hobo 0.8.3 → 0.8.4

data/lib/hobo/permissions/associations.rb

@@ -0,0 +1,167 @@
+module Hobo
+  
+  module Permissions
+    
+    module Associations
+    
+      def self.enable
+      
+        # Re-open AR classes...
+      
+        ActiveRecord::Associations::HasManyAssociation.class_eval do
+
+          # Helper - the user acting on the owner (if there is one)
+          def acting_user
+            @owner.acting_user if @owner.is_a?(Hobo::Model)
+          end
+
+
+          def delete_records(records)
+            case @reflection.options[:dependent]
+              when :destroy
+                records.each { |r| r.is_a?(Hobo::Model) ? r.user_destroy(acting_user) : r.destroy }
+              when :delete_all
+                # No destroy permission check if the :delete_all option has been chosen
+                @reflection.klass.delete(records.map(&:id))
+              else
+                nullify_keys(records)
+            end
+          end
+        
+
+          # Set the fkey used by this has_many to null on the passed records, checking for permission first if both the owner
+          # and record in question are Hobo models
+          def nullify_keys(records)
+            if (user = acting_user)
+              records.each { |r| r.user_changes!(user, @reflection.primary_key_name => nil) if r.is_a?(Hobo::Model) }
+            end
+
+            # Normal ActiveRecord implementatin
+            ids = quoted_record_ids(records)
+            @reflection.klass.update_all(
+              "#{@reflection.primary_key_name} = NULL", 
+              "#{@reflection.primary_key_name} = #{@owner.quoted_id} AND #{@reflection.klass.primary_key} IN (#{ids})"
+            )
+          end
+
+
+          def insert_record(record)
+            set_belongs_to_association_for(record)
+            if (user = acting_user) && record.is_a?(Hobo::Model)
+              record.user_save(user)
+            else
+              record.save
+            end
+          end
+          
+          def viewable_by?(user, field=nil)
+            # view check on an example member record is not supported on associations with conditions
+            return true if @reflection.options[:conditions]
+            new_candidate.viewable_by?(user, field)
+          end
+        
+        end
+      
+        ActiveRecord::Associations::HasManyThroughAssociation.class_eval do
+        
+          def acting_user
+            @owner.acting_user if @owner.is_a?(Hobo::Model)
+          end
+
+        
+          def create!(attrs = nil)
+            klass = @reflection.klass
+            user = acting_user if klass < Hobo::Model
+            klass.transaction do
+              object = if attrs
+                         klass.send(:with_scope, :create => attrs) { user ? klass.user_create!(user) : klass.create! }
+                       else
+                         user ? klass.user_create!(user) : klass.create!
+                       end
+              self << object
+              object
+            end
+          end
+
+
+          def create!(attrs = nil)
+            klass = @reflection.klass
+            user = acting_user if klass < Hobo::Model
+            klass.transaction do
+              object = if attrs
+                         klass.send(:with_scope, :create => attrs) { user ? klass.user_create(user) : klass.create }
+                       else
+                         user ? klass.user_create(user) : klass.create
+                       end
+              self << object
+              object
+            end
+          end
+        
+        
+          def insert_record(record, force=true)
+            user = acting_user if record.is_a?(Hobo::Model)
+            if record.new_record?
+              if force
+                user ? record.user_save!(user) : record.save!
+              else
+                return false unless (user ? record.user_save(user) : record.save)
+              end
+            end
+            klass = @reflection.through_reflection.klass
+            @owner.send(@reflection.through_reflection.name).proxy_target << 
+              klass.send(:with_scope, :create => construct_join_attributes(record)) { user ? klass.user_create!(user) : klass.create! }
+          end
+
+
+          # TODO - add dependent option support
+          def delete_records_with_hobo_permission_check(records)
+            klass  = @reflection.through_reflection.klass
+            user = acting_user
+            if user && records.any? { |r|
+                joiner = klass.find(:first, :conditions => construct_join_attributes(r))
+                joiner.is_a?(Hobo::Model) && !joiner.destroyable_by?(user)
+              }
+              raise Hobo::PermissionDeniedError, "#{@owner.class}##{proxy_reflection.name}.destroy"
+            end
+            delete_records_without_hobo_permission_check(records)
+          end
+          alias_method_chain :delete_records, :hobo_permission_check
+        
+        end
+      
+        ActiveRecord::Associations::AssociationCollection.class_eval do
+        
+          # Helper - the user acting on the owner (if there is one)
+          def acting_user
+            @owner.acting_user if @owner.is_a?(Hobo::Model)
+          end
+                
+          def create(attrs = {})
+            if attrs.is_a?(Array)
+              attrs.collect { |attr| create(attr) }
+            else
+              create_record(attrs) do |record|
+                yield(record) if block_given?
+                user = acting_user if record.is_a?(Hobo::Model)
+                user ? record.user_save(user) : record.save
+              end
+            end
+          end
+
+          def create!(attrs = {})
+            create_record(attrs) do |record|
+              yield(record) if block_given?
+              user = acting_user if record.is_a?(Hobo::Model)
+              user ? record.user_save!(user) : record.save!
+            end
+          end
+        
+        end
+      
+      end
+    
+    end
+  end  
+  
+end

data/lib/hobo/scopes.rb

@@ -2,8 +2,13 @@ module Hobo
 
   module Scopes
 
-    def self.included_in_class(base)
-      base.extend(ClassMethods)
+    def self.included_in_class(klass)
+      klass.class_eval do
+        extend ClassMethods
+        metaclass.alias_method_chain :valid_keys_for_has_many_association,   :scopes
+        metaclass.alias_method_chain :valid_keys_for_has_one_association,    :scopes
+        metaclass.alias_method_chain :valid_keys_for_belongs_to_association, :scopes
+      end
     end
 
     module ClassMethods
@@ -13,46 +18,17 @@ module Hobo
       include ApplyScopes
 
       # --- monkey-patches to allow :scope key on has_many, has_one and belongs_to ---
-
-      def create_has_many_reflection(association_id, options, &extension)
-        options.assert_valid_keys(
-          :class_name, :table_name, :foreign_key,
-          :dependent,
-          :select, :conditions, :include, :order, :group, :limit, :offset,
-          :as, :through, :source, :source_type,
-          :uniq,
-          :finder_sql, :counter_sql,
-          :before_add, :after_add, :before_remove, :after_remove,
-          :extend,
-          :scope
-        )
-
-        options[:extend] = create_extension_modules(association_id, extension, options[:extend]) if block_given?
-
-        create_reflection(:has_many, association_id, options, self)
+      
+      def valid_keys_for_has_many_association_with_scopes
+        valid_keys_for_has_many_association_without_scopes + [:scope]
       end
 
-      def create_has_one_reflection(association_id, options)
-        options.assert_valid_keys(
-          :class_name, :foreign_key, :remote, :conditions, :order, :include, :dependent, :counter_cache, :extend, :as, :scope
-        )
-
-        create_reflection(:has_one, association_id, options, self)
+      def valid_keys_for_has_one_association_with_scopes
+        valid_keys_for_has_one_association_without_scopes + [:scope]
       end
 
-      def create_belongs_to_reflection(association_id, options)
-        options.assert_valid_keys(
-          :class_name, :foreign_key, :foreign_type, :remote, :conditions, :order, :include, :dependent,
-          :counter_cache, :extend, :polymorphic, :scope
-        )
-
-        reflection = create_reflection(:belongs_to, association_id, options, self)
-
-        if options[:polymorphic]
-          reflection.options[:foreign_type] ||= reflection.class_name.underscore + "_type"
-        end
-
-        reflection
+      def valid_keys_for_belongs_to_association_with_scopes
+        valid_keys_for_belongs_to_association_without_scopes + [:scope]
       end
 
     end
@@ -62,5 +38,6 @@ module Hobo
 end
 
 ActiveRecord::Associations::AssociationProxy.send(:include, Hobo::Scopes::AssociationProxyExtensions)
+ActiveRecord::Associations::AssociationCollection.send(:include, Hobo::Scopes::AssociationCollectionExtensions)
 ActiveRecord::Associations::HasManyThroughAssociation.send(:include, Hobo::Scopes::HasManyThroughAssociationExtensions)
 require "hobo/scopes/named_scope_extensions"

data/lib/hobo/scopes/association_proxy_extensions.rb

@@ -24,22 +24,32 @@ module Hobo
         unscoped_conditions = conditions_without_hobo_scopes
         combine_conditions(scope_conditions, unscoped_conditions)
       end
-
       alias_method_chain :conditions, :hobo_scopes
 
     end
 
     HasManyThroughAssociationExtensions = classy_module do
 
-      def sql_conditions_with_hobo_scopes
+      def conditions_with_hobo_scopes
         scope_conditions         = self.scope_conditions(@reflection)
         through_scope_conditions = self.scope_conditions(@reflection.through_reflection)
-        unscoped_conditions = sql_conditions_without_hobo_scopes
+        unscoped_conditions = conditions_without_hobo_scopes
         combine_conditions(scope_conditions, through_scope_conditions, unscoped_conditions)
       end
+      alias_method_chain :conditions, :hobo_scopes
+      alias_method :sql_conditions, :conditions
+      public :conditions, :sql_conditions
 
-      alias_method_chain :sql_conditions, :hobo_scopes
-
+    end
+    
+    AssociationCollectionExtensions = classy_module do
+      
+      def proxy_respond_to_with_automatic_scopes?(method, include_priv = false)
+        proxy_respond_to_without_automatic_scopes?(method, include_priv) ||
+          (@reflection.klass.create_automatic_scope(method) if @reflection.klass.respond_to?(:create_automatic_scope))
+      end
+      alias_method_chain :proxy_respond_to?, :automatic_scopes
+      
     end
 
   end

data/lib/hobo/scopes/automatic_scopes.rb

@@ -35,9 +35,13 @@ module Hobo
         if name =~ /^with_(.*)/ && (refl = reflection($1))
 
           def_scope do |*records|
-            records = records.flatten.compact.map {|r| find_if_named(refl, r) }
-            exists_sql = ([exists_sql_condition(refl)] * records.length).join(" AND ")
-            { :conditions => [exists_sql] + records }
+            if records.empty?
+              { :conditions => exists_sql_condition(refl, true) }
+            else
+              records = records.flatten.compact.map {|r| find_if_named(refl, r) }
+              exists_sql = ([exists_sql_condition(refl)] * records.length).join(" AND ")
+              { :conditions => [exists_sql] + records }
+            end
           end
 
         # with_player(a_player)
@@ -53,9 +57,13 @@ module Hobo
         elsif name =~ /^without_(.*)/ && (refl = reflection($1))
 
           def_scope do |*records|
-            records = records.flatten.compact.map {|r| find_if_named(refl, r) }
-            exists_sql = ([exists_sql_condition(refl)] * records.length).join(" AND ")
-            { :conditions => ["NOT (#{exists_sql})"] + records }
+            if records.empty? 
+              { :conditions => "NOT (#{exists_sql_condition(refl, true)})" }
+            else
+              records = records.flatten.compact.map {|r| find_if_named(refl, r) }
+              exists_sql = ([exists_sql_condition(refl)] * records.length).join(" AND ")
+              { :conditions => ["NOT (#{exists_sql})"] + records }
+            end
           end
 
         # without_player(a_player)
@@ -219,11 +227,19 @@ module Hobo
             def_scope :order => "#{@klass.table_name}.created_at DESC"
 
           when "recent"
-            def_scope do |*args|
-              count = args.first || 3
-              { :limit => count, :order => "#{@klass.table_name}.created_at DESC" }
+            
+            if "created_at".in?(@klass.columns.*.name)
+              def_scope do |*args|
+                count = args.first || 6
+                { :limit => count, :order => "#{@klass.table_name}.created_at DESC" }
+              end
+            else
+              def_scope do |*args|
+                count = args.first || 6
+                { :limit => count }
+              end
             end
-
+            
           when "limit"
             def_scope do |count|
               { :limit => count }
@@ -276,22 +292,31 @@ module Hobo
       end
 
 
-      def exists_sql_condition(reflection)
+      def exists_sql_condition(reflection, any=false)
         owner = @klass
         owner_primary_key = "#{owner.table_name}.#{owner.primary_key}"
         if reflection.options[:through]
           join_table   = reflection.through_reflection.klass.table_name
-          source_fkey  = reflection.source_reflection.primary_key_name
           owner_fkey   = reflection.through_reflection.primary_key_name
-          "EXISTS (SELECT * FROM #{join_table} " +
-            "WHERE #{join_table}.#{source_fkey} = ? AND #{join_table}.#{owner_fkey} = #{owner_primary_key})"
+          if any
+            "EXISTS (SELECT * FROM #{join_table} WHERE #{join_table}.#{owner_fkey} = #{owner_primary_key})"
+          else
+            source_fkey  = reflection.source_reflection.primary_key_name
+            "EXISTS (SELECT * FROM #{join_table} " +
+              "WHERE #{join_table}.#{source_fkey} = ? AND #{join_table}.#{owner_fkey} = #{owner_primary_key})"
+          end
         else
-          related     = reflection.klass
           foreign_key = reflection.primary_key_name
+          related     = reflection.klass
 
-          "EXISTS (SELECT * FROM #{related.table_name} " +
-            "WHERE #{related.table_name}.#{foreign_key} = #{owner_primary_key} AND " +
-            "#{related.table_name}.#{related.primary_key} = ?)"
+          if any
+            "EXISTS (SELECT * FROM #{related.table_name} " +
+              "WHERE #{related.table_name}.#{foreign_key} = #{owner_primary_key})"
+          else
+            "EXISTS (SELECT * FROM #{related.table_name} " +
+              "WHERE #{related.table_name}.#{foreign_key} = #{owner_primary_key} AND " +
+              "#{related.table_name}.#{related.primary_key} = ?)"
+          end
         end
       end
 

data/lib/hobo/scopes/named_scope_extensions.rb

@@ -6,8 +6,8 @@ module ActiveRecord
 
       include Hobo::Scopes::ApplyScopes
 
-      def respond_to?(method)
-        super || scopes.include?(method) || proxy_scope.respond_to?(method)
+      def respond_to?(method, include_private=false)
+        super || scopes.include?(method) || proxy_scope.respond_to?(method, include_private)
       end
       
       private

data/lib/hobo/user.rb

@@ -31,7 +31,8 @@ module Hobo
           remember_token_expires_at :datetime
         end
 
-        validates_confirmation_of :password, :if => :new_password_required?
+        validates_presence_of     :password_confirmation, :if => :new_password_required?
+        validates_confirmation_of :password,              :if => :new_password_required?
         password_validations
         validate :validate_current_password_when_changing_password
 
@@ -147,13 +148,18 @@ module Hobo
 
 
     def changing_password?
-      crypted_password? && (password || password_confirmation) && !lifecycle.valid_key?
+      !new_record? && !lifecycle_changing_password? &&
+        (current_password.present? || password.present? || password_confirmation.present?)
+    end
+    
+    
+    def lifecycle_changing_password?
+      lifecycle.active_step && :password.in?(lifecycle.active_step.parameters)
     end
-
 
     # Is a new password (and confirmation) required? (i.e. signing up or changing password)
     def new_password_required?
-      (account_active? && crypted_password.blank?) || password || password_confirmation
+      lifecycle_changing_password? || changing_password?
     end
 
 

data/lib/hobo/user_controller.rb

@@ -17,8 +17,6 @@ module Hobo
 
           include_taglib "rapid_user_pages", :plugin => "hobo"
 
-          show_action :account
-
           alias_method_chain :hobo_update, :account_flash
         end
         
@@ -31,7 +29,7 @@ module Hobo
 
       def available_auto_actions_with_user_actions
         available_auto_actions_without_user_actions + 
-          [:login, :signup, :logout, :forgot_password, :reset_password]
+          [:login, :signup, :logout, :forgot_password, :reset_password, :account]
       end
 
       
@@ -44,6 +42,7 @@ module Hobo
           def do_signup; hobo_do_signup                  end if include_action?(:do_signup)
           def forgot_password; hobo_forgot_password;     end if include_action?(:forgot_password)
           def do_reset_password; hobo_do_reset_password; end if include_action?(:do_reset_password)
+          show_action :account                               if include_action?(:account)
         end
       end
 
@@ -53,6 +52,8 @@ module Hobo
     private
 
     def hobo_login(options={})
+      (redirect_to home_page; return) if logged_in?
+
       login_attr = model.login_attribute.to_s.titleize.downcase
       options.reverse_merge!(:success_notice => "You have logged in.",
                              :failure_notice => "You did not provide a valid #{login_attr} and password.")
@@ -72,7 +73,7 @@ module Hobo
             self.current_user = old_user
             render :action => :account_disabled unless performed?
           else
-            if params[:remember_me] == "1"
+            if params[:remember_me].present?
               current_user.remember_me
               create_auth_cookie
             end
@@ -113,7 +114,7 @@ module Hobo
       if request.post?
         user = model.find_by_email_address(params[:email_address])
         if user && (!block_given? || yield(user))
-          user.lifecycle.request_password_reset(:nobody)
+          user.lifecycle.request_password_reset!(:nobody)
         end
         render_tag :forgot_password_email_sent_page
       end