lotus_admin 1.3.0 → 1.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3f1b026cfd1e070c4d1a0fff64c4d0214818a713c9cfbfaed3a0a476d870321e
-  data.tar.gz: cbe3427768813ca6c7c7df6a97bbf6b2a599a2904e1a1c91f3c3c89781a9a56b
+  metadata.gz: 82eb960c647ff89e930551906a0886cdac56255ea0fe989ab6861cb486f81ca1
+  data.tar.gz: df0111ec129d5ad11c9e01fc40891a5199bead2a68322b186c445842e32d9010
 SHA512:
-  metadata.gz: 644eeb24a1917d4ce1cc6ee9385151b6e059f409a0618fc751b88f5476ffd2aa7bf669c050c6abd17f946b30a53cf017d76a16b3cbb4deac3f51e404abac4522
-  data.tar.gz: fbb8c7db19e309b90fed1d44ebc8697cba74420a043560f7a4a2450adbb8c6108e0cea5f06aaa8e888a8836a5bc04f83383050afd7a894fc42e303ad7dbddc3b
+  metadata.gz: 72efc100e64e636b9cda77a6f67610e336b2e9445d6081cba2a93006063e18ed060f0e1bc09ee0becd9da07c8820c9d6d49271f1e77d8d222f62e31c77c57b69
+  data.tar.gz: b5539dd34e997fb8c3502a4dc5818a2effc7126ab0ca0b082deef56d5cd3aa2e4bd857fb97cd17c8834e153551631b6fda834e6a9c290684c07ebdaa6163d5f1

data/app/controllers/concerns/lotus_admin/authorization.rb

@@ -0,0 +1,40 @@
+module LotusAdmin
+  module Authorization
+    extend ActiveSupport::Concern
+
+    include Pundit
+
+    class_methods do
+      def policy_class(policy_class_or_name)
+        self._policy_class_name = policy_class_or_name.to_s
+      end
+    end
+
+    included do
+      class_attribute :_policy_class_name, instance_accessor: false
+
+      rescue_from Pundit::NotAuthorizedError, with: :user_not_authorized
+    end
+
+    private
+
+    def pundit_user
+      current_administrator
+    end
+
+    def beginning_of_association_chain
+      chain = super
+
+      if self.class._policy_class_name.present?
+        policy_scope(chain, policy_scope_class: "#{ self.class._policy_class_name }::Scope".constantize)
+      else
+        chain
+      end
+    end
+
+    def user_not_authorized
+      flash[:alert] = "You are not authorized to perform this action."
+      redirect_to(request.referrer || root_path)
+    end
+  end
+end

data/app/controllers/concerns/lotus_admin/filterable_controller.rb

@@ -9,7 +9,6 @@ module LotusAdmin
       self.filters_enabled = false
 
       class_attribute :_beginning_of_scope_chain, instance_accessor: false
-      beginning_of_scope_chain {}
 
       let(:filters) { self.class.filters_config }
       let(:apply_filters?) do
@@ -17,7 +16,7 @@ module LotusAdmin
       end
 
       let(:filters_enabled?) { self.class.filters_enabled }
-      let(:ransack_object) { instance_exec(&self.class._beginning_of_scope_chain).ransack(params[:q]) }
+      let(:ransack_object) { beginning_of_association_chain.ransack(params[:q]) }
     end
 
     class_methods do
@@ -38,6 +37,10 @@ module LotusAdmin
 
     private
 
+    def beginning_of_association_chain
+      instance_exec(&self.class._beginning_of_scope_chain)
+    end
+
     def end_of_association_chain
       paginate(ransack_object.result)
     end

data/app/controllers/lotus_admin/authenticated_controller.rb

@@ -1,9 +1,9 @@
 class LotusAdmin::AuthenticatedController < LotusAdmin::ApplicationController
   include LotusAdmin::PermittedParams
   include LotusAdmin::FilterableController
-  include LotusAdmin::ResourcefulController
   include LotusAdmin::FileStreamer
   include LotusAdmin::Decorations
+  include LotusAdmin::Authorization
 
   before_action :authenticate_administrator!
   around_action :use_user_time_zone, if: :administrator_signed_in?

data/app/controllers/lotus_admin/resource_controller.rb

@@ -1,8 +1,20 @@
 class LotusAdmin::ResourceController < LotusAdmin::AuthenticatedController
-  let(:resource) { resource_class.find(params[:id]) }
+  beginning_of_scope_chain { resource_class.all }
+
+  let(:resource) { beginning_of_association_chain.find(params[:id]) }
 
   before_action :set_view_paths, only: [:new, :edit, :index, :show]
 
+  def self.manages(model_class)
+    self._resource_class = model_class
+  end
+
+  class_attribute :_resource_class, instance_accessor: false
+
+  let(:menu_identifier) { "#{ resource_class.model_name.route_key }_index" }
+  let(:resource_class) { self.class._resource_class }
+  let(:collection_path) { url_for(resource_class) }
+
   def new
     self.resource = build_resource
   end
@@ -25,6 +37,14 @@ class LotusAdmin::ResourceController < LotusAdmin::AuthenticatedController
     end
   end
 
+  def index(&block)
+    respond_to do |format|
+      format.html
+
+      block.call(format) if block.present?
+    end
+  end
+
   def destroy
     if resource.destroy
       flash[:notice] = "#{ resource_class.model_name.human } has been removed"
@@ -38,7 +58,7 @@ class LotusAdmin::ResourceController < LotusAdmin::AuthenticatedController
   private
 
   def build_resource(params = {})
-    current_organization.association(association_name).build(params)
+    resource_class.new(params)
   end
 
   def association_name

data/app/controllers/lotus_admin/users_controller.rb

@@ -1,13 +1,10 @@
 module LotusAdmin
-  class UsersController < LotusAdmin::AuthenticatedController
+  class UsersController < LotusAdmin::ResourceController
     manages LotusAdmin.configuration.user_class
-
-    let(:user) { resource_class.find(params[:id]) }
+    policy_class LotusAdmin.configuration.user_class_policy
 
     permit_params :first_name, :last_name, :email, :time_zone
 
-    beginning_of_scope_chain { resource_class.all }
-
     filter :first_name
     filter :last_name
     filter :email
@@ -15,15 +12,15 @@ module LotusAdmin
     filter :last_sign_in_at
 
     def new
-      self.user = resource_class.new
+      self.resource = resource_class.new
     end
 
     def create
-      self.user = resource_class.new(permitted_params)
-      user.password = Devise.friendly_token.first(8)
+      self.resource = resource_class.new(permitted_params)
+      resource.password = Devise.friendly_token.first(8)
 
-      if user.save
-        user.send_invited_email_notification
+      if resource.save
+        resource.send_invited_email_notification
 
         redirect_to [lotus_admin, resource_class], notice: "Created new #{ resource_class.model_name.human }"
       else
@@ -32,8 +29,8 @@ module LotusAdmin
     end
 
     def update
-      if user.update(permitted_params)
-        redirect_to [lotus_admin, user], notice: 'Changes saved'
+      if resource.update(permitted_params)
+        redirect_to [lotus_admin, resource], notice: 'Changes saved'
       else
         render :edit
       end

data/app/helpers/lotus_admin/sidebar_helpers.rb

@@ -13,7 +13,7 @@ module LotusAdmin
     end
 
     def class_for_menu(identifier)
-      return 'active' if menu_identifier == identifier
+      return 'active' if menu_identifier.to_s == identifier.to_s
     end
 
     def class_for_parent_menu_item(identifier)

data/app/policies/lotus_admin/application_policy.rb

@@ -0,0 +1,51 @@
+module LotusAdmin
+  class ApplicationPolicy
+    attr_reader :user, :record
+
+    def initialize(user, record)
+      @user = user
+      @record = record
+    end
+
+    def index?
+      false
+    end
+
+    def show?
+      false
+    end
+
+    def create?
+      false
+    end
+
+    def new?
+      create?
+    end
+
+    def update?
+      false
+    end
+
+    def edit?
+      update?
+    end
+
+    def destroy?
+      false
+    end
+
+    class Scope
+      attr_reader :user, :scope
+
+      def initialize(user, scope)
+        @user = user
+        @scope = scope
+      end
+
+      def resolve
+        scope.all
+      end
+    end
+  end
+end

data/app/views/lotus_admin/users/_form.html.haml

@@ -1,4 +1,4 @@
-= material_form_for [lotus_admin, user] do |f|
+= material_form_for [lotus_admin, resource] do |f|
   .form-inputs
     = f.input :first_name
     = f.input :last_name
@@ -6,5 +6,5 @@
     = f.input :time_zone, priority: /US/
 
   .form-actions
-    = material_form_submit(user)
+    = material_form_submit(resource)
     = material_form_cancel(lotus_admin.polymorphic_path(resource_class))

data/app/views/lotus_admin/users/show.html.haml

@@ -2,8 +2,8 @@
   %h2= page_title!("#{ resource_class.model_name.human } Details")
 
   %ul.actions
-    %li= edit_link(user)
-    %li= destroy_link(user)
+    %li= edit_link(resource)
+    %li= destroy_link(resource)
 
 .card
   .card-header
@@ -13,12 +13,12 @@
     .row
       .col-sm-6
         .list-group
-          = panel_attribute(user, :first_name)
-          = panel_attribute(user, :last_name)
-          = panel_attribute(user, :time_zone)
+          = panel_attribute(resource, :first_name)
+          = panel_attribute(resource, :last_name)
+          = panel_attribute(resource, :time_zone)
 
       .col-sm-5
         .list-group
-          = panel_attribute(user, :email)
-          = panel_attribute(user, :created_at) do
-            = I18n.l(user.created_at)
+          = panel_attribute(resource, :email)
+          = panel_attribute(resource, :created_at) do
+            = I18n.l(resource.created_at)

data/lib/lotus_admin/configuration.rb

@@ -23,5 +23,13 @@ module LotusAdmin
     def user_class
       @user_class ||= user_class_name.constantize
     end
+
+    def user_class_policy=(policy_class_or_name)
+      @user_class_policy = policy_class_or_name.to_s
+    end
+
+    def user_class_policy
+      @user_class_policy&.safe_constantize
+    end
   end
 end

data/lib/lotus_admin/version.rb

@@ -1,3 +1,3 @@
 module LotusAdmin
-  VERSION = '1.3.0'
+  VERSION = '1.4.0'
 end

data/lib/lotus_admin.rb

@@ -18,6 +18,7 @@ require 'page_title_helper'
 require 'kaminari'
 require 'ransack'
 require 'draper'
+require 'pundit'
 
 require 'lotus_admin/configuration'
 require 'lotus_admin/form_builder'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: lotus_admin
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Matt Millsaps-Brewer
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-25 00:00:00.000000000 Z
+date: 2020-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -240,6 +240,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '4.0'
+- !ruby/object:Gem::Dependency
+  name: pundit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
 - !ruby/object:Gem::Dependency
   name: pg
   requirement: !ruby/object:Gem::Requirement
@@ -363,13 +377,13 @@ files:
 - app/assets/stylesheets/lotus_admin/components/_filters.scss
 - app/assets/stylesheets/lotus_admin/components/_forms.scss
 - app/assets/stylesheets/lotus_admin/components/_tables.scss
+- app/controllers/concerns/lotus_admin/authorization.rb
 - app/controllers/concerns/lotus_admin/decorations.rb
 - app/controllers/concerns/lotus_admin/devise_controllers.rb
 - app/controllers/concerns/lotus_admin/exposure.rb
 - app/controllers/concerns/lotus_admin/file_streamer.rb
 - app/controllers/concerns/lotus_admin/filterable_controller.rb
 - app/controllers/concerns/lotus_admin/permitted_params.rb
-- app/controllers/concerns/lotus_admin/resourceful_controller.rb
 - app/controllers/lotus_admin/application_controller.rb
 - app/controllers/lotus_admin/authenticated_controller.rb
 - app/controllers/lotus_admin/confirmations_controller.rb
@@ -397,6 +411,7 @@ files:
 - app/models/lotus_admin/application_record.rb
 - app/models/lotus_admin/filters/configuration.rb
 - app/models/lotus_admin/user.rb
+- app/policies/lotus_admin/application_policy.rb
 - app/services/lotus_admin/exporter.rb
 - app/views/administrators/_links.html.haml
 - app/views/administrators/confirmations/new.html.haml

data/app/controllers/concerns/lotus_admin/resourceful_controller.rb

@@ -1,25 +0,0 @@
-module LotusAdmin::ResourcefulController
-  extend ActiveSupport::Concern
-
-  included do
-    class_attribute :_resource_class, instance_accessor: false
-
-    let(:menu_identifier) { "#{ resource_class.model_name.route_key }_index" }
-    let(:resource_class) { self.class._resource_class }
-    let(:collection_path) { url_for(resource_class) }
-  end
-
-  class_methods do
-    def manages(model_class)
-      self._resource_class = model_class
-    end
-  end
-
-  def index(&block)
-    respond_to do |format|
-      format.html
-
-      block.call(format) if block.present?
-    end
-  end
-end