hobo 0.8.3 → 0.8.4

data/lib/hobo.rb

@@ -7,26 +7,18 @@ rescue MissingSourceFile
   # OK, Hobo won't do pagination then
 end
 
-(defined?(ActiveSupport::Dependencies) ? ActiveSupport::Dependencies : Dependencies).load_paths |= [ File.dirname(__FILE__) ]
+ActiveSupport::Dependencies.load_paths |= [ File.dirname(__FILE__)]
 
 # Hobo can be installed in /vendor/hobo, /vendor/plugins/hobo, vendor/plugins/hobo/hobo, etc.
 ::HOBO_ROOT = File.expand_path(File.dirname(__FILE__) + "/..")
 
-
-# Modules that must *not* be auto-reloaded by activesupport
-# (explicitly requiring them means they're never unloaded)
-require 'hobo/model_router'
-require 'hobo/undefined'
-require 'hobo/user'
-require 'hobo/dryml'
-require 'hobo/dryml/template'
-require 'hobo/dryml/dryml_generator'
-
 class HoboError < RuntimeError; end
 
 module Hobo
 
-  VERSION = "0.8.3"
+  VERSION = "0.8.4"
+  
+  class PermissionDeniedError < RuntimeError; end
 
   class RawJs < String; end
 
@@ -49,43 +41,8 @@ module Hobo
     end
 
 
-    def user_model=(model)
-      @user_model = model && model.name
-    end
-
-
-    def user_model
-      @user_model && @user_model.constantize
-    end
-
-
-    def object_from_dom_id(dom_id)
-      return nil if dom_id == 'nil'
-
-      _, name, id, attr = *dom_id.match(/^([a-z_]+)(?:_([0-9]+(?:_[0-9]+)*))?(?:_([a-z_]+))?$/)
-      raise ArgumentError.new("invalid model-reference in dom id") unless name
-      if name
-        model_class = name.camelize.constantize rescue (raise ArgumentError.new("no such class in dom-id"))
-        return nil unless model_class
-
-        if id
-          obj = if false and attr and model_class.reflections[attr.to_sym].klass.superclass == ActiveRecord::Base
-                  # DISABLED - Eager loading is broken - doesn't support ordering
-                  # http://dev.rubyonrails.org/ticket/3438
-                  # Don't do this for STI subclasses - it breaks!
-                  model_class.find(id, :include => attr)
-                else
-                  model_class.find(id)
-                end
-          attr ? obj.send(attr) : obj
-        else
-          model_class
-        end
-      end
-    end
-
-    def dom_id(obj, attr=nil)
-      attr ? "#{obj.typed_id}_#{attr}" : obj.typed_id
+    def typed_id(obj, attr=nil)
+      attr ? "#{obj.typed_id}:#{attr}" : obj.typed_id
     end
 
     def find_by_search(query, search_targets=nil)
@@ -130,16 +87,6 @@ module Hobo
     end
 
 
-    def can_create_in_association?(array_or_reflection)
-      refl =
-        (array_or_reflection.is_a?(ActiveRecord::Reflection::AssociationReflection) and array_or_reflection) or
-        array_or_reflection.try.proxy_reflection or
-        (origin = array_or_reflection.try.origin and origin.send(array_or_reflection.origin_attribute).try.proxy_reflection)
-
-      refl && refl.macro == :has_many && (!refl.through_reflection) && (!refl.options[:conditions])
-    end
-
-
     def get_field(object, field)
       return nil if object.nil?
       field_str = field.to_s
@@ -168,147 +115,6 @@ module Hobo
     end
 
 
-    # --- Permissions --- #
-
-
-    def can_create?(person, object)
-      if object.is_a?(Class) and object < ActiveRecord::Base
-        object = object.new
-        object.set_creator(person)
-      elsif (refl = object.try.proxy_reflection) && refl.macro == :has_many
-        if Hobo.simple_has_many_association?(object)
-          object = object.new
-          object.set_creator(person)
-        else
-          return false
-        end
-      end
-      check_permission(:create, person, object)
-    end
-
-
-    def can_update?(person, object, new)
-      check_permission(:update, person, object, new)
-    end
-
-
-    def can_edit?(person, object, field)
-      return true if object.try.exempt_from_edit_checks?
-      # Can't view implies can't edit
-      return false if !can_view?(person, object, field)
-
-      if field.nil?
-        if object.has_hobo_method?(:editable_by?)
-          object.editable_by?(person)
-        elsif object.has_hobo_method?(:updatable_by?)
-          object.updatable_by?(person, nil)
-        else
-          false
-        end
-
-      else
-        attribute_name = field.to_s.sub /\?$/, ''
-        return false if !object.respond_to?("#{attribute_name}=")
-
-        refl = object.class.reflections[field.to_sym] if object.is_a?(ActiveRecord::Base)
-
-        # has_one and polymorphic associations are not editable (for now)
-        return false if refl and (refl.options[:polymorphic] or refl.macro == :has_one)
-
-        if object.has_hobo_method?("#{field}_editable_by?")
-          object.send("#{field}_editable_by?", person)
-        elsif object.has_hobo_method?(:editable_by?)
-          check_permission(:edit, person, object)
-        elsif refl._?.macro == :has_many
-          # The below technique to figure out edit permission based on
-          # update permission doesn't work for has_many associations
-          false
-        else
-          # Fake an edit test by setting the field in question to
-          # Hobo::Undefined and then testing for update/create permission
-          current = object.send(field)
-          new = object.duplicate
-
-          edit_test_value = if current == true
-                              false
-                            elsif current == false || (current.nil? && object.class.try.attr_type(field) == Hobo::Boolean)
-                              true
-                            elsif refl and refl.macro == :belongs_to
-                              Hobo::Undefined.new(refl.klass)
-                            else
-                              Hobo::Undefined.new
-                            end
-                            
-          new.metaclass.send(:define_method, attribute_name) { edit_test_value }
-
-          begin
-            if object.new_record?
-              check_permission(:create, person, new)
-            else
-              check_permission(:update, person, object, new)
-            end
-          rescue Hobo::UndefinedAccessError
-            # The permission method performed some test on the undefined value
-            # so this field is not editable
-            false
-          end
-        end
-      end
-    end
-
-
-    def can_delete?(person, object)
-      check_permission(:delete, person, object)
-    end
-
-
-    # can_view? has special behaviour if it's passed a class or an
-    # association-proxy -- it instantiates the class, or creates a new
-    # instance "in" the association, and tests the permission of this
-    # object. This means the permission methods in models can't rely
-    # on the instance being properly initialised.  But it's important
-    # that it works like this because, in the case of an association
-    # proxy, we don't want to loose the information that the object
-    # belongs_to the proxy owner.
-    def can_view?(person, object, field=nil)
-      # Field can be a dot separated path
-      if field && field.is_a?(String) && (path = field.split(".")).length > 1
-        _, _, object = get_field_path(object, path[0..-2])
-        field = path.last
-      end
-
-      if field
-        field = field.to_sym if field.is_a? String
-        return false if object.class.respond_to?(:never_show?) && object.class.never_show?(field)
-      else
-        # Special support for classes (can view instances?)
-        if object.is_a?(Class) and object < Hobo::Model
-          object = object.new
-        elsif Hobo.simple_has_many_association?(object)
-          object = object.new
-        end
-      end
-      viewable = check_permission(:view, person, object, field)
-      if viewable and field and
-          ( (field_val = get_field(object, field)).is_a?(Hobo::Model) or field_val.is_a?(Array) )
-        # also ask the current value if it is viewable
-        can_view?(person, field_val)
-      else
-        viewable
-      end
-    end
-
-
-    def can_call?(person, object, method)
-      return true if person.has_hobo_method?(:super_user?) && person.super_user?
-
-      m = "#{method}_callable_by?"
-      object.has_hobo_method?(m) && object.send(m, person)
-    end
-
-    # --- end permissions -- #
-
-
     def static_tags
       @static_tags ||= begin
                          path = if FileTest.exists?("#{RAILS_ROOT}/config/dryml_static_tags.txt")
@@ -328,58 +134,36 @@ module Hobo
       @subsites ||= Dir["#{RAILS_ROOT}/app/controllers/*"].map { |f| File.basename(f) if File.directory?(f) }.compact
     end
     
-
-    private
-
-
-    def check_permission(permission, person, object, *args)
-      return true if person.has_hobo_method?(:super_user?) and person.super_user?
-
-      return true if permission == :view && !(object.is_a?(ActiveRecord::Base) || object.is_a?(Hobo::CompositeModel))
-
-      obj_method = case permission
-                   when :create; :creatable_by?
-                   when :update; :updatable_by?
-                   when :delete; :deletable_by?
-                   when :edit;   :editable_by?
-                   when :view;   :viewable_by?
-                   end
-      p = if (obj_method.respond_to?(:has_hobo_method) ? object.has_hobo_method?(obj_method) : object.respond_to?(obj_method))
-            begin
-              object.send(obj_method, person, *args)
-            rescue Hobo::UndefinedAccessError
-              false
-            end
-          elsif object.class.respond_to?(obj_method)
-            object.class.send(obj_method, person, *args)
-          elsif !object.is_a?(Class) # No user fallback for class-level permissions
-            person_method = "can_#{permission}?".to_sym
-            if person.has_hobo_method?(person_method)
-              person.send(person_method, object, *args)
-            else
-              # The object does not define permissions - you can only view it
-              permission == :view
-            end
-          end
-    end
-
     public
 
     def enable
-      # Rails monkey patches
-      require 'active_record/association_collection'
-      require 'active_record/association_proxy'
-      require 'active_record/association_reflection'
       require 'action_view_extensions/helpers/tag_helper'
 
+      # Modules that must *not* be auto-reloaded by activesupport
+      # (explicitly requiring them means they're never unloaded)
+      require 'hobo/model_router'
+      require 'hobo/undefined'
+      require 'hobo/user'
+      require 'hobo/dryml'
+      require 'hobo/dryml/template'
+      require 'hobo/dryml/dryml_generator'
+
+      Hobo::Model.enable
       Hobo::Dryml.enable
+      Hobo::Permissions.enable
+      Hobo::ViewHints.enable
       
       Hobo.developer_features = RAILS_ENV.in?(["development", "test"]) if Hobo.developer_features?.nil?
 
       require 'hobo/dev_controller' if RAILS_ENV == Hobo.developer_features?
 
       ActionController::Base.send(:include, Hobo::ControllerExtensions)
-      ActiveRecord::Base.send(:include, Hobo::ModelExtensions)
+
+      if defined? HoboFields
+        HoboFields.never_wrap(Hobo::Undefined)
+      end      
+
+      ActiveSupport::Dependencies.load_paths |= [ "#{RAILS_ROOT}/app/viewhints" ]
     end
 
   end
@@ -402,18 +186,6 @@ module Hobo
 
   end
 
-
-  ModelExtensions = classy_module do
-    def self.hobo_model
-      include Hobo::Model
-    end
-    def self.hobo_user_model
-      include Hobo::Model
-      include Hobo::User
-    end
-  end
-
-
   # Empty class to represent the boolean type.
   class Boolean; end
 
@@ -421,11 +193,6 @@ module Hobo
 end
 
 
-if defined? HoboFields
-  HoboFields.never_wrap(Hobo::Undefined)
-end
-
-
 # Add support for type metadata to arrays
 class ::Array
 
@@ -437,7 +204,7 @@ class ::Array
   end
 
   def typed_id
-    origin and origin_id = origin.try.typed_id and "#{origin_id}_#{origin_attribute}"
+    origin and origin_id = origin.try.typed_id and "#{origin_id}:#{origin_attribute}"
   end
 
 end

data/lib/hobo/accessible_associations.rb

@@ -0,0 +1,131 @@
+module Hobo
+  
+  module AccessibleAssociations
+    
+    extend self
+    
+    def prepare_has_many_assignment(association, association_name, array_or_hash)
+      owner = association.proxy_owner
+
+      array = params_hash_to_array(array_or_hash)
+      array.map! do |record_hash_or_string|
+        find_or_create_and_update(owner, association, association_name, record_hash_or_string) { association.build }
+      end
+      array.compact
+    end
+    
+    
+    def find_or_create_and_update(owner, association, association_name, record_hash_or_string)
+      if record_hash_or_string.is_a?(String)
+        # An ID (if it starts '@') or else a name
+        record = find_record(association, record_hash_or_string)
+      
+      elsif record_hash_or_string.is_a?(Hash)
+        # A hash of attributes
+        hash = record_hash_or_string
+
+        # Remove completely blank hashes
+        return nil if hash.values.join.blank?
+
+        id = hash.delete(:id)
+
+        record = if id
+                   association.find(id) # TODO: We don't really want to find these one by one
+                 else
+                   record = yield
+                 end
+        record.attributes = hash
+        owner.include_in_save(association_name, record) unless owner.new_record? && record.new_record?
+        
+      else
+        # It's already a record
+        record = record_hash_or_string
+      end
+      record
+    end
+    
+    
+    def params_hash_to_array(array_or_hash)
+      if array_or_hash.is_a?(Hash)
+        array = array_or_hash.get(*array_or_hash.keys.sort_by(&:to_i))
+      else
+        array_or_hash
+      end
+    end
+    
+
+    def find_record(association, id_or_name)
+      klass = association.member_class
+      if id_or_name =~ /^@(.*)/
+        id = $1
+        if id =~ /:/
+          Hobo::Model.find_by_typed_id(id)
+        else
+          klass.find(id)
+        end
+      else
+        klass.named(id_or_name, :conditions => association.conditions)
+      end
+    end
+  
+  end
+  
+  classy_module(AccessibleAssociations) do
+    
+    include IncludeInSave
+    
+    # --- has_many mass assignment support --- #
+    
+    def self.has_many_with_accessible(name, options={}, &block)
+      has_many_without_accessible(name, options, &block)
+      
+      if options[:accessible]
+        class_eval %{
+          def #{name}_with_accessible=(array_or_hash)
+            items = Hobo::AccessibleAssociations.prepare_has_many_assignment(#{name}, :#{name}, array_or_hash)
+            self.#{name}_without_accessible = items
+            # ensure the loaded array contains any changed records
+            self.#{name}.proxy_target[0..-1] = items
+          end
+        }, __FILE__, __LINE__ - 7
+        alias_method_chain :"#{name}=", :accessible
+      end
+    end
+    metaclass.alias_method_chain :has_many, :accessible
+    
+    
+    
+    # --- belongs_to assignment support --- #
+    
+    def self.belongs_to_with_accessible(name, options={}, &block)
+      belongs_to_without_accessible(name, options, &block)
+      
+      if options[:accessible]
+        class_eval %{
+          def #{name}_with_accessible=(record_hash_or_string)
+            record = Hobo::AccessibleAssociations.find_or_create_and_update(self, #{name}, :#{name}, record_hash_or_string) { self.class.reflections[:#{name}].klass.new }
+            self.#{name}_without_accessible = record
+          end
+        }, __FILE__, __LINE__ - 5
+        alias_method_chain :"#{name}=", :accessible
+      end
+    end
+    metaclass.alias_method_chain :belongs_to, :accessible
+    
+    
+    # Add :accessible to the valid keys so AR doesn't complain
+
+    def self.valid_keys_for_has_many_association_with_accessible
+      valid_keys_for_has_many_association_without_accessible + [:accessible]
+    end
+    metaclass.alias_method_chain :valid_keys_for_has_many_association, :accessible
+
+    def self.valid_keys_for_belongs_to_association_with_accessible
+      valid_keys_for_belongs_to_association_without_accessible + [:accessible]
+    end
+    metaclass.alias_method_chain :valid_keys_for_belongs_to_association, :accessible
+    
+    
+  end    
+  
+end