hobo 0.5.3

data/hobo_files/plugin/lib/hobo/HtmlString

@@ -0,0 +1,3 @@
+class Hobo::HtmlString
+
+end

data/hobo_files/plugin/lib/hobo/authenticated_user.rb

@@ -0,0 +1,106 @@
+require 'digest/sha1'
+
+module Hobo
+
+  module AuthenticatedUser
+
+    def self.included(base)
+      base.extend(ClassMethods)
+
+      base.class_eval do
+        # Virtual attribute for the unencrypted password
+        attr_accessor :password
+
+        validates_presence_of     :password,                   :if => :password_required?
+        validates_presence_of     :password_confirmation,      :if => :password_required?
+        validates_confirmation_of :password,                   :if => :password_required?
+      
+        before_save :encrypt_password
+        
+        never_show :salt, :crypted_password, :remember_token, :remember_token_expires_at
+        
+        set_field_type :password => :password, :password_confirmation => :password
+        
+        password_validations
+      end
+    end
+
+    module ClassMethods
+      
+      def password_validations
+        validates_length_of :password, :within => 4..40, :if => :password_required?
+      end
+      
+      def set_login_attr(attr)
+        @login_attr = attr = attr.to_sym
+        alias_attribute(:login, attr) unless attr == :login
+        
+        if block_given?
+          yield
+        else 
+          validates_presence_of   attr
+          validates_length_of     attr, :within => 3..100
+          validates_uniqueness_of attr, :case_sensitive => false
+        end
+      end
+
+      # Authenticates a user by their login name and unencrypted password.  Returns the user or nil.
+      def authenticate(login, password)
+        u = find(:first, :conditions => ["#{@login_attr} = ?", login]) # need to get the salt
+        
+        if u && u.authenticated?(password)
+          u.last_login_at = Time.now and u.save if u.respond_to?(:last_login_at)
+          u
+        else
+          nil
+        end
+      end
+
+      # Encrypts some data with the salt.
+      def encrypt(password, salt)
+        Digest::SHA1.hexdigest("--#{salt}--#{password}--")
+      end
+
+    end
+
+    # Encrypts the password with the user salt
+    def encrypt(password)
+      self.class.encrypt(password, salt)
+    end
+
+    def authenticated?(password)
+      crypted_password == encrypt(password)
+    end
+
+    def remember_token?
+      remember_token_expires_at && Time.now.utc < remember_token_expires_at
+    end
+
+    # These create and unset the fields required for remembering users between browser closes
+    def remember_me
+      self.remember_token_expires_at = 2.weeks.from_now.utc
+      self.remember_token            = encrypt("#{login}--#{remember_token_expires_at}")
+      save(false)
+    end
+
+    def forget_me
+      self.remember_token_expires_at = nil
+      self.remember_token            = nil
+      save(false)
+    end
+
+    protected
+    # before filter
+    def encrypt_password
+      return if password.blank?
+      self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
+      self.crypted_password = encrypt(password)
+    end
+
+    def password_required?
+      (crypted_password.blank? && password != nil) || !password.blank?
+    end
+
+  end
+
+end

data/hobo_files/plugin/lib/hobo/authentication_support.rb

@@ -0,0 +1,108 @@
+module Hobo
+  
+  module AuthenticationSupport
+    
+    # Filter method to enforce a login requirement.
+    def logged_in?
+      not current_user.guest?
+    end
+
+    # Check if the user is authorized.
+    #
+    # Override this method in your controllers if you want to restrict access
+    # to only a few actions or if you want to check if the user
+    # has the correct rights.
+    #
+    # Example:
+    #
+    #  # only allow nonbobs
+    #  def authorize?
+    #    current_user.login != "bob"
+    #  end
+    def authorized?
+      true
+    end
+
+    #
+    # To require logins for all actions, use this in your controllers:
+    #
+    #   before_filter :login_required
+    #
+    # To require logins for specific actions, use this in your controllers:
+    #
+    #   before_filter :login_required, :only => [ :edit, :update ]
+    #
+    # To skip this in a subclassed controller:
+    #
+    #   skip_before_filter :login_required
+    #
+    def login_required
+      if current_user.guest?
+        username, passwd = get_auth_data
+        self.current_user = Hobo.user_model.authenticate(username, passwd) || :false if username && passwd
+      end
+      logged_in? && authorized? ? true : access_denied
+    end
+
+    # Redirect as appropriate when an access request fails.
+    #
+    # The default action is to redirect to the login screen.
+    #
+    # Override this method in your controllers if you want to have special
+    # behavior in case the user is not authorized
+    # to access the requested action.  For example, a popup window might
+    # simply close itself.
+    def access_denied
+      respond_to do |accepts|
+        accepts.html do
+          store_location
+          redirect_to login_url
+        end
+        accepts.xml do
+          headers["Status"]           = "Unauthorized"
+          headers["WWW-Authenticate"] = %(Basic realm="Web Password")
+          render :text => "Could't authenticate you", :status => '401 Unauthorized'
+        end
+      end
+      false
+    end
+
+    # Store the URI of the current request in the session.
+    #
+    # We can return to this location by calling #redirect_back_or_default.
+    def store_location
+      session[:return_to] = request.request_uri
+    end
+
+    # Redirect to the URI stored by the most recent store_location call or
+    # to the passed default.
+    def redirect_back_or_default(default)
+      session[:return_to] ? redirect_to_url(session[:return_to]) : redirect_to(default)
+      session[:return_to] = nil
+    end
+
+    # When called with before_filter :login_from_cookie will check for an :auth_token
+    # cookie and log the user back in if apropriate
+    def login_from_cookie
+      return unless cookies[:auth_token] && !logged_in?
+      user = Hobo.user_model.find_by_remember_token(cookies[:auth_token])
+      if user && user.remember_token?
+        user.remember_me
+        self.current_user = user
+        cookies[:auth_token] = { :value => self.current_user.remember_token ,
+                                 :expires => self.current_user.remember_token_expires_at }
+      end
+    end
+
+    private
+    @@http_auth_headers = %w(X-HTTP_AUTHORIZATION HTTP_AUTHORIZATION Authorization)
+    # gets BASIC auth info
+    def get_auth_data
+      auth_key  = @@http_auth_headers.detect { |h| request.env.has_key?(h) }
+      auth_data = request.env[auth_key].to_s.split unless auth_key.blank?
+      return auth_data && auth_data[0] == 'Basic' ? Base64.decode64(auth_data[1]).split(':')[0..1] : [nil, nil]
+    end
+
+  end
+  
+end

data/hobo_files/plugin/lib/hobo/composite_model.rb

@@ -0,0 +1,66 @@
+module Hobo
+  
+  class CompositeModel
+    
+    include ModelSupport
+    
+    class << self
+      
+      def find(id)
+        ids = id.split('_')
+        new(*ids.map_with_index{|id, i| @models[i].constantize.find(id)})
+      end
+        
+      def compose(*models)
+        @models = models.omap{to_s.camelize}
+        attr_reader *models
+        CompositeModel.composites ||= {}
+        CompositeModel.composites[@models.sort] = self.name
+        
+        Hobo.register_model(self)
+      end
+      
+      attr_accessor :composites
+      
+      attr_reader :models
+      
+      def new_for(objects)
+        classes = objects.map{|o| o.class.name}.sort
+        composite_class = CompositeModel.composites[classes].constantize rescue
+          (raise ArgumentError, "No composite model for #{classes.inspect}")
+        composite_class.new(*objects)
+      end
+      
+    end
+      
+    
+    def initialize(*objects)
+      objects.each do |obj|
+        raise ArgumentError, "invalid objects for composition: #{objects.inspect}" unless
+          obj.class.name.in? self.class.models
+        instance_variable_set("@#{obj.class.name.underscore}", obj)
+      end
+    end
+    
+    
+    def compose_with(object, use=nil)
+      self_classes = use ? use.models : self.class.models
+      from_self = (self_classes - [object.class.name]).map {|classname| send(classname.underscore)}
+      CompositeModel.new_for(from_self + [object])
+    end
+
+    
+    def typed_id
+      "#{self.class.name.underscore}_#{id}"
+    end
+
+    
+    def id
+      objects = self.class.models.map {|m| instance_variable_get("@#{m.underscore}")}
+      objects.omap{id}.join("_")
+    end
+      
+  end
+
+end
+  

data/hobo_files/plugin/lib/hobo/controller.rb

@@ -0,0 +1,134 @@
+module Hobo
+
+  module Controller
+
+    include ControllerHelpers
+    
+    include AuthenticationSupport
+
+    def self.included(base)
+      if base.is_a?(Class)
+        Hobo::ControllerHelpers.public_instance_methods.each {|m| base.hide_action(m)}
+        base.class_eval do
+          alias_method_chain :redirect_to, :object_url
+        end
+      end
+    end
+
+
+    protected
+    
+    def redirect_to_with_object_url(destination, view=nil)
+      if destination.is_a?(String, Hash, Symbol)
+        redirect_to_without_object_url(destination)
+      else
+        redirect_to_without_object_url(object_url(destination, view))
+      end
+    end
+
+    def hobo_ajax_response(this=nil, results={})
+      this ||= @this
+      part_page = params[:part_page]
+      r = params[:render]
+      if r
+        ajax_update_response(this, part_page, r.values, results)
+        true
+      else
+        false
+      end
+    end
+
+
+    def ajax_update_response(this, part_page, render_specs, results={})
+      before_ajax if respond_to? :before_ajax
+      add_variables_to_assigns
+      renderer = Hobo::Dryml.page_renderer(@template, [], part_page) if part_page
+
+      render :update do |page|
+        page << "var _update = typeof Hobo == 'undefined' ? Element.update : Hobo.updateElement;"
+        for spec in render_specs
+          function = spec[:function] || "_update"
+
+          if spec[:as] or spec[:part]
+            obj = if spec[:object] == "this" or spec[:object].blank?
+                    this
+                  elsif spec[:object] == "nil"
+                    nil
+                  else
+                    Hobo.object_from_dom_id(spec[:object])
+                  end
+
+            if spec[:as]
+              part_content = render(:partial => (Hobo::ModelController.find_partial(obj.class, spec[:as])),
+                                 :locals => { :this => obj })
+              page.call(function, spec[:id], part_content)
+              
+            elsif spec[:part]
+              dom_id = spec[:id] || spec[:part]
+              part_content = renderer.call_part(dom_id, spec[:part], obj)
+              page.call(function, dom_id, part_content)
+            end
+            
+          elsif spec[:result]
+            result = results[spec[:result].to_sym]
+            page.call(function, spec[:id], result)
+            
+          else
+            # spec didn't specify any action :-/
+          end
+        end
+        if renderer
+          renderer.part_contexts.each_pair do |dom_id, p|
+            part_id, model_id = p
+            page.assign "hoboParts.#{dom_id}", [part_id, model_id]
+            
+            # not sure why this isn't happending automatically
+            # but it's messing up ARTS, so chuck a newline in
+            page << "\n"
+          end
+        end
+      end
+    end
+
+
+    def render_tag(tag, options={})
+      add_variables_to_assigns
+      render :text => Hobo::Dryml.render_tag(@template, tag, options), :layout => false
+    end
+
+
+    def render_tags(objects, tag, options={})
+      add_variables_to_assigns
+      dryml_renderer = Hobo::Dryml.empty_page_renderer(@template)
+      render :text => objects.map {|o| dryml_renderer.send(tag, options.merge(:obj => o))}.join +
+                      dryml_renderer.part_contexts_js
+    end
+
+
+    def site_search(query)
+      results = Hobo.find_by_search(query).select {|r| Hobo.can_view?(current_user, r, nil)}
+      if results.empty?
+        render :text => "<p>Your search returned no matches.</p>"
+      else
+        render_tags(results, "tag_for_object", :name => "search_result")
+      end
+    end
+
+
+    # Store the given user in the session.
+    def current_user=(new_user)
+      session[:user] = (new_user.nil? || new_user.is_a?(Symbol)) ? nil : new_user.id
+      @current_user = new_user
+    end
+
+
+    def request_no_cache?
+      request.env['HTTP_CACHE_CONTROL'] =~ /max-age=\s*0/
+    end
+    
+    def not_found
+      
+    end
+
+  end
+end

data/hobo_files/plugin/lib/hobo/controller_helpers.rb

@@ -0,0 +1,135 @@
+module Hobo::ControllerHelpers
+
+  protected
+
+  def current_user
+    # simple one-hit-per-request cache
+    @current_user or
+      @current_user = if Hobo.user_model and session and id = session[:user]
+                             Hobo.user_model.find(id)
+                           else 
+                             Guest.new
+                           end 
+  end
+
+
+  def logged_in?
+    not current_user.guest?
+  end
+    
+    
+  def urlb
+    request.relative_url_root
+  end
+
+
+  def controller_for(obj)
+    if obj.is_a? Class
+      obj.name.underscore.pluralize
+    else
+      obj.class.name.underscore.pluralize
+    end
+  end
+
+
+  def object_url(obj, action=nil, *param_hashes)
+    action &&= action.to_s
+    
+    controller_name = controller_for(obj)
+    
+    parts = if obj.is_a? Class
+              [urlb, controller_name]
+              
+            elsif obj.is_a? Hobo::CompositeModel
+              [urlb, controller_name, obj.id]
+              
+            elsif obj.is_a? ActiveRecord::Base
+              if obj.new_record?
+                [urlb, controller_name]
+              else
+                raise HoboError.new("invalid object url: new for existing object") if action == "new"
+
+                klass = obj.class
+                id = if klass.id_name?
+                       obj.id_name(true)
+                     else
+                       obj.id
+                     end
+                
+                [urlb, controller_name, id]
+              end
+              
+            elsif obj.is_a? Array    # warning - this breaks if we use `case/when Array`
+              owner = obj.proxy_owner
+              new_model = obj.proxy_reflection.klass
+              [object_url(owner), obj.proxy_reflection.name]
+              
+            else
+              raise HoboError.new("cannot create url for #{obj.inspect} (#{obj.class})")
+            end
+    basic = parts.join("/")
+    
+    controller = (controller_name.camelize + "Controller").constantize rescue nil
+    url = if action && controller && action.to_sym.in?(controller.web_methods)
+            basic + "/#{action}"
+          else
+            case action
+            when "new"
+              basic + "/new"
+            when "destroy"
+              basic + "?_method=DELETE"
+            when "update"
+              basic + "?_method=PUT"
+            when nil
+              basic
+            else
+              basic + ";" + action
+            end
+          end
+    params = make_params(*param_hashes)
+    params.blank? ? url : url + "?" + params
+  end
+
+
+  def _as_params(name, obj)
+    if obj.is_a? Array
+      obj.map {|x| _as_params("#{name}[]", x)}.join("&")
+    elsif obj.is_a? Hash
+      obj.map {|k,v| _as_params("#{name}[#{k}]", v)}.join("&")
+    elsif obj.is_a? Hobo::RawJs
+      "#{name}=' + #{obj} + '"
+    else
+      v = if obj.is_a?(ActiveRecord::Base) or obj.is_a?(Array)
+            "@" + dom_id(obj)
+          else
+            obj.to_s.gsub("'"){"\\'"}
+          end
+      "#{name}=#{v}"
+    end
+  end
+
+
+  def make_params(*hashes)
+    hash = {}
+    hashes.each {|h| hash.update(h) if h}
+    hash.map {|k,v| _as_params(k, v)}.join("&")
+  end
+
+
+  def dom_id(x, attr=nil)
+    Hobo.dom_id(x, attr)
+  end
+
+  
+  # debugging support
+
+  def debug(*args)
+    logger.debug(args.map{|arg| PP.pp(arg, "")}.join("\n"))
+    return args.first
+  end
+
+  def abort_with(*args)
+    raise args.map{|arg| PP.pp(arg, "")}.join("\n")
+  end
+
+end