hobo 0.6.1 → 0.6.2

data/hobo_files/plugin/lib/hobo/model_controller.rb

@@ -5,7 +5,13 @@ module Hobo
     include Hobo::Controller
 
     class PermissionDeniedError < RuntimeError; end
-
+    class UserPermissionError < StandardError
+      attr :models
+      def initialize(models)
+        @models = models || []
+      end
+    end
+    
     VIEWLIB_DIR = "taglibs"
     
     GENERIC_PAGE_TAGS = [:index, :show, :new, :edit, :show_collection, :new_in_collection, :login, :signup]
@@ -99,9 +105,10 @@ module Hobo
       end
 
 
-      def autocomplete_for(attr, options={})
-        opts = { :limit => 15 }.update(options)
-        @completers ||= {}
+      def autocomplete_for(attr, options={}, &b)
+        options = options.reverse_merge(:limit => 15)
+        options[:data_filters_block] = b
+        @completers ||= HashWithIndifferentAccess.new
         @completers[attr.to_sym] = opts
       end
 
@@ -110,12 +117,6 @@ module Hobo
         (@completers && @completers[name]) ||
           (superclass.respond_to?(:autocompleter) && superclass.autocompleter(name))
       end
-
-
-      def def_data_filter(name, &b)
-        @data_filters ||= {}
-        @data_filters[name] = b
-      end
       
       
       def web_method(web_name, method_name=nil)
@@ -139,12 +140,6 @@ module Hobo
       end
       
       
-      def data_filter(name)
-        (@data_filters && @data_filters[name]) ||
-          (superclass.respond_to?(:data_filter) && superclass.data_filter(name))
-      end
-
-
       def find_instance(id)
         if model.id_name? and id !~ /^\d+$/
           model.find_by_id_name(id)
@@ -154,6 +149,8 @@ module Hobo
       end
 
     end
+    
+    include HttpParameters
 
     # --- ACTIONS --- #
 
@@ -166,11 +163,13 @@ module Hobo
     def destroy; hobo_destroy; end
     
     def completions
-      attr = params[:for]
-      opts = attr && self.class.autocompleter(attr.to_sym)
+      opts = self.class.autocompleter(params[:for])
       if opts
+        # Eval any defined filters
+        instance_eval(&opts[:data_filters_block]) if opts[:data_filters_block]
+        conditions = data_filter_conditions
         q = params[:query]
-        items = find_with_data_filter(opts) { send("#{attr}_contains", q) }
+        items = model.find(:all) { all?(send("#{attr}_contains", q), conditions && block(conditions)) }
 
         render :text => "<ul>\n" + items.map {|i| "<li>#{i.send(attr)}</li>\n"}.join + "</ul>"
       else
@@ -179,10 +178,34 @@ module Hobo
     end
 
 
-    ###### END OF ACTIONS ######
+    # --- END OF ACTIONS --- #
 
     protected
     
+    def data_filter(name, &b)
+      @data_filters ||= HashWithIndifferentAccess.new
+      @data_filters[name] = b
+    end
+    
+    def search(*columns)
+      data_filter :search do |query|
+        columns_match = columns.map do |c|
+          if c.is_a?(Symbol)
+            send("#{c}_contains", query)
+          elsif c.is_a?(Hash)
+            c.map do |k, v| 
+              related = send(k)
+              v = [v] unless v.is_a?(Array)
+              v.map { |related_col| related.send("#{related_col}_contains", query) }
+            end
+          end
+        end.flatten
+        any?(*columns_match)
+      end
+    end
+    
+    attr_accessor :data_filters
+    
     def overridable_response(options, key)
       if options.has_key?(key)
         options[key]
@@ -210,21 +233,34 @@ module Hobo
     
 
     def paginated_find(*args, &b)
-      options = extract_options_from_args!(args)
-      
-      total_number = options.delete(:total_number)
-      @association = options.delete(:association) or
+      options = args.extract_options!
+      filter_conditions = data_filter_conditions
+      conditions_proc = if b && filter_conditions
+                          proc { block(b) & block(filter_conditions) }
+                        else
+                          b || filter_conditions
+                        end
+      
+      @association = options.delete(:association) ||
         if args.any?
           owner, collection_name = args
           @association = collection_name.to_s.split(".").inject(owner) { |m, name| m.send(name) }
         end
-        
-      if @association
-        total_number ||= @association.count
-        @reflection = @association.proxy_reflection if @association.respond_to?(:proxy_reflection)
-      end
+      @reflection = @association.proxy_reflection if @association._?.respond_to?(:proxy_reflection)
+      
+      total_number = options.delete(:total_number) ||
+        begin
+          # If there is a conditions block, it may depend on the includes
+          count_options = conditions_proc ? { :include => options[:include] } : {}
+          if @association
+            @association.count(count_options, &conditions_proc)
+          else
+            model.count(count_options, &conditions_proc)
+          end  
+        end
+      
+      puts total_number
       
-      total_number ||= count_with_data_filter
       page_size = options.delete(:page_size) || 20
       page = options.delete(:page) || params[:page]
       @pages = ::ActionController::Pagination::Paginator.new(self, total_number, page_size, page)
@@ -234,11 +270,28 @@ module Hobo
         :offset => @pages.current.offset,
       }.merge(options)
       
+      unless options.has_key?(:order)
+        _, desc, field = *params[:sort]._?.match(/^(-)?([a-z_]+(?:\.[a-z_]+)?)$/)
+        if field
+          @sort_field = field
+          @sort_direction = desc ? "desc" : "asc"
+          
+          table, column = if field =~ /^(.*)\.(.*)$/
+                           [$1.camelize.constantize.table_name, $2]
+                          else
+                            sort_model = @association ? @association.member_class : model
+                           [sort_model.table_name, field]
+                         end
+         options[:order] = "#{table}.#{column} #{@sort_direction}"
+        elsif !@association
+          options[:order] = :default
+        end
+      end
+      
       if @association
-        @association.find(:all, options, &b)
+        @association.find(:all, options, &conditions_proc) 
       else
-        options[:order] ||= :default
-        find_with_data_filter(options, &b)
+        model.find(:all, options, &conditions_proc)
       end
     end
     
@@ -291,6 +344,7 @@ module Hobo
       
       if (@this = options[:this])
         permission_denied(options) and return unless Hobo.can_create?(current_user, @this)
+        valid = @this.save
       else
         attributes = params[model.name.underscore]
         type_attr = params['type']
@@ -301,16 +355,14 @@ module Hobo
                          model
                        end
         @this = create_model.new
-        @check_create_permission = [@this]
-        initialize_from_params(@this, attributes)
-        for obj in @check_create_permission
-          permission_denied(options) and return unless Hobo.can_create?(current_user, obj)
-        end
-        @check_create_permission = nil
+        status = secure_change_transaction { initialize_record(@this, attributes) }
+        permission_denied(options) and return if status == :not_allowed
+        valid = status == :valid
       end
       
       set_named_this!
-      if @this.save
+      
+      if valid
         if block_given?
           yield 
         else
@@ -335,6 +387,7 @@ module Hobo
       end
     end
     
+    
     def hobo_edit(options={})
       hobo_show(options)
     end    
@@ -346,22 +399,16 @@ module Hobo
       @this = find_instance_or_not_found(options, :this)
       return unless @this
       
-      original = @this.duplicate
-      
       changes = params[model.name.underscore]
-      
-      if changes
-        # The 'duplicate' call above can set these, but they can
-        # conflict with the changes so we clear them
-        @this.send(:clear_aggregation_cache)
-        @this.send(:clear_association_cache)
-        
-        update_with_params(@this, changes)
-        permission_denied(options) and return unless Hobo.can_update?(current_user, original, @this)
-      end
+      status = secure_change_transaction { update_record(@this, changes) }
       
       set_named_this!
-      if changes.nil? || @this.save
+      case status
+      when :not_allowed
+        permission_denied(options)
+        return
+        
+      when :valid
         # Ensure current_user isn't out of date
         @current_user = @this if @this == current_user
         
@@ -392,7 +439,7 @@ module Hobo
           end
         end
           
-      else
+      when :invalid
         # Validation errors
         respond_to do |wants|
           wants.html do
@@ -494,18 +541,19 @@ module Hobo
     end
 
 
-    def permission_denied(options=nil)
-      if options and options[:permission_denied_response]
+    def permission_denied(options={})
+      if options[:permission_denied_response]
         # do nothing (callback handled by LazyHash)
       elsif respond_to? :permission_denied_response
         permission_denied_response
       else
-        render :text => "Permission Denied", :status => 403
+        message = options[:message] || "Permission Denied"
+        render :text => message, :status => 403
       end
     end
     
-    def not_found(options=nil)
-      if options && options[:not_found_response]
+    def not_found(options={})
+      if options[:not_found_response]
         # do nothing (callback handled by LazyHash)
       elsif respond_to? :not_found_response
         not_found_response
@@ -531,15 +579,24 @@ module Hobo
       
       template = Hobo::ModelController.find_model_template(page_model, page_kind)
 
-      if template
-        render :template => template
-        true
-      else
-        if page_kind.in? GENERIC_PAGE_TAGS
-          render_tag("#{page_kind.to_s.camelize}Page", :with => @this)
+      begin
+        if template
+          render :template => template
           true
         else
-          false
+          # This returns false if no such tag exists
+          render_tag("#{page_kind.to_s.camelize}Page", :with => @this)
+        end
+      rescue ActionView::TemplateError => wrapper
+        e = wrapper.original_exception if wrapper.respond_to? :original_exception
+        if e.is_a? Hobo::ModelController::UserPermissionError
+          if current_user.guest?
+            redirect_to login_url(e.models.first || UserController.user_models.first)
+          else
+            permission_denied(:message => e.message)
+          end
+        else
+          raise
         end
       end
     end
@@ -548,112 +605,55 @@ module Hobo
     def model
       self.class.model
     end
-
+    
 
     def find_template
       Hobo::ModelController.find_model_template(model, params[:action])
     end
 
-
-    def with_data_filter(operation, *args, &block)
-      filter_param = params.keys.find &it.starts_with?("where_")
-      proc = filter_param && self.class.data_filter(filter_param[6..-1].to_sym)
-      if proc
-        filter_args = params[filter_param]
-        filter_args = [filter_args] unless filter_args.is_a? Array
-        model.send(operation, *args) do
-          if block
-            instance_eval(&block) & instance_exec(*filter_args, &proc)
-          else
-            instance_exec(*filter_args, &proc)
-          end
-        end
-      else
-        if block
-          model.send(operation, *args) { instance_eval(&block) }
-        else
-          model.send(operation, *args)
-        end
-      end
-    end
     
-    def find_with_data_filter(opts={}, &b)
-      with_data_filter(:find, :all, opts, &b)
+    def data_filter_conditions
+      active_filters = data_filters && (params.keys & data_filters.keys)
+      filters = data_filters
+      params = self.params
+      proc do
+        all?(*active_filters.map {|f| instance_exec(params[f], &filters[f])})
+      end unless active_filters.blank?
     end
     
-    
-    def count_with_data_filter(opts={}, &b)
-      with_data_filter(:count, opts, &b)
-    end
-    
-
-    def initialize_from_params(obj, params)
-      update_with_params(obj, params)
-      obj.set_creator(current_user)
-      (@check_create_permission ||= []) << obj
-      obj
-    end
-
 
-    def update_with_params(object, params)
+    def XXupdate_with_params(object, params)
       return unless params
 
       params.each_pair do |field,value|
         field = field.to_sym
         refl = object.class.reflections[field]
-        ar_value = if refl
-                     if refl.macro == :belongs_to
-                       associated_record(object, refl, value)
-
-                     elsif Hobo.simple_has_many_association?(refl) and object.new_record?
-                       # only populate has_many relationships for new records. For existing
-                       # records, AR updates the DB immediately, bypassing Hobo's permission check
-                       if value.is_a? Array
-                         value.map {|x| associated_record(object, refl, x) }
+        is_has_many = refl && Hobo.simple_has_many_association?(refl)
+        
+        if is_has_many
+          items = if value.is_a? Array
+                    value.map {|x| associated_record(object, refl, x) }
+                  else
+                    value.keys.every(:to_i).sort.map{|i| associated_record(object, refl, value[i.to_s]) }
+                  end
+          object.send(field).target[0..-1] = items
+        else
+          ar_value = if refl
+                       if refl.macro == :belongs_to
+                         associated_record(object, refl, value)
                        else
-                         value.keys.every(:to_i).sort.map{|i| associated_record(object, refl, value[i.to_s]) }
+                         raise HoboError, "association #{object.class}.#{refl.name} is not settable via parameters"
                        end
                      else
-                       raise HoboError.new("association #{refl.name} is not settable via parameters")
+                       param_to_value(object.class.field_type(field), value)
                      end
-                   else
-                     param_to_value(object.class.field_type(field), value)
-                   end
-        object.send("#{field}=".to_sym, ar_value)
-      end
-    end
-
-    
-    def parse_datetime(s)
-      defined?(Chronic) ? Chronic.parse(s) : Time.parse(s)
-    end
-
-
-    def param_to_value(field_type, value)
-      if field_type.nil?
-        value
-      elsif field_type <= Date
-        if value.is_a? Hash
-          Date.new(*(%w{year month day}.map{|s| value[s].to_i}))
-        elsif value.is_a? String
-          dt = parse_datetime(value)
-          dt && dt.to_date
-        end
-      elsif field_type <= Time
-        if value.is_a? Hash
-          Time.local(*(%w{year month day hour minute}.map{|s| value[s].to_i}))
-        elsif value.is_a? String
-          parse_datetime(value)
+          object.send("#{field}=".to_sym, ar_value)
         end
-      elsif field_type <= TrueClass
-        (value.is_a?(String) && value.strip.downcase.in?(['0', 'false']) || value.blank?) ? false : true
-      else
-        # primitive field
-        value
       end
     end
 
-    def associated_record(owner, refl, value)
+    
+    def XXassociated_record(owner, refl, value)
       if value.is_a? String
         if value.starts_with?('@')
           Hobo.object_from_dom_id(value[1..-1])
@@ -674,7 +674,7 @@ module Hobo
     end
 
 
-    def object_from_param(param)
+    def XXobject_from_param(param)
       Hobo.object_from_dom_id(param)
     end