %>
+  <% if @user.errors.any? %>
+    <div id="error_explanation">
+      <h2><%= pluralize(@user.errors.count, "error") %> prohibited this groups_user from being saved:</h2>
+
+      <ul>
+        <% @user.errors.full_messages.each do |msg| %>
+          <li><%= msg %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <div class="row">
+    <%= f.label 'Login' %>
+    <div class="input uneditable-input">
+      <%= @user.login %>
+    </div>
+  </div>
+
+  <div class="row">
+    <%= f.label 'Name' %>
+    <div class="input uneditable-input">
+      <%= @user.name %>
+    </div>
+  </div>
+
+  <div class="row">
+    <%= f.label 'E-Mail' %>
+    <div class="input uneditable-input">
+      <%= @user.email %>
+    </div>
+  </div>
+
+  <% if current_user.id == @user.id %>
+    <%= link_to "Bearbeiten", edit_user_registration_path(current_user) %>
+  <% end %>
+
+  <% @user.groups_users.each do |groups_user| %>
+    <% next if groups_user.group.nil? %>
+    <% if File.exist?(File.join(Rails.root, 'app', 'views', 'registrations', groups_user.group.name)) && (@user.id == current_user.id || current_user.group_admin?(groups_user.group)) %>
+    <fieldset>
+      <legend><%= groups_user.group.name %> (<%= groups_user.granted ? "freigeschaltet" : "nicht freigeschaltet" %>)</legend>
+      <%= render :partial => "registrations/#{groups_user.group.name}/app_infos", :locals => {:f => f} %>
+      <%# show user filter fields to group admins only %>
+      <% if current_user.group_admin?(groups_user.group) && File.exist?(File.join(Rails.root, 'app', 'views', 'registrations', groups_user.group.name, '_filters.html.erb')) %>
+        <div class="row">
+          <b><%= f.label "Filter" %></b>
+        </div>
+        <%= render :partial => "registrations/#{groups_user.group.name}/filters", :locals => {:f => f} %>
+      <% end %>
+    </fieldset>
+    <% end %>
+  <% end %>
+
+  <div class="actions">
+    <%= f.submit "Benutzer speichern" %>
+  </div>
+<% end %>
+
+<%= link_to 'Zurück', groups_users_path %>

data/config/routes.rb

@@ -11,10 +11,17 @@ Rails.application.routes.draw do
     match '/session/welcome' => "registrations#index", :as => :user_welcome
     match '/session/login' => "registrations#login", :as => :user_login
     match '/session/logout' => "registrations#logout", :as => :user_logout
+    match '/session/confirm' => "registrations#confirm", :as => :user_confirm
   end
 
+  resources :token_authentications, :only => [:create, :destroy]
 
-  resources :groups_users
+  resources :groups_users do
+    get :register, :on => :collection
+  end
+  resources :users do
+    get :find, :on => :collection
+  end
 
   resources :topics_layers
 

data/gb_mapfish_appserver.gemspec

@@ -19,20 +19,20 @@ Gem::Specification.new do |s|
   s.add_dependency "json"
   s.add_dependency "acts_as_tree", "0.2.0"
 
-  s.add_dependency "devise", "2.0.4"
-  s.add_dependency "cancan", "1.6.7"
+  s.add_dependency "devise", "~> 2.2.0"
+  s.add_dependency "cancan", "~> 1.6.8"
 
-  s.add_dependency "rails_admin", "0.0.5"
+  s.add_dependency "rails_admin", "~> 0.4.0"
   s.add_dependency "fastercsv"# required for rails_admin and Ruby <= 1.8
   s.add_dependency "sass", "~> 3.2.12" # rails_admin 0.0.5 does not work with sass >=3.3
 
   s.add_dependency "GeoRuby", ">= 0.1.4" #used for reading envelope, e.g. in GeoModel#bbox
 
-  s.add_dependency "rgeo", "0.3.20"
-  s.add_dependency "rgeo-geojson", "0.2.1"
+  s.add_dependency "rgeo", "~> 0.3.20"
+  s.add_dependency "rgeo-geojson", "~> 0.2.3"
 
   s.add_dependency "hpricot" # Cascaded WMS FeatureInfo parsing
 
-  s.add_dependency "pg", "0.14.0"
+  s.add_dependency "pg", "~> 0.14.0"
   s.add_dependency "activerecord-postgis-adapter", "0.4.1"
 end

data/lib/gb_mapfish_appserver/version.rb

@@ -1,3 +1,3 @@
 module GbMapfishAppserver
-  VERSION = "0.8.7"
+  VERSION = "0.9.0"
 end

data/lib/generators/mapfish/install/install_generator.rb

@@ -75,7 +75,7 @@ module Mapfish
 #Parts for building a Mapserver URL
 # Example: http://localhost/cgi-bin/mapserv.fcgi?map=#{Rails.root}/mapconfig/#{options["default-site-name"]}/naturalearth.map)
 MAPSERV_SERVER = 'http://localhost' #nil for current application server
-MAPSERV_URL = '/cgi-bin/mapserv.fcgi'
+MAPSERV_URL = '/cgi-bin/mapserv'
 MAPSERV_CGI_URL = '/cgi-bin/mapserv'
 MAPPATH = '#{Rails.root}/mapconfig'
 

data/test/dummy/config/environments/development.rb

@@ -39,7 +39,7 @@ end
 #Parts for building a Mapserver URL
 # Example: http://localhost/cgi-bin/mapserv.fcgi?map=/home/pi/code/rails/dummy/mapconfig/maps.example.com/naturalearth.map)
 MAPSERV_SERVER = 'http://localhost' #nil for current application server
-MAPSERV_URL = '/cgi-bin/mapserv.fcgi'
+MAPSERV_URL = '/cgi-bin/mapserv'
 MAPSERV_CGI_URL = '/cgi-bin/mapserv'
 MAPPATH = '/home/pi/code/rails/gb_mapfish_appserver/test/dummy/mapconfig'
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: gb_mapfish_appserver
 version: !ruby/object:Gem::Version
-  version: 0.8.7
+  version: 0.9.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-04-04 00:00:00.000000000 Z
+date: 2014-05-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &23152020 !ruby/object:Gem::Requirement
+  requirement: &23267300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -21,10 +21,10 @@ dependencies:
         version: 3.2.13
   type: :runtime
   prerelease: false
-  version_requirements: *23152020
+  version_requirements: *23267300
 - !ruby/object:Gem::Dependency
   name: json
-  requirement: &23151600 !ruby/object:Gem::Requirement
+  requirement: &23281540 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *23151600
+  version_requirements: *23281540
 - !ruby/object:Gem::Dependency
   name: acts_as_tree
-  requirement: &23151060 !ruby/object:Gem::Requirement
+  requirement: &23280980 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -43,43 +43,43 @@ dependencies:
         version: 0.2.0
   type: :runtime
   prerelease: false
-  version_requirements: *23151060
+  version_requirements: *23280980
 - !ruby/object:Gem::Dependency
   name: devise
-  requirement: &23150560 !ruby/object:Gem::Requirement
+  requirement: &23280440 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - =
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 2.0.4
+        version: 2.2.0
   type: :runtime
   prerelease: false
-  version_requirements: *23150560
+  version_requirements: *23280440
 - !ruby/object:Gem::Dependency
   name: cancan
-  requirement: &23150100 !ruby/object:Gem::Requirement
+  requirement: &23279720 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - =
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 1.6.7
+        version: 1.6.8
   type: :runtime
   prerelease: false
-  version_requirements: *23150100
+  version_requirements: *23279720
 - !ruby/object:Gem::Dependency
   name: rails_admin
-  requirement: &23149640 !ruby/object:Gem::Requirement
+  requirement: &23279060 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - =
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 0.0.5
+        version: 0.4.0
   type: :runtime
   prerelease: false
-  version_requirements: *23149640
+  version_requirements: *23279060
 - !ruby/object:Gem::Dependency
   name: fastercsv
-  requirement: &23149260 !ruby/object:Gem::Requirement
+  requirement: &23278480 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -87,10 +87,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *23149260
+  version_requirements: *23278480
 - !ruby/object:Gem::Dependency
   name: sass
-  requirement: &23148720 !ruby/object:Gem::Requirement
+  requirement: &23277660 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -98,10 +98,10 @@ dependencies:
         version: 3.2.12
   type: :runtime
   prerelease: false
-  version_requirements: *23148720
+  version_requirements: *23277660
 - !ruby/object:Gem::Dependency
   name: GeoRuby
-  requirement: &23148220 !ruby/object:Gem::Requirement
+  requirement: &23276940 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -109,32 +109,32 @@ dependencies:
         version: 0.1.4
   type: :runtime
   prerelease: false
-  version_requirements: *23148220
+  version_requirements: *23276940
 - !ruby/object:Gem::Dependency
   name: rgeo
-  requirement: &23147760 !ruby/object:Gem::Requirement
+  requirement: &23276220 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - =
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.3.20
   type: :runtime
   prerelease: false
-  version_requirements: *23147760
+  version_requirements: *23276220
 - !ruby/object:Gem::Dependency
   name: rgeo-geojson
-  requirement: &20360520 !ruby/object:Gem::Requirement
+  requirement: &23275540 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - =
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 0.2.1
+        version: 0.2.3
   type: :runtime
   prerelease: false
-  version_requirements: *20360520
+  version_requirements: *23275540
 - !ruby/object:Gem::Dependency
   name: hpricot
-  requirement: &20358960 !ruby/object:Gem::Requirement
+  requirement: &23274960 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -142,21 +142,21 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *20358960
+  version_requirements: *23274960
 - !ruby/object:Gem::Dependency
   name: pg
-  requirement: &20357660 !ruby/object:Gem::Requirement
+  requirement: &23290800 !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - =
+    - - ~>
       - !ruby/object:Gem::Version
         version: 0.14.0
   type: :runtime
   prerelease: false
-  version_requirements: *20357660
+  version_requirements: *23290800
 - !ruby/object:Gem::Dependency
   name: activerecord-postgis-adapter
-  requirement: &20356440 !ruby/object:Gem::Requirement
+  requirement: &23290300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - =
@@ -164,7 +164,7 @@ dependencies:
         version: 0.4.1
   type: :runtime
   prerelease: false
-  version_requirements: *20356440
+  version_requirements: *23290300
 description: Mapfish Appserver is a framework for web mapping applications using OGC
   standards and the Mapfish protocol.
 email:
@@ -191,8 +191,10 @@ files:
 - app/controllers/print_controller.rb
 - app/controllers/registrations_controller.rb
 - app/controllers/search_controller.rb
+- app/controllers/token_authentications_controller.rb
 - app/controllers/topics_controller.rb
 - app/controllers/upload_controller.rb
+- app/controllers/users_controller.rb
 - app/controllers/wfs_controller.rb
 - app/controllers/wms_controller.rb
 - app/helpers/application_helper.rb
@@ -261,6 +263,7 @@ files:
 - app/views/topics/_print_disclaimer.txt
 - app/views/topics/legend.html.erb
 - app/views/topics/query.html.erb
+- app/views/users/edit.html.erb
 - config/initializers/devise.rb
 - config/initializers/geodb.rb
 - config/initializers/mime_types.rb