hobo 0.6.1 → 0.6.2

data/hobo_files/plugin/lib/hobo/dryml/template_environment.rb

@@ -194,11 +194,13 @@ module Hobo::Dryml
     def new_object_context(new_this)
       new_context do
         @_this_parent,@_this_field,@_this_type = if new_this.respond_to?(:proxy_reflection)
-                                                refl = new_this.proxy_reflection
-                                                [new_this.proxy_owner, refl.name, refl]
-                                              else
-                                                [nil, nil, new_this.class]
-                                              end
+                                                   refl = new_this.proxy_reflection
+                                                   [new_this.proxy_owner, refl.name, refl]
+                                                 else
+                                                   # In dryml, TrueClass is the 'boolean' class
+                                                   t = new_this.class == FalseClass ? TrueClass : new_this.class
+                                                   [nil, nil, t]
+                                                 end
         @_this = new_this
         yield
       end
@@ -207,27 +209,25 @@ module Hobo::Dryml
 
     def new_field_context(field_path, tag_this=nil)
       new_context do
-        path = if field_path.is_a? Array
-                 field_path
-               elsif field_path.is_a? String
-                 field_path.split('.')
-               else
-                 [field_path]
-               end
-
-        obj = tag_this || this
-        for field in path
-          parent = obj
-          obj = Hobo.get_field(parent, field)
-        end
+      path = if field_path.is_a? Array
+               field_path
+             elsif field_path.is_a? String
+               field_path.split('.')
+             else
+               [field_path]
+             end
+        parent, field, obj = Hobo.get_field_path(tag_this || this, path)
 
         type = if (obj.nil? or obj.respond_to?(:proxy_reflection)) and
                    parent.class.respond_to?(:field_type) and field_type = parent.class.field_type(field)
                  field_type
+               elsif obj == false
+                 # In dryml, TrueClass is the 'boolean' class
+                 TrueClass
                else
                  obj.class
                end
-
+        
         @_this, @_this_parent, @_this_field, @_this_type = obj, parent, field, type
         @_form_field_path += path if @_form_field_path
         yield
@@ -409,7 +409,11 @@ module Hobo::Dryml
     
     
     def render_tag(tag_name, attributes)
-      (send(tag_name, attributes) + part_contexts_storage_tag).strip
+      if respond_to?(tag_name)
+        (send(tag_name, attributes) + part_contexts_storage_tag).strip
+      else
+        false
+      end
     end
     
     

data/hobo_files/plugin/lib/hobo/email_address.rb

@@ -1,5 +1,9 @@
 class Hobo::EmailAddress < String
   
   COLUMN_TYPE = :string
+  
+  def validate
+    "is not a valid email address" unless self.blank? || self =~ /^\s*([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\s*$/i
+  end
 
 end

data/hobo_files/plugin/lib/hobo/field_spec.rb

@@ -23,7 +23,8 @@ module Hobo
                               elsif options[:length]
                                 :string
                               else
-                                Hobo.field_types[type]::COLUMN_TYPE or raise UnknownSqlTypeError, type
+                                field_type = Hobo.field_types[type]
+                                field_type && field_type::COLUMN_TYPE or raise UnknownSqlTypeError, [model, name, type]
                               end
                             end
     end

data/hobo_files/plugin/lib/hobo/guest.rb

@@ -0,0 +1,21 @@
+module Hobo 
+
+  class Guest
+    
+    alias_method :has_hobo_method?, :respond_to?
+    
+    def to_s
+      "Guest"
+    end
+
+    def guest?
+      true
+    end
+
+    def super_user?
+      false
+    end
+
+  end
+
+end

data/hobo_files/plugin/lib/hobo/hobo_helper.rb

@@ -15,13 +15,13 @@ module Hobo
         @current_user = if session and id = session[:user]
                           Hobo.object_from_dom_id(id)
                         else 
-                          Guest.new
+                          ::Guest.new
                         end 
     end
      
      
     def logged_in?
-      !(current_user.respond_to?(:guest?) && current_user.guest?)
+      !current_user.guest?
     end
       
       
@@ -307,6 +307,46 @@ module Hobo
     end
      
      
+    # Login url for a given user record or user class
+    def login_url(user_or_class)
+      c = user_or_class.is_a?(Class) ? user_or_class : user_or_class.class
+      send("#{c.name.underscore}_login_url") rescue nil
+    end
+    
+
+    # Login url for a given user record or user class
+    def logout_url(user_or_class=nil)
+      c = if user_or_class.nil?
+            current_user.class
+          elsif user_or_class.is_a?(Class)
+            user_or_class
+          else
+            user_or_class.class
+          end
+      send("#{c.name.underscore}_logout_url") rescue nil
+    end
+    
+
+    # Sign-up url for a given user record or user class
+    def signup_url(user_or_class)
+      c = user_or_class.is_a?(Class) ? user_or_class : user_or_class.class
+      send("#{c.name.underscore}_signup_url") rescue nil
+    end
+
+    def query_params
+      query = request.request_uri.match(/(?:\?(.+))/)._?[1]
+      if query
+        params = query.split('&')
+        pairs = params.map do |param|
+          pair = param.split('=')
+          pair.length == 1 ? pair + [''] : pair
+        end
+        Hash[*pairs.flatten]
+      else
+        {}
+      end
+    end
+  
     # debugging support
      
     def abort_with(*args)

data/hobo_files/plugin/lib/hobo/http_parameters.rb

@@ -0,0 +1,225 @@
+module Hobo
+  
+  module HttpParameters
+    
+    class PermissionDeniedError < RuntimeError; end
+    class InvalidError < RuntimeError; end
+    
+    def initialize_record(record, params)
+      update_without_tracking(record, params)
+      record.set_creator(current_user)
+      (@to_create ||= []) << record
+      record
+    end
+
+    
+    def update_record(record, params)
+      return if params.blank?
+      
+      original = record.duplicate
+      # 'duplicate' can set these, but they can
+      # conflict with the changes so we clear them
+      @this.send(:clear_aggregation_cache)
+      @this.send(:clear_association_cache)
+      
+      (@to_update ||= []) << [original, record]
+
+      update_without_tracking(record, params)
+    end
+    
+    
+    def update_without_tracking(record, params)
+      params && params.each_pair do |field_name, value|
+        field = if (create = field_name =~ /^\+/)
+                  field_name[1..-1].to_sym
+                else
+                  field_name.to_sym
+                end
+        refl = record.class.reflections[field]
+        
+        if refl._?.macro == :belongs_to
+          if create
+            new_for_belongs_to(record, refl, value)
+          else
+            update_belongs_to(record, refl, value)
+          end
+          
+        elsif Hobo.simple_has_many_association?(refl)
+          raise HoboError, "invalid HTTP parameter #{field_name}" if create
+          update_has_many(record, refl, value)
+          
+        else
+          raise HoboError, "invalid HTTP parameter #{field_name}" if create
+          update_primitive(record, field, value)
+          
+        end
+      end
+    end
+    
+    
+    def new_for_belongs_to(record, refl, fields)
+      # person[+home][address]=blah  Create new home and set address (PUT POST)
+
+      target = refl.klass.new
+      initialize_record(target, fields)
+      record.send("#{refl.name}=", target)
+    end
+    
+    
+    def update_belongs_to(record, refl, value)
+      if value.is_a? String
+        # Update belongs_to to reference some existing record
+
+        target = if value.starts_with?('@')
+                   # person[home]=@home_12  Reference different existing home (PUT POST)
+                   
+                   Hobo.object_from_dom_id(value[1..-1])
+                 elsif refl.klass.id_name?
+                   # product[category]=garden  Reference existing category with id or name (PUT POST)
+                   
+                   refl.klass.find_by_id_name(value)
+                 else
+                   raise HoboError, "invalid HTTP parameter" if create
+                 end
+        record.send("#{refl.name}=", target)
+        
+      else
+        # Update state of current belongs_to target
+        # person[home][address]=blah  Update existing home.address (PUT)
+        raise HoboError, "invalid HTTP parameter" unless params[:action] == "update"
+        
+        target = record.send(refl.name)
+        raise HoboError, "invalid HTTP parameter" if target.nil?
+        update_record(target, value)
+      end
+    end
+    
+    
+    def update_has_many(record, refl, items)
+      new_items, changed_items = items.partition_hash {|k,v| k =~ /^\+/}
+      
+      new_items.keys.sort_by{|k|k.to_i}.each do |k|
+        # home[people][+1][name]=blah Create new Person with fkey refing to this home and set name (PUT POST)
+        fields = new_items[k]
+        new_for_has_many(record, refl, fields)
+      end
+      
+      changed_items.each_pair do |id, value|
+        # Change to existing record - only valid on PUTs
+        raise HoboError, "invalid HTTP parameter" unless params[:action] == "update"
+        
+        target = id =~ /_/ ? Hobo.object_from_dom_id(id) : refl.klass.find(id)
+        # Ensure the target is actually in this has_many
+        raise HoboError, "invalid http parameter" unless target.send(refl.primary_key_name) == record.id
+        
+        if value.is_a?(String) && value.downcase == "delete"
+          # home[people][45]=delete  Delete Person[45] (PUT)
+          delete_record(target)
+          
+        else
+          # home[people][45][name]=blah  Update Person[45].name (PUT)
+          raise HoboError, "invalid http parameter" unless value.is_a?(Hash) # field/value pairs
+          update_record(target, value)
+          
+        end
+      end
+    end
+    
+    
+    def new_for_has_many(record, refl, value)
+      # home[people][+1][name]=blah Create new Person with fkey refing to this home and set name (PUT POST)
+
+      new_record = record.send(refl.name).new
+      initialize_record(new_record, value)
+      record.send("#{refl.name}").target << new_record
+    end
+    
+    
+    def delete_record(record)
+      raise HoboError, "invalid HTTP parameter" unless params[:action] == "update"
+      (@to_delete ||= []) << record
+    end
+    
+    
+    def update_primitive(record, field, value)
+      # person[name]=fred (POST PUT)
+      field_type = record.class.field_type(field)
+      record.send("#{field}=", param_to_value(field_type, value))
+    end
+    
+    
+    def parse_datetime(s)
+      defined?(Chronic) ? Chronic.parse(s) : Time.parse(s)
+    end
+
+
+    def param_to_value(field_type, value)
+      if field_type.nil?
+        value
+      elsif field_type <= Date
+        if value.is_a? Hash
+          Date.new(*(%w{year month day}.map{|s| value[s].to_i}))
+        elsif value.is_a? String
+          dt = parse_datetime(value)
+          dt && dt.to_date
+        end
+      elsif field_type <= Time
+        if value.is_a? Hash
+          Time.local(*(%w{year month day hour minute}.map{|s| value[s].to_i}))
+        elsif value.is_a? String
+          parse_datetime(value)
+        end
+      elsif field_type <= TrueClass
+        (value.is_a?(String) && value.strip.downcase.in?(['0', 'false']) || value.blank?) ? false : true
+      else
+        # primitive field
+        value
+      end
+    end
+    
+    
+    def check_permissions_and_apply_changes
+      valid = true
+      for old, new in @to_update
+        raise PermissionDeniedError unless Hobo.can_update?(current_user, old, new)
+        new_valid = new.save
+        valid &&= new_valid
+      end if @to_update
+      
+      for record in @to_create
+        raise PermissionDeniedError unless Hobo.can_create?(current_user, record)
+        # check if it's new because it might have already been saved as a result of the updates
+        record_valid = record.save if record.new_record?
+        valid &&= record_valid
+      end if @to_create
+
+      for record in @to_delete
+        raise PermissionDeniedError unless Hobo.can_delete?(current_user, record)
+        record.destroy
+      end if @to_delete
+      
+      valid
+    ensure
+      @to_update = @to_create = @to_delete = nil
+    end
+    
+    
+    def secure_change_transaction
+      valid = nil
+      begin
+        ActiveRecord::Base.transaction do
+          yield 
+          valid = check_permissions_and_apply_changes
+          raise InvalidError unless valid
+        end
+      rescue PermissionDeniedError
+        return :not_allowed
+      rescue InvalidError
+        return :invalid
+      end
+      :valid
+    end
+    
+  end
+
+end

data/hobo_files/plugin/lib/hobo/model.rb

@@ -28,6 +28,8 @@ module Hobo
         alias_method_chain :has_many, :defined_scopes
         alias_method_chain :belongs_to, :foreign_key_declaration
       end
+      # respond_to? is slow on AR objects, use this instead where possible
+      base.send(:alias_method, :has_hobo_method?, :respond_to_without_attributes?)
     end
 
     module ClassMethods
@@ -64,10 +66,13 @@ module Hobo
         
         def field(name, *args)
           type = args.shift
-          options = extract_options_from_args!(args)
+          options = args.extract_options!
           @model.send(:set_field_type, name => type) unless
             type.in?(@model.connection.native_database_types.keys - [:text])
           @model.field_specs[name] = FieldSpec.new(@model, name, type, options)
+          
+          @model.send(:validates_presence_of, name) if :required.in?(args)
+          @model.send(:validates_uniqueness_of, name) if :unique.in?(args)
         end
         
         def method_missing(name, *args)
@@ -102,6 +107,13 @@ module Hobo
         types.each_pair do |field, type|
           type_class = Hobo.field_types[type] || type
           field_types[field] = type_class
+          
+          if "validate".in?(type_class.instance_methods)
+            self.validate do |record|
+              v = record.send(field).validate
+              record.errors.add(field, v) if v.is_a?(String)
+            end
+          end
         end
       end
       
@@ -129,15 +141,10 @@ module Hobo
       public :never_show?
 
       def set_creator_attr(attr)
-        class_eval %{
-          def creator
-            #{attr};
-          end
-          def creator=(x)
-            self.#{attr} = x;
-          end
-        }
+        @creator_attr = attr.to_sym
       end 
+      attr_reader :creator_attr
+      public :creator_attr
 
       def set_search_columns(*columns)
         class_eval %{
@@ -225,27 +232,34 @@ module Hobo
       end
       
       
-      def conditions(&b)
-        ModelQueries.new(self).instance_eval(&b).to_sql
+      def conditions(*args, &b)
+        if args.empty?
+          ModelQueries.new(self).instance_eval(&b).to_sql
+        else
+          ModelQueries.new(self).instance_exec(*args, &b).to_sql
+        end
       end
-
+      
 
       def find(*args, &b)
-        if args.first.in?([:all, :first])
-          if args.last.is_a? Hash
-            options = args.last
-            args[-1] = options = options.merge(:order => default_order) if options[:order] == :default
-          else
-            options = {}
-          end
+        options = args.extract_options!
+        if args.first.in?([:all, :first]) && options[:order] == :default
+          options = if default_order.blank?
+                      options - [:order]
+                    else
+                      options.merge(:order => "#{table_name}.#{default_order}")
+                    end
+        end
           
-          if b
-            super(args.first, options.merge(:conditions => conditions(&b)))
-          else
-            super(*args)
-          end
+        if b && !(block_conditions = conditions(&b)).blank?
+          c = if !options[:conditions].blank?
+                "(#{options[:conditons]}) and (#{block_conditions})"
+              else
+                block_conditions
+              end
+          super(args.first, options.merge(:conditions => c))
         else
-          super(*args)
+          super(*args + [options])
         end
       end
       
@@ -271,8 +285,8 @@ module Hobo
         end
       end
 
-      def has_creator?
-        instance_methods.include?('creator=') and instance_methods.include?('creator')
+      def creator_type
+        reflections[@creator_attr]._?.klass
       end
 
       def search_columns
@@ -366,12 +380,13 @@ module Hobo
           if find_scope
             # Calling instance_variable_get directly causes self to
             # get loaded, hence this trick
-            assoc = Kernel.instance_method(:instance_variable_get).bind(self).call("@#{name}")
+            assoc = Kernel.instance_method(:instance_variable_get).bind(self).call("@#{name}_scope")
             
             unless assoc
               options = proxy_reflection.options
               has_many_conditions = options.has_key?(:conditions)
-              scope_conditions = find_scope.delete(:conditions)
+              source = proxy_reflection.source_reflection
+              scope_conditions = find_scope[:conditions]
               conditions = if has_many_conditions && scope_conditions
                              "(#{scope_conditions}) AND (#{has_many_conditions})"
                            else
@@ -379,23 +394,26 @@ module Hobo
                            end
               
               options = options.merge(find_scope).update(:conditions => conditions,
-                                                    :class_name => proxy_reflection.klass.name,
-                                                    :foreign_key => proxy_reflection.primary_key_name)
+                                                         :class_name => proxy_reflection.klass.name,
+                                                         :foreign_key => proxy_reflection.primary_key_name)
+              options[:source] = source.name if source
+
               r = ActiveRecord::Reflection::AssociationReflection.new(:has_many,
                                                                       name,
                                                                       options,
-                                                                      proxy_reflection.klass)
+                                                                      proxy_owner.class)
+              
               @reflections ||= {}
               @reflections[name] = r
               
-              assoc = if options.has_key?(:through)
+              assoc = if source
                         ActiveRecord::Associations::HasManyThroughAssociation
                       else
                         ActiveRecord::Associations::HasManyAssociation
                       end.new(self.proxy_owner, r)
-              
+
               # Calling directly causes self to get loaded
-              Kernel.instance_method(:instance_variable_set).bind(self).call("@#{name}", assoc)
+              Kernel.instance_method(:instance_variable_set).bind(self).call("@#{name}_scope", assoc)
             end
             assoc
           else
@@ -407,7 +425,7 @@ module Hobo
       
       
       def has_many_with_defined_scopes(name, *args, &block)
-        options = extract_options_from_args!(args)
+        options = args.extract_options!
         if options.has_key?(:extend) || block
           # Normal has_many
           has_many_without_defined_scopes(name, *args + [options], &block)
@@ -420,7 +438,7 @@ module Hobo
     
     
     def set_creator(user)
-      self.creator ||= user if self.class.has_creator? and not user.guest?
+      self.send("#{self.class.creator_attr}=", user) if (t = self.class.creator_type) && user.is_a?(t)
     end