kowl 0.0.1

data/lib/kowl/templates/app/mailers/application_mailer.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class ApplicationMailer < ActionMailer::Base
+  # The DEFAULT_EMAIL should be set in your .env file
+  default from: ENV.fetch('DEFAULT_EMAIL'){ 'noreply@example.com' }
+  layout 'mailer'
+end

data/lib/kowl/templates/app/mailers/devise_mailer.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+class DeviseMailer < Devise::Mailer
+  layout 'devise_mailer'
+end

data/lib/kowl/templates/app/models/login_activity.rb.tt

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+class LoginActivity < ApplicationRecord
+  # == Attributes =====================================
+<%- if options[:encrypt] -%>
+  encrypts :identity, :ip
+  blind_index :identity, :ip
+<%- end -%>
+
+  # == Constants ======================================
+
+  # == Extensions =====================================
+
+  # == Relationships ==================================
+  belongs_to :user, polymorphic: true, optional: true
+
+  # == Validations ====================================
+
+  # == Scopes =========================================
+  # This is used, by default to only show successful logins
+  # => This will remove users that are seeded, creates, and/or failed attempts
+  default_scope -> { where(user_type: 'User') }
+
+  # == Callbacks ======================================
+
+  # == ClassMethods ===================================
+
+  # == InstanceMethods ================================
+end

data/lib/kowl/templates/app/models/user.rb.tt

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+class User < ApplicationRecord
+  # == Attributes =====================================
+  alias_attribute :avatar, :email
+<%- unless options[:skip_mailer] -%>
+  def devise_mailer
+    DeviseMailer
+  end
+<%- end -%>
+<%- if options[:encrypt] -%>
+  # Encrypted user attributes
+  encrypts :email
+  blind_index :email
+<%- end -%>
+
+  def self.policy_class
+    UserPolicy
+  end
+
+  # == Constants =====================================
+  enum role: { superuser: 0, staff: 1, user: 2, visitor: 3 }
+  # enum role: { superuser: 'superuser', staff: 'staff', user: 'user', visitor: 'visitor' }
+
+  # == Extensions ====================================
+  # Include default devise modules. Others available are:
+  # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
+  devise :database_authenticatable, :registerable,
+         :recoverable, :rememberable, :secure_validatable,
+         :lockable, :timeoutable, :trackable,
+         email_validation: false # Since we are using valid_email validator for a stricter email validator
+  # https://github.com/micke/valid_email2/issues/121
+
+  # == Relationships =================================
+<%- if options[:database] == 'sqlserver' -%>
+  has_many :login_activities, as: :user, dependent: :delete_all, inverse_of: :user # devise audit log
+<%- else -%>
+  has_many :login_activities, -> { order(created_at: :desc) }, as: :user, dependent: :delete_all, inverse_of: :user # devise audit log
+<%- end -%>
+
+  # == Validations ===================================
+  # minimum length of 5 to match: a@a.a
+  validates :email, presence: true, 'valid_email_2/email': { disposable: false }, length: { minimum: 5, maximum: 255 }, uniqueness: { case_sensitive: false }, allow_nil: false
+  validates :role, presence: true, inclusion: { in: roles.keys }, allow_nil: false
+
+  # == Scopes ========================================
+
+  # == Callbacks =====================================
+  # Before any validations ensure a default role is set
+  before_validation do
+    self.role ||= :user
+  end
+
+  # == Class Methods =================================
+  def admin?
+    role?(:superuser)
+  end
+
+  def staff?
+    role?(:staff)
+  end
+
+  def staff_member?
+    role?(:superuser) || role?(:staff)
+  end
+
+  def role?(role)
+    self.role == role.to_s
+  end
+
+  # == Instance Methods ==============================
+end

data/lib/kowl/templates/app/policies/application_policy.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+class ApplicationPolicy
+  attr_reader :current_user, :record
+
+  def initialize(current_user, record)
+    raise Pundit::NotAuthorizedError, 'must be logged in' unless current_user
+
+    @current_user = current_user
+    @record = record
+  end
+
+  def admin?
+    current_user.admin? if current_user.present?
+  end
+
+  def staff?
+    current_user.staff? if current_user.present?
+  end
+
+  # Used to verify if the persons role is set to either superuser or staff
+  def staff_member?
+    admin? || staff?
+  end
+
+  class Scope
+    attr_reader :user, :scope
+
+    def initialize(user, scope)
+      @user = user
+      @scope = scope
+    end
+
+    def resolve
+      scope.all
+    end
+  end
+end

data/lib/kowl/templates/app/policies/login_activity_policy.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+class LoginActivityPolicy < ApplicationPolicy
+  def show?
+    # Only display all login activity if the current user is an admin
+    # => Otherwise if the user is a staff member, only display login activity for everyone who isn't an admin
+    # => If somehow a user hits this page, only allow them to see login activity for themselves
+    admin? || (staff? && record.user.role != 'superuser') || (staff_member? && current_user.id == record.user_id)
+  end
+
+  def index?
+    admin? || current_user.id == record.user_id
+  end
+
+  # All audit logs should not be modifiable, by any means
+  def edit?
+    false
+  end
+
+  def new?
+    edit?
+  end
+
+  def create?
+    edit?
+  end
+
+  def update?
+    edit?
+  end
+
+  def destroy?
+    edit?
+  end
+end

data/lib/kowl/templates/app/policies/user_policy.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+class UserPolicy < ApplicationPolicy
+  def index?
+    admin?
+  end
+
+  # Account should not be create-able, unless someone is explicitly signing up to create an account
+  def new?
+    false
+  end
+
+  def create?
+    false
+  end
+
+  def show?
+    # Admins should be able to see all users
+    # Staff members should only be able to see people who aren't superusers
+    # And everyone should see records for themselves
+    admin? || (staff? && record.role != 'superuser') || (staff_member? && current_user.id == record.id)
+  end
+
+  def update?
+    # Ensure only superusers can edit other superusers.
+    # => This is because we don't want a staff member editing a superuser/manager's account
+    # => If the current_user only has the staff as role they can only edit someone who isn't a superuser
+    admin? || (staff? && record.role != 'superuser') || (staff_member? && current_user.id == record.id)
+  end
+
+  def edit?
+    update?
+  end
+
+  def destroy?
+    # This was added because a user shouldn't be able to delete themselves from the admin dashboard
+    admin? && current_user.id != record.id
+  end
+
+  def impersonate?
+    admin? && current_user.id != record.id
+  end
+end

data/lib/kowl/templates/app/views/admin/templates/navigation.erb.tt

@@ -0,0 +1,23 @@
+<%%#
+# Navigation
+
+This partial is used to display the navigation in Administrate.
+By default, the navigation contains navigation links
+for all resources in the admin dashboard,
+as defined by the routes in the `admin/` namespace
+%>
+
+<nav class="navigation" role="navigation">
+  <%%= link_to "#{icon('fas', 'home')} Homepage".html_safe, root_path, class: 'navigation__link navigation__link--inactive', title: 'Return to homepage' %>
+  <%% Administrate::Namespace.new(namespace).resources_with_index_route.each do |resource| %>
+    <%%= link_to(
+      display_resource_name(resource),
+      resource_index_route(resource),
+      class: "navigation__link navigation__link--#{nav_link_state(resource)}"
+    ) if valid_action? :index, resource  %>
+  <%% end %>
+<%- unless options[:skip_sidekiq] -%>
+  <%%= link_to('Sidekiq', '/sidekiq', class: 'navigation__link navigation__link--inactive') if current_user.admin? %>
+<%- end -%>
+  <%%= link_to('LetterOpener'.html_safe, '/letter_opener', class: 'navigation__link navigation__link--inactive') if Rails.env.development? && current_user.admin? %>
+</nav>

data/lib/kowl/templates/app/views/admin/views/application/_javascript.html.erb

@@ -0,0 +1,21 @@
+<%#
+# Javascript Partial
+https://github.com/thoughtbot/administrate/wiki/Rails-6-&-Webpacker
+
+This partial imports the necessary javascript on each page.
+By default, it includes the application JS,
+but each page can define additional JS sources
+by providing a `content_for(:javascript)` block.
+
+Administrate::Engine.javascripts.each do |js_path|
+ <= echo javascript_include_tag js_path
+<% end
+%>
+
+<%= yield :javascript %>
+<% if Rails.env.test? %>
+  <%= javascript_tag do %>
+    $.fx.off = true;
+    $.ajaxSetup({ async: false });
+  <% end %>
+<% end %>

data/lib/kowl/templates/app/views/admin/views/users/_collection.html.erb

@@ -0,0 +1,102 @@
+<%#
+# Collection
+
+This partial is used on the `index` and `show` pages
+to display a collection of resources in an HTML table.
+
+## Local variables:
+
+- `collection_presenter`:
+  An instance of [Administrate::Page::Collection][1].
+  The table presenter uses `ResourceDashboard::COLLECTION_ATTRIBUTES` to determine
+  the columns displayed in the table
+- `resources`:
+  An ActiveModel::Relation collection of resources to be displayed in the table.
+  By default, the number of resources is limited by pagination
+  or by a hard limit to prevent excessive page load times
+
+[1]: http://www.rubydoc.info/gems/administrate/Administrate/Page/Collection
+%>
+<table aria-labelledby="<%= table_title %>">
+  <thead>
+    <tr>
+      <td>&nbsp;</td>
+      <% collection_presenter.attribute_types.each do |attr_name, attr_type| %>
+        <th class="cell-label
+        cell-label--<%= attr_type.html_class %>
+        cell-label--<%= collection_presenter.ordered_html_class(attr_name) %>"
+        scope="col"
+        role="columnheader"
+        aria-sort="<%= sort_order(collection_presenter.ordered_html_class(attr_name)) %>">
+        <%= link_to(sanitized_order_params(page, collection_field_name).merge(
+          collection_presenter.order_params_for(attr_name, key: collection_field_name)
+        )) do %>
+        <%= t(
+          "helpers.label.#{collection_presenter.resource_name}.#{attr_name}",
+          default: attr_name.to_s,
+        ).titleize %>
+            <% if collection_presenter.ordered_by?(attr_name) %>
+              <span class="cell-label__sort-indicator cell-label__sort-indicator--<%= collection_presenter.ordered_html_class(attr_name) %>">
+                <svg aria-hidden="true">
+                  <use xlink:href="#icon-up-caret" />
+                </svg>
+              </span>
+            <% end %>
+          <% end %>
+        </th>
+      <% end %>
+      <% [valid_action?(:edit, collection_presenter.resource_name),
+          valid_action?(:destroy, collection_presenter.resource_name)].count(true).times do %>
+        <th scope="col"></th>
+      <% end %>
+    </tr>
+  </thead>
+
+  <tbody>
+    <% resources.each do |resource| %>
+      <%- if show_action? :show, resource %>
+        <tr class="js-table-row"
+            tabindex="0"
+            <% if valid_action? :show, collection_presenter.resource_name %>
+              <%= %(role=link data-url=#{polymorphic_path([namespace, resource])}) %>
+            <% end %>
+            >
+          <td>
+            <%- if resource.class.to_s == "User" && policy(resource).impersonate? %>
+              <%= link_to (raw icon('fas','theater-masks')), impersonate_user_path(resource.id) %>
+            <% end %>
+          </td>
+          <% collection_presenter.attributes_for(resource).each do |attribute| %>
+            <td class="cell-data cell-data--<%= attribute.html_class %>">
+              <% if show_action? :show, resource -%>
+                <a href="<%= polymorphic_path([namespace, resource]) -%>"
+                  class="action-show"
+                  >
+                  <%= render_field attribute %>
+                </a>
+              <% end -%>
+            </td>
+          <% end %>
+
+          <% if valid_action? :edit, collection_presenter.resource_name %>
+            <td><%= link_to(
+              t("administrate.actions.edit"),
+              [:edit, namespace, resource],
+              class: "action-edit",
+            ) if show_action? :edit, resource%></td>
+          <% end %>
+
+          <% if valid_action? :destroy, collection_presenter.resource_name %>
+            <td><%= link_to(
+              t("administrate.actions.destroy"),
+              [namespace, resource],
+              class: "text-color-red",
+              method: :delete,
+              data: { confirm: t("administrate.actions.confirm") }
+            ) if show_action? :destroy, resource %></td>
+          <% end %>
+        </tr>
+      <% end %>
+    <% end %>
+  </tbody>
+</table>

data/lib/kowl/templates/app/views/admin/views/users/_form.html.erb

@@ -0,0 +1,46 @@
+<%#
+# Form Partial
+
+This partial is rendered on a resource's `new` and `edit` pages,
+and renders all form fields for a resource's editable attributes.
+
+## Local variables:
+
+- `page`:
+  An instance of [Administrate::Page::Form][1].
+  Contains helper methods to display a form,
+  and knows which attributes should be displayed in the resource's form.
+
+[1]: http://www.rubydoc.info/gems/administrate/Administrate/Page/Form
+%>
+
+<%= form_for([namespace, page.resource], html: { class: "form" }) do |f| %>
+  <% if page.resource.errors.any? %>
+    <div id="error_explanation">
+      <h2>
+        <%= t(
+          "administrate.form.errors",
+          pluralized_errors: pluralize(page.resource.errors.count, t("administrate.form.error")),
+          resource_name: display_resource_name(page.resource_name)
+        ) %>
+      </h2>
+
+      <ul>
+        <% page.resource.errors.full_messages.each do |message| %>
+          <li class="flash-error"><%= message %></li>
+        <% end %>
+      </ul>
+    </div>
+  <% end %>
+
+  <% page.attributes.each do |attribute| -%>
+    <% next if attribute.attribute == :role && !current_user.admin? %>
+    <div class="field-unit field-unit--<%= attribute.html_class %>">
+      <%= render_field attribute, f: f %>
+    </div>
+  <% end -%>
+
+  <div class="form-actions">
+    <%= f.submit %>
+  </div>
+<% end %>

data/lib/kowl/templates/app/views/admin/views/users/edit.html.erb

@@ -0,0 +1,36 @@
+<%#
+# Edit
+
+This view is the template for the edit page.
+
+It displays a header, and renders the `_form` partial to do the heavy lifting.
+
+## Local variables:
+
+- `page`:
+  An instance of [Administrate::Page::Form][1].
+  Contains helper methods to help display a form,
+  and knows which attributes should be displayed in the resource's form.
+
+[1]: http://www.rubydoc.info/gems/administrate/Administrate/Page/Form
+%>
+
+<% content_for(:title) { t("administrate.actions.edit_resource", name: page.page_title) } %>
+
+<header class="main-content__header" role="banner">
+  <h1 class="main-content__page-title">
+    <%= content_for(:title) %>
+  </h1>
+
+  <div>
+    <%= link_to(
+      t("administrate.actions.show_resource", name: page.page_title),
+      [namespace, page.resource],
+      class: "button",
+    ) if valid_action?(:show) && show_action?(:show, page.resource) %>
+  </div>
+</header>
+
+<section class="main-content__body">
+  <%= render "form", page: page %>
+</section>

data/lib/kowl/templates/app/views/admin/views/users/index.html.erb

@@ -0,0 +1,66 @@
+<%#
+# Index
+
+This view is the template for the index page.
+It is responsible for rendering the search bar, header and pagination.
+It renders the `_table` partial to display details about the resources.
+
+## Local variables:
+
+- `page`:
+  An instance of [Administrate::Page::Collection][1].
+  Contains helper methods to help display a table,
+  and knows which attributes should be displayed in the resource's table.
+- `resources`:
+  An instance of `ActiveRecord::Relation` containing the resources
+  that match the user's search criteria.
+  By default, these resources are passed to the table partial to be displayed.
+- `search_term`:
+  A string containing the term the user has searched for, if any.
+- `show_search_bar`:
+  A boolean that determines if the search bar should be shown.
+
+[1]: http://www.rubydoc.info/gems/administrate/Administrate/Page/Collection
+%>
+
+<% content_for(:title) do %>
+  <%= display_resource_name(page.resource_name) %>
+<% end %>
+
+<header class="main-content__header" role="banner">
+  <h1 class="main-content__page-title" id="page-title">
+    <%= content_for(:title) %>
+  </h1>
+
+  <% if show_search_bar %>
+    <%= render(
+      "search",
+      search_term: search_term,
+      resource_name: display_resource_name(page.resource_name)
+    ) %>
+  <% end %>
+
+  <div>
+    <%= link_to(
+      t(
+        "administrate.actions.new_resource",
+        name: page.resource_name.titleize.downcase
+      ),
+      [:new, namespace, page.resource_path],
+      class: "button",
+    ) if valid_action?(:new) && show_action?(:new, new_resource) %>
+  </div>
+</header>
+
+<section class="main-content__body main-content__body--flush">
+  <%= render(
+    "collection",
+    collection_presenter: page,
+    collection_field_name: resource_name,
+    page: page,
+    resources: resources,
+    table_title: "page-title"
+  ) %>
+
+  <%= paginate resources %>
+</section>

data/lib/kowl/templates/app/views/fields/gravatar_field/_form.html.erb

@@ -0,0 +1,6 @@
+<div class="field-unit__label">
+  <%= f.label field.attribute %>
+</div>
+<div class="field-unit__field">
+  <%= f.text_field field.attribute %>
+</div>

data/lib/kowl/templates/app/views/fields/gravatar_field/_index.html.erb

@@ -0,0 +1 @@
+<%= image_tag field.gravatar_url %>

data/lib/kowl/templates/app/views/fields/gravatar_field/_show.html.erb

@@ -0,0 +1 @@
+<%= image_tag field.gravatar_url %>

data/lib/kowl/templates/app/views/fields/rich_text_area_field/_form.html.erb

@@ -0,0 +1,6 @@
+<div class="field-unit__label">
+  <%= f.label field.attribute %>
+</div>
+<div class="field-unit__field">
+  <%= f.rich_text_area(field.attribute) %>
+</div>

data/lib/kowl/templates/app/views/fields/rich_text_area_field/_index.html.erb

@@ -0,0 +1 @@
+<%= field.to_s %>

data/lib/kowl/templates/app/views/fields/rich_text_area_field/_show.html.erb

@@ -0,0 +1 @@
+<%= field.to_s %>

data/lib/kowl/templates/app/views/layouts/admin.html.erb.tt

@@ -0,0 +1,47 @@
+<%#
+# Application Layout
+
+This view template is used as the layout
+for every page that Administrate generates.
+
+By default, it renders:
+- Navigation
+- Content for a search bar
+  (if provided by a `content_for` block in a nested page)
+- Flashes
+- Links to stylesheets and JavaScripts
+%>
+
+<!DOCTYPE html>
+<html lang="<%%= I18n.locale %>">
+  <head>
+    <meta charset="utf-8">
+    <meta name="robots" content="noodp, noydir, index, follow">
+    <meta name="viewport" content="initial-scale=1">
+    <%%- set_meta_tags title: (content_for(:title) || 'Dashboard') %>
+    <%%= display_meta_tags site: '<%= app_name.titleize %>' %>
+<%- unless options[:skip_javascript] -%>
+    <%%= javascript_pack_tag 'administrate'<%= options[:skip_turbolinks] ? '' : ", 'data-turbolinks-track': 'reload'" -%> %>
+<%- end -%>
+    <%%= render "stylesheet" %>
+    <%%= csrf_meta_tags %>
+<%- unless options[:skip_turbolinks] || options[:skip_javascript] -%>
+    <meta name="turbolinks-root" content="/admin">
+<%- end -%>
+  </head>
+  <body>
+    <div class="app-container">
+      <%%= render "navigation" -%>
+      <main class="main-content" role="main">
+        <%%= render "flashes" -%>
+        <%%= yield %>
+      </main>
+    </div>
+    <div style="display: none; width: 0; height: 0; overflow: hidden; position: absolute">
+      <%%= render "icons" %>
+    </div>
+<%- unless options[:skip_javascript] -%>
+    <%%= render "javascript" %>
+<%- end -%>
+  </body>
+</html>

data/lib/kowl/templates/app/views/layouts/devise_mailer.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <%= stylesheet_link_tag "application-mailer", media: "all" %>
+  </head>
+  <body class="bg-light">
+    <div class="container-fluid">
+        <div class="card card-body my-3">
+          <%= yield %>
+        </div>
+    </div>
+  </body>
+</html>

data/lib/kowl/templates/app/views/pages/welcome/bootstrap.html.erb

@@ -0,0 +1,18 @@
+<h2><%= title('Welcome') %></h2>
+<p class="lead">
+  Lorem ipsum dolor sit amet, consectetur adipiscing elit.
+  Mauris maximus vulputate gravida.
+  Integer eget mauris at orci molestie porta.
+</p>
+<p>
+  In scelerisque leo vitae lacus commodo, eu tincidunt nisi suscipit.
+  Pellentesque at sapien duiDuis sit amet arcu non ante sodales varius.
+  Fusce nibh nulla, mollis a dolor eu, iaculis pharetra lectus.
+  Sed turpis quam, imperdiet ut faucibus sit amet, efficitur ut nulla.
+  Duis non accumsan lacus.
+  Vestibulum nec diam quis dui convallis rhoncus quis sit amet massa.
+  Maecenas ac est purus. Aliquam erat volutpat.
+  Vestibulum tempus pharetra viverra.
+  Etiam vestibulum et elit in vulputate.
+  Quisque eget elementum purus, id volutpat augue.
+</p>

data/lib/kowl/templates/app/views/pages/welcome/bootstrap.html.haml

@@ -0,0 +1,17 @@
+%h2 = title('Welcome')
+%p.lead
+  | Lorem ipsum dolor sit amet, consectetur adipiscing elit.
+  | Mauris maximus vulputate gravida.
+  | Integer eget mauris at orci molestie porta.
+
+%p
+  | In scelerisque leo vitae lacus commodo, eu tincidunt nisi suscipit.
+  | Pellentesque at sapien duiDuis sit amet arcu non ante sodales varius.
+  | Fusce nibh nulla, mollis a dolor eu, iaculis pharetra lectus.
+  | Sed turpis quam, imperdiet ut faucibus sit amet, efficitur ut nulla.
+  | Duis non accumsan lacus.
+  | Vestibulum nec diam quis dui convallis rhoncus quis sit amet massa.
+  | Maecenas ac est purus. Aliquam erat volutpat.
+  | Vestibulum tempus pharetra viverra.
+  | Etiam vestibulum et elit in vulputate.
+  | Quisque eget elementum purus, id volutpat augue.